/* * Initialize subsystem */ void nfs_rpc_cb_pkginit(void) { char localmachine[MAXHOSTNAMELEN]; /* Create a pool of rpc_call_t */ rpc_call_pool = pool_init("RPC Call Pool", sizeof(rpc_call_t), pool_basic_substrate, NULL, nfs_rpc_init_call, NULL); if(!(rpc_call_pool)) { LogCrit(COMPONENT_INIT, "Error while allocating rpc call pool"); LogError(COMPONENT_INIT, ERR_SYS, ERR_MALLOC, errno); Fatal(); } /* get host name */ if(gethostname(localmachine, sizeof(localmachine)) != 0) { LogCrit(COMPONENT_INIT, "Failed to get local host name"); } else if(strmaxcpy(host_name, localmachine, sizeof(host_name)) == -1) { LogCrit(COMPONENT_INIT, "local host name %s too long", localmachine); } /* ccache */ nfs_rpc_cb_init_ccache(nfs_param.krb5_param.ccache_dir); /* sanity check GSSAPI */ if (gssd_check_mechs() != 0) LogCrit(COMPONENT_INIT, "sanity check: gssd_check_mechs() failed"); return; }
int main(int argc, char *argv[]) { int get_creds = 1; int fg = 0; int verbosity = 0; int opt; int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0; char *progname; while ((opt = getopt(argc, argv, "fnvmogksz")) != -1) { switch (opt) { case 'f': fg = 1; break; case 'n': get_creds = 0; break; case 'v': verbosity++; break; case 'm': get_creds = 1; must_srv_mds = 1; break; case 'o': get_creds = 1; must_srv_oss = 1; break; case 'g': get_creds = 1; must_srv_mgs = 1; break; case 'k': krb_enabled = 1; break; case 'h': usage(stdout, argv[0]); break; case 's': #ifdef HAVE_OPENSSL_SSK sk_enabled = 1; #else fprintf(stderr, "error: request for SSK but service " "support not enabled\n"); usage(stderr, argv[0]); #endif break; case 'z': null_enabled = 1; break; default: usage(stderr, argv[0]); break; } } if ((progname = strrchr(argv[0], '/'))) progname++; else progname = argv[0]; if (!sk_enabled && !krb_enabled && !null_enabled) { #if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0) fprintf(stderr, "warning: no -k, -s, or -z option given, " "assume -k for backward compatibility\n"); krb_enabled = 1; #else fprintf(stderr, "error: need one of -k, -s, or -z options\n"); usage(stderr, argv[0]); #endif } initerr(progname, verbosity, fg); /* For kerberos use gss mechanisms but ignore for sk and null */ if (krb_enabled) { if (gssd_check_mechs()) { printerr(0, "ERROR: problem with gssapi library\n"); exit(1); } if (gssd_get_local_realm()) { printerr(0, "ERROR: Can't get Local Kerberos realm\n"); exit(1); } if (get_creds && gssd_prepare_creds(must_srv_mgs, must_srv_mds, must_srv_oss)) { printerr(0, "unable to obtain root (machine) " "credentials\n"); printerr(0, "do you have a keytab entry for " "<lustre_xxs>/<your.host>@<YOUR.REALM> in " "/etc/krb5.keytab?\n"); exit(1); } } if (!fg) mydaemon(0, 0); /* * XXX: There is risk of memory leak for missing call * cleanup_mapping() for SIGKILL and SIGSTOP. */ signal(SIGINT, sig_die); signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); if (!fg) release_parent(); gssd_init_unique(GSSD_SVC); svcgssd_run(); cleanup_mapping(); printerr(0, "gssd_run returned!\n"); abort(); }
int main(int argc, char *argv[]) { int fg = 0; int verbosity = 0; int opt; extern char *optarg; char *progname; while ((opt = getopt(argc, argv, "fvrmMp:k:d:")) != -1) { switch (opt) { case 'f': fg = 1; break; case 'M': use_memcache = 1; break; case 'v': verbosity++; break; case 'p': strlcpy(pipefs_dir, optarg, sizeof(pipefs_dir)); if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0') errx(1, "pipefs path name too long"); break; case 'k': strlcpy(keytabfile, optarg, sizeof(keytabfile)); if (keytabfile[sizeof(keytabfile)-1] != '\0') errx(1, "keytab