sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}

As, respectively, the maximum number of "supplementary" groups and the
maximum hostname size allowed in the credentials structure for AUTH_SYS
(aka, AU

sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}

As, respectively, the maximum number of "supplementary" groups and the
maximum hostname size allowed in the credentials structure for AUTH_SYS
(aka, AUTH_UNIX).

Will be used in subsequent commits.

Reviewed by: rmacklem
MFC after: 2 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52961

show more ...

Revert "Remove Secure RPC DES authentication"

This reverts commit 7ac276298b72982189ac1a5b17461936dc00163e.

Requested by: kib

Remove Secure RPC DES authentication

Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.

Remove the relevant symbols from libc's Symbol.map. Leave

Remove Secure RPC DES authentication

Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.

Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.

Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.

Remove the documentation for the old functions.

Remove rpc.ypupdated since it requires DES authentication.

Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442

show more ...

sys: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl s

sys: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

show more ...

sys: Remove $FreeBSD$: one-line .h pattern

Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/

rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case. As such, de

rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case. As such, delete them and use AUTH_TOOWEAK
instead. Leave the code that uses these new auth_stat
values in the sources #ifdef notnow, in case they are
defined in the future.

MFC after: 1 week

show more ...

rpc: Make function tables const

No functional change intended.

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

nfsd: Fix the failure return for non-fh NFSv4 operations

Without this patch, nfsd_checkrootexp() returns failure
and then the NFSv4 operation would reply NFSERR_WRONGSEC.
RFC5661 Sec. 2.6 only allow

nfsd: Fix the failure return for non-fh NFSv4 operations

Without this patch, nfsd_checkrootexp() returns failure
and then the NFSv4 operation would reply NFSERR_WRONGSEC.
RFC5661 Sec. 2.6 only allows a few NFSv4 operations, none
of which call nfsv4_checktootexp(), to return NFSERR_WRONGSEC.
This patch modifies nfsd_checkrootexp() to return the
error instead of a boolean and sets the returned error to an RPC
layer AUTH_ERR, as discussed on nfsv4@ietf.org.
The patch also fixes nfsd_errmap() so that the pseudo
error NFSERR_AUTHERR is handled correctly such that an RPC layer
AUTH_ERR is replied to the NFSv4 client.

The two new "enum auth_stat" values have not yet been assigned
by IANA, but are the expected next two values.

The effect on extant NFSv4 clients of this change appears
limited to reporting a different failure error when a
mount that does not use adequate security is attempted.

MFC after: 2 weeks

show more ...

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Add TLS support to the kernel RPC.

An internet draft titled "Towards Remote Procedure Call Encryption By Default"
describes how TLS is to be used for Sun RPC, with NFS as an intended use case.
This

Add TLS support to the kernel RPC.

An internet draft titled "Towards Remote Procedure Call Encryption By Default"
describes how TLS is to be used for Sun RPC, with NFS as an intended use case.
This patch adds client and server support for this to the kernel RPC,
using KERN_TLS and upcalls to daemons for the handshake, peer reset and
other non-application data record cases.

The upcalls to the daemons use three fields to uniquely identify the
TCP connection. They are the time.tv_sec, time.tv_usec of the connection
establshment, plus a 64bit sequence number. The time fields avoid problems
with re-use of the sequence number after a daemon restart.
For the server side, once a Null RPC with AUTH_TLS is received, kernel
reception on the socket is blocked and an upcall to the rpctlssd(8) daemon
is done to perform the TLS handshake. Upon completion, the completion
status of the handshake is stored in xp_tls as flag bits and the reply to
the Null RPC is sent.
For the client, if CLSET_TLS has been set, a new TCP connection will
send the Null RPC with AUTH_TLS to initiate the handshake. The client
kernel RPC code will then block kernel I/O on the socket and do an upcall
to the rpctlscd(8) daemon to perform the handshake.
If the upcall is successful, ct_rcvstate will be maintained to indicate
if/when an upcall is being done.

If non-application data records are received, the code does an upcall to
the appropriate daemon, which will do a SSL_read() of 0 length to handle
the record(s).

When the socket is being shut down, upcalls are done to the daemons, so
that they can perform SSL_shutdown() calls to perform the "peer reset".

The rpctlssd(8) and rpctlscd(8) daemons require a patched version of the
openssl library and, as such, will not be committed to head at this time.

Although the changes done by this patch are fairly numerous, there should
be no semantics change to the kernel RPC at this time.
A future commit to the NFS code will optionally enable use of TLS for NFS.

show more ...

sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}

As, respectively, the maximum number of "supplementary" groups and the
maximum hostname size allowed in the credentials structure for AUTH_SYS
(aka, AU

sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}

As, respectively, the maximum number of "supplementary" groups and the
maximum hostname size allowed in the credentials structure for AUTH_SYS
(aka, AUTH_UNIX).

Will be used in subsequent commits.

