2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
19 #include "afs/sysincludes.h"
20 #include "afs_usrops.h"
21 #include "afsincludes.h"
26 #include "afs/cellconfig.h"
27 #include "afs/afsutil.h"
28 #include "afs/ptclient.h"
29 #include "afs/ptuser.h"
30 #include "afs/pterror.h"
31 #else /* defined(UKERNEL) */
34 #include <sys/types.h>
38 #include <netinet/in.h>
45 #include <afs/cellconfig.h>
46 #include <afs/afsutil.h>
47 #include <afs/com_err.h>
51 #endif /* defined(UKERNEL) */
54 struct ubik_client *pruclient = 0;
55 static afs_int32 lastLevel; /* security level pruclient, if any */
57 static char *whoami = "libprot";
60 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
63 struct rx_connection *serverconns[MAXSERVERS];
64 struct rx_securityClass *sc[3];
65 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
66 static char tconfDir[100] = "";
67 static char tcell[64] = "";
68 struct ktc_token ttoken;
70 static struct afsconf_cell info;
73 afs_int32 gottdir = 0;
74 afs_int32 refresh = 0;
76 initialize_PT_error_table();
77 initialize_RXK_error_table();
78 initialize_ACFG_error_table();
79 initialize_KTC_error_table();
83 cell = afs_LclCellName;
85 #else /* defined(UKERNEL) */
88 tdir = afsconf_Open(confDir);
90 if (confDir && strcmp(confDir, ""))
92 "%s: Could not open configuration directory: %s.\n",
96 "%s: No configuration directory specified.\n",
102 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
105 "libprot: Could not get local cell. [%d]\n", code);
110 #endif /* defined(UKERNEL) */
112 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
114 * force re-evaluation. we either don't have an afsconf_dir,
115 * the directory has changed or the cell has changed.
117 if (tdir && !gottdir) {
119 tdir = (struct afsconf_dir *)NULL;
121 pruclient = (struct ubik_client *)NULL;
126 strncpy(tconfDir, confDir, sizeof(tconfDir));
127 strncpy(tcell, cell, sizeof(tcell));
131 #else /* defined(UKERNEL) */
133 tdir = afsconf_Open(confDir);
135 if (confDir && strcmp(confDir, ""))
137 "libprot: Could not open configuration directory: %s.\n",
141 "libprot: No configuration directory specified.\n");
144 #endif /* defined(UKERNEL) */
146 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
148 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
149 cell, confDir, AFSDIR_CELLSERVDB_FILE);
154 /* If we already have a client and it is at the security level we
155 * want, don't get a new one. Unless the security level is 2 in
156 * which case we will get one (and re-read the key file).
158 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
164 fprintf(stderr, "libprot: Could not initialize rx.\n");
172 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
173 * to force use of the KeyFile. secLevel == 0 implies -noauth was
176 code = afsconf_GetLatestKey(tdir, 0, 0);
178 afs_com_err(whoami, code,
179 "(getting key from local KeyFile)\n");
180 scIndex = 0; /* use noauth */
182 /* If secLevel is two assume we're on a file server and use
183 * ClientAuthSecure if possible. */
184 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
186 afs_com_err(whoami, code,
187 "(calling client secure)\n");
188 scIndex = 0; /* use noauth */
192 /* if there was a problem, an unauthenticated conn is returned */
194 } else if (secLevel > 0) {
195 struct ktc_principal sname;
196 strcpy(sname.cell, info.name);
197 sname.instance[0] = 0;
198 strcpy(sname.name, "afs");
199 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
201 afs_com_err(whoami, code, "(getting token)");
206 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
207 /* this is a kerberos ticket, set scIndex accordingly */
211 "%s: funny kvno (%d) in ticket, proceeding\n",
212 whoami, ttoken.kvno);
216 rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
217 rxkad_clear, &ttoken.sessionKey,
218 ttoken.kvno, ttoken.ticketLen,
225 if ((scIndex == 0) && (sc[0] == 0))
226 sc[0] = rxnull_NewClientSecurityObject();
227 if ((scIndex == 0) && (secLevel != 0))
229 "%s: Could not get afs tokens, running unauthenticated\n",
232 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
233 for (i = 0; i < info.numServers; i++)
235 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
236 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
239 code = ubik_ClientInit(serverconns, &pruclient);
241 afs_com_err(whoami, code, "ubik client init failed.");
246 code = rxs_Release(sc[scIndex]);
256 code = ubik_ClientDestroy(pruclient);
265 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
267 register afs_int32 code;
271 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
274 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
281 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
283 register afs_int32 code;
289 code = pr_SNameToId(owner, &oid);
292 if (oid == ANONYMOUSID)
297 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
300 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
306 pr_Delete(char *name)
308 register afs_int32 code;
312 code = pr_SNameToId(name, &id);
315 if (id == ANONYMOUSID)
317 code = ubik_PR_Delete(pruclient, 0, id);
322 pr_DeleteByID(afs_int32 id)
324 register afs_int32 code;
326 code = ubik_PR_Delete(pruclient, 0, id);
331 pr_AddToGroup(char *user, char *group)
333 register afs_int32 code;
337 lnames.namelist_len = 2;
338 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
339 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
340 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
343 code = pr_NameToId(&lnames, &lids);
346 /* if here, still could be missing an entry */
347 if (lids.idlist_val[0] == ANONYMOUSID
348 || lids.idlist_val[1] == ANONYMOUSID) {
353 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
356 if (lnames.namelist_val)
357 free(lnames.namelist_val);
359 free(lids.idlist_val);
364 pr_RemoveUserFromGroup(char *user, char *group)
366 register afs_int32 code;
370 lnames.namelist_len = 2;
371 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
372 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
373 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
376 code = pr_NameToId(&lnames, &lids);
380 if (lids.idlist_val[0] == ANONYMOUSID
381 || lids.idlist_val[1] == ANONYMOUSID) {
386 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
389 if (lnames.namelist_val)
390 free(lnames.namelist_val);
392 free(lids.idlist_val);
