2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
29 #include "afs/cellconfig.h"
30 #include "afs/afsutil.h"
31 #include "afs/ptclient.h"
32 #include "afs/ptuser.h"
33 #include "afs/pterror.h"
34 #else /* defined(UKERNEL) */
37 #include <sys/types.h>
41 #include <netinet/in.h>
55 #include <afs/cellconfig.h>
56 #include <afs/afsutil.h>
60 #endif /* defined(UKERNEL) */
63 struct ubik_client *pruclient = 0;
64 static afs_int32 lastLevel; /* security level pruclient, if any */
66 static char *whoami = "libprot";
69 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
72 struct rx_connection *serverconns[MAXSERVERS];
73 struct rx_securityClass *sc[3];
74 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
75 static char tconfDir[100] = "";
76 static char tcell[64] = "";
77 struct ktc_token ttoken;
79 static struct afsconf_cell info;
82 afs_int32 gottdir = 0;
83 afs_int32 refresh = 0;
85 initialize_PT_error_table();
86 initialize_RXK_error_table();
87 initialize_ACFG_error_table();
88 initialize_KTC_error_table();
92 cell = afs_LclCellName;
94 #else /* defined(UKERNEL) */
97 tdir = afsconf_Open(confDir);
99 if (confDir && strcmp(confDir, ""))
101 "libprot: Could not open configuration directory: %s.\n",
105 "libprot: No configuration directory specified.\n");
110 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
113 "libprot: Could not get local cell. [%d]\n", code);
118 #endif /* defined(UKERNEL) */
120 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
122 * force re-evaluation. we either don't have an afsconf_dir,
123 * the directory has changed or the cell has changed.
125 if (tdir && !gottdir) {
127 tdir = (struct afsconf_dir *)NULL;
129 pruclient = (struct ubik_client *)NULL;
134 strncpy(tconfDir, confDir, sizeof(tconfDir));
135 strncpy(tcell, cell, sizeof(tcell));
139 #else /* defined(UKERNEL) */
141 tdir = afsconf_Open(confDir);
143 if (confDir && strcmp(confDir, ""))
145 "libprot: Could not open configuration directory: %s.\n",
149 "libprot: No configuration directory specified.\n");
152 #endif /* defined(UKERNEL) */
154 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
156 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
157 cell, confDir, AFSDIR_CELLSERVDB_FILE);
162 /* If we already have a client and it is at the security level we
163 * want, don't get a new one. Unless the security level is 2 in
164 * which case we will get one (and re-read the key file).
166 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
172 fprintf(stderr, "libprot: Could not initialize rx.\n");
180 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
181 * to force use of the KeyFile. secLevel == 0 implies -noauth was
183 if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
184 /* If secLevel is two assume we're on a file server and use
185 * ClientAuthSecure if possible. */
186 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
189 "libprot: clientauthsecure returns %d %s"
190 " (so trying noauth)\n", code, error_message(code));
192 scIndex = 0; /* use noauth */
194 /* if there was a problem, an unauthenticated conn is returned */
196 } else if (secLevel > 0) {
197 struct ktc_principal sname;
198 strcpy(sname.cell, info.name);
199 sname.instance[0] = 0;
200 strcpy(sname.name, "afs");
201 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
205 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
206 /* this is a kerberos ticket, set scIndex accordingly */
210 "libprot: funny kvno (%d) in ticket, proceeding\n",
215 rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
216 ttoken.kvno, ttoken.ticketLen,
223 if ((scIndex == 0) && (sc[0] == 0))
224 sc[0] = rxnull_NewClientSecurityObject();
225 if ((scIndex == 0) && (secLevel != 0))
226 com_err(whoami, code,
227 "Could not get afs tokens, running unauthenticated.");
229 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
230 for (i = 0; i < info.numServers; i++)
232 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
233 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
236 code = ubik_ClientInit(serverconns, &pruclient);
238 com_err(whoami, code, "ubik client init failed.");
243 code = rxs_Release(sc[scIndex]);
253 code = ubik_ClientDestroy(pruclient);
262 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
264 register afs_int32 code;
268 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
271 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
278 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
280 register afs_int32 code;
286 code = pr_SNameToId(owner, &oid);
289 if (oid == ANONYMOUSID)
294 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
297 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
303 pr_Delete(char *name)
305 register afs_int32 code;
309 code = pr_SNameToId(name, &id);
312 if (id == ANONYMOUSID)
314 code = ubik_PR_Delete(pruclient, 0, id);
319 pr_DeleteByID(afs_int32 id)
321 register afs_int32 code;
323 code = ubik_PR_Delete(pruclient, 0, id);
328 pr_AddToGroup(char *user, char *group)
330 register afs_int32 code;
334 lnames.namelist_len = 2;
335 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
336 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
337 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
340 code = pr_NameToId(&lnames, &lids);
343 /* if here, still could be missing an entry */
344 if (lids.idlist_val[0] == ANONYMOUSID
345 || lids.idlist_val[1] == ANONYMOUSID) {
350 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
353 if (lnames.namelist_val)
354 free(lnames.namelist_val);
356 free(lids.idlist_val);
361 pr_RemoveUserFromGroup(char *user, char *group)
363 register afs_int32 code;
367 lnames.namelist_len = 2;
368 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
369 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
370 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
373 code = pr_NameToId(&lnames, &lids);
377 if (lids.idlist_val[0] == ANONYMOUSID
378 || lids.idlist_val[1] == ANONYMOUSID) {
383 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
386 if (lnames.namelist_val)
387 free(lnames.namelist_val);
389 free(lids.idlist_val);
395 pr_NameToId(namelist *names, idlist *ids)
397 register afs_int32 code;
398 register afs_int32 i;
