/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
* to groups. This is an error in normal AFS.
* 2. If adding a group to a group call AddToSGEntry
* to add the id of the group it's a member of.
- *
+ *
* (4) function Delete
*
* 1. Print a messsage if an error is returned from
- * FindByID() and PTDEBUG is defined.
- * 2. If removing a group from a group call
- * RemoveFromSGEntry to remove the id of the
- * group it's a member of.
+ * FindByID() and PTDEBUG is defined.
+ * 2. If removing a group from a group call
+ * RemoveFromSGEntry to remove the id of the
+ * group it's a member of.
* 3. Remove supergroup continuation records.
*
- * (5) function RemoveFromGroup
- *
+ * (5) function RemoveFromGroup
+ *
* 1. Eliminate the code that tests for adding groups
- * to groups. This is an error in normal AFS.
- * 2. If removing a group from a group call
- * RemoveFromSGEntry to remove the id of the
+ * to groups. This is an error in normal AFS.
+ * 2. If removing a group from a group call
+ * RemoveFromSGEntry to remove the id of the
* group it's a member of.
*
- * (6) Add new functions PR_ListSuperGroups and
+ * (6) Add new functions PR_ListSuperGroups and
* listSuperGroups.
- *
+ *
* (7) function isAMemberOf
- *
+ *
* 1. Allow groups to be members of groups.
*
* Transarc does not currently use opcodes past 520, but
#include <afsconfig.h>
#include <afs/param.h>
+#include <afs/stds.h>
-RCSID
- ("$Header$");
+#include <roken.h>
+#include <afs/opr.h>
-#include <afs/stds.h>
#include <ctype.h>
-#include <stdio.h>
+
#include <lock.h>
#include <afs/afsutil.h>
#include <ubik.h>
#include <rx/xdr.h>
#include <rx/rx.h>
#include <rx/rxkad.h>
+#include <rx/rx_identity.h>
#include <afs/auth.h>
-#ifdef AFS_NT40_ENV
-#include <winsock2.h>
-#else
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#endif
-#include <string.h>
+#include <afs/cellconfig.h>
+
#include "ptserver.h"
#include "pterror.h"
#include "ptprototypes.h"
#include "afs/audit.h"
-#ifdef AFS_ATHENA_STDENV
-#include <krb.h>
-#endif
-
-
-#define IP_WILDCARDS 1 /* XXX Should be defined outside of here XXX */
-
extern int restricted;
+extern int restrict_anonymous;
extern struct ubik_dbase *dbase;
-extern afs_int32 Initdb();
extern int pr_noAuth;
-extern afs_int32 initd;
-extern char *pr_realmName;
-afs_int32 iNewEntry(), newEntry(), whereIsIt(), dumpEntry(), addToGroup(),
-nameToID(), Delete(), removeFromGroup();
-afs_int32 getCPS(), getCPS2(), getHostCPS(), listMax(), setMax(), listEntry();
-afs_int32 listEntries(), changeEntry(), setFieldsEntry(), put_prentries();
-afs_int32 listElements(), listOwned(), isAMemberOf(), idToName();
-
-#if defined(SUPERGROUPS)
-afs_int32 listSuperGroups();
-#endif
-
-extern int IDCmp();
-
extern int prp_group_default;
extern int prp_user_default;
-
-/* When abort, reset initd so that the header is read in on next call.
+extern struct afsconf_dir *prdir;
+
+static afs_int32 iNewEntry(struct rx_call *call, char aname[], afs_int32 aid,
+ afs_int32 oid, afs_int32 *cid);
+static afs_int32 newEntry(struct rx_call *call, char aname[], afs_int32 flag,
+ afs_int32 oid, afs_int32 *aid, afs_int32 *cid);
+static afs_int32 whereIsIt(struct rx_call *call, afs_int32 aid, afs_int32 *apos,
+ afs_int32 *cid);
+static afs_int32 dumpEntry(struct rx_call *call, afs_int32 apos,
+ struct prdebugentry *aentry, afs_int32 *cid);
+static afs_int32 addToGroup(struct rx_call *call, afs_int32 aid, afs_int32 gid,
+ afs_int32 *cid);
+static afs_int32 nameToID(struct rx_call *call, namelist *aname, idlist *aid);
+static afs_int32 idToName(struct rx_call *call, idlist *aid, namelist *aname, afs_int32 *cid);
+static afs_int32 Delete(struct rx_call *call, afs_int32 aid, afs_int32 *cid);
+static afs_int32 UpdateEntry(struct rx_call *call, afs_int32 aid, char *name,
+ struct PrUpdateEntry *uentry, afs_int32 *cid);
+static afs_int32 removeFromGroup(struct rx_call *call, afs_int32 aid,
+ afs_int32 gid, afs_int32 *cid);
+static afs_int32 getCPS(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *over, afs_int32 *cid);
+static afs_int32 getCPS2(struct rx_call *call, afs_int32 aid, afs_uint32 ahost,
+ prlist *alist, afs_int32 *over, afs_int32 *cid);
+static afs_int32 getHostCPS(struct rx_call *call, afs_uint32 ahost,
+ prlist *alist, afs_int32 *over, afs_int32 *cid);
+static afs_int32 listMax(struct rx_call *call, afs_int32 *uid, afs_int32 *gid, afs_int32 *cid);
+static afs_int32 setMax(struct rx_call *call, afs_int32 aid, afs_int32 gflag,
+ afs_int32 *cid);
+static afs_int32 listEntry(struct rx_call *call, afs_int32 aid,
+ struct prcheckentry *aentry, afs_int32 *cid);
+static afs_int32 listEntries(struct rx_call *call, afs_int32 flag,
+ afs_int32 startindex, prentries *bulkentries,
+ afs_int32 *nextstartindex, afs_int32 *cid);
+static void put_prentries(struct prentry *tentry, prentries *bulkentries);
+static afs_int32 changeEntry(struct rx_call *call, afs_int32 aid, char *name,
+ afs_int32 oid, afs_int32 newid, afs_int32 *cid);
+static afs_int32 setFieldsEntry(struct rx_call *call, afs_int32 id,
+ afs_int32 mask, afs_int32 flags,
+ afs_int32 ngroups, afs_int32 nusers,
+ afs_int32 spare1, afs_int32 spare2,
+ afs_int32 *cid);
+static afs_int32 listElements(struct rx_call *call, afs_int32 aid,
+ prlist *alist, afs_int32 *over, afs_int32 *cid);
+#if defined(SUPERGROUPS)
+static afs_int32 listSuperGroups(struct rx_call *call, afs_int32 aid,
+ prlist *alist, afs_int32 *over,
+ afs_int32 *cid);
+#endif
+static afs_int32 listOwned(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *lastP, afs_int32 *cid);
+static afs_int32 isAMemberOf(struct rx_call *call, afs_int32 uid, afs_int32 gid,
+ afs_int32 *flag, afs_int32 *cid);
+static afs_int32 addWildCards(struct ubik_trans *tt, prlist *alist,
+ afs_uint32 host);
+static afs_int32 WhoIsThisWithName(struct rx_call *acall,
+ struct ubik_trans *at, afs_int32 *aid,
+ char *aname);
+
+/* when we abort, the ubik cachedVersion will be reset, so we'll read in the
+ * header on the next call.
