From: Simon Wilkinson Date: Sun, 20 May 2012 11:57:00 +0000 (+0100) Subject: auth: Relocate NetRestrict support functions X-Git-Tag: upstream/1.8.0_pre1^2~2062 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=1e76c59ea52b35f4d478fdbe85456160b1e9f8ec;p=packages%2Fo%2Fopenafs.git auth: Relocate NetRestrict support functions Pull the NetRestrict and NetInfo support functions out of libutil, and into libauth. This starts to concentrate all of our configuration file parsing functions into the same place. It also gets rid of a circular dependency. NetRestrict parsing relies on functions from rx, so with this in libutil, we had the dependency chain util->rx->util Change-Id: I250d4d8264da8db61f603a06d1b7fdab44384cd3 Reviewed-on: http://gerrit.openafs.org/8027 Tested-by: BuildBot Reviewed-by: Derrick Brashear --- diff --git a/src/WINNT/install/wix/files.wxi b/src/WINNT/install/wix/files.wxi index 764ff6fb7..c3e864fd8 100644 --- a/src/WINNT/install/wix/files.wxi +++ b/src/WINNT/install/wix/files.wxi @@ -1589,7 +1589,6 @@ - diff --git a/src/afsd/afsd.c b/src/afsd/afsd.c index adc63b040..9050ef535 100644 --- a/src/afsd/afsd.c +++ b/src/afsd/afsd.c @@ -398,10 +398,9 @@ afsd_update_addresses(CFRunLoopTimerRef timer, void *info) char reason[1024]; int code; - code = - parseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, reason, - AFSDIR_CLIENT_NETINFO_FILEPATH, - AFSDIR_CLIENT_NETRESTRICT_FILEPATH); + code = afsconf_ParseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, + reason, AFSDIR_CLIENT_NETINFO_FILEPATH, + AFSDIR_CLIENT_NETRESTRICT_FILEPATH); if (code > 0) { /* Note we're refreshing */ @@ -2125,10 +2124,9 @@ afsd_run(void) afs_uint32 addrbuf[MAXIPADDRS], maskbuf[MAXIPADDRS], mtubuf[MAXIPADDRS]; char reason[1024]; - code = - parseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, reason, - AFSDIR_CLIENT_NETINFO_FILEPATH, - AFSDIR_CLIENT_NETRESTRICT_FILEPATH); + code = afsconf_ParseNetFiles(addrbuf, maskbuf, mtubuf, MAXIPADDRS, reason, + AFSDIR_CLIENT_NETINFO_FILEPATH, + AFSDIR_CLIENT_NETRESTRICT_FILEPATH); if (code > 0) { if (enable_rxbind) code = code | 0x80000000; diff --git a/src/auth/Makefile.in b/src/auth/Makefile.in index 8f2cf1cb6..4825a4207 100644 --- a/src/auth/Makefile.in +++ b/src/auth/Makefile.in @@ -11,9 +11,9 @@ include @TOP_OBJDIR@/src/config/Makefile.lwp OBJS= cellconfig.o keys.o ktc.o userok.o writeconfig.o authcon.o \ - acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o + acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o netrestrict.o KOBJS= cellconfig.o keys.o ktc.krb.o userok.o writeconfig.o authcon.o \ - acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o + acfg_errors.o ktc_errors.o token.xdr.o token.o realms.o netrestrict.o LIBS=libauth.a \ ${TOP_LIBDIR}/librxkad.a \ @@ -71,6 +71,7 @@ cellconfig.o: cellconfig.c ${INCLS} copyauth.o: copyauth.c ${INCLS} AFS_component_version_number.o setkey.o: setkey.c ${INCLS} AFS_component_version_number.o realms.o: realms.c ${INCLS} +netrestrict.o: ${INCLS} CFLAGS_ktc.krb.o = -DAFS_KERBEROS_ENV ktc.krb.o: ktc.c ${INCLS} ${TOP_INCDIR}/afs/vice.h diff --git a/src/auth/NTMakefile b/src/auth/NTMakefile index feb304070..37146e821 100644 --- a/src/auth/NTMakefile +++ b/src/auth/NTMakefile @@ -47,6 +47,7 @@ AFSAUTH_LIBOBJS =\ $(OUT)\ktc_nt.obj \ $(OUT)\token.obj \ $(OUT)\token.xdr.obj \ + $(OUT)\netrestrict.obj \ $(OUT)\AFS_component_version_number.obj AFSDOBJS =\ diff --git a/src/auth/cellconfig.p.h b/src/auth/cellconfig.p.h index 57519683d..f22153d97 100644 --- a/src/auth/cellconfig.p.h +++ b/src/auth/cellconfig.p.h @@ -260,6 +260,18 @@ extern int afsconf_IsLocalRealmMatch(struct afsconf_dir *dir, afs_int32 * local, const char *name, const char *instance, const char *cell); +/* netrestrict.c */ + +extern int afsconf_ParseNetRestrictFile(afs_uint32 outAddrs[], + afs_uint32 * mask, afs_uint32 * mtu, + afs_uint32 maxAddrs, afs_uint32 * nAddrs, + char reason[], const char *fileName); + +extern int afsconf_ParseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[], + afs_uint32 mtubuf[], afs_uint32 max, + char reason[], const char *niFileName, + const char *nrFileName); + /* some well-known ports and their names; new additions to table in cellconfig.c, too */ #define AFSCONF_FILESERVICE "afs" #define AFSCONF_FILEPORT 7000 diff --git a/src/auth/netrestrict.c b/src/auth/netrestrict.c new file mode 100644 index 000000000..9c5675e2d --- /dev/null +++ b/src/auth/netrestrict.c @@ -0,0 +1,480 @@ +/* + * Copyright 2000, International Business Machines Corporation and others. + * All Rights Reserved. + * + * This software has been released under the terms of the IBM Public + * License. For details, see the LICENSE file in the top-level source + * directory or online at http://www.openafs.org/dl/license10.html + */ + +/* + * Network utility functions + * Parsing NetRestrict file and filtering IP addresses + */ + +#include +#include + +#include +#include + +#include +#include + +#include "cellconfig.h" + +#define AFS_IPINVALID 0xffffffff /* invalid IP address */ +#define AFS_IPINVALIDIGNORE 0xfffffffe /* no input given to extractAddr */ +#define MAX_NETFILE_LINE 2048 /* length of a line in the netrestrict file */ +#define MAXIPADDRS 1024 /* from afsd.c */ + +static int ParseNetInfoFile_int(afs_uint32 *, afs_uint32 *, afs_uint32 *, + int, char reason[], const char *, + int); +/* + * The line parameter is a pointer to a buffer containing a string of + * bytes of the form +** w.x.y.z # machineName + * returns the network interface IP Address in NBO + */ +afs_uint32 +extract_Addr(char *line, int maxSize) +{ + char bytes[4][32]; + int i = 0, n = 0; + char *endPtr; + afs_uint32 val[4]; + afs_uint32 retval = 0; + + /* skip empty spaces */ + while (isspace(*line) && maxSize) { + line++; + maxSize--; + } + /* skip empty lines */ + if (!maxSize || !