#include <afsconfig.h>
#include <afs/param.h>
-RCSID
- ("$Header$");
+#ifdef IGNORE_SOME_GCC_WARNINGS
+# pragma GCC diagnostic warning "-Wdeprecated-declarations"
+#endif
#include <afs/stds.h>
#include <sys/types.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
+#include <stdarg.h>
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
#ifdef AFS_NT40_ENV
#include <winsock2.h>
#include <direct.h>
#include <rx/rx_globals.h>
#include "bosint.h"
#include "bnode.h"
-#include <afs/auth.h>
+#include "bosprototypes.h"
+#include <rx/rxkad.h>
+#include <rx/rxstat.h>
#include <afs/keys.h>
#include <afs/ktime.h>
#include <afs/afsutil.h>
#include <afs/fileutil.h>
#include <afs/procmgmt.h> /* signal(), kill(), wait(), etc. */
+#include <afs/audit.h>
+#include <afs/cellconfig.h>
#if defined(AFS_SGI_ENV)
#include <afs/afs_args.h>
#endif
-
#define BOZO_LWP_STACKSIZE 16000
-extern int BOZO_ExecuteRequest();
-extern int RXSTATS_ExecuteRequest();
extern struct bnode_ops fsbnode_ops, dafsbnode_ops, ezbnode_ops, cronbnode_ops;
-void bozo_Log();
-
struct afsconf_dir *bozo_confdir = 0; /* bozo configuration dir */
-static char *bozo_pid;
-struct rx_securityClass *bozo_rxsc[3];
+static PROCESS bozo_pid;
const char *bozo_fileName;
FILE *bozo_logFile;
+const char *DoCore;
int DoLogging = 0;
int DoSyslog = 0;
#ifndef AFS_NT40_ENV
struct ktime bozo_nextRestartKT, bozo_nextDayKT;
int bozo_newKTs;
int rxBind = 0;
+int rxkadDisableDotCheck = 0;
#define ADDRSPERSITE 16 /* Same global is in rx/rx_user.c */
afs_uint32 SHostAddrs[ADDRSPERSITE];
-#ifdef BOS_RESTRICTED_MODE
int bozo_isrestricted = 0;
int bozo_restdisable = 0;
bozo_isrestricted = 0;
bozo_restdisable = 1;
}
-#endif
struct bztemp {
FILE *file;
/* restart bozo process */
int
-bozo_ReBozo()
+bozo_ReBozo(void)
{
#ifdef AFS_NT40_ENV
/* exit with restart code; SCM integrator process will restart bosserver */
/* make sure a dir exists */
static int
-MakeDir(register char *adir)
+MakeDir(const char *adir)
{
struct stat tstat;
register afs_int32 code;
/* create all the bozo dirs */
static int
-CreateDirs()
+CreateDirs(const char *coredir)
{
if ((!strncmp
(AFSDIR_USR_DIRPATH, AFSDIR_CLIENT_ETC_DIRPATH,
symlink(AFSDIR_SERVER_CELLSERVDB_FILEPATH,
AFSDIR_CLIENT_CELLSERVDB_FILEPATH);
#endif /* AFS_NT40_ENV */
+ if (coredir)
+ MakeDir(coredir);
return 0;
}
}
/* write one bnode's worth of entry into the file */
-static
-bzwrite(register struct bnode *abnode, register struct bztemp *at)
+static int
+bzwrite(register struct bnode *abnode, void *arock)
{
+ register struct bztemp *at = (struct bztemp *)arock;
register int i;
char tbuffer[BOZO_BSSIZE];
register afs_int32 code;
afs_int32 i, goal;
struct bnode *tb;
char *parms[MAXPARMS];
-#ifdef BOS_RESTRICTED_MODE
int rmode;
-#endif
/* rename BozoInit to BosServer for the user */
if (!aname) {
if (code < 0)
perror("bosconfig rename");
}
-#ifdef BOS_NEW_CONFIG
if (access(AFSDIR_SERVER_BOZCONFNEW_FILEPATH, 0) == 0) {
code =
renamefile(AFSDIR_SERVER_BOZCONFNEW_FILEPATH,
if (code < 0)
perror("bosconfig rename");
}
-#endif
}
- /* setup default times we want to do restarts */
- bozo_nextRestartKT.mask = KTIME_HOUR | KTIME_MIN | KTIME_DAY;
