auth: reinitialize NSS modules after fork()

author Yan, Zheng <zyan@redhat.com>

Fri, 20 Mar 2015 17:02:42 +0000 (01:02 +0800)

committer Loic Dachary <ldachary@redhat.com>

Sun, 6 Sep 2015 14:05:30 +0000 (16:05 +0200)
author Yan, Zheng <zyan@redhat.com>
Fri, 20 Mar 2015 17:02:42 +0000 (01:02 +0800)
committer Loic Dachary <ldachary@redhat.com>
Sun, 6 Sep 2015 14:05:30 +0000 (16:05 +0200)
diff --git a/src/common/ceph_crypto.cc b/src/common/ceph_crypto.cc

index b81ffdfe3235953fffa1f5c1f3d053a7cc8eb7a9..9ba29455d334a7963476bcf14a62c03901a2671f 100644 (file)
--- a/src/common/ceph_crypto.cc
+++ b/src/common/ceph_crypto.cc
@@ -37,14 +37,24 @@ ceph::crypto::HMACSHA1::~HMACSHA1()
  
  #elif USE_NSS
  
+// for SECMOD_RestartModules()
+#include <secmod.h>
+
  // Initialization of NSS requires a mutex due to a race condition in
  // NSS_NoDB_Init.
  static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pid_t crypto_init_pid = 0;
  
  void ceph::crypto::init(CephContext *cct)
  {
+  pid_t pid = getpid();
    SECStatus s;
    pthread_mutex_lock(&crypto_init_mutex);
+  if (crypto_init_pid != pid) {
+    if (crypto_init_pid > 0)
+      SECMOD_RestartModules(PR_FALSE);
+    crypto_init_pid = pid;
+  }
    if (cct->_conf->nss_db_path.empty()) {
      s = NSS_NoDB_Init(NULL);
    } else {
@@ -59,6 +69,7 @@ void ceph::crypto::shutdown()
    SECStatus s;
    s = NSS_Shutdown();
    assert(s == SECSuccess);
+  crypto_init_pid = 0;
  }
  
  ceph::crypto::HMACSHA1::~HMACSHA1()
author	Yan, Zheng <zyan@redhat.com>
	Fri, 20 Mar 2015 17:02:42 +0000 (01:02 +0800)
committer	Loic Dachary <ldachary@redhat.com>
	Sun, 6 Sep 2015 14:05:30 +0000 (16:05 +0200)