From nobody Sat Feb 01 09:02:08 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YlRbP2bGMz5mbVc; Sat, 01 Feb 2025 09:02:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YlRbP0Pnqz40hh; Sat, 01 Feb 2025 09:02:09 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400529; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y2osJw/K/ZyATxQA6Z4bc+2dk9tLpfeMGUv4sOFTTF8=; b=c4QQOm/hCmoDtKL/BBBOLPPi+f98fi9YB4cvVLO33ep7tUlvS08+DjLZLsb9uAp7T6TezZ kA4vx9kUe5TR4m0oWErzZdSibRmcJn93MAff4NLkZIHbDW/gMUgBb70rbL7Fd2w3HytThS GI0tb6mvtneL/jKTYHtQze0i+Dux8/4BlQAotFz1QXwrcXlAVEZvh/rl8zGQ0RM856dc7x jhxNPnCNUrBf+YDKMkeRhgRPll35sIlSnJcXc4/8QUjR05m5VxOISj85SjbkeH80uUxFXn Y64YAQ5nUUpLLIqW3jNnrKZ9ELZah3ZNdmxJp0JGcpMExl3cofJOQNxzAcAUYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400529; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Y2osJw/K/ZyATxQA6Z4bc+2dk9tLpfeMGUv4sOFTTF8=; b=Nfr+b0qvCJWPS0AxMiJXjvclSY131LQN1pSmjG1Q5dQawTsxCcBpoProL+a8b5vVbQUH2j Ftg+IuqkgIg3Qcp2HNRHMYpFRdCDXDriAih180E1xsx2aRiZJbRultVGhc5QBINbIJv1Te HepnVkhfCArOpwR1dTEmOFib+h/0PYC2mR+cCgQYnK0L6FFGcMB81A3sqbO7PDiGeBAaTW vWHztwmYPbdGhGqpQAz03x3LfnqFBoleK5/vqGVLlor6+WOidvc3CdQ16VerYooCZI/6kz W9icT8MXFNLj+i49zDZ78hQsyxWqvAjnmx7E3BNnBhR95RT4IEUzqUe0jjojXA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738400529; a=rsa-sha256; cv=none; b=DIpAiDUL59xw4HsXupkvwzlsF96WZzeESNoKTlkCQh0iJHtVjTA42GBSXlM0ik5xedD80d 0xnguDlcWc/BH0rETtIKTiRYc+B8TSSB8cwR9XH+x+kK2Rm4SZQTJ5L4LjI5BlFqK2M751 gpvMv84V2opuTMVCWUBAPBFCwMtcY7iuJKd5zp4P/9J5SbXXMYjxDWwaV04R3kvWyFxrJ8 wZVChpjpL2SKAPOwBiSQSW9n48F80zzpQDs6aAZHXTnJepJVmmrrf5WtN/rbddIMZepzY0 Z6N5ArUuvd/Op0xmZh0wMDDKw2uSLbTiX+w32iGCmSPEgHhhfw82mDby4Hb1Ng== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YlRbN71rGzxZ2; Sat, 01 Feb 2025 09:02:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51192805047927; Sat, 1 Feb 2025 09:02:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 511928uR047924; Sat, 1 Feb 2025 09:02:08 GMT (envelope-from git) Date: Sat, 1 Feb 2025 09:02:08 GMT Message-Id: <202502010902.511928uR047924@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: a8f61691e9e5 - main - gssd: use netlink(4) RPC service to talk to kernel GSS List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a8f61691e9e5a0bf1d67d6294ce61bd0eabc02bf Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=a8f61691e9e5a0bf1d67d6294ce61bd0eabc02bf commit a8f61691e9e5a0bf1d67d6294ce61bd0eabc02bf Author: Gleb Smirnoff AuthorDate: 2025-02-01 01:02:11 +0000 Commit: Gleb Smirnoff CommitDate: 2025-02-01 09:00:26 +0000 gssd: use netlink(4) RPC service to talk to kernel GSS Userland counterpart of the previous commit. Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D48553 --- usr.sbin/gssd/gssd.c | 69 ++++------------------------------------------------ 1 file changed, 5 insertions(+), 64 deletions(-) diff --git a/usr.sbin/gssd/gssd.c b/usr.sbin/gssd/gssd.c index 1d543719b11c..d1d5c2119ab5 100644 --- a/usr.sbin/gssd/gssd.c +++ b/usr.sbin/gssd/gssd.c @@ -61,9 +61,6 @@ #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" #endif -#ifndef _PATH_GSSDSOCK -#define _PATH_GSSDSOCK "/var/run/gssd.sock" -#endif #define GSSD_CREDENTIAL_CACHE_FILE "/tmp/krb5cc_gssd" struct gss_resource { @@ -103,18 +100,16 @@ static OM_uint32 gssd_get_user_cred(OM_uint32 *, uid_t, gss_cred_id_t *); void gssd_terminate(int); extern void gssd_1(struct svc_req *rqstp, SVCXPRT *transp); -extern int gssd_syscall(char *path); int main(int argc, char **argv) { /* - * We provide an RPC service on a local-domain socket. The - * kernel's GSS-API code will pass what it can't handle - * directly to us. + * We provide an RPC service on a Netlink socket. The kernel's GSS API + * code will multicast its calls, we will listen to them, receive them, + * process them and reply. */ - struct sockaddr_un sun; - int fd, oldmask, ch, debug, jailed; + int oldmask, ch, debug, jailed; SVCXPRT *xprt; size_t jailed_size; @@ -195,37 +190,7 @@ main(int argc, char **argv) signal(SIGTERM, gssd_terminate); signal(SIGPIPE, gssd_terminate); - memset(&sun, 0, sizeof sun); - sun.sun_family = AF_LOCAL; - unlink(_PATH_GSSDSOCK); - strcpy(sun.sun_path, _PATH_GSSDSOCK); - sun.sun_len = SUN_LEN(&sun); - fd = socket(AF_LOCAL, SOCK_STREAM, 0); - if (fd < 0) { - if (debug_level == 0) { - syslog(LOG_ERR, "Can't create local gssd socket"); - exit(1); - } - err(1, "Can't create local gssd socket"); - } - oldmask = umask(S_IXUSR|S_IRWXG|S_IRWXO); - if (bind(fd, (struct sockaddr *) &sun, sun.sun_len) < 0) { - if (debug_level == 0) { - syslog(LOG_ERR, "Can't bind local gssd socket"); - exit(1); - } - err(1, "Can't bind local gssd socket"); - } - umask(oldmask); - if (listen(fd, SOMAXCONN) < 0) { - if (debug_level == 0) { - syslog(LOG_ERR, "Can't listen on local gssd socket"); - exit(1); - } - err(1, "Can't listen on local gssd socket"); - } - xprt = svc_vc_create(fd, RPC_MAXDATASIZE, RPC_MAXDATASIZE); - if (!xprt) { + if ((xprt = svc_nl_create("kgss")) == NULL) { if (debug_level == 0) { syslog(LOG_ERR, "Can't create transport for local gssd socket"); @@ -245,30 +210,7 @@ main(int argc, char **argv) LIST_INIT(&gss_resources); gss_next_id = 1; gss_start_time = time(0); - - if (gssd_syscall(_PATH_GSSDSOCK) < 0) { - jailed = 0; - if (errno == EPERM) { - jailed_size = sizeof(jailed); - sysctlbyname("security.jail.jailed", &jailed, - &jailed_size, NULL, 0); - } - if (debug_level == 0) { - if (jailed != 0) - syslog(LOG_ERR, "Cannot start gssd." - " allow.nfsd must be configured"); - else - syslog(LOG_ERR, "Cannot start gssd"); - exit(1); - } - if (jailed != 0) - err(1, "Cannot start gssd." - " allow.nfsd must be configured"); - else - err(1, "Cannot start gssd"); - } svc_run(); - gssd_syscall(""); return (0); } @@ -1326,7 +1268,6 @@ void gssd_terminate(int sig __unused) if (hostbased_initiator_cred != 0) unlink(GSSD_CREDENTIAL_CACHE_FILE); #endif - gssd_syscall(""); exit(0); }