From nobody Sat Feb 01 09:02:07 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YlRbN4rZjz5mb4T; Sat, 01 Feb 2025 09:02:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YlRbM6k31z41Hv; Sat, 01 Feb 2025 09:02:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400527; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PH6OO6gOXv6gYm5v0n9cIeySIYPmEzPj7QKCTQWwrg8=; b=Lp2o4CesSvB3IQYDQo7VJeRzMhv91v33crBrW426WiWZPceshF7/xoDj5Rl9T7XbiuOTMm iy1U9rsNPr3gRxlwg+BFktUd2cOp1KXR92NHGeAm+65qfqNAYOJk8En3DUlrrEt4eqL7NK qSJktIB3A8sc0fnELYfvKqx2X7fp465nW60N6ooY0hBp4Ws5VAsm9r8DVjzZQ7JbycJrsL jtlltP1W8FhThmtqUjkqy6FeuVN3LrlnAXsEHlcQyRIbCrjofYPxRX1RoCdIA4B3iPuSQF z2PERJYfJG9wTBX5/BB2vjKGx2eA3NUebXiJ1NChfRIUFcC5/SG6ceD0FVmcDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400527; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PH6OO6gOXv6gYm5v0n9cIeySIYPmEzPj7QKCTQWwrg8=; b=ne0KVKG70OZ4s12vPwRcITPma5sIDFThHfREZiSSH8orkSkvv8xi0z01WB5VMp+8nkPBhl 5xWukaQx1Mme83E2KFnW6hMz68yfbKNlL1mjbydulpMziGMOnZ/tP7iIdmGDsMym9VcItb aSJxRB02SGNVheVqZyYYy4iTg51dxLv/QsO4XzU31beZ3eBLt1kvMFYEeBX89fSlgF1MCy QwT/uu3JFmHKuNxbhojjv+Wi5LqfR4+45ANQXbsZG34VlUy3t+MQxCwjER97KegjarDZht /qLutprs1TTrhPjHlvpyRj3vurq31DecU/AjS5UqFd3Z1eBT34bb9XU+yZgGKQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738400527; a=rsa-sha256; cv=none; b=gpfNsSJF0sCt5+TM7hl6M6FEPCAL77mJd6CyJDRsv+zMKHXwgSNCF2VUWTGld2uPF5hhnB CpmRmoHqx3wp8VKWxvwzO3xJCnR1WExkk8Fzv/P78/DoM4kl7O21/TzoS9Fic8/KEWwqQn 1aQOTcRZMlfo/gJv228kSUc7tpy289VZVUXBWMRjcAkZXI6nIpQ0v1RMzQGyFDy6cI/cN5 gpuoGbkVFza20g+pQ1lUQTFq7PvmkB1VyCsbskWPPkgqhFbGf5Ixpr+/1Y7hih8TVOQV9B n9JzQCvarh2KXPutEp2erxZNLOBAcwSvdFW8Rm7mUS+3j7aQ8Pit+qnsU0SfWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YlRbM6671zxHn; Sat, 01 Feb 2025 09:02:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 511927IT047895; Sat, 1 Feb 2025 09:02:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 511927Ig047892; Sat, 1 Feb 2025 09:02:07 GMT (envelope-from git) Date: Sat, 1 Feb 2025 09:02:07 GMT Message-Id: <202502010902.511927Ig047892@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 033b4c1bff10 - main - kgssapi: use netlink RPC client to talk to gssd(8) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 033b4c1bff10925c286537e48cd2858a08cf6e70 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=033b4c1bff10925c286537e48cd2858a08cf6e70 commit 033b4c1bff10925c286537e48cd2858a08cf6e70 Author: Gleb Smirnoff AuthorDate: 2025-02-01 01:02:08 +0000 Commit: Gleb Smirnoff CommitDate: 2025-02-01 09:00:25 +0000 kgssapi: use netlink RPC client to talk to gssd(8) Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D48552 --- sys/kgssapi/gss_impl.c | 104 +++++++++++++------------------------------------ 1 file changed, 26 insertions(+), 78 deletions(-) diff --git a/sys/kgssapi/gss_impl.c b/sys/kgssapi/gss_impl.c index 98edd62d3247..e2569bea61f9 100644 --- a/sys/kgssapi/gss_impl.c +++ b/sys/kgssapi/gss_impl.c @@ -37,9 +37,6 @@ #include #include #include -#include -#include -#include #include #include @@ -52,14 +49,6 @@ MALLOC_DEFINE(M_GSSAPI, "GSS-API", "GSS-API"); -/* - * Syscall hooks - */ -static struct syscall_helper_data gssd_syscalls[] = { - SYSCALL_INIT_HELPER(gssd_syscall), - SYSCALL_INIT_LAST -}; - struct