2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
15 #include <sys/types.h>
18 #include <WINNT/afsevent.h>
22 #include <netinet/in.h>
24 #include "kalog.h" /* for OpenLog() */
38 #include <rx/rx_globals.h>
39 #include <afs/cellconfig.h>
41 #include <afs/afsutil.h>
42 #include <afs/com_err.h>
43 #include <afs/audit.h>
49 #include "kadatabase.h"
52 struct kadstats dynamic_statistics;
53 struct ubik_dbase *KA_dbase;
55 afs_int32 verbose_track = 1;
56 afs_int32 krb4_cross = 0;
59 #define ADDRSPERSITE 16 /* Same global is in rx/rx_user.c */
60 afs_uint32 SHostAddrs[ADDRSPERSITE];
62 struct afsconf_dir *KA_conf; /* for getting cell info */
65 int npwSums = KA_NPWSUMS; /* needs to be variable sometime */
68 #if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_XBSD_ENV)
70 #define vfprintf(stream,fmt,args) _doprnt(fmt,args,stream)
73 static int debugOutput;
75 /* check whether caller is authorized to manage RX statistics */
77 KA_rxstat_userok(struct rx_call *call)
79 return afsconf_SuperUser(KA_conf, call, NULL);
83 es_Report(char *fmt, ...)
90 vfprintf(stderr, fmt, pvar);
96 initialize_dstats(void)
98 memset(&dynamic_statistics, 0, sizeof(dynamic_statistics));
99 dynamic_statistics.start_time = time(0);
100 dynamic_statistics.host = myHost;
104 convert_cell_to_ubik(struct afsconf_cell *cellinfo, afs_int32 *myHost,
105 afs_int32 *serverList)
112 gethostname(hostname, sizeof(hostname));
113 th = gethostbyname(hostname);
115 ViceLog(0, ("kaserver: couldn't get address of this host.\n"));
118 memcpy(myHost, th->h_addr, sizeof(afs_int32));
120 for (i = 0; i < cellinfo->numServers; i++)
121 if (cellinfo->hostAddr[i].sin_addr.s_addr != *myHost) {
122 /* omit my host from serverList */
123 *serverList++ = cellinfo->hostAddr[i].sin_addr.s_addr;
125 *serverList = 0; /* terminate list */
130 kvno_admin_key(void *rock, afs_int32 kvno, struct ktc_encryptionKey *key)
132 return ka_LookupKvno(0, KA_ADMIN_NAME, KA_ADMIN_INST, kvno, key);
134 /* we would like to start a Ubik transaction to fill the cache if that
135 * fails, but may deadlock as Rx is now organized. */
138 /* initFlags: 0x01 Do not require authenticated connections.
139 0x02 Do not check the bos NoAuth flag
140 0x04 Use fast key expiration to test oldkey code.
141 0x08 Temporary flag allowing database inconsistency fixup
144 #include "AFS_component_version_number.c"
147 main(int argc, char *argv[])
150 char *whoami = argv[0];
151 afs_int32 serverList[MAXSERVERS];
152 struct afsconf_cell cellinfo;
154 const char *cellservdb, *dbpath, *lclpath;
157 char default_lclpath[AFSDIR_PATH_MAX];
160 int level; /* security level for Ubik */
162 char clones[MAXHOSTSPERCELL];
163 afs_uint32 host = ntohl(INADDR_ANY);
164 char *auditFileName = NULL;
166 struct rx_service *tservice;
167 struct rx_securityClass *sca[1];
168 struct rx_securityClass *scm[3];
170 extern int rx_stackSize;
171 extern int KAA_ExecuteRequest(struct rx_call *);
172 extern int KAT_ExecuteRequest(struct rx_call *);
173 extern int KAM_ExecuteRequest(struct rx_call *);
174 extern int RXSTATS_ExecuteRequest(struct rx_call *);
178 * The following signal action for AIX is necessary so that in case of a
179 * crash (i.e. core is generated) we can include the user's data section
180 * in the core dump. Unfortunately, by default, only a partial core is
181 * generated which, in many cases, isn't too useful.
