From 961e1914a296e00960a0f5089467de6c3a46e673 Mon Sep 17 00:00:00 2001
From: Palash Vij <palashvij@microsoft.com>
Date: Mon, 1 Sep 2025 12:55:20 +0530
Subject: [PATCH] Initial changes to avoid TLS changes for azurelinux

---
 CMakeLists.txt           | 73 ++++++++++++++++++++++++++--------------
 include/libnfs-private.h |  3 +-
 lib/libnfs.c             |  4 +++
 lib/socket.c             |  4 +--
 4 files changed, 56 insertions(+), 28 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f87b0453..9adc95f1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -64,35 +64,58 @@ if(WIN32 AND BUILD_SHARED_LIBS)
   add_definitions(-Dlibnfs_EXPORTS)
 endif()
 
+
+#
+# Check if we're on Azure Linux and skip TLS if so
+#
+function(is_azure_linux RESULT_VAR)
+    set(${RESULT_VAR} FALSE PARENT_SCOPE)
+    
+    if(EXISTS "/etc/os-release")
+        file(READ "/etc/os-release" OS_CONTENT)
+        if(OS_CONTENT MATCHES "ID=ubuntu")
+            set(${RESULT_VAR} TRUE PARENT_SCOPE)
+        endif()
+    endif()
+endfunction()
+
 if(CMAKE_SYSTEM_NAME STREQUAL Linux)
   add_definitions("-D_U_=__attribute__((unused))")
-  #
-  # Currently RPC-with-TLS support is only available on Linux since it depends on kTLS support
-  # on Linux.
-  #
-  # TODO: BSD also has kTLS support, but that will need separate validation.
-  #
-  find_package(GnuTLS "3.4.6")
-  if(GNUTLS_FOUND)
+
+  # Detect if running on Azure Linux
+  is_azure_linux(RUNNING_ON_AZURE_LINUX)
+
+  if(RUNNING_ON_AZURE_LINUX)
+    message(STATUS "Azure Linux detected - skipping TLS support")
+  else()
     #
-    # Make sure the two most important header files are present before we enable TLS support,
-    # to avoid running into issues later during build. GnuTLS package found but gnutls/gnutls.h
-    # not found is a serious issue while if linux/tls.h is not found it would likely mean that
-    # user is using a kernel not supporting kTLS so we simply don't turn on TLS support.
+    # Currently RPC-with-TLS support is only available on Linux since it depends on kTLS support
+    # on Linux.
     #
-    check_include_file("gnutls/gnutls.h" HAVE_GNUTLS_H)
-    if(NOT HAVE_GNUTLS_H EQUAL "1")
-      message(FATAL_ERROR "GnuTLS found but gnutls/gnutls.h not found, GNUTLS_INCLUDE_DIR is ${GNUTLS_INCLUDE_DIR}")
-    endif()
-
-    check_include_file("linux/tls.h" HAVE_LINUX_TLS_H)
-    if(NOT HAVE_LINUX_TLS_H EQUAL "1")
-      message(STATUS "GnuTLS found but linux/tls.h not found, likely a kernel w/o kTLS support, can't enable TLS support")
-    else()
-      message(STATUS "Using ${GNUTLS_LIBRARIES}")
-      add_definitions(-DHAVE_TLS)
-      list(APPEND SYSTEM_LIBRARIES ${GNUTLS_LIBRARIES})
-      add_subdirectory(tls)
+    # TODO: BSD also has kTLS support, but that will need separate validation.
+    #
+    find_package(GnuTLS "3.4.6")
+    if(GNUTLS_FOUND)
+      #
+      # Make sure the two most important header files are present before we enable TLS support,
+      # to avoid running into issues later during build. GnuTLS package found but gnutls/gnutls.h
+      # not found is a serious issue while if linux/tls.h is not found it would likely mean that
+      # user is using a kernel not supporting kTLS so we simply don't turn on TLS support.
+      #
+      check_include_file("gnutls/gnutls.h" HAVE_GNUTLS_H)
+      if(NOT HAVE_GNUTLS_H EQUAL "1")
+        message(FATAL_ERROR "GnuTLS found but gnutls/gnutls.h not found, GNUTLS_INCLUDE_DIR is ${GNUTLS_INCLUDE_DIR}")
+      endif()
+
+      check_include_file("linux/tls.h" HAVE_LINUX_TLS_H)
+      if(NOT HAVE_LINUX_TLS_H EQUAL "1")
+        message(STATUS "GnuTLS found but linux/tls.h not found, likely a kernel w/o kTLS support, can't enable TLS support")
+      else()
+        message(STATUS "Using ${GNUTLS_LIBRARIES}")
+        add_definitions(-DHAVE_TLS)
+        list(APPEND SYSTEM_LIBRARIES ${GNUTLS_LIBRARIES})
+        add_subdirectory(tls)
+      endif()
     endif()
   endif()
 elseif(CMAKE_SYSTEM_NAME STREQUAL Windows OR CMAKE_SYSTEM_NAME STREQUAL WindowsStore)
diff --git a/include/libnfs-private.h b/include/libnfs-private.h
index 5e7272c4..14d88f34 100644
--- a/include/libnfs-private.h
+++ b/include/libnfs-private.h
@@ -519,6 +519,8 @@ struct rpc_context {
 	/* Context used for performing TLS handshake with the server */
 	struct tls_context tls_context;
 