400 for (i = 0; i < names->namelist_len; i++)
401 stolower(names->namelist_val[i]);
402 code = ubik_PR_NameToID(pruclient, 0, names, ids);
407 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
411 register afs_int32 code;
415 lnames.namelist_len = 1;
416 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
418 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
419 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
420 if (lids.idlist_val) {
421 *id = *lids.idlist_val;
422 free(lids.idlist_val);
424 if (lnames.namelist_val)
425 free(lnames.namelist_val);
430 pr_IdToName(idlist *ids, namelist *names)
432 register afs_int32 code;
434 code = ubik_PR_IDToName(pruclient, 0, ids, names);
439 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
443 register afs_int32 code;
446 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
447 *lids.idlist_val = id;
448 lnames.namelist_len = 0;
449 lnames.namelist_val = 0;
450 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
451 if (lnames.namelist_val) {
452 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
453 free(lnames.namelist_val);
456 free(lids.idlist_val);
461 pr_GetCPS(afs_int32 id, prlist *CPS)
463 register afs_int32 code;
467 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
468 if (code != PRSUCCESS)
471 /* do something about this, probably make a new call */
472 /* don't forget there's a hard limit in the interface */
473 fprintf(stderr, "membership list for id %d exceeds display limit\n",
480 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
482 register afs_int32 code;
486 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
487 if (code != PRSUCCESS)
490 /* do something about this, probably make a new call */
491 /* don't forget there's a hard limit in the interface */
492 fprintf(stderr, "membership list for id %d exceeds display limit\n",
499 pr_GetHostCPS(afs_int32 host, prlist *CPS)
501 register afs_int32 code;
505 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
506 if (code != PRSUCCESS)
509 /* do something about this, probably make a new call */
510 /* don't forget there's a hard limit in the interface */
512 "membership list for host id %d exceeds display limit\n",
519 pr_ListMembers(char *group, namelist *lnames)
521 register afs_int32 code;
524 code = pr_SNameToId(group, &gid);
527 if (gid == ANONYMOUSID)
529 code = pr_IDListMembers(gid, lnames);
534 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
536 register afs_int32 code;
540 alist.prlist_len = 0;
541 alist.prlist_val = 0;
542 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
546 /* Remain backwards compatible when moreP was a T/F bit */
547 fprintf(stderr, "membership list for id %d exceeds display limit\n",
551 lids = (idlist *) & alist;
552 code = pr_IdToName(lids, lnames);
555 if (alist.prlist_val)
556 free(alist.prlist_val);
561 pr_IDListMembers(afs_int32 gid, namelist *lnames)
563 register afs_int32 code;
568 alist.prlist_len = 0;
569 alist.prlist_val = 0;
570 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
574 fprintf(stderr, "membership list for id %d exceeds display limit\n",
577 lids = (idlist *) & alist;
578 code = pr_IdToName(lids, lnames);
581 if (alist.prlist_val)
582 free(alist.prlist_val);
587 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
589 register afs_int32 code;
591 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
596 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
599 prentries bulkentries;
603 *nextstartindex = -1;
604 bulkentries.prentries_val = 0;
605 bulkentries.prentries_len = 0;
608 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
609 &bulkentries, nextstartindex);
610 *nentries = bulkentries.prentries_len;
611 *entries = bulkentries.prentries_val;
616 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
618 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
619 register afs_int32 code;
620 struct prcheckentry aentry;
622 code = pr_SNameToId(name, id);
625 if (*id == ANONYMOUSID)
627 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
630 /* this should be done in one RPC, but I'm lazy. */
631 code = pr_SIdToName(aentry.owner, owner);
634 code = pr_SIdToName(aentry.creator, creator);
641 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
643 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
644 register afs_int32 code;
645 struct prcheckentry aentry;
647 code = pr_SIdToName(id, name);
650 if (id == ANONYMOUSID)
652 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
655 /* this should be done in one RPC, but I'm lazy. */
656 code = pr_SIdToName(aentry.owner, owner);
659 code = pr_SIdToName(aentry.creator, creator);
666 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
668 register afs_int32 code;
672 code = pr_SNameToId(oldname, &id);
675 if (id == ANONYMOUSID)
677 if (newowner && *newowner) {
678 code = pr_SNameToId(newowner, &oid);
681 if (oid == ANONYMOUSID)
684 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
689 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
691 register afs_int32 code;
697 lnames.namelist_len = 2;
698 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
699 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
700 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
703 code = pr_NameToId(&lnames, &lids);
705 if (lnames.namelist_val)
706 free(lnames.namelist_val);
708 free(lids.idlist_val);
712 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
713 lids.idlist_val[1], flag);
714 if (lnames.namelist_val)
715 free(lnames.namelist_val);
717 free(lids.idlist_val);
722 pr_ListMaxUserId(afs_int32 *mid)
724 register afs_int32 code;
726 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
731 pr_SetMaxUserId(afs_int32 mid)
733 register afs_int32 code;
735 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
740 pr_ListMaxGroupId(afs_int32 *mid)
742 register afs_int32 code;
744 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
749 pr_SetMaxGroupId(afs_int32 mid)
751 register afs_int32 code;
755 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
760 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
762 register afs_int32 code;
765 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,