static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell, char *linkedcell) { int status = 0; struct afsconf_dir *configdir; memset(local_cell, 0, sizeof(local_cell)); memset(cellconfig, 0, sizeof(*cellconfig)); if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { return AFSCONF_NODB; } if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) { return AFSCONF_FAILURE; } if ((cell == NULL) || (cell[0] == 0)) cell = local_cell; linkedcell[0] = '\0'; if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) { status = AFSCONF_NOTFOUND; } if (cellconfig->linkedCell) strncpy(linkedcell,cellconfig->linkedCell,MAXCELLCHARS); (void) afsconf_Close(configdir); return(status); }
long GetLocalCell(struct afsconf_dir **pconfigdir, char *local_cell) { if (!(*pconfigdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n", progname, AFSDIR_CLIENT_ETC_DIRPATH); akexit(AKLOG_AFS); } return afsconf_GetLocalCell(*pconfigdir, local_cell, MAXCELLCHARS); }
afs_int32 SBOZO_GetCellName(struct rx_call *acall, char **aname) { afs_int32 code; char tname[MAXCELLCHARS]; code = afsconf_GetLocalCell(bozo_confdir, tname, sizeof(tname)); if (code) { /* must set output parameters even if aborting */ *aname = malloc(1); **aname = 0; } else { *aname = strdup(tname); } return code; }
struct afscp_cell * afscp_DefaultCell(void) { struct afsconf_dir *dir; char localcell[MAXCELLCHARS + 1]; int code; if (defcell) { return afscp_CellByName(defcell, defrealm); } dir = afsconf_Open(AFSCONF_CLIENTNAME); if (dir == NULL) { afscp_errno = AFSCONF_NODB; return NULL; } code = afsconf_GetLocalCell(dir, localcell, MAXCELLCHARS); if (code != 0) { afscp_errno = code; return NULL; } afsconf_Close(dir); return afscp_CellByName(localcell, defrealm); }
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell) { int status = AKLOG_SUCCESS; struct afsconf_dir *configdir; memset(local_cell, 0, sizeof(local_cell)); memset(cellconfig, 0, sizeof(*cellconfig)); if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n", progname, AFSDIR_CLIENT_ETC_DIRPATH); exit(AKLOG_AFS); } if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) { fprintf(stderr, "%s: can't determine local cell.\n", progname); exit(AKLOG_AFS); } if ((cell == NULL) || (cell[0] == 0)) cell = local_cell; if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) { fprintf(stderr, "%s: Can't get information about cell %s.\n", progname, cell); status = AKLOG_AFS; } (void) afsconf_Close(configdir); return(status); }
int afsconf_GetCellInfo(struct afsconf_dir *adir, char *acellName, char *aservice, struct afsconf_cell *acellInfo) { struct afsconf_entry *tce; struct afsconf_aliasentry *tcae; struct afsconf_entry *bestce; afs_int32 i; int tservice; char *tcell; int cnLen; int ambig; char tbuffer[64]; LOCK_GLOBAL_MUTEX; if (adir) _afsconf_Check(adir); if (acellName) { tcell = acellName; cnLen = (int)(strlen(tcell) + 1); lcstring(tcell, tcell, cnLen); afsconf_SawCell = 1; /* will ignore the AFSCELL switch on future */ /* call to afsconf_GetLocalCell: like klog */ } else { i = afsconf_GetLocalCell(adir, tbuffer, sizeof(tbuffer)); if (i) { UNLOCK_GLOBAL_MUTEX; return i; } tcell = tbuffer; } cnLen = strlen(tcell); bestce = (struct afsconf_entry *)0; ambig = 0; if (!adir) { UNLOCK_GLOBAL_MUTEX; return 0; } /* Look through the list of aliases */ for (tcae = adir->alias_entries; tcae; tcae = tcae->next) { if (strcasecmp(tcae->aliasInfo.aliasName, tcell) == 0) { tcell = tcae->aliasInfo.realName; break; } } for (tce = adir->entries; tce; tce = tce->next) { if (strcasecmp(tce->cellInfo.name, tcell) == 0) { /* found our cell */ bestce = tce; ambig = 0; break; } if (strlen(tce->cellInfo.name) < cnLen) continue; /* clearly wrong */ if (strncasecmp(tce->cellInfo.name, tcell, cnLen) == 0) { if (bestce) ambig = 1; /* ambiguous unless we get exact match */ bestce = tce; } } if (!ambig && bestce && bestce->cellInfo.numServers) { *acellInfo = bestce->cellInfo; /* structure assignment */ if (aservice) { tservice = afsconf_FindService(aservice); if (tservice < 0) { UNLOCK_GLOBAL_MUTEX; return AFSCONF_NOTFOUND; /* service not found */ } for (i = 0; i < acellInfo->numServers; i++) { acellInfo->hostAddr[i].sin_port = tservice; } } acellInfo->timeout = 0; /* * Until we figure out how to separate out ubik server * queries from other server queries, only perform gethostbyname() * lookup on the specified hostnames for the client CellServDB files. */ if (_afsconf_IsClientConfigDirectory(adir->name) && !