2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
20 #include "afs/sysincludes.h"
21 #include "afs_usrops.h"
22 #include "afsincludes.h"
28 #include "afs/cellconfig.h"
29 #include "afs/afsutil.h"
30 #include "afs/ptclient.h"
31 #include "afs/pterror.h"
32 #else /* defined(UKERNEL) */
35 #include <sys/types.h>
39 #include <netinet/in.h>
53 #include <afs/cellconfig.h>
54 #include <afs/afsutil.h>
57 #endif /* defined(UKERNEL) */
60 struct ubik_client *pruclient = 0;
61 static afs_int32 lastLevel; /* security level pruclient, if any */
63 static char *whoami = "libprot";
65 afs_int32 pr_Initialize (secLevel, confDir, cell)
66 IN afs_int32 secLevel;
71 struct rx_connection *serverconns[MAXSERVERS];
72 struct rx_securityClass *sc[3];
73 static struct afsconf_dir *tdir = 0; /* only do this once */
74 static char tconfDir[100];
75 struct ktc_token ttoken;
77 static struct afsconf_cell info;
81 initialize_PT_error_table();
82 initialize_RXK_error_table();
83 initialize_ACFG_error_table();
84 initialize_KTC_error_table();
86 if (strcmp(confDir, tconfDir)) {
88 * Different conf dir; force re-evaluation.
90 tdir = (struct afsconf_dir *)0;
91 pruclient = (struct ubik_client *)0;
94 strncpy(tconfDir, confDir, sizeof(tconfDir));
98 cell = afs_LclCellName;
100 #else /* defined(UKERNEL) */
101 tdir = afsconf_Open(confDir);
104 "libprot: Could not open configuration directory: %s.\n",
110 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
113 "vos: can't get local cell name - check %s/%s\n",
114 confDir, AFSDIR_THISCELL_FILE);
119 #endif /* defined(UKERNEL) */
121 code = afsconf_GetCellInfo(tdir,cell,"afsprot",&info);
123 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
124 cell, confDir, AFSDIR_CELLSERVDB_FILE);
129 /* If we already have a client and it is at the security level we
130 * want, don't get a new one. Unless the security level is 2 in
131 * which case we will get one (and re-read the key file).
133 if (pruclient && (lastLevel == secLevel) && (secLevel != 2))
138 fprintf(stderr,"libprot: Could not initialize rx.\n");
146 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
147 * to force use of the KeyFile. secLevel == 0 implies -noauth was
149 if ((secLevel == 2) && (afsconf_GetLatestKey (tdir, 0,0) == 0)) {
150 /* If secLevel is two assume we're on a file server and use
151 * ClientAuthSecure if possible. */
152 code = afsconf_ClientAuthSecure (tdir, &sc[2], &scIndex);
154 fprintf(stderr,"libprot: clientauthsecure returns %d %s"
155 " (so trying noauth)\n",code, error_message(code));
156 if (code) scIndex = 0; /* use noauth */
158 /* if there was a problem, an unauthenticated conn is returned */
161 else if (secLevel > 0) {
162 struct ktc_principal sname;
163 strcpy(sname.cell,info.name);
164 sname.instance[0] = 0;
165 strcpy(sname.name, "afs");
166 code = ktc_GetToken(&sname,&ttoken, sizeof(ttoken), NULL);
167 if (code) scIndex = 0;
169 if (ttoken.kvno >= 0 && ttoken.kvno <= 255)
170 /* this is a kerberos ticket, set scIndex accordingly */
174 "libprot: funny kvno (%d) in ticket, proceeding\n",
178 sc[2] = rxkad_NewClientSecurityObject
179 (rxkad_clear, &ttoken.sessionKey, ttoken.kvno,
180 ttoken.ticketLen, ttoken.ticket);
