kaserver.c

Bug Summary

File:	kauth/kaserver.c
Location:	line 312, column 5
Description:	Value stored to 'code' is never read

Annotated Source Code

1	/*
2	* Copyright 2000, International Business Machines Corporation and others.
3	* All Rights Reserved.
4	*
5	* This software has been released under the terms of the IBM Public
6	* License. For details, see the LICENSE file in the top-level source
7	* directory or online at http://www.openafs.org/dl/license10.html
8	*/
9
10	#include <afsconfig.h>
11	#include <afs/param.h>
12	#include <afs/stds.h>
13
14	#include <roken.h>
15
16	#ifdef AFS_NT40_ENV
17	#include <WINNT/afsevent.h>
18	#endif
19
20
21	#include <lwp.h>
22	#include <rx/xdr.h>
23	#include <rx/rx.h>
24	#include <rx/rxstat.h>
25	#include <rx/rxkad.h>
26	#include <rx/rx_globals.h>
27	#include <afs/cellconfig.h>
28	#include <lock.h>
29	#include <afs/afsutil.h>
30	#include <afs/com_err.h>
31	#include <afs/audit.h>
32	#include <ubik.h>
33
34	#include "kalog.h" /* for OpenLog() */
35	#include "kauth.h"
36	#include "kauth_internal.h"
37	#include "kautils.h"
38	#include "kaserver.h"
39	#include "kadatabase.h"
40	#include "kaprocs.h"
41
42	struct kadstats dynamic_statistics;
43	struct ubik_dbase *KA_dbase;
44	afs_uint32 myHost = 0;
45	afs_int32 verbose_track = 1;
46	afs_int32 krb4_cross = 0;
47	afs_int32 rxBind = 0;
48
49	#define ADDRSPERSITE16 16 /* Same global is in rx/rx_user.c */
50	afs_uint32 SHostAddrs[ADDRSPERSITE16];
51
52	struct afsconf_dir KA_conf; / for getting cell info */
53
54	int MinHours = 0;
55	int npwSums = KA_NPWSUMS(200 - sizeof(kaident) - sizeof(struct ktc_encryptionKey) - 11 4); / needs to be variable sometime */
56
57	#include <stdarg.h>
58	#if !defined(AFS_NT40_ENV) && !defined(AFS_LINUX20_ENV) && !defined(AFS_DARWIN_ENV) && !defined(AFS_XBSD_ENV1)
59	#undef vfprintf
60	#define vfprintf(stream,fmt,args) _doprnt(fmt,args,stream)
61	#endif
62
63	static int debugOutput;
64
65	/* check whether caller is authorized to manage RX statistics */
66	int
67	KA_rxstat_userok(struct rx_call *call)
68	{
69	return afsconf_SuperUser(KA_conf, call, NULL((void *)0));
70	}
71
72	afs_int32
73	es_Report(char *fmt, ...)
