2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
28 #include "afs/cellconfig.h"
29 #include "afs/afsutil.h"
30 #include "afs/ptclient.h"
31 #include "afs/ptuser.h"
32 #include "afs/pterror.h"
33 #else /* defined(UKERNEL) */
36 #include <sys/types.h>
40 #include <netinet/in.h>
53 #include <afs/cellconfig.h>
54 #include <afs/afsutil.h>
55 #include <afs/com_err.h>
59 #endif /* defined(UKERNEL) */
62 struct ubik_client *pruclient = 0;
63 static afs_int32 lastLevel; /* security level pruclient, if any */
65 static char *whoami = "libprot";
68 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
71 struct rx_connection *serverconns[MAXSERVERS];
72 struct rx_securityClass *sc[3];
73 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
74 static char tconfDir[100] = "";
75 static char tcell[64] = "";
76 struct ktc_token ttoken;
78 static struct afsconf_cell info;
81 afs_int32 gottdir = 0;
82 afs_int32 refresh = 0;
84 initialize_PT_error_table();
85 initialize_RXK_error_table();
86 initialize_ACFG_error_table();
87 initialize_KTC_error_table();
91 cell = afs_LclCellName;
93 #else /* defined(UKERNEL) */
96 tdir = afsconf_Open(confDir);
98 if (confDir && strcmp(confDir, ""))
100 "libprot: Could not open configuration directory: %s.\n",
104 "libprot: No configuration directory specified.\n");
109 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
112 "libprot: Could not get local cell. [%d]\n", code);
117 #endif /* defined(UKERNEL) */
119 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
121 * force re-evaluation. we either don't have an afsconf_dir,
122 * the directory has changed or the cell has changed.
124 if (tdir && !gottdir) {
126 tdir = (struct afsconf_dir *)NULL;
128 pruclient = (struct ubik_client *)NULL;
133 strncpy(tconfDir, confDir, sizeof(tconfDir));
134 strncpy(tcell, cell, sizeof(tcell));
138 #else /* defined(UKERNEL) */
140 tdir = afsconf_Open(confDir);
142 if (confDir && strcmp(confDir, ""))
144 "libprot: Could not open configuration directory: %s.\n",
148 "libprot: No configuration directory specified.\n");
151 #endif /* defined(UKERNEL) */
153 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
155 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
156 cell, confDir, AFSDIR_CELLSERVDB_FILE);
161 /* If we already have a client and it is at the security level we
162 * want, don't get a new one. Unless the security level is 2 in
163 * which case we will get one (and re-read the key file).
165 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
171 fprintf(stderr, "libprot: Could not initialize rx.\n");
179 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
180 * to force use of the KeyFile. secLevel == 0 implies -noauth was
182 if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
183 /* If secLevel is two assume we're on a file server and use
184 * ClientAuthSecure if possible. */
185 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
188 "libprot: clientauthsecure returns %d %s"
189 " (so trying noauth)\n", code, afs_error_message(code));
191 scIndex = 0; /* use noauth */
193 /* if there was a problem, an unauthenticated conn is returned */
195 } else if (secLevel > 0) {
196 struct ktc_principal sname;
197 strcpy(sname.cell, info.name);
198 sname.instance[0] = 0;
199 strcpy(sname.name, "afs");
200 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
204 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
205 /* this is a kerberos ticket, set scIndex accordingly */
209 "libprot: funny kvno (%d) in ticket, proceeding\n",
214 rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
215 ttoken.kvno, ttoken.ticketLen,
222 if ((scIndex == 0) && (sc[0] == 0))
223 sc[0] = rxnull_NewClientSecurityObject();
224 if ((scIndex == 0) && (secLevel != 0))
225 afs_com_err(whoami, code,
226 "Could not get afs tokens, running unauthenticated.");
228 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
229 for (i = 0; i < info.numServers; i++)
231 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
232 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
235 code = ubik_ClientInit(serverconns, &pruclient);
237 afs_com_err(whoami, code, "ubik client init failed.");
242 code = rxs_Release(sc[scIndex]);
252 code = ubik_ClientDestroy(pruclient);
261 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
263 register afs_int32 code;
267 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
270 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
277 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
279 register afs_int32 code;
285 code = pr_SNameToId(owner, &oid);
288 if (oid == ANONYMOUSID)
293 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
296 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
302 pr_Delete(char *name)
304 register afs_int32 code;
308 code = pr_SNameToId(name, &id);
311 if (id == ANONYMOUSID)
313 code = ubik_PR_Delete(pruclient, 0, id);
318 pr_DeleteByID(afs_int32 id)
320 register afs_int32 code;
322 code = ubik_PR_Delete(pruclient, 0, id);
327 pr_AddToGroup(char *user, char *group)
329 register afs_int32 code;
333 lnames.namelist_len = 2;
334 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
335 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
336 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
339 code = pr_NameToId(&lnames, &lids);
342 /* if here, still could be missing an entry */
343 if (lids.idlist_val[0] == ANONYMOUSID
344 || lids.idlist_val[1] == ANONYMOUSID) {
349 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
352 if (lnames.namelist_val)
353 free(lnames.namelist_val);
355 free(lids.idlist_val);
360 pr_RemoveUserFromGroup(char *user, char *group)
362 register afs_int32 code;
366 lnames.namelist_len = 2;
367 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
368 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
369 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
372 code = pr_NameToId(&lnames, &lids);
376 if (lids.idlist_val[0] == ANONYMOUSID
377 || lids.idlist_val[1] == ANONYMOUSID) {
382 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
385 if (lnames.namelist_val)
386 free(lnames.namelist_val);
388 free(lids.idlist_val);
394 pr_NameToId(namelist *names, idlist *ids)
396 register afs_int32 code;
397 register afs_int32 i;
