2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
19 #include "afs/sysincludes.h"
20 #include "afs_usrops.h"
21 #include "afsincludes.h"
26 #include "afs/cellconfig.h"
27 #include "afs/afsutil.h"
28 #include "afs/ptclient.h"
29 #include "afs/ptuser.h"
30 #include "afs/pterror.h"
31 #include "afs/com_err.h"
32 #else /* defined(UKERNEL) */
35 #include <sys/types.h>
39 #include <netinet/in.h>
46 #include <afs/cellconfig.h>
47 #include <afs/afsutil.h>
48 #include <afs/com_err.h>
53 #endif /* defined(UKERNEL) */
56 struct ubik_client *pruclient = 0;
57 static afs_int32 lastLevel; /* security level pruclient, if any */
59 static char *whoami = "libprot";
62 #define ID_HASH_SIZE 1024
63 #define ID_STACK_SIZE 1024
66 * Hash table chain of user and group ids.
74 * Hash table of user and group ids.
77 afs_uint32 userEntries; /**< number of user id entries hashed */
78 afs_uint32 groupEntries; /**< number of group id entries hashed */
79 struct idchain *hash[ID_HASH_SIZE];
83 * Allocate a new id hash table.
86 AllocateIdHash(struct idhash **aidhash)
88 struct idhash *idhash;
90 idhash = (struct idhash *)malloc(sizeof(struct idhash));
94 memset((void *)idhash, 0, sizeof(struct idhash));
103 FreeIdHash(struct idhash *idhash)
106 struct idchain *chain;
107 struct idchain *next;
109 for (index = 0; index < ID_HASH_SIZE; index++) {
110 for (chain = idhash->hash[index]; chain; chain = next) {
119 * Indicate if group/user id is already hashed, and
122 * @returns whether id is present
123 * @retval >0 id is already present in the hash
124 * @retval 0 id was not found and was inserted into the hash
125 * @retval <0 error encountered
128 FindId(struct idhash *idhash, afs_int32 id)
131 struct idchain *chain;
132 struct idchain *newChain;
134 index = abs(id) % ID_HASH_SIZE;
135 for (chain = idhash->hash[index]; chain; chain = chain->next) {
136 if (chain->id == id) {
141 /* Insert this id but return not found. */
142 newChain = (struct idchain *)malloc(sizeof(struct idchain));
147 newChain->next = idhash->hash[index];
148 idhash->hash[index] = newChain;
150 idhash->groupEntries++;
152 idhash->userEntries++;
159 * Create an idlist from the ids in the hash.
162 CreateIdList(struct idhash *idhash, idlist * alist, afs_int32 select)
164 struct idchain *chain;
165 afs_int32 entries = 0;
169 if (select & PRGROUPS) {
170 entries += idhash->groupEntries;
172 if (select & PRUSERS) {
173 entries += idhash->userEntries;
176 alist->idlist_len = entries;
177 alist->idlist_val = (afs_int32 *) malloc(sizeof(afs_int32) * entries);
178 if (!alist->idlist_val) {
182 for (i = 0, index = 0; index < ID_HASH_SIZE; index++) {
183 for (chain = idhash->hash[index]; chain; chain = chain->next) {
185 if (select & PRGROUPS) {
186 alist->idlist_val[i++] = chain->id;
189 if (select & PRUSERS) {
190 alist->idlist_val[i++] = chain->id;
199 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
202 struct rx_connection *serverconns[MAXSERVERS];
203 struct rx_securityClass *sc = NULL;
204 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
205 static char tconfDir[100] = "";
206 static char tcell[64] = "";
209 static struct afsconf_cell info;
211 #if !defined(UKERNEL)
214 afs_int32 gottdir = 0;
215 afs_int32 refresh = 0;
217 initialize_PT_error_table();
218 initialize_RXK_error_table();
219 initialize_ACFG_error_table();
220 initialize_KTC_error_table();
224 cell = afs_LclCellName;
226 #else /* defined(UKERNEL) */
229 tdir = afsconf_Open(confDir);
231 if (confDir && strcmp(confDir, ""))
233 "%s: Could not open configuration directory: %s.\n",
237 "%s: No configuration directory specified.\n",
243 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
246 "libprot: Could not get local cell. [%d]\n", code);
251 #endif /* defined(UKERNEL) */
253 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
255 * force re-evaluation. we either don't have an afsconf_dir,
256 * the directory has changed or the cell has changed.
