Use rxkad_crypt for inter-volser traffic, if asked

Add a -s2scrypt option to the volume server, with possible options:

  * never -- the existing behavior

  * always -- switch to using afsconf_ClientAuthSecure, which uses
    rxkad_crypt, for ForwardVolume calls.

  * inherit -- encrypt inter-server traffic if the causal client
    connection is encrypted.  This has the effect of "inheriting" the
    "-encrypt" flag given to "vos release", for example.

Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting
the existence of rxkad_GetServerInfo.

[mmeffie@sinenomine.net fix assertion and style update.]

Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a
Reviewed-on: https://gerrit.openafs.org/11349
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Thomas Keiser <tkeiser@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

diff --git a/doc/man-pages/pod8/fragments/volserver-options.pod b/doc/man-pages/pod8/fragments/volserver-options.pod
index 740430e..f3d964c 100644 (file)
--- a/doc/man-pages/pod8/fragments/volserver-options.pod
+++ b/doc/man-pages/pod8/fragments/volserver-options.pod
@@ -135,6 +135,29 @@ of users. You can use C<admin> to restrict to AFS administrators.  The
 C<anyuser> option doesn't restrict the RPCs and leaves it open for all
 users including unauthenticated users, this is the default.
 
+=item B<-s2scrypt> (never | always | inherit)
+
+Set the cryptographic disposition of inter-volserver traffic.
+
+=over 4
+
+=item B<never>
+
+All inter-volserver traffic is unencrypted.  This is the default behavior.
+
+=item B<always>
+
+All inter-volserver traffic is encrypted (using rxkad).
+
+=item B<inherit>
+
+Inter-volserver traffic will be encrypted if the client connection triggering
+the server-to-server traffic is encrypted.  This has the effect of encrypting
+inter-server traffic if the "-encrypt" option is provided to
+L<B<vos release>|vos_release(1)>, for example.
+
+=back
+
 =item B<-help>
 
 Prints the online help for this command. All other valid options are

diff --git a/doc/man-pages/pod8/fragments/volserver-synopsis.pod b/doc/man-pages/pod8/fragments/volserver-synopsis.pod
index f3c1dca..bc85a7b 100644 (file)
--- a/doc/man-pages/pod8/fragments/volserver-synopsis.pod
+++ b/doc/man-pages/pod8/fragments/volserver-synopsis.pod
@@ -15,4 +15,5 @@ B<volserver>
     [B<-transarc-logs>]
     [B<-sleep> <I<sleep time>/I<run time>>]
     [B<-restricted_query> (anyuser | admin)]
+    [B<-s2scrypt> (never | always | inherit)]
     [B<-help>]

diff --git a/src/volser/volmain.c b/src/volser/volmain.c
index db976aa..d088691 100644 (file)
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@@ -83,6 +83,8 @@ char *auditFileName = NULL;
 static struct logOptions logopts;
 char *configDir = NULL;
 
+enum vol_s2s_crypt doCrypt = VS2SC_NEVER;
+
 #define ADDRSPERSITE 16         /* Same global is in rx/rx_user.c */
 afs_uint32 SHostAddrs[ADDRSPERSITE];
 
@@ -242,7 +244,8 @@ enum optionsList {
     OPT_logfile,
     OPT_config,
     OPT_restricted_query,
-    OPT_transarc_logs
+    OPT_transarc_logs,
+    OPT_s2s_crypt
 };
 
 static int
@@ -254,6 +257,7 @@ ParseArgs(int argc, char **argv) {
     char *sleepSpec = NULL;
     char *sync_behavior = NULL;
     char *restricted_query_parameter = NULL;
+    char *s2s_crypt_behavior = NULL;
 
     opts = cmd_CreateSyntax(NULL, NULL, NULL, 0, NULL);
     cmd_AddParmAtOffset(opts, OPT_log, "-log", CMD_FLAG, CMD_OPTIONAL,
@@ -300,6 +304,8 @@ ParseArgs(int argc, char **argv) {
           CMD_OPTIONAL, "configuration location");
     cmd_AddParmAtOffset(opts, OPT_restricted_query, "-restricted_query",
            CMD_SINGLE, CMD_OPTIONAL, "anyuser | admin");
+    cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt",
+           CMD_SINGLE, CMD_OPTIONAL, "always | inherit | never");
 
