From 2630e70550defc664efa0952589cf82ed3c51796 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Mon, 10 Feb 2014 15:57:43 -0600 Subject: [PATCH] Move key-related warnings to common server code Each server process can log a couple of different warnings about the server keys found on disk: - If afsconf_GetLatestKey() returns success (indicating a single-DES key is present), we call LogDesWarning(). - If afsconf_CountKeys() returns 0 (indicating there are no keys at all on disk), we log a warning that all authenticated access will fail. Currently, the code to do these checks and log the relevant warning is duplicated across the startup code for nearly every server process. To avoid this duplication, and to make sure the checks aren't accidentally skipped for anyone, move these checks to afsconf_BuildServerSecurityObjects, which every server process calls. We must add an additional parameter to afsconf_BuildServerSecurityObjects to handle the different logging mechanism these servers use, but afsconf_BuildServerSecurityObjects is declared in a public header (cellconfig.h), and is exported in a public library (libafsauthent). So to avoid changing a public symbol, introduce a new variant of the function, called afsconf_BuildServerSecurityObjects_int. Declare this in a new internal header, authcon.h. We don't have easily-usable logging functions for upserver and butc, so just don't log the warnings for those. For ubik servers, don't update ubik_SetServerSecurityProcs to use the new function; the initial call to afsconf_BuildServerSecurityObjects_int in the server's startup code will cover logging the warning on startup. Change-Id: I5d5fceefdaf907f96db9f1c0d21ceb6957299a59 Reviewed-on: https://gerrit.openafs.org/10831 Tested-by: Andrew Deason Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- src/auth/Makefile.in | 6 +++- src/auth/NTMakefile | 1 + src/auth/authcon.c | 60 ++++++++++++++++++++++++++++++++--- src/auth/authcon.h | 46 +++++++++++++++++++++++++++ src/auth/liboafs_auth.la.sym | 1 + src/bozo/bosserver.c | 15 +++++---- src/budb/server.c | 14 ++++---- src/butc/tcmain.c | 12 +++---- src/dviced/NTMakefile | 5 ++- src/dvolser/NTMakefile | 3 ++ src/ptserver/ptserver.c | 16 +++++----- src/tvolser/NTMakefile | 2 ++ src/update/server.c | 13 ++++---- src/util/afsutil_prototypes.h | 1 - src/util/liboafs_util.la.sym | 1 - src/util/serverLog.c | 16 ---------- src/viced/NTMakefile | 5 ++- src/viced/viced.c | 18 +++++------ src/vlserver/vlserver.c | 15 ++++----- src/volser/volmain.c | 15 ++++----- tests/auth/authcon-t.c | 7 +++- tests/common/servers.c | 7 +++- 22 files changed, 191 insertions(+), 88 deletions(-) create mode 100644 src/auth/authcon.h diff --git a/src/auth/Makefile.in b/src/auth/Makefile.in index 1d12db34dc..9db74f9dea 100644 --- a/src/auth/Makefile.in +++ b/src/auth/Makefile.in @@ -36,7 +36,7 @@ LIBS=libauth.a \ ${TOP_LIBDIR}/liblwp.a \ ${TOP_LIBDIR}/util.a -INCLS=cellconfig.h auth.h keys.h internal.h token.h +INCLS=cellconfig.h auth.h authcon.h keys.h internal.h token.h all: liboafs_auth.la libauth_pic.la libpam_auth.la \ ${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/libauth.krb.a \ @@ -45,6 +45,7 @@ all: liboafs_auth.la libauth_pic.la libpam_auth.la \ depinstall: ${TOP_INCDIR}/afs/keys.h \ ${TOP_INCDIR}/afs/cellconfig.h \ ${TOP_INCDIR}/afs/auth.h \ + ${TOP_INCDIR}/afs/authcon.h \ ${TOP_INCDIR}/afs/ktc.h \ ${TOP_INCDIR}/afs/token.h \ token.h \ @@ -65,6 +66,9 @@ ${TOP_INCDIR}/afs/cellconfig.h: cellconfig.h ${TOP_INCDIR}/afs/auth.h: auth.h ${INSTALL_DATA} $? $@ +${TOP_INCDIR}/afs/authcon.h: authcon.h + ${INSTALL_DATA} $? $@ + ${TOP_INCDIR}/afs/ktc.h: ktc.h ${INSTALL_DATA} $? $@ diff --git a/src/auth/NTMakefile b/src/auth/NTMakefile index c680d31d6f..28bca867a0 100644 --- a/src/auth/NTMakefile +++ b/src/auth/NTMakefile @@ -14,6 +14,7 @@ INCFILEDIR = $(DESTDIR)\include\afs # header file install directory INCFILES =\ $(INCFILEDIR)\auth.h \ + $(INCFILEDIR)\authcon.h \ $(INCFILEDIR)\cellconfig.h \ $(INCFILEDIR)\keys.h \ $(INCFILEDIR)\token.h diff --git a/src/auth/authcon.c b/src/auth/authcon.c index afb8f3f3bd..b39cef0e85 100644 --- a/src/auth/authcon.c +++ b/src/auth/authcon.c @@ -30,6 +30,7 @@ #include "keys.h" #include "ktc.h" #include "auth.h" +#include "authcon.h" #ifdef AFS_RXGK_ENV # include @@ -383,16 +384,67 @@ afsconf_SetSecurityFlags(struct afsconf_dir *dir, dir->securityFlags = flags; } +static void +LogDesWarning(struct afsconf_bsso_info *info) +{ + if (info->logger == NULL) { + return; + } + /* The blank newlines help this stand out a bit more in the log. */ + (*info->logger)("\n"); + (*info->logger)("WARNING: You are using single-DES keys in a KeyFile. Using " + "single-DES\n"); + (*info->logger)("WARNING: long-term keys is considered insecure, and it is " + "strongly\n"); + (*info->logger)("WARNING: recommended that you migrate to stronger " + "encryption. See\n"); + (*info->logger)("WARNING: OPENAFS-SA-2013-003 on " + "http://www.openafs.org/security/\n"); + (*info->logger)("WARNING: for details.\n"); + (*info->logger)("\n"); +} + +static void +LogNoKeysWarning(struct afsconf_bsso_info *info) +{ + if (info->logger == NULL) { + return; + } + (*info->logger)("WARNING: No encryption keys found! " + "All authenticated accesses will fail. " + "Run akeyconvert or asetkey to import encryption keys.\n"); +} + +/* Older version of afsconf_BuildServerSecurityObjects_int. In-tree callers + * should use afsconf_BuildServerSecurityObjects_int where possible. */ +void +afsconf_BuildServerSecurityObjects(void *rock, + struct rx_securityClass ***classes, + afs_int32 *numClasses) +{ + struct afsconf_bsso_info info; + memset(&info, 0, sizeof(info)); + info.dir = rock; + afsconf_BuildServerSecurityObjects_int(&info, classes, numClasses); +} + /*! * Build a set of security classes suitable for a server accepting * incoming connections */ void -afsconf_BuildServerSecurityObjects(void *rock, - struct rx_securityClass ***classes, - afs_int32 *numClasses) +afsconf_BuildServerSecurityObjects_int(struct afsconf_bsso_info *info, + struct rx_securityClass ***classes, + afs_int32 *numClasses) { - struct afsconf_dir *dir = rock; + struct afsconf_dir *dir = info->dir; + + if (afsconf_GetLatestKey(dir, NULL, NULL) == 0) { + LogDesWarning(info); + } + if (afsconf_CountKeys(dir) == 0) { + LogNoKeysWarning(info); + } *numClasses = RX_SECIDX_GK+1; diff --git a/src/auth/authcon.h b/src/auth/authcon.h new file mode 100644 index 0000000000..beb616a3a2 --- /dev/null +++ b/src/auth/authcon.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2020 Sine Nomine Associates. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO + * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef OPENAFS_AUTH_AUTHCON_H +#define OPENAFS_AUTH_AUTHCON_H + +/* + * authcon.h - Header for authcon.c-related items that are not public + * interfaces exported to outside the OpenAFS tree. + */ + +#include + +struct afsconf_bsso_info { + struct afsconf_dir *dir; + void (*logger)(const char *format, ...); +}; + +void afsconf_BuildServerSecurityObjects_int(struct afsconf_bsso_info *info, + struct rx_securityClass ***classes, + afs_int32 *numClasses); + +#endif /* OPENAFS_AUTH_AUTHCON_H */ diff --git a/src/auth/liboafs_auth.la.sym b/src/auth/liboafs_auth.la.sym index 561ddfa5fa..5c9bf9be79 100644 --- a/src/auth/liboafs_auth.la.sym +++ b/src/auth/liboafs_auth.la.sym @@ -1,5 +1,6 @@ afsconf_AddTypedKey afsconf_BuildServerSecurityObjects +afsconf_BuildServerSecurityObjects_int afsconf_CellAliasApply afsconf_CellApply afsconf_CheckAuth diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c index f470e60dc0..d29fdaab25 100644 --- a/src/bozo/bosserver.c +++ b/src/bozo/bosserver.c @@ -44,6 +44,7 @@ #include #include #include +#include #include #include @@ -883,6 +884,7 @@ main(int argc, char **argv, char **envp) int DoPeerRPCStats = 0; int DoProcessRPCStats = 0; struct stat sb; + struct afsconf_bsso_info bsso; #ifndef AFS_NT40_ENV int nofork = 0; #endif @@ -910,6 +912,8 @@ main(int argc, char **argv, char **envp) osi_audit_init(); signal(SIGFPE, bozo_insecureme); + memset(&bsso, 0, sizeof(bsso)); + #ifdef AFS_NT40_ENV /* Initialize winsock */ if (afs_winsockInit() < 0) { @@ -1145,12 +1149,6 @@ main(int argc, char **argv, char **envp) /* opened the cell databse */ bozo_confdir = tdir; - if (afsconf_CountKeys(bozo_confdir) == 0) { - bozo_Log("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - code = bnode_Init(); if (code) { printf("bosserver: could not init bnode package, code %d\n", code); @@ -1235,7 +1233,10 @@ main(int argc, char **argv, char **envp) rx_SetRxStatUserOk(bozo_rxstat_userok); afsconf_SetNoAuthFlag(tdir, noAuth); - afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); + + bsso.dir = tdir; + bsso.logger = bozo_Log; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses); if (DoPidFiles) { bozo_CreatePidFile("bosserver", NULL, getpid()); diff --git a/src/budb/server.c b/src/budb/server.c index 97a700c5ba..6a5fa61165 100644 --- a/src/budb/server.c +++ b/src/budb/server.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -374,6 +375,7 @@ main(int argc, char **argv) struct rx_service *tservice; struct rx_securityClass **securityClasses; afs_int32 numClasses; + struct afsconf_bsso_info bsso; extern int rx_stackSize; @@ -404,6 +406,7 @@ main(int argc, char **argv) memset(&cellinfo_s, 0, sizeof(cellinfo_s)); memset(clones, 0, sizeof(clones)); + memset(&bsso, 0, sizeof(bsso)); memset(&logopts, 0, sizeof(logopts)); logopts.lopt_dest = logDest_file; @@ -466,12 +469,6 @@ main(int argc, char **argv) ERROR(BUDB_NOCELLS); } - if (afsconf_CountKeys(BU_conf) == 0) { - LogError(0, "WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - code = afsconf_GetLocalCell(BU_conf, lcell, sizeof(lcell)); if (code) { LogError(0, "** Can't determine local cell name!\n"); @@ -571,7 +568,10 @@ main(int argc, char **argv) ERROR(code); } - afsconf_BuildServerSecurityObjects(BU_conf, &securityClasses, &numClasses); + bsso.dir = BU_conf; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(host, 0, BUDB_SERVICE, "BackupDatabase", diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c index d151fbd87e..1feccf3875 100644 --- a/src/butc/tcmain.c +++ b/src/butc/tcmain.