path name too long"); break; case 'd': strlcpy(ccachedir, optarg, sizeof(ccachedir)); if (ccachedir[sizeof(ccachedir)-1] != '\0') errx(1, "ccachedir path name too long"); break; default: usage(argv[0]); break; } } if ((progname = strrchr(argv[0], '/'))) progname++; else progname = argv[0]; initerr(progname, verbosity, fg); if (gssd_check_mechs() != 0) errx(1, "Problem with gssapi library"); if (gssd_get_local_realm()) errx(1, "get local realm"); if (!fg && daemon(0, 0) < 0) errx(1, "fork"); /* This should be checked _after_ daemon(), because we need to own * the undo-able semaphore by this process */ gssd_init_unique(GSSD_CLI); /* Process keytab file and get machine credentials. This will modify * disk status so do it after we are sure we are the only instance */ if (gssd_refresh_krb5_machine_creds()) return -1; signal(SIGINT, sig_die); signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); #if 0 /* Determine Kerberos information from the kernel */ gssd_obtain_kernel_krb5_info(); #endif lgssd_init_mutexs(); printerr(0, "lgssd initialized and ready to serve\n"); lgssd_run(); lgssd_cleanup(); printerr(0, "lgssd exiting\n"); return 0; }
int main(int argc, char *argv[]) { int fg = 0; int verbosity = 0; int rpc_verbosity = 0; int opt; int i; extern char *optarg; char *progname; memset(ccachesearch, 0, sizeof(ccachesearch)); while ((opt = getopt(argc, argv, "fvrmnMp:k:d:t:R:")) != -1) { switch (opt) { case 'f': fg = 1; break; case 'm': /* Accept but ignore this. Now the default. */ break; case 'M': use_memcache = 1; break; case 'n': root_uses_machine_creds = 0; break; case 'v': verbosity++; break; case 'r': rpc_verbosity++; break; case 'p': strmaxcpy(pipefs_dir, optarg, sizeof(pipefs_dir)); if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0') errx(1, "pipefs path name too long"); break; case 'k': strmaxcpy(keytabfile, optarg, sizeof(keytabfile)); if (keytabfile[sizeof(keytabfile)-1] != '\0') errx(1, "keytab path name too long"); break; case 'd': strmaxcpy(ccachedir, optarg, sizeof(ccachedir)); if (ccachedir[sizeof(ccachedir)-1] != '\0') errx(1, "ccachedir path name too long"); break; case 't': context_timeout = atoi(optarg); break; case 'R': preferred_realm = strdup(optarg); break; default: usage(argv[0]); break; } } i = 0; ccachesearch[i++] = strtok(ccachedir, ":"); do { ccachesearch[i++] = strtok(NULL, ":"); } while (ccachesearch[i-1] != NULL && i < GSSD_MAX_CCACHE_SEARCH); if (preferred_realm == NULL) gssd_k5_get_default_realm(&preferred_realm); if ((progname = strrchr(argv[0], '/'))) progname++; else progname = argv[0]; initerr(progname, verbosity, fg); #ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL if (verbosity && rpc_verbosity == 0) rpc_verbosity = verbosity; authgss_set_debug_level(rpc_verbosity); #else if (rpc_verbosity > 0) printerr(0, "Warning: rpcsec_gss library does not " "support setting debug level\n"); #endif if (gssd_check_mechs() != 0) errx(1, "Problem with gssapi library"); if (!fg && daemon(0, 0) < 0) errx(1, "fork"); signal(SIGINT, sig_die); signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); gssd_run(); printerr(0, "gssd_run returned!\n"); abort(); }
