From: Jeff Layton <jlayton@redhat.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 1/2] gssd: have process_krb5_upcall fork before handling upcall
Date: Thu, 3 Oct 2013 14:42:10 -0400 [thread overview]
Message-ID: <1380825731-3314-2-git-send-email-jlayton@redhat.com> (raw)
In-Reply-To: <1380825731-3314-1-git-send-email-jlayton@redhat.com>
In order to handle KEYRING: caches, we need to be able to switch the
real UID of the process to the designated one, but that opens the door
to allowing gssd to be killed or reniced during the window where we've
switched credentials.
Change gssd to fork before trying to handle each upcall. The child will
do the work to establish the context and the parent task will just wait
for it to exit. It's still possible for the child to be killed or
reniced, but that would only affect a single upcall instead of the
entire daemon.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
utils/gssd/gssd_main_loop.c | 3 ++-
utils/gssd/gssd_proc.c | 19 ++++++++++++++++++-
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c
index ccf7fe5..7b0f568 100644
--- a/utils/gssd/gssd_main_loop.c
+++ b/utils/gssd/gssd_main_loop.c
@@ -40,7 +40,8 @@
#include <sys/socket.h>
#include <sys/poll.h>
#include <netinet/in.h>
-
+#include <sys/types.h>
+#include <sys/wait.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e58c341..1a58809 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -982,6 +982,23 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
int err, downcall_err = -EACCES;
gss_cred_id_t gss_cred;
OM_uint32 maj_stat, min_stat, lifetime_rec;
+ pid_t pid;
+
+ pid = fork();
+ switch(pid) {
+ case 0:
+ /* Child: fall through to rest of function */
+ break;
+ case -1:
+ /* fork() failed! */
+ printerr(0, "WARNING: unable to fork() to handle upcall: %s\n",
+ strerror(errno));
+ return;
+ default:
+ /* Parent: just wait on child to exit and return */
+ wait(&err);
+ return;
+ }
printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
@@ -1121,7 +1138,7 @@ out:
AUTH_DESTROY(auth);
if (rpc_clnt)
clnt_destroy(rpc_clnt);
- return;
+ exit(0);
out_return_error:
do_error_downcall(fd, uid, downcall_err);
--
1.8.3.1
next prev parent reply other threads:[~2013-10-03 18:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-03 18:42 [PATCH 0/2] gssd: allow it to work with KEYRING: credcaches Jeff Layton
2013-10-03 18:42 ` Jeff Layton [this message]
2013-10-03 18:56 ` [PATCH 1/2] gssd: have process_krb5_upcall fork before handling upcall Jeff Layton
2013-10-03 18:42 ` [PATCH 2/2] gssd: switch real uid instead of just fsuid when looking for user creds Jeff Layton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1380825731-3314-2-git-send-email-jlayton@redhat.com \
--to=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=steved@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).