2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * A general description of the supergroup changes
14 * In AFS users can be members of groups. When you add
15 * a user, u1, to a group, g1, you add the user id for u1
16 * to an entries list in g1. This is a list of all the
18 * You also add the id for g1 to an entries list in u1.
19 * This is a list of all the groups this user is a
21 * The list has room for 10 entries. If more are required,
22 * a continuation record is created.
24 * With UMICH mods, u1 can be a group. When u1 is a group
25 * a new field is required to list the groups this group
26 * is a member of (since the entries field is used to
27 * list it's members). This new field is supergroups and
28 * has two entries. If more are required, a continuation
30 * There are two additional fields required, nextsg is
31 * an address of the next continuation record for this
32 * group, and countsg is the count for the number of
33 * groups this group is a member of.
37 * 09/18/95 jjm Add mdw's changes to afs-3.3a Changes:
38 * (1) Add the parameter -groupdepth or -depth to
39 * define the maximum search depth for supergroups.
40 * Define the variable depthsg to be the value of
41 * the parameter. The default value is set to 5.
43 * (3) Make sure the sizes of the struct prentry and
44 * struct prentryg are equal. If they aren't equal
45 * the pt database will be corrupted.
46 * The error is reported with an fprintf statement,
47 * but this doesn't print when ptserver is started by
48 * bos, so all you see is an error message in the
49 * /usr/afs/logs/BosLog file. If you start the
50 * ptserver without bos the fprintf will print
52 * The program will terminate with a PT_EXIT(1).
55 * Transarc does not currently use opcodes past 520, but
56 * they *could* decide at any time to use more opcodes.
57 * If they did, then one part of our local mods,
58 * ListSupergroups, would break. I've therefore
59 * renumbered it to 530, and put logic in to enable the
60 * old opcode to work (for now).
62 * 2/1/98 jjm Add mdw's changes for bit mapping for supergroups
64 * Before fetching a supergroup, this version of ptserver
65 * checks to see if it was marked "found" and "not a
66 * member". If and only if so, it doesn't fetch the group.
67 * Since this should be the case with most groups, this
68 * should save a significant amount of CPU in redundant
69 * fetches of the same group. After fetching the group,
70 * it sets "found", and either sets or clears "not a
71 * member", depending on if the group was a member of
72 * other groups. When it writes group entries to the
73 * database, it clears the "found" flag.
76 #if defined(SUPERGROUPS)
78 * A general description of the supergroup changes
81 * In AFS users can be members of groups. When you add a user, u1,
82 * to a group, g1, you add the user id for u1 to an entries list
83 * in g1. This is a list of all the members of g1. You also add
84 * the id for g1 to an entries list in u1. This is a list of all
85 * the groups this user is a member of. The list has room for 10
86 * entries. If more are required, a continuation record is created.
88 * With UMICH mods, u1 can be a group. When u1 is a group a new
89 * field is required to list the groups this group is a member of
90 * (since the entries field is used to list it's members). This
91 * new field is supergroups and has two entries. If more are
92 * required, a continuation record is formed.
94 * There are two additional fields required, nextsg is an address
95 * of the next continuation record for this group, and countsg is
96 * the count for the number of groups this group is a member of.
98 * Bit mapping support for supergroups:
100 * Before fetching a supergroup, this version of ptserver checks to
101 * see if it was marked "found" and "not a member". If and only if
102 * so, it doesn't fetch the group. Since this should be the case
103 * with most groups, this should save a significant amount of CPU in
104 * redundant fetches of the same group. After fetching the group, it
105 * sets "found", and either sets or clears "not a member", depending
106 * on if the group was a member of other groups. When it writes
107 * group entries to the database, it clears the "found" flag.
