static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell, char *linkedcell)
{
int status = 0;
struct afsconf_dir *configdir;
memset(local_cell, 0, sizeof(local_cell));
memset(cellconfig, 0, sizeof(*cellconfig));
if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
return AFSCONF_NODB;
}
if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) {
return AFSCONF_FAILURE;
}
if ((cell == NULL) || (cell[0] == 0))
cell = local_cell;
linkedcell[0] = '\0';
if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) {
status = AFSCONF_NOTFOUND;
}
if (cellconfig->linkedCell)
strncpy(linkedcell,cellconfig->linkedCell,MAXCELLCHARS);
(void) afsconf_Close(configdir);
return(status);
}
long GetLocalCell(struct afsconf_dir **pconfigdir, char *local_cell)
{
if (!(*pconfigdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)))
{
fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n",
progname, AFSDIR_CLIENT_ETC_DIRPATH);
akexit(AKLOG_AFS);
}
return afsconf_GetLocalCell(*pconfigdir, local_cell, MAXCELLCHARS);
}
afs_int32
SBOZO_GetCellName(struct rx_call *acall, char **aname)
{
afs_int32 code;
char tname[MAXCELLCHARS];
code = afsconf_GetLocalCell(bozo_confdir, tname, sizeof(tname));
if (code) {
/* must set output parameters even if aborting */
*aname = malloc(1);
**aname = 0;
} else {
*aname = strdup(tname);
}
return code;
}
struct afscp_cell *
afscp_DefaultCell(void)
{
struct afsconf_dir *dir;
char localcell[MAXCELLCHARS + 1];
int code;
if (defcell) {
return afscp_CellByName(defcell, defrealm);
}
dir = afsconf_Open(AFSCONF_CLIENTNAME);
if (dir == NULL) {
afscp_errno = AFSCONF_NODB;
return NULL;
}
code = afsconf_GetLocalCell(dir, localcell, MAXCELLCHARS);
if (code != 0) {
afscp_errno = code;
return NULL;
}
afsconf_Close(dir);
return afscp_CellByName(localcell, defrealm);
}
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig,
char *local_cell)
{
int status = AKLOG_SUCCESS;
struct afsconf_dir *configdir;
memset(local_cell, 0, sizeof(local_cell));
memset(cellconfig, 0, sizeof(*cellconfig));
if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)))
{
fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n",
progname, AFSDIR_CLIENT_ETC_DIRPATH);
exit(AKLOG_AFS);
}
if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS))
{
fprintf(stderr, "%s: can't determine local cell.\n", progname);
exit(AKLOG_AFS);
}
if ((cell == NULL) || (cell[0] == 0))
cell = local_cell;
if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig))
{
fprintf(stderr, "%s: Can't get information about cell %s.\n",
progname, cell);
status = AKLOG_AFS;
}
(void) afsconf_Close(configdir);
return(status);
}
int
afsconf_GetCellInfo(struct afsconf_dir *adir, char *acellName, char *aservice,
struct afsconf_cell *acellInfo)
{
struct afsconf_entry *tce;
struct afsconf_aliasentry *tcae;
struct afsconf_entry *bestce;
afs_int32 i;
int tservice;
char *tcell;
int cnLen;
int ambig;
char tbuffer[64];
LOCK_GLOBAL_MUTEX;
if (adir)
_afsconf_Check(adir);
if (acellName) {
tcell = acellName;
cnLen = (int)(strlen(tcell) + 1);
lcstring(tcell, tcell, cnLen);
afsconf_SawCell = 1; /* will ignore the AFSCELL switch on future */
/* call to afsconf_GetLocalCell: like klog */
} else {
i = afsconf_GetLocalCell(adir, tbuffer, sizeof(tbuffer));
if (i) {
UNLOCK_GLOBAL_MUTEX;
return i;
}
tcell = tbuffer;
}
cnLen = strlen(tcell);
bestce = (struct afsconf_entry *)0;
ambig = 0;
if (!adir) {
UNLOCK_GLOBAL_MUTEX;
return 0;
}
/* Look through the list of aliases */
for (tcae = adir->alias_entries; tcae; tcae = tcae->next) {
if (strcasecmp(tcae->aliasInfo.aliasName, tcell) == 0) {
