afs_int32 ka_Init(int flags) { /* reserved for future use. */ afs_int32 code; static int inited = 0; LOCK_GLOBAL_MUTEX; if (inited) { UNLOCK_GLOBAL_MUTEX; return 0; } inited++; initialize_U_error_table(); initialize_KA_error_table(); initialize_RXK_error_table(); initialize_KTC_error_table(); initialize_ACFG_error_table(); code = ka_CellConfig(AFSDIR_CLIENT_ETC_DIRPATH); UNLOCK_GLOBAL_MUTEX; if (code) return code; return 0; }
/* * cfg_ClientSetCell() -- Define default client cell for host. * * The cellDbHosts argument is a multistring containing the names of * the existing database servers already configured in the cell; this * multistring list can be obtained via cfg_CellServDbEnumerate(). * If configuring the first server in a new cell then the cellDbHosts * list contains only the name of that host. * * Warning: client (cache-manager) should be stopped prior to setting cell. */ int ADMINAPI cfg_ClientSetCell(void *hostHandle, /* host config handle */ const char *cellName, /* cell name */ const char *cellDbHosts, /* cell database hosts */ afs_status_p st) { /* completion status */ int rc = 1; afs_status_t tst2, tst = 0; cfg_host_p cfg_host = (cfg_host_p) hostHandle; /* validate parameters */ if (!cfgutil_HostHandleValidate(cfg_host, &tst2)) { tst = tst2; } else if (cellName == NULL || *cellName == '\0') { tst = ADMCFGCELLNAMENULL; } else if (strlen(cellName) > (MAXCELLCHARS - 1)) { tst = ADMCFGCELLNAMETOOLONG; } else if (!cfgutil_HostHandleCellNameCompatible(cfg_host, cellName)) { tst = ADMCFGCELLNAMECONFLICT; } else if (cellDbHosts == NULL || *cellDbHosts == '\0') { tst = ADMCFGCELLDBHOSTSNULL; } /* remote configuration not yet supported in this function */ if (tst == 0) { if (!cfg_host->is_local) { tst = ADMCFGNOTSUPPORTED; } } /* define cell database hosts */ #ifdef AFS_NT40_ENV if (tst == 0) { CELLSERVDB clientDb; if (!CSDB_ReadFile(&clientDb, AFSDIR_CLIENT_CELLSERVDB_FILEPATH)) { tst = ADMCFGCLIENTCELLSERVDBNOTREAD; } else { CELLDBLINE *cellLinep = CSDB_FindCell(&clientDb, cellName); if (cellLinep != NULL) { /* cell entry exists; remove host entries */ if (!CSDB_RemoveCellServers(&clientDb, cellLinep)) { /* should never happen */ tst = ADMCFGCLIENTCELLSERVDBEDITFAILED; } } else { /* cell entry does not exist; add it */ cellLinep = CSDB_AddCell(&clientDb, cellName, NULL, NULL); if (cellLinep == NULL) { tst = ADMNOMEM; } } if (tst == 0) { /* add new host entries to cell */ const char *dbHost = cellDbHosts; int dbHostCount = 0; while (*dbHost != '\0' && tst == 0) { size_t dbHostLen = strlen(dbHost); const char *dbHostAddrStr; if (dbHostLen > (MAXHOSTCHARS - 1)) { tst = ADMCFGHOSTNAMETOOLONG; } else if (dbHostCount >= MAXHOSTSPERCELL) { tst = ADMCFGCELLDBHOSTCOUNTTOOLARGE; } else if (!cfgutil_HostNameGetAddressString (dbHost, &dbHostAddrStr, &tst2)) { tst = tst2; } else if (CSDB_AddCellServer (&clientDb, cellLinep, dbHostAddrStr, dbHost) == NULL) { tst = ADMNOMEM; } else { dbHostCount++; dbHost += dbHostLen + 1; } } if (tst == 0) { /* edit successful; write CellServDB */ if (!CSDB_WriteFile(&clientDb)) { tst = ADMCFGCLIENTCELLSERVDBNOTWRITTEN; } } } CSDB_FreeFile(&clientDb); } } #else if (tst == 0) { /* function not yet implemented for Unix */ tst = ADMCFGNOTSUPPORTED; } #endif /* AFS_NT40_ENV */ /* define default client cell */ #ifdef AFS_NT40_ENV if (tst == 0) { if (afssw_SetClientCellName(cellName)) { /* failed to set cell name in registry (ThisCell equivalent) */ if (errno == EACCES) { tst = ADMNOPRIV; } else { tst = ADMCFGCLIENTTHISCELLNOTWRITTEN; } } } #else if (tst == 0) { /* function not yet implemented for Unix */ tst = ADMCFGNOTSUPPORTED; } #endif /* AFS_NT40_ENV */ /* help any underlying packages adjust to cell change */ if (tst == 0) { int rc; if ((rc = ka_CellConfig(AFSDIR_CLIENT_ETC_DIRPATH)) != 0) { tst = rc; } } if (tst != 0) { rc = 0; } if (st != NULL) { *st = tst; } return rc; }