111 #include <afsconfig.h>
112 #include <afs/param.h>
113 #include <afs/stds.h>
117 #ifdef AFS_PTHREAD_ENV
118 # include <opr/softsig.h>
122 #include <WINNT/afsevent.h>
127 #include <rx/rx_globals.h>
128 #include <rx/rxstat.h>
132 #include <afs/cellconfig.h>
133 #include <afs/auth.h>
134 #include <afs/keys.h>
135 #include <afs/afsutil.h>
136 #include <afs/audit.h>
137 #include <afs/com_err.h>
139 #include "ptserver.h"
140 #include "ptprototypes.h"
141 #include "error_macros.h"
143 /* make all of these into a structure if you want */
144 struct prheader cheader;
145 struct ubik_dbase *dbase;
146 struct afsconf_dir *prdir;
148 #if defined(SUPERGROUPS)
149 extern afs_int32 depthsg;
153 int restrict_anonymous = 0;
156 int rxkadDisableDotCheck = 0;
158 #define ADDRSPERSITE 16 /* Same global is in rx/rx_user.c */
159 afs_uint32 SHostAddrs[ADDRSPERSITE];
161 static struct afsconf_cell info;
163 extern int prp_group_default;
164 extern int prp_user_default;
166 #include "AFS_component_version_number.c"
169 prp_access_mask(char *s)
172 if (*s >= '0' && *s <= '9') {
173 return strtol(s, NULL, 0);
176 while (*s) switch(*s++)
178 case 'S': r |= PRP_STATUS_ANY; break;
179 case 's': r |= PRP_STATUS_MEM; break;
180 case 'O': r |= PRP_OWNED_ANY; break;
181 case 'M': r |= PRP_MEMBER_ANY; break;
182 case 'm': r |= PRP_MEMBER_MEM; break;
183 case 'A': r |= PRP_ADD_ANY; break;
184 case 'a': r |= PRP_ADD_MEM; break;
185 case 'r': r |= PRP_REMOVE_MEM; break;
190 /* check whether caller is authorized to manage RX statistics */
192 pr_rxstat_userok(struct rx_call *call)
194 return afsconf_SuperUser(prdir, call, NULL);
198 * Return true if this name is a member of the local realm.
201 pr_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
203 struct afsconf_dir *dir = (struct afsconf_dir *)rock;
204 afs_int32 islocal = 0; /* default to no */
207 code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
209 ViceLog(0, ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
210 code, name, inst, cell));
221 OPT_restrict_anonymous,
241 main(int argc, char **argv)
247 struct rx_service *tservice;
248 struct rx_securityClass **securityClasses;
249 afs_int32 numClasses;
251 char clones[MAXHOSTSPERCELL];
253 afs_uint32 host = htonl(INADDR_ANY);
254 struct cmd_syndesc *opts;
255 struct cmd_item *list;
260 struct logOptions logopts;
261 char *whoami = "ptserver";
263 char *auditFileName = NULL;
264 char *interface = NULL;
265 char *s2s_crypt_behavior = NULL;
269 * The following signal action for AIX is necessary so that in case of a
270 * crash (i.e. core is generated) we can include the user's data section
271 * in the core dump. Unfortunately, by default, only a partial core is
272 * generated which, in many cases, isn't too useful.
