/*
* Initialize subsystem
*/
void nfs_rpc_cb_pkginit(void)
{
char localmachine[MAXHOSTNAMELEN];
/* Create a pool of rpc_call_t */
rpc_call_pool = pool_init("RPC Call Pool",
sizeof(rpc_call_t),
pool_basic_substrate,
NULL,
nfs_rpc_init_call,
NULL);
if(!(rpc_call_pool)) {
LogCrit(COMPONENT_INIT,
"Error while allocating rpc call pool");
LogError(COMPONENT_INIT, ERR_SYS, ERR_MALLOC, errno);
Fatal();
}
/* get host name */
if(gethostname(localmachine, sizeof(localmachine)) != 0) {
LogCrit(COMPONENT_INIT, "Failed to get local host name");
}
else
if(strmaxcpy(host_name, localmachine, sizeof(host_name)) == -1) {
LogCrit(COMPONENT_INIT,
"local host name %s too long",
localmachine);
}
/* ccache */
nfs_rpc_cb_init_ccache(nfs_param.krb5_param.ccache_dir);
/* sanity check GSSAPI */
if (gssd_check_mechs() != 0)
LogCrit(COMPONENT_INIT, "sanity check: gssd_check_mechs() failed");
return;
}
int
main(int argc, char *argv[])
{
int get_creds = 1;
int fg = 0;
int verbosity = 0;
int opt;
int must_srv_mds = 0, must_srv_oss = 0, must_srv_mgs = 0;
char *progname;
while ((opt = getopt(argc, argv, "fnvmogksz")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'n':
get_creds = 0;
break;
case 'v':
verbosity++;
break;
case 'm':
get_creds = 1;
must_srv_mds = 1;
break;
case 'o':
get_creds = 1;
must_srv_oss = 1;
break;
case 'g':
get_creds = 1;
must_srv_mgs = 1;
break;
case 'k':
krb_enabled = 1;
break;
case 'h':
usage(stdout, argv[0]);
break;
case 's':
#ifdef HAVE_OPENSSL_SSK
sk_enabled = 1;
#else
fprintf(stderr, "error: request for SSK but service "
"support not enabled\n");
usage(stderr, argv[0]);
#endif
break;
case 'z':
null_enabled = 1;
break;
default:
usage(stderr, argv[0]);
break;
}
}
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
if (!sk_enabled && !krb_enabled && !null_enabled) {
#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(3, 0, 53, 0)
fprintf(stderr, "warning: no -k, -s, or -z option given, "
"assume -k for backward compatibility\n");
krb_enabled = 1;
#else
fprintf(stderr, "error: need one of -k, -s, or -z options\n");
usage(stderr, argv[0]);
#endif
}
initerr(progname, verbosity, fg);
/* For kerberos use gss mechanisms but ignore for sk and null */
if (krb_enabled) {
if (gssd_check_mechs()) {
printerr(0, "ERROR: problem with gssapi library\n");
exit(1);
}
if (gssd_get_local_realm()) {
printerr(0, "ERROR: Can't get Local Kerberos realm\n");
exit(1);
}
if (get_creds &&
gssd_prepare_creds(must_srv_mgs, must_srv_mds,
must_srv_oss)) {
printerr(0, "unable to obtain root (machine) "
"credentials\n");
printerr(0, "do you have a keytab entry for "
"<lustre_xxs>/<your.host>@<YOUR.REALM> in "
"/etc/krb5.keytab?\n");
exit(1);
}
}
if (!fg)
mydaemon(0, 0);
/*
* XXX: There is risk of memory leak for missing call
* cleanup_mapping() for SIGKILL and SIGSTOP.
