From 2630e70550defc664efa0952589cf82ed3c51796 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Mon, 10 Feb 2014 15:57:43 -0600 Subject: [PATCH] Move key-related warnings to common server code Each server process can log a couple of different warnings about the server keys found on disk: - If afsconf_GetLatestKey() returns success (indicating a single-DES key is present), we call LogDesWarning(). - If afsconf_CountKeys() returns 0 (indicating there are no keys at all on disk), we log a warning that all authenticated access will fail. Currently, the code to do these checks and log the relevant warning is duplicated across the startup code for nearly every server process. To avoid this duplication, and to make sure the checks aren't accidentally skipped for anyone, move these checks to afsconf_BuildServerSecurityObjects, which every server process calls. We must add an additional parameter to afsconf_BuildServerSecurityObjects to handle the different logging mechanism these servers use, but afsconf_BuildServerSecurityObjects is declared in a public header (cellconfig.h), and is exported in a public library (libafsauthent). So to avoid changing a public symbol, introduce a new variant of the function, called afsconf_BuildServerSecurityObjects_int. Declare this in a new internal header, authcon.h. We don't have easily-usable logging functions for upserver and butc, so just don't log the warnings for those. For ubik servers, don't update ubik_SetServerSecurityProcs to use the new function; the initial call to afsconf_BuildServerSecurityObjects_int in the server's startup code will cover logging the warning on startup. Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59 Reviewed-on: https://gerrit.openafs.org/10831 Tested-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- src/auth/Makefile.in | 6 ++++- src/auth/NTMakefile | 1 + src/auth/authcon.c | 60 ++++++++++++++++++++++++++++++++++++++++--- src/auth/authcon.h | 46 +++++++++++++++++++++++++++++++++ src/auth/liboafs_auth.la.sym | 1 + src/bozo/bosserver.c | 15 ++++++----- src/budb/server.c | 14 +++++----- src/butc/tcmain.c | 12 ++++----- src/dviced/NTMakefile | 5 +++- src/dvolser/NTMakefile | 3 +++ src/ptserver/ptserver.c | 16 ++++++------ src/tvolser/NTMakefile | 2 ++ src/update/server.c | 13 +++++----- src/util/afsutil_prototypes.h | 1 - src/util/liboafs_util.la.sym | 1 - src/util/serverLog.c | 16 ------------ src/viced/NTMakefile | 5 +++- src/viced/viced.c | 18 ++++++------- src/vlserver/vlserver.c | 15 +++++------ src/volser/volmain.c | 15 +++++------ tests/auth/authcon-t.c | 7 ++++- tests/common/servers.c | 7 ++++- 22 files changed, 191 insertions(+), 88 deletions(-) create mode 100644 src/auth/authcon.h diff --git a/src/auth/Makefile.in b/src/auth/Makefile.in index 1d12db3..9db74f9 100644 --- a/src/auth/Makefile.in +++ b/src/auth/Makefile.in @@ -36,7 +36,7 @@ LIBS=libauth.a \ ${TOP_LIBDIR}/liblwp.a \ ${TOP_LIBDIR}/util.a -INCLS=cellconfig.h auth.h keys.h internal.h token.h +INCLS=cellconfig.h auth.h authcon.h keys.h internal.h token.h all: liboafs_auth.la libauth_pic.la libpam_auth.la \ ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/libauth.krb.a \ @@ -45,6 +45,7 @@ all: liboafs_auth.la libauth_pic.la libpam_auth.la \ depinstall: ${TOP_INCDIR}/afs/keys.h \ ${TOP_INCDIR}/afs/cellconfig.h \ ${TOP_INCDIR}/afs/auth.h \ + ${TOP_INCDIR}/afs/authcon.h \ ${TOP_INCDIR}/afs/ktc.h \ ${TOP_INCDIR}/afs/token.h \ token.h \ @@ -65,6 +66,9 @@ ${TOP_INCDIR}/afs/cellconfig.h: cellconfig.h ${TOP_INCDIR}/afs/auth.h: auth.h ${INSTALL_DATA} $? $@ +${TOP_INCDIR}/afs/authcon.h: authcon.h + ${INSTALL_DATA} $? $@ + ${TOP_INCDIR}/afs/ktc.h: ktc.h ${INSTALL_DATA} $? $@ diff --git a/src/auth/NTMakefile b/src/auth/NTMakefile index c680d31..28bca86 100644 --- a/src/auth/NTMakefile +++ b/src/auth/NTMakefile @@ -14,6 +14,7 @@ INCFILEDIR = $(DESTDIR)\include\afs # header file install directory INCFILES =\ $(INCFILEDIR)\auth.h \ + $(INCFILEDIR)\authcon.h \ $(INCFILEDIR)\cellconfig.h \ $(INCFILEDIR)\keys.h \ $(INCFILEDIR)\token.h diff --git a/src/auth/authcon.c b/src/auth/authcon.c index afb8f3f..b39cef0 100644 --- a/src/auth/authcon.c +++ b/src/auth/authcon.c @@ -30,6 +30,7 @@ #include "keys.h" #include "ktc.h" #include "auth.h" +#include "authcon.h" #ifdef AFS_RXGK_ENV # include @@ -383,16 +384,67 @@ afsconf_SetSecurityFlags(struct afsconf_dir *dir, dir->securityFlags = flags; } +static void +LogDesWarning(struct afsconf_bsso_info *info) +{ + if (info->logger == NULL) { + return; + } + /* The blank newlines help this stand out a bit more in the log. */ + (*info->logger)("\n"); + (*info->logger)("WARNING: You are using single-DES keys in a KeyFile. Using " + "single-DES\n"); + (*info->logger)("WARNING: long-term keys is considered insecure, and it is " + "strongly\n"); + (*info->logger)("WARNING: recommended that you migrate to stronger " + "encryption. See\n"); + (*info->logger)("WARNING: OPENAFS-SA-2013-003 on " + "http://www.openafs.org/security/\n"); + (*info->logger)("WARNING: for details.\n"); + (*info->logger)("\n"); +} + +static void +LogNoKeysWarning(struct afsconf_bsso_info *info) +{ + if (info->logger == NULL) { + return; + } + (*info->logger)("WARNING: No encryption keys found! " + "All authenticated accesses will fail. " + "Run akeyconvert or asetkey to import encryption keys.\n"); +} + +/* Older version of afsconf_BuildServerSecurityObjects_int. In-tree callers + * should use afsconf_BuildServerSecurityObjects_int where possible. */ +void +afsconf_BuildServerSecurityObjects(void *rock, + struct rx_securityClass ***classes, + afs_int32 *numClasses) +{ + struct afsconf_bsso_info info; + memset(&info, 0, sizeof(info)); + info.dir = rock; + afsconf_BuildServerSecurityObjects_int(&info, classes, numClasses); +} + /*! * Build a set of security classes suitable for a server accepting * incoming connections */ void -afsconf_BuildServerSecurityObjects(void *rock, - struct rx_securityClass ***classes, - afs_int32 *numClasses) +afsconf_BuildServerSecurityObjects_int(struct afsconf_bsso_info *info, + struct rx_securityClass ***classes, + afs_int32 *numClasses) { - struct afsconf_dir *dir = rock; + struct afsconf_dir *dir = info->dir; + + if (afsconf_GetLatestKey(dir, NULL, NULL) == 0) { + LogDesWarning(info); + } + if (afsconf_CountKeys(dir) == 0) { + LogNoKeysWarning(info); + } *numClasses = RX_SECIDX_GK+1; diff --git a/src/auth/authcon.h b/src/auth/authcon.h new file mode 100644 index 0000000..beb616a --- /dev/null +++ b/src/auth/authcon.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2020 Sine Nomine Associates. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO + * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef OPENAFS_AUTH_AUTHCON_H +#define OPENAFS_AUTH_AUTHCON_H + +/* + * authcon.h - Header for authcon.c-related items that are not public + * interfaces exported to outside the OpenAFS tree. + */ + +#include + +struct afsconf_bsso_info { + struct afsconf_dir *dir; + void (*logger)(const char *format, ...); +}; + +void afsconf_BuildServerSecurityObjects_int(struct afsconf_bsso_info *info, + struct rx_securityClass ***classes, + afs_int32 *numClasses); + +#endif /* OPENAFS_AUTH_AUTHCON_H */ diff --git a/src/auth/liboafs_auth.la.sym b/src/auth/liboafs_auth.la.sym index 561ddfa..5c9bf9b 100644 --- a/src/auth/liboafs_auth.la.sym +++ b/src/auth/liboafs_auth.la.sym @@ -1,5 +1,6 @@ afsconf_AddTypedKey afsconf_BuildServerSecurityObjects +afsconf_BuildServerSecurityObjects_int afsconf_CellAliasApply afsconf_CellApply afsconf_CheckAuth diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c