- Supports Linux 2.6.16. (Closes: #358203)
- Suspend should work with newer kernels. (Closes: #341588)
- Upstream now includes man pages, so remove our backport.
+ * Subsume openafs-krb5 into this source package.
+ - Acknowledge NMU. (Closes: #304933)
+ - Update to the OpenAFS aklog and asetkey. (Closes: #196094)
+ - Backport asetkey from upstream CVS.
+ - Include ka-forwarder from the old migration toolkit.
* Subsume openafs-doc into this source package.
* Always pass the system type into Autoconf, following autotools-dev
best practices.
- -- Russ Allbery <rra@debian.org> Tue, 28 Mar 2006 15:16:01 -0800
+ -- Russ Allbery <rra@debian.org> Tue, 28 Mar 2006 17:03:45 -0800
openafs (1.4.0-4) unstable; urgency=low
Priority: optional
Maintainer: Sam Hartman <hartmans@debian.org>
Uploaders: Russ Allbery <rra@debian.org>
-Build-Depends: debhelper (>= 4.1.16), libncurses5-dev, libpam0g-dev, bison, docbook-to-man, flex, perl, comerr-dev
+Build-Depends: debhelper (>= 4.1.16), libncurses5-dev, libpam0g-dev, bison, docbook-to-man, flex, perl, comerr-dev, libkrb5-dev
Standards-Version: 3.6.2
Package: openafs-client
This package contains the OpenAFS user's and reference manuals, some
protocol documentation, and other OpenAFS documentation.
+Package: openafs-krb5
+Architecture: i386 powerpc sparc alpha s390 ia64 hppa amd64 ppc64
+Depends: ${shlibs:Depends}
+Description: AFS distributed filesystem Kerberos 5 integration
+ AFS is a distributed filesystem allowing cross-platform sharing of files
+ among multiple computers. Facilities are provided for access control,
+ authentication, backup and administrative management.
+ .
+ This package provides aklog, a utility for authenticating to AFS using
+ Kerberos 5. It also provides asetkey, a utility to set AFS server keys
+ from a Kerberos keytab, and ka-forwarder, a utility to forward kaserver
+ requests to a KDC using fakeka.
+
Package: libopenafs-dev
Section: libdevel
Architecture: i386 powerpc sparc alpha s390 ia64 hppa amd64 ppc64
* 2550 Garcia Avenue
* Mountain View, California 94043
*/
+
+ka-forwarder was taken from the AFS/Kerberos 5 Migration Kit, to which it
+was donated by Jeffrey T. Hutzelman. It is covered under the following
+license:
+/*
+ * Copyright (c) 1993 Carnegie Mellon University
+ * All Rights Reserved.
+ *
+ * Permission to use, copy, modify and distribute this software and its
+ * documentation is hereby granted, provided that both the copyright
+ * notice and this permission notice appear in all copies of the
+ * software, derivative works or modified versions, and any portions
+ * thereof, and that both notices appear in supporting documentation.
+ *
+ * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS"
+ * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR
+ * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE.
+ *
+ * Carnegie Mellon requests users of this software to return to
+ *
+ * Software Distribution Coordinator or Software_Distribution@CS.CMU.EDU
+ * School of Computer Science
+ * Carnegie Mellon University
+ * Pittsburgh PA 15213-3890
+ *
+ * any improvements or extensions that they make and grant Carnegie Mellon
+ * the rights to redistribute these changes.
