From owner-svn-src-projects@freebsd.org Sun Jul 12 04:29:40 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B3477354C57 for ; Sun, 12 Jul 2020 04:29:40 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B4DMS3z8Bz42bv; Sun, 12 Jul 2020 04:29:40 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6B7341EAB1; Sun, 12 Jul 2020 04:29:40 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 06C4TeOf026165; Sun, 12 Jul 2020 04:29:40 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 06C4TeoN026164; Sun, 12 Jul 2020 04:29:40 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202007120429.06C4TeoN026164@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 12 Jul 2020 04:29:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r363119 - projects/nfs-over-tls/usr.sbin/rpctlssd X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/usr.sbin/rpctlssd X-SVN-Commit-Revision: 363119 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jul 2020 04:29:40 -0000 Author: rmacklem Date: Sun Jul 12 04:29:39 2020 New Revision: 363119 URL: https://svnweb.freebsd.org/changeset/base/363119 Log: Add code that does a shutdown() on all sockets during termination. I am not sure if this is required, since the sockets will be closed during exit(), but it seems safe to do to ensure that sockets no longer work in the kernel RPC. Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun Jul 12 04:26:19 2020 (r363118) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun Jul 12 04:29:39 2020 (r363119) @@ -518,9 +518,17 @@ rpctlssd_1_freeresult(SVCXPRT *transp, xdrproc_t xdr_r static void rpctlssd_terminate(int sig __unused) { + struct ssl_entry *slp; rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, ""); pidfile_remove(rpctls_pfh); + + /* + * Shut down all TCP connections, so that any compromised TLS + * connection is no longer usable. + */ + LIST_FOREACH(slp, &rpctls_ssllist, next) + shutdown(slp->s, SHUT_RD); exit(0); }