+#endif /* HAVE_TLS */
+
         /*
          * Do we need to perform auth on connect/reconnect?
          * This starts as FALSE and is set to TRUE if user calls
@@ -532,7 +534,6 @@ struct rpc_context {
          */
         bool_t use_azauth;
         struct auth_context auth_context;
-#endif /* HAVE_TLS */
 
 #ifdef HAVE_LIBKRB5
         const char *username;
diff --git a/lib/libnfs.c b/lib/libnfs.c
index f3c26249..9d4e6345 100755
--- a/lib/libnfs.c
+++ b/lib/libnfs.c
@@ -892,6 +892,7 @@ void free_tls_cb_data(struct tls_cb_data *data)
         assert(data->magic == TLS_CB_DATA_MAGIC);
         free(data);
 }
+#endif /* HAVE_TLS */
 
 /*
  * Callback function called when we get a response for an AZAUTH RPC from the
@@ -967,6 +968,7 @@ rpc_connect_program_4_2_cb(struct rpc_context *rpc, int status,
         free_azauth_cb_data(data);
 }
 
+#ifdef HAVE_TLS
 /*
  * Callback function called when we get a response for an AUTH_TLS NULL RPC
  * that we sent to the server.
@@ -1083,6 +1085,7 @@ rpc_connect_program_5_cb(struct rpc_context *rpc, int status,
 	free_rpc_cb_data(data);
 }
 
+#ifdef HAVE_TLS
 static void
 rpc_connect_program_5_0_cb(struct rpc_context *rpc, int status,
                            void *command_data, void *private_data)
@@ -1123,6 +1126,7 @@ rpc_connect_program_5_0_cb(struct rpc_context *rpc, int status,
                 return;
         }
 }
+#endif /* HAVE_TLS */
 
 static void
 rpc_connect_program_4_cb(struct rpc_context *rpc, int status,
diff --git a/lib/socket.c b/lib/socket.c
index e48c2226..a502c740 100644
--- a/lib/socket.c
+++ b/lib/socket.c
@@ -1951,7 +1951,6 @@ rpc_disconnect(struct rpc_context *rpc, const char *error)
 	return 0;
 }
 
-#ifdef HAVE_TLS
 
 /*
  * During TCP reconnection, for secure transport, we need to re-perform auth.
@@ -1989,6 +1988,7 @@ reconnect_cb_azauth(struct rpc_context *rpc, int status,
         RPC_LOG(rpc, 2, "reconnect_cb_azauth: AzAuth completed successfully!");
 }
 
+#ifdef HAVE_TLS 
 /*
  * During TCP reconnection (either server or client closes connection) for secure
  * transport we need to perform the TLS handshake. This is the callback function
@@ -2096,7 +2096,7 @@ reconnect_cb(struct rpc_context *rpc, int status, void *data,
 #endif /* HAVE_TLS */
 
 #ifdef ENABLE_INSECURE_AUTH_FOR_DEVTEST
-        else if (rpc->use_azauth) {
+        if (rpc->use_azauth) {
                 /*
                  * Insecure connection, if azauth is enabled perform auth.
                  *