commit 4db1bb1c462389848168a4b79723a6d2ae38f422 Author: Scott Mayhew Date: Wed Dec 21 14:43:24 2016 -0500 libnfsidmap: add options to aid id mapping in multi domain environments This commit adds two options for the nsswitch plugin: No-Strip and Reformat-Group. In multi-domain environments, some NFS servers will append the identity management domain to the owner and owner_group in lieu of a true NFSv4 domain. If No-Strip is set to a value other than "none", the nsswitch plugin will first pass the name to the getpwnam_r() / getgrnam_r() without stripping the domain off. If that mapping fails then the plugin will try again using the old method (comparing the domain in the string to the Domain value, stripping it if it matches, and passing the resulting short name to getpwnam_r() / getgrnam_r()). The Reformat-Group option is used to work around a quirk in Winbind whereby doing a group lookup in UPN format (e.g. staff@americas.example.com) will cause the group to be displayed prefixed with the full domain in uppercase (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios name format (e.g. AMERICAS\staff). Setting this option to true causes the name to be reformatted before passing it to getgrnam_r(). These options affect the behavior of of the name_to_uid, name_to_gid, uid_to_name, and gid_to_name functions, so they work with both the nfsidmap and rpc.idmapd programs. These options do not change the behavior of the princ_to_ids or gss_princ_to_grouplist functions. Both of those are used by rpc.svcgssd, which is deprecated in favor of gssproxy (which does not call either of those functions). Signed-off-by: Scott Mayhew Signed-off-by: Steve Dickson commit 8b1e78c0cd80f979caa651004a60f49004e73496 Author: Steve Dickson Date: Fri Sep 2 10:07:52 2016 -0400 libnfsidmap: Make sure __res_querydomain is resolvable Fail the build when __res_querydomain is not resolvable Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1372136 Signed-off-by: Steve Dickson commit 868ba66eb4f19e3a8562714ac972cc3ab6f64a3d Author: Steve Dickson Date: Thu Aug 18 13:17:49 2016 -0400 configure.ac: Ensure the resolver library is installed Signed-off-by: Steve Dickson commit 2acf3623dbb5b8adc0bc8d2c18592790b83e29ec Author: Steve Dickson Date: Thu Aug 11 17:17:37 2016 -0400 libnfsidmap: Query DNS for the the NFSv4 domain In domain_from_dns(), when at the hostname is a FQHN query the DNS server for the _nfsv4idmapdomain TXT record. If the record exists, use that as the NFSv4 domain. Note, this query will only happen if the domain name is not set in the /etc/idmapd.conf Signed-off-by: Steve Dickson commit c7edb02d52d048e9e82c0431a3256df3675668ac Author: Steve Dickson Date: Wed Aug 17 14:57:01 2016 -0400 Fixed a memory leak nss_name_to_gid() Signed-off-by: Steve Dickson commit bc494fc468d257eb7b89417d055de7f9764b77ec Author: Steve Dickson Date: Wed Aug 17 13:33:40 2016 -0400 nss_getpwnam: correctly check for negative values in unsigned ints. commit e22368f6 introduce a couple checks for negative buffer lengths. The variables are unsigned ints so UINT_MAX should be used. Signed-off-by: Steve Dickson commit e22368f6a6651e23d537f92ab5dec0ea37de8fa5 Author: Steve Dickson Date: Thu Apr 7 11:20:40 2016 -0400 nss.c: wrong check of return value Fixed some NEGATIVE_RETURNS that a Covscan scan found. Signed-off-by: Steve Dickson commit c0a29a62c942a853a7b31b352f6f6783dcee6dca Author: Malahal Naineni Date: Tue Feb 9 10:56:49 2016 -0500 onf_parse_line: Ignore whitespace at the beginning of option tags The following should work now: [General] Domain = local.domain.edu Signed-off-by: Malahal Naineni Signed-off-by: Steve Dickson commit 6fc893187db3fceb66129a3fd8437f663a5e33d0 Author: Jeff Layton Date: Tue Sep 8 11:59:25 2015 -0400 Strip newlines out of IDMAP_LOG messages When logging to syslog, they aren't needed (or desirable) and when logging to stderr the logging function generally adds it itself. Note that I did not change gums.c since it defaults to using printf() as a logging function. Signed-off-by: Jeff Layton Signed-off-by: Steve Dickson commit 82718594eb8e6afabc572cea2da1caab69e9a720 Author: Steve Dickson Date: Thu Apr 30 13:55:32 2015 -0400 Handle NULL names better Detect when an application passes in NULL names and fail gracefully instead of crashing hard. Signed-off-by: Steve Dickson commit f3b2a87693187e29979ab0256f10901a11519448 Author: Steve Dickson Date: Tue Nov 4 11:15:00 2014 -0500 build: Revert using a symbol version map Commit 045d2e46 cause a number of systems to be undefined during run time in rpc.idmapd. Having this type of version-ing is not necessary in this type of a library so the patch was reverted. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1159943 Signed-off-by: Steve Dickson commit d89667351622a1378c2266ee36de520c9863019b Author: Steve Dickson Date: Tue Oct 28 14:33:28 2014 -0400 nfsidmap.map: Add more global variables to the map. With the introduction of a symbol version map (commit 045d2e46d) all global variables need to be in the map for the plugins to load correctly Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1156484 Reported-by: Jeff Layton Signed-off-by: Steve Dickson commit 3d9fa674edce23a889532cd68ad9dd4decfcd533 Author: Steve Dickson Date: Thu Oct 9 17:19:13 2014 -0400 Removed some unused and set but not used warnings Signed-off-by: Steve Dickson commit 650385eb79808e1be7bb577253b84ee323c7b6e8 Author: Steve Dickson Date: Thu Oct 9 17:05:37 2014 -0400 Removed some differ in signedness warnings Signed-off-by: Steve Dickson commit 1f43f845c24638523cdd393c88aa046afc8b2d99 Author: Steve Dickson Date: Thu Oct 9 16:46:39 2014 -0400 Renamed configure.in -> configure.ac Signed-off-by: Steve Dickson commit 045d2e46dc25923671ace2e8a35fe3caa945e720 Author: Jan Engelhardt Date: Mon Oct 6 22:55:41 2014 +0200 build: use a symbol version map The symbol versions are used by the dynamic linker (and other things, like rpm) to ensure that a program does not run with an outdated library that still has the same SONAME. Signed-off-by: Jan Engelhardt Signed-off-by: Steve Dickson commit 4f6b2e67faec8a5a4c9c35617ecadc41519f34ef Author: Jan Engelhardt Date: Mon Oct 6 22:47:11 2014 +0200 build: kill autogenerated/empty files from the SCM Not using "foreign" mode caused two things: - INSTALL is always overwritten with a copy of the GNU boilerplate - existence of NEWS file is enforced Switch to foreign to fix both, and nuke the quite-empty NEWS file. Signed-off-by: Jan Engelhardt Signed-off-by: Steve Dickson commit f2e09548805e3ff316705222c265e5deed784e17 Author: Jan Engelhardt Date: Mon Oct 6 22:45:34 2014 +0200 build: use a separate tool directory and update .gitignore With m4/.gitignore, we ensure that the m4 directory exists in any git checkout such that aclocal/libtoolize won't complain about its absence during `autoreconf`. Signed-off-by: Jan Engelhardt Signed-off-by: Steve Dickson commit 67cc1e0eeffa80012ad6a44231fd9ed80f69ab4f Author: Jan Engelhardt Date: Mon Oct 6 22:43:09 2014 +0200 build: regenerate .pc file when .pc.in changed Signed-off-by: Jan Engelhardt Signed-off-by: Steve Dickson