tlshd: always link .nvme default keyring into the session

igaw · chucklever · commit 311d9438b984 · 2024-10-24T10:10:42.000-04:00
A common use case for tlshd is to authenticate TLS sessions for the nvme
subsystem. Currently, the user has to explicitly list a keyring (even
the defautl one) in the configuration file so that tlshd running
as daemon (started via systemd) to find any key.

Thus always link the default .nvme keyring into the current session,
which makes the daemon work out of the box for default configurations.

Signed-off-by: Daniel Wagner &lt;wagi@monom.org&gt;
diff --git a/src/tlshd/config.c b/src/tlshd/config.c
@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname)
 					      "keyrings", &length, NULL);
 	if (keyrings) {
 		for (i = 0; i < length; i++) {
+			if (!strcmp(keyrings[i], ".nvme"))
+				continue;
 			tlshd_keyring_link_session(keyrings[i]);
 		}
 		g_strfreev(keyrings);
 	}
+	/*
+	 * Always link the default nvme subsystem keyring into the
+	 * session.
+	 */
+	tlshd_keyring_link_session(".nvme");
 
 	return true;
 }

Original file line number	Diff line number	Diff line change
`@@ -91,10 +91,17 @@ bool tlshd_config_init(const gchar *pathname)`
`91`	`91`	`"keyrings", &length, NULL);`
`92`	`92`	`if (keyrings) {`
`93`	`93`	`for (i = 0; i < length; i++) {`
	`94`	`+ if (!strcmp(keyrings[i], ".nvme"))`
	`95`	`+ continue;`
`94`	`96`	`tlshd_keyring_link_session(keyrings[i]);`
`95`	`97`	`}`
`96`	`98`	`g_strfreev(keyrings);`
`97`	`99`	`}`
	`100`	`+ /*`
	`101`	`+ * Always link the default nvme subsystem keyring into the`
	`102`	`+ * session.`
	`103`	`+ */`
	`104`	`+ tlshd_keyring_link_session(".nvme");`
`98`	`105`
`99`	`106`	`return true;`
`100`	`107`	`}`