2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
29 #include "afs/cellconfig.h"
30 #include "afs/afsutil.h"
31 #include "afs/ptclient.h"
32 #include "afs/pterror.h"
33 #else /* defined(UKERNEL) */
36 #include <sys/types.h>
40 #include <netinet/in.h>
54 #include <afs/cellconfig.h>
55 #include <afs/afsutil.h>
58 #endif /* defined(UKERNEL) */
61 struct ubik_client *pruclient = 0;
62 static afs_int32 lastLevel; /* security level pruclient, if any */
64 static char *whoami = "libprot";
67 pr_Initialize(IN afs_int32 secLevel, IN char *confDir, IN char *cell)
70 struct rx_connection *serverconns[MAXSERVERS];
71 struct rx_securityClass *sc[3];
72 static struct afsconf_dir *tdir = 0; /* only do this once */
73 static char tconfDir[100];
74 struct ktc_token ttoken;
76 static struct afsconf_cell info;
80 initialize_PT_error_table();
81 initialize_RXK_error_table();
82 initialize_ACFG_error_table();
83 initialize_KTC_error_table();
85 if (strcmp(confDir, tconfDir)) {
87 * Different conf dir; force re-evaluation.
89 tdir = (struct afsconf_dir *)0;
90 pruclient = (struct ubik_client *)0;
93 strncpy(tconfDir, confDir, sizeof(tconfDir));
97 cell = afs_LclCellName;
99 #else /* defined(UKERNEL) */
100 tdir = afsconf_Open(confDir);
102 if (confDir && strcmp(confDir, ""))
104 "libprot: Could not open configuration directory: %s.\n",
110 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
113 "vos: can't get local cell name - check %s/%s\n",
114 confDir, AFSDIR_THISCELL_FILE);
119 #endif /* defined(UKERNEL) */
121 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
123 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
124 cell, confDir, AFSDIR_CELLSERVDB_FILE);
129 /* If we already have a client and it is at the security level we
130 * want, don't get a new one. Unless the security level is 2 in
131 * which case we will get one (and re-read the key file).
133 if (pruclient && (lastLevel == secLevel) && (secLevel != 2))
138 fprintf(stderr, "libprot: Could not initialize rx.\n");
146 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
147 * to force use of the KeyFile. secLevel == 0 implies -noauth was
149 if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
150 /* If secLevel is two assume we're on a file server and use
151 * ClientAuthSecure if possible. */
152 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
155 "libprot: clientauthsecure returns %d %s"
156 " (so trying noauth)\n", code, error_message(code));
158 scIndex = 0; /* use noauth */
160 /* if there was a problem, an unauthenticated conn is returned */
162 } else if (secLevel > 0) {
163 struct ktc_principal sname;
164 strcpy(sname.cell, info.name);
165 sname.instance[0] = 0;
166 strcpy(sname.name, "afs");
167 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
171 if (ttoken.kvno >= 0 && ttoken.kvno <= 255)
172 /* this is a kerberos ticket, set scIndex accordingly */
176 "libprot: funny kvno (%d) in ticket, proceeding\n",
181 rxkad_NewClientSecurityObject(secLevel, &ttoken.sessionKey,
182 ttoken.kvno, ttoken.ticketLen,
188 if ((scIndex == 0) && (sc[0] == 0))
189 sc[0] = rxnull_NewClientSecurityObject();
190 if ((scIndex == 0) && (secLevel != 0))
191 com_err(whoami, code,
192 "Could not get afs tokens, running unauthenticated.");
194 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
195 for (i = 0; i < info.numServers; i++)
197 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
198 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
201 code = ubik_ClientInit(serverconns, &pruclient);
203 com_err(whoami, code, "ubik client init failed.");
208 code = rxs_Release(sc[scIndex]);
218 code = ubik_ClientDestroy(pruclient);
227 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
229 register afs_int32 code;
233 code = ubik_Call(PR_INewEntry, pruclient, 0, name, *id, 0);
236 code = ubik_Call(PR_NewEntry, pruclient, 0, name, 0, 0, id);
243 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
245 register afs_int32 code;
251 code = pr_SNameToId(owner, &oid);
