From: Yan, Zheng <zyan@redhat.com>
Date: Fri, 20 Mar 2015 17:02:42 +0000 (+0800)
Subject: auth: reinitialize NSS modules after fork()
X-Git-Tag: v0.94.4~29^2~6
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=e487e8e3d84c7845ce7824ace3e375c6c389ba20;p=ceph.git

auth: reinitialize NSS modules after fork()

Fixes: #11128
Signed-off-by: Yan, Zheng <zyan@redhat.com>
(cherry picked from commit 4c24d0cc074462ae258b5cf901cd884bb4f50a53)
---

diff --git a/src/common/ceph_crypto.cc b/src/common/ceph_crypto.cc
index b81ffdfe32359..9ba29455d334a 100644
--- a/src/common/ceph_crypto.cc
+++ b/src/common/ceph_crypto.cc
@@ -37,14 +37,24 @@ ceph::crypto::HMACSHA1::~HMACSHA1()
 
 #elif USE_NSS
 
+// for SECMOD_RestartModules()
+#include <secmod.h>
+
 // Initialization of NSS requires a mutex due to a race condition in
 // NSS_NoDB_Init.
 static pthread_mutex_t crypto_init_mutex = PTHREAD_MUTEX_INITIALIZER;
+static pid_t crypto_init_pid = 0;
 
 void ceph::crypto::init(CephContext *cct)
 {
+  pid_t pid = getpid();
   SECStatus s;
   pthread_mutex_lock(&crypto_init_mutex);
+  if (crypto_init_pid != pid) {
+    if (crypto_init_pid > 0)
+      SECMOD_RestartModules(PR_FALSE);
+    crypto_init_pid = pid;
+  }
   if (cct->_conf->nss_db_path.empty()) {
     s = NSS_NoDB_Init(NULL);
   } else {
@@ -59,6 +69,7 @@ void ceph::crypto::shutdown()
   SECStatus s;
   s = NSS_Shutdown();
   assert(s == SECSuccess);
+  crypto_init_pid = 0;
 }
 
 ceph::crypto::HMACSHA1::~HMACSHA1()