* Abort the transaction and return the code.
*/
-#define ABORT_WITH(tt,code) return(initd=0,ubik_AbortTrans(tt),code)
+#define ABORT_WITH(tt,code) return(ubik_AbortTrans(tt),code)
static int
-CreateOK(ut, cid, oid, flag, admin)
- struct ubik_trans *ut;
- afs_int32 cid; /* id of caller */
- afs_int32 oid; /* id of owner */
- afs_int32 flag; /* indicates type of entry */
- int admin; /* sysadmin membership */
+CreateOK(struct ubik_trans *ut, afs_int32 cid, afs_int32 oid, afs_int32 flag,
+ int admin)
{
- if (restricted && !admin)
+ if (restricted && !admin)
return 0;
if (flag & PRFOREIGN) {
- /* Foreign users are recognized by the '@' sign and
+ /* Foreign users are recognized by the '@' sign and
* not by the PRFOREIGN flag.
*/
return 0;
return 0;
}
} else { /* creating a user */
+ if (oid == ANONYMOUSID)
+ return 0;
if (!admin && !pr_noAuth)
return 0;
}
}
afs_int32
-WhoIsThis(acall, at, aid)
- struct rx_call *acall;
- struct ubik_trans *at;
- afs_int32 *aid;
+WhoIsThis(struct rx_call *acall, struct ubik_trans *at, afs_int32 *aid)
{
- int foreign = 0;
- /* aid is set to the identity of the caller, if known, else ANONYMOUSID */
- /* returns -1 and sets aid to ANONYMOUSID on any failure */
- register struct rx_connection *tconn;
- register afs_int32 code;
- char tcell[MAXKTCREALMLEN];
- char name[MAXKTCNAMELEN];
- char inst[MAXKTCNAMELEN];
- int ilen;
- char vname[256];
+ int code = WhoIsThisWithName(acall, at, aid, NULL);
+ if (code == 2 && *aid == ANONYMOUSID)
+ return PRNOENT;
+ return code;
+}
- *aid = ANONYMOUSID;
- tconn = rx_ConnectionOf(acall);
- code = rx_SecurityClassOf(tconn);
- if (code == 0)
- return 0;
- else if (code == 1) { /* vab class */
- goto done; /* no longer supported */
- } else if (code == 2) { /* kad class */
- if ((code = rxkad_GetServerInfo(acall->conn, NULL, 0 /*was &exp */ ,
- name, inst, tcell, NULL)))
- goto done;
-#if 0
- /* This test is unnecessary, since rxkad_GetServerInfo already check.
- * In addition, this is wrong since exp must be unsigned. */
- if (exp < FT_ApproxTime())
- goto done;
-#endif
- if (tcell[0])
- foreign = afs_is_foreign_ticket_name(name,inst,tcell,pr_realmName);
+static int
+WritePreamble(struct ubik_trans **tt)
+{
+ int code;
- strncpy(vname, name, sizeof(vname));
- if (ilen = strlen(inst)) {
- if (strlen(vname) + 1 + ilen >= sizeof(vname))
- goto done;
- strcat(vname, ".");
- strcat(vname, inst);
- }
- if (foreign) {
- if (strlen(vname) + strlen(tcell) + 1 >= sizeof(vname))
- goto done;
- strcat(vname, "@");
- strcat(vname, tcell);
- }
- if (strcmp(AUTH_SUPERUSER, vname) == 0)
- *aid = SYSADMINID; /* special case for the fileserver */
- else {
- lcstring(vname, vname, sizeof(vname));
- code = NameToID(at, vname, aid);
- }
- }
- done:
- if (code && !pr_noAuth)
- return -1;
- return 0;
+ code = Initdb();
+ if (code)
+ return code;
+
+ code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, tt);
+ if (code)
+ return code;
+
+ code = ubik_SetLock(*tt, 1, 1, LOCKWRITE);
+ if (code)
+ goto out;
+
+ code = read_DbHeader(*tt);
+
+out:
+ if (code)
+ ubik_AbortTrans(*tt);
+
+ return code;
+}
+
+static int
+ReadPreamble(struct ubik_trans **tt)
+{
+ int code;
+
+ code = Initdb();
+ if (code)
+ return code;
+
+ code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, tt);
+ if (code)
+ return code;
+
+ code = ubik_SetLock(*tt, 1, 1, LOCKREAD);
+ if (code)
+ goto out;
+
+ code = read_DbHeader(*tt);
+
+out:
+ if (code)
+ ubik_AbortTrans(*tt);
+
+ return code;
}
afs_int32
-SPR_INewEntry(call, aname, aid, oid)
- struct rx_call *call;
- char aname[PR_MAXNAMELEN];
- afs_int32 aid;
- afs_int32 oid;
+SPR_INewEntry(struct rx_call *call, char aname[], afs_int32 aid, afs_int32 oid)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = iNewEntry(call, aname, aid, oid, &cid);
osi_auditU(call, PTS_INewEntEvent, code, AUD_ID, aid, AUD_STR, aname,
AUD_ID, oid, AUD_END);
- ViceLog(25, ("PTS_INewEntry: code %d cid %d aid %d aname %s oid %d", code, cid, aid, aname, oid));
+ ViceLog(5, ("PTS_INewEntry: code %d cid %d aid %d aname %s oid %d\n", code, cid, aid, aname, oid));
return code;
}
-afs_int32
-iNewEntry(call, aname, aid, oid, cid)
- struct rx_call *call;
- char aname[PR_MAXNAMELEN];
- afs_int32 aid;
- afs_int32 oid;
- afs_int32 * cid;
+static afs_int32
+iNewEntry(struct rx_call *call, char aname[], afs_int32 aid, afs_int32 oid,
+ afs_int32 *cid)
{
/* used primarily for conversion - not intended to be used as usual means
* of entering people into the database. */
struct ubik_trans *tt;
- register afs_int32 code;
+ afs_int32 code;
afs_int32 gflag = 0;
int admin;
stolower(aname);
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
afs_int32
-SPR_NewEntry(call, aname, flag, oid, aid)
- struct rx_call *call;
- char aname[PR_MAXNAMELEN];
- afs_int32 flag;
- afs_int32 oid;
- afs_int32 *aid;
+SPR_NewEntry(struct rx_call *call, char aname[], afs_int32 flag, afs_int32 oid,
+ afs_int32 *aid)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = newEntry(call, aname, flag, oid, aid, &cid);
osi_auditU(call, PTS_NewEntEvent, code, AUD_ID, *aid, AUD_STR, aname,
AUD_ID, oid, AUD_END);
- ViceLog(25, ("PTS_NewEntry: code %d cid %d aid %d aname %s oid %d", code, cid, *aid, aname, oid));
+ ViceLog(5, ("PTS_NewEntry: code %d cid %d aid %d aname %s oid %d\n", code, cid, *aid, aname, oid));
return code;
}
-afs_int32
-newEntry(call, aname, flag, oid, aid, cid)
- struct rx_call *call;
- char aname[PR_MAXNAMELEN];
- afs_int32 flag;
- afs_int32 oid;
- afs_int32 *aid;
- afs_int32 *cid;
+static afs_int32
+newEntry(struct rx_call *call, char aname[], afs_int32 flag, afs_int32 oid,
+ afs_int32 *aid, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
int admin;
- extern afs_int32 WhoIsThisWithName();
+ int foreign = 0;
char cname[PR_MAXNAMELEN];
stolower(aname);
- code = Initdb();
- if (code)
- return code;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
/* this is for cross-cell self registration. It is not added in the
- * SPR_INewEntry because we want self-registration to only do
+ * SPR_INewEntry because we want self-registration to only do
* automatic id assignment.
*/
code = WhoIsThisWithName(call, tt, cid, cname);
- if (code != 2) { /* 2 specifies that this is a foreign cell request */
- if (code)
- ABORT_WITH(tt, PRPERM);
- admin = IsAMemberOf(tt, *cid, SYSADMINID);
- } else {
- admin = ((!restricted && !strcmp(aname, cname))) || IsAMemberOf(tt, *cid, SYSADMINID);
- oid = *cid = SYSADMINID;
+ if (code && code != 2)
+ ABORT_WITH(tt, PRPERM);
+ admin = IsAMemberOf(tt, *cid, SYSADMINID);
+ if (code == 2 /* foreign cell request */) {
+ foreign = 1;
+
+ if (!restricted && (strcmp(aname, cname) == 0)) {
+ /* can't autoregister while providing an owner id */
+ if (oid != 0)
+ ABORT_WITH(tt, PRPERM);
+
+ admin = 1;
+ oid = SYSADMINID;
+ }
}
if (!CreateOK(tt, *cid, oid, flag, admin))
ABORT_WITH(tt, PRPERM);
code = CreateEntry(tt, aname, aid, 0, flag, oid, *cid);
+ /*
+ * If this was an autoregistration then be sure to audit log
+ * the proper id as the creator.
+ */
+ if (foreign && code == 0 && *aid > 0)
+ *cid = *aid;
if (code != PRSUCCESS)
ABORT_WITH(tt, code);
afs_int32
-SPR_WhereIsIt(call, aid, apos)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 *apos;
+SPR_WhereIsIt(struct rx_call *call, afs_int32 aid, afs_int32 *apos)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = whereIsIt(call, aid, apos, &cid);
osi_auditU(call, PTS_WheIsItEvent, code, AUD_ID, aid, AUD_LONG, *apos,
AUD_END);
- ViceLog(125, ("PTS_WhereIsIt: code %d cid %d aid %d apos %d", code, cid, aid, *apos));
+ ViceLog(125, ("PTS_WhereIsIt: code %d cid %d aid %d apos %d\n", code, cid, aid, *apos));
return code;
}
-afs_int32
-whereIsIt(call, aid, apos, cid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 *apos;
- afs_int32 *cid;
+static afs_int32
+whereIsIt(struct rx_call *call, afs_int32 aid, afs_int32 *apos, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 temp;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
temp = FindByID(tt, aid);
if (!temp)
afs_int32
-SPR_DumpEntry(call, apos, aentry)
- struct rx_call *call;
- afs_int32 apos;
- struct prdebugentry *aentry;
+SPR_DumpEntry(struct rx_call *call, afs_int32 apos,
+ struct prdebugentry *aentry)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = dumpEntry(call, apos, aentry, &cid);
osi_auditU(call, PTS_DmpEntEvent, code, AUD_LONG, apos, AUD_END);
- ViceLog(125, ("PTS_DumpEntry: code %d cid %d apos %d", code, cid, apos));
+ ViceLog(125, ("PTS_DumpEntry: code %d cid %d apos %d\n", code, cid, apos));
return code;
}
-afs_int32
-dumpEntry(call, apos, aentry, cid)
- struct rx_call *call;
- afs_int32 apos;
- struct prdebugentry *aentry;
- afs_int32 *cid;
+static afs_int32
+dumpEntry(struct rx_call *call, afs_int32 apos, struct prdebugentry *aentry,
+ afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
ABORT_WITH(tt, PRPERM);
- code = pr_ReadEntry(tt, 0, apos, aentry);
+ code = pr_ReadEntry(tt, 0, apos, (struct prentry *)aentry);
if (code)
ABORT_WITH(tt, code);
if (!AccessOK(tt, *cid, 0, PRP_STATUS_MEM, 0))
ABORT_WITH(tt, PRPERM);
- /* Since prdebugentry is in the form of a prentry not a coentry, we will
- * return the coentry slots in network order where the string is. */
-#if 0
- if (aentry->flags & PRCONT) { /* wrong type, get coentry instead */
- code = pr_ReadCoEntry(tt, 0, apos, aentry);
- if (code)
- ABORT_WITH(tt, code);
- }
-#endif
code = ubik_EndTrans(tt);
if (code)
return code;
}
afs_int32
-SPR_AddToGroup(call, aid, gid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 gid;
+SPR_AddToGroup(struct rx_call *call, afs_int32 aid, afs_int32 gid)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = addToGroup(call, aid, gid, &cid);
osi_auditU(call, PTS_AdToGrpEvent, code, AUD_ID, gid, AUD_ID, aid,
AUD_END);
- ViceLog(5, ("PTS_AddToGroup: code %d cid %d gid %d aid %d", code, cid, gid, aid));
+ ViceLog(5, ("PTS_AddToGroup: code %d cid %d gid %d aid %d\n", code, cid, gid, aid));
return code;
}
-afs_int32
-addToGroup(call, aid, gid, cid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 gid;
- afs_int32 *cid;
+static afs_int32
+addToGroup(struct rx_call *call, afs_int32 aid, afs_int32 gid, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 tempu;
afs_int32 tempg;
struct prentry tentry;
struct prentry uentry;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
if (gid == ANYUSERID || gid == AUTHUSERID)
return PRPERM;
if (aid == ANONYMOUSID)
return PRPERM;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
}
afs_int32
-SPR_NameToID(call, aname, aid)
- struct rx_call *call;
- namelist *aname;
- idlist *aid;
+SPR_NameToID(struct rx_call *call, namelist *aname, idlist *aid)
{
afs_int32 code;
code = nameToID(call, aname, aid);
osi_auditU(call, PTS_NmToIdEvent, code, AUD_END);
- ViceLog(125, ("PTS_NameToID: code %d", code));
+ ViceLog(125, ("PTS_NameToID: code %d\n", code));
return code;
}
-afs_int32
-nameToID(call, aname, aid)
- struct rx_call *call;
- namelist *aname;
- idlist *aid;
+static afs_int32
+nameToID(struct rx_call *call, namelist *aname, idlist *aid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 i;
int size;
if (size < 0)
return PRTOOMANY;
- aid->idlist_val = (afs_int32 *) malloc(size * sizeof(afs_int32));
+ aid->idlist_val = malloc(size * sizeof(afs_int32));
if (!aid->idlist_val)
return PRNOMEM;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
for (i = 0; i < aname->namelist_len; i++) {
char vname[256];
char *nameinst, *cell;
+ afs_int32 islocal = 1;
strncpy(vname, aname->namelist_val[i], sizeof(vname));
vname[sizeof(vname)-1] ='\0';
cell++;
}
- if (cell && afs_is_foreign_ticket_name(nameinst,NULL,cell,pr_realmName))
- code = NameToID(tt, aname->namelist_val[i], &aid->idlist_val[i]);
- else
+ if (cell && *cell) {
+ code = afsconf_IsLocalRealmMatch(prdir, &islocal, nameinst, NULL, cell);
+ ViceLog(125,
+ ("PTS_NameToID: afsconf_IsLocalRealmMatch(); code=%d, nameinst=%s, cell=%s\n",
+ code, nameinst, cell));
+ }
+ if (islocal)
code = NameToID(tt, nameinst, &aid->idlist_val[i]);
+ else
+ code = NameToID(tt, aname->namelist_val[i], &aid->idlist_val[i]);
if (code != PRSUCCESS)
aid->idlist_val[i] = ANONYMOUSID;
osi_audit(PTS_NmToIdEvent, code, AUD_STR,
- aname->namelist_val[i], AUD_ID, aid->idlist_val[i],
+ aname->namelist_val[i], AUD_ID, aid->idlist_val[i],
AUD_END);
- ViceLog(125, ("PTS_NameToID: code %d aname %s aid %d", code,
+ ViceLog(125, ("PTS_NameToID: code %d aname %s aid %d\n", code,
aname->namelist_val[i], aid->idlist_val[i]));
if (count++ > 50) {
#ifndef AFS_PTHREAD_ENV
* The array of ids and names is unlimited.
