* [PATCH] nfs-utils: add and use nfs_authsys_create
@ 2010-02-19 23:05 Jeff Layton
2010-02-20 4:11 ` Jeff Layton
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jeff Layton @ 2010-02-19 23:05 UTC (permalink / raw)
To: steved; +Cc: chuck.lever, linux-nfs
The current mount, umount and showmount code uses
authunix_create_default to get an auth handle. The one provided by glibc
returned a truncated list of groups when there were more than 16 groups.
libtirpc however currently does an abort() in this case, which causes
the program to crash and dump core.
nfs-utils just uses these auth handles for the MNT protocol, so the
group list doesn't make a lot of difference here. Add a new function
that creates an auth handle with a supplemental gids list that consists
only of the primary gid. Have nfs-utils use that function anywhere that
it currently uses authunix_create_default. Also, have the caller
properly check for a NULL return from that function.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
support/include/nfsrpc.h | 3 +++
support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
utils/mount/network.c | 15 ++++++++++++---
utils/showmount/showmount.c | 8 +++++++-
4 files changed, 43 insertions(+), 4 deletions(-)
diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
index 4db35ab..6ebefca 100644
--- a/support/include/nfsrpc.h
+++ b/support/include/nfsrpc.h
@@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap,
const unsigned short protocol,
const struct timeval *timeout);
+/* create AUTH_SYS handle with no supplemental groups */
+extern AUTH * nfs_authsys_create(void);
+
#endif /* !__NFS_UTILS_NFSRPC_H */
diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
index 0e20824..aa6a205 100644
--- a/support/nfs/rpc_socket.c
+++ b/support/nfs/rpc_socket.c
@@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[])
return program;
}
+
+/*
+ * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list.
+ * If there are more than that, trying to determine which ones to include
+ * in the list is problematic. This function creates an auth handle that
+ * only has the primary gid in the supplemental gids list. It's intended to
+ * be used for protocols where credentials really don't matter much (the MNT
+ * protocol, for instance).
+ */
+AUTH *
+nfs_authsys_create(void)
+{
+ char machname[MAXHOSTNAMELEN + 1];
+ uid_t uid = geteuid();
+ gid_t gid = getegid();
+
+ if (gethostname(machname, sizeof(machname)) == -1)
+ return NULL;
+
+ return authsys_create(machname, uid, gid, 1, &gid);
+}
diff --git a/utils/mount/network.c b/utils/mount/network.c
index 8dc183a..c541257 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -857,7 +857,14 @@ int nfs_advise_umount(const struct sockaddr *sap, const socklen_t salen,
return 0;
}
- client->cl_auth = authunix_create_default();
+ client->cl_auth = nfs_authsys_create();
+ if (client->cl_auth == NULL) {
+ if (verbose)
+ nfs_error(_("%s: Failed to create RPC auth handle"),
+ progname);
+ CLNT_DESTROY(client);
+ return 0;
+ }
res = CLNT_CALL(client, MOUNTPROC_UMNT,
(xdrproc_t)xdr_dirpath, (caddr_t)argp,
@@ -957,8 +964,10 @@ CLIENT *mnt_openclnt(clnt_addr_t *mnt_server, int *msock)
}
if (clnt) {
/* try to mount hostname:dirname */
- clnt->cl_auth = authunix_create_default();
- return clnt;
+ clnt->cl_auth = nfs_authsys_create();
+ if (clnt->cl_auth)
+ return clnt;
+ CLNT_DESTROY(clnt);
}
return NULL;
}
diff --git a/utils/showmount/showmount.c b/utils/showmount/showmount.c
index f567093..394f528 100644
--- a/utils/showmount/showmount.c
+++ b/utils/showmount/showmount.c
@@ -194,7 +194,13 @@ int main(int argc, char **argv)
}
mclient = nfs_get_mount_client(hostname, mount_vers_tbl[vers]);
- mclient->cl_auth = authunix_create_default();
+ mclient->cl_auth = nfs_authsys_create();
+ if (mclient->cl_auth == NULL) {
+ fprintf(stderr, "%s: unable to create RPC auth handle.\n",