*line) + return AFS_IPINVALIDIGNORE; + + for (n = 0; n < 4; n++) { + while ((*line != '.') && !isspace(*line) && maxSize) { /* extract nth byte */ + if (!isdigit(*line)) + return AFS_IPINVALID; + if (i > 31) + return AFS_IPINVALID; /* no space */ + bytes[n][i++] = *line++; + maxSize--; + } /* while */ + if (!maxSize) + return AFS_IPINVALID; + bytes[n][i] = 0; + i = 0, line++; + errno = 0; + val[n] = strtol(bytes[n], &endPtr, 10); + if ((val[n] == 0) && (errno != 0 || bytes[n] == endPtr)) /* no conversion */ + return AFS_IPINVALID; + } /* for */ + + retval = (val[0] << 24) | (val[1] << 16) | (val[2] << 8) | val[3]; + return htonl(retval); +} + + + + +/* parseNetRestrictFile() + * Get a list of IP addresses for this host removing any address found + * in the config file (fileName parameter): /usr/vice/etc/NetRestrict + * for clients and /usr/afs/local/NetRestrict for servers. + * + * Returns the number of valid addresses in outAddrs[] and count in + * nAddrs. Returns 0 on success; or 1 if the config file was not + * there or empty (we still return the host's IP addresses). Returns + * -1 on fatal failure with reason in the reason argument (so the + * caller can choose to ignore the entire file but should write + * something to a log file). + * + * All addresses should be in NBO (as returned by rx_getAllAddrMaskMtu() and + * parsed by extract_Addr(). + */ +/* + afs_uint32 outAddrs[]; * output address array * + afs_uint32 *mask, *mtu; * optional mask and mtu * + afs_uint32 maxAddrs; * max number of addresses * + afs_uint32 *nAddrs; * number of Addresses in output array * + char reason[]; * reason for failure * + const char *fileName; * filename to parse * +*/ + +static int +parseNetRestrictFile_int(afs_uint32 outAddrs[], afs_uint32 * mask, + afs_uint32 * mtu, afs_uint32 maxAddrs, + afs_uint32 * nAddrs, char reason[], + const char *fileName, const char *fileName_ni) +{ + FILE *fp; + char line[MAX_NETFILE_LINE]; + int lineNo, usedfile = 0; + afs_uint32 i, neaddrs, nOutaddrs; + afs_uint32 addr, eAddrs[MAXIPADDRS], eMask[MAXIPADDRS], eMtu[MAXIPADDRS]; + + osi_Assert(outAddrs); + osi_Assert(reason); + osi_Assert(fileName); + osi_Assert(nAddrs); + if (mask) + osi_Assert(mtu); + + /* Initialize */ + *nAddrs = 0; + for (i = 0; i < maxAddrs; i++) + outAddrs[i] = 0; + strcpy(reason, ""); + + /* get all network interfaces from the kernel */ + neaddrs = rx_getAllAddrMaskMtu(eAddrs, eMask, eMtu, MAXIPADDRS); + if (neaddrs <= 0) { + sprintf(reason, "No existing IP interfaces found"); + return -1; + } + i = 0; + if ((neaddrs < MAXIPADDRS) && fileName_ni) + i = ParseNetInfoFile_int(&(eAddrs[neaddrs]), &(eMask[neaddrs]), + &(eMtu[neaddrs]), MAXIPADDRS-neaddrs, reason, + fileName_ni, 1); + + if (i > 0) + neaddrs += i; + + if ((fp = fopen(fileName, "r")) == 0) { + sprintf(reason, "Could not open file %s for reading:%s", fileName, + strerror(errno)); + goto done; + } + + /* For each line in the NetRestrict file */ + lineNo = 0; + usedfile = 0; + while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) { + lineNo++; /* input line number */ + addr = extract_Addr(line, strlen(line)); + if (addr == AFS_IPINVALID) { /* syntactically invalid */ + fprintf(stderr, "%s : line %d : parse error - invalid IP\n", + fileName, lineNo); + continue; + } + if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */ + fprintf(stderr, "%s : line %d : invalid address ... ignoring\n", + fileName, lineNo); + continue; + } + usedfile = 1; + + /* Check if we need to exclude this address */ + for (i = 0; i < neaddrs; i++) { + if (eAddrs[i] && (eAddrs[i] == addr)) { + eAddrs[i] = 0; /* Yes - exclude it by zeroing it for now */ + } + } + } /* while */ + + fclose(fp); + + if (!usedfile) { + sprintf(reason, "No valid IP addresses in %s\n", fileName); + goto done; + } + + done: + /* Collect the addresses we have left to return */ + nOutaddrs = 0; + for (i = 0; i < neaddrs; i++) { + if (!eAddrs[i]) + continue; + outAddrs[nOutaddrs] = eAddrs[i]; + if (mask) { + mask[nOutaddrs] = eMask[i]; + mtu[nOutaddrs] = eMtu[i]; + } + if (++nOutaddrs >= maxAddrs) + break; + } + if (nOutaddrs == 0) { + sprintf(reason, "No addresses to use after parsing %s", fileName); + return -1; + } + *nAddrs = nOutaddrs; + return (usedfile ? 0 : 1); /* 0=>used the file. 1=>didn't use file */ +} + +int +afsconf_ParseNetRestrictFile(afs_uint32 outAddrs[], afs_uint32 * mask, + afs_uint32 * mtu, afs_uint32 maxAddrs, + afs_uint32 * nAddrs, char reason[], + const char *fileName) +{ + return parseNetRestrictFile_int(outAddrs, mask, mtu, maxAddrs, nAddrs, reason, fileName, NULL); +} + +/* + * this function reads in stuff from InterfaceAddr file in + * /usr/vice/etc ( if it exists ) and verifies the addresses + * specified. + * 'final' contains all those addresses that are found to + * be valid. This function returns the number of valid + * interface addresses. Pulled out from afsd.c + */ +static int +ParseNetInfoFile_int(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu, + int max, char reason[], const char *fileName, + int fakeonly) +{ + + afs_uint32 existingAddr[MAXIPADDRS], existingMask[MAXIPADDRS], + existingMtu[MAXIPADDRS]; + char line[MAX_NETFILE_LINE]; + FILE *fp; + int i, existNu, count = 0; + afs_uint32 addr; + int lineNo = 0; + int l; + + osi_Assert(fileName); + osi_Assert(final); + osi_Assert(mask); + osi_Assert(mtu); + osi_Assert(reason); + + /* get all network interfaces from the kernel */ + existNu = + rx_getAllAddrMaskMtu(existingAddr, existingMask, existingMtu, + MAXIPADDRS); + if (existNu < 0) + return existNu; + + if ((fp = fopen(fileName, "r")) == 0) { + /* If file does not exist or is not readable, then + * use all interface addresses. + */ + sprintf(reason, + "Failed to open %s(%s)\nUsing all configured addresses\n", + fileName, strerror(errno)); + for (i = 0; i < existNu; i++) { + final[i] = existingAddr[i]; + mask[i] = existingMask[i]; + mtu[i] = existingMtu[i]; + } + return existNu; + } + + /* For each line in the NetInfo file */ + while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) { + int fake = 0; + + /* See if first char is an 'F' for fake */ + /* Added to allow the fileserver to advertise fake IPS for use with + * the translation tables for NAT-like firewalls - defect 12462 */ + for (fake = 0; ((fake < strlen(line)) && isspace(line[fake])); + fake++); + if ((fake < strlen(line)) + && ((line[fake] == 'f') || (line[fake] == 'F'))) { + fake++; + } else { + fake = 0; + } + + lineNo++; /* input line number */ + addr = extract_Addr(&line[fake], strlen(&line[fake])); + + if (addr == AFS_IPINVALID) { /* syntactically invalid */ + fprintf(stderr, "afs:%s : line %d : parse error\n", fileName, + lineNo); + continue; + } + if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */ + continue; + } + + /* See if it is an address that really exists */ + for (i = 0; i < existNu; i++) { + if (existingAddr[i] == addr) + break; + } + if ((i >= existNu) && (!fake)) + continue; /* not found/fake - ignore */ + + /* Check if it is a duplicate address we alread have */ + for (l = 0; l < count; l++) { + if (final[l] == addr) + break; + } + if (l < count) { + fprintf(stderr, "afs:%x specified twice in NetInfo file\n", + ntohl(addr)); + continue; /* duplicate addr - ignore */ + } + + if (count > max) { /* no more space */ + fprintf(stderr, + "afs:Too many interfaces. The current kernel configuration supports a maximum of %d interfaces\n", + max); + } else if (fake) { + if (!fake) + fprintf(stderr, "Client (2) also has address %s\n", line); + final[count] = addr; + mask[count] = 0xffffffff; + mtu[count] = htonl(1500); + count++; + } else if (!fakeonly) { + final[count] = existingAddr[i]; + mask[count] = existingMask[i]; + mtu[count] = existingMtu[i]; + count++; + } + } /* while */ + + /* in case of any error, we use all the interfaces present */ + if (count <= 0) { + sprintf(reason, + "Error in reading/parsing Interface file\nUsing all configured interface addresses \n"); + for (i = 0; i < existNu; i++) { + final[i] = existingAddr[i]; + mask[i] = existingMask[i]; + mtu[i] = existingMtu[i]; + } + return existNu; + } + return count; +} + +int +afsconf_ParseNetInfoFile(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu, + int max, char reason[], const char *fileName) +{ + return ParseNetInfoFile_int(final, mask, mtu, max, reason, fileName, 0); +} + +/* + * Given two arrays of addresses, masks and mtus find the common ones + * and return them in the first buffer. Return number of common + * entries. + */ +static int +filterAddrs(afs_uint32 addr1[], afs_uint32 addr2[], afs_uint32 mask1[], + afs_uint32 mask2[], afs_uint32 mtu1[], afs_uint32 mtu2[], int n1, + int n2) +{ + afs_uint32 taddr[MAXIPADDRS]; + afs_uint32 tmask[MAXIPADDRS]; + afs_uint32 tmtu[MAXIPADDRS]; + int count = 0, i = 0, j = 0, found = 0; + + osi_Assert(addr1); + osi_Assert(addr2); + osi_Assert(mask1); + osi_Assert(mask2); + osi_Assert(mtu1); + osi_Assert(mtu2); + + for (i = 0; i < n1; i++) { + found = 0; + for (j = 0; j < n2; j++) { + if (addr1[i] == addr2[j]) { + found = 1; + break; + } + } + + /* Always mask loopback address */ + if (found && rx_IsLoopbackAddr(addr1[i])) + found = 0; + + if (found) { + taddr[count] = addr1[i]; + tmask[count] = mask1[i]; + tmtu[count] = mtu1[i]; + count++; + } + } + /* copy everything into addr1, mask1 and mtu1 */ + for (i = 0; i < count; i++) { + addr1[i] = taddr[i]; + if (mask1) { + mask1[i] = tmask[i]; + mtu1[i] = tmtu[i]; + } + } + /* and zero out the rest */ + for (i = count; i < n1; i++) { + addr1[i] = 0; + if (mask1) { + mask1[i] = 0; + mtu1[i] = 0; + } + } + return count; +} + +/* + * parse both netinfo and netrerstrict files and return the final + * set of IP addresses to use + */ +/* max - Entries in addrbuf, maskbuf and mtubuf */ +int +afsconf_ParseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[], + afs_uint32 mtubuf[], afs_uint32 max, char reason[], + const char *niFileName, const char *nrFileName) +{ + afs_uint32 addrbuf1[MAXIPADDRS], maskbuf1[MAXIPADDRS], + mtubuf1[MAXIPADDRS]; + afs_uint32 addrbuf2[MAXIPADDRS], maskbuf2[MAXIPADDRS], + mtubuf2[MAXIPADDRS]; + int nAddrs1 = 0; + afs_uint32 nAddrs2 = 0; + int code, i; + + nAddrs1 = + afsconf_ParseNetInfoFile(addrbuf1, maskbuf1, mtubuf1, MAXIPADDRS, + reason, niFileName); + code = + parseNetRestrictFile_int(addrbuf2, maskbuf2, mtubuf2, MAXIPADDRS, + &nAddrs2, reason, nrFileName, niFileName); + if ((nAddrs1 < 0) && (code)) { + /* both failed */ + return -1; + } else if ((nAddrs1 > 0) && (code)) { + /* netinfo succeeded and netrestrict failed */ + for (i = 0; ((i < nAddrs1) && (i < max)); i++) { + addrbuf[i] = addrbuf1[i]; + if (maskbuf) { + maskbuf[i] = maskbuf1[i]; + mtubuf[i] = mtubuf1[i]; + } + } + return i; + } else if ((!code) && (nAddrs1 < 0)) { + /* netrestrict succeeded and netinfo failed */ + for (i = 0; ((i < nAddrs2) && (i < max)); i++) { + addrbuf[i] = addrbuf2[i]; + if (maskbuf) { + maskbuf[i] = maskbuf2[i]; + mtubuf[i] = mtubuf2[i]; + } + } + return i; + } else if ((!code) && (nAddrs1 >= 0)) { + /* both succeeded */ + /* take the intersection of addrbuf1 and addrbuf2 */ + code = + filterAddrs(addrbuf1, addrbuf2, maskbuf1, maskbuf2, mtubuf1, + mtubuf2, nAddrs1, nAddrs2); + for (i = 0; ((i < code) && (i < max)); i++) { + addrbuf[i] = addrbuf1[i]; + if (maskbuf) { + maskbuf[i] = maskbuf1[i]; + mtubuf[i] = mtubuf1[i]; + } + } + return i; + } + return 0; +} diff --git a/src/bozo/bosserver.c b/src/bozo/bosserver.c index bab0f622e..9ab975b94 100644 --- a/src/bozo/bosserver.c +++ b/src/bozo/bosserver.c @@ -1060,10 +1060,10 @@ main(int argc, char **argv, char **envp) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); } diff --git a/src/budb/server.c b/src/budb/server.c index 14c83446e..dd8f24f1b 100644 --- a/src/budb/server.c +++ b/src/budb/server.c @@ -514,10 +514,10 @@ main(int argc, char **argv) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); diff --git a/src/butc/tcmain.c b/src/butc/tcmain.c index 088def14f..98e6f71fd 100644 --- a/src/butc/tcmain.c +++ b/src/butc/tcmain.c @@ -1028,10 +1028,10 @@ WorkerBee(struct cmd_syndesc *as, void *arock) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); diff --git a/src/dviced/Makefile.in b/src/dviced/Makefile.in index 30fbefec5..b4246d42d 100644 --- a/src/dviced/Makefile.in +++ b/src/dviced/Makefile.in @@ -34,7 +34,7 @@ LWPOBJS=lock.o threadname.o LIBACLOBJS=aclprocs.o