2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
17 #include <sys/types.h>
20 #include <WINNT/afsevent.h>
24 #include <netinet/in.h>
26 #include "kalog.h" /* for OpenLog() */
46 #include <rx/rx_globals.h>
47 #include <afs/cellconfig.h>
49 #include <afs/afsutil.h>
56 struct kadstats dynamic_statistics;
57 struct ubik_dbase *KA_dbase;
59 afs_int32 verbose_track = 1;
60 afs_int32 krb4_cross = 0;
62 struct afsconf_dir *KA_conf; /* for getting cell info */
64 extern afs_int32 ubik_lastYesTime;
65 extern afs_int32 ubik_nBuffers;
67 int npwSums = KA_NPWSUMS; /* needs to be variable sometime */
70 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_XBSD_ENV)
72 #define vfprintf(stream,fmt,args) _doprnt(fmt,args,stream)
75 static int debugOutput;
77 /* check whether caller is authorized to manage RX statistics */
79 KA_rxstat_userok(call)
82 return afsconf_SuperUser(KA_conf, call, NULL);
86 es_Report(char *fmt, ...)
93 vfprintf(stderr, fmt, pvar);
101 memset(&dynamic_statistics, 0, sizeof(dynamic_statistics));
102 dynamic_statistics.start_time = time(0);
103 dynamic_statistics.host = myHost;
107 convert_cell_to_ubik(cellinfo, myHost, serverList)
108 struct afsconf_cell *cellinfo;
110 afs_int32 *serverList;
117 gethostname(hostname, sizeof(hostname));
118 th = gethostbyname(hostname);
120 ViceLog(0, ("kaserver: couldn't get address of this host.\n"));
123 memcpy(myHost, th->h_addr, sizeof(afs_int32));
125 for (i = 0; i < cellinfo->numServers; i++)
126 if (cellinfo->hostAddr[i].sin_addr.s_addr != *myHost) {
127 /* omit my host from serverList */
128 *serverList++ = cellinfo->hostAddr[i].sin_addr.s_addr;
130 *serverList = 0; /* terminate list */
135 kvno_admin_key(rock, kvno, key)
138 struct ktc_encryptionKey *key;
140 return ka_LookupKvno(0, KA_ADMIN_NAME, KA_ADMIN_INST, kvno, key);
142 /* we would like to start a Ubik transaction to fill the cache if that
143 * fails, but may deadlock as Rx is now organized. */
146 /* initFlags: 0x01 Do not require authenticated connections.
147 0x02 Do not check the bos NoAuth flag
148 0x04 Use fast key expiration to test oldkey code.
149 0x08 Temporary flag allowing database inconsistency fixup
152 #include "AFS_component_version_number.c"
159 char *whoami = argv[0];
160 afs_int32 serverList[MAXSERVERS];
161 struct afsconf_cell cellinfo;
163 const char *cellservdb, *dbpath, *lclpath;
166 char default_lclpath[AFSDIR_PATH_MAX];
169 int level; /* security level for Ubik */
171 char clones[MAXHOSTSPERCELL];
173 struct rx_service *tservice;
174 struct rx_securityClass *sca[1];
175 struct rx_securityClass *scm[3];
177 extern int afsconf_ClientAuthSecure();
178 extern int afsconf_ServerAuth();
179 extern int afsconf_CheckAuth();
181 extern int rx_stackSize;
182 extern int KAA_ExecuteRequest();
183 extern int KAT_ExecuteRequest();
184 extern int KAM_ExecuteRequest();
185 extern int RXSTATS_ExecuteRequest();
189 * The following signal action for AIX is necessary so that in case of a
190 * crash (i.e. core is generated) we can include the user's data section
191 * in the core dump. Unfortunately, by default, only a partial core is
192 * generated which, in many cases, isn't too useful.