+ program_name);
+ clnt_destroy(mclient);
+ exit(1);
+ }
total_timeout.tv_sec = TOTAL_TIMEOUT;
total_timeout.tv_usec = 0;
--
1.6.6
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] nfs-utils: add and use nfs_authsys_create
2010-02-19 23:05 [PATCH] nfs-utils: add and use nfs_authsys_create Jeff Layton
@ 2010-02-20 4:11 ` Jeff Layton
2010-03-01 13:08 ` Steve Dickson
2010-03-08 15:36 ` Steve Dickson
2 siblings, 0 replies; 6+ messages in thread
From: Jeff Layton @ 2010-02-20 4:11 UTC (permalink / raw)
To: steved; +Cc: chuck.lever, linux-nfs
On Fri, 19 Feb 2010 18:05:28 -0500
Jeff Layton <jlayton@redhat.com> wrote:
> The current mount, umount and showmount code uses
> authunix_create_default to get an auth handle. The one provided by glibc
> returned a truncated list of groups when there were more than 16 groups.
> libtirpc however currently does an abort() in this case, which causes
> the program to crash and dump core.
>
> nfs-utils just uses these auth handles for the MNT protocol, so the
> group list doesn't make a lot of difference here. Add a new function
> that creates an auth handle with a supplemental gids list that consists
> only of the primary gid. Have nfs-utils use that function anywhere that
> it currently uses authunix_create_default. Also, have the caller
> properly check for a NULL return from that function.
>
> Signed-off-by: Jeff Layton <jlayton@redhat.com>
My apologies -- I mistakenly sent out an earlier version of this patch
instead of the latest. I just sent the right version of this patch as
"try #2".
--
Jeff Layton <jlayton@redhat.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nfs-utils: add and use nfs_authsys_create
2010-02-19 23:05 [PATCH] nfs-utils: add and use nfs_authsys_create Jeff Layton
2010-02-20 4:11 ` Jeff Layton
@ 2010-03-01 13:08 ` Steve Dickson
2010-03-08 15:36 ` Steve Dickson
2 siblings, 0 replies; 6+ messages in thread
From: Steve Dickson @ 2010-03-01 13:08 UTC (permalink / raw)
To: Jeff Layton; +Cc: chuck.lever, linux-nfs
On 02/19/2010 06:05 PM, Jeff Layton wrote:
> The current mount, umount and showmount code uses
> authunix_create_default to get an auth handle. The one provided by glibc
> returned a truncated list of groups when there were more than 16 groups.
> libtirpc however currently does an abort() in this case, which causes
> the program to crash and dump core.
>
> nfs-utils just uses these auth handles for the MNT protocol, so the
> group list doesn't make a lot of difference here. Add a new function
> that creates an auth handle with a supplemental gids list that consists
> only of the primary gid. Have nfs-utils use that function anywhere that
> it currently uses authunix_create_default. Also, have the caller
> properly check for a NULL return from that function.
>
> Signed-off-by: Jeff Layton <jlayton@redhat.com>
> ---
> support/include/nfsrpc.h | 3 +++
> support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
> utils/mount/network.c | 15 ++++++++++++---
> utils/showmount/showmount.c | 8 +++++++-
> 4 files changed, 43 insertions(+), 4 deletions(-)
>
>
Committed...
steved.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] nfs-utils: add and use nfs_authsys_create
2010-02-19 23:05 [PATCH] nfs-utils: add and use nfs_authsys_create Jeff Layton
2010-02-20 4:11 ` Jeff Layton
2010-03-01 13:08 ` Steve Dickson
@ 2010-03-08 15:36 ` Steve Dickson
[not found] ` <4B951984.9070101-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2 siblings, 1 reply; 6+ messages in thread
From: Steve Dickson @ 2010-03-08 15:36 UTC (permalink / raw)
To: Jeff Layton; +Cc: chuck.lever, linux-nfs
On 02/19/2010 06:05 PM, Jeff Layton wrote:
> The current mount, umount and showmount code uses
> authunix_create_default to get an auth handle. The one provided by glibc
> returned a truncated list of groups when there were more than 16 groups.
