diff options
author | David Howells <dhowells@redhat.com> | 2018-09-13 14:30:12 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2018-11-02 13:55:53 +0000 |
commit | f9c7b4e4437ae9dae455b3e9760df397571c29d7 (patch) | |
tree | 67add20b6ea99dab2fabf25f14815f7ca309e721 /dns.afsdb.c | |
parent | e8234d788e3be1801e5eebe4096b1d9e839023a6 (diff) | |
download | keyutils-f9c7b4e4437ae9dae455b3e9760df397571c29d7.tar.gz |
Remove the dependency on MIT Kerberos
Remove the dependency on MIT Kerberos as not everyone has it available.
With the "use best match" change to /sbin/request-key, the kafs-client
package can install a more specific handler for dns_resolver afsdb:*
requests in front of the default one.
This means that the dns resolver program only needs to look up DNS records
and can ignore any static kafs configuration.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'dns.afsdb.c')
-rw-r--r-- | dns.afsdb.c | 268 |
1 files changed, 36 insertions, 232 deletions
diff --git a/dns.afsdb.c b/dns.afsdb.c index 4e24815..064d9c8 100644 --- a/dns.afsdb.c +++ b/dns.afsdb.c @@ -36,180 +36,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "key.dns.h" -#include <profile.h> -static const char *afs_cellservdb[] = { - "/etc/kafs/cellservdb.conf", - "/usr/share/kafs/cellservdb.conf", - NULL -}; - -static profile_t afs_conf; -static bool afs_cell_in_conf; -static bool afs_prefer_dns; static unsigned long afs_ttl = ULONG_MAX; /* - * Check that a configured address is valid and add it to the list of addresses - * if okay. - */ -static void afs_conf_add_address(char *addr) -{ - char *p, *q, *port = NULL; - size_t plen = 0; - - if (!addr[0]) - return; - - if (addr[0] == '[') { - /* IPv6 */ - struct in6_addr in6; - - p = strchr(addr + 1, ']'); - if (!p) - return; - *p = 0; - if (inet_pton(AF_INET6, addr + 1, &in6) == 0) - return; - *p++ = ']'; - } else { - struct in_addr in; - - p = strchr(addr, ':'); - if (p) - *p = 0; - if (inet_pton(AF_INET, addr, &in) == 0) - return; - if (p) - *p = ':'; - } - - /* See if there's a port specifier as well */ - if (p && *p) { - if (*p != ':') - return; - p++; - port = p; - plen = strlen(port); - if (plen > 5) - return; - strtoul(p, &q, 10); - if (q != port + plen) - return; - } - - append_address_to_payload(addr); -} - -/* - * Parse the cell database file - */ -static void afs_conf_find_cell(const char *cell) -{ - const char *filter[6]; - char **list; - long res; - int tmp; - - /* Parse the cell database file */ - res = profile_init(afs_cellservdb, &afs_conf); - if (res != 0) { - afs_prefer_dns = true; - goto error; - } - - /* Check to see if the named cell is in the list */ - filter[0] = "cells"; - filter[1] = cell; - filter[2] = NULL; - - res = profile_get_subsection_names(afs_conf, filter, &list); - if (res != 0) { - afs_prefer_dns = true; - goto error; - } - - if (!list[0]) { - info("cell not configured\n"); - afs_cell_in_conf = false; - afs_prefer_dns = true; - } else { - afs_cell_in_conf = true; - - /* Retrieve the use_dns value for the cell */ - res = profile_get_boolean(afs_conf, "cells", cell, "use_dns", 1, &tmp); - if (res != 0) { - afs_prefer_dns = true; - goto error; - } - - if (tmp) - afs_prefer_dns = true; - else - info("cell sets use_dns=no"); - } - - return; - -error: - _error("cellservdb: %s", error_message(res)); -} - -/* - * Get list of server names from the config file. - */ -static char **afs_conf_list_servers(const char *cell) -{ - const char *filter[] = { - "cells", - cell, - "servers", - NULL - }; - char **servers; - long res; - - res = profile_get_subsection_names(afs_conf, filter, &servers); - if (res != 0) - goto error; - - return servers; - -error: - _error("cellservdb: %s", error_message(res)); - return NULL; -} - -/* - * Get list of addresses for a server from the config file. - */ -static int afs_conf_list_addresses(const char *cell, const char *server) -{ - const char *filter[] = { - "cells", - cell, - "servers", - server, - "address", - NULL - }; - char **list, **p; - long res; - - res = profile_get_values(afs_conf, filter, &list); - if (res != 0) - goto error; - - for (p = list; *p; p++) - afs_conf_add_address(*p); - return 0; - -error: - _error("cellservdb: %s", error_message(res)); - return -1; -} - -/* * */ static void afsdb_hosts_to_addrs(ns_msg handle, ns_sect section) @@ -378,40 +208,6 @@ static void srv_hosts_to_addrs(ns_msg handle, ns_sect section) } /* - * Instantiate the key. - */ -static __attribute__((noreturn)) -void afs_instantiate(const char *cell) -{ - int ret; - - /* set the key's expiry time from the minimum TTL encountered */ - if (!debug_mode) { - ret = keyctl_set_timeout(key, afs_ttl); - if (ret == -1) - error("%s: keyctl_set_timeout: %m", __func__); - } - - /* handle a lack of results */ - if (payload_index == 0) - nsError(NO_DATA, cell); - - /* must include a NUL char at the end of the payload */ - payload[payload_index].iov_base = ""; - payload[payload_index++].iov_len = 1; - dump_payload(); - - /* load the key with data key */ - if (!debug_mode) { - ret = keyctl_instantiate_iov(key, payload, payload_index, 0); - if (ret == -1) - error("%s: keyctl_instantiate: %m", __func__); - } - - exit(0); -} - -/* * Look up an AFSDB record to get the VL server addresses. */ static int dns_query_AFSDB(const char *cell) @@ -488,44 +284,52 @@ static int dns_query_VL_SRV(const char *cell) } /* + * Instantiate the key. + */ +static __attribute__((noreturn)) +void afs_instantiate(const char *cell) +{ + int ret; + + /* set the key's expiry time from the minimum TTL encountered */ + if (!debug_mode) { + ret = keyctl_set_timeout(key, afs_ttl); + if (ret == -1) + error("%s: keyctl_set_timeout: %m", __func__); + } + + /* handle a lack of results */ + if (payload_index == 0) + nsError(NO_DATA, cell); + + /* must include a NUL char at the end of the payload */ + payload[payload_index].iov_base = ""; + payload[payload_index++].iov_len = 1; + dump_payload(); + + /* load the key with data key */ + if (!debug_mode) { + ret = keyctl_instantiate_iov(key, payload, payload_index, 0); + if (ret == -1) + error("%s: keyctl_instantiate: %m", __func__); + } + + exit(0); +} + +/* * Look up VL servers for AFS. */ void afs_look_up_VL_servers(const char *cell, char *options) { - char **servers; - /* Is the IP address family limited? */ if (strcmp(options, "ipv4") == 0) mask = INET_IP4_ONLY; else if (strcmp(options, "ipv6") == 0) mask = INET_IP6_ONLY; - afs_conf_find_cell(cell); - - if (afs_prefer_dns) { - if (dns_query_VL_SRV(cell) == 0) - goto instantiate; - if (dns_query_AFSDB(cell) == 0) - goto instantiate; - } - - if (!afs_cell_in_conf) - goto instantiate; /* Record a negative result */ - - servers = afs_conf_list_servers(cell); - if (!servers) { - debug("conf: no servers"); - goto instantiate; /* Record a negative result */ - } - - for (; *servers; servers++) { - char *server = *servers; - - debug("conf server %s", server); - if (dns_resolver(server, NULL) < 0) - afs_conf_list_addresses(cell, server); - } + if (dns_query_VL_SRV(cell) != 0) + dns_query_AFSDB(cell); -instantiate: afs_instantiate(cell); } |