#endif
static struct {
+ void *rock;
+ int (*islocal)(void *rock, char *name, char *inst, char *cell);
+} audit_user_check = { NULL, NULL };
+
+static struct {
const char *name;
const struct osi_audit_ops *ops;
} audit_interfaces[] = {
struct rx_peer *peer;
afs_int32 secClass;
afs_int32 code;
- char afsName[MAXKTCNAMELEN];
+ char afsName[MAXKTCNAMELEN + MAXKTCNAMELEN + MAXKTCREALMLEN + 3];
afs_int32 hostId;
va_list vaList;
char tcell[MAXKTCREALMLEN];
char name[MAXKTCNAMELEN];
char inst[MAXKTCNAMELEN];
- char vname[256];
- int ilen, clen;
code =
rxkad_GetServerInfo(conn, NULL, NULL, name, inst, tcell,
osi_audit("AFS_Aud_NoAFSId", (-1), AUD_STR, audEvent, AUD_END);
strcpy(afsName, "--NoName--");
} else {
- strncpy(vname, name, sizeof(vname));
- if ((ilen = strlen(inst))) {
- if (strlen(vname) + 1 + ilen >= sizeof(vname))
- goto done;
- strcat(vname, ".");
- strcat(vname, inst);
- }
- if ((clen = strlen(tcell))) {
- static char local_realms[AFS_NUM_LREALMS][AFS_REALM_SZ];
- static int num_lrealms = -1;
- int i, lrealm_match;
-
- if (num_lrealms == -1) {
- for (i = 0; i < AFS_NUM_LREALMS; i++) {
- if (afs_krb_get_lrealm(local_realms[i], i) != 0 /*KSUCCESS*/)
- break;
- }
-
- num_lrealms = i;
- }
-
- /* Check to see if the ticket cell matches one of the local realms */
- lrealm_match = 0;
- for (i = 0; i < num_lrealms ; i++ ) {
- if (!strcasecmp(local_realms[i], tcell)) {
- lrealm_match = 1;
- break;
- }
- }
- /* If yes, then make sure that the name is not present in
- * an exclusion list */
- if (lrealm_match) {
- char uname[256];
- if (inst[0])
- snprintf(uname,sizeof(uname),"%s.%s@%s",name,inst,tcell);
- else
- snprintf(uname,sizeof(uname),"%s@%s",name,tcell);
-
- if (afs_krb_exclusion(uname))
- lrealm_match = 0;
- }
-
- if (!lrealm_match) {
- if (strlen(vname) + 1 + clen >= sizeof(vname))
- goto done;
- strcat(vname, "@");
- strcat(vname, tcell);
- }
- }
- strcpy(afsName, vname);
- }
+ afs_int32 islocal = 0;
+ if (audit_user_check.islocal) {
+ islocal =
+ audit_user_check.islocal(audit_user_check.rock,
+ name, inst, tcell);
+ }
+ strlcpy(afsName, name, sizeof(afsName));
+ if (inst[0]) {
+ strlcat(afsName, ".", sizeof(afsName));
+ strlcat(afsName, inst, sizeof(afsName));
+ }
+ if (tcell[0] && !islocal) {
+ strlcat(afsName, "@", sizeof(afsName));
+ strlcat(afsName, tcell, sizeof(afsName));
+ }
+ }
} else { /* Unauthenticated & unknown */
osi_audit("AFS_Aud_UnknSec", (-1), AUD_STR, audEvent, AUD_END);
strcpy(afsName, "--Unknown--");
}
- done:
peer = rx_PeerOf(conn); /* conn -> peer */
if (peer)
hostId = rx_HostOf(peer); /* peer -> host */
}
void
+osi_audit_set_user_check(void *rock,
+ int (*islocal) (void *rock, char *name, char *inst,
+ char *cell))
+{
+ audit_user_check.rock = rock;
+ audit_user_check.islocal = islocal;
+}
+
+void
audit_PrintStats(FILE *out)
{
audit_ops->print_interface_stats(out);
int osi_audit_file(const char *filename);
void osi_audit_init(void);
int osi_audit_interface(const char *interface);
+void osi_audit_set_user_check(void *rock, int (*islocal)(void *rock, char *name, char *inst, char *cell));
void audit_PrintStats(FILE *out);
return afsconf_SuperUser(bozo_confdir, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+int
+bozo_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ bozo_Log("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell);
+ }
+ return islocal;
+}
+
/* restart bozo process */
int
bozo_ReBozo(void)
}
}
+ /* initialize audit user check */
+ osi_audit_set_user_check(tdir, bozo_IsLocalRealmMatch);
+
/* read init file, starting up programs */
if ((code = ReadBozoFile(0))) {
bozo_Log