int main(int argc, char *argv[]) { int get_creds = 1; int fg = 0; int verbosity = 0; int rpc_verbosity = 0; int idmap_verbosity = 0; int opt, status; extern char *optarg; char *progname; char *principal = NULL; while ((opt = getopt(argc, argv, "fivrnp:")) != -1) { switch (opt) { case 'f': fg = 1; break; case 'i': idmap_verbosity++; break; case 'n': get_creds = 0; break; case 'v': verbosity++; break; case 'r': rpc_verbosity++; break; case 'p': principal = optarg; break; default: usage(argv[0]); break; } } if ((progname = strrchr(argv[0], '/'))) progname++; else progname = argv[0]; initerr(progname, verbosity, fg); #ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL if (verbosity && rpc_verbosity == 0) rpc_verbosity = verbosity; authgss_set_debug_level(rpc_verbosity); #elif HAVE_LIBTIRPC_SET_DEBUG /* * Only set the libtirpc debug level if explicitly requested via -r... * svcgssd is chatty enough as it is. */ if (rpc_verbosity > 0) libtirpc_set_debug(progname, rpc_verbosity, fg); #else if (rpc_verbosity > 0) printerr(0, "Warning: rpcsec_gss library does not " "support setting debug level\n"); #endif #ifdef HAVE_NFS4_SET_DEBUG if (verbosity && idmap_verbosity == 0) idmap_verbosity = verbosity; nfs4_set_debug(idmap_verbosity, NULL); #else if (idmap_verbosity > 0) printerr(0, "Warning: your nfsidmap library does not " "support setting debug level\n"); #endif if (gssd_check_mechs() != 0) { printerr(0, "ERROR: Problem with gssapi library\n"); exit(1); } daemon_init(fg); signal(SIGINT, sig_die); signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); if (get_creds) { if (principal) status = gssd_acquire_cred(principal, ((const gss_OID)GSS_C_NT_USER_NAME)); else status = gssd_acquire_cred(GSSD_SERVICE_NAME, (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE); if (status == FALSE) { printerr(0, "unable to obtain root (machine) credentials\n"); printerr(0, "do you have a keytab entry for " "nfs/<your.host>@<YOUR.REALM> in " "/etc/krb5.keytab?\n"); exit(1); } } else { status = gssd_acquire_cred(NULL, (const gss_OID)GSS_C_NT_HOSTBASED_SERVICE); if (status == FALSE) { printerr(0, "unable to obtain nameless credentials\n"); exit(1); } } daemon_ready(); nfs4_init_name_mapping(NULL); /* XXX: should only do this once */ gssd_run(); printerr(0, "gssd_run returned!\n"); abort(); }
int main(int argc, char *argv[]) { int fg = 0; int verbosity = 0; int rpc_verbosity = 0; int opt; extern char *optarg; char *progname; while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) { switch (opt) { case 'f': fg = 1; break; case 'm': /* Accept but ignore this. Now the default. */ break; case 'v': verbosity++; break; case 'r': rpc_verbosity++; break; case 'p': strncpy(pipefsdir, optarg, sizeof(pipefsdir)); if (pipefsdir[sizeof(pipefsdir)-1] != '\0') errx(1, "pipefs path name too long"); break; case 'k': strncpy(keytabfile, optarg, sizeof(keytabfile)); if (keytabfile[sizeof(keytabfile)-1] != '\0') errx(1, "keytab path name too long"); break; case 'd': strncpy(ccachedir, optarg, sizeof(ccachedir)); if (ccachedir[sizeof(ccachedir-1)] != '\0') errx(1, "ccachedir path name too long"); break; default: usage(argv[0]); break; } } strncat(pipefsdir + strlen(pipefsdir), "/" GSSD_SERVICE_NAME, sizeof(pipefsdir)-strlen(pipefsdir)); if (pipefsdir[sizeof(pipefsdir)-1] != '\0') errx(1, "pipefs path name too long"); if ((progname = strrchr(argv[0], '/'))) progname++; else progname = argv[0]; initerr(progname, verbosity, fg); #ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL authgss_set_debug_level(rpc_verbosity); #else if (rpc_verbosity > 0) printerr(0, "Warning: rpcsec_gss library does not " "support setting debug level\n"); #endif if (gssd_check_mechs() != 0) errx(1, "Problem with gssapi library"); if (!fg && daemon(0, 0) < 0) errx(1, "fork"); signal(SIGINT, sig_die); signal(SIGTERM, sig_die); signal(SIGHUP, sig_hup); /* Process keytab file and get machine credentials */ gssd_refresh_krb5_machine_creds(); gssd_run(); printerr(0, "gssd_run returned!\n"); abort(); }