183 struct sigaction nsa;
185 sigemptyset(&nsa.sa_mask);
186 nsa.sa_handler = SIG_DFL;
187 nsa.sa_flags = SA_FULLDUMP;
188 sigaction(SIGABRT, &nsa, NULL);
189 sigaction(SIGSEGV, &nsa, NULL);
195 printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
196 "[-auditlog <log path>] [-audit-interface <file|sysvmq>] "
197 "[-rxbind] [-localfiles <lclpath>] [-minhours <n>] "
198 "[-servers <serverlist>] [-crossrealm] "
199 /*" [-enable_peer_stats] [-enable_process_stats] " */
204 /* initialize winsock */
205 if (afs_winsockInit() < 0) {
206 ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
207 fprintf(stderr, "%s: Couldn't initialize winsock.\n", whoami);
211 /* Initialize dirpaths */
212 if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
214 ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
216 fprintf(stderr, "%s: Unable to obtain AFS server directory.\n",
221 cellservdb = AFSDIR_SERVER_ETC_DIRPATH;
222 dbpath = AFSDIR_SERVER_KADB_FILEPATH;
223 strcompose(default_lclpath, AFSDIR_PATH_MAX, AFSDIR_SERVER_LOCAL_DIRPATH,
224 "/", AFSDIR_KADB_FILE, NULL);
225 lclpath = default_lclpath;
231 for (a = 1; a < argc; a++) {
232 int arglen = strlen(argv[a]);
233 lcstring(arg, argv[a], sizeof(arg));
234 #define IsArg(a) (strncmp (arg,a, arglen) == 0)
236 if (strcmp(arg, "-database") == 0) {
238 if (strcmp(lclpath, default_lclpath) == 0)
241 else if (strncmp(arg, "-auditlog", arglen) == 0) {
242 auditFileName = argv[++a];
244 } else if (strncmp(arg, "-audit-interface", arglen) == 0) {
245 char *interface = argv[++a];
247 if (osi_audit_interface(interface)) {
248 printf("Invalid audit interface '%s'\n", interface);
252 } else if (strcmp(arg, "-localfiles") == 0)
254 else if (strcmp(arg, "-servers") == 0)
255 debugOutput++, servers = 1;
256 else if (strcmp(arg, "-noauth") == 0)
257 debugOutput++, initFlags |= 1;
258 else if (strcmp(arg, "-fastkeys") == 0)
259 debugOutput++, initFlags |= 4;
260 else if (strcmp(arg, "-dbfixup") == 0)
261 debugOutput++, initFlags |= 8;
262 else if (strcmp(arg, "-cellservdb") == 0) {
263 cellservdb = argv[++a];
268 else if (IsArg("-crypt"))
270 else if (IsArg("-safe"))
272 else if (IsArg("-clear"))
274 else if (IsArg("-sorry"))
276 else if (IsArg("-debug"))
278 else if (IsArg("-crossrealm"))
280 else if (IsArg("-rxbind"))
282 else if (IsArg("-minhours")) {
283 MinHours = atoi(argv[++a]);
284 } else if (IsArg("-enable_peer_stats")) {
285 rx_enablePeerRPCStats();
286 } else if (IsArg("-enable_process_stats")) {
287 rx_enableProcessRPCStats();
288 } else if (*arg == '-') {
289 /* hack to support help flag */
295 osi_audit_file(auditFileName);
298 if ((code = ka_CellConfig(cellservdb)))
300 cell = ka_LocalCell();
301 KA_conf = afsconf_Open(cellservdb);
305 afs_com_err(whoami, code, "Failed getting cell info");
311 /* NT & HPUX do not have dbm package support. So we can only do some
312 * text logging. So open the AuthLog file for logging and redirect
313 * stdin and stdout to it
315 OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
319 fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security "
320 "properties. Migrating to a Kerberos 5 KDC is advised. "
321 "http://www.openafs.org/no-more-des.html\n", whoami);
322 ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. "
323 "Migrating to a Kerberos 5 KDC is advised. "
324 "http://www.openafs.org/no-more-des.html\n"));
327 afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