*/
afs_int32
-SPR_IDToName(call, aid, aname)
- struct rx_call *call;
- idlist *aid;
- namelist *aname;
+SPR_IDToName(struct rx_call *call, idlist *aid, namelist *aname)
{
afs_int32 code;
+ afs_int32 cid = ANONYMOUSID;
- code = idToName(call, aid, aname);
+ code = idToName(call, aid, aname, &cid);
osi_auditU(call, PTS_IdToNmEvent, code, AUD_END);
- ViceLog(125, ("PTS_IDToName: code %d", code));
+ ViceLog(125, ("PTS_IDToName: code %d\n", code));
return code;
}
-afs_int32
-idToName(call, aid, aname)
- struct rx_call *call;
- idlist *aid;
- namelist *aname;
+static afs_int32
+idToName(struct rx_call *call, idlist *aid, namelist *aname, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 i;
int size;
size = aid->idlist_len;
if (size == 0)
return 0;
- if (size < 0)
+ if (size < 0 || size > INT_MAX / PR_MAXNAMELEN)
return PRTOOMANY;
- aname->namelist_val = (prname *) malloc(size * PR_MAXNAMELEN);
+ aname->namelist_val = calloc(size, PR_MAXNAMELEN);
aname->namelist_len = 0;
if (aname->namelist_val == 0)
return PRNOMEM;
if (size == 0)
return PRTOOMANY; /* rxgen will probably handle this */
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
+
+ code = WhoIsThis(call, tt, cid);
if (code)
- ABORT_WITH(tt, code);
+ ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
for (i = 0; i < aid->idlist_len; i++) {
code = IDToName(tt, aid->idlist_val[i], aname->namelist_val[i]);
sprintf(aname->namelist_val[i], "%d", aid->idlist_val[i]);
osi_audit(PTS_IdToNmEvent, code, AUD_ID, aid->idlist_val[i],
AUD_STR, aname->namelist_val[i], AUD_END);
- ViceLog(125, ("PTS_idToName: code %d aid %d aname %s", code,
+ ViceLog(125, ("PTS_idToName: code %d aid %d aname %s\n", code,
aid->idlist_val[i], aname->namelist_val[i]));
if (count++ > 50) {
#ifndef AFS_PTHREAD_ENV
}
afs_int32
-SPR_Delete(call, aid)
- struct rx_call *call;
- afs_int32 aid;
+SPR_Delete(struct rx_call *call, afs_int32 aid)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = Delete(call, aid, &cid);
osi_auditU(call, PTS_DelEvent, code, AUD_ID, aid, AUD_END);
- ViceLog(25, ("PTS_Delete: code %d cid %d aid %d", code, cid, aid));
+ ViceLog(5, ("PTS_Delete: code %d cid %d aid %d\n", code, cid, aid));
return code;
}
-afs_int32
-Delete(call, aid, cid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 *cid;
+static afs_int32
+Delete(struct rx_call *call, afs_int32 aid, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
struct prentry tentry;
afs_int32 loc, nptr;
int count;
- code = Initdb();
- if (code)
- return code;
- if (code != PRSUCCESS)
- return code;
if (aid == SYSADMINID || aid == ANYUSERID || aid == AUTHUSERID
|| aid == ANONYMOUSID)
return PRPERM;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
&& !IsAMemberOf(tt, *cid, tentry.owner) && !pr_noAuth)
ABORT_WITH(tt, PRPERM);
+ if (restricted && !IsAMemberOf(tt, *cid, SYSADMINID)) {
+ ABORT_WITH(tt, PRPERM);
+ }
+
/* Delete each continuation block as a separate transaction so that no one
* transaction become to large to complete. */
nptr = tentry.next;
- while (nptr != (afs_int32) NULL) {
+ while (nptr != 0) {
struct contentry centry;
int i;
{
struct prentryg *tentryg = (struct prentryg *)&tentry;
nptr = tentryg->nextsg;
- while (nptr != NULL) {
+ while (nptr != 0) {
struct contentry centry;
int i;
* transaction, we start a new transaction every 50 entries. */
count = 0;
nptr = tentry.owned;
- while (nptr != (afs_int32) NULL) {
+ while (nptr != 0) {
struct prentry nentry;
code = pr_ReadEntry(tt, 0, nptr, &nentry);
}
afs_int32
-SPR_UpdateEntry(call, aid, name, uentry)
- struct rx_call *call;
- afs_int32 aid;
- char *name;
- struct PrUpdateEntry *uentry;
+SPR_UpdateEntry(struct rx_call *call, afs_int32 aid, char *name,
+ struct PrUpdateEntry *uentry)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = UpdateEntry(call, aid, name, uentry, &cid);
osi_auditU(call, PTS_UpdEntEvent, code, AUD_ID, aid, AUD_STR, name, AUD_END);
- ViceLog(5, ("PTS_UpdateEntry: code %d cid %d aid %d name %s", code, cid, aid, name));
+ ViceLog(5, ("PTS_UpdateEntry: code %d cid %d aid %d name %s\n", code, cid, aid, name));
return code;
}
afs_int32
-UpdateEntry(call, aid, name, uentry, cid)
- struct rx_call *call;
- afs_int32 aid;
- char *name;
- struct PrUpdateEntry *uentry;
- afs_int32 *cid;
+UpdateEntry(struct rx_call *call, afs_int32 aid, char *name,
+ struct PrUpdateEntry *uentry, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
struct prentry tentry;
afs_int32 loc;
int id = 0;
- code = Initdb();
- if (code)
- return code;
- if (code != PRSUCCESS)
- return code;
if (aid) {
id = aid;
if (aid == SYSADMINID || aid == ANYUSERID || aid == AUTHUSERID
|| aid == ANONYMOUSID)
return PRPERM;
}
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
}
afs_int32
-SPR_RemoveFromGroup(call, aid, gid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 gid;
+SPR_RemoveFromGroup(struct rx_call *call, afs_int32 aid, afs_int32 gid)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = removeFromGroup(call, aid, gid, &cid);
