static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell, char *linkedcell) { int status = 0; struct afsconf_dir *configdir; memset(local_cell, 0, sizeof(local_cell)); memset(cellconfig, 0, sizeof(*cellconfig)); if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { return AFSCONF_NODB; } if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) { return AFSCONF_FAILURE; } if ((cell == NULL) || (cell[0] == 0)) cell = local_cell; linkedcell[0] = '\0'; if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) { status = AFSCONF_NOTFOUND; } if (cellconfig->linkedCell) strncpy(linkedcell,cellconfig->linkedCell,MAXCELLCHARS); (void) afsconf_Close(configdir); return(status); }
void startServer(char *configPath) { struct rx_securityClass **classes; afs_int32 numClasses; int code; struct rx_service *service; globalDir = afsconf_Open(configPath); if (globalDir == NULL) { fprintf(stderr, "Server: Unable to open config directory\n"); exit(1); } code = rx_Init(htons(TEST_PORT)); if (code != 0) { fprintf(stderr, "Server: Unable to initialise RX\n"); exit(1); } afsconf_BuildServerSecurityObjects(globalDir, &classes, &numClasses); service = rx_NewService(0, TEST_SERVICE_ID, "test", classes, numClasses, TEST_ExecuteRequest); if (service == NULL) { fprintf(stderr, "Server: Unable to start to test service\n"); exit(1); } rx_StartServer(1); }
void test_update_config_files(void) { int code; struct afsconf_dir *dir; char *dirname; afs_int32 local = -1; dirname = afstest_BuildTestConfig(); write_krb_conf(dirname, "SOME.REALM.ORG"); dir = afsconf_Open(dirname); if (dir == NULL) { fprintf(stderr, "Unable to configure directory.\n"); exit(1); } code = afsconf_IsLocalRealmMatch(dir, &local, "jdoe", NULL, "SOME.REALM.ORG"); ok(code == 0 && local == 1, "before update: [email protected]"); code = afsconf_IsLocalRealmMatch(dir, &local, "jdoe", NULL, "MY.REALM.ORG"); ok(code == 0 && local == 0, "before update: [email protected]"); write_krb_conf(dirname, "MY.REALM.ORG MY.OTHER.REALM.ORG"); write_krb_excl(dirname); update_csdb(dirname); _afsconf_Touch(dir); /* forces reopen */ code = afsconf_IsLocalRealmMatch(dir, &local, "jdoe", NULL, "MY.REALM.ORG"); ok(code == 0 && local == 1, "after update: [email protected]"); code = afsconf_IsLocalRealmMatch(dir, &local, "admin", NULL, "MY.REALM.ORG"); ok(code == 0 && local == 0, "after update: [email protected]"); afstest_UnlinkTestConfig(dirname); }
void afscp_SetConfDir(char *confDir) { if (confdir != NULL) afsconf_Close(confdir); confdir = afsconf_Open(confDir); }
long GetLocalCell(struct afsconf_dir **pconfigdir, char *local_cell) { if (!(*pconfigdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n", progname, AFSDIR_CLIENT_ETC_DIRPATH); akexit(AKLOG_AFS); } return afsconf_GetLocalCell(*pconfigdir, local_cell, MAXCELLCHARS); }
static int _GetCellInfo(char *cell, struct afsconf_cell *celldata) { int code; if (confdir == NULL) confdir = afsconf_Open(AFSCONF_CLIENTNAME); if (confdir == NULL) { return AFSCONF_NODB; } code = afsconf_GetCellInfo(confdir, cell, AFSCONF_VLDBSERVICE, celldata); return code; }
void test_no_config_files(void) { struct afsconf_dir *dir; char *dirname; /* run tests without config files */ dirname = afstest_BuildTestConfig(); dir = afsconf_Open(dirname); if (dir == NULL) { fprintf(stderr, "Unable to configure directory.\n"); exit(1); } run_tests(dir, 0, "no config"); afstest_UnlinkTestConfig(dirname); }
void test_edges(void) { struct afsconf_dir *dir; char *dirname; /* run edge case tests */ dirname = afstest_BuildTestConfig(); dir = afsconf_Open(dirname); if (dir == NULL) { fprintf(stderr, "Unable to configure directory.\n"); exit(1); } run_edge_tests(dir); afstest_UnlinkTestConfig(dirname); }
static int internal_client_init_dir(const char *confDir, char *cellName, int secFlags, struct ubik_client **uclientp, int (*secproc) (struct rx_securityClass *, afs_int32), afs_int32 maxservers, char *serviceid, afs_int32 deadtime, afs_uint32 server, afs_uint32 port, afs_int32 usrvid) { int code; const char *progname; struct afsconf_dir *dir; struct afsconf_cell info; progname = getprogname(); if (progname == NULL) progname = "<unknown>"; if (confDir == NULL) confDir = AFSDIR_CLIENT_ETC_DIRPATH; dir = afsconf_Open(confDir); if (!dir) { fprintf(stderr, "%s: Could not process files in configuration directory (%s).\n", progname, confDir); return EIO; } if (cellName == NULL) cellName = dir->cellName; code = afsconf_GetCellInfo(dir, cellName, serviceid, &info); if (code) { fprintf(stderr, "%s: can't find cell %s's hosts in %s/%s\n", progname?progname:"<unknown>", cellName, confDir, AFSDIR_CELLSERVDB_FILE); afsconf_Close(dir); return code; } code = internal_client_init(dir, &info, secFlags, uclientp, secproc, maxservers, serviceid, deadtime, server, port, usrvid); afsconf_Close(dir); return code; }
int main(int argc, char *argv[]) { struct afsconf_dir *tdir; const char *confdir; if (argc == 1) { fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n", argv[0], argv[0]); fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]); fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]); fprintf(stderr, "\tOR\n\t%s add <type> <kvno> <subtype> <key>\n", argv[0]); fprintf(stderr, "\tOR\n\t%s add <type> <kvno> <subtype> <keyfile> <princ>\n", argv[0]); fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); fprintf(stderr, "\t%s delete <kvno>\n", argv[0]); fprintf(stderr, "\t%s list\n", argv[0]); exit(1); } confdir = AFSDIR_SERVER_ETC_DIRPATH; tdir = afsconf_Open(confdir); if (!tdir) { fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0], confdir); exit(1); } if (strcmp(argv[1], "add")==0) { addKey(tdir, argc, argv); } else if (strcmp(argv[1], "delete")==0) { deleteKey(tdir, argc, argv); } else if (strcmp(argv[1], "list") == 0) { listKey(tdir, argc, argv); } else { fprintf(stderr, "%s: unknown operation '%s', type '%s' for " "assistance\n", argv[0], argv[1], argv[0]); exit(1); } exit(0); }
void test_with_config_files(void) { struct afsconf_dir *dir; char *dirname; /* run tests with config files */ dirname = afstest_BuildTestConfig(); write_krb_conf(dirname, "MY.REALM.ORG MY.OTHER.REALM.ORG"); write_krb_excl(dirname); dir = afsconf_Open(dirname); if (dir == NULL) { fprintf(stderr, "Unable to configure directory.\n"); exit(1); } run_tests(dir, 2, "config"); afstest_UnlinkTestConfig(dirname); }
int unlog_NormalizeCellNames(char **list, int size) { char *newCellName; unsigned index; struct afsconf_dir *conf; int code; struct afsconf_cell cellinfo; if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "Cannot get cell configuration info!\n"); exit(1); } for (index = 0; index < size; index++, list++) { newCellName = malloc(MAXKTCREALMLEN); if (!newCellName) { perror("unlog_NormalizeCellNames --- malloc failed"); exit(1); } lcstring(newCellName, *list, MAXKTCREALMLEN); code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo); if (code) { if (code == AFSCONF_NOTFOUND) { fprintf(stderr, "Unrecognized cell name %s\n", newCellName); } else { fprintf(stderr, "unlog_NormalizeCellNames - afsconf_GetCellInfo"); fprintf(stderr, " failed, code = %d\n", code); } exit(1); } strcpy(newCellName, cellinfo.name); *list = newCellName; } afsconf_Close(conf); return 0; }
void test_set_local_realms(void) { struct afsconf_dir *dir; char *dirname; /* Simulate command line -realm option; overrides config file, if one. * Multiple realms can be added. */ ok(afsconf_SetLocalRealm("MY.REALM.ORG") == 0, "set local realm MY.REALM.ORG"); ok(afsconf_SetLocalRealm("MY.OTHER.REALM.ORG") == 0, "set local realm MY.OTHER.REALM.ORG"); /* run tests without config files */ dirname = afstest_BuildTestConfig(); dir = afsconf_Open(dirname); if (dir == NULL) { fprintf(stderr, "Unable to configure directory.\n"); exit(1); } write_krb_conf(dirname, "SOME.REALM.ORG"); run_tests(dir, 1, "set realm test"); afstest_UnlinkTestConfig(dirname); }
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell) { int status = AKLOG_SUCCESS; struct afsconf_dir *configdir; memset(local_cell, 0, sizeof(local_cell)); memset(cellconfig, 0, sizeof(*cellconfig)); if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n", progname, AFSDIR_CLIENT_ETC_DIRPATH); exit(AKLOG_AFS); } if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) { fprintf(stderr, "%s: can't determine local cell.\n", progname); exit(AKLOG_AFS); } if ((cell == NULL) || (cell[0] == 0)) cell = local_cell; if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) { fprintf(stderr, "%s: Can't get information about cell %s.\n", progname, cell); status = AKLOG_AFS; } (void) afsconf_Close(configdir); return(status); }
int afstest_StartTestRPCService(const char *configPath, u_short port, u_short serviceId, afs_int32 (*proc) (struct rx_call *)) { struct afsconf_dir *dir; struct rx_securityClass **classes; afs_int32 numClasses; int code; struct rx_service *service; dir = afsconf_Open(configPath); if (dir == NULL) { fprintf(stderr, "Server: Unable to open config directory\n"); return -1; } code = rx_Init(htons(port)); if (code != 0) { fprintf(stderr, "Server: Unable to initialise RX\n"); return -1; } afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses); service = rx_NewService(0, serviceId, "test", classes, numClasses, proc); if (service == NULL) { fprintf(stderr, "Server: Unable to start to test service\n"); return -1; } rx_StartServer(1); return 0; /* Not reached, we donated ourselves to StartServer */ }
struct afscp_cell * afscp_DefaultCell(void) { struct afsconf_dir *dir; char localcell[MAXCELLCHARS + 1]; int code; if (defcell) { return afscp_CellByName(defcell, defrealm); } dir = afsconf_Open(AFSCONF_CLIENTNAME); if (dir == NULL) { afscp_errno = AFSCONF_NODB; return NULL; } code = afsconf_GetLocalCell(dir, localcell, MAXCELLCHARS); if (code != 0) { afscp_errno = code; return NULL; } afsconf_Close(dir); return afscp_CellByName(localcell, defrealm); }
static int _GetLocalSecurityObject(struct afscp_cell *cell, char *aname, char *ainst) { int code = 0; char tbuffer[256]; struct ktc_encryptionKey key, session; struct rx_securityClass *tc; afs_int32 kvno; afs_int32 ticketLen; rxkad_level lev; struct afsconf_dir *tdir; tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!tdir) { code = AFSCONF_FAILURE; goto done; } code = afsconf_GetLatestKey(tdir, &kvno, &key); if (code) { goto done; } DES_init_random_number_generator((DES_cblock *)&key); code = DES_new_random_key((DES_cblock *)&session); if (code) { goto done; } ticketLen = sizeof(tbuffer); memset(tbuffer, 0, sizeof(tbuffer)); code = tkt_MakeTicket(tbuffer, &ticketLen, &key, aname, ainst, "", 0, 0xffffffff, &session, 0, "afs", ""); if (code) { goto done; } if (insecure) { lev = rxkad_clear; } else { lev = rxkad_crypt; } tc = (struct rx_securityClass *) rxkad_NewClientSecurityObject(lev, &session, kvno, ticketLen, tbuffer); if (!tc) { code = RXKADBADKEY; goto done; } cell->security = tc; cell->scindex = 2; done: if (tdir) { afsconf_Close(tdir); } return code; }
afs_int32 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell) { afs_int32 code; struct rx_connection *serverconns[MAXSERVERS]; struct rx_securityClass *sc = NULL; static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */ static char tconfDir[100] = ""; static char tcell[64] = ""; afs_int32 scIndex; afs_int32 secFlags; static struct afsconf_cell info; afs_int32 i; #if !defined(UKERNEL) char cellstr[64]; #endif afs_int32 gottdir = 0; afs_int32 refresh = 0; initialize_PT_error_table(); initialize_RXK_error_table(); initialize_ACFG_error_table(); initialize_KTC_error_table(); #if defined(UKERNEL) if (!cell) { cell = afs_LclCellName; } #else /* defined(UKERNEL) */ if (!cell) { if (!tdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "%s: Could not open configuration directory: %s.\n", whoami, confDir); else fprintf(stderr, "%s: No configuration directory specified.\n", whoami); return -1; } gottdir = 1; code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr)); if (code) { fprintf(stderr, "libprot: Could not get local cell. [%d]\n", code); return code; } cell = cellstr; } #endif /* defined(UKERNEL) */ if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) { /* * force re-evaluation. we either don't have an afsconf_dir, * the directory has changed or the cell has changed. */ if (tdir && !gottdir) { afsconf_Close(tdir); tdir = (struct afsconf_dir *)NULL; } pruclient = (struct ubik_client *)NULL; refresh = 1; } if (refresh) { strncpy(tconfDir, confDir, sizeof(tconfDir)); strncpy(tcell, cell, sizeof(tcell)); #if defined(UKERNEL) tdir = afs_cdir; #else /* defined(UKERNEL) */ if (!gottdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "libprot: Could not open configuration directory: %s.\n", confDir); else fprintf(stderr, "libprot: No configuration directory specified.\n"); return -1; } #endif /* defined(UKERNEL) */ code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info); if (code) { fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n", cell, confDir, AFSDIR_CELLSERVDB_FILE); return code; } } /* If we already have a client and it is at the security level we * want, don't get a new one. Unless the security level is 2 in * which case we will get one (and re-read the key file). */ if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) { return 0; } code = rx_Init(0); if (code) { fprintf(stderr, "libprot: Could not initialize rx.\n"); return code; } /* Most callers use secLevel==1, however, the fileserver uses secLevel==2 * to force use of the KeyFile. secLevel == 0 implies -noauth was * specified. */ if (secLevel == 2) { code = afsconf_GetLatestKey(tdir, 0, 0); if (code) { afs_com_err(whoami, code, "(getting key from local KeyFile)\n"); } else { /* If secLevel is two assume we're on a file server and use * ClientAuthSecure if possible. */ code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); if (code) afs_com_err(whoami, code, "(calling client secure)\n"); } } else if (secLevel > 0) { secFlags = 0; if (secLevel > 1) secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT; code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL); if (code) { afs_com_err(whoami, code, "(getting token)"); if (secLevel > 1) return code; } } if (sc == NULL) { sc = rxnull_NewClientSecurityObject(); scIndex = RX_SECIDX_NULL; } if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0)) fprintf(stderr, "%s: Could not get afs tokens, running unauthenticated\n", whoami); memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */ for (i = 0; i < info.numServers; i++) serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, PRSRV, sc, scIndex); code = ubik_ClientInit(serverconns, &pruclient); if (code) { afs_com_err(whoami, code, "ubik client init failed."); return code; } lastLevel = scIndex; code = rxs_Release(sc); return code; }
int main(int argc, char **argv, char **envp) { struct rx_service *tservice; afs_int32 code; struct afsconf_dir *tdir; int noAuth = 0; int i; char namebuf[AFSDIR_PATH_MAX]; int rxMaxMTU = -1; afs_uint32 host = htonl(INADDR_ANY); char *auditFileName = NULL; struct rx_securityClass **securityClasses; afs_int32 numClasses; int DoPeerRPCStats = 0; int DoProcessRPCStats = 0; #ifndef AFS_NT40_ENV int nofork = 0; struct stat sb; #endif #ifdef AFS_AIX32_ENV struct sigaction nsa; /* for some reason, this permits user-mode RX to run a lot faster. * we do it here in the bosserver, so we don't have to do it * individually in each server. */ tweak_config(); /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGSEGV, &nsa, NULL); sigaction(SIGABRT, &nsa, NULL); #endif osi_audit_init(); signal(SIGFPE, bozo_insecureme); #ifdef AFS_NT40_ENV /* Initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "%s: Couldn't initialize winsock.\n", argv[0]); exit(2); } #endif /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } /* some path inits */ bozo_fileName = AFSDIR_SERVER_BOZCONF_FILEPATH; DoCore = AFSDIR_SERVER_LOGS_DIRPATH; /* initialize the list of dirpaths that the bosserver has * an interest in monitoring */ initBosEntryStats(); #if defined(AFS_SGI_ENV) /* offer some protection if AFS isn't loaded */ if (syscall(AFS_SYSCALL, AFSOP_ENDLOG) < 0 && errno == ENOPKG) { printf("bosserver: AFS doesn't appear to be configured in O.S..\n"); exit(1); } #endif #ifndef AFS_NT40_ENV /* save args for restart */ bozo_argc = argc; bozo_argv = malloc((argc+1) * sizeof(char*)); if (!bozo_argv) { fprintf(stderr, "%s: Failed to allocate argument list.\n", argv[0]); exit(1); } bozo_argv[0] = (char*)AFSDIR_SERVER_BOSVR_FILEPATH; /* expected path */ bozo_argv[bozo_argc] = NULL; /* null terminate list */ #endif /* AFS_NT40_ENV */ /* parse cmd line */ for (code = 1; code < argc; code++) { #ifndef AFS_NT40_ENV bozo_argv[code] = argv[code]; #endif /* AFS_NT40_ENV */ if (strcmp(argv[code], "-noauth") == 0) { /* set noauth flag */ noAuth = 1; } else if (strcmp(argv[code], "-log") == 0) { /* set extra logging flag */ DoLogging = 1; } #ifndef AFS_NT40_ENV else if (strcmp(argv[code], "-syslog") == 0) { /* set syslog logging flag */ DoSyslog = 1; } else if (strncmp(argv[code], "-syslog=", 8) == 0) { DoSyslog = 1; DoSyslogFacility = atoi(argv[code] + 8); } else if (strncmp(argv[code], "-cores=", 7) == 0) { if (strcmp((argv[code]+7), "none") == 0) DoCore = 0; else DoCore = (argv[code]+7); } else if (strcmp(argv[code], "-nofork") == 0) { nofork = 1; } #endif else if (strcmp(argv[code], "-enable_peer_stats") == 0) { DoPeerRPCStats = 1; } else if (strcmp(argv[code], "-enable_process_stats") == 0) { DoProcessRPCStats = 1; } else if (strcmp(argv[code], "-restricted") == 0) { bozo_isrestricted = 1; } else if (strcmp(argv[code], "-rxbind") == 0) { rxBind = 1; } else if (strcmp(argv[code], "-allow-dotted-principals") == 0) { rxkadDisableDotCheck = 1; } else if (!strcmp(argv[code], "-rxmaxmtu")) { if ((code + 1) >= argc) { fprintf(stderr, "missing argument for -rxmaxmtu\n"); exit(1); } rxMaxMTU = atoi(argv[++code]); } else if (strcmp(argv[code], "-auditlog") == 0) { auditFileName = argv[++code]; } else if (strcmp(argv[code], "-audit-interface") == 0) { char *interface = argv[++code]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); exit(1); } } else if (strncmp(argv[code], "-pidfiles=", 10) == 0) { DoPidFiles = (argv[code]+10); } else if (strncmp(argv[code], "-pidfiles", 9) == 0) { DoPidFiles = AFSDIR_BOSCONFIG_DIR; } else { /* hack to support help flag */ #ifndef AFS_NT40_ENV printf("Usage: bosserver [-noauth] [-log] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] " "[-syslog[=FACILITY]] " "[-restricted] " "[-enable_peer_stats] [-enable_process_stats] " "[-cores=<none|path>] \n" "[-pidfiles[=path]] " "[-nofork] " "[-help]\n"); #else printf("Usage: bosserver [-noauth] [-log] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] " "[-restricted] " "[-enable_peer_stats] [-enable_process_stats] " "[-cores=<none|path>] \n" "[-pidfiles[=path]] " "[-help]\n"); #endif fflush(stdout); exit(0); } } if (auditFileName) { osi_audit_file(auditFileName); } #ifndef AFS_NT40_ENV if (geteuid() != 0) { printf("bosserver: must be run as root.\n"); exit(1); } #endif if ((!DoSyslog) #ifndef AFS_NT40_ENV && ((lstat(AFSDIR_BOZLOG_FILE, &sb) == 0) && !(S_ISFIFO(sb.st_mode))) #endif ) { strcpy(namebuf, AFSDIR_BOZLOG_FILE); strcat(namebuf, ".old"); rk_rename(AFSDIR_BOZLOG_FILE, namebuf); /* try rename first */ bozo_logFile = fopen(AFSDIR_BOZLOG_FILE, "a"); if (!bozo_logFile) { printf("bosserver: can't initialize log file (%s).\n", AFSDIR_SERVER_BOZLOG_FILEPATH); exit(1); } /* keep log closed normally, so can be removed */ fclose(bozo_logFile); } else { #ifndef AFS_NT40_ENV openlog("bosserver", LOG_PID, DoSyslogFacility); #endif } /* * go into the background and remove our controlling tty, close open * file desriptors */ #ifndef AFS_NT40_ENV if (!nofork) daemon(1, 0); #endif /* ! AFS_NT40_ENV */ /* create useful dirs */ CreateDirs(DoCore); /* Write current state of directory permissions to log file */ DirAccessOK(); /* chdir to AFS log directory */ if (DoCore) chdir(DoCore); else chdir(AFSDIR_SERVER_LOGS_DIRPATH); /* try to read the key from the config file */ tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!tdir) { /* try to create local cell config file */ struct afsconf_cell tcell; strcpy(tcell.name, "localcell"); tcell.numServers = 1; code = gethostname(tcell.hostName[0], MAXHOSTCHARS); if (code) { bozo_Log("failed to get hostname, code %d\n", errno); exit(1); } if (tcell.hostName[0][0] == 0) { bozo_Log("host name not set, can't start\n"); bozo_Log("try the 'hostname' command\n"); exit(1); } memset(tcell.hostAddr, 0, sizeof(tcell.hostAddr)); /* not computed */ code = afsconf_SetCellInfo(NULL, AFSDIR_SERVER_ETC_DIRPATH, &tcell); if (code) { bozo_Log ("could not create cell database in '%s' (code %d), quitting\n", AFSDIR_SERVER_ETC_DIRPATH, code); exit(1); } tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!tdir) { bozo_Log ("failed to open newly-created cell database, quitting\n"); exit(1); } } /* opened the cell databse */ bozo_confdir = tdir; code = bnode_Init(); if (code) { printf("bosserver: could not init bnode package, code %d\n", code); exit(1); } bnode_Register("fs", &fsbnode_ops, 3); bnode_Register("dafs", &dafsbnode_ops, 4); bnode_Register("simple", &ezbnode_ops, 1); bnode_Register("cron", &cronbnode_ops, 2); #if defined(RLIMIT_CORE) && defined(HAVE_GETRLIMIT) { struct rlimit rlp; getrlimit(RLIMIT_CORE, &rlp); if (!DoCore) rlp.rlim_cur = 0; else rlp.rlim_max = rlp.rlim_cur = RLIM_INFINITY; setrlimit(RLIMIT_CORE, &rlp); getrlimit(RLIMIT_CORE, &rlp); bozo_Log("Core limits now %d %d\n",(int)rlp.rlim_cur,(int)rlp.rlim_max); } #endif /* Read init file, starting up programs. Also starts watcher threads. */ if ((code = ReadBozoFile(0))) { bozo_Log ("bosserver: Something is wrong (%d) with the bos configuration file %s; aborting\n", code, AFSDIR_SERVER_BOZCONF_FILEPATH); exit(code); } if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) host = SHostAddrs[0]; } for (i = 0; i < 10; i++) { if (rxBind) { code = rx_InitHost(host, htons(AFSCONF_NANNYPORT)); } else { code = rx_Init(htons(AFSCONF_NANNYPORT)); } if (code) { bozo_Log("can't initialize rx: code=%d\n", code); sleep(3); } else break; } if (i >= 10) { bozo_Log("Bos giving up, can't initialize rx\n"); exit(code); } /* Set some rx config */ if (DoPeerRPCStats) rx_enablePeerRPCStats(); if (DoProcessRPCStats) rx_enableProcessRPCStats(); /* Disable jumbograms */ rx_SetNoJumbo(); if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { bozo_Log("bosserver: rxMaxMTU %d is invalid\n", rxMaxMTU); exit(1); } } code = LWP_CreateProcess(BozoDaemon, BOZO_LWP_STACKSIZE, /* priority */ 1, /* param */ NULL , "bozo-the-clown", &bozo_pid); if (code) { bozo_Log("Failed to create daemon thread\n"); exit(1); } /* initialize audit user check */ osi_audit_set_user_check(bozo_confdir, bozo_IsLocalRealmMatch); bozo_CreateRxBindFile(host); /* for local scripts */ /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(bozo_rxstat_userok); afsconf_SetNoAuthFlag(tdir, noAuth); afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); if (DoPidFiles) { bozo_CreatePidFile("bosserver", NULL, getpid()); } tservice = rx_NewServiceHost(host, 0, /* service id */ 1, "bozo", securityClasses, numClasses, BOZO_ExecuteRequest); rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); rx_SetStackSize(tservice, BOZO_LWP_STACKSIZE); /* so gethostbyname works (in cell stuff) */ if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); rx_StartServer(1); /* donate this process */ return 0; }
int main(int argc, char **argv) { struct afsconf_dir *tdir; afs_int32 code; if (argc == 1) { printf("bos_util: usage is 'bos_util <opcode> options, e.g.\n"); printf(" bos_util add <kvno>\n"); printf(" bos_util adddes <kvno>\n"); #ifdef KERBEROS printf(" bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n"); #endif printf(" bos_util delete <kvno>\n"); printf(" bos_util list\n"); exit(1); } tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIR); if (!tdir) { printf("bos_util: can't initialize conf dir '%s'\n", AFSDIR_SERVER_ETC_DIR); exit(1); } if (strcmp(argv[1], "add") == 0) { struct ktc_encryptionKey tkey; int kvno; char buf[BUFSIZ], ver[BUFSIZ]; char *tcell = NULL; if (argc != 3) { printf("bos_util add: usage is 'bos_util add <kvno>\n"); exit(1); } kvno = atoi(argv[2]); memset(&tkey, 0, sizeof(struct ktc_encryptionKey)); /* prompt for key */ code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0); if (code || strlen(buf) == 0) { printf("Bad key: \n"); exit(1); } code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0); if (code || strlen(ver) == 0) { printf("Bad key: \n"); exit(1); } if (strcmp(ver, buf) != 0) { printf("\nInput key mismatch\n"); exit(1); } ka_StringToKey(buf, tcell, &tkey); code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); exit(1); } } else if (strcmp(argv[1], "adddes") == 0) { struct ktc_encryptionKey tkey; int kvno; afs_int32 code; char buf[BUFSIZ], ver[BUFSIZ]; if (argc != 3) { printf("bos_util adddes: usage is 'bos_util adddes <kvno>\n"); exit(1); } kvno = atoi(argv[2]); memset(&tkey, 0, sizeof(struct ktc_encryptionKey)); /* prompt for key */ code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0); if (code || strlen(buf) == 0) { printf("Bad key: \n"); exit(1); } code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0); if (code || strlen(ver) == 0) { printf("Bad key: \n"); exit(1); } if (strcmp(ver, buf) != 0) { printf("\nInput key mismatch\n"); exit(1); } des_string_to_key(buf, ktc_to_cblockptr(&tkey)); code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); exit(1); } } #ifdef KERBEROS else if (strcmp(argv[1], "srvtab2keyfile") == 0) { char tkey[8], name[255], inst[255], realm[255]; int kvno; if (argc != 5) { printf ("bos_util add: usage is 'bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n"); exit(1); } kvno = atoi(argv[2]); bzero(tkey, sizeof(tkey)); code = kname_parse(name, inst, realm, argv[4]); if (code != 0) { printf("Invalid kerberos name\n"); exit(1); } code = read_service_key(name, inst, realm, kvno, argv[3], tkey); if (code != 0) { printf("Can't find key in %s\n", argv[3]); exit(1); } code = afsconf_AddKey(tdir, kvno, tkey, 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); exit(1); } } #endif else if (strcmp(argv[1], "delete") == 0) { long kvno; if (argc != 3) { printf("bos_util delete: usage is 'bos_util delete <kvno>\n"); exit(1); } kvno = atoi(argv[2]); code = afsconf_DeleteKey(tdir, kvno); if (code) { printf("bos_util: failed to delete key %ld, (code %d)\n", kvno, code); exit(1); } } else if (strcmp(argv[1], "list") == 0) { struct afsconf_keys tkeys; int i; unsigned char tbuffer[9]; code = afsconf_GetKeys(tdir, &tkeys); if (code) { printf("bos_util: failed to get keys, code %d\n", code); exit(1); } for (i = 0; i < tkeys.nkeys; i++) { if (tkeys.key[i].kvno != -1) { int count; unsigned char x[8]; memcpy(tbuffer, tkeys.key[i].key, 8); tbuffer[8] = 0; printf("kvno %4d: key is '%s' '", tkeys.key[i].kvno, tbuffer); strcpy((char *)x, (char *)tbuffer); for (count = 0; count < 8; count++) printf("\\%03o", x[count]); printf("'\n"); } } printf("All done.\n"); } else { printf ("bos_util: unknown operation '%s', type 'bos_util' for assistance\n", argv[1]); exit(1); } exit(0); }
int main(int argc, char **argv) { char *dirname; struct afsconf_dir *dir; int code, secIndex; pid_t serverPid; struct rx_securityClass *secClass; struct ubik_client *ubikClient = NULL; int ret = 0; /* Skip all tests if the current hostname can't be resolved */ afstest_SkipTestsIfBadHostname(); /* Skip all tests if the current hostname is on the loopback network */ afstest_SkipTestsIfLoopbackNetIsDefault(); plan(6); code = rx_Init(0); dirname = afstest_BuildTestConfig(); dir = afsconf_Open(dirname); code = afstest_AddDESKeyFile(dir); if (code) { afs_com_err("vos-t", code, "while adding test DES keyfile"); ret = 1; goto out; } code = afstest_StartVLServer(dirname, &serverPid); if (code) { afs_com_err("vos-t", code, "while starting the vlserver"); ret = 1; goto out; } /* Let it figure itself out ... */ sleep(5); code = afsconf_ClientAuthSecure(dir, &secClass, &secIndex); is_int(code, 0, "Successfully got security class"); if (code) { afs_com_err("authname-t", code, "while getting anonymous secClass"); ret = 1; goto out; } code = afstest_GetUbikClient(dir, AFSCONF_VLDBSERVICE, USER_SERVICE_ID, secClass, secIndex, &ubikClient); is_int(code, 0, "Successfully built ubik client structure"); if (code) { afs_com_err("vos-t", code, "while building ubik client"); ret = 1; goto out; } TestListAddrs(ubikClient, dirname); code = afstest_StopServer(serverPid); is_int(0, code, "Server exited cleanly"); out: afstest_UnlinkTestConfig(dirname); return ret; }
/*! * \brief Get the appropriate type of ubik client structure out from the system. */ afs_int32 ugen_ClientInit(int noAuthFlag, const char *confDir, char *cellName, afs_int32 sauth, struct ubik_client **uclientp, int (*secproc) (struct rx_securityClass *, afs_int32), char *funcName, afs_int32 gen_rxkad_level, afs_int32 maxservers, char *serviceid, afs_int32 deadtime, afs_uint32 server, afs_uint32 port, afs_int32 usrvid) { afs_int32 code, secFlags, i; afs_int32 scIndex; struct afsconf_cell info; struct afsconf_dir *tdir; struct rx_securityClass *sc; /* This must change if VLDB_MAXSERVERS becomes larger than MAXSERVERS */ static struct rx_connection *serverconns[MAXSERVERS]; code = rx_Init(0); if (code) { fprintf(stderr, "%s: could not initialize rx.\n", funcName); return code; } rx_SetRxDeadTime(deadtime); secFlags = AFSCONF_SECOPTS_FALLBACK_NULL; if (sauth) { secFlags |= AFSCONF_SECOPTS_LOCALAUTH; confDir = AFSDIR_SERVER_ETC_DIRPATH; } else { if (confDir == NULL) confDir = AFSDIR_CLIENT_ETC_DIRPATH; } if (noAuthFlag) { secFlags |= AFSCONF_SECOPTS_NOAUTH; } tdir = afsconf_Open(confDir); if (!tdir) { fprintf(stderr, "%s: Could not process files in configuration directory (%s).\n", funcName, confDir); return -1; } if (sauth) cellName = tdir->cellName; code = afsconf_GetCellInfo(tdir, cellName, serviceid, &info); if (code) { afsconf_Close(tdir); fprintf(stderr, "%s: can't find cell %s's hosts in %s/%s\n", funcName, cellName, confDir, AFSDIR_CELLSERVDB_FILE); return -1; } code = afsconf_PickClientSecObj(tdir, secFlags, &info, cellName, &sc, &scIndex, NULL); if (code) { fprintf(stderr, "%s: can't create client security object", funcName); return -1; } if (scIndex == RX_SECIDX_NULL && !noAuthFlag) { fprintf(stderr, "%s: Could not get afs tokens, running unauthenticated.\n", funcName); } afsconf_Close(tdir); if (secproc) /* tell UV module about default authentication */ (*secproc) (sc, scIndex); if (server) { serverconns[0] = rx_NewConnection(server, port, usrvid, sc, scIndex); } else { if (info.numServers > maxservers) { fprintf(stderr, "%s: info.numServers=%d (> maxservers=%d)\n", funcName, info.numServers, maxservers); return -1; } for (i = 0; i < info.numServers; i++) { if (!info.hostAddr[i].sin_port && port) info.hostAddr[i].sin_port = port; serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, usrvid, sc, scIndex); } } /* Are we just setting up connections, or is this really ubik stuff? */ if (uclientp) { *uclientp = 0; code = ubik_ClientInit(serverconns, uclientp); if (code) { fprintf(stderr, "%s: ubik client init failed.\n", funcName); return code; } } return 0; }
int main(int argc, char **argv) { char *whoami = argv[0]; char *dbNamePtr = 0; struct afsconf_cell cellinfo; time_t currentTime; afs_int32 code = 0; afs_uint32 host = ntohl(INADDR_ANY); char clones[MAXHOSTSPERCELL]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; extern int rx_stackSize; #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami); exit(1); } #endif #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGSEGV, &nsa, NULL); sigaction(SIGABRT, &nsa, NULL); #endif osi_audit_init(); osi_audit(BUDB_StartEvent, 0, AUD_END); initialize_BUDB_error_table(); initializeArgHandler(); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif afs_com_err(whoami, errno, "; Unable to obtain AFS server directory."); exit(2); } memset(globalConfPtr, 0, sizeof(*globalConfPtr)); /* set default configuration values */ strcpy(dbDir, AFSDIR_SERVER_DB_DIRPATH); strcat(dbDir, "/"); globalConfPtr->databaseDirectory = dbDir; globalConfPtr->databaseName = DEFAULT_DBPREFIX; strcpy(cellConfDir, AFSDIR_SERVER_ETC_DIRPATH); globalConfPtr->cellConfigdir = cellConfDir; /* open the log file */ /* globalConfPtr->log = fopen(DEFAULT_LOGNAME,"a"); if ( globalConfPtr->log == NULL ) { printf("Can't open log file %s - aborting\n", DEFAULT_LOGNAME); BUDB_EXIT(-1); } */ srandom(1); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( rx_GetThreadNum ); #endif /* process the user supplied args */ helpOption = 1; code = cmd_Dispatch(argc, argv); if (code) ERROR(code); /* exit if there was a help option */ if (helpOption) BUDB_EXIT(0); /* open the log file */ globalConfPtr->log = fopen(AFSDIR_SERVER_BUDBLOG_FILEPATH, "a"); if (globalConfPtr->log == NULL) { printf("Can't open log file %s - aborting\n", AFSDIR_SERVER_BUDBLOG_FILEPATH); BUDB_EXIT(-1); } /* keep log closed so can remove it */ fclose(globalConfPtr->log); /* open the cell's configuration directory */ LogDebug(4, "opening %s\n", globalConfPtr->cellConfigdir); BU_conf = afsconf_Open(globalConfPtr->cellConfigdir); if (BU_conf == 0) { LogError(code, "Failed getting cell info\n"); afs_com_err(whoami, code, "Failed getting cell info"); ERROR(BUDB_NOCELLS); } code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell)); if (code) { LogError(0, "** Can't determine local cell name!\n"); ERROR(code); } if (globalConfPtr->myHost == 0) { /* if user hasn't supplied a list of servers, extract server * list from the cell's database */ LogDebug(1, "Using server list from %s cell database.\n", lcell); code = afsconf_GetExtendedCellInfo (BU_conf, lcell, 0, &cellinfo, clones); code = convert_cell_to_ubik(&cellinfo, &globalConfPtr->myHost, globalConfPtr->serverList); if (code) ERROR(code); } /* initialize audit user check */ osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch); /* initialize ubik */ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, BU_conf); if (ubik_nBuffers == 0) ubik_nBuffers = 400; LogError(0, "Will allocate %d ubik buffers\n", ubik_nBuffers); asprintf(&dbNamePtr, "%s%s", globalConfPtr->databaseDirectory, globalConfPtr->databaseName); if (dbNamePtr == 0) ERROR(-1); rx_SetRxDeadTime(60); /* 60 seconds inactive before timeout */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_BUDBPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); code = ubik_ServerInitByInfo (globalConfPtr->myHost, htons(AFSCONF_BUDBPORT), &cellinfo, clones, dbNamePtr, /* name prefix */ &BU_dbase); if (code) { LogError(code, "Ubik init failed\n"); afs_com_err(whoami, code, "Ubik init failed"); ERROR(code); } afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase", securityClasses, numClasses, BUDB_ExecuteRequest); if (tservice == (struct rx_service *)0) { LogError(0, "Could not create backup database rx service\n"); printf("Could not create backup database rx service\n"); BUDB_EXIT(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, lwps); rx_SetStackSize(tservice, 10000); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(BU_rxstat_userok); /* misc. initialization */ /* database dump synchronization */ memset(dumpSyncPtr, 0, sizeof(*dumpSyncPtr)); Lock_Init(&dumpSyncPtr->ds_lock); rx_StartServer(0); /* start handling requests */ code = InitProcs(); if (code) ERROR(code); currentTime = time(0); LogError(0, "Ready to process requests at %s\n", ctime(¤tTime)); rx_ServerProc(NULL); /* donate this LWP */ error_exit: osi_audit(BUDB_FinishEvent, code, AUD_END); return (code); }
int main(int argc, char *argv[]) { struct afsconf_dir *tdir; long code; const char *confdir; if (argc == 1) { fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n", argv[0], argv[0]); fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]); fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]); fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); fprintf(stderr, "\t%s delete <kvno>\n", argv[0]); fprintf(stderr, "\t%s list\n", argv[0]); exit(1); } confdir = AFSDIR_SERVER_ETC_DIRPATH; tdir = afsconf_Open(confdir); if (!tdir) { fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0], confdir); exit(1); } if (strcmp(argv[1], "add")==0) { krb5_context context; krb5_principal principal; krb5_keyblock *key; krb5_error_code retval; int kvno, keymode = 0; if (argc != 5) { if (argc == 4) keymode = 1; else { fprintf(stderr, "%s add: usage is '%s add <kvno> <keyfile> " "<princ>\n", argv[0], argv[0]); fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]); fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]); exit(1); } } kvno = atoi(argv[2]); if (keymode) { char tkey[8]; int i; char *cp; if (strlen(argv[3]) != 16) { printf("key %s is not in right format\n", argv[3]); printf(" <key> should be an 8byte hex representation \n"); printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n"); exit(1); } memset(tkey, 0, sizeof(tkey)); for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2) tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16; code = afsconf_AddKey(tdir, kvno, tkey, 1); } else { krb5_init_context(&context); retval = krb5_parse_name(context, argv[4], &principal); if (retval != 0) { afs_com_err(argv[0], retval, "while parsing AFS principal"); exit(1); } retval = krb5_kt_read_service_key(context, argv[3], principal, kvno, ENCTYPE_DES_CBC_CRC, &key); if (retval == KRB5_KT_NOTFOUND) retval = krb5_kt_read_service_key(context, argv[3], principal, kvno, ENCTYPE_DES_CBC_MD5, &key); if (retval == KRB5_KT_NOTFOUND) retval = krb5_kt_read_service_key(context, argv[3], principal, kvno, ENCTYPE_DES_CBC_MD4, &key); if (retval == KRB5_KT_NOTFOUND) { char * princname = NULL; krb5_unparse_name(context, principal, &princname); afs_com_err(argv[0], retval, "for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4", princname ? princname : argv[4], kvno); exit(1); } else if (retval != 0) { afs_com_err(argv[0], retval, "while extracting AFS service key"); exit(1); } #ifdef USING_HEIMDAL #define deref_key_length(key) \ key->keyvalue.length #define deref_key_contents(key) \ key->keyvalue.data #else #define deref_key_length(key) \ key->length #define deref_key_contents(key) \ key->contents #endif if (deref_key_length(key) != 8) { fprintf(stderr, "Key length should be 8, but is really %u!\n", (unsigned int)deref_key_length(key)); exit(1); } code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1); } if (code) { fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code); exit(1); } if (keymode == 0) { krb5_free_principal(context, principal); krb5_free_keyblock(context, key); } } else if (strcmp(argv[1], "delete")==0) { long kvno; if (argc != 3) { fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n", argv[0], argv[0]); exit(1); } kvno = atoi(argv[2]); code = afsconf_DeleteKey(tdir, kvno); if (code) { fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n", argv[0], kvno, code); exit(1); } } else if (strcmp(argv[1], "list") == 0) { struct afsconf_keys tkeys; int i, j; code = afsconf_GetKeys(tdir, &tkeys); if (code) { fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code); exit(1); } for(i=0;i<tkeys.nkeys;i++) { if (tkeys.key[i].kvno != -1) { printf("kvno %4d: key is: ", tkeys.key[i].kvno); for (j = 0; j < 8; j++) printf("%02x", (unsigned char) tkeys.key[i].key[j]); printf("\n"); } } printf("All done.\n"); } else { fprintf(stderr, "%s: unknown operation '%s', type '%s' for " "assistance\n", argv[0], argv[1], argv[0]); exit(1); } exit(0); }
int main(int argc, char **argv) { char localName[64]; register afs_int32 code; register char *cname; struct afsconf_dir *tdir; struct ktc_principal tserver; struct ktc_token token; strcpy(whoami, argv[0]); if (argc <= 1) { printf ("%s: copies a file system ticket from the local cell to another cell\n", whoami); printf("%s: usage is 'setauth <new-cell>\n", whoami); exit(1); } cname = argv[1]; /* lookup the name of the local cell */ tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH); if (!tdir) { printf("copyauth: can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH); exit(1); } code = afsconf_GetLocalCell(tdir, localName, sizeof(localName)); if (code) { printf("%s: can't determine local cell name\n", whoami); exit(1); } /* done with configuration stuff now */ afsconf_Close(tdir); /* get ticket in local cell */ strcpy(tserver.cell, localName); strcpy(tserver.name, "afs"); tserver.instance[0] = 0; code = ktc_GetToken(&tserver, &token, sizeof(token), NULL); if (code) { printf ("%s: failed to get '%s' service ticket in cell '%s' (code %d)\n", whoami, tserver.name, tserver.cell, code); exit(1); } /* and now set the ticket in the new cell */ strcpy(tserver.cell, argv[1]); code = ktc_SetToken(&tserver, &token, NULL, 0); if (code) { printf ("%s: failed to set ticket (code %d), are you sure you're authenticated?\n", whoami, code); exit(1); } /* all done */ printf("Authentication established for cell %s.\n", cname); exit(0); }
static int CommandProc(struct cmd_syndesc *as, void *arock) { krb5_principal princ = 0; char *cell, *pname, **hrealms, *service; char service_temp[MAXKTCREALMLEN + 20]; krb5_creds incred[1], mcred[1], *outcred = 0, *afscred; krb5_ccache cc = 0; #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC krb5_get_init_creds_opt *gic_opts; #else krb5_get_init_creds_opt gic_opts[1]; #endif char *tofree = NULL, *outname; int code; char *what; int i, dosetpag, evil, noprdb, id; #ifdef AFS_RXK5 int authtype; #endif krb5_data enc_part[1]; krb5_prompter_fct pf = NULL; char *pass = 0; void *pa = 0; struct kp_arg klog_arg[1]; char passwd[BUFSIZ]; struct afsconf_cell cellconfig[1]; static char rn[] = "klog"; /*Routine name */ static int Pipe = 0; /* reading from a pipe */ static int Silent = 0; /* Don't want error messages */ int writeTicketFile = 0; /* write ticket file to /tmp */ service = 0; memset(incred, 0, sizeof *incred); /* blow away command line arguments */ for (i = 1; i < zero_argc; i++) memset(zero_argv[i], 0, strlen(zero_argv[i])); zero_argc = 0; memset(klog_arg, 0, sizeof *klog_arg); /* first determine quiet flag based on -silent switch */ Silent = (as->parms[aSILENT].items ? 1 : 0); if (Silent) { afs_set_com_err_hook(silent_errors); } if ((code = krb5_init_context(&k5context))) { afs_com_err(rn, code, "while initializing Kerberos 5 library"); KLOGEXIT(code); } if ((code = rx_Init(0))) { afs_com_err(rn, code, "while initializing rx"); KLOGEXIT(code); } initialize_U_error_table(); /*initialize_krb5_error_table();*/ initialize_RXK_error_table(); initialize_KTC_error_table(); initialize_ACFG_error_table(); /* initialize_rx_error_table(); */ if (!(tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) { afs_com_err(rn, 0, "can't get afs configuration (afsconf_Open(%s))", AFSDIR_CLIENT_ETC_DIRPATH); KLOGEXIT(1); } /* * Enable DES enctypes, which are currently still required for AFS. * krb5_allow_weak_crypto is MIT Kerberos 1.8. krb5_enctype_enable is * Heimdal. */ #if defined(HAVE_KRB5_ENCTYPE_ENABLE) i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC); if (i) krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC); #elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO) krb5_allow_weak_crypto(k5context, 1); #endif /* Parse remaining arguments. */ dosetpag = !! as->parms[aSETPAG].items; Pipe = !! as->parms[aPIPE].items; writeTicketFile = !! as->parms[aTMP].items; noprdb = !! as->parms[aNOPRDB].items; evil = (always_evil&1) || !! as->parms[aUNWRAP].items; #ifdef AFS_RXK5 authtype = 0; if (as->parms[aK5].items) authtype |= FORCE_RXK5; if (as->parms[aK4].items) authtype |= FORCE_RXKAD; if (!authtype) authtype |= env_afs_rxk5_default(); #endif cell = as->parms[aCELL].items ? as->parms[aCELL].items->data : 0; if ((code = afsconf_GetCellInfo(tdir, cell, "afsprot", cellconfig))) { if (cell) afs_com_err(rn, code, "Can't get cell information for '%s'", cell); else afs_com_err(rn, code, "Can't get determine local cell!"); KLOGEXIT(code); } if (as->parms[aKRBREALM].items) { code = krb5_set_default_realm(k5context, as->parms[aKRBREALM].items->data); if (code) { afs_com_err(rn, code, "Can't make <%s> the default realm", as->parms[aKRBREALM].items->data); KLOGEXIT(code); } } else if ((code = krb5_get_host_realm(k5context, cellconfig->hostName[0], &hrealms))) { afs_com_err(rn, code, "Can't get realm for host <%s> in cell <%s>\n", cellconfig->hostName[0], cellconfig->name); KLOGEXIT(code); } else { if (hrealms && *hrealms) { code = krb5_set_default_realm(k5context, *hrealms); if (code) { afs_com_err(rn, code, "Can't make <%s> the default realm", *hrealms); KLOGEXIT(code); } } if (hrealms) krb5_free_host_realm(k5context, hrealms); } id = getuid(); if (as->parms[aPRINCIPAL].items) { pname = as->parms[aPRINCIPAL].items->data; } else { /* No explicit name provided: use Unix uid. */ struct passwd *pw; pw = getpwuid(id); if (pw == 0) { afs_com_err(rn, 0, "Can't figure out your name from your user id (%d).", id); if (!Silent) fprintf(stderr, "%s: Try providing the user name.\n", rn); KLOGEXIT(1); } pname = pw->pw_name; } code = krb5_parse_name(k5context, pname, &princ); if (code) { afs_com_err(rn, code, "Can't parse principal <%s>", pname); KLOGEXIT(code); } if (as->parms[aPASSWORD].items) { /* * Current argument is the desired password string. Remember it in * our local buffer, and zero out the argument string - anyone can * see it there with ps! */ strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd)); memset(as->parms[aPASSWORD].items->data, 0, strlen(as->parms[aPASSWORD].items->data)); pass = passwd; } /* Get the password if it wasn't provided. */ if (!pass) { if (Pipe) { strncpy(passwd, getpipepass(), sizeof(passwd)); pass = passwd; } else { pf = klog_prompter; pa = klog_arg; } } service = 0; #ifdef AFS_RXK5 if (authtype & FORCE_RXK5) { tofree = get_afs_krb5_svc_princ(cellconfig); snprintf(service_temp, sizeof service_temp, "%s", tofree); } else #endif snprintf (service_temp, sizeof service_temp, "afs/%s", cellconfig->name); klog_arg->pp = &pass; klog_arg->pstore = passwd; klog_arg->allocated = sizeof(passwd); /* XXX should allow k5 to prompt in most cases -- what about expired pw?*/ #ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC code = krb5_get_init_creds_opt_alloc(k5context, &gic_opts); if (code) { afs_com_err(rn, code, "Can't allocate get_init_creds options"); KLOGEXIT(code); } #else krb5_get_init_creds_opt_init(gic_opts); #endif for (;;) { code = krb5_get_init_creds_password(k5context, incred, princ, pass, pf, /* prompter */ pa, /* data */ 0, /* start_time */ 0, /* in_tkt_service */ gic_opts); if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) break; } memset(passwd, 0, sizeof(passwd)); if (code) { char *r = 0; if (krb5_get_default_realm(k5context, &r)) r = 0; if (r) afs_com_err(rn, code, "Unable to authenticate in realm %s", r); else afs_com_err(rn, code, "Unable to authenticate to use cell %s", cellconfig->name); if (r) free(r); KLOGEXIT(code); } for (;;writeTicketFile = 0) { if (writeTicketFile) { what = "getting default ccache"; code = krb5_cc_default(k5context, &cc); } else { what = "krb5_cc_resolve"; code = krb5_cc_resolve(k5context, "MEMORY:core", &cc); if (code) goto Failed; } what = "initializing ccache"; code = krb5_cc_initialize(k5context, cc, princ); if (code) goto Failed; what = "writing Kerberos ticket file"; code = krb5_cc_store_cred(k5context, cc, incred); if (code) goto Failed; if (writeTicketFile) fprintf(stderr, "Wrote ticket file to %s\n", krb5_cc_get_name(k5context, cc)); break; Failed: if (code) afs_com_err(rn, code, "%s", what); if (writeTicketFile) { if (cc) { krb5_cc_close(k5context, cc); cc = 0; } continue; } KLOGEXIT(code); } for (service = service_temp;;service = "afs") { memset(mcred, 0, sizeof *mcred); mcred->client = princ; code = krb5_parse_name(k5context, service, &mcred->server); if (code) { afs_com_err(rn, code, "Unable to parse service <%s>\n", service); KLOGEXIT(code); } if (tofree) { free(tofree); tofree = 0; } if (!(code = krb5_unparse_name(k5context, mcred->server, &outname))) tofree = outname; else outname = service; code = krb5_get_credentials(k5context, 0, cc, mcred, &outcred); krb5_free_principal(k5context, mcred->server); if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || service != service_temp) break; #ifdef AFS_RXK5 if (authtype & FORCE_RXK5) break; #endif } afscred = outcred; if (code) { afs_com_err(rn, code, "Unable to get credentials to use %s", outname); KLOGEXIT(code); } #ifdef AFS_RXK5 if (authtype & FORCE_RXK5) { struct ktc_principal aserver[1]; int viceid = 555; memset(aserver, 0, sizeof *aserver); strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1); code = ktc_SetK5Token(k5context, aserver, afscred, viceid, dosetpag); if (code) { afs_com_err(rn, code, "Unable to store tokens for cell %s\n", cellconfig->name); KLOGEXIT(1); } } else #endif { struct ktc_principal aserver[1], aclient[1]; struct ktc_token atoken[1]; memset(atoken, 0, sizeof *atoken); if (evil) { size_t elen = enc_part->length; atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY; if (afs_krb5_skip_ticket_wrapper(afscred->ticket.data, afscred->ticket.length, (char **) &enc_part->data, &elen)) { afs_com_err(rn, 0, "Can't unwrap %s AFS credential", cellconfig->name); KLOGEXIT(1); } } else { atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5; *enc_part = afscred->ticket; } atoken->startTime = afscred->times.starttime; atoken->endTime = afscred->times.endtime; if (tkt_DeriveDesKey(get_creds_enctype(afscred), get_cred_keydata(afscred), get_cred_keylen(afscred), &atoken->sessionKey)) { afs_com_err(rn, 0, "Cannot derive DES key from enctype %i of length %u", get_creds_enctype(afscred), (unsigned)get_cred_keylen(afscred)); KLOGEXIT(1); } memcpy(atoken->ticket, enc_part->data, atoken->ticketLen = enc_part->length); memset(aserver, 0, sizeof *aserver); strncpy(aserver->name, "afs", 4); strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1); memset(aclient, 0, sizeof *aclient); i = realm_len(k5context, afscred->client); if (i > MAXKTCREALMLEN-1) i = MAXKTCREALMLEN-1; memcpy(aclient->cell, realm_data(k5context, afscred->client), i); if (!noprdb) { int viceid = 0; k5_to_k4_name(k5context, afscred->client, aclient); code = whoami(atoken, cellconfig, aclient, &viceid); if (code) { afs_com_err(rn, code, "Can't get your viceid for cell %s", cellconfig->name); *aclient->name = 0; } else snprintf(aclient->name, MAXKTCNAMELEN-1, "AFS ID %d", viceid); } if (!*aclient->name) k5_to_k4_name(k5context, afscred->client, aclient); code = ktc_SetToken(aserver, atoken, aclient, dosetpag); if (code) { afs_com_err(rn, code, "Unable to store tokens for cell %s\n", cellconfig->name); KLOGEXIT(1); } } krb5_free_principal(k5context, princ); krb5_free_cred_contents(k5context, incred); if (outcred) krb5_free_creds(k5context, outcred); if (cc) krb5_cc_close(k5context, cc); if (tofree) free(tofree); return 0; }
int main(int argc, char *argv[]) { afs_int32 code; char *whoami = argv[0]; afs_uint32 serverList[MAXSERVERS]; struct afsconf_cell cellinfo; char *cell; const char *cellservdb, *dbpath, *lclpath; int a; char arg[32]; char default_lclpath[AFSDIR_PATH_MAX]; int servers; int initFlags; int level; /* security level for Ubik */ afs_int32 i; char clones[MAXHOSTSPERCELL]; afs_uint32 host = ntohl(INADDR_ANY); char *auditFileName = NULL; struct rx_service *tservice; struct rx_securityClass *sca[1]; struct rx_securityClass *scm[3]; extern int rx_stackSize; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); if (argc == 0) { usage: printf("Usage: kaserver [-noAuth] [-database <dbpath>] " "[-auditlog <log path>] [-audit-interface <file|sysvmq>] " "[-rxbind] [-localfiles <lclpath>] [-minhours <n>] " "[-servers <serverlist>] [-crossrealm] " /*" [-enable_peer_stats] [-enable_process_stats] " */ "[-help]\n"); exit(1); } #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami); exit(1); } #endif /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } cellservdb = AFSDIR_SERVER_ETC_DIRPATH; dbpath = AFSDIR_SERVER_KADB_FILEPATH; strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH, "/", AFSDIR_KADB_FILE, NULL); lclpath = default_lclpath; debugOutput = 0; servers = 0; initFlags = 0; level = rxkad_crypt; for (a = 1; a < argc; a++) { int arglen = strlen(argv[a]); lcstring(arg, argv[a], sizeof(arg)); #define IsArg(a) (strncmp (arg,a, arglen) == 0) if (strcmp(arg, "-database") == 0) { dbpath = argv[++a]; if (strcmp(lclpath, default_lclpath) == 0) lclpath = dbpath; } else if (strncmp(arg, "-auditlog", arglen) == 0) { auditFileName = argv[++a]; } else if (strncmp(arg, "-audit-interface", arglen) == 0) { char *interface = argv[++a]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); exit(1); } } else if (strcmp(arg, "-localfiles") == 0) lclpath = argv[++a]; else if (strcmp(arg, "-servers") == 0) debugOutput++, servers = 1; else if (strcmp(arg, "-noauth") == 0) debugOutput++, initFlags |= 1; else if (strcmp(arg, "-fastkeys") == 0) debugOutput++, initFlags |= 4; else if (strcmp(arg, "-dbfixup") == 0) debugOutput++, initFlags |= 8; else if (strcmp(arg, "-cellservdb") == 0) { cellservdb = argv[++a]; initFlags |= 2; debugOutput++; } else if (IsArg("-crypt")) level = rxkad_crypt; else if (IsArg("-safe")) level = rxkad_crypt; else if (IsArg("-clear")) level = rxkad_clear; else if (IsArg("-sorry")) level = rxkad_clear; else if (IsArg("-debug")) verbose_track = 0; else if (IsArg("-crossrealm")) krb4_cross = 1; else if (IsArg("-rxbind")) rxBind = 1; else if (IsArg("-minhours")) { MinHours = atoi(argv[++a]); } else if (IsArg("-enable_peer_stats")) { rx_enablePeerRPCStats(); } else if (IsArg("-enable_process_stats")) { rx_enableProcessRPCStats(); } else if (*arg == '-') { /* hack to support help flag */ goto usage; } } if (auditFileName) { osi_audit_file(auditFileName); } if ((code = ka_CellConfig(cellservdb))) goto abort; cell = ka_LocalCell(); KA_conf = afsconf_Open(cellservdb); if (!KA_conf) { code = KANOCELLS; abort: afs_com_err(whoami, code, "Failed getting cell info"); exit(1); } #ifdef AUTH_DBM_LOG kalog_Init(); #else /* NT & HPUX do not have dbm package support. So we can only do some * text logging. So open the AuthLog file for logging and redirect * stdin and stdout to it */ OpenLog(AFSDIR_SERVER_KALOG_FILEPATH); SetupLogSignals(); #endif fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security " "properties. Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n", whoami); ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. " "Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n")); code = afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE, &cellinfo, clones); if (servers) { if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) { afs_com_err(whoami, code, "Couldn't parse server list"); exit(1); } cellinfo.hostAddr[0].sin_addr.s_addr = myHost; for (i = 1; i < MAXSERVERS; i++) { if (!serverList[i]) break; cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i]; } cellinfo.numServers = i; } else { code = convert_cell_to_ubik(&cellinfo, &myHost, serverList); if (code) goto abort; ViceLog(0, ("Using server list from %s cell database.\n", cell)); } /* initialize audit user check */ osi_audit_set_user_check(KA_conf, KA_IsLocalRealmMatch); /* initialize ubik */ if (level == rxkad_clear) ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, KA_conf); else if (level == rxkad_crypt) ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure, afsconf_UpToDate, KA_conf); else { ViceLog(0, ("Unsupported security level %d\n", level)); exit(5); } ViceLog(0, ("Using level %s for Ubik connections.\n", (level == rxkad_crypt ? "crypt" : "clear"))); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, KA_conf); ubik_nBuffers = 80; if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = parseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_KAUTHPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); if (servers) code = ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList, dbpath, &KA_dbase); else code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo, clones, dbpath, &KA_dbase); if (code) { afs_com_err(whoami, code, "Ubik init failed"); exit(2); } sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject(); tservice = rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE, "AuthenticationService", sca, 1, KAA_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create Authentication rx service\n")); exit(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); tservice = rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService", sca, 1, KAT_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create Ticket Granting rx service\n")); exit(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL]; scm[RX_SCINDEX_VAB] = 0; scm[RX_SCINDEX_KAD] = rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0); tservice = rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3, KAM_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create Maintenance rx service\n")); exit(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); rx_SetStackSize(tservice, 10000); tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create rpc stats rx service\n")); exit(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); initialize_dstats(); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(KA_rxstat_userok); rx_StartServer(0); /* start handling req. of all types */ if (init_kaprocs(lclpath, initFlags)) return -1; if ((code = init_krb_udp())) { ViceLog(0, ("Failed to initialize UDP interface; code = %d.\n", code)); ViceLog(0, ("Running without UDP access.\n")); } ViceLog(0, ("Starting to process AuthServer requests\n")); rx_ServerProc(NULL); /* donate this LWP */ return 0; }
/* * cfg_ClientQueryStatus() -- Query status of static client configuration * on host, i.e., status of required configuration files, etc. * Upon successful completion *configStP is set to the client * configuration status, with a value of zero (0) indicating that * the configuration is valid. * * If client configuration is not valid then *cellNameP is set to NULL; * otherwise, *cellNameP is an allocated buffer containing client cell. * * If client software (cache-manager) is not installed then *versionP is * undefined; otherwise *versionP is 34 for 3.4, 35 for 3.5, etc. * * Note: Client configuration is checked even if the client software * is not installed. This is useful for tools that require * client configuration information but NOT the actual * client (cache-manager); for example, the AFS Server Manager. */ int ADMINAPI cfg_ClientQueryStatus(const char *hostName, /* name of host */ short *isInstalledP, /* client software installed */ unsigned *versionP, /* client software version */ afs_status_p configStP, /* client config status */ char **cellNameP, /* client's cell */ afs_status_p st) { /* completion status */ int rc = 1; afs_status_t tst2, tst = 0; afs_status_t clientSt = 0; char *clientCellName = NULL; short cmInstalled = 0; unsigned cmVersion = 0; /* validate parameters */ if (hostName == NULL || *hostName == '\0') { tst = ADMCFGHOSTNAMENULL; } else if (strlen(hostName) > (MAXHOSTCHARS - 1)) { tst = ADMCFGHOSTNAMETOOLONG; } else if (isInstalledP == NULL) { tst = ADMCFGINSTALLEDFLAGPNULL; } else if (versionP == NULL) { tst = ADMCFGVERSIONPNULL; } else if (configStP == NULL) { tst = ADMCFGCONFIGSTATUSPNULL; } else if (cellNameP == NULL) { tst = ADMCFGCELLNAMEPNULL; } /* remote configuration not yet supported; hostName must be local host */ if (tst == 0) { short isLocal; if (!cfgutil_HostNameIsLocal(hostName, &isLocal, &tst2)) { tst = tst2; } else if (!isLocal) { tst = ADMCFGNOTSUPPORTED; } } /* determine if client software (CM) is installed and if so what version */ #ifdef AFS_NT40_ENV /* Windows - cache manager is a service */ if (tst == 0) { DWORD svcState; if (!cfgutil_WindowsServiceQuery (AFSREG_CLT_SVC_NAME, &svcState, &tst2)) { /* CM not installed, or insufficient privilege to check */ if (tst2 == ADMNOPRIV) { tst = tst2; } else { cmInstalled = 0; } } else { /* CM installed, get version */ unsigned major, minor, patch; cmInstalled = 1; if (afssw_GetClientVersion(&major, &minor, &patch)) { /* failed to retrieve version information */ if (errno == EACCES) { tst = ADMNOPRIV; } else { tst = ADMCFGCLIENTVERSIONNOTREAD; } } else { cmVersion = (major * 10) + minor; } } } #else if (tst == 0) { /* function not yet implemented for Unix */ tst = ADMCFGNOTSUPPORTED; } #endif /* AFS_NT40_ENV */ /* check static client configuration; not necessary that client * software (CM) be installed for this information to be valid and useable. */ if (tst == 0) { struct afsconf_dir *confdir; if ((confdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)) == NULL) { /* the client configuration appears to be missing/invalid */ clientSt = ADMCFGCLIENTBASICINFOINVALID; } else { struct afsconf_entry *cellentry; if (confdir->cellName == NULL || *confdir->cellName == '\0') { /* no cell set for client */ clientSt = ADMCFGCLIENTNOTINCELL; } else { for (cellentry = confdir->entries; cellentry != NULL; cellentry = cellentry->next) { if (!strcasecmp (confdir->cellName, cellentry->cellInfo.name)) { break; } } if (cellentry == NULL) { clientSt = ADMCFGCLIENTCELLNOTINDB; } else if (cellentry->cellInfo.numServers <= 0) { clientSt = ADMCFGCLIENTCELLHASNODBENTRIES; } } if (tst == 0 && clientSt == 0) { /* everything looks good; malloc cell name buffer to return */ clientCellName = strdup(cellentry->cellInfo.name); if (clientCellName == NULL) tst = ADMNOMEM; } (void)afsconf_Close(confdir); } } /* return result of query */ if (tst == 0) { /* return client status and cell name */ *isInstalledP = cmInstalled; *versionP = cmVersion; *configStP = clientSt; if (clientSt == 0) { *cellNameP = clientCellName; } else { *cellNameP = NULL; } } else { /* indicate failure */ rc = 0; /* free cell name if allocated before failure */ if (clientCellName != NULL) { free(clientCellName); } } if (st != NULL) { *st = tst; } return rc; }
static afs_int32 InitThisModule(int a_noAuthFlag, char *a_confDir, char *a_cellName) { /*InitThisModule */ #ifdef USS_VOL_DB static char rn[] = "uss_vol:InitThisModule"; #endif afs_int32 code; /*Return code */ struct afsconf_dir *tdir; /*Ptr to conf dir info */ struct afsconf_cell info; /*Info about chosen cell */ afs_int32 scIndex; /*Chosen security index */ afs_int32 secFlags; struct rx_securityClass *sc; /*Generated security object */ afs_int32 i; /*Loop index */ /* * Only once, guys, will 'ya? */ if (initDone) { #ifdef USS_VOL_DB printf("[%s] Called multiple times!\n", rn); #endif /* USS_VOL_DB */ return (0); } /* * Set up our Rx environment. */ #ifdef USS_VOL_DB printf("[%s] Initializing Rx environment\n", rn); #endif /* USS_VOL_DB */ code = rx_Init(0); if (code) { fprintf(stderr, "%s: Couldn't initialize Rx.\n", uss_whoami); return (code); } rx_SetRxDeadTime(50); /* * Find out all about our configuration. */ #ifdef USS_VOL_DB printf("[%s] Handling configuration info\n", rn); #endif /* USS_VOL_DB */ tdir = afsconf_Open(a_confDir); if (!tdir) { fprintf(stderr, "%s: Couldn't open configuration directory (%s).\n", uss_whoami, a_confDir); return (-1); } code = afsconf_GetCellInfo(tdir, a_cellName, AFSCONF_VLDBSERVICE, &info); if (code) { printf("%s: Can't find VLDB server(s) for cell %s\n", uss_whoami, a_cellName); exit(1); } #ifdef USS_VOL_DB printf("[%s] Getting tickets if needed\n", rn); #endif /* USS_VOL_DB */ secFlags = AFSCONF_SECOPTS_FALLBACK_NULL; if (a_noAuthFlag) secFlags |= AFSCONF_SECOPTS_NOAUTH; code = afsconf_PickClientSecObj(tdir, secFlags, &info, a_cellName, &sc, &scIndex, NULL); if (code) { printf("%s: Can't create client security object\n", uss_whoami); exit(1); } if (scIndex == RX_SECIDX_NULL && !a_noAuthFlag) { fprintf(stderr, "%s: Couldn't get AFS tokens, running unauthenticated.\n", uss_whoami); } /* * Tell UV module about default authentication. */ #ifdef USS_VOL_DB printf("[%s] Setting UV security: obj 0x%x, index %d\n", rn, sc, scIndex); #endif /* USS_VOL_DB */ UV_SetSecurity(sc, scIndex); if (info.numServers > VLDB_MAXSERVERS) { fprintf(stderr, "%s: info.numServers=%d (> VLDB_MAXSERVERS=%d)\n", uss_whoami, info.numServers, VLDB_MAXSERVERS); exit(1); } /* * Connect to each VLDB server for the chosen cell. */ for (i = 0; i < info.numServers; i++) { #ifdef USS_VOL_DB printf ("[%s] Connecting to VLDB server 0x%x, port %d, service id %d\n", rn, info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, USER_SERVICE_ID); #endif /* USS_VOL_DB */ serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, USER_SERVICE_ID, sc, scIndex); } /* * Set up to execute Ubik transactions on the VLDB. */ #ifdef USS_VOL_DB printf("[%s] Initializing Ubik interface\n", rn); #endif /* USS_VOL_DB */ code = ubik_ClientInit(serverconns, &uconn_vldbP); if (code) { fprintf(stderr, "%s: Ubik client init failed.\n", uss_whoami); return (code); } #ifdef USS_VOL_DB printf("[%s] VLDB ubik connection structure at 0x%x\n", rn, uconn_vldbP); #endif /* USS_VOL_DB */ /* * Place the ubik VLDB connection structure in its advertised * location. */ cstruct = uconn_vldbP; /* * Success! */ initDone = 1; return (0); } /*InitThisModule */
int main(int argc, char **argv) { afs_int32 code; afs_uint32 myHost; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; struct afsconf_dir *tdir; struct ktc_encryptionKey tkey; struct afsconf_cell info; struct hostent *th; char hostname[VL_MAXNAMELEN]; int noAuth = 0; char clones[MAXHOSTSPERCELL]; afs_uint32 host = ntohl(INADDR_ANY); struct cmd_syndesc *opts; char *vl_dbaseName; char *configDir; char *logFile; char *auditFileName = NULL; char *interface = NULL; char *optstring = NULL; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; rx_extraPackets = 100; /* should be a switch, I guess... */ sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } vl_dbaseName = strdup(AFSDIR_SERVER_VLDB_FILEPATH); configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH); logFile = strdup(AFSDIR_SERVER_VLOG_FILEPATH); cmd_DisableAbbreviations(); cmd_DisablePositionalCommands(); opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL); /* vlserver specific options */ cmd_AddParmAtOffset(opts, OPT_noauth, "-noauth", CMD_FLAG, CMD_OPTIONAL, "disable authentication"); cmd_AddParmAtOffset(opts, OPT_smallmem, "-smallmem", CMD_FLAG, CMD_OPTIONAL, "optimise for small memory systems"); /* general server options */ cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE, CMD_OPTIONAL, "location of audit log"); cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE, CMD_OPTIONAL, "interface to use for audit logging"); cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE, CMD_OPTIONAL, "configuration location"); cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE, CMD_OPTIONAL, "debug level"); cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE, CMD_OPTIONAL, "database file"); cmd_AddParmAlias(opts, OPT_database, "-db"); cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE, CMD_OPTIONAL, "location of logfile"); cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL, "number of threads"); #if !defined(AFS_NT40_ENV) cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG, CMD_OPTIONAL, "log to syslog"); #endif /* rx options */ cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX transport statistics"); cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX RPC statistics"); cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG, CMD_OPTIONAL, "disable jumbograms"); cmd_AddParmAtOffset(opts, OPT_jumbo, "-jumbo", CMD_FLAG, CMD_OPTIONAL, "enable jumbograms"); cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG, CMD_OPTIONAL, "bind only to the primary interface"); cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE, CMD_OPTIONAL, "maximum MTU for RX"); cmd_AddParmAtOffset(opts, OPT_trace, "-trace", CMD_SINGLE, CMD_OPTIONAL, "rx trace file"); /* rxkad options */ cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals", CMD_FLAG, CMD_OPTIONAL, "permit Kerberos 5 principals with dots"); code = cmd_Parse(argc, argv, &opts); if (code) return -1; cmd_OptionAsString(opts, OPT_config, &configDir); cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH); cmd_SetCommandName("vlserver"); /* vlserver options */ cmd_OptionAsFlag(opts, OPT_noauth, &noAuth); cmd_OptionAsFlag(opts, OPT_smallmem, &smallMem); if (cmd_OptionAsString(opts, OPT_trace, &optstring) == 0) { extern char rxi_tracename[80]; strcpy(rxi_tracename, optstring); free(optstring); optstring = NULL; } /* general server options */ cmd_OptionAsString(opts, OPT_auditlog, &auditFileName); if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) { if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); return -1; } free(interface); } cmd_OptionAsInt(opts, OPT_debug, &LogLevel); cmd_OptionAsString(opts, OPT_database, &vl_dbaseName); cmd_OptionAsString(opts, OPT_logfile, &logFile); if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) { if (lwps > MAXLWP) { printf("Warning: '-p %d' is too big; using %d instead\n", lwps, MAXLWP); lwps = MAXLWP; } } #ifndef AFS_NT40_ENV if (cmd_OptionPresent(opts, OPT_syslog)) { serverLogSyslog = 1; cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility); } #endif /* rx options */ if (cmd_OptionPresent(opts, OPT_peer)) rx_enablePeerRPCStats(); if (cmd_OptionPresent(opts, OPT_process)) rx_enableProcessRPCStats(); if (cmd_OptionPresent(opts, OPT_nojumbo)) rxJumbograms = 0; if (cmd_OptionPresent(opts, OPT_jumbo)) rxJumbograms = 1; cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind); cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU); /* rxkad options */ cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck); if (auditFileName) { osi_audit_file(auditFileName); } #ifndef AFS_NT40_ENV serverLogSyslogTag = "vlserver"; #endif OpenLog(logFile); /* set up logging */ SetupLogSignals(); tdir = afsconf_Open(configDir); if (!tdir) { VLog(0, ("vlserver: can't open configuration files in dir %s, giving up.\n", configDir)); exit(1); } /* initialize audit user check */ osi_audit_set_user_check(tdir, vldb_IsLocalRealmMatch); #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); VLog(0, ("vlserver: couldn't initialize winsock. \n")); exit(1); } #endif /* get this host */ gethostname(hostname, sizeof(hostname)); th = gethostbyname(hostname); if (!th) { VLog(0, ("vlserver: couldn't get address of this host (%s).\n", hostname)); exit(1); } memcpy(&myHost, th->h_addr, sizeof(afs_uint32)); #if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV) signal(SIGXCPU, CheckSignal_Signal); #endif /* get list of servers */ code = afsconf_GetExtendedCellInfo(tdir, NULL, AFSCONF_VLDBSERVICE, &info, clones); if (code) { printf("vlserver: Couldn't get cell server list for 'afsvldb'.\n"); exit(2); } vldb_confdir = tdir; /* Preserve our configuration dir */ /* rxvab no longer supported */ memset(&tkey, 0, sizeof(tkey)); if (noAuth) afsconf_SetNoAuthFlag(tdir, 1); if (rxBind) { afs_int32 ccode; #ifndef AFS_NT40_ENV if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else #endif { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_VLDBPORT)); } } if (!rxJumbograms) { rx_SetNoJumbo(); } if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { VLog(0, ("rxMaxMTU %d invalid\n", rxMaxMTU)); return -1; } } ubik_nBuffers = 512; ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, tdir); ubik_SyncWriterCacheProc = vlsynccache; code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_VLDBPORT), &info, clones, vl_dbaseName, &VL_dbase); if (code) { VLog(0, ("vlserver: Ubik init failed: %s\n", afs_error_message(code))); exit(2); } rx_SetRxDeadTime(50); memset(rd_HostAddress, 0, sizeof(rd_HostAddress)); memset(wr_HostAddress, 0, sizeof(wr_HostAddress)); initialize_dstats(); afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", securityClasses, numClasses, VL_ExecuteRequest); if (tservice == (struct rx_service *)0) { VLog(0, ("vlserver: Could not create VLDB_SERVICE rx service\n")); exit(3); } rx_SetMinProcs(tservice, 2); if (lwps < 4) lwps = 4; rx_SetMaxProcs(tservice, lwps); if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { VLog(0, ("vlserver: Could not create rpc stats rx service\n")); exit(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog); VLog(0, ("%s\n", cml_version_number)); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vldb_rxstat_userok); rx_StartServer(1); /* Why waste this idle process?? */ return 0; /* not reachable */ }