packages/gssproxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!41 Retry writing to /proc/net/rpc/use-gss-proxy

Browse Source 
From: @yixiangzhike 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2025-05-14 06:00:45 +00:00 committed by Gitee
commit 58c01fe232
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 247 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
backport-Do-not-close-fd-if-it-was-never-set.patch Normal file
View File

@ -0,0 +1,47 @@
From 9d013b1bcc6277842824b25241e8652a865a2944 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 18 Oct 2023 15:55:13 -0400
Subject: [PATCH] Do not close fd if it was never set
Fixes Coverity 403648: Argument cannot be negative
Signed-off-by: Simo Sorce <simo@redhat.com>
---
src/gp_init.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/gp_init.c b/src/gp_init.c
index 8d72c3e..5e7074f 100644
--- a/src/gp_init.c
+++ b/src/gp_init.c
@@ -379,12 +379,14 @@ int init_event_fini(struct gssproxy_ctx *gpctx)
static int try_init_proc_nfsd(void)
{
char buf[] = "1";
- int fd, ret;
static bool poked = false;
static bool warned_once = false;
+ int fd = 1;
+ int ret;
- if (poked)
+ if (poked) {
return 0;
+ }
fd = open(LINUX_PROC_USE_GSS_PROXY_FILE, O_RDWR);
if (fd == -1) {
@@ -411,7 +413,9 @@ static int try_init_proc_nfsd(void)
ret = 0;
out:
- close(fd);
+ if (fd != -1) {
+ close(fd);
+ }
return ret;
}
--
2.43.0

194
backport-gssproxy-retry-writing-to-proc-net-rpc-use-gss-proxy.patch Normal file
View File

