diff --git a/sys/rpc/rpcsec_tls.h b/sys/rpc/rpcsec_tls.h --- a/sys/rpc/rpcsec_tls.h +++ b/sys/rpc/rpcsec_tls.h @@ -58,11 +58,9 @@ enum clnt_stat rpctls_connect(CLIENT *newclient, char *certname, struct socket *so, uint32_t *reterr); enum clnt_stat rpctls_cl_handlerecord(void *socookie, uint32_t *reterr); -enum clnt_stat rpctls_srv_handlerecord(uint64_t sec, uint64_t usec, - uint64_t ssl, int procpos, uint32_t *reterr); +enum clnt_stat rpctls_srv_handlerecord(void *socookie, uint32_t *reterr); enum clnt_stat rpctls_cl_disconnect(void *socookie, uint32_t *reterr); -enum clnt_stat rpctls_srv_disconnect(uint64_t sec, uint64_t usec, - uint64_t ssl, int procpos, uint32_t *reterr); +enum clnt_stat rpctls_srv_disconnect(void *socookie, uint32_t *reterr); /* Initialization function for rpcsec_tls. */ int rpctls_init(void); diff --git a/sys/rpc/rpcsec_tls/rpctls_impl.c b/sys/rpc/rpcsec_tls/rpctls_impl.c --- a/sys/rpc/rpcsec_tls/rpctls_impl.c +++ b/sys/rpc/rpcsec_tls/rpctls_impl.c @@ -99,10 +99,8 @@ RB_GENERATE_STATIC(upsock_t, upsock, tree, upsock_compare); static struct mtx rpctls_lock; -static enum clnt_stat rpctls_server(SVCXPRT *xprt, struct socket *so, - uint32_t *flags, uint64_t *sslp, - uid_t *uid, int *ngrps, gid_t **gids, - int *procposp); +static enum clnt_stat rpctls_server(SVCXPRT *xprt, uint32_t *flags, + uid_t *uid, int *ngrps, gid_t **gids); static CLIENT * rpctls_client_nl_create(const char *group, const rpcprog_t program, @@ -325,8 +323,7 @@ } enum clnt_stat -rpctls_srv_handlerecord(uint64_t sec, uint64_t usec, uint64_t ssl, int procpos, - uint32_t *reterr) +rpctls_srv_handlerecord(void *socookie, uint32_t *reterr) { struct rpctlssd_handlerecord_arg arg; struct rpctlssd_handlerecord_res res; @@ -334,10 +331,8 @@ CLIENT *cl = KRPC_VNET(rpctls_server_handle); /* Do the handlerecord upcall. */ - arg.sec = sec; - arg.usec = usec; - arg.ssl = ssl; - stat = rpctlssd_handlerecord_1(&arg, &res, cl); + arg.socookie = (uint64_t)socookie; + stat = rpctlssd_handlerecord_2(&arg, &res, cl); if (stat == RPC_SUCCESS) *reterr = res.reterr; return (stat); @@ -361,8 +356,7 @@ } enum clnt_stat -rpctls_srv_disconnect(uint64_t sec, uint64_t usec, uint64_t ssl, int procpos, - uint32_t *reterr) +rpctls_srv_disconnect(void *socookie, uint32_t *reterr) { struct rpctlssd_disconnect_arg arg; struct rpctlssd_disconnect_res res; @@ -370,10 +364,8 @@ CLIENT *cl = KRPC_VNET(rpctls_server_handle); /* Do the disconnect upcall. */ - arg.sec = sec; - arg.usec = usec; - arg.ssl = ssl; - stat = rpctlssd_disconnect_1(&arg, &res, cl); + arg.socookie = (uint64_t)socookie; + stat = rpctlssd_disconnect_2(&arg, &res, cl); if (stat == RPC_SUCCESS) *reterr = res.reterr; return (stat); @@ -381,12 +373,12 @@ /* Do an upcall for a new server socket using TLS. */ static enum clnt_stat -rpctls_server(SVCXPRT *xprt, struct socket *so, uint32_t *flags, uint64_t *sslp, - uid_t *uid, int *ngrps, gid_t **gids, int *procposp) +rpctls_server(SVCXPRT *xprt, uint32_t *flags, uid_t *uid, int *ngrps, + gid_t **gids) { enum clnt_stat stat; struct upsock ups = { - .so = so, + .so = xprt->xp_socket, .xp = xprt, }; CLIENT *cl = KRPC_VNET(rpctls_server_handle); @@ -402,16 +394,13 @@ /* Do the server upcall. */ res.gid.gid_val = NULL; - arg.socookie = (uint64_t)so; - stat = rpctlssd_connect_1(&arg, &res, cl); + arg.socookie = (uint64_t)xprt->xp_socket; + stat = rpctlssd_connect_2(&arg, &res, cl); if (stat == RPC_SUCCESS) { #ifdef INVARIANTS MPASS((RB_FIND(upsock_t, &upcall_sockets, &ups) == NULL)); #endif *flags = res.flags; - *sslp++ = res.sec; - *sslp++ = res.usec; - *sslp = res.ssl; if ((*flags & (RPCTLS_FLAGS_CERTUSER | RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) { *ngrps = res.gid.gid_len; @@ -436,7 +425,7 @@ * daemon will close() the socket after SSL_accept() * returns an error. */ - soshutdown(so, SHUT_RD); + soshutdown(xprt->xp_socket, SHUT_RD); } else { /* * The daemon has taken the socket from the tree, but @@ -463,8 +452,7 @@ enum clnt_stat stat; SVCXPRT *xprt; uint32_t flags; - uint64_t ssl[3]; - int ngrps, procpos; + int ngrps; uid_t uid; gid_t *gidp; #ifdef KERN_TLS @@ -523,18 +511,13 @@ } /* Do an upcall to do the TLS handshake. */ - stat = rpctls_server(xprt, xprt->xp_socket, &flags, - ssl, &uid, &ngrps, &gidp, &procpos); + stat = rpctls_server(xprt, &flags, &uid, &ngrps, &gidp); /* Re-enable reception on the socket within the krpc. */ sx_xlock(&xprt->xp_lock); xprt->xp_dontrcv = FALSE; if (stat == RPC_SUCCESS) { xprt->xp_tls = flags; - xprt->xp_sslsec = ssl[0]; - xprt->xp_sslusec = ssl[1]; - xprt->xp_sslrefno = ssl[2]; - xprt->xp_sslproc = procpos; if ((flags & (RPCTLS_FLAGS_CERTUSER | RPCTLS_FLAGS_DISABLED)) == RPCTLS_FLAGS_CERTUSER) { xprt->xp_ngrps = ngrps; diff --git a/sys/rpc/rpcsec_tls/rpctlssd.x b/sys/rpc/rpcsec_tls/rpctlssd.x --- a/sys/rpc/rpcsec_tls/rpctlssd.x +++ b/sys/rpc/rpcsec_tls/rpctlssd.x @@ -33,17 +33,12 @@ struct rpctlssd_connect_res { uint32_t flags; - uint64_t sec; - uint64_t usec; - uint64_t ssl; uint32_t uid; uint32_t gid<>; }; struct rpctlssd_handlerecord_arg { - uint64_t sec; - uint64_t usec; - uint64_t ssl; + uint64_t socookie; }; struct rpctlssd_handlerecord_res { @@ -51,9 +46,7 @@ }; struct rpctlssd_disconnect_arg { - uint64_t sec; - uint64_t usec; - uint64_t ssl; + uint64_t socookie; }; struct rpctlssd_disconnect_res { @@ -72,5 +65,5 @@ rpctlssd_disconnect_res RPCTLSSD_DISCONNECT(rpctlssd_disconnect_arg) = 3; - } = 1; + } = 2; } = 0x40677375; diff --git a/sys/rpc/svc.h b/sys/rpc/svc.h --- a/sys/rpc/svc.h +++ b/sys/rpc/svc.h @@ -151,10 +151,6 @@ uint32_t xp_snt_cnt; /* # of bytes sent to socket */ bool_t xp_dontrcv; /* Do not receive on the socket */ uint32_t xp_tls; /* RPC-over-TLS on socket */ - uint64_t xp_sslsec; /* Userland SSL * */ - uint64_t xp_sslusec; - uint64_t xp_sslrefno; - int xp_sslproc; /* Which upcall daemon being used */ int xp_ngrps; /* Cred. from TLS cert. */ uid_t xp_uid; gid_t *xp_gidp; diff --git a/sys/rpc/svc_vc.c b/sys/rpc/svc_vc.c --- a/sys/rpc/svc_vc.c +++ b/sys/rpc/svc_vc.c @@ -501,9 +501,7 @@ * daemon having crashed or been * restarted, so just ignore returned stat. */ - rpctls_srv_disconnect(xprt->xp_sslsec, - xprt->xp_sslusec, xprt->xp_sslrefno, - xprt->xp_sslproc, &reterr); + rpctls_srv_disconnect(xprt->xp_socket, &reterr); } /* Must sorele() to get rid of reference. */ sorele(xprt->xp_socket); @@ -856,9 +854,7 @@ /* Disable reception. */ xprt->xp_dontrcv = TRUE; sx_xunlock(&xprt->xp_lock); - ret = rpctls_srv_handlerecord(xprt->xp_sslsec, - xprt->xp_sslusec, xprt->xp_sslrefno, - xprt->xp_sslproc, &reterr); + ret = rpctls_srv_handlerecord(so, &reterr); KRPC_CURVNET_RESTORE(); sx_xlock(&xprt->xp_lock); xprt->xp_dontrcv = FALSE;