RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-20 10:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: reinitialize NSS modules after fork()

Browse Source 
Fixes: #11128
Signed-off-by: Yan, Zheng <zyan@redhat.com>
This commit is contained in:
Yan, Zheng 2015-03-21 01:02:42 +08:00
parent f183cd7c21
commit 4c24d0cc07
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/common/ceph_crypto.cc
View File

@ -37,14 +37,24 @@ ceph::crypto::HMACSHA1::~HMACSHA1()
#elif USE_NSS #elif USE_NSS
// for SECMOD_RestartModules()
#include <secmod.h>
// Initialization of NSS requires a mutex due to a race condition in // Initialization of NSS requires a mutex due to a race condition in
// NSS_NoDB_Init. // NSS_NoDB_Init.
static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
static pid_t crypto_init_pid = 0;
void ceph::crypto::init(CephContext *cct) void ceph::crypto::init(CephContext *cct)
{ {
pid_t pid = getpid();
SECStatus s; SECStatus s;
pthread_mutex_lock(&crypto_init_mutex); pthread_mutex_lock(&crypto_init_mutex);
if (crypto_init_pid != pid) {
if (crypto_init_pid > 0)
SECMOD_RestartModules(PR_FALSE);
crypto_init_pid = pid;
}
if (cct->_conf->nss_db_path.empty()) { if (cct->_conf->nss_db_path.empty()) {
s = NSS_NoDB_Init(NULL); s = NSS_NoDB_Init(NULL);
} else { } else {
@ -59,6 +69,7 @@ void ceph::crypto::shutdown()
SECStatus s; SECStatus s;
s = NSS_Shutdown(); s = NSS_Shutdown();
assert(s == SECSuccess); assert(s == SECSuccess);
crypto_init_pid = 0;
} }
ceph::crypto::HMACSHA1::~HMACSHA1() ceph::crypto::HMACSHA1::~HMACSHA1()