#include <afs/opr.h>
#ifdef AFS_PTHREAD_ENV
# include <opr/softsig.h>
-# include <afs/procmgmt_softsig.h> /* must come after softsig.h */
#endif
#ifdef AFS_NT40_ENV
OPT_rxbind,
OPT_rxmaxmtu,
OPT_dotted,
- OPT_transarc_logs
+ OPT_transarc_logs,
+ OPT_s2s_crypt
};
int
afs_int32 numClasses;
int lwps = 3;
char clones[MAXHOSTSPERCELL];
+ char hoststr[16];
afs_uint32 host = htonl(INADDR_ANY);
struct cmd_syndesc *opts;
struct cmd_item *list;
+ int s2s_rxgk = 0;
char *pr_dbaseName;
char *configDir;
char *auditFileName = NULL;
char *interface = NULL;
+ char *s2s_crypt_behavior = NULL;
#ifdef AFS_AIX32_ENV
/*
/* rx options */
cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
- CMD_OPTIONAL, "enable RX transport statistics");
+ CMD_OPTIONAL, "enable RX RPC statistics by peer");
cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX RPC statistics");
cmd_AddParmAtOffset(opts, OPT_rxbind, "-rxbind", CMD_FLAG,
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
+ /* rxgk options */
+ cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt", CMD_SINGLE,
+ CMD_OPTIONAL,
+ "rxgk-crypt | never");
+
code = cmd_Parse(argc, argv, &opts);
if (code == CMD_HELP) {
PT_EXIT(0);
/* rxkad options */
cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
+ /* rxgk options */
+ if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+ if (strcmp(s2s_crypt_behavior, "never") == 0) {
+ /* noop; this is the default */
+ } else if (strcmp(s2s_crypt_behavior, "rxgk-crypt") == 0) {
+ s2s_rxgk = 1;
+ } else {
+ fprintf(stderr, "Invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+ PT_EXIT(1);
+ }
+ free(s2s_crypt_behavior);
+ s2s_crypt_behavior = NULL;
+ }
+
cmd_FreeOptions(&opts);
if (auditFileName) {
osi_audit_set_user_check(prdir, pr_IsLocalRealmMatch);
/* initialize ubik */
- ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir);
+ if (s2s_rxgk) {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuthRXGKCrypt,
+ afsconf_UpToDate, prdir);
+ } else {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
+ prdir);
+ }
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, prdir);
}
}
+ ViceLog(0, ("ptserver binding rx to %s:%d\n",
+ afs_inet_ntoa_r(host, hoststr), AFSCONF_PROTPORT));
code = rx_InitHost(host, htons(AFSCONF_PROTPORT));
if (code < 0) {
ViceLog(0, ("ptserver: Rx init failed: %d\n", code));
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
- rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
- (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ code = rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
+ (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ if (code) {
+ afs_com_err(whoami, code, "Failed to allow dotted principals");
+ PT_EXIT(3);
+ }
}
tservice =
"1.0",
#endif
"Starting AFS", FSLog);
- if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
+ if (afsconf_CountKeys(prdir) == 0) {
+ ViceLog(0, ("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n"));
+ } else if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
LogDesWarning();
}