D48566.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D48566.diff
View Options

	diff --git a/sys/rpc/rpcsec_tls.h b/sys/rpc/rpcsec_tls.h
	--- a/sys/rpc/rpcsec_tls.h
	+++ b/sys/rpc/rpcsec_tls.h
	@@ -58,11 +58,9 @@
	enum clnt_stat rpctls_connect(CLIENT newclient, char certname,
	struct socket so, uint32_t reterr);
	enum clnt_stat rpctls_cl_handlerecord(void socookie, uint32_t reterr);
	-enum clnt_stat rpctls_srv_handlerecord(uint64_t sec, uint64_t usec,
	- uint64_t ssl, int procpos, uint32_t *reterr);
	+enum clnt_stat rpctls_srv_handlerecord(void socookie, uint32_t reterr);
	enum clnt_stat rpctls_cl_disconnect(void socookie, uint32_t reterr);
	-enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uint64_t usec,
	- uint64_t ssl, int procpos, uint32_t *reterr);
	+enum clnt_stat rpctls_srv_disconnect(void socookie, uint32_t reterr);

	/* Initialization function for rpcsec_tls. */
	int rpctls_init(void);
	diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c
	--- a/sys/rpc/rpcsec_tls/rpctls_impl.c
	+++ b/sys/rpc/rpcsec_tls/rpctls_impl.c
	@@ -99,10 +99,8 @@
	RB_GENERATE_STATIC(upsock_t, upsock, tree, upsock_compare);
	static struct mtx rpctls_lock;

	-static enum clnt_stat rpctls_server(SVCXPRT xprt, struct socket so,
	- uint32_t flags, uint64_t sslp,
	- uid_t uid, int ngrps, gid_t **gids,
	- int *procposp);
	+static enum clnt_stat rpctls_server(SVCXPRT xprt, uint32_t flags,
	+ uid_t uid, int ngrps, gid_t **gids);

	static CLIENT *
	rpctls_client_nl_create(const char *group, const rpcprog_t program,
	@@ -325,8 +323,7 @@
	}

	enum clnt_stat
	-rpctls_srv_handlerecord(uint64_t sec, uint64_t usec, uint64_t ssl, int procpos,
	- uint32_t *reterr)
	+rpctls_srv_handlerecord(void socookie, uint32_t reterr)
	{
	struct rpctlssd_handlerecord_arg arg;
	struct rpctlssd_handlerecord_res res;
	@@ -334,10 +331,8 @@
	CLIENT *cl = KRPC_VNET(rpctls_server_handle);

	/* Do the handlerecord upcall. */
	- arg.sec = sec;
	- arg.usec = usec;
	- arg.ssl = ssl;
	- stat = rpctlssd_handlerecord_1(&arg, &res, cl);
	+ arg.socookie = (uint64_t)socookie;
	+ stat = rpctlssd_handlerecord_2(&arg, &res, cl);
	if (stat == RPC_SUCCESS)
	*reterr = res.reterr;
	return (stat);
	@@ -361,8 +356,7 @@
	}

	enum clnt_stat
	-rpctls_srv_disconnect(uint64_t sec, uint64_t usec, uint64_t ssl, int procpos,
	- uint32_t *reterr)
	+rpctls_srv_disconnect(void socookie, uint32_t reterr)
	{
	struct rpctlssd_disconnect_arg arg;
	struct rpctlssd_disconnect_res res;
	@@ -370,10 +364,8 @@
	CLIENT *cl = KRPC_VNET(rpctls_server_handle);

	/* Do the disconnect upcall. */
	- arg.sec = sec;
	- arg.usec = usec;
	- arg.ssl = ssl;
	- stat = rpctlssd_disconnect_1(&arg, &res, cl);
	+ arg.socookie = (uint64_t)socookie;
	+ stat = rpctlssd_disconnect_2(&arg, &res, cl);
	if (stat == RPC_SUCCESS)
	*reterr = res.reterr;
	return (stat);
	@@ -381,12 +373,12 @@

	/* Do an upcall for a new server socket using TLS. */
	static enum clnt_stat
	-rpctls_server(SVCXPRT xprt, struct socket so, uint32_t flags, uint64_t sslp,
	- uid_t uid, int ngrps, gid_t *gids, int procposp)
	+rpctls_server(SVCXPRT xprt, uint32_t flags, uid_t uid, int ngrps,
	+ gid_t **gids)
	{
	enum clnt_stat stat;
	struct upsock ups = {
	- .so = so,
	+ .so = xprt->xp_socket,
	.xp = xprt,
	};
	CLIENT *cl = KRPC_VNET(rpctls_server_handle);
	@@ -402,16 +394,13 @@

