2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
28 #include "afs/cellconfig.h"
29 #include "afs/afsutil.h"
30 #include "afs/ptclient.h"
31 #include "afs/ptuser.h"
32 #include "afs/pterror.h"
33 #else /* defined(UKERNEL) */
36 #include <sys/types.h>
40 #include <netinet/in.h>
47 #include <afs/cellconfig.h>
48 #include <afs/afsutil.h>
49 #include <afs/com_err.h>
53 #endif /* defined(UKERNEL) */
56 struct ubik_client *pruclient = 0;
57 static afs_int32 lastLevel; /* security level pruclient, if any */
59 static char *whoami = "libprot";
62 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
65 struct rx_connection *serverconns[MAXSERVERS];
66 struct rx_securityClass *sc[3];
67 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
68 static char tconfDir[100] = "";
69 static char tcell[64] = "";
70 struct ktc_token ttoken;
72 static struct afsconf_cell info;
75 afs_int32 gottdir = 0;
76 afs_int32 refresh = 0;
78 initialize_PT_error_table();
79 initialize_RXK_error_table();
80 initialize_ACFG_error_table();
81 initialize_KTC_error_table();
85 cell = afs_LclCellName;
87 #else /* defined(UKERNEL) */
90 tdir = afsconf_Open(confDir);
92 if (confDir && strcmp(confDir, ""))
94 "libprot: Could not open configuration directory: %s.\n",
98 "libprot: No configuration directory specified.\n");
103 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
106 "libprot: Could not get local cell. [%d]\n", code);
111 #endif /* defined(UKERNEL) */
113 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
115 * force re-evaluation. we either don't have an afsconf_dir,
116 * the directory has changed or the cell has changed.
118 if (tdir && !gottdir) {
120 tdir = (struct afsconf_dir *)NULL;
122 pruclient = (struct ubik_client *)NULL;
127 strncpy(tconfDir, confDir, sizeof(tconfDir));
128 strncpy(tcell, cell, sizeof(tcell));
132 #else /* defined(UKERNEL) */
134 tdir = afsconf_Open(confDir);
136 if (confDir && strcmp(confDir, ""))
138 "libprot: Could not open configuration directory: %s.\n",
142 "libprot: No configuration directory specified.\n");
145 #endif /* defined(UKERNEL) */
147 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
149 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
150 cell, confDir, AFSDIR_CELLSERVDB_FILE);
155 /* If we already have a client and it is at the security level we
156 * want, don't get a new one. Unless the security level is 2 in
157 * which case we will get one (and re-read the key file).
159 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
165 fprintf(stderr, "libprot: Could not initialize rx.\n");
173 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
174 * to force use of the KeyFile. secLevel == 0 implies -noauth was
176 if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
177 /* If secLevel is two assume we're on a file server and use
178 * ClientAuthSecure if possible. */
179 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
182 "libprot: clientauthsecure returns %d %s"
183 " (so trying noauth)\n", code, afs_error_message(code));
185 scIndex = 0; /* use noauth */
187 /* if there was a problem, an unauthenticated conn is returned */
189 } else if (secLevel > 0) {
190 struct ktc_principal sname;
191 strcpy(sname.cell, info.name);
192 sname.instance[0] = 0;
193 strcpy(sname.name, "afs");
194 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
198 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
199 /* this is a kerberos ticket, set scIndex accordingly */
203 "libprot: funny kvno (%d) in ticket, proceeding\n",
208 rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
209 ttoken.kvno, ttoken.ticketLen,
216 if ((scIndex == 0) && (sc[0] == 0))
217 sc[0] = rxnull_NewClientSecurityObject();
218 if ((scIndex == 0) && (secLevel != 0))
219 afs_com_err(whoami, code,
220 "Could not get afs tokens, running unauthenticated.");
222 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
223 for (i = 0; i < info.numServers; i++)
225 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
226 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
229 code = ubik_ClientInit(serverconns, &pruclient);
231 afs_com_err(whoami, code, "ubik client init failed.");
236 code = rxs_Release(sc[scIndex]);
246 code = ubik_ClientDestroy(pruclient);
255 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
257 register afs_int32 code;
261 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
264 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
271 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
273 register afs_int32 code;
279 code = pr_SNameToId(owner, &oid);
282 if (oid == ANONYMOUSID)
287 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
290 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
296 pr_Delete(char *name)
298 register afs_int32 code;
302 code = pr_SNameToId(name, &id);
305 if (id == ANONYMOUSID)
307 code = ubik_PR_Delete(pruclient, 0, id);
312 pr_DeleteByID(afs_int32 id)
314 register afs_int32 code;
316 code = ubik_PR_Delete(pruclient, 0, id);
321 pr_AddToGroup(char *user, char *group)
323 register afs_int32 code;
327 lnames.namelist_len = 2;
328 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
329 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
330 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
333 code = pr_NameToId(&lnames, &lids);
336 /* if here, still could be missing an entry */
337 if (lids.idlist_val[0] == ANONYMOUSID
338 || lids.idlist_val[1] == ANONYMOUSID) {
343 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
346 if (lnames.namelist_val)
347 free(lnames.namelist_val);
349 free(lids.idlist_val);
354 pr_RemoveUserFromGroup(char *user, char *group)
356 register afs_int32 code;
360 lnames.namelist_len = 2;
361 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
362 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
363 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
366 code = pr_NameToId(&lnames, &lids);
370 if (lids.idlist_val[0] == ANONYMOUSID
371 || lids.idlist_val[1] == ANONYMOUSID) {
376 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
379 if (lnames.namelist_val)
380 free(lnames.namelist_val);
382 free(lids.idlist_val);
388 pr_NameToId(namelist *names, idlist *ids)
390 register afs_int32 code;
391 register afs_int32 i;
