From: Steve Dickson <SteveD@redhat.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: chuck.lever@oracle.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] nfs-utils: add and use nfs_authsys_create
Date: Mon, 08 Mar 2010 11:12:03 -0500 [thread overview]
Message-ID: <4B9521D3.8080207@RedHat.com> (raw)
In-Reply-To: <20100308104032.53593709-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
On 03/08/2010 10:40 AM, Jeff Layton wrote:
> On Mon, 08 Mar 2010 10:36:36 -0500
> Steve Dickson <SteveD@redhat.com> wrote:
>
>>
>>
>> On 02/19/2010 06:05 PM, Jeff Layton wrote:
>>> The current mount, umount and showmount code uses
>>> authunix_create_default to get an auth handle. The one provided by glibc
>>> returned a truncated list of groups when there were more than 16 groups.
>>> libtirpc however currently does an abort() in this case, which causes
>>> the program to crash and dump core.
>>>
>>> nfs-utils just uses these auth handles for the MNT protocol, so the
>>> group list doesn't make a lot of difference here. Add a new function
>>> that creates an auth handle with a supplemental gids list that consists
>>> only of the primary gid. Have nfs-utils use that function anywhere that
>>> it currently uses authunix_create_default. Also, have the caller
>>> properly check for a NULL return from that function.
>>>
>>> Signed-off-by: Jeff Layton <jlayton@redhat.com>
>>> ---
>>> support/include/nfsrpc.h | 3 +++
>>> support/nfs/rpc_socket.c | 21 +++++++++++++++++++++
>>> utils/mount/network.c | 15 ++++++++++++---
>>> utils/showmount/showmount.c | 8 +++++++-
>>> 4 files changed, 43 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/support/include/nfsrpc.h b/support/include/nfsrpc.h
>>> index 4db35ab..6ebefca 100644
>>> --- a/support/include/nfsrpc.h
>>> +++ b/support/include/nfsrpc.h
>>> @@ -160,4 +160,7 @@ extern int nfs_rpc_ping(const struct sockaddr *sap,
>>> const unsigned short protocol,
>>> const struct timeval *timeout);
>>>
>>> +/* create AUTH_SYS handle with no supplemental groups */
>>> +extern AUTH * nfs_authsys_create(void);
>>> +
>>> #endif /* !__NFS_UTILS_NFSRPC_H */
>>> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
>>> index 0e20824..aa6a205 100644
>>> --- a/support/nfs/rpc_socket.c
>>> +++ b/support/nfs/rpc_socket.c
>>> @@ -557,3 +557,24 @@ rpcprog_t nfs_getrpcbyname(const rpcprog_t program, const char *table[])
>>>
>>> return program;
>>> }
>>> +
>>> +/*
>>> + * AUTH_SYS doesn't allow more than 16 gids in the supplemental group list.
>>> + * If there are more than that, trying to determine which ones to include
>>> + * in the list is problematic. This function creates an auth handle that
>>> + * only has the primary gid in the supplemental gids list. It's intended to
>>> + * be used for protocols where credentials really don't matter much (the MNT
>>> + * protocol, for instance).
>>> + */
>>> +AUTH *
>>> +nfs_authsys_create(void)
>>> +{
>>> + char machname[MAXHOSTNAMELEN + 1];
>>> + uid_t uid = geteuid();
>>> + gid_t gid = getegid();
>>> +
>>> + if (gethostname(machname, sizeof(machname)) == -1)
>>> + return NULL;
>>> +
>>> + return authsys_create(machname, uid, gid, 1, &gid);
>>> +}
>> The following patch is needed to fix regression when tirpc is
>> disabled:
>>
>> steved.
>>
>> Author: Steve Dickson <steved@redhat.com>
>> Date: Mon Mar 8 10:24:44 2010 -0500
>>
>> Use authunix_create() instead of authsys_create() to fix regression.
>>
>> Commit 409b8 introduced a regression when the --disable-tirpc
>> configuration flag is set. The authsys_create() interface, which
>> was introduced, does not exist in the legacy glibc library.
>>
>> Since the authsys_create() interface is a redefined of the
>> authunix_create() interface, which is defined in glibc, using
>> authunix_create() resolves the regression,
>>
>> Signed-off-by: Steve Dickson <steved@redhat.com>
>>
>> diff --git a/support/nfs/rpc_socket.c b/support/nfs/rpc_socket.c
>> index aa6a205..c14efe8 100644
>> --- a/support/nfs/rpc_socket.c
>> +++ b/support/nfs/rpc_socket.c
>> @@ -576,5 +576,5 @@ nfs_authsys_create(void)
>> if (gethostname(machname, sizeof(machname)) == -1)
>> return NULL;
>>
>> - return authsys_create(machname, uid, gid, 1, &gid);
>> + return authunix_create(machname, uid, gid, 1, &gid);
>> }
>>
>
> Acked-by: Jeff Layton <jlayton@redhat.com>
Committed....
steved.
prev parent reply other threads:[~2010-03-08 16:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-19 23:05 [PATCH] nfs-utils: add and use nfs_authsys_create Jeff Layton
2010-02-20 4:11 ` Jeff Layton
2010-03-01 13:08 ` Steve Dickson
2010-03-08 15:36 ` Steve Dickson
[not found] ` <4B951984.9070101-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2010-03-08 15:40 ` Jeff Layton
[not found] ` <20100308104032.53593709-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2010-03-08 16:12 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B9521D3.8080207@RedHat.com \
--to=steved@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox