jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 06:50:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move key-related warnings to common server code

Browse Source 
Each server process can log a couple of different warnings about the
server keys found on disk:

- If afsconf_GetLatestKey() returns success (indicating a single-DES
  key is present), we call LogDesWarning().

- If afsconf_CountKeys() returns 0 (indicating there are no keys at
  all on disk), we log a warning that all authenticated access will
  fail.

Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.

We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.

We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.

Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This commit is contained in:
Andrew Deason 2014-02-10 15:57:43 -06:00 committed by Benjamin Kaduk
parent faa9d8f11f
commit 2630e70550
22 changed files with 191 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/auth/Makefile.in
View File

@ -36,7 +36,7 @@ LIBS=libauth.a \
${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/util.a
INCLS=cellconfig.h auth.h keys.h internal.h token.h
INCLS=cellconfig.h auth.h authcon.h keys.h internal.h token.h
all: liboafs_auth.la libauth_pic.la libpam_auth.la \
${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/libauth.krb.a \
@ -45,6 +45,7 @@ all: liboafs_auth.la libauth_pic.la libpam_auth.la \
depinstall: ${TOP_INCDIR}/afs/keys.h \
${TOP_INCDIR}/afs/cellconfig.h \
${TOP_INCDIR}/afs/auth.h \
${TOP_INCDIR}/afs/authcon.h \
${TOP_INCDIR}/afs/ktc.h \
${TOP_INCDIR}/afs/token.h \
token.h \
@ -65,6 +66,9 @@ ${TOP_INCDIR}/afs/cellconfig.h: cellconfig.h
${TOP_INCDIR}/afs/auth.h: auth.h
${INSTALL_DATA} $? $@
${TOP_INCDIR}/afs/authcon.h: authcon.h
${INSTALL_DATA} $? $@
${TOP_INCDIR}/afs/ktc.h: ktc.h
${INSTALL_DATA} $? $@

1
src/auth/NTMakefile
View File

@ -14,6 +14,7 @@ INCFILEDIR = $(DESTDIR)\include\afs # header file install directory
INCFILES =\
$(INCFILEDIR)\auth.h \
$(INCFILEDIR)\authcon.h \
$(INCFILEDIR)\cellconfig.h \
$(INCFILEDIR)\keys.h \
$(INCFILEDIR)\token.h

60
src/auth/authcon.c
View File

@ -30,6 +30,7 @@
#include "keys.h"
#include "ktc.h"
#include "auth.h"
#include "authcon.h"
#ifdef AFS_RXGK_ENV
# include <rx/rxgk.h>
@ -383,16 +384,67 @@ afsconf_SetSecurityFlags(struct afsconf_dir *dir,
dir->securityFlags = flags;
}
static void
LogDesWarning(struct afsconf_bsso_info *info)
{
if (info->logger == NULL) {
return;
}
/* The blank newlines help this stand out a bit more in the log. */
(*info->logger)("\n");
(*info->logger)("WARNING: You are using single-DES keys in a KeyFile. Using "
"single-DES\n");
(*info->logger)("WARNING: long-term keys is considered insecure, and it is "
"strongly\n");
(*info->logger)("WARNING: recommended that you migrate to stronger "
"encryption. See\n");
(*info->logger)("WARNING: OPENAFS-SA-2013-003 on "
"http://www.openafs.org/security/\n");
(*info->logger)("WARNING: for details.\n");
(*info->logger)("\n");
}
static void
LogNoKeysWarning(struct afsconf_bsso_info *info)
{
if (info->logger == NULL) {
return;
}
(*info->logger)("WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n");
}
/* Older version of afsconf_BuildServerSecurityObjects_int. In-tree callers
* should use afsconf_BuildServerSecurityObjects_int where possible. */
void
afsconf_BuildServerSecurityObjects(void *rock,
struct rx_securityClass ***classes,
afs_int32 *numClasses)
{
struct afsconf_bsso_info info;
memset(&info, 0, sizeof(info));
info.dir = rock;
afsconf_BuildServerSecurityObjects_int(&info, classes, numClasses);
}
/*!
* Build a set of security classes suitable for a server accepting
* incoming connections
*/
void
afsconf_BuildServerSecurityObjects(void *rock,
struct rx_securityClass ***classes,
afs_int32 *numClasses)
afsconf_BuildServerSecurityObjects_int(struct afsconf_bsso_info *info,
struct rx_securityClass ***classes,
afs_int32 *numClasses)
{
struct afsconf_dir *dir = rock;
struct afsconf_dir *dir = info->dir;
if (afsconf_GetLatestKey(dir, NULL, NULL) == 0) {
LogDesWarning(info);
}
if (afsconf_CountKeys(dir) == 0) {
LogNoKeysWarning(info);
}
*numClasses = RX_SECIDX_GK+1;

46
src/auth/authcon.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright (c) 2020 Sine Nomine Associates. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef OPENAFS_AUTH_AUTHCON_H
#define OPENAFS_AUTH_AUTHCON_H
/*
* authcon.h - Header for authcon.c-related items that are not public
* interfaces exported to outside the OpenAFS tree.
*/
#include <afs/cellconfig.h>
struct afsconf_bsso_info {
struct afsconf_dir *dir;
void (*logger)(const char *format, ...);
};
void afsconf_BuildServerSecurityObjects_int(struct afsconf_bsso_info *info,
struct rx_securityClass ***classes,
afs_int32 *numClasses);
#endif /* OPENAFS_AUTH_AUTHCON_H */

1
src/auth/liboafs_auth.la.sym
View File

@ -1,5 +1,6 @@
afsconf_AddTypedKey
afsconf_BuildServerSecurityObjects
afsconf_BuildServerSecurityObjects_int
afsconf_CellAliasApply
afsconf_CellApply
afsconf_CheckAuth

15
src/bozo/bosserver.c
View File

@ -44,6 +44,7 @@
#include <afs/afsutil.h>
#include <afs/fileutil.h>
#include <afs/audit.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <afs/cmd.h>
@ -883,6 +884,7 @@ main(int argc, char **argv, char **envp)
int DoPeerRPCStats = 0;
int DoProcessRPCStats = 0;
struct stat sb;
struct afsconf_bsso_info bsso;
#ifndef AFS_NT40_ENV
int nofork = 0;
#endif
@ -910,6 +912,8 @@ main(int argc, char **argv, char **envp)
osi_audit_init();
signal(SIGFPE, bozo_insecureme);
memset(&bsso, 0, sizeof(bsso));
#ifdef AFS_NT40_ENV
/* Initialize winsock */
if (afs_winsockInit() < 0) {
@ -1145,12 +1149,6 @@ main(int argc, char **argv, char **envp)
/* opened the cell databse */
bozo_confdir = tdir;
if (afsconf_CountKeys(bozo_confdir) == 0) {
bozo_Log("WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n");
}
code = bnode_Init();
if (code) {
printf("bosserver: could not init bnode package, code %d\n", code);
@ -1235,7 +1233,10 @@ main(int argc, char **argv, char **envp)
rx_SetRxStatUserOk(bozo_rxstat_userok);
afsconf_SetNoAuthFlag(tdir, noAuth);
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
bsso.dir = tdir;
bsso.logger = bozo_Log;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses);
if (DoPidFiles) {
bozo_CreatePidFile("bosserver", NULL, getpid());

14
src/budb/server.c
View File

@ -24,6 +24,7 @@
#include <rx/rxkad.h>
#include <rx/rx_globals.h>
#include <afs/cellconfig.h>
#include <afs/authcon.h>
#include <afs/bubasics.h>
#include <afs/afsutil.h>
#include <afs/com_err.h>
@ -374,6 +375,7 @@ main(int argc, char **argv)
struct rx_service *tservice;
struct rx_securityClass **securityClasses;
afs_int32 numClasses;
struct afsconf_bsso_info bsso;
extern int rx_stackSize;
@ -404,6 +406,7 @@ main(int argc, char **argv)
memset(&cellinfo_s, 0, sizeof(cellinfo_s));
memset(clones, 0, sizeof(clones));
memset(&bsso, 0, sizeof(bsso));
memset(&logopts, 0, sizeof(logopts));
logopts.lopt_dest = logDest_file;
@ -466,12 +469,6 @@ main(int argc, char **argv)
ERROR(BUDB_NOCELLS);
}
if (afsconf_CountKeys(BU_conf) == 0) {
LogError(0, "WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n");
}
code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell));
if (code) {
LogError(0, "** Can't determine local cell name!\n");
@ -571,7 +568,10 @@ main(int argc, char **argv)
ERROR(code);
}
afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses);
bsso.dir = BU_conf;
bsso.logger = FSLog;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses,
&numClasses);
tservice =
rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase",

12
src/butc/tcmain.c
View File

@ -37,6 +37,7 @@
#include <lwp.h>
#include <lock.h>
#include <afs/afsutil.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <afs/keys.h>
#include <afs/volser.h>
@ -997,12 +998,6 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
exit(1);
}
if (afsconf_CountKeys(butc_confdir) == 0) {
TLog(0, "WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n");
}
/* Start auditing */
osi_audit_init();
/* Process -audit-interface and -auditlog */
@ -1151,7 +1146,10 @@ WorkerBee(struct cmd_syndesc *as, void *arock)
secObjs = nullObjects;
} else {
/* Must be -localauth, so the cell keys are available. */
afsconf_BuildServerSecurityObjects(butc_confdir, &allObjs, &numClasses);
struct afsconf_bsso_info bsso;
memset(&bsso, 0, sizeof(bsso));
bsso.dir = butc_confdir;
afsconf_BuildServerSecurityObjects_int(&bsso, &allObjs, &numClasses);
secObjs = allObjs;
}

5
src/dviced/NTMakefile
View File

@ -62,6 +62,7 @@ $(FSINTOBJS): $(FSINT)\$$(@B).C
$(C2OBJ) -I$(FSINT) $**
EXELIBS = \
$(DESTDIR)\lib\afs\afsauth.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afs\afscmd.lib \
@ -74,11 +75,13 @@ EXELIBS = \
$(DESTDIR)\lib\afs\daafsvol.lib \
$(DESTDIR)\lib\afs\mtafsvldb.lib \
$(DESTDIR)\lib\afspthread.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afsroken.lib
$(EXEFILE): $(EXEOBJS) $(EXELIBS)
$(EXECONLINK)
$(EXECONLINK) shell32.lib
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)
$(CODESIGN_USERLAND)

3
src/dvolser/NTMakefile
View File

@ -80,6 +80,7 @@ VOLSERVER_EXEOBJS = $(VOLSEROBJS) \
$(OUT)\davolserver.res
VOLSERVER_EXELIBS = \
$(DESTDIR)\lib\afs\afsauth.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(LIBFILE) \
@ -91,6 +92,8 @@ VOLSERVER_EXELIBS = \
$(DESTDIR)\lib\afs\afsprocmgmt.lib \
$(DESTDIR)\lib\afs\afseventlog.lib \
$(DESTDIR)\lib\afs\mtafsutil.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afspthread.lib \
$(DESTDIR)\lib\afsroken.lib

16
src/ptserver/ptserver.c
View File

@ -128,6 +128,7 @@
#include <rx/rxstat.h>
#include <lock.h>
#include <ubik.h>
#include <afs/authcon.h>
#include <afs/cmd.h>
#include <afs/cellconfig.h>
#include <afs/auth.h>
@ -263,6 +264,7 @@ main(int argc, char **argv)
char *auditIface = NULL;
struct cmd_item *auditLogList = NULL;
char *s2s_crypt_behavior = NULL;
struct afsconf_bsso_info bsso;
#ifdef AFS_AIX32_ENV
/*
@ -281,6 +283,8 @@ main(int argc, char **argv)
#endif
osi_audit_init();
memset(&bsso, 0, sizeof(bsso));
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
@ -598,7 +602,10 @@ main(int argc, char **argv)
pt_hook_write();
#endif
afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses);
bsso.dir = prdir;
bsso.logger = FSLog;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses,
&numClasses);
tservice =
rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses,
@ -638,13 +645,6 @@ main(int argc, char **argv)
"1.0",
#endif
"Starting AFS", FSLog);
if (afsconf_CountKeys(prdir) == 0) {
ViceLog(0, ("WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n"));
} else if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
LogDesWarning();
}
rx_StartServer(1);
osi_audit(PTS_FinishEvent, -1, AUD_END);

2
src/tvolser/NTMakefile
View File

@ -82,6 +82,7 @@ VOLSERVER_EXEOBJS = $(VOLSEROBJS) \
$(OUT)\volserver.res
VOLSERVER_EXELIBS = \
$(DESTDIR)\lib\afs\afsauth.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afs\afstvolser.lib \
@ -93,6 +94,7 @@ VOLSERVER_EXELIBS = \
$(DESTDIR)\lib\afs\afsprocmgmt.lib \
$(DESTDIR)\lib\afs\afseventlog.lib \
$(DESTDIR)\lib\afs\mtafsutil.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afspthread.lib \
$(DESTDIR)\lib\afshcrypto.lib \

13
src/update/server.c
View File

@ -26,6 +26,7 @@
#include <rx/xdr.h>
#include <rx/rx.h>
#include <rx/rxkad.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <afs/afsutil.h>
#include <afs/fileutil.h>
@ -204,6 +205,7 @@ main(int argc, char *argv[])
int a = 0;
rxkad_level level;
rxkad_level newLevel;
struct afsconf_bsso_info bsso;
#ifdef AFS_AIX32_ENV
/*
@ -221,6 +223,8 @@ main(int argc, char *argv[])
sigaction(SIGSEGV, &nsa, NULL);
#endif
memset(&bsso, 0, sizeof(bsso));
whoami = argv[0];
#ifdef AFS_NT40_ENV
@ -290,12 +294,6 @@ main(int argc, char *argv[])
exit(1);
}
if (afsconf_CountKeys(cdir) == 0) {
fprintf(stderr, "WARNING: No encryption keys found! "
"All authenticated accesses will fail."
"Run akeyconvert or asetkey to import encryption keys.\n");
}
if (rxBind) {
afs_int32 ccode;
if (AFSDIR_SERVER_NETRESTRICT_FILEPATH ||
@ -320,7 +318,8 @@ main(int argc, char *argv[])
if (rx_InitHost(host, htons(AFSCONF_UPDATEPORT)) < 0)
Quit("rx_init");
afsconf_BuildServerSecurityObjects(cdir, &securityClasses, &numClasses);
bsso.dir = cdir;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses);
if (securityClasses[2] == NULL)
Quit("rxkad_NewServerSecurityObject");

1
src/util/afsutil_prototypes.h
View File

@ -126,7 +126,6 @@ extern int LogThreadNum(void);
extern void LogCommandLine(int argc, char **argv, const char *progname,
const char *version, const char *logstring,
void (*log) (const char *format, ...));
extern void LogDesWarning(void);
extern int GetLogLevel(void);
extern enum logDest GetLogDest(void);
extern const char *GetLogFilename(void);

1
src/util/liboafs_util.la.sym
View File

@ -5,7 +5,6 @@ BufioOpen
FSLog
Int32To_ktimeRelDate
LogCommandLine
LogDesWarning
LogLevel
LogThreadNum
OpenLog

