static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell, char *linkedcell)
{
int status = 0;
struct afsconf_dir *configdir;
memset(local_cell, 0, sizeof(local_cell));
memset(cellconfig, 0, sizeof(*cellconfig));
if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
return AFSCONF_NODB;
}
if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS)) {
return AFSCONF_FAILURE;
}
if ((cell == NULL) || (cell[0] == 0))
cell = local_cell;
linkedcell[0] = '\0';
if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig)) {
status = AFSCONF_NOTFOUND;
}
if (cellconfig->linkedCell)
strncpy(linkedcell,cellconfig->linkedCell,MAXCELLCHARS);
(void) afsconf_Close(configdir);
return(status);
}
void
startServer(char *configPath)
{
struct rx_securityClass **classes;
afs_int32 numClasses;
int code;
struct rx_service *service;
globalDir = afsconf_Open(configPath);
if (globalDir == NULL) {
fprintf(stderr, "Server: Unable to open config directory\n");
exit(1);
}
code = rx_Init(htons(TEST_PORT));
if (code != 0) {
fprintf(stderr, "Server: Unable to initialise RX\n");
exit(1);
}
afsconf_BuildServerSecurityObjects(globalDir, &classes, &numClasses);
service = rx_NewService(0, TEST_SERVICE_ID, "test", classes, numClasses,
TEST_ExecuteRequest);
if (service == NULL) {
fprintf(stderr, "Server: Unable to start to test service\n");
exit(1);
}
rx_StartServer(1);
}
void
test_update_config_files(void)
{
int code;
struct afsconf_dir *dir;
char *dirname;
afs_int32 local = -1;
dirname = afstest_BuildTestConfig();
write_krb_conf(dirname, "SOME.REALM.ORG");
dir = afsconf_Open(dirname);
if (dir == NULL) {
fprintf(stderr, "Unable to configure directory.\n");
exit(1);
}
code = afsconf_IsLocalRealmMatch(dir, &local, "jdoe", NULL, "SOME.REALM.ORG");
ok(code == 0 && local == 1, "before update: [email protected]");
code = afsconf_IsLocalRealmMatch(dir, &local, "jdoe", NULL, "MY.REALM.ORG");
ok(code == 0 && local == 0, "before update: [email protected]");
write_krb_conf(dirname, "MY.REALM.ORG MY.OTHER.REALM.ORG");
write_krb_excl(dirname);
update_csdb(dirname);
_afsconf_Touch(dir); /* forces reopen */
code = afsconf_IsLocalRealmMatch(dir, &local, "jdoe", NULL, "MY.REALM.ORG");
ok(code == 0 && local == 1, "after update: [email protected]");
code = afsconf_IsLocalRealmMatch(dir, &local, "admin", NULL, "MY.REALM.ORG");
ok(code == 0 && local == 0, "after update: [email protected]");
afstest_UnlinkTestConfig(dirname);
}
void
afscp_SetConfDir(char *confDir)
{
if (confdir != NULL)
afsconf_Close(confdir);
confdir = afsconf_Open(confDir);
}
long GetLocalCell(struct afsconf_dir **pconfigdir, char *local_cell)
{
if (!(*pconfigdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)))
{
fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n",
progname, AFSDIR_CLIENT_ETC_DIRPATH);
akexit(AKLOG_AFS);
}
return afsconf_GetLocalCell(*pconfigdir, local_cell, MAXCELLCHARS);
}
static int
_GetCellInfo(char *cell, struct afsconf_cell *celldata)
{
int code;
if (confdir == NULL)
confdir = afsconf_Open(AFSCONF_CLIENTNAME);
if (confdir == NULL) {
return AFSCONF_NODB;
}
code = afsconf_GetCellInfo(confdir, cell, AFSCONF_VLDBSERVICE, celldata);
return code;
}
void
test_no_config_files(void)
{
struct afsconf_dir *dir;
char *dirname;
/* run tests without config files */
dirname = afstest_BuildTestConfig();
dir = afsconf_Open(dirname);
if (dir == NULL) {
fprintf(stderr, "Unable to configure directory.\n");
exit(1);
}
run_tests(dir, 0, "no config");
afstest_UnlinkTestConfig(dirname);
}
void
test_edges(void)
{
struct afsconf_dir *dir;
char *dirname;
/* run edge case tests */
dirname = afstest_BuildTestConfig();
dir = afsconf_Open(dirname);
if (dir == NULL) {
fprintf(stderr, "Unable to configure directory.\n");
exit(1);
}
run_edge_tests(dir);
afstest_UnlinkTestConfig(dirname);
}
static int
internal_client_init_dir(const char *confDir, char *cellName, int secFlags,
struct ubik_client **uclientp,
int (*secproc) (struct rx_securityClass *, afs_int32),
afs_int32 maxservers, char *serviceid, afs_int32 deadtime,
afs_uint32 server, afs_uint32 port, afs_int32 usrvid)
{
int code;
const char *progname;
struct afsconf_dir *dir;
struct afsconf_cell info;
progname = getprogname();
if (progname == NULL)
progname = "<unknown>";
if (confDir == NULL)
confDir = AFSDIR_CLIENT_ETC_DIRPATH;
dir = afsconf_Open(confDir);
if (!dir) {
fprintf(stderr,
"%s: Could not process files in configuration directory (%s).\n",
progname, confDir);
return EIO;
}
if (cellName == NULL)
cellName = dir->cellName;
code = afsconf_GetCellInfo(dir, cellName, serviceid, &info);
if (code) {
fprintf(stderr, "%s: can't find cell %s's hosts in %s/%s\n",
progname?progname:"<unknown>", cellName, confDir,
AFSDIR_CELLSERVDB_FILE);
afsconf_Close(dir);
return code;
}
code = internal_client_init(dir, &info, secFlags, uclientp, secproc,
maxservers, serviceid, deadtime, server,
port, usrvid);
afsconf_Close(dir);
return code;
}
int
main(int argc, char *argv[])
{
struct afsconf_dir *tdir;
const char *confdir;
if (argc == 1) {
fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n",
argv[0], argv[0]);
fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\tOR\n\t%s add <type> <kvno> <subtype> <key>\n",
argv[0]);
fprintf(stderr, "\tOR\n\t%s add <type> <kvno> <subtype> <keyfile> <princ>\n",
argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
fprintf(stderr, "\t%s list\n", argv[0]);
exit(1);
}
confdir = AFSDIR_SERVER_ETC_DIRPATH;
tdir = afsconf_Open(confdir);
if (!tdir) {
fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
confdir);
exit(1);
}
if (strcmp(argv[1], "add")==0) {
addKey(tdir, argc, argv);
}
else if (strcmp(argv[1], "delete")==0) {
deleteKey(tdir, argc, argv);
}
else if (strcmp(argv[1], "list") == 0) {
listKey(tdir, argc, argv);
}
else {
fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
"assistance\n", argv[0], argv[1], argv[0]);
exit(1);
}
exit(0);
}
void
test_with_config_files(void)
{
struct afsconf_dir *dir;
char *dirname;
/* run tests with config files */
dirname = afstest_BuildTestConfig();
write_krb_conf(dirname, "MY.REALM.ORG MY.OTHER.REALM.ORG");
write_krb_excl(dirname);
dir = afsconf_Open(dirname);
if (dir == NULL) {
fprintf(stderr, "Unable to configure directory.\n");
exit(1);
}
run_tests(dir, 2, "config");
afstest_UnlinkTestConfig(dirname);
}
int
unlog_NormalizeCellNames(char **list, int size)
{
char *newCellName;
unsigned index;
struct afsconf_dir *conf;
int code;
struct afsconf_cell cellinfo;
if (!(conf = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
fprintf(stderr, "Cannot get cell configuration info!\n");
exit(1);
}
for (index = 0; index < size; index++, list++) {
newCellName = malloc(MAXKTCREALMLEN);
if (!newCellName) {
perror("unlog_NormalizeCellNames --- malloc failed");
exit(1);
}
lcstring(newCellName, *list, MAXKTCREALMLEN);
code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
if (code) {
if (code == AFSCONF_NOTFOUND) {
fprintf(stderr, "Unrecognized cell name %s\n", newCellName);
} else {
fprintf(stderr,
"unlog_NormalizeCellNames - afsconf_GetCellInfo");
fprintf(stderr, " failed, code = %d\n", code);
}
exit(1);
}
strcpy(newCellName, cellinfo.name);
*list = newCellName;
}
afsconf_Close(conf);
return 0;
}
void
test_set_local_realms(void)
{
struct afsconf_dir *dir;
char *dirname;
/* Simulate command line -realm option; overrides config file, if one.
