/*! * Pick a security class to use for an outgoing connection * * This function selects an RX security class to use for an outgoing * connection, based on the set of security flags provided. * * @param[in] dir * The configuration directory structure for this cell. If NULL, * no classes requiring local configuration will be returned. * @param[in] flags * A set of flags to determine the properties of the security class which * is selected * - AFSCONF_SECOPTS_NOAUTH - return an anonymous secirty class * - AFSCONF_SECOPTS_LOCALAUTH - use classes which have local key * material available. * - AFSCONF_SECOPTS_ALWAYSENCRYPT - use classes in encrypting, rather * than authentication or integrity modes. * - AFSCONF_SECOPTS_FALLBACK_NULL - if no suitable class can be found, * then fallback to the rxnull security class. * @param[in] info * The cell information structure for the current cell. If this is NULL, * then use a version locally obtained using the cellName. * @param[in] cellName * The cellName to use when obtaining cell information (may be NULL if * info is specified) * @param[out] sc * The selected security class * @param[out] scIndex * The index of the selected security class * @param[out] expires * The expiry time of the tokens used to construct the class. Will be * NEVER_DATE if the class has an unlimited lifetime. If NULL, the * function won't store the expiry date. * * @return * Returns 0 on success, or a com_err error code on failure. */ afs_int32 afsconf_PickClientSecObj(struct afsconf_dir *dir, afsconf_secflags flags, struct afsconf_cell *info, char *cellName, struct rx_securityClass **sc, afs_int32 *scIndex, time_t *expires) { struct afsconf_cell localInfo; afs_int32 code = 0; *sc = NULL; *scIndex = RX_SECIDX_NULL; if (expires) expires = 0; if ( !(flags & AFSCONF_SECOPTS_NOAUTH) ) { if (!dir) return AFSCONF_NOCELLDB; if (flags & AFSCONF_SECOPTS_LOCALAUTH) { code = afsconf_GetLatestKey(dir, 0, 0); if (code) goto out; if (flags & AFSCONF_SECOPTS_ALWAYSENCRYPT) code = afsconf_ClientAuthSecure(dir, sc, scIndex); else code = afsconf_ClientAuth(dir, sc, scIndex); if (code) goto out; if (expires) *expires = NEVERDATE; } else { if (info == NULL) { code = afsconf_GetCellInfo(dir, cellName, NULL, &localInfo); if (code) goto out; info = &localInfo; } code = afsconf_ClientAuthToken(info, flags, sc, scIndex, expires); if (code && !(flags & AFSCONF_SECOPTS_FALLBACK_NULL)) goto out; /* If we didn't get a token, we'll just run anonymously */ code = 0; } } if (*sc == NULL) { *sc = rxnull_NewClientSecurityObject(); *scIndex = RX_SECIDX_NULL; if (expires) *expires = NEVERDATE; } out: return code; }
static afs_int32 GenericAuth(struct afsconf_dir *adir, struct rx_securityClass **astr, afs_int32 *aindex, rxkad_level enclevel) { char tbuffer[256]; struct ktc_encryptionKey key, session; struct rx_securityClass *tclass; afs_int32 kvno; afs_int32 ticketLen; register afs_int32 code; /* first, find the right key and kvno to use */ code = afsconf_GetLatestKey(adir, &kvno, &key); if (code) { return QuickAuth(astr, aindex); } /* next create random session key, using key for seed to good random */ des_init_random_number_generator(ktc_to_cblock(&key)); code = des_random_key(ktc_to_cblock(&session)); if (code) { return QuickAuth(astr, aindex); } /* now create the actual ticket */ ticketLen = sizeof(tbuffer); memset(tbuffer, '\0', sizeof(tbuffer)); code = tkt_MakeTicket(tbuffer, &ticketLen, &key, AUTH_SUPERUSER, "", "", 0, 0xffffffff, &session, 0, "afs", ""); /* parms were buffer, ticketlen, key to seal ticket with, principal * name, instance and cell, start time, end time, session key to seal * in ticket, inet host, server name and server instance */ if (code) { return QuickAuth(astr, aindex); } /* Next, we have ticket, kvno and session key, authenticate the connection. * We use a magic # instead of a constant because of basic compilation * order when compiling the system from scratch (rx/rxkad.h isn't installed * yet). */ tclass = (struct rx_securityClass *) rxkad_NewClientSecurityObject(enclevel, &session, kvno, ticketLen, tbuffer); *astr = tclass; *aindex = RX_SECIDX_KAD; return 0; }
static int _GetLocalSecurityObject(struct afscp_cell *cell, char *aname, char *ainst) { int code = 0; char tbuffer[256]; struct ktc_encryptionKey key, session; struct rx_securityClass *tc; afs_int32 kvno; afs_int32 ticketLen; rxkad_level lev; struct afsconf_dir *tdir; tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!tdir) { code = AFSCONF_FAILURE; goto done; } code = afsconf_GetLatestKey(tdir, &kvno, &key); if (code) { goto done; } DES_init_random_number_generator((DES_cblock *)&key); code = DES_new_random_key((DES_cblock *)&session); if (code) { goto done; } ticketLen = sizeof(tbuffer); memset(tbuffer, 0, sizeof(tbuffer)); code = tkt_MakeTicket(tbuffer, &ticketLen, &key, aname, ainst, "", 0, 0xffffffff, &session, 0, "afs", ""); if (code) { goto done; } if (insecure) { lev = rxkad_clear; } else { lev = rxkad_crypt; } tc = (struct rx_securityClass *) rxkad_NewClientSecurityObject(lev, &session, kvno, ticketLen, tbuffer); if (!tc) { code = RXKADBADKEY; goto done; } cell->security = tc; cell->scindex = 2; done: if (tdir) { afsconf_Close(tdir); } return code; }