*/
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
if (!fg)
release_parent();
gssd_init_unique(GSSD_SVC);
svcgssd_run();
cleanup_mapping();
printerr(0, "gssd_run returned!\n");
abort();
}
int
main(int argc, char *argv[])
{
int fg = 0;
int verbosity = 0;
int opt;
extern char *optarg;
char *progname;
while ((opt = getopt(argc, argv, "fvrmMp:k:d:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'M':
use_memcache = 1;
break;
case 'v':
verbosity++;
break;
case 'p':
strlcpy(pipefs_dir, optarg, sizeof(pipefs_dir));
if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0')
errx(1, "pipefs path name too long");
break;
case 'k':
strlcpy(keytabfile, optarg, sizeof(keytabfile));
if (keytabfile[sizeof(keytabfile)-1] != '\0')
errx(1, "keytab path name too long");
break;
case 'd':
strlcpy(ccachedir, optarg, sizeof(ccachedir));
if (ccachedir[sizeof(ccachedir)-1] != '\0')
errx(1, "ccachedir path name too long");
break;
default:
usage(argv[0]);
break;
}
}
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
initerr(progname, verbosity, fg);
if (gssd_check_mechs() != 0)
errx(1, "Problem with gssapi library");
if (gssd_get_local_realm())
errx(1, "get local realm");
if (!fg && daemon(0, 0) < 0)
errx(1, "fork");
/* This should be checked _after_ daemon(), because we need to own
* the undo-able semaphore by this process
*/
gssd_init_unique(GSSD_CLI);
/* Process keytab file and get machine credentials. This will modify
* disk status so do it after we are sure we are the only instance
*/
if (gssd_refresh_krb5_machine_creds())
return -1;
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
#if 0
/* Determine Kerberos information from the kernel */
gssd_obtain_kernel_krb5_info();
#endif
lgssd_init_mutexs();
printerr(0, "lgssd initialized and ready to serve\n");
lgssd_run();
lgssd_cleanup();
printerr(0, "lgssd exiting\n");
return 0;
}
int
main(int argc, char *argv[])
{
int fg = 0;
int verbosity = 0;
int rpc_verbosity = 0;
int opt;
int i;
extern char *optarg;
char *progname;
memset(ccachesearch, 0, sizeof(ccachesearch));
while ((opt = getopt(argc, argv, "fvrmnMp:k:d:t:R:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'm':
/* Accept but ignore this. Now the default. */
break;
case 'M':
use_memcache = 1;
break;
case 'n':
root_uses_machine_creds = 0;
break;
case 'v':
verbosity++;
break;
case 'r':
rpc_verbosity++;
break;
case 'p':
strmaxcpy(pipefs_dir, optarg, sizeof(pipefs_dir));
if (pipefs_dir[sizeof(pipefs_dir)-1] != '\0')
errx(1, "pipefs path name too long");
break;
case 'k':
strmaxcpy(keytabfile, optarg, sizeof(keytabfile));
if (keytabfile[sizeof(keytabfile)-1] != '\0')
errx(1, "keytab path name too long");
break;
case 'd':
strmaxcpy(ccachedir, optarg, sizeof(ccachedir));
if (ccachedir[sizeof(ccachedir)-1] != '\0')
errx(1, "ccachedir path name too long");
break;
case 't':
context_timeout = atoi(optarg);
break;
case 'R':
preferred_realm = strdup(optarg);
break;
default:
usage(argv[0]);
break;
}
}
i = 0;
ccachesearch[i++] = strtok(ccachedir, ":");
do {
ccachesearch[i++] = strtok(NULL, ":");
} while (ccachesearch[i-1] != NULL && i < GSSD_MAX_CCACHE_SEARCH);
if (preferred_realm == NULL)
gssd_k5_get_default_realm(&preferred_realm);
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
initerr(progname, verbosity, fg);
#ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL
if (verbosity && rpc_verbosity == 0)
rpc_verbosity = verbosity;
authgss_set_debug_level(rpc_verbosity);
#else
if (rpc_verbosity > 0)
printerr(0, "Warning: rpcsec_gss library does not "
"support setting debug level\n");
#endif
if (gssd_check_mechs() != 0)
errx(1, "Problem with gssapi library");
if (!fg && daemon(0, 0) < 0)
errx(1, "fork");
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
gssd_run();
printerr(0, "gssd_run returned!\n");
abort();
}
int
main(int argc, char *argv[])
{
int get_creds = 1;
int fg = 0;
int verbosity = 0;
int rpc_verbosity = 0;
int idmap_verbosity = 0;
int opt, status;
extern char *optarg;
char *progname;
char *principal = NULL;
while ((opt = getopt(argc, argv, "fivrnp:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'i':
idmap_verbosity++;
break;
case 'n':
get_creds = 0;
break;
case 'v':
verbosity++;
break;
case 'r':
rpc_verbosity++;
break;
case 'p':
principal = optarg;
break;
default:
usage(argv[0]);
break;
}
}
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
initerr(progname, verbosity, fg);
#ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL
if (verbosity && rpc_verbosity == 0)
rpc_verbosity = verbosity;
authgss_set_debug_level(rpc_verbosity);
#elif HAVE_LIBTIRPC_SET_DEBUG
/*
* Only set the libtirpc debug level if explicitly requested via -r...