* Multiple realms can be added. */
ok(afsconf_SetLocalRealm("MY.REALM.ORG") == 0, "set local realm MY.REALM.ORG");
ok(afsconf_SetLocalRealm("MY.OTHER.REALM.ORG") == 0, "set local realm MY.OTHER.REALM.ORG");
/* run tests without config files */
dirname = afstest_BuildTestConfig();
dir = afsconf_Open(dirname);
if (dir == NULL) {
fprintf(stderr, "Unable to configure directory.\n");
exit(1);
}
write_krb_conf(dirname, "SOME.REALM.ORG");
run_tests(dir, 1, "set realm test");
afstest_UnlinkTestConfig(dirname);
}
static int get_cellconfig(char *cell, struct afsconf_cell *cellconfig,
char *local_cell)
{
int status = AKLOG_SUCCESS;
struct afsconf_dir *configdir;
memset(local_cell, 0, sizeof(local_cell));
memset(cellconfig, 0, sizeof(*cellconfig));
if (!(configdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)))
{
fprintf(stderr, "%s: can't get afs configuration (afsconf_Open(%s))\n",
progname, AFSDIR_CLIENT_ETC_DIRPATH);
exit(AKLOG_AFS);
}
if (afsconf_GetLocalCell(configdir, local_cell, MAXCELLCHARS))
{
fprintf(stderr, "%s: can't determine local cell.\n", progname);
exit(AKLOG_AFS);
}
if ((cell == NULL) || (cell[0] == 0))
cell = local_cell;
if (afsconf_GetCellInfo(configdir, cell, NULL, cellconfig))
{
fprintf(stderr, "%s: Can't get information about cell %s.\n",
progname, cell);
status = AKLOG_AFS;
}
(void) afsconf_Close(configdir);
return(status);
}
int
afstest_StartTestRPCService(const char *configPath,
u_short port,
u_short serviceId,
afs_int32 (*proc) (struct rx_call *))
{
struct afsconf_dir *dir;
struct rx_securityClass **classes;
afs_int32 numClasses;
int code;
struct rx_service *service;
dir = afsconf_Open(configPath);
if (dir == NULL) {
fprintf(stderr, "Server: Unable to open config directory\n");
return -1;
}
code = rx_Init(htons(port));
if (code != 0) {
fprintf(stderr, "Server: Unable to initialise RX\n");
return -1;
}
afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
service = rx_NewService(0, serviceId, "test", classes, numClasses,
proc);
if (service == NULL) {
fprintf(stderr, "Server: Unable to start to test service\n");
return -1;
}
rx_StartServer(1);
return 0; /* Not reached, we donated ourselves to StartServer */
}
struct afscp_cell *
afscp_DefaultCell(void)
{
struct afsconf_dir *dir;
char localcell[MAXCELLCHARS + 1];
int code;
if (defcell) {
return afscp_CellByName(defcell, defrealm);
}
dir = afsconf_Open(AFSCONF_CLIENTNAME);
if (dir == NULL) {
afscp_errno = AFSCONF_NODB;
return NULL;
}
code = afsconf_GetLocalCell(dir, localcell, MAXCELLCHARS);
if (code != 0) {
afscp_errno = code;
return NULL;
}
afsconf_Close(dir);
return afscp_CellByName(localcell, defrealm);
}
static int
_GetLocalSecurityObject(struct afscp_cell *cell,
char *aname, char *ainst)
{
int code = 0;
char tbuffer[256];
struct ktc_encryptionKey key, session;
struct rx_securityClass *tc;
afs_int32 kvno;
afs_int32 ticketLen;
rxkad_level lev;
struct afsconf_dir *tdir;
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
if (!tdir) {
code = AFSCONF_FAILURE;
goto done;
}
code = afsconf_GetLatestKey(tdir, &kvno, &key);
if (code) {
goto done;
}
DES_init_random_number_generator((DES_cblock *)&key);
code = DES_new_random_key((DES_cblock *)&session);
if (code) {
goto done;
}
ticketLen = sizeof(tbuffer);
memset(tbuffer, 0, sizeof(tbuffer));
code = tkt_MakeTicket(tbuffer, &ticketLen, &key, aname, ainst, "", 0,
0xffffffff, &session, 0, "afs", "");
if (code) {
goto done;
}
if (insecure) {
lev = rxkad_clear;
} else {
lev = rxkad_crypt;
}
tc = (struct rx_securityClass *)
rxkad_NewClientSecurityObject(lev, &session, kvno, ticketLen,
tbuffer);
if (!tc) {
code = RXKADBADKEY;
goto done;
}
cell->security = tc;
cell->scindex = 2;
done:
if (tdir) {
afsconf_Close(tdir);
}
return code;
}
afs_int32
pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
{
afs_int32 code;
struct rx_connection *serverconns[MAXSERVERS];
struct rx_securityClass *sc = NULL;
static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
static char tconfDir[100] = "";
static char tcell[64] = "";
afs_int32 scIndex;
afs_int32 secFlags;
static struct afsconf_cell info;
afs_int32 i;
#if !defined(UKERNEL)
char cellstr[64];
#endif
afs_int32 gottdir = 0;
afs_int32 refresh = 0;
initialize_PT_error_table();
initialize_RXK_error_table();
initialize_ACFG_error_table();
initialize_KTC_error_table();
#if defined(UKERNEL)
if (!cell) {
cell = afs_LclCellName;
}
#else /* defined(UKERNEL) */
if (!cell) {
if (!tdir)
tdir = afsconf_Open(confDir);
if (!tdir) {
if (confDir && strcmp(confDir, ""))
fprintf(stderr,
"%s: Could not open configuration directory: %s.\n",
whoami, confDir);
else
fprintf(stderr,
"%s: No configuration directory specified.\n",
whoami);
return -1;
}
gottdir = 1;
code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
if (code) {
fprintf(stderr,
"libprot: Could not get local cell. [%d]\n", code);
return code;
}
cell = cellstr;
}
#endif /* defined(UKERNEL) */
if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
/*
* force re-evaluation. we either don't have an afsconf_dir,
* the directory has changed or the cell has changed.
*/
if (tdir && !gottdir) {
afsconf_Close(tdir);
tdir = (struct afsconf_dir *)NULL;
}
pruclient = (struct ubik_client *)NULL;
refresh = 1;
}
if (refresh) {
strncpy(tconfDir, confDir, sizeof(tconfDir));
strncpy(tcell, cell, sizeof(tcell));
#if defined(UKERNEL)
tdir = afs_cdir;
#else /* defined(UKERNEL) */
if (!gottdir)
tdir = afsconf_Open(confDir);
if (!tdir) {
if (confDir && strcmp(confDir, ""))
fprintf(stderr,
"libprot: Could not open configuration directory: %s.\n",
confDir);
else
fprintf(stderr,
"libprot: No configuration directory specified.\n");
return -1;
}
#endif /* defined(UKERNEL) */
code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
if (code) {
fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
cell, confDir, AFSDIR_CELLSERVDB_FILE);
return code;
}
}
/* If we already have a client and it is at the security level we
* want, don't get a new one. Unless the security level is 2 in
* which case we will get one (and re-read the key file).
*/
if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
return 0;
}
code = rx_Init(0);
if (code) {
fprintf(stderr, "libprot: Could not initialize rx.\n");
return code;
}
/* Most callers use secLevel==1, however, the fileserver uses secLevel==2
* to force use of the KeyFile. secLevel == 0 implies -noauth was
* specified. */
if (secLevel == 2) {
code = afsconf_GetLatestKey(tdir, 0, 0);
if (code) {
afs_com_err(whoami, code, "(getting key from local KeyFile)\n");
} else {
/* If secLevel is two assume we're on a file server and use
* ClientAuthSecure if possible. */
code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
if (code)
afs_com_err(whoami, code, "(calling client secure)\n");
}
} else if (secLevel > 0) {
secFlags = 0;
if (secLevel > 1)
secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
if (code) {
afs_com_err(whoami, code, "(getting token)");
if (secLevel > 1)
return code;
}
}
if (sc == NULL) {
sc = rxnull_NewClientSecurityObject();
scIndex = RX_SECIDX_NULL;
}
if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0))
fprintf(stderr,
"%s: Could not get afs tokens, running unauthenticated\n",
whoami);
memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
for (i = 0; i < info.numServers; i++)
serverconns[i] =
rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
info.hostAddr[i].sin_port, PRSRV, sc,
scIndex);
code = ubik_ClientInit(serverconns, &pruclient);
if (code) {
afs_com_err(whoami, code, "ubik client init failed.");
return code;
}
lastLevel = scIndex;
code = rxs_Release(sc);
return code;
}
int
main(int argc, char **argv, char **envp)
{
struct rx_service *tservice;
afs_int32 code;
struct afsconf_dir *tdir;
int noAuth = 0;
int i;
char namebuf[AFSDIR_PATH_MAX];
int rxMaxMTU = -1;
afs_uint32 host = htonl(INADDR_ANY);
char *auditFileName = NULL;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
int DoPeerRPCStats = 0;
int DoProcessRPCStats = 0;
#ifndef AFS_NT40_ENV
int nofork = 0;
struct stat sb;
#endif
#ifdef AFS_AIX32_ENV
struct sigaction nsa;
/* for some reason, this permits user-mode RX to run a lot faster.
* we do it here in the bosserver, so we don't have to do it
* individually in each server.
*/
tweak_config();
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGSEGV, &nsa, NULL);
sigaction(SIGABRT, &nsa, NULL);
#endif
osi_audit_init();
signal(SIGFPE, bozo_insecureme);
#ifdef AFS_NT40_ENV
/* Initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "%s: Couldn't initialize winsock.\n", argv[0]);
exit(2);
}
#endif
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
/* some path inits */
bozo_fileName = AFSDIR_SERVER_BOZCONF_FILEPATH;
DoCore = AFSDIR_SERVER_LOGS_DIRPATH;
/* initialize the list of dirpaths that the bosserver has
* an interest in monitoring */
initBosEntryStats();
#if defined(AFS_SGI_ENV)
/* offer some protection if AFS isn't loaded */
if (syscall(AFS_SYSCALL, AFSOP_ENDLOG) < 0 && errno == ENOPKG) {
printf("bosserver: AFS doesn't appear to be configured in O.S..\n");
exit(1);
}
#endif
#ifndef AFS_NT40_ENV
/* save args for restart */
bozo_argc = argc;
bozo_argv = malloc((argc+1) * sizeof(char*));
if (!bozo_argv) {
fprintf(stderr, "%s: Failed to allocate argument list.\n", argv[0]);
exit(1);
}
bozo_argv[0] = (char*)AFSDIR_SERVER_BOSVR_FILEPATH; /* expected path */
bozo_argv[bozo_argc] = NULL; /* null terminate list */
#endif /* AFS_NT40_ENV */
/* parse cmd line */
for (code = 1; code < argc; code++) {
#ifndef AFS_NT40_ENV
bozo_argv[code] = argv[code];
#endif /* AFS_NT40_ENV */
if (strcmp(argv[code], "-noauth") == 0) {
/* set noauth flag */
noAuth = 1;
} else if (strcmp(argv[code], "-log") == 0) {
/* set extra logging flag */
DoLogging = 1;
}
#ifndef AFS_NT40_ENV
else if (strcmp(argv[code], "-syslog") == 0) {
/* set syslog logging flag */
DoSyslog = 1;
} else if (strncmp(argv[code], "-syslog=", 8) == 0) {
DoSyslog = 1;
DoSyslogFacility = atoi(argv[code] + 8);
} else if (strncmp(argv[code], "-cores=", 7) == 0) {
if (strcmp((argv[code]+7), "none") == 0)
DoCore = 0;
else
DoCore = (argv[code]+7);
} else if (strcmp(argv[code], "-nofork") == 0) {
nofork = 1;
}
#endif
else if (strcmp(argv[code], "-enable_peer_stats") == 0) {
DoPeerRPCStats = 1;
} else if (strcmp(argv[code], "-enable_process_stats") == 0) {
DoProcessRPCStats = 1;
}
else if (strcmp(argv[code], "-restricted") == 0) {
bozo_isrestricted = 1;
}
else if (strcmp(argv[code], "-rxbind") == 0) {
rxBind = 1;
}
else if (strcmp(argv[code], "-allow-dotted-principals") == 0) {
rxkadDisableDotCheck = 1;
}
else if (!strcmp(argv[code], "-rxmaxmtu")) {
if ((code + 1) >= argc) {
fprintf(stderr, "missing argument for -rxmaxmtu\n");
exit(1);
}
rxMaxMTU = atoi(argv[++code]);
}
else if (strcmp(argv[code], "-auditlog") == 0) {
auditFileName = argv[++code];
} else if (strcmp(argv[code], "-audit-interface") == 0) {
char *interface = argv[++code];
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
