From owner-svn-src-projects@freebsd.org  Tue May 19 01:32:16 2020
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7BC8B2F3C9C
 for <svn-src-projects@mailman.nyi.freebsd.org>;
 Tue, 19 May 2020 01:32:16 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49Qyzh2khjz4gHB;
 Tue, 19 May 2020 01:32:16 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3F0B02ACAE;
 Tue, 19 May 2020 01:32:16 +0000 (UTC)
 (envelope-from rmacklem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04J1WGZ0061897;
 Tue, 19 May 2020 01:32:16 GMT (envelope-from rmacklem@FreeBSD.org)
Received: (from rmacklem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04J1WFug061895;
 Tue, 19 May 2020 01:32:15 GMT (envelope-from rmacklem@FreeBSD.org)
Message-Id: <202005190132.04J1WFug061895@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to
 rmacklem@FreeBSD.org using -f
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Tue, 19 May 2020 01:32:15 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r361233 - in projects/nfs-over-tls/usr.sbin: rpctlscd
 rpctlssd
X-SVN-Group: projects
X-SVN-Commit-Author: rmacklem
X-SVN-Commit-Paths: in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd
X-SVN-Commit-Revision: 361233
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 01:32:16 -0000

Author: rmacklem
Date: Tue May 19 01:32:15 2020
New Revision: 361233
URL: https://svnweb.freebsd.org/changeset/base/361233

Log:
  Fix the daemons so that they do not terminate upon SIGPIPE.
  
  There are cases where the other end has closed the TCP connection and
  then, if the daemon does an SSL_shutdown(), it gets a SIGPIPE.
  Fix the daemons so they just ignore SIGPIPE.
  (The code inheritted termination upon SIGPIPE from the gssd, where the
   only socket is the one used for doing upcalls.)
  
  While here, I tweaked the handling of SSL_shutdown() so that the calls
  are done only if the value returned via SSL_get_shutdown() indicates
  that a call is needed.
  
  It turns out that NFSv3 over TCP is useful for testing the non-application
  data records, since the server side krpc shuts down a connection that is
  idle for 6minutes. This never happens normally for NFSv4, but does
  happen for NFSv3 if you just leave the mount idle for 6minutes.
  This generates close alert messages and then a new connection.

Modified:
  projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
  projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c

Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c	Tue May 19 01:06:31 2020	(r361232)
+++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c	Tue May 19 01:32:15 2020	(r361233)
@@ -220,7 +220,7 @@ main(int argc, char **argv)
 		signal(SIGHUP, SIG_IGN);
 	}
 	signal(SIGTERM, rpctlscd_terminate);
-	signal(SIGPIPE, rpctlscd_terminate);
+	signal(SIGPIPE, SIG_IGN);
 	signal(SIGHUP, rpctls_huphandler);
 
 	pidfile_write(rpctls_pfh);
@@ -385,7 +385,14 @@ rpctlscd_handlerecord_1_svc(struct rpctlscd_handlereco
 		 * handle the non-application data record before doing so.
 		 */
 		ret = SSL_read(slp->ssl, &junk, 0);
-		if (ret > 0) {
+		if (ret <= 0) {
+			/* Check to see if this was a close alert. */
+			ret = SSL_get_shutdown(slp->ssl);
+rpctlscd_verbose_out("get_shutdown2=%d\n", ret);
+			if ((ret & (SSL_SENT_SHUTDOWN |
+			    SSL_RECEIVED_SHUTDOWN)) == SSL_RECEIVED_SHUTDOWN)
+				SSL_shutdown(slp->ssl);
+		} else {
 			if (rpctls_debug_level == 0)
 				syslog(LOG_ERR, "SSL_read returned %d", ret);
 			else
@@ -417,12 +424,13 @@ rpctlscd_disconnect_1_svc(struct rpctlscd_disconnect_a
 		rpctlscd_verbose_out("rpctlscd_disconnect: fd=%d closed\n",
 		    slp->s);
 		LIST_REMOVE(slp, next);
-		SSL_shutdown(slp->ssl);
-		/* Check to see if the peer has sent a close alert. */
 		ret = SSL_get_shutdown(slp->ssl);
-rpctlscd_verbose_out("get_shutdown=%d\n", ret);
-		if ((ret & (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) ==
-		    SSL_SENT_SHUTDOWN)
+rpctlscd_verbose_out("get_shutdown0=%d\n", ret);
+		/*
+		 * Do an SSL_shutdown() unless a close alert has
+		 * already been sent.
+		 */
+		if ((ret & SSL_SENT_SHUTDOWN) == 0)
 			SSL_shutdown(slp->ssl);
 		SSL_free(slp->ssl);
 		/*

Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c	Tue May 19 01:06:31 2020	(r361232)
+++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c	Tue May 19 01:32:15 2020	(r361233)
@@ -260,7 +260,7 @@ fprintf(stderr, "dnsname=%s\n", rpctls_dnsname);
 		signal(SIGHUP, SIG_IGN);
 	}
 	signal(SIGTERM, rpctlssd_terminate);
-	signal(SIGPIPE, rpctlssd_terminate);
+	signal(SIGPIPE, SIG_IGN);
 	signal(SIGHUP, rpctls_huphandler);
 
 	pidfile_write(rpctls_pfh);
@@ -467,6 +467,7 @@ rpctlssd_disconnect_1_svc(struct rpctlssd_disconnect_a
     struct rpctlssd_disconnect_res *result, struct svc_req *rqstp)
 {
 	struct ssl_entry *slp;
+	int ret;
 
 	slp = NULL;
 	if (argp->sec == rpctls_ssl_sec && argp->usec ==
@@ -481,6 +482,14 @@ rpctlssd_disconnect_1_svc(struct rpctlssd_disconnect_a
 		rpctlssd_verbose_out("rpctlssd_disconnect fd=%d closed\n",
 		    slp->s);
 		LIST_REMOVE(slp, next);
+		ret = SSL_get_shutdown(slp->ssl);
+rpctlssd_verbose_out("get_shutdown1=%d\n", ret);
+		/*
+		 * Do an SSL_shutdown() unless a close alert has
+		 * already been sent.
+		 */
+		if ((ret & SSL_SENT_SHUTDOWN) == 0)
+			SSL_shutdown(slp->ssl);
 		SSL_free(slp->ssl);
 		/*
 		 * For RPC-over-TLS, this upcall is expected