/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
#include <afsconfig.h>
#include <afs/param.h>
-RCSID
- ("$Header$");
+#include <roken.h>
#include <afs/stds.h>
#include <sys/types.h>
#include "kalog.h" /* for OpenLog() */
#include <time.h>
#include <stdio.h>
-#ifdef HAVE_STRING_H
#include <string.h>
-#else
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#include <lwp.h>
#include <rx/xdr.h>
#include <rx/rx.h>
+#include <rx/rxstat.h>
#include <rx/rxkad.h>
#include <rx/rx_globals.h>
#include <afs/cellconfig.h>
#include <lock.h>
#include <afs/afsutil.h>
+#include <afs/com_err.h>
+#include <afs/audit.h>
#include <ubik.h>
#include <sys/stat.h>
#include "kauth.h"
+#include "kauth_internal.h"
#include "kautils.h"
#include "kaserver.h"
-
+#include "kadatabase.h"
+#include "kaprocs.h"
struct kadstats dynamic_statistics;
struct ubik_dbase *KA_dbase;
-afs_int32 myHost = 0;
+afs_uint32 myHost = 0;
afs_int32 verbose_track = 1;
afs_int32 krb4_cross = 0;
afs_int32 rxBind = 0;
/* check whether caller is authorized to manage RX statistics */
int
-KA_rxstat_userok(call)
- struct rx_call *call;
+KA_rxstat_userok(struct rx_call *call)
{
return afsconf_SuperUser(KA_conf, call, NULL);
}
}
static void
-initialize_dstats()
+initialize_dstats(void)
{
memset(&dynamic_statistics, 0, sizeof(dynamic_statistics));
dynamic_statistics.start_time = time(0);
}
static int
-convert_cell_to_ubik(cellinfo, myHost, serverList)
- struct afsconf_cell *cellinfo;
- afs_int32 *myHost;
- afs_int32 *serverList;
+convert_cell_to_ubik(struct afsconf_cell *cellinfo, afs_uint32 *myHost,
+ afs_uint32 *serverList)
{
int i;
char hostname[64];
ViceLog(0, ("kaserver: couldn't get address of this host.\n"));
exit(1);
}
- memcpy(myHost, th->h_addr, sizeof(afs_int32));
+ memcpy(myHost, th->h_addr, sizeof(afs_uint32));
for (i = 0; i < cellinfo->numServers; i++)
if (cellinfo->hostAddr[i].sin_addr.s_addr != *myHost) {
}
static afs_int32
-kvno_admin_key(rock, kvno, key)
- char *rock;
- afs_int32 kvno;
- struct ktc_encryptionKey *key;
+kvno_admin_key(void *rock, afs_int32 kvno, struct ktc_encryptionKey *key)
{
return ka_LookupKvno(0, KA_ADMIN_NAME, KA_ADMIN_INST, kvno, key);
#include "AFS_component_version_number.c"
-main(argc, argv)
- int argc;
- char *argv[];
+int
+main(int argc, char *argv[])
{
afs_int32 code;
char *whoami = argv[0];
- afs_int32 serverList[MAXSERVERS];
+ afs_uint32 serverList[MAXSERVERS];
struct afsconf_cell cellinfo;
char *cell;
const char *cellservdb, *dbpath, *lclpath;
afs_int32 i;
char clones[MAXHOSTSPERCELL];
afs_uint32 host = ntohl(INADDR_ANY);
+ char *auditFileName = NULL;
struct rx_service *tservice;
struct rx_securityClass *sca[1];
struct rx_securityClass *scm[3];
- extern int afsconf_ClientAuthSecure();
- extern int afsconf_ServerAuth();
- extern int afsconf_CheckAuth();
-
extern int rx_stackSize;
- extern int KAA_ExecuteRequest();
- extern int KAT_ExecuteRequest();
- extern int KAM_ExecuteRequest();
- extern int RXSTATS_ExecuteRequest();
#ifdef AFS_AIX32_ENV
/*
- * The following signal action for AIX is necessary so that in case of a
- * crash (i.e. core is generated) we can include the user's data section
+ * The following signal action for AIX is necessary so that in case of a
+ * crash (i.e. core is generated) we can include the user's data section
* in the core dump. Unfortunately, by default, only a partial core is
* generated which, in many cases, isn't too useful.