exit(1);
}
} else if (strncmp(argv[code], "-pidfiles=", 10) == 0) {
DoPidFiles = (argv[code]+10);
} else if (strncmp(argv[code], "-pidfiles", 9) == 0) {
DoPidFiles = AFSDIR_BOSCONFIG_DIR;
}
else {
/* hack to support help flag */
#ifndef AFS_NT40_ENV
printf("Usage: bosserver [-noauth] [-log] "
"[-auditlog <log path>] "
"[-audit-interface <file|sysvmq> (default is file)] "
"[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] "
"[-syslog[=FACILITY]] "
"[-restricted] "
"[-enable_peer_stats] [-enable_process_stats] "
"[-cores=<none|path>] \n"
"[-pidfiles[=path]] "
"[-nofork] " "[-help]\n");
#else
printf("Usage: bosserver [-noauth] [-log] "
"[-auditlog <log path>] "
"[-audit-interface <file|sysvmq> (default is file)] "
"[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals] "
"[-restricted] "
"[-enable_peer_stats] [-enable_process_stats] "
"[-cores=<none|path>] \n"
"[-pidfiles[=path]] "
"[-help]\n");
#endif
fflush(stdout);
exit(0);
}
}
if (auditFileName) {
osi_audit_file(auditFileName);
}
#ifndef AFS_NT40_ENV
if (geteuid() != 0) {
printf("bosserver: must be run as root.\n");
exit(1);
}
#endif
if ((!DoSyslog)
#ifndef AFS_NT40_ENV
&& ((lstat(AFSDIR_BOZLOG_FILE, &sb) == 0) &&
!(S_ISFIFO(sb.st_mode)))
#endif
) {
strcpy(namebuf, AFSDIR_BOZLOG_FILE);
strcat(namebuf, ".old");
rk_rename(AFSDIR_BOZLOG_FILE, namebuf); /* try rename first */
bozo_logFile = fopen(AFSDIR_BOZLOG_FILE, "a");
if (!bozo_logFile) {
printf("bosserver: can't initialize log file (%s).\n",
AFSDIR_SERVER_BOZLOG_FILEPATH);
exit(1);
}
/* keep log closed normally, so can be removed */
fclose(bozo_logFile);
} else {
#ifndef AFS_NT40_ENV
openlog("bosserver", LOG_PID, DoSyslogFacility);
#endif
}
/*
* go into the background and remove our controlling tty, close open
* file desriptors
*/
#ifndef AFS_NT40_ENV
if (!nofork)
daemon(1, 0);
#endif /* ! AFS_NT40_ENV */
/* create useful dirs */
CreateDirs(DoCore);
/* Write current state of directory permissions to log file */
DirAccessOK();
/* chdir to AFS log directory */
if (DoCore)
chdir(DoCore);
else
chdir(AFSDIR_SERVER_LOGS_DIRPATH);
/* try to read the key from the config file */
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
if (!tdir) {
/* try to create local cell config file */
struct afsconf_cell tcell;
strcpy(tcell.name, "localcell");
tcell.numServers = 1;
code = gethostname(tcell.hostName[0], MAXHOSTCHARS);
if (code) {
bozo_Log("failed to get hostname, code %d\n", errno);
exit(1);
}
if (tcell.hostName[0][0] == 0) {
bozo_Log("host name not set, can't start\n");
bozo_Log("try the 'hostname' command\n");
exit(1);
}
memset(tcell.hostAddr, 0, sizeof(tcell.hostAddr)); /* not computed */
code =
afsconf_SetCellInfo(NULL, AFSDIR_SERVER_ETC_DIRPATH,
&tcell);
if (code) {
bozo_Log
("could not create cell database in '%s' (code %d), quitting\n",
AFSDIR_SERVER_ETC_DIRPATH, code);
exit(1);
}
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
if (!tdir) {
bozo_Log
("failed to open newly-created cell database, quitting\n");
exit(1);
}
}
/* opened the cell databse */
bozo_confdir = tdir;
code = bnode_Init();
if (code) {
printf("bosserver: could not init bnode package, code %d\n", code);
exit(1);
}
bnode_Register("fs", &fsbnode_ops, 3);
bnode_Register("dafs", &dafsbnode_ops, 4);
bnode_Register("simple", &ezbnode_ops, 1);
bnode_Register("cron", &cronbnode_ops, 2);
#if defined(RLIMIT_CORE) && defined(HAVE_GETRLIMIT)
{
struct rlimit rlp;
getrlimit(RLIMIT_CORE, &rlp);
if (!DoCore)
rlp.rlim_cur = 0;
else
rlp.rlim_max = rlp.rlim_cur = RLIM_INFINITY;
setrlimit(RLIMIT_CORE, &rlp);
getrlimit(RLIMIT_CORE, &rlp);
bozo_Log("Core limits now %d %d\n",(int)rlp.rlim_cur,(int)rlp.rlim_max);
}
#endif
/* Read init file, starting up programs. Also starts watcher threads. */
if ((code = ReadBozoFile(0))) {
bozo_Log
("bosserver: Something is wrong (%d) with the bos configuration file %s; aborting\n",
code, AFSDIR_SERVER_BOZCONF_FILEPATH);
exit(code);
}
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else {
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1)
host = SHostAddrs[0];
}
for (i = 0; i < 10; i++) {
if (rxBind) {
code = rx_InitHost(host, htons(AFSCONF_NANNYPORT));
} else {
code = rx_Init(htons(AFSCONF_NANNYPORT));
}
if (code) {
bozo_Log("can't initialize rx: code=%d\n", code);
sleep(3);
} else
break;
}
if (i >= 10) {
bozo_Log("Bos giving up, can't initialize rx\n");
exit(code);
}
/* Set some rx config */
if (DoPeerRPCStats)
rx_enablePeerRPCStats();
if (DoProcessRPCStats)
rx_enableProcessRPCStats();
/* Disable jumbograms */
rx_SetNoJumbo();
if (rxMaxMTU != -1) {
if (rx_SetMaxMTU(rxMaxMTU) != 0) {
bozo_Log("bosserver: rxMaxMTU %d is invalid\n", rxMaxMTU);
exit(1);
}
}
code = LWP_CreateProcess(BozoDaemon, BOZO_LWP_STACKSIZE, /* priority */ 1,
/* param */ NULL , "bozo-the-clown", &bozo_pid);
if (code) {
bozo_Log("Failed to create daemon thread\n");
exit(1);
}
/* initialize audit user check */
osi_audit_set_user_check(bozo_confdir, bozo_IsLocalRealmMatch);
bozo_CreateRxBindFile(host); /* for local scripts */
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(bozo_rxstat_userok);
afsconf_SetNoAuthFlag(tdir, noAuth);
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
if (DoPidFiles) {
bozo_CreatePidFile("bosserver", NULL, getpid());
}
tservice = rx_NewServiceHost(host, 0, /* service id */ 1,
"bozo", securityClasses, numClasses,
BOZO_ExecuteRequest);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
rx_SetStackSize(tservice, BOZO_LWP_STACKSIZE); /* so gethostbyname works (in cell stuff) */
if (rxkadDisableDotCheck) {
rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
(void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
}
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
securityClasses, numClasses, RXSTATS_ExecuteRequest);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
rx_StartServer(1); /* donate this process */
return 0;
}
int
main(int argc, char **argv)
{
struct afsconf_dir *tdir;
afs_int32 code;
if (argc == 1) {
printf("bos_util: usage is 'bos_util <opcode> options, e.g.\n");
printf(" bos_util add <kvno>\n");
printf(" bos_util adddes <kvno>\n");
#ifdef KERBEROS
printf(" bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n");
#endif
printf(" bos_util delete <kvno>\n");
printf(" bos_util list\n");
exit(1);
}
tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIR);
if (!tdir) {
printf("bos_util: can't initialize conf dir '%s'\n",
AFSDIR_SERVER_ETC_DIR);
exit(1);
}
if (strcmp(argv[1], "add") == 0) {
struct ktc_encryptionKey tkey;
int kvno;
char buf[BUFSIZ], ver[BUFSIZ];
char *tcell = NULL;
if (argc != 3) {
printf("bos_util add: usage is 'bos_util add <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
/* prompt for key */
code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {
printf("Bad key: \n");
exit(1);
}
code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0);
if (code || strlen(ver) == 0) {
printf("Bad key: \n");
exit(1);
}
if (strcmp(ver, buf) != 0) {
printf("\nInput key mismatch\n");
exit(1);
}
ka_StringToKey(buf, tcell, &tkey);
code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
} else if (strcmp(argv[1], "adddes") == 0) {
struct ktc_encryptionKey tkey;
int kvno;
afs_int32 code;
char buf[BUFSIZ], ver[BUFSIZ];
if (argc != 3) {
printf("bos_util adddes: usage is 'bos_util adddes <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
/* prompt for key */
code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {
printf("Bad key: \n");
exit(1);
}
code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0);
if (code || strlen(ver) == 0) {
printf("Bad key: \n");
exit(1);
}
if (strcmp(ver, buf) != 0) {
printf("\nInput key mismatch\n");
exit(1);
}
des_string_to_key(buf, ktc_to_cblockptr(&tkey));
code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
}
#ifdef KERBEROS
else if (strcmp(argv[1], "srvtab2keyfile") == 0) {
char tkey[8], name[255], inst[255], realm[255];
int kvno;
if (argc != 5) {
printf
("bos_util add: usage is 'bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n");
exit(1);
}
kvno = atoi(argv[2]);
bzero(tkey, sizeof(tkey));
code = kname_parse(name, inst, realm, argv[4]);
if (code != 0) {
printf("Invalid kerberos name\n");
exit(1);
}
code = read_service_key(name, inst, realm, kvno, argv[3], tkey);
if (code != 0) {
printf("Can't find key in %s\n", argv[3]);
exit(1);
}
code = afsconf_AddKey(tdir, kvno, tkey, 0);
if (code) {
printf("bos_util: failed to set key, code %d.\n", code);
exit(1);
}
}
#endif
else if (strcmp(argv[1], "delete") == 0) {
long kvno;
if (argc != 3) {
printf("bos_util delete: usage is 'bos_util delete <kvno>\n");
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
printf("bos_util: failed to delete key %ld, (code %d)\n", kvno,
code);
exit(1);
}
} else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i;
unsigned char tbuffer[9];
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
printf("bos_util: failed to get keys, code %d\n", code);
exit(1);
}
for (i = 0; i < tkeys.nkeys; i++) {
if (tkeys.key[i].kvno != -1) {
int count;
unsigned char x[8];
memcpy(tbuffer, tkeys.key[i].key, 8);
tbuffer[8] = 0;
printf("kvno %4d: key is '%s' '", tkeys.key[i].kvno, tbuffer);
strcpy((char *)x, (char *)tbuffer);
for (count = 0; count < 8; count++)
printf("\\%03o", x[count]);
printf("'\n");
}
}
printf("All done.\n");
} else {
printf
("bos_util: unknown operation '%s', type 'bos_util' for assistance\n",
argv[1]);
exit(1);
}
exit(0);
}
int
main(int argc, char **argv)
{
char *dirname;
struct afsconf_dir *dir;
int code, secIndex;
pid_t serverPid;
struct rx_securityClass *secClass;
struct ubik_client *ubikClient = NULL;
int ret = 0;
/* Skip all tests if the current hostname can't be resolved */
afstest_SkipTestsIfBadHostname();
/* Skip all tests if the current hostname is on the loopback network */
afstest_SkipTestsIfLoopbackNetIsDefault();
plan(6);
code = rx_Init(0);
dirname = afstest_BuildTestConfig();
dir = afsconf_Open(dirname);
code = afstest_AddDESKeyFile(dir);
if (code) {
afs_com_err("vos-t", code, "while adding test DES keyfile");
ret = 1;
goto out;
}
code = afstest_StartVLServer(dirname, &serverPid);
if (code) {
afs_com_err("vos-t", code, "while starting the vlserver");
ret = 1;
goto out;
}
/* Let it figure itself out ... */
sleep(5);
code = afsconf_ClientAuthSecure(dir, &secClass, &secIndex);
is_int(code, 0, "Successfully got security class");
if (code) {
afs_com_err("authname-t", code, "while getting anonymous secClass");
ret = 1;
goto out;
}
code = afstest_GetUbikClient(dir, AFSCONF_VLDBSERVICE, USER_SERVICE_ID,
secClass, secIndex, &ubikClient);
is_int(code, 0, "Successfully built ubik client structure");
if (code) {
afs_com_err("vos-t", code, "while building ubik client");
ret = 1;
goto out;
}
TestListAddrs(ubikClient, dirname);
code = afstest_StopServer(serverPid);
is_int(0, code, "Server exited cleanly");
out:
afstest_UnlinkTestConfig(dirname);
return ret;
}
/*!