274 struct sigaction nsa;
276 sigemptyset(&nsa.sa_mask);
277 nsa.sa_handler = SIG_DFL;
278 nsa.sa_flags = SA_FULLDUMP;
279 sigaction(SIGABRT, &nsa, NULL);
280 sigaction(SIGSEGV, &nsa, NULL);
283 osi_audit(PTS_StartEvent, 0, AUD_END);
285 /* Initialize dirpaths */
286 if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
288 ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
290 fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
295 pr_dbaseName = strdup(AFSDIR_SERVER_PRDB_FILEPATH);
296 configDir = strdup(AFSDIR_SERVER_ETC_DIRPATH);
297 memset(&logopts, 0, sizeof(logopts));
299 #if defined(SUPERGROUPS)
300 /* make sure the structures for database records are the same size */
301 if ((sizeof(struct prentry) != ENTRYSIZE)
302 || (sizeof(struct prentryg) != ENTRYSIZE)) {
304 "The structures for the database records are different"
305 " sizes\n" "struct prentry = %" AFS_SIZET_FMT "\n"
306 "struct prentryg = %" AFS_SIZET_FMT "\n"
307 "ENTRYSIZE = %d\n", sizeof(struct prentry),
308 sizeof(struct prentryg), ENTRYSIZE);
313 cmd_DisableAbbreviations();
314 cmd_DisablePositionalCommands();
315 opts = cmd_CreateSyntax(NULL, NULL, NULL, 0, NULL);
317 /* ptserver specific options */
318 cmd_AddParmAtOffset(opts, OPT_database, "-database", CMD_SINGLE,
319 CMD_OPTIONAL, "database file");
320 cmd_AddParmAlias(opts, OPT_database, "-db");
322 cmd_AddParmAtOffset(opts, OPT_access, "-default_access", CMD_LIST,
323 CMD_OPTIONAL, "default access flags for new entries");
324 #if defined(SUPERGROUPS)
325 cmd_AddParmAtOffset(opts, OPT_groupdepth, "-groupdepth", CMD_SINGLE,
326 CMD_OPTIONAL, "max search depth for supergroups");
327 cmd_AddParmAlias(opts, OPT_groupdepth, "-depth");
329 cmd_AddParmAtOffset(opts, OPT_restricted, "-restricted", CMD_FLAG,
330 CMD_OPTIONAL, "enable restricted mode");
331 cmd_AddParmAtOffset(opts, OPT_restrict_anonymous, "-restrict_anonymous",
332 CMD_FLAG, CMD_OPTIONAL, "enable restricted anonymous mode");
334 /* general server options */
335 cmd_AddParmAtOffset(opts, OPT_auditlog, "-auditlog", CMD_SINGLE,
336 CMD_OPTIONAL, "location of audit log");
337 cmd_AddParmAtOffset(opts, OPT_auditiface, "-audit-interface", CMD_SINGLE,
338 CMD_OPTIONAL, "interface to use for audit logging");
339 cmd_AddParmAtOffset(opts, OPT_config, "-config", CMD_SINGLE,
340 CMD_OPTIONAL, "configuration location");
341 cmd_AddParmAtOffset(opts, OPT_debug, "-d", CMD_SINGLE,
342 CMD_OPTIONAL, "debug level");
343 cmd_AddParmAtOffset(opts, OPT_logfile, "-logfile", CMD_SINGLE,
344 CMD_OPTIONAL, "location of logfile");
345 cmd_AddParmAtOffset(opts, OPT_threads, "-p", CMD_SINGLE,
346 CMD_OPTIONAL, "number of threads");
348 cmd_AddParmAtOffset(opts, OPT_syslog, "-syslog", CMD_SINGLE_OR_FLAG,
349 CMD_OPTIONAL, "log to syslog");
351 cmd_AddParmAtOffset(opts, OPT_transarc_logs, "-transarc-logs", CMD_FLAG,
352 CMD_OPTIONAL, "enable Transarc style logging");
355 cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
356 CMD_OPTIONAL, "enable RX RPC statistics by peer");
357 cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
358 CMD_OPTIONAL, "enable RX RPC statistics");
359 cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG,
360 CMD_OPTIONAL, "bind only to the primary interface");
361 cmd_AddParmAtOffset(opts, OPT_rxmaxmtu, "-rxmaxmtu", CMD_SINGLE,
362 CMD_OPTIONAL, "maximum MTU for RX");
365 cmd_AddParmAtOffset(opts, OPT_dotted, "-allow-dotted-principals",
366 CMD_FLAG, CMD_OPTIONAL,
367 "permit Kerberos 5 principals with dots");
370 cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt", CMD_SINGLE,