index f470e60..d29fdaa 100644 --- a/src/bozo/bosserver.c +++ b/src/bozo/bosserver.c @@ -44,6 +44,7 @@ #include #include #include +#include #include #include @@ -883,6 +884,7 @@ main(int argc, char **argv, char **envp) int DoPeerRPCStats = 0; int DoProcessRPCStats = 0; struct stat sb; + struct afsconf_bsso_info bsso; #ifndef AFS_NT40_ENV int nofork = 0; #endif @@ -910,6 +912,8 @@ main(int argc, char **argv, char **envp) osi_audit_init(); signal(SIGFPE, bozo_insecureme); + memset(&bsso, 0, sizeof(bsso)); + #ifdef AFS_NT40_ENV /* Initialize winsock */ if (afs_winsockInit() < 0) { @@ -1145,12 +1149,6 @@ main(int argc, char **argv, char **envp) /* opened the cell databse */ bozo_confdir = tdir; - if (afsconf_CountKeys(bozo_confdir) == 0) { - bozo_Log("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - code = bnode_Init(); if (code) { printf("bosserver: could not init bnode package, code %d\n", code); @@ -1235,7 +1233,10 @@ main(int argc, char **argv, char **envp) rx_SetRxStatUserOk(bozo_rxstat_userok); afsconf_SetNoAuthFlag(tdir, noAuth); - afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); + + bsso.dir = tdir; + bsso.logger = bozo_Log; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses); if (DoPidFiles) { bozo_CreatePidFile("bosserver", NULL, getpid()); diff --git a/src/budb/server.c b/src/budb/server.c index 97a700c..6a5fa61 100644 --- a/src/budb/server.c +++ b/src/budb/server.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -374,6 +375,7 @@ main(int argc, char **argv) struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; + struct afsconf_bsso_info bsso; extern int rx_stackSize; @@ -404,6 +406,7 @@ main(int argc, char **argv) memset(&cellinfo_s, 0, sizeof(cellinfo_s)); memset(clones, 0, sizeof(clones)); + memset(&bsso, 0, sizeof(bsso)); memset(&logopts, 0, sizeof(logopts)); logopts.lopt_dest = logDest_file; @@ -466,12 +469,6 @@ main(int argc, char **argv) ERROR(BUDB_NOCELLS); } - if (afsconf_CountKeys(BU_conf) == 0) { - LogError(0, "WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell)); if (code) { LogError(0, "** Can't determine local cell name!\n"); @@ -571,7 +568,10 @@ main(int argc, char **argv) ERROR(code); } - afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses); + bsso.dir = BU_conf; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase", diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c index d151fbd..1feccf3 100644 --- a/src/butc/tcmain.c +++ b/src/butc/tcmain.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -997,12 +998,6 @@ WorkerBee(struct cmd_syndesc *as, void *arock) exit(1); } - if (afsconf_CountKeys(butc_confdir) == 0) { - TLog(0, "WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - /* Start auditing */ osi_audit_init(); /* Process -audit-interface and -auditlog */ @@ -1151,7 +1146,10 @@ WorkerBee(struct cmd_syndesc *as, void *arock) secObjs = nullObjects; } else { /* Must be -localauth, so the cell keys are available. */ - afsconf_BuildServerSecurityObjects(butc_confdir, &allObjs, &numClasses); + struct afsconf_bsso_info bsso; + memset(&bsso, 0, sizeof(bsso)); + bsso.dir = butc_confdir; + afsconf_BuildServerSecurityObjects_int(&bsso, &allObjs, &numClasses); secObjs = allObjs; } diff --git a/src/dviced/NTMakefile b/src/dviced/NTMakefile index af7a0f5..5fd6178 100644 --- a/src/dviced/NTMakefile +++ b/src/dviced/NTMakefile @@ -62,6 +62,7 @@ $(FSINTOBJS): $(FSINT)\$$(@B).C $(C2OBJ) -I$(FSINT) $** EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(DESTDIR)\lib\afs\afscmd.lib \ @@ -74,11 +75,13 @@ EXELIBS = \ $(DESTDIR)\lib\afs\daafsvol.lib \ $(DESTDIR)\lib\afs\mtafsvldb.lib \ $(DESTDIR)\lib\afspthread.lib \ + $(DESTDIR)\lib\afshcrypto.