@ -0,0 +1,194 @@
From fb8737b2c48d67a63a66abfa090e92f21765a94f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
Date: Wed, 18 Oct 2023 16:25:06 +0200
Subject: [PATCH] [gssproxy] retry writing to /proc/net/rpc/use-gss-proxy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This improves the handling of cases where the auth_rpcgss module has not yet
been loaded when gssproxy is started.
Signed-off-by: David Härdeman <david@hardeman.nu>
---
src/gp_init.c | 102 +++++++++++++++++++++++++++++++++++++------------
src/gp_proxy.h | 4 +-
src/gssproxy.c | 2 +-
3 files changed, 82 insertions(+), 26 deletions(-)
diff --git a/src/gp_init.c b/src/gp_init.c
index 1cc7e28..8d72c3e 100644
--- a/src/gp_init.c
+++ b/src/gp_init.c
@@ -277,7 +277,7 @@ static void hup_handler(verto_ctx *vctx UNUSED, verto_ev *ev)
}
/* conditionally reload kernel interface */
- init_proc_nfsd(gpctx->config);
+ init_proc_nfsd(gpctx);
free_config(&old_config);
@@ -376,31 +376,26 @@ int init_event_fini(struct gssproxy_ctx *gpctx)
return 0;
}
-void init_proc_nfsd(struct gp_config *cfg)
+static int try_init_proc_nfsd(void)
{
char buf[] = "1";
- bool enabled = false;
int fd, ret;
- static int poked = 0;
+ static bool poked = false;
+ static bool warned_once = false;
- /* check first if any service enabled kernel support */
- for (int i = 0; i < cfg->num_svcs; i++) {
- if (cfg->svcs[i]->kernel_nfsd) {
- enabled = true;
- break;
- }
- }
-
- if (!enabled || poked) {
- return;
- }
+ if (poked)
+ return 0;
fd = open(LINUX_PROC_USE_GSS_PROXY_FILE, O_RDWR);
if (fd == -1) {
ret = errno;
- GPDEBUG("Kernel doesn't support GSS-Proxy (can't open %s: %d (%s))\n",
- LINUX_PROC_USE_GSS_PROXY_FILE, ret, gp_strerror(ret));
- goto fail;
+ if (!warned_once) {
+ GPDEBUG("Kernel doesn't support GSS-Proxy "
+ "(can't open %s: %d (%s))\n",
+ LINUX_PROC_USE_GSS_PROXY_FILE, ret, gp_strerror(ret));
+ warned_once = true;
+ }
+ goto out;
}
ret = write(fd, buf, 1);
@@ -408,15 +403,74 @@ void init_proc_nfsd(struct gp_config *cfg)
ret = errno;
GPDEBUG("Failed to write to %s: %d (%s)\n",
LINUX_PROC_USE_GSS_PROXY_FILE, ret, gp_strerror(ret));
- close(fd);
- goto fail;
+ goto out;
}
- poked = 1;
+ GPDEBUG("Kernel GSS-Proxy support enabled\n");
+ poked = true;
+ ret = 0;
+
+out:
close(fd);
- return;
-fail:
- GPDEBUG("Problem with kernel communication! NFS server will not work\n");
+ return ret;
+}
+
+static void delayed_proc_nfsd(verto_ctx *vctx UNUSED, verto_ev *ev)
+{
+ struct gssproxy_ctx *gpctx;
+ int ret;
+
+ gpctx = verto_get_private(ev);
+
+ ret = try_init_proc_nfsd();
+ if (ret == 0) {
+ verto_del(gpctx->retry_proc_ev);
+ gpctx->retry_proc_ev = NULL;
+ }
+}
+
+int init_proc_nfsd(struct gssproxy_ctx *gpctx)
+{
+ bool enabled = false;
+ int ret;
+
+ /* check first if any service enabled kernel support */
+ for (int i = 0; i < gpctx->config->num_svcs; i++) {
+ if (gpctx->config->svcs[i]->kernel_nfsd) {
+ enabled = true;
+ break;
+ }
+ }
+
+ if (!enabled) {
+ goto out;
+ }
+
+ ret = try_init_proc_nfsd();
+ if (ret == 0) {
+ goto out;
+ }
+
+ /* failure, but the auth_rpcgss module might not be loaded yet */
+ if (!gpctx->retry_proc_ev) {
+ gpctx->retry_proc_ev = verto_add_timeout(gpctx->vctx,
+ VERTO_EV_FLAG_PERSIST,
+ delayed_proc_nfsd, 10 * 1000);
+ if (!gpctx->retry_proc_ev) {
+ fprintf(stderr, "Failed to register delayed_proc_nfsd event!\n");
+ } else {
+ verto_set_private(gpctx->retry_proc_ev, gpctx, NULL);
+ }
+ }
+
+ return 1;
+
+out:
+ if (gpctx->retry_proc_ev) {
+ verto_del(gpctx->retry_proc_ev);
+ gpctx->retry_proc_ev = NULL;
+ }
+ return 0;
}
void write_pid(void)
diff --git a/src/gp_proxy.h b/src/gp_proxy.h
index c8b55ef..4e0e9c3 100644
--- a/src/gp_proxy.h
+++ b/src/gp_proxy.h
@@ -84,6 +84,8 @@ struct gssproxy_ctx {
time_t term_timeout;
verto_ev *term_ev; /* termination ev in user mode */
+ verto_ev *retry_proc_ev; /* retry telling the kernel to use GSS-Proxy */
+
ssize_t readstats;
ssize_t writestats;
time_t last_activity;
@@ -120,7 +122,7 @@ void fini_server(void);
int init_sockets(struct gssproxy_ctx *gpctx, struct gp_config *old_config);
int init_userproxy_socket(struct gssproxy_ctx *gpctx);
void init_event_loop(struct gssproxy_ctx *gpctx);
-void init_proc_nfsd(struct gp_config *cfg);
+int init_proc_nfsd(struct gssproxy_ctx *gpctx);
int init_event_fini(struct gssproxy_ctx *gpctx);
void write_pid(void);
int drop_privs(struct gp_config *cfg);
diff --git a/src/gssproxy.c b/src/gssproxy.c
index e216ec5..3e5326c 100644
--- a/src/gssproxy.c
+++ b/src/gssproxy.c
@@ -168,7 +168,7 @@ int main(int argc, const char *argv[])
* as nfsd needs to know GSS-Proxy is in use before the first time it
* needs to call accept_sec_context. */
if (!gpctx->userproxymode) {
- init_proc_nfsd(gpctx->config);
+ init_proc_nfsd(gpctx);
}
/* Now it is safe to tell the init system that we're done starting up,
--
2.43.0

7
gssproxy.spec
View File

@ -4,7 +4,7 @@
Name: gssproxy
Version: 0.9.1
Release: 3
Release: 4
Summary: GSSAPI Proxy
License: MIT
URL: https://github.com/gssapi/gssproxy
@ -13,6 +13,8 @@ Source0: https://github.com/gssapi/%{name}/releases/download/v%{version}/%{name}
Patch1: backport-Typo-doc-fix.patch
Patch2: backport-More-typo-fixes-to-silence-Debian-lintian-typo-in-ma.patch
Patch3: backport-Remove-from-the-correct-list.patch
Patch4: backport-gssproxy-retry-writing-to-proc-net-rpc-use-gss-proxy.patch
Patch5: backport-Do-not-close-fd-if-it-was-never-set.patch
Requires: krb5 keyutils libverto-module-base libini_config
Requires(post): systemd
@ -92,6 +94,9 @@ mkdir -p %{buildroot}%{gpstatedir}/rcache
%{_mandir}/man8/gssproxy-mech.8*
%changelog
* Tue May 13 2025 yixiangzhike <yixiangzhike007@163.com> - 0.9.1-4
- backport upstream patch to retry writing to /proc/net/rpc/use-gss-proxy
* Wed Mar 27 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.1-3
- backport upstream patch to remove node from correct list