Add an interface for creating arrays of server security objects.
This collects all of the various daemon code for initialising
security objects into one place, reducing duplication and making
it easier to add new objects in the future.
Change-Id: I9df20afccdbac4a610cb5bde32f01069272f27a2
Reviewed-on: http://gerrit.openafs.org/1177
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
UNLOCK_GLOBAL_MUTEX;
return rc;
}
+
+/*!
+ * Build a set of security classes suitable for a server accepting
+ * incoming connections
+ */
+#if !defined(UKERNEL)
+void
+afsconf_BuildServerSecurityObjects(struct afsconf_dir *dir,
+ afs_uint32 flags,
+ struct rx_securityClass ***classes,
+ afs_int32 *numClasses)
+{
+ if (flags & AFSCONF_SEC_OBJS_RXKAD_CRYPT)
+ *numClasses = 4;
+ else
+ *numClasses = 3;
+
+ *classes = calloc(*numClasses, sizeof(**classes));
+
+ (*classes)[0] = rxnull_NewServerSecurityObject();
+ (*classes)[1] = NULL;
+ (*classes)[2] = rxkad_NewServerSecurityObject(0, dir,
+ afsconf_GetKey, NULL);
+ if (flags & AFSCONF_SEC_OBJS_RXKAD_CRYPT)
+ (*classes)[3] = rxkad_NewServerSecurityObject(rxkad_crypt, dir,
+ afsconf_GetKey, NULL);
+}
+#endif
struct rx_securityClass **astr,
afs_int32 * aindex);
+/* Flags for this function */
+#define AFSCONF_SEC_OBJS_RXKAD_CRYPT 1
+extern void afsconf_BuildServerSecurityObjects(struct afsconf_dir *,
+ afs_uint32,
+ struct rx_securityClass ***,
+ afs_int32 *);
+
/* writeconfig.c */
int afsconf_SetExtendedCellInfo(struct afsconf_dir *adir, const char *apath,
struct afsconf_cell *acellInfo, char clones[]);
struct afsconf_dir *bozo_confdir = 0; /* bozo configuration dir */
static PROCESS bozo_pid;
-struct rx_securityClass *bozo_rxsc[3];
const char *bozo_fileName;
FILE *bozo_logFile;
int rxMaxMTU = -1;
afs_uint32 host = htonl(INADDR_ANY);
char *auditFileName = NULL;
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
#ifndef AFS_NT40_ENV
int nofork = 0;
struct stat sb;
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(bozo_rxstat_userok);
- /* have bcrypt key now */
-
afsconf_SetNoAuthFlag(tdir, noAuth);
-
- bozo_rxsc[0] = rxnull_NewServerSecurityObject();
- bozo_rxsc[1] = (struct rx_securityClass *)0;
- bozo_rxsc[2] =
- rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
+ afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
host = SHostAddrs[0];
}
- tservice = rx_NewServiceHost(host, /* port */ 0, /* service id */ 1,
- /*service name */ "bozo",
- /* security classes */
- bozo_rxsc,
- /* numb sec classes */ 3, BOZO_ExecuteRequest);
+ tservice = rx_NewServiceHost(host, 0, /* service id */ 1,
+ "bozo", securityClasses, numClasses,
+ BOZO_ExecuteRequest);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
rx_SetStackSize(tservice, BOZO_LWP_STACKSIZE); /* so gethostbyname works (in cell stuff) */
}
tservice =
- rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", bozo_rxsc,
- 3, RXSTATS_ExecuteRequest);
+ rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
+ securityClasses, numClasses, RXSTATS_ExecuteRequest);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
rx_StartServer(1); /* donate this process */
char clones[MAXHOSTSPERCELL];
struct rx_service *tservice;
- struct rx_securityClass *sca[3];
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
extern int rx_stackSize;
ERROR(code);
}
- sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
- sca[RX_SCINDEX_VAB] = 0;
- sca[RX_SCINDEX_KAD] =
- rxkad_NewServerSecurityObject(rxkad_clear, BU_conf, afsconf_GetKey,
- NULL);
+ afsconf_BuildServerSecurityObjects(BU_conf, 0,
+ &securityClasses, &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
tservice =
- rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase", sca, 3,
- BUDB_ExecuteRequest);
+ rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase",
+ securityClasses, numClasses, BUDB_ExecuteRequest);
+
if (tservice == (struct rx_service *)0) {
LogError(0, "Could not create backup database rx service\n");
printf("Could not create backup database rx service\n");
register struct hostent *th;
char hostname[64];
struct rx_service *tservice;
- struct rx_securityClass *sc[3];
-#if 0
- struct ktc_encryptionKey tkey;
-#endif
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
int kerberosKeys; /* set if found some keys */
int lwps = 3;
char clones[MAXHOSTSPERCELL];
pr_realmName = info.name;
pr_realmNameLen = strlen(pr_realmName);
-#if 0
- /* get keys */
- code = afsconf_GetKey(prdir, 999, &tkey);
- if (code) {
- afs_com_err(whoami, code,
- "couldn't get bcrypt keys from key file, ignoring.");
- }
-#endif
{
afs_int32 kvno; /* see if there is a KeyFile here */
struct ktc_encryptionKey key;
pt_hook_write();
#endif
- sc[0] = rxnull_NewServerSecurityObject();
- sc[1] = 0;
- if (kerberosKeys) {
- sc[2] = rxkad_NewServerSecurityObject(0, prdir, afsconf_GetKey, NULL);
- } else
- sc[2] = sc[0];
+ afsconf_BuildServerSecurityObjects(prdir, 0, &securityClasses,
+ &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
}
tservice =
- rx_NewServiceHost(host, 0, PRSRV, "Protection Server", sc, 3,
- PR_ExecuteRequest);
+ rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses,
+ numClasses, PR_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
fprintf(stderr, "ptserver: Could not create new rx service.\n");
PT_EXIT(3);
}
tservice =
- rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", sc, 3,
- RXSTATS_ExecuteRequest);
+ rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
+ securityClasses, numClasses, RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
fprintf(stderr, "ptserver: Could not create new rx service.\n");
PT_EXIT(3);
int
main(int argc, char *argv[])
{
- struct rx_securityClass *securityObjects[3];
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
struct rx_service *service;
afs_uint32 host = htonl(INADDR_ANY);
if (rx_InitHost(host, htons(AFSCONF_UPDATEPORT)) < 0)
Quit("rx_init");
- /* Create a single security object, in this case the null security object,
- * for unauthenticated connections, which will be used to control security
- * on connections made to this server. */
+ afsconf_BuildServerSecurityObjects(cdir, 0, &securityClasses, &numClasses);
- /* WHAT A JOKE! Let's use rxkad at least so we know who we're talking to,
- * then sometimes require full encryption. */
-
- /* rxnull and rxvab are no longer supported */
- securityObjects[0] = rxnull_NewServerSecurityObject();
-
- securityObjects[1] = (struct rx_securityClass *)0;
-
- securityObjects[2] =
- rxkad_NewServerSecurityObject(rxkad_clear, cdir, afsconf_GetKey, 0);
- if (securityObjects[2] == (struct rx_securityClass *)0)
+ if (securityClasses[2] == NULL)
Quit("rxkad_NewServerSecurityObject");
/* Instantiate a single UPDATE service. The rxgen-generated procedure
* which is called to decode requests is passed in here
* (UPDATE_ExecuteRequest). */
service =
- rx_NewServiceHost(host, 0, UPDATE_SERVICEID, "UPDATE", securityObjects,
- 3, UPDATE_ExecuteRequest);
+ rx_NewServiceHost(host, 0, UPDATE_SERVICEID, "UPDATE", securityClasses,
+ numClasses, UPDATE_ExecuteRequest);
if (service == (struct rx_service *)0)
Quit("rx_NewService");
rx_SetMaxProcs(service, 2);
}
#endif
-/* proc called by rxkad module to get a key */
-static int
-get_key(void *arock, register afs_int32 akvno, struct ktc_encryptionKey *akey)
-{
- /* find the key */
- static struct afsconf_key tkey;
- register afs_int32 code;
-
- if (!confDir) {
- ViceLog(0, ("conf dir not open\n"));
- return 1;
- }
- code = afsconf_GetKey(confDir, akvno, (struct ktc_encryptionKey *)tkey.key);
- if (code) {
- ViceLog(0, ("afsconf_GetKey failure: kvno %d code %d\n", akvno, code));
- return code;
- }
- memcpy(akey, tkey.key, sizeof(tkey.key));
- return 0;
-} /*get_key */
