From 345ee34236c08a0a2fb3fff016edfa18c7af4b0a Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Sun, 9 Sep 2018 10:44:38 -0500 Subject: [PATCH] OPENAFS-SA-2018-001 backup: use authenticated connection to butc Use the standard routine to pick a client security object, instead of always assuming rxnull. Respect -localauth as well as being able to use the current user's tokens, but also provide a -nobutcauth argument to fall back to the historical rxnull behavior (but only for the connections to butc; vldb and budb connections are not affected). Change-Id: Ibf8ebe5521bee8d0f7162527e26bc5541d07910d --- doc/man-pages/pod8/backup.pod | 12 ++++++++++++ src/bucoord/bucoord_internal.h | 2 ++ src/bucoord/dump.c | 34 ++++++++++++++++++++++++++++++---- src/bucoord/main.c | 5 ++++- 4 files changed, 48 insertions(+), 5 deletions(-) diff --git a/doc/man-pages/pod8/backup.pod b/doc/man-pages/pod8/backup.pod index f8e2ebcc3f..0900fe6ede 100644 --- a/doc/man-pages/pod8/backup.pod +++ b/doc/man-pages/pod8/backup.pod @@ -194,6 +194,18 @@ interactive mode. The local identity and AFS tokens with which the B command interpreter enters interactive mode apply to all commands issued during the interactive session. +=item B<-nobutcauth> + +Prior to the fix for OPENAFS-SA-2018-001, B did not allow incoming +connections to be authenticated. As part of that fix, B was modified +to authenticate to the B services when possible, but a B utility +with the security fix will not interoperate with a B that lacks the fix +unless this option is passed, which forces the use of unauthenticated +connections to the B. Use of this option is strongly disrecommended, +and it is provided only for backwards compatibility in environments where +B and B communicate over a secure network environment that denies +access to untrusted parties. + =item B<-portoffset> > Specifies the port offset number of the Tape Coordinator that is to diff --git a/src/bucoord/bucoord_internal.h b/src/bucoord/bucoord_internal.h index 543bf00090..7866f47cde 100644 --- a/src/bucoord/bucoord_internal.h +++ b/src/bucoord/bucoord_internal.h @@ -117,6 +117,8 @@ extern afs_int32 bc_UpdateDumpSchedule(void); extern int bc_SaveDumpSchedule(void); /* main.c */ +extern int localauth, nobutcauth; +extern char tcell[]; extern time_t tokenExpires; extern afs_int32 doDispatch(afs_int32, char *[], afs_int32); extern void bc_HandleMisc(afs_int32 code); diff --git a/src/bucoord/dump.c b/src/bucoord/dump.c index 5d1f58aa3a..e0b3ced57a 100644 --- a/src/bucoord/dump.c +++ b/src/bucoord/dump.c @@ -17,6 +17,7 @@ #include #include +#include #include #include #include @@ -470,15 +471,40 @@ bc_GetConn(struct bc_config *aconfig, afs_int32 aport, struct rx_connection **tconn) { afs_uint32 host; + afs_int32 code; unsigned short port; static struct rx_securityClass *rxsc; + static afs_int32 scIndex; struct bc_hostEntry *te; *tconn = (struct rx_connection *)0; /* use non-secure connections to butc */ - if (!rxsc) - rxsc = rxnull_NewClientSecurityObject(); + if (!rxsc) { + struct afsconf_dir *dir; + afsconf_secflags flags = AFSCONF_SECOPTS_FALLBACK_NULL; + char *cname; + + if (nobutcauth) + flags |= AFSCONF_SECOPTS_NOAUTH; + if (localauth) { + flags |= AFSCONF_SECOPTS_LOCALAUTH; + dir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); + } else { + dir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH); + } + if (tcell[0] == '\0') + cname = NULL; + else + cname = tcell; + /* No need for cell info since butc is not a registered service */ + code = afsconf_PickClientSecObj(dir, flags, NULL, cname, &rxsc, &scIndex, + NULL); + if (dir) + afsconf_Close(dir); + if (code) + return -1; + } if (!rxsc || !aconfig) return (-1); @@ -491,8 +517,8 @@ bc_GetConn(struct bc_config *aconfig, afs_int32 aport, port = htons(BC_TAPEPORT + aport); - /* servers is 1; sec index is 0 */ - *tconn = rx_NewConnection(host, port, 1, rxsc, 0); + /* servers is 1 */ + *tconn = rx_NewConnection(host, port, 1, rxsc, scIndex); return ((*tconn ? 0 : -1)); } } diff --git a/src/bucoord/main.c b/src/bucoord/main.c index 34a3a7926c..d2a5f368bd 100644 --- a/src/bucoord/main.c +++ b/src/bucoord/main.c @@ -41,7 +41,7 @@ #include "bucoord_internal.h" #include "bucoord_prototypes.h" -int localauth, interact; +int localauth, interact, nobutcauth; char tcell[64]; /* @@ -292,6 +292,7 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock) /* Handling the command line opcode */ if (!bcInit) { localauth = ((as && as->parms[14].items) ? 1 : 0); + nobutcauth = ((as && as->parms[16].items) ? 1 : 0); if (as && as->parms[15].items) strcpy(tcell, as->parms[15].items->data); else @@ -432,6 +433,8 @@ add_std_args(struct cmd_syndesc *ts) cmd_AddParm(ts, "-localauth", CMD_FLAG, CMD_OPTIONAL, "local authentication"); cmd_AddParm(ts, "-cell", CMD_SINGLE, CMD_OPTIONAL, "cell name"); + cmd_AddParm(ts, "-nobutcauth", CMD_FLAG, CMD_OPTIONAL, + "no authentication to butc"); } int