MFC 348970,348974:Make the warning intervals for deprecated crypto algorithms tunable.348970:Make the warning intervals for deprecated crypto algorithms tunable.New sysctl/tunables can now set
MFC 348970,348974:Make the warning intervals for deprecated crypto algorithms tunable.348970:Make the warning intervals for deprecated crypto algorithms tunable.New sysctl/tunables can now set the interval (in seconds) betweenrate-limited crypto warnings. The new sysctls are:- kern.cryptodev_warn_interval for /dev/crypto- net.inet.ipsec.crypto_warn_interval for IPsec- kern.kgssapi_warn_interval for KGSSAPI348974:Move declaration of warninterval out from under COMPAT_FREEBSD32.This fixes builds of kernels without COMPAT_FREEBSD32.
show more ...
MFC 348875:Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429.All of these algorithms are explicitly marked SHOULD NOT in one of theseRFCs.Specifically, RFC 6649 deprecat
MFC 348875:Add warnings for Kerberos GSS algorithms deprecated in RFCs 6649 and 8429.All of these algorithms are explicitly marked SHOULD NOT in one of theseRFCs.Specifically, RFC 6649 deprecates all algorithms using DES as well asthe "export-friendly" variant of RC4. RFC 8429 deprecates Triple DESand the remaining RC4 algorithms.Relnotes: yes
MFC r344402* Handle SIGPIPE in gssdWe've got some cases where the other end of gssd's AF_LOCAL socket getsclosed, resulting in an error (and SIGPIPE) when it tries to do I/O to it.Closing withou
MFC r344402* Handle SIGPIPE in gssdWe've got some cases where the other end of gssd's AF_LOCAL socket getsclosed, resulting in an error (and SIGPIPE) when it tries to do I/O to it.Closing without cleaning up means the next time nfsd starts up, it hangs,unkillably; this allows gssd to handle that particular error.* Limit the retry cound in gssd_syscall to 5.The default is INT_MAX, which effectively means forever. And it's anuninterruptable RPC call, so it will never stop.The two changes mitigate the problem.
OpenCrypto: Convert sessions to opaque handles instead of integersTrack session objects in the framework, and pass handles between theframework (OCF), consumers, and drivers. Avoid redundancy and
OpenCrypto: Convert sessions to opaque handles instead of integersTrack session objects in the framework, and pass handles between theframework (OCF), consumers, and drivers. Avoid redundancy and complexity inindividual drivers by allocating session memory in the framework andproviding it to drivers in ::newsession().Session handles are no longer integers with information encoded in varioushigh bits. Use of the CRYPTO_SESID2FOO() macros should be replaced with theappropriate crypto_ses2foo() function on the opaque session handle.Convert OCF drivers (in particular, cryptosoft, as well as myriad others) tothe opaque handle interface. Discard existing session tracking as much aspossible (quick pass). There may be additional code ripe for deletion.Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-styleinterface. The conversion is largely mechnical.The change is documented in crypto.9.Inspired byhttps://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html .No objection from: ae (ipsec portion)Reported by: jhb
OCF: Convert consumers to the session id typedefThese were missed in the earlier r336269.No functional change.Sponsored by: Dell EMC Isilon
kgssapi: Remove trivial deadcodeCID: 1385956Reported by: CoveritySponsored by: Dell EMC Isilon
Use syscall_helper_register(9) rather than syscall_register().The usage is simpler, documented, and more common.Reviewed by: cemSponsored by: DARPA, AFRLDifferential Revision: https://reviews.f
Use syscall_helper_register(9) rather than syscall_register().The usage is simpler, documented, and more common.Reviewed by: cemSponsored by: DARPA, AFRLDifferential Revision: https://reviews.freebsd.org/D14227
sys/kgssapi: general adoption of SPDX licensing ID tags.Mainly focus on files that use BSD 2-Clause license, however the tool Iwas using misidentified many licenses so this was mostly a manual - e
sys/kgssapi: general adoption of SPDX licensing ID tags.Mainly focus on files that use BSD 2-Clause license, however the tool Iwas using misidentified many licenses so this was mostly a manual - errorprone - task.The Software Package Data Exchange (SPDX) group provides a specificationto make it easier for automated tools to detect and summarize well knownopensource licenses. We are gradually adopting the specification, notingthat the tags are considered only advisory and do not, in any way,superceed or replace the license texts.No functional change intended.
