#include "kalog.h" /* for OpenLog() */
#include <time.h>
#include <stdio.h>
-#ifdef HAVE_STRING_H
#include <string.h>
-#else
-#ifdef HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#include <afs/cellconfig.h>
#include <lock.h>
#include <afs/afsutil.h>
+#include <afs/com_err.h>
#include <ubik.h>
+#include <sys/stat.h>
#include "kauth.h"
#include "kautils.h"
#include "kaserver.h"
afs_int32 myHost = 0;
afs_int32 verbose_track = 1;
afs_int32 krb4_cross = 0;
+afs_int32 rxBind = 0;
+
+#define ADDRSPERSITE 16 /* Same global is in rx/rx_user.c */
+afs_uint32 SHostAddrs[ADDRSPERSITE];
struct afsconf_dir *KA_conf; /* for getting cell info */
int level; /* security level for Ubik */
afs_int32 i;
char clones[MAXHOSTSPERCELL];
+ afs_uint32 host = ntohl(INADDR_ANY);
struct rx_service *tservice;
struct rx_securityClass *sca[1];
sigaction(SIGABRT, &nsa, NULL);
sigaction(SIGSEGV, &nsa, NULL);
#endif
+ osi_audit_init();
+
if (argc == 0) {
usage:
printf("Usage: kaserver [-noAuth] [-fastKeys] [-database <dbpath>] "
+ "[-auditlog <log path>] [-rxbind] "
"[-localfiles <lclpath>] [-minhours <n>] [-servers <serverlist>] "
"[-crossrealm]"
/*" [-enable_peer_stats] [-enable_process_stats] " */
dbpath = argv[++a];
if (strcmp(lclpath, default_lclpath) == 0)
lclpath = dbpath;
+ }
+ else if (strncmp(arg, "-auditlog", arglen) == 0) {
+ char *fileName = argv[++a];
+
+ osi_audit_file(fileName);
} else if (strcmp(arg, "-localfiles") == 0)
lclpath = argv[++a];
else if (strcmp(arg, "-servers") == 0)
verbose_track = 0;
else if (IsArg("-crossrealm"))
krb4_cross = 1;
+ else if (IsArg("-rxbind"))
+ rxBind = 1;
else if (IsArg("-minhours")) {
MinHours = atoi(argv[++a]);
} else if (IsArg("-enable_peer_stats")) {
if (!KA_conf) {
code = KANOCELLS;
abort:
- com_err(whoami, code, "Failed getting cell info");
+ afs_com_err(whoami, code, "Failed getting cell info");
exit(1);
}
#ifdef AUTH_DBM_LOG
OpenLog(AFSDIR_SERVER_KALOG_FILEPATH);
SetupLogSignals();
#endif
+
+ fprintf(stderr, "%s: WARNING: kaserver is deprecated due to its weak security "
+ "properties. Migrating to a Kerberos 5 KDC is advised. "
+ "http://www.openafs.org/no-more-des.html\n", whoami);
+ ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. "
+ "Migrating to a Kerberos 5 KDC is advised. "
+ "http://www.openafs.org/no-more-des.html\n"));
+
code =
afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE,
&cellinfo, &clones);
if (servers) {
if (code = ubik_ParseServerList(argc, argv, &myHost, serverList)) {
- com_err(whoami, code, "Couldn't parse server list");
+ afs_com_err(whoami, code, "Couldn't parse server list");
exit(1);
}
cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
ubik_CheckRXSecurityRock = (char *)KA_conf;
ubik_nBuffers = 80;
+
+ if (rxBind) {
+ afs_int32 ccode;
+ if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
+ AFSDIR_SERVER_NETINFO_FILEPATH) {
+ char reason[1024];
+ ccode = parseNetFiles(SHostAddrs, NULL, NULL,
+ ADDRSPERSITE, reason,
+ AFSDIR_SERVER_NETINFO_FILEPATH,
+ AFSDIR_SERVER_NETRESTRICT_FILEPATH);
+ } else
+ {
+ ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);
+ }
+ if (ccode == 1) {
+ host = SHostAddrs[0];
+ rx_InitHost(host, htons(AFSCONF_KAUTHPORT));
+ }
+ }
+
if (servers)
code =
ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT), serverList,
&clones, dbpath, &KA_dbase);
if (code) {
- com_err(whoami, code, "Ubik init failed");
+ afs_com_err(whoami, code, "Ubik init failed");
exit(2);
}
rx_SetNoJumbo();
tservice =
- rx_NewService(0, KA_AUTHENTICATION_SERVICE, "AuthenticationService",
- sca, 1, KAA_ExecuteRequest);
+ rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE,
+ "AuthenticationService", sca, 1, KAA_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Authentication rx service\n"));
exit(3);
rx_SetMinProcs(tservice, 1);
rx_SetMaxProcs(tservice, 1);
+
tservice =
- rx_NewService(0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
+ rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE, "TicketGrantingService",
sca, 1, KAT_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Ticket Granting rx service\n"));
scm[RX_SCINDEX_KAD] =
rxkad_NewServerSecurityObject(rxkad_crypt, 0, kvno_admin_key, 0);
tservice =
- rx_NewService(0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
+ rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE, "Maintenance", scm, 3,
KAM_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create Maintenance rx service\n"));
rx_SetStackSize(tservice, 10000);
tservice =
- rx_NewService(0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
+ rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID, "rpcstats", scm, 3,
RXSTATS_ExecuteRequest);
if (tservice == (struct rx_service *)0) {
ViceLog(0, ("Could not create rpc stats rx service\n"));
}
ViceLog(0, ("Starting to process AuthServer requests\n"));
- rx_ServerProc(); /* donate this LWP */
+ rx_ServerProc(NULL); /* donate this LWP */
return 0;
}