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afsroken.lib $(EXEFILE): $(EXEOBJS) $(EXELIBS) - $(EXECONLINK) + $(EXECONLINK) shell32.lib $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/dvolser/NTMakefile b/src/dvolser/NTMakefile index f858fbb..8ddae02 100644 --- a/src/dvolser/NTMakefile +++ b/src/dvolser/NTMakefile @@ -80,6 +80,7 @@ VOLSERVER_EXEOBJS = $(VOLSEROBJS) \ $(OUT)\davolserver.res VOLSERVER_EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(LIBFILE) \ @@ -91,6 +92,8 @@ VOLSERVER_EXELIBS = \ $(DESTDIR)\lib\afs\afsprocmgmt.lib \ $(DESTDIR)\lib\afs\afseventlog.lib \ $(DESTDIR)\lib\afs\mtafsutil.lib \ + $(DESTDIR)\lib\afshcrypto.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afspthread.lib \ $(DESTDIR)\lib\afsroken.lib diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c index d90a319..64a35f6 100644 --- a/src/ptserver/ptserver.c +++ b/src/ptserver/ptserver.c @@ -128,6 +128,7 @@ #include #include #include +#include #include #include #include @@ -263,6 +264,7 @@ main(int argc, char **argv) char *auditIface = NULL; struct cmd_item *auditLogList = NULL; char *s2s_crypt_behavior = NULL; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV /* @@ -281,6 +283,8 @@ main(int argc, char **argv) #endif osi_audit_init(); + memset(&bsso, 0, sizeof(bsso)); + /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV @@ -598,7 +602,10 @@ main(int argc, char **argv) pt_hook_write(); #endif - afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses); + bsso.dir = prdir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses, @@ -638,13 +645,6 @@ main(int argc, char **argv) "1.0", #endif "Starting AFS", FSLog); - if (afsconf_CountKeys(prdir) == 0) { - ViceLog(0, ("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n")); - } else if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) { - LogDesWarning(); - } rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); diff --git a/src/tvolser/NTMakefile b/src/tvolser/NTMakefile index ee092b0..7d8e06d 100644 --- a/src/tvolser/NTMakefile +++ b/src/tvolser/NTMakefile @@ -82,6 +82,7 @@ VOLSERVER_EXEOBJS = $(VOLSEROBJS) \ $(OUT)\volserver.res VOLSERVER_EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(DESTDIR)\lib\afs\afstvolser.lib \ @@ -93,6 +94,7 @@ VOLSERVER_EXELIBS = \ $(DESTDIR)\lib\afs\afsprocmgmt.lib \ $(DESTDIR)\lib\afs\afseventlog.lib \ $(DESTDIR)\lib\afs\mtafsutil.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afspthread.lib \ $(DESTDIR)\lib\afshcrypto.lib \ diff --git a/src/update/server.c b/src/update/server.c index 7a5e33b..29b9399 100644 --- a/src/update/server.c +++ b/src/update/server.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -204,6 +205,7 @@ main(int argc, char *argv[]) int a = 0; rxkad_level level; rxkad_level newLevel; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV /* @@ -221,6 +223,8 @@ main(int argc, char *argv[]) sigaction(SIGSEGV, &nsa, NULL); #endif + memset(&bsso, 0, sizeof(bsso)); + whoami = argv[0]; #ifdef AFS_NT40_ENV @@ -290,12 +294,6 @@ main(int argc, char *argv[]) exit(1); } - if (afsconf_CountKeys(cdir) == 0) { - fprintf(stderr, "WARNING: No encryption keys found! " - "All authenticated accesses will fail." - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || @@ -320,7 +318,8 @@ main(int argc, char *argv[]) if (rx_InitHost(host, htons(AFSCONF_UPDATEPORT)) < 0) Quit("rx_init"); - afsconf_BuildServerSecurityObjects(cdir, &securityClasses, &numClasses); + bsso.dir = cdir; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses); if (securityClasses[2] == NULL) Quit("rxkad_NewServerSecurityObject"); diff --git a/src/util/afsutil_prototypes.h b/src/util/afsutil_prototypes.h index 21f8378..cdedc9a 100644 --- a/src/util/afsutil_prototypes.h +++ b/src/util/afsutil_prototypes.h @@ -126,7 +126,6 @@ extern int LogThreadNum(void); extern void LogCommandLine(int argc, char **argv, const char *progname, const