kgss_mech_list kgss_mechs; struct mtx kgss_gssd_lock; @@ -68,87 +57,46 @@ KGSS_VNET_DEFINE(CLIENT *, kgss_gssd_handle) = NULL; static int kgss_load(void) { - int error; + CLIENT *cl; LIST_INIT(&kgss_mechs); - error = syscall_helper_register(gssd_syscalls, SY_THR_STATIC_KLD); - if (error != 0) - return (error); - return (0); -} -static void -kgss_unload(void) -{ + cl = client_nl_create("kgss", GSSD, GSSDVERS); + KASSERT(cl, ("%s: netlink client already exist", __func__)); - syscall_helper_unregister(gssd_syscalls); -} + /* + * The transport default is no retries at all, since there could + * be no userland listener to our messages. We will retry for 5 + * minutes with 10 second interval. This will potentially cure hosts + * with misconfigured startup, where kernel starts sending GSS queries + * before userland had started up the gssd(8) daemon. + */ + clnt_control(cl, CLSET_RETRIES, &(int){30}); + clnt_control(cl, CLSET_TIMEOUT, &(struct timeval){.tv_sec = 300}); -int -sys_gssd_syscall(struct thread *td, struct gssd_syscall_args *uap) -{ - struct sockaddr_un sun; - struct netconfig *nconf; - char path[MAXPATHLEN]; - int error; - CLIENT *cl, *oldcl; - - error = priv_check(td, PRIV_NFS_DAEMON); - if (error) - return (error); - - error = copyinstr(uap->path, path, sizeof(path), NULL); - if (error) - return (error); - if (strlen(path) + 1 > sizeof(sun.sun_path)) - return (EINVAL); - - if (path[0] != '\0') { - sun.sun_family = AF_LOCAL; - strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); - sun.sun_len = SUN_LEN(&sun); - - nconf = getnetconfigent("local"); - cl = clnt_reconnect_create(nconf, - (struct sockaddr *) &sun, GSSD, GSSDVERS, - RPC_MAXDATASIZE, RPC_MAXDATASIZE); - /* - * The number of retries defaults to INT_MAX, which effectively - * means an infinite, uninterruptable loop. Limiting it to - * five retries keeps it from running forever. - */ - if (cl != NULL) { - int retry_count = 5; - struct timeval timo; - CLNT_CONTROL(cl, CLSET_RETRIES, &retry_count); - - /* - * Set the timeout for an upcall to 5 minutes. The - * default of 25 seconds is not long enough for some - * gss_XXX() calls done by the gssd(8) daemon. - */ - timo.tv_sec = 5 * 60; - timo.tv_usec = 0; - CLNT_CONTROL(cl, CLSET_TIMEOUT, &timo); - } - } else - cl = NULL; + /* + * We literally wait on gssd(8), let's see that in top(1). + */ + clnt_control(cl, CLSET_WAITCHAN, "gssd"); KGSS_CURVNET_SET_QUIET(KGSS_TD_TO_VNET(curthread)); mtx_lock(&kgss_gssd_lock); - oldcl = KGSS_VNET(kgss_gssd_handle); KGSS_VNET(kgss_gssd_handle) = cl; mtx_unlock(&kgss_gssd_lock); KGSS_CURVNET_RESTORE(); - if (oldcl != NULL) { - CLNT_CLOSE(oldcl); - CLNT_RELEASE(oldcl); - } - return (0); } +static void +kgss_unload(void) +{ + + KGSS_CURVNET_SET_QUIET(KGSS_TD_TO_VNET(curthread)); + clnt_destroy(KGSS_VNET(kgss_gssd_handle)); + KGSS_CURVNET_RESTORE(); +} + int kgss_oid_equal(const gss_OID oid1, const gss_OID oid2) { @@ -361,7 +309,7 @@ static moduledata_t kgssapi_mod = { kgssapi_modevent, NULL, }; -DECLARE_MODULE(kgssapi, kgssapi_mod, SI_SUB_VFS, SI_ORDER_ANY); +DECLARE_MODULE(kgssapi, kgssapi_mod, SI_SUB_VFS, SI_ORDER_SECOND); MODULE_DEPEND(kgssapi, xdr, 1, 1, 1); MODULE_DEPEND(kgssapi, krpc, 1, 1, 1); MODULE_VERSION(kgssapi, 1);