/*
* Copyright 2000, International Business Machines Corporation and others.
* All Rights Reserved.
- *
+ *
* This software has been released under the terms of the IBM Public
* License. For details, see the LICENSE file in the top-level source
* directory or online at http://www.openafs.org/dl/license10.html
*/
-#if defined(UKERNEL)
-#include "../afs/param.h"
-#else
-#include <afs/param.h>
-#endif
#include <afsconfig.h>
-
-RCSID("$Header$");
-
-#if defined(UKERNEL)
-#include "../afs/sysincludes.h"
-#include "../afs/afs_usrops.h"
-#include "../afs/afsincludes.h"
-#include "../afs/stds.h"
-#include "../rx/rx.h"
-#include "../rx/xdr.h"
-#include "../rx/rxkad.h"
-#include "../afs/auth.h"
-#include "../afs/cellconfig.h"
-#include "../afs/afsutil.h"
-#include "../afs/ptclient.h"
-#include "../afs/pterror.h"
-#else /* defined(UKERNEL) */
+#include <afs/param.h>
#include <afs/stds.h>
-#include <ctype.h>
-#include <sys/types.h>
-#ifdef AFS_NT40_ENV
-#include <winsock2.h>
-#else
-#include <netinet/in.h>
-#endif
-#include <stdio.h>
+
+#include <roken.h>
+#include <afs/opr.h>
+
#include <rx/rx.h>
#include <rx/xdr.h>
-#include <rx/rxkad.h>
#include <afs/auth.h>
#include <afs/cellconfig.h>
#include <afs/afsutil.h>
+#include <afs/com_err.h>
+#include <rx/rxgk_int.h>
+
#include "ptclient.h"
+#include "ptuser.h"
#include "pterror.h"
-#endif /* defined(UKERNEL) */
-
struct ubik_client *pruclient = 0;
-static afs_int32 lastLevel; /* security level pruclient, if any */
+static afs_int32 lastLevel; /* security level pruclient, if any */
static char *whoami = "libprot";
-afs_int32 pr_Initialize (secLevel, confDir, cell)
- IN afs_int32 secLevel;
- IN char *confDir;
- IN char *cell;
+
+#define ID_HASH_SIZE 1024
+#define ID_STACK_SIZE 1024
+
+/**
+ * Hash table chain of user and group ids.
+ */
+struct idchain {
+ struct idchain *next;
+ afs_int32 id;
+};
+
+/**
+ * Hash table of user and group ids.
+ */
+struct idhash {
+ afs_uint32 userEntries; /**< number of user id entries hashed */
+ afs_uint32 groupEntries; /**< number of group id entries hashed */
+ struct idchain *hash[ID_HASH_SIZE];
+};
+
+/**
+ * Allocate a new id hash table.
+ */
+static afs_int32
+AllocateIdHash(struct idhash **aidhash)
+{
+ struct idhash *idhash;
+
+ idhash = calloc(1, sizeof(struct idhash));
+ if (!idhash) {
+ return ENOMEM;
+ }
+ *aidhash = idhash;
+ return 0;
+}
+
+/**
+ * Free the id hash.
+ */
+static void
+FreeIdHash(struct idhash *idhash)
+{
+ int index;
+ struct idchain *chain;
+ struct idchain *next;
+
+ for (index = 0; index < ID_HASH_SIZE; index++) {
+ for (chain = idhash->hash[index]; chain; chain = next) {
+ next = chain->next;
+ free(chain);
+ }
+ }
+ free(idhash);
+}
+
+/**
+ * Indicate if group/user id is already hashed, and
+ * if not insert it.
+ *
+ * @returns whether id is present
+ * @retval >0 id is already present in the hash
+ * @retval 0 id was not found and was inserted into the hash
+ * @retval <0 error encountered
+ */
+static afs_int32
+FindId(struct idhash *idhash, afs_int32 id)
+{
+ afs_int32 index;
+ struct idchain *chain;
+ struct idchain *newChain;
+
+ index = abs(id) % ID_HASH_SIZE;
+ for (chain = idhash->hash[index]; chain; chain = chain->next) {
+ if (chain->id == id) {
+ return 1;
+ }
+ }
+
+ /* Insert this id but return not found. */
+ newChain = malloc(sizeof(struct idchain));
+ if (!newChain) {
+ return ENOMEM;
+ } else {
+ newChain->id = id;
+ newChain->next = idhash->hash[index];
+ idhash->hash[index] = newChain;
+ if (id < 0) {
+ idhash->groupEntries++;
+ } else {
+ idhash->userEntries++;
+ }
+ }
+ return 0;
+}
+
+/**
+ * Create an idlist from the ids in the hash.