(acellInfo->flags & AFSCONF_CELL_FLAG_DNS_QUERIED)) { int j; short numServers=0; /*Num active servers for the cell */ struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; /*IP addresses for cell's servers */ char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; /*Names for cell's servers */ char clone[MAXHOSTSPERCELL]; /*Indicates which ones are clones. */ memset(&hostAddr, 0, sizeof(hostAddr)); memset(&hostName, 0, sizeof(hostName)); memset(&clone, 0, sizeof(clone)); for ( j=0; j<acellInfo->numServers && numServers < MAXHOSTSPERCELL; j++ ) { struct hostent *he = gethostbyname(acellInfo->hostName[j]); int foundAddr = 0; if (he && he->h_addrtype == AF_INET) { int i; /* obtain all the valid address from the list */ for (i=0 ; he->h_addr_list[i] && numServers < MAXHOSTSPERCELL; i++) { /* check to see if this is a new address; if so insert it into the list */ int k, dup; afs_uint32 addr; memcpy(&addr, he->h_addr_list[i], sizeof(addr)); for (k=0, dup=0; !dup && k < numServers; k++) { if (hostAddr[k].sin_addr.s_addr == addr) { dup = 1; } } if (dup) continue; hostAddr[numServers].sin_family = AF_INET; hostAddr[numServers].sin_port = acellInfo->hostAddr[0].sin_port; #ifdef STRUCT_SOCKADDR_HAS_SA_LEN hostAddr[numServers].sin_len = sizeof(struct sockaddr_in); #endif memcpy(&hostAddr[numServers].sin_addr.s_addr, he->h_addr_list[i], sizeof(afs_uint32)); strcpy(hostName[numServers], acellInfo->hostName[j]); clone[numServers] = acellInfo->clone[j]; foundAddr = 1; numServers++; } } if (!foundAddr) { hostAddr[numServers] = acellInfo->hostAddr[j]; strcpy(hostName[numServers], acellInfo->hostName[j]); clone[numServers] = acellInfo->clone[j]; numServers++; } } for (i=0; i<numServers; i++) { acellInfo->hostAddr[i] = hostAddr[i]; strcpy(acellInfo->hostName[i], hostName[i]); acellInfo->clone[i] = clone[i]; } acellInfo->numServers = numServers; acellInfo->flags |= AFSCONF_CELL_FLAG_DNS_QUERIED; } UNLOCK_GLOBAL_MUTEX; return 0; } else { UNLOCK_GLOBAL_MUTEX; return afsconf_GetAfsdbInfo(tcell, aservice, acellInfo); } }
afs_int32 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell) { afs_int32 code; struct rx_connection *serverconns[MAXSERVERS]; struct rx_securityClass *sc = NULL; static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */ static char tconfDir[100] = ""; static char tcell[64] = ""; afs_int32 scIndex; afs_int32 secFlags; static struct afsconf_cell info; afs_int32 i; #if !defined(UKERNEL) char cellstr[64]; #endif afs_int32 gottdir = 0; afs_int32 refresh = 0; initialize_PT_error_table(); initialize_RXK_error_table(); initialize_ACFG_error_table(); initialize_KTC_error_table(); #if defined(UKERNEL) if (!cell) { cell = afs_LclCellName; } #else /* defined(UKERNEL) */ if (!cell) { if (!tdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "%s: Could not open configuration directory: %s.\n", whoami, confDir); else fprintf(stderr, "%s: No configuration directory specified.\n", whoami); return -1; } gottdir = 1; code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr)); if (code) { fprintf(stderr, "libprot: Could not get local cell. [%d]\n", code); return code; } cell = cellstr; } #endif /* defined(UKERNEL) */ if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) { /* * force re-evaluation. we either don't have an afsconf_dir, * the directory has changed or the cell has changed. */ if (tdir && !gottdir) { afsconf_Close(tdir); tdir = (struct afsconf_dir *)NULL; } pruclient = (struct ubik_client *)NULL; refresh = 1; } if (refresh) { strncpy(tconfDir, confDir, sizeof(tconfDir)); strncpy(tcell, cell, sizeof(tcell)); #if defined(UKERNEL) tdir = afs_cdir; #else /* defined(UKERNEL) */ if (!gottdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "libprot: Could not open configuration directory: %s.