static int GetNoAuthFlag(struct afsconf_dir *adir) { if (access(AFSDIR_SERVER_NOAUTH_FILEPATH, 0) == 0) { osi_audit(NoAuthEvent, 0, AUD_END); /* some random server is running noauth */ return 1; /* if /usr/afs/local/NoAuth file exists, allow access */ } return 0; }
afs_int32 SBOZO_ReBozo(struct rx_call *acall) { afs_int32 code; char caller[MAXKTCNAMELEN]; /* acall is null if called internally to restart bosserver */ if (acall && !afsconf_SuperUser(bozo_confdir, acall, caller)) { code = BZACCESS; goto fail; } if (DoLogging) bozo_Log("%s is executing ReBozo\n", caller); /* start shutdown of all processes */ code = bnode_ApplyInstance(sdproc, NULL); if (code) goto fail; /* wait for all done */ code = bnode_ApplyInstance(swproc, NULL); if (code) goto fail; if (acall) osi_auditU(acall, BOS_RebozoEvent, code, AUD_END); else osi_audit(BOS_RebozoIntEvent, code, AUD_END); if (acall) rx_EndCall(acall, 0); /* try to get it done */ rx_Finalize(); bozo_ReBozo(); /* this reexecs us, and doesn't return, of course */ fail: /* Differentiate between external and internal ReBozo; prevents AFS_Aud_NoCall event */ if (acall) osi_auditU(acall, BOS_RebozoEvent, code, AUD_END); else osi_audit(BOS_RebozoIntEvent, code, AUD_END); return code; /* should only get here in unusual circumstances */ }
void afsconf_SetNoAuthFlag(struct afsconf_dir *adir, int aflag) { register afs_int32 code; LOCK_GLOBAL_MUTEX; if (aflag == 0) { /* turn off noauth flag */ code = (unlink(AFSDIR_SERVER_NOAUTH_FILEPATH) ? errno : 0); osi_audit(NoAuthDisableEvent, code, AUD_END); } else { /* try to create file */ code = open(AFSDIR_SERVER_NOAUTH_FILEPATH, O_CREAT | O_TRUNC | O_RDWR, 0666); if (code >= 0) { close(code); osi_audit(NoAuthEnableEvent, 0, AUD_END); } else osi_audit(NoAuthEnableEvent, errno, AUD_END); } UNLOCK_GLOBAL_MUTEX; }
int bnode_StopProc(struct bnode_proc *aproc, int asignal) { int code; if (!(aproc->flags & BPROC_STARTED) || (aproc->flags & BPROC_EXITED)) return BZNOTACTIVE; osi_audit(BOSStopProcEvent, 0, AUD_STR, (aproc ? aproc->comLine : NULL), AUD_END); code = kill(aproc->pid, asignal); bnode_Check(aproc->bnode); return code; }
int bnode_NewProc(struct bnode *abnode, char *aexecString, char *coreName, struct bnode_proc **aproc) { struct bnode_token *tlist, *tt; afs_int32 code; struct bnode_proc *tp; pid_t cpid; char *argv[MAXVARGS]; int i; code = bnode_ParseLine(aexecString, &tlist); /* try parsing first */ if (code) return code; tp = (struct bnode_proc *)malloc(sizeof(struct bnode_proc)); memset(tp, 0, sizeof(struct bnode_proc)); tp->next = allProcs; tp->bnode = abnode; tp->comLine = aexecString; tp->coreName = coreName; /* may be null */ abnode->procStartTime = FT_ApproxTime(); abnode->procStarts++; /* convert linked list of tokens into argv structure */ for (tt = tlist, i = 0; i < (MAXVARGS - 1) && tt; tt = tt->next, i++) { argv[i] = tt->key; } argv[i] = NULL; /* null-terminated */ cpid = spawnprocve(argv[0], argv, environ, -1); osi_audit(BOSSpawnProcEvent, 0, AUD_STR, aexecString, AUD_END); if (cpid == (pid_t) - 1) { bozo_Log("Failed to spawn process for bnode '%s'\n", abnode->name); bnode_FreeTokens(tlist); free(tp); return errno; } bnode_FreeTokens(tlist); allProcs = tp; *aproc = tp; tp->pid = cpid; tp->flags = BPROC_STARTED; tp->flags &= ~BPROC_EXITED; bnode_Check(abnode); return 0; }
int main(int argc, char **argv) { char *whoami = argv[0]; char *dbNamePtr = 0; struct afsconf_cell cellinfo; time_t currentTime; afs_int32 code = 0; afs_uint32 host = ntohl(INADDR_ANY); char clones[MAXHOSTSPERCELL]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; extern int rx_stackSize; #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami); exit(1); } #endif #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGSEGV, &nsa, NULL); sigaction(SIGABRT, &nsa, NULL); #endif osi_audit_init(); osi_audit(BUDB_StartEvent, 0, AUD_END); initialize_BUDB_error_table(); initializeArgHandler(); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif afs_com_err(whoami, errno, "; Unable to obtain AFS server directory."); exit(2); } memset(globalConfPtr, 0, sizeof(*globalConfPtr)); /* set default configuration values */ strcpy(dbDir, AFSDIR_SERVER_DB_DIRPATH); strcat(dbDir, "/"); globalConfPtr->databaseDirectory = dbDir; globalConfPtr->databaseName = DEFAULT_DBPREFIX; strcpy(cellConfDir, AFSDIR_SERVER_ETC_DIRPATH); globalConfPtr->cellConfigdir = cellConfDir; /* open the log file */ /* globalConfPtr->log = fopen(DEFAULT_LOGNAME,"a"); if ( globalConfPtr->log == NULL ) { printf("Can't open log file %s - aborting\n", DEFAULT_LOGNAME); BUDB_EXIT(-1); } */ srandom(1); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( rx_GetThreadNum ); #endif /* process the user supplied args */ helpOption = 1; code = cmd_Dispatch(argc, argv); if (code) ERROR(code); /* exit if there was a help option */ if (helpOption) BUDB_EXIT(0); /* open the log file */ globalConfPtr->log = fopen(AFSDIR_SERVER_BUDBLOG_FILEPATH, "a"); if (globalConfPtr->log == NULL) { printf("Can't open log file %s - aborting\n", AFSDIR_SERVER_BUDBLOG_FILEPATH); BUDB_EXIT(-1); } /* keep log closed so can remove it */ fclose(globalConfPtr->log); /* open the cell's configuration directory */ LogDebug(4, "opening %s\n", globalConfPtr->cellConfigdir); BU_conf = afsconf_Open(globalConfPtr->cellConfigdir); if (BU_conf == 0) { LogError(code, "Failed getting cell info\n"); afs_com_err(whoami, code, "Failed getting cell info"); ERROR(BUDB_NOCELLS); } code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell)); if (code) { LogError(0, "** Can't determine local cell name!\n"); ERROR(code); } if (globalConfPtr->myHost == 0) { /* if user hasn't supplied a list of servers, extract server * list from the cell's database */ LogDebug(1, "Using server list from %s cell database.\n", lcell); code = afsconf_GetExtendedCellInfo (BU_conf, lcell, 0, &cellinfo, clones); code = convert_cell_to_ubik(&cellinfo, &globalConfPtr->myHost, globalConfPtr->serverList); if (code) ERROR(code); } /* initialize audit user check */ osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch); /* initialize ubik */ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, BU_conf); if (ubik_nBuffers == 0) ubik_nBuffers = 400; LogError(0, "Will allocate %d ubik buffers\n", ubik_nBuffers); asprintf(&dbNamePtr, "%s%s", globalConfPtr->databaseDirectory, globalConfPtr->databaseName); if (dbNamePtr == 0) ERROR(-1); rx_SetRxDeadTime(60); /* 60 seconds inactive before timeout */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_BUDBPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); code = ubik_ServerInitByInfo (globalConfPtr->myHost, htons(AFSCONF_BUDBPORT), &cellinfo, clones, dbNamePtr, /* name prefix */ &BU_dbase); if (code) { LogError(code, "Ubik init failed\n"); afs_com_err(whoami, code, "Ubik init failed"); ERROR(code); } afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase", securityClasses, numClasses, BUDB_ExecuteRequest); if (tservice == (struct rx_service *)0) { LogError(0, "Could not create backup database rx service\n"); printf("Could not create backup database rx service\n"); BUDB_EXIT(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, lwps); rx_SetStackSize(tservice, 10000); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(BU_rxstat_userok); /* misc. initialization */ /* database dump synchronization */ memset(dumpSyncPtr, 0, sizeof(*dumpSyncPtr)); Lock_Init(&dumpSyncPtr->ds_lock); rx_StartServer(0); /* start handling requests */ code = InitProcs(); if (code) ERROR(code); currentTime = time(0); LogError(0, "Ready to process requests at %s\n", ctime(¤tTime)); rx_ServerProc(NULL); /* donate this LWP */ error_exit: osi_audit(BUDB_FinishEvent, code, AUD_END); return (code); }