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -997,12 +998,6 @@ WorkerBee(struct cmd_syndesc *as, void *arock) exit(1); } - if (afsconf_CountKeys(butc_confdir) == 0) { - TLog(0, "WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - /* Start auditing */ osi_audit_init(); /* Process -audit-interface and -auditlog */ @@ -1151,7 +1146,10 @@ WorkerBee(struct cmd_syndesc *as, void *arock) secObjs = nullObjects; } else { /* Must be -localauth, so the cell keys are available. */ - afsconf_BuildServerSecurityObjects(butc_confdir, &allObjs, &numClasses); + struct afsconf_bsso_info bsso; + memset(&bsso, 0, sizeof(bsso)); + bsso.dir = butc_confdir; + afsconf_BuildServerSecurityObjects_int(&bsso, &allObjs, &numClasses); secObjs = allObjs; } diff --git a/src/dviced/NTMakefile b/src/dviced/NTMakefile index af7a0f5f1a..5fd6178594 100644 --- a/src/dviced/NTMakefile +++ b/src/dviced/NTMakefile @@ -62,6 +62,7 @@ $(FSINTOBJS): $(FSINT)\$$(@B).C $(C2OBJ) -I$(FSINT) $** EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(DESTDIR)\lib\afs\afscmd.lib \ @@ -74,11 +75,13 @@ EXELIBS = \ $(DESTDIR)\lib\afs\daafsvol.lib \ $(DESTDIR)\lib\afs\mtafsvldb.lib \ $(DESTDIR)\lib\afspthread.lib \ + $(DESTDIR)\lib\afshcrypto.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afsroken.lib $(EXEFILE): $(EXEOBJS) $(EXELIBS) - $(EXECONLINK) + $(EXECONLINK) shell32.lib $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/dvolser/NTMakefile b/src/dvolser/NTMakefile index f858fbb253..8ddae02746 100644 --- a/src/dvolser/NTMakefile +++ b/src/dvolser/NTMakefile @@ -80,6 +80,7 @@ VOLSERVER_EXEOBJS = $(VOLSEROBJS) \ $(OUT)\davolserver.res VOLSERVER_EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(LIBFILE) \ @@ -91,6 +92,8 @@ VOLSERVER_EXELIBS = \ $(DESTDIR)\lib\afs\afsprocmgmt.lib \ $(DESTDIR)\lib\afs\afseventlog.lib \ $(DESTDIR)\lib\afs\mtafsutil.lib \ + $(DESTDIR)\lib\afshcrypto.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afspthread.lib \ $(DESTDIR)\lib\afsroken.lib diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c index d90a319269..64a35f61c0 100644 --- a/src/ptserver/ptserver.c +++ b/src/ptserver/ptserver.c @@ -128,6 +128,7 @@ #include #include #include +#include #include #include #include @@ -263,6 +264,7 @@ main(int argc, char **argv) char *auditIface = NULL; struct cmd_item *auditLogList = NULL; char *s2s_crypt_behavior = NULL; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV /* @@ -281,6 +283,8 @@ main(int argc, char **argv) #endif osi_audit_init(); + memset(&bsso, 0, sizeof(bsso)); + /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV @@ -598,7 +602,10 @@ main(int argc, char **argv) pt_hook_write(); #endif - afsconf_BuildServerSecurityObjects(prdir, &securityClasses, &numClasses); + bsso.dir = prdir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(host, 0, PRSRV, "Protection Server", securityClasses, @@ -638,13 +645,6 @@ main(int argc, char **argv) "1.0", #endif "Starting AFS", FSLog); - if (afsconf_CountKeys(prdir) == 0) { - ViceLog(0, ("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n")); - } else if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) { - LogDesWarning(); - } rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); diff --git a/src/tvolser/NTMakefile b/src/tvolser/NTMakefile index ee092b0403..7d8e06d6d1 100644 --- a/src/tvolser/NTMakefile +++ b/src/tvolser/NTMakefile @@ -82,6 +82,7 @@ VOLSERVER_EXEOBJS = $(VOLSEROBJS) \ $(OUT)\volserver.res VOLSERVER_EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(DESTDIR)\lib\afs\afstvolser.lib \ @@ -93,6 +94,7 @@ VOLSERVER_EXELIBS = \ $(DESTDIR)\lib\afs\afsprocmgmt.lib \ $(DESTDIR)\lib\afs\afseventlog.lib \ $(DESTDIR)\lib\afs\mtafsutil.