tcell = tcae->aliasInfo.realName;
break;
}
}
for (tce = adir->entries; tce; tce = tce->next) {
if (strcasecmp(tce->cellInfo.name, tcell) == 0) {
/* found our cell */
bestce = tce;
ambig = 0;
break;
}
if (strlen(tce->cellInfo.name) < cnLen)
continue; /* clearly wrong */
if (strncasecmp(tce->cellInfo.name, tcell, cnLen) == 0) {
if (bestce)
ambig = 1; /* ambiguous unless we get exact match */
bestce = tce;
}
}
if (!ambig && bestce && bestce->cellInfo.numServers) {
*acellInfo = bestce->cellInfo; /* structure assignment */
if (aservice) {
tservice = afsconf_FindService(aservice);
if (tservice < 0) {
UNLOCK_GLOBAL_MUTEX;
return AFSCONF_NOTFOUND; /* service not found */
}
for (i = 0; i < acellInfo->numServers; i++) {
acellInfo->hostAddr[i].sin_port = tservice;
}
}
acellInfo->timeout = 0;
/*
* Until we figure out how to separate out ubik server
* queries from other server queries, only perform gethostbyname()
* lookup on the specified hostnames for the client CellServDB files.
*/
if (_afsconf_IsClientConfigDirectory(adir->name) &&
!(acellInfo->flags & AFSCONF_CELL_FLAG_DNS_QUERIED)) {
int j;
short numServers=0; /*Num active servers for the cell */
struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; /*IP addresses for cell's servers */
char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; /*Names for cell's servers */
char clone[MAXHOSTSPERCELL]; /*Indicates which ones are clones. */
memset(&hostAddr, 0, sizeof(hostAddr));
memset(&hostName, 0, sizeof(hostName));
memset(&clone, 0, sizeof(clone));
for ( j=0; j<acellInfo->numServers && numServers < MAXHOSTSPERCELL; j++ ) {
struct hostent *he = gethostbyname(acellInfo->hostName[j]);
int foundAddr = 0;
if (he && he->h_addrtype == AF_INET) {
int i;
/* obtain all the valid address from the list */
for (i=0 ; he->h_addr_list[i] && numServers < MAXHOSTSPERCELL; i++) {
/* check to see if this is a new address; if so insert it into the list */
int k, dup;
afs_uint32 addr;
memcpy(&addr, he->h_addr_list[i], sizeof(addr));
for (k=0, dup=0; !dup && k < numServers; k++) {
if (hostAddr[k].sin_addr.s_addr == addr) {
dup = 1;
}
}
if (dup)
continue;
hostAddr[numServers].sin_family = AF_INET;
hostAddr[numServers].sin_port = acellInfo->hostAddr[0].sin_port;
#ifdef STRUCT_SOCKADDR_HAS_SA_LEN
hostAddr[numServers].sin_len = sizeof(struct sockaddr_in);
#endif
memcpy(&hostAddr[numServers].sin_addr.s_addr, he->h_addr_list[i], sizeof(afs_uint32));
strcpy(hostName[numServers], acellInfo->hostName[j]);
clone[numServers] = acellInfo->clone[j];
foundAddr = 1;
numServers++;
}
}
if (!foundAddr) {
hostAddr[numServers] = acellInfo->hostAddr[j];
strcpy(hostName[numServers], acellInfo->hostName[j]);
clone[numServers] = acellInfo->clone[j];
numServers++;
}
}
for (i=0; i<numServers; i++) {
acellInfo->hostAddr[i] = hostAddr[i];
strcpy(acellInfo->hostName[i], hostName[i]);
acellInfo->clone[i] = clone[i];
}
acellInfo->numServers = numServers;
acellInfo->flags |= AFSCONF_CELL_FLAG_DNS_QUERIED;
}
UNLOCK_GLOBAL_MUTEX;
return 0;
} else {
UNLOCK_GLOBAL_MUTEX;
return afsconf_GetAfsdbInfo(tcell, aservice, acellInfo);
}
}
afs_int32
pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
{
afs_int32 code;
struct rx_connection *serverconns[MAXSERVERS];
struct rx_securityClass *sc = NULL;
static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
static char tconfDir[100] = "";
static char tcell[64] = "";
afs_int32 scIndex;
afs_int32 secFlags;
static struct afsconf_cell info;
afs_int32 i;
#if !defined(UKERNEL)
char cellstr[64];
#endif
afs_int32 gottdir = 0;
afs_int32 refresh = 0;