afs_int32 UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno, char *authDomain, char *ticket, int ticketLen, char *auth, int authLen) { afs_int32 code; struct ktc_encryptionKey tgskey; char name[MAXKTCNAMELEN]; char inst[MAXKTCNAMELEN]; char cell[MAXKTCREALMLEN]; struct ktc_encryptionKey authSessionKey; afs_int32 host; Date start; Date authEnd; Date now = time(0); int celllen; int import; char *packet; int slen; int byteOrder = pkt->byteOrder; char sname[MAXKTCNAMELEN]; char sinst[MAXKTCNAMELEN]; afs_int32 time_ws; unsigned char life; struct ubik_trans *tt; afs_int32 to; struct kaentry caller; struct kaentry server; Date reqEnd; struct ktc_encryptionKey sessionKey; int newTicketLen; char newTicket[MAXKTCTICKETLEN]; char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */ int cipherLen; struct packet ans; COUNT_REQ(UGetTicket); if ((code = InitAuthServ(&tt, LOCKREAD, this_op))) goto fail; code = ka_LookupKvno(tt, KA_TGS_NAME, ((strlen(authDomain) > 0) ? authDomain : lrealm), kvno, &tgskey); if (code) goto abort; code = tkt_DecodeTicket(ticket, ticketLen, &tgskey, name, inst, cell, &authSessionKey, &host, &start, &authEnd); pkt->name = name; pkt->inst = inst; pkt->realm = cell; if (code) { code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */ goto abort; } save_principal(udptgsPrincipal, name, inst, cell); code = tkt_CheckTimes(start, authEnd, now); if (code <= 0) { if (code == -1) { code = KERB_ERR_SERVICE_EXP; /* was RXKADEXPIRED */ goto abort; } code = KERB_ERR_AUTH_EXP; /* was KANOAUTH */ goto abort; } celllen = strlen(cell); import = 0; if ((strlen(authDomain) > 0) && (strcmp(authDomain, lrealm) != 0)) import = 1; if (import && (celllen == 0)) { code = KERB_ERR_PKT_VER; /* was KABADTICKET */ goto abort; } if (celllen == 0) { strncpy(cell, lrealm, MAXKTCREALMLEN - 1); cell[MAXKTCREALMLEN - 1] = 0; }; if (!krb4_cross && strcmp(lrealm, cell) != 0) { code = KERB_ERR_PRINCIPAL_UNKNOWN; goto abort; } if (krb_udp_debug) { printf("UGetTicket: got ticket from '%s'.'%s'@'%s'\n", name, inst, cell); } code = check_auth(pkt, auth, authLen, &authSessionKey, name, inst, cell); if (code) goto abort; /* authenticator and all is OK so read actual request */ packet = pkt->rest; getint(time_ws); life = *(unsigned char *)packet++; getstr(sname); getstr(sinst); start = now; reqEnd = life_to_time(start, life); if (krb_udp_debug) { printf("UGetTicket: request for server '%s'.'%s'\n", sname, sinst); } save_principal(udptgsServerPrincipal, sname, sinst, 0); if (import) { strcpy(caller.userID.name, name); strcpy(caller.userID.instance, inst); caller.max_ticket_lifetime = htonl(MAXKTCTICKETLIFETIME); } else { code = FindBlock(tt, name, inst, &to, &caller); if (code) goto abort; if (to == 0) { ka_PrintUserID("GetTicket: User ", name, inst, " unknown.\n"); code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */ goto abort; } if (ntohl(caller.flags) & KAFNOTGS) { code = KERB_ERR_AUTH_EXP; /* was KABADUSER */ goto abort; } } code = FindBlock(tt, sname, sinst, &to, &server); /* get server's entry */ if (code) goto abort; if (to == 0) { /* entry not found */ ka_PrintUserID("GetTicket: Server ", sname, sinst, " unknown.\n"); code = KERB_ERR_PRINCIPAL_UNKNOWN; /* KANOENT */ goto abort; } code = ubik_EndTrans(tt); if (code) goto fail; if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER; code = DES_new_random_key(ktc_to_cblock(&sessionKey)); if (code) { code = KERB_ERR_NULL_KEY; /* was KANOKEYS */ goto fail; } reqEnd = umin(umin(reqEnd, authEnd), umin(start + ntohl(caller.max_ticket_lifetime), start + ntohl(server.max_ticket_lifetime))); code = tkt_MakeTicket(newTicket, &newTicketLen, &server.key, caller.userID.name, caller.userID.instance, cell, start, reqEnd, &sessionKey, htonl(pkt->from.sin_addr.s_addr), server.userID.name, server.userID.instance); if (code) goto fail; cipherLen = sizeof(cipher); code = create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, start, reqEnd, ntohl(server.key_version), newTicket, newTicketLen, &authSessionKey); if (code) goto fail; code = create_reply(&ans, name, inst, start, reqEnd, 0, cipher, cipherLen); if (code) goto fail; code = sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)&pkt->from, sizeof(pkt->from)); if (code != ans.len) { perror("calling sendto"); code = -1; goto fail; } if (cipherLen != 0) { KALOG(name, inst, sname, sinst, NULL, host, LOG_GETTICKET); } osi_audit(UDPGetTicketEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_STR, cell, AUD_STR, sname, AUD_STR, sinst, AUD_END); return 0; abort: ubik_AbortTrans(tt); fail: osi_audit(UDPGetTicketEvent, code, AUD_STR, name, AUD_STR, inst, AUD_STR, NULL, AUD_STR, NULL, AUD_STR, NULL, AUD_END); return code; }
afs_int32 UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name, char *inst, Date startTime, Date endTime, char *sname, char *sinst) { struct ubik_trans *tt; afs_int32 to; /* offset of block */ struct kaentry tentry; afs_int32 tgskvno; /* key version of service key */ struct ktc_encryptionKey tgskey; /* service key for encrypting ticket */ int tgt; Date now = time(0); afs_int32 code; char ticket[MAXKTCTICKETLEN]; /* our copy of the ticket */ int ticketLen; struct ktc_encryptionKey sessionKey; /* we have to invent a session key */ char cipher[2 * MAXKTCTICKETLEN]; /* put encrypted part of answer here */ int cipherLen; struct packet ans; COUNT_REQ(UAuthenticate); if (!name_instance_legal(name, inst)) return KERB_ERR_NAME_EXP; /* KABADNAME */ if ((code = InitAuthServ(&tt, LOCKREAD, this_op))) return code; code = FindBlock(tt, name, inst, &to, &tentry); if (code) goto abort; if (to) { /* if user exists check other stuff */ afs_int32 sto; struct kaentry sentry; save_principal(udpAuthPrincipal, name, inst, 0); tgt = ((strcmp(sname, KA_TGS_NAME) == 0) && (strcmp(sinst, lrealm) == 0)); if ((ntohl(tentry.user_expiration) < now) || (tgt && (ntohl(tentry.flags) & KAFNOTGS))) { code = KERB_ERR_NAME_EXP; /* KABADUSER */ goto abort; } code = FindBlock(tt, KA_TGS_NAME, lrealm, &sto, &sentry); if (code) goto abort; if (sto == 0) { code = KANOENT; goto abort; } if ((ntohl(sentry.user_expiration) < now)) { code = KERB_ERR_NAME_EXP; /* XXX Could use another error code XXX */ goto abort; } if (abs(startTime - now) > KTC_TIME_UNCERTAINTY) { code = KERB_ERR_SERVICE_EXP; /* was KABADREQUEST */ goto abort; } if (tentry.misc_auth_bytes) { unsigned char misc_auth_bytes[4]; afs_uint32 temp; /* unsigned for safety */ afs_uint32 