16
src/util/serverLog.c
View File

@ -273,22 +273,6 @@ LogCommandLine(int argc, char **argv, const char *progname,
}
}
/*!
* Write the single-DES deprecation warning to the log.
*/
void
LogDesWarning(void)
{
/* The blank newlines help this stand out a bit more in the log. */
ViceLog(0, ("\n"));
ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n"));
ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n"));
ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n"));
ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n"));
ViceLog(0, ("WARNING: for details.\n"));
ViceLog(0, ("\n"));
}
/*!
* Move the current log file out of the way so a new one can be started.
*

5
src/viced/NTMakefile
View File

@ -68,6 +68,7 @@ $(FSINTOBJS): $(FSINT)\$$(@B).C
$(C2OBJ) -I$(FSINT) $**
EXELIBS = \
$(DESTDIR)\lib\afs\afsauth.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afs\afscmd.lib \
@ -80,13 +81,15 @@ EXELIBS = \
$(DESTDIR)\lib\afs\mtafsvol.lib \
$(DESTDIR)\lib\afs\mtafsvldb.lib \
$(DESTDIR)\lib\afs\mtafsdir.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afspthread.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(EXEFILE): $(EXEOBJS) $(EXELIBS)
$(EXECONLINK)
$(EXECONLINK) shell32.lib
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)
$(CODESIGN_USERLAND)

18
src/viced/viced.c
View File

@ -56,6 +56,7 @@
#include <afs/vnode.h>
#include <afs/volume.h>
#include <afs/auth.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <afs/acl.h>
#include <afs/prs_fs.h>
@ -1840,6 +1841,7 @@ main(int argc, char *argv[])
char hoststr[16];
afs_uint32 rx_bindhost;
VolumePackageOptions opts;
struct afsconf_bsso_info bsso;
#ifdef AFS_AIX32_ENV
struct sigaction nsa;
@ -1852,6 +1854,8 @@ main(int argc, char *argv[])
#endif
osi_audit_init();
memset(&bsso, 0, sizeof(bsso));
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
@ -1897,14 +1901,6 @@ main(int argc, char *argv[])
LogCommandLine(argc, argv, "starting", "", "File server", FSLog);
if (afsconf_CountKeys(confDir) == 0) {
ViceLog(0, ("WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n"));
} else if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
LogDesWarning();
}
/* initialize the pthread soft signal handler thread */
opr_softsig_Init();
SetupLogSoftSignals();
@ -2033,7 +2029,11 @@ main(int argc, char *argv[])
rx_GetIFInfo();
rx_SetRxDeadTime(30);
afsconf_SetSecurityFlags(confDir, AFSCONF_SECOPTS_ALWAYSENCRYPT);
afsconf_BuildServerSecurityObjects(confDir, &securityClasses, &numClasses);
bsso.dir = confDir;
bsso.logger = FSLog;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses,
&numClasses);
tservice = rx_NewServiceHost(rx_bindhost, /* port */ 0, /* service id */
1, /*service name */

15
src/vlserver/vlserver.c
View File

@ -28,6 +28,7 @@
#include <rx/rx.h>
#include <rx/rx_globals.h>
#include <rx/rxstat.h>
#include <afs/authcon.h>
#include <afs/cmd.h>
#include <afs/cellconfig.h>
#include <afs/keys.h>
@ -181,6 +182,7 @@ main(int argc, char **argv)
struct cmd_syndesc *opts;
struct logOptions logopts;
int s2s_rxgk = 0;
struct afsconf_bsso_info bsso;
char *vl_dbaseName;
char *configDir;
@ -211,6 +213,7 @@ main(int argc, char **argv)
osi_audit_init();
memset(&logopts, 0, sizeof(logopts));
memset(&bsso, 0, sizeof(bsso));
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
@ -526,7 +529,10 @@ main(int argc, char **argv)
memset(wr_HostAddress, 0, sizeof(wr_HostAddress));
initialize_dstats();
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
bsso.dir = tdir;
bsso.logger = FSLog;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses,
&numClasses);
tservice =
rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server",
@ -563,13 +569,6 @@ main(int argc, char **argv)
rx_SetMaxProcs(tservice, 4);
LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
if (afsconf_CountKeys(tdir) == 0) {
VLog(0, ("WARNING: No encryption keys found! "
"All authenticated accesses will fail."
"Run akeyconvert or asetkey to import encryption keys.\n"));
} else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
LogDesWarning();
}
VLog(0, ("%s\n", cml_version_number));
/* allow super users to manage RX statistics */