74	{
75	va_list pvar;
76
77	if (debugOutput == 0)
78	return 0;
79	va_start(pvar, fmt)__builtin_va_start((pvar), (fmt));
80	vfprintf(stderr__stderrp, fmt, pvar);
81	va_end(pvar)__builtin_va_end(pvar);
82	return 0;
83	}
84
85	static void
86	initialize_dstats(void)
87	{
88	memset(&dynamic_statistics, 0, sizeof(dynamic_statistics));
89	dynamic_statistics.start_time = time(0);
90	dynamic_statistics.host = myHost;
91	}
92
93	static int
94	convert_cell_to_ubik(struct afsconf_cell cellinfo, afs_uint32 myHost,
95	afs_uint32 *serverList)
96	{
97	int i;
98	char hostname[64];
99	struct hostent *th;
100
101	/* get this host */
102	gethostname(hostname, sizeof(hostname));
103	th = gethostbyname(hostname);
104	if (!th) {
105	ViceLog(0, ("kaserver: couldn't get address of this host.\n"))do { if ((0) <= LogLevel) (FSLog ("kaserver: couldn't get address of this host.\n" )); } while (0);
106	exit(1);
107	}
108	memcpy(myHost, th->h_addrh_addr_list[0], sizeof(afs_uint32));
109
110	for (i = 0; i < cellinfo->numServers; i++)
111	if (cellinfo->hostAddr[i].sin_addr.s_addr != *myHost) {
112	/* omit my host from serverList */
113	*serverList++ = cellinfo->hostAddr[i].sin_addr.s_addr;
114	}
115	serverList = 0; / terminate list */
116	return 0;
117	}
118
119	static afs_int32
120	kvno_admin_key(void rock, afs_int32 kvno, struct ktc_encryptionKey key)
121	{
122	return ka_LookupKvno(0, KA_ADMIN_NAME"AuthServer", KA_ADMIN_INST"Admin", kvno, key);
123
124	/* we would like to start a Ubik transaction to fill the cache if that
125	* fails, but may deadlock as Rx is now organized. */
126	}
127
128	/* initFlags: 0x01 Do not require authenticated connections.
129	0x02 Do not check the bos NoAuth flag
130	0x04 Use fast key expiration to test oldkey code.
131	0x08 Temporary flag allowing database inconsistency fixup
132	*/
133
134	#include "AFS_component_version_number.c"
135
136	int
137	main(int argc, char *argv[])
138	{
139	afs_int32 code;
140	char *whoami = argv[0];
141	afs_uint32 serverList[MAXSERVERS20];
142	struct afsconf_cell cellinfo;
143	char *cell;
144	const char cellservdb, dbpath, *lclpath;
145	int a;
146	char arg[32];
147	char default_lclpath[AFSDIR_PATH_MAX256];
148	int servers;
149	int initFlags;
150	int level; /* security level for Ubik */
151	afs_int32 i;
152	char clones[MAXHOSTSPERCELL8];
153	afs_uint32 host = ntohl(INADDR_ANY)(__builtin_constant_p((u_int32_t)0x00000000) ? ((((__uint32_t )((u_int32_t)0x00000000)) >> 24) \| ((((__uint32_t)((u_int32_t )0x00000000)) & (0xff << 16)) >> 8) \| ((((__uint32_t )((u_int32_t)0x00000000)) & (0xff << 8)) << 8 ) \| (((__uint32_t)((u_int32_t)0x00000000)) << 24)) : __bswap32_var ((u_int32_t)0x00000000));
154	char auditFileName = NULL((void )0);
155
156	struct rx_service *tservice;
157	struct rx_securityClass *sca[1];
158	struct rx_securityClass *scm[3];
159
160	extern int rx_stackSize;
161
162	#ifdef AFS_AIX32_ENV
163	/*
164	* The following signal action for AIX is necessary so that in case of a
165	* crash (i.e. core is generated) we can include the user's data section
166	* in the core dump. Unfortunately, by default, only a partial core is
167	* generated which, in many cases, isn't too useful.
168	*/
169	struct sigaction nsa;
170
171	sigemptyset(&nsa.sa_mask);
172	nsa.sa_handler__sigaction_u.__sa_handler = SIG_DFL((__sighandler_t *)0);
173	nsa.sa_flags = SA_FULLDUMP;
174	sigaction(SIGABRT6, &nsa, NULL((void *)0));
175	sigaction(SIGSEGV11, &nsa, NULL((void *)0));
176	#endif
177	osi_audit_init();
178
179	if (argc == 0) {
180	usage:
181	printf("Usage: kaserver [-noAuth] [-database <dbpath>] "
182	"[-auditlog <log path>] [-audit-interface <file\|sysvmq>] "
183	"[-rxbind] [-localfiles <lclpath>] [-minhours <n>] "
184	"[-servers <serverlist>] [-crossrealm] "
185	/" [-enable_peer_stats] [-enable_process_stats] " /
186	"[-help]\n");
187	exit(1);
188	}
189	#ifdef AFS_NT40_ENV
190	/* initialize winsock */
191	if (afs_winsockInit() < 0) {
192	ReportErrorEventAlt(AFSEVT_SVR_WINSOCK_INIT_FAILED, 0, argv[0], 0);
193	fprintf(stderr__stderrp, "%s: Couldn't initialize winsock.\n", whoami);
194	exit(1);
195	}
196	#endif
197	/* Initialize dirpaths */
198	if (!(initAFSDirPath() & AFSDIR_SERVER_PATHS_OK0x2)) {
199	#ifdef AFS_NT40_ENV
200	ReportErrorEventAlt(AFSEVT_SVR_NO_INSTALL_DIR, 0, argv[0], 0);
201	#endif
202	fprintf(stderr__stderrp, "%s: Unable to obtain AFS server directory.\n",
203	argv[0]);
204	exit(2);
205	}
206
207	cellservdb = AFSDIR_SERVER_ETC_DIRPATHgetDirPath(AFSDIR_SERVER_ETC_DIRPATH_ID);
208	dbpath = AFSDIR_SERVER_KADB_FILEPATHgetDirPath(AFSDIR_SERVER_KADB_FILEPATH_ID);
209	strcompose(default_lclpath, AFSDIR_PATH_MAX256, AFSDIR_SERVER_LOCAL_DIRPATHgetDirPath(AFSDIR_SERVER_LOCAL_DIRPATH_ID),
210	"/", AFSDIR_KADB_FILE"kaserver", NULL((void *)0));
211	lclpath = default_lclpath;
212
213	debugOutput = 0;
214	servers = 0;
215	initFlags = 0;
216	level = rxkad_crypt2;
217	for (a = 1; a < argc; a++) {
218	int arglen = strlen(argv[a]);
219	lcstring(arg, argv[a], sizeof(arg));
220	#define IsArg(a)(strncmp (arg,a, arglen) == 0) (strncmp (arg,a, arglen) == 0)
221
222	if (strcmp(arg, "-database") == 0) {
223	dbpath = argv[++a];
224	if (strcmp(lclpath, default_lclpath) == 0)
225	lclpath = dbpath;
226	}
227	else if (strncmp(arg, "-auditlog", arglen) == 0) {
228	auditFileName = argv[++a];
229
230	} else if (strncmp(arg, "-audit-interface", arglen) == 0) {
231	char *interface = argv[++a];
232
233	if (osi_audit_interface(interface)) {
234	printf("Invalid audit interface '%s'\n", interface);
235	exit(1);
236	}
237
238	} else if (strcmp(arg, "-localfiles") == 0)
239	lclpath = argv[++a];
240	else if (strcmp(arg, "-servers") == 0)
241	debugOutput++, servers = 1;
242	else if (strcmp(arg, "-noauth") == 0)
243	debugOutput++, initFlags \|= 1;
244	else if (strcmp(arg, "-fastkeys") == 0)
245	debugOutput++, initFlags \|= 4;
246	else if (strcmp(arg, "-dbfixup") == 0)
247	debugOutput++, initFlags \|= 8;
248	else if (strcmp(arg, "-cellservdb") == 0) {
249	cellservdb = argv[++a];
250	initFlags \|= 2;
251	debugOutput++;
252	}
253
254	else if (IsArg("-crypt")(strncmp (arg,"-crypt", arglen) == 0))
255	level = rxkad_crypt2;
256	else if (IsArg("-safe")(strncmp (arg,"-safe", arglen) == 0))
257	level = rxkad_crypt2;
