From bf72d9199d1bf4aba788b5a819c9f440803c83ea Mon Sep 17 00:00:00 2001
From: Julien Rische <jrische@redhat.com>
Date: Tue, 7 Jan 2025 11:44:36 +0100
Subject: [PATCH] Change daemon to Type=notify with systemd

Resolves: RHEL-71651
Signed-off-by: Julien Rische <jrische@redhat.com>
---
 ...e-daemon-to-Type-notify-with-systemd.patch | 244 ++++++++++++++++++
 gssproxy.spec                                 |   2 +
 2 files changed, 246 insertions(+)
 create mode 100644 0003-gssproxy-Change-daemon-to-Type-notify-with-systemd.patch

diff --git a/0003-gssproxy-Change-daemon-to-Type-notify-with-systemd.patch b/0003-gssproxy-Change-daemon-to-Type-notify-with-systemd.patch
new file mode 100644
index 0000000..9659c47
--- /dev/null
+++ b/0003-gssproxy-Change-daemon-to-Type-notify-with-systemd.patch
@@ -0,0 +1,244 @@
+From 0dde99a29d6f0883448b34fddf5f516166d97169 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
+Date: Fri, 20 Oct 2023 01:31:23 +0200
+Subject: [PATCH] [gssproxy] Change daemon to Type=notify with systemd
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This avoids the need for daemonization, pid files, etc and also provides nicer
+output from systemctl. The notify integration is already prepared to work with
+Type=notify-reload (which is a bit too recent to make the default at the
+moment, requires systemd 253+).
+
+With this patch applied:
+
+  root@qtest1:~# systemctl status gssproxy
+  ● gssproxy.service - GSSAPI Proxy Daemon
+       Loaded: loaded (/lib/systemd/system/gssproxy.service; enabled; preset: enabled)
+       Active: active (running) since Fri 2023-10-20 12:59:32 CEST; 4s ago
+     Main PID: 58516 (gssproxy)
+       Status: "Running, 1 service(s) configured"
+           ...
+  root@qtest1:~# ls -1 /etc/gssproxy/
+  24-nfs-server.conf
+  gssproxy.conf
+  root@qtest1:~# vi /etc/gssproxy/50-nfs-client.conf
+  root@qtest1:~# ls -1 /etc/gssproxy/
+  24-nfs-server.conf
+  50-nfs-client.conf
+  gssproxy.conf
+  root@qtest1:~# systemctl reload gssproxy
+  root@qtest1:~# systemctl status gssproxy
+  ● gssproxy.service - GSSAPI Proxy Daemon
+       Loaded: loaded (/lib/systemd/system/gssproxy.service; enabled; preset: enabled)
+       Active: active (running) since Fri 2023-10-20 12:59:32 CEST; 1min 39s ago
+      Process: 58576 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
+     Main PID: 58516 (gssproxy)
+       Status: "Running, 2 service(s) configured"
+           ...
+
+Signed-off-by: David Härdeman <david@hardeman.nu>
+(cherry picked from commit 92e87872846c400598db30fb1759cd7c6f00db34)
+---
+ contrib/gssproxy.spec.in        |  1 +
+ src/gp_common.h                 | 10 ++++++++++
+ src/gp_init.c                   | 21 +++++++++++++++++++--
+ src/gp_mgmt.c                   |  3 +++
+ src/gp_util.c                   | 29 +++++++++++++++++++++++++++++
+ systemd/gssproxy.service.in     |  9 ++++-----
+ systemd/gssuserproxy.service.in |  2 +-
+ 7 files changed, 67 insertions(+), 8 deletions(-)
+
+diff --git a/contrib/gssproxy.spec.in b/contrib/gssproxy.spec.in
+index 7f01f1f..a2c2267 100644
+--- a/contrib/gssproxy.spec.in
++++ b/contrib/gssproxy.spec.in
+@@ -44,6 +44,7 @@ BuildRequires: libcap-devel
+ BuildRequires: popt-devel
+ BuildRequires: findutils
+ BuildRequires: systemd-units
++BuildRequires: systemd-devel
+ 
+ 
+ %description
+diff --git a/src/gp_common.h b/src/gp_common.h
+index 18b6eb4..8a53d64 100644
+--- a/src/gp_common.h
++++ b/src/gp_common.h
+@@ -46,6 +46,16 @@
+ /* max out at 1MB for now */
+ #define MAX_RPC_SIZE 1024*1024
+ 
++#ifdef HAVE_SYSTEMD_DAEMON
++#include <systemd/sd-daemon.h>
++#else
++__inline__ int sd_notifyf(int unset_environment UNUSED, const char *format UNUSED, ...)
