Gerrits #13774 (audit: Support multiple audit interfaces and interface
options) and #13775 (audit: Add cmd helper for processing audit options)
added support in the audit facility for multiple audit logs.
Add command line support to use multiple audit logs for daemons that use
libcmd for command line processing: bosserver, buserver, butc,
fileserver, volserver, ptserver, and vlserver.
Update the daemons to add a call to audit_open, and where possible add a
call to audit_close when shutting down the daemon.
Update help message and manpage entries for -auditlog and
-audit-interface
Change-Id: I4356e1aa84f580897a0e788e2a2829685be891aa
Reviewed-on: https://gerrit.openafs.org/13776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
The butc -localauth option is available to use the cell-wide key to
authenticate to the vlserver and buserver, which in normal deployments
will require incoming connections to be authenticated as a superuser.
In such cases, the cell-wide key is also available for use in
authenticating incoming connections to the butc, which would otherwise
have been completely unauthenticated.
Because of the security hazards of allowing unauthenticaed inbound
RPCs, especially ones that manipulate backup information and are allowed
to initiate outboud RPCs authenticated as the superuser, default to
not allowing unauthenticated inbound RPCs at all. Provide an opt-out
command-line argument for deployments that require this functionality
and have configured their network environment (firewall/etc.) appropriately.
Change-Id: Ia6349757a4c6d59d1853df1a844e210d32c14feb
Make the actual implementations into helper functions, with the RPC
stubs calling the helpers and doing the auditing on the results, akin
to most other server programs in the tree. This relies on support for
some additional types having been added to the audit framework.
Change-Id: Ic872d6dfc7854fa28bd3dc2277e92c7919d0d0c0
Add a manual page for the KeyFileExt file.
Add cross-references from all places which currently reference
KeyFile(5), and update their body text accordingly.
Change-Id: Iab56847fcb59dda0c8a344a626ddb0ff35b98b26
Reviewed-on: http://gerrit.openafs.org/11770
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Change references to the documentation sets that we still ship to
reference the OpenAFS manuals instead of the IBM AFS manuals. Remove
references to the IBM AFS/DFS Migration documentation, since that
doesn't appear to be available anywhere any more, replacing them where
relevant to more generic references to the DFS documentation. Add
links to docs.openafs.org for mentions of the manuals in SEE ALSO, and
standardize on one link format. Replace a few references to the IBM
AFS Release Notes with the actual information in those notes, or drop
the reference if it doesn't seem particularly useful.
Change-Id: Ie9666842f1315891c6a9c37c0424200f4b78bff7
Reviewed-on: http://gerrit.openafs.org/2031
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Implement proper synopsis wrapping for HTML generation.
This was done in three pieces. First, add HTML-specific tags to the POD to
mark the synopsis for HTML purposes so that we can apply style information
to it. Second, update the style sheet to indent all lines except for the
first in the synopsis section. Third, add the appropriate S<> tags around
option and argument pairs so that we don't wrap between the option and its
argument.
Unfortunately, due to the <I<foo>> style that looks nicer for other reasons,
we have to use the very verbose S<<< >>>. Oh well.
This completes the first editing pass of the man pages. Very little
content editing has been done, but the server and client versions of
various man pages have been combined into a single man page for the
file (affects CellServDB, ThisCell, NetInfo, and NetRestrict), the
descriptions of the various AFS cache files have been combined into one
afs_cache man page, and the descriptions of the two butc log files have
been combined into one butc_logs man page.
For man pages for databases with two files, symlinks are now created on
installation for the secondary file name.
All of the man pages should now be ready for public review, additional
editing and cleanup, and content editing.
This completes the initial editing pass of the section eight man pages.
Only small amounts of content editing has been done. Some known problems
have been noted in README, but there will doubtless be others, as well as
some lingering formatting problems. However, the quality should now be
good enough for general public review.
Some of the section eight man pages were really supposed to be section one,
the package apropros and package help commands are too useless to document,
and a few of the difficult-to-name section five man pages have now acquired
names.
Complete an initial editing and cleanup pass for all section one man pages.
Fix various conversion problems, formatting inconsistencies, and obvious
problems. Please note that no editing for content has yet been done; this
is solely editing for formatting and correct conversion to POD.
Also, add some additional section five man pages that were omitted from the
first conversion run due to unusual file names, and globally replace
CAVEATS with CAUTIONS in the man pages to match the original section name.
The section one man pages should now be in reasonable shape and ready for
additional review and further updates, although there are probably still
remaining obvious problems.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
This file got the wrong name when it was originally committed. Fix.
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages. The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available. The Makefile only installs. The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).
This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.
This is only the first step, and this initial conversion has various
problems. In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later. Some of the
man pages have syntax problems and all of them have formatting errors. The
next editing pass, coming shortly, will clean up most of the remaining
mess.