15
src/volser/volmain.c
View File

@ -40,6 +40,7 @@
#include <rx/rxstat.h>
#include <rx/rx_globals.h>
#include <afs/auth.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <afs/keys.h>
#include <afs/dir.h>
@ -438,6 +439,7 @@ main(int argc, char **argv)
char hoststr[16];
afs_uint32 host = ntohl(INADDR_ANY);
VolumePackageOptions opts;
struct afsconf_bsso_info bsso;
#ifdef AFS_AIX32_ENV
/*
@ -456,6 +458,8 @@ main(int argc, char **argv)
#endif
osi_audit_init();
memset(&bsso, 0, sizeof(bsso));
/* Initialize dirpaths */
if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) {
#ifdef AFS_NT40_ENV
@ -593,7 +597,9 @@ main(int argc, char **argv)
/* initialize audit user check */
osi_audit_set_user_check(tdir, vol_IsLocalRealmMatch);
afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses);
bsso.dir = tdir;
bsso.logger = FSLog;
afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses);
if (securityClasses[0] == NULL)
Abort("rxnull_NewServerSecurityObject");
service =
@ -636,13 +642,6 @@ main(int argc, char **argv)
LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS",
Log);
if (afsconf_CountKeys(tdir) == 0) {
Log("WARNING: No encryption keys found! "
"All authenticated accesses will fail. "
"Run akeyconvert or asetkey to import encryption keys.\n");
} else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
LogDesWarning();
}
/* allow super users to manage RX statistics */
rx_SetRxStatUserOk(vol_rxstat_userok);

7
tests/auth/authcon-t.c
View File

@ -34,6 +34,7 @@
#include <rx/rx.h>
#include <rx/rxkad.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <tests/tap/basic.h>
@ -50,6 +51,9 @@ main(int argc, char **argv)
int numClasses;
struct afsconf_typedKey *key;
int code = 0;
struct afsconf_bsso_info bsso;
memset(&bsso, 0, sizeof(bsso));
afstest_SkipTestsIfBadHostname();
@ -67,7 +71,8 @@ main(int argc, char **argv)
/* Server Security objects */
afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
bsso.dir = dir;
afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses);
is_int(5, numClasses, "5 security classes are returned, as expected");
ok(classes[1] == NULL, "The rxvab class is undefined, as requested");
free(classes);

7
tests/common/servers.c
View File

@ -9,6 +9,7 @@
#include <rx/rx.h>
#include <afs/authcon.h>
#include <afs/cellconfig.h>
#include <tests/tap/basic.h>
@ -100,6 +101,9 @@ afstest_StartTestRPCService(const char *configPath,
afs_int32 numClasses;
int code;
struct rx_service *service;
struct afsconf_bsso_info bsso;
memset(&bsso, 0, sizeof(bsso));
dir = afsconf_Open(configPath);
if (dir == NULL) {
@ -117,7 +121,8 @@ afstest_StartTestRPCService(const char *configPath,
kill(signal_pid, SIGUSR1);
}
afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses);
bsso.dir = dir;
afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses);
service = rx_NewService(0, serviceId, "test", classes, numClasses,
proc);
if (service == NULL) {