2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
15 #include <sys/types.h>
18 #include <WINNT/afsevent.h>
22 #include <netinet/in.h>
24 #include "kalog.h" /* for OpenLog() */
38 #include <rx/rx_globals.h>
39 #include <afs/cellconfig.h>
41 #include <afs/afsutil.h>
42 #include <afs/com_err.h>
50 struct kadstats dynamic_statistics;
51 struct ubik_dbase *KA_dbase;
53 afs_int32 verbose_track = 1;
54 afs_int32 krb4_cross = 0;
57 #define ADDRSPERSITE 16 /* Same global is in rx/rx_user.c */
58 afs_uint32 SHostAddrs[ADDRSPERSITE];
60 struct afsconf_dir *KA_conf; /* for getting cell info */
63 int npwSums = KA_NPWSUMS; /* needs to be variable sometime */
66 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_XBSD_ENV)
68 #define vfprintf(stream,fmt,args) _doprnt(fmt,args,stream)
71 static int debugOutput;
73 /* check whether caller is authorized to manage RX statistics */
75 KA_rxstat_userok(call)
78 return afsconf_SuperUser(KA_conf, call, NULL);
82 es_Report(char *fmt, ...)
89 vfprintf(stderr, fmt, pvar);
97 memset(&dynamic_statistics, 0, sizeof(dynamic_statistics));
98 dynamic_statistics.start_time = time(0);
99 dynamic_statistics.host = myHost;
103 convert_cell_to_ubik(cellinfo, myHost, serverList)
104 struct afsconf_cell *cellinfo;
106 afs_int32 *serverList;
113 gethostname(hostname, sizeof(hostname));
114 th = gethostbyname(hostname);
116 ViceLog(0, ("kaserver: couldn't get address of this host.\n"));
119 memcpy(myHost, th->h_addr, sizeof(afs_int32));
121 for (i = 0; i < cellinfo->numServers; i++)
122 if (cellinfo->hostAddr[i].sin_addr.s_addr != *myHost) {
123 /* omit my host from serverList */
124 *serverList++ = cellinfo->hostAddr[i].sin_addr.s_addr;
126 *serverList = 0; /* terminate list */
131 kvno_admin_key(rock, kvno, key)
134 struct ktc_encryptionKey *key;
136 return ka_LookupKvno(0, KA_ADMIN_NAME, KA_ADMIN_INST, kvno, key);
138 /* we would like to start a Ubik transaction to fill the cache if that
139 * fails, but may deadlock as Rx is now organized. */
142 /* initFlags: 0x01 Do not require authenticated connections.
143 0x02 Do not check the bos NoAuth flag
144 0x04 Use fast key expiration to test oldkey code.
145 0x08 Temporary flag allowing database inconsistency fixup
148 #include "AFS_component_version_number.c"
155 char *whoami = argv[0];
156 afs_int32 serverList[MAXSERVERS];
157 struct afsconf_cell cellinfo;
159 const char *cellservdb, *dbpath, *lclpath;
162 char default_lclpath[AFSDIR_PATH_MAX];
165 int level; /* security level for Ubik */
167 char clones[MAXHOSTSPERCELL];
168 afs_uint32 host = ntohl(INADDR_ANY);
170 struct rx_service *tservice;
171 struct rx_securityClass *sca[1];
172 struct rx_securityClass *scm[3];
174 extern int afsconf_ClientAuthSecure();
175 extern int afsconf_ServerAuth();
176 extern int afsconf_CheckAuth();
178 extern int rx_stackSize;
179 extern int KAA_ExecuteRequest();
180 extern int KAT_ExecuteRequest();
181 extern int KAM_ExecuteRequest();
182 extern int RXSTATS_ExecuteRequest();
186 * The following signal action for AIX is necessary so that in case of a
187 * crash (i.e. core is generated) we can include the user's data section
188 * in the core dump. Unfortunately, by default, only a partial core is
189 * generated which, in many cases, isn't too useful.
