From dac001a0a04f54a76f254200ee24ab09f5ad22f7 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 29 Jan 2010 15:12:42 +0000
Subject: [PATCH] Don't pass tokens around the backup system

The backup system has a global ktc_token, which is used
to work out when its credentials are about to expire. This leads to
an unfortunate dependency throughout the code on the format of this
token.

Replace this with a global time_t which stores the expiry time, and
copy the required field from the token into this when we get the
token. This limits the exposure of the token, and simplifies the code.

Change-Id: Ia2929c2c0a4c1ba9ca5db881865f33af5a732d2f
Reviewed-on: http://gerrit.openafs.org/1218
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
---
 src/bucoord/bucoord_internal.h   |  1 +
 src/bucoord/bucoord_prototypes.h |  3 +-
 src/bucoord/commands.c           | 57 +++++++++++++++++---------------
 src/bucoord/main.c               |  4 +--
 src/bucoord/ubik_db_if.c         |  9 ++---
 src/butc/tcmain.c                |  8 ++---
 6 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/src/bucoord/bucoord_internal.h b/src/bucoord/bucoord_internal.h
index 4131b3f20..8ee832d74 100644
--- a/src/bucoord/bucoord_internal.h
+++ b/src/bucoord/bucoord_internal.h
@@ -119,6 +119,7 @@ struct cmd_parmdesc;
 extern afs_int32 bc_ParseExpiration(struct cmd_parmdesc *paramPtr,
 		                    afs_int32 *expType, afs_int32 *expDate);
 /* main.c */
+extern time_t tokenExpires;
 extern afs_int32 doDispatch(afs_int32, char *[], afs_int32);
 extern void bc_HandleMisc(afs_int32 code);
 
diff --git a/src/bucoord/bucoord_prototypes.h b/src/bucoord/bucoord_prototypes.h
index 52d3ccf89..45a689669 100644
--- a/src/bucoord/bucoord_prototypes.h
+++ b/src/bucoord/bucoord_prototypes.h
@@ -57,7 +57,6 @@ extern afs_int32 bcdb_AddVolumes(register struct budb_volumeEntry *,
 extern afs_int32 udbClientInit(int noAuthFlag, int localauth, char *cellName);
 struct ktc_token;
 extern int vldbClientInit(int noAuthFlag, int localauth, char *cellName,
-                          struct ubik_client **cstruct,
-                          struct ktc_token *ttoken);
+                          struct ubik_client **cstruct, time_t *expires);
 #endif
 
diff --git a/src/bucoord/commands.c b/src/bucoord/commands.c
index 32d83fa08..d19803fc1 100644
--- a/src/bucoord/commands.c
+++ b/src/bucoord/commands.c
@@ -54,7 +54,6 @@ extern struct bc_config *bc_globalConfig;
 extern struct bc_dumpTask bc_dumpTasks[BC_MAXSIMDUMPS];
 extern struct ubik_client *cstruct;
 extern char *whoami;
-extern struct ktc_token ttoken;
 
 char *loadFile;
 extern afs_int32 lastTaskCode;
@@ -637,33 +636,39 @@ EvalVolumeSet1(struct bc_config *aconfig,
     return (0);
 }				/*EvalVolumeSet1 */
 
-/* compactDateString
- *	print out a date in compact format, 16 chars, format is
- *	mm/dd/yyyy hh:mm
- * entry:
- *	date_long - ptr to a long containing the time
- * exit:
- *	ptr to a string containing a representation of the date
- */
 char *
-compactDateString(afs_uint32 *date_long, char *string, afs_int32 size)
+compactTimeString(time_t *date, char *string, afs_int32 size)
 {
     struct tm *ltime;
 
     if (!string)
-	return 0;
+	return NULL;
 
-    if (*date_long == NEVERDATE) {
+    if (*date == NEVERDATE) {
 	sprintf(string, "NEVER");
     } else {
-        time_t t = *date_long;
-	ltime = localtime(&t);
-	/* prints date in U.S. format of mm/dd/yyyy */
+	ltime = localtime(date);
 	strftime(string, size, "%m/%d/%Y %H:%M", ltime);
     }
     return (string);
 }
 