* \brief Get the appropriate type of ubik client structure out from the system.
*/
afs_int32
ugen_ClientInit(int noAuthFlag, const char *confDir, char *cellName, afs_int32 sauth,
struct ubik_client **uclientp,
int (*secproc) (struct rx_securityClass *, afs_int32),
char *funcName, afs_int32 gen_rxkad_level,
afs_int32 maxservers, char *serviceid, afs_int32 deadtime,
afs_uint32 server, afs_uint32 port, afs_int32 usrvid)
{
afs_int32 code, secFlags, i;
afs_int32 scIndex;
struct afsconf_cell info;
struct afsconf_dir *tdir;
struct rx_securityClass *sc;
/* This must change if VLDB_MAXSERVERS becomes larger than MAXSERVERS */
static struct rx_connection *serverconns[MAXSERVERS];
code = rx_Init(0);
if (code) {
fprintf(stderr, "%s: could not initialize rx.\n", funcName);
return code;
}
rx_SetRxDeadTime(deadtime);
secFlags = AFSCONF_SECOPTS_FALLBACK_NULL;
if (sauth) {
secFlags |= AFSCONF_SECOPTS_LOCALAUTH;
confDir = AFSDIR_SERVER_ETC_DIRPATH;
} else {
if (confDir == NULL)
confDir = AFSDIR_CLIENT_ETC_DIRPATH;
}
if (noAuthFlag) {
secFlags |= AFSCONF_SECOPTS_NOAUTH;
}
tdir = afsconf_Open(confDir);
if (!tdir) {
fprintf(stderr,
"%s: Could not process files in configuration directory (%s).\n",
funcName, confDir);
return -1;
}
if (sauth)
cellName = tdir->cellName;
code = afsconf_GetCellInfo(tdir, cellName, serviceid, &info);
if (code) {
afsconf_Close(tdir);
fprintf(stderr, "%s: can't find cell %s's hosts in %s/%s\n",
funcName, cellName, confDir, AFSDIR_CELLSERVDB_FILE);
return -1;
}
code = afsconf_PickClientSecObj(tdir, secFlags, &info, cellName, &sc,
&scIndex, NULL);
if (code) {
fprintf(stderr, "%s: can't create client security object", funcName);
return -1;
}
if (scIndex == RX_SECIDX_NULL && !noAuthFlag) {
fprintf(stderr,
"%s: Could not get afs tokens, running unauthenticated.\n",
funcName);
}
afsconf_Close(tdir);
if (secproc) /* tell UV module about default authentication */
(*secproc) (sc, scIndex);
if (server) {
serverconns[0] = rx_NewConnection(server, port,
usrvid, sc, scIndex);
} else {
if (info.numServers > maxservers) {
fprintf(stderr,
"%s: info.numServers=%d (> maxservers=%d)\n",
funcName, info.numServers, maxservers);
return -1;
}
for (i = 0; i < info.numServers; i++) {
if (!info.hostAddr[i].sin_port && port)
info.hostAddr[i].sin_port = port;
serverconns[i] =
rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
info.hostAddr[i].sin_port, usrvid,
sc, scIndex);
}
}
/* Are we just setting up connections, or is this really ubik stuff? */
if (uclientp) {
*uclientp = 0;
code = ubik_ClientInit(serverconns, uclientp);
if (code) {
fprintf(stderr, "%s: ubik client init failed.\n", funcName);
return code;
}
}
return 0;
}
int
main(int argc, char **argv)
{
char *whoami = argv[0];
char *dbNamePtr = 0;
struct afsconf_cell cellinfo;
time_t currentTime;
afs_int32 code = 0;
afs_uint32 host = ntohl(INADDR_ANY);
char clones[MAXHOSTSPERCELL];
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
extern int rx_stackSize;
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
exit(1);
}
#endif
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGSEGV, &nsa, NULL);
sigaction(SIGABRT, &nsa, NULL);
#endif
osi_audit_init();
osi_audit(BUDB_StartEvent, 0, AUD_END);
initialize_BUDB_error_table();
initializeArgHandler();
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
afs_com_err(whoami, errno, "; Unable to obtain AFS server directory.");
exit(2);
}
memset(globalConfPtr, 0, sizeof(*globalConfPtr));
/* set default configuration values */
strcpy(dbDir, AFSDIR_SERVER_DB_DIRPATH);
strcat(dbDir, "/");
globalConfPtr->databaseDirectory = dbDir;
globalConfPtr->databaseName = DEFAULT_DBPREFIX;
strcpy(cellConfDir, AFSDIR_SERVER_ETC_DIRPATH);
globalConfPtr->cellConfigdir = cellConfDir;
/* open the log file */
/*
globalConfPtr->log = fopen(DEFAULT_LOGNAME,"a");
if ( globalConfPtr->log == NULL )
{
printf("Can't open log file %s - aborting\n", DEFAULT_LOGNAME);
BUDB_EXIT(-1);
}
*/
srandom(1);
#ifdef AFS_PTHREAD_ENV
SetLogThreadNumProgram( rx_GetThreadNum );
#endif
/* process the user supplied args */
helpOption = 1;
code = cmd_Dispatch(argc, argv);
if (code)
ERROR(code);
/* exit if there was a help option */
if (helpOption)
BUDB_EXIT(0);
/* open the log file */
globalConfPtr->log = fopen(AFSDIR_SERVER_BUDBLOG_FILEPATH, "a");
if (globalConfPtr->log == NULL) {
printf("Can't open log file %s - aborting\n",
AFSDIR_SERVER_BUDBLOG_FILEPATH);
BUDB_EXIT(-1);
}
/* keep log closed so can remove it */
fclose(globalConfPtr->log);
/* open the cell's configuration directory */
LogDebug(4, "opening %s\n", globalConfPtr->cellConfigdir);
BU_conf = afsconf_Open(globalConfPtr->cellConfigdir);
if (BU_conf == 0) {
LogError(code, "Failed getting cell info\n");
afs_com_err(whoami, code, "Failed getting cell info");
ERROR(BUDB_NOCELLS);
}
code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell));
if (code) {
LogError(0, "** Can't determine local cell name!\n");
ERROR(code);
}
if (globalConfPtr->myHost == 0) {
/* if user hasn't supplied a list of servers, extract server
* list from the cell's database
*/
LogDebug(1, "Using server list from %s cell database.\n", lcell);
code = afsconf_GetExtendedCellInfo (BU_conf, lcell, 0, &cellinfo,
clones);
code =
convert_cell_to_ubik(&cellinfo, &globalConfPtr->myHost,
globalConfPtr->serverList);
if (code)
ERROR(code);
}
/* initialize audit user check */
osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch);
/* initialize ubik */
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, BU_conf);
if (ubik_nBuffers == 0)
ubik_nBuffers = 400;
LogError(0, "Will allocate %d ubik buffers\n", ubik_nBuffers);
asprintf(&dbNamePtr, "%s%s", globalConfPtr->databaseDirectory,
globalConfPtr->databaseName);
if (dbNamePtr == 0)
ERROR(-1);
rx_SetRxDeadTime(60); /* 60 seconds inactive before timeout */
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_BUDBPORT));
}
}
/* Disable jumbograms */
rx_SetNoJumbo();
code = ubik_ServerInitByInfo (globalConfPtr->myHost,
htons(AFSCONF_BUDBPORT),
&cellinfo,
clones,
dbNamePtr, /* name prefix */
&BU_dbase);
if (code) {
LogError(code, "Ubik init failed\n");
afs_com_err(whoami, code, "Ubik init failed");
ERROR(code);
}
afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase",
securityClasses, numClasses, BUDB_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
LogError(0, "Could not create backup database rx service\n");
printf("Could not create backup database rx service\n");
BUDB_EXIT(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, lwps);
rx_SetStackSize(tservice, 10000);
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(BU_rxstat_userok);
/* misc. initialization */
/* database dump synchronization */
memset(dumpSyncPtr, 0, sizeof(*dumpSyncPtr));
Lock_Init(&dumpSyncPtr->ds_lock);
rx_StartServer(0); /* start handling requests */
code = InitProcs();
if (code)
ERROR(code);
currentTime = time(0);
LogError(0, "Ready to process requests at %s\n", ctime(¤tTime));
rx_ServerProc(NULL); /* donate this LWP */
error_exit:
osi_audit(BUDB_FinishEvent, code, AUD_END);
return (code);
}
int
main(int argc, char *argv[])
{
struct afsconf_dir *tdir;
long code;
const char *confdir;
if (argc == 1) {
fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n",
argv[0], argv[0]);
fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
fprintf(stderr, "\t%s list\n", argv[0]);
exit(1);
}
confdir = AFSDIR_SERVER_ETC_DIRPATH;
tdir = afsconf_Open(confdir);
if (!tdir) {
fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
confdir);
exit(1);
}
if (strcmp(argv[1], "add")==0) {
krb5_context context;
krb5_principal principal;
krb5_keyblock *key;
krb5_error_code retval;
int kvno, keymode = 0;
if (argc != 5) {
if (argc == 4)
keymode = 1;
else {
fprintf(stderr, "%s add: usage is '%s add <kvno> <keyfile> "
"<princ>\n", argv[0], argv[0]);
fprintf(stderr, "\tOR\n\t%s add <kvno> <key>\n", argv[0]);
fprintf(stderr, "\t\tEx: %s add 0 \"80b6a7cd7a9dadb6\"\n", argv[0]);
exit(1);
}
}
kvno = atoi(argv[2]);
if (keymode) {
char tkey[8];
int i;
char *cp;
if (strlen(argv[3]) != 16) {
printf("key %s is not in right format\n", argv[3]);
printf(" <key> should be an 8byte hex representation \n");
printf(" Ex: setkey add 0 \"80b6a7cd7a9dadb6\"\n");
exit(1);
}
memset(tkey, 0, sizeof(tkey));
for (i = 7, cp = argv[3] + 15; i >= 0; i--, cp -= 2)
