From 47b23080a203abd0d9400c29407a9a3ce9845c54 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 4 Mar 2011 22:57:15 +0000
Subject: [PATCH] ubik: Allow servers to have more than 3 seclayers

ubik has traditionally used the afsconf_ServerAuth function to
fill in a single field in a pre-allocated list of security classes.
This meant that we could never have a class with an index higher
than 2 (rxkad). Setting the function to call, and the rock to that
function was also accomplished by playing with global variables.

Rework this so that a new function is used to set the security
classes, which can allocate an arbitrary sized array of classes.
Move the setting of this function, and of the authentication check
function into ubik_SetServerSecurityProcs()

Change-Id: I7cde73b05db4d51403469e2bead1d99d5ae88043
Reviewed-on: http://gerrit.openafs.org/4202
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
---
 src/budb/server.c       |  8 ++---
 src/kauth/kaserver.c    |  8 ++---
 src/ptserver/ptserver.c |  6 ++--
 src/ubik/remote.c       | 14 +-------
 src/ubik/ubik.c         | 71 +++++++++++++++++++++++++++++++++--------
 src/ubik/ubik.p.h       |  9 ++++++
 src/vlserver/vlserver.c |  7 ++--
 7 files changed, 78 insertions(+), 45 deletions(-)

diff --git a/src/budb/server.c b/src/budb/server.c
index eb7cc76ff..5a7528a9c 100644
--- a/src/budb/server.c
+++ b/src/budb/server.c
@@ -504,12 +504,8 @@ main(int argc, char **argv)
 
     /* initialize ubik */
     ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf);
-
-    ubik_SRXSecurityProc = afsconf_ServerAuth;
-    ubik_SRXSecurityRock = BU_conf;
-
-    ubik_CheckRXSecurityProc = afsconf_CheckAuth;
-    ubik_CheckRXSecurityRock = BU_conf;
+    ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
+				afsconf_CheckAuth, BU_conf);
 
     if (ubik_nBuffers == 0)
 	ubik_nBuffers = 400;
diff --git a/src/kauth/kaserver.c b/src/kauth/kaserver.c
index 2312e0f30..a058dc4aa 100644
--- a/src/kauth/kaserver.c
+++ b/src/kauth/kaserver.c
@@ -358,10 +358,10 @@ main(int argc, char *argv[])
     ViceLog(0,
 	    ("Using level %s for Ubik connections.\n",
 	     (level == rxkad_crypt ? "crypt" : "clear")));
-    ubik_SRXSecurityProc = afsconf_ServerAuth;
-    ubik_SRXSecurityRock = (char *)KA_conf;
-    ubik_CheckRXSecurityProc = afsconf_CheckAuth;
-    ubik_CheckRXSecurityRock = (char *)KA_conf;
+
+    ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
+				afsconf_CheckAuth,
+				KA_conf);
 
     ubik_nBuffers = 80;
 
diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c
index 997688b25..795f7b686 100644
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@@ -456,10 +456,8 @@ main(int argc, char **argv)
 
     /* initialize ubik */
     ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir);
-    ubik_SRXSecurityProc = afsconf_ServerAuth;
-    ubik_SRXSecurityRock = prdir;
-    ubik_CheckRXSecurityProc = afsconf_CheckAuth;
-    ubik_CheckRXSecurityRock = prdir;
+    ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
+				afsconf_CheckAuth, prdir);
 
     /* The max needed is when deleting an entry.  A full CoEntry deletion
      * required removal from 39 entries.  Each of which may refers to the entry
diff --git a/src/ubik/remote.c b/src/ubik/remote.c
index ba41a5ec7..4a0d706d3 100644
--- a/src/ubik/remote.c
+++ b/src/ubik/remote.c
@@ -34,9 +34,6 @@
 #include "ubik.h"
 #include "ubik_int.h"
 
-int (*ubik_CheckRXSecurityProc) (void *, struct rx_call *);
-void *ubik_CheckRXSecurityRock;
-
 static void printServerInfo(void);
 