+ */
+static afs_int32
+CreateIdList(struct idhash *idhash, idlist * alist, afs_int32 select)
+{
+ struct idchain *chain;
+ afs_int32 entries = 0;
+ int index;
+ int i;
+
+ if (select & PRGROUPS) {
+ entries += idhash->groupEntries;
+ }
+ if (select & PRUSERS) {
+ entries += idhash->userEntries;
+ }
+ if (entries == 0) {
+ alist->idlist_len = 0;
+ alist->idlist_val = NULL;
+ return 0;
+ }
+
+ alist->idlist_len = entries;
+ alist->idlist_val = malloc(sizeof(afs_int32) * entries);
+ if (!alist->idlist_val) {
+ return ENOMEM;
+ }
+
+ for (i = 0, index = 0; index < ID_HASH_SIZE; index++) {
+ for (chain = idhash->hash[index]; chain; chain = chain->next) {
+ if (chain->id < 0) {
+ if (select & PRGROUPS) {
+ alist->idlist_val[i++] = chain->id;
+ }
+ } else {
+ if (select & PRUSERS) {
+ alist->idlist_val[i++] = chain->id;
+ }
+ }
+ }
+ }
+ return 0;
+}
+
+afs_int32
+pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
+{
+ return pr_Initialize2(secLevel, confDir, cell, RXGK_LEVEL_BOGUS);
+}
+
+afs_int32
+pr_Initialize2(IN afs_int32 secLevel, IN const char *confDir, IN char *cell,
+ int rxgk_level)
{
afs_int32 code;
struct rx_connection *serverconns[MAXSERVERS];
- struct rx_securityClass *sc[3];
- static struct afsconf_dir *tdir = 0; /* only do this once */
- static char tconfDir[100];
- struct ktc_token ttoken;
+ struct rx_securityClass *sc = NULL;
+ static struct afsconf_dir *tdir = NULL; /* only do this once */
+ static char tconfDir[100] = "";
+ static char tcell[64] = "";
afs_int32 scIndex;
+ afs_int32 secFlags;
static struct afsconf_cell info;
afs_int32 i;
char cellstr[64];
+ afs_int32 gottdir = 0;
+ afs_int32 refresh = 0;
+ int use_rxgk = 0;
+
+ initialize_PT_error_table();
+ initialize_RXK_error_table();
+ initialize_ACFG_error_table();
+ initialize_KTC_error_table();
+
+ if (!cell) {
+ if (!tdir)
+ tdir = afsconf_Open(confDir);
+ if (!tdir) {
+ if (confDir && strcmp(confDir, ""))
+ fprintf(stderr,
+ "%s: Could not open configuration directory: %s.\n",
+ whoami, confDir);
+ else
+ fprintf(stderr,
+ "%s: No configuration directory specified.\n",
+ whoami);
+ return -1;
+ }
+ gottdir = 1;
+
+ code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
+ if (code) {
+ fprintf(stderr,
+ "libprot: Could not get local cell. [%d]\n", code);
+ return code;
+ }
+ cell = cellstr;
+ }
- initialize_pt_error_table();
- initialize_rxk_error_table();
- initialize_acfg_error_table();
- initialize_ktc_error_table();
-/*
- initialize_lwp_error_table();
- initialize_rx_error_table();
-*/
-
- if (strcmp(confDir, tconfDir)) {
+ if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
/*
- * Different conf dir; force re-evaluation.
+ * force re-evaluation. we either don't have an afsconf_dir,
+ * the directory has changed or the cell has changed.
*/
- tdir = (struct afsconf_dir *)0;
- pruclient = (struct ubik_client *)0;
+ if (tdir && !gottdir) {
+ afsconf_Close(tdir);
+ tdir = NULL;
+ }
+ pruclient = NULL;
+ refresh = 1;
}
- if (tdir == 0) {
+
+ if (refresh) {
strncpy(tconfDir, confDir, sizeof(tconfDir));
-#if defined(UKERNEL)
- tdir = afs_cdir;
- if (!cell) {
- cell = afs_LclCellName;
- }
-#else /* defined(UKERNEL) */
- tdir = afsconf_Open(confDir);
+ strncpy(tcell, cell, sizeof(tcell));
+
+ if (!gottdir)
+ tdir = afsconf_Open(confDir);
if (!tdir) {
- fprintf(stderr,
- "libprot: Could not open configuration directory: %s.\n",
- confDir);
+ if (confDir && strcmp(confDir, ""))
+ fprintf(stderr,
+ "libprot: Could not open configuration directory: %s.\n",
+ confDir);
+ else
+ fprintf(stderr,
+ "libprot: No configuration directory specified.\n");
return -1;
}
- if (!cell) {
- code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
- if (code) {
- fprintf(stderr,
- "vos: can't get local cell name - check %s/%s\n",
- confDir, AFSDIR_THISCELL_FILE);
- exit(1);
- }
- cell = cellstr;
- }
-#endif /* defined(UKERNEL) */
-
- code = afsconf_GetCellInfo(tdir,cell,"afsprot",&info);
+ code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
if (code) {
- fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
- cell, confDir, AFSDIR_CELLSERVDB_FILE);
+ fprintf(stderr, "libprot: Could not locate cell %s in %s\n",
+ cell, tdir->cellservDB);
return code;
}
}
* want, don't get a new one. Unless the security level is 2 in
* which case we will get one (and re-read the key file).
