From nobody Sat Feb 01 09:02:24 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YlRbj2Xv9z5mbZR; Sat, 01 Feb 2025 09:02:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YlRbh4zfMz41Nn; Sat, 01 Feb 2025 09:02:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400544; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s510lAdqhjv0V61CgpadPvYGElRP9+G+HyNjke3D5ws=; b=VEb1591rmqdDDWl2QdwBc9B3hWIvsi0qfAf3gPB3x0TsWfsXMmQQpkbj3uoL2IoQpO+n9B 7TTv+zDiGYGW7r8qLYjwPDpiUHAGadgKdG+EHeiV9/ZGjIFskziYEIBae7gYQNr9WurlHv Vah7EulNQyNpV5vQPIOeFk1yQ5bSbC6VtRcpIOQadFrDhDRzos2J0yK66DHLkPsHKPU9iL vRv2OR/O2NRCRst6nld4zSFGuZdJAaZest+p4m6Nud7zjndVtyceTk1jvsEtRugyPVNl5T 6QP30u8/T72DhmWKL/K/EFYI+2/XzUXRLhVzxKMwRqI3OGKQD39GM++PKsobVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1738400544; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s510lAdqhjv0V61CgpadPvYGElRP9+G+HyNjke3D5ws=; b=cIugpvEb7WihuRi5ePRfTUTyjuQ4jnOzsjzhCClBRPREfZaqsklzs/VFxOUmnNPumo7sHH ewhgeeyIIZUYPsWmP2dDrYByYA6LkSDwCZECXFxXYErH9k9CTe48pXdEqyC1YUfhQTRWJo hoHaHX4A9JZInxrMfsetasS8LMz8haP943Her+uefL5DhtqXws1SMNEzf1a6rxKEFCetEz fkVZ8Ziz86hURCnOGqy5TGkzR5h29tvvzgsVnwbfRrG4wmwzfeRS+Nw6/Zu30a5dIO4j47 xmWC7hY5b2RGMLUXH82kUTwHMM9OPqO2+Uydn9AjB4FvlGNiuYufYSn+sT3/ug== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738400544; a=rsa-sha256; cv=none; b=jX4NqvcHh1UdwR7cLWFT5J1O4I0odyiM/I9jtRC6XyOVIlQ7xxu+9hvcIiWRzlzbORcp5q 0ZZ+I1J9+Apm/O7JfFjgN0ryIXeZhBsXV/JLE9WOvY7T/YoP45zlKEc0t79hHuQXZmg/mk p/CvkTcq98jD4+LX7embZpQKiECjWA6BvotD18IWGCzIvjoiBAnmwNKftyYPGhGKmOkJed sqLDnyLJPyut4IhSC/IsyDNaTtMK8VF/rcjWTyFZHqn5dTF6Ud+OIp9QPDwe4VxyLUmenQ pu0W57f6naaP1Xlc9LfLa7yZXhV1fNCw37vG5bSsY96DII1oJVBVdEXaEDDXvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YlRbh4WRczxZ5; Sat, 01 Feb 2025 09:02:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51192OOl048383; Sat, 1 Feb 2025 09:02:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51192OFd048380; Sat, 1 Feb 2025 09:02:24 GMT (envelope-from git) Date: Sat, 1 Feb 2025 09:02:24 GMT Message-Id: <202502010902.51192OFd048380@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 4df8df92d487 - main - rpc.tlsservd: followup of API refactoring in the previous commit List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4df8df92d487dfbd9a8db2f84e6742bd5138f292 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=4df8df92d487dfbd9a8db2f84e6742bd5138f292 commit 4df8df92d487dfbd9a8db2f84e6742bd5138f292 Author: Gleb Smirnoff AuthorDate: 2025-02-01 01:03:07 +0000 Commit: Gleb Smirnoff CommitDate: 2025-02-01 09:00:27 +0000 rpc.tlsservd: followup of API refactoring in the previous commit Userland counterpart of the previous commit. Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D48567 --- usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 54 ++++++++++-------------------------- 1 file changed, 14 insertions(+), 40 deletions(-) diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index 2ca31e024d03..9e8ec3430286 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -93,9 +93,6 @@ static bool rpctls_do_mutual = false; static const char *rpctls_certdir = _PATH_CERTANDKEY; static bool rpctls_comparehost = false; static unsigned int rpctls_wildcard = X509_CHECK_FLAG_NO_WILDCARDS; -static uint64_t rpctls_ssl_refno = 0; -static uint64_t rpctls_ssl_sec = 0; -static uint64_t rpctls_ssl_usec = 0; static bool rpctls_cnuser = false; static char *rpctls_dnsname; static const char *rpctls_cnuseroid = "1.3.6.1.4.1.2238.1.1.1"; @@ -115,7 +112,7 @@ static int rpctls_cnname(X509 *cert, uint32_t *uidp, static char *rpctls_getdnsname(char *dnsname); static void rpctls_huphandler(int sig __unused); -extern void rpctlssd_1(struct svc_req *rqstp, SVCXPRT *transp); +extern void rpctlssd_2(struct svc_req *rqstp, SVCXPRT *transp); static struct option