\n", confDir); else fprintf(stderr, "libprot: No configuration directory specified.\n"); return -1; } #endif /* defined(UKERNEL) */ code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info); if (code) { fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n", cell, confDir, AFSDIR_CELLSERVDB_FILE); return code; } } /* If we already have a client and it is at the security level we * want, don't get a new one. Unless the security level is 2 in * which case we will get one (and re-read the key file). */ if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) { return 0; } code = rx_Init(0); if (code) { fprintf(stderr, "libprot: Could not initialize rx.\n"); return code; } /* Most callers use secLevel==1, however, the fileserver uses secLevel==2 * to force use of the KeyFile. secLevel == 0 implies -noauth was * specified. */ if (secLevel == 2) { code = afsconf_GetLatestKey(tdir, 0, 0); if (code) { afs_com_err(whoami, code, "(getting key from local KeyFile)\n"); } else { /* If secLevel is two assume we're on a file server and use * ClientAuthSecure if possible. */ code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); if (code) afs_com_err(whoami, code, "(calling client secure)\n"); } } else if (secLevel > 0) { secFlags = 0; if (secLevel > 1) secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT; code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL); if (code) { afs_com_err(whoami, code, "(getting token)"); if (secLevel > 1) return code; } } if (sc == NULL) { sc = rxnull_NewClientSecurityObject(); scIndex = RX_SECIDX_NULL; } if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0)) fprintf(stderr, "%s: Could not get afs tokens, running unauthenticated\n", whoami); memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */ for (i = 0; i < info.numServers; i++) serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, PRSRV, sc, scIndex); code = ubik_ClientInit(serverconns, &pruclient); if (code) { afs_com_err(whoami, code, "ubik client init failed."); return code; } lastLevel = scIndex; code = rxs_Release(sc); return code; }
/* make sure user authenticated on rx call acall is in list of valid users. Copy the "real name" of the authenticated user into namep if a pointer is passed. */ afs_int32 afsconf_SuperUser(struct afsconf_dir *adir, struct rx_call *acall, char *namep) { register struct rx_connection *tconn; register afs_int32 code; int flag; LOCK_GLOBAL_MUTEX; if (!adir) { UNLOCK_GLOBAL_MUTEX; return 0; } if (afsconf_GetNoAuthFlag(adir)) { if (namep) strcpy(namep, "<NoAuth>"); UNLOCK_GLOBAL_MUTEX; return 1; } tconn = rx_ConnectionOf(acall); code = rx_SecurityClassOf(tconn); if (code == 0) { UNLOCK_GLOBAL_MUTEX; return 0; /* not authenticated at all, answer is no */ } else if (code == 1) { /* bcrypt tokens */ UNLOCK_GLOBAL_MUTEX; return 0; /* not supported any longer */ } else if (code == 2) { char tname[MAXKTCNAMELEN]; /* authentication from ticket */ char tinst[MAXKTCNAMELEN]; char tcell[MAXKTCREALMLEN]; char tcell_l[MAXKTCREALMLEN]; char *tmp; /* keep track of which one actually authorized request */ char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3]; afs_uint32 exp; static char lcell[MAXCELLCHARS] = ""; static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ]; static int num_lrealms = -1; int lrealm_match = 0, i; /* get auth details from server connection */ code = rxkad_GetServerInfo(acall->conn, NULL, &exp, tname, tinst, tcell, NULL); if (code) { UNLOCK_GLOBAL_MUTEX; return 0; /* bogus connection/other error */ } /* don't bother checking anything else if tix have expired */ #ifdef AFS_PTHREAD_ENV if (exp < clock_Sec()) { #else if (exp < FT_ApproxTime()) { #endif UNLOCK_GLOBAL_MUTEX; return 0; /* expired tix */ } /* generate lowercased version of cell name */ strcpy(tcell_l, tcell); tmp = tcell_l; while (*tmp) { *tmp = tolower(*tmp); tmp++; } /* determine local cell name. It's static, so will only get * calculated the first time through */ if (!lcell[0]) afsconf_GetLocalCell(adir, lcell, sizeof(lcell)); /* if running a krb environment, also get the local realm */ /* note - this assumes AFS_REALM_SZ <= MAXCELLCHARS */ /* just set it to lcell if it fails */ if (num_lrealms == -1) { for (i=0; i<AFS_NUM_LREALMS; i++) { if (afs_krb_get_lrealm(lrealms[i], i) != 0 /*KSUCCESS*/) break; } if (i == 0) { strncpy(lrealms[0], lcell, AFS_REALM_SZ); num_lrealms = 1; } else { num_lrealms = i; } } /* See if the ticket cell matches one of the local realms */ lrealm_match = 0; for ( i=0;i<num_lrealms;i++ ) { if (!strcasecmp(lrealms[i], tcell)) { lrealm_match = 1; break; } } /* If yes, then make sure that the name is not present in * an exclusion list */ if (lrealm_match) { if (tinst[0]) snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell); else snprintf(uname,sizeof(uname),"%s@%s",tname,tcell); if (afs_krb_exclusion(uname)) lrealm_match = 0; } /* start with no uname and no authorization */ strcpy(uname, ""); flag = 0; /* localauth special case */ if (strlen(tinst) == 0 && strlen(tcell) == 0 && !strcmp(tname, AUTH_SUPERUSER)) { strcpy(uname, "<LocalAuth>"); flag = 1; /* cell of connection matches local cell or one of the realms */ } else if (!strcasecmp(tcell, lcell) || lrealm_match) { if ((tmp = CompFindUser(adir, tname, ".", tinst, NULL))) { strcpy(uname, tmp); flag = 1; #ifdef notyet } else if ((tmp = CompFindUser(adir, tname, "/", tinst, NULL))) { strcpy(uname, tmp); flag = 1; #endif } /* cell of conn doesn't match local cell or realm */ } else { if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell))) { strcpy(uname, tmp); flag = 1; #ifdef notyet } else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell))) { strcpy(uname, tmp); flag = 1; #endif } else if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell_l))) { strcpy(uname, tmp); flag = 1; #ifdef notyet } else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell_l))) { strcpy(uname, tmp); flag = 1; #endif } } if (namep) strcpy(namep, uname); UNLOCK_GLOBAL_MUTEX; return flag; } else { /* some other auth type */ UNLOCK_GLOBAL_MUTEX; return 0; /* mysterious, just say no */ } }
int main(int argc, char **argv) { char *whoami = argv[0]; char *dbNamePtr = 0; struct afsconf_cell cellinfo; time_t currentTime; afs_int32 code = 0; afs_uint32 host = ntohl(INADDR_ANY); char clones[MAXHOSTSPERCELL]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; extern int rx_stackSize; #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami); exit(1); } #endif #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGSEGV, &nsa, NULL); sigaction(SIGABRT, &nsa, NULL); #endif osi_audit_init(); osi_audit(BUDB_StartEvent, 0, AUD_END); initialize_BUDB_error_table(); initializeArgHandler(); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif afs_com_err(whoami, errno, "; Unable to obtain AFS server directory."); exit(2); } memset(globalConfPtr, 0, sizeof(*globalConfPtr)); /* set default configuration values */ strcpy(dbDir, AFSDIR_SERVER_DB_DIRPATH); strcat(dbDir, "/"); globalConfPtr->databaseDirectory = dbDir; globalConfPtr->databaseName = DEFAULT_DBPREFIX; strcpy(cellConfDir, AFSDIR_SERVER_ETC_DIRPATH); globalConfPtr->cellConfigdir = cellConfDir; /* open the log file */ /* globalConfPtr->log = fopen(DEFAULT_LOGNAME,"a"); if ( globalConfPtr->log == NULL ) { printf("Can't open log file %s - aborting\n", DEFAULT_LOGNAME); BUDB_EXIT(-1); } */ srandom(1); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( rx_GetThreadNum ); #endif /* process the user supplied args */ helpOption = 1; code = cmd_Dispatch(argc, argv); if (code) ERROR(code); /* exit if there was a help option */ if (helpOption) BUDB_EXIT(0); /* open the log file */ globalConfPtr->log = fopen(AFSDIR_SERVER_BUDBLOG_FILEPATH, "a"); if (globalConfPtr->log == NULL) { printf("Can't open log file %s - aborting\n", AFSDIR_SERVER_BUDBLOG_FILEPATH); BUDB_EXIT(-1); } /* keep log closed so can remove it */ fclose(globalConfPtr->log); /* open the cell's configuration directory */ LogDebug(4, "opening %s\n", globalConfPtr->cellConfigdir); BU_conf = afsconf_Open(globalConfPtr->cellConfigdir); if (BU_conf == 0) { LogError(code, "Failed getting cell info\n"); afs_com_err(whoami, code, "Failed getting cell info"); ERROR(BUDB_NOCELLS); } code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell)); if (code) { LogError(0, "** Can't determine local cell name!