audit: remove static local realms

[openafs.git] / src / kauth / kaserver.c

diff --git a/src/kauth/kaserver.c b/src/kauth/kaserver.c
index 09cd83e..7a45ada 100644 (file)
--- a/src/kauth/kaserver.c
+++ b/src/kauth/kaserver.c
@@ -9,29 +9,16 @@
 
 #include <afsconfig.h>
 #include <afs/param.h>
+#include <afs/stds.h>
 
 #include <roken.h>
+#include <afs/opr.h>
 
-#include <afs/stds.h>
-#include <sys/types.h>
 #ifdef AFS_NT40_ENV
-#include <winsock2.h>
 #include <WINNT/afsevent.h>
-#else
-#include <sys/file.h>
-#include <netdb.h>
-#include <netinet/in.h>
-#endif
-#include "kalog.h"             /* for OpenLog() */
-#include <time.h>
-#include <stdio.h>
-#include <string.h>
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef AFS_AIX32_ENV
-#include <signal.h>
 #endif
+
+
 #include <lwp.h>
 #include <rx/xdr.h>
 #include <rx/rx.h>
@@ -44,7 +31,8 @@
 #include <afs/com_err.h>
 #include <afs/audit.h>
 #include <ubik.h>
-#include <sys/stat.h>
+
+#include "kalog.h"             /* for OpenLog() */
 #include "kauth.h"
 #include "kauth_internal.h"
 #include "kautils.h"
@@ -67,7 +55,6 @@ struct afsconf_dir *KA_conf;  /* for getting cell info */
 int MinHours = 0;
 int npwSums = KA_NPWSUMS;      /* needs to be variable sometime */
 
-#include <stdarg.h>
 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_XBSD_ENV)
 #undef vfprintf
 #define vfprintf(stream,fmt,args) _doprnt(fmt,args,stream)
@@ -82,6 +69,25 @@ KA_rxstat_userok(struct rx_call *call)
     return afsconf_SuperUser(KA_conf, call, NULL);
 }
 
+/**
+ * Return true if this name is a member of the local realm.
+ */
+static int
+KA_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+    struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+    afs_int32 islocal = 0;     /* default to no */
+    int code;
+
+    code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+    if (code) {
+       ViceLog(0,
+               ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+                code, name, inst, cell));
+    }
+    return islocal;
+}
+
 afs_int32
 es_Report(char *fmt, ...)
 {
@@ -344,11 +350,16 @@ main(int argc, char *argv[])
        ViceLog(0, ("Using server list from %s cell database.\n", cell));
     }
 
+    /* initialize audit user check */
+    osi_audit_set_user_check(KA_conf, KA_IsLocalRealmMatch);
+
     /* initialize ubik */
     if (level == rxkad_clear)
-       ubik_CRXSecurityProc = afsconf_ClientAuth;
+       ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
+                                   KA_conf);
     else if (level == rxkad_crypt)
-       ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
+       ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure,
+                                   afsconf_UpToDate, KA_conf);
     else {
        ViceLog(0, ("Unsupported security level %d\n", level));
        exit(5);
@@ -356,11 +367,10 @@ main(int argc, char *argv[])
     ViceLog(0,
            ("Using level %s for Ubik connections.\n",
             (level == rxkad_crypt ? "crypt" : "clear")));
-    ubik_CRXSecurityRock = (char *)KA_conf;
-    ubik_SRXSecurityProc = afsconf_ServerAuth;
-    ubik_SRXSecurityRock = (char *)KA_conf;
-    ubik_CheckRXSecurityProc = afsconf_CheckAuth;
-    ubik_CheckRXSecurityRock = (char *)KA_conf;
+
+    ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
+                               afsconf_CheckAuth,
+                               KA_conf);
 
     ubik_nBuffers = 80;