From patchwork Thu Oct  3 18:42:10 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jeff Layton <jlayton@redhat.com>
X-Patchwork-Id: 2985261
Return-Path: <linux-nfs-owner@kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 78CF3BFF0B
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu,  3 Oct 2013 18:42:28 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 5FC7C203AE
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu,  3 Oct 2013 18:42:27 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 3BE82203A8
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Thu,  3 Oct 2013 18:42:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754582Ab3JCSmV (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Thu, 3 Oct 2013 14:42:21 -0400
Received: from mail-yh0-f51.google.com ([209.85.213.51]:56384 "EHLO
	mail-yh0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754612Ab3JCSmS (ORCPT
	<rfc822;linux-nfs@vger.kernel.org>); Thu, 3 Oct 2013 14:42:18 -0400
Received: by mail-yh0-f51.google.com with SMTP id t59so775730yho.24
	for <linux-nfs@vger.kernel.org>; Thu, 03 Oct 2013 11:42:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=7W6uMKy3wPQ80L1dPVfK6kVmivGOCov8izDMem0QyPc=;
	b=kPpIO6PB/PbebPmf0zAYfFOuUaZvMXHl75RwQZUvN2MUrV/Tdes/LdzQvpSNu8XX0o
	AG3v7ebyNMhc0CmIAZCqpSO/polhFxiiDBsWgQYtRgTs0v1dKhNrWQhbMdRB4okVmmfm
	yeKGnpzNMb+mfqvbAyzakmv3wzSsToP+HKVJ/i1qb2ypg40RG7KmZmA8ojL1P/DCtV4Q
	aP9JpSb0NwYkgkXPTBn8AP/Huya3oE5WH49THHBNKCu3/BMf4VzwzorsAJMsn2A5Q2LZ
	+bAWF8Qb3poZgaEL+2MTN9Z5Nrs84g9Bec0hanJ3qAlgQH5h7ZBv8QANFi0vfwdqmdea
	PEzw==
X-Gm-Message-State: 
 ALoCoQnnW0H1FgASBu/AIErExvsgcCfKwMJgyT2PG4RZqB6aU3n9wCDqkpyJdayhxTxFjWL7CQ7h
X-Received: by 10.236.41.133 with SMTP id h5mr8310948yhb.22.1380825738244;
	Thu, 03 Oct 2013 11:42:18 -0700 (PDT)
Received: from salusa.poochiereds.net (cpe-107-015-124-230.nc.res.rr.com.
	[107.15.124.230]) by mx.google.com with ESMTPSA id
	s46sm12733847yha.27.1969.12.31.16.00.00
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Thu, 03 Oct 2013 11:42:17 -0700 (PDT)
From: Jeff Layton <jlayton@redhat.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 1/2] gssd: have process_krb5_upcall fork before handling
	upcall
Date: Thu,  3 Oct 2013 14:42:10 -0400
Message-Id: <1380825731-3314-2-git-send-email-jlayton@redhat.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1380825731-3314-1-git-send-email-jlayton@redhat.com>
References: <1380825731-3314-1-git-send-email-jlayton@redhat.com>
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

In order to handle KEYRING: caches, we need to be able to switch the
real UID of the process to the designated one, but that opens the door
to allowing gssd to be killed or reniced during the window where we've
switched credentials.

Change gssd to fork before trying to handle each upcall. The child will
do the work to establish the context and the parent task will just wait
for it to exit. It's still possible for the child to be killed or
reniced, but that would only affect a single upcall instead of the
entire daemon.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
---
 utils/gssd/gssd_main_loop.c |  3 ++-
 utils/gssd/gssd_proc.c      | 19 ++++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/utils/gssd/gssd_main_loop.c b/utils/gssd/gssd_main_loop.c
index ccf7fe5..7b0f568 100644
--- a/utils/gssd/gssd_main_loop.c
+++ b/utils/gssd/gssd_main_loop.c
@@ -40,7 +40,8 @@
 #include <sys/socket.h>
 #include <sys/poll.h>
 #include <netinet/in.h>
-
+#include <sys/types.h>
+#include <sys/wait.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index e58c341..1a58809 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -982,6 +982,23 @@ process_krb5_upcall(struct clnt_info *clp, uid_t uid, int fd, char *tgtname,
 	int			err, downcall_err = -EACCES;
 	gss_cred_id_t		gss_cred;
 	OM_uint32		maj_stat, min_stat, lifetime_rec;
+	pid_t			pid;
+
+	pid = fork();
+	switch(pid) {
+	case 0:
+		/* Child: fall through to rest of function */
+		break;
+	case -1:
+		/* fork() failed! */
+		printerr(0, "WARNING: unable to fork() to handle upcall: %s\n",
+				strerror(errno));
+		return;
+	default:
+		/* Parent: just wait on child to exit and return */
+		wait(&err);
+		return;
+	}
 
 	printerr(1, "handling krb5 upcall (%s)\n", clp->dirname);
 
@@ -1121,7 +1138,7 @@ out:
 		AUTH_DESTROY(auth);
 	if (rpc_clnt)
 		clnt_destroy(rpc_clnt);
-	return;
+	exit(0);
 
 out_return_error:
 	do_error_downcall(fd, uid, downcall_err);