-
#ifndef AFS_NT40_ENV
int
viced_syscall(afs_uint32 a3, afs_uint32 a4, void *a5)
{
afs_int32 code;
char tbuffer[32];
- struct rx_securityClass *sc[4];
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
struct rx_service *tservice;
#ifdef AFS_PTHREAD_ENV
pthread_t serverPid;
}
rx_GetIFInfo();
rx_SetRxDeadTime(30);
- sc[0] = rxnull_NewServerSecurityObject();
- sc[1] = 0; /* rxvab_NewServerSecurityObject(key1, 0) */
- sc[2] = rxkad_NewServerSecurityObject(rxkad_clear, NULL, get_key, NULL);
- sc[3] = rxkad_NewServerSecurityObject(rxkad_crypt, NULL, get_key, NULL);
+ afsconf_BuildServerSecurityObjects(confDir, AFSCONF_SEC_OBJS_RXKAD_CRYPT,
+ &securityClasses, &numClasses);
+
tservice = rx_NewServiceHost(rx_bindhost, /* port */ 0, /* service id */
1, /*service name */
"AFS",
- /* security classes */ sc,
- /* numb sec classes */
- 4, RXAFS_ExecuteRequest);
+ securityClasses, numClasses,
+ RXAFS_ExecuteRequest);
if (!tservice) {
ViceLog(0,
("Failed to initialize RX, probably two servers running.\n"));
rx_SetServerIdleDeadErr(tservice, VNOSERVICE);
tservice =
- rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", sc, 4,
- RXSTATS_ExecuteRequest);
+ rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses,
+ numClasses, RXSTATS_ExecuteRequest);
if (!tservice) {
ViceLog(0, ("Failed to initialize rpc stat service.\n"));
exit(-1);
register afs_int32 code;
afs_int32 myHost;
struct rx_service *tservice;
- struct rx_securityClass *sc[3];
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
struct afsconf_dir *tdir;
struct ktc_encryptionKey tkey;
struct afsconf_cell info;
memset(HostAddress, 0, sizeof(HostAddress));
initialize_dstats();
- sc[0] = rxnull_NewServerSecurityObject();
- sc[1] = (struct rx_securityClass *)0;
- sc[2] = rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
+ afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
tservice =
- rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", sc, 3,
- VL_ExecuteRequest);
+ rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server",
+ securityClasses, numClasses,
+ VL_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
printf("vlserver: Could not create VLDB_SERVICE rx service\n");
exit(3);
}
tservice =
- rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", sc, 3,
- RXSTATS_ExecuteRequest);
+ rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
+ securityClasses, numClasses,
+ RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
printf("vlserver: Could not create rpc stats rx service\n");
exit(3);
main(int argc, char **argv)
{
register afs_int32 code;
- struct rx_securityClass *(securityObjects[3]);
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
struct rx_service *service;
struct ktc_encryptionKey tkey;
int rxpackets = 100;
VS_EXIT(1);
}
afsconf_GetKey(tdir, 999, &tkey);
- securityObjects[0] = rxnull_NewServerSecurityObject();
- securityObjects[1] = (struct rx_securityClass *)0; /* don't bother with rxvab */
- securityObjects[2] =
- rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
- if (securityObjects[0] == (struct rx_securityClass *)0)
+ afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
+ if (securityClasses[0] == NULL)
Abort("rxnull_NewServerSecurityObject");
service =
- rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityObjects, 3,
- AFSVolExecuteRequest);
+ rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityClasses,
+ numClasses, AFSVolExecuteRequest);
if (service == (struct rx_service *)0)
Abort("rx_NewService");
rx_SetBeforeProc(service, MyBeforeProc);
}
service =
- rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityObjects, 3,
- RXSTATS_ExecuteRequest);
+ rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses,
+ numClasses, RXSTATS_ExecuteRequest);
if (service == (struct rx_service *)0)
Abort("rx_NewService");
rx_SetMinProcs(service, 2);