powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

libnfsidmap package update 

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>
master
basebuilder_pel7ppc64bebuilder0 6 years ago
parent
d4f0a7e96c
commit
3b91a59589
15 changed files with 2743 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      SOURCES/libnfsidmap-0.2-memleak.patch
  2. 34
      SOURCES/libnfsidmap-0.2-negativerets.patch
  3. 806
      SOURCES/libnfsidmap-0.2-stripnewlines.patch
  4. 149
      SOURCES/libnfsidmap-0.25-dns-resolved.patch
  5. 409
      SOURCES/libnfsidmap-0.25-multidomain.patch
  6. 108
      SOURCES/libnfsidmap-0.25-nobody.patch
  7. 40
      SOURCES/libnfsidmap-0.25-nssgssprinc.patch
  8. 42
      SOURCES/libnfsidmap-0.25-nullnames.patch
  9. 22
      SOURCES/libnfsidmap-0.25-strrchr.patch
  10. 13
      SOURCES/libnfsidmap-0.25-txt-bigrec.patch
  11. 253
      SOURCES/libnfsidmap-0.25-warnings.patch
  12. 148
      SOURCES/libnfsidmap-0.25-whitspaces.patch
  13. 30
      SOURCES/libnfsidmap-0.25-zero-ids.patch
  14. 438
      SOURCES/libnfsidmap-0.26-rc3.patch
  15. 230
      SPECS/libnfsidmap.spec

21
SOURCES/libnfsidmap-0.2-memleak.patch
Unescape View File

@ -0,0 +1,21 @@ @@ -0,0 +1,21 @@
commit c7edb02d52d048e9e82c0431a3256df3675668ac
Author: Steve Dickson <steved@redhat.com>
Date: Wed Aug 17 14:57:01 2016 -0400

Fixed a memory leak nss_name_to_gid()
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/nss.c b/nss.c
index 47c6b14..0f12351 100644
--- a/nss.c
+++ b/nss.c
@@ -242,7 +242,7 @@ static int nss_name_to_gid(char *name, gid_t *gid)
err = -ENOMEM;
if (buflen > UINT_MAX)
- goto out;
+ goto out_name;
do {
buf = malloc(buflen);

34
SOURCES/libnfsidmap-0.2-negativerets.patch
Unescape View File

@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
diff -up libnfsidmap-0.25/nss.c.save libnfsidmap-0.25/nss.c
--- libnfsidmap-0.25/nss.c.save 2016-08-17 14:09:18.797550853 -0400
+++ libnfsidmap-0.25/nss.c 2016-08-17 14:09:39.021905256 -0400
@@ -44,6 +44,7 @@
#include <netdb.h>
#include <err.h>
#include <grp.h>
+#include <limits.h>
#include "nfsidmap.h"
#include "nfsidmap_internal.h"
#include "cfg.h"
@@ -171,6 +172,9 @@ static struct passwd *nss_getpwnam(const
char *localname;
int err = ENOMEM;
+ if (buflen > UINT_MAX)
+ goto err;
+
buf = malloc(sizeof(*buf) + buflen);
if (buf == NULL)
goto err;
@@ -236,8 +240,11 @@ static int nss_name_to_gid(char *name, g
if (!localname)
goto out;
+ err = -ENOMEM;
+ if (buflen > UINT_MAX)
+ goto out;
+
do {
- err = -ENOMEM;
buf = malloc(buflen);
if (!buf)
goto out_name;

806
SOURCES/libnfsidmap-0.2-stripnewlines.patch
Unescape View File

@ -0,0 +1,806 @@ @@ -0,0 +1,806 @@
commit 6fc893187db3fceb66129a3fd8437f663a5e33d0
Author: Jeff Layton <jeff.layton@primarydata.com>
Date: Tue Sep 8 11:59:25 2015 -0400