\n"); ERROR(code); } if (globalConfPtr->myHost == 0) { /* if user hasn't supplied a list of servers, extract server * list from the cell's database */ LogDebug(1, "Using server list from %s cell database.\n", lcell); code = afsconf_GetExtendedCellInfo (BU_conf, lcell, 0, &cellinfo, clones); code = convert_cell_to_ubik(&cellinfo, &globalConfPtr->myHost, globalConfPtr->serverList); if (code) ERROR(code); } /* initialize audit user check */ osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch); /* initialize ubik */ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, BU_conf); if (ubik_nBuffers == 0) ubik_nBuffers = 400; LogError(0, "Will allocate %d ubik buffers\n", ubik_nBuffers); asprintf(&dbNamePtr, "%s%s", globalConfPtr->databaseDirectory, globalConfPtr->databaseName); if (dbNamePtr == 0) ERROR(-1); rx_SetRxDeadTime(60); /* 60 seconds inactive before timeout */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_BUDBPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); code = ubik_ServerInitByInfo (globalConfPtr->myHost, htons(AFSCONF_BUDBPORT), &cellinfo, clones, dbNamePtr, /* name prefix */ &BU_dbase); if (code) { LogError(code, "Ubik init failed\n"); afs_com_err(whoami, code, "Ubik init failed"); ERROR(code); } afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase", securityClasses, numClasses, BUDB_ExecuteRequest); if (tservice == (struct rx_service *)0) { LogError(0, "Could not create backup database rx service\n"); printf("Could not create backup database rx service\n"); BUDB_EXIT(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, lwps); rx_SetStackSize(tservice, 10000); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(BU_rxstat_userok); /* misc. initialization */ /* database dump synchronization */ memset(dumpSyncPtr, 0, sizeof(*dumpSyncPtr)); Lock_Init(&dumpSyncPtr->ds_lock); rx_StartServer(0); /* start handling requests */ code = InitProcs(); if (code) ERROR(code); currentTime = time(0); LogError(0, "Ready to process requests at %s\n", ctime(¤tTime)); rx_ServerProc(NULL); /* donate this LWP */ error_exit: osi_audit(BUDB_FinishEvent, code, AUD_END); return (code); }
int main(int argc, char **argv) { char localName[64]; register afs_int32 code; register char *cname; struct afsconf_dir *tdir; struct ktc_principal tserver; struct ktc_token token; strcpy(whoami, argv[0]); if (argc <= 1) { printf ("%s: copies a file system ticket from the local cell to another cell\n", whoami); printf("%s: usage is 'setauth <new-cell>\n", whoami); exit(1); } cname = argv[1]; /* lookup the name of the local cell */ tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH); if (!tdir) { printf("copyauth: can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH); exit(1); } code = afsconf_GetLocalCell(tdir, localName, sizeof(localName)); if (code) { printf("%s: can't determine local cell name\n", whoami); exit(1); } /* done with configuration stuff now */ afsconf_Close(tdir); /* get ticket in local cell */ strcpy(tserver.cell, localName); strcpy(tserver.name, "afs"); tserver.instance[0] = 0; code = ktc_GetToken(&tserver, &token, sizeof(token), NULL); if (code) { printf ("%s: failed to get '%s' service ticket in cell '%s' (code %d)\n", whoami, tserver.name, tserver.cell, code); exit(1); } /* and now set the ticket in the new cell */ strcpy(tserver.cell, argv[1]); code = ktc_SetToken(&tserver, &token, NULL, 0); if (code) { printf ("%s: failed to set ticket (code %d), are you sure you're authenticated?\n", whoami, code); exit(1); } /* all done */ printf("Authentication established for cell %s.\n", cname); exit(0); }