330 if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) {
331 afs_com_err(whoami, code, "Couldn't parse server list");
334 cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
335 for (i = 1; i < MAXSERVERS; i++) {
338 cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
340 cellinfo.numServers = i;
342 code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
345 ViceLog(0, ("Using server list from %s cell database.\n", cell));
348 /* initialize ubik */
349 if (level == rxkad_clear)
350 ubik_CRXSecurityProc = afsconf_ClientAuth;
351 else if (level == rxkad_crypt)
352 ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
354 ViceLog(0, ("Unsupported security level %d\n", level));
358 ("Using level %s for Ubik connections.\n",
359 (level == rxkad_crypt ? "crypt" : "clear")));
360 ubik_CRXSecurityRock = (char *)KA_conf;
361 ubik_SRXSecurityProc = afsconf_ServerAuth;
362 ubik_SRXSecurityRock = (char *)KA_conf;
363 ubik_CheckRXSecurityProc = afsconf_CheckAuth;
364 ubik_CheckRXSecurityRock = (char *)KA_conf;
370 if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
371 AFSDIR_SERVER_NETINFO_FILEPATH) {
373 ccode = parseNetFiles(SHostAddrs, NULL, NULL,
374 ADDRSPERSITE, reason,
375 AFSDIR_SERVER_NETINFO_FILEPATH,
376 AFSDIR_SERVER_NETRESTRICT_FILEPATH);
379 ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
382 host = SHostAddrs[0];
383 rx_InitHost(host, htons(AFSCONF_KAUTHPORT));
389 ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
393 ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
394 clones, dbpath, &KA_dbase);
397 afs_com_err(whoami, code, "Ubik init failed");
401 sca[RX_SCINDEX_NULL] = rxnull_NewServerSecurityObject();
403 /* Disable jumbograms */
407 rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
408 "AuthenticationService", sca, 1, KAA_ExecuteRequest);
409 if (tservice == (struct rx_service *)0) {
410 ViceLog(0, ("Could not create Authentication rx service\n"));
413 rx_SetMinProcs(tservice, 1);
414 rx_SetMaxProcs(tservice, 1);
418 rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
419 sca, 1, KAT_ExecuteRequest);
420 if (tservice == (struct rx_service *)0) {
421 ViceLog(0, ("Could not create Ticket Granting rx service\n"));
424 rx_SetMinProcs(tservice, 1);
425 rx_SetMaxProcs(tservice, 1);
427 scm[RX_SCINDEX_NULL] = sca[RX_SCINDEX_NULL];
428 scm[RX_SCINDEX_VAB] = 0;
429 scm[RX_SCINDEX_KAD] =
430 rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
432 rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
434 if (tservice == (struct rx_service *)0) {
435 ViceLog(0, ("Could not create Maintenance rx service\n"));
438 rx_SetMinProcs(tservice, 1);
439 rx_SetMaxProcs(tservice, 1);
440 rx_SetStackSize(tservice, 10000);
443 rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
444 RXSTATS_ExecuteRequest);
445 if (tservice == (struct rx_service *)0) {
446 ViceLog(0, ("Could not create rpc stats rx service\n"));
449 rx_SetMinProcs(tservice, 2);
450 rx_SetMaxProcs(tservice, 4);
454 /* allow super users to manage RX statistics */
455 rx_SetRxStatUserOk(KA_rxstat_userok);
457 rx_StartServer(0); /* start handling req. of all types */
459 if (init_kaprocs(lclpath, initFlags))
462 if ((code = init_krb_udp())) {
464 ("Failed to initialize UDP interface; code = %d.\n", code));
465 ViceLog(0, ("Running without UDP access.\n"));
468 ViceLog(0, ("Starting to process AuthServer requests\n"));
469 rx_ServerProc(NULL); /* donate this LWP */