netprocs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o DIROBJS=buffer.o dir.o salvage.o @@ -100,9 +100,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) -I../util $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/dvolser/Makefile.in b/src/dvolser/Makefile.in index 0ebd20759..e35123e09 100644 --- a/src/dvolser/Makefile.in +++ b/src/dvolser/Makefile.in @@ -30,7 +30,7 @@ LWPOBJS=lock.o threadname.o LIBACLOBJS=aclprocs.o netprocs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o DIROBJS=buffer.o dir.o salvage.o @@ -110,9 +110,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) -I../util $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/kauth/kaserver.c b/src/kauth/kaserver.c index 146239cb7..108bfa98d 100644 --- a/src/kauth/kaserver.c +++ b/src/kauth/kaserver.c @@ -379,10 +379,10 @@ main(int argc, char *argv[]) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); diff --git a/src/libafsauthent/Makefile.in b/src/libafsauthent/Makefile.in index 160268251..92d325de6 100644 --- a/src/libafsauthent/Makefile.in +++ b/src/libafsauthent/Makefile.in @@ -36,7 +36,8 @@ AUTHOBJS = \ acfg_errors.o \ token.o \ token.xdr.o \ - realms.o + realms.o \ + netrestrict.o KAUTHOBJS = \ kauth.xdr.o \ @@ -227,6 +228,9 @@ ptclient.o: ${PTSERVER}/ptclient.c realms.o: ${AUTH}/realms.c ${AFS_CCRULE} -I../auth ${AUTH}/realms.c +netrestrict.o: ${AUTH}/netrestrict.c + ${AFS_CCRULE} -I../auth ${AUTH}/netrestrict.c + ptuser.o: ${PTSERVER}/ptuser.c ${AFS_CCRULE} -I../ptserver ${PTSERVER}/ptuser.c diff --git a/src/libafsauthent/NTMakefile b/src/libafsauthent/NTMakefile index c06436ede..1a04fb3f5 100644 --- a/src/libafsauthent/NTMakefile +++ b/src/libafsauthent/NTMakefile @@ -45,7 +45,8 @@ AUTHOBJS = \ $(OUT)\keys.obj \ $(OUT)\token.obj \ $(OUT)\token.xdr.obj \ - $(OUT)\acfg_errors.obj + $(OUT)\acfg_errors.obj \ + $(OUT)\netrestrict.obj KAUTHOBJS = \ $(OUT)\kauth.xdr.obj \ diff --git a/src/libafsauthent/afsauthent.def b/src/libafsauthent/afsauthent.def index 02243fe6f..e46e55ddb 100644 --- a/src/libafsauthent/afsauthent.def +++ b/src/libafsauthent/afsauthent.def @@ -154,3 +154,4 @@ EXPORTS afsconf_SetSecurityFlags @153 afsconf_SetLocalRealm @154 afsconf_IsLocalRealmMatch @155 + afsconf_ParseNetFiles @156 diff --git a/src/libuafs/Makefile.common.in b/src/libuafs/Makefile.common.in index 2439c7a71..eb73b2034 100644 --- a/src/libuafs/Makefile.common.in +++ b/src/libuafs/Makefile.common.in @@ -216,7 +216,7 @@ UAFSOBJ = \ $(UOBJ)/casestrcpy.o \ $(UOBJ)/dirpath.o \ $(UOBJ)/fileutil.o \ - $(UOBJ)/netutils.o \ + $(UOBJ)/netrestrict.o \ $(UOBJ)/et_name.o \ $(UOBJ)/com_err.o \ $(UOBJ)/error_msg.o \ @@ -365,7 +365,7 @@ PICUAFSOBJ = \ $(PICOBJ)/casestrcpy.o \ $(PICOBJ)/dirpath.o \ $(PICOBJ)/fileutil.o \ - $(PICOBJ)/netutils.o \ + $(PICOBJ)/netrestrict.o \ $(PICOBJ)/et_name.o \ $(PICOBJ)/com_err.o \ $(PICOBJ)/error_msg.o \ @@ -514,7 +514,7 @@ AFSWEBOBJ = \ $(WEBOBJ)/casestrcpy.o \ $(WEBOBJ)/dirpath.o \ $(WEBOBJ)/fileutil.o \ - $(WEBOBJ)/netutils.o \ + $(WEBOBJ)/netrestrict.o \ $(WEBOBJ)/et_name.o \ $(WEBOBJ)/com_err.o \ $(WEBOBJ)/error_msg.o \ @@ -657,7 +657,7 @@ AFSWEBOBJKRB = \ $(WEBOBJ)/casestrcpy.o \ $(WEBOBJ)/dirpath.o \ $(WEBOBJ)/fileutil.o \ - $(WEBOBJ)/netutils.o \ + $(WEBOBJ)/netrestrict.o \ $(WEBOBJ)/et_name.o \ $(WEBOBJ)/com_err.o \ $(WEBOBJ)/error_msg.o \ @@ -804,7 +804,7 @@ JUAFSOBJ = \ $(JUAFS)/casestrcpy.o \ $(JUAFS)/dirpath.o \ $(JUAFS)/fileutil.o \ - $(JUAFS)/netutils.o \ + $(JUAFS)/netrestrict.o \ $(JUAFS)/et_name.o \ $(JUAFS)/com_err.o \ $(JUAFS)/error_msg.o \ @@ -1116,7 +1116,7 @@ $(UOBJ)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c $(CRULE1) $(UOBJ)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c $(CRULE1) -$(UOBJ)/netutils.o: $(TOP_SRCDIR)/util/netutils.c +$(UOBJ)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c $(CRULE1) $(UOBJ)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c $(CRULE1) @@ -1421,7 +1421,7 @@ $(PICOBJ)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c $(CRULEPIC) $(PICOBJ)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c $(CRULEPIC) -$(PICOBJ)/netutils.o: $(TOP_SRCDIR)/util/netutils.c +$(PICOBJ)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c $(CRULEPIC) $(PICOBJ)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c $(CRULEPIC) @@ -1735,7 +1735,7 @@ $(WEBOBJ)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c $(CRULE1) $(WEBOBJ)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c $(CRULE1) -$(WEBOBJ)/netutils.o: $(TOP_SRCDIR)/util/netutils.c +$(WEBOBJ)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c $(CRULE1) $(WEBOBJ)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c $(CRULE2) @@ -2035,7 +2035,7 @@ $(JUAFS)/dirpath.o: $(TOP_SRCDIR)/util/dirpath.c $(CRULE1) $(JUAFS)/fileutil.o: $(TOP_SRCDIR)/util/fileutil.c $(CRULE1) -$(JUAFS)/netutils.o: $(TOP_SRCDIR)/util/netutils.c +$(JUAFS)/netrestrict.o: $(TOP_SRCDIR)/auth/netrestrict.c $(CRULE1) $(JUAFS)/et_name.o: $(TOP_SRCDIR)/comerr/et_name.c $(CRULE1) diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c index 2fc746256..b73e0c50b 100644 --- a/src/ptserver/ptserver.c +++ b/src/ptserver/ptserver.c @@ -492,10 +492,10 @@ main(int argc, char **argv) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); diff --git a/src/tbudb/Makefile.in b/src/tbudb/Makefile.in index ba24342ef..6107ff17c 100644 --- a/src/tbudb/Makefile.in +++ b/src/tbudb/Makefile.in @@ -18,7 +18,7 @@ BUDB=$(srcdir)/../budb RXOBJS= rx_pthread.o rxkad_errs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \ +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \ volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o @@ -90,9 +90,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/tptserver/Makefile.in b/src/tptserver/Makefile.in index ab54bff77..38e54da4a 100644 --- a/src/tptserver/Makefile.in +++ b/src/tptserver/Makefile.in @@ -18,7 +18,7 @@ PTSERVER=$(srcdir)/../ptserver RXOBJS= rx_pthread.o rxkad_errs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \ +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \ volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o \ pthread_threadname.o @@ -82,9 +82,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/tsalvaged/Makefile.in b/src/tsalvaged/Makefile.in index e4df38ff0..199a9b0c2 100644 --- a/src/tsalvaged/Makefile.in +++ b/src/tsalvaged/Makefile.in @@ -34,7 +34,7 @@ DIROBJS=buffer.o dir.o salvage.o LWPOBJS=lock.o threadname.