254 if (oid == ANONYMOUSID)
259 code = ubik_Call(PR_INewEntry, pruclient, 0, name, *id, oid);
262 code = ubik_Call(PR_NewEntry, pruclient, 0, name, flags, oid, id);
268 pr_Delete(char *name)
270 register afs_int32 code;
274 code = pr_SNameToId(name, &id);
277 if (id == ANONYMOUSID)
279 code = ubik_Call(PR_Delete, pruclient, 0, id);
284 pr_DeleteByID(afs_int32 id)
286 register afs_int32 code;
288 code = ubik_Call(PR_Delete, pruclient, 0, id);
293 pr_AddToGroup(char *user, char *group)
295 register afs_int32 code;
299 lnames.namelist_len = 2;
300 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
301 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
302 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
305 code = pr_NameToId(&lnames, &lids);
308 /* if here, still could be missing an entry */
309 if (lids.idlist_val[0] == ANONYMOUSID
310 || lids.idlist_val[1] == ANONYMOUSID) {
315 ubik_Call(PR_AddToGroup, pruclient, 0, lids.idlist_val[0],
318 if (lnames.namelist_val)
319 free(lnames.namelist_val);
321 free(lids.idlist_val);
326 pr_RemoveUserFromGroup(char *user, char *group)
328 register afs_int32 code;
332 lnames.namelist_len = 2;
333 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
334 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
335 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
338 code = pr_NameToId(&lnames, &lids);
342 if (lids.idlist_val[0] == ANONYMOUSID
343 || lids.idlist_val[1] == ANONYMOUSID) {
348 ubik_Call(PR_RemoveFromGroup, pruclient, 0, lids.idlist_val[0],
351 if (lnames.namelist_val)
352 free(lnames.namelist_val);
354 free(lids.idlist_val);
360 pr_NameToId(namelist *names, idlist *ids)
362 register afs_int32 code;
363 register afs_int32 i;
365 for (i = 0; i < names->namelist_len; i++)
366 stolower(names->namelist_val[i]);
367 code = ubik_Call(PR_NameToID, pruclient, 0, names, ids);
372 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
376 register afs_int32 code;
380 lnames.namelist_len = 1;
381 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
383 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
384 code = ubik_Call(PR_NameToID, pruclient, 0, &lnames, &lids);
385 if (lids.idlist_val) {
386 *id = *lids.idlist_val;
387 free(lids.idlist_val);
389 if (lnames.namelist_val)
390 free(lnames.namelist_val);
395 pr_IdToName(idlist *ids, namelist *names)
397 register afs_int32 code;
399 code = ubik_Call(PR_IDToName, pruclient, 0, ids, names);
404 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
408 register afs_int32 code;
411 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
412 *lids.idlist_val = id;
413 lnames.namelist_len = 0;
414 lnames.namelist_val = 0;
415 code = ubik_Call(PR_IDToName, pruclient, 0, &lids, &lnames);
416 if (lnames.namelist_val) {
417 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
418 free(lnames.namelist_val);
421 free(lids.idlist_val);
426 pr_GetCPS(afs_int32 id, prlist *CPS)
428 register afs_int32 code;
432 code = ubik_Call(PR_GetCPS, pruclient, 0, id, CPS, &over);
433 if (code != PRSUCCESS)
436 /* do something about this, probably make a new call */
437 /* don't forget there's a hard limit in the interface */
438 fprintf(stderr, "membership list for id %d exceeds display limit\n",
445 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
447 register afs_int32 code;
451 code = ubik_Call(PR_GetCPS2, pruclient, 0, id, host, CPS, &over);
452 if (code != PRSUCCESS)
455 /* do something about this, probably make a new call */
456 /* don't forget there's a hard limit in the interface */
457 fprintf(stderr, "membership list for id %d exceeds display limit\n",
464 pr_GetHostCPS(afs_int32 host, prlist *CPS)
466 register afs_int32 code;
470 code = ubik_Call(PR_GetHostCPS, pruclient, 0, host, CPS, &over);
471 if (code != PRSUCCESS)
474 /* do something about this, probably make a new call */
475 /* don't forget there's a hard limit in the interface */
477 "membership list for host id %d exceeds display limit\n",
484 pr_ListMembers(char *group, namelist *lnames)