int main(int argc, char *argv[]) { afs_int32 code; char *whoami = argv[0]; afs_uint32 serverList[MAXSERVERS]; struct afsconf_cell cellinfo; char *cell; const char *cellservdb, *dbpath, *lclpath; int a; char arg[32]; char default_lclpath[AFSDIR_PATH_MAX]; int servers; int initFlags; int level; /* security level for Ubik */ afs_int32 i; char clones[MAXHOSTSPERCELL]; afs_uint32 host = ntohl(INADDR_ANY); char *auditFileName = NULL; struct rx_service *tservice; struct rx_securityClass *sca[1]; struct rx_securityClass *scm[3]; extern int rx_stackSize; #ifdef AFS_AIX32_ENV /* * The following signal action for AIX is necessary so that in case of a * crash (i.e. core is generated) we can include the user's data section * in the core dump. Unfortunately, by default, only a partial core is * generated which, in many cases, isn't too useful. */ struct sigaction nsa; sigemptyset(&nsa.sa_mask); nsa.sa_handler = SIG_DFL; nsa.sa_flags = SA_FULLDUMP; sigaction(SIGABRT, &nsa, NULL); sigaction(SIGSEGV, &nsa, NULL); #endif osi_audit_init(); if (argc == 0) { usage: printf("Usage: kaserver [-noAuth] [-database <dbpath>] " "[-auditlog <log path>] [-audit-interface <file|sysvmq>] " "[-rxbind] [-localfiles <lclpath>] [-minhours <n>] " "[-servers <serverlist>] [-crossrealm] " /*" [-enable_peer_stats] [-enable_process_stats] " */ "[-help]\n"); exit(1); } #ifdef AFS_NT40_ENV /* initialize winsock */ if (afs_winsockInit() < 0) { ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0); fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami); exit(1); } #endif /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0); #endif fprintf(stderr, "%s: Unable to obtain AFS server directory.\n", argv[0]); exit(2); } cellservdb = AFSDIR_SERVER_ETC_DIRPATH; dbpath = AFSDIR_SERVER_KADB_FILEPATH; strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH, "/", AFSDIR_KADB_FILE, NULL); lclpath = default_lclpath; debugOutput = 0; servers = 0; initFlags = 0; level = rxkad_crypt; for (a = 1; a < argc; a++) { int arglen = strlen(argv[a]); lcstring(arg, argv[a], sizeof(arg)); #define IsArg(a) (strncmp (arg,a, arglen) == 0) if (strcmp(arg, "-database") == 0) { dbpath = argv[++a]; if (strcmp(lclpath, default_lclpath) == 0) lclpath = dbpath; } else if (strncmp(arg, "-auditlog", arglen) == 0) { auditFileName = argv[++a]; } else if (strncmp(arg, "-audit-interface", arglen) == 0) { char *interface = argv[++a]; if (osi_audit_interface(interface)) { printf("Invalid audit interface '%s'\n", interface); exit(1); } } else if (strcmp(arg, "-localfiles") == 0) lclpath = argv[++a]; else if (strcmp(arg, "-servers") == 0) debugOutput++, servers = 1; else if (strcmp(arg, "-noauth") == 0) debugOutput++, initFlags |= 1; else if (strcmp(arg, "-fastkeys") == 0) debugOutput++, initFlags |= 4; else if (strcmp(arg, "-dbfixup") == 0) debugOutput++, initFlags |= 8; else if (strcmp(arg, "-cellservdb") == 0) { cellservdb = argv[++a]; initFlags |= 2; debugOutput++; } else if (IsArg("-crypt")) level = rxkad_crypt; else if (IsArg("-safe")) level = rxkad_crypt; else if (IsArg("-clear")) level = rxkad_clear; else if (IsArg("-sorry")) level = rxkad_clear; else if (IsArg("-debug")) verbose_track = 0; else if (IsArg("-crossrealm")) krb4_cross = 1; else if (IsArg("-rxbind")) rxBind = 1; else if (IsArg("-minhours")) { MinHours = atoi(argv[++a]); } else if (IsArg("-enable_peer_stats")) { rx_enablePeerRPCStats(); } else if (IsArg("-enable_process_stats")) { rx_enableProcessRPCStats(); } else if (*arg == '-') { /* hack to support help flag */ goto usage; } } if (auditFileName) { osi_audit_file(auditFileName); } if ((code = ka_CellConfig(cellservdb))) goto abort; cell = ka_LocalCell(); KA_conf = afsconf_Open(cellservdb); if (!KA_conf) { code = KANOCELLS; abort: afs_com_err(whoami, code, "Failed getting cell info"); exit(1); } #ifdef AUTH_DBM_LOG kalog_Init(); #else /* NT & HPUX do not have dbm package support. So we can only do some * text logging. So open the AuthLog file for logging and redirect * stdin and stdout to it */ OpenLog(AFSDIR_SERVER_KALOG_FILEPATH); SetupLogSignals(); #endif fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security " "properties. Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n", whoami); ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. " "Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n")); code = afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE, &cellinfo, clones); if (servers) { if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) { afs_com_err(whoami, code, "Couldn't parse server list"); exit(1); } cellinfo.hostAddr[0].sin_addr.s_addr = myHost; for (i = 1; i < MAXSERVERS; i++) { if (!serverList[i]) break; cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i]; } cellinfo.numServers = i; } else { code = convert_cell_to_ubik(&cellinfo, &myHost, serverList); if (code) goto abort; ViceLog(0, ("Using server list from %s cell database.\n", cell)); } /* initialize audit user check */ osi_audit_set_user_check(KA_conf, KA_IsLocalRealmMatch); /* initialize ubik */ if (level == rxkad_clear) ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, KA_conf); else if (level == rxkad_crypt) ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure, afsconf_UpToDate, KA_conf); else { ViceLog(0, ("Unsupported security level %d\n", level)); exit(5); } ViceLog(0, ("Using level %s for Ubik connections.\n", (level == rxkad_crypt ? "crypt" : "clear"))); ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects, afsconf_CheckAuth, KA_conf); ubik_nBuffers = 80; if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; ccode = parseNetFiles(SHostAddrs, NULL, NULL, ADDRSPERSITE, reason, AFSDIR_SERVER_NETINFO_FILEPATH, AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } if (ccode == 1) { host = SHostAddrs[0]; rx_InitHost(host, htons(AFSCONF_KAUTHPORT)); } } /* Disable jumbograms */ rx_SetNoJumbo(); if (servers) code = ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList, dbpath, &KA_dbase); else code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo, clones, dbpath, &KA_dbase); if (code) { afs_com_err(whoami, code, "Ubik init failed"); exit(2); } sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject(); tservice = rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE, "AuthenticationService", sca, 1, KAA_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create Authentication rx service\n")); exit(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); tservice = rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService", sca, 1, KAT_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create Ticket Granting rx service\n")); exit(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL]; scm[RX_SCINDEX_VAB] = 0; scm[RX_SCINDEX_KAD] = rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0); tservice = rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3, KAM_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create Maintenance rx service\n")); exit(3); } rx_SetMinProcs(tservice, 1); rx_SetMaxProcs(tservice, 1); rx_SetStackSize(tservice, 10000); tservice = rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3, RXSTATS_ExecuteRequest); if (tservice == (struct rx_service *)0) { ViceLog(0, ("Could not create rpc stats rx service\n")); exit(3); } rx_SetMinProcs(tservice, 2); rx_SetMaxProcs(tservice, 4); initialize_dstats(); /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(KA_rxstat_userok); rx_StartServer(0); /* start handling req. of all types */ if (init_kaprocs(lclpath, initFlags)) return -1; if ((code = init_krb_udp())) { ViceLog(0, ("Failed to initialize UDP interface; code = %d.\n", code)); ViceLog(0, ("Running without UDP access.\n")); } ViceLog(0, ("Starting to process AuthServer requests\n")); rx_ServerProc(NULL); /* donate this LWP */ return 0; }