2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
19 #include "afs/sysincludes.h"
20 #include "afs_usrops.h"
21 #include "afsincludes.h"
26 #include "afs/cellconfig.h"
27 #include "afs/afsutil.h"
28 #include "afs/ptclient.h"
29 #include "afs/ptuser.h"
30 #include "afs/pterror.h"
31 #include "afs/com_err.h"
32 #else /* defined(UKERNEL) */
35 #include <sys/types.h>
39 #include <netinet/in.h>
46 #include <afs/cellconfig.h>
47 #include <afs/afsutil.h>
48 #include <afs/com_err.h>
52 #endif /* defined(UKERNEL) */
55 struct ubik_client *pruclient = 0;
56 static afs_int32 lastLevel; /* security level pruclient, if any */
58 static char *whoami = "libprot";
61 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
64 struct rx_connection *serverconns[MAXSERVERS];
65 struct rx_securityClass *sc;
66 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
67 static char tconfDir[100] = "";
68 static char tcell[64] = "";
71 static struct afsconf_cell info;
76 afs_int32 gottdir = 0;
77 afs_int32 refresh = 0;
79 initialize_PT_error_table();
80 initialize_RXK_error_table();
81 initialize_ACFG_error_table();
82 initialize_KTC_error_table();
86 cell = afs_LclCellName;
88 #else /* defined(UKERNEL) */
91 tdir = afsconf_Open(confDir);
93 if (confDir && strcmp(confDir, ""))
95 "%s: Could not open configuration directory: %s.\n",
99 "%s: No configuration directory specified.\n",
105 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
108 "libprot: Could not get local cell. [%d]\n", code);
113 #endif /* defined(UKERNEL) */
115 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
117 * force re-evaluation. we either don't have an afsconf_dir,
118 * the directory has changed or the cell has changed.
120 if (tdir && !gottdir) {
122 tdir = (struct afsconf_dir *)NULL;
124 pruclient = (struct ubik_client *)NULL;
129 strncpy(tconfDir, confDir, sizeof(tconfDir));
130 strncpy(tcell, cell, sizeof(tcell));
134 #else /* defined(UKERNEL) */
136 tdir = afsconf_Open(confDir);
138 if (confDir && strcmp(confDir, ""))
140 "libprot: Could not open configuration directory: %s.\n",
144 "libprot: No configuration directory specified.\n");
147 #endif /* defined(UKERNEL) */
149 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
151 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
152 cell, confDir, AFSDIR_CELLSERVDB_FILE);
157 /* If we already have a client and it is at the security level we
158 * want, don't get a new one. Unless the security level is 2 in
159 * which case we will get one (and re-read the key file).
161 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
167 fprintf(stderr, "libprot: Could not initialize rx.\n");
171 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
172 * to force use of the KeyFile. secLevel == 0 implies -noauth was
175 code = afsconf_GetLatestKey(tdir, 0, 0);
177 afs_com_err(whoami, code, "(getting key from local KeyFile)\n");
179 /* If secLevel is two assume we're on a file server and use
180 * ClientAuthSecure if possible. */
181 code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
183 afs_com_err(whoami, code, "(calling client secure)\n");
185 } else if (secLevel > 0) {
188 secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
190 code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
192 afs_com_err(whoami, code, "(getting token)");
199 sc = rxnull_NewClientSecurityObject();
203 if ((scIndex == 0) && (secLevel != 0))
205 "%s: Could not get afs tokens, running unauthenticated\n",
208 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
209 for (i = 0; i < info.numServers; i++)
211 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
212 info.hostAddr[i].sin_port, PRSRV, sc,
215 code = ubik_ClientInit(serverconns, &pruclient);
217 afs_com_err(whoami, code, "ubik client init failed.");
222 code = rxs_Release(sc);
232 code = ubik_ClientDestroy(pruclient);
241 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
243 register afs_int32 code;
247 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
250 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
257 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
259 register afs_int32 code;
265 code = pr_SNameToId(owner, &oid);
268 if (oid == ANONYMOUSID)
273 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
276 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
282 pr_Delete(char *name)
284 register afs_int32 code;
288 code = pr_SNameToId(name, &id);
291 if (id == ANONYMOUSID)
293 code = ubik_PR_Delete(pruclient, 0, id);
298 pr_DeleteByID(afs_int32 id)
300 register afs_int32 code;
302 code = ubik_PR_Delete(pruclient, 0, id);
307 pr_AddToGroup(char *user, char *group)
309 register afs_int32 code;
313 lnames.namelist_len = 2;
314 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
315 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
316 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
319 code = pr_NameToId(&lnames, &lids);
322 /* if here, still could be missing an entry */
323 if (lids.idlist_val[0] == ANONYMOUSID
324 || lids.idlist_val[1] == ANONYMOUSID) {
329 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
332 if (lnames.namelist_val)
333 free(lnames.namelist_val);
335 xdr_free((xdrproc_t) xdr_idlist, &lids);
340 pr_RemoveUserFromGroup(char *user, char *group)
342 register afs_int32 code;
346 lnames.namelist_len = 2;
347 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
348 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
349 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
352 code = pr_NameToId(&lnames, &lids);
356 if (lids.idlist_val[0] == ANONYMOUSID
357 || lids.idlist_val[1] == ANONYMOUSID) {
362 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
365 if (lnames.namelist_val)
366 free(lnames.namelist_val);
368 xdr_free((xdrproc_t) xdr_idlist, &lids);
374 pr_NameToId(namelist *names, idlist *ids)
376 register afs_int32 code;
377 register afs_int32 i;
379 for (i = 0; i < names->namelist_len; i++)
380 stolower(names->namelist_val[i]);
381 code = ubik_PR_NameToID(pruclient, 0, names, ids);
386 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