afs_int32 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell) { afs_int32 code; struct rx_connection *serverconns[MAXSERVERS]; struct rx_securityClass *sc = NULL; static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */ static char tconfDir[100] = ""; static char tcell[64] = ""; afs_int32 scIndex; afs_int32 secFlags; static struct afsconf_cell info; afs_int32 i; #if !defined(UKERNEL) char cellstr[64]; #endif afs_int32 gottdir = 0; afs_int32 refresh = 0; initialize_PT_error_table(); initialize_RXK_error_table(); initialize_ACFG_error_table(); initialize_KTC_error_table(); #if defined(UKERNEL) if (!cell) { cell = afs_LclCellName; } #else /* defined(UKERNEL) */ if (!cell) { if (!tdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "%s: Could not open configuration directory: %s.\n", whoami, confDir); else fprintf(stderr, "%s: No configuration directory specified.\n", whoami); return -1; } gottdir = 1; code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr)); if (code) { fprintf(stderr, "libprot: Could not get local cell. [%d]\n", code); return code; } cell = cellstr; } #endif /* defined(UKERNEL) */ if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) { /* * force re-evaluation. we either don't have an afsconf_dir, * the directory has changed or the cell has changed. */ if (tdir && !gottdir) { afsconf_Close(tdir); tdir = (struct afsconf_dir *)NULL; } pruclient = (struct ubik_client *)NULL; refresh = 1; } if (refresh) { strncpy(tconfDir, confDir, sizeof(tconfDir)); strncpy(tcell, cell, sizeof(tcell)); #if defined(UKERNEL) tdir = afs_cdir; #else /* defined(UKERNEL) */ if (!gottdir) tdir = afsconf_Open(confDir); if (!tdir) { if (confDir && strcmp(confDir, "")) fprintf(stderr, "libprot: Could not open configuration directory: %s.\n", confDir); else fprintf(stderr, "libprot: No configuration directory specified.\n"); return -1; } #endif /* defined(UKERNEL) */ code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info); if (code) { fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n", cell, confDir, AFSDIR_CELLSERVDB_FILE); return code; } } /* If we already have a client and it is at the security level we * want, don't get a new one. Unless the security level is 2 in * which case we will get one (and re-read the key file). */ if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) { return 0; } code = rx_Init(0); if (code) { fprintf(stderr, "libprot: Could not initialize rx.\n"); return code; } /* Most callers use secLevel==1, however, the fileserver uses secLevel==2 * to force use of the KeyFile. secLevel == 0 implies -noauth was * specified. */ if (secLevel == 2) { code = afsconf_GetLatestKey(tdir, 0, 0); if (code) { afs_com_err(whoami, code, "(getting key from local KeyFile)\n"); } else { /* If secLevel is two assume we're on a file server and use * ClientAuthSecure if possible. */ code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex); if (code) afs_com_err(whoami, code, "(calling client secure)\n"); } } else if (secLevel > 0) { secFlags = 0; if (secLevel > 1) secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT; code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL); if (code) { afs_com_err(whoami, code, "(getting token)"); if (secLevel > 1) return code; } } if (sc == NULL) { sc = rxnull_NewClientSecurityObject(); scIndex = RX_SECIDX_NULL; } if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0)) fprintf(stderr, "%s: Could not get afs tokens, running unauthenticated\n", whoami); memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */ for (i = 0; i < info.numServers; i++) serverconns[i] = rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port, PRSRV, sc, scIndex); code = ubik_ClientInit(serverconns, &pruclient); if (code) { afs_com_err(whoami, code, "ubik client init failed."); return code; } lastLevel = scIndex; code = rxs_Release(sc); return code; }
int main(int argc, char **argv) { register afs_int32 code; afs_uint32 myHost; register struct hostent *th; char hostname[64]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; int kerberosKeys; /* set if found some keys */ int lwps = 3; char clones[MAXHOSTSPERCELL]; afs_uint32 host = htonl(INADDR_ANY); const char *pr_dbaseName; char *whoami = "ptserver"; int a; char arg[100]; char *auditFileName = NULL; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(PTS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } pr_dbaseName = AFSDIR_SERVER_PRDB_FILEPATH; #if defined(SUPERGROUPS) /* make sure the structures for database records are the same size */ if ((sizeof(struct prentry) != ENTRYSIZE) || (sizeof(struct prentryg) != ENTRYSIZE)) { fprintf(stderr, "The structures for the database records are different" " sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n" "struct prentryg = %" AFS_SIZET_FMT "\n" "ENTRYSIZE = %d\n", sizeof(struct prentry), sizeof(struct prentryg), ENTRYSIZE); PT_EXIT(1); } #endif for (a = 1; a < argc; a++) { int alen; lcstring(arg, argv[a], sizeof(arg)); alen = strlen(arg); if (strcmp(argv[a], "-d") == 0) { if ((a + 1) >= argc) { fprintf(stderr, "missing argument for -d\n"); return -1; } debuglevel = atoi(argv[++a]); LogLevel = debuglevel; } else if ((strncmp(arg, "-database", alen) == 0) || (strncmp(arg, "-db", alen) == 0)) { pr_dbaseName = argv[++a]; /* specify a database */ } else if (strncmp(arg, "-p", alen) == 0) { lwps = atoi(argv[++a]); if (lwps > 16) { /* maximum of 16 */ printf("Warning: '-p %d' is too big; using %d instead\n", lwps, 16); lwps = 16; } else if (lwps < 3) { /* minimum of 3 */ printf("Warning: '-p %d' is too small; using %d instead\n", lwps, 3); lwps = 3; } #if defined(SUPERGROUPS) } else if ((strncmp(arg, "-groupdepth", alen) == 0) || (strncmp(arg, "-depth", alen) == 0)) { depthsg = atoi(argv[++a]); /* Max search depth for supergroups */ #endif } else if (strncmp(arg, "-default_access", alen) == 0) { prp_user_default = prp_access_mask(argv[++a]); prp_group_default = prp_access_mask(argv[++a]); } else if (strncmp(arg, "-restricted", alen) == 0) { restricted = 1; } else if (strncmp(arg, "-rxbind", alen) == 0) { rxBind = 1; } else if (strncmp(arg, "-allow-dotted-principals", alen) == 0) { rxkadDisableDotCheck = 1; } else if (strncmp(arg, "-enable_peer_stats", alen) == 0) { rx_enablePeerRPCStats(); } else if (strncmp(arg, "-enable_process_stats", alen) == 0) { rx_enableProcessRPCStats(); } #ifndef AFS_NT40_ENV else if (strncmp(arg, "-syslog", alen) == 0) { /* set syslog logging flag */ serverLogSyslog = 1; } else if (strncmp(arg, "-syslog=", MIN(8, alen)) == 0) { serverLogSyslog = 1; serverLogSyslogFacility = atoi(arg + 8); } #endif else if (strncmp(arg, "-auditlog", alen) == 0) { auditFileName = argv[++a]; } else if (strncmp(arg, "-audit-interface", alen) == 0) { char *interface = argv[++a]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); PT_EXIT(1); } } else if (!strncmp(arg, "-rxmaxmtu", alen)) { if ((a + 1) >= argc) { fprintf(stderr, "missing argument for -rxmaxmtu\n"); PT_EXIT(1); } rxMaxMTU = atoi(argv[++a]); if ((rxMaxMTU < RX_MIN_PACKET_SIZE) || (rxMaxMTU > RX_MAX_PACKET_DATA_SIZE)) { printf("rxMaxMTU %d invalid; must be between %d-%" AFS_SIZET_FMT "\n", rxMaxMTU, RX_MIN_PACKET_SIZE, RX_MAX_PACKET_DATA_SIZE); PT_EXIT(1); } } else if (*arg == '-') { /* hack in help flag support */ #if defined(SUPERGROUPS) #ifndef AFS_NT40_ENV printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-syslog[=FACILITY]] [-d <debug level>] " "[-p <number of processes>] [-rebuild] " "[-groupdepth <depth>] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-allow-dotted-principals] " "[-enable_peer_stats] [-enable_process_stats] " "[-default_access default_user_access default_group_access] " "[-help]\n"); #else /* AFS_NT40_ENV */ printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-d <debug level>] " "[-p <number of processes>] [-rebuild] [-rxbind] " "[-allow-dotted-principals] " "[-default_access default_user_access default_group_access] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-groupdepth <depth>] " "[-help]\n"); #endif #else #ifndef AFS_NT40_ENV printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-d <debug level>] " "[-syslog[=FACILITY]] " "[-p <number of processes>] [-rebuild] " "[-enable_peer_stats] [-enable_process_stats] " "[-default_access default_user_access default_group_access] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-allow-dotted-principals] " "[-help]\n"); #else /* AFS_NT40_ENV */ printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] [-d <debug level>] " "[-default_access default_user_access default_group_access] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-allow-dotted-principals] " "[-p <number of processes>] [-rebuild] " "[-help]\n"); #endif #endif fflush(stdout); PT_EXIT(1); } #if defined(SUPERGROUPS) else { fprintf(stderr, "Unrecognized arg: '%s' ignored!\n", arg); } #endif } if (auditFileName) { osi_audit_file(auditFileName); osi_audit(PTS_StartEvent, 0, AUD_END); } #ifndef AFS_NT40_ENV serverLogSyslogTag = "ptserver"; #endif OpenLog(AFSDIR_SERVER_PTLOG_FILEPATH); /* set up logging */ SetupLogSignals(); prdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!prdir) { fprintf(stderr, "ptserver: can't open configuration directory.\n"); PT_EXIT(1); } if (afsconf_GetNoAuthFlag(prdir)) printf("ptserver: running unauthenticated\n"); #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "ptserver: couldn't initialize winsock. \n"); PT_EXIT(1); } #endif /* get this host */ gethostname(hostname, sizeof(hostname)); th = gethostbyname(hostname); if (!th) { fprintf(stderr, "ptserver: couldn't get address of this host.\n"); PT_EXIT(1); } memcpy(&myHost, th->h_addr, sizeof(afs_uint32)); /* get list of servers */ code = afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones); if (code) { afs_com_err(whoami, code, "Couldn't get server list"); PT_EXIT(2); } pr_realmName = info.name; { afs_int32 kvno; /* see if there is a KeyFile here */ struct ktc_encryptionKey key; code = afsconf_GetLatestKey(prdir, &kvno, &key); kerberosKeys = (code == 0); if (!kerberosKeys) printf ("ptserver: can't find any Kerberos keys, code = %d, ignoring\n", code); } if (kerberosKeys) { /* initialize ubik */ ubik_CRXSecurityProc = afsconf_ClientAuth; ubik_CRXSecurityRock = prdir; ubik_SRXSecurityProc = afsconf_ServerAuth; ubik_SRXSecurityRock = prdir; ubik_CheckRXSecurityProc = afsconf_CheckAuth; ubik_CheckRXSecurityRock = prdir; } /* The max needed is when deleting an entry. A full CoEntry deletion * required removal from 39 entries. Each of which may refers to the entry * being deleted in one of its CoEntries. If a CoEntry is freed its * predecessor CoEntry will be modified as well. Any freed blocks also * modifies the database header. Counting the entry being deleted and its * CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries * and the header are in separate Ubik buffers then 120 buffers may be * required. */ ubik_nBuffers = 120 + /*fudge */ 40; if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = parseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; /* the following call is idempotent so if/when it gets called * again by the ubik init stuff, it doesn't really matter * -- klm */ rx_InitHost(host, htons(AFSCONF_PROTPORT)); } } code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones, pr_dbaseName, &dbase); if (code) { afs_com_err(whoami, code, "Ubik init failed"); PT_EXIT(2); } #if defined(SUPERGROUPS) pt_hook_write(); #endif afsconf_BuildServerSecurityObjects(prdir, 0, &securityClasses, &numClasses); /* Disable jumbograms */ rx_SetNoJumbo(); if (rxMaxMTU != -1) { rx_SetMaxMTU(rxMaxMTU); } tservice = rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses, numClasses, PR_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, lwps); if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(pr_rxstat_userok); LogCommandLine(argc, argv, "ptserver", #if defined(SUPERGROUPS) "1.1", #else "1.0", #endif "Starting AFS", FSLog); rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); exit(0); }