*/
- if (pruclient && (lastLevel == secLevel) && (secLevel != 2))
- return 0;
-
+ if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
+ return 0;
+ }
+
code = rx_Init(0);
if (code) {
- fprintf(stderr,"libprot: Could not initialize rx.\n");
+ fprintf(stderr, "libprot: Could not initialize rx.\n");
return code;
}
- scIndex = secLevel;
- sc[0] = 0;
- sc[1] = 0;
- sc[2] = 0;
+ switch (rxgk_level) {
+ case RXGK_LEVEL_CLEAR:
+ case RXGK_LEVEL_AUTH:
+ case RXGK_LEVEL_CRYPT:
+ use_rxgk = 1;
+ if (secLevel != 2) {
+ fprintf(stderr, "libprot: Cannot use rxgk with non-localauth right now\n");
+ return EINVAL;
+ }
+ }
+
/* Most callers use secLevel==1, however, the fileserver uses secLevel==2
* to force use of the KeyFile. secLevel == 0 implies -noauth was
* specified. */
- if ((secLevel == 2) && (afsconf_GetLatestKey (tdir, 0,0) == 0)) {
+ if (use_rxgk) {
+ switch (rxgk_level) {
+ case RXGK_LEVEL_CLEAR: code = afsconf_ClientAuthRXGKClear(tdir, &sc, &scIndex);
+ break;
+ case RXGK_LEVEL_AUTH: code = afsconf_ClientAuthRXGKAuth(tdir, &sc, &scIndex);
+ break;
+ case RXGK_LEVEL_CRYPT: code = afsconf_ClientAuthRXGKCrypt(tdir, &sc, &scIndex);
+ }
+ if (code)
+ afs_com_err(whoami, code, "(calling client rxgk)");
+ } else if (secLevel == 2) {
/* If secLevel is two assume we're on a file server and use
- * ClientAuthSecure if possible. */
- code = afsconf_ClientAuthSecure (tdir, &sc[2], &scIndex);
- if (code) scIndex = 0; /* use noauth */
- if (scIndex != 2)
- /* if there was a problem, an unauthenticated conn is returned */
- sc[scIndex] = sc[2];
- }
- else if (secLevel > 0) {
- struct ktc_principal sname;
- strcpy(sname.cell,info.name);
- sname.instance[0] = 0;
- strcpy(sname.name, "afs");
- code = ktc_GetToken(&sname,&ttoken, sizeof(ttoken), (char *)0);
- if (code) scIndex = 0;
- else {
- if (ttoken.kvno >= 0 && ttoken.kvno <= 255)
- /* this is a kerberos ticket, set scIndex accordingly */
- scIndex = 2;
- else {
- fprintf (stderr,
- "libprot: funny kvno (%d) in ticket, proceeding\n",
- ttoken.kvno);
- scIndex = 2;
- }
- sc[2] = (struct rx_securityClass *) rxkad_NewClientSecurityObject
- (rxkad_clear, &ttoken.sessionKey, ttoken.kvno,
- ttoken.ticketLen, ttoken.ticket);
+ * ClientAuthSecure if possible. */
+ code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
+ if (code)
+ afs_com_err(whoami, code, "(calling client secure)\n");
+ } else if (secLevel > 0) {
+ secFlags = 0;
+ if (secLevel > 1)
+ secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
+
+ code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
+ if (code) {
+ afs_com_err(whoami, code, "(getting token)");
+ if (secLevel > 1)
+ return code;
}
}
- if (scIndex == 1) return PRBADARG;
- if ((scIndex == 0) && (sc[0] == 0))
- sc[0] = (struct rx_securityClass *) rxnull_NewClientSecurityObject();
- if ((scIndex == 0) && (secLevel != 0))
- com_err (whoami, code,
- "Could not get afs tokens, running unauthenticated.");
- bzero (serverconns, sizeof(serverconns)); /* terminate list!!! */
- for (i = 0;i<info.numServers;i++)
- serverconns[i] = rx_NewConnection
- (info.hostAddr[i].sin_addr.s_addr, info.hostAddr[i].sin_port,
- PRSRV, sc[scIndex], scIndex);
+ if (sc == NULL) {
+ sc = rxnull_NewClientSecurityObject();
+ scIndex = RX_SECIDX_NULL;
+ }
+
+ if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0))
+ fprintf(stderr,
+ "%s: Could not get afs tokens, running unauthenticated\n",
+ whoami);
+
+ memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
+ for (i = 0; i < info.numServers; i++)
+ serverconns[i] =
+ rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
+ info.hostAddr[i].sin_port, PRSRV, sc,
+ scIndex);
code = ubik_ClientInit(serverconns, &pruclient);
if (code) {
- com_err (whoami, code, "ubik client init failed.");
+ afs_com_err(whoami, code, "ubik client init failed.");
return code;
}
lastLevel = scIndex;
- code = rxs_Release (sc[scIndex]);
+ code = rxs_Release(sc);
return code;
}
-
-pr_End()
+int
+pr_End(void)
{
- int code = 0;
+ int code = 0;
if (pruclient) {
- code = ubik_ClientDestroy (pruclient);
+ code = ubik_ClientDestroy(pruclient);
pruclient = 0;
}
- return code;
+ return code;
}
+/*
+ * Make sure that arg is a proper C string that fits in a prname.
+ * If strnlen(arg, PR_MAXNAMELEN) == PR_MAXNAMELEN, then arg either
+ * doesn't have a terminating NUL or is too long, and we can't tell
+ * which one in the current API. This code has always assumed that
+ * the names presented to it are valid C strings, but for robustness
+ * we can't depend on the server side guaranteeing that. Unfortunately,
+ * the wire protocol uses a vector[PR_MAXNAMELEN] of char, so XDR will
+ * not automatically fix up strings generated by the server.
+ *
+ * The inequality is just belt-and-suspenders and should be impossible.