* svcgssd is chatty enough as it is.
*/
if (rpc_verbosity > 0)
libtirpc_set_debug(progname, rpc_verbosity, fg);
#else
if (rpc_verbosity > 0)
printerr(0, "Warning: rpcsec_gss library does not "
"support setting debug level\n");
#endif
#ifdef HAVE_NFS4_SET_DEBUG
if (verbosity && idmap_verbosity == 0)
idmap_verbosity = verbosity;
nfs4_set_debug(idmap_verbosity, NULL);
#else
if (idmap_verbosity > 0)
printerr(0, "Warning: your nfsidmap library does not "
"support setting debug level\n");
#endif
if (gssd_check_mechs() != 0) {
printerr(0, "ERROR: Problem with gssapi library\n");
exit(1);
}
daemon_init(fg);
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
if (get_creds) {
if (principal)
status = gssd_acquire_cred(principal,
((const gss_OID)GSS_C_NT_USER_NAME));
else
status = gssd_acquire_cred(GSSD_SERVICE_NAME,
(const gss_OID)GSS_C_NT_HOSTBASED_SERVICE);
if (status == FALSE) {
printerr(0, "unable to obtain root (machine) credentials\n");
printerr(0, "do you have a keytab entry for "
"nfs/<your.host>@<YOUR.REALM> in "
"/etc/krb5.keytab?\n");
exit(1);
}
} else {
status = gssd_acquire_cred(NULL,
(const gss_OID)GSS_C_NT_HOSTBASED_SERVICE);
if (status == FALSE) {
printerr(0, "unable to obtain nameless credentials\n");
exit(1);
}
}
daemon_ready();
nfs4_init_name_mapping(NULL); /* XXX: should only do this once */
gssd_run();
printerr(0, "gssd_run returned!\n");
abort();
}
int
main(int argc, char *argv[])
{
int fg = 0;
int verbosity = 0;
int rpc_verbosity = 0;
int opt;
extern char *optarg;
char *progname;
while ((opt = getopt(argc, argv, "fvrmp:k:d:")) != -1) {
switch (opt) {
case 'f':
fg = 1;
break;
case 'm':
/* Accept but ignore this. Now the default. */
break;
case 'v':
verbosity++;
break;
case 'r':
rpc_verbosity++;
break;
case 'p':
strncpy(pipefsdir, optarg, sizeof(pipefsdir));
if (pipefsdir[sizeof(pipefsdir)-1] != '\0')
errx(1, "pipefs path name too long");
break;
case 'k':
strncpy(keytabfile, optarg, sizeof(keytabfile));
if (keytabfile[sizeof(keytabfile)-1] != '\0')
errx(1, "keytab path name too long");
break;
case 'd':
strncpy(ccachedir, optarg, sizeof(ccachedir));
if (ccachedir[sizeof(ccachedir-1)] != '\0')
errx(1, "ccachedir path name too long");
break;
default:
usage(argv[0]);
break;
}
}
strncat(pipefsdir + strlen(pipefsdir), "/" GSSD_SERVICE_NAME,
sizeof(pipefsdir)-strlen(pipefsdir));
if (pipefsdir[sizeof(pipefsdir)-1] != '\0')
errx(1, "pipefs path name too long");
if ((progname = strrchr(argv[0], '/')))
progname++;
else
progname = argv[0];
initerr(progname, verbosity, fg);
#ifdef HAVE_AUTHGSS_SET_DEBUG_LEVEL
authgss_set_debug_level(rpc_verbosity);
#else
if (rpc_verbosity > 0)
printerr(0, "Warning: rpcsec_gss library does not "
"support setting debug level\n");
#endif
if (gssd_check_mechs() != 0)
errx(1, "Problem with gssapi library");
if (!fg && daemon(0, 0) < 0)
errx(1, "fork");
signal(SIGINT, sig_die);
signal(SIGTERM, sig_die);
signal(SIGHUP, sig_hup);
/* Process keytab file and get machine credentials */
gssd_refresh_krb5_machine_creds();
gssd_run();
printerr(0, "gssd_run returned!\n");
abort();
}