258	else if (IsArg("-clear")(strncmp (arg,"-clear", arglen) == 0))
259	level = rxkad_clear0;
260	else if (IsArg("-sorry")(strncmp (arg,"-sorry", arglen) == 0))
261	level = rxkad_clear0;
262	else if (IsArg("-debug")(strncmp (arg,"-debug", arglen) == 0))
263	verbose_track = 0;
264	else if (IsArg("-crossrealm")(strncmp (arg,"-crossrealm", arglen) == 0))
265	krb4_cross = 1;
266	else if (IsArg("-rxbind")(strncmp (arg,"-rxbind", arglen) == 0))
267	rxBind = 1;
268	else if (IsArg("-minhours")(strncmp (arg,"-minhours", arglen) == 0)) {
269	MinHours = atoi(argv[++a]);
270	} else if (IsArg("-enable_peer_stats")(strncmp (arg,"-enable_peer_stats", arglen) == 0)) {
271	rx_enablePeerRPCStats();
272	} else if (IsArg("-enable_process_stats")(strncmp (arg,"-enable_process_stats", arglen) == 0)) {
273	rx_enableProcessRPCStats();
274	} else if (*arg == '-') {
275	/* hack to support help flag */
276	goto usage;
277	}
278	}
279
280	if (auditFileName) {
281	osi_audit_file(auditFileName);
282	}
283
284	if ((code = ka_CellConfig(cellservdb)))
285	goto abort;
286	cell = ka_LocalCell();
287	KA_conf = afsconf_Open(cellservdb);
288	if (!KA_conf) {
289	code = KANOCELLS(180500L);
290	abort:
291	afs_com_err(whoami, code, "Failed getting cell info");
292	exit(1);
293	}
294	#ifdef AUTH_DBM_LOG
295	kalog_Init();
296	#else
297	/* NT & HPUX do not have dbm package support. So we can only do some
298	* text logging. So open the AuthLog file for logging and redirect
299	* stdin and stdout to it
300	*/
301	OpenLog(AFSDIR_SERVER_KALOG_FILEPATHgetDirPath(AFSDIR_SERVER_KALOG_FILEPATH_ID));
302	SetupLogSignals();
303	#endif
304
305	fprintf(stderr__stderrp, "%s: WARNING: kaserver is deprecated due to its weak security "
306	"properties. Migrating to a Kerberos 5 KDC is advised. "
307	"http://www.openafs.org/no-more-des.html\n", whoami);
308	ViceLog(0, ("WARNING: kaserver is deprecated due to its weak security properties. "do { if ((0) <= LogLevel) (FSLog ("WARNING: kaserver is deprecated due to its weak security properties. " "Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n" )); } while (0)
309	"Migrating to a Kerberos 5 KDC is advised. "do { if ((0) <= LogLevel) (FSLog ("WARNING: kaserver is deprecated due to its weak security properties. " "Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n" )); } while (0)
310	"http://www.openafs.org/no-more-des.html\n"))do { if ((0) <= LogLevel) (FSLog ("WARNING: kaserver is deprecated due to its weak security properties. " "Migrating to a Kerberos 5 KDC is advised. " "http://www.openafs.org/no-more-des.html\n" )); } while (0);
311
312	code =
	Value stored to 'code' is never read
313	afsconf_GetExtendedCellInfo(KA_conf, cell, AFSCONF_KAUTHSERVICE"afskauth",
314	&cellinfo, clones);
315	if (servers) {
316	if ((code = ubik_ParseServerList(argc, argv, &myHost, serverList))) {
317	afs_com_err(whoami, code, "Couldn't parse server list");
318	exit(1);
319	}
320	cellinfo.hostAddr[0].sin_addr.s_addr = myHost;
321	for (i = 1; i < MAXSERVERS20; i++) {
322	if (!serverList[i])
323	break;
