int
main(int argc, char *argv[])
{
int get_creds = 1;
int fg = 0;
int verbosity = 0;
int opt;
int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0;
char *progname;
while ((opt = getopt(argc, argv, "fnvmogksz")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'n':
get_creds = 0;
break;
case 'v':
verbosity++;
break;
case 'm':
get_creds = 1;
must_srv_mds = 1;
break;
case 'o':
get_creds = 1;
must_srv_oss = 1;
break;
case 'g':
get_creds = 1;
must_srv_mgs = 1;
break;
case 'k':
krb_enabled = 1;
break;
case 'h':
usage(stdout, argv[0]);
break;
case 's':
#ifdef HAVE_OPENSSL_SSK
sk_enabled = 1;
#else
fprintf(stderr, "error: request for SSK but service "
"support not enabled\n");
usage(stderr, argv[0]);
#endif
break;
case 'z':
null_enabled = 1;
break;
default:
usage(stderr, argv[0]);
break;
}
}
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
if (!sk_enabled && !krb_enabled && !null_enabled) {
#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0)
fprintf(stderr, "warning: no -k, -s, or -z option given, "
"assume -k for backward compatibility\n");
krb_enabled = 1;
#else
fprintf(stderr, "error: need one of -k, -s, or -z options\n");
usage(stderr, argv[0]);
#endif
}
initerr(progname, verbosity, fg);
/* For kerberos use gss mechanisms but ignore for sk and null */
if (krb_enabled) {
if (gssd_check_mechs()) {
printerr(0, "ERROR: problem with gssapi library\n");
exit(1);
}
if (gssd_get_local_realm()) {
printerr(0, "ERROR: Can't get Local Kerberos realm\n");
exit(1);
}
if (get_creds &&
gssd_prepare_creds(must_srv_mgs, must_srv_mds,
must_srv_oss)) {
printerr(0, "unable to obtain root (machine) "
"credentials\n");
printerr(0, "do you have a keytab entry for "
"<lustre_xxs>/<your.host>@<YOUR.REALM> in "
"/etc/krb5.keytab?\n");
exit(1);
}
}
if (!fg)
mydaemon(0, 0);
/*
* XXX: There is risk of memory leak for missing call
* cleanup_mapping() for SIGKILL and SIGSTOP.
*/
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
if (!fg)
release_parent();
gssd_init_unique(GSSD_SVC);
svcgssd_run();
cleanup_mapping();
printerr(0, "gssd_run returned!\n");
abort();
}
int
main(int argc, char *argv[])
{
int fg = 0;
int verbosity = 0;
int opt;
extern char *optarg;
char *progname;
while ((opt = getopt(argc, argv, "fvrmMp:k:d:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'M':
use_memcache = 1;
break;
case 'v':
verbosity++;
break;
case 'p':
strlcpy(pipefs_dir, optarg, sizeof(pipefs_dir));
if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0')
errx(1, "pipefs path name too long");
break;
case 'k':
strlcpy(keytabfile, optarg, sizeof(keytabfile));
if (keytabfile[sizeof(keytabfile)-1] != '\0')
errx(1, "keytab path name too long");
break;
case 'd':
strlcpy(ccachedir, optarg, sizeof(ccachedir));
if (ccachedir[sizeof(ccachedir)-1] != '\0')
errx(1, "ccachedir path name too long");
break;
default:
usage(argv[0]);
break;
}
}
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
initerr(progname, verbosity, fg);
if (gssd_check_mechs() != 0)
errx(1, "Problem with gssapi library");
if (gssd_get_local_realm())
errx(1, "get local realm");
if (!fg && daemon(0, 0) < 0)
errx(1, "fork");
/* This should be checked _after_ daemon(), because we need to own
* the undo-able semaphore by this process
*/
gssd_init_unique(GSSD_CLI);
/* Process keytab file and get machine credentials. This will modify
* disk status so do it after we are sure we are the only instance
*/
if (gssd_refresh_krb5_machine_creds())
return -1;
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
#if 0
/* Determine Kerberos information from the kernel */
gssd_obtain_kernel_krb5_info();
#endif
lgssd_init_mutexs();
printerr(0, "lgssd initialized and ready to serve\n");
lgssd_run();
lgssd_cleanup();
printerr(0, "lgssd exiting\n");
return 0;
}