 /*! \file
@@ -47,16 +44,7 @@ static void printServerInfo(void);
 
 struct ubik_trans *ubik_currentTrans = 0;
 
-int
-ubik_CheckAuth(struct rx_call *acall)
-{
-    afs_int32 code;
-    if (ubik_CheckRXSecurityProc) {
-	code = (*ubik_CheckRXSecurityProc) (ubik_CheckRXSecurityRock, acall);
-	return code;
-    } else
-	return 0;
-}
+
 
 /* the rest of these guys handle remote execution of write
  * transactions: this is the code executed on the other servers when a
diff --git a/src/ubik/ubik.c b/src/ubik/ubik.c
index f10d34ead..4218365e4 100644
--- a/src/ubik/ubik.c
+++ b/src/ubik/ubik.c
@@ -85,16 +85,31 @@ struct ubik_stats ubik_stats;
 afs_uint32 ubik_host[UBIK_MAX_INTERFACE_ADDR];
 afs_int32 ubik_epochTime = 0;
 afs_int32 urecovery_state = 0;
-int (*ubik_SRXSecurityProc) (void *, struct rx_securityClass **, afs_int32 *);
-void *ubik_SRXSecurityRock;
 int (*ubik_SyncWriterCacheProc) (void);
 struct ubik_server *ubik_servers;
 short ubik_callPortal;
 
+/* These global variables were used to control the server security layers.
+ * They are retained for backwards compatibility with legacy callers.
+ *
+ * The ubik_SetServerSecurityProcs() interface should be used instead.
+ */
+
+int (*ubik_SRXSecurityProc) (void *, struct rx_securityClass **, afs_int32 *);
+void *ubik_SRXSecurityRock;
+int (*ubik_CheckRXSecurityProc) (void *, struct rx_call *);
+void *ubik_CheckRXSecurityRock;
+
+
+
 static int BeginTrans(struct ubik_dbase *dbase, afs_int32 transMode,
 	   	      struct ubik_trans **transPtr, int readAny);
 
-struct rx_securityClass *ubik_sc[3];
+static struct rx_securityClass **ubik_sc = NULL;
+static void (*buildSecClassesProc)(void *, struct rx_securityClass ***,
+				   afs_int32 *) = NULL;
+static int (*checkSecurityProc)(void *, struct rx_call *) = NULL;
+static void *securityRock = NULL;
 
 #define	CStampVersion	    1	/* meaning set ts->version */
 
@@ -384,6 +399,7 @@ ubik_ServerInitCommon(afs_uint32 myHost, short myPort,
 
     afs_int32 secIndex;
     struct rx_securityClass *secClass;
+    int numClasses;
 
     struct rx_service *tservice;
 
@@ -447,22 +463,26 @@ ubik_ServerInitCommon(afs_uint32 myHost, short myPort,
 
     ubik_callPortal = myPort;
     /* try to get an additional security object */
-    ubik_sc[0] = rxnull_NewServerSecurityObject();
-    ubik_sc[1] = 0;
-    ubik_sc[2] = 0;
-    if (ubik_SRXSecurityProc) {
-	code =
-	    (*ubik_SRXSecurityProc) (ubik_SRXSecurityRock, &secClass,
-				     &secIndex);
-	if (code == 0) {
-	    ubik_sc[secIndex] = secClass;
+    if (buildSecClassesProc == NULL) {
+	numClasses = 3;
+	ubik_sc = calloc(numClasses, sizeof(struct rx_securityClass *));
+	ubik_sc[0] = rxnull_NewServerSecurityObject();
+	if (ubik_SRXSecurityProc) {
+	    code = (*ubik_SRXSecurityProc) (ubik_SRXSecurityRock,
+					    &secClass,
+					    &secIndex);
+	    if (code == 0) {
+		 ubik_sc[secIndex] = secClass;
+	    }
 	}
+    } else {
+        (*buildSecClassesProc) (securityRock, &ubik_sc, &numClasses);
     }
     /* for backwards compat this should keep working as it does now
        and not host bind */
 