initialize_PT_error_table();
initialize_RXK_error_table();
initialize_ACFG_error_table();
initialize_KTC_error_table();
#if defined(UKERNEL)
if (!cell) {
cell = afs_LclCellName;
}
#else /* defined(UKERNEL) */
if (!cell) {
if (!tdir)
tdir = afsconf_Open(confDir);
if (!tdir) {
if (confDir && strcmp(confDir, ""))
fprintf(stderr,
"%s: Could not open configuration directory: %s.\n",
whoami, confDir);
else
fprintf(stderr,
"%s: No configuration directory specified.\n",
whoami);
return -1;
}
gottdir = 1;
code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
if (code) {
fprintf(stderr,
"libprot: Could not get local cell. [%d]\n", code);
return code;
}
cell = cellstr;
}
#endif /* defined(UKERNEL) */
if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
/*
* force re-evaluation. we either don't have an afsconf_dir,
* the directory has changed or the cell has changed.
*/
if (tdir && !gottdir) {
afsconf_Close(tdir);
tdir = (struct afsconf_dir *)NULL;
}
pruclient = (struct ubik_client *)NULL;
refresh = 1;
}
if (refresh) {
strncpy(tconfDir, confDir, sizeof(tconfDir));
strncpy(tcell, cell, sizeof(tcell));
#if defined(UKERNEL)
tdir = afs_cdir;
#else /* defined(UKERNEL) */
if (!gottdir)
tdir = afsconf_Open(confDir);
if (!tdir) {
if (confDir && strcmp(confDir, ""))
fprintf(stderr,
"libprot: Could not open configuration directory: %s.\n",
confDir);
else
fprintf(stderr,
"libprot: No configuration directory specified.\n");
return -1;
}
#endif /* defined(UKERNEL) */
code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
if (code) {
fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
cell, confDir, AFSDIR_CELLSERVDB_FILE);
return code;
}
}
/* If we already have a client and it is at the security level we
* want, don't get a new one. Unless the security level is 2 in
* which case we will get one (and re-read the key file).
*/
if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
return 0;
}
code = rx_Init(0);
if (code) {
fprintf(stderr, "libprot: Could not initialize rx.\n");
return code;
}
/* Most callers use secLevel==1, however, the fileserver uses secLevel==2
* to force use of the KeyFile. secLevel == 0 implies -noauth was
* specified. */
if (secLevel == 2) {
code = afsconf_GetLatestKey(tdir, 0, 0);
if (code) {
afs_com_err(whoami, code, "(getting key from local KeyFile)\n");
} else {
/* If secLevel is two assume we're on a file server and use
* ClientAuthSecure if possible. */
code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
if (code)
afs_com_err(whoami, code, "(calling client secure)\n");
}
} else if (secLevel > 0) {
secFlags = 0;
if (secLevel > 1)
secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
if (code) {
afs_com_err(whoami, code, "(getting token)");
if (secLevel > 1)
return code;
}
}
if (sc == NULL) {
sc = rxnull_NewClientSecurityObject();
scIndex = RX_SECIDX_NULL;
}
if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0))
fprintf(stderr,
"%s: Could not get afs tokens, running unauthenticated\n",
whoami);
memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
for (i = 0; i < info.numServers; i++)
serverconns[i] =
rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
info.hostAddr[i].sin_port, PRSRV, sc,
scIndex);
code = ubik_ClientInit(serverconns, &pruclient);
if (code) {
afs_com_err(whoami, code, "ubik client init failed.");
return code;
}
lastLevel = scIndex;
code = rxs_Release(sc);
return code;
}
/* make sure user authenticated on rx call acall is in list of valid
users. Copy the "real name" of the authenticated user into namep
if a pointer is passed.