int main(int argc, char **argv) { afs_int32 code; afs_uint32 myHost; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; struct afsconf_dir *tdir; struct ktc_encryptionKey tkey; struct afsconf_cell info; struct hostent *th; char hostname[VL_MAXNAMELEN]; int noAuth = 0; char clones[MAXHOSTSPERCELL]; afs_uint32 host = ntohl(INADDR_ANY); struct cmd_syndesc *opts; struct logOptions logopts; char *vl_dbaseName; char *configDir; char *auditFileName = NULL; char *interface = NULL; char *optstring = NULL; char *restricted_query_parameter = NULL; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; rx_extraPackets = 100; /* should be a switch, I guess... */ sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); memset(&logopts, 0, sizeof(logopts)); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } vl_dbaseName = strdup(AFSDIR_SERVER_VLDB_FILEPATH); configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH); cmd_DisableAbbreviations(); cmd_DisablePositionalCommands(); opts = cmd_CreateSyntax(NULL, NULL, NULL, 0, NULL); /* vlserver specific options */ cmd_AddParmAtOffset(opts, OPT_noauth, "-noauth", CMD_FLAG, CMD_OPTIONAL, "disable authentication"); cmd_AddParmAtOffset(opts, OPT_smallmem, "-smallmem", CMD_FLAG, CMD_OPTIONAL, "optimise for small memory systems"); /* general server options */ cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE, CMD_OPTIONAL, "location of audit log"); cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE, CMD_OPTIONAL, "interface to use for audit logging"); cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE, CMD_OPTIONAL, "configuration location"); cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE, CMD_OPTIONAL, "debug level"); cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE, CMD_OPTIONAL, "database file"); cmd_AddParmAlias(opts, OPT_database, "-db"); cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE, CMD_OPTIONAL, "location of logfile"); cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL, "number of threads"); #ifdef HAVE_SYSLOG cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG, CMD_OPTIONAL, "log to syslog"); #endif cmd_AddParmAtOffset(opts, OPT_transarc_logs, "-transarc-logs", CMD_FLAG, CMD_OPTIONAL, "enable Transarc style logging"); /* rx options */ cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX transport statistics"); cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX RPC statistics"); cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG, CMD_OPTIONAL, "disable jumbograms"); cmd_AddParmAtOffset(opts, OPT_jumbo, "-jumbo", CMD_FLAG, CMD_OPTIONAL, "enable jumbograms"); cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG, CMD_OPTIONAL, "bind only to the primary interface"); cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE, CMD_OPTIONAL, "maximum MTU for RX"); cmd_AddParmAtOffset(opts, OPT_trace, "-trace", CMD_SINGLE, CMD_OPTIONAL, "rx trace file"); cmd_AddParmAtOffset(opts, OPT_restricted_query, "-restricted_query", CMD_SINGLE, CMD_OPTIONAL, "anyuser | admin"); /* rxkad options */ cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals", CMD_FLAG, CMD_OPTIONAL, "permit Kerberos 5 principals with dots"); code = cmd_Parse(argc, argv, &opts); if (code == CMD_HELP) { exit(0); } if (code) return -1; cmd_OptionAsString(opts, OPT_config, &configDir); cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH); cmd_SetCommandName("vlserver"); /* vlserver options */ cmd_OptionAsFlag(opts, OPT_noauth, &noAuth); cmd_OptionAsFlag(opts, OPT_smallmem, &smallMem); if (cmd_OptionAsString(opts, OPT_trace, &optstring) == 0) { extern char rxi_tracename[80]; strcpy(rxi_tracename, optstring); free(optstring); optstring = NULL; } /* general server options */ cmd_OptionAsString(opts, OPT_auditlog, &auditFileName); if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) { if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); return -1; } free(interface); } cmd_OptionAsString(opts, OPT_database, &vl_dbaseName); if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) { if (lwps > MAXLWP) { printf("Warning: '-p %d' is too big; using %d instead\n", lwps, MAXLWP); lwps = MAXLWP; } } cmd_OptionAsInt(opts, OPT_debug, &logopts.lopt_logLevel); #ifdef HAVE_SYSLOG if (cmd_OptionPresent(opts, OPT_syslog)) { if (cmd_OptionPresent(opts, OPT_logfile)) { fprintf(stderr, "Invalid options: -syslog and -logfile are exclusive.\n"); return -1; } if (cmd_OptionPresent(opts, OPT_transarc_logs)) { fprintf(stderr, "Invalid options: -syslog and -transarc-logs are exclusive.\n"); return -1; } logopts.lopt_dest = logDest_syslog; logopts.lopt_facility = LOG_DAEMON; /* default value */ logopts.lopt_tag = "vlserver"; cmd_OptionAsInt(opts, OPT_syslog, &logopts.lopt_facility); } else #endif { logopts.lopt_dest = logDest_file; if (cmd_OptionPresent(opts, OPT_transarc_logs)) { logopts.lopt_rotateOnOpen = 1; logopts.lopt_rotateStyle = logRotate_old; } if (cmd_OptionPresent(opts, OPT_logfile)) cmd_OptionAsString(opts, OPT_logfile, (char**)&logopts.lopt_filename); else logopts.lopt_filename = AFSDIR_SERVER_VLOG_FILEPATH; } /* rx options */ if (cmd_OptionPresent(opts, OPT_peer)) rx_enablePeerRPCStats(); if (cmd_OptionPresent(opts, OPT_process)) rx_enableProcessRPCStats(); if (cmd_OptionPresent(opts, OPT_nojumbo)) rxJumbograms = 0; if (cmd_OptionPresent(opts, OPT_jumbo)) rxJumbograms = 1; cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind); cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU); /* rxkad options */ cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck); /* restricted query */ if (cmd_OptionAsString(opts, OPT_restricted_query, &restricted_query_parameter) == 0) { if (strcmp(restricted_query_parameter, "anyuser") == 0) restrictedQueryLevel = RESTRICTED_QUERY_ANYUSER; else if (strcmp(restricted_query_parameter, "admin") == 0) restrictedQueryLevel = RESTRICTED_QUERY_ADMIN; else { printf("invalid argument for -restricted_query: %s\n", restricted_query_parameter); return -1; } free(restricted_query_parameter); } if (auditFileName) { osi_audit_file(auditFileName); } OpenLog(&logopts); #ifdef AFS_PTHREAD_ENV opr_softsig_Init(); SetupLogSoftSignals(); #else SetupLogSignals(); #endif tdir = afsconf_Open(configDir); if (!tdir) { VLog(0, ("vlserver: can't open configuration files in dir %s, giving up.\n", configDir)); exit(1); } /* initialize audit user check */ osi_audit_set_user_check(tdir, vldb_IsLocalRealmMatch); #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); VLog(0, ("vlserver: couldn't initialize winsock. \n")); exit(1); } #endif /* get this host */ gethostname(hostname, sizeof(hostname)); th = gethostbyname(hostname); if (!th) { VLog(0, ("vlserver: couldn't get address of this host (%s).