Strip newlines out of IDMAP_LOG messages
When logging to syslog, they aren't needed (or desirable) and when
logging to stderr the logging function generally adds it itself.
Note that I did not change gums.c since it defaults to using printf()
as a logging function.
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/libnfsidmap.c b/libnfsidmap.c
index a8a9229..2db4d13 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -141,20 +141,20 @@ static int load_translation_plugin(char *method, struct mapping_plugin *plgn)
dl = dlopen(plgname, RTLD_NOW | RTLD_LOCAL);
if (dl == NULL) {
- IDMAP_LOG(1, ("libnfsidmap: Unable to load plugin: %s\n",
+ IDMAP_LOG(1, ("libnfsidmap: Unable to load plugin: %s",
dlerror()));
return -1;
}
init_func = (libnfsidmap_plugin_init_t) dlsym(dl, PLUGIN_INIT_FUNC);
if (init_func == NULL) {
- IDMAP_LOG(1, ("libnfsidmap: Unable to get init function: %s\n",
+ IDMAP_LOG(1, ("libnfsidmap: Unable to get init function: %s",
dlerror()));
dlclose(dl);
return -1;
}
trans = init_func();
if (trans == NULL) {
- IDMAP_LOG(1, ("libnfsidmap: Failed to initialize plugin %s\n",
+ IDMAP_LOG(1, ("libnfsidmap: Failed to initialize plugin %s",
PLUGIN_INIT_FUNC, plgname));
dlclose(dl);
return -1;
@@ -163,14 +163,14 @@ static int load_translation_plugin(char *method, struct mapping_plugin *plgn)
ret = trans->init();
if (ret) {
IDMAP_LOG(1, ("libnfsidmap: Failed in %s's init(), "
- "returned %d\n", plgname, ret));
+ "returned %d", plgname, ret));
dlclose(dl);
return -1;
}
}
plgn->dl_handle = dl;
plgn->trans = trans;
- IDMAP_LOG(1, ("libnfsidmap: loaded plugin %s for method %s\n",
+ IDMAP_LOG(1, ("libnfsidmap: loaded plugin %s for method %s",
plgname, method));
return 0;
@@ -182,7 +182,7 @@ static void unload_plugins(struct mapping_plugin **plgns)
for (i = 0; plgns[i] != NULL; i++) {
if (plgns[i]->dl_handle && dlclose(plgns[i]->dl_handle))
IDMAP_LOG(1, ("libnfsidmap: failed to "
- "unload plugin for method = %s\n",
+ "unload plugin for method = %s",
plgns[i]->trans->name));
free(plgns[i]);
}
@@ -207,7 +207,7 @@ static int load_plugins(struct conf_list *methods,
goto out;
if (load_translation_plugin(m->field, plgns[i]) == -1) {
IDMAP_LOG(0, ("libnfsidmap: requested translation "
- "method, '%s', is not available\n",
+ "method, '%s', is not available",
m->field));
goto out;
}
@@ -251,7 +251,7 @@ int nfs4_init_name_mapping(char *conffile)
IDMAP_LOG(1, ("libnfsidmap: Unable to determine "
"the NFSv4 domain; Using '%s' as the NFSv4 domain "
"which means UIDs will be mapped to the 'Nobody-User' "
- "user defined in %s\n",
+ "user defined in %s",
IDMAPD_DEFAULT_DOMAIN, PATH_IDMAPDCONF));
default_domain = IDMAPD_DEFAULT_DOMAIN;
}
@@ -344,11 +344,11 @@ int nfs4_init_name_mapping(char *conffile)
if (err == 0 && pw != NULL)
nobody_uid = pw->pw_uid;
else
- IDMAP_LOG(1, ("libnfsidmap: Nobody-User (%s) not found: %s\n",
+ IDMAP_LOG(1, ("libnfsidmap: Nobody-User (%s) not found: %s",
nobody_user, strerror(errno)));
free(buf);
} else
- IDMAP_LOG(0,("libnfsidmap: Nobody-User: no memory : %s\n",
+ IDMAP_LOG(0,("libnfsidmap: Nobody-User: no memory : %s",
nobody_user, strerror(errno)));
}
@@ -365,11 +365,11 @@ int nfs4_init_name_mapping(char *conffile)
if (err == 0 && gr != NULL)
nobody_gid = gr->gr_gid;
else
- IDMAP_LOG(1, ("libnfsidmap: Nobody-Group (%s) not found: %s\n",
+ IDMAP_LOG(1, ("libnfsidmap: Nobody-Group (%s) not found: %s",
nobody_group, strerror(errno)));
free(buf);
} else
- IDMAP_LOG(0,("libnfsidmap: Nobody-Group: no memory : %s\n",
+ IDMAP_LOG(0,("libnfsidmap: Nobody-Group: no memory : %s",
nobody_group, strerror(errno)));
}
@@ -395,7 +395,7 @@ char * get_default_domain(void)
ret = domain_from_dns(&default_domain);
if (ret) {
IDMAP_LOG(0, ("Unable to determine a default nfsv4 domain; "
- " consider specifying one in idmapd.conf\n"));
+ " consider specifying one in idmapd.conf"));
default_domain = "";
}
return default_domain;
@@ -444,12 +444,12 @@ nfs4_get_default_domain(char *server, char *domain, size_t len)
if (plgns[i]->trans->funcname == NULL) \
continue; \
\
- IDMAP_LOG(4, ("%s: calling %s->%s\n", __func__, \
+ IDMAP_LOG(4, ("%s: calling %s->%s", __func__, \
plgns[i]->trans->name, #funcname)); \
\
ret = plgns[i]->trans->funcname(args); \
\
- IDMAP_LOG(4, ("%s: %s->%s returned %d\n", \
+ IDMAP_LOG(4, ("%s: %s->%s returned %d", \
__func__, plgns[i]->trans->name, \
#funcname, ret)); \
\
@@ -458,7 +458,7 @@ nfs4_get_default_domain(char *server, char *domain, size_t len)
\
break; \
} \
- IDMAP_LOG(4, ("%s: final return value is %d\n", \
+ IDMAP_LOG(4, ("%s: final return value is %d", \
__func__, ret)); \
return ret; \
} while (0)
diff --git a/nss.c b/nss.c
index b3fef5a..ffe3333 100644
--- a/nss.c
+++ b/nss.c
@@ -178,10 +178,10 @@ static struct passwd *nss_getpwnam(const char *name, const char *domain, int *er
err = EINVAL;
localname = strip_domain(name, domain);
IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': "
- "resulting localname '%s'\n", name, domain, localname));
+ "resulting localname '%s'", name, domain, localname));
if (localname == NULL) {
IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map "
- "into domain '%s'\n", name,
+ "into domain '%s'", name,
domain ? domain : "<not-provided>"));
goto err_free_buf;
}
@@ -189,7 +189,7 @@ static struct passwd *nss_getpwnam(const char *name, const char *domain, int *er
err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw);
if (pw == NULL && domain != NULL)
IDMAP_LOG(0,
- ("nss_getpwnam: name '%s' not found in domain '%s'\n",
+ ("nss_getpwnam: name '%s' not found in domain '%s'",
localname, domain));
free(localname);
if (err == 0 && pw != NULL) {
diff --git a/static.c b/static.c
index ec04057..9f587af 100644
--- a/static.c
+++ b/static.c
@@ -124,13 +124,13 @@ again:
if (err == 0)
err = ENOENT;
- IDMAP_LOG(0, ("static_getpwnam: localname '%s' for '%s' not found\n",
+ IDMAP_LOG(0, ("static_getpwnam: localname '%s' for '%s' not found",
localname, name));
goto err_free_buf;
}
- IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'\n",
+ IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'",
name, localname));
*err_p = 0;
@@ -174,13 +174,13 @@ again:
if (err == 0)
err = ENOENT;
- IDMAP_LOG(0, ("static_getgrnam: local group '%s' for '%s' not found\n",
+ IDMAP_LOG(0, ("static_getgrnam: local group '%s' for '%s' not found",
localgroup, name));
goto err_free_buf;
}
- IDMAP_LOG(4, ("static_getgrnam: group '%s' mapped to '%s'\n",
+ IDMAP_LOG(4, ("static_getgrnam: group '%s' mapped to '%s'",
name, localgroup));
*err_p = 0;
diff --git a/umich_ldap.c b/umich_ldap.c
index b527c5d..886fa0c 100644
--- a/umich_ldap.c
+++ b/umich_ldap.c
@@ -160,7 +160,7 @@ ldap_init_and_bind(LDAP **pld,
*/
if ((lerr = ldap_initialize(&ld, server_url)) != LDAP_SUCCESS) {
IDMAP_LOG(0, ("ldap_init_and_bind: ldap_initialize() failed "
- "to [%s]: %s (%d)\n", server_url,
+ "to [%s]: %s (%d)", server_url,
ldap_err2string(lerr), lerr));
goto out;
}
@@ -168,7 +168,7 @@ ldap_init_and_bind(LDAP **pld,
if ((ldap_set_option(ld, LDAP_OPT_DEBUG_LEVEL, &debug_level)
!= LDAP_SUCCESS)) {
IDMAP_LOG(0, ("ldap_init_and_bind: error setting ldap "
- "library debugging level\n"));
+ "library debugging level"));
goto out;
}
@@ -179,7 +179,7 @@ ldap_init_and_bind(LDAP **pld,
ldap_get_option(ld, LDAP_OPT_API_INFO, &apiinfo);
if (apiinfo.ldapai_info_version != LDAP_API_INFO_VERSION) {
IDMAP_LOG(0, ("ldap_init_and_bind: APIInfo version mismatch: "
- "library %d, header %d\n",
+ "library %d, header %d",
apiinfo.ldapai_info_version, LDAP_API_INFO_VERSION));
goto out;
}
@@ -189,7 +189,7 @@ ldap_init_and_bind(LDAP **pld,
new_version = LDAP_VERSION3;
IDMAP_LOG(4, ("ldap_init_and_bind: version mismatch between "
"API information and protocol version. Setting "
- "protocol version to %d\n", new_version));
+ "protocol version to %d", new_version));
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &new_version);
}
@@ -212,7 +212,7 @@ ldap_init_and_bind(LDAP **pld,
lerr = ldap_set_option(ld, LDAP_OPT_X_TLS, &tls_type);
if (lerr != LDAP_SUCCESS) {
IDMAP_LOG(2, ("ldap_init_and_bind: setting SSL "
- "failed : %s (%d)\n",
+ "failed : %s (%d)",
ldap_err2string(lerr), lerr));
goto out;
}
@@ -220,7 +220,7 @@ ldap_init_and_bind(LDAP **pld,
linfo->ca_cert);
if (lerr != LDAP_SUCCESS) {
IDMAP_LOG(2, ("ldap_init_and_bind: setting CA "
- "certificate file failed : %s (%d)\n",
+ "certificate file failed : %s (%d)",
ldap_err2string(lerr), lerr));
goto out;
}
@@ -242,24 +242,24 @@ retry_bind:
IDMAP_LOG(2, ("ldap_init_and_bind: "
"got protocol error while attempting "
"bind with protocol version %d, "
- "trying protocol version %d\n",
+ "trying protocol version %d",
current_version, new_version));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("ldap_init_and_bind: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
goto retry_bind;
}
IDMAP_LOG(2, ("ldap_init_and_bind: ldap_simple_bind_s "
- "to [%s] as user '%s': %s (%d)\n",
+ "to [%s] as user '%s': %s (%d)",
server_url, linfo->user_dn,
ldap_err2string(lerr), lerr));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL)&& (*errmsg != '\0')) {
IDMAP_LOG(2, ("ldap_init_and_bind: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
goto out;
@@ -272,12 +272,12 @@ retry_bind:
char *errmsg;
IDMAP_LOG(2, ("ldap_init_and_bind: ldap_simple_bind_s "
- "to [%s] as anonymous: %s (%d)\n", server_url,
+ "to [%s] as anonymous: %s (%d)", server_url,
ldap_err2string(lerr), lerr));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("ldap_init_and_bind: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
goto out;
@@ -323,7 +323,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
attrtype, name))
== LDAP_FILT_MAXSIZ) {
IDMAP_LOG(0, ("ERROR: umich_name_to_ids: filter "
- "too long!\n"));
+ "too long!"));
goto out;
}
base = linfo->people_tree;
@@ -335,13 +335,13 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
attrtype, name))
== LDAP_FILT_MAXSIZ) {
IDMAP_LOG(0, ("ERROR: umich_name_to_ids: filter "
- "too long!\n"));
+ "too long!"));
goto out;
}
base = linfo->group_tree;
}
else {
- IDMAP_LOG(0, ("ERROR: umich_name_to_ids: invalid idtype (%d)\n",
+ IDMAP_LOG(0, ("ERROR: umich_name_to_ids: invalid idtype (%d)",
idtype));
goto out;
}
@@ -360,12 +360,12 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
char *errmsg;
IDMAP_LOG(2, ("umich_name_to_ids: ldap_search_st for "
- "base '%s', filter '%s': %s (%d)\n",
+ "base '%s', filter '%s': %s (%d)",
base, filter, ldap_err2string(err), err));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("umich_name_to_ids: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
err = -ENOENT;
@@ -381,7 +381,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
if (!(entry = ldap_first_entry(ld, result))) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_name_to_ids: ldap_first_entry: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
@@ -402,7 +402,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
if ((idstr = ldap_get_values(ld, result, attr_res)) == NULL) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_name_to_ids: ldap_get_values: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_memfree;
}
if (strcasecmp(attr_res, ldap_map.NFSv4_uid_attr) == 0) {
@@ -411,7 +411,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
if (tmp_uid != tmp_u ||
(errno == ERANGE && tmp_u == ULONG_MAX)) {
IDMAP_LOG(0, ("ERROR: umich_name_to_ids: "
- "uidNumber too long converting '%s'\n",
+ "uidNumber too long converting '%s'",
*idstr));
ldap_memfree(attr_res);
ldap_value_free(idstr);
@@ -424,7 +424,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
if (tmp_gid != tmp_g ||
(errno == ERANGE && tmp_g == ULONG_MAX)) {
IDMAP_LOG(0, ("ERROR: umich_name_to_ids: "
- "gidNumber too long converting '%s'\n",
+ "gidNumber too long converting '%s'",
*idstr));
ldap_memfree(attr_res);
ldap_value_free(idstr);
@@ -433,7 +433,7 @@ umich_name_to_ids(char *name, int idtype, uid_t *uid, gid_t *gid,
*gid = tmp_gid;
} else {
IDMAP_LOG(0, ("umich_name_to_ids: received attr "
- "'%s' ???\n", attr_res));
+ "'%s' ???", attr_res));
ldap_memfree(attr_res);
ldap_value_free(idstr);
goto out_memfree;
@@ -485,7 +485,7 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len,
ldap_map.NFSv4_uid_attr, idstr))
== LDAP_FILT_MAXSIZ) {
IDMAP_LOG(0, ("ERROR: umich_id_to_name: "
- "uid filter too long!\n"));
+ "uid filter too long!"));
goto out;
}
base = linfo->people_tree;
@@ -496,12 +496,12 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len,
ldap_map.NFSv4_gid_attr,idstr))
== LDAP_FILT_MAXSIZ) {
IDMAP_LOG(0, ("ERROR: umich_id_to_name: "
- "gid filter too long!\n"));
+ "gid filter too long!"));
goto out;
}
base = linfo->group_tree;
} else {
- IDMAP_LOG(0, ("ERROR: umich_id_to_name: invalid idtype (%d)\n",
+ IDMAP_LOG(0, ("ERROR: umich_id_to_name: invalid idtype (%d)",
idtype));
err = -EINVAL;
goto out;
@@ -523,12 +523,12 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len,
char * errmsg;
IDMAP_LOG(2, ("umich_id_to_name: ldap_search_st for "
- "base '%s, filter '%s': %s (%d)\n", base, filter,
+ "base '%s, filter '%s': %s (%d)", base, filter,
ldap_err2string(err), err));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("umich_id_to_name: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
@@ -544,21 +544,21 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len,
if (!(entry = ldap_first_entry(ld, result))) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_id_to_name: ldap_first_entry: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
if (!(attr_res = ldap_first_attribute(ld, result, &ber))) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_id_to_name: ldap_first_attribute: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
if ((names = ldap_get_values(ld, result, attr_res)) == NULL) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_id_to_name: ldap_get_values: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_memfree;
}
@@ -571,7 +571,7 @@ umich_id_to_name(uid_t id, int idtype, char **name, size_t len,
if (strlen(names[0]) >= len) {
/* not enough space to return the name */
IDMAP_LOG(1, ("umich_id_to_name: output buffer size (%d) "
- "too small to return string, '%s', of length %d\n",
+ "too small to return string, '%s', of length %d",
len, names[0], strlen(names[0])));
goto out_memfree;
}
@@ -625,7 +625,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
ldap_map.GSS_principal_attr, principal))
== LDAP_FILT_MAXSIZ) {
IDMAP_LOG(0, ("ERROR: umich_gss_princ_to_grouplist: "
- "filter too long!\n"));
+ "filter too long!"));
goto out;
}
@@ -638,13 +638,13 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
char *errmsg;
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st "
- "for tree '%s, filter '%s': %s (%d)\n",
+ "for tree '%s, filter '%s': %s (%d)",
linfo->people_tree, filter,
ldap_err2string(err), err));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
err = -ENOENT;
@@ -655,7 +655,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
count = ldap_count_entries(ld, result);
if (count != 1) {
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: "
- "ldap account lookup of gssauthname %s returned %d accounts\n",
+ "ldap account lookup of gssauthname %s returned %d accounts",
principal,count));
goto out_unbind;
}
@@ -663,14 +663,14 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
if (!(entry = ldap_first_entry(ld, result))) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_first_entry: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
if ((names = ldap_get_values(ld, result, attrs[0])) == NULL) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_get_values: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
@@ -685,7 +685,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
ldap_map.NFSv4_acctname_attr,
names[0])) == LDAP_FILT_MAXSIZ ) {
IDMAP_LOG(2, ("ERROR: umich_gss_princ_to_grouplist: "
- "filter too long!\n"));
+ "filter too long!"));
ldap_value_free(names);
goto out_unbind;
}
@@ -702,13 +702,13 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
char *errmsg;
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st "
- "for tree '%s, filter '%s': %s (%d)\n",
+ "for tree '%s, filter '%s': %s (%d)",
linfo->people_tree, filter,
ldap_err2string(err), err));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS)
&& (errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
err = -ENOENT;
@@ -720,7 +720,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
count = ldap_count_entries(ld, result);
if (count != 1) {
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: "
- "ldap group member lookup of gssauthname %s returned %d multiple entries\n",
+ "ldap group member lookup of gssauthname %s returned %d multiple entries",
principal,count));
goto out_unbind;
}
@@ -728,14 +728,14 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
if (!(entry = ldap_first_entry(ld, result))) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_first_entry: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
if ((names = ldap_get_values(ld, result, attrs[0])) == NULL) {
lerr = ldap_result2error(ld, result, 0);
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_get_values: "
- "%s (%d)\n", ldap_err2string(lerr), lerr));
+ "%s (%d)", ldap_err2string(lerr), lerr));
goto out_unbind;
}
@@ -747,7 +747,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
ldap_value_free(names);
err = -EINVAL;
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: User %s, "
- "number of groups %d, exceeds requested number %d\n",
+ "number of groups %d, exceeds requested number %d",
principal, i, *ngroups));
*ngroups = i;
goto out_unbind;
@@ -780,7 +780,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
if ( f_len == LDAP_FILT_MAXSIZ ) {
IDMAP_LOG(2, ("ERROR: umich_gss_princ_to_grouplist: "
- "filter too long!\n"));
+ "filter too long!"));
ldap_value_free(names);
goto out_unbind;
}
@@ -793,14 +793,14 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
char *errmsg;
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st "
- "for tree '%s, filter '%s': %s (%d)\n",
+ "for tree '%s, filter '%s': %s (%d)",
linfo->group_tree, filter,
ldap_err2string(err), err));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg)==LDAP_SUCCESS)
&&
(errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
continue;
@@ -822,7 +822,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
/* There should be only one gidNumber attribute per group */
if ((valcount = ldap_count_values(vals)) != 1) {
IDMAP_LOG(2, ("DB problem getting gidNumber of "
- "posixGroup! (count was %d)\n", valcount));
+ "posixGroup! (count was %d)", valcount));
ldap_value_free(vals);
continue;
}
@@ -832,7 +832,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
if (tmp_gid != tmp_g ||
(errno == ERANGE && tmp_g == ULONG_MAX)) {
IDMAP_LOG(2, ("ERROR: umich_gss_princ_to_grouplist: "
- "gidNumber too long converting '%s'\n",
+ "gidNumber too long converting '%s'",
vals[0]));
ldap_value_free(vals);
continue;
@@ -867,7 +867,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
if ( f_len == LDAP_FILT_MAXSIZ ) {
IDMAP_LOG(0, ("ERROR: umich_gss_princ_to_grouplist: "
- "filter too long!\n"));
+ "filter too long!"));
ldap_value_free(names);
goto out_unbind;
}
@@ -884,13 +884,13 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
char *errmsg;
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: ldap_search_st "
- "for tree '%s, filter '%s': %s (%d)\n",
+ "for tree '%s, filter '%s': %s (%d)",
linfo->group_tree, filter,
ldap_err2string(err), err));
if ((ldap_get_option(ld, LDAP_OPT_ERROR_STRING, &errmsg) == LDAP_SUCCESS) &&
(errmsg != NULL) && (*errmsg != '\0')) {
IDMAP_LOG(2, ("umich_gss_princ_to_grouplist: "
- "Additional info: %s\n", errmsg));
+ "Additional info: %s", errmsg));
ldap_memfree(errmsg);
}
err = -ENOENT;
@@ -938,7 +938,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
/* There should be only one gidNumber attribute per group */
if ((valcount = ldap_count_values(vals)) != 1) {
IDMAP_LOG(0, ("DB problem getting gidNumber of "
- "posixGroup! (count was %d)\n", valcount));
+ "posixGroup! (count was %d)", valcount));
goto out_unbind;
}
tmp_g = strtoul(vals[0], (char **)NULL, 10);
@@ -946,7 +946,7 @@ umich_gss_princ_to_grouplist(char *principal, gid_t *groups, int *ngroups,
if (tmp_gid != tmp_g ||
(errno == ERANGE && tmp_g == ULONG_MAX)) {
IDMAP_LOG(0, ("ERROR: umich_gss_princ_to_grouplist: "
- "gidNumber too long converting '%s'\n",
+ "gidNumber too long converting '%s'",
vals[0]));
ldap_value_free(vals);
goto out_unbind;
@@ -978,7 +978,7 @@ umichldap_gss_princ_to_ids(char *secname, char *principal,
if ((strcmp(secname, "krb5") != 0) && (strcmp(secname, "spkm3") != 0)) {
IDMAP_LOG(0, ("ERROR: umichldap_gss_princ_to_ids: "
- "invalid secname '%s'\n", secname));
+ "invalid secname '%s'", secname));
return err;
}
@@ -1031,7 +1031,7 @@ umichldap_gss_princ_to_grouplist(char *secname, char *principal,
if ((strcmp(secname, "krb5") != 0) && (strcmp(secname, "spkm3") != 0)) {
IDMAP_LOG(0, ("ERROR: umichldap_gss_princ_to_grouplist: "
- "invalid secname '%s'\n", secname));
+ "invalid secname '%s'", secname));
return err;
}
@@ -1068,11 +1068,11 @@ get_canonical_hostname(const char *inname)
msg = gai_strerror(aierr);
break;
}
- IDMAP_LOG(1, ("%s: '%s': %s\n", __FUNCTION__, inname, msg));
+ IDMAP_LOG(1, ("%s: '%s': %s", __FUNCTION__, inname, msg));
goto out_err;
}
if (ap == 0) {
- IDMAP_LOG(1, ("%s: no addresses for host '%s'?\n",
+ IDMAP_LOG(1, ("%s: no addresses for host '%s'?",
__FUNCTION__, inname));
goto out_err;
}
@@ -1080,7 +1080,7 @@ get_canonical_hostname(const char *inname)
error = getnameinfo (ap->ai_addr, ap->ai_addrlen, tmphost,
sizeof(tmphost), NULL, 0, 0);
if (error) {
- IDMAP_LOG(1, ("%s: getnameinfo for host '%s' failed (%d)\n",
+ IDMAP_LOG(1, ("%s: getnameinfo for host '%s' failed (%d)",
__FUNCTION__, inname));
goto out_free;
}
@@ -1125,7 +1125,7 @@ umichldap_init(void)
strncat(missing_msg, "LDAP_base ", sizeof(missing_msg));
if (strlen(missing_msg) != 0) {
IDMAP_LOG(0, ("umichldap_init: Missing required information: "
- "%s\n", missing_msg));
+ "%s", missing_msg));
goto fail;
}
@@ -1137,7 +1137,7 @@ umichldap_init(void)
canon_name = get_canonical_hostname(server_in);
if (canon_name == NULL)
IDMAP_LOG(0, ("umichldap_init: Warning! Unable to "
- "canonicalize server name '%s' as requested.\n",
+ "canonicalize server name '%s' as requested.",
server_in));
else
ldap_info.server = canon_name;
@@ -1226,56 +1226,56 @@ umichldap_init(void)
if (ldap_info.use_ssl && ldap_info.ca_cert == NULL) {
IDMAP_LOG(0, ("umichldap_init: You must specify LDAP_ca_cert "
- "with LDAP_use_ssl=yes\n"));
+ "with LDAP_use_ssl=yes"));
goto fail;
}
/* print out some good debugging info */
- IDMAP_LOG(1, ("umichldap_init: canonicalize_name: %s\n",
+ IDMAP_LOG(1, ("umichldap_init: canonicalize_name: %s",
canonicalize));
- IDMAP_LOG(1, ("umichldap_init: server : %s (from config value '%s')\n",
+ IDMAP_LOG(1, ("umichldap_init: server : %s (from config value '%s')",
ldap_info.server, server_in));
- IDMAP_LOG(1, ("umichldap_init: port : %d\n", ldap_info.port));
- IDMAP_LOG(1, ("umichldap_init: people : %s\n", ldap_info.people_tree));
- IDMAP_LOG(1, ("umichldap_init: groups : %s\n", ldap_info.group_tree));
+ IDMAP_LOG(1, ("umichldap_init: port : %d", ldap_info.port));
+ IDMAP_LOG(1, ("umichldap_init: people : %s", ldap_info.people_tree));
+ IDMAP_LOG(1, ("umichldap_init: groups : %s", ldap_info.group_tree));
- IDMAP_LOG(1, ("umichldap_init: user_dn : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: user_dn : %s",
(ldap_info.user_dn && strlen(ldap_info.user_dn) != 0)
? ldap_info.user_dn : "<not-supplied>"));
/* Don't print actual password into the log. */
- IDMAP_LOG(1, ("umichldap_init: passwd : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: passwd : %s",
(ldap_info.passwd && strlen(ldap_info.passwd) != 0) ?
"<supplied>" : "<not-supplied>"));
- IDMAP_LOG(1, ("umichldap_init: use_ssl : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: use_ssl : %s",
ldap_info.use_ssl ? "yes" : "no"));
- IDMAP_LOG(1, ("umichldap_init: ca_cert : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: ca_cert : %s",
ldap_info.ca_cert ? ldap_info.ca_cert : "<not-supplied>"));
- IDMAP_LOG(1, ("umichldap_init: use_memberof_for_groups : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: use_memberof_for_groups : %s",
ldap_info.memberof_for_groups ? "yes" : "no"));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_person_objectclass : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_person_objectclass : %s",
ldap_map.NFSv4_person_objcls));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_nfsname_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_nfsname_attr : %s",
ldap_map.NFSv4_nfsname_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_acctname_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_acctname_attr : %s",
ldap_map.NFSv4_acctname_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_uid_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_uid_attr : %s",
ldap_map.NFSv4_uid_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_group_objectclass : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_group_objectclass : %s",
ldap_map.NFSv4_group_objcls));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_gid_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_gid_attr : %s",
ldap_map.NFSv4_gid_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_group_nfsname_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_group_nfsname_attr : %s",
ldap_map.NFSv4_group_nfsname_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_member_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_member_attr : %s",
ldap_map.NFSv4_member_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_member_of_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_member_of_attr : %s",
ldap_map.NFSv4_member_of_attr));
- IDMAP_LOG(1, ("umichldap_init: NFSv4_grouplist_filter : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: NFSv4_grouplist_filter : %s",
ldap_map.NFSv4_grouplist_filter ?
ldap_map.NFSv4_grouplist_filter : "<not-specified>"));
- IDMAP_LOG(1, ("umichldap_init: GSS_principal_attr : %s\n",
+ IDMAP_LOG(1, ("umichldap_init: GSS_principal_attr : %s",
ldap_map.GSS_principal_attr));
return 0;
fail:

149
SOURCES/libnfsidmap-0.25-dns-resolved.patch
Unescape View File

@ -0,0 +1,149 @@ @@ -0,0 +1,149 @@
diff --git a/configure.ac b/configure.ac
index 5179e96..db1cee2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,6 +13,8 @@ AC_PROG_CC
# Checks for libraries.
+AC_CHECK_LIB([resolv], [__res_querydomain], , AC_MSG_ERROR(res_querydomain needed))
+
AC_ARG_ENABLE([ldap],
[AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:@default=detect@:>@])])
if test "x$enable_ldap" != "xno" ; then
diff --git a/libnfsidmap.c b/libnfsidmap.c
index b9c0db3..d484101 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -53,6 +53,10 @@
#include <stdarg.h>
#include <dlfcn.h>
#include <ctype.h>
+#include <resolv.h>
+#include <arpa/nameser.h>
+#include <arpa/nameser_compat.h>
+
#include "nfsidmap.h"
#include "nfsidmap_internal.h"
#include "cfg.h"
@@ -81,6 +85,11 @@ gid_t nobody_gid = (gid_t)-1;
#define IDMAPD_DEFAULT_DOMAIN "localdomain"
#endif
+#ifndef NFS4DNSTXTREC
+#define NFS4DNSTXTREC "_nfsv4idmapdomain"
+#endif
+
+
/* Default logging fuction */
static void default_logger(const char *fmt, ...)
{
@@ -116,6 +125,93 @@ static int id_as_chars(char *name, uid_t *id)
return 1;
}
+static int dns_txt_query(char *domain, char **nfs4domain)
+{
+ char *txtname = NFS4DNSTXTREC;
+ char *msg, *answ, *eom, *mptr;
+ int len, status = -1;
+ HEADER *hdr;
+
+ msg = calloc(1, NS_MAXMSG);
+ if (msg == NULL)
+ return -1;
+
+ answ = calloc(1, NS_MAXMSG);
+ if (answ == NULL) {
+ free(msg);
+ return -1;
+ }
+
+ if (res_init() < 0) {
+ IDMAP_LOG(2, ("libnfsidmap: res_init() failed for %s.%s: %s\n",
+ txtname, domain, hstrerror(h_errno)));
+ goto freemem;
+ }
+ len = res_querydomain(txtname, domain, C_IN, T_TXT, msg, NS_MAXMSG);
+ if (len < 0) {
+ IDMAP_LOG(2, ("libnfsidmap: res_querydomain() failed for %s.%s: %s\n",
+ txtname, domain, hstrerror(h_errno)));
+ goto freemem;
+ }
+ hdr = (HEADER *)msg;
+
+ /* See if there is an answer */
+ if (ntohs(hdr->ancount) < 1) {
+ IDMAP_LOG(2, ("libnfsidmap: No TXT record for %s.%s\n",
+ txtname, domain));
+ goto freemem;
+ }
+ /* find the EndOfMessage */
+ eom = msg + len;
+
+ /* skip header */
+ mptr = &msg[HFIXEDSZ];
+
+ /* skip name field in question section */
+ mptr += dn_skipname(mptr, eom) + QFIXEDSZ;
+
+ /* read in the question */
+ len = dn_expand(msg, eom, mptr, answ, NS_MAXDNAME);
+ if (len < 0) { /* does this really matter?? */
+ IDMAP_LOG(2, ("libnfsidmap: No question section for %s.%s: %s\n",
+ txtname, domain, hstrerror(h_errno)));
+ goto freemem;
+ }
+
+ /*
+ * Now, dissect the answer section, Note: if there
+ * are more than one answer only the first
+ * one will be used.
+ */
+
+ /* skip passed the name field */
+ mptr += dn_skipname(mptr, eom);
+ /* skip pass the type class and ttl fields */
+ mptr += 2 + 2 + 4;
+
+ /* make sure there is some data */
+ GETSHORT(len, mptr);
+ if (len < 0) {
+ IDMAP_LOG(2, ("libnfsidmap: No data in answer for %s.%s\n",
+ txtname, domain));
+ goto freemem;
+ }
+ /* get the lenght field */
+ len = (int)*mptr++;
+ /* copy the data */
+ memcpy(answ, mptr, len);
+ answ[len] = '\0';
+
+ *nfs4domain = strdup(answ);
+ status = 0;
+
+freemem:
+ free(msg);
+ free(answ);
+
+ return (status);
+}
+
static int domain_from_dns(char **domain)
{
struct hostent *he;
@@ -127,7 +223,13 @@ static int domain_from_dns(char **domain)
return -1;
if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
return -1;
- *domain = strdup(c);
+ /*
+ * Query DNS to see if the _nfsv4idmapdomain TXT record exists
+ * If so use it...
+ */
+ if (dns_txt_query(c, domain) < 0)
+ *domain = strdup(c);
+
return 0;
}