+/* compactDateString
+ *	print out a date in compact format, 16 chars, format is
+ *	mm/dd/yyyy hh:mm
+ * entry:
+ *	date_long - ptr to a long containing the time
+ * exit:
+ *	ptr to a string containing a representation of the date
+ */
+char *
+compactDateString(afs_uint32 *date_long, char *string, afs_int32 size)
+{
+    time_t t = *date_long;
+    return compactTimeString(&t, string, size);
+}
+
+
 afs_int32
 bc_SafeATOI(char *anum)
 {
@@ -1018,11 +1023,11 @@ bc_JobsCmd(struct cmd_syndesc *as, void *arock)
 	}
 
 	/* Print token expiration time */
-	if ((ttoken.endTime > prevTime)
-	    && (ttoken.endTime <= youngest->scheduledDump) && as
-	    && (ttoken.endTime != NEVERDATE)) {
-	    if (ttoken.endTime > time(0)) {
-		compactDateString(&ttoken.endTime, ds, 50);
+	if ((tokenExpires > prevTime)
+	    && (tokenExpires <= youngest->scheduledDump) && as
+	    && (tokenExpires != NEVERDATE)) {
+	    if (tokenExpires > time(0)) {
+		compactTimeString(&tokenExpires, ds, 50);
 		printf("       %16s: TOKEN EXPIRATION\n", ds);
 	    } else {
 		printf("       TOKEN HAS EXPIRED\n");
@@ -1042,11 +1047,11 @@ bc_JobsCmd(struct cmd_syndesc *as, void *arock)
     }
 
     /* Print token expiration time if havn't already */
-    if ((ttoken.endTime == NEVERDATE) && as)
+    if ((tokenExpires == NEVERDATE) && as)
 	printf("     : TOKEN NEVER EXPIRES\n");
-    else if ((ttoken.endTime > prevTime) && as) {
-	if (ttoken.endTime > time(0)) {
-	    compactDateString(&ttoken.endTime, ds, 50);
+    else if ((tokenExpires > prevTime) && as) {
+	if (tokenExpires > time(0)) {
+	    compactTimeString(&tokenExpires, ds, 50);
 	    printf("       %16s: TOKEN EXPIRATION\n", ds);
 	} else {
 	    printf("     : TOKEN HAS EXPIRED\n");
@@ -1835,7 +1840,7 @@ bc_DumpCmd(struct cmd_syndesc *as, void *arock)
 		strcat(statusPtr->cmdLine, " -n");
 
 	    printf("Add scheduled dump as job %d\n", statusPtr->jobNumber);
-	    if ((atTime > ttoken.endTime) && (ttoken.endTime != NEVERDATE))
+	    if ((atTime > tokenExpires) && (tokenExpires != NEVERDATE))
 		afs_com_err(whoami, 0,
 			"Warning: job %d starts after expiration of AFS token",
 			statusPtr->jobNumber);
@@ -2424,7 +2429,7 @@ bc_deleteDumpCmd(struct cmd_syndesc *as, void *arock)
     afs_int32 rcode = 0;
     afs_int32 groupId = 0, havegroupid, sflags, noexecute;
     struct cmd_item *ti;
-    afs_uint32 fromTime = 0, toTime = 0, havetime = 0;
+    afs_int32 fromTime = 0, toTime = 0, havetime = 0;
     char *timeString;
     budb_dumpsList dumps, flags;
     int i;
diff --git a/src/bucoord/main.c b/src/bucoord/main.c
index 5d7adfdb2..7364d0ba0 100644
--- a/src/bucoord/main.c
+++ b/src/bucoord/main.c
@@ -63,7 +63,7 @@ char tcell[64];
 struct bc_config *bc_globalConfig;	/*Ptr to global BC configuration info */
 
 struct ubik_client *cstruct;	/* Ptr to Ubik client structure */
-struct ktc_token ttoken;	/* The token */
+time_t tokenExpires;		/* The token's expiration time */
 
 static const char *DefaultConfDir;	/*Default backup config directory */
 static int bcInit = 0;		/* backupInit called yet ? */
@@ -254,7 +254,7 @@ backupInit(void)
     rx_SetRxDeadTime(60);
 