return afsconf_SuperUser(BU_conf, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+int
+BU_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ LogError(code, "Failed local realm check; name=%s, inst=%s, cell=%s\n",
+ name, inst, cell);
+ }
+ return islocal;
+}
+
int
convert_cell_to_ubik(struct afsconf_cell *cellinfo, afs_uint32 *myHost,
afs_uint32 *serverList)
ERROR(code);
}
+ /* initialize audit user check */
+ osi_audit_set_user_check(BU_conf, BU_IsLocalRealmMatch);
+
/* initialize ubik */
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, BU_conf);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
return afsconf_SuperUser(KA_conf, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+static int
+KA_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ ViceLog(0,
+ ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell));
+ }
+ return islocal;
+}
+
afs_int32
es_Report(char *fmt, ...)
{
ViceLog(0, ("Using server list from %s cell database.\n", cell));
}
+ /* initialize audit user check */
+ osi_audit_set_user_check(KA_conf, KA_IsLocalRealmMatch);
+
/* initialize ubik */
if (level == rxkad_clear)
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
return afsconf_SuperUser(prdir, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+int
+pr_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ ViceLog(0, ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell));
+ }
+ return islocal;
+}
+
+
enum optionsList {
OPT_database,
OPT_access,
}
pr_realmName = info.name;
+ /* initialize audit user check */
+ osi_audit_set_user_check(configDir, pr_IsLocalRealmMatch);
+
/* initialize ubik */
ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir);
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
return afsconf_SuperUser(confDir, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+int
+fs_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ ViceLog(0,
+ ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell));
+ }
+ return islocal;
+}
+
static void
ResetCheckSignal(void)
{
exit(-1);
}
+ /* initialize audit user check */
+ osi_audit_set_user_check(confDir, fs_IsLocalRealmMatch);
+
/* Open FileLog on stdout, stderr, fd 1 and fd2 (for perror), sigh. */
#ifndef AFS_NT40_ENV
serverLogSyslogTag = "fileserver";
return afsconf_SuperUser(vldb_confdir, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+int
+vldb_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ ViceLog(0,
+ ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell));
+ }
+ return islocal;
+}
+
/* Main server module */
#include "AFS_component_version_number.c"
configDir);
exit(1);
}
+
+ /* initialize audit user check */
+ osi_audit_set_user_check(configDir, vldb_IsLocalRealmMatch);
+
#ifdef AFS_NT40_ENV
/* initialize winsock */
if (afs_winsockInit() < 0) {
return afsconf_SuperUser(tdir, call, NULL);
}
+/**
+ * Return true if this name is a member of the local realm.
+ */
+static int
+vol_IsLocalRealmMatch(void *rock, char *name, char *inst, char *cell)
+{
+ struct afsconf_dir *dir = (struct afsconf_dir *)rock;
+ afs_int32 islocal = 0; /* default to no */
+ int code;
+
+ code = afsconf_IsLocalRealmMatch(dir, &islocal, name, inst, cell);
+ if (code) {
+ ViceLog(0,
+ ("Failed local realm check; code=%d, name=%s, inst=%s, cell=%s\n",
+ code, name, inst, cell));
+ }
+ return islocal;
+}
+
#include "AFS_component_version_number.c"
int
main(int argc, char **argv)
AFSDIR_SERVER_ETC_DIRPATH);
VS_EXIT(1);
}
+
+ /* initialize audit user check */
+ osi_audit_set_user_check(tdir, vol_IsLocalRealmMatch);
+
afsconf_GetKey(tdir, 999, &tkey);
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
if (securityClasses[0] == NULL)