393 for (i = 0; i < names->namelist_len; i++)
394 stolower(names->namelist_val[i]);
395 code = ubik_PR_NameToID(pruclient, 0, names, ids);
400 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
404 register afs_int32 code;
408 lnames.namelist_len = 1;
409 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
411 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
412 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
413 if (lids.idlist_val) {
414 *id = *lids.idlist_val;
415 free(lids.idlist_val);
417 if (lnames.namelist_val)
418 free(lnames.namelist_val);
423 pr_IdToName(idlist *ids, namelist *names)
425 register afs_int32 code;
427 code = ubik_PR_IDToName(pruclient, 0, ids, names);
432 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
436 register afs_int32 code;
439 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
440 *lids.idlist_val = id;
441 lnames.namelist_len = 0;
442 lnames.namelist_val = 0;
443 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
444 if (lnames.namelist_val) {
445 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
446 free(lnames.namelist_val);
449 free(lids.idlist_val);
454 pr_GetCPS(afs_int32 id, prlist *CPS)
456 register afs_int32 code;
460 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
461 if (code != PRSUCCESS)
464 /* do something about this, probably make a new call */
465 /* don't forget there's a hard limit in the interface */
466 fprintf(stderr, "membership list for id %d exceeds display limit\n",
473 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
475 register afs_int32 code;
479 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
480 if (code != PRSUCCESS)
483 /* do something about this, probably make a new call */
484 /* don't forget there's a hard limit in the interface */
485 fprintf(stderr, "membership list for id %d exceeds display limit\n",
492 pr_GetHostCPS(afs_int32 host, prlist *CPS)
494 register afs_int32 code;
498 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
499 if (code != PRSUCCESS)
502 /* do something about this, probably make a new call */
503 /* don't forget there's a hard limit in the interface */
505 "membership list for host id %d exceeds display limit\n",
512 pr_ListMembers(char *group, namelist *lnames)
514 register afs_int32 code;
517 code = pr_SNameToId(group, &gid);
520 if (gid == ANONYMOUSID)
522 code = pr_IDListMembers(gid, lnames);
527 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
529 register afs_int32 code;
533 alist.prlist_len = 0;
534 alist.prlist_val = 0;
535 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
539 /* Remain backwards compatible when moreP was a T/F bit */
540 fprintf(stderr, "membership list for id %d exceeds display limit\n",
544 lids = (idlist *) & alist;
545 code = pr_IdToName(lids, lnames);
548 if (alist.prlist_val)
549 free(alist.prlist_val);
554 pr_IDListMembers(afs_int32 gid, namelist *lnames)
556 register afs_int32 code;
561 alist.prlist_len = 0;
562 alist.prlist_val = 0;
563 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
567 fprintf(stderr, "membership list for id %d exceeds display limit\n",
570 lids = (idlist *) & alist;
571 code = pr_IdToName(lids, lnames);
574 if (alist.prlist_val)
575 free(alist.prlist_val);
580 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
582 register afs_int32 code;
584 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
589 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
592 prentries bulkentries;
596 *nextstartindex = -1;
597 bulkentries.prentries_val = 0;
598 bulkentries.prentries_len = 0;
601 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
602 &bulkentries, nextstartindex);
603 *nentries = bulkentries.prentries_len;
604 *entries = bulkentries.prentries_val;
609 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
611 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
612 register afs_int32 code;
613 struct prcheckentry aentry;
615 code = pr_SNameToId(name, id);
618 if (*id == ANONYMOUSID)
620 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
623 /* this should be done in one RPC, but I'm lazy. */
624 code = pr_SIdToName(aentry.owner, owner);
627 code = pr_SIdToName(aentry.creator, creator);
634 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
636 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
637 register afs_int32 code;
638 struct prcheckentry aentry;
640 code = pr_SIdToName(id, name);
643 if (id == ANONYMOUSID)
645 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
648 /* this should be done in one RPC, but I'm lazy. */
649 code = pr_SIdToName(aentry.owner, owner);
652 code = pr_SIdToName(aentry.creator, creator);
659 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
661 register afs_int32 code;
665 code = pr_SNameToId(oldname, &id);
668 if (id == ANONYMOUSID)
670 if (newowner && *newowner) {
671 code = pr_SNameToId(newowner, &oid);
674 if (oid == ANONYMOUSID)
678 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
680 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
685 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
687 register afs_int32 code;
693 lnames.namelist_len = 2;
694 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
695 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
696 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
699 code = pr_NameToId(&lnames, &lids);
701 if (lnames.namelist_val)
702 free(lnames.namelist_val);
704 free(lids.idlist_val);
708 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
709 lids.idlist_val[1], flag);
710 if (lnames.namelist_val)
711 free(lnames.namelist_val);
713 free(lids.idlist_val);
718 pr_ListMaxUserId(afs_int32 *mid)
720 register afs_int32 code;
722 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
727 pr_SetMaxUserId(afs_int32 mid)
729 register afs_int32 code;
731 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
736 pr_ListMaxGroupId(afs_int32 *mid)
738 register afs_int32 code;
740 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
745 pr_SetMaxGroupId(afs_int32 mid)
747 register afs_int32 code;
751 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
756 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
758 register afs_int32 code;
761 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,