Reviewed by: rmacklem
MFC after: 2 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52961

show more ...

Revert "Remove Secure RPC DES authentication"

This reverts commit 7ac276298b72982189ac1a5b17461936dc00163e.

Requested by: kib

Remove Secure RPC DES authentication

Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.

Remove the relevant symbols from libc's Symbol.map. Leave

Remove Secure RPC DES authentication

Following the earlier removal of keyserv, none of this functionality
works since it requires keyserv.

Remove the relevant symbols from libc's Symbol.map. Leave compatibility
symbols for existing applications, but since the functions don't work
without keyserv, stub them out to return an error.

Remove some private symbols that were only used by keyserv; these don't
get compatibility symbols.

Remove the documentation for the old functions.

Remove rpc.ypupdated since it requires DES authentication.

Reviewed by: manu, des, emaste
Differential Revision: https://reviews.freebsd.org/D50442

show more ...

sys: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl s

sys: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

show more ...

sys: Remove $FreeBSD$: one-line .h pattern

Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/

rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case. As such, de

rpc: Delete AUTH_NEEDS_TLS(_MUTUAL_HOST) auth_stat values

I thought that these new auth_stat values had been agreed
upon by the IETF NFSv4 working group, but that no longer
is the case. As such, delete them and use AUTH_TOOWEAK
instead. Leave the code that uses these new auth_stat
values in the sources #ifdef notnow, in case they are
defined in the future.

MFC after: 1 week

show more ...

rpc: Make function tables const

No functional change intended.

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

nfsd: Fix the failure return for non-fh NFSv4 operations

Without this patch, nfsd_checkrootexp() returns failure
and then the NFSv4 operation would reply NFSERR_WRONGSEC.
RFC5661 Sec. 2.6 only allow

nfsd: Fix the failure return for non-fh NFSv4 operations

Without this patch, nfsd_checkrootexp() returns failure
and then the NFSv4 operation would reply NFSERR_WRONGSEC.
RFC5661 Sec. 2.6 only allows a few NFSv4 operations, none
of which call nfsv4_checktootexp(), to return NFSERR_WRONGSEC.
This patch modifies nfsd_checkrootexp() to return the
error instead of a boolean and sets the returned error to an RPC
layer AUTH_ERR, as discussed on nfsv4@ietf.org.
The patch also fixes nfsd_errmap() so that the pseudo
error NFSERR_AUTHERR is handled correctly such that an RPC layer
AUTH_ERR is replied to the NFSv4 client.

The two new "enum auth_stat" values have not yet been assigned
by IANA, but are the expected next two values.

The effect on extant NFSv4 clients of this change appears
limited to reporting a different failure error when a
mount that does not use adequate security is attempted.

MFC after: 2 weeks

show more ...

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Add TLS support to the kernel RPC.

An internet draft titled "Towards Remote Procedure Call Encryption By Default"
describes how TLS is to be used for Sun RPC, with NFS as an intended use case.
This

Add TLS support to the kernel RPC.

An internet draft titled "Towards Remote Procedure Call Encryption By Default"
describes how TLS is to be used for Sun RPC, with NFS as an intended use case.
This patch adds client and server support for this to the kernel RPC,
using KERN_TLS and upcalls to daemons for the handshake, peer reset and
other non-application data record cases.

The upcalls to the daemons use three fields to uniquely identify the
TCP connection. They are the time.tv_sec, time.tv_usec of the connection
establshment, plus a 64bit sequence number. The time fields avoid problems
with re-use of the sequence number after a daemon restart.
For the server side, once a Null RPC with AUTH_TLS is received, kernel
reception on the socket is blocked and an upcall to the rpctlssd(8) daemon
is done to perform the TLS handshake. Upon completion, the completion
status of the handshake is stored in xp_tls as flag bits and the reply to
the Null RPC is sent.
For the client, if CLSET_TLS has been set, a new TCP connection will
send the Null RPC with AUTH_TLS to initiate the handshake. The client
kernel RPC code will then block kernel I/O on the socket and do an upcall
to the rpctlscd(8) daemon to perform the handshake.
If the upcall is successful, ct_rcvstate will be maintained to indicate
if/when an upcall is being done.

If non-application data records are received, the code does an upcall to
the appropriate daemon, which will do a SSL_read() of 0 length to handle
the record(s).

When the socket is being shut down, upcalls are done to the daemons, so
that they can perform SSL_shutdown() calls to perform the "peer reset".

The rpctlssd(8) and rpctlscd(8) daemons require a patched version of the
openssl library and, as such, will not be committed to head at this time.

Although the changes done by this patch are fairly numerous, there should
be no semantics change to the kernel RPC at this time.
A future commit to the NFS code will optionally enable use of TLS for NFS.

show more ...

Merge ^/head r325999 through r326131.

sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for

sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

show more ...

Merge head

IFC @264767

Merge head up to r262222 (last merge was incomplete).