char *version, const char *logstring, void (*log) (const char *format, ...)); -extern void LogDesWarning(void); extern int GetLogLevel(void); extern enum logDest GetLogDest(void); extern const char *GetLogFilename(void); diff --git a/src/util/liboafs_util.la.sym b/src/util/liboafs_util.la.sym index 1d2de7c..5679dff 100644 --- a/src/util/liboafs_util.la.sym +++ b/src/util/liboafs_util.la.sym @@ -5,7 +5,6 @@ BufioOpen FSLog Int32To_ktimeRelDate LogCommandLine -LogDesWarning LogLevel LogThreadNum OpenLog diff --git a/src/util/serverLog.c b/src/util/serverLog.c index 60e8517..d5d3728 100644 --- a/src/util/serverLog.c +++ b/src/util/serverLog.c @@ -274,22 +274,6 @@ LogCommandLine(int argc, char **argv, const char *progname, } /*! - * Write the single-DES deprecation warning to the log. - */ -void -LogDesWarning(void) -{ - /* The blank newlines help this stand out a bit more in the log. */ - ViceLog(0, ("\n")); - ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n")); - ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n")); - ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n")); - ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n")); - ViceLog(0, ("WARNING: for details.\n")); - ViceLog(0, ("\n")); -} - -/*! * Move the current log file out of the way so a new one can be started. * * The format of the new name depends on the logging style. The traditional diff --git a/src/viced/NTMakefile b/src/viced/NTMakefile index 43e5c2b..7b451b8 100644 --- a/src/viced/NTMakefile +++ b/src/viced/NTMakefile @@ -68,6 +68,7 @@ $(FSINTOBJS): $(FSINT)\$$(@B).C $(C2OBJ) -I$(FSINT) $** EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(DESTDIR)\lib\afs\afscmd.lib \ @@ -80,13 +81,15 @@ EXELIBS = \ $(DESTDIR)\lib\afs\mtafsvol.lib \ $(DESTDIR)\lib\afs\mtafsvldb.lib \ $(DESTDIR)\lib\afs\mtafsdir.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afspthread.lib \ + $(DESTDIR)\lib\afshcrypto.lib \ $(DESTDIR)\lib\afsroken.lib \ $(DESTDIR)\lib\afsrfc3961.lib $(EXEFILE): $(EXEOBJS) $(EXELIBS) - $(EXECONLINK) + $(EXECONLINK) shell32.lib $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/viced/viced.c b/src/viced/viced.c index 5326a53..b34436a 100644 --- a/src/viced/viced.c +++ b/src/viced/viced.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -1840,6 +1841,7 @@ main(int argc, char *argv[]) char hoststr[16]; afs_uint32 rx_bindhost; VolumePackageOptions opts; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV struct sigaction nsa; @@ -1852,6 +1854,8 @@ main(int argc, char *argv[]) #endif osi_audit_init(); + memset(&bsso, 0, sizeof(bsso)); + /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV @@ -1897,14 +1901,6 @@ main(int argc, char *argv[]) LogCommandLine(argc, argv, "starting", "", "File server", FSLog); - if (afsconf_CountKeys(confDir) == 0) { - ViceLog(0, ("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n")); - } else if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) { - LogDesWarning(); - } - /* initialize the pthread soft signal handler thread */ opr_softsig_Init(); SetupLogSoftSignals(); @@ -2033,7 +2029,11 @@ main(int argc, char *argv[]) rx_GetIFInfo(); rx_SetRxDeadTime(30); afsconf_SetSecurityFlags(confDir, AFSCONF_SECOPTS_ALWAYSENCRYPT); - afsconf_BuildServerSecurityObjects(confDir, &securityClasses, &numClasses); + + bsso.dir = confDir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(rx_bindhost, /* port */ 0, /* service id */ 1, /*service name */ diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c index f7f80e1..5ce8aca 100644 --- a/src/vlserver/vlserver.c +++ b/src/vlserver/vlserver.