+ */
+static_inline int check_length(prname arg)
+{
+ if (strnlen(arg, PR_MAXNAMELEN) >= PR_MAXNAMELEN)
+ return PRNAMETOOLONG;
+ return 0;
+}
-
-pr_CreateUser(name,id)
-char name[PR_MAXNAMELEN];
-afs_int32 *id;
+int
+pr_CreateUser(prname name, afs_int32 *id)
{
- register afs_int32 code;
+ afs_int32 code;
+ code = check_length(name);
+ if (code)
+ return code;
stolower(name);
if (*id) {
- code = ubik_Call(PR_INewEntry,pruclient,0,name,*id,0);
- return code;
+ code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
+ } else {
+ code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
}
- else {
- code = ubik_Call(PR_NewEntry, pruclient, 0, name,0,0,id);
- return code;
- }
-
+ return code;
}
-pr_CreateGroup(name,owner, id)
-char name[PR_MAXNAMELEN];
-char owner[PR_MAXNAMELEN];
-afs_int32 *id;
+int
+pr_CreateGroup(prname name, prname owner, afs_int32 *id)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 oid = 0;
afs_int32 flags = 0;
-
+
+ code = check_length(name);
+ if (code)
+ return code;
+ /* pr_SNameToId will check owner's length. */
stolower(name);
if (owner) {
- code = pr_SNameToId(owner,&oid);
- if (code) return code;
- if (oid == ANONYMOUSID) return PRNOENT;
+ code = pr_SNameToId(owner, &oid);
+ if (code)
+ return code;
+ if (oid == ANONYMOUSID)
+ return PRNOENT;
}
flags |= PRGRP;
if (*id) {
- code = ubik_Call(PR_INewEntry,pruclient,0,name,*id,oid);
- return code;
- }
- else {
- code = ubik_Call(PR_NewEntry,pruclient, 0, name,flags,oid,id);
- return code;
+ code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
+ } else {
+ code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
}
+ return code;
}
-pr_Delete(name)
-char *name;
+int
+pr_Delete(prname name)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 id;
-
- stolower(name);
- code = pr_SNameToId(name,&id);
- if (code) return code;
- if (id == ANONYMOUSID) return PRNOENT;
- code = ubik_Call(PR_Delete,pruclient,0,id);
+
+ /* pr_SNameToId both checks the length of name and lowercases it. */
+ code = pr_SNameToId(name, &id);
+ if (code)
+ return code;
+ if (id == ANONYMOUSID)
+ return PRNOENT;
+ code = ubik_PR_Delete(pruclient, 0, id);
return code;
}
-pr_DeleteByID(id)
-afs_int32 id;
+int
+pr_DeleteByID(afs_int32 id)
{
- register afs_int32 code;
+ afs_int32 code;
- code = ubik_Call(PR_Delete,pruclient,0,id);
+ code = ubik_PR_Delete(pruclient, 0, id);
return code;
}
-pr_AddToGroup(user,group)
-char *user;
-char *group;
+int
+pr_AddToGroup(prname user, prname group)
{
- register afs_int32 code;
+ afs_int32 code;
namelist lnames;
idlist lids;
+ code = check_length(user);
+ if (code)
+ return code;
+ code = check_length(group);
+ if (code)
+ return code;
lnames.namelist_len = 2;
- lnames.namelist_val = (prname *)malloc(2*PR_MAXNAMELEN);
- strncpy(lnames.namelist_val[0],user,PR_MAXNAMELEN);
- strncpy(lnames.namelist_val[1],group,PR_MAXNAMELEN);
+ lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
+ strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
+ strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
lids.idlist_val = 0;
lids.idlist_len = 0;
- code = pr_NameToId(&lnames,&lids);
- if (code) goto done;
+ code = pr_NameToId(&lnames, &lids);
+ if (code)
+ goto done;
/* if here, still could be missing an entry */
- if (lids.idlist_val[0] == ANONYMOUSID || lids.idlist_val[1] == ANONYMOUSID) {
+ if (lids.idlist_len != 2) {
+ code = PRINTERNAL;
+ goto done;
+ }
+ if (lids.idlist_val[0] == ANONYMOUSID
+ || lids.idlist_val[1] == ANONYMOUSID) {
code = PRNOENT;
goto done;
}
- code = ubik_Call(PR_AddToGroup, pruclient, 0, lids.idlist_val[0], lids.idlist_val[1]);
+ code =
+ ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
+ lids.idlist_val[1]);
done:
- if (lnames.namelist_val) free(lnames.namelist_val);
- if (lids.idlist_val) free(lids.idlist_val);
+ if (lnames.namelist_val)
+ free(lnames.namelist_val);
+
+ xdr_free((xdrproc_t) xdr_idlist, &lids);
return code;
}
-pr_RemoveUserFromGroup(user,group)
-char *user;
-char *group;
+int
+pr_RemoveUserFromGroup(prname user, prname group)
{
- register afs_int32 code;
+ afs_int32 code;
namelist lnames;
idlist lids;
+ code = check_length(user);
+ if (code)
+ return code;
+ code = check_length(group);
+ if (code)
+ return code;
lnames.namelist_len = 2;
- lnames.namelist_val = (prname *)malloc(2*PR_MAXNAMELEN);
- strncpy(lnames.namelist_val[0],user,PR_MAXNAMELEN);
- strncpy(lnames.namelist_val[1],group,PR_MAXNAMELEN);
+ lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
+ strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
+ strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
lids.idlist_val = 0;
lids.idlist_len = 0;
- code = pr_NameToId(&lnames,&lids);
- if (code) goto done;
+ code = pr_NameToId(&lnames, &lids);
+ if (code)
+ goto done;
- if (lids.idlist_val[0] == ANONYMOUSID || lids.idlist_val[1] == ANONYMOUSID) {