324	cellinfo.hostAddr[i].sin_addr.s_addr = serverList[i];
325	}
326	cellinfo.numServers = i;
327	} else {
328	code = convert_cell_to_ubik(&cellinfo, &myHost, serverList);
329	if (code)
330	goto abort;
331	ViceLog(0, ("Using server list from %s cell database.\n", cell))do { if ((0) <= LogLevel) (FSLog ("Using server list from %s cell database.\n" , cell)); } while (0);
332	}
333
334	/* initialize ubik */
335	if (level == rxkad_clear0)
336	ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
337	KA_conf);
338	else if (level == rxkad_crypt2)
339	ubik_SetClientSecurityProcs(afsconf_ClientAuthSecure,
340	afsconf_UpToDate, KA_conf);
341	else {
342	ViceLog(0, ("Unsupported security level %d\n", level))do { if ((0) <= LogLevel) (FSLog ("Unsupported security level %d\n" , level)); } while (0);
343	exit(5);
344	}
345	ViceLog(0,do { if ((0) <= LogLevel) (FSLog ("Using level %s for Ubik connections.\n" , (level == 2 ? "crypt" : "clear"))); } while (0)
346	("Using level %s for Ubik connections.\n",do { if ((0) <= LogLevel) (FSLog ("Using level %s for Ubik connections.\n" , (level == 2 ? "crypt" : "clear"))); } while (0)
347	(level == rxkad_crypt ? "crypt" : "clear")))do { if ((0) <= LogLevel) (FSLog ("Using level %s for Ubik connections.\n" , (level == 2 ? "crypt" : "clear"))); } while (0);
348
349	ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
350	afsconf_CheckAuth,
351	KA_conf);
352
353	ubik_nBuffers = 80;
354
355	if (rxBind) {
356	afs_int32 ccode;
357	if (AFSDIR_SERVER_NETRESTRICT_FILEPATHgetDirPath(AFSDIR_SERVER_NETRESTRICT_FILEPATH_ID) \|\|
358	AFSDIR_SERVER_NETINFO_FILEPATHgetDirPath(AFSDIR_SERVER_NETINFO_FILEPATH_ID)) {
359	char reason[1024];
360	ccode = parseNetFiles(SHostAddrs, NULL((void )0), NULL((void )0),
361	ADDRSPERSITE16, reason,
362	AFSDIR_SERVER_NETINFO_FILEPATHgetDirPath(AFSDIR_SERVER_NETINFO_FILEPATH_ID),
363	AFSDIR_SERVER_NETRESTRICT_FILEPATHgetDirPath(AFSDIR_SERVER_NETRESTRICT_FILEPATH_ID));
364	} else
365	{
366	ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE16);
367	}
368	if (ccode == 1) {
369	host = SHostAddrs[0];
370	rx_InitHost(host, htons(AFSCONF_KAUTHPORT)(__builtin_constant_p(7004) ? (__uint16_t)(((__uint16_t)(7004 )) << 8 \| ((__uint16_t)(7004)) >> 8) : __bswap16_var (7004)));
371	}
372	}
373
374	if (servers)
375	code =
376	ubik_ServerInit(myHost, htons(AFSCONF_KAUTHPORT)(__builtin_constant_p(7004) ? (__uint16_t)(((__uint16_t)(7004 )) << 8 \| ((__uint16_t)(7004)) >> 8) : __bswap16_var (7004)), serverList,
377	dbpath, &KA_dbase);
378	else
379	code =
380	ubik_ServerInitByInfo(myHost, htons(AFSCONF_KAUTHPORT)(__builtin_constant_p(7004) ? (__uint16_t)(((__uint16_t)(7004 )) << 8 \| ((__uint16_t)(7004)) >> 8) : __bswap16_var (7004)), &cellinfo,
381	clones, dbpath, &KA_dbase);
382
383	if (code) {
384	afs_com_err(whoami, code, "Ubik init failed");
385	exit(2);
386	}
387
388	sca[RX_SCINDEX_NULL0] = rxnull_NewServerSecurityObject();
389
390	/* Disable jumbograms */
391	rx_SetNoJumbo();
392
393	tservice =
394	rx_NewServiceHost(host, 0, KA_AUTHENTICATION_SERVICE731,