kgssapi: insignificant spelling fix.No functional change.
kgssapi: Don't leak memory in error casesReported by: CoverityCIDs: 1007046, 1007047, 1007048Sponsored by: EMC / Isilon Storage Division
sys: extend use of the howmany() macro when available.We have a howmany() macro in the <sys/param.h> header that isconvenient to re-use as it makes things easier to read.
kgssapi(4): Don't allow user-provided arguments to overrun stack bufferAn over-long path argument to gssd_syscall could overrun the stack sockaddr_unbuffer. Fix gssd_syscall to not permit that.
kgssapi(4): Don't allow user-provided arguments to overrun stack bufferAn over-long path argument to gssd_syscall could overrun the stack sockaddr_unbuffer. Fix gssd_syscall to not permit that.If an over-long path is provided, gssd_syscall now returns EINVAL.It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is thatthis is likely only triggerable by root.Reported by: CoverityCID: 1006751Sponsored by: EMC / Isilon Storage Division
Cleanup unnecessary semicolons from the kernel.Found with devel/coccinelle.
kcrypto_aes: Use separate sessions for AES and SHA1Some hardware supports AES acceleration but not SHA1, e.g., AES-NIextensions. It is useful to have accelerated AES even if SHA1 must besoftware
kcrypto_aes: Use separate sessions for AES and SHA1Some hardware supports AES acceleration but not SHA1, e.g., AES-NIextensions. It is useful to have accelerated AES even if SHA1 must besoftware.Suggested by: asomersReviewed by: asomers, dfrSponsored by: EMC / Isilon Storage DivisionDifferential Revision: https://reviews.freebsd.org/D5146
Unset the gss kernel state when gssd exitsWhen gssd exits it leaves the kernel state set bygssd_syscall(). nfsd sees this and waits endlesslyin an unkillable state for gssd to come back. If you
Unset the gss kernel state when gssd exitsWhen gssd exits it leaves the kernel state set bygssd_syscall(). nfsd sees this and waits endlesslyin an unkillable state for gssd to come back. If youhad acidentally started gssd then stopped it, thenstarted nfsd you'd be in a bad way until you eitherrestarted gssd or rebooted the system. This changefixes that by setting the kernel state to "" whengssd exits.Reviewed by: rmacklemMFC after: 1 weekSponsored by: iXsystems
Avoid dynamic syscall overhead for statically compiled modules.The kernel tracks syscall users so that modules can safely unregister them.But if the module is not unloadable or was compiled into
Avoid dynamic syscall overhead for statically compiled modules.The kernel tracks syscall users so that modules can safely unregister them.But if the module is not unloadable or was compiled into the kernel, there isno need to do this.Achieve this by adding SY_THR_STATIC_KLD macro which expands to SY_THR_STATICduring kernel build and 0 otherwise.Reviewed by: kib (previous version)MFC after: 2 weeks
Add support for host-based (Kerberos 5 service principal) initiatorcredentials to the kernel rpc. Modify the NFSv4 client to addsupport for the gssname and allgssname mount options to use thiscapa
Add support for host-based (Kerberos 5 service principal) initiatorcredentials to the kernel rpc. Modify the NFSv4 client to addsupport for the gssname and allgssname mount options to use thiscapability. Requires the gssd daemon to be running with the "-h" option.Reviewed by: jhb
Isilon reported that sec=krb5p NFS mounts had a problem when m_len == 0for the last mbuf of the list with an encrypted message. This patch replacesthe KASSERT() with code that handles this case.R
Isilon reported that sec=krb5p NFS mounts had a problem when m_len == 0for the last mbuf of the list with an encrypted message. This patch replacesthe KASSERT() with code that handles this case.Reported by: [email protected]Reviewed by: jhbMFC after: 2 weeks
Piete.Brooks at cl.cam.ac.uk reported via email a crash which wascaused by use of an invalid kgss_gssd_handle during an upcall tothe gssd daemon when it has exited. This patch seems to avoid thecr