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afspthread.lib \ $(DESTDIR)\lib\afshcrypto.lib \ diff --git a/src/update/server.c b/src/update/server.c index 7a5e33bf4b..29b939922a 100644 --- a/src/update/server.c +++ b/src/update/server.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -204,6 +205,7 @@ main(int argc, char *argv[]) int a = 0; rxkad_level level; rxkad_level newLevel; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV /* @@ -221,6 +223,8 @@ main(int argc, char *argv[]) sigaction(SIGSEGV, &nsa, NULL); #endif + memset(&bsso, 0, sizeof(bsso)); + whoami = argv[0]; #ifdef AFS_NT40_ENV @@ -290,12 +294,6 @@ main(int argc, char *argv[]) exit(1); } - if (afsconf_CountKeys(cdir) == 0) { - fprintf(stderr, "WARNING: No encryption keys found! " - "All authenticated accesses will fail." - "Run akeyconvert or asetkey to import encryption keys.\n"); - } - if (rxBind) { afs_int32 ccode; if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || @@ -320,7 +318,8 @@ main(int argc, char *argv[]) if (rx_InitHost(host, htons(AFSCONF_UPDATEPORT)) < 0) Quit("rx_init"); - afsconf_BuildServerSecurityObjects(cdir, &securityClasses, &numClasses); + bsso.dir = cdir; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses); if (securityClasses[2] == NULL) Quit("rxkad_NewServerSecurityObject"); diff --git a/src/util/afsutil_prototypes.h b/src/util/afsutil_prototypes.h index 21f8378ddc..cdedc9aad9 100644 --- a/src/util/afsutil_prototypes.h +++ b/src/util/afsutil_prototypes.h @@ -126,7 +126,6 @@ extern int LogThreadNum(void); extern void LogCommandLine(int argc, char **argv, const char *progname, const char *version, const char *logstring, void (*log) (const char *format, ...)); -extern void LogDesWarning(void); extern int GetLogLevel(void); extern enum logDest GetLogDest(void); extern const char *GetLogFilename(void); diff --git a/src/util/liboafs_util.la.sym b/src/util/liboafs_util.la.sym index 1d2de7cd4b..5679dff598 100644 --- a/src/util/liboafs_util.la.sym +++ b/src/util/liboafs_util.la.sym @@ -5,7 +5,6 @@ BufioOpen FSLog Int32To_ktimeRelDate LogCommandLine -LogDesWarning LogLevel LogThreadNum OpenLog diff --git a/src/util/serverLog.c b/src/util/serverLog.c index 60e8517f74..d5d3728846 100644 --- a/src/util/serverLog.c +++ b/src/util/serverLog.c @@ -273,22 +273,6 @@ LogCommandLine(int argc, char **argv, const char *progname, } } -/*! - * Write the single-DES deprecation warning to the log. - */ -void -LogDesWarning(void) -{ - /* The blank newlines help this stand out a bit more in the log. */ - ViceLog(0, ("\n")); - ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n")); - ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n")); - ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n")); - ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n")); - ViceLog(0, ("WARNING: for details.