409
SOURCES/libnfsidmap-0.25-multidomain.patch
Unescape View File

@ -0,0 +1,409 @@ @@ -0,0 +1,409 @@
diff -up libnfsidmap-0.25/idmapd.conf.5.orig libnfsidmap-0.25/idmapd.conf.5
--- libnfsidmap-0.25/idmapd.conf.5.orig 2017-01-10 13:30:28.696901000 -0500
+++ libnfsidmap-0.25/idmapd.conf.5 2017-01-10 13:32:44.241316000 -0500
@@ -63,6 +63,30 @@ The local NFSv4 domain name. An NFSv4 d
a unique username<->UID and groupname<->GID mapping.
(Default: Host's fully-qualified DNS domain name)
.TP
+.B No-Strip
+In multi-domain environments, some NFS servers will append the identity
+management domain to the owner and owner_group in lieu of a true NFSv4
+domain. This option can facilitate lookups in such environments. If
+set to a value other than "none", the nsswitch plugin will first pass
+the name to the password/group lookup function without stripping the
+domain off. If that mapping fails then the plugin will try again using
+the old method (comparing the domain in the string to the Domain value,
+stripping it if it matches, and passing the resulting short name to the
+lookup function). Valid values are "user", "group", "both", and
+"none".
+(Default: "none")
+.TP
+.B Reformat-Group
+Winbind has a quirk whereby doing a group lookup in UPN format
+(e.g. staff@americas.example.com) will cause the group to be
+displayed prefixed with the full domain in uppercase
+(e.g. AMERICAS.EXAMPLE.COM\\staff) instead of in the familiar netbios
+name format (e.g. AMERICAS\\staff). Setting this option to true
+causes the name to be reformatted before passing it to the group
+lookup function in order to work around this. This setting is
+ignored unless No-Strip is set to either "both" or "group".
+(Default: "false")
+.TP
.B Local-Realms
A comma-separated list of Kerberos realm names that may be considered equivalent to the
local realm name. For example, users juser@ORDER.EDU and juser@MAIL.ORDER.EDU
diff -up libnfsidmap-0.25/idmapd.conf.orig libnfsidmap-0.25/idmapd.conf
--- libnfsidmap-0.25/idmapd.conf.orig 2011-12-05 15:28:10.000000000 -0500
+++ libnfsidmap-0.25/idmapd.conf 2017-01-10 13:32:44.235315000 -0500
@@ -4,6 +4,29 @@
# The default is the host's DNS domain name.
#Domain = local.domain.edu
+# In multi-domain environments, some NFS servers will append the identity
+# management domain to the owner and owner_group in lieu of a true NFSv4
+# domain. This option can facilitate lookups in such environments. If
+# set to a value other than "none", the nsswitch plugin will first pass
+# the name to the password/group lookup function without stripping the
+# domain off. If that mapping fails then the plugin will try again using
+# the old method (comparing the domain in the string to the Domain value,
+# stripping it if it matches, and passing the resulting short name to the
+# lookup function). Valid values are "user", "group", "both", and
+# "none". The default is "none".
+#No-Strip = none
+
+# Winbind has a quirk whereby doing a group lookup in UPN format
+# (e.g. staff@americas.example.com) will cause the group to be
+# displayed prefixed with the full domain in uppercase
+# (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios
+# name format (e.g. AMERICAS\staff). Setting this option to true
+# causes the name to be reformatted before passing it to the group
+# lookup function in order to work around this. This setting is
+# ignored unless No-Strip is set to either "both" or "group".
+# The default is "false".
+#Reformat-Group = false
+
# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
# local realm, such that <user>@REALM.A can be assumed to
diff -up libnfsidmap-0.25/libnfsidmap.c.orig libnfsidmap-0.25/libnfsidmap.c
--- libnfsidmap-0.25/libnfsidmap.c.orig 2017-01-10 13:30:28.837901000 -0500
+++ libnfsidmap-0.25/libnfsidmap.c 2017-01-10 13:32:44.247315000 -0500
@@ -60,6 +60,8 @@
static char *default_domain;
static struct conf_list *local_realms;
int idmap_verbosity = 0;
+int no_strip = 0;
+int reformat_group = 0;
static struct mapping_plugin **nfs4_plugins = NULL;
static struct mapping_plugin **gss_plugins = NULL;
uid_t nobody_uid = (uid_t)-1;
@@ -234,6 +236,8 @@ int nfs4_init_name_mapping(char *conffil
int dflt = 0;
struct conf_list *nfs4_methods, *gss_methods;
char *nobody_user, *nobody_group;
+ char *nostrip;
+ char *reformatgroup;
/* XXX: need to be able to reload configurations... */
if (nfs4_plugins) /* already succesfully initialized */
@@ -306,6 +310,26 @@ int nfs4_init_name_mapping(char *conffil
IDMAP_LOG(1, ("libnfsidmap: Realms list: <NULL> "));
}
+ nostrip = conf_get_str_with_def("General", "No-Strip", "none");
+ if (strcasecmp(nostrip, "both") == 0)
+ no_strip = IDTYPE_USER|IDTYPE_GROUP;
+ else if (strcasecmp(nostrip, "group") == 0)
+ no_strip = IDTYPE_GROUP;
+ else if (strcasecmp(nostrip, "user") == 0)
+ no_strip = IDTYPE_USER;
+ else
+ no_strip = 0;
+
+ if (no_strip & IDTYPE_GROUP) {
+ reformatgroup = conf_get_str_with_def("General", "Reformat-Group", "false");
+ if ((strcasecmp(reformatgroup, "true") == 0) ||
+ (strcasecmp(reformatgroup, "on") == 0) ||
+ (strcasecmp(reformatgroup, "yes") == 0))
+ reformat_group = 1;
+ else
+ reformat_group = 0;
+ }
+
nfs4_methods = conf_get_list("Translation", "Method");
if (nfs4_methods) {
IDMAP_LOG(1, ("libnfsidmap: processing 'Method' list"));
diff -up libnfsidmap-0.25/nfsidmap_internal.h.orig libnfsidmap-0.25/nfsidmap_internal.h
--- libnfsidmap-0.25/nfsidmap_internal.h.orig 2011-12-05 15:28:10.000000000 -0500
+++ libnfsidmap-0.25/nfsidmap_internal.h 2017-01-10 13:32:44.253315000 -0500
@@ -63,6 +63,8 @@ typedef enum {
IDTYPE_GROUP = 2
} idtypes;
+extern int no_strip;
+extern int reformat_group;
extern int idmap_verbosity;
extern nfs4_idmap_log_function_t idmap_log_func;
/* Level zero always prints, others print depending on verbosity level */
diff -up libnfsidmap-0.25/nss.c.orig libnfsidmap-0.25/nss.c
--- libnfsidmap-0.25/nss.c.orig 2017-01-10 13:30:28.892903000 -0500
+++ libnfsidmap-0.25/nss.c 2017-01-10 13:32:44.259316000 -0500
@@ -45,6 +45,7 @@
#include <err.h>
#include <grp.h>
#include <limits.h>
+#include <ctype.h>
#include "nfsidmap.h"
#include "nfsidmap_internal.h"
#include "cfg.h"
@@ -58,14 +59,20 @@
* and ignore the domain entirely when looking up a name.
*/
-static int write_name(char *dest, char *localname, char *domain, size_t len)
+static int write_name(char *dest, char *localname, char *domain, size_t len,
+ int doappend)
{
- if (strlen(localname) + 1 + strlen(domain) + 1 > len) {
- return -ENOMEM; /* XXX: Is there an -ETOOLONG? */
+ if (doappend || !strchr(localname,'@')) {
+ if (strlen(localname) + 1 + strlen(domain) + 1 > len)
+ return -ENOMEM; /* XXX: Is there an -ETOOLONG? */
+ strcpy(dest, localname);
+ strcat(dest, "@");
+ strcat(dest, domain);
+ } else {
+ if (strlen(localname) + 1 > len)
+ return -ENOMEM;
+ strcpy(dest, localname);
}
- strcpy(dest, localname);
- strcat(dest, "@");
- strcat(dest, domain);
return 0;
}
@@ -87,7 +94,10 @@ static int nss_uid_to_name(uid_t uid, ch
err = -ENOENT;
if (err)
goto out_buf;
- err = write_name(name, pw->pw_name, domain, len);
+ if (no_strip & IDTYPE_USER)
+ err = write_name(name, pw->pw_name, domain, len, 0);
+ else
+ err = write_name(name, pw->pw_name, domain, len, 1);
out_buf:
free(buf);
out:
@@ -121,7 +131,10 @@ static int nss_gid_to_name(gid_t gid, ch
if (err)
goto out_buf;
- err = write_name(name, gr->gr_name, domain, len);
+ if (no_strip & IDTYPE_GROUP)
+ err = write_name(name, gr->gr_name, domain, len, 0);
+ else
+ err = write_name(name, gr->gr_name, domain, len, 1);
out_buf:
free(buf);
out:
@@ -164,7 +177,8 @@ struct pwbuf {
char buf[1];
};
-static struct passwd *nss_getpwnam(const char *name, const char *domain, int *err_p)
+static struct passwd *nss_getpwnam(const char *name, const char *domain,
+ int *err_p, int dostrip)
{
struct passwd *pw;
struct pwbuf *buf;
@@ -180,22 +194,29 @@ static struct passwd *nss_getpwnam(const
goto err;
err = EINVAL;
- localname = strip_domain(name, domain);
- IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': "
- "resulting localname '%s'", name, domain, localname));
- if (localname == NULL) {
- IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map "
- "into domain '%s'", name,
- domain ? domain : "<not-provided>"));
- goto err_free_buf;
- }
+ if (dostrip) {
+ localname = strip_domain(name, domain);
+ IDMAP_LOG(4, ("nss_getpwnam: name '%s' domain '%s': "
+ "resulting localname '%s'", name, domain, localname));
+ if (localname == NULL) {
+ IDMAP_LOG(0, ("nss_getpwnam: name '%s' does not map "
+ "into domain '%s'", name,
+ domain ? domain : "<not-provided>"));
+ goto err_free_buf;
+ }
- err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw);
- if (pw == NULL && domain != NULL)
- IDMAP_LOG(0,
- ("nss_getpwnam: name '%s' not found in domain '%s'",
- localname, domain));
- free(localname);
+ err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw);
+ if (pw == NULL && domain != NULL)
+ IDMAP_LOG(1,
+ ("nss_getpwnam: name '%s' not found in domain '%s'",
+ localname, domain));
+ free(localname);
+ } else {
+ err = getpwnam_r(name, &buf->pwbuf, buf->buf, buflen, &pw);
+ if (pw == NULL)
+ IDMAP_LOG(1,
+ ("nss_getpwnam: name '%s' not found (domain not stripped)", name));
+ }
if (err == 0 && pw != NULL) {
*err_p = 0;
return pw;
@@ -217,28 +238,83 @@ static int nss_name_to_uid(char *name, u
int err = -ENOENT;
domain = get_default_domain();
- pw = nss_getpwnam(name, domain, &err);
+ if (no_strip & IDTYPE_USER) {
+ pw = nss_getpwnam(name, domain, &err, 0);
+ if (pw != NULL)
+ goto out_uid;
+ }
+ pw = nss_getpwnam(name, domain, &err, 1);
if (pw == NULL)
goto out;
+out_uid:
*uid = pw->pw_uid;
+ IDMAP_LOG(4, ("nss_name_to_uid: name '%s' uid %u", name, *uid));
free(pw);
err = 0;
out:
return err;
}
-static int nss_name_to_gid(char *name, gid_t *gid)
+static char *reformat_name(const char *name)
+{
+ const char *domain;
+ const char *c;
+ const char *d;
+ char *l = NULL;
+ int len;
+ int dlen = 0;
+ int i;
+
+ c = strchr(name, '@');
+ if (c == NULL)
+ goto out;
+ len = c - name;
+ domain = ++c;
+ d = strchr(domain, '.');
+ if (d == NULL)
+ goto out;
+ dlen = d - domain;
+ l = malloc(dlen + 1 + len + 1);
+ if (l == NULL)
+ goto out;
+ for (i = 0; i < dlen; i++)
+ l[i] = toupper(domain[i]);
+ l[dlen] = '\\';
+ memcpy(l + dlen + 1, name, len);
+ l[dlen + 1 + len] = '\0';
+out:
+ return l;
+}
+
+static int _nss_name_to_gid(char *name, gid_t *gid, int dostrip)
{
struct group *gr = NULL;
struct group grbuf;
- char *buf, *localname, *domain;
+ char *buf, *domain;
size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
int err = -EINVAL;
+ char *localname = NULL;
+ char *ref_name = NULL;
domain = get_default_domain();
- localname = strip_domain(name, domain);
- if (!localname)
- goto out;
+ if (dostrip) {
+ localname = strip_domain(name, domain);
+ IDMAP_LOG(4, ("nss_name_to_gid: name '%s' domain '%s': "
+ "resulting localname '%s'", name, domain, localname));
+ if (!localname) {
+ IDMAP_LOG(0, ("nss_name_to_gid: name '%s' does not map "
+ "into domain '%s'", name, domain));
+ goto out;
+ }
+ } else if (reformat_group) {
+ ref_name = reformat_name(name);
+ if (ref_name == NULL) {
+ IDMAP_LOG(1, ("nss_name_to_gid: failed to reformat name '%s'",
+ name));
+ err = -ENOENT;
+ goto out;
+ }
+ }
err = -ENOMEM;
if (buflen > UINT_MAX)
@@ -248,9 +324,24 @@ static int nss_name_to_gid(char *name, g
buf = malloc(buflen);
if (!buf)
goto out_name;
- err = -getgrnam_r(localname, &grbuf, buf, buflen, &gr);
- if (gr == NULL && !err)
+ if (dostrip)
+ err = -getgrnam_r(localname, &grbuf, buf, buflen, &gr);
+ else if (reformat_group)
+ err = -getgrnam_r(ref_name, &grbuf, buf, buflen, &gr);
+ else
+ err = -getgrnam_r(name, &grbuf, buf, buflen, &gr);
+ if (gr == NULL && !err) {
+ if (dostrip)
+ IDMAP_LOG(1, ("nss_name_to_gid: name '%s' not found "
+ "in domain '%s'", localname, domain));
+ else if (reformat_group)
+ IDMAP_LOG(1, ("nss_name_to_gid: name '%s' not found "
+ "(reformatted)", ref_name));
+ else
+ IDMAP_LOG(1, ("nss_name_to_gid: name '%s' not found "
+ "(domain not stripped)", name));
err = -ENOENT;
+ }
if (err == -ERANGE) {
buflen *= 2;
free(buf);
@@ -260,10 +351,28 @@ static int nss_name_to_gid(char *name, g
if (err)
goto out_buf;
*gid = gr->gr_gid;
+ IDMAP_LOG(4, ("nss_name_to_gid: name '%s' gid %u", name, *gid));
out_buf:
free(buf);
out_name:
- free(localname);
+ if (dostrip)
+ free(localname);
+ if (reformat_group)
+ free(ref_name);
+out:
+ return err;
+}
+
+static int nss_name_to_gid(char *name, gid_t *gid)
+{
+ int err = 0;
+
+ if (no_strip & IDTYPE_GROUP) {
+ err = _nss_name_to_gid(name, gid, 0);
+ if (!err)
+ goto out;
+ }
+ err = _nss_name_to_gid(name, gid, 1);
out:
return err;
}
@@ -306,7 +415,7 @@ static int nss_gss_princ_to_ids(char *se
return -ENOENT;
}
/* XXX: this should call something like getgssauthnam instead? */
- pw = nss_getpwnam(princ, NULL, &err);
+ pw = nss_getpwnam(princ, NULL, &err, 0);
if (pw == NULL) {
err = -ENOENT;
goto out;
@@ -329,7 +438,7 @@ int nss_gss_princ_to_grouplist(char *sec
goto out;
/* XXX: not quite right? Need to know default realm? */
/* XXX: this should call something like getgssauthnam instead? */
- pw = nss_getpwnam(princ, NULL, &ret);
+ pw = nss_getpwnam(princ, NULL, &ret, 0);
if (pw == NULL) {
ret = -ENOENT;
goto out;