- bozo_nextRestartKT.hour = 4; /* 4 am */
+ /* don't do server restarts by default */
+ bozo_nextRestartKT.mask = KTIME_NEVER;
+ bozo_nextRestartKT.hour = 0;
bozo_nextRestartKT.min = 0;
- bozo_nextRestartKT.day = 0; /* Sunday */
+ bozo_nextRestartKT.day = 0;
+
+ /* restart processes at 5am if their binaries have changed */
bozo_nextDayKT.mask = KTIME_HOUR | KTIME_MIN;
bozo_nextDayKT.hour = 5;
bozo_nextDayKT.min = 0;
bozo_nextDayKT.sec = ktsec;
continue;
}
-#ifdef BOS_RESTRICTED_MODE
+
if (strncmp(tbuffer, "restrictmode", 12) == 0) {
code = sscanf(tbuffer, "restrictmode %d", &rmode);
if (code != 1) {
bozo_isrestricted = rmode;
continue;
}
-#endif
if (strncmp("bnode", tbuffer, 5) != 0) {
code = -1;
code =
bnode_Create(typep, instp, &tb, parms[0], parms[1], parms[2],
parms[3], parms[4], notifier,
- goal ? BSTAT_NORMAL : BSTAT_SHUTDOWN);
+ goal ? BSTAT_NORMAL : BSTAT_SHUTDOWN, 0);
if (code)
goto fail;
if (!tfile)
return -1;
btemp.file = tfile;
-#ifdef BOS_RESTRICTED_MODE
+
fprintf(tfile, "restrictmode %d\n", bozo_isrestricted);
-#endif
fprintf(tfile, "restarttime %d %d %d %d %d\n", bozo_nextRestartKT.mask,
bozo_nextRestartKT.day, bozo_nextRestartKT.hour,
bozo_nextRestartKT.min, bozo_nextRestartKT.sec);
}
static int
-bdrestart(register struct bnode *abnode, char *arock)
+bdrestart(register struct bnode *abnode, void *arock)
{
register afs_int32 code;
#define BOZO_MINSKIP 3600 /* minimum to advance clock */
/* lwp to handle system restarts */
-static int
-BozoDaemon()
+static void *
+BozoDaemon(void *unused)
{
register afs_int32 now;
IOMGR_Sleep(60);
now = FT_ApproxTime();
-#ifdef BOS_RESTRICTED_MODE
if (bozo_restdisable) {
bozo_Log("Restricted mode disabled by signal\n");
bozo_restdisable = 0;
}
-#endif
+
if (bozo_newKTs) { /* need to recompute restart times */
bozo_newKTs = 0; /* done for a while */
nextRestart = ktime_next(&bozo_nextRestartKT, BOZO_MINSKIP);
bnode_ApplyInstance(bdrestart, 0);
}
}
+ return NULL;
}
#ifdef AFS_AIX32_ENV
static int
-tweak_config()
+tweak_config(void)
{
FILE *f;
char c[80];
register afs_int32 code;
struct afsconf_dir *tdir;
int noAuth = 0;
- struct ktc_encryptionKey tkey;
int i;
char namebuf[AFSDIR_PATH_MAX];
int rxMaxMTU = -1;
afs_uint32 host = htonl(INADDR_ANY);
+ char *auditFileName = NULL;
+ struct rx_securityClass **securityClasses;
+ afs_int32 numClasses;
#ifndef AFS_NT40_ENV
int nofork = 0;
struct stat sb;
sigaction(SIGABRT, &nsa, NULL);
#endif
osi_audit_init();
-#ifdef BOS_RESTRICTED_MODE
signal(SIGFPE, bozo_insecureme);
-#endif
#ifdef AFS_NT40_ENV
/* Initialize winsock */
/* some path inits */
bozo_fileName = AFSDIR_SERVER_BOZCONF_FILEPATH;
+ DoCore = AFSDIR_SERVER_LOGS_DIRPATH;
/* initialize the list of dirpaths that the bosserver has
* an interest in monitoring */
} else if (strncmp(argv[code], "-syslog=", 8) == 0) {
DoSyslog = 1;
DoSyslogFacility = atoi(argv[code] + 8);
+ } else if (strncmp(argv[code], "-cores=", 7) == 0) {
+ if (strcmp((argv[code]+7), "none") == 0)
+ DoCore = 0;
+ else
+ DoCore = (argv[code]+7);
} else if (strcmp(argv[code], "-nofork") == 0) {
nofork = 1;
}
