ref: faf7494e66d01a91b896dcb84e90dc38da998b8e
parent: 4a4666660cfac1a03d1c19f82d8fd8f121540cbf
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Tue Sep 16 12:41:05 EDT 2014
libauthsrv: allow multiple auth= attributes for backup auth servers, authdial() tries each one in order some of us run auth servers from home that are used by multiple servers on the internet. when the home authserver becomes unreachable, services on the outside servers stop working. so we thought about specifing a secondary auth servers for backup when the primary server is not reachable. this changes authdial() to consult multiple auth= entries in the authdom= or dom= tuples, trying each one in order until dial() succeeds.
--- a/sys/src/libauthsrv/authdial.c
+++ b/sys/src/libauthsrv/authdial.c
@@ -7,6 +7,7 @@
int
authdial(char *netroot, char *dom)
{+ Ndbtuple *t, *nt;
char *p;
int rv;
@@ -15,22 +16,36 @@
return dial(netmkaddr("$auth", netroot, "ticket"), 0, 0, 0);/* look up an auth server in an authentication domain */
- p = csgetvalue(netroot, "authdom", dom, "auth", nil);
+ p = csgetvalue(netroot, "authdom", dom, "auth", &t);
/* if that didn't work, just try the IP domain */
if(p == nil)
- p = csgetvalue(netroot, "dom", dom, "auth", nil);
+ p = csgetvalue(netroot, "dom", dom, "auth", &t);
+
/*
* if that didn't work, try p9auth.$dom. this is very helpful if
* you can't edit /lib/ndb.
*/
- if(p == nil)
+ if(p == nil) { p = smprint("p9auth.%s", dom);- if(p == nil){ /* should no longer ever happen */- werrstr("no auth server found for %s", dom);- return -1;
+ t = ndbnew("auth", p);}
- rv = dial(netmkaddr(p, netroot, "ticket"), 0, 0, 0);
free(p);
+
+ /*
+ * allow multiple auth= attributes for backup auth servers,
+ * try each one in order.
+ */
+ rv = -1;
+ for(nt = t; nt != nil; nt = nt->entry) {+ if(strcmp(nt->attr, "auth") == 0) {+ p = netmkaddr(nt->val, netroot, "ticket");
+ rv = dial(p, 0, 0, 0);
+ if(rv >= 0)
+ break;
+ }
+ }
+ ndbfree(t);
+
return rv;
}
--
⑨