108
SOURCES/libnfsidmap-0.25-nobody.patch
Unescape View File

@ -0,0 +1,108 @@ @@ -0,0 +1,108 @@
commit f139de79d91e7773b5b98fe5aca5570f77c7aee9
Author: Christian Seiler <christian@iwakd.de>
Date: Wed Aug 13 12:42:14 2014 -0400

libnfsidmap: respect Nobody-User/Nobody-Group
Previous behavior of libnfsidmap was to do a name lookup of
nobody@DEFAULTDOMAIN (for both user and group), which does not match
the behavior of rpc.idmapd.
This patch makes libnfsidmap respect Nobody-User/Nobody-Group for
lookups, thus making the nfsidmap utility properly handle the case if
nobody@DEFAULTDOMAIN does not directly map to any user/group on the
system.
Signed-off-by: Christian Seiler <christian@iwakd.de>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/libnfsidmap.c b/libnfsidmap.c
index 92bc493..ec5c141 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -62,6 +62,8 @@ static struct conf_list *local_realms;
int idmap_verbosity = 0;
static struct mapping_plugin **nfs4_plugins = NULL;
static struct mapping_plugin **gss_plugins = NULL;
+uid_t nobody_uid = (uid_t)-1;
+gid_t nobody_gid = (gid_t)-1;
#ifndef PATH_PLUGINS
#define PATH_PLUGINS "/usr/lib/libnfsidmap"
@@ -228,6 +230,7 @@ int nfs4_init_name_mapping(char *conffile)
int ret = -ENOENT;
int dflt = 0;
struct conf_list *nfs4_methods, *gss_methods;
+ char *nobody_user, *nobody_group;
/* XXX: need to be able to reload configurations... */
if (nfs4_plugins) /* already succesfully initialized */
@@ -324,6 +327,49 @@ int nfs4_init_name_mapping(char *conffile)
if (load_plugins(gss_methods, &gss_plugins) == -1)
goto out;
}
+
+ nobody_user = conf_get_str("Mapping", "Nobody-User");
+ if (nobody_user) {
+ size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ struct passwd *buf;
+ struct passwd *pw = NULL;
+ int err;
+
+ buf = malloc(sizeof(*buf) + buflen);
+ if (buf) {
+ err = getpwnam_r(nobody_user, buf, ((char *)buf) + sizeof(*buf), buflen, &pw);
+ if (err == 0 && pw != NULL)
+ nobody_uid = pw->pw_uid;
+ else
+ IDMAP_LOG(1, ("libnfsidmap: Nobody-User (%s) not found: %s\n",
+ nobody_user, strerror(errno)));
+ free(buf);
+ } else
+ IDMAP_LOG(0,("libnfsidmap: Nobody-User: no memory : %s\n",
+ nobody_user, strerror(errno)));
+ }
+
+ nobody_group = conf_get_str("Mapping", "Nobody-Group");
+ if (nobody_group) {
+ size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ struct group *buf;
+ struct group *gr = NULL;
+ int err;
+
+ buf = malloc(sizeof(*buf) + buflen);
+ if (buf) {
+ err = getgrnam_r(nobody_group, buf, ((char *)buf) + sizeof(*buf), buflen, &gr);
+ if (err == 0 && gr != NULL)
+ nobody_gid = gr->gr_gid;
+ else
+ IDMAP_LOG(1, ("libnfsidmap: Nobody-Group (%s) not found: %s\n",
+ nobody_group, strerror(errno)));
+ free(buf);
+ } else
+ IDMAP_LOG(0,("libnfsidmap: Nobody-Group: no memory : %s\n",
+ nobody_group, strerror(errno)));
+ }
+
ret = 0;
out:
if (ret) {
@@ -453,6 +499,18 @@ static int set_id_to_nobody(int *id, int is_uid)
int rc = 0;
const char name[] = "nobody@";
char nobody[strlen(name) + strlen(get_default_domain()) + 1];
+
+ /* First try to see whether a Nobody-User/Nobody-Group was
+ * configured, before we try to do a full lookup for the
+ * NFS nobody user. */
+ if (is_uid && nobody_uid != (uid_t)-1) {
+ *id = (int)nobody_uid;
+ return 0;
+ } else if (!is_uid && nobody_gid != (gid_t)-1) {
+ *id = (int)nobody_gid;
+ return 0;
+ }
+
strcpy(nobody, name);
strcat(nobody, get_default_domain());

40
SOURCES/libnfsidmap-0.25-nssgssprinc.patch
Unescape View File

@ -0,0 +1,40 @@ @@ -0,0 +1,40 @@
nss_gss_princ_to_ids() and nss_gss_princ_to_grouplist() must strip the realm

nss_gss_princ_to_ids() and nss_gss_princ_to_grouplist() were hard-coded
to call nss_getpwnam with the 'dostrip' arg set to 0, which is the
opposite of what they should have had. Note: there's no point making
the decision to strip or not to strip configurable in these two
functions. Ideally both of these functions should be taking a
gss_name_t instead of a char * for the principal, calling
gss_localname() on that, and passing the result to nss_getpwnam... but
that would require changes in both rpc.svcgssd and libgssglue (both of
which have been deprecated for a while).

Fixes: 4db1bb1 (libnfsidmap: add options to aid id mapping in multi domain environments)
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
---
nss.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nss.c b/nss.c
index 67e657a..82799ce 100644
--- a/nss.c
+++ b/nss.c
@@ -415,7 +415,7 @@ static int nss_gss_princ_to_ids(char *secname, char *princ,
return -ENOENT;
}
/* XXX: this should call something like getgssauthnam instead? */
- pw = nss_getpwnam(princ, NULL, &err, 0);
+ pw = nss_getpwnam(princ, NULL, &err, 1);
if (pw == NULL) {
err = -ENOENT;
goto out;
@@ -438,7 +438,7 @@ int nss_gss_princ_to_grouplist(char *secname, char *princ,
goto out;
/* XXX: not quite right? Need to know default realm? */
/* XXX: this should call something like getgssauthnam instead? */
- pw = nss_getpwnam(princ, NULL, &ret, 0);
+ pw = nss_getpwnam(princ, NULL, &ret, 1);
if (pw == NULL) {
ret = -ENOENT;
goto out;

42
SOURCES/libnfsidmap-0.25-nullnames.patch
Unescape View File

@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
commit 82718594eb8e6afabc572cea2da1caab69e9a720
Author: Steve Dickson <steved@redhat.com>
Date: Thu Apr 30 13:55:32 2015 -0400

Handle NULL names better
Detect when an application passes in NULL names
and fail gracefully instead of crashing hard.
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/libnfsidmap.c b/libnfsidmap.c
index 833f94c..a8a9229 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -100,8 +100,11 @@ static char * toupper_str(char *s)
static int id_as_chars(char *name, uid_t *id)
{
- long int value = strtol(name, NULL, 10);
+ long int value;
+ if (name == NULL)
+ return 0;
+ value = strtol(name, NULL, 10);
if (value == 0) {
/* zero value ids are valid */
if (strcmp(name, "0") != 0)
diff --git a/nss.c b/nss.c
index f8129fe..b3fef5a 100644
--- a/nss.c
+++ b/nss.c
@@ -135,6 +135,9 @@ static char *strip_domain(const char *name, const char *domain)
char *l = NULL;
int len;
+ if (name == NULL)
+ goto out;
+
c = strrchr(name, '@');
if (c == NULL && domain != NULL)
goto out;

22
SOURCES/libnfsidmap-0.25-strrchr.patch
Unescape View File

@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
commit 309a89975a50bf53c408233a1bb5b10fd579ca30
Author: Signed-off-by: Shijoe Panjikkaran <spanjikk@redhat.com>
Date: Wed Apr 30 13:19:34 2014 -0400

nss: use strrchr() instead of strchr() to get the last occurrence of "@"
Signed-off-by: Shijoe Panjikkaran <spanjikk@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/nss.c b/nss.c
index b2b1227..f8129fe 100644
--- a/nss.c
+++ b/nss.c
@@ -135,7 +135,7 @@ static char *strip_domain(const char *name, const char *domain)
char *l = NULL;
int len;
- c = strchr(name, '@');
+ c = strrchr(name, '@');
if (c == NULL && domain != NULL)
goto out;
if (c == NULL && domain == NULL) {

