2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
17 #include <sys/types.h>
20 #include <WINNT/afsevent.h>
24 #include <netinet/in.h>
26 #include "kalog.h" /* for OpenLog() */
46 #include <rx/rx_globals.h>
47 #include <afs/cellconfig.h>
49 #include <afs/afsutil.h>
57 struct kadstats dynamic_statistics;
58 struct ubik_dbase *KA_dbase;
60 afs_int32 verbose_track = 1;
61 afs_int32 krb4_cross = 0;
64 #define ADDRSPERSITE 16 /* Same global is in rx/rx_user.c */
65 afs_uint32 SHostAddrs[ADDRSPERSITE];
67 struct afsconf_dir *KA_conf; /* for getting cell info */
70 int npwSums = KA_NPWSUMS; /* needs to be variable sometime */
73 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_XBSD_ENV)
75 #define vfprintf(stream,fmt,args) _doprnt(fmt,args,stream)
78 static int debugOutput;
80 /* check whether caller is authorized to manage RX statistics */
82 KA_rxstat_userok(call)
85 return afsconf_SuperUser(KA_conf, call, NULL);
89 es_Report(char *fmt, ...)
96 vfprintf(stderr, fmt, pvar);
104 memset(&dynamic_statistics, 0, sizeof(dynamic_statistics));
105 dynamic_statistics.start_time = time(0);
106 dynamic_statistics.host = myHost;
110 convert_cell_to_ubik(cellinfo, myHost, serverList)
111 struct afsconf_cell *cellinfo;
113 afs_int32 *serverList;
120 gethostname(hostname, sizeof(hostname));
121 th = gethostbyname(hostname);
123 ViceLog(0, ("kaserver: couldn't get address of this host.\n"));
126 memcpy(myHost, th->h_addr, sizeof(afs_int32));
128 for (i = 0; i < cellinfo->numServers; i++)
129 if (cellinfo->hostAddr[i].sin_addr.s_addr != *myHost) {
130 /* omit my host from serverList */
131 *serverList++ = cellinfo->hostAddr[i].sin_addr.s_addr;
133 *serverList = 0; /* terminate list */
138 kvno_admin_key(rock, kvno, key)
141 struct ktc_encryptionKey *key;
143 return ka_LookupKvno(0, KA_ADMIN_NAME, KA_ADMIN_INST, kvno, key);
145 /* we would like to start a Ubik transaction to fill the cache if that
146 * fails, but may deadlock as Rx is now organized. */
149 /* initFlags: 0x01 Do not require authenticated connections.
150 0x02 Do not check the bos NoAuth flag
151 0x04 Use fast key expiration to test oldkey code.
152 0x08 Temporary flag allowing database inconsistency fixup
155 #include "AFS_component_version_number.c"
162 char *whoami = argv[0];
163 afs_int32 serverList[MAXSERVERS];
164 struct afsconf_cell cellinfo;
166 const char *cellservdb, *dbpath, *lclpath;
169 char default_lclpath[AFSDIR_PATH_MAX];
172 int level; /* security level for Ubik */
174 char clones[MAXHOSTSPERCELL];
175 afs_uint32 host = ntohl(INADDR_ANY);
177 struct rx_service *tservice;
178 struct rx_securityClass *sca[1];
179 struct rx_securityClass *scm[3];
181 extern int afsconf_ClientAuthSecure();
182 extern int afsconf_ServerAuth();
183 extern int afsconf_CheckAuth();
185 extern int rx_stackSize;
186 extern int KAA_ExecuteRequest();
187 extern int KAT_ExecuteRequest();
188 extern int KAM_ExecuteRequest();
189 extern int RXSTATS_ExecuteRequest();
193 * The following signal action for AIX is necessary so that in case of a
194 * crash (i.e. core is generated) we can include the user's data section
195 * in the core dump. Unfortunately, by default, only a partial core is
196 * generated which, in many cases, isn't too useful.
198 struct sigaction nsa;
200 sigemptyset(&nsa.sa_mask);
201 nsa.sa_handler = SIG_DFL;
202 nsa.sa_flags = SA_FULLDUMP;
203 sigaction(SIGABRT, &nsa, NULL);
204 sigaction(SIGSEGV, &nsa, NULL);
210 printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
211 "[-auditlog <log path>] [-rxbind] "
212 "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
214 /*" [-enable_peer_stats] [-enable_process_stats] " */
219 /* initialize winsock */
220 if (afs_winsockInit() < 0) {
221 ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
222 fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
226 /* Initialize dirpaths */
227 if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
229 ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
231 fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
236 cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
237 dbpath = AFSDIR_SERVER_KADB_FILEPATH;
238 strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
239 "/", AFSDIR_KADB_FILE, NULL);
240 lclpath = default_lclpath;
246 for (a = 1; a < argc; a++) {
247 int arglen = strlen(argv[a]);
248 lcstring(arg, argv[a], sizeof(arg));
249 #define IsArg(a) (strncmp (arg,a, arglen) == 0)
251 if (strcmp(arg, "-database") == 0) {
253 if (strcmp(lclpath, default_lclpath) == 0)
256 else if (strncmp(arg, "-auditlog", arglen) == 0) {
259 char oldName[MAXPATHLEN];
260 char *fileName = argv[++a];
265 if ((lstat(fileName, &statbuf) == 0)
266 && (S_ISFIFO(statbuf.st_mode))) {
267 flags = O_WRONLY | O_NONBLOCK;
271 strcpy(oldName, fileName);
272 strcat(oldName, ".old");
273 renamefile(fileName, oldName);
274 flags = O_WRONLY | O_TRUNC | O_CREAT;
276 tempfd = open(fileName, flags, 0666);
278 auditout = fdopen(tempfd, "a");
280 osi_audit_file(auditout);
