jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 15:30:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't pass tokens around the backup system

Browse Source 
The backup system has a global ktc_token, which is used
to work out when its credentials are about to expire. This leads to
an unfortunate dependency throughout the code on the format of this
token.

Replace this with a global time_t which stores the expiry time, and
copy the required field from the token into this when we get the
token. This limits the exposure of the token, and simplifies the code.

Change-Id: Ia2929c2c0a4c1ba9ca5db881865f33af5a732d2f
Reviewed-on: http://gerrit.openafs.org/1218
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
This commit is contained in:
Simon Wilkinson 2010-01-29 15:12:42 +00:00 committed by Derrick Brashear
parent a82f8591a1
commit dac001a0a0
6 changed files with 43 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/bucoord/bucoord_internal.h
View File

@ -119,6 +119,7 @@ struct cmd_parmdesc;
extern afs_int32 bc_ParseExpiration(struct cmd_parmdesc *paramPtr,
afs_int32 *expType, afs_int32 *expDate);
/* main.c */
extern time_t tokenExpires;
extern afs_int32 doDispatch(afs_int32, char *[], afs_int32);
extern void bc_HandleMisc(afs_int32 code);

3
src/bucoord/bucoord_prototypes.h
View File

@ -57,7 +57,6 @@ extern afs_int32 bcdb_AddVolumes(register struct budb_volumeEntry *,
extern afs_int32 udbClientInit(int noAuthFlag, int localauth, char *cellName);
struct ktc_token;
extern int vldbClientInit(int noAuthFlag, int localauth, char *cellName,
struct ubik_client **cstruct,
struct ktc_token *ttoken);
struct ubik_client **cstruct, time_t *expires);
#endif

57
src/bucoord/commands.c
View File

@ -54,7 +54,6 @@ extern struct bc_config *bc_globalConfig;
extern struct bc_dumpTask bc_dumpTasks[BC_MAXSIMDUMPS];
extern struct ubik_client *cstruct;
extern char *whoami;
extern struct ktc_token ttoken;
char *loadFile;
extern afs_int32 lastTaskCode;
@ -637,6 +636,23 @@ EvalVolumeSet1(struct bc_config *aconfig,
return (0);
} /*EvalVolumeSet1 */
char *
compactTimeString(time_t *date, char *string, afs_int32 size)
{
struct tm *ltime;
if (!string)
return NULL;
if (*date == NEVERDATE) {
sprintf(string, "NEVER");
} else {
ltime = localtime(date);
strftime(string, size, "%m/%d/%Y %H:%M", ltime);
}
return (string);
}
/* compactDateString
* print out a date in compact format, 16 chars, format is
* mm/dd/yyyy hh:mm
@ -648,22 +664,11 @@ EvalVolumeSet1(struct bc_config *aconfig,
char *
compactDateString(afs_uint32 *date_long, char *string, afs_int32 size)
{
struct tm *ltime;
if (!string)
return 0;
if (*date_long == NEVERDATE) {
sprintf(string, "NEVER");
} else {
time_t t = *date_long;
ltime = localtime(&t);
/* prints date in U.S. format of mm/dd/yyyy */
strftime(string, size, "%m/%d/%Y %H:%M", ltime);
}
return (string);
time_t t = *date_long;
return compactTimeString(&t, string, size);
}
afs_int32
bc_SafeATOI(char *anum)
{
@ -1018,11 +1023,11 @@ bc_JobsCmd(struct cmd_syndesc *as, void *arock)
}
/* Print token expiration time */
if ((ttoken.endTime > prevTime)
&& (ttoken.endTime <= youngest->scheduledDump) && as
&& (ttoken.endTime != NEVERDATE)) {
if (ttoken.endTime > time(0)) {
compactDateString(&ttoken.endTime, ds, 50);
if ((tokenExpires > prevTime)
&& (tokenExpires <= youngest->scheduledDump) && as
&& (tokenExpires != NEVERDATE)) {
if (tokenExpires > time(0)) {
compactTimeString(&tokenExpires, ds, 50);
printf(" %16s: TOKEN EXPIRATION\n", ds);
} else {
printf(" TOKEN HAS EXPIRED\n");
@ -1042,11 +1047,11 @@ bc_JobsCmd(struct cmd_syndesc *as, void *arock)
}
/* Print token expiration time if havn't already */
if ((ttoken.endTime == NEVERDATE) && as)
if ((tokenExpires == NEVERDATE) && as)
printf(" : TOKEN NEVER EXPIRES\n");
else if ((ttoken.endTime > prevTime) && as) {
if (ttoken.endTime > time(0)) {
compactDateString(&ttoken.endTime, ds, 50);
else if ((tokenExpires > prevTime) && as) {
if (tokenExpires > time(0)) {
compactTimeString(&tokenExpires, ds, 50);
printf(" %16s: TOKEN EXPIRATION\n", ds);
} else {
printf(" : TOKEN HAS EXPIRED\n");
@ -1835,7 +1840,7 @@ bc_DumpCmd(struct cmd_syndesc *as, void *arock)
strcat(statusPtr->cmdLine, " -n");
printf("Add scheduled dump as job %d\n", statusPtr->jobNumber);
if ((atTime > ttoken.endTime) && (ttoken.endTime != NEVERDATE))
if ((atTime > tokenExpires) && (tokenExpires != NEVERDATE))
afs_com_err(whoami, 0,
"Warning: job %d starts after expiration of AFS token",
statusPtr->jobNumber);
@ -2424,7 +2429,7 @@ bc_deleteDumpCmd(struct cmd_syndesc *as, void *arock)
afs_int32 rcode = 0;
afs_int32 groupId = 0, havegroupid, sflags, noexecute;
struct cmd_item *ti;
afs_uint32 fromTime = 0, toTime = 0, havetime = 0;
afs_int32 fromTime = 0, toTime = 0, havetime = 0;
char *timeString;
budb_dumpsList dumps, flags;
int i;