osi_auditU(call, PTS_RmFmGrpEvent, code, AUD_ID, gid, AUD_ID, aid,
AUD_END);
- ViceLog(5, ("PTS_RemoveFromGroup: code %d cid %d gid %d aid %d", code, cid, gid, aid));
+ ViceLog(5, ("PTS_RemoveFromGroup: code %d cid %d gid %d aid %d\n", code, cid, gid, aid));
return code;
}
-afs_int32
-removeFromGroup(call, aid, gid, cid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 gid;
- afs_int32 *cid;
+static afs_int32
+removeFromGroup(struct rx_call *call, afs_int32 aid, afs_int32 gid,
+ afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 tempu;
afs_int32 tempg;
struct prentry uentry;
struct prentry gentry;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
afs_int32
-SPR_GetCPS(call, aid, alist, over)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *over;
+SPR_GetCPS(struct rx_call *call, afs_int32 aid, prlist *alist, afs_int32 *over)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = getCPS(call, aid, alist, over, &cid);
osi_auditU(call, PTS_GetCPSEvent, code, AUD_ID, aid, AUD_END);
- ViceLog(125, ("PTS_GetCPS: code %d cid %d aid %d", code, cid, aid));
+ ViceLog(125, ("PTS_GetCPS: code %d cid %d aid %d\n", code, cid, aid));
return code;
}
-afs_int32
-getCPS(call, aid, alist, over, cid)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *over;
- afs_int32 *cid;
+static afs_int32
+getCPS(struct rx_call *call, afs_int32 aid, prlist *alist, afs_int32 *over,
+ afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 temp;
struct prentry tentry;
*over = 0;
alist->prlist_len = 0;
alist->prlist_val = NULL;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
+
+ code = WhoIsThis(call, tt, cid);
if (code)
- ABORT_WITH(tt, code);
+ ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
temp = FindByID(tt, aid);
if (!temp)
if (code)
ABORT_WITH(tt, code);
- /* afs does authenticate now */
- code = WhoIsThis(call, tt, cid);
- if (code || !AccessOK(tt, *cid, &tentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY))
+ if (!AccessOK(tt, *cid, &tentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY))
ABORT_WITH(tt, PRPERM);
code = GetList(tt, &tentry, alist, 1);
}
-#ifdef IP_WILDCARDS
int
-inCPS(CPS, id)
- prlist CPS;
- afs_int32 id;
+inCPS(prlist CPS, afs_int32 id)
{
int i;
}
return (0);
}
-#endif /* IP_WILDCARDS */
afs_int32
-SPR_GetCPS2(call, aid, ahost, alist, over)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 ahost;
- prlist *alist;
- afs_int32 *over;
+SPR_GetCPS2(struct rx_call *call, afs_int32 aid, afs_int32 ahost,
+ prlist *alist, afs_int32 *over)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = getCPS2(call, aid, ahost, alist, over, &cid);
- osi_auditU(call, PTS_GetCPS2Event, code, AUD_ID, aid, AUD_HOST, ahost,
+ osi_auditU(call, PTS_GetCPS2Event, code, AUD_ID, aid, AUD_HOST, htonl(ahost),
AUD_END);
- ViceLog(125, ("PTS_GetCPS2: code %d cid %d aid %d ahost %d", code, cid, aid, ahost));
+ ViceLog(125, ("PTS_GetCPS2: code %d cid %d aid %d ahost %d\n", code, cid, aid, ahost));
return code;
}
-afs_int32
-getCPS2(call, aid, ahost, alist, over, cid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 ahost;
- prlist *alist;
- afs_int32 *over;
- afs_int32 *cid;
+static afs_int32
+getCPS2(struct rx_call *call, afs_int32 aid, afs_uint32 ahost, prlist *alist,
+ afs_int32 *over, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 temp;
struct prentry tentry;
afs_int32 hostid;
int host_list = 0;
struct in_addr iaddr;
-#if IP_WILDCARDS
- extern afs_int32 addWildCards();
-#endif /* IP_WILDCARDS */
+ char hoststr[16];
*over = 0;
iaddr.s_addr = ntohl(ahost);
alist->prlist_len = 0;
alist->prlist_val = NULL;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
if (aid != PRBADID) {
temp = FindByID(tt, aid);
|| !AccessOK(tt, *cid, &tentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY))
ABORT_WITH(tt, PRPERM);
}
- code = NameToID(tt, inet_ntoa(iaddr), &hostid);
+ code = NameToID(tt, afs_inet_ntoa_r(iaddr.s_addr, hoststr), &hostid);
if (code == PRSUCCESS && hostid != 0) {
temp = FindByID(tt, hostid);
if (temp) {
code = GetList2(tt, &tentry, &host_tentry, alist, 1);
else
code = GetList(tt, &tentry, alist, 1);
-#if IP_WILDCARDS
if (!code)
code = addWildCards(tt, alist, ntohl(ahost));
-#endif /* IP_WILDCARDS */
if (code != PRSUCCESS)
ABORT_WITH(tt, code);
afs_int32
-SPR_GetHostCPS(call, ahost, alist, over)
- struct rx_call *call;
- afs_int32 ahost;
- prlist *alist;
- afs_int32 *over;
+SPR_GetHostCPS(struct rx_call *call, afs_int32 ahost, prlist *alist,
+ afs_int32 *over)
{
afs_int32 code;
+ afs_int32 cid = ANONYMOUSID;
- code = getHostCPS(call, ahost, alist, over);
- osi_auditU(call, PTS_GetHCPSEvent, code, AUD_HOST, ahost, AUD_END);
- ViceLog(125, ("PTS_GetHostCPS: code %d ahost %d", code, ahost));
+ code = getHostCPS(call, ahost, alist, over, &cid);
+ osi_auditU(call, PTS_GetHCPSEvent, code, AUD_HOST, htonl(ahost), AUD_END);
+ ViceLog(125, ("PTS_GetHostCPS: code %d ahost %u (0x%x)\n", code, ahost, ahost));
return code;
}
afs_int32
-getHostCPS(call, ahost, alist, over)
- struct rx_call *call;
- afs_int32 ahost;