     /* VLDB initialization */
-    code = vldbClientInit(0, localauth, tcell, &cstruct, &ttoken);
+    code = vldbClientInit(0, localauth, tcell, &cstruct, &tokenExpires);
     if (code)
 	return (code);
 
diff --git a/src/bucoord/ubik_db_if.c b/src/bucoord/ubik_db_if.c
index 2dc31e1d0..f769d9532 100644
--- a/src/bucoord/ubik_db_if.c
+++ b/src/bucoord/ubik_db_if.c
@@ -777,7 +777,7 @@ bc_CheckTextVersion(udbClientTextP ctPtr)
 int
 vldbClientInit(int noAuthFlag, int localauth, char *cellName, 
 	       struct ubik_client **cstruct, 
-	       struct ktc_token *ttoken)
+	       time_t *expires)
 {
     afs_int32 code = 0;
     struct afsconf_dir *acdir;
@@ -785,6 +785,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
     afs_int32 i, scIndex = 0;	/* Index of Rx security object - noauth */
     struct afsconf_cell info;
     struct ktc_principal sname;
+    struct ktc_token *ttoken = NULL;
     struct rx_connection *serverconns[VLDB_MAXSERVERS];
 
 
@@ -825,7 +826,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
     /*
      * Grab tickets if we care about authentication.
      */
-    ttoken->endTime = 0;
+    *expires = 0;
     if (localauth) {
 	code = afsconf_GetLatestKey(acdir, 0, 0);
 	if (code) {
@@ -838,7 +839,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
 		ERROR(code);
 	    }
 
-	    ttoken->endTime = NEVERDATE;
+	    *expires = NEVERDATE;
 	}
     } else {
 	if (!noAuthFlag) {
@@ -856,7 +857,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
 		    afs_com_err(whoami, 0,
 			    "Funny kvno (%d) in ticket, proceeding",
 			    ttoken->kvno);
-
+		*expires = ttoken->endTime;
 		scIndex = 2;
 	    }
 	}
diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c
index 884671139..67d408803 100644
--- a/src/butc/tcmain.c
+++ b/src/butc/tcmain.c
@@ -841,7 +841,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
     register afs_int32 code;
     struct rx_securityClass *(securityObjects[3]);
     struct rx_service *service;
-    struct ktc_token ttoken;
+    time_t tokenExpires;
     char cellName[64];
     int localauth;
     /*process arguments */
@@ -853,7 +853,6 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
 #else
     PROCESS dbWatcherPid;
 #endif
-    time_t t;
     afs_uint32 host = htonl(INADDR_ANY);
 
     debugLevel = 0;
@@ -1065,7 +1064,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
     rx_SetRxDeadTime(150);
 
     /* Establish connection with the vldb server */
-    code = vldbClientInit(0, localauth, cellName, &cstruct, &ttoken);
+    code = vldbClientInit(0, localauth, cellName, &cstruct, &tokenExpires);
     if (code) {
 	TapeLog(0, 0, code, 0, "Can't access vldb\n");
 	return code;
@@ -1148,8 +1147,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
 
     TLog(0, "Starting Tape Coordinator: Port offset %u   Debug level %u\n",
 	 portOffset, debugLevel);
-    t = ttoken.endTime;
-    TLog(0, "Token expires: %s\n", cTIME(&t));
+    TLog(0, "Token expires: %s\n", cTIME(&tokenExpires));
 
     rx_StartServer(1);		/* Donate this process to the server process pool */
     TLog(0, "Error: StartServer returned");
-- 
2.39.5