191 struct sigaction nsa;
193 sigemptyset(&nsa.sa_mask);
194 nsa.sa_handler = SIG_DFL;
195 nsa.sa_flags = SA_FULLDUMP;
196 sigaction(SIGABRT, &nsa, NULL);
197 sigaction(SIGSEGV, &nsa, NULL);
203 printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
204 "[-auditlog <log path>] [-rxbind] "
205 "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
207 /*" [-enable_peer_stats] [-enable_process_stats] " */
212 /* initialize winsock */
213 if (afs_winsockInit() < 0) {
214 ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
215 fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
219 /* Initialize dirpaths */
220 if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
222 ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
224 fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
229 cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
230 dbpath = AFSDIR_SERVER_KADB_FILEPATH;
231 strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
232 "/", AFSDIR_KADB_FILE, NULL);
233 lclpath = default_lclpath;
239 for (a = 1; a < argc; a++) {
240 int arglen = strlen(argv[a]);
241 lcstring(arg, argv[a], sizeof(arg));
242 #define IsArg(a) (strncmp (arg,a, arglen) == 0)
244 if (strcmp(arg, "-database") == 0) {
246 if (strcmp(lclpath, default_lclpath) == 0)
249 else if (strncmp(arg, "-auditlog", arglen) == 0) {
250 char *fileName = argv[++a];
252 osi_audit_file(fileName);
253 } else if (strcmp(arg, "-localfiles") == 0)
255 else if (strcmp(arg, "-servers") == 0)
256 debugOutput++, servers = 1;
257 else if (strcmp(arg, "-noauth") == 0)
258 debugOutput++, initFlags |= 1;
259 else if (strcmp(arg, "-fastkeys") == 0)
260 debugOutput++, initFlags |= 4;
261 else if (strcmp(arg, "-dbfixup") == 0)
262 debugOutput++, initFlags |= 8;
263 else if (strcmp(arg, "-cellservdb") == 0) {
264 cellservdb = argv[++a];
269 else if (IsArg("-crypt"))
271 else if (IsArg("-safe"))
273 else if (IsArg("-clear"))
275 else if (IsArg("-sorry"))
277 else if (IsArg("-debug"))
279 else if (IsArg("-crossrealm"))
281 else if (IsArg("-rxbind"))
283 else if (IsArg("-minhours")) {
284 MinHours = atoi(argv[++a]);
285 } else if (IsArg("-enable_peer_stats")) {
286 rx_enablePeerRPCStats();
287 } else if (IsArg("-enable_process_stats")) {
288 rx_enableProcessRPCStats();
289 } else if (*arg == '-') {
290 /* hack to support help flag */
294 if (code = ka_CellConfig(cellservdb))
296 cell = ka_LocalCell();
297 KA_conf = afsconf_Open(cellservdb);
301 afs_com_err(whoami, code, "Failed getting cell info");
307 /* NT & HPUX do not have dbm package support. So we can only do some
308 * text logging. So open the AuthLog file for logging and redirect
309 * stdin and stdout to it
311 OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
315 fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security "
316 "properties. Migrating to a Kerberos 5 KDC is advised. "
317 "http://www.openafs.org/no-more-des.html\n", whoami);
318 ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. "
319 "Migrating to a Kerberos 5 KDC is advised. "
320 "http://www.openafs.org/no-more-des.html\n"));
323 afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
326 if (code = ubik_ParseServerList(argc, argv, &myHost, serverList)) {
327 afs_com_err(whoami, code, "Couldn't parse server list");
330 cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
331 for (i = 1; i < MAXSERVERS; i++) {
334 cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
336 cellinfo.numServers = i;
338 code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
341 ViceLog(0, ("Using server list from %s cell database.\n", cell));
344 /* initialize ubik */
345 if (level == rxkad_clear)
346 ubik_CRXSecurityProc = afsconf_ClientAuth;
347 else if (level == rxkad_crypt)
348 ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
350 ViceLog(0, ("Unsupported security level %d\n", level));
354 ("Using level %s for Ubik connections.\n",
355 (level == rxkad_crypt ? "crypt" : "clear")));
356 ubik_CRXSecurityRock = (char *)KA_conf;
357 ubik_SRXSecurityProc = afsconf_ServerAuth;
358 ubik_SRXSecurityRock = (char *)KA_conf;
359 ubik_CheckRXSecurityProc = afsconf_CheckAuth;
360 ubik_CheckRXSecurityRock = (char *)KA_conf;
366 if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
367 AFSDIR_SERVER_NETINFO_FILEPATH) {
369 ccode = parseNetFiles(SHostAddrs, NULL, NULL,
370 ADDRSPERSITE, reason,
371 AFSDIR_SERVER_NETINFO_FILEPATH,
372 AFSDIR_SERVER_NETRESTRICT_FILEPATH);
375 ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
378 host = SHostAddrs[0];
379 rx_InitHost(host, htons(AFSCONF_KAUTHPORT));
385 ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
389 ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
390 clones, dbpath, &KA_dbase);
393 afs_com_err(whoami, code, "Ubik init failed");
397 sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
399 /* Disable jumbograms */
403 rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
404 "AuthenticationService", sca, 1, KAA_ExecuteRequest);
405 if (tservice == (struct rx_service *)0) {
406 ViceLog(0, ("Could not create Authentication rx service\n"));
409 rx_SetMinProcs(tservice, 1);
410 rx_SetMaxProcs(tservice, 1);
414 rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
415 sca, 1, KAT_ExecuteRequest);
416 if (tservice == (struct rx_service *)0) {
417 ViceLog(0, ("Could not create Ticket Granting rx service\n"));
420 rx_SetMinProcs(tservice, 1);
421 rx_SetMaxProcs(tservice, 1);
423 scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL];
424 scm[RX_SCINDEX_VAB] = 0;
425 scm[RX_SCINDEX_KAD] =
426 rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
428 rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
430 if (tservice == (struct rx_service *)0) {
431 ViceLog(0, ("Could not create Maintenance rx service\n"));
434 rx_SetMinProcs(tservice, 1);
435 rx_SetMaxProcs(tservice, 1);
436 rx_SetStackSize(tservice, 10000);
439 rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
440 RXSTATS_ExecuteRequest);
441 if (tservice == (struct rx_service *)0) {
442 ViceLog(0, ("Could not create rpc stats rx service\n"));
445 rx_SetMinProcs(tservice, 2);
446 rx_SetMaxProcs(tservice, 4);
450 /* allow super users to manage RX statistics */
451 rx_SetRxStatUserOk(KA_rxstat_userok);
453 rx_StartServer(0); /* start handling req. of all types */
455 if (init_kaprocs(lclpath, initFlags))
458 if (code = init_krb_udp()) {
460 ("Failed to initialize UDP interface; code = %d.\n", code));
461 ViceLog(0, ("Running without UDP access.\n"));
464 ViceLog(0, ("Starting to process AuthServer requests\n"));
465 rx_ServerProc(NULL); /* donate this LWP */