*/
afs_int32
afsconf_SuperUser(struct afsconf_dir *adir, struct rx_call *acall, char *namep)
{
register struct rx_connection *tconn;
register afs_int32 code;
int flag;
LOCK_GLOBAL_MUTEX;
if (!adir) {
UNLOCK_GLOBAL_MUTEX;
return 0;
}
if (afsconf_GetNoAuthFlag(adir)) {
if (namep)
strcpy(namep, "<NoAuth>");
UNLOCK_GLOBAL_MUTEX;
return 1;
}
tconn = rx_ConnectionOf(acall);
code = rx_SecurityClassOf(tconn);
if (code == 0) {
UNLOCK_GLOBAL_MUTEX;
return 0; /* not authenticated at all, answer is no */
} else if (code == 1) {
/* bcrypt tokens */
UNLOCK_GLOBAL_MUTEX;
return 0; /* not supported any longer */
} else if (code == 2) {
char tname[MAXKTCNAMELEN]; /* authentication from ticket */
char tinst[MAXKTCNAMELEN];
char tcell[MAXKTCREALMLEN];
char tcell_l[MAXKTCREALMLEN];
char *tmp;
/* keep track of which one actually authorized request */
char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
afs_uint32 exp;
static char lcell[MAXCELLCHARS] = "";
static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ];
static int num_lrealms = -1;
int lrealm_match = 0, i;
/* get auth details from server connection */
code =
rxkad_GetServerInfo(acall->conn, NULL, &exp, tname, tinst, tcell,
NULL);
if (code) {
UNLOCK_GLOBAL_MUTEX;
return 0; /* bogus connection/other error */
}
/* don't bother checking anything else if tix have expired */
#ifdef AFS_PTHREAD_ENV
if (exp < clock_Sec()) {
#else
if (exp < FT_ApproxTime()) {
#endif
UNLOCK_GLOBAL_MUTEX;
return 0; /* expired tix */
}
/* generate lowercased version of cell name */
strcpy(tcell_l, tcell);
tmp = tcell_l;
while (*tmp) {
*tmp = tolower(*tmp);
tmp++;
}
/* determine local cell name. It's static, so will only get
* calculated the first time through */
if (!lcell[0])
afsconf_GetLocalCell(adir, lcell, sizeof(lcell));
/* if running a krb environment, also get the local realm */
/* note - this assumes AFS_REALM_SZ <= MAXCELLCHARS */
/* just set it to lcell if it fails */
if (num_lrealms == -1) {
for (i=0; i<AFS_NUM_LREALMS; i++) {
if (afs_krb_get_lrealm(lrealms[i], i) != 0 /*KSUCCESS*/)
break;
}
if (i == 0) {
strncpy(lrealms[0], lcell, AFS_REALM_SZ);
num_lrealms = 1;
} else {
num_lrealms = i;
}
}
/* See if the ticket cell matches one of the local realms */
lrealm_match = 0;
for ( i=0;i<num_lrealms;i++ ) {
if (!strcasecmp(lrealms[i], tcell)) {
lrealm_match = 1;
break;
}
}
/* If yes, then make sure that the name is not present in
* an exclusion list */
if (lrealm_match) {
if (tinst[0])
snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell);
else
snprintf(uname,sizeof(uname),"%s@%s",tname,tcell);
if (afs_krb_exclusion(uname))
lrealm_match = 0;
}
/* start with no uname and no authorization */
strcpy(uname, "");
flag = 0;
/* localauth special case */
if (strlen(tinst) == 0 && strlen(tcell) == 0
&& !strcmp(tname, AUTH_SUPERUSER)) {
strcpy(uname, "<LocalAuth>");
flag = 1;
/* cell of connection matches local cell or one of the realms */
} else if (!strcasecmp(tcell, lcell) || lrealm_match) {
if ((tmp = CompFindUser(adir, tname, ".", tinst, NULL))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, NULL))) {
strcpy(uname, tmp);
flag = 1;
#endif
}
/* cell of conn doesn't match local cell or realm */
} else {
if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell))) {
strcpy(uname, tmp);
flag = 1;
#endif
} else if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell_l))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell_l))) {
strcpy(uname, tmp);
flag = 1;
#endif
}
}
if (namep)
strcpy(namep, uname);
UNLOCK_GLOBAL_MUTEX;
return flag;
} else { /* some other auth type */
UNLOCK_GLOBAL_MUTEX;
return 0; /* mysterious, just say no */
}
}
int
main(int argc, char **argv)
{
char *whoami = argv[0];
char *dbNamePtr = 0;
struct afsconf_cell cellinfo;
time_t currentTime;
afs_int32 code = 0;
afs_uint32 host = ntohl(INADDR_ANY);
char clones[MAXHOSTSPERCELL];
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
extern int rx_stackSize;
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
exit(1);
}
#endif
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGSEGV, &nsa, NULL);
sigaction(SIGABRT, &nsa, NULL);
#endif
osi_audit_init();
osi_audit(BUDB_StartEvent, 0, AUD_END);
initialize_BUDB_error_table();
initializeArgHandler();
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
afs_com_err(whoami, errno, "; Unable to obtain AFS server directory.");
exit(2);
}
memset(globalConfPtr, 0, sizeof(*globalConfPtr));
/* set default configuration values */
strcpy(dbDir, AFSDIR_SERVER_DB_DIRPATH);
strcat(dbDir, "/");
globalConfPtr->databaseDirectory = dbDir;
globalConfPtr->databaseName = DEFAULT_DBPREFIX;
strcpy(cellConfDir, AFSDIR_SERVER_ETC_DIRPATH);
globalConfPtr->cellConfigdir = cellConfDir;
/* open the log file */
/*
globalConfPtr->log = fopen(DEFAULT_LOGNAME,"a");
if ( globalConfPtr->log == NULL )
{
printf("Can't open log file %s - aborting\n", DEFAULT_LOGNAME);
BUDB_EXIT(-1);
}
*/
srandom(1);
#ifdef AFS_PTHREAD_ENV
SetLogThreadNumProgram( rx_GetThreadNum );
#endif
/* process the user supplied args */
helpOption = 1;
code = cmd_Dispatch(argc, argv);
if (code)
ERROR(code);
/* exit if there was a help option */
if (helpOption)
BUDB_EXIT(0);
/* open the log file */
globalConfPtr->log = fopen(AFSDIR_SERVER_BUDBLOG_FILEPATH, "a");
if (globalConfPtr->log == NULL) {
printf("Can't open log file %s - aborting\n",
AFSDIR_SERVER_BUDBLOG_FILEPATH);
BUDB_EXIT(-1);
}
/* keep log closed so can remove it */
fclose(globalConfPtr->log);
/* open the cell's configuration directory */
LogDebug(4, "opening %s\n", globalConfPtr->cellConfigdir);
BU_conf = afsconf_Open(globalConfPtr->cellConfigdir);
if (BU_conf == 0) {
LogError(code, "Failed getting cell info\n");
afs_com_err(whoami, code, "Failed getting cell info");
ERROR(BUDB_NOCELLS);
}
code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell));
if (code) {
LogError(0, "** Can't determine local cell name!\n");
ERROR(code);
}
if (globalConfPtr->myHost == 0) {
/* if user hasn't supplied a list of servers, extract server
* list from the cell's database
*/
LogDebug(1, "Using server list from %s cell database.\n", lcell);
code = afsconf_GetExtendedCellInfo (BU_conf, lcell, 0, &cellinfo,
clones);
code =
convert_cell_to_ubik(&cellinfo, &globalConfPtr->myHost,
globalConfPtr->serverList);
if (code)
ERROR(code);
}
/* initialize audit user check */
osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch);
/* initialize ubik */
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, BU_conf);
if (ubik_nBuffers == 0)
ubik_nBuffers = 400;
LogError(0, "Will allocate %d ubik buffers\n", ubik_nBuffers);
asprintf(&dbNamePtr, "%s%s", globalConfPtr->databaseDirectory,
globalConfPtr->databaseName);
if (dbNamePtr == 0)
ERROR(-1);
rx_SetRxDeadTime(60); /* 60 seconds inactive before timeout */
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_BUDBPORT));
}
}
/* Disable jumbograms */
rx_SetNoJumbo();
code = ubik_ServerInitByInfo (globalConfPtr->myHost,
htons(AFSCONF_BUDBPORT),
&cellinfo,
clones,
dbNamePtr, /* name prefix */
&BU_dbase);
if (code) {
LogError(code, "Ubik init failed\n");
afs_com_err(whoami, code, "Ubik init failed");
ERROR(code);
}
afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase",
securityClasses, numClasses, BUDB_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
LogError(0, "Could not create backup database rx service\n");
printf("Could not create backup database rx service\n");
BUDB_EXIT(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, lwps);
rx_SetStackSize(tservice, 10000);
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(BU_rxstat_userok);
/* misc. initialization */
/* database dump synchronization */
memset(dumpSyncPtr, 0, sizeof(*dumpSyncPtr));
Lock_Init(&dumpSyncPtr->ds_lock);
rx_StartServer(0); /* start handling requests */
code = InitProcs();
if (code)
ERROR(code);
currentTime = time(0);
LogError(0, "Ready to process requests at %s\n", ctime(¤tTime));
rx_ServerProc(NULL); /* donate this LWP */
error_exit:
osi_audit(BUDB_FinishEvent, code, AUD_END);
return (code);
}
int
main(int argc, char **argv)
{
char localName[64];
register afs_int32 code;
register char *cname;
struct afsconf_dir *tdir;
struct ktc_principal tserver;
struct ktc_token token;
strcpy(whoami, argv[0]);
if (argc <= 1) {
printf
("%s: copies a file system ticket from the local cell to another cell\n",
whoami);
printf("%s: usage is 'setauth <new-cell>\n", whoami);
exit(1);
}
cname = argv[1];
/* lookup the name of the local cell */
tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
if (!tdir) {
printf("copyauth: can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
exit(1);
}
code = afsconf_GetLocalCell(tdir, localName, sizeof(localName));
if (code) {
printf("%s: can't determine local cell name\n", whoami);
exit(1);
}
/* done with configuration stuff now */
afsconf_Close(tdir);
/* get ticket in local cell */
strcpy(tserver.cell, localName);
strcpy(tserver.name, "afs");
tserver.instance[0] = 0;
code = ktc_GetToken(&tserver, &token, sizeof(token), NULL);
if (code) {
printf
("%s: failed to get '%s' service ticket in cell '%s' (code %d)\n",
whoami, tserver.name, tserver.cell, code);
exit(1);
}
/* and now set the ticket in the new cell */
strcpy(tserver.cell, argv[1]);
code = ktc_SetToken(&tserver, &token, NULL, 0);
if (code) {
printf
("%s: failed to set ticket (code %d), are you sure you're authenticated?\n",
whoami, code);
exit(1);
}
/* all done */
printf("Authentication established for cell %s.\n", cname);
exit(0);
}
afs_uint32
xfon_voldump(XFILE * X, int flag, char *name)
{
struct hostent *he;
struct rx_securityClass *class;
struct rx_connection *conn;
struct ktc_principal sname;
struct ktc_token token;
struct afsconf_dir *confdir;
afs_uint32 code, server_addr = 0;
afs_int32 volid, date, partid = 0;
int isnum, index;
char *x, *y;
/* Parse out the optional date and server location */
if ((code = rx_Init(0)))
return code;
if (!(name = strdup(name)))
return ENOMEM;
if ((x = strrchr(name, ','))) {
*x++ = 0;
date = atoi(x);
} else {
date = 0;
}
if ((x = strrchr(name, '@'))) {
int a, b, c, d;
*x++ = 0;
if (!(y = strchr(x, '/'))) {
free(name);
return VL_BADPARTITION;
}
*y++ = 0;
if (sscanf(x, "%d.%d.%d.%d", &a, &b, &c, &d) == 4 && a >= 0
&& a <= 255 && b >= 0 && b <= 255 && c >= 0 && c <= 255 && d >= 0
&& d <= 255) {
server_addr = (a << 24) | (b << 16) | (c << 8) | d;
server_addr = htonl(server_addr);
} else {
he = gethostbyname(x);
if (!he) {
free(name);
return VL_BADSERVER;
}
memcpy(&server_addr, he->h_addr, sizeof(server_addr));
}
partid = volutil_GetPartitionID(y);
if (partid < 0) {
free(name);
return VL_BADPARTITION;
}
}
/* Get tokens and set up a security object */
confdir = afsconf_Open(AFSCONF_CLIENTNAME);
if (!confdir) {
free(name);
return AFSCONF_NODB;
}
if ((code = afsconf_GetLocalCell(confdir, sname.cell, MAXKTCNAMELEN))) {
free(name);
return code;
}
afsconf_Close(confdir);
strcpy(sname.name, "afs");
sname.instance[0] = 0;
code = ktc_GetToken(&sname, &token, sizeof(token), 0);
if (code) {
class = rxnull_NewClientSecurityObject();
index = 0;
} else {
static int
kerberosSuperUser(struct afsconf_dir *adir, char *tname, char *tinst,
char *tcell, char *namep)
{
char tcell_l[MAXKTCREALMLEN];
char *tmp;
/* keep track of which one actually authorized request */
char uname[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
static char lcell[MAXCELLCHARS] = "";
static char lrealms[AFS_NUM_LREALMS][AFS_REALM_SZ];
static int num_lrealms = -1;
int lrealm_match = 0, i;
int flag;
/* generate lowercased version of cell name */
strcpy(tcell_l, tcell);
tmp = tcell_l;
while (*tmp) {
*tmp = tolower(*tmp);
tmp++;
}
/* determine local cell name. It's static, so will only get
* calculated the first time through */
if (!lcell[0])
afsconf_GetLocalCell(adir, lcell, sizeof(lcell));
/* if running a krb environment, also get the local realm */
/* note - this assumes AFS_REALM_SZ <= MAXCELLCHARS */
/* just set it to lcell if it fails */
if (num_lrealms == -1) {
for (i=0; i<AFS_NUM_LREALMS; i++) {
if (afs_krb_get_lrealm(lrealms[i], i) != 0 /*KSUCCESS*/)
break;
}
if (i == 0) {
strncpy(lrealms[0], lcell, AFS_REALM_SZ);
num_lrealms = 1;
} else {
num_lrealms = i;
}
}
/* See if the ticket cell matches one of the local realms */
lrealm_match = 0;
for ( i=0;i<num_lrealms;i++ ) {
if (!strcasecmp(lrealms[i], tcell)) {
lrealm_match = 1;
break;
}
}
/* If yes, then make sure that the name is not present in
* an exclusion list */
if (lrealm_match) {
if (tinst[0])
snprintf(uname,sizeof(uname),"%s.%s@%s",tname,tinst,tcell);
else
snprintf(uname,sizeof(uname),"%s@%s",tname,tcell);
if (afs_krb_exclusion(uname))
lrealm_match = 0;
}
/* start with no uname and no authorization */
strcpy(uname, "");
flag = 0;
/* localauth special case */
if (strlen(tinst) == 0 && strlen(tcell) == 0
&& !strcmp(tname, AUTH_SUPERUSER)) {
strcpy(uname, "<LocalAuth>");
flag = 1;
/* cell of connection matches local cell or one of the realms */
} else if (!strcasecmp(tcell, lcell) || lrealm_match) {
if ((tmp = CompFindUser(adir, tname, ".", tinst, NULL))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, NULL))) {
strcpy(uname, tmp);
flag = 1;
#endif
}
/* cell of conn doesn't match local cell or realm */
} else {
if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell))) {
strcpy(uname, tmp);
flag = 1;
#endif
} else if ((tmp = CompFindUser(adir, tname, ".", tinst, tcell_l))) {
strcpy(uname, tmp);
flag = 1;
#ifdef notyet
} else if ((tmp = CompFindUser(adir, tname, "/", tinst, tcell_l))) {
strcpy(uname, tmp);
flag = 1;
#endif
}
}
if (namep)
strcpy(namep, uname);
return flag;
}