Piete.Brooks at cl.cam.ac.uk reported via email a crash which wascaused by use of an invalid kgss_gssd_handle during an upcall tothe gssd daemon when it has exited. This patch seems to avoid thecrashes by holding a reference count on the kgss_gssd_handle untilthe upcall is done. It also adds a new mutex kgss_gssd_lock used tomake manipulation of kgss_gssd_handle SMP safe.Tested by: Illias A. Marinos, Herbert PoecklReviewed by: jhbMFC after: 2 weeks
Add missing break statement to make sure all 3DES etypes really are treatedthe same.CID: 3624Found with: Coverity Prevent(tm)Reviewed by: dfrMFC after: 1 week
In order to maximize the re-usability of kernel code in user space thispatch modifies makesyscalls.sh to prefix all of the non-compatibilitycalls (e.g. not linux_, freebsd32_) with sys_ and updates
In order to maximize the re-usability of kernel code in user space thispatch modifies makesyscalls.sh to prefix all of the non-compatibilitycalls (e.g. not linux_, freebsd32_) with sys_ and updates the kernelentry points and all places in the code that use them. It alsofixes an additional name space collision between the kernel functionpsignal and the libc function of the same name by renaming the kernelpsignal kern_psignal(). By introducing this change now we will ease futureMFCs that change syscalls.Reviewed by: rwatsonApproved by: re (bz)
Add a small comment about unloading the kgsappi module.Reviewed by: rmacklemApproved by: zml (mentor)MFC after: 2 weeks
Fix the kgssapi so that it can be loaded as a module. Currentlythe NFS subsystems use five of the rpcsec_gss/kgssapi entry points,but since it was not obvious which others might be useful, allnine
Fix the kgssapi so that it can be loaded as a module. Currentlythe NFS subsystems use five of the rpcsec_gss/kgssapi entry points,but since it was not obvious which others might be useful, allnineteen were included. Basically the nineteen entry points areset in a structure called rpc_gss_entries and inline functionsdefined in sys/rpc/rpcsec_gss.h check for the entry points beingnon-NULL and then call them. A default value is returned otherwise.Requested by rwatson.Reviewed by: jhbMFC after: 2 weeks
When the KOBJMETHOD() macro was updated, it resulted in thecompiler doing argument type checking. Since the prototypes inkgss_if.h used the generic gss_ctx_id_t for the context argument,but the fu
When the KOBJMETHOD() macro was updated, it resulted in thecompiler doing argument type checking. Since the prototypes inkgss_if.h used the generic gss_ctx_id_t for the context argument,but the functions in sys/kgssapi/krb5/krb5_mech.c used theKerberosV specific context argument, the file would no longer build.This patch fixes it so it will build by replacing the argument witha gss_ctx_id_t one and setting a local "struct krb5_context *" variableto it for use by the function.Reviewed by: dfrApproved by: kib (mentor)
Place hostnames and similar information fully under the prison system.The system hostname is now stored in prison0, and the global variable"hostname" has been removed, as has the hostname_mtx mutex
Place hostnames and similar information fully under the prison system.The system hostname is now stored in prison0, and the global variable"hostname" has been removed, as has the hostname_mtx mutex. Jails mayhave their own host information, or they may inherit it from theparent/system. The proper way to read the hostname is viagetcredhostname(), which will copy either the hostname associated withthe passed cred, or the system hostname if you pass NULL. The systemhostname can still be accessed directly (and without locking) atprison0.pr_host, but that should be avoided where possible.The "similar information" referred to is domainname, hostid, andhostuuid, which have also become prison parameters and had theirassociated global variables removed.Approved by: bz (mentor)
12