4
src/bucoord/main.c
View File

@ -63,7 +63,7 @@ char tcell[64];
struct bc_config *bc_globalConfig; /*Ptr to global BC configuration info */
struct ubik_client *cstruct; /* Ptr to Ubik client structure */
struct ktc_token ttoken; /* The token */
time_t tokenExpires; /* The token's expiration time */
static const char *DefaultConfDir; /*Default backup config directory */
static int bcInit = 0; /* backupInit called yet ? */
@ -254,7 +254,7 @@ backupInit(void)
rx_SetRxDeadTime(60);
/* VLDB initialization */
code = vldbClientInit(0, localauth, tcell, &cstruct, &ttoken);
code = vldbClientInit(0, localauth, tcell, &cstruct, &tokenExpires);
if (code)
return (code);

9
src/bucoord/ubik_db_if.c
View File

@ -777,7 +777,7 @@ bc_CheckTextVersion(udbClientTextP ctPtr)
int
vldbClientInit(int noAuthFlag, int localauth, char *cellName,
struct ubik_client **cstruct,
struct ktc_token *ttoken)
time_t *expires)
{
afs_int32 code = 0;
struct afsconf_dir *acdir;
@ -785,6 +785,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
afs_int32 i, scIndex = 0; /* Index of Rx security object - noauth */
struct afsconf_cell info;
struct ktc_principal sname;
struct ktc_token *ttoken = NULL;
struct rx_connection *serverconns[VLDB_MAXSERVERS];
@ -825,7 +826,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
/*
* Grab tickets if we care about authentication.
*/
ttoken->endTime = 0;
*expires = 0;
if (localauth) {
code = afsconf_GetLatestKey(acdir, 0, 0);
if (code) {
@ -838,7 +839,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
ERROR(code);
}
ttoken->endTime = NEVERDATE;
*expires = NEVERDATE;
}
} else {
if (!noAuthFlag) {
@ -856,7 +857,7 @@ vldbClientInit(int noAuthFlag, int localauth, char *cellName,
afs_com_err(whoami, 0,
"Funny kvno (%d) in ticket, proceeding",
ttoken->kvno);
*expires = ttoken->endTime;
scIndex = 2;
}
}

8
src/butc/tcmain.c
View File

@ -841,7 +841,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
register afs_int32 code;
struct rx_securityClass *(securityObjects[3]);
struct rx_service *service;
struct ktc_token ttoken;
time_t tokenExpires;
char cellName[64];
int localauth;
/*process arguments */
@ -853,7 +853,6 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
#else
PROCESS dbWatcherPid;
#endif
time_t t;
afs_uint32 host = htonl(INADDR_ANY);
debugLevel = 0;
@ -1065,7 +1064,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
rx_SetRxDeadTime(150);
/* Establish connection with the vldb server */
code = vldbClientInit(0, localauth, cellName, &cstruct, &ttoken);
code = vldbClientInit(0, localauth, cellName, &cstruct, &tokenExpires);
if (code) {
TapeLog(0, 0, code, 0, "Can't access vldb\n");
return code;
@ -1148,8 +1147,7 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
TLog(0, "Starting Tape Coordinator: Port offset %u Debug level %u\n",
portOffset, debugLevel);
t = ttoken.endTime;
TLog(0, "Token expires: %s\n", cTIME(&t));
TLog(0, "Token expires: %s\n", cTIME(&tokenExpires));
rx_StartServer(1); /* Donate this process to the server process pool */
TLog(0, "Error: StartServer returned");