tkey[i] = char2hex(*cp) + char2hex(*(cp - 1)) * 16;
code = afsconf_AddKey(tdir, kvno, tkey, 1);
} else {
krb5_init_context(&context);
retval = krb5_parse_name(context, argv[4], &principal);
if (retval != 0) {
afs_com_err(argv[0], retval, "while parsing AFS principal");
exit(1);
}
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_CRC, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_MD5, &key);
if (retval == KRB5_KT_NOTFOUND)
retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
ENCTYPE_DES_CBC_MD4, &key);
if (retval == KRB5_KT_NOTFOUND) {
char * princname = NULL;
krb5_unparse_name(context, principal, &princname);
afs_com_err(argv[0], retval,
"for keytab entry with Principal %s, kvno %u, DES-CBC-CRC/MD5/MD4",
princname ? princname : argv[4],
kvno);
exit(1);
} else if (retval != 0) {
afs_com_err(argv[0], retval, "while extracting AFS service key");
exit(1);
}
#ifdef USING_HEIMDAL
#define deref_key_length(key) \
key->keyvalue.length
#define deref_key_contents(key) \
key->keyvalue.data
#else
#define deref_key_length(key) \
key->length
#define deref_key_contents(key) \
key->contents
#endif
if (deref_key_length(key) != 8) {
fprintf(stderr, "Key length should be 8, but is really %u!\n",
(unsigned int)deref_key_length(key));
exit(1);
}
code = afsconf_AddKey(tdir, kvno, (char *) deref_key_contents(key), 1);
}
if (code) {
fprintf(stderr, "%s: failed to set key, code %ld.\n", argv[0], code);
exit(1);
}
if (keymode == 0) {
krb5_free_principal(context, principal);
krb5_free_keyblock(context, key);
}
}
else if (strcmp(argv[1], "delete")==0) {
long kvno;
if (argc != 3) {
fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n",
argv[0], argv[0]);
exit(1);
}
kvno = atoi(argv[2]);
code = afsconf_DeleteKey(tdir, kvno);
if (code) {
fprintf(stderr, "%s: failed to delete key %ld, (code %ld)\n",
argv[0], kvno, code);
exit(1);
}
}
else if (strcmp(argv[1], "list") == 0) {
struct afsconf_keys tkeys;
int i, j;
code = afsconf_GetKeys(tdir, &tkeys);
if (code) {
fprintf(stderr, "%s: failed to get keys, code %ld\n", argv[0], code);
exit(1);
}
for(i=0;i<tkeys.nkeys;i++) {
if (tkeys.key[i].kvno != -1) {
printf("kvno %4d: key is: ", tkeys.key[i].kvno);
for (j = 0; j < 8; j++)
printf("%02x", (unsigned char) tkeys.key[i].key[j]);
printf("\n");
}
}
printf("All done.\n");
}
else {
fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
"assistance\n", argv[0], argv[1], argv[0]);
exit(1);
}
exit(0);
}
int
main(int argc, char **argv)
{
char localName[64];
register afs_int32 code;
register char *cname;
struct afsconf_dir *tdir;
struct ktc_principal tserver;
struct ktc_token token;
strcpy(whoami, argv[0]);
if (argc <= 1) {
printf
("%s: copies a file system ticket from the local cell to another cell\n",
whoami);
printf("%s: usage is 'setauth <new-cell>\n", whoami);
exit(1);
}
cname = argv[1];
/* lookup the name of the local cell */
tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
if (!tdir) {
printf("copyauth: can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
exit(1);
}
code = afsconf_GetLocalCell(tdir, localName, sizeof(localName));
if (code) {
printf("%s: can't determine local cell name\n", whoami);
exit(1);
}
/* done with configuration stuff now */
afsconf_Close(tdir);
/* get ticket in local cell */
strcpy(tserver.cell, localName);
strcpy(tserver.name, "afs");
tserver.instance[0] = 0;
code = ktc_GetToken(&tserver, &token, sizeof(token), NULL);
if (code) {
printf
("%s: failed to get '%s' service ticket in cell '%s' (code %d)\n",
whoami, tserver.name, tserver.cell, code);
exit(1);
}
/* and now set the ticket in the new cell */
strcpy(tserver.cell, argv[1]);
code = ktc_SetToken(&tserver, &token, NULL, 0);
if (code) {
printf
("%s: failed to set ticket (code %d), are you sure you're authenticated?\n",
whoami, code);
exit(1);
}
/* all done */
printf("Authentication established for cell %s.\n", cname);
exit(0);
}
static int
CommandProc(struct cmd_syndesc *as, void *arock)
{
krb5_principal princ = 0;
char *cell, *pname, **hrealms, *service;
char service_temp[MAXKTCREALMLEN + 20];
krb5_creds incred[1], mcred[1], *outcred = 0, *afscred;
krb5_ccache cc = 0;
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
krb5_get_init_creds_opt *gic_opts;
#else
krb5_get_init_creds_opt gic_opts[1];
#endif
char *tofree = NULL, *outname;
int code;
char *what;
int i, dosetpag, evil, noprdb, id;
#ifdef AFS_RXK5
int authtype;
#endif
krb5_data enc_part[1];
krb5_prompter_fct pf = NULL;
char *pass = 0;
void *pa = 0;
struct kp_arg klog_arg[1];
char passwd[BUFSIZ];
struct afsconf_cell cellconfig[1];
static char rn[] = "klog"; /*Routine name */
static int Pipe = 0; /* reading from a pipe */
static int Silent = 0; /* Don't want error messages */
int writeTicketFile = 0; /* write ticket file to /tmp */
service = 0;
memset(incred, 0, sizeof *incred);
/* blow away command line arguments */
for (i = 1; i < zero_argc; i++)
memset(zero_argv[i], 0, strlen(zero_argv[i]));
zero_argc = 0;
memset(klog_arg, 0, sizeof *klog_arg);
/* first determine quiet flag based on -silent switch */
Silent = (as->parms[aSILENT].items ? 1 : 0);
if (Silent) {
afs_set_com_err_hook(silent_errors);
}
if ((code = krb5_init_context(&k5context))) {
afs_com_err(rn, code, "while initializing Kerberos 5 library");
KLOGEXIT(code);
}
if ((code = rx_Init(0))) {
afs_com_err(rn, code, "while initializing rx");
KLOGEXIT(code);
}
initialize_U_error_table();
/*initialize_krb5_error_table();*/
initialize_RXK_error_table();
initialize_KTC_error_table();
initialize_ACFG_error_table();
/* initialize_rx_error_table(); */
if (!(tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH))) {
afs_com_err(rn, 0, "can't get afs configuration (afsconf_Open(%s))",
AFSDIR_CLIENT_ETC_DIRPATH);
KLOGEXIT(1);
}
/*
* Enable DES enctypes, which are currently still required for AFS.
* krb5_allow_weak_crypto is MIT Kerberos 1.8. krb5_enctype_enable is
* Heimdal.
*/
#if defined(HAVE_KRB5_ENCTYPE_ENABLE)
i = krb5_enctype_valid(k5context, ETYPE_DES_CBC_CRC);
if (i)
krb5_enctype_enable(k5context, ETYPE_DES_CBC_CRC);
#elif defined(HAVE_KRB5_ALLOW_WEAK_CRYPTO)
krb5_allow_weak_crypto(k5context, 1);
#endif
/* Parse remaining arguments. */
dosetpag = !! as->parms[aSETPAG].items;
Pipe = !! as->parms[aPIPE].items;
writeTicketFile = !! as->parms[aTMP].items;
noprdb = !! as->parms[aNOPRDB].items;
evil = (always_evil&1) || !! as->parms[aUNWRAP].items;
#ifdef AFS_RXK5
authtype = 0;
if (as->parms[aK5].items)
authtype |= FORCE_RXK5;
if (as->parms[aK4].items)
authtype |= FORCE_RXKAD;
if (!authtype)
authtype |= env_afs_rxk5_default();
#endif
cell = as->parms[aCELL].items ? as->parms[aCELL].items->data : 0;
if ((code = afsconf_GetCellInfo(tdir, cell, "afsprot", cellconfig))) {
if (cell)
afs_com_err(rn, code, "Can't get cell information for '%s'", cell);
else
afs_com_err(rn, code, "Can't get determine local cell!");
KLOGEXIT(code);
}
if (as->parms[aKRBREALM].items) {
code = krb5_set_default_realm(k5context,
as->parms[aKRBREALM].items->data);
if (code) {
afs_com_err(rn, code, "Can't make <%s> the default realm",
as->parms[aKRBREALM].items->data);
KLOGEXIT(code);
}
}
else if ((code = krb5_get_host_realm(k5context, cellconfig->hostName[0], &hrealms))) {
afs_com_err(rn, code, "Can't get realm for host <%s> in cell <%s>\n",
cellconfig->hostName[0], cellconfig->name);
KLOGEXIT(code);
} else {
if (hrealms && *hrealms) {
code = krb5_set_default_realm(k5context,
*hrealms);
if (code) {
afs_com_err(rn, code, "Can't make <%s> the default realm",
*hrealms);
KLOGEXIT(code);
}
}
if (hrealms) krb5_free_host_realm(k5context, hrealms);
}
id = getuid();
if (as->parms[aPRINCIPAL].items) {
pname = as->parms[aPRINCIPAL].items->data;
} else {
/* No explicit name provided: use Unix uid. */
struct passwd *pw;
pw = getpwuid(id);
if (pw == 0) {
afs_com_err(rn, 0,
"Can't figure out your name from your user id (%d).", id);
if (!Silent)
fprintf(stderr, "%s: Try providing the user name.\n", rn);
KLOGEXIT(1);
}
pname = pw->pw_name;
}
code = krb5_parse_name(k5context, pname, &princ);
if (code) {
afs_com_err(rn, code, "Can't parse principal <%s>", pname);
KLOGEXIT(code);
}
if (as->parms[aPASSWORD].items) {
/*
* Current argument is the desired password string. Remember it in
* our local buffer, and zero out the argument string - anyone can
* see it there with ps!
