2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 * A general description of the supergroup changes
14 * In AFS users can be members of groups. When you add
15 * a user, u1, to a group, g1, you add the user id for u1
16 * to an entries list in g1. This is a list of all the
18 * You also add the id for g1 to an entries list in u1.
19 * This is a list of all the groups this user is a
21 * The list has room for 10 entries. If more are required,
22 * a continuation record is created.
24 * With UMICH mods, u1 can be a group. When u1 is a group
25 * a new field is required to list the groups this group
26 * is a member of (since the entries field is used to
27 * list it's members). This new field is supergroups and
28 * has two entries. If more are required, a continuation
30 * There are two additional fields required, nextsg is
31 * an address of the next continuation record for this
32 * group, and countsg is the count for the number of
33 * groups this group is a member of.
37 * 09/18/95 jjm Add mdw's changes to afs-3.3a Changes:
38 * (1) Add the parameter -groupdepth or -depth to
39 * define the maximum search depth for supergroups.
40 * Define the variable depthsg to be the value of
41 * the parameter. The default value is set to 5.
43 * (3) Make sure the sizes of the struct prentry and
44 * struct prentryg are equal. If they aren't equal
45 * the pt database will be corrupted.
46 * The error is reported with an fprintf statement,
47 * but this doesn't print when ptserver is started by
48 * bos, so all you see is an error message in the
49 * /usr/afs/logs/BosLog file. If you start the
50 * ptserver without bos the fprintf will print
52 * The program will terminate with a PT_EXIT(1).
55 * Transarc does not currently use opcodes past 520, but
56 * they *could* decide at any time to use more opcodes.
57 * If they did, then one part of our local mods,
58 * ListSupergroups, would break. I've therefore
59 * renumbered it to 530, and put logic in to enable the
60 * old opcode to work (for now).
62 * 2/1/98 jjm Add mdw's changes for bit mapping for supergroups
64 * Before fetching a supergroup, this version of ptserver
65 * checks to see if it was marked "found" and "not a
66 * member". If and only if so, it doesn't fetch the group.
67 * Since this should be the case with most groups, this
68 * should save a significant amount of CPU in redundant
69 * fetches of the same group. After fetching the group,
70 * it sets "found", and either sets or clears "not a
71 * member", depending on if the group was a member of
72 * other groups. When it writes group entries to the
73 * database, it clears the "found" flag.
76 #if defined(SUPERGROUPS)
78 * A general description of the supergroup changes
81 * In AFS users can be members of groups. When you add a user, u1,
82 * to a group, g1, you add the user id for u1 to an entries list
83 * in g1. This is a list of all the members of g1. You also add
84 * the id for g1 to an entries list in u1. This is a list of all
85 * the groups this user is a member of. The list has room for 10
86 * entries. If more are required, a continuation record is created.
88 * With UMICH mods, u1 can be a group. When u1 is a group a new
89 * field is required to list the groups this group is a member of
90 * (since the entries field is used to list it's members). This
91 * new field is supergroups and has two entries. If more are
92 * required, a continuation record is formed.
94 * There are two additional fields required, nextsg is an address
95 * of the next continuation record for this group, and countsg is
96 * the count for the number of groups this group is a member of.
98 * Bit mapping support for supergroups:
100 * Before fetching a supergroup, this version of ptserver checks to
101 * see if it was marked "found" and "not a member". If and only if
102 * so, it doesn't fetch the group. Since this should be the case
103 * with most groups, this should save a significant amount of CPU in
104 * redundant fetches of the same group. After fetching the group, it
105 * sets "found", and either sets or clears "not a member", depending
106 * on if the group was a member of other groups. When it writes
107 * group entries to the database, it clears the "found" flag.
