* [PATCH] nfsidmap: Purge the keyring when its full.
@ 2012-01-12 15:58 Steve Dickson
2012-01-12 19:22 ` Trond Myklebust
0 siblings, 1 reply; 3+ messages in thread
From: Steve Dickson @ 2012-01-12 15:58 UTC (permalink / raw)
To: Linux NFS Mailing List
When a key can not be added to a keyring because
the keyring is full, keyctl_instantiate() will fail
with the errno being set to -EDQUOT. To recover,
purge the keyring of all its keys and then try to
add the new key.
Signed-off-by: Steve Dickson <steved@redhat.com>
---
utils/nfsidmap/nfsidmap.c | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
index ce8cf3e..470f9d4 100644
--- a/utils/nfsidmap/nfsidmap.c
+++ b/utils/nfsidmap/nfsidmap.c
@@ -3,6 +3,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <errno.h>
#include <pwd.h>
#include <grp.h>
@@ -25,6 +26,7 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
#define DEFAULT_KEYRING "id_resolver"
#endif
+static int keyring_clear(char *keyring);
#define UIDKEYS 0x1
#define GIDKEYS 0x2
@@ -52,6 +54,14 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type)
if (rc == 0) {
rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
+ if (rc < 0 && errno == -EDQUOT) {
+ /*
+ * The keyring is full. Clear the keyring and try again
+ */
+ rc = keyring_clear(DEFAULT_KEYRING);
+ if (rc == 0)
+ rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
+ }
if (rc < 0)
xlog_err("id_lookup: keyctl_instantiate failed: %m");
}
@@ -105,7 +115,6 @@ static int keyring_clear(char *keyring)
char buf[BUFSIZ];
key_serial_t key;
- xlog_syslog(0);
if (keyring == NULL)
keyring = DEFAULT_KEYRING;
@@ -172,7 +181,7 @@ static int key_revoke(char *keystr, int keymask)
if ((keymask & mask) == 0)
continue;
- if (strncmp(ptr+4, keystr, strlen(keystr)) != NULL)
+ if (strncmp(ptr+4, keystr, strlen(keystr)) != 0)
continue;
if (verbose) {
@@ -255,6 +264,7 @@ int main(int argc, char **argv)
return rc;
}
if (clearing) {
+ xlog_syslog(0);
rc = keyring_clear(DEFAULT_KEYRING);
return rc;
}
--
1.7.7.5
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] nfsidmap: Purge the keyring when its full.
2012-01-12 15:58 [PATCH] nfsidmap: Purge the keyring when its full Steve Dickson
@ 2012-01-12 19:22 ` Trond Myklebust
2012-01-12 19:54 ` Steve Dickson
0 siblings, 1 reply; 3+ messages in thread
From: Trond Myklebust @ 2012-01-12 19:22 UTC (permalink / raw)
To: Steve Dickson; +Cc: Linux NFS Mailing List
On Thu, 2012-01-12 at 10:58 -0500, Steve Dickson wrote:
> When a key can not be added to a keyring because
> the keyring is full, keyctl_instantiate() will fail
> with the errno being set to -EDQUOT. To recover,
> purge the keyring of all its keys and then try to
> add the new key.
>
> Signed-off-by: Steve Dickson <steved@redhat.com>
> ---
> utils/nfsidmap/nfsidmap.c | 14 ++++++++++++--
> 1 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
> index ce8cf3e..470f9d4 100644
> --- a/utils/nfsidmap/nfsidmap.c
> +++ b/utils/nfsidmap/nfsidmap.c
> @@ -3,6 +3,7 @@
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> +#include <errno.h>
>
> #include <pwd.h>
> #include <grp.h>
> @@ -25,6 +26,7 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
> #define DEFAULT_KEYRING "id_resolver"
> #endif
>
> +static int keyring_clear(char *keyring);
>
> #define UIDKEYS 0x1
> #define GIDKEYS 0x2
> @@ -52,6 +54,14 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type)
>
> if (rc == 0) {
> rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
> + if (rc < 0 && errno == -EDQUOT) {
Shouldn't the above be a test for -ENFILE (or perhaps for both)?
