Date: Sun, 8 Mar 2020 18:45:48 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358766 - projects/nfs-over-tls/sys/rpc/rpcsec_tls Message-ID: <202003081845.028Ijmxm024502@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Sun Mar 8 18:45:48 2020 New Revision: 358766 URL: https://svnweb.freebsd.org/changeset/base/358766 Log: Add support for the RPCTLS_FLAGS_xxx flags that indicate results of client certificates being replied into the kernel by the rpctlssd daemon. Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun Mar 8 18:37:04 2020 (r358765) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun Mar 8 18:45:48 2020 (r358766) @@ -93,6 +93,8 @@ static struct opaque_auth rpctls_null_verf; static CLIENT *rpctls_connect_client(void); static CLIENT *rpctls_server_client(void); +static enum clnt_stat rpctls_server(struct socket *so, + uint32_t *flags); static void rpctls_init(void *dummy) @@ -425,11 +427,12 @@ printf("aft wakeup\n"); } /* Do an upcall for a new server socket using TLS. */ -enum clnt_stat -rpctls_server(struct socket *so) +static enum clnt_stat +rpctls_server(struct socket *so, uint32_t *flags) { enum clnt_stat stat; CLIENT *cl; + struct rpctlssd_connect_res res; static bool rpctls_server_busy = false; printf("In rpctls_server\n"); @@ -449,8 +452,10 @@ printf("server_client=%p\n", cl); printf("rpctls_conect so=%p\n", so); /* Do the server upcall. */ - stat = rpctlssd_connect_1(NULL, NULL, cl); -printf("aft server upcall=%d\n", stat); + stat = rpctlssd_connect_1(NULL, &res, cl); + if (stat == RPC_SUCCESS) + *flags = res.flags; +printf("aft server upcall stat=%d flags=0x%x\n", stat, res.flags); CLNT_RELEASE(cl); /* Once the upcall is done, the daemon is done with the fp and so. */ @@ -477,6 +482,7 @@ _svcauth_rpcsec_tls(struct svc_req *rqst, struct rpc_m bool_t call_stat; enum clnt_stat stat; SVCXPRT *xprt; + uint32_t flags; /* Initialize reply. */ rqst->rq_verf = rpctls_null_verf; @@ -523,19 +529,17 @@ printf("authtls: null reply=%d\n", call_stat); } /* Do an upcall to do the TLS handshake. */ - stat = rpctls_server(rqst->rq_xprt->xp_socket); + stat = rpctls_server(rqst->rq_xprt->xp_socket, &flags); /* Re-enable reception on the socket within the krpc. */ sx_xlock(&xprt->xp_lock); xprt->xp_dontrcv = FALSE; if (stat == RPC_SUCCESS) - xprt->xp_tls = TRUE; + xprt->xp_tls = flags; sx_xunlock(&xprt->xp_lock); xprt_active(xprt); /* Harmless if already active. */ printf("authtls: aft handshake stat=%d\n", stat); - if (stat != RPC_SUCCESS) - return (AUTH_REJECTEDCRED); return (RPCSEC_GSS_NODISPATCH); } Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x Sun Mar 8 18:37:04 2020 (r358765) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x Sun Mar 8 18:45:48 2020 (r358766) @@ -25,9 +25,9 @@ * SUCH DAMAGE. */ -/* Modified from gssd.x for the client side of RPC-over-TLS. */ - /* $FreeBSD$ */ + +/* Modified from gssd.x for the client side of RPC-over-TLS. */ program RPCTLSCD { version RPCTLSCDVERS { Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x Sun Mar 8 18:37:04 2020 (r358765) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x Sun Mar 8 18:45:48 2020 (r358766) @@ -25,14 +25,19 @@ * SUCH DAMAGE. */ +/* $FreeBSD$ */ + /* Modified from gssd.x for the server side of RPC-over-TLS. */ -/* $FreeBSD$ */ +struct rpctlssd_connect_res { + uint32_t flags; +}; program RPCTLSSD { version RPCTLSSDVERS { void RPCTLSSD_NULL(void) = 0; - void RPCTLSSD_CONNECT(void) = 1; + rpctlssd_connect_res + RPCTLSSD_CONNECT(void) = 1; } = 1; } = 0x40677375;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003081845.028Ijmxm024502>