\n")); - ViceLog(0, ("\n")); -} - /*! * Move the current log file out of the way so a new one can be started. * diff --git a/src/viced/NTMakefile b/src/viced/NTMakefile index 43e5c2bab4..7b451b8ddd 100644 --- a/src/viced/NTMakefile +++ b/src/viced/NTMakefile @@ -68,6 +68,7 @@ $(FSINTOBJS): $(FSINT)\$$(@B).C $(C2OBJ) -I$(FSINT) $** EXELIBS = \ + $(DESTDIR)\lib\afs\afsauth.lib \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\afsrpc.lib \ $(DESTDIR)\lib\afs\afscmd.lib \ @@ -80,13 +81,15 @@ EXELIBS = \ $(DESTDIR)\lib\afs\mtafsvol.lib \ $(DESTDIR)\lib\afs\mtafsvldb.lib \ $(DESTDIR)\lib\afs\mtafsdir.lib \ + $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afspthread.lib \ + $(DESTDIR)\lib\afshcrypto.lib \ $(DESTDIR)\lib\afsroken.lib \ $(DESTDIR)\lib\afsrfc3961.lib $(EXEFILE): $(EXEOBJS) $(EXELIBS) - $(EXECONLINK) + $(EXECONLINK) shell32.lib $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/viced/viced.c b/src/viced/viced.c index 5326a53ffc..b34436a007 100644 --- a/src/viced/viced.c +++ b/src/viced/viced.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -1840,6 +1841,7 @@ main(int argc, char *argv[]) char hoststr[16]; afs_uint32 rx_bindhost; VolumePackageOptions opts; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV struct sigaction nsa; @@ -1852,6 +1854,8 @@ main(int argc, char *argv[]) #endif osi_audit_init(); + memset(&bsso, 0, sizeof(bsso)); + /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV @@ -1897,14 +1901,6 @@ main(int argc, char *argv[]) LogCommandLine(argc, argv, "starting", "", "File server", FSLog); - if (afsconf_CountKeys(confDir) == 0) { - ViceLog(0, ("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n")); - } else if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) { - LogDesWarning(); - } - /* initialize the pthread soft signal handler thread */ opr_softsig_Init(); SetupLogSoftSignals(); @@ -2033,7 +2029,11 @@ main(int argc, char *argv[]) rx_GetIFInfo(); rx_SetRxDeadTime(30); afsconf_SetSecurityFlags(confDir, AFSCONF_SECOPTS_ALWAYSENCRYPT); - afsconf_BuildServerSecurityObjects(confDir, &securityClasses, &numClasses); + + bsso.dir = confDir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(rx_bindhost, /* port */ 0, /* service id */ 1, /*service name */ diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c index f7f80e1d59..5ce8aca5e2 100644 --- a/src/vlserver/vlserver.c +++ b/src/vlserver/vlserver.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -181,6 +182,7 @@ main(int argc, char **argv) struct cmd_syndesc *opts; struct logOptions logopts; int s2s_rxgk = 0; + struct afsconf_bsso_info bsso; char *vl_dbaseName; char *configDir; @@ -211,6 +213,7 @@ main(int argc, char **argv) osi_audit_init(); memset(&logopts, 0, sizeof(logopts)); + memset(&bsso, 0, sizeof(bsso)); /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { @@ -526,7 +529,10 @@ main(int argc, char **argv) memset(wr_HostAddress, 0, sizeof(wr_HostAddress)); initialize_dstats(); - afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); + bsso.dir = tdir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, + &numClasses); tservice = rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", @@ -563,13 +569,6 @@ main(int argc, char **argv) rx_SetMaxProcs(tservice, 4); LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog); - if (afsconf_CountKeys(tdir) == 0) { - VLog(0, ("WARNING: No encryption keys found! " - "All authenticated accesses will fail." - "Run akeyconvert or asetkey to import encryption keys.