183 if (scIndex == 1) return PRBADARG;
184 if ((scIndex == 0) && (sc[0] == 0))
185 sc[0] = rxnull_NewClientSecurityObject();
186 if ((scIndex == 0) && (secLevel != 0))
187 com_err (whoami, code,
188 "Could not get afs tokens, running unauthenticated.");
190 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
191 for (i = 0;i<info.numServers;i++)
192 serverconns[i] = rx_NewConnection
193 (info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port,
194 PRSRV, sc[scIndex], scIndex);
196 code = ubik_ClientInit(serverconns, &pruclient);
198 com_err (whoami, code, "ubik client init failed.");
203 code = rxs_Release (sc[scIndex]);
213 code = ubik_ClientDestroy (pruclient);
221 pr_CreateUser(name,id)
222 char name[PR_MAXNAMELEN];
225 register afs_int32 code;
229 code = ubik_Call(PR_INewEntry,pruclient,0,name,*id,0);
233 code = ubik_Call(PR_NewEntry, pruclient, 0, name,0,0,id);
239 pr_CreateGroup(name,owner, id)
240 char name[PR_MAXNAMELEN];
241 char owner[PR_MAXNAMELEN];
244 register afs_int32 code;
250 code = pr_SNameToId(owner,&oid);
251 if (code) return code;
252 if (oid == ANONYMOUSID) return PRNOENT;
256 code = ubik_Call(PR_INewEntry,pruclient,0,name,*id,oid);
260 code = ubik_Call(PR_NewEntry,pruclient, 0, name,flags,oid,id);
268 register afs_int32 code;
272 code = pr_SNameToId(name,&id);
273 if (code) return code;
274 if (id == ANONYMOUSID) return PRNOENT;
275 code = ubik_Call(PR_Delete,pruclient,0,id);
282 register afs_int32 code;
284 code = ubik_Call(PR_Delete,pruclient,0,id);
288 pr_AddToGroup(user,group)
292 register afs_int32 code;
296 lnames.namelist_len = 2;
297 lnames.namelist_val = (prname *)malloc(2*PR_MAXNAMELEN);
298 strncpy(lnames.namelist_val[0],user,PR_MAXNAMELEN);
299 strncpy(lnames.namelist_val[1],group,PR_MAXNAMELEN);
302 code = pr_NameToId(&lnames,&lids);
304 /* if here, still could be missing an entry */
305 if (lids.idlist_val[0] == ANONYMOUSID || lids.idlist_val[1] == ANONYMOUSID) {
309 code = ubik_Call(PR_AddToGroup, pruclient, 0, lids.idlist_val[0], lids.idlist_val[1]);
311 if (lnames.namelist_val) free(lnames.namelist_val);
312 if (lids.idlist_val) free(lids.idlist_val);
316 pr_RemoveUserFromGroup(user,group)
320 register afs_int32 code;
324 lnames.namelist_len = 2;
325 lnames.namelist_val = (prname *)malloc(2*PR_MAXNAMELEN);
326 strncpy(lnames.namelist_val[0],user,PR_MAXNAMELEN);
327 strncpy(lnames.namelist_val[1],group,PR_MAXNAMELEN);
330 code = pr_NameToId(&lnames,&lids);
333 if (lids.idlist_val[0] == ANONYMOUSID || lids.idlist_val[1] == ANONYMOUSID) {
337 code = ubik_Call(PR_RemoveFromGroup, pruclient, 0, lids.idlist_val[0], lids.idlist_val[1]);
339 if (lnames.namelist_val) free(lnames.namelist_val);
340 if (lids.idlist_val) free(lids.idlist_val);
345 pr_NameToId(names, ids)
349 register afs_int32 code;
350 register afs_int32 i;
352 for (i=0;i<names->namelist_len;i++)
353 stolower(names->namelist_val[i]);
354 code = ubik_Call(PR_NameToID,pruclient,0,names,ids);
358 pr_SNameToId(name,id)
359 char name[PR_MAXNAMELEN];
364 register afs_int32 code;
368 lnames.namelist_len = 1;
369 lnames.namelist_val = (prname *)malloc(PR_MAXNAMELEN);
371 strncpy(lnames.namelist_val[0],name,PR_MAXNAMELEN);
