B<backup> command interpreter enters interactive mode apply to all
commands issued during the interactive session.
+=item B<-nobutcauth>
+
+Prior to the fix for OPENAFS-SA-2018-001, B<butc> did not allow incoming
+connections to be authenticated. As part of that fix, B<backup> was modified
+to authenticate to the B<butc> services when possible, but a B<backup> utility
+with the security fix will not interoperate with a B<butc> that lacks the fix
+unless this option is passed, which forces the use of unauthenticated
+connections to the B<butc>. Use of this option is strongly disrecommended,
+and it is provided only for backwards compatibility in environments where
+B<backup> and B<butc> communicate over a secure network environment that denies
+access to untrusted parties.
+
=item B<-portoffset> <I<TC port offset>>
Specifies the port offset number of the Tape Coordinator that is to
extern int bc_SaveDumpSchedule(void);
/* main.c */
+extern int localauth, nobutcauth;
+extern char tcell[];
extern time_t tokenExpires;
extern afs_int32 doDispatch(afs_int32, char *[], afs_int32);
extern void bc_HandleMisc(afs_int32 code);
#include <roken.h>
#include <afs/cmd.h>
+#include <afs/cellconfig.h>
#include <lwp.h>
#include <rx/rx.h>
#include <afs/bubasics.h>
struct rx_connection **tconn)
{
afs_uint32 host;
+ afs_int32 code;
unsigned short port;
static struct rx_securityClass *rxsc;
+ static afs_int32 scIndex;
struct bc_hostEntry *te;
*tconn = (struct rx_connection *)0;
/* use non-secure connections to butc */
- if (!rxsc)
- rxsc = rxnull_NewClientSecurityObject();
+ if (!rxsc) {
+ struct afsconf_dir *dir;
+ afsconf_secflags flags = AFSCONF_SECOPTS_FALLBACK_NULL;
+ char *cname;
+
+ if (nobutcauth)
+ flags |= AFSCONF_SECOPTS_NOAUTH;
+ if (localauth) {
+ flags |= AFSCONF_SECOPTS_LOCALAUTH;
+ dir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
+ } else {
+ dir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
+ }
+ if (tcell[0] == '\0')
+ cname = NULL;
+ else
+ cname = tcell;
+ /* No need for cell info since butc is not a registered service */
+ code = afsconf_PickClientSecObj(dir, flags, NULL, cname, &rxsc, &scIndex,
+ NULL);
+ if (dir)
+ afsconf_Close(dir);
+ if (code)
+ return -1;
+ }
if (!rxsc || !aconfig)
return (-1);
port = htons(BC_TAPEPORT + aport);
- /* servers is 1; sec index is 0 */
- *tconn = rx_NewConnection(host, port, 1, rxsc, 0);
+ /* servers is 1 */
+ *tconn = rx_NewConnection(host, port, 1, rxsc, scIndex);
return ((*tconn ? 0 : -1));
}
}
#include "bucoord_internal.h"
#include "bucoord_prototypes.h"
-int localauth, interact;
+int localauth, interact, nobutcauth;
char tcell[64];
/*
/* Handling the command line opcode */
if (!bcInit) {
localauth = ((as && as->parms[14].items) ? 1 : 0);
+ nobutcauth = ((as && as->parms[16].items) ? 1 : 0);
if (as && as->parms[15].items)
strcpy(tcell, as->parms[15].items->data);
else
cmd_AddParm(ts, "-localauth", CMD_FLAG, CMD_OPTIONAL,
"local authentication");
cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name");
+ cmd_AddParm(ts, "-nobutcauth", CMD_FLAG, CMD_OPTIONAL,
+ "no authentication to butc");
}
int