     code = cmd_Parse(argc, argv, &opts);
     if (code == CMD_HELP) {
@@ -397,6 +403,19 @@ ParseArgs(int argc, char **argv) {
        }
        free(restricted_query_parameter);
     }
+    if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+       if (strcmp(s2s_crypt_behavior, "always") == 0)
+           doCrypt = VS2SC_ALWAYS;
+       else if (strcmp(s2s_crypt_behavior, "never") == 0)
+           doCrypt = VS2SC_NEVER;
+       else if (strcmp(s2s_crypt_behavior, "inherit") == 0)
+           doCrypt = VS2SC_INHERIT;
+       else {
+           printf("invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+           return -1;
+       }
+       free(s2s_crypt_behavior);
+    }
 
     return 0;
 }

diff --git a/src/volser/volprocs.c b/src/volser/volprocs.c
index bfa9ca0..2c9c300 100644 (file)
--- a/src/volser/volprocs.c
+++ b/src/volser/volprocs.c
@@ -61,6 +61,7 @@ extern int DoLogging;
 extern struct afsconf_dir *tdir;
 extern int DoPreserveVolumeStats;
 extern int restrictedQueryLevel;
+extern enum vol_s2s_crypt doCrypt;
 
 extern void LogError(afs_int32 errcode);
 
@@ -1261,6 +1262,35 @@ SAFSVolForward(struct rx_call *acid, afs_int32 fromTrans, afs_int32 fromDate,
     return code;
 }
 
+static_inline afs_int32
+MakeClient(struct rx_call *acid, struct rx_securityClass **securityObject,
+          afs_int32 *securityIndex)
+{
+    rxkad_level enc_level = rxkad_clear;
+    int docrypt;
+    int code;
+
+    switch (doCrypt) {
+    case VS2SC_ALWAYS:
+       docrypt = 1;
+       break;
+    case VS2SC_INHERIT:
+       rxkad_GetServerInfo(rx_ConnectionOf(acid), &enc_level, 0, 0, 0, 0, 0);
+       docrypt = (enc_level == rxkad_crypt ? 1 : 0);
+       break;
+    case VS2SC_NEVER:
+       docrypt = 0;
+       break;
+    default:
+       opr_Assert(0 && "doCrypt corrupt?");
+    }
+    if (docrypt)
+       code = afsconf_ClientAuthSecure(tdir, securityObject, securityIndex);
+    else
+       code = afsconf_ClientAuth(tdir, securityObject, securityIndex);
+    return code;
+}
+
 static afs_int32
 VolForward(struct rx_call *acid, afs_int32 fromTrans, afs_int32 fromDate,
               struct destServer *destination, afs_int32 destTrans,
@@ -1291,7 +1321,7 @@ VolForward(struct rx_call *acid, afs_int32 fromTrans, afs_int32 fromDate,
     TSetRxCall(tt, NULL, "Forward");
 
     /* get auth info for the this connection (uses afs from ticket file) */
-    code = afsconf_ClientAuth(tdir, &securityObject, &securityIndex);
+    code = MakeClient(acid, &securityObject, &securityIndex);
     if (code) {
        TRELE(tt);
        return code;
@@ -1406,7 +1436,7 @@ SAFSVolForwardMultiple(struct rx_call *acid, afs_int32 fromTrans, afs_int32
     }
 
     /* get auth info for this connection (uses afs from ticket file) */
-    code = afsconf_ClientAuth(tdir, &securityObject, &securityIndex);
+    code = MakeClient(acid, &securityObject, &securityIndex);
     if (code) {
        goto fail;              /* in order to audit each failure */
     }

diff --git a/src/volser/volser.p.h b/src/volser/volser.p.h
index 968ef0a..6d7f129 100644 (file)
--- a/src/volser/volser.p.h
+++ b/src/volser/volser.p.h
@@ -186,4 +186,10 @@ extern afs_int32 vsu_ClientInit(const char *confDir, char *cellName,
                                int (*secproc)(struct rx_securityClass *,
                                               afs_int32),
                                struct ubik_client **uclientp);
+enum vol_s2s_crypt {
+    VS2SC_NEVER = 0,
+    VS2SC_INHERIT,
+    VS2SC_ALWAYS
+};
+
 #endif /* _VOLSER_ */