\n", hostname)); exit(1); } memcpy(&myHost, th->h_addr, sizeof(afs_uint32)); #if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV) signal(SIGXCPU, CheckSignal_Signal); #endif /* get list of servers */ code = afsconf_GetExtendedCellInfo(tdir, NULL, AFSCONF_VLDBSERVICE, &info, clones); if (code) { printf("vlserver: Couldn't get cell server list for 'afsvldb'.\n"); exit(2); } vldb_confdir = tdir; /* Preserve our configuration dir */ /* rxvab no longer supported */ memset(&tkey, 0, sizeof(tkey)); if (noAuth) afsconf_SetNoAuthFlag(tdir, 1); if (rxBind) { afs_int32 ccode; #ifndef AFS_NT40_ENV if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else #endif { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_VLDBPORT)); } } if (!rxJumbograms) { rx_SetNoJumbo(); } if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { VLog(0, ("rxMaxMTU %d invalid\n", rxMaxMTU)); return -1; } } ubik_nBuffers = 512; ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, tdir); ubik_SyncWriterCacheProc = vlsynccache; code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_VLDBPORT), &info, clones, vl_dbaseName, &VL_dbase); if (code) { VLog(0, ("vlserver: Ubik init failed: %s\n", afs_error_message(code))); exit(2); } rx_SetRxDeadTime(50); memset(rd_HostAddress, 0, sizeof(rd_HostAddress)); memset(wr_HostAddress, 0, sizeof(wr_HostAddress)); initialize_dstats(); afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", securityClasses, numClasses, VL_ExecuteRequest); if (tservice == (struct rx_service *)0) { VLog(0, ("vlserver: Could not create VLDB_SERVICE rx service\n")); exit(3); } rx_SetMinProcs(tservice, 2); if (lwps < 4) lwps = 4; rx_SetMaxProcs(tservice, lwps); if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { VLog(0, ("vlserver: Could not create rpc stats rx service\n")); exit(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog); if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { LogDesWarning(); } VLog(0, ("%s\n", cml_version_number)); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vldb_rxstat_userok); rx_StartServer(1); /* Why waste this idle process?? */ return 0; /* not reachable */ }
int main(int argc, char **argv) { afs_int32 code; struct rx_securityClass **securityClasses; afs_int32 numClasses; struct rx_service *service; struct ktc_encryptionKey tkey; int rxpackets = 100; int rxJumbograms = 0; /* default is to send and receive jumbograms. */ int rxMaxMTU = -1; int bufSize = 0; /* temp variable to read in udp socket buf size */ afs_uint32 host = ntohl(INADDR_ANY); char *auditFileName = NULL; VolumePackageOptions opts; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(VS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } TTsleep = TTrun = 0; /* parse cmd line */ for (code = 1; code < argc; code++) { if (strcmp(argv[code], "-log") == 0) { /* set extra logging flag */ DoLogging = 1; } else if (strcmp(argv[code], "-help") == 0) { goto usage; } else if (strcmp(argv[code], "-rxbind") == 0) { rxBind = 1; } else if (strcmp(argv[code], "-allow-dotted-principals") == 0) { rxkadDisableDotCheck = 1; } else if (strcmp(argv[code], "-d") == 0) { if ((code + 1) >= argc) { fprintf(stderr, "missing argument for -d\n"); return -1; } debuglevel = atoi(argv[++code]); LogLevel = debuglevel; } else if (strcmp(argv[code], "-p") == 0) { lwps = atoi(argv[++code]); if (lwps > MAXLWP) { printf("Warning: '-p %d' is too big; using %d instead\n", lwps, MAXLWP); lwps = MAXLWP; } } else if (strcmp(argv[code], "-auditlog") == 0) { auditFileName = argv[++code]; } else if (strcmp(argv[code], "-audit-interface") == 0) { char *interface = argv[++code]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); return -1; } } else if (strcmp(argv[code], "-nojumbo") == 0) { rxJumbograms = 0; } else if (strcmp(argv[code], "-jumbo") == 0) { rxJumbograms = 1; } else if (!strcmp(argv[code], "-rxmaxmtu")) { if ((code + 1) >= argc) { fprintf(stderr, "missing argument for -rxmaxmtu\n"); exit(1); } rxMaxMTU = atoi(argv[++code]); if ((rxMaxMTU < RX_MIN_PACKET_SIZE) || (rxMaxMTU > RX_MAX_PACKET_DATA_SIZE)) { printf("rxMaxMTU %d invalid; must be between %d-%" AFS_SIZET_FMT "\n", rxMaxMTU, RX_MIN_PACKET_SIZE, RX_MAX_PACKET_DATA_SIZE); exit(1); } } else if (strcmp(argv[code], "-sleep") == 0) { sscanf(argv[++code], "%d/%d", &TTsleep, &TTrun); if ((TTsleep < 0) || (TTrun <= 0)) { printf("Warning: '-sleep %d/%d' is incorrect; ignoring\n", TTsleep, TTrun); TTsleep = TTrun = 0; } } else if (strcmp(argv[code], "-mbpersleep") == 0) { sscanf(argv[++code], "%d", &MBperSecSleep); if (MBperSecSleep < 0) MBperSecSleep = 0; } else if (strcmp(argv[code], "-udpsize") == 0) { if ((code + 1) >= argc) { printf("You have to specify -udpsize <integer value>\n"); exit(1); } sscanf(argv[++code], "%d", &bufSize); if (bufSize < rx_GetMinUdpBufSize()) printf ("Warning:udpsize %d is less than minimum %d; ignoring\n", bufSize, rx_GetMinUdpBufSize()); else udpBufSize = bufSize; } else if (strcmp(argv[code], "-enable_peer_stats") == 0) { rx_enablePeerRPCStats(); } else if (strcmp(argv[code], "-enable_process_stats") == 0) { rx_enableProcessRPCStats(); } else if (strcmp(argv[code], "-preserve-vol-stats") == 0) { DoPreserveVolumeStats = 1; } else if (strcmp(argv[code], "-sync") == 0) { if ((code + 1) >= argc) { printf("You have to specify -sync <sync_behavior>\n"); exit(1); } ih_PkgDefaults(); if (ih_SetSyncBehavior(argv[++code])) { printf("Invalid -sync value %s\n", argv[code]); exit(1); } } #ifndef AFS_NT40_ENV else if (strcmp(argv[code], "-syslog") == 0) { /* set syslog logging flag */ serverLogSyslog = 1; } else if (strncmp(argv[code], "-syslog=", 8) == 0) { serverLogSyslog = 1; serverLogSyslogFacility = atoi(argv[code] + 8); } #endif #ifdef AFS_PTHREAD_ENV else if (strcmp(argv[code], "-convert") == 0) convertToOsd = 1; else if (strcmp(argv[code], "-libafsosd") == 0) libafsosd = 1; #endif else { printf("volserver: unrecognized flag '%s'\n", argv[code]); usage: #ifndef AFS_NT40_ENV printf("Usage: volserver [-log] [-p <number of processes>] " "[-auditlog <log path>] [-d <debug level>] " "[-nojumbo] [-jumbo] [-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] " "[-udpsize <size of socket buffer in bytes>] " "[-syslog[=FACILITY]] -mbpersleep <MB / 1 sec sleep>" "%s" "[-enable_peer_stats] [-enable_process_stats] " "[-sync <always | delayed | onclose | never>] " #ifdef AFS_PTHREAD_ENV , libafsosd ? "[-convert] ":"", #endif "[-help]\n"); #else printf("Usage: volserver [-log] [-p <number of processes>] " "[-auditlog <log path>] [-d <debug level>] " "[-nojumbo] [-jumbo] [-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] " "[-udpsize <size of socket buffer in bytes>] " "[-enable_peer_stats] [-enable_process_stats] " "[-sync <always | delayed | onclose | never>] " "[-help]\n"); #endif VS_EXIT(1); } } if (auditFileName) { osi_audit_file(auditFileName); osi_audit(VS_StartEvent, 0, AUD_END); } #ifdef AFS_SGI_VNODE_GLUE if (afs_init_kernel_config(-1) < 0) { printf ("Can't determine NUMA configuration, not starting volserver.\n"); exit(1); } #endif InitErrTabs(); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( threadNum ); #endif #ifdef AFS_NT40_ENV if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); printf("Volume server unable to start winsock, exiting.\n"); exit(1); } #endif /* Open VolserLog and map stdout, stderr into it; VInitVolumePackage2 can log, so we need to do this here */ OpenLog(AFSDIR_SERVER_VOLSERLOG_FILEPATH); VOptDefaults(volumeServer, &opts); #ifdef AFS_PTHREAD_ENV if (libafsosd) { extern struct vol_data_v0 vol_data_v0; extern struct volser_data_v0 volser_data_v0; struct init_volser_inputs input = { &vol_data_v0, &volser_data_v0 }; struct init_volser_outputs output = { &osdvol, &osdvolser }; code = load_libafsosd("init_volser_afsosd", &input, &output); if (code) { ViceLog(0, ("Loading libafsosd.so failed with code %d, aborting\n", code)); return -1; } } #endif if (VInitVolumePackage2(volumeServer, &opts)) { Log("Shutting down: errors encountered initializing volume package\n"); exit(1); } /* For nuke() */ Lock_Init(&localLock); DInit(40); #ifndef AFS_PTHREAD_ENV vol_PollProc = IOMGR_Poll; /* tell vol pkg to poll io system periodically */ #endif #ifndef AFS_NT40_ENV rxi_syscallp = volser_syscall; #endif rx_nPackets = rxpackets; /* set the max number of packets */ if (udpBufSize) rx_SetUdpBufSize(udpBufSize); /* set the UDP buffer size for receive */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = parseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) host = SHostAddrs[0]; } code = rx_InitHost(host, (int)htons(AFSCONF_VOLUMEPORT)); if (code) { fprintf(stderr, "rx init failed on socket AFSCONF_VOLUMEPORT %u\n", AFSCONF_VOLUMEPORT); VS_EXIT(1); } if (!rxJumbograms) { /* Don't allow 3.4 vos clients to send jumbograms and we don't send. */ rx_SetNoJumbo(); } if (rxMaxMTU != -1) { rx_SetMaxMTU(rxMaxMTU); } rx_GetIFInfo(); #ifndef AFS_PTHREAD_ENV rx_SetRxDeadTime(420); #endif memset(busyFlags, 0, sizeof(busyFlags)); SetupLogSignals(); { #ifdef AFS_PTHREAD_ENV pthread_t tid; pthread_attr_t tattr; osi_Assert(pthread_attr_init(&tattr) == 0); osi_Assert(pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED) == 0); osi_Assert(pthread_create(&tid, &tattr, BKGLoop, NULL) == 0); #else PROCESS pid; LWP_CreateProcess(BKGLoop, 16*1024, 3, 0, "vol bkg daemon", &pid); LWP_CreateProcess(BKGSleep,16*1024, 3, 0, "vol slp daemon", &pid); #endif } /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!tdir) { Abort("volser: could not open conf files in %s\n", AFSDIR_SERVER_ETC_DIRPATH); VS_EXIT(1); } afsconf_GetKey(tdir, 999, &tkey); afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses); if (securityClasses[0] == NULL) Abort("rxnull_NewServerSecurityObject"); service = rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityClasses, numClasses, AFSVolExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetBeforeProc(service, MyBeforeProc); rx_SetAfterProc(service, MyAfterProc); rx_SetIdleDeadTime(service, 0); /* never timeout */ if (lwps < 4) lwps = 4; rx_SetMaxProcs(service, lwps); #if defined(AFS_XBSD_ENV) rx_SetStackSize(service, (128 * 1024)); #elif defined(AFS_SGI_ENV) rx_SetStackSize(service, (48 * 1024)); #else rx_SetStackSize(service, (32 * 1024)); #endif if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(service, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } service = rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetMinProcs(service, 2); rx_SetMaxProcs(service, 4); #ifdef AFS_PTHREAD_ENV if (libafsosd) { service = rx_NewService(0, 7, "afsosd", securityClasses, numClasses, (osdvolser->op_AFSVOLOSD_ExecuteRequest)); if (!service) { ViceLog(0, ("Failed to initialize afsosd rpc service.\n")); exit(-1); } rx_SetBeforeProc(service, MyBeforeProc); rx_SetAfterProc(service, MyAfterProc); rx_SetIdleDeadTime(service, 0); /* never timeout */ rx_SetMinProcs(service, 2); if (lwps < 4) lwps = 4; rx_SetMaxProcs(service, lwps); #if defined(AFS_XBSD_ENV) rx_SetStackSize(service, (128 * 1024)); #elif defined(AFS_SGI_ENV) rx_SetStackSize(service, (48 * 1024)); #else rx_SetStackSize(service, (32 * 1024)); #endif } #endif /* AFS_PTHREAD_ENV */ LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); FT_GetTimeOfDay(&statisticStart, 0); if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { LogDesWarning(); } if (TTsleep) { Log("Will sleep %d second%s every %d second%s\n", TTsleep, (TTsleep > 1) ? "s" : "", TTrun + TTsleep, (TTrun + TTsleep > 1) ? "s" : ""); } /* allow super users to manage RX statistics */ /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vol_rxstat_userok); rx_StartServer(1); /* Donate this process to the server process pool */ osi_audit(VS_FinishEvent, (-1), AUD_END); Abort("StartServer returned?"); return 0; /* not reached */ }
