svn commit: r362520 - in projects/nfs-over-tls: sys/rpc/rpcsec_tls usr.sbin/rpctlscd usr.sbin/rpctlssd
Rick Macklem
rmacklem at FreeBSD.org
Mon Jun 22 23:48:42 UTC 2020
Author: rmacklem
Date: Mon Jun 22 23:48:41 2020
New Revision: 362520
URL: https://svnweb.freebsd.org/changeset/base/362520
Log:
Modify the rpctlssd and rpctlscd daemons to use the rpctls syscall
instead of "cheating" and using the gssd syscall.
Modified:
projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c
projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c
==============================================================================
--- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Mon Jun 22 23:41:33 2020 (r362519)
+++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Mon Jun 22 23:48:41 2020 (r362520)
@@ -68,18 +68,10 @@ extern struct fileops badfileops;
* Syscall hooks
*/
static struct syscall_helper_data rpctls_syscalls[] = {
- SYSCALL_INIT_HELPER(gssd_syscall),
+ SYSCALL_INIT_HELPER(rpctls_syscall),
SYSCALL_INIT_LAST
};
-#ifdef notnow
-struct rpctls_syscall_args {
- char op_l_[PADL_(int)]; int op; char op_r_[PADR_(int)];
- char path_l_[PADL_(const char *)]; const char * path; char path_r_[PADR_(const char *)];
- char s_l_[PADL_(int)]; int s; char s_r_[PADR_(int)];
-};
-#endif
-
static CLIENT *rpctls_connect_handle;
static struct mtx rpctls_connect_lock;
static struct socket *rpctls_connect_so = NULL;
@@ -115,55 +107,50 @@ rpctls_init(void)
}
int
-sys_gssd_syscall(struct thread *td, struct gssd_syscall_args *uap)
+sys_rpctls_syscall(struct thread *td, struct rpctls_syscall_args *uap)
{
struct sockaddr_un sun;
struct netconfig *nconf;
struct file *fp;
struct socket *so;
- char path[MAXPATHLEN], *pathp;
+ char path[MAXPATHLEN];
int fd = -1, error, retry_count = 5;
CLIENT *cl, *oldcl;
- bool ssd;
#ifdef KERN_TLS
u_int maxlen;
#endif
-printf("in gssd syscall\n");
+printf("in rpctls syscall\n");
error = priv_check(td, PRIV_NFS_DAEMON);
printf("aft priv_check=%d\n", error);
if (error != 0)
return (error);
-#ifdef notyet
switch (uap->op) {
- case RPCTLS_SYSC_SETPATH:
-#else
+ case RPCTLS_SYSC_CLSETPATH:
error = copyinstr(uap->path, path, sizeof(path), NULL);
printf("setting err=%d path=%s\n", error, path);
- if (error != 0)
- return (error);
- if (path[0] == 'S') {
- ssd = true;
- pathp = &path[1];
- } else {
- ssd = false;
- pathp = &path[0];
- }
- if (pathp[0] == '/' || pathp[0] == '\0') {
+ if (error == 0) {
+ error = ENXIO;
+#ifdef KERN_TLS
+ if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs &&
+ rpctls_getinfo(&maxlen))
+ error = 0;
#endif
- if (ssd) {
- if (error == 0 && strlen(pathp) + 1 > sizeof(sun.sun_path))
+ }
+ if (error == 0 && (strlen(path) + 1 > sizeof(sun.sun_path) ||
+ strlen(path) == 0))
error = EINVAL;
- if (error == 0 && pathp[0] != '\0') {
+ cl = NULL;
+ if (error == 0) {
sun.sun_family = AF_LOCAL;
- strlcpy(sun.sun_path, pathp, sizeof(sun.sun_path));
+ strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
sun.sun_len = SUN_LEN(&sun);
nconf = getnetconfigent("local");
cl = clnt_reconnect_create(nconf,
- (struct sockaddr *)&sun, RPCTLSSD, RPCTLSSDVERS,
+ (struct sockaddr *)&sun, RPCTLSCD, RPCTLSCDVERS,
RPC_MAXDATASIZE, RPC_MAXDATASIZE);
printf("got cl=%p\n", cl);
/*
@@ -174,31 +161,45 @@ printf("got cl=%p\n", cl);
*/
if (cl != NULL)
CLNT_CONTROL(cl, CLSET_RETRIES, &retry_count);
- } else
- cl = NULL;
+ else
+ error = EINVAL;
+ }
- mtx_lock(&rpctls_server_lock);
- oldcl = rpctls_server_handle;