- prlist *alist;
- afs_int32 *over;
+getHostCPS(struct rx_call *call, afs_uint32 ahost, prlist *alist,
+ afs_int32 *over, afs_int32 *cid)
{
- register afs_int32 code, temp;
+ afs_int32 code, temp;
struct ubik_trans *tt;
struct prentry host_tentry;
afs_int32 hostid;
struct in_addr iaddr;
-#if IP_WILDCARDS
- extern afs_int32 addWildCards();
-#endif /* IP_WILDCARDS */
+ char hoststr[16];
*over = 0;
iaddr.s_addr = ntohl(ahost);
alist->prlist_len = 0;
alist->prlist_val = NULL;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
+
+ code = WhoIsThis(call, tt, cid);
if (code)
- ABORT_WITH(tt, code);
+ ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
- code = NameToID(tt, inet_ntoa(iaddr), &hostid);
+ code = NameToID(tt, afs_inet_ntoa_r(iaddr.s_addr, hoststr), &hostid);
if (code == PRSUCCESS && hostid != 0) {
temp = FindByID(tt, hostid);
if (temp) {
} else
fprintf(stderr, "FindByID Failed -- Not found\n");
}
-#if IP_WILDCARDS
code = addWildCards(tt, alist, ntohl(ahost));
-#endif /* IP_WILDCARDS */
bad:
if (code != PRSUCCESS)
ABORT_WITH(tt, code);
afs_int32
-SPR_ListMax(call, uid, gid)
- struct rx_call *call;
- afs_int32 *uid;
- afs_int32 *gid;
+SPR_ListMax(struct rx_call *call, afs_int32 *uid, afs_int32 *gid)
{
afs_int32 code;
+ afs_int32 cid = ANONYMOUSID;
- code = listMax(call, uid, gid);
+ code = listMax(call, uid, gid, &cid);
osi_auditU(call, PTS_LstMaxEvent, code, AUD_END);
- ViceLog(125, ("PTS_ListMax: code %d", code));
+ ViceLog(125, ("PTS_ListMax: code %d\n", code));
return code;
}
afs_int32
-listMax(call, uid, gid)
- struct rx_call *call;
- afs_int32 *uid;
- afs_int32 *gid;
+listMax(struct rx_call *call, afs_int32 *uid, afs_int32 *gid, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
+
+ code = WhoIsThis(call, tt, cid);
if (code)
- ABORT_WITH(tt, code);
+ ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
code = GetMax(tt, uid, gid);
if (code != PRSUCCESS)
}
afs_int32
-SPR_SetMax(call, aid, gflag)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 gflag;
+SPR_SetMax(struct rx_call *call, afs_int32 aid, afs_int32 gflag)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = setMax(call, aid, gflag, &cid);
osi_auditU(call, PTS_SetMaxEvent, code, AUD_ID, aid, AUD_LONG, gflag,
AUD_END);
- ViceLog(125, ("PTS_SetMax: code %d cid %d aid %d gflag %d", code, cid, aid, gflag));
+ ViceLog(125, ("PTS_SetMax: code %d cid %d aid %d gflag %d\n", code, cid, aid, gflag));
return code;
}
-afs_int32
-setMax(call, aid, gflag, cid)
- struct rx_call *call;
- afs_int32 aid;
- afs_int32 gflag;
- afs_int32 *cid;
+static afs_int32
+setMax(struct rx_call *call, afs_int32 aid, afs_int32 gflag, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
}
afs_int32
-SPR_ListEntry(call, aid, aentry)
- struct rx_call *call;
- afs_int32 aid;
- struct prcheckentry *aentry;
+SPR_ListEntry(struct rx_call *call, afs_int32 aid, struct prcheckentry *aentry)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = listEntry(call, aid, aentry, &cid);
osi_auditU(call, PTS_LstEntEvent, code, AUD_ID, aid, AUD_END);
- ViceLog(125, ("PTS_ListEntry: code %d cid %d aid %d", code, cid, aid));
+ ViceLog(125, ("PTS_ListEntry: code %d cid %d aid %d\n", code, cid, aid));
return code;
}
-afs_int32
-listEntry(call, aid, aentry, cid)
- struct rx_call *call;
- afs_int32 aid;
- struct prcheckentry *aentry;
- afs_int32 *cid;
+static afs_int32
+listEntry(struct rx_call *call, afs_int32 aid, struct prcheckentry *aentry,
+ afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 temp;
struct prentry tentry;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
temp = FindByID(tt, aid);
if (!temp)
ABORT_WITH(tt, PRNOENT);
}
afs_int32
-SPR_ListEntries(call, flag, startindex, bulkentries, nextstartindex)
- struct rx_call *call;
- afs_int32 flag;
- afs_int32 startindex;
- prentries *bulkentries;
- afs_int32 *nextstartindex;
+SPR_ListEntries(struct rx_call *call, afs_int32 flag, afs_int32 startindex,
+ prentries *bulkentries, afs_int32 *nextstartindex)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = listEntries(call, flag, startindex, bulkentries, nextstartindex, &cid);
osi_auditU(call, PTS_LstEntsEvent, code, AUD_LONG, flag, AUD_END);
- ViceLog(125, ("PTS_ListEntries: code %d cid %d flag %d", code, cid, flag));
+ ViceLog(125, ("PTS_ListEntries: code %d cid %d flag %d\n", code, cid, flag));
return code;
}
-afs_int32
-listEntries(call, flag, startindex, bulkentries, nextstartindex, cid)
- struct rx_call *call;
- afs_int32 flag;
- afs_int32 startindex;
- prentries *bulkentries;
- afs_int32 *nextstartindex;
- afs_int32 *cid;
+#define PR_MAXENTRIES 500
+static afs_int32
+listEntries(struct rx_call *call, afs_int32 flag, afs_int32 startindex,
+ prentries *bulkentries, afs_int32 *nextstartindex, afs_int32 *cid)
{
afs_int32 code;
struct ubik_trans *tt;
bulkentries->prentries_val = 0;
bulkentries->prentries_len = 0;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
/* Make sure we are an authenticated caller and that we are on the
* SYSADMIN list.