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o fstab.o +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o fstab.o VLIBOBJS=volume.o vnode.o vutil.o partition.o fssync-client.o \ clone.o nuke.o devname.o listinodes.o ihandle.o \ @@ -129,9 +129,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) -I../util $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/tsalvaged/NTMakefile b/src/tsalvaged/NTMakefile index 2e5b49a8f..17b5421a5 100644 --- a/src/tsalvaged/NTMakefile +++ b/src/tsalvaged/NTMakefile @@ -47,7 +47,6 @@ UTILOBJS =\ $(OUT)\uuid.obj \ $(OUT)\serverLog.obj \ $(OUT)\fileutil.obj \ - $(OUT)\netutils.obj \ $(OUT)\dirpath.obj \ $(OUT)\volparse.obj \ $(OUT)\flipbase64.obj \ diff --git a/src/tubik/Makefile.in b/src/tubik/Makefile.in index ba7b202d3..8a2e639aa 100644 --- a/src/tubik/Makefile.in +++ b/src/tubik/Makefile.in @@ -26,7 +26,7 @@ INCLS=${TOP_INCDIR}/lwp.h ${TOP_INCDIR}/lock.h \ RXOBJS = rx_pthread.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \ +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \ volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o \ pthread_threadname.o @@ -72,9 +72,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/tvlserver/Makefile.in b/src/tvlserver/Makefile.in index 6648b3f57..7a1fa5e9d 100644 --- a/src/tvlserver/Makefile.in +++ b/src/tvlserver/Makefile.in @@ -18,7 +18,7 @@ VLSERVER=$(srcdir)/../vlserver RXOBJS= rx_pthread.o rxkad_errs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o \ +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o \ volparse.o flipbase64.o softsig.o hostparse.o pthread_glock.o \ pthread_threadname.o @@ -75,9 +75,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/tvolser/Makefile.in b/src/tvolser/Makefile.in index 8a2153904..3f3e27a59 100644 --- a/src/tvolser/Makefile.in +++ b/src/tvolser/Makefile.in @@ -33,7 +33,7 @@ LWPOBJS=lock.o threadname.o LIBACLOBJS=aclprocs.o netprocs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o DIROBJS=buffer.o dir.o salvage.o @@ -116,9 +116,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) -I../util $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/ubik/Makefile.in b/src/ubik/Makefile.in index 7f167d53b..00bd23d99 100644 --- a/src/ubik/Makefile.in +++ b/src/ubik/Makefile.in @@ -18,7 +18,7 @@ INCLS=${TOP_INCDIR}/lwp.h ${TOP_INCDIR}/lock.h \ ${TOP_INCDIR}/rx/rx.h ${TOP_INCDIR}/rx/xdr.h \ ${TOP_INCDIR}/lock.h ubik.h ubik_int.h -LIBS=${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a \ +LIBS=${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/libauth.a \ ${TOP_LIBDIR}/libafscom_err.a ${TOP_LIBDIR}/libcmd.a \ ${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/libafsutil.a \ ${TOP_LIBDIR}/libopr.a ${XLIBS} diff --git a/src/ubik/beacon.c b/src/ubik/beacon.c index 9fdcfc3ff..2c1db5eca 100644 --- a/src/ubik/beacon.c +++ b/src/ubik/beacon.c @@ -20,7 +20,6 @@ #include #ifndef AFS_NT40_ENV #include -#include #endif #define UBIK_INTERNALS @@ -615,10 +614,10 @@ verifyInterfaceAddress(afs_uint32 *ame, struct afsconf_cell *info, * host as returned by rx_getAllAddr (in NBO) */ char reason[1024]; - count = - parseNetFiles(myAddr, NULL, NULL, UBIK_MAX_INTERFACE_ADDR, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + count = afsconf_ParseNetFiles(myAddr, NULL, NULL, + UBIK_MAX_INTERFACE_ADDR, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); if (count < 0) { ubik_print("ubik: Can't register any valid addresses:%s\n", reason); diff --git a/src/update/server.c b/src/update/server.c index 37d79b9b7..b4257c06a 100644 --- a/src/update/server.c +++ b/src/update/server.c @@ -264,10 +264,10 @@ main(int argc, char *argv[]) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE); diff --git a/src/util/Makefile.in b/src/util/Makefile.in index 69866a944..b31ac3b1f 100644 --- a/src/util/Makefile.in +++ b/src/util/Makefile.in @@ -14,7 +14,7 @@ HELPER_SPLINT=@HELPER_SPLINT@ objects =base64.o ktime.o volparse.o hostparse.o exec.o \ hputil.o kreltime.o uuid.o serverLog.o \ - dirpath.o fileutil.o netutils.o flipbase64.o fstab.o \ + dirpath.o fileutil.o flipbase64.o fstab.o \ afs_atomlist.o afs_lhash.o pthread_glock.o tabular_output.o \ pthread_threadname.o ${REGEX_OBJ} @@ -30,7 +30,6 @@ objects_pic = \ serverLog_pic.o \ dirpath_pic.o \ fileutil_pic.o \ - netutils_pic.o \ flipbase64_pic.o \ fstab_pic.o \ afs_atomlist_pic.o \ @@ -47,7 +46,6 @@ includes = \ ${TOP_INCDIR}/afs/vice.h \ ${TOP_INCDIR}/afs/ktime.h \ ${TOP_INCDIR}/afs/fileutil.h \ - ${TOP_INCDIR}/afs/netutils.h \ ${TOP_INCDIR}/afs/afsutil.h \ ${TOP_INCDIR}/afs/afsutil_prototypes.h \ ${TOP_INCDIR}/afs/pthread_glock.h \ @@ -89,9 +87,6 @@ ${TOP_INCDIR}/afs/ktime.h: ${srcdir}/ktime.h ${TOP_INCDIR}/afs/fileutil.h: ${srcdir}/fileutil.h ${INSTALL_DATA} $? $@ -${TOP_INCDIR}/afs/netutils.h: ${srcdir}/netutils.h - ${INSTALL_DATA} $? $@ - ${TOP_INCDIR}/afs/afsutil.h: ${srcdir}/afsutil.h ${INSTALL_DATA} $? $@ @@ -214,9 +209,6 @@ dirpath_pic.o: ${srcdir}/dirpath.c ${includes} fileutil_pic.o: ${srcdir}/fileutil.c ${includes} $(SHD_CCRULE) ${srcdir}/fileutil.c -netutils_pic.o: ${srcdir}/netutils.c ${includes} - $(SHD_CCRULE) ${srcdir}/netutils.c - flipbase64_pic.o: ${srcdir}/flipbase64.c ${includes} $(SHD_CCRULE) ${srcdir}/flipbase64.c @@ -257,7 +249,6 @@ install: dirpath.h util.a util_pic.a sys ${INSTALL_DATA} ${srcdir}/vice.h ${DESTDIR}${includedir}/afs/vice.h ${INSTALL_DATA} ${srcdir}/ktime.h ${DESTDIR}${includedir}/afs/ktime.h ${INSTALL_DATA} ${srcdir}/fileutil.h ${DESTDIR}${includedir}/afs/fileutil.h - ${INSTALL_DATA} ${srcdir}/netutils.h ${DESTDIR}${includedir}/afs/netutils.h ${INSTALL_DATA} ${srcdir}/afsutil.h ${DESTDIR}${includedir}/afs/afsutil.h ${INSTALL_DATA} ${srcdir}/afsutil_prototypes.h ${DESTDIR}${includedir}/afs/afsutil_prototypes.h ${INSTALL_DATA} ${srcdir}/pthread_glock.h ${DESTDIR}${includedir}/afs/pthread_glock.h @@ -284,7 +275,6 @@ dest: dirpath.h util.a util_pic.a sys ${INSTALL_DATA} ${srcdir}/vice.h ${DEST}/include/afs/vice.h ${INSTALL_DATA} ${srcdir}/ktime.h ${DEST}/include/afs/ktime.h ${INSTALL_DATA} ${srcdir}/fileutil.h ${DEST}/include/afs/fileutil.h - ${INSTALL_DATA} ${srcdir}/netutils.h ${DEST}/include/afs/netutils.h ${INSTALL_DATA} ${srcdir}/afsutil.h ${DEST}/include/afs/afsutil.h ${INSTALL_DATA} ${srcdir}/afsutil_prototypes.h ${DEST}/include/afs/afsutil_prototypes.h ${INSTALL_DATA} ${srcdir}/pthread_glock.h ${DEST}/include/afs/pthread_glock.h @@ -318,5 +308,5 @@ check-splint: sh $(HELPER_SPLINT) $(CFLAGS) \ base64.c ktime.c volparse.c hostparse.c \ hputil.c kreltime.c uuid.c serverLog.c \ - dirpath.c fileutil.c netutils.c flipbase64.c \ + dirpath.c fileutil.c flipbase64.c \ afs_atomlist.c afs_lhash.c fstab.c diff --git a/src/util/NTMakefile b/src/util/NTMakefile index 6a31d47ee..8a908c605 100644 --- a/src/util/NTMakefile +++ b/src/util/NTMakefile @@ -17,7 +17,6 @@ INCFILES =\ $(INCFILEDIR)\afsutil.h \ $(INCFILEDIR)\errors.h \ $(INCFILEDIR)\vice.h \ - $(INCFILEDIR)\netutils.h \ $(INCFILEDIR)\pthread_glock.h \ $(INCFILEDIR)\pthread_nosigs.h \ $(INCFILEDIR)\errmap_nt.h \ @@ -44,7 +43,6 @@ LIBOBJS = \ $(OUT)\krb5_nt.obj \ $(OUT)\kreltime.obj \ $(OUT)\ktime.obj \ - $(OUT)\netutils.obj \ $(OUT)\regex.obj \ $(OUT)\readdir_nt.obj \ $(OUT)\serverLog.obj \ @@ -62,7 +60,6 @@ MT_LIBOBJS = \ $(OUT)\krb5_nt.obj \ $(OUT)\kreltime.obj \ $(OUT)\ktime.obj \ - $(OUT)\netutils.obj \ $(OUT)\regex.obj \ $(OUT)\readdir_nt.obj \ $(OUT)\serverLog_mt.obj \ diff --git a/src/util/afsutil_prototypes.h b/src/util/afsutil_prototypes.h index 15136b16e..b969ab224 100644 --- a/src/util/afsutil_prototypes.h +++ b/src/util/afsutil_prototypes.h @@ -102,23 +102,6 @@ extern afs_int32 ktime_DateToInt32(char *adate, afs_int32 * aint32); extern char *ktime_GetDateUsage(void); extern afs_int32 ktime_InterpretDate(struct ktime_date *akdate); -/* netutils.c */ -extern afs_uint32 extract_Addr(char *line, int maxSize); -extern int parseNetRestrictFile(afs_uint32 outAddrs[], afs_uint32 * mask, - afs_uint32 * mtu, afs_uint32 maxAddrs, - afs_uint32 * nAddrs, char reason[], - const char *fileName); -extern int ParseNetInfoFile(afs_uint32 * final, afs_uint32 * mask, - afs_uint32 * mtu, int max, char reason[], - const char *fileName); -extern int filterAddrs(afs_uint32 addr1[], afs_uint32 addr2[], - afs_uint32 mask1[], afs_uint32 mask2[], - afs_uint32 mtu1[], afs_uint32 mtu2[], int n1, int n2); -extern int parseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[], - afs_uint32 mtubuf[], afs_uint32 max, char reason[], - const char *niFileName, const char *nrFileName); - - /* pthread_glock.c */ diff --git a/src/util/netutils.c b/src/util/netutils.c deleted file mode 100644 index 013cc82a4..000000000 --- a/src/util/netutils.c +++ /dev/null @@ -1,480 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -/* - * Network utility functions - * Parsing NetRestrict file and filtering IP addresses - */ - -#include -#include - -#include -#include - -#include -#include - -#include "afsutil.h" - -#define AFS_IPINVALID 0xffffffff /* invalid IP address */ -#define AFS_IPINVALIDIGNORE 0xfffffffe /* no input given to extractAddr */ -#define MAX_NETFILE_LINE 2048 /* length of a line in the netrestrict file */ -#define MAXIPADDRS 1024 /* from afsd.c */ - -int ParseNetInfoFile_int(afs_uint32 *, afs_uint32 *, afs_uint32 *, - int, char reason[], const char *, - int); -/* - * The line parameter is a pointer to a buffer containing a string of - * bytes of the form -** w.x.y.z # machineName - * returns the network interface IP Address in NBO - */ -afs_uint32 -extract_Addr(char *line, int maxSize) -{ - char bytes[4][32]; - int i = 0, n = 0; - char *endPtr; - afs_uint32 val[4]; - afs_uint32 retval = 0; - - /* skip empty spaces */ - while (isspace(*line) && maxSize) { - line++; - maxSize--; - } - /* skip empty lines */ - if (!maxSize || !*line) - return AFS_IPINVALIDIGNORE; - - for (n = 0; n < 4; n++) { - while ((*line != '.') && !isspace(*line) && maxSize) { /* extract nth byte */ - if (!isdigit(*line)) - return AFS_IPINVALID; - if (i > 31) - return AFS_IPINVALID; /* no space */ - bytes[n][i++] = *line++; - maxSize--; - } /* while */ - if (!maxSize) - return AFS_IPINVALID; - bytes[n][i] = 0; - i = 0, line++; - errno = 0; - val[n] = strtol(bytes[n], &endPtr, 10); - if ((val[n] == 0) && (errno != 0 || bytes[n] == endPtr)) /* no conversion */ - return AFS_IPINVALID; - } /* for */ - - retval = (val[0] << 24) | (val[1] << 16) | (val[2] << 8) | val[3]; - return htonl(retval); -} - - - - -/* parseNetRestrictFile() - * Get a list of IP addresses for this host removing any address found - * in the config file (fileName parameter): /usr/vice/etc/NetRestrict - * for clients and /usr/afs/local/NetRestrict for servers. - * - * Returns the number of valid addresses in outAddrs[] and count in - * nAddrs. Returns 0 on success; or 1 if the config file was not - * there or empty (we still return the host's IP addresses). Returns - * -1 on fatal failure with reason in the reason argument (so the - * caller can choose to ignore the entire file but should write - * something to a log file). - * - * All addresses should be in NBO (as returned by rx_getAllAddrMaskMtu() and - * parsed by extract_Addr(). - */ -/* - afs_uint32 outAddrs[]; * output address array * - afs_uint32 *mask, *mtu; * optional mask and mtu * - afs_uint32 maxAddrs; * max number of addresses * - afs_uint32 *nAddrs; * number of Addresses in output array * - char reason[]; * reason for failure * - const char *fileName; * filename to parse * -*/ - -int -parseNetRestrictFile_int(afs_uint32 outAddrs[], afs_uint32 * mask, - afs_uint32 * mtu, afs_uint32 maxAddrs, - afs_uint32 * nAddrs, char reason[], - const char *fileName, const char *fileName_ni) -{ - FILE *fp; - char line[MAX_NETFILE_LINE]; - int lineNo, usedfile = 0; - afs_uint32 i, neaddrs, nOutaddrs; - afs_uint32 