Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 2630e70550)
Change-Id: Ib37b92cfccbf161d72d2db73eeaea6fd8b312961
Reviewed-on: https://gerrit.openafs.org/15316
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The SOURCE and BUILD environment variables have been changed to
C_TAP_SOURCE and C_TAP_BUILD in the new version of c-tap-harness. The
runtests command syntax has changed as well.
Convert all of the old SOURCE and BUILD environment variables to the new
C_TAP_SOURCE and C_TAP_BUILD names.
Add the required -l command line option to specify the test list.
Add the new runtests -v option to run the tests in verbose mode to make
it easier to see which tests failed.
Reviewed-on: https://gerrit.openafs.org/14295
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 624219a1b2)
Change-Id: I3a1ed224a6271918711bdd520094df348d7f8cae
Reviewed-on: https://gerrit.openafs.org/14880
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The auth/superuser-t test runs an Rx server and client in two child
processes. If the client process tries to contact the server before
the server has started listening on its port, some tests involving
RPCs can fail (notably test 39, "Can run a simple RPC").
Normally if we try to contact a server that's not there, Rx will try
resending its packets a few times, but on Linux with AFS_RXERRQ_ENV,
if the port isn't open at all, we can get an ICMP_PORT_UNREACH error,
which causes the relevant Rx call to die immediately with
RX_CALL_DEAD.
This means that if the auth/superuser-t client is only just a bit
faster than the server starting up, tests can fail, since the server's
port is not open yet.
To avoid this, we can wait until the server's port is open before
starting the client process. To do this, have the server process send
a SIGUSR1 to the parent after rx_Init() is called, and have the parent
process wait for the SIGUSR1 (waiting for a max of 5 seconds before
failing). This should guarantee that the server's port will be open by
the time the client starts running.
Note that before commit 086d1858 (LINUX: Include linux/time.h for
linux/errqueue.h), AFS_RXERRQ_ENV was mistakenly disabled on Linux
3.17+, so this issue was probably not possible on recent Linux before
that commit.
Reviewed-on: https://gerrit.openafs.org/14109
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
(cherry picked from commit 66d0f91791)
Change-Id: Ia6c06ca9a05e33b3bc35238d9c0d18e7ff339438
Reviewed-on: https://gerrit.openafs.org/14290
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Currently, in tests/volser/vos-t.c we call afs_com_err as
"authname-t", which is clearly a mistake during some code refactoring
(introduced in commit 2ce3fdc5, "tests: Abstract out code to produce a
Ubik client").
We could just change this to "vos-t", but instead of specifying
constant strings everywhere, change this to figure out what the
current command is called, and just use that. Put this code into a new
function, afstest_GetProgname, and convert existing tests to use that
instead of hard-coding the program name given to afs_com_err.
Reviewed-on: https://gerrit.openafs.org/13991
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit a21a2f8edb)
Change-Id: I3d410d6de132f8a0fffeb9cce32a912fe3bbdc20
Reviewed-on: https://gerrit.openafs.org/14289
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The return value of asprintf() is the number of bytes printed, or -1 if there
was an error allocating a large enough buffer. In the latter case, the value
of the result string is undefined, and so it cannot be counted on to be NULL.
This change fixes numerous places where the result of asprintf is checked
incorrectly (by examining the output pointer and not the return value) or not
at all.
Change-Id: I9fef14d60c096795d59c42798f3906041fb18c86
Reviewed-on: http://gerrit.openafs.org/9978
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Make afstest_UnlinkTestConfig clean up and remove the specified
directory regardless of which files are present. This means
the function no longer has to track the current state of which
files may be present as tests are added and modified.
A sanity check is added to prevent damage in case the function is
called for an inappropriate directory.
As before, no cleaning is done if the test is run outside of a
"make check".
Change-Id: Idd092040496aaa2566c8693496fefd7d6f247565
Reviewed-on: http://gerrit.openafs.org/9703
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
In the case of a host where gethostbyname is unable to resolve
the hostname, afstest_BuildTestConfig() may return NULL which
can cause several tests to crash.
Add a common function to look out for this condition and use it where
appropriate. When it occurs, the current module is skipped and
the user gets an error message that indicates the configuration
problem.
Change-Id: I7216876eb2424368f415e5759e2b95009ad055b2
Reviewed-on: http://gerrit.openafs.org/9120
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Call the configuration directory cleanup function before exiting
so there are no files left behind, even in case of error.
Add KeyFileExt to the list of files that are removed.
Change-Id: Ie795bef0d44609b36950970244c02a6c6da1a843
Reviewed-on: http://gerrit.openafs.org/8142
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Simon Wilkinson <simonxwilkinson@gmail.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reformat the loopback tests to match our house style - 4 spaces for
first indent, a tab for the second, and so on, opening brace of a
function on a newline, spaces around assignments, and so on.
Change-Id: I54f168ca143e7ff46c9d82289331b8314849f848
Reviewed-on: http://gerrit.openafs.org/8229
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Remove the unused h_errno extern, which in turn removes the need
for disabling strict prototype warnings in the Makefile
Use roken.h, instead of hardcoding system libraries
Change-Id: Ie654c77ff60ed14fc3b659fa3eb527535be71164
Reviewed-on: http://gerrit.openafs.org/8228
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Lots of our tests want to start a test RPC server, and then run
commands against it. Start to abstract out the code to do this
by pulling the code to start a test RPC server into its own
function in the common test directory.
Change-Id: Ie7fa1fa1984113f3722def17a9fd4b98993bd6ff
Reviewed-on: http://gerrit.openafs.org/7584
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@secure-endpoints.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Move the token faking code out of superuser-t.c into its own file in
tests/common, so it can be used by other tests.
Change-Id: I7b420250ef974b4b80a8dde692d2666657bb82ca
Reviewed-on: http://gerrit.openafs.org/7259
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
The StopVLServer function can be used to stop any server for which
we know the pid. So, rename it as afstest_StopServer to make this
apparent.
Change-Id: Ia5973342e81dc15a698e84e69b314cd6157831f7
Reviewed-on: http://gerrit.openafs.org/7258
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Abstract out the code which the volser test uses to produce a
ubik client so that it can be used to test other ubik services
Change-Id: I800fda9e53ad45c91f3de8eceea387cc011dda3c
Reviewed-on: http://gerrit.openafs.org/7257
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Add krb.conf and krb.excl support to the auth cell configuration
library. Provide a function to determine if the user is local to the
cell. Provide a function to set the local realms during application
initialization. These changes are intended to replace the functions
afs_krb_get_lrealm and afs_is_foreign_ticket_name.
Change-Id: Iba57e9ffc2c958f3a4565a9352ce172189276ce9
Reviewed-on: http://gerrit.openafs.org/5744
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
When creating the test CellServDB, use the IP address of the machine
that we are running on, rather than 127.0.0.1. This makes it possible
to actually start up ubik servers using this CellServDB.
Change-Id: Iec0be80921dd1f01825177562f8a3dcc59400b9a
Reviewed-on: http://gerrit.openafs.org/4808
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Make the code which adds a new (static) DES key to a cell's
configuration generally available, as this will also be useful in
constructing other tests
Change-Id: I5d284016628e9d25a198607ffd6f8f1a63ddf652
Reviewed-on: http://gerrit.openafs.org/4807
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Move code for faking up an OpenAFS configuration directory into its
own "common" directory, as it's going to be of use to more tests than
just those in auth.
Change-Id: I9c80dd66763e222deca98bc7744ff317111c6ed8
Reviewed-on: http://gerrit.openafs.org/4806
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
