HomeFreeBSD

Add the rpctlscd and rpctlssd daemons to usr.sbin.

Description

Add the rpctlscd and rpctlssd daemons to usr.sbin.

These daemons do the client side (rpctlscd) and server side (rpctlssd) of
the TLS handshake for the kernel RPC-over-TLS.
They really need a review by someone who actually understands the OpenSSL
API.
Currently rpctlscd has 478 bytes in the recieve socket queue when
SSL_connect() returns. SSL_read() knows how to skip over this, but for
kernel socket use, the code just currently does a recv() to get it
and throw it away.
How to do this properly needs to be figured out.

After the handshake, the code just currently does unencrypted RPCs
in the kernel. Encryption can't be done until the kernel TLS knows
how to do receive.

Also, they currently (mis)use the gssd_syscall(), since it was easier
for testing than adding a new syscall.
Adding a new syscall will be done before this project is ready for head.

Details

Provenance
rmacklemAuthored on
Parents
rS357156: Just enable NFS-over-TLS always for testing.
Branches
Unknown
Tags
Unknown