int main(int argc, char **argv) { afs_int32 code; struct rx_securityClass **securityClasses; afs_int32 numClasses; struct rx_service *service; int rxpackets = 100; char hoststr[16]; afs_uint32 host = ntohl(INADDR_ANY); VolumePackageOptions opts; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(VS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH); if (ParseArgs(argc, argv)) { exit(1); } if (auditFileName) { osi_audit_file(auditFileName); osi_audit(VS_StartEvent, 0, AUD_END); } #ifdef AFS_SGI_VNODE_GLUE if (afs_init_kernel_config(-1) < 0) { printf ("Can't determine NUMA configuration, not starting volserver.\n"); exit(1); } #endif InitErrTabs(); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( rx_GetThreadNum ); #endif #ifdef AFS_NT40_ENV if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); printf("Volume server unable to start winsock, exiting.\n"); exit(1); } #endif OpenLog(&logopts); VOptDefaults(volumeServer, &opts); if (VInitVolumePackage2(volumeServer, &opts)) { Log("Shutting down: errors encountered initializing volume package\n"); exit(1); } /* For nuke() */ Lock_Init(&localLock); DInit(40); #ifndef AFS_PTHREAD_ENV vol_PollProc = IOMGR_Poll; /* tell vol pkg to poll io system periodically */ #endif #if !defined( AFS_NT40_ENV ) && !defined(AFS_DARWIN160_ENV) rxi_syscallp = volser_syscall; #endif rx_nPackets = rxpackets; /* set the max number of packets */ if (udpBufSize) rx_SetUdpBufSize(udpBufSize); /* set the UDP buffer size for receive */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) host = SHostAddrs[0]; } Log("Volserver binding rx to %s:%d\n", afs_inet_ntoa_r(host, hoststr), AFSCONF_VOLUMEPORT); code = rx_InitHost(host, (int)htons(AFSCONF_VOLUMEPORT)); if (code) { fprintf(stderr, "rx init failed on socket AFSCONF_VOLUMEPORT %u\n", AFSCONF_VOLUMEPORT); VS_EXIT(1); } if (!rxJumbograms) { /* Don't allow 3.4 vos clients to send jumbograms and we don't send. */ rx_SetNoJumbo(); } if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { fprintf(stderr, "rxMaxMTU %d is invalid\n", rxMaxMTU); VS_EXIT(1); } } rx_GetIFInfo(); rx_SetRxDeadTime(420); memset(busyFlags, 0, sizeof(busyFlags)); #ifdef AFS_PTHREAD_ENV opr_softsig_Init(); SetupLogSoftSignals(); #else SetupLogSignals(); #endif { #ifdef AFS_PTHREAD_ENV pthread_t tid; pthread_attr_t tattr; opr_Verify(pthread_attr_init(&tattr) == 0); opr_Verify(pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED) == 0); opr_Verify(pthread_create(&tid, &tattr, BKGLoop, NULL) == 0); #else PROCESS pid; LWP_CreateProcess(BKGLoop, 16*1024, 3, 0, "vol bkg daemon", &pid); #endif } /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ tdir = afsconf_Open(configDir); if (!tdir) { Abort("volser: could not open conf files in %s\n", configDir); AFS_UNREACHED(VS_EXIT(1)); } /* initialize audit user check */ osi_audit_set_user_check(tdir, vol_IsLocalRealmMatch); afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); if (securityClasses[0] == NULL) Abort("rxnull_NewServerSecurityObject"); service = rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityClasses, numClasses, AFSVolExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetBeforeProc(service, MyBeforeProc); rx_SetAfterProc(service, MyAfterProc); rx_SetIdleDeadTime(service, 0); /* never timeout */ if (lwps < 4) lwps = 4; rx_SetMaxProcs(service, lwps); #if defined(AFS_XBSD_ENV) rx_SetStackSize(service, (128 * 1024)); #elif defined(AFS_SGI_ENV) rx_SetStackSize(service, (48 * 1024)); #else rx_SetStackSize(service, (32 * 1024)); #endif if (rxkadDisableDotCheck) { code = rx_SetSecurityConfiguration(service, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); if (code) { fprintf(stderr, "volser: failed to allow dotted principals: code %d\n", code); VS_EXIT(1); } } service = rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetMinProcs(service, 2); rx_SetMaxProcs(service, 4); LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { LogDesWarning(); } /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vol_rxstat_userok); rx_StartServer(1); /* Donate this process to the server process pool */ osi_audit(VS_FinishEvent, (-1), AUD_END); Abort("StartServer returned?"); AFS_UNREACHED(return 0); }
int main(int argc, char **argv) { afs_int32 code; afs_uint32 myHost; struct hostent *th; char hostname[64]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; int lwps = 3; char clones[MAXHOSTSPERCELL]; afs_uint32 host = htonl(INADDR_ANY); struct cmd_syndesc *opts; struct cmd_item *list; char *pr_dbaseName; char *configDir; char *logFile; char *whoami = "ptserver"; char *auditFileName = NULL; char *interface = NULL; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(PTS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } pr_dbaseName = strdup(AFSDIR_SERVER_PRDB_FILEPATH); configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH); logFile = strdup(AFSDIR_SERVER_PTLOG_FILEPATH); #if defined(SUPERGROUPS) /* make sure the structures for database records are the same size */ if ((sizeof(struct prentry) != ENTRYSIZE) || (sizeof(struct prentryg) != ENTRYSIZE)) { fprintf(stderr, "The structures for the database records are different" " sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n" "struct prentryg = %" AFS_SIZET_FMT "\n" "ENTRYSIZE = %d\n", sizeof(struct prentry), sizeof(struct prentryg), ENTRYSIZE); PT_EXIT(1); } #endif cmd_DisableAbbreviations(); cmd_DisablePositionalCommands(); opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL); /* ptserver specific options */ cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE, CMD_OPTIONAL, "database file"); cmd_AddParmAlias(opts, OPT_database, "-db"); cmd_AddParmAtOffset(opts, OPT_access, "-default_access", CMD_SINGLE, CMD_OPTIONAL, "default access flags for new entries"); #if defined(SUPERGROUPS) cmd_AddParmAtOffset(opts, OPT_groupdepth, "-groupdepth", CMD_SINGLE, CMD_OPTIONAL, "max search depth for supergroups"); cmd_AddParmAlias(opts, OPT_groupdepth, "-depth"); #endif