pwexpires; memcpy(&temp, tentry.misc_auth_bytes, sizeof(afs_uint32)); temp = ntohl(temp); unpack_long(temp, misc_auth_bytes); pwexpires = misc_auth_bytes[0]; if (pwexpires) { pwexpires = ntohl(tentry.change_password_time) + 24 * 60 * 60 * pwexpires; if (pwexpires < now) { code = KERB_ERR_AUTH_EXP; /* was KAPWEXPIRED */ goto abort; } } } /* make the ticket */ code = DES_new_random_key(ktc_to_cblock(&sessionKey)); if (code) { code = KERB_ERR_NULL_KEY; /* was KANOKEYS */ goto abort; } endTime = umin(endTime, startTime + ntohl(tentry.max_ticket_lifetime)); if ((code = ka_LookupKey(tt, sname, sinst, &tgskvno, &tgskey)) || (code = tkt_MakeTicket(ticket, &ticketLen, &tgskey, name, inst, lrealm, startTime, endTime, &sessionKey, htonl(client->sin_addr.s_addr), sname, sinst))) goto abort; cipherLen = sizeof(cipher); code = create_cipher(cipher, &cipherLen, &sessionKey, sname, sinst, startTime, endTime, tgskvno, ticket, ticketLen, &tentry.key); if (code) goto abort; } else { /* no such user */ cipherLen = 0; tentry.key_version = 0; } code = ubik_EndTrans(tt); if (code) goto fail; code = create_reply(&ans, name, inst, startTime, endTime, ntohl(tentry.key_version), cipher, cipherLen); if (code) goto fail; if (krb_udp_debug) { printf("Sending %d bytes ending in: ", ans.len); ka_PrintBytes(ans.data + ans.len - 8, 8); printf("\n"); } code = sendto(ksoc, ans.data, ans.len, 0, (struct sockaddr *)client, sizeof(*client)); if (code != ans.len) { perror("calling sendto"); code = -1; goto fail; } KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr, LOG_AUTHENTICATE); if (cipherLen != 0) { KALOG(name, inst, sname, sinst, NULL, client->sin_addr.s_addr, LOG_TGTREQUEST); } osi_audit(UDPAuthenticateEvent, 0, AUD_STR, name, AUD_STR, inst, AUD_END); return 0; abort: COUNT_ABO; ubik_AbortTrans(tt); fail: osi_audit(UDPAuthenticateEvent, code, AUD_STR, name, AUD_STR, inst, AUD_END); return code; }
int main(int argc, char **argv) { register afs_int32 code; afs_uint32 myHost; register struct hostent *th; char hostname[64]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; int kerberosKeys; /* set if found some keys */ int lwps = 3; char clones[MAXHOSTSPERCELL]; afs_uint32 host = htonl(INADDR_ANY); const char *pr_dbaseName; char *whoami = "ptserver"; int a; char arg[100]; char *auditFileName = NULL; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(PTS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } pr_dbaseName = AFSDIR_SERVER_PRDB_FILEPATH; #if defined(SUPERGROUPS) /* make sure the structures for database records are the same size */ if ((sizeof(struct prentry) != ENTRYSIZE) || (sizeof(struct prentryg) != ENTRYSIZE)) { fprintf(stderr, "The structures for the database records are different" " sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n" "struct prentryg = %" AFS_SIZET_FMT "\n" "ENTRYSIZE = %d\n", sizeof(struct prentry), sizeof(struct prentryg), ENTRYSIZE); PT_EXIT(1); } #endif for (a = 1; a < argc; a++) { int alen; lcstring(arg, argv[a], sizeof(arg)); alen = strlen(arg); if (strcmp(argv[a], "-d") == 0) { if ((a + 1) >= argc) { fprintf(stderr, "missing argument for -d\n"); return -1; } debuglevel = atoi(argv[++a]); LogLevel = debuglevel; } else if ((strncmp(arg, "-database", alen) == 0) || (strncmp(arg, "-db", alen) == 0)) { pr_dbaseName = argv[++a]; /* specify a database */ } else if (strncmp(arg, "-p", alen) == 0) { lwps = atoi(argv[++a]); if (lwps > 16) { /* maximum of 16 */ printf("Warning: '-p %d' is too big; using %d instead\n", lwps, 16); lwps = 16; } else if (lwps < 3) { /* minimum of 3 */ printf("Warning: '-p %d' is too small; using %d instead\n", lwps, 3); lwps = 3; } #if defined(SUPERGROUPS) } else if ((strncmp(arg, "-groupdepth", alen) == 0) || (strncmp(arg, "-depth", alen) == 0)) { depthsg = atoi(argv[++a]); /* Max search depth for supergroups */ #endif } else if (strncmp(arg, "-default_access", alen) == 0) { prp_user_default = prp_access_mask(argv[++a]); prp_group_default = prp_access_mask(argv[++a]); } else if (strncmp(arg, "-restricted", alen) == 0) { restricted = 1; } else if (strncmp(arg, "-rxbind", alen) == 0) { rxBind = 1; } else if (strncmp(arg, "-allow-dotted-principals", alen) == 0) { rxkadDisableDotCheck = 1; } else if (strncmp(arg, "-enable_peer_stats", alen) == 0) { rx_enablePeerRPCStats(); } else if (strncmp(arg, "-enable_process_stats", alen) == 0) { rx_enableProcessRPCStats(); } #ifndef AFS_NT40_ENV else if (strncmp(arg, "-syslog", alen) == 0) { /* set syslog logging flag */ serverLogSyslog = 1; } else if (strncmp(arg, "-syslog=", MIN(8, alen)) == 0) { serverLogSyslog = 1; serverLogSyslogFacility = atoi(arg + 8); } #endif else if (strncmp(arg, "-auditlog", alen) == 0) { auditFileName = argv[++a]; } else if (strncmp(arg, "-audit-interface", alen) == 0) { char *interface = argv[++a]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); PT_EXIT(1); } } else if (!strncmp(arg, "-rxmaxmtu", alen)) { if ((a + 1) >= argc) { fprintf(stderr, "missing argument for -rxmaxmtu\n"); PT_EXIT(1); } rxMaxMTU = atoi(argv[++a]); if ((rxMaxMTU < RX_MIN_PACKET_SIZE) || (rxMaxMTU > RX_MAX_PACKET_DATA_SIZE)) { printf("rxMaxMTU %d invalid; must be between %d-%" AFS_SIZET_FMT "\n", rxMaxMTU, RX_MIN_PACKET_SIZE, RX_MAX_PACKET_DATA_SIZE); PT_EXIT(1); } } else if (*arg == '-') { /* hack in help flag support */ #if defined(SUPERGROUPS) #ifndef AFS_NT40_ENV printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-syslog[=FACILITY]] [-d <debug level>] " "[-p <number of processes>] [-rebuild] " "[-groupdepth <depth>] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-allow-dotted-principals] " "[-enable_peer_stats] [-enable_process_stats] " "[-default_access default_user_access default_group_access] " "[-help]\n"); #else /* AFS_NT40_ENV */ printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-d <debug level>] " "[-p <number of processes>] [-rebuild] [-rxbind] " "[-allow-dotted-principals] " "[-default_access default_user_access default_group_access] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-groupdepth <depth>] " "[-help]\n"); #endif #else #ifndef AFS_NT40_ENV printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] " "[-audit-interface <file|sysvmq> (default is file)] " "[-d <debug level>] " "[-syslog[=FACILITY]] " "[-p <number of processes>] [-rebuild] " "[-enable_peer_stats] [-enable_process_stats] " "[-default_access default_user_access default_group_access] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-allow-dotted-principals] " "[-help]\n"); #else /* AFS_NT40_ENV */ printf("Usage: ptserver [-database <db path>] " "[-auditlog <log path>] [-d <debug level>] " "[-default_access default_user_access default_group_access] " "[-restricted] [-rxmaxmtu <bytes>] [-rxbind] " "[-allow-dotted-principals] " "[-p <number of processes>] [-rebuild] " "[-help]\n"); #endif #endif fflush(stdout); PT_EXIT(1); } #if defined(SUPERGROUPS) else { fprintf(stderr, "Unrecognized arg: '%s' ignored!