399 for (i = 0; i < names->namelist_len; i++)
400 stolower(names->namelist_val[i]);
401 code = ubik_PR_NameToID(pruclient, 0, names, ids);
406 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
410 register afs_int32 code;
414 lnames.namelist_len = 1;
415 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
417 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
418 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
419 if (lids.idlist_val) {
420 *id = *lids.idlist_val;
421 free(lids.idlist_val);
423 if (lnames.namelist_val)
424 free(lnames.namelist_val);
429 pr_IdToName(idlist *ids, namelist *names)
431 register afs_int32 code;
433 code = ubik_PR_IDToName(pruclient, 0, ids, names);
438 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
442 register afs_int32 code;
445 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
446 *lids.idlist_val = id;
447 lnames.namelist_len = 0;
448 lnames.namelist_val = 0;
449 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
450 if (lnames.namelist_val) {
451 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
452 free(lnames.namelist_val);
455 free(lids.idlist_val);
460 pr_GetCPS(afs_int32 id, prlist *CPS)
462 register afs_int32 code;
466 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
467 if (code != PRSUCCESS)
470 /* do something about this, probably make a new call */
471 /* don't forget there's a hard limit in the interface */
472 fprintf(stderr, "membership list for id %d exceeds display limit\n",
479 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
481 register afs_int32 code;
485 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
486 if (code != PRSUCCESS)
489 /* do something about this, probably make a new call */
490 /* don't forget there's a hard limit in the interface */
491 fprintf(stderr, "membership list for id %d exceeds display limit\n",
498 pr_GetHostCPS(afs_int32 host, prlist *CPS)
500 register afs_int32 code;
504 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
505 if (code != PRSUCCESS)
508 /* do something about this, probably make a new call */
509 /* don't forget there's a hard limit in the interface */
511 "membership list for host id %d exceeds display limit\n",
518 pr_ListMembers(char *group, namelist *lnames)
520 register afs_int32 code;
523 code = pr_SNameToId(group, &gid);
526 if (gid == ANONYMOUSID)
528 code = pr_IDListMembers(gid, lnames);
533 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
535 register afs_int32 code;
539 alist.prlist_len = 0;
540 alist.prlist_val = 0;
541 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
545 /* Remain backwards compatible when moreP was a T/F bit */
546 fprintf(stderr, "membership list for id %d exceeds display limit\n",
550 lids = (idlist *) & alist;
551 code = pr_IdToName(lids, lnames);
554 if (alist.prlist_val)
555 free(alist.prlist_val);
560 pr_IDListMembers(afs_int32 gid, namelist *lnames)
562 register afs_int32 code;
567 alist.prlist_len = 0;
568 alist.prlist_val = 0;
569 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
573 fprintf(stderr, "membership list for id %d exceeds display limit\n",
576 lids = (idlist *) & alist;
577 code = pr_IdToName(lids, lnames);
580 if (alist.prlist_val)
581 free(alist.prlist_val);
586 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
588 register afs_int32 code;
590 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
595 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
598 prentries bulkentries;
602 *nextstartindex = -1;
603 bulkentries.prentries_val = 0;
604 bulkentries.prentries_len = 0;
607 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
608 &bulkentries, nextstartindex);
609 *nentries = bulkentries.prentries_len;
610 *entries = bulkentries.prentries_val;
615 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
617 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
618 register afs_int32 code;
619 struct prcheckentry aentry;
621 code = pr_SNameToId(name, id);
624 if (*id == ANONYMOUSID)
626 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
629 /* this should be done in one RPC, but I'm lazy. */
630 code = pr_SIdToName(aentry.owner, owner);
633 code = pr_SIdToName(aentry.creator, creator);
640 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
642 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
643 register afs_int32 code;
644 struct prcheckentry aentry;
646 code = pr_SIdToName(id, name);
649 if (id == ANONYMOUSID)
651 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
654 /* this should be done in one RPC, but I'm lazy. */
655 code = pr_SIdToName(aentry.owner, owner);
658 code = pr_SIdToName(aentry.creator, creator);
665 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
667 register afs_int32 code;
671 code = pr_SNameToId(oldname, &id);
674 if (id == ANONYMOUSID)
676 if (newowner && *newowner) {
677 code = pr_SNameToId(newowner, &oid);
680 if (oid == ANONYMOUSID)
684 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
686 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
691 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
693 register afs_int32 code;
699 lnames.namelist_len = 2;
700 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
701 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
702 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
705 code = pr_NameToId(&lnames, &lids);
707 if (lnames.namelist_val)
708 free(lnames.namelist_val);
710 free(lids.idlist_val);
714 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
715 lids.idlist_val[1], flag);
716 if (lnames.namelist_val)
717 free(lnames.namelist_val);
719 free(lids.idlist_val);
724 pr_ListMaxUserId(afs_int32 *mid)
726 register afs_int32 code;
728 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
733 pr_SetMaxUserId(afs_int32 mid)
735 register afs_int32 code;
737 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
742 pr_ListMaxGroupId(afs_int32 *mid)
744 register afs_int32 code;
746 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
751 pr_SetMaxGroupId(afs_int32 mid)
753 register afs_int32 code;
757 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
762 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
764 register afs_int32 code;
767 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,