cmd_AddParmAtOffset(opts, OPT_restricted, "-restricted", CMD_FLAG, CMD_OPTIONAL, "enable restricted mode"); /* general server options */ cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE, CMD_OPTIONAL, "location of audit log"); cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE, CMD_OPTIONAL, "interface to use for audit logging"); cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE, CMD_OPTIONAL, "configuration location"); cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE, CMD_OPTIONAL, "debug level"); cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE, CMD_OPTIONAL, "location of logfile"); cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL, "number of threads"); #if !defined(AFS_NT40_ENV) cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG, CMD_OPTIONAL, "log to syslog"); #endif /* rx options */ cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX transport statistics"); cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX RPC statistics"); cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG, CMD_OPTIONAL, "bind only to the primary interface"); cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE, CMD_OPTIONAL, "maximum MTU for RX"); /* rxkad options */ cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals", CMD_FLAG, CMD_OPTIONAL, "permit Kerberos 5 principals with dots"); code = cmd_Parse(argc, argv, &opts); if (code == CMD_HELP) { PT_EXIT(0); } if (code) PT_EXIT(1); cmd_OptionAsString(opts, OPT_config, &configDir); cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH); cmd_SetCommandName("ptserver"); if (cmd_OptionAsList(opts, OPT_access, &list) == 0) { prp_user_default = prp_access_mask(list->data); if (list->next == NULL || list->next->data == NULL) { fprintf(stderr, "Missing second argument for -default_access\n"); PT_EXIT(1); } prp_group_default = prp_access_mask(list->next->data); } #if defined(SUPERGROUPS) cmd_OptionAsInt(opts, OPT_groupdepth, &depthsg); #endif cmd_OptionAsFlag(opts, OPT_restricted, &restricted); /* general server options */ cmd_OptionAsString(opts, OPT_auditlog, &auditFileName); if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) { if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); PT_EXIT(1); } free(interface); } cmd_OptionAsInt(opts, OPT_debug, &LogLevel); cmd_OptionAsString(opts, OPT_database, &pr_dbaseName); cmd_OptionAsString(opts, OPT_logfile, &logFile); if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) { if (lwps > 64) { /* maximum of 64 */ printf("Warning: '-p %d' is too big; using %d instead\n", lwps, 64); lwps = 64; } else if (lwps < 3) { /* minimum of 3 */ printf("Warning: '-p %d' is too small; using %d instead\n", lwps, 3); lwps = 3; } } #ifndef AFS_NT40_ENV if (cmd_OptionPresent(opts, OPT_syslog)) { serverLogSyslog = 1; cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility); } #endif /* rx options */ if (cmd_OptionPresent(opts, OPT_peer)) rx_enablePeerRPCStats(); if (cmd_OptionPresent(opts, OPT_process)) rx_enableProcessRPCStats(); cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind); cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU); /* rxkad options */ cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck); cmd_FreeOptions(&opts); if (auditFileName) { osi_audit_file(auditFileName); osi_audit(PTS_StartEvent, 0, AUD_END); } #ifndef AFS_NT40_ENV serverLogSyslogTag = "ptserver"; #endif OpenLog(logFile); /* set up logging */ SetupLogSignals(); prdir = afsconf_Open(configDir); if (!prdir) { fprintf(stderr, "ptserver: can't open configuration directory.\n"); PT_EXIT(1); } if (afsconf_GetNoAuthFlag(prdir)) printf("ptserver: running unauthenticated\n"); #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "ptserver: couldn't initialize winsock. \n"); PT_EXIT(1); } #endif /* get this host */ gethostname(hostname, sizeof(hostname)); th = gethostbyname(hostname); if (!th) { fprintf(stderr, "ptserver: couldn't get address of this host.\n"); PT_EXIT(1); } memcpy(&myHost, th->h_addr, sizeof(afs_uint32)); /* get list of servers */ code = afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones); if (code) { afs_com_err(whoami, code, "Couldn't get server list"); PT_EXIT(2); } /* initialize audit user check */ osi_audit_set_user_check(prdir, pr_IsLocalRealmMatch); /* initialize ubik */ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, prdir); /* The max needed is when deleting an entry. A full CoEntry deletion * required removal from 39 entries. Each of which may refers to the entry * being deleted in one of its CoEntries. If a CoEntry is freed its * predecessor CoEntry will be modified as well. Any freed blocks also * modifies the database header. Counting the entry being deleted and its * CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries * and the header are in separate Ubik buffers then 120 buffers may be * required. */ ubik_nBuffers = 120 + /*fudge */ 40; if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; /* the following call is idempotent so if/when it gets called * again by the ubik init stuff, it doesn't really matter * -- klm */ rx_InitHost(host, htons(AFSCONF_PROTPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { printf("rxMaxMTU %d is invalid\n", rxMaxMTU); PT_EXIT(1); } } code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones, pr_dbaseName, &dbase); if (code) { afs_com_err(whoami, code, "Ubik init failed"); PT_EXIT(2); } #if defined(SUPERGROUPS) pt_hook_write(); #endif afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses, numClasses, PR_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, lwps); if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(pr_rxstat_userok); LogCommandLine(argc, argv, "ptserver", #if defined(SUPERGROUPS) "1.1", #else "1.0", #endif "Starting AFS", FSLog); if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) { LogDesWarning(); } rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); exit(0); }