2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
29 #include "afs/cellconfig.h"
30 #include "afs/afsutil.h"
31 #include "afs/ptclient.h"
32 #include "afs/pterror.h"
33 #else /* defined(UKERNEL) */
36 #include <sys/types.h>
40 #include <netinet/in.h>
54 #include <afs/cellconfig.h>
55 #include <afs/afsutil.h>
58 #endif /* defined(UKERNEL) */
61 struct ubik_client *pruclient = 0;
62 static afs_int32 lastLevel; /* security level pruclient, if any */
64 static char *whoami = "libprot";
67 pr_Initialize(secLevel, confDir, cell)
68 IN afs_int32 secLevel;
73 struct rx_connection *serverconns[MAXSERVERS];
74 struct rx_securityClass *sc[3];
75 static struct afsconf_dir *tdir = 0; /* only do this once */
76 static char tconfDir[100];
77 struct ktc_token ttoken;
79 static struct afsconf_cell info;
83 initialize_PT_error_table();
84 initialize_RXK_error_table();
85 initialize_ACFG_error_table();
86 initialize_KTC_error_table();
88 if (strcmp(confDir, tconfDir)) {
90 * Different conf dir; force re-evaluation.
92 tdir = (struct afsconf_dir *)0;
93 pruclient = (struct ubik_client *)0;
96 strncpy(tconfDir, confDir, sizeof(tconfDir));
100 cell = afs_LclCellName;
102 #else /* defined(UKERNEL) */
103 tdir = afsconf_Open(confDir);
105 if (confDir && strcmp(confDir, ""))
107 "libprot: Could not open configuration directory: %s.\n",
113 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
116 "vos: can't get local cell name - check %s/%s\n",
117 confDir, AFSDIR_THISCELL_FILE);
122 #endif /* defined(UKERNEL) */
124 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
126 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
127 cell, confDir, AFSDIR_CELLSERVDB_FILE);
132 /* If we already have a client and it is at the security level we
133 * want, don't get a new one. Unless the security level is 2 in
134 * which case we will get one (and re-read the key file).
136 if (pruclient && (lastLevel == secLevel) && (secLevel != 2))
141 fprintf(stderr, "libprot: Could not initialize rx.\n");
149 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
150 * to force use of the KeyFile. secLevel == 0 implies -noauth was
152 if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
153 /* If secLevel is two assume we're on a file server and use
154 * ClientAuthSecure if possible. */
155 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
158 "libprot: clientauthsecure returns %d %s"
159 " (so trying noauth)\n", code, error_message(code));
161 scIndex = 0; /* use noauth */
163 /* if there was a problem, an unauthenticated conn is returned */
165 } else if (secLevel > 0) {
166 struct ktc_principal sname;
167 strcpy(sname.cell, info.name);
168 sname.instance[0] = 0;
169 strcpy(sname.name, "afs");
170 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
174 if (ttoken.kvno >= 0 && ttoken.kvno <= 255)
175 /* this is a kerberos ticket, set scIndex accordingly */
179 "libprot: funny kvno (%d) in ticket, proceeding\n",
184 rxkad_NewClientSecurityObject(secLevel, &ttoken.sessionKey,
185 ttoken.kvno, ttoken.ticketLen,
191 if ((scIndex == 0) && (sc[0] == 0))
192 sc[0] = rxnull_NewClientSecurityObject();
193 if ((scIndex == 0) && (secLevel != 0))
194 com_err(whoami, code,
195 "Could not get afs tokens, running unauthenticated.");
197 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
198 for (i = 0; i < info.numServers; i++)
200 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
201 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
204 code = ubik_ClientInit(serverconns, &pruclient);
206 com_err(whoami, code, "ubik client init failed.");
211 code = rxs_Release(sc[scIndex]);
221 code = ubik_ClientDestroy(pruclient);
229 pr_CreateUser(name, id)
230 char name[PR_MAXNAMELEN];
233 register afs_int32 code;
237 code = ubik_Call(PR_INewEntry, pruclient, 0, name, *id, 0);
240 code = ubik_Call(PR_NewEntry, pruclient, 0, name, 0, 0, id);
246 pr_CreateGroup(name, owner, id)
247 char name[PR_MAXNAMELEN];
248 char owner[PR_MAXNAMELEN];
251 register afs_int32 code;
257 code = pr_SNameToId(owner, &oid);
260 if (oid == ANONYMOUSID)
265 code = ubik_Call(PR_INewEntry, pruclient, 0, name, *id, oid);
268 code = ubik_Call(PR_NewEntry, pruclient, 0, name, flags, oid, id);
276 register afs_int32 code;
280 code = pr_SNameToId(name, &id);
283 if (id == ANONYMOUSID)
285 code = ubik_Call(PR_Delete, pruclient, 0, id);
292 register afs_int32 code;
294 code = ubik_Call(PR_Delete, pruclient, 0, id);
298 pr_AddToGroup(user, group)
302 register afs_int32 code;
306 lnames.namelist_len = 2;
307 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
308 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
309 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
312 code = pr_NameToId(&lnames, &lids);
315 /* if here, still could be missing an entry */
316 if (lids.idlist_val[0] == ANONYMOUSID
317 || lids.idlist_val[1] == ANONYMOUSID) {
322 ubik_Call(PR_AddToGroup, pruclient, 0, lids.idlist_val[0],
325 if (lnames.namelist_val)
326 free(lnames.namelist_val);
328 free(lids.idlist_val);
332 pr_RemoveUserFromGroup(user, group)
