From 419fbfb4536242bbb6321d6e1c468ca939bf7009 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Fri, 4 Mar 2011 12:12:24 +0000 Subject: [PATCH] ubik: Remove dependency on auth When commit 8a09c220f4c5f881ea45be585b07b793038924d5 added support for token error recovery to ubik, it introduced a dependency on afsconf. This breaks the abstraction layer that had been in place, by requiring that the SecurityRock be an afsconf_dir (if you use a different rock, ubik will segfault) This change reinstates the abstraction layer, by requiring Ubik users who want token error checking to specify a procedure that can be used to check whether tokens are up to date. Instead of yet another global variable, we replace the existing CRXSecurity* variables with a single function that can be used to set security proc, token checking proc, and rock. Change-Id: I9036cf712f02610ed2e906602d3416436f69e98b Reviewed-on: http://gerrit.openafs.org/4200 Reviewed-by: Jeffrey Altman Tested-by: BuildBot Reviewed-by: Derrick Brashear --- src/auth/cellconfig.c | 3 ++- src/auth/cellconfig.p.h | 2 +- src/budb/server.c | 3 +-- src/kauth/kaserver.c | 7 ++++--- src/ptserver/ptserver.c | 3 +-- src/ubik/Makefile.in | 2 +- src/ubik/beacon.c | 35 ++++++++++++++++++++++++++++++----- src/ubik/ubik.p.h | 7 +++++++ src/vlserver/vlserver.c | 3 +-- 9 files changed, 48 insertions(+), 17 deletions(-) diff --git a/src/auth/cellconfig.c b/src/auth/cellconfig.c index 88032ea78..c457e3acb 100644 --- a/src/auth/cellconfig.c +++ b/src/auth/cellconfig.c @@ -1499,8 +1499,9 @@ afsconf_GetLocalCell(struct afsconf_dir *adir, char *aname, } int -afsconf_UpToDate(struct afsconf_dir *adir) +afsconf_UpToDate(void *rock) { + struct afsconf_dir *adir = rock; char tbuffer[256]; #ifdef AFS_NT40_ENV char *p; diff --git a/src/auth/cellconfig.p.h b/src/auth/cellconfig.p.h index 4c2d79b8c..0565c73af 100644 --- a/src/auth/cellconfig.p.h +++ b/src/auth/cellconfig.p.h @@ -113,7 +113,7 @@ extern int afsconf_GetCellInfo(struct afsconf_dir *adir, char *acellName, extern int afsconf_GetLocalCell(struct afsconf_dir *adir, char *aname, afs_int32 alen); extern int afsconf_Close(struct afsconf_dir *adir); -extern int afsconf_UpToDate(struct afsconf_dir *adir); +extern int afsconf_UpToDate(void *rock); struct afsconf_keys; extern int afsconf_GetKeys(struct afsconf_dir *adir, diff --git a/src/budb/server.c b/src/budb/server.c index 9f1f214e4..06273b1a6 100644 --- a/src/budb/server.c +++ b/src/budb/server.c @@ -503,8 +503,7 @@ main(int argc, char **argv) } /* initialize ubik */ - ubik_CRXSecurityProc = afsconf_ClientAuth; - ubik_CRXSecurityRock = BU_conf; + ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf); ubik_SRXSecurityProc = afsconf_ServerAuth; ubik_SRXSecurityRock = BU_conf; diff --git a/src/kauth/kaserver.c b/src/kauth/kaserver.c index 09cd83e4a..2312e0f30 100644 --- a/src/kauth/kaserver.c +++ b/src/kauth/kaserver.c @@ -346,9 +346,11 @@ main(int argc, char *argv[]) /* initialize ubik */ if (level == rxkad_clear) - ubik_CRXSecurityProc = afsconf_ClientAuth; + ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, + KA_conf); else if (level == rxkad_crypt) - ubik_CRXSecurityProc = afsconf_ClientAuthSecure; + ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure, + afsconf_UpToDate, KA_conf); else { ViceLog(0, ("Unsupported security level %d\n", level)); exit(5); @@ -356,7 +358,6 @@ main(int argc, char *argv[]) ViceLog(0, ("Using level %s for Ubik connections.