> libtirpc however currently does an abort() in this case, which causes
> the program to crash and dump core.
>
> nfs-utils just uses these auth handles for the MNT protocol, so the
> group list doesn't make a lot of difference here. Add a new function
> that creates an auth handle with a supplemental gids list that consists
> only of the primary gid. Have nfs-utils use that function anywhere that
> it currently uses authunix_create_default. Also, have the caller
> properly check for a NULL return from that function.
>
> Signed-off-by: Jeff Layton <jlayton@redhat.com>
> ---
> support/include/nfsrpc.h | 3 +++
> support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
> utils/mount/network.c | 15 ++++++++++++---
> utils/showmount/showmount.c | 8 +++++++-
> 4 files changed, 43 insertions(+), 4 deletions(-)
>
> diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
> index 4db35ab..6ebefca 100644
> --- a/support/include/nfsrpc.h
> +++ b/support/include/nfsrpc.h
> @@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap,
> const unsigned short protocol,
> const struct timeval *timeout);
>
> +/* create AUTH_SYS handle with no supplemental groups */
> +extern AUTH * nfs_authsys_create(void);
> +
> #endif /* !__NFS_UTILS_NFSRPC_H */
> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
> index 0e20824..aa6a205 100644
> --- a/support/nfs/rpc_socket.c
> +++ b/support/nfs/rpc_socket.c
> @@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[])
>
> return program;
> }
> +
> +/*
> + * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list.
> + * If there are more than that, trying to determine which ones to include
> + * in the list is problematic. This function creates an auth handle that
> + * only has the primary gid in the supplemental gids list. It's intended to
> + * be used for protocols where credentials really don't matter much (the MNT
> + * protocol, for instance).
> + */
> +AUTH *
> +nfs_authsys_create(void)
> +{
> + char machname[MAXHOSTNAMELEN + 1];
> + uid_t uid = geteuid();
> + gid_t gid = getegid();
> +
> + if (gethostname(machname, sizeof(machname)) == -1)
> + return NULL;
> +
> + return authsys_create(machname, uid, gid, 1, &gid);
> +}
The following patch is needed to fix regression when tirpc is
disabled:
steved.
Author: Steve Dickson <steved@redhat.com>
Date: Mon Mar 8 10:24:44 2010 -0500
Use authunix_create() instead of authsys_create() to fix regression.
Commit 409b8 introduced a regression when the --disable-tirpc
configuration flag is set. The authsys_create() interface, which
was introduced, does not exist in the legacy glibc library.
Since the authsys_create() interface is a redefined of the
authunix_create() interface, which is defined in glibc, using
authunix_create() resolves the regression,
Signed-off-by: Steve Dickson <steved@redhat.com>
diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
index aa6a205..c14efe8 100644
--- a/support/nfs/rpc_socket.c
+++ b/support/nfs/rpc_socket.c
@@ -576,5 +576,5 @@ nfs_authsys_create(void)
if (gethostname(machname, sizeof(machname)) == -1)
return NULL;
- return authsys_create(machname, uid, gid, 1, &gid);
+ return authunix_create(machname, uid, gid, 1, &gid);
}
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-03-08 16:12 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-19 23:05 [PATCH] nfs-utils: add and use nfs_authsys_create Jeff Layton
2010-02-20 4:11 ` Jeff Layton
2010-03-01 13:08 ` Steve Dickson
2010-03-08 15:36 ` Steve Dickson
[not found] ` <4B951984.9070101-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-03-08 15:40 ` Jeff Layton
[not found] ` <20100308104032.53593709-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2010-03-08 16:12 ` Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox