afs_int32
SBOZO_GetCellHost(struct rx_call *acall, afs_uint32 awhich, char **aname)
{
afs_int32 code;
struct afsconf_cell tcell;
char *tp;
char clones[MAXHOSTSPERCELL];
code =
afsconf_GetExtendedCellInfo(bozo_confdir, NULL, NULL, &tcell,
clones);
if (code)
goto fail;
if (awhich >= tcell.numServers) {
code = BZDOM;
goto fail;
}
tp = tcell.hostName[awhich];
if (clones[awhich]) {
asprintf(aname, "[%s]", tp);
} else
*aname = strdup(tp);
goto done;
fail:
*aname = malloc(1); /* return fake string */
**aname = 0;
done:
return code;
}
afs_int32
SBOZO_DeleteCellHost(struct rx_call *acall, char *aname)
{
afs_int32 code;
struct afsconf_cell tcell;
afs_int32 which;
int i;
char caller[MAXKTCNAMELEN];
char clones[MAXHOSTSPERCELL];
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing DeleteCellHost '%s'\n", caller, aname);
code =
afsconf_GetExtendedCellInfo(bozo_confdir, NULL, NULL, &tcell,
clones);
if (code)
goto fail;
which = -1;
for (i = 0; i < tcell.numServers; i++) {
if (strcmp(tcell.hostName[i], aname) == 0) {
which = i;
break;
}
}
if (which < 0) {
code = BZNOENT;
goto fail;
}
memset(&tcell.hostAddr[which], 0, sizeof(struct sockaddr_in));
memset(tcell.hostName[which], 0, MAXHOSTCHARS);
code =
afsconf_SetExtendedCellInfo(bozo_confdir, AFSDIR_SERVER_ETC_DIRPATH,
&tcell, clones);
fail:
osi_auditU(acall, BOS_DeleteHostEvent, code, AUD_STR, aname, AUD_END);
return code;
}
afs_int32
SBOZO_SetCellName(struct rx_call *acall, char *aname)
{
struct afsconf_cell tcell;
afs_int32 code;
char caller[MAXKTCNAMELEN];
char clones[MAXHOSTSPERCELL];
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing SetCellName '%s'\n", caller, aname);
code =
afsconf_GetExtendedCellInfo(bozo_confdir, NULL, NULL, &tcell,
clones);
if (code)
goto fail;
/* Check that tcell has enough space for the new cellname. */
if (strlen(aname) > sizeof tcell.name - 1) {
bozo_Log
("ERROR: SetCellName: cell name '%s' exceeds %ld bytes (cell name not changed)\n",
aname, (long)(sizeof tcell.name - 1));
code = BZDOM;
goto fail;
}
strcpy(tcell.name, aname);
code =
afsconf_SetExtendedCellInfo(bozo_confdir, AFSDIR_SERVER_ETC_DIRPATH,
&tcell, clones);
fail:
osi_auditU(acall, BOS_SetCellEvent, code, AUD_STR, aname, AUD_END);
return code;
}
int
main(int argc, char **argv)
{
afs_int32 code;
afs_uint32 myHost;
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
struct afsconf_dir *tdir;
struct ktc_encryptionKey tkey;
struct afsconf_cell info;
struct hostent *th;
char hostname[VL_MAXNAMELEN];
int noAuth = 0;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = ntohl(INADDR_ANY);
struct cmd_syndesc *opts;
char *vl_dbaseName;
char *configDir;
char *logFile;
char *auditFileName = NULL;
char *interface = NULL;
char *optstring = NULL;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
rx_extraPackets = 100; /* should be a switch, I guess... */
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
osi_audit_init();
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
vl_dbaseName = strdup(AFSDIR_SERVER_VLDB_FILEPATH);
configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH);
logFile = strdup(AFSDIR_SERVER_VLOG_FILEPATH);
cmd_DisableAbbreviations();
cmd_DisablePositionalCommands();
opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL);
/* vlserver specific options */
cmd_AddParmAtOffset(opts, OPT_noauth, "-noauth", CMD_FLAG,
CMD_OPTIONAL, "disable authentication");
cmd_AddParmAtOffset(opts, OPT_smallmem, "-smallmem", CMD_FLAG,
CMD_OPTIONAL, "optimise for small memory systems");
/* general server options */
cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE,
CMD_OPTIONAL, "location of audit log");
cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE,
CMD_OPTIONAL, "interface to use for audit logging");
cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE,
CMD_OPTIONAL, "configuration location");
cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE,
CMD_OPTIONAL, "debug level");
cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE,
CMD_OPTIONAL, "database file");
cmd_AddParmAlias(opts, OPT_database, "-db");
cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE,
CMD_OPTIONAL, "location of logfile");
cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL,
"number of threads");
#if !defined(AFS_NT40_ENV)
cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG,
CMD_OPTIONAL, "log to syslog");
#endif
/* rx options */
cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX transport statistics");
cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX RPC statistics");
cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG,
CMD_OPTIONAL, "disable jumbograms");
cmd_AddParmAtOffset(opts, OPT_jumbo, "-jumbo", CMD_FLAG,
CMD_OPTIONAL, "enable jumbograms");
cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG,
CMD_OPTIONAL, "bind only to the primary interface");
cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE,
CMD_OPTIONAL, "maximum MTU for RX");
cmd_AddParmAtOffset(opts, OPT_trace, "-trace", CMD_SINGLE,
CMD_OPTIONAL, "rx trace file");
/* rxkad options */
cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals",
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
code = cmd_Parse(argc, argv, &opts);
if (code)
return -1;
cmd_OptionAsString(opts, OPT_config, &configDir);
cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH);
cmd_SetCommandName("vlserver");
/* vlserver options */
cmd_OptionAsFlag(opts, OPT_noauth, &noAuth);
cmd_OptionAsFlag(opts, OPT_smallmem, &smallMem);
if (cmd_OptionAsString(opts, OPT_trace, &optstring) == 0) {
extern char rxi_tracename[80];
strcpy(rxi_tracename, optstring);
free(optstring);
optstring = NULL;
}
/* general server options */
cmd_OptionAsString(opts, OPT_auditlog, &auditFileName);
if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) {
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
return -1;
}
free(interface);
}
cmd_OptionAsInt(opts, OPT_debug, &LogLevel);
cmd_OptionAsString(opts, OPT_database, &vl_dbaseName);
cmd_OptionAsString(opts, OPT_logfile, &logFile);
if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) {
if (lwps > MAXLWP) {
printf("Warning: '-p %d' is too big; using %d instead\n",
lwps, MAXLWP);
lwps = MAXLWP;
}
}
#ifndef AFS_NT40_ENV
if (cmd_OptionPresent(opts, OPT_syslog)) {
serverLogSyslog = 1;
cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility);
}
#endif
/* rx options */
if (cmd_OptionPresent(opts, OPT_peer))
rx_enablePeerRPCStats();
if (cmd_OptionPresent(opts, OPT_process))
rx_enableProcessRPCStats();
if (cmd_OptionPresent(opts, OPT_nojumbo))
rxJumbograms = 0;
if (cmd_OptionPresent(opts, OPT_jumbo))
rxJumbograms = 1;
cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind);
cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU);
/* rxkad options */
cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
if (auditFileName) {
osi_audit_file(auditFileName);
}
#ifndef AFS_NT40_ENV
serverLogSyslogTag = "vlserver";
#endif
OpenLog(logFile); /* set up logging */
SetupLogSignals();
tdir = afsconf_Open(configDir);
if (!tdir) {
VLog(0,
("vlserver: can't open configuration files in dir %s, giving up.\n",
configDir));
exit(1);
}
/* initialize audit user check */
osi_audit_set_user_check(tdir, vldb_IsLocalRealmMatch);
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
VLog(0, ("vlserver: couldn't initialize winsock. \n"));
exit(1);
}
#endif
/* get this host */
gethostname(hostname, sizeof(hostname));
th = gethostbyname(hostname);
if (!th) {
VLog(0, ("vlserver: couldn't get address of this host (%s).\n",
hostname));
exit(1);
}
memcpy(&myHost, th->h_addr, sizeof(afs_uint32));
#if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV)
signal(SIGXCPU, CheckSignal_Signal);
#endif
/* get list of servers */
code =
afsconf_GetExtendedCellInfo(tdir, NULL, AFSCONF_VLDBSERVICE, &info,
clones);
if (code) {
printf("vlserver: Couldn't get cell server list for 'afsvldb'.\n");
exit(2);
}
vldb_confdir = tdir; /* Preserve our configuration dir */
/* rxvab no longer supported */
memset(&tkey, 0, sizeof(tkey));
if (noAuth)
afsconf_SetNoAuthFlag(tdir, 1);
if (rxBind) {
afs_int32 ccode;
#ifndef AFS_NT40_ENV
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
#endif
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_VLDBPORT));
}
}
if (!rxJumbograms) {
rx_SetNoJumbo();
}
if (rxMaxMTU != -1) {
if (rx_SetMaxMTU(rxMaxMTU) != 0) {
VLog(0, ("rxMaxMTU %d invalid\n", rxMaxMTU));
return -1;
}
}
ubik_nBuffers = 512;
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, tdir);
ubik_SyncWriterCacheProc = vlsynccache;
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_VLDBPORT), &info, clones,
vl_dbaseName, &VL_dbase);
if (code) {
VLog(0, ("vlserver: Ubik init failed: %s\n", afs_error_message(code)));
exit(2);
}
rx_SetRxDeadTime(50);
memset(rd_HostAddress, 0, sizeof(rd_HostAddress));
memset(wr_HostAddress, 0, sizeof(wr_HostAddress));
initialize_dstats();
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server",
securityClasses, numClasses,
VL_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
VLog(0, ("vlserver: Could not create VLDB_SERVICE rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
if (lwps < 4)
lwps = 4;
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
(void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
}
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
securityClasses, numClasses,
RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
VLog(0, ("vlserver: Could not create rpc stats rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
VLog(0, ("%s\n", cml_version_number));
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(vldb_rxstat_userok);
rx_StartServer(1); /* Why waste this idle process?? */
return 0; /* not reachable */
}
int
main(int argc, char **argv)
{
char *whoami = argv[0];
char *dbNamePtr = 0;
struct afsconf_cell cellinfo;
time_t currentTime;
afs_int32 code = 0;
afs_uint32 host = ntohl(INADDR_ANY);
char clones[MAXHOSTSPERCELL];
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
extern int rx_stackSize;
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
exit(1);
}
#endif
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGSEGV, &nsa, NULL);
sigaction(SIGABRT, &nsa, NULL);
#endif
osi_audit_init();
osi_audit(BUDB_StartEvent, 0, AUD_END);
initialize_BUDB_error_table();
initializeArgHandler();
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
afs_com_err(whoami, errno, "; Unable to obtain AFS server directory.");
exit(2);
}
memset(globalConfPtr, 0, sizeof(*globalConfPtr));
/* set default configuration values */
strcpy(dbDir, AFSDIR_SERVER_DB_DIRPATH);
strcat(dbDir, "/");
globalConfPtr->databaseDirectory = dbDir;
globalConfPtr->databaseName = DEFAULT_DBPREFIX;
strcpy(cellConfDir, AFSDIR_SERVER_ETC_DIRPATH);
globalConfPtr->cellConfigdir = cellConfDir;
/* open the log file */
/*
globalConfPtr->log = fopen(DEFAULT_LOGNAME,"a");
if ( globalConfPtr->log == NULL )
{
printf("Can't open log file %s - aborting\n", DEFAULT_LOGNAME);
BUDB_EXIT(-1);
}
*/
srandom(1);
#ifdef AFS_PTHREAD_ENV
SetLogThreadNumProgram( rx_GetThreadNum );
#endif
/* process the user supplied args */
helpOption = 1;
code = cmd_Dispatch(argc, argv);
if (code)
ERROR(code);
/* exit if there was a help option */
if (helpOption)
BUDB_EXIT(0);
/* open the log file */
globalConfPtr->log = fopen(AFSDIR_SERVER_BUDBLOG_FILEPATH, "a");
if (globalConfPtr->log == NULL) {
printf("Can't open log file %s - aborting\n",
AFSDIR_SERVER_BUDBLOG_FILEPATH);
BUDB_EXIT(-1);
}
/* keep log closed so can remove it */
fclose(globalConfPtr->log);
/* open the cell's configuration directory */
LogDebug(4, "opening %s\n", globalConfPtr->cellConfigdir);
BU_conf = afsconf_Open(globalConfPtr->cellConfigdir);
if (BU_conf == 0) {
LogError(code, "Failed getting cell info\n");
afs_com_err(whoami, code, "Failed getting cell info");
ERROR(BUDB_NOCELLS);
}
code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell));
if (code) {
LogError(0, "** Can't determine local cell name!\n");
ERROR(code);
}
if (globalConfPtr->myHost == 0) {
/* if user hasn't supplied a list of servers, extract server
* list from the cell's database
*/
LogDebug(1, "Using server list from %s cell database.\n", lcell);
code = afsconf_GetExtendedCellInfo (BU_conf, lcell, 0, &cellinfo,
clones);
code =
convert_cell_to_ubik(&cellinfo, &globalConfPtr->myHost,
globalConfPtr->serverList);
if (code)
ERROR(code);
}
/* initialize audit user check */
osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch);
/* initialize ubik */
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, BU_conf);
if (ubik_nBuffers == 0)
ubik_nBuffers = 400;
LogError(0, "Will allocate %d ubik buffers\n", ubik_nBuffers);
asprintf(&dbNamePtr, "%s%s", globalConfPtr->databaseDirectory,
globalConfPtr->databaseName);
if (dbNamePtr == 0)
ERROR(-1);
rx_SetRxDeadTime(60); /* 60 seconds inactive before timeout */
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_BUDBPORT));
}
}
/* Disable jumbograms */
rx_SetNoJumbo();
code = ubik_ServerInitByInfo (globalConfPtr->myHost,
htons(AFSCONF_BUDBPORT),
&cellinfo,
clones,
dbNamePtr, /* name prefix */
&BU_dbase);
if (code) {
LogError(code, "Ubik init failed\n");
afs_com_err(whoami, code, "Ubik init failed");
ERROR(code);
}
afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase",
securityClasses, numClasses, BUDB_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
LogError(0, "Could not create backup database rx service\n");
printf("Could not create backup database rx service\n");
BUDB_EXIT(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, lwps);
rx_SetStackSize(tservice, 10000);
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(BU_rxstat_userok);
/* misc. initialization */
/* database dump synchronization */
memset(dumpSyncPtr, 0, sizeof(*dumpSyncPtr));
Lock_Init(&dumpSyncPtr->ds_lock);
rx_StartServer(0); /* start handling requests */
code = InitProcs();
if (code)
ERROR(code);
currentTime = time(0);
LogError(0, "Ready to process requests at %s\n", ctime(¤tTime));
rx_ServerProc(NULL); /* donate this LWP */
error_exit:
osi_audit(BUDB_FinishEvent, code, AUD_END);
return (code);
}
int
main(int argc, char *argv[])
{
afs_int32 code;
char *whoami = argv[0];
afs_uint32 serverList[MAXSERVERS];
struct afsconf_cell cellinfo;
char *cell;
const char *cellservdb, *dbpath, *lclpath;
int a;
char arg[32];
char default_lclpath[AFSDIR_PATH_MAX];
int servers;
int initFlags;
int level; /* security level for Ubik */
afs_int32 i;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = ntohl(INADDR_ANY);
char *auditFileName = NULL;
struct rx_service *tservice;
struct rx_securityClass *sca[1];
struct rx_securityClass *scm[3];
extern int rx_stackSize;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
osi_audit_init();
if (argc == 0) {
usage:
printf("Usage: kaserver [-noAuth] [-database <dbpath>] "
"[-auditlog <log path>] [-audit-interface <file|sysvmq>] "
"[-rxbind] [-localfiles <lclpath>] [-minhours <n>] "
"[-servers <serverlist>] [-crossrealm] "
/*" [-enable_peer_stats] [-enable_process_stats] " */
"[-help]\n");
exit(1);
}
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
exit(1);
}
#endif
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
dbpath = AFSDIR_SERVER_KADB_FILEPATH;
strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
"/", AFSDIR_KADB_FILE, NULL);
lclpath = default_lclpath;
debugOutput = 0;
servers = 0;
initFlags = 0;
level = rxkad_crypt;
for (a = 1; a < argc; a++) {
int arglen = strlen(argv[a]);
lcstring(arg, argv[a], sizeof(arg));
#define IsArg(a) (strncmp (arg,a, arglen) == 0)
if (strcmp(arg, "-database") == 0) {
dbpath = argv[++a];
if (strcmp(lclpath, default_lclpath) == 0)
lclpath = dbpath;
}
else if (strncmp(arg, "-auditlog", arglen) == 0) {
auditFileName = argv[++a];
} else if (strncmp(arg, "-audit-interface", arglen) == 0) {
char *interface = argv[++a];
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
exit(1);
}
} else if (strcmp(arg, "-localfiles") == 0)
lclpath = argv[++a];
else if (strcmp(arg, "-servers") == 0)
debugOutput++, servers = 1;
else if (strcmp(arg, "-noauth") == 0)
debugOutput++, initFlags |= 1;
else if (strcmp(arg, "-fastkeys") == 0)
debugOutput++, initFlags |= 4;
else if (strcmp(arg, "-dbfixup") == 0)
debugOutput++, initFlags |= 8;
else if (strcmp(arg, "-cellservdb") == 0) {
cellservdb = argv[++a];
initFlags |= 2;
debugOutput++;
}
else if (IsArg("-crypt"))
level = rxkad_crypt;
else if (IsArg("-safe"))
level = rxkad_crypt;
else if (IsArg("-clear"))
level = rxkad_clear;
else if (IsArg("-sorry"))
level = rxkad_clear;
else if (IsArg("-debug"))
verbose_track = 0;
else if (IsArg("-crossrealm"))
krb4_cross = 1;
else if (IsArg("-rxbind"))
rxBind = 1;
else if (IsArg("-minhours")) {
MinHours = atoi(argv[++a]);
} else if (IsArg("-enable_peer_stats")) {
rx_enablePeerRPCStats();
} else if (IsArg("-enable_process_stats")) {
rx_enableProcessRPCStats();
} else if (*arg == '-') {
/* hack to support help flag */
goto usage;
}
}
if (auditFileName) {
osi_audit_file(auditFileName);
}
if ((code = ka_CellConfig(cellservdb)))
goto abort;
cell = ka_LocalCell();
KA_conf = afsconf_Open(cellservdb);
if (!KA_conf) {
code = KANOCELLS;
abort:
afs_com_err(whoami, code, "Failed getting cell info");
exit(1);
}
#ifdef AUTH_DBM_LOG
kalog_Init();
#else
/* NT & HPUX do not have dbm package support. So we can only do some
* text logging. So open the AuthLog file for logging and redirect
* stdin and stdout to it
*/
OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
SetupLogSignals();
#endif
fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security "
"properties. Migrating to a Kerberos 5 KDC is advised. "
"http://www.openafs.org/no-more-des.html\n", whoami);
ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. "
"Migrating to a Kerberos 5 KDC is advised. "
"http://www.openafs.org/no-more-des.html\n"));
code =
afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
&cellinfo, clones);
if (servers) {
if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) {
afs_com_err(whoami, code, "Couldn't parse server list");
exit(1);
}
cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
for (i = 1; i < MAXSERVERS; i++) {
if (!serverList[i])
break;
cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
}
cellinfo.numServers = i;
} else {
code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
if (code)
goto abort;
ViceLog(0, ("Using server list from %s cell database.\n", cell));
}
/* initialize audit user check */
osi_audit_set_user_check(KA_conf, KA_IsLocalRealmMatch);
/* initialize ubik */
if (level == rxkad_clear)
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
KA_conf);
else if (level == rxkad_crypt)
ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure,
afsconf_UpToDate, KA_conf);
else {
ViceLog(0, ("Unsupported security level %d\n", level));
exit(5);
}
ViceLog(0,
("Using level %s for Ubik connections.\n",
(level == rxkad_crypt ? "crypt" : "clear")));
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth,
KA_conf);
ubik_nBuffers = 80;
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = parseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_KAUTHPORT));
}
}
/* Disable jumbograms */
rx_SetNoJumbo();
if (servers)
code =
ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
dbpath, &KA_dbase);
else
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
clones, dbpath, &KA_dbase);
if (code) {
afs_com_err(whoami, code, "Ubik init failed");
exit(2);
}
sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
tservice =
rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
"AuthenticationService", sca, 1, KAA_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Authentication rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
tservice =
rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
sca, 1, KAT_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Ticket Granting rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL];
scm[RX_SCINDEX_VAB] = 0;
scm[RX_SCINDEX_KAD] =
rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
tservice =
rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
KAM_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Maintenance rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
rx_SetStackSize(tservice, 10000);
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create rpc stats rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
initialize_dstats();
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(KA_rxstat_userok);
rx_StartServer(0); /* start handling req. of all types */
if (init_kaprocs(lclpath, initFlags))
return -1;
if ((code = init_krb_udp())) {
ViceLog(0,
("Failed to initialize UDP interface; code = %d.\n", code));
ViceLog(0, ("Running without UDP access.\n"));
}
ViceLog(0, ("Starting to process AuthServer requests\n"));
rx_ServerProc(NULL); /* donate this LWP */
return 0;
}
int
main(int argc, char **argv)
{
register afs_int32 code;
afs_uint32 myHost;
register struct hostent *th;
char hostname[64];
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
int kerberosKeys; /* set if found some keys */
int lwps = 3;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = htonl(INADDR_ANY);
const char *pr_dbaseName;
char *whoami = "ptserver";
int a;
char arg[100];
char *auditFileName = NULL;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
osi_audit_init();
osi_audit(PTS_StartEvent, 0, AUD_END);
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
pr_dbaseName = AFSDIR_SERVER_PRDB_FILEPATH;
#if defined(SUPERGROUPS)
/* make sure the structures for database records are the same size */
if ((sizeof(struct prentry) != ENTRYSIZE)
|| (sizeof(struct prentryg) != ENTRYSIZE)) {
fprintf(stderr,
"The structures for the database records are different"
" sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n"
"struct prentryg = %" AFS_SIZET_FMT "\n"
"ENTRYSIZE = %d\n", sizeof(struct prentry),
sizeof(struct prentryg), ENTRYSIZE);
PT_EXIT(1);
}
#endif
for (a = 1; a < argc; a++) {
int alen;
lcstring(arg, argv[a], sizeof(arg));
alen = strlen(arg);
if (strcmp(argv[a], "-d") == 0) {
if ((a + 1) >= argc) {
fprintf(stderr, "missing argument for -d\n");
return -1;
}
debuglevel = atoi(argv[++a]);
LogLevel = debuglevel;
} else if ((strncmp(arg, "-database", alen) == 0)
|| (strncmp(arg, "-db", alen) == 0)) {
pr_dbaseName = argv[++a]; /* specify a database */
} else if (strncmp(arg, "-p", alen) == 0) {
lwps = atoi(argv[++a]);
if (lwps > 16) { /* maximum of 16 */
printf("Warning: '-p %d' is too big; using %d instead\n",
lwps, 16);
lwps = 16;
} else if (lwps < 3) { /* minimum of 3 */
printf("Warning: '-p %d' is too small; using %d instead\n",
lwps, 3);
lwps = 3;
}
#if defined(SUPERGROUPS)
} else if ((strncmp(arg, "-groupdepth", alen) == 0)
|| (strncmp(arg, "-depth", alen) == 0)) {
depthsg = atoi(argv[++a]); /* Max search depth for supergroups */
#endif
} else if (strncmp(arg, "-default_access", alen) == 0) {
prp_user_default = prp_access_mask(argv[++a]);
prp_group_default = prp_access_mask(argv[++a]);
}
else if (strncmp(arg, "-restricted", alen) == 0) {
restricted = 1;
}
else if (strncmp(arg, "-rxbind", alen) == 0) {
rxBind = 1;
}
else if (strncmp(arg, "-allow-dotted-principals", alen) == 0) {
rxkadDisableDotCheck = 1;
}
else if (strncmp(arg, "-enable_peer_stats", alen) == 0) {
rx_enablePeerRPCStats();
} else if (strncmp(arg, "-enable_process_stats", alen) == 0) {
rx_enableProcessRPCStats();
}
#ifndef AFS_NT40_ENV
else if (strncmp(arg, "-syslog", alen) == 0) {
/* set syslog logging flag */
serverLogSyslog = 1;
} else if (strncmp(arg, "-syslog=", MIN(8, alen)) == 0) {
serverLogSyslog = 1;
serverLogSyslogFacility = atoi(arg + 8);
}
#endif
else if (strncmp(arg, "-auditlog", alen) == 0) {
auditFileName = argv[++a];
} else if (strncmp(arg, "-audit-interface", alen) == 0) {
char *interface = argv[++a];
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
PT_EXIT(1);
}
}
else if (!strncmp(arg, "-rxmaxmtu", alen)) {
if ((a + 1) >= argc) {
fprintf(stderr, "missing argument for -rxmaxmtu\n");
PT_EXIT(1);
}
rxMaxMTU = atoi(argv[++a]);
if ((rxMaxMTU < RX_MIN_PACKET_SIZE) ||
(rxMaxMTU > RX_MAX_PACKET_DATA_SIZE)) {
printf("rxMaxMTU %d invalid; must be between %d-%" AFS_SIZET_FMT "\n",
rxMaxMTU, RX_MIN_PACKET_SIZE,
RX_MAX_PACKET_DATA_SIZE);
PT_EXIT(1);
}
}
else if (*arg == '-') {
/* hack in help flag support */
#if defined(SUPERGROUPS)
#ifndef AFS_NT40_ENV
printf("Usage: ptserver [-database <db path>] "
"[-auditlog <log path>] "
"[-audit-interface <file|sysvmq> (default is file)] "
"[-syslog[=FACILITY]] [-d <debug level>] "
"[-p <number of processes>] [-rebuild] "
"[-groupdepth <depth>] "
"[-restricted] [-rxmaxmtu <bytes>] [-rxbind] "
"[-allow-dotted-principals] "
"[-enable_peer_stats] [-enable_process_stats] "
"[-default_access default_user_access default_group_access] "
"[-help]\n");
#else /* AFS_NT40_ENV */
printf("Usage: ptserver [-database <db path>] "
"[-auditlog <log path>] "
"[-audit-interface <file|sysvmq> (default is file)] "
"[-d <debug level>] "
"[-p <number of processes>] [-rebuild] [-rxbind] "
"[-allow-dotted-principals] "
"[-default_access default_user_access default_group_access] "
"[-restricted] [-rxmaxmtu <bytes>] [-rxbind] "
"[-groupdepth <depth>] " "[-help]\n");
#endif
#else
#ifndef AFS_NT40_ENV
printf("Usage: ptserver [-database <db path>] "
"[-auditlog <log path>] "
"[-audit-interface <file|sysvmq> (default is file)] "
"[-d <debug level>] "
"[-syslog[=FACILITY]] "
"[-p <number of processes>] [-rebuild] "
"[-enable_peer_stats] [-enable_process_stats] "
"[-default_access default_user_access default_group_access] "
"[-restricted] [-rxmaxmtu <bytes>] [-rxbind] "
"[-allow-dotted-principals] "
"[-help]\n");
#else /* AFS_NT40_ENV */
printf("Usage: ptserver [-database <db path>] "
"[-auditlog <log path>] [-d <debug level>] "
"[-default_access default_user_access default_group_access] "
"[-restricted] [-rxmaxmtu <bytes>] [-rxbind] "
"[-allow-dotted-principals] "
"[-p <number of processes>] [-rebuild] " "[-help]\n");
#endif
#endif
fflush(stdout);
PT_EXIT(1);
}
#if defined(SUPERGROUPS)
else {
fprintf(stderr, "Unrecognized arg: '%s' ignored!\n", arg);
}
#endif
}
if (auditFileName) {
osi_audit_file(auditFileName);
osi_audit(PTS_StartEvent, 0, AUD_END);
}
#ifndef AFS_NT40_ENV
serverLogSyslogTag = "ptserver";
#endif
OpenLog(AFSDIR_SERVER_PTLOG_FILEPATH); /* set up logging */
SetupLogSignals();
prdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
if (!prdir) {
fprintf(stderr, "ptserver: can't open configuration directory.\n");
PT_EXIT(1);
}
if (afsconf_GetNoAuthFlag(prdir))
printf("ptserver: running unauthenticated\n");
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "ptserver: couldn't initialize winsock. \n");
PT_EXIT(1);
}
#endif
/* get this host */
gethostname(hostname, sizeof(hostname));
th = gethostbyname(hostname);
if (!th) {
fprintf(stderr, "ptserver: couldn't get address of this host.\n");
PT_EXIT(1);
}
memcpy(&myHost, th->h_addr, sizeof(afs_uint32));
/* get list of servers */
code =
afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones);
if (code) {
afs_com_err(whoami, code, "Couldn't get server list");
PT_EXIT(2);
}
pr_realmName = info.name;
{
afs_int32 kvno; /* see if there is a KeyFile here */
struct ktc_encryptionKey key;
code = afsconf_GetLatestKey(prdir, &kvno, &key);
kerberosKeys = (code == 0);
if (!kerberosKeys)
printf
("ptserver: can't find any Kerberos keys, code = %d, ignoring\n",
code);
}
if (kerberosKeys) {
/* initialize ubik */
ubik_CRXSecurityProc = afsconf_ClientAuth;
ubik_CRXSecurityRock = prdir;
ubik_SRXSecurityProc = afsconf_ServerAuth;
ubik_SRXSecurityRock = prdir;
ubik_CheckRXSecurityProc = afsconf_CheckAuth;
ubik_CheckRXSecurityRock = prdir;
}
/* The max needed is when deleting an entry. A full CoEntry deletion
* required removal from 39 entries. Each of which may refers to the entry
* being deleted in one of its CoEntries. If a CoEntry is freed its
* predecessor CoEntry will be modified as well. Any freed blocks also
* modifies the database header. Counting the entry being deleted and its
* CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries
* and the header are in separate Ubik buffers then 120 buffers may be
* required. */
ubik_nBuffers = 120 + /*fudge */ 40;
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = parseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
/* the following call is idempotent so if/when it gets called
* again by the ubik init stuff, it doesn't really matter
* -- klm
*/
rx_InitHost(host, htons(AFSCONF_PROTPORT));
}
}
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones,
pr_dbaseName, &dbase);
if (code) {
afs_com_err(whoami, code, "Ubik init failed");
PT_EXIT(2);
}
#if defined(SUPERGROUPS)
pt_hook_write();
#endif
afsconf_BuildServerSecurityObjects(prdir, 0, &securityClasses,
&numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
if (rxMaxMTU != -1) {
rx_SetMaxMTU(rxMaxMTU);
}
tservice =
rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses,
numClasses, PR_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
fprintf(stderr, "ptserver: Could not create new rx service.\n");
PT_EXIT(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
(void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
}
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
securityClasses, numClasses, RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
fprintf(stderr, "ptserver: Could not create new rx service.\n");
PT_EXIT(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(pr_rxstat_userok);
LogCommandLine(argc, argv, "ptserver",
#if defined(SUPERGROUPS)
"1.1",
#else
"1.0",
#endif
"Starting AFS", FSLog);
rx_StartServer(1);
osi_audit(PTS_FinishEvent, -1, AUD_END);
exit(0);
}
int
main(int argc, char **argv)
{
afs_int32 code;
afs_uint32 myHost;
struct hostent *th;
char hostname[64];
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
int lwps = 3;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = htonl(INADDR_ANY);
struct cmd_syndesc *opts;
struct cmd_item *list;
char *pr_dbaseName;
char *configDir;
char *logFile;
char *whoami = "ptserver";
char *auditFileName = NULL;
char *interface = NULL;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
osi_audit_init();
osi_audit(PTS_StartEvent, 0, AUD_END);
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
pr_dbaseName = strdup(AFSDIR_SERVER_PRDB_FILEPATH);
configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH);
logFile = strdup(AFSDIR_SERVER_PTLOG_FILEPATH);
#if defined(SUPERGROUPS)
/* make sure the structures for database records are the same size */
if ((sizeof(struct prentry) != ENTRYSIZE)
|| (sizeof(struct prentryg) != ENTRYSIZE)) {
fprintf(stderr,
"The structures for the database records are different"
" sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n"
"struct prentryg = %" AFS_SIZET_FMT "\n"
"ENTRYSIZE = %d\n", sizeof(struct prentry),
sizeof(struct prentryg), ENTRYSIZE);
PT_EXIT(1);
}
#endif
cmd_DisableAbbreviations();
cmd_DisablePositionalCommands();
opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL);
/* ptserver specific options */
cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE,
CMD_OPTIONAL, "database file");
cmd_AddParmAlias(opts, OPT_database, "db");
cmd_AddParmAtOffset(opts, OPT_access, "-default_access", CMD_SINGLE,
CMD_OPTIONAL, "default access flags for new entries");
#if defined(SUPERGROUPS)
cmd_AddParmAtOffset(opts, OPT_groupdepth, "-groupdepth", CMD_SINGLE,
CMD_OPTIONAL, "max search depth for supergroups");
cmd_AddParmAlias(opts, OPT_groupdepth, "depth");
#endif
cmd_AddParmAtOffset(opts, OPT_restricted, "-restricted", CMD_FLAG,
CMD_OPTIONAL, "enable restricted mode");
/* general server options */
cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE,
CMD_OPTIONAL, "location of audit log");
cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE,
CMD_OPTIONAL, "interface to use for audit logging");
cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE,
CMD_OPTIONAL, "configuration location");
cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE,
CMD_OPTIONAL, "debug level");
cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE,
CMD_OPTIONAL, "location of logfile");
cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE,
CMD_OPTIONAL, "number of threads");
#if !defined(AFS_NT40_ENV)
cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG,
CMD_OPTIONAL, "log to syslog");
#endif
/* rx options */
cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX transport statistics");
cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX RPC statistics");
cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG,
CMD_OPTIONAL, "bind only to the primary interface");
cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE,
CMD_OPTIONAL, "maximum MTU for RX");
/* rxkad options */
cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals",
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
code = cmd_Parse(argc, argv, &opts);
if (code)
PT_EXIT(1);
cmd_OptionAsString(opts, OPT_config, &configDir);
cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH);
cmd_SetCommandName("ptserver");
if (cmd_OptionAsList(opts, OPT_access, &list) == 0) {
prp_user_default = prp_access_mask(list->data);
if (list->next == NULL || list->next->data == NULL) {
fprintf(stderr, "Missing second argument for -default_access\n");
PT_EXIT(1);
}
prp_group_default = prp_access_mask(list->next->data);
}
#if defined(SUPERGROUPS)
cmd_OptionAsInt(opts, OPT_groupdepth, &depthsg);
#endif
cmd_OptionAsFlag(opts, OPT_restricted, &restricted);
/* general server options */
cmd_OptionAsString(opts, OPT_auditlog, &auditFileName);
if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) {
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
PT_EXIT(1);
}
free(interface);
}
cmd_OptionAsInt(opts, OPT_debug, &LogLevel);
cmd_OptionAsString(opts, OPT_database, &pr_dbaseName);
cmd_OptionAsString(opts, OPT_logfile, &logFile);
if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) {
if (lwps > 64) { /* maximum of 64 */
printf("Warning: '-p %d' is too big; using %d instead\n",
lwps, 64);
lwps = 64;
} else if (lwps < 3) { /* minimum of 3 */
printf("Warning: '-p %d' is too small; using %d instead\n",
lwps, 3);
lwps = 3;
}
}
#ifndef AFS_NT40_ENV
if (cmd_OptionPresent(opts, OPT_syslog)) {
serverLogSyslog = 1;
cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility);
}
#endif
/* rx options */
if (cmd_OptionPresent(opts, OPT_peer))
rx_enablePeerRPCStats();
if (cmd_OptionPresent(opts, OPT_process))
rx_enableProcessRPCStats();
cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind);
cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU);
/* rxkad options */
cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
cmd_FreeOptions(&opts);
if (auditFileName) {
osi_audit_file(auditFileName);
osi_audit(PTS_StartEvent, 0, AUD_END);
}
#ifndef AFS_NT40_ENV
serverLogSyslogTag = "ptserver";
#endif
OpenLog(logFile); /* set up logging */
SetupLogSignals();
prdir = afsconf_Open(configDir);
if (!prdir) {
fprintf(stderr, "ptserver: can't open configuration directory.\n");
PT_EXIT(1);
}
if (afsconf_GetNoAuthFlag(prdir))
printf("ptserver: running unauthenticated\n");
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "ptserver: couldn't initialize winsock. \n");
PT_EXIT(1);
}
#endif
/* get this host */
gethostname(hostname, sizeof(hostname));
th = gethostbyname(hostname);
if (!th) {
fprintf(stderr, "ptserver: couldn't get address of this host.\n");
PT_EXIT(1);
}
memcpy(&myHost, th->h_addr, sizeof(afs_uint32));
/* get list of servers */
code =
afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones);
if (code) {
afs_com_err(whoami, code, "Couldn't get server list");
PT_EXIT(2);
}
/* initialize audit user check */
osi_audit_set_user_check(prdir, pr_IsLocalRealmMatch);
/* initialize ubik */
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, prdir);
/* The max needed is when deleting an entry. A full CoEntry deletion
* required removal from 39 entries. Each of which may refers to the entry
* being deleted in one of its CoEntries. If a CoEntry is freed its
* predecessor CoEntry will be modified as well. Any freed blocks also
* modifies the database header. Counting the entry being deleted and its
* CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries
* and the header are in separate Ubik buffers then 120 buffers may be
* required. */
ubik_nBuffers = 120 + /*fudge */ 40;
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
/* the following call is idempotent so if/when it gets called
* again by the ubik init stuff, it doesn't really matter
* -- klm
*/
rx_InitHost(host, htons(AFSCONF_PROTPORT));
}
}
/* Disable jumbograms */
rx_SetNoJumbo();
if (rxMaxMTU != -1) {
if (rx_SetMaxMTU(rxMaxMTU) != 0) {
printf("rxMaxMTU %d is invalid\n", rxMaxMTU);
PT_EXIT(1);
}
}
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones,
pr_dbaseName, &dbase);
if (code) {
afs_com_err(whoami, code, "Ubik init failed");
PT_EXIT(2);
}
#if defined(SUPERGROUPS)
pt_hook_write();
#endif
afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses,
numClasses, PR_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
fprintf(stderr, "ptserver: Could not create new rx service.\n");
PT_EXIT(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
(void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
}
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
securityClasses, numClasses, RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
fprintf(stderr, "ptserver: Could not create new rx service.\n");
PT_EXIT(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(pr_rxstat_userok);
LogCommandLine(argc, argv, "ptserver",
#if defined(SUPERGROUPS)
"1.1",
#else
"1.0",
#endif
"Starting AFS", FSLog);
rx_StartServer(1);
osi_audit(PTS_FinishEvent, -1, AUD_END);
exit(0);
}
afs_int32
SBOZO_AddCellHost(struct rx_call *acall, char *aname)
{
afs_int32 code;
struct afsconf_cell tcell;
afs_int32 which;
int i;
char caller[MAXKTCNAMELEN];
char clones[MAXHOSTSPERCELL];
char *n;
char isClone = 0;
if (!afsconf_SuperUser(bozo_confdir, acall, caller)) {
code = BZACCESS;
goto fail;
}
if (DoLogging)
bozo_Log("%s is executing AddCellHost '%s'\n", caller, aname);
code =
afsconf_GetExtendedCellInfo(bozo_confdir, NULL, NULL, &tcell,
clones);
if (code)
goto fail;
n = aname;
if (*n == '[') {
*(n + strlen(n) - 1) = 0;
++n;
isClone = 1;
}
which = -1;
for (i = 0; i < tcell.numServers; i++) {
if (strcmp(tcell.hostName[i], n) == 0) {
which = i;
break;
}
}
if (which < 0) {
which = tcell.numServers;
tcell.numServers++;
/*
* Check that tcell has enough space for an additional host.
*
* We assume that tcell.hostAddr[] and tcell.hostName[] have the
* same number of entries.
*/
if (tcell.numServers >
sizeof tcell.hostAddr / sizeof tcell.hostAddr[0]) {
bozo_Log
("ERROR: AddCellHost: attempt to add more than %ld database servers (database server '%s' not added)\n",
(long)(sizeof tcell.hostAddr / sizeof tcell.hostAddr[0]),
aname);
code = BZDOM;
goto fail;
}
/* Check that tcell has enough space for the new hostname. */
if (strlen(aname) > sizeof tcell.hostName[0] - 1) {
bozo_Log
("ERROR: AddCellHost: host name '%s' exceeds %ld bytes (not added)\n",
aname, (long)(sizeof tcell.hostName[0] - 1));
code = BZDOM;
goto fail;
}
}
memset(&tcell.hostAddr[which], 0, sizeof(struct sockaddr_in));
strcpy(tcell.hostName[which], n);
clones[which] = isClone;
code =
afsconf_SetExtendedCellInfo(bozo_confdir, AFSDIR_SERVER_ETC_DIRPATH,
&tcell, clones);
fail:
osi_auditU(acall, BOS_AddHostEvent, code, AUD_STR, aname, AUD_END);
return code;
}