486 register afs_int32 code;
489 code = pr_SNameToId(group, &gid);
492 if (gid == ANONYMOUSID)
494 code = pr_IDListMembers(gid, lnames);
499 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
501 register afs_int32 code;
505 alist.prlist_len = 0;
506 alist.prlist_val = 0;
507 code = ubik_Call(PR_ListOwned, pruclient, 0, oid, &alist, moreP);
511 /* Remain backwards compatible when moreP was a T/F bit */
512 fprintf(stderr, "membership list for id %d exceeds display limit\n",
516 lids = (idlist *) & alist;
517 code = pr_IdToName(lids, lnames);
520 if (alist.prlist_val)
521 free(alist.prlist_val);
526 pr_IDListMembers(afs_int32 gid, namelist *lnames)
528 register afs_int32 code;
533 alist.prlist_len = 0;
534 alist.prlist_val = 0;
535 code = ubik_Call(PR_ListElements, pruclient, 0, gid, &alist, &over);
539 fprintf(stderr, "membership list for id %d exceeds display limit\n",
542 lids = (idlist *) & alist;
543 code = pr_IdToName(lids, lnames);
546 if (alist.prlist_val)
547 free(alist.prlist_val);
552 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
554 register afs_int32 code;
556 code = ubik_Call(PR_ListEntry, pruclient, 0, id, aentry);
561 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
564 prentries bulkentries;
568 *nextstartindex = -1;
569 bulkentries.prentries_val = 0;
570 bulkentries.prentries_len = 0;
573 ubik_Call(PR_ListEntries, pruclient, 0, flag, startindex,
574 &bulkentries, nextstartindex);
575 *nentries = bulkentries.prentries_len;
576 *entries = bulkentries.prentries_val;
581 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
583 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
584 register afs_int32 code;
585 struct prcheckentry aentry;
587 code = pr_SNameToId(name, id);
590 if (*id == ANONYMOUSID)
592 code = ubik_Call(PR_ListEntry, pruclient, 0, *id, &aentry);
595 /* this should be done in one RPC, but I'm lazy. */
596 code = pr_SIdToName(aentry.owner, owner);
599 code = pr_SIdToName(aentry.creator, creator);
606 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
608 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
609 register afs_int32 code;
610 struct prcheckentry aentry;
612 code = pr_SIdToName(id, name);
615 if (id == ANONYMOUSID)
617 code = ubik_Call(PR_ListEntry, pruclient, 0, id, &aentry);
620 /* this should be done in one RPC, but I'm lazy. */
621 code = pr_SIdToName(aentry.owner, owner);
624 code = pr_SIdToName(aentry.creator, creator);
631 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
633 register afs_int32 code;
637 code = pr_SNameToId(oldname, &id);
640 if (id == ANONYMOUSID)
642 if (newowner && *newowner) {
643 code = pr_SNameToId(newowner, &oid);
646 if (oid == ANONYMOUSID)
649 code = ubik_Call(PR_ChangeEntry, pruclient, 0, id, newname, oid, newid);
654 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
656 register afs_int32 code;
662 lnames.namelist_len = 2;
663 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
664 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
665 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
668 code = pr_NameToId(&lnames, &lids);
670 if (lnames.namelist_val)
671 free(lnames.namelist_val);
673 free(lids.idlist_val);
677 ubik_Call(PR_IsAMemberOf, pruclient, 0, lids.idlist_val[0],
678 lids.idlist_val[1], flag);
679 if (lnames.namelist_val)
680 free(lnames.namelist_val);
682 free(lids.idlist_val);
687 pr_ListMaxUserId(afs_int32 *mid)
689 register afs_int32 code;
691 code = ubik_Call(PR_ListMax, pruclient, 0, mid, &gid);
696 pr_SetMaxUserId(afs_int32 mid)
698 register afs_int32 code;
700 code = ubik_Call(PR_SetMax, pruclient, 0, mid, flag);
705 pr_ListMaxGroupId(afs_int32 *mid)
707 register afs_int32 code;
709 code = ubik_Call(PR_ListMax, pruclient, 0, &id, mid);
714 pr_SetMaxGroupId(afs_int32 mid)
716 register afs_int32 code;
720 code = ubik_Call(PR_SetMax, pruclient, 0, mid, flag);
725 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
727 register afs_int32 code;
730 ubik_Call(PR_SetFieldsEntry, pruclient, 0, id, mask, flags, ngroups,