Enable kernel support.

The Linux kernel now requires the gss-proxy to signal when it is available.
This is done by writing 1 to the file /proc/net/rpc/use-gss-proxy

Once this happens the kernel will try to attach to the gss-proxy socket
and use it instead of the classic rpc.svcgssd daemon.

5 files changed, 61 insertions, 0 deletions

diff --git a/proxy/examples/gssproxy-example.conf b/proxy/examples/gssproxy-example.conf
index 3894dd3..7067abf 100644
--- a/proxy/examples/gssproxy-example.conf
+++ b/proxy/examples/gssproxy-example.conf
@@ -8,6 +8,7 @@
   krb5_keytab = /etc/krb5.keytab
   krb5_ccache = /run/user/%u/krb5cc
   trusted = yes
+  kernel_nfsd = yes
   euid = 0
 
 [service/gssproxy]
diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c
index e6ad49c..20e1b73 100644
--- a/proxy/src/gp_config.c
+++ b/proxy/src/gp_config.c
@@ -194,6 +194,13 @@ static int load_services(struct gp_config *cfg, dictionary *dict)
                 }
             }
 
+            value = get_char_value(dict, secname, "kernel_nfsd");
+            if (value != NULL) {
+                if (option_is_set(value)) {
+                    cfg->svcs[n]->kernel_nfsd = true;
+                }
+            }
+
             ret = setup_service_creds_handle(cfg->svcs[n]);
             if (ret) {
                 goto done;
diff --git a/proxy/src/gp_init.c b/proxy/src/gp_init.c
index c0cdb92..8d0ebd8 100644
--- a/proxy/src/gp_init.c
+++ b/proxy/src/gp_init.c
@@ -28,6 +28,9 @@
 #include <sys/stat.h>
 #include <locale.h>
 #include <signal.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <string.h>
 #include "gp_proxy.h"
 
 void init_server(bool daemonize)
@@ -130,3 +133,46 @@ verto_ctx *init_event_loop(void)
     return vctx;
 }
 
+void init_proc_nfsd(struct gp_config *cfg)
+{
+    char buf[] = "1";
+    bool enabled = false;
+    int fd, i, ret;
+
+    /* check first if any service enabled kernel support */
+    for (i = 0; i < cfg->num_svcs; i++) {
+        if (cfg->svcs[i]->kernel_nfsd == true) {
+            enabled = true;
+            break;
+        }
+    }
+
+    if (!enabled) {
+        return;
+    }
+
+    fd = open(LINUX_PROC_USE_GSS_PROXY_FILE, O_RDWR);
+    if (fd == -1) {
+        ret = errno;
+        GPDEBUG("Failed to open %s: %d (%s)\n",
+                LINUX_PROC_USE_GSS_PROXY_FILE,
+                ret, strerror(ret));
+        return;
+    }
+
+    ret = write(fd, buf, 1);
+    if (ret != 1) {
+        GPDEBUG("Failed to write to %s: %d (%s)\n",
+                LINUX_PROC_USE_GSS_PROXY_FILE,
+                ret, strerror(ret));
+        return;
+    }
+
+    ret = close(fd);
+    if (ret == -1) {
+        GPDEBUG("Failed to close %s: %d (%s)\n",
+                LINUX_PROC_USE_GSS_PROXY_FILE,
+                ret, strerror(ret));
+        return;
+    }
+}
diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h
index c599eee..beddf61 100644
--- a/proxy/src/gp_proxy.h
+++ b/proxy/src/gp_proxy.h
@@ -34,6 +34,8 @@
 
 #define _(STRING) gettext(STRING)
 
+#define LINUX_PROC_USE_GSS_PROXY_FILE "/proc/net/rpc/use-gss-proxy"
+
 #define GP_CRED_KRB5    0x01
 
 struct gp_cred_krb5 {
@@ -48,6 +50,7 @@ struct gp_service {
     char *name;
     uid_t euid;
     bool trusted;
+    bool kernel_nfsd;
 
     uint32_t mechs;
     struct gp_cred_krb5 krb5;
@@ -84,6 +87,7 @@ void free_config(struct gp_config *config);
 void init_server(bool daemonize);
 void fini_server(void);
 verto_ctx *init_event_loop(void);
+void init_proc_nfsd(struct gp_config *cfg);
 
 /* from gp_socket.c */
 int init_unix_socket(const char *file_name);
diff --git a/proxy/src/gssproxy.c b/proxy/src/gssproxy.c
index 498ee59..f1f0d13 100644
--- a/proxy/src/gssproxy.c
+++ b/proxy/src/gssproxy.c
@@ -103,6 +103,9 @@ int main(int argc, const char *argv[])
         return 1;
     }
 
+    /* special call to tell the Linux kernel gss-proxy is available */
+    init_proc_nfsd(gpctx->config);
+
     vctx = init_event_loop();
     if (!vctx) {
         return 1;