372 "rxgk-crypt | never");
374 code = cmd_Parse(argc, argv, &opts);
375 if (code == CMD_HELP) {
381 cmd_OptionAsString(opts, OPT_config, &configDir);
383 cmd_OpenConfigFile(AFSDIR_SERVER_CONFIG_FILE_FILEPATH);
384 cmd_SetCommandName("ptserver");
386 if (cmd_OptionAsList(opts, OPT_access, &list) == 0) {
387 prp_user_default = prp_access_mask(list->data);
388 if (list->next == NULL || list->next->data == NULL) {
389 fprintf(stderr, "Missing second argument for -default_access\n");
392 prp_group_default = prp_access_mask(list->next->data);
395 #if defined(SUPERGROUPS)
396 cmd_OptionAsInt(opts, OPT_groupdepth, &depthsg);
399 cmd_OptionAsFlag(opts, OPT_restricted, &restricted);
400 cmd_OptionAsFlag(opts, OPT_restrict_anonymous, &restrict_anonymous);
402 /* general server options */
403 cmd_OptionAsString(opts, OPT_auditlog, &auditFileName);
405 if (cmd_OptionAsString(opts, OPT_auditiface, &interface) == 0) {
406 if (osi_audit_interface(interface)) {
407 printf("Invalid audit interface '%s'\n", interface);
413 cmd_OptionAsString(opts, OPT_database, &pr_dbaseName);
415 if (cmd_OptionAsInt(opts, OPT_threads, &lwps) == 0) {
416 if (lwps > 64) { /* maximum of 64 */
417 printf("Warning: '-p %d' is too big; using %d instead\n",
420 } else if (lwps < 3) { /* minimum of 3 */
421 printf("Warning: '-p %d' is too small; using %d instead\n",
428 if (cmd_OptionPresent(opts, OPT_syslog)) {
429 if (cmd_OptionPresent(opts, OPT_logfile)) {
430 fprintf(stderr, "Invalid options: -syslog and -logfile are exclusive.");
433 if (cmd_OptionPresent(opts, OPT_transarc_logs)) {
434 fprintf(stderr, "Invalid options: -syslog and -transarc-logs are exclusive.");
437 logopts.lopt_dest = logDest_syslog;
438 logopts.lopt_facility = LOG_DAEMON;
439 logopts.lopt_tag = "ptserver";
440 cmd_OptionAsInt(opts, OPT_syslog, &logopts.lopt_facility);
444 logopts.lopt_dest = logDest_file;
445 if (cmd_OptionPresent(opts, OPT_transarc_logs)) {
446 logopts.lopt_rotateOnOpen = 1;
447 logopts.lopt_rotateStyle = logRotate_old;
449 if (cmd_OptionPresent(opts, OPT_logfile))
450 cmd_OptionAsString(opts, OPT_logfile, (char**)&logopts.lopt_filename);
452 logopts.lopt_filename = AFSDIR_SERVER_PTLOG_FILEPATH;
454 cmd_OptionAsInt(opts, OPT_debug, &logopts.lopt_logLevel);
457 if (cmd_OptionPresent(opts, OPT_peer))
458 rx_enablePeerRPCStats();
460 if (cmd_OptionPresent(opts, OPT_process))
461 rx_enableProcessRPCStats();
463 cmd_OptionAsFlag(opts, OPT_rxbind, &rxBind);
465 cmd_OptionAsInt(opts, OPT_rxmaxmtu, &rxMaxMTU);
468 cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
471 if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
472 if (strcmp(s2s_crypt_behavior, "never") == 0) {
473 /* noop; this is the default */
474 } else if (strcmp(s2s_crypt_behavior, "rxgk-crypt") == 0) {
477 fprintf(stderr, "Invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
480 free(s2s_crypt_behavior);
481 s2s_crypt_behavior = NULL;
484 cmd_FreeOptions(&opts);
487 osi_audit_file(auditFileName);
488 osi_audit(PTS_StartEvent, 0, AUD_END);
492 #ifdef AFS_PTHREAD_ENV
494 SetupLogSoftSignals();
499 prdir = afsconf_Open(configDir);
501 fprintf(stderr, "ptserver: can't open configuration directory.\n");
504 if (afsconf_GetNoAuthFlag(prdir))
505 printf("ptserver: running unauthenticated\n");
508 /* initialize winsock */
509 if (afs_winsockInit() < 0) {
510 ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
512 fprintf(stderr, "ptserver: couldn't initialize winsock. \n");
517 gethostname(hostname, sizeof(hostname));
