factotum: accept multiple bootstrap auth servers in /net/ndb and -a arguments

we might have to deal with multiple bootstrap auth server ip addresses (ipv4 and ipv6) in the future, so deal with them.
2014-12-09 22:07:37 +01:00 · 2014-12-09 22:07:37 +01:00 · f9d379974a
commit f9d379974a
parent ee6936365f
3 changed files with 34 additions and 22 deletions
--- a/sys/src/cmd/auth/factotum/dat.h
+++ b/sys/src/cmd/auth/factotum/dat.h
@ -144,7 +144,7 @@ int needkeyqueue(Req*, Fsstate*);

 /* fs.c */
 extern	int		askforkeys;
-extern	char		*authaddr;
+extern	char		*authaddr[8];	/* bootstrap auth servers */
 extern	int		*confirminuse;
 extern	int		debug;
 extern	int		gflag;
--- a/sys/src/cmd/auth/factotum/fs.c
+++ b/sys/src/cmd/auth/factotum/fs.c
@ -1,7 +1,7 @@
 #include "dat.h"

 int		askforkeys = 1;
-char		*authaddr;
+char		*authaddr[8];
 int		debug;
 int		doprivate = 1;
 int		gflag;
@ -75,7 +75,9 @@ main(int argc, char **argv)
 		sflag = 1;
 		break;
 	case 'a':
-		authaddr = EARGF(usage());
+		for(i=0; i < nelem(authaddr)-2 && authaddr[i] != nil; i++)
+			;
+		authaddr[i] = EARGF(usage());
 		break;
 	case 'd':
 		debug = 1;
--- a/sys/src/cmd/auth/factotum/util.c
+++ b/sys/src/cmd/auth/factotum/util.c
@ -22,16 +22,16 @@ bindnetcs(void)
 	return 0;
 }

-/* get auth= attribute value from /net/ndb */
-static char*
+/* get all auth= attribute values from /net/ndb */
+static void
 netndbauthaddr(void)
 {
 	enum { CHUNK = 1024 };
 	char *b, *p, *e;
-	int fd, n, m;
+	int fd, n, m, i;

 	if((fd = open("/net/ndb", OREAD)) < 0)
-		return nil;
+		return;
 	m = 0;
 	b = nil;
 	for(;;){
@ -44,27 +44,37 @@ netndbauthaddr(void)
 	}
 	close(fd);
 	if(b == nil)
-		return nil;
+		return;
 	b[m] = '\0';
-	p = strstr(b, "auth=");
-	if(p != nil && p > b && strchr("\n\t ", p[-1]) == nil)
-		p = nil;
-	if(p != nil){
+
+	i = 0;
+	e = b;
+	while((p = strstr(e, "auth=")) != nil){
+		if(p > e && strchr("\n\t ", p[-1]) == nil){
+			e = p + strlen("auth=");
+			continue;
+		}
 		p += strlen("auth=");
 		for(e = p; *e != '\0'; e++)
 			if(strchr("\n\t ", *e) != nil)
 				break;
-		*e = '\0';
-		p = estrdup(p);
+		if(*e == '\0')
+			break;
+		*e++ = '\0';
+		if(*p == '\0')
+			continue;
+		authaddr[i++] = estrdup(p);
+		if(i >= nelem(authaddr)-1)
+			break;
 	}
+	authaddr[i] = nil;
 	free(b);
-	return p;
 }

 int
 _authdial(char *net, char *authdom)
 {
-	int fd, vanilla;
+	int i, fd, vanilla;

 	alarm(30*1000);
 	vanilla = net==nil || strcmp(net, "/net")==0;
@ -75,7 +85,7 @@ _authdial(char *net, char *authdom)
 		 * If we failed to mount /srv/cs, assume that
 		 * we're still bootstrapping the system and dial
 		 * the one auth server passed to us on the command line or
-		 * look for auth= attribute in /net/ndb.
+		 * look for auth= attributes in /net/ndb.
 		 * In normal operation, it is important *not* to do this,
 		 * because the bootstrap auth server is only good for
 		 * a single auth domain.
@ -84,12 +94,12 @@ _authdial(char *net, char *authdom)
 		 * remote authentication domain too.
 		 */
 		fd = -1;
-		if(authaddr == nil)
-			authaddr = netndbauthaddr();
-		if(authaddr != nil){
-			fd = dial(netmkaddr(authaddr, "tcp", "567"), 0, 0, 0);
+		if(authaddr[0] == nil)
+			netndbauthaddr();
+		for(i = 0; fd < 0 && authaddr[i] != nil; i++){
+			fd = dial(netmkaddr(authaddr[i], "tcp", "567"), 0, 0, 0);
 			if(fd < 0)
-				fd = dial(netmkaddr(authaddr, "il", "566"), 0, 0, 0);
+				fd = dial(netmkaddr(authaddr[i], "il", "566"), 0, 0, 0);
 		}
 	}
 	alarm(0);