Date: Mon, 22 Jun 2020 23:48:41 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r362520 - in projects/nfs-over-tls: sys/rpc/rpcsec_tls usr.sbin/rpctlscd usr.sbin/rpctlssd Message-ID: <202006222348.05MNmf67034287@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Mon Jun 22 23:48:41 2020 New Revision: 362520 URL: https://svnweb.freebsd.org/changeset/base/362520 Log: Modify the rpctlssd and rpctlscd daemons to use the rpctls syscall instead of "cheating" and using the gssd syscall. Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Mon Jun 22 23:41:33 2020 (r362519) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Mon Jun 22 23:48:41 2020 (r362520) @@ -68,18 +68,10 @@ extern struct fileops badfileops; * Syscall hooks */ static struct syscall_helper_data rpctls_syscalls[] = { - SYSCALL_INIT_HELPER(gssd_syscall), + SYSCALL_INIT_HELPER(rpctls_syscall), SYSCALL_INIT_LAST }; -#ifdef notnow -struct rpctls_syscall_args { - char op_l_[PADL_(int)]; int op; char op_r_[PADR_(int)]; - char path_l_[PADL_(const char *)]; const char * path; char path_r_[PADR_(const char *)]; - char s_l_[PADL_(int)]; int s; char s_r_[PADR_(int)]; -}; -#endif - static CLIENT *rpctls_connect_handle; static struct mtx rpctls_connect_lock; static struct socket *rpctls_connect_so = NULL; @@ -115,55 +107,50 @@ rpctls_init(void) } int -sys_gssd_syscall(struct thread *td, struct gssd_syscall_args *uap) +sys_rpctls_syscall(struct thread *td, struct rpctls_syscall_args *uap) { struct sockaddr_un sun; struct netconfig *nconf; struct file *fp; struct socket *so; - char path[MAXPATHLEN], *pathp; + char path[MAXPATHLEN]; int fd = -1, error, retry_count = 5; CLIENT *cl, *oldcl; - bool ssd; #ifdef KERN_TLS u_int maxlen; #endif -printf("in gssd syscall\n"); +printf("in rpctls syscall\n"); error = priv_check(td, PRIV_NFS_DAEMON); printf("aft priv_check=%d\n", error); if (error != 0) return (error); -#ifdef notyet switch (uap->op) { - case RPCTLS_SYSC_SETPATH: -#else + case RPCTLS_SYSC_CLSETPATH: error = copyinstr(uap->path, path, sizeof(path), NULL); printf("setting err=%d path=%s\n", error, path); - if (error != 0) - return (error); - if (path[0] == 'S') { - ssd = true; - pathp = &path[1]; - } else { - ssd = false; - pathp = &path[0]; - } - if (pathp[0] == '/' || pathp[0] == '\0') { + if (error == 0) { + error = ENXIO; +#ifdef KERN_TLS + if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs && + rpctls_getinfo(&maxlen)) + error = 0; #endif - if (ssd) { - if (error == 0 && strlen(pathp) + 1 > sizeof(sun.sun_path)) + } + if (error == 0 && (strlen(path) + 1 > sizeof(sun.sun_path) || + strlen(path) == 0)) error = EINVAL; - if (error == 0 && pathp[0] != '\0') { + cl = NULL; + if (error == 0) { sun.sun_family = AF_LOCAL; - strlcpy(sun.sun_path, pathp, sizeof(sun.sun_path)); + strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); sun.sun_len = SUN_LEN(&sun); nconf = getnetconfigent("local"); cl = clnt_reconnect_create(nconf, - (struct sockaddr *)&sun, RPCTLSSD, RPCTLSSDVERS, + (struct sockaddr *)&sun, RPCTLSCD, RPCTLSCDVERS, RPC_MAXDATASIZE, RPC_MAXDATASIZE); printf("got cl=%p\n", cl); /* @@ -174,31 +161,45 @@ printf("got cl=%p\n", cl); */ if (cl != NULL) CLNT_CONTROL(cl, CLSET_RETRIES, &retry_count); - } else - cl = NULL; + else + error = EINVAL; + } - mtx_lock(&rpctls_server_lock); - oldcl = rpctls_server_handle; - rpctls_server_handle = cl; - mtx_unlock(&rpctls_server_lock); + mtx_lock(&rpctls_connect_lock); + oldcl = rpctls_connect_handle; + rpctls_connect_handle = cl; + mtx_unlock(&rpctls_connect_lock); printf("cl=%p oldcl=%p\n", cl, oldcl); if (oldcl != NULL) { CLNT_CLOSE(oldcl); CLNT_RELEASE(oldcl); } - } else { - if (error == 0 && strlen(pathp) + 1 > sizeof(sun.sun_path)) + break; + case RPCTLS_SYSC_SRVSETPATH: + error = copyinstr(uap->path, path, sizeof(path), NULL); +printf("setting err=%d path=%s\n", error, path); + if (error == 0) { + error = ENXIO; +#ifdef KERN_TLS + if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs && + rpctls_getinfo(&maxlen)) + error = 0; +#endif + } + if (error == 0 && (strlen(path) + 1 > sizeof(sun.sun_path) || + strlen(path) == 0)) error = EINVAL; - if (error == 0 && pathp[0] != '\0') { + cl = NULL; + if (error == 0) { sun.sun_family = AF_LOCAL; - strlcpy(sun.sun_path, pathp, sizeof(sun.sun_path)); + strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); sun.sun_len = SUN_LEN(&sun); nconf = getnetconfigent("local"); cl = clnt_reconnect_create(nconf, - (struct sockaddr *)&sun, RPCTLSCD, RPCTLSCDVERS, + (struct sockaddr *)&sun, RPCTLSSD, RPCTLSSDVERS, RPC_MAXDATASIZE, RPC_MAXDATASIZE); printf("got cl=%p\n", cl); /* @@ -209,30 +210,48 @@ printf("got cl=%p\n", cl); */ if (cl != NULL) CLNT_CONTROL(cl, CLSET_RETRIES, &retry_count); - } else - cl = NULL; + else + error = EINVAL; + } + mtx_lock(&rpctls_server_lock); + oldcl = rpctls_server_handle; + rpctls_server_handle = cl; + mtx_unlock(&rpctls_server_lock); + +printf("srvcl=%p oldcl=%p\n", cl, oldcl); + if (oldcl != NULL) { + CLNT_CLOSE(oldcl); + CLNT_RELEASE(oldcl); + } + break; + case RPCTLS_SYSC_CLSHUTDOWN: mtx_lock(&rpctls_connect_lock); oldcl = rpctls_connect_handle; - rpctls_connect_handle = cl; + rpctls_connect_handle = NULL; mtx_unlock(&rpctls_connect_lock); -printf("cl=%p oldcl=%p\n", cl, oldcl); +printf("clshutd oldcl=%p\n", oldcl); if (oldcl != NULL) { CLNT_CLOSE(oldcl); CLNT_RELEASE(oldcl); } - } - } else if (path[0] == 'C') { + break; + case RPCTLS_SYSC_SRVSHUTDOWN: + mtx_lock(&rpctls_server_lock); + oldcl = rpctls_server_handle; + rpctls_server_handle = NULL; + mtx_unlock(&rpctls_server_lock); + +printf("srvshutd oldcl=%p\n", oldcl); + if (oldcl != NULL) { + CLNT_CLOSE(oldcl); + CLNT_RELEASE(oldcl); + } + break; + case RPCTLS_SYSC_CLSOCKET: printf("In connect\n"); - error = EINVAL; -#ifdef KERN_TLS - if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs && - rpctls_getinfo(&maxlen)) - error = 0; -#endif - if (error == 0) - error = falloc(td, &fp, &fd, 0); + error = falloc(td, &fp, &fd, 0); if (error == 0) { printf("falloc=%d fd=%d\n", error, fd); mtx_lock(&rpctls_connect_lock); @@ -244,18 +263,12 @@ printf("falloc=%d fd=%d\n", error, fd); td->td_retval[0] = fd; } printf("returning=%d\n", fd); - } else if (path[0] == 'E') { + break; + case RPCTLS_SYSC_SRVSOCKET: printf("In srvconnect\n"); - error = EINVAL; -#ifdef KERN_TLS - if (PMAP_HAS_DMAP != 0 && mb_use_ext_pgs && - rpctls_getinfo(&maxlen)) - error = 0; -#endif - if (error == 0) - error = falloc(td, &fp, &fd, 0); + error = falloc(td, &fp, &fd, 0); if (error == 0) { -printf("srv falloc=%d fd=%d\n", error, fd); +printf("falloc=%d fd=%d\n", error, fd); mtx_lock(&rpctls_server_lock); so = rpctls_server_so; rpctls_server_so = NULL; @@ -265,17 +278,9 @@ printf("srv falloc=%d fd=%d\n", error, fd); td->td_retval[0] = fd; } printf("srv returning=%d\n", fd); - } else if (path[0] == 'F') { -printf("In EOserver\n"); - fd = strtol(&path[1], NULL, 10); -printf("srv fd=%d\n", fd); - if (fd >= 0) { - error = kern_close(td, fd); -printf("srv aft kern_close=%d\n", error); - } else { - printf("rpctlss fd negative\n"); - error = EINVAL; - } + break; + default: + error = EINVAL; } return (error); @@ -602,7 +607,7 @@ printf("authtls proc=%d\n", rqst->rq_proc); if (rqst->rq_proc != NULLPROC) return (AUTH_REJECTEDCRED); - if (PMAP_HAS_DMAP == 0) + if (PMAP_HAS_DMAP == 0 || !mb_use_ext_pgs) return (AUTH_REJECTEDCRED); #ifndef KERN_TLS Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Mon Jun 22 23:41:33 2020 (r362519) +++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Mon Jun 22 23:48:41 2020 (r362520) @@ -114,7 +114,6 @@ static int rpctls_loadcrlfile(SSL_CTX *ctx); static void rpctls_huphandler(int sig __unused); extern void rpctlscd_1(struct svc_req *rqstp, SVCXPRT *transp); -extern int gssd_syscall(const char *path); int main(int argc, char **argv) @@ -273,9 +272,9 @@ main(int argc, char **argv) err(1, "Can't register service for local rpctlscd socket"); } - gssd_syscall(_PATH_RPCTLSCDSOCK); + rpctls_syscall(RPCTLS_SYSC_CLSETPATH, _PATH_RPCTLSCDSOCK); svc_run(); - gssd_syscall(""); + rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); SSL_CTX_free(rpctls_ctx); EVP_cleanup(); @@ -318,7 +317,7 @@ rpctlscd_connect_1_svc(void *argp, rpctlscd_verbose_out("rpctlsd_connect: started\n"); /* Get the socket fd from the kernel. */ - s = gssd_syscall("C"); + s = rpctls_syscall(RPCTLS_SYSC_CLSOCKET, ""); rpctlscd_verbose_out("rpctlsd_connect s=%d\n", s); if (s < 0) { result->reterr = RPCTLSERR_NOSOCKET; @@ -457,7 +456,7 @@ static void rpctlscd_terminate(int sig __unused) { - gssd_syscall(""); + rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); pidfile_remove(rpctls_pfh); exit(0); } Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Mon Jun 22 23:41:33 2020 (r362519) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Mon Jun 22 23:48:41 2020 (r362520) @@ -66,7 +66,6 @@ __FBSDID("$FreeBSD$"); #ifndef _PATH_RPCTLSSDSOCK #define _PATH_RPCTLSSDSOCK "/var/run/rpctlssd.sock" -#define _PATH_RPCTLSSDS "S/var/run/rpctlssd.sock" #endif #ifndef _PATH_CERTANDKEY #define _PATH_CERTANDKEY "/etc/rpctlssd/" @@ -127,7 +126,6 @@ static char *rpctls_getdnsname(char *dnsname); static void rpctls_huphandler(int sig __unused); extern void rpctlssd_1(struct svc_req *rqstp, SVCXPRT *transp); -extern int gssd_syscall(const char *path); int main(int argc, char **argv) @@ -324,9 +322,9 @@ fprintf(stderr, "dnsname=%s\n", rpctls_dnsname); rpctls_gothup = false; LIST_INIT(&rpctls_ssllist); - gssd_syscall(_PATH_RPCTLSSDS); + rpctls_syscall(RPCTLS_SYSC_SRVSETPATH, _PATH_RPCTLSSDSOCK); svc_run(); - gssd_syscall("S"); + rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, ""); SSL_CTX_free(rpctls_ctx); EVP_cleanup(); @@ -370,7 +368,7 @@ rpctlssd_connect_1_svc(void *argp, rpctlssd_verbose_out("rpctlsd_connect_svc: started\n"); memset(result, 0, sizeof(*result)); /* Get the socket fd from the kernel. */ - s = gssd_syscall("E"); + s = rpctls_syscall(RPCTLS_SYSC_SRVSOCKET, ""); rpctlssd_verbose_out("rpctlsd_connect_svc s=%d\n", s); if (s < 0) return (FALSE); @@ -521,7 +519,7 @@ static void rpctlssd_terminate(int sig __unused) { - gssd_syscall("S"); + rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, ""); pidfile_remove(rpctls_pfh); exit(0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006222348.05MNmf67034287>