- code = PRNOENT;
+ if (lids.idlist_len != 2) {
+ code = PRINTERNAL;
goto done;
}
- code = ubik_Call(PR_RemoveFromGroup, pruclient, 0, lids.idlist_val[0], lids.idlist_val[1]);
-done:
- if (lnames.namelist_val) free(lnames.namelist_val);
- if (lids.idlist_val) free(lids.idlist_val);
- return code;
+ if (lids.idlist_val[0] == ANONYMOUSID
+ || lids.idlist_val[1] == ANONYMOUSID) {
+ code = PRNOENT;
+ goto done;
+ }
+ code =
+ ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
+ lids.idlist_val[1]);
+ done:
+ if (lnames.namelist_val)
+ free(lnames.namelist_val);
+ xdr_free((xdrproc_t) xdr_idlist, &lids);
+
+ return code;
}
-pr_NameToId(names, ids)
-namelist *names;
-idlist *ids;
+int
+pr_NameToId(namelist *names, idlist *ids)
{
- register afs_int32 code;
- register afs_int32 i;
+ afs_int32 code;
+ afs_int32 i;
- for (i=0;i<names->namelist_len;i++)
+ for (i = 0; i < names->namelist_len; i++) {
+ code = check_length(names->namelist_val[i]);
+ if (code)
+ return code;
stolower(names->namelist_val[i]);
- code = ubik_Call(PR_NameToID,pruclient,0,names,ids);
+ }
+ code = ubik_PR_NameToID(pruclient, 0, names, ids);
return code;
}
-pr_SNameToId(name,id)
-char name[PR_MAXNAMELEN];
-afs_int32 *id;
+int
+pr_SNameToId(prname name, afs_int32 *id)
{
namelist lnames;
idlist lids;
- register afs_int32 code;
+ afs_int32 code;
+ code = check_length(name);
+ if (code)
+ return code;
lids.idlist_len = 0;
lids.idlist_val = 0;
lnames.namelist_len = 1;
- lnames.namelist_val = (prname *)malloc(PR_MAXNAMELEN);
+ lnames.namelist_val = malloc(PR_MAXNAMELEN);
stolower(name);
- strncpy(lnames.namelist_val[0],name,PR_MAXNAMELEN);
- code = ubik_Call(PR_NameToID,pruclient,0,&lnames,&lids);
+ strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
+ code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
if (lids.idlist_val) {
*id = *lids.idlist_val;
- free(lids.idlist_val);
+ xdr_free((xdrproc_t) xdr_idlist, &lids);
+ } else if (code == 0) {
+ code = PRINTERNAL;
}
- if (lnames.namelist_val) free(lnames.namelist_val);
+ if (lnames.namelist_val)
+ free(lnames.namelist_val);
return code;
}
-
-
-pr_IdToName(ids,names)
-idlist *ids;
-namelist *names;
+/*
+ * Like ubik_PR_IDToName, but enforces that the output prnames are
+ * interpretable as C strings (i.e., NUL-terminated).
+ */
+int
+string_PR_IDToName(struct ubik_client *client, afs_int32 flags,
+ idlist *ids, namelist *names)
{
- register afs_int32 code;
+ afs_int32 code;
+ int i;
- code = ubik_Call(PR_IDToName,pruclient,0,ids,names);
+ code = ubik_PR_IDToName(client, flags, ids, names);
+ if (code)
+ return code;
+ for (i = 0; i < names->namelist_len; i++) {
+ code = check_length(names->namelist_val[i]);
+ if (code)
+ return code;
+ }
return code;
}
-pr_SIdToName(id,name)
-afs_int32 id;
-char name[PR_MAXNAMELEN];
+
+int
+pr_IdToName(idlist *ids, namelist *names)
+{
+ return string_PR_IDToName(pruclient, 0, ids, names);
+}
+
+int
+pr_SIdToName(afs_int32 id, prname name)
{
namelist lnames;
idlist lids;
- register afs_int32 code;
+ afs_int32 code;
lids.idlist_len = 1;
- lids.idlist_val = (afs_int32 *)malloc(sizeof(afs_int32));
+ lids.idlist_val = malloc(sizeof(afs_int32));
*lids.idlist_val = id;
lnames.namelist_len = 0;
lnames.namelist_val = 0;
- code = ubik_Call(PR_IDToName,pruclient,0,&lids,&lnames);
- if (lnames.namelist_val) {
- strncpy(name,lnames.namelist_val[0],PR_MAXNAMELEN);
- free(lnames.namelist_val);
- }
- if (lids.idlist_val) free(lids.idlist_val);
+ code = pr_IdToName(&lids, &lnames);
+ if (lnames.namelist_val)
+ strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
+ else if (code == 0)
+ code = PRINTERNAL;
+
+ if (lids.idlist_val)
+ free(lids.idlist_val);
+
+ xdr_free((xdrproc_t) xdr_namelist, &lnames);
+
return code;
}
-
-
-pr_GetCPS(id, CPS)
-afs_int32 id;
-prlist *CPS;
+int
+pr_GetCPS(afs_int32 id, prlist *CPS)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 over;
over = 0;
- code = ubik_Call(PR_GetCPS,pruclient,0,id,CPS,&over);
- if (code != PRSUCCESS) return code;
+ code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
+ if (code != PRSUCCESS)
+ return code;
if (over) {
/* do something about this, probably make a new call */
/* don't forget there's a hard limit in the interface */
- fprintf (stderr, "membership list for id %d exceeds display limit\n", id);
+ fprintf(stderr, "membership list for id %d exceeds display limit\n",
+ id);
}
return 0;
}
-
-pr_GetCPS2(id, host, CPS)
- afs_int32 id;
- afs_int32 host;
- prlist *CPS;
+int
+pr_GetCPS2(afs_int32 id, afs_uint32 host, prlist *CPS)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 over;
over = 0;
- code = ubik_Call(PR_GetCPS2,pruclient,0,id,host,CPS,&over);
- if (code != PRSUCCESS) return code;
+ code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
+ if (code != PRSUCCESS)
+ return code;
if (over) {