> + /*
> + * The keyring is full. Clear the keyring and try again
> + */
> + rc = keyring_clear(DEFAULT_KEYRING);
> + if (rc == 0)
> + rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
> + }
> if (rc < 0)
> xlog_err("id_lookup: keyctl_instantiate failed: %m");
> }
> @@ -105,7 +115,6 @@ static int keyring_clear(char *keyring)
> char buf[BUFSIZ];
> key_serial_t key;
>
> - xlog_syslog(0);
> if (keyring == NULL)
> keyring = DEFAULT_KEYRING;
>
> @@ -172,7 +181,7 @@ static int key_revoke(char *keystr, int keymask)
> if ((keymask & mask) == 0)
> continue;
>
> - if (strncmp(ptr+4, keystr, strlen(keystr)) != NULL)
> + if (strncmp(ptr+4, keystr, strlen(keystr)) != 0)
> continue;
>
> if (verbose) {
> @@ -255,6 +264,7 @@ int main(int argc, char **argv)
> return rc;
> }
> if (clearing) {
> + xlog_syslog(0);
> rc = keyring_clear(DEFAULT_KEYRING);
> return rc;
> }
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@netapp.com
www.netapp.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] nfsidmap: Purge the keyring when its full.
2012-01-12 19:22 ` Trond Myklebust
@ 2012-01-12 19:54 ` Steve Dickson
0 siblings, 0 replies; 3+ messages in thread
From: Steve Dickson @ 2012-01-12 19:54 UTC (permalink / raw)
To: Trond Myklebust; +Cc: Linux NFS Mailing List
On 01/12/2012 02:22 PM, Trond Myklebust wrote:
> On Thu, 2012-01-12 at 10:58 -0500, Steve Dickson wrote:
>> When a key can not be added to a keyring because
>> the keyring is full, keyctl_instantiate() will fail
>> with the errno being set to -EDQUOT. To recover,
>> purge the keyring of all its keys and then try to
>> add the new key.
>>
>> Signed-off-by: Steve Dickson <steved@redhat.com>
>> ---
>> utils/nfsidmap/nfsidmap.c | 14 ++++++++++++--
>> 1 files changed, 12 insertions(+), 2 deletions(-)
>>
>> diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c
>> index ce8cf3e..470f9d4 100644
>> --- a/utils/nfsidmap/nfsidmap.c
>> +++ b/utils/nfsidmap/nfsidmap.c
>> @@ -3,6 +3,7 @@
>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <string.h>
>> +#include <errno.h>
>>
>> #include <pwd.h>
>> #include <grp.h>
>> @@ -25,6 +26,7 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]";
>> #define DEFAULT_KEYRING "id_resolver"
>> #endif
>>
>> +static int keyring_clear(char *keyring);
>>
>> #define UIDKEYS 0x1
>> #define GIDKEYS 0x2
>> @@ -52,6 +54,14 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type)
>>
>> if (rc == 0) {
>> rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
>> + if (rc < 0 && errno == -EDQUOT) {
>
> Shouldn't the above be a test for -ENFILE (or perhaps for both)?
Taking a look at the code, again, it appears -ENFILE is returned
when there is no room for the new key. -EDQUOT and -ENOMEM are
returned when there is no memory for the payload data.
We might as well purge the keyring when we get any of those
error just to free up memory....
steved.
>
>> + /*
>> + * The keyring is full. Clear the keyring and try again
>> + */
>> + rc = keyring_clear(DEFAULT_KEYRING);
>> + if (rc == 0)
>> + rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
>> + }
>> if (rc < 0)
>> xlog_err("id_lookup: keyctl_instantiate failed: %m");
>> }
>> @@ -105,7 +115,6 @@ static int keyring_clear(char *keyring)
>> char buf[BUFSIZ];
>> key_serial_t key;
>>
>> - xlog_syslog(0);
>> if (keyring == NULL)
>> keyring = DEFAULT_KEYRING;
>>
>> @@ -172,7 +181,7 @@ static int key_revoke(char *keystr, int keymask)
>> if ((keymask & mask) == 0)
>> continue;
>>
>> - if (strncmp(ptr+4, keystr, strlen(keystr)) != NULL)
>> + if (strncmp(ptr+4, keystr, strlen(keystr)) != 0)
>> continue;
>>
>> if (verbose) {
>> @@ -255,6 +264,7 @@ int main(int argc, char **argv)
>> return rc;
>> }
>> if (clearing) {
>> + xlog_syslog(0);
>> rc = keyring_clear(DEFAULT_KEYRING);
>> return rc;
>> }
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-01-12 19:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-12 15:58 [PATCH] nfsidmap: Purge the keyring when its full Steve Dickson
2012-01-12 19:22 ` Trond Myklebust
2012-01-12 19:54 ` Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).