From 49106a54993a0c9c64b407f05deaabe8f64e742d Mon Sep 17 00:00:00 2001
From: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
Date: Fri, 1 Aug 2014 02:48:21 -0400
Subject: [PATCH] Use rxkad_crypt for inter-volser traffic, if asked

Add a -s2scrypt option to the volume server, with possible options:

  * never -- the existing behavior

  * always -- switch to using afsconf_ClientAuthSecure, which uses
    rxkad_crypt, for ForwardVolume calls.

  * inherit -- encrypt inter-server traffic if the causal client
    connection is encrypted.  This has the effect of "inheriting" the
    "-encrypt" flag given to "vos release", for example.

Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting
the existence of rxkad_GetServerInfo.

[mmeffie@sinenomine.net fix assertion and style update.]

Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a
Reviewed-on: https://gerrit.openafs.org/11349
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Thomas Keiser <tkeiser@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
---
 .../pod8/fragments/volserver-options.pod      | 23 +++++++++++++
 .../pod8/fragments/volserver-synopsis.pod     |  1 +
 src/volser/volmain.c                          | 21 +++++++++++-
 src/volser/volprocs.c                         | 34 +++++++++++++++++--
 src/volser/volser.p.h                         |  6 ++++
 5 files changed, 82 insertions(+), 3 deletions(-)

diff --git a/doc/man-pages/pod8/fragments/volserver-options.pod b/doc/man-pages/pod8/fragments/volserver-options.pod
index 740430e1c..f3d964c6c 100644
--- a/doc/man-pages/pod8/fragments/volserver-options.pod
+++ b/doc/man-pages/pod8/fragments/volserver-options.pod
@@ -135,6 +135,29 @@ of users. You can use C<admin> to restrict to AFS administrators.  The
 C<anyuser> option doesn't restrict the RPCs and leaves it open for all
 users including unauthenticated users, this is the default.
 
+=item B<-s2scrypt> (never | always | inherit)
+
+Set the cryptographic disposition of inter-volserver traffic.
+
+=over 4
+
+=item B<never>
+
+All inter-volserver traffic is unencrypted.  This is the default behavior.
+
+=item B<always>
+
+All inter-volserver traffic is encrypted (using rxkad).
+
+=item B<inherit>
+
+Inter-volserver traffic will be encrypted if the client connection triggering
+the server-to-server traffic is encrypted.  This has the effect of encrypting
+inter-server traffic if the "-encrypt" option is provided to
+L<B<vos release>|vos_release(1)>, for example.
+
+=back
+
 =item B<-help>
 
 Prints the online help for this command. All other valid options are
diff --git a/doc/man-pages/pod8/fragments/volserver-synopsis.pod b/doc/man-pages/pod8/fragments/volserver-synopsis.pod
index f3c1dcab9..bc85a7b9e 100644
--- a/doc/man-pages/pod8/fragments/volserver-synopsis.pod
+++ b/doc/man-pages/pod8/fragments/volserver-synopsis.pod
@@ -15,4 +15,5 @@ B<volserver>
     [B<-transarc-logs>]
     [B<-sleep> <I<sleep time>/I<run time>>]
     [B<-restricted_query> (anyuser | admin)]
+    [B<-s2scrypt> (never | always | inherit)]
     [B<-help>]
diff --git a/src/volser/volmain.c b/src/volser/volmain.c
index db976aa8a..d08869176 100644
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@@ -83,6 +83,8 @@ char *auditFileName = NULL;
 static struct logOptions logopts;
 char *configDir = NULL;
 
+enum vol_s2s_crypt doCrypt = VS2SC_NEVER;
+
 #define ADDRSPERSITE 16         /* Same global is in rx/rx_user.c */
 afs_uint32 SHostAddrs[ADDRSPERSITE];
 
@@ -242,7 +244,8 @@ enum optionsList {
     OPT_logfile,
     OPT_config,
     OPT_restricted_query,
-    OPT_transarc_logs
+    OPT_transarc_logs,
+    OPT_s2s_crypt
 };
 
 static int
@@ -254,6 +257,7 @@ ParseArgs(int argc, char **argv) {
     char *sleepSpec = NULL;
     char *sync_behavior = NULL;
     char *restricted_query_parameter = NULL;
+    char *s2s_crypt_behavior = NULL;
 
     opts = cmd_CreateSyntax(NULL, NULL, NULL, 0, NULL);
     cmd_AddParmAtOffset(opts, OPT_log, "-log", CMD_FLAG, CMD_OPTIONAL,
@@ -300,6 +304,8 @@ ParseArgs(int argc, char **argv) {
 	   CMD_OPTIONAL, "configuration location");
     cmd_AddParmAtOffset(opts, OPT_restricted_query, "-restricted_query",
 	    CMD_SINGLE, CMD_OPTIONAL, "anyuser | admin");
+    cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt",
+	    CMD_SINGLE, CMD_OPTIONAL, "always | inherit | never");
 