+ */
--- /dev/null
+debian/tmp/usr/bin/aklog usr/bin
+
+debian/tmp/usr/bin/asetkey usr/sbin
+debian/tmp/usr/bin/ka-forwarder usr/sbin
+
+src/aklog/aklog.1 usr/share/man/man1
--sysconfdir=/etc --libexecdir=/usr/lib \
--localstatedir=/var/lib --enable-supergroups \
--enable-largefile-fileserver --enable-debug --enable-lwp-debug \
+ --with-krb5-conf=/usr/bin/krb5-config \
$(DEBIAN_OPT_FLAGS) $(SYSTEM)
chmod a+x src/libafs/make_kbuild_makefile.pl
touch configure-stamp
srcdir=@srcdir@
include @TOP_OBJDIR@/src/config/Makefile.config
-OPTMZ += @KRB5CFLAGS@ -DALLOW_REGISTER
-LIBS += @KRB5LIBS@
+OPTMZ = @KRB5CFLAGS@ -DALLOW_REGISTER
+AKLIBS = ${LIBS} @KRB5LIBS@
AFSLIBS = ${TOP_LIBDIR}/libprot.a ${TOP_LIBDIR}/libubik.a \
${TOP_LIBDIR}/libauth.a ${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \
SRCS= aklog.c aklog_main.c krb_util.c linked_list.c
OBJS= aklog.o aklog_main.o krb_util.o linked_list.o
-all: aklog
+all: aklog asetkey ka-forwarder
aklog: ${OBJS} ${AFSLIBS}
- ${CC} -o $@ ${CFLAGS} ${OBJS} ${LIBS} ${AFSLIBS} ${XLIBS}
+ ${CC} -o $@ ${CFLAGS} ${OBJS} ${AKLIBS} ${AFSLIBS} ${XLIBS}
+asetkey: asetkey.o ${AFSLIBS}
+ ${CC} -o $@ ${CFLAGS} asetkey.o ${AKLIBS} ${AFSLIBS} ${XLIBS}
+
+ka-forwarder: ka-forwarder.o
+ ${CC} -o $@ ${CFLAGS} ka-forwarder.o ${LIBS} ${XLIBS}
#
# Installation targets
#
install: \
- ${DESTDIR}${bindir}/aklog
+ ${DESTDIR}${bindir}/aklog \
+ ${DESTDIR}${afssrvbindir}/asetkey \
+ ${DESTDIR}${afssrvbindir}/ka-forwarder
${DESTDIR}${bindir}/aklog: aklog
${INSTALL} $? $@
+${DESTDIR}${afssrvbindir}/asetkey: asetkey
+ ${INSTALL} $? $@
+
+${DESTDIR}${afssrvbindir}/ka-forwarder: ka-forwarder
+ ${INSTALL} $? $@
+
dest: \
- ${DEST}/bin/aklog
+ ${DEST}/bin/aklog \
+ ${DEST}/root.server/usr/afs/bin/asetkey \
+ ${DEST}/root.server/usr/afs/bin/ka-forwarder
${DEST}/bin/aklog: aklog
${INSTALL} $? $@
+${DEST}/root.server/usr/afs/bin/asetkey: asetkey
+ ${INSTALL} $? $@
+
+${DEST}/root.server/usr/afs/bin/ka-forwarder: ka-forwarder
+ ${INSTALL} $? $@
+
#
# Misc. targets
#
clean:
- $(RM) -f *.o ${OBJS} aklog
+ $(RM) -f *.o ${OBJS} aklog asetkey ka-forwarder
include ../config/Makefile.version
--- /dev/null
+/*
+ * $Id: asetkey.c,v 1.4 2006/02/17 17:58:21 rees Exp $
+ *
+ * asetkey - Manipulates an AFS KeyFile
+ *
+ * Updated for Kerberos 5
+ */
+
+#include <afsconfig.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <netdb.h>
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif /* HAVE_MEMORY_H */
+#ifdef HAVE_STRING_H
+#include <string.h>
+#else /* HAVE_STRING_H */
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif /* HAVE_STRINGS_H */
+#endif /* HAVE_STRING_H */
+
+#include <krb5.h>
+
+#include <afs/stds.h>
+#include <afs/com_err.h>
+#include <afs/cellconfig.h>
+#include <afs/keys.h>
+#include <afs/dirpath.h>
+
+int
+main(int argc, char *argv[])
+{
+ struct afsconf_dir *tdir;
+ register long code;
+ const char *confdir;
+
+ if (argc == 1) {
+ fprintf(stderr, "%s: usage is '%s <opcode> options, e.g.\n",
+ argv[0], argv[0]);
+ fprintf(stderr, "\t%s add <kvno> <keyfile> <princ>\n", argv[0]);
+ fprintf(stderr, "\t%s delete <kvno>\n", argv[0]);
+ fprintf(stderr, "\t%s list\n", argv[0]);
+ exit(1);
+ }
+
+ confdir = AFSDIR_SERVER_ETC_DIRPATH;
+
+ tdir = afsconf_Open(confdir);
+ if (!tdir) {
+ fprintf(stderr, "%s: can't initialize conf dir '%s'\n", argv[0],
+ confdir);
+ exit(1);
+ }