111 #include <afsconfig.h>
112 #include <afs/param.h>
116 #include <afs/stds.h>
120 #include <sys/types.h>
123 #include <winsock2.h>
124 #include <WINNT/afsevent.h>
127 #include <netinet/in.h>
132 #ifdef HAVE_STRINGS_H
138 #include <rx/rx_globals.h>
141 #include <afs/cellconfig.h>
142 #include <afs/auth.h>
143 #include <afs/keys.h>
144 #include "ptserver.h"
145 #include "error_macros.h"
146 #include "afs/audit.h"
147 #include <afs/afsutil.h>
150 /* make all of these into a structure if you want */
151 struct prheader cheader;
152 struct ubik_dbase *dbase;
153 struct afsconf_dir *prdir;
155 #if defined(SUPERGROUPS)
156 extern afs_int32 depthsg;
159 extern afs_int32 ubik_lastYesTime;
160 extern afs_int32 ubik_nBuffers;
162 extern int afsconf_ServerAuth();
163 extern int afsconf_CheckAuth();
168 #include "AFS_component_version_number.c"
170 /* check whether caller is authorized to manage RX statistics */
171 int pr_rxstat_userok(call)
172 struct rx_call *call;
174 return afsconf_SuperUser(prdir, call, NULL);
177 int main (int argc, char **argv)
179 register afs_int32 code;
181 register struct hostent *th;
183 struct rx_service *tservice;
184 struct rx_securityClass *sc[3];
185 extern int RXSTATS_ExecuteRequest();
186 extern int PR_ExecuteRequest();
188 struct ktc_encryptionKey tkey;
190 struct afsconf_cell info;
191 int kerberosKeys; /* set if found some keys */
193 char clones[MAXHOSTSPERCELL];
195 const char *pr_dbaseName;
196 char *whoami = "ptserver";
203 * The following signal action for AIX is necessary so that in case of a
204 * crash (i.e. core is generated) we can include the user's data section
205 * in the core dump. Unfortunately, by default, only a partial core is
206 * generated which, in many cases, isn't too useful.
208 struct sigaction nsa;
210 sigemptyset(&nsa.sa_mask);
211 nsa.sa_handler = SIG_DFL;
212 nsa.sa_flags = SA_FULLDUMP;
213 sigaction(SIGABRT, &nsa, NULL);
214 sigaction(SIGSEGV, &nsa, NULL);
216 osi_audit (PTS_StartEvent, 0, AUD_END);
218 /* Initialize dirpaths */
219 if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
221 ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0],0);
223 fprintf(stderr,"%s: Unable to obtain AFS server directory.\n", argv[0]);
227 pr_dbaseName = AFSDIR_SERVER_PRDB_FILEPATH;
229 #if defined(SUPERGROUPS)
230 /* make sure the structures for database records are the same size */
231 if((sizeof(struct prentry) != ENTRYSIZE) ||
232 (sizeof(struct prentryg) != ENTRYSIZE)) {
233 fprintf(stderr,"The structures for the database records are different"
235 "struct prentry = %d\n"
236 "struct prentryg = %d\n"
238 sizeof(struct prentry), sizeof(struct prentryg),
244 for (a=1; a<argc; a++) {
246 lcstring (arg, argv[a], sizeof(arg));
248 if ((strncmp (arg, "-database", alen) == 0) ||
249 (strncmp (arg, "-db", alen) == 0)) {
250 pr_dbaseName = argv[++a]; /* specify a database */
252 else if (strncmp(arg, "-p", alen) == 0) {
253 lwps = atoi(argv[++a]);
254 if (lwps > 16) { /* maximum of 16 */
255 printf("Warning: '-p %d' is too big; using %d instead\n",
258 } else if (lwps < 3) { /* minimum of 3 */
259 printf("Warning: '-p %d' is too small; using %d instead\n",
264 else if (strncmp (arg, "-rebuild", alen) == 0) /* rebuildDB++ */ ;
265 #if defined(SUPERGROUPS)
266 else if ((strncmp (arg, "-groupdepth", alen) == 0) ||
267 (strncmp (arg, "-depth", alen) == 0)) {
268 depthsg = atoi(argv[++a]); /* Max search depth for supergroups */
271 else if (strncmp (arg, "-enable_peer_stats", alen) == 0) {
272 rx_enablePeerRPCStats();
274 else if (strncmp (arg, "-enable_process_stats", alen) == 0) {
275 rx_enableProcessRPCStats();
278 else if (strncmp(arg, "-syslog", alen)==0) {
279 /* set syslog logging flag */
282 else if (strncmp(arg, "-syslog=", MIN(8,alen))==0) {
284 serverLogSyslogFacility = atoi(arg+8);
287 else if (*arg == '-') {
288 /* hack in help flag support */
290 #if defined(SUPERGROUPS)
292 printf ("Usage: ptserver [-database <db path>] "
