From: Steve Dickson <SteveD@redhat.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: chuck.lever@oracle.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] nfs-utils: add and use nfs_authsys_create
Date: Mon, 08 Mar 2010 11:12:03 -0500 [thread overview]
Message-ID: <4B9521D3.8080207@RedHat.com> (raw)
In-Reply-To: <20100308104032.53593709-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
On 03/08/2010 10:40 AM, Jeff Layton wrote:
> On Mon, 08 Mar 2010 10:36:36 -0500
> Steve Dickson <SteveD@redhat.com> wrote:
>
>>
>>
>> On 02/19/2010 06:05 PM, Jeff Layton wrote:
>>> The current mount, umount and showmount code uses
>>> authunix_create_default to get an auth handle. The one provided by glibc
>>> returned a truncated list of groups when there were more than 16 groups.
>>> libtirpc however currently does an abort() in this case, which causes
>>> the program to crash and dump core.
>>>
>>> nfs-utils just uses these auth handles for the MNT protocol, so the
>>> group list doesn't make a lot of difference here. Add a new function
>>> that creates an auth handle with a supplemental gids list that consists
>>> only of the primary gid. Have nfs-utils use that function anywhere that
>>> it currently uses authunix_create_default. Also, have the caller
>>> properly check for a NULL return from that function.
>>>
>>> Signed-off-by: Jeff Layton <jlayton@redhat.com>
>>> ---
>>> support/include/nfsrpc.h | 3 +++
>>> support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
>>> utils/mount/network.c | 15 ++++++++++++---
>>> utils/showmount/showmount.c | 8 +++++++-
>>> 4 files changed, 43 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
>>> index 4db35ab..6ebefca 100644
>>> --- a/support/include/nfsrpc.h
>>> +++ b/support/include/nfsrpc.h
>>> @@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap,
>>> const unsigned short protocol,
>>> const struct timeval *timeout);
>>>
>>> +/* create AUTH_SYS handle with no supplemental groups */
>>> +extern AUTH * nfs_authsys_create(void);
>>> +
>>> #endif /* !__NFS_UTILS_NFSRPC_H */
>>> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
>>> index 0e20824..aa6a205 100644
>>> --- a/support/nfs/rpc_socket.c
>>> +++ b/support/nfs/rpc_socket.c
>>> @@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[])
>>>
>>> return program;
>>> }
>>> +
>>> +/*
>>> + * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list.
>>> + * If there are more than that, trying to determine which ones to include
>>> + * in the list is problematic. This function creates an auth handle that
>>> + * only has the primary gid in the supplemental gids list. It's intended to
>>> + * be used for protocols where credentials really don't matter much (the MNT
>>> + * protocol, for instance).
>>> + */
>>> +AUTH *
>>> +nfs_authsys_create(void)
>>> +{
>>> + char machname[MAXHOSTNAMELEN + 1];
>>> + uid_t uid = geteuid();
>>> + gid_t gid = getegid();
>>> +
>>> + if (gethostname(machname, sizeof(machname)) == -1)
>>> + return NULL;
>>> +
>>> + return authsys_create(machname, uid, gid, 1, &gid);
>>> +}
>> The following patch is needed to fix regression when tirpc is
>> disabled:
>>
>> steved.
>>
>> Author: Steve Dickson <steved@redhat.com>
>> Date: Mon Mar 8 10:24:44 2010 -0500
>>
>> Use authunix_create() instead of authsys_create() to fix regression.
>>
>> Commit 409b8 introduced a regression when the --disable-tirpc
>> configuration flag is set. The authsys_create() interface, which
>> was introduced, does not exist in the legacy glibc library.
>>
>> Since the authsys_create() interface is a redefined of the
>> authunix_create() interface, which is defined in glibc, using
>> authunix_create() resolves the regression,
>>
>> Signed-off-by: Steve Dickson <steved@redhat.com>
>>
>> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
>> index aa6a205..c14efe8 100644
>> --- a/support/nfs/rpc_socket.c
>> +++ b/support/nfs/rpc_socket.c
>> @@ -576,5 +576,5 @@ nfs_authsys_create(void)
>> if (gethostname(machname, sizeof(machname)) == -1)
>> return NULL;
>>
>> - return authsys_create(machname, uid, gid, 1, &gid);
>> + return authunix_create(machname, uid, gid, 1, &gid);
>> }
>>
>
> Acked-by: Jeff Layton <jlayton@redhat.com>
Committed....
steved.
prev parent reply other threads:[~2010-03-08 16:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-19 23:05 [PATCH] nfs-utils: add and use nfs_authsys_create Jeff Layton
2010-02-20 4:11 ` Jeff Layton
2010-03-01 13:08 ` Steve Dickson
2010-03-08 15:36 ` Steve Dickson
[not found] ` <4B951984.9070101-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-03-08 15:40 ` Jeff Layton
[not found] ` <20100308104032.53593709-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2010-03-08 16:12 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B9521D3.8080207@RedHat.com \
--to=steved@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.