Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 877507 Details for
Bug 1033708
Updating to nfs-utils-1.2.3-39.el6 causes rpcidmapd to be chkconfig deleted
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Use multiple keyrings for nfsidmap to work around keyring limits
0001-nfsidmap-use-multiple-child-keyrings.patch (text/plain), 6.42 KB, created by
bcodding
on 2014-03-21 21:23:28 UTC
(
hide
)
Description:
Use multiple keyrings for nfsidmap to work around keyring limits
Filename:
MIME Type:
Creator:
bcodding
Created:
2014-03-21 21:23:28 UTC
Size:
6.42 KB
patch
obsolete
>From 2dc29b220cc0e93bb9e77dd0fbe348097539c19c Mon Sep 17 00:00:00 2001 >From: Benjamin Coddington <bcodding@uvm.edu> >Date: Fri, 21 Mar 2014 17:08:12 -0400 >Subject: [PATCH] nfsidmap: use multiple child keyrings > >The kernel keyring has a max of ~508 entries on 64-bit systems. >For installations with more distict users than this limit, create >a specified number of child keyrings and fill them evenly. > >Also fix DEFAULT_KEYRING missing a leading '.' >--- > utils/nfsidmap/nfsidmap.c | 76 +++++++++++++++++++++++++++++++++++---------- > 1 files changed, 59 insertions(+), 17 deletions(-) > >diff --git a/utils/nfsidmap/nfsidmap.c b/utils/nfsidmap/nfsidmap.c >index 0313e93..43b2173 100644 >--- a/utils/nfsidmap/nfsidmap.c >+++ b/utils/nfsidmap/nfsidmap.c >@@ -15,7 +15,7 @@ > #include "conffile.h" > > int verbose = 0; >-char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; >+char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] [-n count] key desc]"; > > #define MAX_ID_LEN 11 > #define IDMAP_NAMESZ 128 >@@ -24,7 +24,7 @@ char *usage="Usage: %s [-v] [-c || [-u|-g|-r key] || [-t timeout] key desc]"; > > #define PROCKEYS "/proc/keys" > #ifndef DEFAULT_KEYRING >-#define DEFAULT_KEYRING "id_resolver" >+#define DEFAULT_KEYRING ".id_resolver" > #endif > > #ifndef PATH_IDMAPDCONF >@@ -39,7 +39,7 @@ static int keyring_clear(char *keyring); > /* > * Find either a user or group id based on the name@domain string > */ >-int id_lookup(char *name_at_domain, key_serial_t key, int type) >+int id_lookup(char *name_at_domain, key_serial_t key, int type, key_serial_t dest_keyring) > { > char id[MAX_ID_LEN]; > uid_t uid = 0; >@@ -58,7 +58,7 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type) > (type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid")); > > if (rc == 0) { >- rc = keyctl_instantiate(key, id, strlen(id) + 1, 0); >+ rc = keyctl_instantiate(key, id, strlen(id) + 1, dest_keyring); > if (rc < 0) { > switch(rc) { > case -EDQUOT: >@@ -67,9 +67,9 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type) > /* > * The keyring is full. Clear the keyring and try again > */ >- rc = keyring_clear(DEFAULT_KEYRING); >+ rc = keyctl_clear(dest_keyring); > if (rc == 0) >- rc = keyctl_instantiate(key, id, strlen(id) + 1, 0); >+ rc = keyctl_instantiate(key, id, strlen(id) + 1, dest_keyring); > break; > default: > break; >@@ -85,7 +85,7 @@ int id_lookup(char *name_at_domain, key_serial_t key, int type) > /* > * Find the name@domain string from either a user or group id > */ >-int name_lookup(char *id, key_serial_t key, int type) >+int name_lookup(char *id, key_serial_t key, int type, key_serial_t dest_keyring) > { > char name[IDMAP_NAMESZ]; > char domain[NFS4_MAX_DOMAIN_LEN]; >@@ -112,7 +112,7 @@ int name_lookup(char *id, key_serial_t key, int type) > (type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name")); > > if (rc == 0) { >- rc = keyctl_instantiate(key, &name, strlen(name), 0); >+ rc = keyctl_instantiate(key, &name, strlen(name), dest_keyring); > if (rc < 0) > xlog_err("name_lookup: keyctl_instantiate failed: %m"); > } >@@ -126,7 +126,7 @@ static int keyring_clear(char *keyring) > { > FILE *fp; > char buf[BUFSIZ]; >- key_serial_t key; >+ key_serial_t key, child_key; > > if (keyring == NULL) > keyring = DEFAULT_KEYRING; >@@ -150,6 +150,7 @@ static int keyring_clear(char *keyring) > */ > *(strchr(buf, ' ')) = '\0'; > sscanf(buf, "%x", &key); >+ > if (keyctl_clear(key) < 0) { > xlog_err("keyctl_clear(0x%x) failed: %m", key); > fclose(fp); >@@ -158,7 +159,8 @@ static int keyring_clear(char *keyring) > fclose(fp); > return 0; > } >- xlog_err("'%s' keyring was not found.", keyring); >+ if (strstr(keyring, DEFAULT_KEYRING":")) >+ xlog_err("'%s' keyring was not found.", keyring); > fclose(fp); > return 1; > } >@@ -231,8 +233,10 @@ int main(int argc, char **argv) > char *type; > int rc = 1, opt; > int timeout = 600; >- key_serial_t key; >+ int childrings = 0; >+ key_serial_t key, parent_keyring, dest_keyring; > char *progname, *keystr = NULL; >+ char child_name[BUFSIZ]; > int clearing = 0, keymask = 0; > > /* Set the basename */ >@@ -243,7 +247,7 @@ int main(int argc, char **argv) > > xlog_open(progname); > >- while ((opt = getopt(argc, argv, "u:g:r:ct:v")) != -1) { >+ while ((opt = getopt(argc, argv, "u:g:r:ct:vn:d:")) != -1) { > switch (opt) { > case 'u': > keymask = UIDKEYS; >@@ -266,6 +270,9 @@ int main(int argc, char **argv) > case 't': > timeout = atoi(optarg); > break; >+ case 'n': >+ childrings = atoi(optarg); >+ break; > default: > xlog_warn(usage, progname); > break; >@@ -283,9 +290,16 @@ int main(int argc, char **argv) > rc = key_revoke(keystr, keymask); > return rc; > } >+ > if (clearing) { > xlog_syslog(0); >- rc = keyring_clear(DEFAULT_KEYRING); >+ int i = 1; >+ for(rc = 0; rc == 0; i++) { >+ snprintf(child_name, sizeof(child_name), DEFAULT_KEYRING "_child_%d", i); >+ rc = keyring_clear(child_name); >+ } >+ >+ rc = keyring_clear(DEFAULT_KEYRING ":"); > return rc; > } > >@@ -314,14 +328,42 @@ int main(int argc, char **argv) > key, type, value, timeout); > } > >+ if (childrings) { >+ int i; >+ long child_size, smallest_size = 2032; >+ parent_keyring = request_key("keyring", DEFAULT_KEYRING, NULL, KEY_SPEC_THREAD_KEYRING); >+ >+ for (i = 1; i <= childrings; i++) { >+ key_serial_t child_keyring; >+ >+ snprintf(child_name, sizeof(child_name), DEFAULT_KEYRING "_child_%d", i); >+ >+ child_keyring = keyctl_search(parent_keyring, "keyring", child_name, 0); >+ if (child_keyring < 0) { >+ child_keyring = add_key("keyring", child_name, NULL, 0, parent_keyring); >+ xlog_warn("added new child %s: %m", child_name); >+ } >+ >+ child_size = keyctl_read(child_keyring, NULL, 0); >+ if (child_size < smallest_size) { >+ dest_keyring = child_keyring; >+ smallest_size = child_size; >+ } >+ } >+ } >+ > if (strcmp(type, "uid") == 0) >- rc = id_lookup(value, key, USER); >+ rc = id_lookup(value, key, USER, dest_keyring); > else if (strcmp(type, "gid") == 0) >- rc = id_lookup(value, key, GROUP); >+ rc = id_lookup(value, key, GROUP, dest_keyring); > else if (strcmp(type, "user") == 0) >- rc = name_lookup(value, key, USER); >+ rc = name_lookup(value, key, USER, dest_keyring); > else if (strcmp(type, "group") == 0) >- rc = name_lookup(value, key, GROUP); >+ rc = name_lookup(value, key, GROUP, dest_keyring); >+ >+ /* if we hung this off a child, unlink from the parent */ >+ if (dest_keyring) >+ keyctl_unlink(key, parent_keyring); > > /* Set timeout to 10 (600 seconds) minutes */ > if (rc == 0) >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=877507">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1033708
:
877507
|
878472
|
878473