} else if (strcmp(argv[code], "-enable_process_stats") == 0) {
rx_enableProcessRPCStats();
}
-#ifdef BOS_RESTRICTED_MODE
else if (strcmp(argv[code], "-restricted") == 0) {
bozo_isrestricted = 1;
}
-#endif
else if (strcmp(argv[code], "-rxbind") == 0) {
rxBind = 1;
}
- else if (!strcmp(argv[i], "-rxmaxmtu")) {
- if ((i + 1) >= argc) {
+ else if (strcmp(argv[code], "-allow-dotted-principals") == 0) {
+ rxkadDisableDotCheck = 1;
+ }
+ else if (!strcmp(argv[code], "-rxmaxmtu")) {
+ if ((code + 1) >= argc) {
fprintf(stderr, "missing argument for -rxmaxmtu\n");
exit(1);
}
- rxMaxMTU = atoi(argv[++i]);
+ rxMaxMTU = atoi(argv[++code]);
if ((rxMaxMTU < RX_MIN_PACKET_SIZE) ||
(rxMaxMTU > RX_MAX_PACKET_DATA_SIZE)) {
- printf("rxMaxMTU %d% invalid; must be between %d-%d\n",
+ printf("rxMaxMTU %d invalid; must be between %d-%" AFS_SIZET_FMT "\n",
rxMaxMTU, RX_MIN_PACKET_SIZE,
RX_MAX_PACKET_DATA_SIZE);
exit(1);
}
}
else if (strcmp(argv[code], "-auditlog") == 0) {
- int tempfd, flags;
- FILE *auditout;
- char oldName[MAXPATHLEN];
- char *fileName = argv[++code];
+ auditFileName = argv[++code];
-#ifndef AFS_NT40_ENV
- struct stat statbuf;
-
- if ((lstat(fileName, &statbuf) == 0)
- && (S_ISFIFO(statbuf.st_mode))) {
- flags = O_WRONLY | O_NONBLOCK;
- } else
-#endif
- {
- strcpy(oldName, fileName);
- strcat(oldName, ".old");
- renamefile(fileName, oldName);
- flags = O_WRONLY | O_TRUNC | O_CREAT;
+ } else if (strcmp(argv[code], "-audit-interface") == 0) {
+ char *interface = argv[++code];
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ exit(1);
}
- tempfd = open(fileName, flags, 0666);
- if (tempfd > -1) {
- auditout = fdopen(tempfd, "a");
- if (auditout) {
- osi_audit_file(auditout);
- } else
- printf("Warning: auditlog %s not writable, ignored.\n", fileName);
- } else
- printf("Warning: auditlog %s not writable, ignored.\n", fileName);
}
else {
#ifndef AFS_NT40_ENV
printf("Usage: bosserver [-noauth] [-log] "
"[-auditlog <log path>] "
- "[-rxmaxmtu <bytes>] [-rxbind] "
+ "[-audit-interafce <file|sysvmq> (default is file)] "
+ "[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals]"
"[-syslog[=FACILITY]] "
"[-enable_peer_stats] [-enable_process_stats] "
+ "[-cores=<none|path>] \n"
"[-nofork] " "[-help]\n");
#else
printf("Usage: bosserver [-noauth] [-log] "
"[-auditlog <log path>] "
- "[-rxmaxmtu <bytes>] [-rxbind] "
+ "[-audit-interafce <file|sysvmq> (default is file)] "
+ "[-rxmaxmtu <bytes>] [-rxbind] [-allow-dotted-principals]"
"[-enable_peer_stats] [-enable_process_stats] "
+ "[-cores=<none|path>] \n"
"[-help]\n");
#endif
fflush(stdout);
exit(0);
}
}
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ }
#ifndef AFS_NT40_ENV
if (geteuid() != 0) {
bnode_Register("cron", &cronbnode_ops, 2);
/* create useful dirs */
- CreateDirs();
+ CreateDirs(DoCore);
/* chdir to AFS log directory */
- chdir(AFSDIR_SERVER_LOGS_DIRPATH);
+ if (DoCore)
+ chdir(DoCore);
+ else
+ chdir(AFSDIR_SERVER_LOGS_DIRPATH);
#if 0
fputs(AFS_GOVERNMENT_MESSAGE, stdout);
#endif
}
+#if defined(RLIMIT_CORE) && defined(HAVE_GETRLIMIT)
+ {
+ struct rlimit rlp;
+ getrlimit(RLIMIT_CORE, &rlp);
+ if (!DoCore)
+ rlp.rlim_cur = 0;
+ else