- rpctls_server_handle = cl;
- mtx_unlock(&rpctls_server_lock);
+ mtx_lock(&rpctls_connect_lock);
+ oldcl = rpctls_connect_handle;
+ rpctls_connect_handle = cl;
+ mtx_unlock(&rpctls_connect_lock);
printf("cl=%p oldcl=%p\n", cl, oldcl);
if (oldcl != NULL) {
CLNT_CLOSE(oldcl);
CLNT_RELEASE(oldcl);
}
- } else {
- if (error == 0 && strlen(pathp) + 1 > sizeof(sun.sun_path))
+ break;
+ case RPCTLS_SYSC_SRVSETPATH:
+ error = copyinstr(uap->path, path, sizeof(path), NULL);
+printf("setting err=%d path=%s\n", error, path);
+ if (error == 0) {
+ error = ENXIO;
+#ifdef KERN_TLS
+ if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs &&
+ rpctls_getinfo(&maxlen))
+ error = 0;
+#endif
+ }
+ if (error == 0 && (strlen(path) + 1 > sizeof(sun.sun_path) ||
+ strlen(path) == 0))
error = EINVAL;
- if (error == 0 && pathp[0] != '\0') {
+ cl = NULL;
+ if (error == 0) {
sun.sun_family = AF_LOCAL;
- strlcpy(sun.sun_path, pathp, sizeof(sun.sun_path));
+ strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
sun.sun_len = SUN_LEN(&sun);
nconf = getnetconfigent("local");
cl = clnt_reconnect_create(nconf,
- (struct sockaddr *)&sun, RPCTLSCD, RPCTLSCDVERS,
+ (struct sockaddr *)&sun, RPCTLSSD, RPCTLSSDVERS,
RPC_MAXDATASIZE, RPC_MAXDATASIZE);
printf("got cl=%p\n", cl);
/*
@@ -209,30 +210,48 @@ printf("got cl=%p\n", cl);
*/
if (cl != NULL)
CLNT_CONTROL(cl, CLSET_RETRIES, &retry_count);
- } else
- cl = NULL;
+ else
+ error = EINVAL;
+ }
+ mtx_lock(&rpctls_server_lock);
+ oldcl = rpctls_server_handle;
+ rpctls_server_handle = cl;
+ mtx_unlock(&rpctls_server_lock);
+
+printf("srvcl=%p oldcl=%p\n", cl, oldcl);
+ if (oldcl != NULL) {
+ CLNT_CLOSE(oldcl);
+ CLNT_RELEASE(oldcl);
+ }
+ break;
+ case RPCTLS_SYSC_CLSHUTDOWN:
mtx_lock(&rpctls_connect_lock);
oldcl = rpctls_connect_handle;
- rpctls_connect_handle = cl;
+ rpctls_connect_handle = NULL;
mtx_unlock(&rpctls_connect_lock);
-printf("cl=%p oldcl=%p\n", cl, oldcl);
+printf("clshutd oldcl=%p\n", oldcl);
if (oldcl != NULL) {
CLNT_CLOSE(oldcl);
CLNT_RELEASE(oldcl);
}
- }
- } else if (path[0] == 'C') {
+ break;
+ case RPCTLS_SYSC_SRVSHUTDOWN:
+ mtx_lock(&rpctls_server_lock);
+ oldcl = rpctls_server_handle;
+ rpctls_server_handle = NULL;
+ mtx_unlock(&rpctls_server_lock);
+
+printf("srvshutd oldcl=%p\n", oldcl);
+ if (oldcl != NULL) {
+ CLNT_CLOSE(oldcl);
+ CLNT_RELEASE(oldcl);
+ }
+ break;
+ case RPCTLS_SYSC_CLSOCKET:
printf("In connect\n");
- error = EINVAL;
-#ifdef KERN_TLS
- if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs &&
- rpctls_getinfo(&maxlen))
- error = 0;
-#endif
- if (error == 0)
- error = falloc(td, &fp, &fd, 0);
+ error = falloc(td, &fp, &fd, 0);
if (error == 0) {
printf("falloc=%d fd=%d\n", error, fd);
mtx_lock(&rpctls_connect_lock);
@@ -244,18 +263,12 @@ printf("falloc=%d fd=%d\n", error, fd);
td->td_retval[0] = fd;
}
printf("returning=%d\n", fd);
- } else if (path[0] == 'E') {
+ break;
+ case RPCTLS_SYSC_SRVSOCKET:
printf("In srvconnect\n");
- error = EINVAL;
-#ifdef KERN_TLS
- if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs &&
- rpctls_getinfo(&maxlen))
- error = 0;
-#endif
- if (error == 0)
- error = falloc(td, &fp, &fd, 0);
+ error = falloc(td, &fp, &fd, 0);
if (error == 0) {
-printf("srv falloc=%d fd=%d\n", error, fd);
+printf("falloc=%d fd=%d\n", error, fd);
mtx_lock(&rpctls_server_lock);
so = rpctls_server_so;
rpctls_server_so = NULL;
@@ -265,17 +278,9 @@ printf("srv falloc=%d fd=%d\n", error, fd);
td->td_retval[0] = fd;
}
printf("srv returning=%d\n", fd);