518 th = gethostbyname(hostname);
520 fprintf(stderr, "ptserver: couldn't get address of this host.\n");
523 memcpy(&myHost, th->h_addr, sizeof(afs_uint32));
525 /* get list of servers */
527 afsconf_GetExtendedCellInfo(prdir, NULL, "afsprot", &info, clones);
529 afs_com_err(whoami, code, "Couldn't get server list");
533 /* initialize audit user check */
534 osi_audit_set_user_check(prdir, pr_IsLocalRealmMatch);
536 /* initialize ubik */
538 ubik_SetClientSecurityProcs(afsconf_ClientAuthRXGKCrypt,
539 afsconf_UpToDate, prdir);
541 ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
544 ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
545 afsconf_CheckAuth, prdir);
547 /* The max needed is when deleting an entry. A full CoEntry deletion
548 * required removal from 39 entries. Each of which may refers to the entry
549 * being deleted in one of its CoEntries. If a CoEntry is freed its
550 * predecessor CoEntry will be modified as well. Any freed blocks also
551 * modifies the database header. Counting the entry being deleted and its
552 * CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries
553 * and the header are in separate Ubik buffers then 120 buffers may be
555 ubik_nBuffers = 120 + /*fudge */ 40;
559 if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
560 AFSDIR_SERVER_NETINFO_FILEPATH) {
562 ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL,
563 ADDRSPERSITE, reason,
564 AFSDIR_SERVER_NETINFO_FILEPATH,
565 AFSDIR_SERVER_NETRESTRICT_FILEPATH);
568 ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
571 host = SHostAddrs[0];
575 ViceLog(0, ("ptserver binding rx to %s:%d\n",
576 afs_inet_ntoa_r(host, hoststr), AFSCONF_PROTPORT));
577 code = rx_InitHost(host, htons(AFSCONF_PROTPORT));
579 ViceLog(0, ("ptserver: Rx init failed: %d\n", code));
583 /* Disable jumbograms */
586 if (rxMaxMTU != -1) {
587 if (rx_SetMaxMTU(rxMaxMTU) != 0) {
588 printf("rxMaxMTU %d is invalid\n", rxMaxMTU);
594 ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info, clones,
595 pr_dbaseName, &dbase);
597 afs_com_err(whoami, code, "Ubik init failed");
601 #if defined(SUPERGROUPS)
605 afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses);
608 rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses,
609 numClasses, PR_ExecuteRequest);
610 if (tservice == (struct rx_service *)0) {
611 fprintf(stderr, "ptserver: Could not create new rx service.\n");
614 rx_SetMinProcs(tservice, 2);
615 rx_SetMaxProcs(tservice, lwps);
616 if (rxkadDisableDotCheck) {
617 code = rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
618 (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
620 afs_com_err(whoami, code, "Failed to allow dotted principals");
626 rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
627 securityClasses, numClasses, RXSTATS_ExecuteRequest);
628 if (tservice == (struct rx_service *)0) {
629 fprintf(stderr, "ptserver: Could not create new rx service.\n");
632 rx_SetMinProcs(tservice, 2);
633 rx_SetMaxProcs(tservice, 4);
635 /* allow super users to manage RX statistics */
636 rx_SetRxStatUserOk(pr_rxstat_userok);
638 LogCommandLine(argc, argv, "ptserver",
639 #if defined(SUPERGROUPS)
644 "Starting AFS", FSLog);
645 if (afsconf_CountKeys(prdir) == 0) {
646 ViceLog(0, ("WARNING: No encryption keys found! "
647 "All authenticated accesses will fail. "
648 "Run akeyconvert or asetkey to import encryption keys.\n"));
649 } else if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
654 osi_audit(PTS_FinishEvent, -1, AUD_END);