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -181,6 +182,7 @@ main(int argc, char **argv) struct cmd_syndesc *opts; struct logOptions logopts; int s2s_rxgk = 0; + struct afsconf_bsso_info bsso; char *vl_dbaseName; char *configDir; @@ -211,6 +213,7 @@ main(int argc, char **argv) osi_audit_init(); memset(&logopts, 0, sizeof(logopts)); + memset(&bsso, 0, sizeof(bsso)); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { @@ -526,7 +529,10 @@ main(int argc, char **argv) memset(wr_HostAddress, 0, sizeof(wr_HostAddress)); initialize_dstats(); - afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); + bsso.dir = tdir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", @@ -563,13 +569,6 @@ main(int argc, char **argv) rx_SetMaxProcs(tservice, 4); LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog); - if (afsconf_CountKeys(tdir) == 0) { - VLog(0, ("WARNING: No encryption keys found! " - "All authenticated accesses will fail." - "Run akeyconvert or asetkey to import encryption keys.\n")); - } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { - LogDesWarning(); - } VLog(0, ("%s\n", cml_version_number)); /* allow super users to manage RX statistics */ diff --git a/src/volser/volmain.c b/src/volser/volmain.c index 68db1fb..5d0474b 100644 --- a/src/volser/volmain.c +++ b/src/volser/volmain.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include @@ -438,6 +439,7 @@ main(int argc, char **argv) char hoststr[16]; afs_uint32 host = ntohl(INADDR_ANY); VolumePackageOptions opts; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV /* @@ -456,6 +458,8 @@ main(int argc, char **argv) #endif osi_audit_init(); + memset(&bsso, 0, sizeof(bsso)); + /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV @@ -593,7 +597,9 @@ main(int argc, char **argv) /* initialize audit user check */ osi_audit_set_user_check(tdir, vol_IsLocalRealmMatch); - afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); + bsso.dir = tdir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses); if (securityClasses[0] == NULL) Abort("rxnull_NewServerSecurityObject"); service = @@ -636,13 +642,6 @@ main(int argc, char **argv) LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); - if (afsconf_CountKeys(tdir) == 0) { - Log("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { - LogDesWarning(); - } /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vol_rxstat_userok); diff --git a/tests/auth/authcon-t.c b/tests/auth/authcon-t.c index 5bcd74c..0107b16 100644 --- a/tests/auth/authcon-t.c +++ b/tests/auth/authcon-t.c @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -50,6 +51,9 @@ main(int argc, char **argv) int numClasses; struct afsconf_typedKey *key; int code = 0; + struct afsconf_bsso_info bsso; + + memset(&bsso, 0, sizeof(bsso)); afstest_SkipTestsIfBadHostname(); @@ -67,7 +71,8 @@ main(int argc, char **argv) /* Server Security objects */ - afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses); + bsso.dir = dir; + afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses); is_int(5, numClasses, "5 security classes are returned, as expected"); ok(classes[1] == NULL, "The rxvab class is undefined, as requested"); free(classes); diff --git a/tests/common/servers.c b/tests/common/servers.c index 716b0ca..27bec51 100644 --- a/tests/common/servers.c +++ b/tests/common/servers.c @@ -9,6 +9,7 @@ #include +#include #include #include @@ -100,6 +101,9 @@ afstest_StartTestRPCService(const char *configPath, afs_int32 numClasses; int code; struct rx_service *service; + struct afsconf_bsso_info bsso; + + memset(&bsso, 0, sizeof(bsso)); dir = afsconf_Open(configPath); if (dir == NULL) { @@ -117,7 +121,8 @@ afstest_StartTestRPCService(const char *configPath, kill(signal_pid, SIGUSR1); } - afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses); + bsso.dir = dir; + afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses); service = rx_NewService(0, serviceId, "test", classes, numClasses, proc); if (service == NULL) { -- 1.9.4