\n", (level == rxkad_crypt ? "crypt" : "clear"))); - ubik_CRXSecurityRock = (char *)KA_conf; ubik_SRXSecurityProc = afsconf_ServerAuth; ubik_SRXSecurityRock = (char *)KA_conf; ubik_CheckRXSecurityProc = afsconf_CheckAuth; diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c index bd42d04bd..e427019cc 100644 --- a/src/ptserver/ptserver.c +++ b/src/ptserver/ptserver.c @@ -455,8 +455,7 @@ main(int argc, char **argv) pr_realmName = info.name; /* initialize ubik */ - ubik_CRXSecurityProc = afsconf_ClientAuth; - ubik_CRXSecurityRock = prdir; + ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir); ubik_SRXSecurityProc = afsconf_ServerAuth; ubik_SRXSecurityRock = prdir; ubik_CheckRXSecurityProc = afsconf_CheckAuth; diff --git a/src/ubik/Makefile.in b/src/ubik/Makefile.in index e23d85fbd..6b8fe7494 100644 --- a/src/ubik/Makefile.in +++ b/src/ubik/Makefile.in @@ -22,7 +22,7 @@ INCLS=${TOP_INCDIR}/lwp.h ${TOP_INCDIR}/lock.h \ ${TOP_INCDIR}/rx/rx.h ${TOP_INCDIR}/rx/xdr.h \ ${TOP_INCDIR}/lock.h ubik.h ubik_int.h -LIBS=${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \ +LIBS=${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \ ${TOP_LIBDIR}/libcom_err.a ${TOP_LIBDIR}/libcmd.a \ ${TOP_LIBDIR}/util.a ${TOP_LIBDIR}/libsys.a ${XLIBS} diff --git a/src/ubik/beacon.c b/src/ubik/beacon.c index 350886537..ebd340819 100644 --- a/src/ubik/beacon.c +++ b/src/ubik/beacon.c @@ -43,6 +43,15 @@ #include "ubik.h" #include "ubik_int.h" +/* These global variables were used to set the function to use to initialise + * the client security layer. They are retained for backwards compatiblity with + * legacy callers - the ubik_SetClientSecurityProcs() interface should be used + * instead + */ +int (*ubik_CRXSecurityProc) (void *rock, struct rx_securityClass **, + afs_int32 *); +void *ubik_CRXSecurityRock; + /*! \name statics used to determine if we're the sync site */ static afs_int32 syncSiteUntil = 0; /*!< valid only if amSyncSite */ int ubik_amSyncSite = 0; /*!< flag telling if I'm sync site */ @@ -51,9 +60,11 @@ static char amIMagic = 0; /*!< is this host the magic host */ char amIClone = 0; /*!< is this a clone which doesn't vote */ static char ubik_singleServer = 0; /*\}*/ -int (*ubik_CRXSecurityProc) (void *rock, struct rx_securityClass **, - afs_int32 *); -void *ubik_CRXSecurityRock; +static int (*secLayerProc) (void *rock, struct rx_securityClass **, + afs_int32 *) = NULL; +static int (*tokenCheckProc) (void *rock) = NULL; +static void * securityRock = NULL; + afs_int32 ubikSecIndex; struct rx_securityClass *ubikSecClass; static int ubeacon_InitServerListCommon(afs_uint32 ame, @@ -178,7 +189,9 @@ ubeacon_InitSecurityClass(void) { int i; /* get the security index to use, if we can */ - if (ubik_CRXSecurityProc) { + if (secLayerProc) { + i = (*secLayerProc) (securityRock, &ubikSecClass, &ubikSecIndex); + } else if (ubik_CRXSecurityProc) { i = (*ubik_CRXSecurityProc) (ubik_CRXSecurityRock, &ubikSecClass, &ubikSecIndex); } else @@ -193,7 +206,7 @@ ubeacon_InitSecurityClass(void) void ubeacon_ReinitServer(struct ubik_server *ts) { - if (!afsconf_UpToDate(ubik_CRXSecurityRock)) { + if (tokenCheckProc && !(*tokenCheckProc) (securityRock)) { struct rx_connection *disk_rxcid; struct rx_connection *vote_rxcid; struct rx_connection *tmp; @@ -760,3 +773,15 @@ updateUbikNetworkAddress(afs_uint32 ubik_host[UBIK_MAX_INTERFACE_ADDR]) } return code; } + +void +ubik_SetClientSecurityProcs(int (*secproc) (void *, + struct rx_securityClass **, + afs_int32 *), + int (*checkproc) (void *), + void *rock) +{ + secLayerProc = secproc; + tokenCheckProc = checkproc; + securityRock = rock; +} diff --git a/src/ubik/ubik.p.h b/src/ubik/ubik.p.h index bafe9f141..00474e61d 100644 --- a/src/ubik/ubik.p.h +++ b/src/ubik/ubik.p.h @@ -195,6 +195,13 @@ extern int (*ubik_SRXSecurityProc) (void *, struct rx_securityClass **, extern void *ubik_SRXSecurityRock; extern int (*ubik_CheckRXSecurityProc) (void *, struct rx_call *); extern void *ubik_CheckRXSecurityRock; + +extern void ubik_SetClientSecurityProcs(int (*scproc)(void *, + struct rx_securityClass **, + afs_int32 *), + int (*checkproc) (void *), + void *rock); + /*\}*/ /* diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c index 6b2df2f19..33d130d46 100644 --- a/src/vlserver/vlserver.c +++ b/src/vlserver/vlserver.c @@ -345,8 +345,7 @@ main(int argc, char **argv) } ubik_nBuffers = 512; - ubik_CRXSecurityProc = afsconf_ClientAuth; - ubik_CRXSecurityRock = (char *)tdir; + ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir); ubik_SRXSecurityProc = afsconf_ServerAuth; ubik_SRXSecurityRock = (char *)tdir; ubik_CheckRXSecurityProc = afsconf_CheckAuth; -- 2.39.5