X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=utils%2Fidmapd%2Fidmapd.c;h=19bf7a601b5ba562258420facc9fec2083047d5e;hp=5fc7811a8465b3c5be2ce35ef85c628fc639d092;hb=da31666c2663759c28c4cff4b2125c5062a51cac;hpb=f8d5dd05dd28fe122832b229c5298d254eb4b581 diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c index 5fc7811..19bf7a6 100644 --- a/utils/idmapd/idmapd.c +++ b/utils/idmapd/idmapd.c @@ -345,7 +345,9 @@ main(int argc, char **argv) errx(1, "Could not find group \"%s\"", nobodygroup); nobodygid = gr->gr_gid; +#ifdef HAVE_NFS4_SET_DEBUG nfs4_set_debug(verbose, idmapd_warnx); +#endif if (conf_path == NULL) conf_path = _PATH_IDMAPDCONF; if (nfs4_init_name_mapping(conf_path)) @@ -539,7 +541,8 @@ nfsdcb(int fd, short which, void *data) struct idmap_client *ic = data; struct idmap_msg im; u_char buf[IDMAP_MAXMSGSZ + 1]; - size_t len, bsiz; + size_t len; + ssize_t bsiz; char *bp, typebuf[IDMAP_MAXMSGSZ], buf1[IDMAP_MAXMSGSZ], authbuf[IDMAP_MAXMSGSZ], *p; unsigned long tmp; @@ -556,7 +559,7 @@ nfsdcb(int fd, short which, void *data) /* Get rid of newline and terminate buffer*/ buf[len - 1] = '\0'; - bp = buf; + bp = (char *)buf; memset(&im, 0, sizeof(im)); @@ -606,7 +609,7 @@ nfsdcb(int fd, short which, void *data) imconv(ic, &im); buf[0] = '\0'; - bp = buf; + bp = (char *)buf; bsiz = sizeof(buf); /* Authentication name */ @@ -623,10 +626,18 @@ nfsdcb(int fd, short which, void *data) snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + cache_entry_expiration); addfield(&bp, &bsiz, buf1); - /* ID */ - snprintf(buf1, sizeof(buf1), "%u", im.im_id); - addfield(&bp, &bsiz, buf1); + /* Note that we don't want to write the id if the mapping + * failed; instead, by leaving it off, we write a negative + * cache entry which will result in an error returned to + * the client. We don't want a chown or setacl referring + * to an unknown user to result in giving permissions to + * "nobody"! */ + if (im.im_status == IDMAP_STATUS_SUCCESS) { + /* ID */ + snprintf(buf1, sizeof(buf1), "%u", im.im_id); + addfield(&bp, &bsiz, buf1); + } //if (bsiz == sizeof(buf)) /* XXX */ bp[-1] = '\n'; @@ -643,6 +654,8 @@ nfsdcb(int fd, short which, void *data) snprintf(buf1, sizeof(buf1), "%lu", time(NULL) + cache_entry_expiration); addfield(&bp, &bsiz, buf1); + /* Note we're ignoring the status field in this case; we'll + * just map to nobody instead. */ /* Name */ addfield(&bp, &bsiz, im.im_name); @@ -715,6 +728,13 @@ nfscb(int fd, short which, void *data) imconv(ic, &im); + /* XXX: I don't like ignoring this error in the id->name case, + * but we've never returned it, and I need to check that the client + * can handle it gracefully before starting to return it now. */ + + if (im.im_status == IDMAP_STATUS_LOOKUPFAIL) + im.im_status = IDMAP_STATUS_SUCCESS; + if (atomicio(write, ic->ic_fd, &im, sizeof(im)) != sizeof(im)) idmapd_warn("nfscb: write(%s)", ic->ic_path); out: @@ -834,8 +854,10 @@ idtonameres(struct idmap_msg *im) } break; } - /* XXX Hack? */ - im->im_status = IDMAP_STATUS_SUCCESS; + if (ret) + im->im_status = IDMAP_STATUS_LOOKUPFAIL; + else + im->im_status = IDMAP_STATUS_SUCCESS; } static void @@ -845,30 +867,29 @@ nametoidres(struct idmap_msg *im) gid_t gid; int ret = 0; - /* XXX: nobody fallbacks shouldn't always happen: - * server id -> name should be OK - * client name -> id should be OK - * but not otherwise */ /* XXX: move nobody stuff to library calls * (nfs4_get_nobody_user(domain), nfs4_get_nobody_group(domain)) */ - /* XXX: should make this call higher up in the call chain (so we'd - * have a chance on looking up server/whatever. */ + + im->im_status = IDMAP_STATUS_SUCCESS; + switch (im->im_type) { case IDMAP_TYPE_USER: ret = nfs4_name_to_uid(im->im_name, &uid); im->im_id = (u_int32_t) uid; - if (ret) + if (ret) { + im->im_status = IDMAP_STATUS_LOOKUPFAIL; im->im_id = nobodyuid; - break; + } + return; case IDMAP_TYPE_GROUP: ret = nfs4_name_to_gid(im->im_name, &gid); im->im_id = (u_int32_t) gid; - if (ret) + if (ret) { + im->im_status = IDMAP_STATUS_LOOKUPFAIL; im->im_id = nobodygid; - break; + } + return; } - /* XXX? */ - im->im_status = IDMAP_STATUS_SUCCESS; } static int