372 code = ubik_Call(PR_NameToID,pruclient,0,&lnames,&lids);
373 if (lids.idlist_val) {
374 *id = *lids.idlist_val;
375 free(lids.idlist_val);
377 if (lnames.namelist_val) free(lnames.namelist_val);
383 pr_IdToName(ids,names)
387 register afs_int32 code;
389 code = ubik_Call(PR_IDToName,pruclient,0,ids,names);
393 pr_SIdToName(id,name)
395 char name[PR_MAXNAMELEN];
399 register afs_int32 code;
402 lids.idlist_val = (afs_int32 *)malloc(sizeof(afs_int32));
403 *lids.idlist_val = id;
404 lnames.namelist_len = 0;
405 lnames.namelist_val = 0;
406 code = ubik_Call(PR_IDToName,pruclient,0,&lids,&lnames);
407 if (lnames.namelist_val) {
408 strncpy(name,lnames.namelist_val[0],PR_MAXNAMELEN);
409 free(lnames.namelist_val);
411 if (lids.idlist_val) free(lids.idlist_val);
421 register afs_int32 code;
425 code = ubik_Call(PR_GetCPS,pruclient,0,id,CPS,&over);
426 if (code != PRSUCCESS) return code;
428 /* do something about this, probably make a new call */
429 /* don't forget there's a hard limit in the interface */
430 fprintf (stderr, "membership list for id %d exceeds display limit\n", id);
436 pr_GetCPS2(id, host, CPS)
441 register afs_int32 code;
445 code = ubik_Call(PR_GetCPS2,pruclient,0,id,host,CPS,&over);
446 if (code != PRSUCCESS) return code;
448 /* do something about this, probably make a new call */
449 /* don't forget there's a hard limit in the interface */
450 fprintf (stderr, "membership list for id %d exceeds display limit\n", id);
455 pr_GetHostCPS(host, CPS)
459 register afs_int32 code;
463 code = ubik_Call(PR_GetHostCPS,pruclient,0,host,CPS,&over);
464 if (code != PRSUCCESS) return code;
466 /* do something about this, probably make a new call */
467 /* don't forget there's a hard limit in the interface */
468 fprintf (stderr, "membership list for host id %d exceeds display limit\n", host);
474 pr_ListMembers(group,lnames)
478 register afs_int32 code;
481 code = pr_SNameToId(group,&gid);
482 if (code) return code;
483 if (gid == ANONYMOUSID) return PRNOENT;
484 code = pr_IDListMembers(gid, lnames);
488 pr_ListOwned (oid,lnames,moreP)
493 register afs_int32 code;
497 alist.prlist_len = 0;
498 alist.prlist_val = 0;
499 code = ubik_Call(PR_ListOwned,pruclient,0,oid,&alist,moreP);
500 if (code) return code;
502 /* Remain backwards compatible when moreP was a T/F bit */
503 fprintf (stderr, "membership list for id %d exceeds display limit\n",
507 lids = (idlist *)&alist;
508 code = pr_IdToName(lids,lnames);
509 if (code) return code;
510 if (alist.prlist_val) free(alist.prlist_val);
514 pr_IDListMembers(gid,lnames)
518 register afs_int32 code;
523 alist.prlist_len = 0;
524 alist.prlist_val = 0;
525 code = ubik_Call(PR_ListElements,pruclient,0,gid,&alist,&over);
526 if (code) return code;
528 fprintf (stderr, "membership list for id %d exceeds display limit\n", gid);
530 lids = (idlist *)&alist;
531 code = pr_IdToName(lids,lnames);
532 if (code) return code;
533 if (alist.prlist_val) free(alist.prlist_val);
538 pr_ListEntry(id, aentry)
540 struct prcheckentry *aentry;
542 register afs_int32 code;
544 code = ubik_Call (PR_ListEntry, pruclient, 0, id, aentry);
548 afs_int32 pr_ListEntries(flag, startindex, nentries, entries, nextstartindex)
549 afs_int32 startindex;