eof = ntohl(cheader.eofPtr) - sizeof(cheader);
maxentries = eof / sizeof(struct prentry);
+
+ bulkentries->prentries_val = calloc(PR_MAXENTRIES,
+ sizeof(bulkentries->prentries_val[0]));
+ if (!bulkentries->prentries_val)
+ ABORT_WITH(tt, PRNOMEM);
+
for (i = startindex; i < maxentries; i++) {
pos = i * sizeof(struct prentry) + sizeof(cheader);
code = pr_ReadEntry(tt, 0, pos, &tentry);
f = (tentry.flags & PRTYPE);
if (((flag & PRUSERS) && (f == 0)) || /* User entry */
((flag & PRGROUPS) && (f & PRGRP))) { /* Group entry */
- code = put_prentries(&tentry, bulkentries);
- if (code == -1)
- break; /* Filled return array */
- if (code)
- goto done;
+ put_prentries(&tentry, bulkentries);
+ if (bulkentries->prentries_len >= PR_MAXENTRIES)
+ break;
}
}
code = 0;
return PRSUCCESS;
}
-#define PR_MAXENTRIES 500
-afs_int32
-put_prentries(tentry, bulkentries)
- struct prentry *tentry;
- prentries *bulkentries;
+static void
+put_prentries(struct prentry *tentry, prentries *bulkentries)
{
struct prlistentries *entry;
- if (bulkentries->prentries_val == 0) {
- bulkentries->prentries_len = 0;
- bulkentries->prentries_val =
- (struct prlistentries *)malloc(PR_MAXENTRIES *
- sizeof(struct prentry));
- if (!bulkentries->prentries_val) {
- return (PRNOMEM);
- }
- }
-
- if (bulkentries->prentries_len >= PR_MAXENTRIES) {
- return (-1);
- }
-
- entry = (struct prlistentries *)bulkentries->prentries_val;
+ entry = bulkentries->prentries_val;
entry += bulkentries->prentries_len;
entry->flags = tentry->flags >> PRIVATE_SHIFT;
entry->nusers = tentry->nusers;
entry->count = tentry->count;
strncpy(entry->name, tentry->name, PR_MAXNAMELEN);
- memset(entry->reserved, 0, sizeof(entry->reserved));
bulkentries->prentries_len++;
- return 0;
}
afs_int32
-SPR_ChangeEntry(call, aid, name, oid, newid)
- struct rx_call *call;
- afs_int32 aid;
- char *name;
- afs_int32 oid;
- afs_int32 newid;
+SPR_ChangeEntry(struct rx_call *call, afs_int32 aid, char *name, afs_int32 oid,
+ afs_int32 newid)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = changeEntry(call, aid, name, oid, newid, &cid);
osi_auditU(call, PTS_ChgEntEvent, code, AUD_ID, aid, AUD_STR, name,
AUD_LONG, oid, AUD_LONG, newid, AUD_END);
- ViceLog(5, ("PTS_ChangeEntry: code %d cid %d aid %d name %s oid %d newid %d", code, cid, aid, name, oid, newid));
+ ViceLog(5, ("PTS_ChangeEntry: code %d cid %d aid %d name %s oid %d newid %d\n", code, cid, aid, name, oid, newid));
return code;
}
-afs_int32
-changeEntry(call, aid, name, oid, newid, cid)
- struct rx_call *call;
- afs_int32 aid;
- char *name;
- afs_int32 oid;
- afs_int32 newid;
- afs_int32 *cid;
+static afs_int32
+changeEntry(struct rx_call *call, afs_int32 aid, char *name, afs_int32 oid,
+ afs_int32 newid, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 pos;
return PRPERM;
stolower(name);
- code = Initdb();
- if (code)
- return code;
if (aid == ANYUSERID || aid == AUTHUSERID || aid == ANONYMOUSID
|| aid == SYSADMINID)
return PRPERM;
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
}
afs_int32
-SPR_SetFieldsEntry(call, id, mask, flags, ngroups, nusers, spare1, spare2)
- struct rx_call *call;
- afs_int32 id;
- afs_int32 mask; /* specify which fields to update */
- afs_int32 flags, ngroups, nusers;
- afs_int32 spare1, spare2;
+SPR_SetFieldsEntry(struct rx_call *call,
+ afs_int32 id,
+ afs_int32 mask, /* specify which fields to update */
+ afs_int32 flags, afs_int32 ngroups, afs_int32 nusers,
+ afs_int32 spare1, afs_int32 spare2)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
setFieldsEntry(call, id, mask, flags, ngroups, nusers, spare1,
spare2, &cid);
osi_auditU(call, PTS_SetFldEntEvent, code, AUD_ID, id, AUD_END);
- ViceLog(5, ("PTS_SetFieldsEntry: code %d cid %d id %d", code, cid, id));
+ ViceLog(5, ("PTS_SetFieldsEntry: code %d cid %d id %d\n", code, cid, id));
return code;
}
-afs_int32
-setFieldsEntry(call, id, mask, flags, ngroups, nusers, spare1, spare2, cid)
- struct rx_call *call;
- afs_int32 id;
- afs_int32 mask; /* specify which fields to update */
- afs_int32 flags, ngroups, nusers;
- afs_int32 spare1, spare2;
- afs_int32 *cid;
+static afs_int32
+setFieldsEntry(struct rx_call *call,
+ afs_int32 id,
+ afs_int32 mask, /* specify which fields to update */
+ afs_int32 flags, afs_int32 ngroups, afs_int32 nusers,
+ afs_int32 spare1, afs_int32 spare2, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 pos;
struct prentry tentry;
if (mask == 0)
return 0; /* no-op */
- code = Initdb();
- if (code)
- return code;
+
if (id == ANYUSERID || id == AUTHUSERID || id == ANONYMOUSID)
return PRPERM;
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTrans(dbase, UBIK_WRITETRANS, &tt);
+
+ code = WritePreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKWRITE);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
}
afs_int32
-SPR_ListElements(call, aid, alist, over)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *over;
+SPR_ListElements(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *over)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = listElements(call, aid, alist, over, &cid);
osi_auditU(call, PTS_LstEleEvent, code, AUD_ID, aid, AUD_END);
- ViceLog(125, ("PTS_ListElements: code %d cid %d aid %d", code, cid, aid));
+ ViceLog(125, ("PTS_ListElements: code %d cid %d aid %d\n", code, cid, aid));
return code;
}
-afs_int32
-listElements(call, aid, alist, over, cid)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *over;
- afs_int32 *cid;
+static afs_int32
+listElements(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *over, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 temp;
struct prentry tentry;
alist->prlist_len = 0;
alist->prlist_val = NULL;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
afs_int32
-SPR_ListSuperGroups(call, aid, alist, over)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *over;
+SPR_ListSuperGroups(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *over)
{
#if defined(SUPERGROUPS)
afs_int32 code;
code = listSuperGroups(call, aid, alist, over, &cid);
osi_auditU(call, PTS_LstSGrps, code, AUD_ID, aid, AUD_END);
- ViceLog(125, ("PTS_ListSuperGroups: code %d cid %d aid %d", code, cid, aid));
+ ViceLog(125, ("PTS_ListSuperGroups: code %d cid %d aid %d\n", code, cid, aid));
return code;
#else
return RXGEN_OPCODE;
}
#if defined(SUPERGROUPS)
-afs_int32
-listSuperGroups(call, aid, alist, over, cid)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *over;
- afs_int32 *cid;
+static afs_int32
+listSuperGroups(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *over, afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
afs_int32 temp;
struct prentry tentry;
alist->prlist_len = 0;
alist->prlist_val = (afs_int32 *) 0;
- code = Initdb();
- if (code != PRSUCCESS)
- goto done;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
- if (code)
- goto done;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
+ code = ReadPreamble(&tt);
if (code)
- ABORT_WITH(tt, code);
+ return code;
+
code = WhoIsThis(call, tt, cid);
if (code)
ABORT_WITH(tt, PRPERM);
+ if (!pr_noAuth && restrict_anonymous && *cid == ANONYMOUSID)
+ ABORT_WITH(tt, PRPERM);
temp = FindByID(tt, aid);
if (!temp)
code = ubik_EndTrans(tt);
- done:
return code;
}
#endif /* SUPERGROUPS */
-/*
+/*
* SPR_ListOwned
* List the entries owned by this id. If the id is zero,
* return the orphans list. This will return up to PR_MAXGROUPS
* maximum value is enforced in GetOwnedChain().