*/
strncpy(passwd, as->parms[aPASSWORD].items->data, sizeof(passwd));
memset(as->parms[aPASSWORD].items->data, 0,
strlen(as->parms[aPASSWORD].items->data));
pass = passwd;
}
/* Get the password if it wasn't provided. */
if (!pass) {
if (Pipe) {
strncpy(passwd, getpipepass(), sizeof(passwd));
pass = passwd;
} else {
pf = klog_prompter;
pa = klog_arg;
}
}
service = 0;
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5) {
tofree = get_afs_krb5_svc_princ(cellconfig);
snprintf(service_temp, sizeof service_temp, "%s", tofree);
} else
#endif
snprintf (service_temp, sizeof service_temp, "afs/%s", cellconfig->name);
klog_arg->pp = &pass;
klog_arg->pstore = passwd;
klog_arg->allocated = sizeof(passwd);
/* XXX should allow k5 to prompt in most cases -- what about expired pw?*/
#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
code = krb5_get_init_creds_opt_alloc(k5context, &gic_opts);
if (code) {
afs_com_err(rn, code, "Can't allocate get_init_creds options");
KLOGEXIT(code);
}
#else
krb5_get_init_creds_opt_init(gic_opts);
#endif
for (;;) {
code = krb5_get_init_creds_password(k5context,
incred,
princ,
pass,
pf, /* prompter */
pa, /* data */
0, /* start_time */
0, /* in_tkt_service */
gic_opts);
if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN)
break;
}
memset(passwd, 0, sizeof(passwd));
if (code) {
char *r = 0;
if (krb5_get_default_realm(k5context, &r))
r = 0;
if (r)
afs_com_err(rn, code, "Unable to authenticate in realm %s", r);
else
afs_com_err(rn, code, "Unable to authenticate to use cell %s",
cellconfig->name);
if (r) free(r);
KLOGEXIT(code);
}
for (;;writeTicketFile = 0) {
if (writeTicketFile) {
what = "getting default ccache";
code = krb5_cc_default(k5context, &cc);
} else {
what = "krb5_cc_resolve";
code = krb5_cc_resolve(k5context, "MEMORY:core", &cc);
if (code) goto Failed;
}
what = "initializing ccache";
code = krb5_cc_initialize(k5context, cc, princ);
if (code) goto Failed;
what = "writing Kerberos ticket file";
code = krb5_cc_store_cred(k5context, cc, incred);
if (code) goto Failed;
if (writeTicketFile)
fprintf(stderr,
"Wrote ticket file to %s\n",
krb5_cc_get_name(k5context, cc));
break;
Failed:
if (code)
afs_com_err(rn, code, "%s", what);
if (writeTicketFile) {
if (cc) {
krb5_cc_close(k5context, cc);
cc = 0;
}
continue;
}
KLOGEXIT(code);
}
for (service = service_temp;;service = "afs") {
memset(mcred, 0, sizeof *mcred);
mcred->client = princ;
code = krb5_parse_name(k5context, service, &mcred->server);
if (code) {
afs_com_err(rn, code, "Unable to parse service <%s>\n", service);
KLOGEXIT(code);
}
if (tofree) { free(tofree); tofree = 0; }
if (!(code = krb5_unparse_name(k5context, mcred->server, &outname)))
tofree = outname;
else outname = service;
code = krb5_get_credentials(k5context, 0, cc, mcred, &outcred);
krb5_free_principal(k5context, mcred->server);
if (code != KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || service != service_temp) break;
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5)
break;
#endif
}
afscred = outcred;
if (code) {
afs_com_err(rn, code, "Unable to get credentials to use %s", outname);
KLOGEXIT(code);
}
#ifdef AFS_RXK5
if (authtype & FORCE_RXK5) {
struct ktc_principal aserver[1];
int viceid = 555;
memset(aserver, 0, sizeof *aserver);
strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1);
code = ktc_SetK5Token(k5context, aserver, afscred, viceid, dosetpag);
if (code) {
afs_com_err(rn, code, "Unable to store tokens for cell %s\n",
cellconfig->name);
KLOGEXIT(1);
}
} else
#endif
{
struct ktc_principal aserver[1], aclient[1];
struct ktc_token atoken[1];
memset(atoken, 0, sizeof *atoken);
if (evil) {
size_t elen = enc_part->length;
atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY;
if (afs_krb5_skip_ticket_wrapper(afscred->ticket.data,
afscred->ticket.length, (char **) &enc_part->data,
&elen)) {
afs_com_err(rn, 0, "Can't unwrap %s AFS credential",
cellconfig->name);
KLOGEXIT(1);
}
} else {
atoken->kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
*enc_part = afscred->ticket;
}
atoken->startTime = afscred->times.starttime;
atoken->endTime = afscred->times.endtime;
if (tkt_DeriveDesKey(get_creds_enctype(afscred),
get_cred_keydata(afscred),
get_cred_keylen(afscred), &atoken->sessionKey)) {
afs_com_err(rn, 0,
"Cannot derive DES key from enctype %i of length %u",
get_creds_enctype(afscred),
(unsigned)get_cred_keylen(afscred));
KLOGEXIT(1);
}
memcpy(atoken->ticket, enc_part->data,
atoken->ticketLen = enc_part->length);
memset(aserver, 0, sizeof *aserver);
strncpy(aserver->name, "afs", 4);
strncpy(aserver->cell, cellconfig->name, MAXKTCREALMLEN-1);
memset(aclient, 0, sizeof *aclient);
i = realm_len(k5context, afscred->client);
if (i > MAXKTCREALMLEN-1) i = MAXKTCREALMLEN-1;
memcpy(aclient->cell, realm_data(k5context, afscred->client), i);
if (!noprdb) {
int viceid = 0;
k5_to_k4_name(k5context, afscred->client, aclient);
code = whoami(atoken, cellconfig, aclient, &viceid);
if (code) {
afs_com_err(rn, code, "Can't get your viceid for cell %s", cellconfig->name);
*aclient->name = 0;
} else
snprintf(aclient->name, MAXKTCNAMELEN-1, "AFS ID %d", viceid);
}
if (!*aclient->name)
k5_to_k4_name(k5context, afscred->client, aclient);
code = ktc_SetToken(aserver, atoken, aclient, dosetpag);
if (code) {
afs_com_err(rn, code, "Unable to store tokens for cell %s\n",
cellconfig->name);
KLOGEXIT(1);
}
}
krb5_free_principal(k5context, princ);
krb5_free_cred_contents(k5context, incred);
if (outcred) krb5_free_creds(k5context, outcred);
if (cc)
krb5_cc_close(k5context, cc);
if (tofree) free(tofree);
return 0;
}
int
main(int argc, char *argv[])
{
afs_int32 code;
char *whoami = argv[0];
afs_uint32 serverList[MAXSERVERS];
struct afsconf_cell cellinfo;
char *cell;
const char *cellservdb, *dbpath, *lclpath;
int a;
char arg[32];
char default_lclpath[AFSDIR_PATH_MAX];
int servers;
int initFlags;
int level; /* security level for Ubik */
afs_int32 i;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = ntohl(INADDR_ANY);
char *auditFileName = NULL;
struct rx_service *tservice;
struct rx_securityClass *sca[1];
struct rx_securityClass *scm[3];
extern int rx_stackSize;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
osi_audit_init();
if (argc == 0) {
usage:
printf("Usage: kaserver [-noAuth] [-database <dbpath>] "
"[-auditlog <log path>] [-audit-interface <file|sysvmq>] "
"[-rxbind] [-localfiles <lclpath>] [-minhours <n>] "
"[-servers <serverlist>] [-crossrealm] "
/*" [-enable_peer_stats] [-enable_process_stats] " */
"[-help]\n");
exit(1);
}
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
exit(1);
}
#endif
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
dbpath = AFSDIR_SERVER_KADB_FILEPATH;
strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
"/", AFSDIR_KADB_FILE, NULL);
lclpath = default_lclpath;
debugOutput = 0;
servers = 0;
initFlags = 0;
level = rxkad_crypt;
for (a = 1; a < argc; a++) {
int arglen = strlen(argv[a]);
lcstring(arg, argv[a], sizeof(arg));
#define IsArg(a) (strncmp (arg,a, arglen) == 0)
if (strcmp(arg, "-database") == 0) {
dbpath = argv[++a];
if (strcmp(lclpath, default_lclpath) == 0)
lclpath = dbpath;
}
else if (strncmp(arg, "-auditlog", arglen) == 0) {
auditFileName = argv[++a];
} else if (strncmp(arg, "-audit-interface", arglen) == 0) {
char *interface = argv[++a];
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
exit(1);
}
} else if (strcmp(arg, "-localfiles") == 0)
lclpath = argv[++a];
else if (strcmp(arg, "-servers") == 0)
debugOutput++, servers = 1;
else if (strcmp(arg, "-noauth") == 0)
debugOutput++, initFlags |= 1;
else if (strcmp(arg, "-fastkeys") == 0)
debugOutput++, initFlags |= 4;
else if (strcmp(arg, "-dbfixup") == 0)
debugOutput++, initFlags |= 8;
else if (strcmp(arg, "-cellservdb") == 0) {
cellservdb = argv[++a];
initFlags |= 2;
debugOutput++;
}
else if (IsArg("-crypt"))
level = rxkad_crypt;
else if (IsArg("-safe"))
level = rxkad_crypt;
else if (IsArg("-clear"))
level = rxkad_clear;
else if (IsArg("-sorry"))
level = rxkad_clear;
else if (IsArg("-debug"))
verbose_track = 0;
else if (IsArg("-crossrealm"))
krb4_cross = 1;
else if (IsArg("-rxbind"))
rxBind = 1;
else if (IsArg("-minhours")) {
MinHours = atoi(argv[++a]);
} else if (IsArg("-enable_peer_stats")) {
rx_enablePeerRPCStats();
} else if (IsArg("-enable_process_stats")) {
rx_enableProcessRPCStats();
} else if (*arg == '-') {
/* hack to support help flag */
goto usage;
}
}
if (auditFileName) {
osi_audit_file(auditFileName);
}
if ((code = ka_CellConfig(cellservdb)))
goto abort;
cell = ka_LocalCell();
KA_conf = afsconf_Open(cellservdb);
if (!KA_conf) {
code = KANOCELLS;
abort:
afs_com_err(whoami, code, "Failed getting cell info");
exit(1);
}
#ifdef AUTH_DBM_LOG
kalog_Init();
#else