afs_uint32 xfon_voldump(XFILE * X, int flag, char *name) { struct hostent *he; struct rx_securityClass *class; struct rx_connection *conn; struct ktc_principal sname; struct ktc_token token; struct afsconf_dir *confdir; afs_uint32 code, server_addr = 0; afs_int32 volid, date, partid = 0; int isnum, index; char *x, *y; /* Parse out the optional date and server location */ if ((code = rx_Init(0))) return code; if (!(name = strdup(name))) return ENOMEM; if ((x = strrchr(name, ','))) { *x++ = 0; date = atoi(x); } else { date = 0; } if ((x = strrchr(name, '@'))) { int a, b, c, d; *x++ = 0; if (!(y = strchr(x, '/'))) { free(name); return VL_BADPARTITION; } *y++ = 0; if (sscanf(x, "%d.%d.%d.%d", &a, &b, &c, &d) == 4 && a >= 0 && a <= 255 && b >= 0 && b <= 255 && c >= 0 && c <= 255 && d >= 0 && d <= 255) { server_addr = (a << 24) | (b << 16) | (c << 8) | d; server_addr = htonl(server_addr); } else { he = gethostbyname(x); if (!he) { free(name); return VL_BADSERVER; } memcpy(&server_addr, he->h_addr, sizeof(server_addr)); } partid = volutil_GetPartitionID(y); if (partid < 0) { free(name); return VL_BADPARTITION; } } /* Get tokens and set up a security object */ confdir = afsconf_Open(AFSCONF_CLIENTNAME); if (!confdir) { free(name); return AFSCONF_NODB; } if ((code = afsconf_GetLocalCell(confdir, sname.cell, MAXKTCNAMELEN))) { free(name); return code; } afsconf_Close(confdir); strcpy(sname.name, "afs"); sname.instance[0] = 0; code = ktc_GetToken(&sname, &token, sizeof(token), 0); if (code) { class = rxnull_NewClientSecurityObject(); index = 0; } else {
static int kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst, char *tcell, char *namep) { char tcell_l[MAXKTCREALMLEN]; char *tmp; /* keep track of which one actually authorized request */ char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3]; static char lcell[MAXCELLCHARS] = ""; static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ]; static int num_lrealms = -1; int lrealm_match = 0, i; int flag; /* generate lowercased version of cell name */ strcpy(tcell_l, tcell); tmp = tcell_l; while (*tmp) { *tmp = tolower(*tmp); tmp++; } /* determine local cell name. It's static, so will only get * calculated the first time through */ if (!lcell[0]) afsconf_GetLocalCell(adir, lcell, sizeof(lcell)); /* if running a krb environment, also get the local realm */ /* note - this assumes AFS_REALM_SZ <= MAXCELLCHARS */ /* just set it to lcell if it fails */ if (num_lrealms == -1) { for (i=0; i<AFS_NUM_LREALMS; i++) { if (afs_krb_get_lrealm(lrealms[i], i) != 0 /*KSUCCESS*/) break; } if (i == 0) { strncpy(lrealms[0], lcell, AFS_REALM_SZ); num_lrealms = 1; } else { num_lrealms = i; } } /* See if the ticket cell matches one of the local realms */ lrealm_match = 0; for ( i=0;i<num_lrealms;i++ ) { if (!strcasecmp(lrealms[i], tcell)) { lrealm_match = 1; break; } } /* If yes, then make sure that the name is not present in * an exclusion list */ if (lrealm_match) { if (tinst[0]) snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell); else snprintf(uname,sizeof(uname),"%s@%s",tname,tcell); if (afs_krb_exclusion(uname)) lrealm_match = 0; } /* start with no uname and no authorization */ strcpy(uname, ""); flag = 0; /* localauth special case */ if (strlen(tinst) == 0 && strlen(tcell) == 0 && !strcmp(tname, AUTH_SUPERUSER)) { strcpy(uname, "<LocalAuth>"); flag = 1; /* cell of connection matches local cell or one of the realms */ } else if (!strcasecmp(tcell, lcell) || lrealm_match) { if ((tmp = CompFindUser(adir, tname, ".", tinst, NULL))) { strcpy(uname, tmp); flag = 1; #ifdef notyet } else if ((tmp = CompFindUser(adir, tname, "/", tinst, NULL))) { strcpy(uname, tmp); flag = 1; #endif } /* cell of conn doesn't match local cell or realm */ } else { if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell))) { strcpy(uname, tmp); flag = 1; #ifdef notyet } else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell))) { strcpy(uname, tmp); flag = 1; #endif } else if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell_l))) { strcpy(uname, tmp); flag = 1; #ifdef notyet } else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell_l))) { strcpy(uname, tmp); flag = 1; #endif } } if (namep) strcpy(namep, uname); return flag; }