\n", arg); } #endif } if (auditFileName) { osi_audit_file(auditFileName); osi_audit(PTS_StartEvent, 0, AUD_END); } #ifndef AFS_NT40_ENV serverLogSyslogTag = "ptserver"; #endif OpenLog(AFSDIR_SERVER_PTLOG_FILEPATH); /* set up logging */ SetupLogSignals(); prdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!prdir) { fprintf(stderr, "ptserver: can't open configuration directory.\n"); PT_EXIT(1); } if (afsconf_GetNoAuthFlag(prdir)) printf("ptserver: running unauthenticated\n"); #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "ptserver: couldn't initialize winsock. \n"); PT_EXIT(1); } #endif /* get this host */ gethostname(hostname, sizeof(hostname)); th = gethostbyname(hostname); if (!th) { fprintf(stderr, "ptserver: couldn't get address of this host.\n"); PT_EXIT(1); } memcpy(&myHost, th->h_addr, sizeof(afs_uint32)); /* get list of servers */ code = afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones); if (code) { afs_com_err(whoami, code, "Couldn't get server list"); PT_EXIT(2); } pr_realmName = info.name; { afs_int32 kvno; /* see if there is a KeyFile here */ struct ktc_encryptionKey key; code = afsconf_GetLatestKey(prdir, &kvno, &key); kerberosKeys = (code == 0); if (!kerberosKeys) printf ("ptserver: can't find any Kerberos keys, code = %d, ignoring\n", code); } if (kerberosKeys) { /* initialize ubik */ ubik_CRXSecurityProc = afsconf_ClientAuth; ubik_CRXSecurityRock = prdir; ubik_SRXSecurityProc = afsconf_ServerAuth; ubik_SRXSecurityRock = prdir; ubik_CheckRXSecurityProc = afsconf_CheckAuth; ubik_CheckRXSecurityRock = prdir; } /* The max needed is when deleting an entry. A full CoEntry deletion * required removal from 39 entries. Each of which may refers to the entry * being deleted in one of its CoEntries. If a CoEntry is freed its * predecessor CoEntry will be modified as well. Any freed blocks also * modifies the database header. Counting the entry being deleted and its * CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries * and the header are in separate Ubik buffers then 120 buffers may be * required. */ ubik_nBuffers = 120 + /*fudge */ 40; if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = parseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; /* the following call is idempotent so if/when it gets called * again by the ubik init stuff, it doesn't really matter * -- klm */ rx_InitHost(host, htons(AFSCONF_PROTPORT)); } } code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones, pr_dbaseName, &dbase); if (code) { afs_com_err(whoami, code, "Ubik init failed"); PT_EXIT(2); } #if defined(SUPERGROUPS) pt_hook_write(); #endif afsconf_BuildServerSecurityObjects(prdir, 0, &securityClasses, &numClasses); /* Disable jumbograms */ rx_SetNoJumbo(); if (rxMaxMTU != -1) { rx_SetMaxMTU(rxMaxMTU); } tservice = rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses, numClasses, PR_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, lwps); if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(pr_rxstat_userok); LogCommandLine(argc, argv, "ptserver", #if defined(SUPERGROUPS) "1.1", #else "1.0", #endif "Starting AFS", FSLog); rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); exit(0); }
int main(int argc, char **argv) { afs_int32 code; afs_uint32 myHost; struct hostent *th; char hostname[64]; struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; int lwps = 3; char clones[MAXHOSTSPERCELL]; afs_uint32 host = htonl(INADDR_ANY); struct cmd_syndesc *opts; struct cmd_item *list; char *pr_dbaseName; char *configDir; char *logFile; char *whoami = "ptserver"; char *auditFileName = NULL; char *interface = NULL; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(PTS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } pr_dbaseName = strdup(AFSDIR_SERVER_PRDB_FILEPATH); configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH); logFile = strdup(AFSDIR_SERVER_PTLOG_FILEPATH); #if defined(SUPERGROUPS) /* make sure the structures for database records are the same size */ if ((sizeof(struct prentry) != ENTRYSIZE) || (sizeof(struct prentryg) != ENTRYSIZE)) { fprintf(stderr, "The structures for the database records are different" " sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n" "struct prentryg = %" AFS_SIZET_FMT "\n" "ENTRYSIZE = %d\n", sizeof(struct prentry), sizeof(struct prentryg), ENTRYSIZE); PT_EXIT(1); } #endif cmd_DisableAbbreviations(); cmd_DisablePositionalCommands(); opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL); /* ptserver specific options */ cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE, CMD_OPTIONAL, "database file"); cmd_AddParmAlias(opts, OPT_database, "db"); cmd_AddParmAtOffset(opts, OPT_access, "-default_access", CMD_SINGLE, CMD_OPTIONAL, "default access flags for new entries"); #if defined(SUPERGROUPS) cmd_AddParmAtOffset(opts, OPT_groupdepth, "-groupdepth", CMD_SINGLE, CMD_OPTIONAL, "max search depth for supergroups"); cmd_AddParmAlias(opts, OPT_groupdepth, "depth"); #endif cmd_AddParmAtOffset(opts, OPT_restricted, "-restricted", CMD_FLAG, CMD_OPTIONAL, "enable restricted mode"); /* general server options */ cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE, CMD_OPTIONAL, "location of audit log"); cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE, CMD_OPTIONAL, "interface to use for audit logging"); cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE, CMD_OPTIONAL, "configuration location"); cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE, CMD_OPTIONAL, "debug level"); cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE, CMD_OPTIONAL, "location of logfile"); cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL, "number of threads"); #if !defined(AFS_NT40_ENV) cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG, CMD_OPTIONAL, "log to syslog"); #endif /* rx options */ cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX transport statistics"); cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG, CMD_OPTIONAL, "enable RX RPC statistics"); cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG, CMD_OPTIONAL, "bind only to the primary interface"); cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE, CMD_OPTIONAL, "maximum MTU for RX"); /* rxkad options */ cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals", CMD_FLAG, CMD_OPTIONAL, "permit Kerberos 5 principals with dots"); code = cmd_Parse(argc, argv, &opts); if (code) PT_EXIT(1); cmd_OptionAsString(opts, OPT_config, &configDir); cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH); cmd_SetCommandName("ptserver"); if (cmd_OptionAsList(opts, OPT_access, &list) == 0) { prp_user_default = prp_access_mask(list->data); if (list->next == NULL || list->next->data == NULL) { fprintf(stderr, "Missing second argument for -default_access\n"); PT_EXIT(1); } prp_group_default = prp_access_mask(list->next->data); } #if defined(SUPERGROUPS) cmd_OptionAsInt(opts, OPT_groupdepth, &depthsg); #endif cmd_OptionAsFlag(opts, OPT_restricted, &restricted); /* general server options */ cmd_OptionAsString(opts, OPT_auditlog, &auditFileName); if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) { if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); PT_EXIT(1); } free(interface); } cmd_OptionAsInt(opts, OPT_debug, &LogLevel); cmd_OptionAsString(opts, OPT_database, &pr_dbaseName); cmd_OptionAsString(opts, OPT_logfile, &logFile); if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) { if (lwps > 64) { /* maximum of 64 */ printf("Warning: '-p %d' is too big; using %d instead\n", lwps, 64); lwps = 64; } else if (lwps < 3) { /* minimum of 3 */ printf("Warning: '-p %d' is too small; using %d instead\n", lwps, 3); lwps = 3; } } #ifndef AFS_NT40_ENV if (cmd_OptionPresent(opts, OPT_syslog)) { serverLogSyslog = 1; cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility); } #endif /* rx options */ if (cmd_OptionPresent(opts, OPT_peer)) rx_enablePeerRPCStats(); if (cmd_OptionPresent(opts, OPT_process)) rx_enableProcessRPCStats(); cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind); cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU); /* rxkad options */ cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck); cmd_FreeOptions(&opts); if (auditFileName) { osi_audit_file(auditFileName); osi_audit(PTS_StartEvent, 0, AUD_END); } #ifndef AFS_NT40_ENV serverLogSyslogTag = "ptserver"; #endif OpenLog(logFile); /* set up logging */ SetupLogSignals(); prdir = afsconf_Open(configDir); if (!prdir) { fprintf(stderr, "ptserver: can't open configuration directory.\n"); PT_EXIT(1); } if (afsconf_GetNoAuthFlag(prdir)) printf("ptserver: running unauthenticated\n"); #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "ptserver: couldn't initialize winsock. \n"); PT_EXIT(1); } #endif /* get this host */ gethostname(hostname, sizeof(hostname)); th = gethostbyname(hostname); if (!th) { fprintf(stderr, "ptserver: couldn't get address of this host.\n"); PT_EXIT(1); } memcpy(&myHost, th->h_addr, sizeof(afs_uint32)); /* get list of servers */ code = afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones); if (code) { afs_com_err(whoami, code, "Couldn't get server list"); PT_EXIT(2); } /* initialize audit user check */ osi_audit_set_user_check(prdir, pr_IsLocalRealmMatch); /* initialize ubik */ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, prdir); /* The max needed is when deleting an entry. A full CoEntry deletion * required removal from 39 entries. Each of which may refers to the entry * being deleted in one of its CoEntries. If a CoEntry is freed its * predecessor CoEntry will be modified as well. Any freed blocks also * modifies the database header. Counting the entry being deleted and its * CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries * and the header are in separate Ubik buffers then 120 buffers may be * required. */ ubik_nBuffers = 120 + /*fudge */ 40; if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; /* the following call is idempotent so if/when it gets called * again by the ubik init stuff, it doesn't really matter * -- klm */ rx_InitHost(host, htons(AFSCONF_PROTPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { printf("rxMaxMTU %d is invalid\n", rxMaxMTU); PT_EXIT(1); } } code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones, pr_dbaseName, &dbase); if (code) { afs_com_err(whoami, code, "Ubik init failed"); PT_EXIT(2); } #if defined(SUPERGROUPS) pt_hook_write(); #endif afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses); tservice = rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses, numClasses, PR_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, lwps); if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { fprintf(stderr, "ptserver: Could not create new rx service.\n"); PT_EXIT(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(pr_rxstat_userok); LogCommandLine(argc, argv, "ptserver", #if defined(SUPERGROUPS) "1.1", #else "1.0", #endif "Starting AFS", FSLog); rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); exit(0); }
int main(int argc, char **argv) { afs_int32 code; struct rx_securityClass **securityClasses; afs_int32 numClasses; struct rx_service *service; struct ktc_encryptionKey tkey; int rxpackets = 100; int rxJumbograms = 0; /* default is to send and receive jumbograms. */ int rxMaxMTU = -1; int bufSize = 0; /* temp variable to read in udp socket buf size */ afs_uint32 host = ntohl(INADDR_ANY); char *auditFileName = NULL; VolumePackageOptions opts; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(VS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } TTsleep = TTrun = 0; /* parse cmd line */ for (code = 1; code < argc; code++) { if (strcmp(argv[code], "-log") == 0) { /* set extra logging flag */ DoLogging = 1; } else if (strcmp(argv[code], "-help") == 0) { goto usage; } else if (strcmp(argv[code], "-rxbind") == 0) { rxBind = 1; } else if (strcmp(argv[code], "-allow-dotted-principals") == 0) { rxkadDisableDotCheck = 1; } else if (strcmp(argv[code], "-d") == 0) { if ((code + 1) >= argc) { fprintf(stderr, "missing argument for -d\n"); return -1; } debuglevel = atoi(argv[++code]); LogLevel = debuglevel; } else if (strcmp(argv[code], "-p") == 0) { lwps = atoi(argv[++code]); if (lwps > MAXLWP) { printf("Warning: '-p %d' is too big; using %d instead\n", lwps, MAXLWP); lwps = MAXLWP; } } else if (strcmp(argv[code], "-auditlog") == 0) { auditFileName = argv[++code]; } else if (strcmp(argv[code], "-audit-interface") == 0) { char *interface = argv[++code]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); return -1; } } else if (strcmp(argv[code], "-nojumbo") == 0) { rxJumbograms = 0; } else if (strcmp(argv[code], "-jumbo") == 0) { rxJumbograms = 1; } else if (!strcmp(argv[code], "-rxmaxmtu")) { if ((code + 1) >= argc) { fprintf(stderr, "missing argument for -rxmaxmtu\n"); exit(1); } rxMaxMTU = atoi(argv[++code]); if ((rxMaxMTU < RX_MIN_PACKET_SIZE) || (rxMaxMTU > RX_MAX_PACKET_DATA_SIZE)) { printf("rxMaxMTU %d invalid; must be between %d-%" AFS_SIZET_FMT "\n", rxMaxMTU, RX_MIN_PACKET_SIZE, RX_MAX_PACKET_DATA_SIZE); exit(1); } } else if (strcmp(argv[code], "-sleep") == 0) { sscanf(argv[++code], "%d/%d", &TTsleep, &TTrun); if ((TTsleep < 0) || (TTrun <= 0)) { printf("Warning: '-sleep %d/%d' is incorrect; ignoring\n", TTsleep, TTrun); TTsleep = TTrun = 0; } } else if (strcmp(argv[code], "-mbpersleep") == 0) { sscanf(argv[++code], "%d", &MBperSecSleep); if (MBperSecSleep < 0) MBperSecSleep = 0; } else if (strcmp(argv[code], "-udpsize") == 0) { if ((code + 1) >= argc) { printf("You have to specify -udpsize <integer value>\n"); exit(1); } sscanf(argv[++code], "%d", &bufSize); if (bufSize < rx_GetMinUdpBufSize()) printf ("Warning:udpsize %d is less than minimum %d; ignoring\n", bufSize, rx_GetMinUdpBufSize()); else udpBufSize = bufSize; } else if (strcmp(argv[code], "-enable_peer_stats") == 0) { rx_enablePeerRPCStats(); } else if (strcmp(argv[code], "-enable_process_stats") == 0) { rx_enableProcessRPCStats(); } else if (strcmp(argv[code], "-preserve-vol-stats") == 0) { DoPreserveVolumeStats = 1; } else if (strcmp(argv[code], "-sync") == 0) { if ((code + 1) >= argc) { printf("You have to specify -sync <sync_behavior>\n"); exit(1); } ih_PkgDefaults(); if (ih_SetSyncBehavior(argv[++code])) { printf("Invalid -sync value %s\n", argv[code]); exit(1); } } #ifndef AFS_NT40_ENV else if (strcmp(argv[code], "-syslog") == 0) { /* set syslog logging flag */ serverLogSyslog = 1; } else if (strncmp(argv[code], "-syslog=", 8) == 0) { serverLogSyslog = 1; serverLogSyslogFacility = atoi(argv[code] + 8); } #endif #ifdef AFS_PTHREAD_ENV else if (strcmp(argv[code], "-convert") == 0) convertToOsd = 1; else if (strcmp(argv[code], "-libafsosd") == 0) libafsosd = 1; #endif else { printf("volserver: unrecognized flag '%s'\n", argv[code]); usage: #ifndef AFS_NT40_ENV printf("Usage: volserver [-log] [-p <number of processes>] " "[-auditlog <log path>] [-d <debug level>] " "[-nojumbo] [-jumbo] [-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] " "[-udpsize <size of socket buffer in bytes>] " "[-syslog[=FACILITY]] -mbpersleep <MB / 1 sec sleep>" "%s" "[-enable_peer_stats] [-enable_process_stats] " "[-sync <always | delayed | onclose | never>] " #ifdef AFS_PTHREAD_ENV , libafsosd ? "[-convert] ":"", #endif "[-help]\n"); #else printf("Usage: volserver [-log] [-p <number of processes>] " "[-auditlog <log path>] [-d <debug level>] " "[-nojumbo] [-jumbo] [-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] " "[-udpsize <size of socket buffer in bytes>] " "[-enable_peer_stats] [-enable_process_stats] " "[-sync <always | delayed | onclose | never>] " "[-help]\n"); #endif VS_EXIT(1); } } if (auditFileName) { osi_audit_file(auditFileName); osi_audit(VS_StartEvent, 0, AUD_END); } #ifdef AFS_SGI_VNODE_GLUE if (afs_init_kernel_config(-1) < 0) { printf ("Can't determine NUMA configuration, not starting volserver.\n"); exit(1); } #endif InitErrTabs(); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( threadNum ); #endif #ifdef AFS_NT40_ENV if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); printf("Volume server unable to start winsock, exiting.\n"); exit(1); } #endif /* Open VolserLog and map stdout, stderr into it; VInitVolumePackage2 can log, so we need to do this here */ OpenLog(AFSDIR_SERVER_VOLSERLOG_FILEPATH); VOptDefaults(volumeServer, &opts); #ifdef AFS_PTHREAD_ENV if (libafsosd) { extern struct vol_data_v0 vol_data_v0; extern struct volser_data_v0 volser_data_v0; struct init_volser_inputs input = { &vol_data_v0, &volser_data_v0 }; struct init_volser_outputs output = { &osdvol, &osdvolser }; code = load_libafsosd("init_volser_afsosd", &input, &output); if (code) { ViceLog(0, ("Loading libafsosd.so failed with code %d, aborting\n", code)); return -1; } } #endif if (VInitVolumePackage2(volumeServer, &opts)) { Log("Shutting down: errors encountered initializing volume package\n"); exit(1); } /* For nuke() */ Lock_Init(&localLock); DInit(40); #ifndef AFS_PTHREAD_ENV vol_PollProc = IOMGR_Poll; /* tell vol pkg to poll io system periodically */ #endif #ifndef AFS_NT40_ENV rxi_syscallp = volser_syscall; #endif rx_nPackets = rxpackets; /* set the max number of packets */ if (udpBufSize) rx_SetUdpBufSize(udpBufSize); /* set the UDP buffer size for receive */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = parseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) host = SHostAddrs[0]; } code = rx_InitHost(host, (int)htons(AFSCONF_VOLUMEPORT)); if (code) { fprintf(stderr, "rx init failed on socket AFSCONF_VOLUMEPORT %u\n", AFSCONF_VOLUMEPORT); VS_EXIT(1); } if (!rxJumbograms) { /* Don't allow 3.4 vos clients to send jumbograms and we don't send. */ rx_SetNoJumbo(); } if (rxMaxMTU != -1) { rx_SetMaxMTU(rxMaxMTU); } rx_GetIFInfo(); #ifndef AFS_PTHREAD_ENV rx_SetRxDeadTime(420); #endif memset(busyFlags, 0, sizeof(busyFlags)); SetupLogSignals(); { #ifdef AFS_PTHREAD_ENV pthread_t tid; pthread_attr_t tattr; osi_Assert(pthread_attr_init(&tattr) == 0); osi_Assert(pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED) == 0); osi_Assert(pthread_create(&tid, &tattr, BKGLoop, NULL) == 0); #else PROCESS pid; LWP_CreateProcess(BKGLoop, 16*1024, 3, 0, "vol bkg daemon", &pid); LWP_CreateProcess(BKGSleep,16*1024, 3, 0, "vol slp daemon", &pid); #endif } /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (!tdir) { Abort("volser: could not open conf files in %s\n", AFSDIR_SERVER_ETC_DIRPATH); VS_EXIT(1); } afsconf_GetKey(tdir, 999, &tkey); afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses); if (securityClasses[0] == NULL) Abort("rxnull_NewServerSecurityObject"); service = rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityClasses, numClasses, AFSVolExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetBeforeProc(service, MyBeforeProc); rx_SetAfterProc(service, MyAfterProc); rx_SetIdleDeadTime(service, 0); /* never timeout */ if (lwps < 4) lwps = 4; rx_SetMaxProcs(service, lwps); #if defined(AFS_XBSD_ENV) rx_SetStackSize(service, (128 * 1024)); #elif defined(AFS_SGI_ENV) rx_SetStackSize(service, (48 * 1024)); #else rx_SetStackSize(service, (32 * 1024)); #endif if (rxkadDisableDotCheck) { rx_SetSecurityConfiguration(service, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); } service = rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetMinProcs(service, 2); rx_SetMaxProcs(service, 4); #ifdef AFS_PTHREAD_ENV if (libafsosd) { service = rx_NewService(0, 7, "afsosd", securityClasses, numClasses, (osdvolser->op_AFSVOLOSD_ExecuteRequest)); if (!service) { ViceLog(0, ("Failed to initialize afsosd rpc service.\n")); exit(-1); } rx_SetBeforeProc(service, MyBeforeProc); rx_SetAfterProc(service, MyAfterProc); rx_SetIdleDeadTime(service, 0); /* never timeout */ rx_SetMinProcs(service, 2); if (lwps < 4) lwps = 4; rx_SetMaxProcs(service, lwps); #if defined(AFS_XBSD_ENV) rx_SetStackSize(service, (128 * 1024)); #elif defined(AFS_SGI_ENV) rx_SetStackSize(service, (48 * 1024)); #else rx_SetStackSize(service, (32 * 1024)); #endif } #endif /* AFS_PTHREAD_ENV */ LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); FT_GetTimeOfDay(&statisticStart, 0); if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { LogDesWarning(); } if (TTsleep) { Log("Will sleep %d second%s every %d second%s\n", TTsleep, (TTsleep > 1) ? "s" : "", TTrun + TTsleep, (TTrun + TTsleep > 1) ? "s" : ""); } /* allow super users to manage RX statistics */ /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vol_rxstat_userok); rx_StartServer(1); /* Donate this process to the server process pool */ osi_audit(VS_FinishEvent, (-1), AUD_END); Abort("StartServer returned?"); return 0; /* not reached */ }