++{
++    return 0;
++}
++#endif
++
++uint64_t time_now_usec(void);
+ bool gp_same(const char *a, const char *b);
+ bool gp_boolean_is_true(const char *s);
+ char *gp_getenv(const char *name);
+diff --git a/src/gp_init.c b/src/gp_init.c
+index 5e7074f..131bf08 100644
+--- a/src/gp_init.c
++++ b/src/gp_init.c
+@@ -14,6 +14,7 @@
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <unistd.h>
++#include <inttypes.h>
+ 
+ #ifdef HAVE_CAP
+ 
+@@ -260,10 +261,19 @@ static void hup_handler(verto_ctx *vctx UNUSED, verto_ev *ev)
+ 
+     gpctx = verto_get_private(ev);
+ 
++    sd_notifyf(0, "RELOADING=1\n"
++               "MONOTONIC_USEC=%" PRIu64 "\n"
++               "STATUS=Reloading configuration\n",
++               time_now_usec());
++
+     GPDEBUG("Received SIGHUP; re-reading config.\n");
+     new_config = read_config(gpctx->config_file, gpctx->config_dir,
+                              gpctx->config_socket, gpctx->daemonize);
+     if (!new_config) {
++        sd_notifyf(0, "READY=1\n"
++                   "STATUS=Running, %i service(s) configured"
++                   " (failed to re-read config)\n",
++                   gpctx->config->num_svcs);
+         GPERROR("Error reading new configuration on SIGHUP; keeping old "
+                 "configuration instead!\n");
+         return;
+@@ -281,12 +291,16 @@ static void hup_handler(verto_ctx *vctx UNUSED, verto_ev *ev)
+ 
+     free_config(&old_config);
+ 
++    sd_notifyf(0, "READY=1\n"
++               "STATUS=Running, %i service(s) configured\n",
++               gpctx->config->num_svcs);
+     GPDEBUG("New config loaded successfully.\n");
+     return;
+ }
+ 
+ static void break_loop(verto_ctx *vctx, verto_ev *ev UNUSED)
+ {
++    sd_notifyf(0, "STOPPING=1\nSTATUS=Signal received, stopping\n");
+     GPDEBUG("Exiting after receiving a signal\n");
+     verto_break(vctx);
+ }
+@@ -354,11 +368,14 @@ fail:
+  * is done. */
+ static void delayed_init(verto_ctx *vctx UNUSED, verto_ev *ev)
+ {
+-    struct gssproxy_ctx *gpctx;
++    struct gssproxy_ctx *gpctx = verto_get_private(ev);
++
++    sd_notifyf(0, "READY=1\n"
++	       "STATUS=Running, %i service(s) configured\n",
++	       gpctx->config->num_svcs);
+ 
+     GPDEBUG("Initialization complete.\n");
+ 
+-    gpctx = verto_get_private(ev);
+     idle_handler(gpctx);
+ }
+ 
+diff --git a/src/gp_mgmt.c b/src/gp_mgmt.c
+index 9f03ed2..57466c1 100644
+--- a/src/gp_mgmt.c
++++ b/src/gp_mgmt.c
+@@ -18,6 +18,9 @@ static void idle_terminate(verto_ctx *vctx, verto_ev *ev)
+ {
+     struct gssproxy_ctx *gpctx = verto_get_private(ev);
+ 
++    sd_notifyf(0, "STOPPING=1\nSTATUS=Idle for %ld seconds, stopping\n",
++               (long)gpctx->term_timeout/1000);
++
+     GPDEBUG("Terminating, after idling for %ld seconds!\n",
+             (long)gpctx->term_timeout/1000);
+     verto_break(vctx);