	/* Do the server upcall. */
	res.gid.gid_val = NULL;
	- arg.socookie = (uint64_t)so;
	- stat = rpctlssd_connect_1(&arg, &res, cl);
	+ arg.socookie = (uint64_t)xprt->xp_socket;
	+ stat = rpctlssd_connect_2(&arg, &res, cl);
	if (stat == RPC_SUCCESS) {
	#ifdef INVARIANTS
	MPASS((RB_FIND(upsock_t, &upcall_sockets, &ups) == NULL));
	#endif
	*flags = res.flags;
	- *sslp++ = res.sec;
	- *sslp++ = res.usec;
	- *sslp = res.ssl;
	if ((*flags & (RPCTLS_FLAGS_CERTUSER \|
	RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) {
	*ngrps = res.gid.gid_len;
	@@ -436,7 +425,7 @@
	* daemon will close() the socket after SSL_accept()
	* returns an error.
	*/
	- soshutdown(so, SHUT_RD);
	+ soshutdown(xprt->xp_socket, SHUT_RD);
	} else {
	/*
	* The daemon has taken the socket from the tree, but
	@@ -463,8 +452,7 @@
	enum clnt_stat stat;
	SVCXPRT *xprt;
	uint32_t flags;
	- uint64_t ssl[3];
	- int ngrps, procpos;
	+ int ngrps;
	uid_t uid;
	gid_t *gidp;
	#ifdef KERN_TLS
	@@ -523,18 +511,13 @@
	}

	/* Do an upcall to do the TLS handshake. */
	- stat = rpctls_server(xprt, xprt->xp_socket, &flags,
	- ssl, &uid, &ngrps, &gidp, &procpos);
	+ stat = rpctls_server(xprt, &flags, &uid, &ngrps, &gidp);

	/* Re-enable reception on the socket within the krpc. */
	sx_xlock(&xprt->xp_lock);
	xprt->xp_dontrcv = FALSE;
	if (stat == RPC_SUCCESS) {
	xprt->xp_tls = flags;
	- xprt->xp_sslsec = ssl[0];
	- xprt->xp_sslusec = ssl[1];
	- xprt->xp_sslrefno = ssl[2];
	- xprt->xp_sslproc = procpos;
	if ((flags & (RPCTLS_FLAGS_CERTUSER \|
	RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) {
	xprt->xp_ngrps = ngrps;
	diff --git a/sys/rpc/rpcsec_tls/rpctlssd.x b/sys/rpc/rpcsec_tls/rpctlssd.x
	--- a/sys/rpc/rpcsec_tls/rpctlssd.x
	+++ b/sys/rpc/rpcsec_tls/rpctlssd.x
	@@ -33,17 +33,12 @@

	struct rpctlssd_connect_res {
	uint32_t flags;
	- uint64_t sec;
	- uint64_t usec;
	- uint64_t ssl;
	uint32_t uid;
	uint32_t gid<>;
	};

	struct rpctlssd_handlerecord_arg {
	- uint64_t sec;
	- uint64_t usec;
	- uint64_t ssl;
	+ uint64_t socookie;
	};

	struct rpctlssd_handlerecord_res {
	@@ -51,9 +46,7 @@
	};

	struct rpctlssd_disconnect_arg {
	- uint64_t sec;
	- uint64_t usec;
	- uint64_t ssl;
	+ uint64_t socookie;
	};

	struct rpctlssd_disconnect_res {
	@@ -72,5 +65,5 @@

	rpctlssd_disconnect_res
	RPCTLSSD_DISCONNECT(rpctlssd_disconnect_arg) = 3;
	- } = 1;
	+ } = 2;
	} = 0x40677375;
	diff --git a/sys/rpc/svc.h b/sys/rpc/svc.h
	--- a/sys/rpc/svc.h
	+++ b/sys/rpc/svc.h
	@@ -151,10 +151,6 @@
	uint32_t xp_snt_cnt; /* # of bytes sent to socket */
	bool_t xp_dontrcv; /* Do not receive on the socket */
	uint32_t xp_tls; /* RPC-over-TLS on socket */
	- uint64_t xp_sslsec; /* Userland SSL * */
	- uint64_t xp_sslusec;
	- uint64_t xp_sslrefno;
	- int xp_sslproc; /* Which upcall daemon being used */
	int xp_ngrps; /* Cred. from TLS cert. */
	uid_t xp_uid;
	gid_t *xp_gidp;
	diff --git a/sys/rpc/svc_vc.c b/sys/rpc/svc_vc.c
	--- a/sys/rpc/svc_vc.c
	+++ b/sys/rpc/svc_vc.c
	@@ -501,9 +501,7 @@
	* daemon having crashed or been
	* restarted, so just ignore returned stat.
	*/
	- rpctls_srv_disconnect(xprt->xp_sslsec,
	- xprt->xp_sslusec, xprt->xp_sslrefno,
	- xprt->xp_sslproc, &reterr);
	+ rpctls_srv_disconnect(xprt->xp_socket, &reterr);
	}
	/* Must sorele() to get rid of reference. */
	sorele(xprt->xp_socket);
	@@ -856,9 +854,7 @@
	/* Disable reception. */
	xprt->xp_dontrcv = TRUE;
	sx_xunlock(&xprt->xp_lock);
	- ret = rpctls_srv_handlerecord(xprt->xp_sslsec,
	- xprt->xp_sslusec, xprt->xp_sslrefno,
	- xprt->xp_sslproc, &reterr);
	+ ret = rpctls_srv_handlerecord(so, &reterr);
	KRPC_CURVNET_RESTORE();
	sx_xlock(&xprt->xp_lock);
	xprt->xp_dontrcv = FALSE;

File Metadata

Mime Type: text/plain
Expires: Thu, May 1, 1:09 PM (4 h, 49 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 17882031
Default Alt Text: D48566.diff (6 KB)

D48566.diffNo OneTemporaryActions

D48566.diffView Options

File Metadata

Event Timeline

D48566.diff
No OneTemporary
Actions

D48566.diff
View Options