194 struct sigaction nsa;
196 sigemptyset(&nsa.sa_mask);
197 nsa.sa_handler = SIG_DFL;
198 nsa.sa_flags = SA_FULLDUMP;
199 sigaction(SIGABRT, &nsa, NULL);
200 sigaction(SIGSEGV, &nsa, NULL);
204 printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
205 "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
207 /*" [-enable_peer_stats] [-enable_process_stats] " */
212 /* initialize winsock */
213 if (afs_winsockInit() < 0) {
214 ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
215 fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
219 /* Initialize dirpaths */
220 if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
222 ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
224 fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
229 cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
230 dbpath = AFSDIR_SERVER_KADB_FILEPATH;
231 strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
232 "/", AFSDIR_KADB_FILE, NULL);
233 lclpath = default_lclpath;
239 for (a = 1; a < argc; a++) {
240 int arglen = strlen(argv[a]);
241 lcstring(arg, argv[a], sizeof(arg));
242 #define IsArg(a) (strncmp (arg,a, arglen) == 0)
244 if (strcmp(arg, "-database") == 0) {
246 if (strcmp(lclpath, default_lclpath) == 0)
248 } else if (strcmp(arg, "-localfiles") == 0)
250 else if (strcmp(arg, "-servers") == 0)
251 debugOutput++, servers = 1;
252 else if (strcmp(arg, "-noauth") == 0)
253 debugOutput++, initFlags |= 1;
254 else if (strcmp(arg, "-fastkeys") == 0)
255 debugOutput++, initFlags |= 4;
256 else if (strcmp(arg, "-dbfixup") == 0)
257 debugOutput++, initFlags |= 8;
258 else if (strcmp(arg, "-cellservdb") == 0) {
259 cellservdb = argv[++a];
264 else if (IsArg("-crypt"))
266 else if (IsArg("-safe"))
268 else if (IsArg("-clear"))
270 else if (IsArg("-sorry"))
272 else if (IsArg("-debug"))
274 else if (IsArg("-crossrealm"))
276 else if (IsArg("-minhours")) {
277 MinHours = atoi(argv[++a]);
278 } else if (IsArg("-enable_peer_stats")) {
279 rx_enablePeerRPCStats();
280 } else if (IsArg("-enable_process_stats")) {
281 rx_enableProcessRPCStats();
282 } else if (*arg == '-') {
283 /* hack to support help flag */
287 if (code = ka_CellConfig(cellservdb))
289 cell = ka_LocalCell();
290 KA_conf = afsconf_Open(cellservdb);
294 com_err(whoami, code, "Failed getting cell info");
300 /* NT & HPUX do not have dbm package support. So we can only do some
301 * text logging. So open the AuthLog file for logging and redirect
302 * stdin and stdout to it
304 OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
308 afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
311 if (code = ubik_ParseServerList(argc, argv, &myHost, serverList)) {
312 com_err(whoami, code, "Couldn't parse server list");
315 cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
316 for (i = 1; i < MAXSERVERS; i++) {
319 cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
321 cellinfo.numServers = i;
323 code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
326 ViceLog(0, ("Using server list from %s cell database.\n", cell));
329 /* initialize ubik */
330 if (level == rxkad_clear)
331 ubik_CRXSecurityProc = afsconf_ClientAuth;
332 else if (level == rxkad_crypt)
333 ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
335 ViceLog(0, ("Unsupported security level %d\n", level));
339 ("Using level %s for Ubik connections.\n",
340 (level == rxkad_crypt ? "crypt" : "clear")));
341 ubik_CRXSecurityRock = (char *)KA_conf;
342 ubik_SRXSecurityProc = afsconf_ServerAuth;
343 ubik_SRXSecurityRock = (char *)KA_conf;
344 ubik_CheckRXSecurityProc = afsconf_CheckAuth;
345 ubik_CheckRXSecurityRock = (char *)KA_conf;
350 ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
354 ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
355 &clones, dbpath, &KA_dbase);
358 com_err(whoami, code, "Ubik init failed");
362 sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
364 /* Disable jumbograms */
368 rx_NewService(0, KA_AUTHENTICATION_SERVICE, "AuthenticationService",
369 sca, 1, KAA_ExecuteRequest);
370 if (tservice == (struct rx_service *)0) {
371 ViceLog(0, ("Could not create Authentication rx service\n"));
374 rx_SetMinProcs(tservice, 1);
375 rx_SetMaxProcs(tservice, 1);
378 rx_NewService(0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
379 sca, 1, KAT_ExecuteRequest);
380 if (tservice == (struct rx_service *)0) {
381 ViceLog(0, ("Could not create Ticket Granting rx service\n"));
384 rx_SetMinProcs(tservice, 1);
385 rx_SetMaxProcs(tservice, 1);
387 scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL];
388 scm[RX_SCINDEX_VAB] = 0;
389 scm[RX_SCINDEX_KAD] =
390 rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
392 rx_NewService(0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
394 if (tservice == (struct rx_service *)0) {
395 ViceLog(0, ("Could not create Maintenance rx service\n"));
398 rx_SetMinProcs(tservice, 1);
399 rx_SetMaxProcs(tservice, 1);
400 rx_SetStackSize(tservice, 10000);
403 rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
404 RXSTATS_ExecuteRequest);
405 if (tservice == (struct rx_service *)0) {
406 ViceLog(0, ("Could not create rpc stats rx service\n"));
409 rx_SetMinProcs(tservice, 2);
410 rx_SetMaxProcs(tservice, 4);
414 /* allow super users to manage RX statistics */
415 rx_SetRxStatUserOk(KA_rxstat_userok);
417 rx_StartServer(0); /* start handling req. of all types */
419 if (init_kaprocs(lclpath, initFlags))
422 if (code = init_krb_udp()) {
424 ("Failed to initialize UDP interface; code = %d.\n", code));
425 ViceLog(0, ("Running without UDP access.\n"));
428 ViceLog(0, ("Starting to process AuthServer requests\n"));
429 rx_ServerProc(); /* donate this LWP */