bool
svcauth_gss_import_name(char *service)
{
gss_name_t name;
gss_buffer_desc namebuf;
OM_uint32 maj_stat, min_stat;
namebuf.value = service;
namebuf.length = strlen(service);
maj_stat =
gss_import_name(&min_stat, &namebuf,
(gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &name);
if (maj_stat != GSS_S_COMPLETE)
return (false);
if (svcauth_gss_set_svc_name(name) != true) {
gss_release_name(&min_stat, &name);
return (false);
}
/* discard duplicate name */
gss_release_name(&min_stat, &name);
return (true);
}
static bool_t
svcauth_gss_import_name(char *service)
{
gss_name_t name;
gss_buffer_desc namebuf;
OM_uint32 maj_stat, min_stat;
log_debug("in svcauth_gss_import_name()");
namebuf.value = service;
namebuf.length = strlen(service);
maj_stat = gss_import_name(&min_stat, &namebuf,
(gss_OID)GSS_C_NT_HOSTBASED_SERVICE, &name);
if (maj_stat != GSS_S_COMPLETE) {
log_status("gss_import_name", maj_stat, min_stat);
return (FALSE);
}
if (svcauth_gss_set_svc_name(name) != TRUE) {
gss_release_name(&min_stat, &name);
return (FALSE);
}
return (TRUE);
}
static void nfs_Init(const nfs_start_info_t *p_start_info)
{
cache_inode_status_t cache_status;
state_status_t state_status;
int rc = 0;
#ifdef _HAVE_GSSAPI
gss_buffer_desc gss_service_buf;
OM_uint32 maj_stat, min_stat;
char GssError[MAXNAMLEN + 1];
#endif
#ifdef USE_DBUS
/* DBUS init */
gsh_dbus_pkginit();
#ifdef USE_DBUS_STATS
dbus_export_init();
dbus_client_init();
#endif
#endif
/* Cache Inode Initialisation */
cache_status = cache_inode_init();
if (cache_status != CACHE_INODE_SUCCESS) {
LogFatal(COMPONENT_INIT,
"Cache Inode Layer could not be initialized, status=%s",
cache_inode_err_str(cache_status));
}
state_status = state_lock_init(nfs_param.cache_param.cookie_param);
if (state_status != STATE_SUCCESS) {
LogFatal(COMPONENT_INIT,
"State Lock Layer could not be initialized, status=%s",
state_err_str(state_status));
}
LogInfo(COMPONENT_INIT, "Cache Inode library successfully initialized");
/* Cache Inode LRU (call this here, rather than as part of
cache_inode_init() so the GC policy has been set */
rc = cache_inode_lru_pkginit();
if (rc != 0) {
LogFatal(COMPONENT_INIT,
"Unable to initialize LRU subsystem: %d.", rc);
}
/* finish the job with exports by caching the root entries
*/
exports_pkginit();
nfs41_session_pool =
pool_init("NFSv4.1 session pool", sizeof(nfs41_session_t),
pool_basic_substrate, NULL, NULL, NULL);
request_pool =
pool_init("Request pool", sizeof(request_data_t),
pool_basic_substrate, NULL,
NULL /* FASTER constructor_request_data_t */ ,
NULL);
if (!request_pool) {
LogCrit(COMPONENT_INIT, "Error while allocating request pool");
LogError(COMPONENT_INIT, ERR_SYS, ERR_MALLOC, errno);
Fatal();
}
request_data_pool =
pool_init("Request Data Pool", sizeof(nfs_request_data_t),
pool_basic_substrate, NULL,
NULL /* FASTER constructor_nfs_request_data_t */ ,
NULL);
if (!request_data_pool) {
LogCrit(COMPONENT_INIT,
"Error while allocating request data pool");
LogError(COMPONENT_INIT, ERR_SYS, ERR_MALLOC, errno);
Fatal();
}
dupreq_pool =
pool_init("Duplicate Request Pool", sizeof(dupreq_entry_t),
pool_basic_substrate, NULL, NULL, NULL);
if (!(dupreq_pool)) {
LogCrit(COMPONENT_INIT,
"Error while allocating duplicate request pool");
LogError(COMPONENT_INIT, ERR_SYS, ERR_MALLOC, errno);
Fatal();
}
#ifdef _USE_ASYNC_CACHE_INODE
/* Start the TAD and synclets for writeback cache inode */
cache_inode_async_init(nfs_param.cache_layers_param.
cache_inode_client_param);
#endif
/* If rpcsec_gss is used, set the path to the keytab */
#ifdef _HAVE_GSSAPI
#ifdef HAVE_KRB5
if (nfs_param.krb5_param.active_krb5) {
OM_uint32 gss_status = GSS_S_COMPLETE;
if (nfs_param.krb5_param.keytab[0] != '\0')
gss_status =
krb5_gss_register_acceptor_identity(nfs_param.
krb5_param.
keytab);
if (gss_status != GSS_S_COMPLETE) {
log_sperror_gss(GssError, gss_status, 0);
LogFatal(COMPONENT_INIT,
"Error setting krb5 keytab to value %s is %s",
nfs_param.krb5_param.keytab, GssError);
}
LogInfo(COMPONENT_INIT,
"krb5 keytab path successfully set to %s",
nfs_param.krb5_param.keytab);
#endif /* HAVE_KRB5 */
/* Set up principal to be use for GSSAPPI within GSSRPC/KRB5 */
gss_service_buf.value = nfs_param.krb5_param.svc.principal;
gss_service_buf.length =
strlen(nfs_param.krb5_param.svc.principal) + 1;
/* The '+1' is not to be forgotten, for the '\0' at the end */
maj_stat = gss_import_name(&min_stat, &gss_service_buf,
(gss_OID) GSS_C_NT_HOSTBASED_SERVICE,
&nfs_param.krb5_param.svc.gss_name);
if (maj_stat != GSS_S_COMPLETE) {
log_sperror_gss(GssError, maj_stat, min_stat);
LogFatal(COMPONENT_INIT,
"Error importing gss principal %s is %s",
nfs_param.krb5_param.svc.principal, GssError);
}
if (nfs_param.krb5_param.svc.gss_name == GSS_C_NO_NAME)
LogInfo(COMPONENT_INIT,
"Regression: svc.gss_name == GSS_C_NO_NAME");
LogInfo(COMPONENT_INIT, "gss principal \"%s\" successfully set",
nfs_param.krb5_param.svc.principal);
/* Set the principal to GSSRPC */
if (!svcauth_gss_set_svc_name
(nfs_param.krb5_param.svc.gss_name)) {
LogFatal(COMPONENT_INIT,
"Impossible to set gss principal to GSSRPC");
}
/* Don't release name until shutdown, it will be used by the
* backchannel. */
#ifdef HAVE_KRB5
} /* if( nfs_param.krb5_param.active_krb5 ) */
#endif /* HAVE_KRB5 */
#endif /* _HAVE_GSSAPI */
/* RPC Initialisation - exits on failure */
nfs_Init_svc();
LogInfo(COMPONENT_INIT, "RPC ressources successfully initialized");
/* Admin initialisation */
nfs_Init_admin_thread();
LogEvent(COMPONENT_INIT, "Initializing ID Mapper.");
if (!idmapper_init())
LogFatal(COMPONENT_INIT, "Failed initializing ID Mapper.");
else
LogEvent(COMPONENT_INIT, "ID Mapper successfully initialized.");
/* Init the NFSv4 Clientid cache */
LogDebug(COMPONENT_INIT, "Now building NFSv4 clientid cache");
if (nfs_Init_client_id(&nfs_param.client_id_param) !=
CLIENT_ID_SUCCESS) {
LogFatal(COMPONENT_INIT,
"Error while initializing NFSv4 clientid cache");
}
LogInfo(COMPONENT_INIT,
"NFSv4 clientid cache successfully initialized");
/* Init duplicate request cache */
dupreq2_pkginit();
LogInfo(COMPONENT_INIT,
"duplicate request hash table cache successfully initialized");
/* Init the IP/name cache */
