From nobody Sat Feb 01 09:02:18 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YlRbb3fHsz5mbDw; Sat, 01 Feb 2025 09:02:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YlRbb0rDwz41Kx; Sat, 01 Feb 2025 09:02:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xZmDb9TJi2sEjiW7O+KM/69Za9+yUXfrt5H3rbMW6Kw=; b=WRs7xlshKC81dGrxldHElisMMmWQPAqcirY/X4+hGL7v9GXK6tTCWtxTeB7fKKfl/jBvdw Ym0wlRN+dN7KZWck6Uxapfq431F+aeQlod6CFpizh8WzTl/WEnEoaUg1n7OHqmgoXjtoLW yAoHnArATqM1qWft3Oswg0v1VRmQJms63g7/vtPNsM2VVk08vTjC362I3liUQBud5BNilj MEIPkulvsiVY9TLeyKoADxTDMghxo0yR+YW2iQ3xFzunUsByAJz1zMdonAusWBZxaN7qoB t9pl6P3bh2HzoNDgMt0F844Y4Wnbcy5hvuydnqBm8qVHo/lSP3UXcNXU/Oh5yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400539; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xZmDb9TJi2sEjiW7O+KM/69Za9+yUXfrt5H3rbMW6Kw=; b=kmyPZHbS2GHyptU/fuh/QR/7NB2DVVxu77O3uA8uEhCueBHIUSc6PkC/n+Rkh3eV/Helb7 aDrqfScGowCn5axWLQ7QUHwrx9XsStcYYlcrAm3ulRzW2FpaDktLwoP4/KRo1r3OzbmIym O8x5BcGMXu5kxK0FTlTag0hrjxeivr85b7pzRQTRP3jzVS3udwZFWym9UOEfiOk/jCrsIW 7mcx84/+lMxJwDBqXKb8Onsne+cidBd8kPKQhIIdFmM92SAjn4m8F3ixETPBMY+WyUaF5a pTzdTJpVybjYgLFts7TOrJl/9k9viQQCR++Gko5BuVkNQV6QqQ10IHIxOfIlyw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738400539; a=rsa-sha256; cv=none; b=IIY13pmN2tWbNl3eZHZuxWVWuEHnQOzyEU/A22PSH2uWbFKOZsuPtxQ+f8ylcZME07Vu/C 6HbdFlMWOdBofF+hdrOH/m6vHVP2i3JG6gS+DncD6lSSkal+mj07ZV/Nj7/1romnoVipkI Z8TEphXlJRwJycxRALD6Cy70I8Zm4Q2r9Mt80k8yC8ZK14lGNL+XMKNTBnRGvaioJIfJIm JxX+CEfU+0zVgjksY8IwRRHRXowSbD8yD8hRkLRmoqOFlXwU67YbE6fZq1oU/nC2pAE8Ov YrWiGzjzt++3nmulRgzZlgLjjpiP+XcpMv5P7n+5O7Osba8yT8BDP3NhZKCh7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YlRbb0JQ3zxkF; Sat, 01 Feb 2025 09:02:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51192Iwf048218; Sat, 1 Feb 2025 09:02:18 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51192IA7048215; Sat, 1 Feb 2025 09:02:18 GMT (envelope-from git) Date: Sat, 1 Feb 2025 09:02:18 GMT Message-Id: <202502010902.51192IA7048215@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: d3d6c9b61532 - main - rpc.tlsservd: run netlink(4) service and use new API to get sockets List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d3d6c9b61532cfb9c95a924e89aa73f3b39c3348 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=d3d6c9b61532cfb9c95a924e89aa73f3b39c3348 commit d3d6c9b61532cfb9c95a924e89aa73f3b39c3348 Author: Gleb Smirnoff AuthorDate: 2025-02-01 01:02:44 +0000 Commit: Gleb Smirnoff CommitDate: 2025-02-01 09:00:27 +0000 rpc.tlsservd: run netlink(4) service and use new API to get sockets Userland counterpart of the previous commit. Note: this change intentionally ignores aspect of multiple workers of rpc.tlsservd(8). This also will be addressed in a future commit. Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D48562 --- usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 72 ++---------------------------------- 1 file changed, 4 insertions(+), 68 deletions(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index 00ea407551f5..2ca31e024d03 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -68,9 +68,6 @@ #include "rpctlssd.h" #include "rpc.tlscommon.h" -#ifndef _PATH_RPCTLSSDSOCK -#define _PATH_RPCTLSSDSOCK "/var/run/rpc.tlsservd.sock" -#endif #ifndef _PATH_CERTANDKEY #define _PATH_CERTANDKEY "/etc/rpc.tlsservd/" #endif @@ -105,7 +102,6 @@ static const char *rpctls_cnuseroid = "1.3.6.1.4.1.2238.1.1.1"; static const char *rpctls_ciphers = NULL; static int rpctls_mintls = TLS1_3_VERSION; static int rpctls_procs = 1; -static char *rpctls_sockname[RPCTLS_SRV_MAXNPROCS]; static pid_t rpctls_workers[RPCTLS_SRV_MAXNPROCS - 1]; static bool rpctls_im_a_worker = false; @@ -143,13 +139,7 @@ static struct option longopts[] = { int main(int argc, char **argv) { - /* - * We provide an RPC service on a local-domain socket. The - * kernel rpctls code will upcall to this daemon to do the initial - * TLS handshake. - */ - struct sockaddr_un sun; - int ch, fd, i, mypos, oldmask; + int ch, i; SVCXPRT *xprt; struct timeval tm; struct timezone tz; @@ -185,13 +175,6 @@ main(int argc, char **argv) rpctls_dnsname = hostname; } - /* Initialize socket names. */ - for (i = 0; i < RPCTLS_SRV_MAXNPROCS; i++) { - asprintf(&rpctls_sockname[i], "%s.