Make server processes enable keytab decrypt

1.6 has common code for this, but not 1.4....
Keep the calls conditional on the presence of a krb5 library.

Change-Id: I5a1bcd515cb56a410f94de0a0f3614a8c8312b19

diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c
index 60c7df11a7ddf904ab314f165954a5365f5dc888..afe4bc2cfd175146f389cece2e8fc96099702020 100644 (file)
--- a/src/bozo/bosserver.c
+++ b/src/bozo/bosserver.c
@@ -1005,6 +1005,10 @@ main(int argc, char **argv, char **envp)
     bozo_rxsc[1] = (struct rx_securityClass *)0;
     bozo_rxsc[2] =
        rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(bozo_rxsc[2]);
+#endif
 
     /* Disable jumbograms */
     rx_SetNoJumbo();

diff --git a/src/budb/server.c b/src/budb/server.c
index bcff72ffd624b81985734a4cf38ff5c828e8094e..40b002a2db33a467f6ed9e9ff54427cf394f2dd8 100644 (file)
--- a/src/budb/server.c
+++ b/src/budb/server.c
@@ -524,6 +524,10 @@ main(argc, argv)
     sca[RX_SCINDEX_KAD] =
        rxkad_NewServerSecurityObject(rxkad_clear, BU_conf, afsconf_GetKey,
                                      NULL);
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(sca[RX_SCINDEX_KAD]);
+#endif
 
     /* Disable jumbograms */
     rx_SetNoJumbo();

diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c
index a8dda5cc4ede431c6c5c745d5183e109cb127872..b87d0200fa36387381c02022ce01c21a89bdf09e 100644 (file)
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@@ -523,6 +523,10 @@ main(int argc, char **argv)
     sc[1] = 0;
     if (kerberosKeys) {
        sc[2] = rxkad_NewServerSecurityObject(0, prdir, afsconf_GetKey, NULL);
+#ifdef USE_RXKAD_KEYTAB
+       if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+           rxkad_BindKeytabDecrypt(sc[2]);
+#endif
     } else
        sc[2] = sc[0];
 

diff --git a/src/update/server.c b/src/update/server.c
index 2c211c5f4925b8897a45cd9e2d3a0e4b7642fe93..e29a3cbecc956dc7b6b2b3b1f72e65f7c5ad0ba7 100644 (file)
--- a/src/update/server.c
+++ b/src/update/server.c
@@ -314,7 +314,10 @@ main(int argc, char *argv[])
        rxkad_NewServerSecurityObject(rxkad_clear, cdir, afsconf_GetKey, 0);
     if (securityObjects[2] == (struct rx_securityClass *)0)
        Quit("rxkad_NewServerSecurityObject");
-
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(securityObjects[2]);
+#endif
     /* Instantiate a single UPDATE service.  The rxgen-generated procedure
      * which is called to decode requests is passed in here
      * (UPDATE_ExecuteRequest). */

diff --git a/src/viced/viced.c b/src/viced/viced.c
index 59e69777f6825567f67c71ced7483b96bf234a1a..5ed97c869d40b832ac7a55ad929890cdc5bec1b4 100644 (file)
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@@ -1873,6 +1873,12 @@ main(int argc, char *argv[])
     sc[1] = 0;                 /* rxvab_NewServerSecurityObject(key1, 0) */
     sc[2] = rxkad_NewServerSecurityObject(rxkad_clear, NULL, get_key, NULL);
     sc[3] = rxkad_NewServerSecurityObject(rxkad_crypt, NULL, get_key, NULL);
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0) {
+        rxkad_BindKeytabDecrypt(sc[2]);
+        rxkad_BindKeytabDecrypt(sc[3]);
+    }
+#endif
     tservice = rx_NewServiceHost(rx_bindhost,  /* port */ 0, /* service id */ 
                                 1,     /*service name */
                                 "AFS",

diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c
index 7b5dca73d9fd504effc916e0e79ce38d3bd97589..2e686eeed413a536bd6b446f0b07ed18acf0ee87 100644 (file)
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@@ -355,7 +355,10 @@ main(argc, argv)
     sc[0] = rxnull_NewServerSecurityObject();
     sc[1] = (struct rx_securityClass *)0;
     sc[2] = rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
-
+#ifdef USE_RXKAD_KEYTAB
+    if (rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+       rxkad_BindKeytabDecrypt(sc[2]);
+#endif
     tservice =
        rx_NewServiceHost(host, 0, USER_SERVICE_ID, "Vldb server", sc, 3,
                      VL_ExecuteRequest);

diff --git a/src/volser/volmain.c b/src/volser/volmain.c
index 3a7e19487978d28789708280adc0d1da0fe41f3d..398e394b7576ed985d519848605774ece3a839a7 100644 (file)
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@@ -494,6 +494,10 @@ main(int argc, char **argv)
        rxkad_NewServerSecurityObject(0, tdir, afsconf_GetKey, NULL);
     if (securityObjects[0] == (struct rx_securityClass *)0)
        Abort("rxnull_NewServerSecurityObject");
+#ifdef USE_RXKAD_KEYTAB
+    if (securityObjects[2] != NULL && rxkad_InitKeytabDecrypt(AFSDIR_SERVER_RXKAD_KEYTAB_FILEPATH) == 0)
+        rxkad_BindKeytabDecrypt(securityObjects[2]);
+#endif
     service =
        rx_NewServiceHost(host, 0, VOLSERVICE_ID, "VOLSER", securityObjects, 3,
                      AFSVolExecuteRequest);