*/
afs_int32
-SPR_ListOwned(call, aid, alist, lastP)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *lastP;
+SPR_ListOwned(struct rx_call *call, afs_int32 aid, prlist *alist,
+ afs_int32 *lastP)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = listOwned(call, aid, alist, lastP, &cid);
osi_auditU(call, PTS_LstOwnEvent, code, AUD_ID, aid, AUD_END);
- ViceLog(125, ("PTS_ListOwned: code %d cid %d aid %d", code, cid, aid));
+ ViceLog(125, ("PTS_ListOwned: code %d cid %d aid %d\n", code, cid, aid));
return code;
}
afs_int32
-listOwned(call, aid, alist, lastP, cid)
- struct rx_call *call;
- afs_int32 aid;
- prlist *alist;
- afs_int32 *lastP;
- afs_int32 *cid;
+listOwned(struct rx_call *call, afs_int32 aid, prlist *alist, afs_int32 *lastP,
+ afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
struct prentry tentry;
afs_int32 head = 0;
start = *lastP;
*lastP = 0;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
code = WhoIsThis(call, tt, cid);
if (code)
}
afs_int32
-SPR_IsAMemberOf(call, uid, gid, flag)
- struct rx_call *call;
- afs_int32 uid;
- afs_int32 gid;
- afs_int32 *flag;
+SPR_IsAMemberOf(struct rx_call *call, afs_int32 uid, afs_int32 gid,
+ afs_int32 *flag)
{
afs_int32 code;
afs_int32 cid = ANONYMOUSID;
code = isAMemberOf(call, uid, gid, flag, &cid);
osi_auditU(call, PTS_IsMemOfEvent, code, AUD_LONG, uid, AUD_LONG, gid,
AUD_END);
- ViceLog(125, ("PTS_IsAMemberOf: code %d cid %d uid %d gid %d", code, cid, uid, gid));
+ ViceLog(125, ("PTS_IsAMemberOf: code %d cid %d uid %d gid %d\n", code, cid, uid, gid));
return code;
}
-afs_int32
-isAMemberOf(call, uid, gid, flag, cid)
- struct rx_call *call;
- afs_int32 uid;
- afs_int32 gid;
- afs_int32 *flag;
- afs_int32 *cid;
+static afs_int32
+isAMemberOf(struct rx_call *call, afs_int32 uid, afs_int32 gid, afs_int32 *flag,
+ afs_int32 *cid)
{
- register afs_int32 code;
+ afs_int32 code;
struct ubik_trans *tt;
- code = Initdb();
- if (code != PRSUCCESS)
- return code;
- code = ubik_BeginTransReadAny(dbase, UBIK_READTRANS, &tt);
+ code = ReadPreamble(&tt);
if (code)
return code;
- code = ubik_SetLock(tt, 1, 1, LOCKREAD);
- if (code)
- ABORT_WITH(tt, code);
- code = read_DbHeader(tt);
- if (code)
- ABORT_WITH(tt, code);
{
afs_int32 uloc = FindByID(tt, uid);
return code;
}
-#if IP_WILDCARDS
-afs_int32
-addWildCards(tt, alist, host)
- struct ubik_trans *tt;
- prlist *alist;
- afs_int32 host;
+static afs_int32
+addWildCards(struct ubik_trans *tt, prlist *alist, afs_uint32 host)
{
afs_int32 temp;
struct prentry tentry;
afs_int32 hostid;
int size = 0, i, code;
int added = 0;
+ char hoststr[16];
while ((host = (host & wild))) {
wild = htonl(ntohl(wild) << 8);
iaddr.s_addr = host;
- code = NameToID(tt, inet_ntoa(iaddr), &hostid);
+ code = NameToID(tt, afs_inet_ntoa_r(iaddr.s_addr, hoststr), &hostid);
if (code == PRSUCCESS && hostid != 0) {
temp = FindByID(tt, hostid);
if (temp) {
qsort(alist->prlist_val, alist->prlist_len, sizeof(afs_int32), IDCmp);
return 0;
}
-#endif /* IP_WILDCARDS */
-afs_int32
-WhoIsThisWithName(acall, at, aid, aname)
- struct rx_call *acall;
- struct ubik_trans *at;
- afs_int32 *aid;
- char *aname;
+static afs_int32
+WhoIsThisWithName(struct rx_call *acall, struct ubik_trans *at, afs_int32 *aid,
+ char *aname)
{
+ afs_int32 islocal = 1;
/* aid is set to the identity of the caller, if known, else ANONYMOUSID */
/* returns -1 and sets aid to ANONYMOUSID on any failure */
- register struct rx_connection *tconn;
- register afs_int32 code;
+ struct rx_connection *tconn;
+ afs_int32 code;
char tcell[MAXKTCREALMLEN];
char name[MAXKTCNAMELEN];
char inst[MAXKTCNAMELEN];
*aid = ANONYMOUSID;
tconn = rx_ConnectionOf(acall);
code = rx_SecurityClassOf(tconn);
- if (code == 0)
+ if (code == RX_SECIDX_NULL)
return 0;
- else if (code == 1) { /* vab class */
+ else if (code == RX_SECIDX_VAB) {
goto done; /* no longer supported */
- } else if (code == 2) { /* kad class */
-
- int clen;
-
- if ((code = rxkad_GetServerInfo(acall->conn, NULL, 0 /*was &exp */ ,
+ } else if (code == RX_SECIDX_KAD) {
+ if ((code = rxkad_GetServerInfo(rx_ConnectionOf(acall), NULL, NULL,
name, inst, tcell, NULL)))
goto done;
-
+ if (tcell[0]) {
+ code = afsconf_IsLocalRealmMatch(prdir, &islocal, name, inst, tcell);
+ if (code)
+ goto done;
+ }
strncpy(vname, name, sizeof(vname));
if ((ilen = strlen(inst))) {
if (strlen(vname) + 1 + ilen >= sizeof(vname))
strcat(vname, ".");
strcat(vname, inst);
}
- if ((clen = strlen(tcell))) {
- int foreign = afs_is_foreign_ticket_name(name,inst,tcell,pr_realmName);
-
- if (foreign) {
- if (strlen(vname) + 1 + clen >= sizeof(vname))
- goto done;
- strcat(vname, "@");
- strcat(vname, tcell);
- lcstring(vname, vname, sizeof(vname));
- code = NameToID(at, vname, aid);
+ if (!islocal) {
+ if (strlen(vname) + strlen(tcell) + 1 >= sizeof(vname))
+ goto done;
+ strcat(vname, "@");
+ strcat(vname, tcell);
+ lcstring(vname, vname, sizeof(vname));
+ NameToID(at, vname, aid);
+ if (aname)
strcpy(aname, vname);
- return 2;
- }
+ return 2;
}
if (strcmp(AUTH_SUPERUSER, vname) == 0)
lcstring(vname, vname, sizeof(vname));
code = NameToID(at, vname, aid);
}
+
+ } else {
+ /* If we reached here, we don't understand the security class of the
+ * given call. But if the calling user is RX_ID_SUPERUSER, we can check
+ * that without even needing to understand the security class. Remember
+ * to only check for RX_ID_SUPERUSER specifically; we do not use
+ * SYSADMINID for other admins. */
+ int is_super;
+ struct rx_identity *id = NULL;
+ is_super = afsconf_SuperIdentity(prdir, acall, &id);
+ if (is_super && id->kind == RX_ID_SUPERUSER) {
+ *aid = SYSADMINID;
+ code = 0;
+ } else {
+ code = -1;
+ }
+ if (id != NULL) {
+ rx_identity_free(&id);
+ }
}
done:
if (code && !pr_noAuth)
git://git.openafs.org / openafs.git / blobdiff