     tservice =
-	rx_NewService(0, VOTE_SERVICE_ID, "VOTE", ubik_sc, 3,
+	rx_NewService(0, VOTE_SERVICE_ID, "VOTE", ubik_sc, numClasses,
 		      VOTE_ExecuteRequest);
     if (tservice == (struct rx_service *)0) {
 	ubik_dprint("Could not create VOTE rx service!\n");
@@ -472,7 +492,7 @@ ubik_ServerInitCommon(afs_uint32 myHost, short myPort,
     rx_SetMaxProcs(tservice, 3);
 
     tservice =
-	rx_NewService(0, DISK_SERVICE_ID, "DISK", ubik_sc, 3,
+	rx_NewService(0, DISK_SERVICE_ID, "DISK", ubik_sc, numClasses,
 		      DISK_ExecuteRequest);
     if (tservice == (struct rx_service *)0) {
 	ubik_dprint("Could not create DISK rx service!\n");
@@ -1357,3 +1377,26 @@ ubikGetPrimaryInterfaceAddr(afs_uint32 addr)
 		return ts->addr[0];	/* net byte order */
     return 0;			/* if not in server database, return error */
 }
+
+int
+ubik_CheckAuth(struct rx_call *acall)
+{
+    if (checkSecurityProc)
+	return (*checkSecurityProc) (securityRock, acall);
+    else if (ubik_CheckRXSecurityProc) {
+	return (*ubik_CheckRXSecurityProc) (ubik_CheckRXSecurityRock, acall);
+    } else
+	return 0;
+}
+
+void
+ubik_SetServerSecurityProcs(void (*buildproc) (void *,
+					       struct rx_securityClass ***,
+					       afs_int32 *),
+			    int (*checkproc) (void *, struct rx_call *),
+			    void *rock)
+{
+    buildSecClassesProc = buildproc;
+    checkSecurityProc = checkproc;
+    securityRock = rock;
+}
diff --git a/src/ubik/ubik.p.h b/src/ubik/ubik.p.h
index 00474e61d..ade0863e6 100644
--- a/src/ubik/ubik.p.h
+++ b/src/ubik/ubik.p.h
@@ -201,6 +201,12 @@ extern void ubik_SetClientSecurityProcs(int (*scproc)(void *,
 						      afs_int32 *),
 					int (*checkproc) (void *),
 					void *rock);
+extern void ubik_SetServerSecurityProcs
+		(void (*buildproc) (void *,
+                                    struct rx_securityClass ***,
+                                    afs_int32 *),
+                 int (*checkproc) (void *, struct rx_call *),
+                 void *rock);
 
 /*\}*/
 
@@ -410,6 +416,9 @@ extern void panic(char *format, ...)
     AFS_ATTRIBUTE_FORMAT(__printf__, 1, 2);
 
 extern afs_uint32 ubikGetPrimaryInterfaceAddr(afs_uint32 addr);
+
+extern int ubik_CheckAuth(struct rx_call *);
+
 /*\}*/
 
 /*! \name beacon.c */
diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c
index 93fa6d1d7..76e60b133 100644
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@@ -346,10 +346,9 @@ main(int argc, char **argv)
 
     ubik_nBuffers = 512;
     ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
-    ubik_SRXSecurityProc = afsconf_ServerAuth;
-    ubik_SRXSecurityRock = (char *)tdir;
-    ubik_CheckRXSecurityProc = afsconf_CheckAuth;
-    ubik_CheckRXSecurityRock = (char *)tdir;
+    ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
+				afsconf_CheckAuth, tdir);
+
     ubik_SyncWriterCacheProc = vlsynccache;
     code =
 	ubik_ServerInitByInfo(myHost, htons(AFSCONF_VLDBPORT), &info, clones,
-- 
2.39.5