258 if (tdir && !gottdir) {
260 tdir = (struct afsconf_dir *)NULL;
262 pruclient = (struct ubik_client *)NULL;
267 strncpy(tconfDir, confDir, sizeof(tconfDir));
268 strncpy(tcell, cell, sizeof(tcell));
272 #else /* defined(UKERNEL) */
274 tdir = afsconf_Open(confDir);
276 if (confDir && strcmp(confDir, ""))
278 "libprot: Could not open configuration directory: %s.\n",
282 "libprot: No configuration directory specified.\n");
285 #endif /* defined(UKERNEL) */
287 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
289 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
290 cell, confDir, AFSDIR_CELLSERVDB_FILE);
295 /* If we already have a client and it is at the security level we
296 * want, don't get a new one. Unless the security level is 2 in
297 * which case we will get one (and re-read the key file).
299 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
305 fprintf(stderr, "libprot: Could not initialize rx.\n");
309 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
310 * to force use of the KeyFile. secLevel == 0 implies -noauth was
313 code = afsconf_GetLatestKey(tdir, 0, 0);
315 afs_com_err(whoami, code, "(getting key from local KeyFile)\n");
317 /* If secLevel is two assume we're on a file server and use
318 * ClientAuthSecure if possible. */
319 code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
321 afs_com_err(whoami, code, "(calling client secure)\n");
323 } else if (secLevel > 0) {
326 secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
328 code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
330 afs_com_err(whoami, code, "(getting token)");
337 sc = rxnull_NewClientSecurityObject();
338 scIndex = RX_SECIDX_NULL;
341 if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0))
343 "%s: Could not get afs tokens, running unauthenticated\n",
346 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
347 for (i = 0; i < info.numServers; i++)
349 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
350 info.hostAddr[i].sin_port, PRSRV, sc,
353 code = ubik_ClientInit(serverconns, &pruclient);
355 afs_com_err(whoami, code, "ubik client init failed.");
360 code = rxs_Release(sc);
370 code = ubik_ClientDestroy(pruclient);
379 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
381 register afs_int32 code;
385 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
388 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
395 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
397 register afs_int32 code;
403 code = pr_SNameToId(owner, &oid);
406 if (oid == ANONYMOUSID)
411 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
414 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
420 pr_Delete(char *name)
422 register afs_int32 code;
426 code = pr_SNameToId(name, &id);
429 if (id == ANONYMOUSID)
431 code = ubik_PR_Delete(pruclient, 0, id);
436 pr_DeleteByID(afs_int32 id)
438 register afs_int32 code;
440 code = ubik_PR_Delete(pruclient, 0, id);
445 pr_AddToGroup(char *user, char *group)
447 register afs_int32 code;
451 lnames.namelist_len = 2;
452 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
453 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
454 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
457 code = pr_NameToId(&lnames, &lids);
460 /* if here, still could be missing an entry */
461 if (lids.idlist_val[0] == ANONYMOUSID
462 || lids.idlist_val[1] == ANONYMOUSID) {
467 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
470 if (lnames.namelist_val)
471 free(lnames.namelist_val);
473 xdr_free((xdrproc_t) xdr_idlist, &lids);
478 pr_RemoveUserFromGroup(char *user, char *group)
480 register afs_int32 code;
484 lnames.namelist_len = 2;
485 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
486 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
487 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
490 code = pr_NameToId(&lnames, &lids);
494 if (lids.idlist_val[0] == ANONYMOUSID
495 || lids.idlist_val[1] == ANONYMOUSID) {
500 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
503 if (lnames.namelist_val)
504 free(lnames.namelist_val);