+ if (strcmp(argv[1], "add")==0) {
+ krb5_context context;
+ krb5_principal principal;
+ krb5_keyblock *key;
+ krb5_error_code retval;
+ int kvno;
+
+ if (argc != 5) {
+ fprintf(stderr, "%s add: usage is '%s add <kvno> <keyfile> "
+ "<princ>\n", argv[0], argv[0]);
+ exit(1);
+ }
+
+ krb5_init_context(&context);
+
+ kvno = atoi(argv[2]);
+ retval = krb5_parse_name(context, argv[4], &principal);
+ if (retval != 0) {
+ com_err(argv[0], retval, "while parsing AFS principal");
+ exit(1);
+ }
+ retval = krb5_kt_read_service_key(context, argv[3], principal, kvno,
+ ENCTYPE_DES_CBC_CRC, &key);
+ if (retval != 0) {
+ com_err(argv[0], retval, "while extracting AFS service key");
+ exit(1);
+ }
+
+ if (key->length != 8) {
+ fprintf(stderr, "Key length should be 8, but is really %d!\n",
+ key->length);
+ exit(1);
+ }
+
+ code = afsconf_AddKey(tdir, kvno, (char *) key->contents, 1);
+ if (code) {
+ fprintf(stderr, "%s: failed to set key, code %d.\n", argv[0], code);
+ exit(1);
+ }
+ krb5_free_principal(context, principal);
+ krb5_free_keyblock(context, key);
+ }
+ else if (strcmp(argv[1], "delete")==0) {
+ long kvno;
+ if (argc != 3) {
+ fprintf(stderr, "%s delete: usage is '%s delete <kvno>\n",
+ argv[0], argv[0]);
+ exit(1);
+ }
+ kvno = atoi(argv[2]);
+ code = afsconf_DeleteKey(tdir, kvno);
+ if (code) {
+ fprintf(stderr, "%s: failed to delete key %d, (code %d)\n",
+ argv[0], kvno, code);
+ exit(1);
+ }
+ }
+ else if (strcmp(argv[1], "list") == 0) {
+ struct afsconf_keys tkeys;
+ register int i, j;
+
+ code = afsconf_GetKeys(tdir, &tkeys);
+ if (code) {
+ fprintf(stderr, "%s: failed to get keys, code %d\n", argv[0], code);
+ exit(1);
+ }
+ for(i=0;i<tkeys.nkeys;i++) {
+ if (tkeys.key[i].kvno != -1) {
+ printf("kvno %4d: key is: ", tkeys.key[i].kvno);
+ for (j = 0; j < 8; j++)
+ printf("%02x", (unsigned char) tkeys.key[i].key[j]);
+ printf("\n");
+ }
+ }
+ printf("All done.\n");
+ }
+ else {
+ fprintf(stderr, "%s: unknown operation '%s', type '%s' for "
+ "assistance\n", argv[0], argv[1], argv[0]);
+ exit(1);
+ }
+ exit(0);
+}
--- /dev/null
+/*
+ * COPYRIGHT NOTICE
+ * Copyright (c) 1994 Carnegie Mellon University
+ * All Rights Reserved.
+ *
+ * See <cmu_copyright.h> for use and distribution information.
+ */
+
+/*
+ * HISTORY
+ * $Log: ka-forwarder.c,v $
+ * Revision 1.1 1997/06/03 18:23:54 kenh
+ * .
+ *
+ * Revision 1.4 1996/08/09 01:00:21 jhutz
+ * When initializing the array of fakeka servers, remember to set
+ * the address family of each server; otherwise SunOS complains.
+ * [1996/08/09 00:58:46 jhutz]
+ *
+ * Revision 1.3 1996/08/09 00:17:19 jhutz
+ * Merged in changes from Chuck Silvers:
+ * - Support for more than one fakeka server
+ * - Support for specifying ports for each fakeka server separately from the
+ * others, and from the port we listen on.
+ *
+ * Plus a minor bug fix to Chuck's code.
+ * Basically, this version is designed to provide both reliability and
+ * load-balancing cheaply. Basically, we forward packets to all of the
+ * fakeka servers in round-robin fashion. So, if a client is losing on
+ * one server, its retry should go to a different one, if more than one
+ * is specified.
+ * [1996/08/03 02:13:36 jhutz]
+ *
+ * Revision 1.2 1995/02/23 18:26:36 chs
+ * Created.
+ * [1995/02/23 18:26:03 chs]
+ *
+ * $EndLog$
+ */
+
+/*
+ * This program is intended to run on afs DB servers.
