warn when starting without keys

[openafs.git] / src / vlserver / vlserver.c

diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c
index 5e07b7a..36e02a8 100644 (file)
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@@ -14,7 +14,6 @@
 #include <roken.h>
 #ifdef AFS_PTHREAD_ENV
 # include <opr/softsig.h>
-# include <afs/procmgmt_softsig.h> /* must come after softsig.h */
 #endif
 
 #ifdef AFS_NT40_ENV
@@ -158,7 +157,8 @@ enum optionsList {
     OPT_trace,
     OPT_dotted,
     OPT_restricted_query,
-    OPT_transarc_logs
+    OPT_transarc_logs,
+    OPT_s2s_crypt
 };
 
 int
@@ -180,6 +180,7 @@ main(int argc, char **argv)
     afs_uint32 host = ntohl(INADDR_ANY);
     struct cmd_syndesc *opts;
     struct logOptions logopts;
+    int s2s_rxgk = 0;
 
     char *vl_dbaseName;
     char *configDir;
@@ -187,6 +188,7 @@ main(int argc, char **argv)
     char *auditFileName = NULL;
     char *interface = NULL;
     char *optstring = NULL;
+    char *s2s_crypt_behavior = NULL;
 
     char *restricted_query_parameter = NULL;
 
@@ -258,7 +260,7 @@ main(int argc, char **argv)
 
     /* rx options */
     cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
-                       CMD_OPTIONAL, "enable RX transport statistics");
+                       CMD_OPTIONAL, "enable RX RPC statistics by peer");
     cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
                        CMD_OPTIONAL, "enable RX RPC statistics");
     cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG,
@@ -280,6 +282,11 @@ main(int argc, char **argv)
                        CMD_FLAG, CMD_OPTIONAL,
                        "permit Kerberos 5 principals with dots");
 
+    /* rxgk options */
+    cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt", CMD_SINGLE,
+                       CMD_OPTIONAL,
+                       "rxgk-crypt | never");
+
     code = cmd_Parse(argc, argv, &opts);
     if (code == CMD_HELP) {
        exit(0);
@@ -387,6 +394,20 @@ main(int argc, char **argv)
        free(restricted_query_parameter);
     }
 
+    /* rxgk options */
+    if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+       if (strcmp(s2s_crypt_behavior, "never") == 0) {
+           /* noop; this is the default */
+       } else if (strcmp(s2s_crypt_behavior, "rxgk-crypt") == 0) {
+           s2s_rxgk = 1;
+       } else {
+           printf("Invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+           return -1;
+       }
+       free(s2s_crypt_behavior);
+       s2s_crypt_behavior = NULL;
+    }
+
     if (auditFileName) {
        osi_audit_file(auditFileName);
     }
@@ -487,7 +508,12 @@ main(int argc, char **argv)
     rx_SetRxDeadTime(50);
 
     ubik_nBuffers = 512;
-    ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
+    if (s2s_rxgk) {
+       ubik_SetClientSecurityProcs(afsconf_ClientAuthRXGKCrypt,
+                                   afsconf_UpToDate, tdir);
+    } else {
+       ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
+    }
     ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
                                afsconf_CheckAuth, tdir);
 
@@ -541,7 +567,11 @@ main(int argc, char **argv)
     rx_SetMaxProcs(tservice, 4);
 
     LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
-    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+    if (afsconf_CountKeys(tdir) == 0) {
+       VLog(0, ("WARNING: No encryption keys found! "
+                "All authenticated accesses will fail."
+                "Run akeyconvert or asetkey to import encryption keys.\n"));
+    } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
        LogDesWarning();
     }
     VLog(0, ("%s\n", cml_version_number));