static int WorkerBee(struct cmd_syndesc *as, void *arock) { afs_int32 code, numClasses; struct rx_securityClass *(nullObjects[1]), **secObjs, **allObjs; struct rx_service *service; time_t tokenExpires; char cellName[64]; int localauth; /*process arguments */ afs_int32 portOffset = 0; #ifdef AFS_PTHREAD_ENV pthread_t dbWatcherPid; pthread_attr_t tattr; AFS_SIGSET_DECL; #else PROCESS dbWatcherPid; #endif char hoststr[16]; afs_uint32 host = htonl(INADDR_ANY); char *auditFileName = NULL; char *auditInterface = NULL; debugLevel = 0; /*initialize the error tables */ initialize_KA_error_table(); initialize_RXK_error_table(); initialize_KTC_error_table(); initialize_ACFG_error_table(); initialize_CMD_error_table(); initialize_VL_error_table(); initialize_BUTM_error_table(); initialize_BUTC_error_table(); #ifdef xbsa initialize_BUTX_error_table(); #endif /*xbs */ initialize_VOLS_error_table(); initialize_BUDB_error_table(); initialize_BUCD_error_table(); if (as->parms[0].items) { portOffset = SafeATOL(as->parms[0].items->data); if (portOffset == -1) { fprintf(stderr, "Illegal port offset '%s'\n", as->parms[0].items->data); exit(1); } else if (portOffset > BC_MAXPORTOFFSET) { fprintf(stderr, "%u exceeds max port offset %u\n", portOffset, BC_MAXPORTOFFSET); exit(1); } } xbsaType = XBSA_SERVER_TYPE_NONE; /* default */ if (as->parms[3].items) { /* -device */ globalTapeConfig.capacity = 0x7fffffff; /* 2T for max tape capacity */ globalTapeConfig.fileMarkSize = 0; globalTapeConfig.portOffset = portOffset; strncpy(globalTapeConfig.device, as->parms[3].items->data, 100); xbsaType = XBSA_SERVER_TYPE_NONE; /* Not XBSA */ } else { /* Search for an entry in tapeconfig file */ code = GetDeviceConfig(tapeConfigFile, &globalTapeConfig, portOffset); if (code == -1) { fprintf(stderr, "Problem in reading config file %s\n", tapeConfigFile); exit(1); } /* Set xbsaType. If code == 1, no entry was found in the tapeconfig file so * it's an XBSA server. Don't know if its ADSM or not so its unknown. */ xbsaType = ((code == 1) ? XBSA_SERVER_TYPE_UNKNOWN : XBSA_SERVER_TYPE_NONE); } if (as->parms[6].items) { /* -restoretofile */ restoretofile = strdup(as->parms[6].items->data); printf("Restore to file '%s'\n", restoretofile); } /* Go and read the config file: CFG_<device> or CFG_<port>. We will also set * the exact xbsaType within the call (won't be unknown) - double check. */ code = GetConfigParams(pFile, portOffset); if (code) exit(code); #ifdef xbsa if (xbsaType == XBSA_SERVER_TYPE_UNKNOWN) { printf ("\nConfiguration file error, the TYPE parameter must be specified, or\n"); printf("an entry must exist in %s for port %d\n", tapeConfigFile, portOffset); exit(1); } #else /* Not compiled for XBSA code so we can't support it */ if (CONF_XBSA) { printf("\nNo entry found in %s for port %d\n", tapeConfigFile, portOffset); printf("This binary does not have XBSA support\n"); exit(1); } #endif /* Open the log files. The pathnames were set in GetConfigParams() */ logIO = fopen(logFile, "a"); if (!logIO) { fprintf(stderr, "Failed to open %s\n", logFile); exit(1); } ErrorlogIO = fopen(ErrorlogFile, "a"); if (!ErrorlogIO) { fprintf(stderr, "Failed to open %s\n", ErrorlogFile); exit(1); } if (lastLog) { lastLogIO = fopen(lastLogFile, "a"); if (!lastLogIO) { fprintf(stderr, "Failed to open %s\n", lastLogFile); exit(1); } } if (centralLogFile) { struct stat sbuf; afs_int32 statcode; #ifndef AFS_NT40_ENV char *path; #endif statcode = stat(centralLogFile, &sbuf); centralLogIO = fopen(centralLogFile, "a"); if (!centralLogIO) { fprintf(stderr, "Failed to open %s; error %d\n", centralLogFile, errno); exit(1); } #ifndef AFS_NT40_ENV /* Make sure it is not in AFS, has to have been created first */ path = malloc(AFSDIR_PATH_MAX); if (path == NULL || !realpath(centralLogFile, path)) { fprintf(stderr, "Warning: can't determine real path of '%s' (%d)\n", centralLogFile, errno); } else { if (strncmp(path, "/afs/", 5) == 0) { fprintf(stderr, "The central log '%s' should not be in AFS\n", centralLogFile); exit(1); } } free(path); #endif /* Write header if created it */ if (statcode) { char *h1 = "TASK START DATE/TIME END DATE/TIME ELAPSED VOLUMESET\n"; char *h2 = "----- ------------------- ------------------- -------- ---------\n"; /* File didn't exist before so write the header lines */ fwrite(h1, strlen(h1), 1, centralLogIO); fwrite(h2, strlen(h2), 1, centralLogIO); fflush(centralLogIO); } } /* Open the configuration directory */ butc_confdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH); if (butc_confdir == NULL) { TLog(0, "Failed to open server configuration directory"); exit(1); } /* Start auditing */ osi_audit_init(); if (as->parms[9].items) { auditFileName = as->parms[9].items->data; } if (auditFileName != NULL) osi_audit_file(auditFileName); if (as->parms[10].items) { auditInterface = as->parms[10].items->data; if (osi_audit_interface(auditInterface)) { TLog(0, "Invalid audit interface '%s'\n", auditInterface); exit(1); } } osi_audit(TC_StartEvent, 0, AUD_END); osi_audit_set_user_check(butc_confdir, tc_IsLocalRealmMatch); if (as->parms[1].items) { debugLevel = SafeATOL(as->parms[1].items->data); if (debugLevel == -1) { TLog(0, "Illegal debug level '%s'\n", as->parms[1].items->data); exit(1); } } #ifdef xbsa /* Setup XBSA library interface */ if (CONF_XBSA) { afs_int32 rc; rc = xbsa_MountLibrary(&butxInfo, xbsaType); if (rc != XBSA_SUCCESS) { TapeLog(0, 0, rc, 0, "Unable to mount the XBSA library\n"); return (1); } forcemultiple = (as->parms[7].items ? 1 : 0);/*-xbsaforcemultiple */ if (forcemultiple) printf("Force XBSA multiple server support\n"); rc = InitToServer(0 /*taskid */ , &butxInfo, adsmServerName); if (rc != XBSA_SUCCESS) return (1); (void)signal(SIGINT, xbsa_shutdown); (void)signal(SIGHUP, xbsa_shutdown); } #endif /*xbsa */ /* cell switch */ if (as->parms[2].items) strncpy(cellName, as->parms[2].items->data, sizeof(cellName)); else cellName[0] = '\0'; if (as->parms[4].items) autoQuery = 0; localauth = (as->parms[5].items ? 1 : 0); rxBind = (as->parms[8].items ? 1 : 0); allow_unauth = (as->parms[11].items ? 1 : 0); if (!allow_unauth && !localauth) { const char *errstr = "Neither -localauth nor -allow_unauthenticated was provided; refusing to start in unintended insecure configuration\n"; TLog(0, "%s", (char *)errstr); exit(1); } if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) host = SHostAddrs[0]; } TLog(0, "butc binding rx to %s:%d\n", afs_inet_ntoa_r(host, hoststr), BC_TAPEPORT + portOffset); code = rx_InitHost(host, htons(BC_TAPEPORT + portOffset)); if (code) { TapeLog(0, 0, code, 0, "rx init failed on port %u\n", BC_TAPEPORT + portOffset); exit(1); } rx_SetRxDeadTime(150); /* Establish connection with the vldb server */ code = vldbClientInit(0, localauth, cellName, &cstruct, &tokenExpires); if (code) { TapeLog(0, 0, code, 0, "Can't access vldb\n"); return code; } strcpy(globalCellName, cellName); /*initialize the dumpNode list */ InitNodeList(portOffset); deviceLatch = malloc(sizeof(struct deviceSyncNode)); Lock_Init(&(deviceLatch->lock)); deviceLatch->flags = 0; /* initialize database support, volume support, and logs */ /* * Create security objects for the Rx server functionality. Historically * this was a single rxnull security object, since the tape controller was * run by an operator that had local access to the tape device and some * administrative privilege in the cell (to be able to perform volume-level * accesses), but on a machine that was not necessarily trusted to hold the * cell-wide key. * * Such a configuration is, of course, insecure because anyone can make * inbound RPCs and manipulate the database, including creating bogus * dumps and restoring them! Additionally, in modern usage, butc is * frequently run with -localauth to authenticate its outbound connections * to the volservers and budb with the cell-wide