/* do something about this, probably make a new call */
/* don't forget there's a hard limit in the interface */
- fprintf (stderr, "membership list for id %d exceeds display limit\n", id);
+ fprintf(stderr, "membership list for id %d exceeds display limit\n",
+ id);
}
return 0;
}
-pr_GetHostCPS(host, CPS)
- afs_int32 host;
- prlist *CPS;
+int
+pr_GetHostCPS(afs_uint32 host, prlist *CPS)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 over;
over = 0;
- code = ubik_Call(PR_GetHostCPS,pruclient,0,host,CPS,&over);
- if (code != PRSUCCESS) return code;
+ code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
+ if (code != PRSUCCESS)
+ return code;
if (over) {
/* do something about this, probably make a new call */
/* don't forget there's a hard limit in the interface */
- fprintf (stderr, "membership list for host id %d exceeds display limit\n", host);
+ fprintf(stderr,
+ "membership list for host id %d exceeds display limit\n",
+ host);
}
return 0;
}
-
-pr_ListMembers(group,lnames)
-char *group;
-namelist *lnames;
+int
+pr_ListMembers(prname group, namelist *lnames)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 gid;
+ int i;
+
+ memset(lnames, 0, sizeof(namelist));
- code = pr_SNameToId(group,&gid);
- if (code) return code;
- if (gid == ANONYMOUSID) return PRNOENT;
+ /* pr_SNameToId checks the length of group. */
+ code = pr_SNameToId(group, &gid);
+ if (code)
+ return code;
+ if (gid == ANONYMOUSID)
+ return PRNOENT;
code = pr_IDListMembers(gid, lnames);
+ if (code)
+ return code;
+ for (i = 0; i < lnames->namelist_len; i++) {
+ code = check_length(lnames->namelist_val[i]);
+ if (code)
+ return code;
+ }
return code;
}
-pr_ListOwned (oid,lnames,moreP)
- afs_int32 oid;
- namelist *lnames;
- afs_int32 *moreP;
+int
+pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
{
- register afs_int32 code;
+ afs_int32 code;
prlist alist;
idlist *lids;
alist.prlist_len = 0;
alist.prlist_val = 0;
- code = ubik_Call(PR_ListOwned,pruclient,0,oid,&alist,moreP);
- if (code) return code;
+ code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
+ if (code)
+ return code;
if (*moreP == 1) {
- /* Remain backwards compatible when moreP was a T/F bit */
- fprintf (stderr, "membership list for id %d exceeds display limit\n",
- oid);
- *moreP = 0;
- }
- lids = (idlist *)&alist;
- code = pr_IdToName(lids,lnames);
- if (code) return code;
- if (alist.prlist_val) free(alist.prlist_val);
+ /* Remain backwards compatible when moreP was a T/F bit */
+ fprintf(stderr, "membership list for id %d exceeds display limit\n",
+ oid);
+ *moreP = 0;
+ }
+ lids = (idlist *) &alist;
+ code = pr_IdToName(lids, lnames);
+
+ xdr_free((xdrproc_t) xdr_prlist, &alist);
+
+ if (code)
+ return code;
+
return PRSUCCESS;
}
-pr_IDListMembers(gid,lnames)
-afs_int32 gid;
-namelist *lnames;
+int
+pr_IDListMembers(afs_int32 gid, namelist *lnames)
{
- register afs_int32 code;
+ afs_int32 code;
prlist alist;
idlist *lids;
afs_int32 over;
alist.prlist_len = 0;
alist.prlist_val = 0;
- code = ubik_Call(PR_ListElements,pruclient,0,gid,&alist,&over);
- if (code) return code;
+ code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
+ if (code)
+ return code;
if (over) {
- fprintf (stderr, "membership list for id %d exceeds display limit\n", gid);
+ fprintf(stderr, "membership list for id %d exceeds display limit\n",
+ gid);
}
- lids = (idlist *)&alist;
- code = pr_IdToName(lids,lnames);
- if (code) return code;
- if (alist.prlist_val) free(alist.prlist_val);
+ lids = (idlist *) &alist;
+ code = pr_IdToName(lids, lnames);
+
+ xdr_free((xdrproc_t) xdr_prlist, &alist);
+
+ if (code)
+ return code;
return PRSUCCESS;
}
-
-pr_ListEntry(id, aentry)
- afs_int32 id;
- struct prcheckentry *aentry;
+int
+pr_IDListExpandedMembers(afs_int32 aid, namelist * lnames)
{
- register afs_int32 code;
+ afs_int32 code;
+ afs_int32 gid;
+ idlist lids;
+ prlist alist;
+ afs_int32 over;
+ struct idhash *members = NULL;
+ afs_int32 *stack = NULL;
+ afs_int32 maxstack = ID_STACK_SIZE;
+ int n = 0; /* number of ids stacked */
+ int i;
+ int firstpass = 1;
+
+ code = AllocateIdHash(&members);
+ if (code) {
+ return code;
+ }
+ stack = malloc(sizeof(afs_int32) * maxstack);
+ if (!stack) {
+ code = ENOMEM;
+ goto done;
+ }
+
+ stack[n++] = aid;
+ while (n) {
+ gid = stack[--n]; /* pop next group id */
+ alist.prlist_len = 0;
+ alist.prlist_val = NULL;
+ if (firstpass || aid < 0) {
+ firstpass = 0;
+ code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
+ } else {
+ code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
+ if (code == RXGEN_OPCODE) {
+ alist.prlist_len = 0;
+ alist.prlist_val = NULL;
+ code = 0; /* server does not support supergroups. */
+ }
+ }
+ if (code)
+ goto done;
+ if (over) {
+ fprintf(stderr,
+ "membership list for id %d exceeds display limit\n", gid);
+ }