293 "[-syslog[=FACILITY]] "
294 "[-p <number of processes>] [-rebuild] "
295 "[-groupdepth <depth>] "
296 "[-enable_peer_stats] [-enable_process_stats] "
298 #else /* AFS_NT40_ENV */
299 printf ("Usage: ptserver [-database <db path>] "
300 "[-p <number of processes>] [-rebuild] "
301 "[-groupdepth <depth>] "
306 printf ("Usage: ptserver [-database <db path>] "
307 "[-syslog[=FACILITY]] "
308 "[-p <number of processes>] [-rebuild] "
309 "[-enable_peer_stats] [-enable_process_stats] "
311 #else /* AFS_NT40_ENV */
312 printf ("Usage: ptserver [-database <db path>] "
313 "[-p <number of processes>] [-rebuild] "
321 #if defined(SUPERGROUPS)
323 fprintf (stderr, "Unrecognized arg: '%s' ignored!\n", arg);
328 serverLogSyslogTag = "ptserver";
329 OpenLog(AFSDIR_SERVER_PTLOG_FILEPATH); /* set up logging */
332 prdir = afsconf_Open(AFSDIR_SERVER_ETC_DIRPATH);
334 fprintf (stderr, "ptserver: can't open configuration directory.\n");
337 if (afsconf_GetNoAuthFlag(prdir))
338 printf ("ptserver: running unauthenticated\n");
341 /* initialize winsock */
342 if (afs_winsockInit()<0) {
343 ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0,
346 fprintf(stderr, "ptserver: couldn't initialize winsock. \n");
351 gethostname(hostname,sizeof(hostname));
352 th = gethostbyname(hostname);
354 fprintf (stderr, "ptserver: couldn't get address of this host.\n");
357 memcpy(&myHost, th->h_addr, sizeof(afs_int32));
359 /* get list of servers */
360 code = afsconf_GetExtendedCellInfo(prdir,NULL,"afsprot",
363 com_err (whoami, code, "Couldn't get server list");
366 pr_realmName = info.name;
367 pr_realmNameLen = strlen (pr_realmName);
371 code = afsconf_GetKey(prdir,999,&tkey);
373 com_err (whoami, code, "couldn't get bcrypt keys from key file, ignoring.");
376 { afs_int32 kvno; /* see if there is a KeyFile here */
377 struct ktc_encryptionKey key;
378 code = afsconf_GetLatestKey (prdir, &kvno, &key);
379 kerberosKeys = (code == 0);
381 printf ("ptserver: can't find any Kerberos keys, code = %d, ignoring\n", code);
384 /* initialize ubik */
385 ubik_CRXSecurityProc = afsconf_ClientAuth;
386 ubik_CRXSecurityRock = (char *)prdir;
387 ubik_SRXSecurityProc = afsconf_ServerAuth;
388 ubik_SRXSecurityRock = (char *)prdir;
389 ubik_CheckRXSecurityProc = afsconf_CheckAuth;
390 ubik_CheckRXSecurityRock = (char *)prdir;
392 /* The max needed is when deleting an entry. A full CoEntry deletion
393 * required removal from 39 entries. Each of which may refers to the entry
394 * being deleted in one of its CoEntries. If a CoEntry is freed its
395 * predecessor CoEntry will be modified as well. Any freed blocks also
396 * modifies the database header. Counting the entry being deleted and its
397 * CoEntry this adds up to as much as 1+1+39*3 = 119. If all these entries
398 * and the header are in separate Ubik buffers then 120 buffers may be
400 ubik_nBuffers = 120 + /*fudge*/40;
401 code = ubik_ServerInitByInfo(myHost, htons(AFSCONF_PROTPORT), &info,
402 &clones, pr_dbaseName, &dbase);
404 com_err (whoami, code, "Ubik init failed");
408 #if defined(SUPERGROUPS)
412 sc[0] = rxnull_NewServerSecurityObject();
415 sc[2] = rxkad_NewServerSecurityObject
416 (0, prdir, afsconf_GetKey, NULL);
420 /* Disable jumbograms */
423 tservice = rx_NewService(0,PRSRV,"Protection Server",sc,3,PR_ExecuteRequest);
424 if (tservice == (struct rx_service *)0) {
425 fprintf (stderr, "ptserver: Could not create new rx service.\n");
428 rx_SetMinProcs(tservice,2);
429 rx_SetMaxProcs(tservice,lwps);
431 tservice = rx_NewService(0,RX_STATS_SERVICE_ID,"rpcstats",sc,3,RXSTATS_ExecuteRequest);
432 if (tservice == (struct rx_service *)0) {
433 fprintf (stderr, "ptserver: Could not create new rx service.\n");
436 rx_SetMinProcs(tservice,2);
437 rx_SetMaxProcs(tservice,4);
439 /* allow super users to manage RX statistics */
440 rx_SetRxStatUserOk(pr_rxstat_userok);
443 osi_audit (PTS_FinishEvent, -1, AUD_END);