The server processes will happily start without keys and then fail all
authenticated access, including database synchronization and local
commands with -localauth. At least issue warnings to let admins know
the keys are missing and that akeyconvert or asetkey needs to be run.
The situation is not helped by fact the filenames of the key files have
changed between versions. In 1.6.x the (non-DES) keys were in the
rxkad.keytab file and in later versions they are in the KeyFile* files,
so if you are used to 1.6.x it is not obvious what is wrong.
Change-Id: Iff7fe9a5a5a0f5ea1f4e227d3f6129658f8eb598
Reviewed-on: https://gerrit.openafs.org/13911
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
int *minorType,
struct rx_opaque **keyMaterial);
+extern int afsconf_CountKeys(struct afsconf_dir *);
extern int afsconf_GetAllKeys(struct afsconf_dir *,
struct afsconf_typedKeyList **);
extern int afsconf_GetKeysByType(struct afsconf_dir *dir,
}
int
+_afsconf_CountKeys(struct afsconf_dir *dir)
+{
+ int count = 0;
+ struct opr_queue *typeCursor;
+ struct keyTypeList *typeEntry;
+ struct opr_queue *kvnoCursor;
+ struct kvnoList *kvnoEntry;
+ struct opr_queue *subCursor;
+
+ for (opr_queue_Scan(&dir->keyList, typeCursor)) {
+ typeEntry = opr_queue_Entry(typeCursor, struct keyTypeList, link);
+ for (opr_queue_Scan(&typeEntry->kvnoList, kvnoCursor)) {
+ kvnoEntry = opr_queue_Entry(kvnoCursor, struct kvnoList, link);
+ for (opr_queue_Scan(&kvnoEntry->subTypeList, subCursor))
+ count++;
+ }
+ }
+ return count;
+}
+
+int
+afsconf_CountKeys(struct afsconf_dir *dir)
+{
+ int count = 0;
+
+ LOCK_GLOBAL_MUTEX;
+ count = _afsconf_CountKeys(dir);
+ UNLOCK_GLOBAL_MUTEX;
+
+ return count;
+}
+
+int
afsconf_GetAllKeys(struct afsconf_dir *dir, struct afsconf_typedKeyList **keys)
{
int code;
if (code)
goto out;
- count = 0;
/* First, work out how many keys we have in total */
- for (opr_queue_Scan(&dir->keyList, typeCursor)) {
- typeEntry = opr_queue_Entry(typeCursor, struct keyTypeList, link);
- for (opr_queue_Scan(&typeEntry->kvnoList, kvnoCursor)) {
- kvnoEntry = opr_queue_Entry(kvnoCursor, struct kvnoList, link);
- for (opr_queue_Scan(&kvnoEntry->subTypeList, subCursor))
- count++;
- }
- }
+ count = _afsconf_CountKeys(dir);
/* Allocate space for all of these */
retval = malloc(sizeof(struct afsconf_typedKeyList));
afsconf_ClientAuthSecure
afsconf_ClientAuthToken
afsconf_Close
+afsconf_CountKeys
afsconf_DeleteKey
afsconf_GetAfsdbInfo
afsconf_GetAllKeys
/* opened the cell databse */
bozo_confdir = tdir;
+ if (afsconf_CountKeys(bozo_confdir) == 0) {
+ bozo_Log("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n");
+ }
+
code = bnode_Init();
if (code) {
printf("bosserver: could not init bnode package, code %d\n", code);
ERROR(BUDB_NOCELLS);
}
+ if (afsconf_CountKeys(BU_conf) == 0) {
+ LogError(0, "WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n");
+ }
+
code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell));
if (code) {
LogError(0, "** Can't determine local cell name!\n");
exit(1);
}
+ if (afsconf_CountKeys(butc_confdir) == 0) {
+ TLog(0, "WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n");
+ }
+
/* Start auditing */
osi_audit_init();
if (as->parms[9].items) {
xdr_idlist @208
xdr_namelist @209
xdr_prlist @210
+ afsconf_CountKeys @211
"1.0",
#endif
"Starting AFS", FSLog);
- if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
+ if (afsconf_CountKeys(prdir) == 0) {
+ ViceLog(0, ("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n"));
+ } else if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
LogDesWarning();
}
exit(1);
}
+ if (afsconf_CountKeys(cdir) == 0) {
+ fprintf(stderr, "WARNING: No encryption keys found! "
+ "All authenticated accesses will fail."
+ "Run akeyconvert or asetkey to import encryption keys.\n");
+ }
+
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
OpenLog(&logopts);
LogCommandLine(argc, argv, "starting", "", "File server", FSLog);
- if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
+
+ if (afsconf_CountKeys(confDir) == 0) {
+ ViceLog(0, ("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n"));
+ } else if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
LogDesWarning();
}
rx_SetMaxProcs(tservice, 4);
LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
- if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+ if (afsconf_CountKeys(tdir) == 0) {
+ VLog(0, ("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail."
+ "Run akeyconvert or asetkey to import encryption keys.\n"));
+ } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
LogDesWarning();
}
VLog(0, ("%s\n", cml_version_number));
LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS",
Log);
- if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+ if (afsconf_CountKeys(tdir) == 0) {
+ Log("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail. "
+ "Run akeyconvert or asetkey to import encryption keys.\n");
+ } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
LogDesWarning();
}
git://git.openafs.org / openafs.git / commitdiff