13
SOURCES/libnfsidmap-0.25-txt-bigrec.patch
Unescape View File

@ -0,0 +1,13 @@ @@ -0,0 +1,13 @@
diff -up libnfsidmap-0.25/libnfsidmap.c.orig libnfsidmap-0.25/libnfsidmap.c
--- libnfsidmap-0.25/libnfsidmap.c.orig 2017-11-15 10:35:56.897700293 -0500
+++ libnfsidmap-0.25/libnfsidmap.c 2017-11-15 10:38:57.655082342 -0500
@@ -128,7 +128,8 @@ static int id_as_chars(char *name, uid_t
static int dns_txt_query(char *domain, char **nfs4domain)
{
char *txtname = NFS4DNSTXTREC;
- char *msg, *answ, *eom, *mptr;
+ unsigned char *msg, *eom, *mptr;
+ char *answ;
int len, status = -1;
HEADER *hdr;

253
SOURCES/libnfsidmap-0.25-warnings.patch
Unescape View File

@ -0,0 +1,253 @@ @@ -0,0 +1,253 @@
diff -up libnfsidmap-0.25/configure.ac.orig libnfsidmap-0.25/configure.ac
--- libnfsidmap-0.25/configure.ac.orig 2014-10-21 10:56:09.384577000 -0400
+++ libnfsidmap-0.25/configure.ac 2014-10-21 10:56:09.382575000 -0400
@@ -0,0 +1,67 @@
+# -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ([2.68])
+AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org])
+AC_CONFIG_SRCDIR([nfsidmap.h])
+AC_CONFIG_MACRO_DIR([m4])
+AM_INIT_AUTOMAKE
+LT_INIT
+
+# Checks for programs.
+AC_PROG_CC
+
+# Checks for libraries.
+
+AC_ARG_ENABLE([ldap],
+ [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:@default=detect@:>@])])
+if test "x$enable_ldap" != "xno" ; then
+ AC_CHECK_HEADER([ldap.h],
+ [AC_CHECK_LIB([ldap], [ldap_initialize],
+ [have_ldap="yes"],[have_ldap="no"])],
+ [have_ldap="no"])
+ if test "x$have_ldap" = "xyes" ; then
+ AC_DEFINE([ENABLE_LDAP], 1, [Enable LDAP Support])
+ elif test "x$enable_ldap$have_ldap" = "xyesno" ; then
+ AC_MSG_ERROR(LDAP support not found!)
+ fi
+fi
+AM_CONDITIONAL(ENABLE_LDAP, test "x$have_ldap" = "xyes")
+
+# Should we build gums mapping library?
+AC_ARG_ENABLE([gums],
+ [AS_HELP_STRING([--enable-gums],[Enable support for the GUMS mapping library @<:@default=false@:>@])])
+if test "x$enable_gums" = "xyes" ; then
+ AC_DEFINE([ENABLE_GUMS], 1, [Enable GUMS mapping library support])
+fi
+AM_CONDITIONAL(ENABLE_GUMS, test "x$enable_gums" = "xyes")
+
+#Where do the Plugins live
+AC_ARG_WITH(pluginpath,
+ [AS_HELP_STRING([--with-pluginpath=/foo],[Causes the library to look in /foo instead of /usr/lib/libnfsidmap for plugins
+ ])],
+ path_plugins=$withval,
+ path_plugins=""
+ )
+if test -n "$path_plugins" ; then
+ AC_DEFINE_UNQUOTED(PATH_PLUGINS, "$path_plugins",
+ [Define this to change the plugins path])
+fi
+AM_CONDITIONAL(PATH_PLUGINS, test -n "$path_plugins")
+
+AC_CONFIG_HEADERS([./config.h])
+# Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS([stdlib.h string.h unistd.h errno.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_TYPE_UID_T
+AC_TYPE_SIZE_T
+
+# Checks for library functions.
+AC_FUNC_MALLOC
+AC_CHECK_FUNCS([strchr strdup])
+
+AC_CONFIG_FILES([Makefile])
+AC_CONFIG_FILES([libnfsidmap.pc])
+AC_OUTPUT
diff -up libnfsidmap-0.25/configure.in.orig libnfsidmap-0.25/configure.in
--- libnfsidmap-0.25/configure.in.orig 2011-12-05 15:48:54.000000000 -0500
+++ libnfsidmap-0.25/configure.in 2014-10-21 10:56:09.388579000 -0400
@@ -1,67 +0,0 @@
-# -*- Autoconf -*-
-# Process this file with autoconf to produce a configure script.
-
-AC_PREREQ([2.68])
-AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org])
-AC_CONFIG_SRCDIR([nfsidmap.h])
-AC_CONFIG_MACRO_DIR([m4])
-AM_INIT_AUTOMAKE
-LT_INIT
-
-# Checks for programs.
-AC_PROG_CC
-
-# Checks for libraries.
-
-AC_ARG_ENABLE([ldap],
- [AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:@default=detect@:>@])])
-if test "x$enable_ldap" != "xno" ; then
- AC_CHECK_HEADER([ldap.h],
- [AC_CHECK_LIB([ldap], [ldap_initialize],
- [have_ldap="yes"],[have_ldap="no"])],
- [have_ldap="no"])
- if test "x$have_ldap" = "xyes" ; then
- AC_DEFINE([ENABLE_LDAP], 1, [Enable LDAP Support])
- elif test "x$enable_ldap$have_ldap" = "xyesno" ; then
- AC_MSG_ERROR(LDAP support not found!)
- fi
-fi
-AM_CONDITIONAL(ENABLE_LDAP, test "x$have_ldap" = "xyes")
-
-# Should we build gums mapping library?
-AC_ARG_ENABLE([gums],
- [AS_HELP_STRING([--enable-gums],[Enable support for the GUMS mapping library @<:@default=false@:>@])])
-if test "x$enable_gums" = "xyes" ; then
- AC_DEFINE([ENABLE_GUMS], 1, [Enable GUMS mapping library support])
-fi
-AM_CONDITIONAL(ENABLE_GUMS, test "x$enable_gums" = "xyes")
-
-#Where do the Plugins live
-AC_ARG_WITH(pluginpath,
- [AS_HELP_STRING([--with-pluginpath=/foo],[Causes the library to look in /foo instead of /usr/lib/libnfsidmap for plugins
- ])],
- path_plugins=$withval,
- path_plugins=""
- )
-if test -n "$path_plugins" ; then
- AC_DEFINE_UNQUOTED(PATH_PLUGINS, "$path_plugins",
- [Define this to change the plugins path])
-fi
-AM_CONDITIONAL(PATH_PLUGINS, test -n "$path_plugins")
-
-AC_CONFIG_HEADERS([./config.h])
-# Checks for header files.
-AC_HEADER_STDC
-AC_CHECK_HEADERS([stdlib.h string.h unistd.h errno.h])
-
-# Checks for typedefs, structures, and compiler characteristics.
-AC_TYPE_UID_T
-AC_TYPE_SIZE_T
-
-# Checks for library functions.
-AC_FUNC_MALLOC
-AC_CHECK_FUNCS([strchr strdup])
-
-AC_CONFIG_FILES([Makefile])
-AC_CONFIG_FILES([libnfsidmap.pc])
-AC_OUTPUT
diff -up libnfsidmap-0.25/libnfsidmap.c.orig libnfsidmap-0.25/libnfsidmap.c
--- libnfsidmap-0.25/libnfsidmap.c.orig 2014-10-21 10:55:29.626400000 -0400
+++ libnfsidmap-0.25/libnfsidmap.c 2014-10-21 10:56:21.180926000 -0400
@@ -98,7 +98,7 @@ static char * toupper_str(char *s)
return s;
}
-static int id_as_chars(char *name, int *id)
+static int id_as_chars(char *name, uid_t *id)
{
long int value = strtol(name, NULL, 10);
@@ -494,7 +494,7 @@ int nfs4_name_to_gid(char *name, gid_t *
RUN_TRANSLATIONS(name_to_gid, 0, name, gid);
}
-static int set_id_to_nobody(int *id, int is_uid)
+static int set_id_to_nobody(uid_t *id, uid_t is_uid)
{
int rc = 0;
const char name[] = "nobody@";
@@ -504,10 +504,10 @@ static int set_id_to_nobody(int *id, int
* configured, before we try to do a full lookup for the
* NFS nobody user. */
if (is_uid && nobody_uid != (uid_t)-1) {
- *id = (int)nobody_uid;
+ *id = (uid_t)nobody_uid;
return 0;
} else if (!is_uid && nobody_gid != (gid_t)-1) {
- *id = (int)nobody_gid;
+ *id = (uid_t)nobody_gid;
return 0;
}
@@ -542,7 +542,7 @@ int nfs4_group_owner_to_gid(char *name,
if (rc && id_as_chars(name, gid))
rc = 0;
else if (rc)
- rc = set_id_to_nobody(gid, 0);
+ rc = set_id_to_nobody((uid_t *)gid, 0);
return rc;
}
diff -up libnfsidmap-0.25/static.c.orig libnfsidmap-0.25/static.c
--- libnfsidmap-0.25/static.c.orig 2014-10-21 10:55:29.588399000 -0400
+++ libnfsidmap-0.25/static.c 2014-10-21 10:56:21.186926000 -0400
@@ -39,6 +39,7 @@
#include <pwd.h>
#include <grp.h>
#include <errno.h>
+#include <err.h>
#include "queue.h"
#include "cfg.h"
@@ -268,7 +269,6 @@ static int static_name_to_gid(char *name
static int static_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
{
- struct passwd *pw;
struct uid_mapping * um;
for (um = LIST_FIRST (&uid_mappings[uid_hash (uid)]); um;
@@ -284,7 +284,6 @@ static int static_uid_to_name(uid_t uid,
static int static_gid_to_name(gid_t gid, char *domain, char *name, size_t len)
{
- struct group *gr;
struct gid_mapping * gm;
for (gm = LIST_FIRST (&gid_mappings[gid_hash (gid)]); gm;
@@ -305,7 +304,6 @@ static int static_gid_to_name(gid_t gid,
static int static_init() {
int err;
- uid_t uid;
struct conf_list * princ_list = NULL;
struct conf_list_node * cln, *next;
struct uid_mapping * unode;
@@ -367,7 +365,7 @@ static int static_init() {
next = TAILQ_NEXT (cln, link);
gr = static_getgrnam(cln->field, NULL, &err);
- if (!pw) {
+ if (!gr) {
continue;
}
@@ -376,19 +374,19 @@ static int static_init() {
{
warnx("static_init: calloc (1, %lu) failed",
(unsigned long)sizeof *gnode);
- free(pw);
+ free(gr);
return -ENOMEM;
}
- gnode->gid = pw->pw_uid;
+ gnode->gid = gr->gr_gid;
gnode->principal = strdup(cln->field);
gnode->localgroup = conf_get_str("Static", cln->field);
if (!gnode->localgroup) {
- free(pw);
+ free(gr);
return -ENOENT;
}
- free(pw);
+ free(gr);
LIST_INSERT_HEAD (&gid_mappings[gid_hash(gnode->gid)], gnode, link);
}