%d", _PATH_RPCTLSSDSOCK, i); - if (rpctls_sockname[i] == NULL) - errx(1, "Cannot malloc socknames"); - } - rpctls_verbose = false; while ((ch = getopt_long(argc, argv, "2C:D:dhl:N:n:mp:r:uvWw", longopts, NULL)) != -1) { @@ -292,7 +275,6 @@ main(int argc, char **argv) for (i = 0; i < rpctls_procs - 1; i++) rpctls_workers[i] = -1; - mypos = 0; if (rpctls_debug_level == 0) { /* @@ -316,15 +298,12 @@ main(int argc, char **argv) pidfile_write(rpctls_pfh); - rpctls_syscall(RPCTLS_SYSC_SRVSTARTUP, ""); - if (rpctls_debug_level == 0) { /* Fork off the worker daemons. */ for (i = 0; i < rpctls_procs - 1; i++) { rpctls_workers[i] = fork(); if (rpctls_workers[i] == 0) { rpctls_im_a_worker = true; - mypos = i + 1; setproctitle("server"); break; } else if (rpctls_workers[i] < 0) { @@ -340,38 +319,7 @@ main(int argc, char **argv) sigaddset(&signew, SIGCHLD); sigprocmask(SIG_UNBLOCK, &signew, NULL); - memset(&sun, 0, sizeof sun); - sun.sun_family = AF_LOCAL; - unlink(rpctls_sockname[mypos]); - strcpy(sun.sun_path, rpctls_sockname[mypos]); - sun.sun_len = SUN_LEN(&sun); - fd = socket(AF_LOCAL, SOCK_STREAM, 0); - if (fd < 0) { - if (rpctls_debug_level == 0) { - syslog(LOG_ERR, "Can't create local rpctlssd socket"); - exit(1); - } - err(1, "Can't create local rpctlssd socket"); - } - oldmask = umask(S_IXUSR|S_IRWXG|S_IRWXO); - if (bind(fd, (struct sockaddr *)&sun, sun.sun_len) < 0) { - if (rpctls_debug_level == 0) { - syslog(LOG_ERR, "Can't bind local rpctlssd socket"); - exit(1); - } - err(1, "Can't bind local rpctlssd socket"); - } - umask(oldmask); - if (listen(fd, SOMAXCONN) < 0) { - if (rpctls_debug_level == 0) { - syslog(LOG_ERR, - "Can't listen on local rpctlssd socket"); - exit(1); - } - err(1, "Can't listen on local rpctlssd socket"); - } - xprt = svc_vc_create(fd, RPC_MAXDATASIZE, RPC_MAXDATASIZE); - if (!xprt) { + if ((xprt = svc_nl_create("tlsserv")) == NULL) { if (rpctls_debug_level == 0) { syslog(LOG_ERR, "Can't create transport for local rpctlssd socket"); @@ -399,17 +347,6 @@ main(int argc, char **argv) rpctls_gothup = false; LIST_INIT(&rpctls_ssllist); - if (rpctls_syscall(RPCTLS_SYSC_SRVSETPATH, rpctls_sockname[mypos]) < 0){ - if (rpctls_debug_level == 0) { - syslog(LOG_ERR, - "Can't set upcall socket path=%s errno=%d", - rpctls_sockname[mypos], errno); - exit(1); - } - err(1, "Can't set upcall socket path=%s", - rpctls_sockname[mypos]); - } - rpctls_svc_run(); SSL_CTX_free(rpctls_ctx); @@ -426,7 +363,7 @@ rpctlssd_null_1_svc(__unused void *argp, __unused void *result, } bool_t -rpctlssd_connect_1_svc(__unused void *argp, +rpctlssd_connect_1_svc(struct rpctlssd_connect_arg *argp, struct rpctlssd_connect_res *result, __unused struct svc_req *rqstp) { int ngrps, s; @@ -440,7 +377,7 @@ rpctlssd_connect_1_svc(__unused void *argp, rpctls_verbose_out("rpctlsd_connect_svc: started\n"); memset(result, 0, sizeof(*result)); /* Get the socket fd from the kernel. */ - s = rpctls_syscall(RPCTLS_SYSC_SRVSOCKET, ""); + s = rpctls_syscall(RPCTLS_SYSC_SRVSOCKET, (char *)argp->socookie); if (s < 0) return (FALSE); @@ -625,7 +562,6 @@ rpctls_cleanup_term(int sig) for (i = 0; i < cnt; i++) wait3(NULL, 0, NULL); - rpctls_syscall(RPCTLS_SYSC_SRVSHUTDOWN, ""); pidfile_remove(rpctls_pfh); exit(0);