+diff --git a/src/gp_util.c b/src/gp_util.c
+index 9b55244..cff7f13 100644
+--- a/src/gp_util.c
++++ b/src/gp_util.c
+@@ -7,9 +7,38 @@
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
++#include <stdint.h>
++#include <time.h>
+ 
+ #include "gp_common.h"
+ 
++#define USEC_INFINITY ((uint64_t)UINT64_MAX)
++#define NSEC_PER_USEC ((uint64_t)1000ULL)
++#define USEC_PER_SEC  ((uint64_t)1000000ULL)
++uint64_t time_now_usec(void)
++{
++    struct timespec ts;
++
++    if (clock_gettime(CLOCK_MONOTONIC, &ts) < 0) {
++        goto out;
++    }
++
++    if (ts.tv_sec < 0 || ts.tv_nsec < 0) {
++        goto out;
++    }
++
++    if ((uint64_t)ts.tv_sec >
++        (UINT64_MAX - (ts.tv_nsec / NSEC_PER_USEC)) / USEC_PER_SEC) {
++        goto out;
++    }
++
++    return (uint64_t)ts.tv_sec * USEC_PER_SEC +
++           (uint64_t)ts.tv_nsec / NSEC_PER_USEC;
++
++out:
++    return USEC_INFINITY;
++}
++
+ bool gp_same(const char *a, const char *b)
+ {
+     if (a == b || (a && b && strcmp(a, b) == 0)) {
+diff --git a/systemd/gssproxy.service.in b/systemd/gssproxy.service.in
+index b8f1f77..693b569 100644
+--- a/systemd/gssproxy.service.in
++++ b/systemd/gssproxy.service.in
+@@ -8,11 +8,10 @@ Before=rpc-gssd.service
+ StateDirectory=gssproxy/clients gssproxy/rcache
+ StateDirectoryMode=0700
+ Environment=KRB5RCACHEDIR=/var/lib/gssproxy/rcache
+-ExecStart=@sbindir@/gssproxy -D
+-# These two should be used with traditional UNIX forking daemons
+-# consult systemd.service(5) for more details
+-Type=forking
+-PIDFile=/run/gssproxy.pid
++ExecStart=@sbindir@/gssproxy -i
++# This can be changed to notify-reload and ExecReload= can be removed once
++#   systemd 253 is common enough
++Type=notify
+ ExecReload=/bin/kill -HUP $MAINPID
+ 
+ ProtectSystem=full
+diff --git a/systemd/gssuserproxy.service.in b/systemd/gssuserproxy.service.in
+index 4a00098..7852523 100644
+--- a/systemd/gssuserproxy.service.in
++++ b/systemd/gssuserproxy.service.in
+@@ -3,7 +3,7 @@ Description=GSS User Proxy
+ Documentation=man:gssproxy(8)
+ 
+ [Service]
+-Type=exec
++Type=notify
+ StandardError=journal
+ ExecStart=@sbindir@/gssproxy -i -u
+ Restart=on-failure
+-- 
+2.47.1
+
diff --git a/gssproxy.spec b/gssproxy.spec
index 8f00a3d..0efca02 100644
--- a/gssproxy.spec
+++ b/gssproxy.spec
@@ -18,6 +18,7 @@ Source2:        gssproxy.sock.compat.conf
 ### Patches ###
 Patch0001: 0001-Fix-various-issues-detected-by-static-analysis.patch
 Patch0002: 0002-Make-systemd-use-0700-mode-on-cache-folders.patch
+Patch0003: 0003-gssproxy-Change-daemon-to-Type-notify-with-systemd.patch
 
 ### Dependencies ###
 Requires: krb5-libs >= 1.12.0
@@ -54,6 +55,7 @@ BuildRequires: m4
 BuildRequires: pkgconfig
 BuildRequires: popt-devel
 BuildRequires: systemd-units
+BuildRequires: systemd-devel
 
 %description
 A proxy for GSSAPI credential handling