148
SOURCES/libnfsidmap-0.25-whitspaces.patch
Unescape View File

@ -0,0 +1,148 @@ @@ -0,0 +1,148 @@
diff -up libnfsidmap-0.25/cfg.c.orig libnfsidmap-0.25/cfg.c
--- libnfsidmap-0.25/cfg.c.orig 2011-12-05 15:28:10.000000000 -0500
+++ libnfsidmap-0.25/cfg.c 2017-11-17 12:01:56.756692437 -0500
@@ -210,69 +210,98 @@ static void
conf_parse_line (int trans, char *line, size_t sz)
{
char *val;
- size_t i;
- int j;
+ char *ptr;
static char *section = 0;
static int ln = 0;
ln++;
+ /* Strip off any leading blanks */
+ while (isblank(*line))
+ line++;
+
+
/* Lines starting with '#' or ';' are comments. */
if (*line == '#' || *line == ';')
return;
/* '[section]' parsing... */
- if (*line == '[')
- {
- for (i = 1; i < sz; i++)
- if (line[i] == ']')
- break;
- if (section)
- free (section);
- if (i == sz)
- {
- warnx("conf_parse_line: %d:"
- "non-matched ']', ignoring until next section", ln);
- section = 0;
- return;
+ if (*line == '[') {
+ line++;
+
+ if (section) free(section);
+
+ while (isblank(*line)) line++;
+
+ /* find the closing ] */
+ ptr = strchr(line, ']');
+
+ if (ptr == NULL) {
+ warnx("conf_parse_line: %d:"
+ "non-matched ']', ignoring until next section", ln);
+ section = NULL;
+ return;
}
- section = malloc (i);
- if (!section)
- {
- warnx("conf_parse_line: %d: malloc (%lu) failed", ln,
- (unsigned long)i);
- return;
+
+ /* just ignore everything after the closing ] */
+ *(ptr--) = '\0';
+
+ /* strip off any blanks before ']' */
+ while (ptr >= line && isblank(*ptr))
+ *(ptr--) = '\0';
+
+ section = strdup(line);
+ if (!section) {
+ warnx("conf_parse_line: %d: malloc failed", ln);
+
}
- strlcpy (section, line + 1, i);
- return;
- }
+ return;
+ }
/* Deal with assignments. */
- for (i = 0; i < sz; i++)
- if (line[i] == '=')
- {
- /* If no section, we are ignoring the lines. */
- if (!section)
- {
+ ptr = strchr(line, '=');
+
+ /* not an assignment line */
+ if (ptr == NULL) {
+ /* and not just whitespace either, weird */
+ if (line[strspn(line, " \t")])
+ warnx("conf_parse_line: %d: syntax error", ln);
+ return;
+ }
+
+ /* If no section, we are ignoring the lines. */
+ if (!section) {
warnx("conf_parse_line: %d: ignoring line due to no section", ln);
return;
- }
- line[strcspn (line, " \t=")] = '\0';
- val = line + i + 1 + strspn (line + i + 1, " \t");
- /* Skip trailing whitespace, if any */
- for (j = sz - (val - line) - 1; j > 0 && isspace (val[j]); j--)
- val[j] = '\0';
- /* XXX Perhaps should we not ignore errors? */
- conf_set (trans, section, line, val, 0, 0);
- return;
- }
-
- /* Other non-empty lines are weird. */
- i = strspn (line, " \t");
- if (line[i])
- warnx("conf_parse_line: %d: syntax error", ln);
+ }
- return;
+ val = ptr + 1;
+ *(ptr--) = '\0';
+
+ /* strip spaces before and after the = */
+ while (ptr >= line && isblank(*ptr))
+ *(ptr--) = '\0';
+ while (*val != '\0' && isblank(*val))
+ val++;
+
+ /* trim any trailing spaces or comments */
+ if ((ptr=strchr(val, '#'))!=NULL) *ptr = '\0';
+ if ((ptr=strchr(val, ';'))!=NULL) *ptr = '\0';
+ ptr = val + strlen(val) - 1;
+ while (ptr > val && isspace(*ptr))
+ *(ptr--) = '\0';
+
+ if (*line == '\0') {
+ warnx("conf_parse_line: %d: missing tag in assignment", ln);
+ return;
+ }
+ if (*val == '\0') {
+ warnx("conf_parse_line: %d: missing value in assignment", ln);
+ return;
+ }
+
+ /* XXX Perhaps should we not ignore errors? */
+ conf_set (trans, section, line, val, 0, 0);
}
/* Parse the mapped configuration file. */

30
SOURCES/libnfsidmap-0.25-zero-ids.patch
Unescape View File

@ -0,0 +1,30 @@ @@ -0,0 +1,30 @@
commit 3226c06989186d9cd60ba146df4e2898fee5047b
Author: Steve Dickson <steved@redhat.com>
Date: Wed Apr 30 11:14:22 2014 -0400

libnfsidmap: id_as_chars() fails zero value ids.
Root has a zero value id which is valid and
should not be mapped to nfsnobody
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/libnfsidmap.c b/libnfsidmap.c
index 641d766..92bc493 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -99,8 +99,12 @@ static char * toupper_str(char *s)
static int id_as_chars(char *name, int *id)
{
long int value = strtol(name, NULL, 10);
- if (value == 0)
- return 0;
+
+ if (value == 0) {
+ /* zero value ids are valid */
+ if (strcmp(name, "0") != 0)
+ return 0;
+ }
*id = (int)value;
return 1;
}

438
SOURCES/libnfsidmap-0.26-rc3.patch
Unescape View File

@ -0,0 +1,438 @@ @@ -0,0 +1,438 @@
diff --git a/.gitignore b/.gitignore
index 6244609..d24d727 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,18 +17,13 @@ libnfsidmap.pc
libtool
.libs/
libnfsidmap.la
-libnfsidmap_la-cfg.lo
-libnfsidmap_la-libnfsidmap.lo
-libnfsidmap_la-strlcpy.lo
-nss.lo
nsswitch.la
static.la
-static.lo
umich_ldap.la
-umich_ldap.lo
configure.in~
m4/
*.o
+*.lo
cscope.*
config.h
config.h.in
diff --git a/autogen.sh b/autogen.sh
index ee89987..c17f6be 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -37,5 +37,6 @@ fi
aclocal
libtoolize --force --copy
-autoupdate
+autoheader
+automake --add-missing --copy --gnu
autoreconf -vi -Wall
diff --git a/idmapd.conf.5 b/idmapd.conf.5
index 9c7f1ae..de1bfa9 100644
--- a/idmapd.conf.5
+++ b/idmapd.conf.5
@@ -31,7 +31,7 @@
.\"
.TH idmapd.conf 5 "19 Nov 2008"
.SH NAME
-idmapd.conf
+idmapd.conf \- configuration file for libnfsidmap
.SH SYNOPSIS
Configuration file for libnfsidmap. Used by idmapd and svcgssd to map NFSv4 name to and from ids.
.SH DESCRIPTION
@@ -234,7 +234,6 @@ Number of seconds before timing out an LDAP request
.\" -------------------------------------------------------------------
.\"
.SH EXAMPLES
-."
An example
.I /etc/idmapd.conf
file:
@@ -266,7 +265,7 @@ johndoe@OTHER.DOMAIN.ORG = johnny
LDAP_server = ldap.domain.org
LDAP_base = dc=org,dc=domain
-.fo
+.fi
.\"
.\" -------------------------------------------------------------------
.\" Additional sections
@@ -275,11 +274,11 @@ LDAP_base = dc=org,dc=domain
.SH SEE ALSO
.BR idmapd (8)
.BR svcgssd (8)
-.".SH COMPATIBILITY
-.".SH STANDARDS
-.".SH ACKNOWLEDGEMENTS
-.".SH AUTHORS
-.".SH HISTORY
+.\".SH COMPATIBILITY
+.\".SH STANDARDS
+.\".SH ACKNOWLEDGEMENTS
+.\".SH AUTHORS
+.\".SH HISTORY
.SH BUGS
Report bugs to <nfsv4@linux-nfs.org>
-.".SH CAVEATS
+.\".SH CAVEATS
diff --git a/libnfsidmap.c b/libnfsidmap.c
index 57bb6c3..641d766 100644
--- a/libnfsidmap.c
+++ b/libnfsidmap.c
@@ -285,8 +285,9 @@ int nfs4_init_name_mapping(char *conffile)
}
buf = malloc(siz);
if (buf) {
+ *buf = 0;
TAILQ_FOREACH(r, &local_realms->fields, link) {
- sprintf(buf, "'%s' ", r->field);
+ sprintf(buf+strlen(buf), "'%s' ", r->field);
}
IDMAP_LOG(1, ("libnfsidmap: Realms list: %s", buf));
free(buf);
diff --git a/static.c b/static.c
index fffd458..8be87e8 100644
--- a/static.c
+++ b/static.c
@@ -40,6 +40,7 @@
#include <grp.h>
#include <errno.h>
+#include "queue.h"
#include "cfg.h"
#include "nfsidmap.h"
#include "nfsidmap_internal.h"
@@ -57,6 +58,40 @@ struct pwbuf {
char buf[1];
};
+struct grbuf {
+ struct group grbuf;
+ char buf[1];
+};
+
+struct uid_mapping {
+ LIST_ENTRY (uid_mapping) link;
+ uid_t uid;
+ char * principal;
+ char * localname;
+};
+
+struct gid_mapping {
+ LIST_ENTRY (gid_mapping) link;
+ gid_t gid;
+ char * principal;
+ char * localgroup;
+};
+
+static __inline__ u_int8_t uid_hash (uid_t uid)
+{
+ return uid % 256;
+}
+
+static __inline__ u_int8_t gid_hash (gid_t gid)
+{
+ return gid % 256;
+}
+
+//Hash tables of uid and guids to principals mappings.
+//We reuse some queue/hash functions from cfg.c.
+LIST_HEAD (uid_mappings, uid_mapping) uid_mappings[256];
+LIST_HEAD (gid_mappings, gid_mapping) gid_mappings[256];
+
static struct passwd *static_getpwnam(const char *name, const char *domain,
int *err_p)
{
@@ -75,12 +110,9 @@ static struct passwd *static_getpwnam(const char *name, const char *domain,
localname = conf_get_str("Static", (char *)name);
if (!localname) {
err = ENOENT;
- goto err;
+ goto err_free_buf;
}
- IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'\n",
- name, localname));
-
again:
err = getpwnam_r(localname, &buf->pwbuf, buf->buf, buflen, &pw);
@@ -91,12 +123,15 @@ again:
if (err == 0)
err = ENOENT;
- IDMAP_LOG(0, ("static_getpwnam: name '%s' not found\n",
- localname));
+ IDMAP_LOG(0, ("static_getpwnam: localname '%s' for '%s' not found\n",
+ localname, name));
goto err_free_buf;
}
+ IDMAP_LOG(4, ("static_getpwnam: name '%s' mapped to '%s'\n",
+ name, localname));
+
*err_p = 0;
return pw;
@@ -107,6 +142,56 @@ err:
return NULL;
}
+static struct group *static_getgrnam(const char *name, const char *domain,
+ int *err_p)
+{
+ struct group *gr;
+ struct grbuf *buf;
+ size_t buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ char *localgroup;
+ int err;
+
+ buf = malloc(sizeof(*buf) + buflen);
+ if (!buf) {
+ err = ENOMEM;
+ goto err;
+ }
+
+ localgroup = conf_get_str("Static", (char *)name);
+ if (!localgroup) {
+ err = ENOENT;
+ goto err_free_buf;
+ }
+
+again:
+ err = getgrnam_r(localgroup, &buf->grbuf, buf->buf, buflen, &gr);
+
+ if (err == EINTR)
+ goto again;
+
+ if (!gr) {
+ if (err == 0)
+ err = ENOENT;
+
+ IDMAP_LOG(0, ("static_getgrnam: local group '%s' for '%s' not found\n",
+ localgroup, name));
+
+ goto err_free_buf;
+ }
+
+ IDMAP_LOG(4, ("static_getgrnam: group '%s' mapped to '%s'\n",
+ name, localgroup));
+
+ *err_p = 0;
+ return gr;
+
+err_free_buf:
+ free(buf);
+err:
+ *err_p = err;
+ return NULL;
+}
+
static int static_gss_princ_to_ids(char *secname, char *princ,
uid_t *uid, uid_t *gid,
extra_mapping_params **ex)
@@ -151,14 +236,173 @@ static int static_gss_princ_to_grouplist(char *secname, char *princ,
return -err;
}
+static int static_name_to_uid(char *name, uid_t *uid)
+{
+ struct passwd *pw;
+ int err;
+
+ pw = static_getpwnam(name, NULL, &err);
+
+ if (pw) {
+ *uid = pw->pw_uid;
+ free(pw);
+ }
+
+ return -err;
+}
+
+static int static_name_to_gid(char *name, gid_t *gid)
+{
+ struct group *gr;
+ int err;
+
+ gr = static_getgrnam(name, NULL, &err);
+
+ if (gr) {
+ *gid = gr->gr_gid;
+ free(gr);
+ }
+
+ return -err;
+}
+
+static int static_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
+{
+ struct passwd *pw;
+ struct uid_mapping * um;
+
+ for (um = LIST_FIRST (&uid_mappings[uid_hash (uid)]); um;
+ um = LIST_NEXT (um, link)) {
+ if (um->uid == uid) {
+ strcpy(name, um->principal);
+ return 0;
+ }
+ }
+
+ return -ENOENT;
+}
+
+static int static_gid_to_name(gid_t gid, char *domain, char *name, size_t len)
+{
+ struct group *gr;
+ struct gid_mapping * gm;
+
+ for (gm = LIST_FIRST (&gid_mappings[gid_hash (gid)]); gm;
+ gm = LIST_NEXT (gm, link)) {
+ if (gm->gid == gid) {
+ strcpy(name, gm->principal);
+ return 0;
+ }
+ }
+
+ return -ENOENT;
+}
+
+/*
+ * We buffer all UID's for which static mappings is defined in advance, so the
+ * uid_to_name functions will be fast enough.
+ */
+
+static int static_init() {
+ int err;
+ uid_t uid;
+ struct conf_list * princ_list = NULL;
+ struct conf_list_node * cln, *next;
+ struct uid_mapping * unode;
+ struct gid_mapping * gnode;
+ struct passwd * pw = NULL;
+ struct group * gr = NULL;
+ unsigned int i;
+
+ //init hash_table first
+ for (i = 0; i < sizeof uid_mappings / sizeof uid_mappings[0]; i++)
+ LIST_INIT (&uid_mappings[i]);
+
+ //get all principals for which we have mappings
+ princ_list = conf_get_tag_list("Static");
+
+ if (!princ_list) {
+ return -ENOENT;
+ }
+
+ /* As we can not distinguish between mappings for users and groups, we try to
+ * resolve all mappings for both cases.
+ */
+
+ //resolve uid of localname account for all such principals and cache it
+ for (cln = TAILQ_FIRST (&princ_list->fields); cln; cln = next)
+ {
+ next = TAILQ_NEXT (cln, link);
+
+ pw = static_getpwnam(cln->field, NULL, &err);
+ if (!pw) {
+ continue;
+ }
+
+ unode = calloc (1, sizeof *unode);
+ if (!unode)
+ {
+ warnx("static_init: calloc (1, %lu) failed",
+ (unsigned long)sizeof *unode);
+ free(pw);
+ return -ENOMEM;
+ }
+ unode->uid = pw->pw_uid;
+ unode->principal = strdup(cln->field);
+
+ unode->localname = conf_get_str("Static", cln->field);
+ if (!unode->localname) {
+ free(pw);
+ return -ENOENT;
+ }
+
+ free(pw);
+
+ LIST_INSERT_HEAD (&uid_mappings[uid_hash(unode->uid)], unode, link);
+ }
+
+ //resolve gid of localgroup accounts and cache it
+ for (cln = TAILQ_FIRST (&princ_list->fields); cln; cln = next)
+ {
+ next = TAILQ_NEXT (cln, link);
+
+ gr = static_getgrnam(cln->field, NULL, &err);
+ if (!pw) {
+ continue;
+ }
+
+ gnode = calloc (1, sizeof *gnode);
+ if (!gnode)
+ {
+ warnx("static_init: calloc (1, %lu) failed",
+ (unsigned long)sizeof *gnode);
+ free(pw);
+ return -ENOMEM;
+ }
+ gnode->gid = pw->pw_uid;
+ gnode->principal = strdup(cln->field);
+
+ gnode->localgroup = conf_get_str("Static", cln->field);
+ if (!gnode->localgroup) {
+ free(pw);
+ return -ENOENT;
+ }
+
+ free(pw);
+
+ LIST_INSERT_HEAD (&gid_mappings[gid_hash(gnode->gid)], gnode, link);
+ }
+ return 0;
+}
+
struct trans_func static_trans = {
.name = "static",
- .init = NULL,
- .name_to_uid = NULL,
- .name_to_gid = NULL,
- .uid_to_name = NULL,
- .gid_to_name = NULL,
+ .init = static_init,
+ .name_to_uid = static_name_to_uid,
+ .name_to_gid = static_name_to_gid,
+ .uid_to_name = static_uid_to_name,
+ .gid_to_name = static_gid_to_name,
.princ_to_ids = static_gss_princ_to_ids,
.gss_princ_to_grouplist = static_gss_princ_to_grouplist,
};
diff --git a/umich_ldap.c b/umich_ldap.c
index f482b0a..b527c5d 100644
--- a/umich_ldap.c
+++ b/umich_ldap.c
@@ -32,8 +32,6 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifdef ENABLE_LDAP
-
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
@@ -1302,4 +1300,3 @@ struct trans_func *libnfsidmap_plugin_init()
{
return (&umichldap_trans);
}
-#endif