+ for (i = 0; i < alist.prlist_len; i++) {
+ afs_int32 found;
+ afs_int32 id;
+
+ id = alist.prlist_val[i];
+ found = FindId(members, id);
+ if (found < 0) {
+ code = found;
+ xdr_free((xdrproc_t) xdr_prlist, &alist);
+ goto done;
+ }
+ if (found == 0 && id < 0) {
+ if (n == maxstack) { /* need more stack space */
+ afs_int32 *tmp;
+ maxstack += n;
+ tmp = realloc(stack, maxstack * sizeof(afs_int32));
+ if (!tmp) {
+ code = ENOMEM;
+ xdr_free((xdrproc_t) xdr_prlist, &alist);
+ goto done;
+ }
+ stack = tmp;
+ }
+ stack[n++] = id; /* push group id */
+ }
+ }
+ xdr_free((xdrproc_t) xdr_prlist, &alist);
+ }
+
+ code = CreateIdList(members, &lids, (aid < 0 ? PRUSERS : PRGROUPS));
+ if (code) {
+ goto done;
+ } else if (lids.idlist_len == 0) {
+ /* Avoid the RPC when there's nothing to look up. */
+ lnames->namelist_len = 0;
+ lnames->namelist_val = NULL;
+ goto done;
+ }
+ code = pr_IdToName(&lids, lnames);
+ free(lids.idlist_val);
- code = ubik_Call (PR_ListEntry, pruclient, 0, id, aentry);
+ done:
+ if (stack)
+ free(stack);
+ if (members)
+ FreeIdHash(members);
return code;
}
-afs_int32 pr_ListEntries(flag, startindex, nentries, entries, nextstartindex)
- afs_int32 startindex;
- afs_int32 *nentries;
- struct prlistentries **entries;
- afs_int32 *nextstartindex;
+int
+pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
{
- afs_int32 code;
- prentries bulkentries;
+ afs_int32 code;
+
+ code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
+ if (code)
+ return code;
+ return check_length(aentry->name);
+}
- *nentries = 0;
- *entries = (struct prlistentries *)0;
- *nextstartindex = -1;
- bulkentries.prentries_val = 0;
- bulkentries.prentries_len = 0;
+afs_int32
+pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
+{
+ afs_int32 code;
+ int i;
+ prentries bulkentries;
+
+ *nentries = 0;
+ *entries = NULL;
+ *nextstartindex = -1;
+ bulkentries.prentries_val = 0;
+ bulkentries.prentries_len = 0;
+
+ code =
+ ubik_PR_ListEntries(pruclient, 0, flag, startindex,
+ &bulkentries, nextstartindex);
+ if (code)
+ return code;
+ for (i = 0; i < bulkentries.prentries_len; i++) {
+ /* XXX should we try to return all the other entries? */
+ code = check_length(bulkentries.prentries_val[i].name);
+ if (code)
+ goto out;
+ }
- code = ubik_Call(PR_ListEntries, pruclient, 0,
- flag, startindex, &bulkentries, nextstartindex);
- *nentries = bulkentries.prentries_len;
- *entries = bulkentries.prentries_val;
- return code;
+out:
+ if (code != 0) {
+ xdr_free((xdrproc_t)xdr_prentries, &bulkentries);
+ } else {
+ *nentries = bulkentries.prentries_len;
+ *entries = bulkentries.prentries_val;
+ }
+ return code;
}
-pr_CheckEntryByName(name,id,owner,creator)
-char *name;
-afs_int32 *id;
-char *owner;
-char *creator;
+int
+pr_CheckEntryByName(prname name, afs_int32 *id, prname owner, prname creator)
{
/* struct prcheckentry returns other things, which aren't useful to show at this time. */
- register afs_int32 code;
+ afs_int32 code;
struct prcheckentry aentry;
- code = pr_SNameToId(name,id);
- if (code) return code;
- if (*id == ANONYMOUSID) return PRNOENT;
- code = ubik_Call(PR_ListEntry,pruclient,0,*id,&aentry);
- if (code) return code;
+ /* pr_SNameToId will check name's length. */
+ code = pr_SNameToId(name, id);
+ if (code)
+ return code;
+ if (*id == ANONYMOUSID)
+ return PRNOENT;
+ code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
+ if (code)
+ return code;
/* this should be done in one RPC, but I'm lazy. */
- code = pr_SIdToName(aentry.owner,owner);
- if (code) return code;
- code = pr_SIdToName(aentry.creator,creator);
- if (code) return code;
+ code = pr_SIdToName(aentry.owner, owner);
+ if (code)
+ return code;
+ code = pr_SIdToName(aentry.creator, creator);
+ if (code)
+ return code;
return PRSUCCESS;
}
-pr_CheckEntryById(name,id,owner,creator)
-char *name;
-afs_int32 id;
-char *owner;
-char *creator;
+int
+pr_CheckEntryById(prname name, afs_int32 id, prname owner, prname creator)
{
/* struct prcheckentry returns other things, which aren't useful to show at this time. */
- register afs_int32 code;
+ afs_int32 code;
struct prcheckentry aentry;
- code = pr_SIdToName(id,name);
- if (code) return code;
- if (id == ANONYMOUSID) return PRNOENT;
- code = ubik_Call(PR_ListEntry,pruclient,0,id,&aentry);
- if (code) return code;
+ /* XXX ListEntry RPC gives us the name back so should avoid extra RPC */
+ code = pr_SIdToName(id, name);
+ if (code)
+ return code;
+ if (id == ANONYMOUSID)
+ return PRNOENT;
+ code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
+ if (code)
+ return code;
/* this should be done in one RPC, but I'm lazy. */
- code = pr_SIdToName(aentry.owner,owner);
- if (code) return code;
- code = pr_SIdToName(aentry.creator,creator);
- if (code) return code;
+ code = pr_SIdToName(aentry.owner, owner);
+ if (code)
+ return code;