398 pr_NameToId(namelist *names, idlist *ids)
400 register afs_int32 code;
401 register afs_int32 i;
403 for (i = 0; i < names->namelist_len; i++)
404 stolower(names->namelist_val[i]);
405 code = ubik_PR_NameToID(pruclient, 0, names, ids);
410 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
414 register afs_int32 code;
418 lnames.namelist_len = 1;
419 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
421 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
422 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
423 if (lids.idlist_val) {
424 *id = *lids.idlist_val;
425 free(lids.idlist_val);
427 if (lnames.namelist_val)
428 free(lnames.namelist_val);
433 pr_IdToName(idlist *ids, namelist *names)
435 register afs_int32 code;
437 code = ubik_PR_IDToName(pruclient, 0, ids, names);
442 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
446 register afs_int32 code;
449 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
450 *lids.idlist_val = id;
451 lnames.namelist_len = 0;
452 lnames.namelist_val = 0;
453 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
454 if (lnames.namelist_val) {
455 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
456 free(lnames.namelist_val);
459 free(lids.idlist_val);
464 pr_GetCPS(afs_int32 id, prlist *CPS)
466 register afs_int32 code;
470 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
471 if (code != PRSUCCESS)
474 /* do something about this, probably make a new call */
475 /* don't forget there's a hard limit in the interface */
476 fprintf(stderr, "membership list for id %d exceeds display limit\n",
483 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
485 register afs_int32 code;
489 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
490 if (code != PRSUCCESS)
493 /* do something about this, probably make a new call */
494 /* don't forget there's a hard limit in the interface */
495 fprintf(stderr, "membership list for id %d exceeds display limit\n",
502 pr_GetHostCPS(afs_int32 host, prlist *CPS)
504 register afs_int32 code;
508 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
509 if (code != PRSUCCESS)
512 /* do something about this, probably make a new call */
513 /* don't forget there's a hard limit in the interface */
515 "membership list for host id %d exceeds display limit\n",
522 pr_ListMembers(char *group, namelist *lnames)
524 register afs_int32 code;
527 code = pr_SNameToId(group, &gid);
530 if (gid == ANONYMOUSID)
532 code = pr_IDListMembers(gid, lnames);
537 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
539 register afs_int32 code;
543 alist.prlist_len = 0;
544 alist.prlist_val = 0;
545 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
549 /* Remain backwards compatible when moreP was a T/F bit */
550 fprintf(stderr, "membership list for id %d exceeds display limit\n",
554 lids = (idlist *) & alist;
555 code = pr_IdToName(lids, lnames);
558 if (alist.prlist_val)
559 free(alist.prlist_val);
564 pr_IDListMembers(afs_int32 gid, namelist *lnames)
566 register afs_int32 code;
571 alist.prlist_len = 0;
572 alist.prlist_val = 0;
573 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
577 fprintf(stderr, "membership list for id %d exceeds display limit\n",
580 lids = (idlist *) & alist;
581 code = pr_IdToName(lids, lnames);
584 if (alist.prlist_val)
585 free(alist.prlist_val);
590 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
592 register afs_int32 code;
594 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
599 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
602 prentries bulkentries;
606 *nextstartindex = -1;
607 bulkentries.prentries_val = 0;
608 bulkentries.prentries_len = 0;
611 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
612 &bulkentries, nextstartindex);
613 *nentries = bulkentries.prentries_len;
614 *entries = bulkentries.prentries_val;
619 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
621 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
622 register afs_int32 code;
623 struct prcheckentry aentry;
625 code = pr_SNameToId(name, id);
628 if (*id == ANONYMOUSID)
630 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
633 /* this should be done in one RPC, but I'm lazy. */
634 code = pr_SIdToName(aentry.owner, owner);
637 code = pr_SIdToName(aentry.creator, creator);
644 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
646 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
647 register afs_int32 code;
648 struct prcheckentry aentry;
650 code = pr_SIdToName(id, name);
653 if (id == ANONYMOUSID)
655 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
658 /* this should be done in one RPC, but I'm lazy. */
659 code = pr_SIdToName(aentry.owner, owner);
662 code = pr_SIdToName(aentry.creator, creator);
669 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
671 register afs_int32 code;
675 code = pr_SNameToId(oldname, &id);
678 if (id == ANONYMOUSID)
680 if (newowner && *newowner) {
681 code = pr_SNameToId(newowner, &oid);
684 if (oid == ANONYMOUSID)
688 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
690 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
695 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
697 register afs_int32 code;
703 lnames.namelist_len = 2;
704 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
705 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
706 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
709 code = pr_NameToId(&lnames, &lids);
711 if (lnames.namelist_val)
712 free(lnames.namelist_val);
714 free(lids.idlist_val);
718 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
719 lids.idlist_val[1], flag);
720 if (lnames.namelist_val)
721 free(lnames.namelist_val);
723 free(lids.idlist_val);
728 pr_ListMaxUserId(afs_int32 *mid)
730 register afs_int32 code;
732 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
737 pr_SetMaxUserId(afs_int32 mid)
739 register afs_int32 code;
741 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
746 pr_ListMaxGroupId(afs_int32 *mid)
748 register afs_int32 code;
750 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
755 pr_SetMaxGroupId(afs_int32 mid)
757 register afs_int32 code;
761 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
766 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
768 register afs_int32 code;
771 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,
git://git.openafs.org / openafs.git / blob