longopts[] = { { "allowtls1_2", no_argument, NULL, '2' }, @@ -141,8 +138,6 @@ main(int argc, char **argv) { int ch, i; SVCXPRT *xprt; - struct timeval tm; - struct timezone tz; char hostname[MAXHOSTNAMELEN + 2]; pid_t otherpid; bool tls_enable; @@ -163,11 +158,6 @@ main(int argc, char **argv) NULL, 0) != 0 || !tls_enable) errx(1, "Kernel TLS not enabled"); - /* Get the time when this daemon is started. */ - gettimeofday(&tm, &tz); - rpctls_ssl_sec = tm.tv_sec; - rpctls_ssl_usec = tm.tv_usec; - /* Set the dns name for the server. */ rpctls_dnsname = rpctls_getdnsname(hostname); if (rpctls_dnsname == NULL) { @@ -327,7 +317,7 @@ main(int argc, char **argv) } err(1, "Can't create transport for local rpctlssd socket"); } - if (!svc_reg(xprt, RPCTLSSD, RPCTLSSDVERS, rpctlssd_1, NULL)) { + if (!svc_reg(xprt, RPCTLSSD, RPCTLSSDVERS, rpctlssd_2, NULL)) { if (rpctls_debug_level == 0) { syslog(LOG_ERR, "Can't register service for local rpctlssd socket"); @@ -354,7 +344,7 @@ main(int argc, char **argv) } bool_t -rpctlssd_null_1_svc(__unused void *argp, __unused void *result, +rpctlssd_null_2_svc(__unused void *argp, __unused void *result, __unused struct svc_req *rqstp) { @@ -363,7 +353,7 @@ rpctlssd_null_1_svc(__unused void *argp, __unused void *result, } bool_t -rpctlssd_connect_1_svc(struct rpctlssd_connect_arg *argp, +rpctlssd_connect_2_svc(struct rpctlssd_connect_arg *argp, struct rpctlssd_connect_res *result, __unused struct svc_req *rqstp) { int ngrps, s; @@ -398,12 +388,6 @@ rpctlssd_connect_1_svc(struct rpctlssd_connect_arg *argp, rpctls_verbose_out("rpctlssd_connect_svc: " "succeeded flags=0x%x\n", flags); result->flags = flags; - result->sec = rpctls_ssl_sec; - result->usec = rpctls_ssl_usec; - result->ssl = ++rpctls_ssl_refno; - /* Hard to believe this could ever wrap around.. */ - if (rpctls_ssl_refno == 0) - result->ssl = ++rpctls_ssl_refno; if ((flags & RPCTLS_FLAGS_CERTUSER) != 0) { result->uid = uid; result->gid.gid_len = ngrps; @@ -420,28 +404,23 @@ rpctlssd_connect_1_svc(struct rpctlssd_connect_arg *argp, newslp->ssl = ssl; newslp->s = s; newslp->shutoff = false; - newslp->refno = rpctls_ssl_refno; + newslp->refno = argp->socookie; newslp->cert = cert; LIST_INSERT_HEAD(&rpctls_ssllist, newslp, next); return (TRUE); } bool_t -rpctlssd_handlerecord_1_svc(struct rpctlssd_handlerecord_arg *argp, +rpctlssd_handlerecord_2_svc(struct rpctlssd_handlerecord_arg *argp, struct rpctlssd_handlerecord_res *result, __unused struct svc_req *rqstp) { struct ssl_entry *slp; int ret; char junk; - slp = NULL; - if (argp->sec == rpctls_ssl_sec && argp->usec == - rpctls_ssl_usec) { - LIST_FOREACH(slp, &rpctls_ssllist, next) { - if (slp->refno == argp->ssl) - break; - } - } + LIST_FOREACH(slp, &rpctls_ssllist, next) + if (slp->refno == argp->socookie) + break; if (slp != NULL) { rpctls_verbose_out("rpctlssd_handlerecord fd=%d\n", @@ -470,20 +449,15 @@ rpctlssd_handlerecord_1_svc(struct rpctlssd_handlerecord_arg *argp, } bool_t -rpctlssd_disconnect_1_svc(struct rpctlssd_disconnect_arg *argp, +rpctlssd_disconnect_2_svc(struct rpctlssd_disconnect_arg *argp, struct rpctlssd_disconnect_res *result, __unused struct svc_req *rqstp) { struct ssl_entry *slp; int ret; - slp = NULL; - if (argp->sec == rpctls_ssl_sec && argp->usec == - rpctls_ssl_usec) { - LIST_FOREACH(slp, &rpctls_ssllist, next) { - if (slp->refno == argp->ssl) - break; - } - } + LIST_FOREACH(slp, &rpctls_ssllist, next) + if (slp->refno == argp->socookie) + break; if (slp != NULL) { rpctls_verbose_out("rpctlssd_disconnect fd=%d closed\n", @@ -516,7 +490,7 @@ rpctlssd_disconnect_1_svc(struct rpctlssd_disconnect_arg *argp, } int -rpctlssd_1_freeresult(__unused SVCXPRT *transp, xdrproc_t xdr_result, +rpctlssd_2_freeresult(__unused SVCXPRT *transp, xdrproc_t xdr_result, caddr_t result) { rpctlssd_connect_res *res;