mirror of
https://git.openafs.org/openafs.git
synced 2025-01-18 23:10:58 +00:00
002c5a0c75
Each server process can log a couple of different warnings about the
server keys found on disk:
- If afsconf_GetLatestKey() returns success (indicating a single-DES
key is present), we call LogDesWarning().
- If afsconf_CountKeys() returns 0 (indicating there are no keys at
all on disk), we log a warning that all authenticated access will
fail.
Currently, the code to do these checks and log the relevant warning is
duplicated across the startup code for nearly every server process. To
avoid this duplication, and to make sure the checks aren't
accidentally skipped for anyone, move these checks to
afsconf_BuildServerSecurityObjects, which every server process calls.
We must add an additional parameter to
afsconf_BuildServerSecurityObjects to handle the different logging
mechanism these servers use, but afsconf_BuildServerSecurityObjects is
declared in a public header (cellconfig.h), and is exported in a
public library (libafsauthent). So to avoid changing a public symbol,
introduce a new variant of the function, called
afsconf_BuildServerSecurityObjects_int. Declare this in a new internal
header, authcon.h.
We don't have easily-usable logging functions for upserver and butc,
so just don't log the warnings for those. For ubik servers, don't
update ubik_SetServerSecurityProcs to use the new function; the
initial call to afsconf_BuildServerSecurityObjects_int in the server's
startup code will cover logging the warning on startup.
Reviewed-on: https://gerrit.openafs.org/10831
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| auth | ||
| bozo | ||
| bucoord | ||
| cmd | ||
| common | ||
| kauth | ||
| opr | ||
| ptserver | ||
| rpctestlib | ||
| rx | ||
| tap | ||
| tests-lib/perl5 | ||
| util | ||
| venus | ||
| volser | ||
| .gitignore | ||
| libwrap | ||
| Makefile.in | ||
| README | ||
| TESTS | ||
This directory contains a test harness and the beginnings of what is
intended to become the primary OpenAFS test suite. The tests in this
directory are run when "make check" is run at the top level of the OpenAFS
tree.
runtests is the test harness, and TESTS is the list of tests that it
will run. If you add a new test, add it to TESTS as well. All tests must
be executables (possibly shell scripts or Perl scripts) that end in either
".t" or "-t", but should be listed in TESTS without that suffix.
Tests should be organized into subdirectories, and where it makes sense to
do so, those subdirectories should match the subdirectory names under src
in the AFS source tree. In other words, tests for src/util/* should go in
a directory named util, tests for the libkopenafs library should go in a
directory named kopenafs, and so forth. To integrate with the build
system, each subdirectory will need to have its own Makefile.in and be
added to the list of generated Makefiles in configure.in at the top
level. The Makefile.in in this directory will also need to be modified
to recurse into any new directories. See util/Makefile.in for an example
of how to write a Makefile.in for a new test directory.
The files comprising the test harness are sourced from the C TAP Harness
distribution using the src/external mechanism. The upstream site for that
distribution is at:
http://www.eyrie.org/~eagle/software/c-tap-harness/
but feel free to propose modifications directly through OpenAFS Gerrit.
Russ Allbery will take care of merging modifications upstream. However,
OpenAFS-specific modifications should not be made to those files. To add
additional OpenAFS-specific code to the TAP library, add additional *.c
and *.h (or *.sh) files to the tests/tap directory rather than modifying files
in src/external.
More information can be found in the HOWTO contained in
src/external/c-tap-harness/HOWTO