551 struct prlistentries **entries;
552 afs_int32 *nextstartindex;
555 prentries bulkentries;
559 *nextstartindex = -1;
560 bulkentries.prentries_val = 0;
561 bulkentries.prentries_len = 0;
563 code = ubik_Call(PR_ListEntries, pruclient, 0,
564 flag, startindex, &bulkentries, nextstartindex);
565 *nentries = bulkentries.prentries_len;
566 *entries = bulkentries.prentries_val;
570 pr_CheckEntryByName(name,id,owner,creator)
576 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
577 register afs_int32 code;
578 struct prcheckentry aentry;
580 code = pr_SNameToId(name,id);
581 if (code) return code;
582 if (*id == ANONYMOUSID) return PRNOENT;
583 code = ubik_Call(PR_ListEntry,pruclient,0,*id,&aentry);
584 if (code) return code;
585 /* this should be done in one RPC, but I'm lazy. */
586 code = pr_SIdToName(aentry.owner,owner);
587 if (code) return code;
588 code = pr_SIdToName(aentry.creator,creator);
589 if (code) return code;
593 pr_CheckEntryById(name,id,owner,creator)
599 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
600 register afs_int32 code;
601 struct prcheckentry aentry;
603 code = pr_SIdToName(id,name);
604 if (code) return code;
605 if (id == ANONYMOUSID) return PRNOENT;
606 code = ubik_Call(PR_ListEntry,pruclient,0,id,&aentry);
607 if (code) return code;
608 /* this should be done in one RPC, but I'm lazy. */
609 code = pr_SIdToName(aentry.owner,owner);
610 if (code) return code;
611 code = pr_SIdToName(aentry.creator,creator);
612 if (code) return code;
616 pr_ChangeEntry(oldname,newname,newid,newowner)
622 register afs_int32 code;
626 code = pr_SNameToId(oldname,&id);
627 if (code) return code;
628 if (id == ANONYMOUSID) return PRNOENT;
629 if (newowner && *newowner) {
630 code = pr_SNameToId(newowner,&oid);
631 if (code) return code;
632 if (oid == ANONYMOUSID) return PRNOENT;
634 code = ubik_Call(PR_ChangeEntry,pruclient, 0,id,newname,oid,newid);
638 pr_IsAMemberOf(uname,gname,flag)
643 register afs_int32 code;
649 lnames.namelist_len = 2;
650 lnames.namelist_val = (prname *)malloc(2*PR_MAXNAMELEN);
651 strncpy(lnames.namelist_val[0],uname,PR_MAXNAMELEN);
652 strncpy(lnames.namelist_val[1],gname,PR_MAXNAMELEN);
655 code = pr_NameToId(&lnames,&lids);
657 if (lnames.namelist_val) free(lnames.namelist_val);
658 if (lids.idlist_val) free(lids.idlist_val);
661 code = ubik_Call(PR_IsAMemberOf,pruclient,0,lids.idlist_val[0],lids.idlist_val[1],flag);
662 if (lnames.namelist_val) free(lnames.namelist_val);
663 if (lids.idlist_val) free(lids.idlist_val);
668 pr_ListMaxUserId(mid)
671 register afs_int32 code;
673 code = ubik_Call(PR_ListMax,pruclient,0,mid,&gid);
680 register afs_int32 code;
682 code = ubik_Call(PR_SetMax,pruclient,0,mid,flag);
686 pr_ListMaxGroupId(mid)
689 register afs_int32 code;
691 code = ubik_Call(PR_ListMax,pruclient,0,&id,mid);
695 pr_SetMaxGroupId(mid)
698 register afs_int32 code;
702 code = ubik_Call(PR_SetMax,pruclient,0,mid,flag);
706 afs_int32 pr_SetFieldsEntry (id, mask, flags, ngroups, nusers)
709 afs_int32 flags, ngroups, nusers;
711 register afs_int32 code;
713 code = ubik_Call(PR_SetFieldsEntry,pruclient,0,id,mask, flags, ngroups, nusers, 0,0);
722 if (isupper(*s)) *s = tolower(*s);