Move key-related warnings to common server code Each server process can log a couple of different warnings about the server keys found on disk: - If afsconf_GetLatestKey() returns success (indicating a single-DES key is present), we call LogDesWarning(). - If afsconf_CountKeys() returns 0 (indicating there are no keys at all on disk), we log a warning that all authenticated access will fail. Currently, the code to do these checks and log the relevant warning is duplicated across the startup code for nearly every server process. To avoid this duplication, and to make sure the checks aren't accidentally skipped for anyone, move these checks to afsconf_BuildServerSecurityObjects, which every server process calls. We must add an additional parameter to afsconf_BuildServerSecurityObjects to handle the different logging mechanism these servers use, but afsconf_BuildServerSecurityObjects is declared in a public header (cellconfig.h), and is exported in a public library (libafsauthent). So to avoid changing a public symbol, introduce a new variant of the function, called afsconf_BuildServerSecurityObjects_int. Declare this in a new internal header, authcon.h. We don't have easily-usable logging functions for upserver and butc, so just don't log the warnings for those. For ubik servers, don't update ubik_SetServerSecurityProcs to use the new function; the initial call to afsconf_BuildServerSecurityObjects_int in the server's startup code will cover logging the warning on startup. Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59 Reviewed-on: https://gerrit.openafs.org/10831 Tested-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Add command line support for multiple audit logs Gerrits #13774 (audit: Support multiple audit interfaces and interface options) and #13775 (audit: Add cmd helper for processing audit options) added support in the audit facility for multiple audit logs. Add command line support to use multiple audit logs for daemons that use libcmd for command line processing: bosserver, buserver, butc, fileserver, volserver, ptserver, and vlserver. Update the daemons to add a call to audit_open, and where possible add a call to audit_close when shutting down the daemon. Update help message and manpage entries for -auditlog and -audit-interface Change-Id: I4356e1aa84f580897a0e788e2a2829685be891aa Reviewed-on: https://gerrit.openafs.org/13776 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
warn when starting without keys The server processes will happily start without keys and then fail all authenticated access, including database synchronization and local commands with -localauth. At least issue warnings to let admins know the keys are missing and that akeyconvert or asetkey needs to be run. The situation is not helped by fact the filenames of the key files have changed between versions. In 1.6.x the (non-DES) keys were in the rxkad.keytab file and in later versions they are in the KeyFile* files, so if you are used to 1.6.x it is not obvious what is wrong. Change-Id: Iff7fe9a5a5a0f5ea1f4e227d3f6129658f8eb598 Reviewed-on: https://gerrit.openafs.org/13911 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Log binding ip address and port during startup Many daemons currently have the ability to bind to a specific ip address using the -rxbind parameter. The behavior can be a little unintuitive, however, since we only bind to the ip address we find via NetInfo/NetRestrict processing, and only if we end up with a single ip address. Since that processing involves examining the set of ip addresses available, this can have confusing results if, for instance, a daemon starts up while an administrator is changing the local ip configuration. If a daemon binds to a different ip address than the administrator expects, this can be very confusing, especially since for most daemons we don't log our bound ip anywhere. To help alleviate this, change the startup code for all of our daemons to log what ip we are trying to bind to (or "0.0.0.0" if none), along with our local port. Change-Id: I18d3647c4d134177a0a17c6a64583d444558a9f6 Reviewed-on: https://gerrit.openafs.org/13272 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Call rx_InitHost once during daemon startup Currently, a few daemons calls rx_InitHost in different places, and under different conditions. For example, vlserver calls rx_InitHost only when we -rxbind to a specific ip address, and then also makes an additional rx_Init call. Other daemons always call rx_InitHost, or just call rx_InitHost sometimes and don't make an extra rx_Init call. To try to make the various daemons behave a little more consistently, change the startup code to always call rx_InitHost, and to only call it once. Note that rx_InitHost is the same as calling rx_Init with INADDR_ANY as the ip address, and calling rx_Init* after a previous rx_Init* call is effectively a no-op. Change-Id: Ifd15175349a7b4695e684ca82deb8a8af5063073 Reviewed-on: https://gerrit.openafs.org/13271 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
externalize log rotation Do not create new server log files when servers are restarted by default. External log rotation tools may be used to rotate the logs by renaming log files and then signaling server processes to reopen log files. Add the -transarc-logs option to each server to provide backward compatibility with the traditional Transarc-style logging. When -transarc-logs is given, log files are renamed to an ".old" file (overwriting the existing ".old" file) and the previous the log file is truncated. Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9 Reviewed-on: https://gerrit.openafs.org/11731 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Remove server logging globals Remove the global variables used to setup server logging and replace with an argument to OpenLog. Keep the LogLevel variable as a global for use by the logging macros, but provide an inline function for applications which check the log level to dump more information when the log level is increased. Provide consistency by adding syslog tags to processes that did not previously set one (salvageserver, salvager, and volserver). [kaduk@mit.edu: update commit message, use old-style log rotation for kalog, minor commenting fixes] Change-Id: I11cffbdd1418304d33f0be02dd7e600955c4a8bb Reviewed-on: https://gerrit.openafs.org/12168 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