LogDebug(COMPONENT_INIT, "Now building IP/name cache");
if (nfs_Init_ip_name(nfs_param.ip_name_param) != IP_NAME_SUCCESS) {
LogFatal(COMPONENT_INIT,
"Error while initializing IP/name cache");
}
LogInfo(COMPONENT_INIT, "IP/name cache successfully initialized");
/* Init The NFSv4 State id cache */
LogDebug(COMPONENT_INIT, "Now building NFSv4 State Id cache");
if (nfs4_Init_state_id(&nfs_param.state_id_param) != 0) {
LogFatal(COMPONENT_INIT,
"Error while initializing NFSv4 State Id cache");
}
LogInfo(COMPONENT_INIT,
"NFSv4 State Id cache successfully initialized");
/* Init The NFSv4 Open Owner cache */
LogDebug(COMPONENT_INIT, "Now building NFSv4 Owner cache");
if (Init_nfs4_owner(&nfs_param.nfs4_owner_param) != 0) {
LogFatal(COMPONENT_INIT,
"Error while initializing NFSv4 Owner cache");
}
LogInfo(COMPONENT_INIT,
"NFSv4 Open Owner cache successfully initialized");
if (nfs_param.core_param.enable_NLM) {
/* Init The NLM Owner cache */
LogDebug(COMPONENT_INIT, "Now building NLM Owner cache");
if (Init_nlm_hash() != 0) {
LogFatal(COMPONENT_INIT,
"Error while initializing NLM Owner cache");
}
LogInfo(COMPONENT_INIT,
"NLM Owner cache successfully initialized");
nlm_init();
}
#ifdef _USE_9P
/* Init the 9P lock owner cache */
LogDebug(COMPONENT_INIT, "Now building 9P Owner cache");
if (Init_9p_hash() != 0) {
LogFatal(COMPONENT_INIT,
"Error while initializing 9P Owner cache");
}
LogInfo(COMPONENT_INIT, "9P Owner cache successfully initialized");
#endif
LogDebug(COMPONENT_INIT, "Now building NFSv4 Session Id cache");
if (nfs41_Init_session_id(&nfs_param.session_id_param) != 0) {
LogFatal(COMPONENT_INIT,
"Error while initializing NFSv4 Session Id cache");
}
LogInfo(COMPONENT_INIT,
"NFSv4 Session Id cache successfully initialized");
LogDebug(COMPONENT_INIT, "Now building NFSv4 ACL cache");
if (nfs4_acls_init() != 0) {
LogCrit(COMPONENT_INIT, "Error while initializing NFSv4 ACLs");
exit(1);
}
LogInfo(COMPONENT_INIT, "NFSv4 ACL cache successfully initialized");
#ifdef _USE_9P
LogDebug(COMPONENT_INIT, "Now building 9P resources");
if (_9p_init(&nfs_param._9p_param)) {
LogCrit(COMPONENT_INIT,
"Error while initializing 9P Resources");
exit(1);
}
LogInfo(COMPONENT_INIT, "9P resources successfully initialized");
#endif /* _USE_9P */
/* Creates the pseudo fs */
LogDebug(COMPONENT_INIT, "Now building pseudo fs");
rc = nfs4_ExportToPseudoFS();
if (rc != 0)
LogFatal(COMPONENT_INIT,
"Error %d while initializing NFSv4 pseudo file system",
rc);
LogInfo(COMPONENT_INIT,
"NFSv4 pseudo file system successfully initialized");
/* Save Ganesha thread credentials with Frank's routine for later use */
fsal_save_ganesha_credentials();
/* Create stable storage directory, this needs to be done before
* starting the recovery thread.