390 register afs_int32 code;
394 lnames.namelist_len = 1;
395 lnames.namelist_val = malloc(PR_MAXNAMELEN);
397 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
398 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
399 if (lids.idlist_val) {
400 *id = *lids.idlist_val;
401 xdr_free((xdrproc_t) xdr_idlist, &lids);
403 if (lnames.namelist_val)
404 free(lnames.namelist_val);
409 pr_IdToName(idlist *ids, namelist *names)
411 register afs_int32 code;
413 code = ubik_PR_IDToName(pruclient, 0, ids, names);
418 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
422 register afs_int32 code;
425 lids.idlist_val = malloc(sizeof(afs_int32));
426 *lids.idlist_val = id;
427 lnames.namelist_len = 0;
428 lnames.namelist_val = 0;
429 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
431 if (lnames.namelist_val)
432 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
435 free(lids.idlist_val);
437 xdr_free((xdrproc_t) xdr_namelist, &lnames);
443 pr_GetCPS(afs_int32 id, prlist *CPS)
445 register afs_int32 code;
449 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
450 if (code != PRSUCCESS)
453 /* do something about this, probably make a new call */
454 /* don't forget there's a hard limit in the interface */
455 fprintf(stderr, "membership list for id %d exceeds display limit\n",
462 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
464 register afs_int32 code;
468 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
469 if (code != PRSUCCESS)
472 /* do something about this, probably make a new call */
473 /* don't forget there's a hard limit in the interface */
474 fprintf(stderr, "membership list for id %d exceeds display limit\n",
481 pr_GetHostCPS(afs_int32 host, prlist *CPS)
483 register afs_int32 code;
487 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
488 if (code != PRSUCCESS)
491 /* do something about this, probably make a new call */
492 /* don't forget there's a hard limit in the interface */
494 "membership list for host id %d exceeds display limit\n",
501 pr_ListMembers(char *group, namelist *lnames)
503 register afs_int32 code;
506 code = pr_SNameToId(group, &gid);
509 if (gid == ANONYMOUSID)
511 code = pr_IDListMembers(gid, lnames);
516 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
518 register afs_int32 code;
522 alist.prlist_len = 0;
523 alist.prlist_val = 0;
524 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
528 /* Remain backwards compatible when moreP was a T/F bit */
529 fprintf(stderr, "membership list for id %d exceeds display limit\n",
533 lids = (idlist *) &alist;
534 code = pr_IdToName(lids, lnames);
536 xdr_free((xdrproc_t) xdr_prlist, &alist);
545 pr_IDListMembers(afs_int32 gid, namelist *lnames)
547 register afs_int32 code;
552 alist.prlist_len = 0;
553 alist.prlist_val = 0;
554 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
558 fprintf(stderr, "membership list for id %d exceeds display limit\n",
561 lids = (idlist *) &alist;
562 code = pr_IdToName(lids, lnames);
564 xdr_free((xdrproc_t) xdr_prlist, &alist);
572 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
574 register afs_int32 code;
576 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
581 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
584 prentries bulkentries;
588 *nextstartindex = -1;
589 bulkentries.prentries_val = 0;
590 bulkentries.prentries_len = 0;
593 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
594 &bulkentries, nextstartindex);
595 *nentries = bulkentries.prentries_len;
596 *entries = bulkentries.prentries_val;
601 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
603 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
604 register afs_int32 code;
605 struct prcheckentry aentry;
607 code = pr_SNameToId(name, id);
610 if (*id == ANONYMOUSID)
612 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
615 /* this should be done in one RPC, but I'm lazy. */
616 code = pr_SIdToName(aentry.owner, owner);
619 code = pr_SIdToName(aentry.creator, creator);
626 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
628 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
629 register afs_int32 code;
630 struct prcheckentry aentry;
632 code = pr_SIdToName(id, name);
635 if (id == ANONYMOUSID)
637 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
640 /* this should be done in one RPC, but I'm lazy. */
641 code = pr_SIdToName(aentry.owner, owner);
644 code = pr_SIdToName(aentry.creator, creator);
651 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
653 register afs_int32 code;
657 code = pr_SNameToId(oldname, &id);
660 if (id == ANONYMOUSID)
662 if (newowner && *newowner) {
663 code = pr_SNameToId(newowner, &oid);
666 if (oid == ANONYMOUSID)
670 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
672 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
677 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
679 register afs_int32 code;
685 lnames.namelist_len = 2;
686 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
687 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
688 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
691 code = pr_NameToId(&lnames, &lids);
693 if (lnames.namelist_val)
694 free(lnames.namelist_val);
695 xdr_free((xdrproc_t) xdr_idlist, &lids);
699 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
700 lids.idlist_val[1], flag);
701 if (lnames.namelist_val)
702 free(lnames.namelist_val);
703 xdr_free((xdrproc_t) xdr_idlist, &lids);
708 pr_ListMaxUserId(afs_int32 *mid)
710 register afs_int32 code;
712 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
717 pr_SetMaxUserId(afs_int32 mid)
719 register afs_int32 code;
721 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
726 pr_ListMaxGroupId(afs_int32 *mid)
728 register afs_int32 code;
730 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
735 pr_SetMaxGroupId(afs_int32 mid)
737 register afs_int32 code;
741 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
746 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
748 register afs_int32 code;
751 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,