When commit
8a09c220f4c5f881ea45be585b07b793038924d5 added support
for token error recovery to ubik, it introduced a dependency on
afsconf. This breaks the abstraction layer that had been in place, by
requiring that the SecurityRock be an afsconf_dir (if you use a
different rock, ubik will segfault)
This change reinstates the abstraction layer, by requiring Ubik
users who want token error checking to specify a procedure that can
be used to check whether tokens are up to date. Instead of yet
another global variable, we replace the existing CRXSecurity*
variables with a single function that can be used to set security proc,
token checking proc, and rock.
Change-Id: I9036cf712f02610ed2e906602d3416436f69e98b
Reviewed-on: http://gerrit.openafs.org/4200
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
}
int
-afsconf_UpToDate(struct afsconf_dir *adir)
+afsconf_UpToDate(void *rock)
{
+ struct afsconf_dir *adir = rock;
char tbuffer[256];
#ifdef AFS_NT40_ENV
char *p;
extern int afsconf_GetLocalCell(struct afsconf_dir *adir,
char *aname, afs_int32 alen);
extern int afsconf_Close(struct afsconf_dir *adir);
-extern int afsconf_UpToDate(struct afsconf_dir *adir);
+extern int afsconf_UpToDate(void *rock);
struct afsconf_keys;
extern int afsconf_GetKeys(struct afsconf_dir *adir,
}
/* initialize ubik */
- ubik_CRXSecurityProc = afsconf_ClientAuth;
- ubik_CRXSecurityRock = BU_conf;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf);
ubik_SRXSecurityProc = afsconf_ServerAuth;
ubik_SRXSecurityRock = BU_conf;
/* initialize ubik */
if (level == rxkad_clear)
- ubik_CRXSecurityProc = afsconf_ClientAuth;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
+ KA_conf);
else if (level == rxkad_crypt)
- ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure,
+ afsconf_UpToDate, KA_conf);
else {
ViceLog(0, ("Unsupported security level %d\n", level));
exit(5);
ViceLog(0,
("Using level %s for Ubik connections.\n",
(level == rxkad_crypt ? "crypt" : "clear")));
- ubik_CRXSecurityRock = (char *)KA_conf;
ubik_SRXSecurityProc = afsconf_ServerAuth;
ubik_SRXSecurityRock = (char *)KA_conf;
ubik_CheckRXSecurityProc = afsconf_CheckAuth;
pr_realmName = info.name;
/* initialize ubik */
- ubik_CRXSecurityProc = afsconf_ClientAuth;
- ubik_CRXSecurityRock = prdir;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir);
ubik_SRXSecurityProc = afsconf_ServerAuth;
ubik_SRXSecurityRock = prdir;
ubik_CheckRXSecurityProc = afsconf_CheckAuth;
${TOP_INCDIR}/rx/rx.h ${TOP_INCDIR}/rx/xdr.h \
${TOP_INCDIR}/lock.h ubik.h ubik_int.h
-LIBS=${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \
+LIBS=${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/libcom_err.a ${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/util.a ${TOP_LIBDIR}/libsys.a ${XLIBS}
#include "ubik.h"
#include "ubik_int.h"
+/* These global variables were used to set the function to use to initialise
+ * the client security layer. They are retained for backwards compatiblity with
+ * legacy callers - the ubik_SetClientSecurityProcs() interface should be used
+ * instead
+ */
+int (*ubik_CRXSecurityProc) (void *rock, struct rx_securityClass **,
+ afs_int32 *);
+void *ubik_CRXSecurityRock;
+
/*! \name statics used to determine if we're the sync site */
static afs_int32 syncSiteUntil = 0; /*!< valid only if amSyncSite */
int ubik_amSyncSite = 0; /*!< flag telling if I'm sync site */
char amIClone = 0; /*!< is this a clone which doesn't vote */
static char ubik_singleServer = 0;
/*\}*/
-int (*ubik_CRXSecurityProc) (void *rock, struct rx_securityClass **,
- afs_int32 *);
-void *ubik_CRXSecurityRock;
+static int (*secLayerProc) (void *rock, struct rx_securityClass **,
+ afs_int32 *) = NULL;
+static int (*tokenCheckProc) (void *rock) = NULL;
+static void * securityRock = NULL;
+
afs_int32 ubikSecIndex;
struct rx_securityClass *ubikSecClass;
static int ubeacon_InitServerListCommon(afs_uint32 ame,
{
int i;
/* get the security index to use, if we can */
- if (ubik_CRXSecurityProc) {
+ if (secLayerProc) {
+ i = (*secLayerProc) (securityRock, &ubikSecClass, &ubikSecIndex);
+ } else if (ubik_CRXSecurityProc) {
i = (*ubik_CRXSecurityProc) (ubik_CRXSecurityRock, &ubikSecClass,
&ubikSecIndex);
} else
void
ubeacon_ReinitServer(struct ubik_server *ts)
{
- if (!afsconf_UpToDate(ubik_CRXSecurityRock)) {
+ if (tokenCheckProc && !(*tokenCheckProc) (securityRock)) {
struct rx_connection *disk_rxcid;
struct rx_connection *vote_rxcid;
struct rx_connection *tmp;
}
return code;
}
+
+void
+ubik_SetClientSecurityProcs(int (*secproc) (void *,
+ struct rx_securityClass **,
+ afs_int32 *),
+ int (*checkproc) (void *),
+ void *rock)
+{
+ secLayerProc = secproc;
+ tokenCheckProc = checkproc;
+ securityRock = rock;
+}
extern void *ubik_SRXSecurityRock;
extern int (*ubik_CheckRXSecurityProc) (void *, struct rx_call *);
extern void *ubik_CheckRXSecurityRock;
+
+extern void ubik_SetClientSecurityProcs(int (*scproc)(void *,
+ struct rx_securityClass **,
+ afs_int32 *),
+ int (*checkproc) (void *),
+ void *rock);
+
/*\}*/
/*
}
ubik_nBuffers = 512;
- ubik_CRXSecurityProc = afsconf_ClientAuth;
- ubik_CRXSecurityRock = (char *)tdir;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
ubik_SRXSecurityProc = afsconf_ServerAuth;
ubik_SRXSecurityRock = (char *)tdir;
ubik_CheckRXSecurityProc = afsconf_CheckAuth;