Fix unchecked calls to asprintf The return value of asprintf() is the number of bytes printed, or -1 if there was an error allocating a large enough buffer. In the latter case, the value of the result string is undefined, and so it cannot be counted on to be NULL. This change fixes numerous places where the result of asprintf is checked incorrectly (by examining the output pointer and not the return value) or not at all. Change-Id: I9fef14d60c096795d59c42798f3906041fb18c86 Reviewed-on: http://gerrit.openafs.org/9978 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Reviewed-by: D Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
cmd: add flags argument to create syntax function Add the flags argument to cmd_CreateSyntax() and update all callers. The flags argument will be used to set command options, such as CMD_HIDDEN. Change-Id: Ia51be9635f262516cb084d236a9e0756f608bf16 Reviewed-on: http://gerrit.openafs.org/11430 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Convert buserver to libutil's logging The primary motivation is to get automatic log rotation, but we also get built-in locking for the logging calls. This does have a side effect of changing the format used to print timestamps in the log file. Export WriteLogBuffer from liboafs_util so as to be mostly compatible with the ... idiosyncrasy of LogError()'s previous behavior. Garbage-collect the unused (and un-exported) printHashTable() and LogNetDump(). Change-Id: I860370e60082ea355806b3f1945eee76db7c32e3 Reviewed-on: http://gerrit.openafs.org/10333 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Karl Ramm <kcr@1ts.org> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
budb: Do not use garbage cellinfo If the -servers option is given, we never initialize cellinfo or the clones array. So, don't give the cellinfo structure or the clones array to ubik in that case, or we may crash or do other weird things. This issue appears to have been introduced in commit fc4ab52e. FIXES 131706 Change-Id: I87681c697fec7bbfd6c73a8a9a865e4309c95963 Reviewed-on: http://gerrit.openafs.org/10115 Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
budb: Fail if afsconf_GetExtendedCellInfo does Rather than silently ignoring the failure of afsconf_GetExtendedCellInfo, and then using garbage cell configuration, just fail to start if afsconf can't parse the config directory. Change-Id: Ib3d26bc67844de10f7eb8c2ef555c5e607e4bf61 Reviewed-on: http://gerrit.openafs.org/9247 Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com>
auth: Relocate NetRestrict support functions Pull the NetRestrict and NetInfo support functions out of libutil, and into libauth. This starts to concentrate all of our configuration file parsing functions into the same place. It also gets rid of a circular dependency. NetRestrict parsing relies on functions from rx, so with this in libutil, we had the dependency chain util->rx->util Change-Id: I250d4d8264da8db61f603a06d1b7fdab44384cd3 Reviewed-on: http://gerrit.openafs.org/8027 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
backup: Don't cast returns from malloc() malloc() returns a (void *) on all of our current platforms. So, don't bother casting the return value before assigning it - it's unecessary noise. Change-Id: I6a878d53007e27179c11d8f745b09dacade4c83d Reviewed-on: http://gerrit.openafs.org/7460 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Don't cast arguments to free() free(3) is defined as: void free(void *ptr); so there is no need to cast the pointer argument being past to it to (char *), (void *), or whatever other randomness happened to be floating through the author's mind. Remove all such casts, as they are just noise. Change-Id: Ib7c8c259d53e9ce74fc486cb0997360044795395 Reviewed-on: http://gerrit.openafs.org/7453 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Use asprintf for string construction Rather than using something along the lines of strOut = malloc(strlen(strA) + strlen(strB) + strlen(strC) + 1); strcpy(strOut, strA); strcat(strOut, strB); strcat(strOut, strC); use asprintf for string construction, so we can just write asprintf(&strOut, "%s%s%s", strA, strB, strC); roken provides an implementation of asprintf for platforms which are missing one. Change-Id: Ieef9f4b65f72260c0d372cdf3865daab98733ad9 Reviewed-on: http://gerrit.openafs.org/7451 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Use strdup to copy strings Where we have newStr = malloc(strlen(oldStr)+1); strcpy(newStr, oldStr); replace these with newStr = strdup(oldStr); It's shorter, clearer, and gets rid of a load of occurences of strcpy, which some compilers are now warning is unsafe (although it isn't in this context) Get rid of a number of custom duplicate string functions and replace them with strdup where the behaviour is identical Change-Id: If800343a7d13b1ba6362d4570a2a324fa3525250 Reviewed-on: http://gerrit.openafs.org/7450 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Call rx_SetNoJumbo earlier For ubik server processes, rx_SetNoJumbo needs to be called before ubik initialization for it to effect the communication between dbservers; otherwise, full database transfers may result in Rx jumbograms on the wire regardless of the jumbo/nojumbo setting. Move the call to rx_SetNoJumbo to before ubik initialization to avoid this. Also move the call to rx_SetNoJumbo to immediately after rx_Init* for all server processes, for consistency. Move similar calls to rx_SetMaxMTU for the same reason. Change-Id: Ic79415829601fcfb4e74e72fbf5711d0c32aaa0c Reviewed-on: http://gerrit.openafs.org/7350 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
audit: remove static local realms Remove the static list of local realms and use the auth interace to do the local realm check. A callback function is registered by the servers to avoid a circular dependency between audit and auth. Change-Id: Ic0f25cd79da7987704de68bade14054490b26c80 Reviewed-on: http://gerrit.openafs.org/6879 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
Remove redundant header includes Remove includes of system headers where roken.h already takes care of including them. This simplifies the source tree, reduces the amount of work done by the compiler, and ensures that all of our headers are included with the correct guards The list of files to edit was generated with the following script: list=`grep include external/heimdal/roken/roken.h.in \ | sed -e's/#include//g' | sort | uniq`; \ for A in `find . -name *.c | xargs grep -l roken.h \ | grep -v external/ | grep -v WINNT/`; do \ found=0; \ for B in $list; do \ if grep "$B" $A > /dev/null; then \ echo "$A : $B"; \ found=1; \ fi; \ done; \ if [ $found == 1 ] ; then mvim -f $A; fi; \ done Change-Id: I2edbda550a129709b1dc6860b17d6a8a7509af58 Reviewed-on: http://gerrit.openafs.org/5815 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com> Reviewed-by: Alistair Ferguson <alistair.ferguson@mac.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Derrick Brashear <shadow@dementix.org>