506 xdr_free((xdrproc_t) xdr_idlist, &lids);
512 pr_NameToId(namelist *names, idlist *ids)
514 register afs_int32 code;
515 register afs_int32 i;
517 for (i = 0; i < names->namelist_len; i++)
518 stolower(names->namelist_val[i]);
519 code = ubik_PR_NameToID(pruclient, 0, names, ids);
524 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
528 register afs_int32 code;
532 lnames.namelist_len = 1;
533 lnames.namelist_val = malloc(PR_MAXNAMELEN);
535 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
536 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
537 if (lids.idlist_val) {
538 *id = *lids.idlist_val;
539 xdr_free((xdrproc_t) xdr_idlist, &lids);
541 if (lnames.namelist_val)
542 free(lnames.namelist_val);
547 pr_IdToName(idlist *ids, namelist *names)
549 register afs_int32 code;
551 code = ubik_PR_IDToName(pruclient, 0, ids, names);
556 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
560 register afs_int32 code;
563 lids.idlist_val = malloc(sizeof(afs_int32));
564 *lids.idlist_val = id;
565 lnames.namelist_len = 0;
566 lnames.namelist_val = 0;
567 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
569 if (lnames.namelist_val)
570 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
573 free(lids.idlist_val);
575 xdr_free((xdrproc_t) xdr_namelist, &lnames);
581 pr_GetCPS(afs_int32 id, prlist *CPS)
583 register afs_int32 code;
587 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
588 if (code != PRSUCCESS)
591 /* do something about this, probably make a new call */
592 /* don't forget there's a hard limit in the interface */
593 fprintf(stderr, "membership list for id %d exceeds display limit\n",
600 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
602 register afs_int32 code;
606 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
607 if (code != PRSUCCESS)
610 /* do something about this, probably make a new call */
611 /* don't forget there's a hard limit in the interface */
612 fprintf(stderr, "membership list for id %d exceeds display limit\n",
619 pr_GetHostCPS(afs_int32 host, prlist *CPS)
621 register afs_int32 code;
625 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
626 if (code != PRSUCCESS)
629 /* do something about this, probably make a new call */
630 /* don't forget there's a hard limit in the interface */
632 "membership list for host id %d exceeds display limit\n",
639 pr_ListMembers(char *group, namelist *lnames)
641 register afs_int32 code;
644 code = pr_SNameToId(group, &gid);
647 if (gid == ANONYMOUSID)
649 code = pr_IDListMembers(gid, lnames);
654 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
656 register afs_int32 code;
660 alist.prlist_len = 0;
661 alist.prlist_val = 0;
662 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
666 /* Remain backwards compatible when moreP was a T/F bit */
667 fprintf(stderr, "membership list for id %d exceeds display limit\n",
671 lids = (idlist *) &alist;
672 code = pr_IdToName(lids, lnames);
674 xdr_free((xdrproc_t) xdr_prlist, &alist);
683 pr_IDListMembers(afs_int32 gid, namelist *lnames)
685 register afs_int32 code;
690 alist.prlist_len = 0;
691 alist.prlist_val = 0;
692 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
696 fprintf(stderr, "membership list for id %d exceeds display limit\n",
699 lids = (idlist *) &alist;
700 code = pr_IdToName(lids, lnames);
702 xdr_free((xdrproc_t) xdr_prlist, &alist);
710 pr_IDListExpandedMembers(afs_int32 aid, namelist * lnames)
717 struct idhash *members = NULL;
718 afs_int32 *stack = NULL;
719 afs_int32 maxstack = ID_STACK_SIZE;
720 int n = 0; /* number of ids stacked */
724 code = AllocateIdHash(&members);
728 stack = (afs_int32 *) malloc(sizeof(afs_int32) * maxstack);
736 gid = stack[--n]; /* pop next group id */
737 alist.prlist_len = 0;
738 alist.prlist_val = NULL;
739 if (firstpass || aid < 0) {
741 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
743 code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
744 if (code == RXGEN_OPCODE) {
745 alist.prlist_len = 0;
746 alist.prlist_val = NULL;
747 code = 0; /* server does not support supergroups. */
754 "membership list for id %d exceeds display limit\n", gid);
756 for (i = 0; i < alist.prlist_len; i++) {
760 id = alist.prlist_val[i];
761 found = FindId(members, id);
764 xdr_free((xdrproc_t) xdr_prlist, &alist);
767 if (found == 0 && id < 0) {
768 if (n == maxstack) { /* need more stack space */
772 (afs_int32 *) realloc(stack,
773 maxstack * sizeof(afs_int32));
776 xdr_free((xdrproc_t) xdr_prlist, &alist);
781 stack[n++] = id; /* push group id */
784 xdr_free((xdrproc_t) xdr_prlist, &alist);
787 code = CreateIdList(members, &lids, (aid < 0 ? PRUSERS : PRGROUPS));
791 code = pr_IdToName(&lids, lnames);
793 free(lids.idlist_val);
804 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
806 register afs_int32 code;
808 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
813 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
816 prentries bulkentries;
820 *nextstartindex = -1;
821 bulkentries.prentries_val = 0;
822 bulkentries.prentries_len = 0;
825 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
826 &bulkentries, nextstartindex);
827 *nentries = bulkentries.prentries_len;
828 *entries = bulkentries.prentries_val;
833 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
835 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
836 register afs_int32 code;
837 struct prcheckentry aentry;
839 code = pr_SNameToId(name, id);
842 if (*id == ANONYMOUSID)
844 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
847 /* this should be done in one RPC, but I'm lazy. */
848 code = pr_SIdToName(aentry.owner, owner);
851 code = pr_SIdToName(aentry.creator, creator);
858 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
860 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
861 register afs_int32 code;
862 struct prcheckentry aentry;
864 code = pr_SIdToName(id, name);
867 if (id == ANONYMOUSID)
869 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
872 /* this should be done in one RPC, but I'm lazy. */
873 code = pr_SIdToName(aentry.owner, owner);
876 code = pr_SIdToName(aentry.creator, creator);
883 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
885 register afs_int32 code;
889 code = pr_SNameToId(oldname, &id);
892 if (id == ANONYMOUSID)
894 if (newowner && *newowner) {
895 code = pr_SNameToId(newowner, &oid);
898 if (oid == ANONYMOUSID)
902 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
904 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
909 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
911 register afs_int32 code;
917 lnames.namelist_len = 2;
918 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
919 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
920 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
923 code = pr_NameToId(&lnames, &lids);
925 if (lnames.namelist_val)
926 free(lnames.namelist_val);
927 xdr_free((xdrproc_t) xdr_idlist, &lids);
931 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
932 lids.idlist_val[1], flag);
933 if (lnames.namelist_val)
934 free(lnames.namelist_val);
935 xdr_free((xdrproc_t) xdr_idlist, &lids);
940 pr_ListMaxUserId(afs_int32 *mid)
942 register afs_int32 code;
944 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
949 pr_SetMaxUserId(afs_int32 mid)
951 register afs_int32 code;
953 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
958 pr_ListMaxGroupId(afs_int32 *mid)
960 register afs_int32 code;
962 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
967 pr_SetMaxGroupId(afs_int32 mid)
969 register afs_int32 code;
973 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
978 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
980 register afs_int32 code;
983 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,
989 pr_ListSuperGroups(afs_int32 gid, namelist * lnames)
996 alist.prlist_len = 0;
997 alist.prlist_val = 0;
998 code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
1002 fprintf(stderr, "supergroup list for id %d exceeds display limit\n",
1005 lids = (idlist *) & alist;
1006 code = pr_IdToName(lids, lnames);
1008 xdr_free((xdrproc_t) xdr_prlist, &alist);