/* NT & HPUX do not have dbm package support. So we can only do some
* text logging. So open the AuthLog file for logging and redirect
* stdin and stdout to it
*/
OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
SetupLogSignals();
#endif
fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security "
"properties. Migrating to a Kerberos 5 KDC is advised. "
"http://www.openafs.org/no-more-des.html\n", whoami);
ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. "
"Migrating to a Kerberos 5 KDC is advised. "
"http://www.openafs.org/no-more-des.html\n"));
code =
afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
&cellinfo, clones);
if (servers) {
if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) {
afs_com_err(whoami, code, "Couldn't parse server list");
exit(1);
}
cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
for (i = 1; i < MAXSERVERS; i++) {
if (!serverList[i])
break;
cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
}
cellinfo.numServers = i;
} else {
code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
if (code)
goto abort;
ViceLog(0, ("Using server list from %s cell database.\n", cell));
}
/* initialize audit user check */
osi_audit_set_user_check(KA_conf, KA_IsLocalRealmMatch);
/* initialize ubik */
if (level == rxkad_clear)
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
KA_conf);
else if (level == rxkad_crypt)
ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure,
afsconf_UpToDate, KA_conf);
else {
ViceLog(0, ("Unsupported security level %d\n", level));
exit(5);
}
ViceLog(0,
("Using level %s for Ubik connections.\n",
(level == rxkad_crypt ? "crypt" : "clear")));
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth,
KA_conf);
ubik_nBuffers = 80;
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = parseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_KAUTHPORT));
}
}
/* Disable jumbograms */
rx_SetNoJumbo();
if (servers)
code =
ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
dbpath, &KA_dbase);
else
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
clones, dbpath, &KA_dbase);
if (code) {
afs_com_err(whoami, code, "Ubik init failed");
exit(2);
}
sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
tservice =
rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
"AuthenticationService", sca, 1, KAA_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Authentication rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
tservice =
rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
sca, 1, KAT_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Ticket Granting rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL];
scm[RX_SCINDEX_VAB] = 0;
scm[RX_SCINDEX_KAD] =
rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
tservice =
rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
KAM_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Maintenance rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
rx_SetStackSize(tservice, 10000);
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create rpc stats rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
initialize_dstats();
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(KA_rxstat_userok);
rx_StartServer(0); /* start handling req. of all types */
if (init_kaprocs(lclpath, initFlags))
return -1;
if ((code = init_krb_udp())) {
ViceLog(0,
("Failed to initialize UDP interface; code = %d.\n", code));
ViceLog(0, ("Running without UDP access.\n"));
}
ViceLog(0, ("Starting to process AuthServer requests\n"));
rx_ServerProc(NULL); /* donate this LWP */
return 0;
}
/*
* cfg_ClientQueryStatus() -- Query status of static client configuration
* on host, i.e., status of required configuration files, etc.
* Upon successful completion *configStP is set to the client
* configuration status, with a value of zero (0) indicating that
* the configuration is valid.
*
* If client configuration is not valid then *cellNameP is set to NULL;
* otherwise, *cellNameP is an allocated buffer containing client cell.
*
* If client software (cache-manager) is not installed then *versionP is
* undefined; otherwise *versionP is 34 for 3.4, 35 for 3.5, etc.
*
* Note: Client configuration is checked even if the client software
* is not installed. This is useful for tools that require
* client configuration information but NOT the actual
* client (cache-manager); for example, the AFS Server Manager.
*/
int ADMINAPI
cfg_ClientQueryStatus(const char *hostName, /* name of host */
short *isInstalledP, /* client software installed */
unsigned *versionP, /* client software version */
afs_status_p configStP, /* client config status */
char **cellNameP, /* client's cell */
afs_status_p st)
{ /* completion status */
int rc = 1;
afs_status_t tst2, tst = 0;
afs_status_t clientSt = 0;
char *clientCellName = NULL;
short cmInstalled = 0;
unsigned cmVersion = 0;
/* validate parameters */
if (hostName == NULL || *hostName == '\0') {
tst = ADMCFGHOSTNAMENULL;
} else if (strlen(hostName) > (MAXHOSTCHARS - 1)) {
tst = ADMCFGHOSTNAMETOOLONG;
} else if (isInstalledP == NULL) {
tst = ADMCFGINSTALLEDFLAGPNULL;
} else if (versionP == NULL) {
tst = ADMCFGVERSIONPNULL;
} else if (configStP == NULL) {
tst = ADMCFGCONFIGSTATUSPNULL;
} else if (cellNameP == NULL) {
tst = ADMCFGCELLNAMEPNULL;
}
/* remote configuration not yet supported; hostName must be local host */
if (tst == 0) {
short isLocal;
if (!cfgutil_HostNameIsLocal(hostName, &isLocal, &tst2)) {
tst = tst2;
} else if (!isLocal) {
tst = ADMCFGNOTSUPPORTED;
}
}
/* determine if client software (CM) is installed and if so what version */
#ifdef AFS_NT40_ENV
/* Windows - cache manager is a service */
if (tst == 0) {
DWORD svcState;
if (!cfgutil_WindowsServiceQuery
(AFSREG_CLT_SVC_NAME, &svcState, &tst2)) {
/* CM not installed, or insufficient privilege to check */
if (tst2 == ADMNOPRIV) {
tst = tst2;
} else {
cmInstalled = 0;
}
} else {
/* CM installed, get version */
unsigned major, minor, patch;
cmInstalled = 1;
if (afssw_GetClientVersion(&major, &minor, &patch)) {
/* failed to retrieve version information */
if (errno == EACCES) {
tst = ADMNOPRIV;
} else {
tst = ADMCFGCLIENTVERSIONNOTREAD;
}
} else {
cmVersion = (major * 10) + minor;
}
}
}
#else
if (tst == 0) {
/* function not yet implemented for Unix */
tst = ADMCFGNOTSUPPORTED;
}
#endif /* AFS_NT40_ENV */
/* check static client configuration; not necessary that client
* software (CM) be installed for this information to be valid and useable.
*/
if (tst == 0) {
struct afsconf_dir *confdir;
if ((confdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH)) == NULL) {
/* the client configuration appears to be missing/invalid */
clientSt = ADMCFGCLIENTBASICINFOINVALID;
} else {
struct afsconf_entry *cellentry;
if (confdir->cellName == NULL || *confdir->cellName == '\0') {
/* no cell set for client */
clientSt = ADMCFGCLIENTNOTINCELL;
} else {
for (cellentry = confdir->entries; cellentry != NULL;
cellentry = cellentry->next) {
if (!strcasecmp
(confdir->cellName, cellentry->cellInfo.name)) {
break;
}
}
if (cellentry == NULL) {
clientSt = ADMCFGCLIENTCELLNOTINDB;
} else if (cellentry->cellInfo.numServers <= 0) {
clientSt = ADMCFGCLIENTCELLHASNODBENTRIES;
}
}
if (tst == 0 && clientSt == 0) {
/* everything looks good; malloc cell name buffer to return */
clientCellName = strdup(cellentry->cellInfo.name);
if (clientCellName == NULL)
tst = ADMNOMEM;
}
(void)afsconf_Close(confdir);
}
}
/* return result of query */
if (tst == 0) {
/* return client status and cell name */
*isInstalledP = cmInstalled;
*versionP = cmVersion;
*configStP = clientSt;
if (clientSt == 0) {
*cellNameP = clientCellName;
} else {
*cellNameP = NULL;
}
} else {
/* indicate failure */
rc = 0;
/* free cell name if allocated before failure */
if (clientCellName != NULL) {
free(clientCellName);
}
}
if (st != NULL) {
*st = tst;
}
return rc;
}
static afs_int32
InitThisModule(int a_noAuthFlag, char *a_confDir, char *a_cellName)
{ /*InitThisModule */
#ifdef USS_VOL_DB
static char rn[] = "uss_vol:InitThisModule";
#endif
afs_int32 code; /*Return code */
struct afsconf_dir *tdir; /*Ptr to conf dir info */
struct afsconf_cell info; /*Info about chosen cell */
afs_int32 scIndex; /*Chosen security index */
afs_int32 secFlags;
struct rx_securityClass *sc; /*Generated security object */
afs_int32 i; /*Loop index */
/*
* Only once, guys, will 'ya?
*/
if (initDone) {
#ifdef USS_VOL_DB
printf("[%s] Called multiple times!\n", rn);
#endif /* USS_VOL_DB */
return (0);
}
/*
* Set up our Rx environment.
*/
#ifdef USS_VOL_DB
printf("[%s] Initializing Rx environment\n", rn);
#endif /* USS_VOL_DB */
code = rx_Init(0);
if (code) {
fprintf(stderr, "%s: Couldn't initialize Rx.\n", uss_whoami);
return (code);
}
rx_SetRxDeadTime(50);
/*
* Find out all about our configuration.