addr, eAddrs[MAXIPADDRS], eMask[MAXIPADDRS], eMtu[MAXIPADDRS]; - - osi_Assert(outAddrs); - osi_Assert(reason); - osi_Assert(fileName); - osi_Assert(nAddrs); - if (mask) - osi_Assert(mtu); - - /* Initialize */ - *nAddrs = 0; - for (i = 0; i < maxAddrs; i++) - outAddrs[i] = 0; - strcpy(reason, ""); - - /* get all network interfaces from the kernel */ - neaddrs = rx_getAllAddrMaskMtu(eAddrs, eMask, eMtu, MAXIPADDRS); - if (neaddrs <= 0) { - sprintf(reason, "No existing IP interfaces found"); - return -1; - } - i = 0; - if ((neaddrs < MAXIPADDRS) && fileName_ni) - i = ParseNetInfoFile_int(&(eAddrs[neaddrs]), &(eMask[neaddrs]), - &(eMtu[neaddrs]), MAXIPADDRS-neaddrs, reason, - fileName_ni, 1); - - if (i > 0) - neaddrs += i; - - if ((fp = fopen(fileName, "r")) == 0) { - sprintf(reason, "Could not open file %s for reading:%s", fileName, - strerror(errno)); - goto done; - } - - /* For each line in the NetRestrict file */ - lineNo = 0; - usedfile = 0; - while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) { - lineNo++; /* input line number */ - addr = extract_Addr(line, strlen(line)); - if (addr == AFS_IPINVALID) { /* syntactically invalid */ - fprintf(stderr, "%s : line %d : parse error - invalid IP\n", - fileName, lineNo); - continue; - } - if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */ - fprintf(stderr, "%s : line %d : invalid address ... ignoring\n", - fileName, lineNo); - continue; - } - usedfile = 1; - - /* Check if we need to exclude this address */ - for (i = 0; i < neaddrs; i++) { - if (eAddrs[i] && (eAddrs[i] == addr)) { - eAddrs[i] = 0; /* Yes - exclude it by zeroing it for now */ - } - } - } /* while */ - - fclose(fp); - - if (!usedfile) { - sprintf(reason, "No valid IP addresses in %s\n", fileName); - goto done; - } - - done: - /* Collect the addresses we have left to return */ - nOutaddrs = 0; - for (i = 0; i < neaddrs; i++) { - if (!eAddrs[i]) - continue; - outAddrs[nOutaddrs] = eAddrs[i]; - if (mask) { - mask[nOutaddrs] = eMask[i]; - mtu[nOutaddrs] = eMtu[i]; - } - if (++nOutaddrs >= maxAddrs) - break; - } - if (nOutaddrs == 0) { - sprintf(reason, "No addresses to use after parsing %s", fileName); - return -1; - } - *nAddrs = nOutaddrs; - return (usedfile ? 0 : 1); /* 0=>used the file. 1=>didn't use file */ -} - -int -parseNetRestrictFile(afs_uint32 outAddrs[], afs_uint32 * mask, - afs_uint32 * mtu, afs_uint32 maxAddrs, - afs_uint32 * nAddrs, char reason[], - const char *fileName) -{ - return parseNetRestrictFile_int(outAddrs, mask, mtu, maxAddrs, nAddrs, reason, fileName, NULL); -} - -/* - * this function reads in stuff from InterfaceAddr file in - * /usr/vice/etc ( if it exists ) and verifies the addresses - * specified. - * 'final' contains all those addresses that are found to - * be valid. This function returns the number of valid - * interface addresses. Pulled out from afsd.c - */ -int -ParseNetInfoFile_int(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu, - int max, char reason[], const char *fileName, - int fakeonly) -{ - - afs_uint32 existingAddr[MAXIPADDRS], existingMask[MAXIPADDRS], - existingMtu[MAXIPADDRS]; - char line[MAX_NETFILE_LINE]; - FILE *fp; - int i, existNu, count = 0; - afs_uint32 addr; - int lineNo = 0; - int l; - - osi_Assert(fileName); - osi_Assert(final); - osi_Assert(mask); - osi_Assert(mtu); - osi_Assert(reason); - - /* get all network interfaces from the kernel */ - existNu = - rx_getAllAddrMaskMtu(existingAddr, existingMask, existingMtu, - MAXIPADDRS); - if (existNu < 0) - return existNu; - - if ((fp = fopen(fileName, "r")) == 0) { - /* If file does not exist or is not readable, then - * use all interface addresses. - */ - sprintf(reason, - "Failed to open %s(%s)\nUsing all configured addresses\n", - fileName, strerror(errno)); - for (i = 0; i < existNu; i++) { - final[i] = existingAddr[i]; - mask[i] = existingMask[i]; - mtu[i] = existingMtu[i]; - } - return existNu; - } - - /* For each line in the NetInfo file */ - while (fgets(line, MAX_NETFILE_LINE, fp) != NULL) { - int fake = 0; - - /* See if first char is an 'F' for fake */ - /* Added to allow the fileserver to advertise fake IPS for use with - * the translation tables for NAT-like firewalls - defect 12462 */ - for (fake = 0; ((fake < strlen(line)) && isspace(line[fake])); - fake++); - if ((fake < strlen(line)) - && ((line[fake] == 'f') || (line[fake] == 'F'))) { - fake++; - } else { - fake = 0; - } - - lineNo++; /* input line number */ - addr = extract_Addr(&line[fake], strlen(&line[fake])); - - if (addr == AFS_IPINVALID) { /* syntactically invalid */ - fprintf(stderr, "afs:%s : line %d : parse error\n", fileName, - lineNo); - continue; - } - if (addr == AFS_IPINVALIDIGNORE) { /* ignore error */ - continue; - } - - /* See if it is an address that really exists */ - for (i = 0; i < existNu; i++) { - if (existingAddr[i] == addr) - break; - } - if ((i >= existNu) && (!fake)) - continue; /* not found/fake - ignore */ - - /* Check if it is a duplicate address we alread have */ - for (l = 0; l < count; l++) { - if (final[l] == addr) - break; - } - if (l < count) { - fprintf(stderr, "afs:%x specified twice in NetInfo file\n", - ntohl(addr)); - continue; /* duplicate addr - ignore */ - } - - if (count > max) { /* no more space */ - fprintf(stderr, - "afs:Too many interfaces. The current kernel configuration supports a maximum of %d interfaces\n", - max); - } else if (fake) { - if (!fake) - fprintf(stderr, "Client (2) also has address %s\n", line); - final[count] = addr; - mask[count] = 0xffffffff; - mtu[count] = htonl(1500); - count++; - } else if (!fakeonly) { - final[count] = existingAddr[i]; - mask[count] = existingMask[i]; - mtu[count] = existingMtu[i]; - count++; - } - } /* while */ - - /* in case of any error, we use all the interfaces present */ - if (count <= 0) { - sprintf(reason, - "Error in reading/parsing Interface file\nUsing all configured interface addresses \n"); - for (i = 0; i < existNu; i++) { - final[i] = existingAddr[i]; - mask[i] = existingMask[i]; - mtu[i] = existingMtu[i]; - } - return existNu; - } - return count; -} - -int -ParseNetInfoFile(afs_uint32 * final, afs_uint32 * mask, afs_uint32 * mtu, - int max, char reason[], const char *fileName) -{ - return ParseNetInfoFile_int(final, mask, mtu, max, reason, fileName, 0); -} - -/* - * Given two arrays of addresses, masks and mtus find the common ones - * and return them in the first buffer. Return number of common - * entries. - */ -int -filterAddrs(afs_uint32 addr1[], afs_uint32 addr2[], afs_uint32 mask1[], - afs_uint32 mask2[], afs_uint32 mtu1[], afs_uint32 mtu2[], int n1, - int n2) -{ - afs_uint32 taddr[MAXIPADDRS]; - afs_uint32 tmask[MAXIPADDRS]; - afs_uint32 tmtu[MAXIPADDRS]; - int count = 0, i = 0, j = 0, found = 0; - - osi_Assert(addr1); - osi_Assert(addr2); - osi_Assert(mask1); - osi_Assert(mask2); - osi_Assert(mtu1); - osi_Assert(mtu2); - - for (i = 0; i < n1; i++) { - found = 0; - for (j = 0; j < n2; j++) { - if (addr1[i] == addr2[j]) { - found = 1; - break; - } - } - - /* Always mask loopback address */ - if (found && rx_IsLoopbackAddr(addr1[i])) - found = 0; - - if (found) { - taddr[count] = addr1[i]; - tmask[count] = mask1[i]; - tmtu[count] = mtu1[i]; - count++; - } - } - /* copy everything into addr1, mask1 and mtu1 */ - for (i = 0; i < count; i++) { - addr1[i] = taddr[i]; - if (mask1) { - mask1[i] = tmask[i]; - mtu1[i] = tmtu[i]; - } - } - /* and zero out the rest */ - for (i = count; i < n1; i++) { - addr1[i] = 0; - if (mask1) { - mask1[i] = 0; - mtu1[i] = 0; - } - } - return count; -} - -/* - * parse both netinfo and netrerstrict files and return the final - * set of IP addresses to use - */ -/* max - Entries in addrbuf, maskbuf and mtubuf */ -int -parseNetFiles(afs_uint32 addrbuf[], afs_uint32 maskbuf[], afs_uint32 mtubuf[], - afs_uint32 max, char reason[], const char *niFileName, - const char *nrFileName) -{ - afs_uint32 addrbuf1[MAXIPADDRS], maskbuf1[MAXIPADDRS], - mtubuf1[MAXIPADDRS]; - afs_uint32 addrbuf2[MAXIPADDRS], maskbuf2[MAXIPADDRS], - mtubuf2[MAXIPADDRS]; - int nAddrs1 = 0; - afs_uint32 nAddrs2 = 0; - int code, i; - - nAddrs1 = - ParseNetInfoFile(addrbuf1, maskbuf1, mtubuf1, MAXIPADDRS, reason, - niFileName); - code = - parseNetRestrictFile_int(addrbuf2, maskbuf2, mtubuf2, MAXIPADDRS, - &nAddrs2, reason, nrFileName, niFileName); - if ((nAddrs1 < 0) && (code)) { - /* both failed */ - return -1; - } else if ((nAddrs1 > 0) && (code)) { - /* netinfo succeeded and netrestrict failed */ - for (i = 0; ((i < nAddrs1) && (i < max)); i++) { - addrbuf[i] = addrbuf1[i]; - if (maskbuf) { - maskbuf[i] = maskbuf1[i]; - mtubuf[i] = mtubuf1[i]; - } - } - return i; - } else if ((!code) && (nAddrs1 < 0)) { - /* netrestrict succeeded and netinfo failed */ - for (i = 0; ((i < nAddrs2) && (i < max)); i++) { - addrbuf[i] = addrbuf2[i]; - if (maskbuf) { - maskbuf[i] = maskbuf2[i]; - mtubuf[i] = mtubuf2[i]; - } - } - return i; - } else if ((!code) && (nAddrs1 >= 0)) { - /* both succeeded */ - /* take the intersection of addrbuf1 and addrbuf2 */ - code = - filterAddrs(addrbuf1, addrbuf2, maskbuf1, maskbuf2, mtubuf1, - mtubuf2, nAddrs1, nAddrs2); - for (i = 0; ((i < code) && (i < max)); i++) { - addrbuf[i] = addrbuf1[i]; - if (maskbuf) { - maskbuf[i] = maskbuf1[i]; - mtubuf[i] = mtubuf1[i]; - } - } - return i; - } - return 0; -} diff --git a/src/util/netutils.h b/src/util/netutils.h deleted file mode 100644 index 075edade2..000000000 --- a/src/util/netutils.h +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright 2000, International Business Machines Corporation and others. - * All Rights Reserved. - * - * This software has been released under the terms of the IBM Public - * License. For details, see the LICENSE file in the top-level source - * directory or online at http://www.openafs.org/dl/license10.html - */ - -#ifndef OPENAFS_NETUTILS_H -#define OPENAFS_NETUTILS_H - -#include "afsutil_prototypes.h" - -#endif /* OPENAFS_NETUTILS_H */ diff --git a/src/viced/Makefile.in b/src/viced/Makefile.in index f97c8cecf..43f70e404 100644 --- a/src/viced/Makefile.in +++ b/src/viced/Makefile.in @@ -32,7 +32,7 @@ LWPOBJS=lock.o threadname.o LIBACLOBJS=aclprocs.o netprocs.o -UTILOBJS=uuid.o serverLog.o fileutil.o netutils.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o +UTILOBJS=uuid.o serverLog.o fileutil.o dirpath.o volparse.o flipbase64.o softsig.o pthread_threadname.o DIROBJS=buffer.o dir.o salvage.o @@ -94,9 +94,6 @@ volparse.o: ${UTIL}/volparse.c flipbase64.o: ${UTIL}/flipbase64.c $(AFS_CCRULE) $(UTIL)/flipbase64.c -netutils.o: ${UTIL}/netutils.c - $(AFS_CCRULE) -I../util $(UTIL)/netutils.c - dirpath.o: ${UTIL}/dirpath.c $(AFS_CCRULE) $(UTIL)/dirpath.c diff --git a/src/viced/viced.c b/src/viced/viced.c index 35a7e266a..7dc5a75c8 100644 --- a/src/viced/viced.c +++ b/src/viced/viced.c @@ -68,7 +68,6 @@ #include #include #ifndef AFS_NT40_ENV -# include # include #endif #include "viced_prototypes.h" @@ -1725,10 +1724,12 @@ SetupVL(void) * /usr/afs/local/NetRestict) */ char reason[1024]; - afs_int32 code = parseNetFiles(FS_HostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + afs_int32 code; + + code = afsconf_ParseNetFiles(FS_HostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); if (code < 0) { ViceLog(0, ("Can't register any valid addresses: %s\n", reason)); exit(1); diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c index 5b1c370e6..805020d9a 100644 --- a/src/vlserver/vlserver.c +++ b/src/vlserver/vlserver.c @@ -393,10 +393,10 @@ main(int argc, char **argv) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else #endif { diff --git a/src/volser/volmain.c b/src/volser/volmain.c index 458dfd6a6..7f5eefffe 100644 --- a/src/volser/volmain.c +++ b/src/volser/volmain.c @@ -446,10 +446,10 @@ main(int argc, char **argv) if (AFSDIR_SERVER_NETRESTRICT_FILEPATH || AFSDIR_SERVER_NETINFO_FILEPATH) { char reason[1024]; - ccode = parseNetFiles(SHostAddrs, NULL, NULL, - ADDRSPERSITE, reason, - AFSDIR_SERVER_NETINFO_FILEPATH, - AFSDIR_SERVER_NETRESTRICT_FILEPATH); + ccode = afsconf_ParseNetFiles(SHostAddrs, NULL, NULL, + ADDRSPERSITE, reason, + AFSDIR_SERVER_NETINFO_FILEPATH, + AFSDIR_SERVER_NETRESTRICT_FILEPATH); } else { ccode = rx_getAllAddr(SHostAddrs, ADDRSPERSITE);