     code = cmd_Parse(argc, argv, &opts);
     if (code == CMD_HELP) {
@@ -397,6 +403,19 @@ ParseArgs(int argc, char **argv) {
 	}
 	free(restricted_query_parameter);
     }
+    if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+	if (strcmp(s2s_crypt_behavior, "always") == 0)
+	    doCrypt = VS2SC_ALWAYS;
+	else if (strcmp(s2s_crypt_behavior, "never") == 0)
+	    doCrypt = VS2SC_NEVER;
+	else if (strcmp(s2s_crypt_behavior, "inherit") == 0)
+	    doCrypt = VS2SC_INHERIT;
+	else {
+	    printf("invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+	    return -1;
+	}
+	free(s2s_crypt_behavior);
+    }
 
     return 0;
 }
diff --git a/src/volser/volprocs.c b/src/volser/volprocs.c
index bfa9ca0b4..2c9c3001c 100644
--- a/src/volser/volprocs.c
+++ b/src/volser/volprocs.c
@@ -61,6 +61,7 @@ extern int DoLogging;
 extern struct afsconf_dir *tdir;
 extern int DoPreserveVolumeStats;
 extern int restrictedQueryLevel;
+extern enum vol_s2s_crypt doCrypt;
 
 extern void LogError(afs_int32 errcode);
 
@@ -1261,6 +1262,35 @@ SAFSVolForward(struct rx_call *acid, afs_int32 fromTrans, afs_int32 fromDate,
     return code;
 }
 
+static_inline afs_int32
+MakeClient(struct rx_call *acid, struct rx_securityClass **securityObject,
+	   afs_int32 *securityIndex)
+{
+    rxkad_level enc_level = rxkad_clear;
+    int docrypt;
+    int code;
+
+    switch (doCrypt) {
+    case VS2SC_ALWAYS:
+	docrypt = 1;
+	break;
+    case VS2SC_INHERIT:
+	rxkad_GetServerInfo(rx_ConnectionOf(acid), &enc_level, 0, 0, 0, 0, 0);
+	docrypt = (enc_level == rxkad_crypt ? 1 : 0);
+	break;
+    case VS2SC_NEVER:
+	docrypt = 0;
+	break;
+    default:
+	opr_Assert(0 && "doCrypt corrupt?");
+    }
+    if (docrypt)
+	code = afsconf_ClientAuthSecure(tdir, securityObject, securityIndex);
+    else
+	code = afsconf_ClientAuth(tdir, securityObject, securityIndex);
+    return code;
+}
+
 static afs_int32
 VolForward(struct rx_call *acid, afs_int32 fromTrans, afs_int32 fromDate,
 	       struct destServer *destination, afs_int32 destTrans,
@@ -1291,7 +1321,7 @@ VolForward(struct rx_call *acid, afs_int32 fromTrans, afs_int32 fromDate,
     TSetRxCall(tt, NULL, "Forward");
 
     /* get auth info for the this connection (uses afs from ticket file) */
-    code = afsconf_ClientAuth(tdir, &securityObject, &securityIndex);
+    code = MakeClient(acid, &securityObject, &securityIndex);
     if (code) {
 	TRELE(tt);
 	return code;
@@ -1406,7 +1436,7 @@ SAFSVolForwardMultiple(struct rx_call *acid, afs_int32 fromTrans, afs_int32
     }
 
     /* get auth info for this connection (uses afs from ticket file) */
-    code = afsconf_ClientAuth(tdir, &securityObject, &securityIndex);
+    code = MakeClient(acid, &securityObject, &securityIndex);
     if (code) {
 	goto fail;		/* in order to audit each failure */
     }
diff --git a/src/volser/volser.p.h b/src/volser/volser.p.h
index 968ef0ab6..6d7f129ec 100644
--- a/src/volser/volser.p.h
+++ b/src/volser/volser.p.h
@@ -186,4 +186,10 @@ extern afs_int32 vsu_ClientInit(const char *confDir, char *cellName,
 				int (*secproc)(struct rx_securityClass *,
 					       afs_int32),
 				struct ubik_client **uclientp);
+enum vol_s2s_crypt {
+    VS2SC_NEVER = 0,
+    VS2SC_INHERIT,
+    VS2SC_ALWAYS
+};
+
 #endif /* _VOLSER_ */
-- 
2.39.5