+ * Its function is to forward KA requests to a fakeka server
+ * running on an MIT kerberos server.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include <netdb.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#if HAVE_GETOPT_H
+#include <getopt.h>
+#else
+int getopt (int, char * const *, const char *);
+int optind, opterr;
+char *optarg;
+#endif
+
+#define BUFFER_SIZE 2048
+
+
+char *prog;
+
+int num_servers, cur_server;
+struct sockaddr_in *servers;
+
+
+void
+perrorexit(str)
+char *str;
+{
+ perror(str);
+ exit(1);
+}
+
+
+void
+setup_servers(argc, argv)
+int argc;
+char **argv;
+{
+ int i;
+ u_int fwdaddr;
+ u_short fwdport;
+
+ num_servers = argc;
+
+ servers = malloc(sizeof(*servers) * num_servers);
+ if (servers == NULL)
+ perrorexit("malloc failed");
+
+ for (i = 0; i < num_servers; i++) {
+ char *host, *port;
+
+ fwdport = htons(7004);
+
+ host = argv[i];
+ port = strchr(host, '/');
+ if (port != NULL) {
+ *port++ = 0;
+
+ if (isdigit(port[0])) {
+ fwdport = htons(atoi(port));
+ }
+ else {
+ struct servent *srv = getservbyname(port, "udp");
+ if (!srv) {
+ fprintf(stderr, "%s: unknown service %s\n", prog, port);
+ exit(1);
+ }
+ fwdport = srv->s_port;
+ }
+ }
+
+ if (isdigit(host[0])) {
+ fwdaddr = inet_addr(host);
+ }
+ else {
+ struct hostent *h = gethostbyname(host);
+ if (!h) {
+ fprintf(stderr, "%s: unknown host %s\n", prog, host);
+ exit(1);
+ }
+ bcopy(h->h_addr, &fwdaddr, 4);
+ }
+
+ servers[i].sin_family = AF_INET;
+ servers[i].sin_addr.s_addr = fwdaddr;
+ servers[i].sin_port = fwdport;
+ }
+}
+
+
+int
+setup_socket(port)
+u_short port;
+{
+ int s, rv;
+ struct sockaddr_in sin;
+
+ s = socket(AF_INET, SOCK_DGRAM, 0);
+ if (s < 0)
+ perrorexit("Couldn't create socket");
+
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = 0;
+ sin.sin_port = htons(port);
+
+ rv = bind(s, (struct sockaddr *)&sin, sizeof(sin));
+ if (rv < 0)
+ perrorexit("Couldn't bind socket");
+
+ return s;
+}
+
+
+int
+packet_is_reply(from)
+struct sockaddr_in *from;
+{
+ int i;
+
+ for (i = 0; i < num_servers; i++) {
+ struct sockaddr_in *sin = &servers[i];
+
+ if (from->sin_addr.s_addr == sin->sin_addr.s_addr &&
+ from->sin_port == sin->sin_port)
+ {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+
+int
+main(argc, argv)
+int argc;
+char **argv;
+{
+ int c, s, rv;
+ u_short port;
+
+ if (argc < 2) {
+ fprintf(stderr,
+ "usage: %s [-p port] <host>[/port] [host/port ...]\n",
+ argv[0]);
+ exit(1);
+ }
+
+ prog = argv[0];
+ port = 7004;
+
+ while ((c = getopt(argc, argv, "p:")) != -1) {
+ switch (c) {
+ case 'p':
+ port = atoi(optarg);
+ break;
+ default:
+ fprintf(stderr, "%s: invalid option '%c'\n", prog, c);
+ exit(1);
+ }
+ }
+
+ /*
+ * hmm, different implementations of getopt seem to do different things
+ * when there aren't any options. linux sets optind = 1, which I would
+ * call correct, but sunos sets optind = 0. try to do the right thing.
+ */
+ if (optind == 0)
+ optind = 1;
+
+ setup_servers(argc - optind, argv + optind);
+ s = setup_socket(port);
+
+ openlog("ka-forwarder", LOG_PID, LOG_DAEMON);
+
+ for (;;) {
+ char buf[BUFFER_SIZE], *bufp, *sendptr;
+ struct sockaddr_in from, reply, *to;
+ int fromlen, sendlen;
+
+ bufp = buf + 8;
+ fromlen = sizeof(from);
+
+ rv = recvfrom(s, bufp, sizeof(buf) - 8,
+ 0, (struct sockaddr *)&from, &fromlen);
+ if (rv < 0) {
+ syslog(LOG_ERR, "recvfrom: %m");
+ sleep(1);
+ continue;
+ }
+
+ if (packet_is_reply(&from)) {
+ /* this is a reply, forward back to user */
+
+ to = &reply;
+ reply.sin_family = AF_INET;
+ bcopy(bufp, &reply.sin_addr.s_addr, 4);
+ bcopy(bufp + 4, &reply.sin_port, 2);
+ sendptr = bufp + 8;
+ sendlen = rv - 8;
+ }
+ else {
+ /* this is a request, forward to server */
+
+ cur_server = (cur_server + 1) % num_servers;
+ to = &servers[cur_server];
+
+ bcopy(&from.sin_addr.s_addr, bufp - 8, 4);
+ bcopy(&from.sin_port, bufp - 4, 2);
+
+ sendptr = bufp - 8;
+ sendlen = rv + 8;
+ }
+
+ {
+ char a1[16], a2[16];
+ strcpy(a1, inet_ntoa(from.sin_addr));
+ strcpy(a2, inet_ntoa(to->sin_addr));
+
+ syslog(LOG_INFO, "forwarding %d bytes from %s/%d to %s/%d\n",
+ sendlen, a1, htons(from.sin_port), a2, htons(to->sin_port));
+ }
+
+ rv = sendto(s, sendptr, sendlen,
+ 0, (struct sockaddr *)to, sizeof(*to));
+ if (rv < 0) {
+ syslog(LOG_ERR, "sendto: %m");
+ }
+ }
+}
projects / packages / o / openafs.git / commitdiff