282 printf("Warning: auditlog %s not writable, ignored.\n", fileName);
284 printf("Warning: auditlog %s not writable, ignored.\n", fileName);
285 } else if (strcmp(arg, "-localfiles") == 0)
287 else if (strcmp(arg, "-servers") == 0)
288 debugOutput++, servers = 1;
289 else if (strcmp(arg, "-noauth") == 0)
290 debugOutput++, initFlags |= 1;
291 else if (strcmp(arg, "-fastkeys") == 0)
292 debugOutput++, initFlags |= 4;
293 else if (strcmp(arg, "-dbfixup") == 0)
294 debugOutput++, initFlags |= 8;
295 else if (strcmp(arg, "-cellservdb") == 0) {
296 cellservdb = argv[++a];
301 else if (IsArg("-crypt"))
303 else if (IsArg("-safe"))
305 else if (IsArg("-clear"))
307 else if (IsArg("-sorry"))
309 else if (IsArg("-debug"))
311 else if (IsArg("-crossrealm"))
313 else if (IsArg("-rxbind"))
315 else if (IsArg("-minhours")) {
316 MinHours = atoi(argv[++a]);
317 } else if (IsArg("-enable_peer_stats")) {
318 rx_enablePeerRPCStats();
319 } else if (IsArg("-enable_process_stats")) {
320 rx_enableProcessRPCStats();
321 } else if (*arg == '-') {
322 /* hack to support help flag */
326 if (code = ka_CellConfig(cellservdb))
328 cell = ka_LocalCell();
329 KA_conf = afsconf_Open(cellservdb);
333 com_err(whoami, code, "Failed getting cell info");
339 /* NT & HPUX do not have dbm package support. So we can only do some
340 * text logging. So open the AuthLog file for logging and redirect
341 * stdin and stdout to it
343 OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
347 afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
350 if (code = ubik_ParseServerList(argc, argv, &myHost, serverList)) {
351 com_err(whoami, code, "Couldn't parse server list");
354 cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
355 for (i = 1; i < MAXSERVERS; i++) {
358 cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
360 cellinfo.numServers = i;
362 code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
365 ViceLog(0, ("Using server list from %s cell database.\n", cell));
368 /* initialize ubik */
369 if (level == rxkad_clear)
370 ubik_CRXSecurityProc = afsconf_ClientAuth;
371 else if (level == rxkad_crypt)
372 ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
374 ViceLog(0, ("Unsupported security level %d\n", level));
378 ("Using level %s for Ubik connections.\n",
379 (level == rxkad_crypt ? "crypt" : "clear")));
380 ubik_CRXSecurityRock = (char *)KA_conf;
381 ubik_SRXSecurityProc = afsconf_ServerAuth;
382 ubik_SRXSecurityRock = (char *)KA_conf;
383 ubik_CheckRXSecurityProc = afsconf_CheckAuth;
384 ubik_CheckRXSecurityRock = (char *)KA_conf;
390 if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
391 AFSDIR_SERVER_NETINFO_FILEPATH) {
393 ccode = parseNetFiles(SHostAddrs, NULL, NULL,
394 ADDRSPERSITE, reason,
395 AFSDIR_SERVER_NETINFO_FILEPATH,
396 AFSDIR_SERVER_NETRESTRICT_FILEPATH);
398 ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
401 host = SHostAddrs[0];
402 rx_InitHost(host, htons(AFSCONF_KAUTHPORT));
408 ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
412 ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
413 &clones, dbpath, &KA_dbase);
416 com_err(whoami, code, "Ubik init failed");
420 sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
422 /* Disable jumbograms */
426 rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
427 "AuthenticationService", sca, 1, KAA_ExecuteRequest);
428 if (tservice == (struct rx_service *)0) {
429 ViceLog(0, ("Could not create Authentication rx service\n"));
432 rx_SetMinProcs(tservice, 1);
433 rx_SetMaxProcs(tservice, 1);
437 rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
438 sca, 1, KAT_ExecuteRequest);
439 if (tservice == (struct rx_service *)0) {
440 ViceLog(0, ("Could not create Ticket Granting rx service\n"));
443 rx_SetMinProcs(tservice, 1);
444 rx_SetMaxProcs(tservice, 1);
446 scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL];
447 scm[RX_SCINDEX_VAB] = 0;
448 scm[RX_SCINDEX_KAD] =
449 rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
451 rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
453 if (tservice == (struct rx_service *)0) {
454 ViceLog(0, ("Could not create Maintenance rx service\n"));
457 rx_SetMinProcs(tservice, 1);
458 rx_SetMaxProcs(tservice, 1);
459 rx_SetStackSize(tservice, 10000);
462 rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
463 RXSTATS_ExecuteRequest);
464 if (tservice == (struct rx_service *)0) {
465 ViceLog(0, ("Could not create rpc stats rx service\n"));
468 rx_SetMinProcs(tservice, 2);
469 rx_SetMaxProcs(tservice, 4);
473 /* allow super users to manage RX statistics */
474 rx_SetRxStatUserOk(KA_rxstat_userok);
476 rx_StartServer(0); /* start handling req. of all types */
478 if (init_kaprocs(lclpath, initFlags))
481 if (code = init_krb_udp()) {
483 ("Failed to initialize UDP interface; code = %d.\n", code));
484 ViceLog(0, ("Running without UDP access.\n"));
487 ViceLog(0, ("Starting to process AuthServer requests\n"));
488 rx_ServerProc(); /* donate this LWP */