key, in which case the * cell-wide key is present and could be used to authenticate incoming * connections as well. * * If -localauth is in use, create the full barrage of server security * objects, including rxkad, so that inbound connections can be verified * to only be made by authenticated clients. Otherwise, only the rxnull * class is in use with a single server security object. Note that butc * will refuse to start in this configuration unless the * "-allow_unauthenticated" flag is provided, indicating that the operator * has ensured that incoming connections are appropriately restricted by * firewall configuration or network topology. */ if (allow_unauth) { nullObjects[RX_SECIDX_NULL] = rxnull_NewServerSecurityObject(); if (!nullObjects[RX_SECIDX_NULL]) { TLog(0, "rxnull_NewServerSecurityObject"); exit(1); } numClasses = 1; secObjs = nullObjects; } else { /* Must be -localauth, so the cell keys are available. */ afsconf_BuildServerSecurityObjects(butc_confdir, &allObjs, &numClasses); secObjs = allObjs; } service = rx_NewServiceHost(host, 0, 1, "BUTC", secObjs, numClasses, TC_ExecuteRequest); if (!service) { TLog(0, "rx_NewService"); exit(1); } rx_SetMaxProcs(service, 4); /* Establish connection to the backup database */ code = udbClientInit(0, localauth, cellName); if (code) { TapeLog(0, 0, code, 0, "Can't access backup database\n"); exit(1); } /* This call is here to verify that we are authentiated. * The call does nothing and will return BUDB_NOTPERMITTED * if we don't belong. */ code = bcdb_deleteDump(0, 0, 0, 0); if (code == BUDB_NOTPERMITTED) { TapeLog(0, 0, code, 0, "Can't access backup database\n"); exit(1); } initStatus(); #ifdef AFS_PTHREAD_ENV code = pthread_attr_init(&tattr); if (code) { TapeLog(0, 0, code, 0, "Can't pthread_attr_init database monitor task"); exit(1); } code = pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED); if (code) { TapeLog(0, 0, code, 0, "Can't pthread_attr_setdetachstate database monitor task"); exit(1); } AFS_SIGSET_CLEAR(); code = pthread_create(&dbWatcherPid, &tattr, dbWatcher, (void *)2); AFS_SIGSET_RESTORE(); #else code = LWP_CreateProcess(dbWatcher, 20480, LWP_NORMAL_PRIORITY, (void *)2, "dbWatcher", &dbWatcherPid); #endif if (code) { TapeLog(0, 0, code, 0, "Can't create database monitor task"); exit(1); } TLog(0, "Starting Tape Coordinator: Port offset %u Debug level %u\n", portOffset, debugLevel); TLog(0, "Token expires: %s\n", cTIME(&tokenExpires)); rx_StartServer(1); /* Donate this process to the server process pool */ TLog(0, "Error: StartServer returned"); exit(1); }
int main(int argc, char **argv) { afs_int32 code; struct rx_securityClass **securityClasses; afs_int32 numClasses; struct rx_service *service; int rxpackets = 100; char hoststr[16]; afs_uint32 host = ntohl(INADDR_ANY); VolumePackageOptions opts; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); osi_audit(VS_StartEvent, 0, AUD_END); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH); if (ParseArgs(argc, argv)) { exit(1); } if (auditFileName) { osi_audit_file(auditFileName); osi_audit(VS_StartEvent, 0, AUD_END); } #ifdef AFS_SGI_VNODE_GLUE if (afs_init_kernel_config(-1) < 0) { printf ("Can't determine NUMA configuration, not starting volserver.\n"); exit(1); } #endif InitErrTabs(); #ifdef AFS_PTHREAD_ENV SetLogThreadNumProgram( rx_GetThreadNum ); #endif #ifdef AFS_NT40_ENV if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); printf("Volume server unable to start winsock, exiting.\n"); exit(1); } #endif OpenLog(&logopts); VOptDefaults(volumeServer, &opts); if (VInitVolumePackage2(volumeServer, &opts)) { Log("Shutting down: errors encountered initializing volume package\n"); exit(1); } /* For nuke() */ Lock_Init(&localLock); DInit(40); #ifndef AFS_PTHREAD_ENV vol_PollProc = IOMGR_Poll; /* tell vol pkg to poll io system periodically */ #endif #if !defined( AFS_NT40_ENV ) && !defined(AFS_DARWIN160_ENV) rxi_syscallp = volser_syscall; #endif rx_nPackets = rxpackets; /* set the max number of packets */ if (udpBufSize) rx_SetUdpBufSize(udpBufSize); /* set the UDP buffer size for receive */ if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) host = SHostAddrs[0]; } Log("Volserver binding rx to %s:%d\n", afs_inet_ntoa_r(host, hoststr), AFSCONF_VOLUMEPORT); code = rx_InitHost(host, (int)htons(AFSCONF_VOLUMEPORT)); if (code) { fprintf(stderr, "rx init failed on socket AFSCONF_VOLUMEPORT %u\n", AFSCONF_VOLUMEPORT); VS_EXIT(1); } if (!rxJumbograms) { /* Don't allow 3.4 vos clients to send jumbograms and we don't send. */ rx_SetNoJumbo(); } if (rxMaxMTU != -1) { if (rx_SetMaxMTU(rxMaxMTU) != 0) { fprintf(stderr, "rxMaxMTU %d is invalid\n", rxMaxMTU); VS_EXIT(1); } } rx_GetIFInfo(); rx_SetRxDeadTime(420); memset(busyFlags, 0, sizeof(busyFlags)); #ifdef AFS_PTHREAD_ENV opr_softsig_Init(); SetupLogSoftSignals(); #else SetupLogSignals(); #endif { #ifdef AFS_PTHREAD_ENV pthread_t tid; pthread_attr_t tattr; opr_Verify(pthread_attr_init(&tattr) == 0); opr_Verify(pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED) == 0); opr_Verify(pthread_create(&tid, &tattr, BKGLoop, NULL) == 0); #else PROCESS pid; LWP_CreateProcess(BKGLoop, 16*1024, 3, 0, "vol bkg daemon", &pid); #endif } /* Create a single security object, in this case the null security object, for unauthenticated connections, which will be used to control security on connections made to this server */ tdir = afsconf_Open(configDir); if (!tdir) { Abort("volser: could not open conf files in %s\n", configDir); AFS_UNREACHED(VS_EXIT(1)); } /* initialize audit user check */ osi_audit_set_user_check(tdir, vol_IsLocalRealmMatch); afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); if (securityClasses[0] == NULL) Abort("rxnull_NewServerSecurityObject"); service = rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityClasses, numClasses, AFSVolExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetBeforeProc(service, MyBeforeProc); rx_SetAfterProc(service, MyAfterProc); rx_SetIdleDeadTime(service, 0); /* never timeout */ if (lwps < 4) lwps = 4; rx_SetMaxProcs(service, lwps); #if defined(AFS_XBSD_ENV) rx_SetStackSize(service, (128 * 1024)); #elif defined(AFS_SGI_ENV) rx_SetStackSize(service, (48 * 1024)); #else rx_SetStackSize(service, (32 * 1024)); #endif if (rxkadDisableDotCheck) { code = rx_SetSecurityConfiguration(service, RXS_CONFIG_FLAGS, (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK); if (code) { fprintf(stderr, "volser: failed to allow dotted principals: code %d\n", code); VS_EXIT(1); } } service = rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", securityClasses, numClasses, RXSTATS_ExecuteRequest); if (service == (struct rx_service *)0) Abort("rx_NewService"); rx_SetMinProcs(service, 2); rx_SetMaxProcs(service, 4); LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { LogDesWarning(); } /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vol_rxstat_userok); rx_StartServer(1); /* Donate this process to the server process pool */ osi_audit(VS_FinishEvent, (-1), AUD_END); Abort("StartServer returned?"); AFS_UNREACHED(return 0); }