\n")); - } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { - LogDesWarning(); - } VLog(0, ("%s\n", cml_version_number)); /* allow super users to manage RX statistics */ diff --git a/src/volser/volmain.c b/src/volser/volmain.c index 68db1fbb20..5d0474b473 100644 --- a/src/volser/volmain.c +++ b/src/volser/volmain.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include @@ -438,6 +439,7 @@ main(int argc, char **argv) char hoststr[16]; afs_uint32 host = ntohl(INADDR_ANY); VolumePackageOptions opts; + struct afsconf_bsso_info bsso; #ifdef AFS_AIX32_ENV /* @@ -456,6 +458,8 @@ main(int argc, char **argv) #endif osi_audit_init(); + memset(&bsso, 0, sizeof(bsso)); + /* Initialize dirpaths */ if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK)) { #ifdef AFS_NT40_ENV @@ -593,7 +597,9 @@ main(int argc, char **argv) /* initialize audit user check */ osi_audit_set_user_check(tdir, vol_IsLocalRealmMatch); - afsconf_BuildServerSecurityObjects(tdir, &securityClasses, &numClasses); + bsso.dir = tdir; + bsso.logger = FSLog; + afsconf_BuildServerSecurityObjects_int(&bsso, &securityClasses, &numClasses); if (securityClasses[0] == NULL) Abort("rxnull_NewServerSecurityObject"); service = @@ -636,13 +642,6 @@ main(int argc, char **argv) LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); - if (afsconf_CountKeys(tdir) == 0) { - Log("WARNING: No encryption keys found! " - "All authenticated accesses will fail. " - "Run akeyconvert or asetkey to import encryption keys.\n"); - } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { - LogDesWarning(); - } /* allow super users to manage RX statistics */ rx_SetRxStatUserOk(vol_rxstat_userok); diff --git a/tests/auth/authcon-t.c b/tests/auth/authcon-t.c index 5bcd74c000..0107b16ce8 100644 --- a/tests/auth/authcon-t.c +++ b/tests/auth/authcon-t.c @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -50,6 +51,9 @@ main(int argc, char **argv) int numClasses; struct afsconf_typedKey *key; int code = 0; + struct afsconf_bsso_info bsso; + + memset(&bsso, 0, sizeof(bsso)); afstest_SkipTestsIfBadHostname(); @@ -67,7 +71,8 @@ main(int argc, char **argv) /* Server Security objects */ - afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses); + bsso.dir = dir; + afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses); is_int(5, numClasses, "5 security classes are returned, as expected"); ok(classes[1] == NULL, "The rxvab class is undefined, as requested"); free(classes); diff --git a/tests/common/servers.c b/tests/common/servers.c index 716b0ca1ac..27bec5160a 100644 --- a/tests/common/servers.c +++ b/tests/common/servers.c @@ -9,6 +9,7 @@ #include +#include #include #include @@ -100,6 +101,9 @@ afstest_StartTestRPCService(const char *configPath, afs_int32 numClasses; int code; struct rx_service *service; + struct afsconf_bsso_info bsso; + + memset(&bsso, 0, sizeof(bsso)); dir = afsconf_Open(configPath); if (dir == NULL) { @@ -117,7 +121,8 @@ afstest_StartTestRPCService(const char *configPath, kill(signal_pid, SIGUSR1); } - afsconf_BuildServerSecurityObjects(dir, &classes, &numClasses); + bsso.dir = dir; + afsconf_BuildServerSecurityObjects_int(&bsso, &classes, &numClasses); service = rx_NewService(0, serviceId, "test", classes, numClasses, proc); if (service == NULL) {