395	"AuthenticationService", sca, 1, KAA_ExecuteRequest);
396	if (tservice == (struct rx_service *)0) {
397	ViceLog(0, ("Could not create Authentication rx service\n"))do { if ((0) <= LogLevel) (FSLog ("Could not create Authentication rx service\n" )); } while (0);
398	exit(3);
399	}
400	rx_SetMinProcs(tservice, 1)((tservice)->minProcs = (1));
401	rx_SetMaxProcs(tservice, 1)((tservice)->maxProcs = (1));
402
403
404	tservice =
405	rx_NewServiceHost(host, 0, KA_TICKET_GRANTING_SERVICE732, "TicketGrantingService",
406	sca, 1, KAT_ExecuteRequest);
407	if (tservice == (struct rx_service *)0) {
408	ViceLog(0, ("Could not create Ticket Granting rx service\n"))do { if ((0) <= LogLevel) (FSLog ("Could not create Ticket Granting rx service\n" )); } while (0);
409	exit(3);
410	}
411	rx_SetMinProcs(tservice, 1)((tservice)->minProcs = (1));
412	rx_SetMaxProcs(tservice, 1)((tservice)->maxProcs = (1));
413
414	scm[RX_SCINDEX_NULL0] = sca[RX_SCINDEX_NULL0];
415	scm[RX_SCINDEX_VAB1] = 0;
416	scm[RX_SCINDEX_KAD2] =
417	rxkad_NewServerSecurityObject(rxkad_crypt2, 0, kvno_admin_key, 0);
418	tservice =
419	rx_NewServiceHost(host, 0, KA_MAINTENANCE_SERVICE733, "Maintenance", scm, 3,
420	KAM_ExecuteRequest);
421	if (tservice == (struct rx_service *)0) {
422	ViceLog(0, ("Could not create Maintenance rx service\n"))do { if ((0) <= LogLevel) (FSLog ("Could not create Maintenance rx service\n" )); } while (0);
423	exit(3);
424	}
425	rx_SetMinProcs(tservice, 1)((tservice)->minProcs = (1));
426	rx_SetMaxProcs(tservice, 1)((tservice)->maxProcs = (1));
427	rx_SetStackSize(tservice, 10000)rx_stackSize = (((10000) > rx_stackSize)? 10000: rx_stackSize );
428
429	tservice =
430	rx_NewServiceHost(host, 0, RX_STATS_SERVICE_ID409, "rpcstats", scm, 3,
431	RXSTATS_ExecuteRequest);
432	if (tservice == (struct rx_service *)0) {
433	ViceLog(0, ("Could not create rpc stats rx service\n"))do { if ((0) <= LogLevel) (FSLog ("Could not create rpc stats rx service\n" )); } while (0);
434	exit(3);
435	}
436	rx_SetMinProcs(tservice, 2)((tservice)->minProcs = (2));
437	rx_SetMaxProcs(tservice, 4)((tservice)->maxProcs = (4));
438
439	initialize_dstats();
440
441	/* allow super users to manage RX statistics */
442	rx_SetRxStatUserOk(KA_rxstat_userok);
443
444	rx_StartServer(0); /* start handling req. of all types */
445
446	if (init_kaprocs(lclpath, initFlags))
447	return -1;
448
449	if ((code = init_krb_udp())) {
450	ViceLog(0,do { if ((0) <= LogLevel) (FSLog ("Failed to initialize UDP interface; code = %d.\n" , code)); } while (0)
451	("Failed to initialize UDP interface; code = %d.\n", code))do { if ((0) <= LogLevel) (FSLog ("Failed to initialize UDP interface; code = %d.\n" , code)); } while (0);
452	ViceLog(0, ("Running without UDP access.\n"))do { if ((0) <= LogLevel) (FSLog ("Running without UDP access.\n" )); } while (0);
453	}
454
455	ViceLog(0, ("Starting to process AuthServer requests\n"))do { if ((0) <= LogLevel) (FSLog ("Starting to process AuthServer requests\n" )); } while (0);
456	rx_ServerProc(NULL((void )0)); / donate this LWP */
457	return 0;
458	}