230
SPECS/libnfsidmap.spec
Unescape View File

@ -0,0 +1,230 @@ @@ -0,0 +1,230 @@
%define _root_libdir /%{_lib}

Summary: NFSv4 User and Group ID Mapping Library
Name: libnfsidmap
Version: 0.25
Release: 19%{?dist}
Provides: libnfsidmap
Obsoletes: nfs-utils-lib
URL: http://www.citi.umich.edu/projects/nfsv4/linux/
License: BSD

Source0: http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/%{name}-%{version}.tar.gz

Patch001: libnfsidmap-0.26-rc3.patch
Patch002: libnfsidmap-0.25-zero-ids.patch
Patch003: libnfsidmap-0.25-nobody.patch
Patch004: libnfsidmap-0.25-strrchr.patch
Patch005: libnfsidmap-0.25-warnings.patch
#
# RHEL7.2
#
Patch006: libnfsidmap-0.25-nullnames.patch
#
# RHEL7.3
#
Patch007: libnfsidmap-0.2-stripnewlines.patch
Patch008: libnfsidmap-0.2-negativerets.patch
Patch009: libnfsidmap-0.2-memleak.patch
#
# RHEL7.4
#
Patch010: libnfsidmap-0.25-multidomain.patch
Patch011: libnfsidmap-0.25-dns-resolved.patch
Patch012: libnfsidmap-0.25-nssgssprinc.patch
#
# RHEL7.5
#
Patch013: libnfsidmap-0.25-txt-bigrec.patch
Patch014: libnfsidmap-0.25-whitspaces.patch

Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: pkgconfig, openldap-devel
BuildRequires: automake, libtool
Requires(postun): /sbin/ldconfig
Requires(pre): /sbin/ldconfig
Requires: openldap

%description
Library that handles mapping between names and ids for NFSv4.

%package devel
Summary: Development files for the libnfsidmap library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig

%description devel
This package includes header files and libraries necessary for
developing programs which use the libnfsidmap library.

%prep
%setup -q

%patch001 -p1

#
# RHEL7.1
#
# 1093093 - chown does not respect NFSv4 no_root_squash
%patch002 -p1
# 1129790 - libnfsidmap: respect Nobody-User/Nobody-Group
%patch003 -p1
# 1114053 - RFE: Make rpcidmap and NFS accept full qualified usernames as a user.
%patch004 -p1
# 1152658 - A large number of warning occur when the source is compiled
%patch005 -p1
# 1214882 - libnfsidmap: crash due to not checking argument
%patch006 -p1
# 1261124 - libnfsidmap: strip newlines out of IDMAP_LOG messages
%patch007 -p1
# 1271449 - "Covscan test" failures in errata RHBA-2015:20444-05....
%patch008 -p1
%patch009 -p1
# 1378557 - NFSv4 id mapping issues in multi-domain environments
%patch010 -p1
# 980925 - rpc.idmapd should support getting the NFSv4 ID Domains from DNS
%patch011 -p1
# 1420352 - Cannot create file in it's directory using kerberos....
%patch012 -p1
# 1498210 - domain lookup by TXT record can crash idmapd if the...
%patch013 -p1
# 1455923 - Static IP mapping does not allow to map groups with...
%patch014 -p1

rm -f configure.in

%build
./autogen.sh
%configure --disable-static --with-pluginpath=%{_root_libdir}/%name
make %{?_smp_mflags} all

%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot} \
libdir=%{_root_libdir} pkgconfigdir=%{_libdir}/pkgconfig

mkdir -p %{buildroot}%{_sysconfdir}
mkdir -p %{buildroot}%{_mandir}/man5

install -m 644 idmapd.conf %{buildroot}%{_sysconfdir}/idmapd.conf

# Delete unneeded libtool libs
rm -rf %{buildroot}%{_root_libdir}/*.{a,la}
rm -rf %{buildroot}%{_root_libdir}/%{name}/*.{a,la}

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
%doc AUTHORS ChangeLog NEWS README COPYING
%config(noreplace) %{_sysconfdir}/idmapd.conf
%{_root_libdir}/*.so.*
%{_root_libdir}/%{name}/*.so
%{_mandir}/*/*

%files devel
%defattr(0644,root,root,755)
%{_libdir}/pkgconfig/libnfsidmap.pc
%{_includedir}/nfsidmap.h
%{_root_libdir}/*.so

%changelog
* Fri Nov 17 2017 Steve Dickson <steved@redhat.com> 0.25-19
- Fixed patch for bz 1455923

* Wed Nov 15 2017 Steve Dickson <steved@redhat.com> 0.25-18
- Enlarge the TXT record to lager than 127 characters (bz 1498210)
- Allow white spaces in static IP mapping (bz 1455923)

* Fri Feb 17 2017 Steve Dickson <steved@redhat.com> 0.25-17
- Fixed stripping realm problem in nss_gss_princ routines (bz 1420352)

* Tue Jan 10 2017 Steve Dickson <steved@redhat.com> 0.25-16
- Add options to aid id mapping in multi domain environments (bz 1378557)
- Query DNS for the the NFSv4 domain (bz 980925)

* Wed Aug 17 2016 Steve Dickson <steved@redhat.com> 0.25-15
- nss_getpwnam: correctly check for negative values (bz 1271449)
- Fixed a memory leak in nss_name_to_gid() (bz 1271449)

* Thu Apr 7 2016 Steve Dickson <steved@redhat.com> 0.25-13
- Strip newlines out of IDMAP_LOG messages (bz 1261124)
- Fixed some NEGATIVE_RETURNS that a Covscan scan found (bz 1271449)

* Mon May 4 2015 Steve Dickson <steved@redhat.com> 0.25-12
- Handle NULL names better (bz 1214882)

* Tue Oct 21 2014 Steve Dickson <steved@redhat.com> 0.25-11
- Accept full qualified usernames a a user (bz 1114053)
- Removed a number of warnings (bz 1152658)

* Wed Sep 17 2014 Steve Dickson <steved@redhat.com> 0.25-10
- id_as_chars() fails zero value ids (bz 1093093)
- respect Nobody-User/Nobody-Group (bz 1129790)

* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.25-9
- Mass rebuild 2014-01-24

* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.25-8
- Mass rebuild 2013-12-27

* Mon Aug 19 2013 Ville Skyttä <ville.skytta@iki.fi> - 0.25-7
- Updated to latest rc release: libnfsidmap-0-26-rc3

* Fri Jul 26 2013 Ville Skyttä <ville.skytta@iki.fi> - 0.25-6
- Drop unnecessary doc dir references from specfile.
- Fix bogus dates in %%changelog.

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.25-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.25-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Tue Jun 19 2012 Steve Dickson <steved@redhat.com> 0.20-3
- Updated to latest rc release: libnfsidmap-0-26-rc1

* Mon Mar 19 2012 Steve Dickson <steved@redhat.com> 0.20-2
- Fixed Local-Realms debugging (bz 804152)

* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.25-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Dec 6 2011 Steve Dickson <steved@redhat.com> 0.20-0
- Updated to latest release: libnfsidmap-0.25

* Mon Nov 14 2011 Steve Dickson <steved@redhat.com> 0.24-7
- Updated to latest rc release: libnfsidmap-0-25-rc3 (bz 753930)

* Mon Mar 7 2011 Steve Dickson <steved@redhat.com> 0.24-6
- Updated to latest rc release: libnfsidmap-0-25-rc2

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.24-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Fri Jan 14 2011 Steve Dickson <steved@redhat.com> 0.24-4
- Updated to latest rc release: libnfsidmap-0-25-rc1

* Wed Dec 22 2010 Steve Dickson <steved@redhat.com> 0.24-3
- Used the newly added --with-pluginpath config flag to
redefine where the plugins live (bz 664641).

* Fri Dec 10 2010 Steve Dickson <steved@redhat.com> 0.24-2
- Removed the versions from the Provides: and Obsoletes: lines

* Wed Dec 8 2010 Steve Dickson <steved@redhat.com> 0.24-1
- Updated to latest upstream release: 0.24
- Obsoleted nfs-utils-lib

* Tue Dec 7 2010 Steve Dickson <steved@redhat.com> 0.23-3
- Maded corrections in spec per review comments.

* Fri Dec 3 2010 Steve Dickson <steved@redhat.com> 0.23-2
- Initial commit
Write Preview
Loading…
Cancel
Save