#include <keyutils.h>
#include <nfsidmap.h>
-#include <syslog.h>
+#include <unistd.h>
#include "xlog.h"
-/* gcc nfsidmap.c -o nfsidmap -l nfsidmap -l keyutils */
+int verbose = 0;
+char *usage="Usage: %s [-v] [-t timeout] key desc";
#define MAX_ID_LEN 11
#define IDMAP_NAMESZ 128
#define USER 1
#define GROUP 0
-
/*
* Find either a user or group id based on the name@domain string
*/
char *arg;
char *value;
char *type;
- int rc = 1;
+ int rc = 1, opt;
int timeout = 600;
key_serial_t key;
char *progname;
xlog_syslog(1);
xlog_stderr(0);
- if (argc < 3) {
+ while ((opt = getopt(argc, argv, "t:v")) != -1) {
+ switch (opt) {
+ case 'v':
+ verbose++;
+ break;
+ case 't':
+ timeout = atoi(optarg);
+ break;
+ default:
+ xlog_warn(usage, progname);
+ break;
+ }
+ }
+
+ if ((argc - optind) != 2) {
xlog_err("Bad arg count. Check /etc/request-key.conf");
+ xlog_warn(usage, progname);
return 1;
}
- arg = malloc(sizeof(char) * strlen(argv[2]) + 1);
- strcpy(arg, argv[2]);
+ if (verbose)
+ nfs4_set_debug(verbose, NULL);
+
+ key = strtol(argv[optind++], NULL, 10);
+
+ arg = strdup(argv[optind]);
+ if (arg == NULL) {
+ xlog_err("strdup failed: %m");
+ return 1;
+ }
type = strtok(arg, ":");
value = strtok(NULL, ":");
- if (argc == 4) {
- timeout = atoi(argv[3]);
- if (timeout < 0)
- timeout = 0;
+ if (verbose) {
+ xlog_warn("key: %ld type: %s value: %s timeout %ld",
+ key, type, value, timeout);
}
- key = strtol(argv[1], NULL, 10);
-
if (strcmp(type, "uid") == 0)
rc = id_lookup(value, key, USER);
else if (strcmp(type, "gid") == 0)
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
- /* Set timeout to 5 (600 seconds) minutes */
+ /* Set timeout to 10 (600 seconds) minutes */
if (rc == 0)
keyctl_set_timeout(key, timeout);
.TH nfsidmap 5 "1 October 2010"
.SH NAME
nfsidmap \- The NFS idmapper upcall program
+.SH SYNOPSIS
+.B "nfsidmap [-v] [-t timeout] key desc"
.SH DESCRIPTION
The file
.I /usr/sbin/nfsidmap
.I /usr/sbin/nfsidmap
should only be called by request-key, and will perform the translation and
initialize a key with the resulting information.
-.PP
-NFS_USE_NEW_IDMAPPER must be selected when configuring the kernel to use this
-feature.
+.SH OPTIONS
+.TP
+.B -t timeout
+Set the expiration timer, in seconds, on the key.
+The default is 600 seconds (10 mins).
+.TP
+.B -v
+Increases the verbosity of the output to syslog
+(can be specified multiple times).
.SH CONFIGURING
The file
.I /etc/request-key.conf
can properly direct the upcall. The following line should be added before a call
to keyctl negate:
.PP
-create id_resolver * * /usr/sbin/nfsidmap %k %d 600
+create id_resolver * * /usr/sbin/nfsidmap -t 600 %k %d
.PP
This will direct all id_resolver requests to the program
-.I /usr/sbin/nfsidmap
-The last parameter, 600, defines how many seconds into the future the key will
+.I /usr/sbin/nfsidmap.
+The
+.B -t 600
+defines how many seconds into the future the key will
expire. This is an optional parameter for
.I /usr/sbin/nfsidmap
and will default to 600 seconds when not specified.
generic upcall program. If you would like to use your own program for a uid
lookup then you would edit your request-key.conf so it looks similar to this:
.PP
-create id_resolver uid:* * /some/other/program %k %d 600
+create id_resolver uid:* * /some/other/program %k %d
.br
-create id_resolver * * /usr/sbin/nfsidmap %k %d 600
+create id_resolver * * /usr/sbin/nfsidmap %k %d
.PP
Notice that the new line was added above the line for the generic program.
request-key will find the first matching line and run the corresponding program.