+ rlp.rlim_max = rlp.rlim_cur = RLIM_INFINITY;
+ setrlimit(RLIMIT_CORE, &rlp);
+ getrlimit(RLIMIT_CORE, &rlp);
+ bozo_Log("Core limits now %d %d\n",(int)rlp.rlim_cur,(int)rlp.rlim_max);
+ }
+#endif
+
/* Write current state of directory permissions to log file */
DirAccessOK();
}
code = LWP_CreateProcess(BozoDaemon, BOZO_LWP_STACKSIZE, /* priority */ 1,
- (void *) /*parm */ 0, "bozo-the-clown",
+ /* param */ NULL , "bozo-the-clown",
&bozo_pid);
/* try to read the key from the config file */
}
/* read init file, starting up programs */
- if (code = ReadBozoFile(0)) {
+ if ((code = ReadBozoFile(0))) {
bozo_Log
("bosserver: Something is wrong (%d) with the bos configuration file %s; aborting\n",
code, AFSDIR_SERVER_BOZCONF_FILEPATH);
/* opened the cell databse */
bozo_confdir = tdir;
- code = afsconf_GetKey(tdir, 999, &tkey);
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(bozo_rxstat_userok);
- /* have bcrypt key now */
-
afsconf_SetNoAuthFlag(tdir, noAuth);
-
- bozo_rxsc[0] = rxnull_NewServerSecurityObject();
- bozo_rxsc[1] = (struct rx_securityClass *)0;
- bozo_rxsc[2] =
- rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
+ afsconf_BuildServerSecurityObjects(tdir, 0, &securityClasses, &numClasses);
/* Disable jumbograms */
rx_SetNoJumbo();
if (rxBind) {
afs_int32 ccode;
-#ifndef AFS_NT40_ENV
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
} else
-#endif
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
host = SHostAddrs[0];
}
- tservice = rx_NewServiceHost(host, /* port */ 0, /* service id */ 1,
- /*service name */ "bozo",
- /* security classes */
- bozo_rxsc,
- /* numb sec classes */ 3, BOZO_ExecuteRequest);
+ tservice = rx_NewServiceHost(host, 0, /* service id */ 1,
+ "bozo", securityClasses, numClasses,
+ BOZO_ExecuteRequest);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
rx_SetStackSize(tservice, BOZO_LWP_STACKSIZE); /* so gethostbyname works (in cell stuff) */
+ if (rxkadDisableDotCheck) {
+ rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
+ (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ }
tservice =
- rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", bozo_rxsc,
- 3, RXSTATS_ExecuteRequest);
+ rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats",
+ securityClasses, numClasses, RXSTATS_ExecuteRequest);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, 4);
rx_StartServer(1); /* donate this process */
+ return 0;
}
void
-bozo_Log(char *a, char *b, char *c, char *d, char *e, char *f)
+bozo_Log(char *format, ...)
{
char tdate[27];
time_t myTime;
+ va_list ap;
+
+ va_start(ap, format);
if (DoSyslog) {
#ifndef AFS_NT40_ENV
- syslog(LOG_INFO, a, b, c, d, e, f);
+ vsyslog(LOG_INFO, format, ap);
#endif
} else {
myTime = time(0);
printf("bosserver: WARNING: problem with %s\n",
AFSDIR_SERVER_BOZLOG_FILEPATH);
printf("%s ", tdate);
- printf(a, b, c, d, e, f);
+ vprintf(format, ap);
fflush(stdout);
} else {
fprintf(bozo_logFile, "%s ", tdate);
- fprintf(bozo_logFile, a, b, c, d, e, f);
+ vfprintf(bozo_logFile, format, ap);
/* close so rm BosLog works */
fclose(bozo_logFile);
git://git.openafs.org / openafs.git / blobdiff