+ code = pr_SIdToName(aentry.creator, creator);
+ if (code)
+ return code;
return PRSUCCESS;
}
-pr_ChangeEntry(oldname,newname,newid,newowner)
-char *oldname;
-char *newname;
-afs_int32 *newid;
-char *newowner;
+int
+pr_ChangeEntry(prname oldname, prname newname, afs_int32 *newid, prname newowner)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 id;
- afs_int32 oid =0;
+ afs_int32 oid = 0;
- code = pr_SNameToId(oldname,&id);
- if (code) return code;
- if (id == ANONYMOUSID) return PRNOENT;
+ /* pr_SNameToId takes care of length checks for us. */
+ code = pr_SNameToId(oldname, &id);
+ if (code)
+ return code;
+ if (id == ANONYMOUSID)
+ return PRNOENT;
if (newowner && *newowner) {
- code = pr_SNameToId(newowner,&oid);
- if (code) return code;
- if (oid == ANONYMOUSID) return PRNOENT;
+ code = pr_SNameToId(newowner, &oid);
+ if (code)
+ return code;
+ if (oid == ANONYMOUSID)
+ return PRNOENT;
}
- code = ubik_Call(PR_ChangeEntry,pruclient, 0,id,newname,oid,newid);
+ if (newid)
+ code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
+ else
+ code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
return code;
}
-pr_IsAMemberOf(uname,gname,flag)
-char *uname;
-char *gname;
-afs_int32 *flag;
+int
+pr_IsAMemberOf(prname uname, prname gname, afs_int32 *flag)
{
- register afs_int32 code;
+ afs_int32 code;
namelist lnames;
idlist lids;
+ code = check_length(uname);
+ if (code)
+ return code;
+ code = check_length(gname);
+ if (code)
+ return code;
stolower(uname);
stolower(gname);
lnames.namelist_len = 2;
- lnames.namelist_val = (prname *)malloc(2*PR_MAXNAMELEN);
- strncpy(lnames.namelist_val[0],uname,PR_MAXNAMELEN);
- strncpy(lnames.namelist_val[1],gname,PR_MAXNAMELEN);
- lids.idlist_val= 0;
+ lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
+ strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
+ strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
+ lids.idlist_val = 0;
lids.idlist_len = 0;
- code = pr_NameToId(&lnames,&lids);
+ code = pr_NameToId(&lnames, &lids);
if (code) {
- if (lnames.namelist_val) free(lnames.namelist_val);
- if (lids.idlist_val) free(lids.idlist_val);
+ if (lnames.namelist_val)
+ free(lnames.namelist_val);
+ xdr_free((xdrproc_t) xdr_idlist, &lids);
return code;
}
- code = ubik_Call(PR_IsAMemberOf,pruclient,0,lids.idlist_val[0],lids.idlist_val[1],flag);
- if (lnames.namelist_val) free(lnames.namelist_val);
- if (lids.idlist_val) free(lids.idlist_val);
+ if (lids.idlist_len != 2) {
+ free(lnames.namelist_val);
+ xdr_free((xdrproc_t) xdr_idlist, &lids);
+ return PRINTERNAL;
+ }
+ code =
+ ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
+ lids.idlist_val[1], flag);
+ if (lnames.namelist_val)
+ free(lnames.namelist_val);
+ xdr_free((xdrproc_t) xdr_idlist, &lids);
return code;
}
-
-pr_ListMaxUserId(mid)
-afs_int32 *mid;
+int
+pr_ListMaxUserId(afs_int32 *mid)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 gid;
- code = ubik_Call(PR_ListMax,pruclient,0,mid,&gid);
+ code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
return code;
}
-pr_SetMaxUserId(mid)
-afs_int32 mid;
+int
+pr_SetMaxUserId(afs_int32 mid)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 flag = 0;
- code = ubik_Call(PR_SetMax,pruclient,0,mid,flag);
+ code = ubik_PR_SetMax(pruclient, 0, mid, flag);
return code;
}
-pr_ListMaxGroupId(mid)
-afs_int32 *mid;
+int
+pr_ListMaxGroupId(afs_int32 *mid)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 id;
- code = ubik_Call(PR_ListMax,pruclient,0,&id,mid);
+ code = ubik_PR_ListMax(pruclient, 0, &id, mid);
return code;
}
-pr_SetMaxGroupId(mid)
-afs_int32 mid;
+int
+pr_SetMaxGroupId(afs_int32 mid)
{
- register afs_int32 code;
+ afs_int32 code;
afs_int32 flag = 0;
flag |= PRGRP;
- code = ubik_Call(PR_SetMax,pruclient,0,mid,flag);
+ code = ubik_PR_SetMax(pruclient, 0, mid, flag);
return code;
}
-afs_int32 pr_SetFieldsEntry (id, mask, flags, ngroups, nusers)
- afs_int32 id;
- afs_int32 mask;
- afs_int32 flags, ngroups, nusers;
+afs_int32
+pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
{
- register afs_int32 code;
+ afs_int32 code;
- code = ubik_Call(PR_SetFieldsEntry,pruclient,0,id,mask, flags, ngroups, nusers, 0,0);
+ code =
+ ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,
+ nusers, 0, 0);
return code;
}
-
-stolower(s)
-char *s;
+int
+pr_ListSuperGroups(afs_int32 gid, namelist * lnames)
{
- while (*s) {
- if (isupper(*s)) *s = tolower(*s);
- s++;
+ afs_int32 code;
+ prlist alist;
+ idlist *lids;
+ afs_int32 over;
+
+ alist.prlist_len = 0;
+ alist.prlist_val = 0;
+ code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
+ if (code)
+ return code;
+ if (over) {
+ fprintf(stderr, "supergroup list for id %d exceeds display limit\n",
+ gid);
}
-}
+ lids = (idlist *) & alist;
+ code = pr_IdToName(lids, lnames);
+ xdr_free((xdrproc_t) xdr_prlist, &alist);
+ return code;
+}