*/
if (argc == 0) {
usage:
- printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
- "[-auditlog <log path>] [-rxbind] "
- "[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
- "[-crossrealm]"
+ printf("Usage: kaserver [-noAuth] [-database <dbpath>] "
+ "[-auditlog <log path>] [-audit-interface <file|sysvmq>] "
+ "[-rxbind] [-localfiles <lclpath>] [-minhours <n>] "
+ "[-servers <serverlist>] [-crossrealm] "
/*" [-enable_peer_stats] [-enable_process_stats] " */
"[-help]\n");
exit(1);
lclpath = dbpath;
}
else if (strncmp(arg, "-auditlog", arglen) == 0) {
- int tempfd, flags;
- FILE *auditout;
- char oldName[MAXPATHLEN];
- char *fileName = argv[++a];
-
-#ifndef AFS_NT40_ENV
- struct stat statbuf;
-
- if ((lstat(fileName, &statbuf) == 0)
- && (S_ISFIFO(statbuf.st_mode))) {
- flags = O_WRONLY | O_NONBLOCK;
- } else
-#endif
- {
- strcpy(oldName, fileName);
- strcat(oldName, ".old");
- renamefile(fileName, oldName);
- flags = O_WRONLY | O_TRUNC | O_CREAT;
+ auditFileName = argv[++a];
+
+ } else if (strncmp(arg, "-audit-interface", arglen) == 0) {
+ char *interface = argv[++a];
+
+ if (osi_audit_interface(interface)) {
+ printf("Invalid audit interface '%s'\n", interface);
+ exit(1);
}
- tempfd = open(fileName, flags, 0666);
- if (tempfd > -1) {
- auditout = fdopen(tempfd, "a");
- if (auditout) {
- osi_audit_file(auditout);
- } else
- printf("Warning: auditlog %s not writable, ignored.\n", fileName);
- } else
- printf("Warning: auditlog %s not writable, ignored.\n", fileName);
+
} else if (strcmp(arg, "-localfiles") == 0)
lclpath = argv[++a];
else if (strcmp(arg, "-servers") == 0)
goto usage;
}
}
- if (code = ka_CellConfig(cellservdb))
+
+ if (auditFileName) {
+ osi_audit_file(auditFileName);
+ }
+
+ if ((code = ka_CellConfig(cellservdb)))
goto abort;
cell = ka_LocalCell();
KA_conf = afsconf_Open(cellservdb);
if (!KA_conf) {
code = KANOCELLS;
abort:
- com_err(whoami, code, "Failed getting cell info");
+ afs_com_err(whoami, code, "Failed getting cell info");
exit(1);
}
#ifdef AUTH_DBM_LOG
#else
/* NT & HPUX do not have dbm package support. So we can only do some
* text logging. So open the AuthLog file for logging and redirect
- * stdin and stdout to it
+ * stdin and stdout to it
*/
OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
SetupLogSignals();
code =
afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
- &cellinfo, &clones);
+ &cellinfo, clones);
if (servers) {
- if (code = ubik_ParseServerList(argc, argv, &myHost, serverList)) {
- com_err(whoami, code, "Couldn't parse server list");
+ if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) {
+ afs_com_err(whoami, code, "Couldn't parse server list");
exit(1);
}
cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
/* initialize ubik */
if (level == rxkad_clear)
- ubik_CRXSecurityProc = afsconf_ClientAuth;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
+ KA_conf);
else if (level == rxkad_crypt)
- ubik_CRXSecurityProc = afsconf_ClientAuthSecure;
+ ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure,
+ afsconf_UpToDate, KA_conf);
else {
ViceLog(0, ("Unsupported security level %d\n", level));
exit(5);
ViceLog(0,
("Using level %s for Ubik connections.\n",
(level == rxkad_crypt ? "crypt" : "clear")));
- ubik_CRXSecurityRock = (char *)KA_conf;
- ubik_SRXSecurityProc = afsconf_ServerAuth;
- ubik_SRXSecurityRock = (char *)KA_conf;
- ubik_CheckRXSecurityProc = afsconf_CheckAuth;
- ubik_CheckRXSecurityRock = (char *)KA_conf;
+
+ ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
+ afsconf_CheckAuth,
+ KA_conf);
ubik_nBuffers = 80;
if (rxBind) {
afs_int32 ccode;
-#ifndef AFS_NT40_ENV
- if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
+ if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
AFSDIR_SERVER_NETINFO_FILEPATH) {
char reason[1024];
ccode = parseNetFiles(SHostAddrs, NULL, NULL,
ADDRSPERSITE, reason,
AFSDIR_SERVER_NETINFO_FILEPATH,
AFSDIR_SERVER_NETRESTRICT_FILEPATH);
- } else
-#endif
+ } else
{
ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
}
else
code =
ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT), &cellinfo,
- &clones, dbpath, &KA_dbase);
+ clones, dbpath, &KA_dbase);
if (code) {
- com_err(whoami, code, "Ubik init failed");
+ afs_com_err(whoami, code, "Ubik init failed");
exit(2);
}
rx_SetNoJumbo();
tservice =
- rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
+ rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
"AuthenticationService", sca, 1, KAA_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Authentication rx service\n"));
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
-
+
tservice =
rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
sca, 1, KAT_ExecuteRequest);
if (init_kaprocs(lclpath, initFlags))
return -1;
- if (code = init_krb_udp()) {
+ if ((code = init_krb_udp())) {
ViceLog(0,
("Failed to initialize UDP interface; code = %d.\n", code));
ViceLog(0, ("Running without UDP access.\n"));
}
ViceLog(0, ("Starting to process AuthServer requests\n"));
- rx_ServerProc(); /* donate this LWP */
+ rx_ServerProc(NULL); /* donate this LWP */
return 0;
}