- } else if (path[0] == 'F') {
-printf("In EOserver\n");
- fd = strtol(&path[1], NULL, 10);
-printf("srv fd=%d\n", fd);
- if (fd >= 0) {
- error = kern_close(td, fd);
-printf("srv aft kern_close=%d\n", error);
- } else {
- printf("rpctlss fd negative\n");
- error = EINVAL;
- }
+ break;
+ default:
+ error = EINVAL;
}
return (error);
@@ -602,7 +607,7 @@ printf("authtls proc=%d\n", rqst->rq_proc);
if (rqst->rq_proc != NULLPROC)
return (AUTH_REJECTEDCRED);
- if (PMAP_HAS_DMAP == 0)
+ if (PMAP_HAS_DMAP == 0 || !mb_use_ext_pgs)
return (AUTH_REJECTEDCRED);
#ifndef KERN_TLS
Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Mon Jun 22 23:41:33 2020 (r362519)
+++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Mon Jun 22 23:48:41 2020 (r362520)
@@ -114,7 +114,6 @@ static int rpctls_loadcrlfile(SSL_CTX *ctx);
static void rpctls_huphandler(int sig __unused);
extern void rpctlscd_1(struct svc_req *rqstp, SVCXPRT *transp);
-extern int gssd_syscall(const char *path);
int
main(int argc, char **argv)
@@ -273,9 +272,9 @@ main(int argc, char **argv)
err(1, "Can't register service for local rpctlscd socket");
}
- gssd_syscall(_PATH_RPCTLSCDSOCK);
+ rpctls_syscall(RPCTLS_SYSC_CLSETPATH, _PATH_RPCTLSCDSOCK);
svc_run();
- gssd_syscall("");
+ rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, "");
SSL_CTX_free(rpctls_ctx);
EVP_cleanup();
@@ -318,7 +317,7 @@ rpctlscd_connect_1_svc(void *argp,
rpctlscd_verbose_out("rpctlsd_connect: started\n");
/* Get the socket fd from the kernel. */
- s = gssd_syscall("C");
+ s = rpctls_syscall(RPCTLS_SYSC_CLSOCKET, "");
rpctlscd_verbose_out("rpctlsd_connect s=%d\n", s);
if (s < 0) {
result->reterr = RPCTLSERR_NOSOCKET;
@@ -457,7 +456,7 @@ static void
rpctlscd_terminate(int sig __unused)
{
- gssd_syscall("");
+ rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, "");
pidfile_remove(rpctls_pfh);
exit(0);
}
Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Mon Jun 22 23:41:33 2020 (r362519)
+++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Mon Jun 22 23:48:41 2020 (r362520)
@@ -66,7 +66,6 @@ __FBSDID("$FreeBSD$");
#ifndef _PATH_RPCTLSSDSOCK
#define _PATH_RPCTLSSDSOCK "/var/run/rpctlssd.sock"
-#define _PATH_RPCTLSSDS "S/var/run/rpctlssd.sock"
#endif
#ifndef _PATH_CERTANDKEY
#define _PATH_CERTANDKEY "/etc/rpctlssd/"
@@ -127,7 +126,6 @@ static char *rpctls_getdnsname(char *dnsname);
static void rpctls_huphandler(int sig __unused);
extern void rpctlssd_1(struct svc_req *rqstp, SVCXPRT *transp);
-extern int gssd_syscall(const char *path);
int
main(int argc, char **argv)
@@ -324,9 +322,9 @@ fprintf(stderr, "dnsname=%s\n", rpctls_dnsname);
rpctls_gothup = false;
LIST_INIT(&rpctls_ssllist);
- gssd_syscall(_PATH_RPCTLSSDS);
+ rpctls_syscall(RPCTLS_SYSC_SRVSETPATH, _PATH_RPCTLSSDSOCK);
svc_run();
- gssd_syscall("S");
+ rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, "");
SSL_CTX_free(rpctls_ctx);
EVP_cleanup();
@@ -370,7 +368,7 @@ rpctlssd_connect_1_svc(void *argp,
rpctlssd_verbose_out("rpctlsd_connect_svc: started\n");
memset(result, 0, sizeof(*result));
/* Get the socket fd from the kernel. */
- s = gssd_syscall("E");
+ s = rpctls_syscall(RPCTLS_SYSC_SRVSOCKET, "");
rpctlssd_verbose_out("rpctlsd_connect_svc s=%d\n", s);
if (s < 0)
return (FALSE);
@@ -521,7 +519,7 @@ static void
rpctlssd_terminate(int sig __unused)
{
- gssd_syscall("S");
+ rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, "");
pidfile_remove(rpctls_pfh);
exit(0);
}
More information about the svn-src-projects
mailing list