*/
#ifdef USS_VOL_DB
printf("[%s] Handling configuration info\n", rn);
#endif /* USS_VOL_DB */
tdir = afsconf_Open(a_confDir);
if (!tdir) {
fprintf(stderr, "%s: Couldn't open configuration directory (%s).\n",
uss_whoami, a_confDir);
return (-1);
}
code = afsconf_GetCellInfo(tdir, a_cellName, AFSCONF_VLDBSERVICE, &info);
if (code) {
printf("%s: Can't find VLDB server(s) for cell %s\n", uss_whoami,
a_cellName);
exit(1);
}
#ifdef USS_VOL_DB
printf("[%s] Getting tickets if needed\n", rn);
#endif /* USS_VOL_DB */
secFlags = AFSCONF_SECOPTS_FALLBACK_NULL;
if (a_noAuthFlag)
secFlags |= AFSCONF_SECOPTS_NOAUTH;
code = afsconf_PickClientSecObj(tdir, secFlags, &info, a_cellName,
&sc, &scIndex, NULL);
if (code) {
printf("%s: Can't create client security object\n", uss_whoami);
exit(1);
}
if (scIndex == RX_SECIDX_NULL && !a_noAuthFlag) {
fprintf(stderr,
"%s: Couldn't get AFS tokens, running unauthenticated.\n",
uss_whoami);
}
/*
* Tell UV module about default authentication.
*/
#ifdef USS_VOL_DB
printf("[%s] Setting UV security: obj 0x%x, index %d\n", rn, sc, scIndex);
#endif /* USS_VOL_DB */
UV_SetSecurity(sc, scIndex);
if (info.numServers > VLDB_MAXSERVERS) {
fprintf(stderr, "%s: info.numServers=%d (> VLDB_MAXSERVERS=%d)\n",
uss_whoami, info.numServers, VLDB_MAXSERVERS);
exit(1);
}
/*
* Connect to each VLDB server for the chosen cell.
*/
for (i = 0; i < info.numServers; i++) {
#ifdef USS_VOL_DB
printf
("[%s] Connecting to VLDB server 0x%x, port %d, service id %d\n",
rn, info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port,
USER_SERVICE_ID);
#endif /* USS_VOL_DB */
serverconns[i] =
rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
info.hostAddr[i].sin_port, USER_SERVICE_ID, sc,
scIndex);
}
/*
* Set up to execute Ubik transactions on the VLDB.
*/
#ifdef USS_VOL_DB
printf("[%s] Initializing Ubik interface\n", rn);
#endif /* USS_VOL_DB */
code = ubik_ClientInit(serverconns, &uconn_vldbP);
if (code) {
fprintf(stderr, "%s: Ubik client init failed.\n", uss_whoami);
return (code);
}
#ifdef USS_VOL_DB
printf("[%s] VLDB ubik connection structure at 0x%x\n", rn, uconn_vldbP);
#endif /* USS_VOL_DB */
/*
* Place the ubik VLDB connection structure in its advertised
* location.
*/
cstruct = uconn_vldbP;
/*
* Success!
*/
initDone = 1;
return (0);
} /*InitThisModule */
int
main(int argc, char **argv)
{
afs_int32 code;
afs_uint32 myHost;
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
struct afsconf_dir *tdir;
struct ktc_encryptionKey tkey;
struct afsconf_cell info;
struct hostent *th;
char hostname[VL_MAXNAMELEN];
int noAuth = 0;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = ntohl(INADDR_ANY);
struct cmd_syndesc *opts;
char *vl_dbaseName;
char *configDir;
char *logFile;
char *auditFileName = NULL;
char *interface = NULL;
char *optstring = NULL;
#ifdef AFS_AIX32_ENV
/*
* The following signal action for AIX is necessary so that in case of a
* crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
struct sigaction nsa;
rx_extraPackets = 100; /* should be a switch, I guess... */
sigemptyset(&nsa.sa_mask);
nsa.sa_handler = SIG_DFL;
nsa.sa_flags = SA_FULLDUMP;
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
osi_audit_init();
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
#endif
fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
argv[0]);
exit(2);
}
vl_dbaseName = strdup(AFSDIR_SERVER_VLDB_FILEPATH);
configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH);
logFile = strdup(AFSDIR_SERVER_VLOG_FILEPATH);
cmd_DisableAbbreviations();
cmd_DisablePositionalCommands();
opts = cmd_CreateSyntax(NULL, NULL, NULL, NULL);
/* vlserver specific options */
cmd_AddParmAtOffset(opts, OPT_noauth, "-noauth", CMD_FLAG,
CMD_OPTIONAL, "disable authentication");
cmd_AddParmAtOffset(opts, OPT_smallmem, "-smallmem", CMD_FLAG,
CMD_OPTIONAL, "optimise for small memory systems");
/* general server options */
cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE,
CMD_OPTIONAL, "location of audit log");
cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE,
CMD_OPTIONAL, "interface to use for audit logging");
cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE,
CMD_OPTIONAL, "configuration location");
cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE,
CMD_OPTIONAL, "debug level");
cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE,
CMD_OPTIONAL, "database file");
cmd_AddParmAlias(opts, OPT_database, "-db");
cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE,
CMD_OPTIONAL, "location of logfile");
cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE, CMD_OPTIONAL,
"number of threads");
#if !defined(AFS_NT40_ENV)
cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG,
CMD_OPTIONAL, "log to syslog");
#endif
/* rx options */
cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX transport statistics");
cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX RPC statistics");
cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG,
CMD_OPTIONAL, "disable jumbograms");
cmd_AddParmAtOffset(opts, OPT_jumbo, "-jumbo", CMD_FLAG,
CMD_OPTIONAL, "enable jumbograms");
cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG,
CMD_OPTIONAL, "bind only to the primary interface");
cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE,
CMD_OPTIONAL, "maximum MTU for RX");
cmd_AddParmAtOffset(opts, OPT_trace, "-trace", CMD_SINGLE,
CMD_OPTIONAL, "rx trace file");
/* rxkad options */
cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals",
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
code = cmd_Parse(argc, argv, &opts);
if (code)
return -1;
cmd_OptionAsString(opts, OPT_config, &configDir);
cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH);
cmd_SetCommandName("vlserver");
/* vlserver options */
cmd_OptionAsFlag(opts, OPT_noauth, &noAuth);
cmd_OptionAsFlag(opts, OPT_smallmem, &smallMem);
if (cmd_OptionAsString(opts, OPT_trace, &optstring) == 0) {
extern char rxi_tracename[80];
strcpy(rxi_tracename, optstring);
free(optstring);
optstring = NULL;
}
/* general server options */
cmd_OptionAsString(opts, OPT_auditlog, &auditFileName);
if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) {
if (osi_audit_interface(interface)) {
printf("Invalid audit interface '%s'\n", interface);
return -1;
}
free(interface);
}
cmd_OptionAsInt(opts, OPT_debug, &LogLevel);
cmd_OptionAsString(opts, OPT_database, &vl_dbaseName);
cmd_OptionAsString(opts, OPT_logfile, &logFile);
if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) {
if (lwps > MAXLWP) {
printf("Warning: '-p %d' is too big; using %d instead\n",
lwps, MAXLWP);
lwps = MAXLWP;
}
}
#ifndef AFS_NT40_ENV
if (cmd_OptionPresent(opts, OPT_syslog)) {
serverLogSyslog = 1;
cmd_OptionAsInt(opts, OPT_syslog, &serverLogSyslogFacility);
}
#endif
/* rx options */
if (cmd_OptionPresent(opts, OPT_peer))
rx_enablePeerRPCStats();
if (cmd_OptionPresent(opts, OPT_process))
rx_enableProcessRPCStats();
if (cmd_OptionPresent(opts, OPT_nojumbo))
rxJumbograms = 0;
if (cmd_OptionPresent(opts, OPT_jumbo))
rxJumbograms = 1;
cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind);
cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU);
/* rxkad options */
cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
if (auditFileName) {
osi_audit_file(auditFileName);
}
#ifndef AFS_NT40_ENV
serverLogSyslogTag = "vlserver";
#endif
OpenLog(logFile); /* set up logging */
SetupLogSignals();
tdir = afsconf_Open(configDir);
if (!tdir) {
VLog(0,
("vlserver: can't open configuration files in dir %s, giving up.\n",
configDir));
exit(1);
}
/* initialize audit user check */
osi_audit_set_user_check(tdir, vldb_IsLocalRealmMatch);
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
VLog(0, ("vlserver: couldn't initialize winsock. \n"));
exit(1);
}
#endif
/* get this host */
gethostname(hostname, sizeof(hostname));
th = gethostbyname(hostname);
if (!th) {
VLog(0, ("vlserver: couldn't get address of this host (%s).\n",
hostname));
exit(1);
}
memcpy(&myHost, th->h_addr, sizeof(afs_uint32));
#if !defined(AFS_HPUX_ENV) && !defined(AFS_NT40_ENV)
signal(SIGXCPU, CheckSignal_Signal);
#endif
/* get list of servers */
code =
afsconf_GetExtendedCellInfo(tdir, NULL, AFSCONF_VLDBSERVICE, &info,
clones);
if (code) {
printf("vlserver: Couldn't get cell server list for 'afsvldb'.\n");
exit(2);
}
vldb_confdir = tdir; /* Preserve our configuration dir */
/* rxvab no longer supported */
memset(&tkey, 0, sizeof(tkey));
if (noAuth)
afsconf_SetNoAuthFlag(tdir, 1);
if (rxBind) {
afs_int32 ccode;
#ifndef AFS_NT40_ENV
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
#endif
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
if (ccode == 1) {
host = SHostAddrs[0];
rx_InitHost(host, htons(AFSCONF_VLDBPORT));
}
}
if (!rxJumbograms) {
rx_SetNoJumbo();
}
if (rxMaxMTU != -1) {
if (rx_SetMaxMTU(rxMaxMTU) != 0) {
VLog(0, ("rxMaxMTU %d invalid\n", rxMaxMTU));
return -1;
}
}
ubik_nBuffers = 512;
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, tdir);
ubik_SyncWriterCacheProc = vlsynccache;
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_VLDBPORT), &info, clones,
vl_dbaseName, &VL_dbase);
if (code) {
VLog(0, ("vlserver: Ubik init failed: %s\n", afs_error_message(code)));
exit(2);
}
rx_SetRxDeadTime(50);
memset(rd_HostAddress, 0, sizeof(rd_HostAddress));
memset(wr_HostAddress, 0, sizeof(wr_HostAddress));
initialize_dstats();
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
tservice =
rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server",
securityClasses, numClasses,
VL_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
VLog(0, ("vlserver: Could not create VLDB_SERVICE rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
if (lwps < 4)
lwps = 4;
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
(void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
}
tservice =
rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
securityClasses, numClasses,
RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
VLog(0, ("vlserver: Could not create rpc stats rx service\n"));
exit(3);
}
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
VLog(0, ("%s\n", cml_version_number));
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(vldb_rxstat_userok);
rx_StartServer(1); /* Why waste this idle process?? */
return 0; /* not reachable */
}