*/
nfs4_create_recov_dir();
/* initialize grace and read in the client IDs */
nfs4_init_grace();
nfs4_load_recov_clids(NULL);
/* Start grace period */
nfs4_start_grace(NULL);
/* callback dispatch */
nfs_rpc_cb_pkginit();
#ifdef _USE_CB_SIMULATOR
nfs_rpc_cbsim_pkginit();
#endif /* _USE_CB_SIMULATOR */
} /* nfs_Init */
int
main(int argc, char *argv[])
{
OM_uint32 minor_status;
gss_buffer_desc in_buf;
gss_OID nt_krb5_name_oid = (gss_OID)GSS_KRB5_NT_PRINCIPAL_NAME;
auth_gssapi_name names[4];
kadm5_config_params params;
verto_ctx *vctx;
const char *pid_file = NULL;
char **db_args = NULL, **tmpargs;
int ret, i, db_args_size = 0, strong_random = 1, proponly = 0;
setlocale(LC_ALL, "");
setvbuf(stderr, NULL, _IONBF, 0);
names[0].name = names[1].name = names[2].name = names[3].name = NULL;
names[0].type = names[1].type = names[2].type = names[3].type =
nt_krb5_name_oid;
progname = (strrchr(argv[0], '/') != NULL) ? strrchr(argv[0], '/') + 1 :
argv[0];
memset(¶ms, 0, sizeof(params));
argc--, argv++;
while (argc) {
if (strcmp(*argv, "-x") == 0) {
argc--, argv++;
if (!argc)
usage();
db_args_size++;
tmpargs = realloc(db_args, sizeof(char *) * (db_args_size + 1));
if (tmpargs == NULL) {
fprintf(stderr, _("%s: cannot initialize. Not enough "
"memory\n"), progname);
exit(1);
}
db_args = tmpargs;
db_args[db_args_size - 1] = *argv;
db_args[db_args_size] = NULL;
} else if (strcmp(*argv, "-r") == 0) {
argc--, argv++;
if (!argc)
usage();
params.realm = *argv;
params.mask |= KADM5_CONFIG_REALM;
argc--, argv++;
continue;
} else if (strcmp(*argv, "-m") == 0) {
params.mkey_from_kbd = 1;
params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
} else if (strcmp(*argv, "-nofork") == 0) {
nofork = 1;
#ifdef USE_PASSWORD_SERVER
} else if (strcmp(*argv, "-passwordserver") == 0) {
kadm5_set_use_password_server();
#endif
#ifndef DISABLE_IPROP
} else if (strcmp(*argv, "-proponly") == 0) {
proponly = 1;
#endif
} else if (strcmp(*argv, "-port") == 0) {
argc--, argv++;
if (!argc)
usage();
params.kadmind_port = atoi(*argv);
params.mask |= KADM5_CONFIG_KADMIND_PORT;
} else if (strcmp(*argv, "-P") == 0) {
argc--, argv++;
if (!argc)
usage();
pid_file = *argv;
} else if (strcmp(*argv, "-W") == 0) {
strong_random = 0;
} else if (strcmp(*argv, "-p") == 0) {
argc--, argv++;
if (!argc)
usage();
kdb5_util = *argv;
} else if (strcmp(*argv, "-F") == 0) {
argc--, argv++;
if (!argc)
usage();
dump_file = *argv;
} else if (strcmp(*argv, "-K") == 0) {
argc--, argv++;
if (!argc)
usage();
kprop = *argv;
} else if (strcmp(*argv, "-k") == 0) {
argc--, argv++;
if (!argc)
usage();
kprop_port = *argv;
} else {
break;
}
argc--, argv++;
}
if (argc != 0)
usage();
ret = kadm5_init_krb5_context(&context);
if (ret) {
fprintf(stderr, _("%s: %s while initializing context, aborting\n"),
progname, error_message(ret));
exit(1);
}
krb5_klog_init(context, "admin_server", progname, 1);
ret = kadm5_init(context, "kadmind", NULL, NULL, ¶ms,
KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, db_args,
&global_server_handle);
if (ret)
fail_to_start(ret, _("initializing"));
ret = kadm5_get_config_params(context, 1, ¶ms, ¶ms);
if (ret)
fail_to_start(ret, _("getting config parameters"));
if (!(params.mask & KADM5_CONFIG_REALM))
fail_to_start(0, _("Missing required realm configuration"));
if (!(params.mask & KADM5_CONFIG_ACL_FILE))
fail_to_start(0, _("Missing required ACL file configuration"));
ret = setup_loop(proponly, &vctx);
if (ret)
fail_to_start(ret, _("initializing network"));
names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
if (names[0].name == NULL || names[1].name == NULL)
fail_to_start(0, _("Cannot build GSSAPI auth names"));
ret = setup_kdb_keytab();
if (ret)
fail_to_start(0, _("Cannot set up KDB keytab"));
if (svcauth_gssapi_set_names(names, 2) == FALSE)
fail_to_start(0, _("Cannot set GSSAPI authentication names"));
/* if set_names succeeded, this will too */
in_buf.value = names[1].name;
in_buf.length = strlen(names[1].name) + 1;
(void)gss_import_name(&minor_status, &in_buf, nt_krb5_name_oid,
&gss_changepw_name);
svcauth_gssapi_set_log_badauth2_func(log_badauth, NULL);
svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL);
svcauth_gss_set_log_badauth2_func(log_badauth, NULL);
svcauth_gss_set_log_badverf_func(log_badverf, NULL);
svcauth_gss_set_log_miscerr_func(log_miscerr, NULL);
if (svcauth_gss_set_svc_name(GSS_C_NO_NAME) != TRUE)
fail_to_start(0, _("Cannot initialize GSSAPI service name"));
ret = acl_init(context, params.acl_file);
if (ret)
fail_to_start(ret, _("initializing ACL file"));
if (!nofork && daemon(0, 0) != 0)
fail_to_start(errno, _("spawning daemon process"));
if (pid_file != NULL) {
ret = write_pid_file(pid_file);
if (ret)
fail_to_start(ret, _("creating PID file"));
}
krb5_klog_syslog(LOG_INFO, _("Seeding random number generator"));
ret = krb5_c_random_os_entropy(context, strong_random, NULL);
if (ret)
fail_to_start(ret, _("getting random seed"));
if (params.iprop_enabled == TRUE) {
ulog_set_role(context, IPROP_MASTER);
ret = ulog_map(context, params.iprop_logfile, params.iprop_ulogsize);
if (ret)
fail_to_start(ret, _("mapping update log"));
if (nofork) {
fprintf(stderr,
_("%s: create IPROP svc (PROG=%d, VERS=%d)\n"),
progname, KRB5_IPROP_PROG, KRB5_IPROP_VERS);
}
}
if (kprop_port == NULL)
kprop_port = getenv("KPROP_PORT");
krb5_klog_syslog(LOG_INFO, _("starting"));
if (nofork)
fprintf(stderr, _("%s: starting...\n"), progname);
verto_run(vctx);
krb5_klog_syslog(LOG_INFO, _("finished, exiting"));
/* Clean up memory, etc */
svcauth_gssapi_unset_names();
kadm5_destroy(global_server_handle);
loop_free(vctx);
acl_finish(context);
(void)gss_release_name(&minor_status, &gss_changepw_name);
(void)gss_release_name(&minor_status, &gss_oldchangepw_name);
for (i = 0; i < 4; i++)
free(names[i].name);
krb5_klog_close(context);
krb5_free_context(context);
exit(2);
}