336 register afs_int32 code;
340 lnames.namelist_len = 2;
341 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
342 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
343 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
346 code = pr_NameToId(&lnames, &lids);
350 if (lids.idlist_val[0] == ANONYMOUSID
351 || lids.idlist_val[1] == ANONYMOUSID) {
356 ubik_Call(PR_RemoveFromGroup, pruclient, 0, lids.idlist_val[0],
359 if (lnames.namelist_val)
360 free(lnames.namelist_val);
362 free(lids.idlist_val);
367 pr_NameToId(names, ids)
371 register afs_int32 code;
372 register afs_int32 i;
374 for (i = 0; i < names->namelist_len; i++)
375 stolower(names->namelist_val[i]);
376 code = ubik_Call(PR_NameToID, pruclient, 0, names, ids);
380 pr_SNameToId(name, id)
381 char name[PR_MAXNAMELEN];
386 register afs_int32 code;
390 lnames.namelist_len = 1;
391 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
393 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
394 code = ubik_Call(PR_NameToID, pruclient, 0, &lnames, &lids);
395 if (lids.idlist_val) {
396 *id = *lids.idlist_val;
397 free(lids.idlist_val);
399 if (lnames.namelist_val)
400 free(lnames.namelist_val);
406 pr_IdToName(ids, names)
410 register afs_int32 code;
412 code = ubik_Call(PR_IDToName, pruclient, 0, ids, names);
416 pr_SIdToName(id, name)
418 char name[PR_MAXNAMELEN];
422 register afs_int32 code;
425 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
426 *lids.idlist_val = id;
427 lnames.namelist_len = 0;
428 lnames.namelist_val = 0;
429 code = ubik_Call(PR_IDToName, pruclient, 0, &lids, &lnames);
430 if (lnames.namelist_val) {
431 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
432 free(lnames.namelist_val);
435 free(lids.idlist_val);
445 register afs_int32 code;
449 code = ubik_Call(PR_GetCPS, pruclient, 0, id, CPS, &over);
450 if (code != PRSUCCESS)
453 /* do something about this, probably make a new call */
454 /* don't forget there's a hard limit in the interface */
455 fprintf(stderr, "membership list for id %d exceeds display limit\n",
462 pr_GetCPS2(id, host, CPS)
467 register afs_int32 code;
471 code = ubik_Call(PR_GetCPS2, pruclient, 0, id, host, CPS, &over);
472 if (code != PRSUCCESS)
475 /* do something about this, probably make a new call */
476 /* don't forget there's a hard limit in the interface */
477 fprintf(stderr, "membership list for id %d exceeds display limit\n",
483 pr_GetHostCPS(host, CPS)
487 register afs_int32 code;
491 code = ubik_Call(PR_GetHostCPS, pruclient, 0, host, CPS, &over);
492 if (code != PRSUCCESS)
495 /* do something about this, probably make a new call */
496 /* don't forget there's a hard limit in the interface */
498 "membership list for host id %d exceeds display limit\n",
505 pr_ListMembers(group, lnames)
509 register afs_int32 code;
512 code = pr_SNameToId(group, &gid);
515 if (gid == ANONYMOUSID)
517 code = pr_IDListMembers(gid, lnames);
521 pr_ListOwned(oid, lnames, moreP)
526 register afs_int32 code;
530 alist.prlist_len = 0;
531 alist.prlist_val = 0;
532 code = ubik_Call(PR_ListOwned, pruclient, 0, oid, &alist, moreP);
536 /* Remain backwards compatible when moreP was a T/F bit */
537 fprintf(stderr, "membership list for id %d exceeds display limit\n",
541 lids = (idlist *) & alist;
542 code = pr_IdToName(lids, lnames);
545 if (alist.prlist_val)
546 free(alist.prlist_val);
550 pr_IDListMembers(gid, lnames)
554 register afs_int32 code;
559 alist.prlist_len = 0;
560 alist.prlist_val = 0;
561 code = ubik_Call(PR_ListElements, pruclient, 0, gid, &alist, &over);
565 fprintf(stderr, "membership list for id %d exceeds display limit\n",
568 lids = (idlist *) & alist;
569 code = pr_IdToName(lids, lnames);
572 if (alist.prlist_val)
573 free(alist.prlist_val);
578 pr_ListEntry(id, aentry)
580 struct prcheckentry *aentry;
582 register afs_int32 code;
584 code = ubik_Call(PR_ListEntry, pruclient, 0, id, aentry);
589 pr_ListEntries(flag, startindex, nentries, entries, nextstartindex)
590 afs_int32 startindex;
592 struct prlistentries **entries;
593 afs_int32 *nextstartindex;
596 prentries bulkentries;
600 *nextstartindex = -1;
601 bulkentries.prentries_val = 0;
602 bulkentries.prentries_len = 0;
605 ubik_Call(PR_ListEntries, pruclient, 0, flag, startindex,
606 &bulkentries, nextstartindex);
607 *nentries = bulkentries.prentries_len;
608 *entries = bulkentries.prentries_val;
612 pr_CheckEntryByName(name, id, owner, creator)
618 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
619 register afs_int32 code;
620 struct prcheckentry aentry;
622 code = pr_SNameToId(name, id);
625 if (*id == ANONYMOUSID)
627 code = ubik_Call(PR_ListEntry, pruclient, 0, *id, &aentry);
630 /* this should be done in one RPC, but I'm lazy. */
631 code = pr_SIdToName(aentry.owner, owner);
634 code = pr_SIdToName(aentry.creator, creator);
640 pr_CheckEntryById(name, id, owner, creator)
646 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
647 register afs_int32 code;
648 struct prcheckentry aentry;
650 code = pr_SIdToName(id, name);
653 if (id == ANONYMOUSID)
655 code = ubik_Call(PR_ListEntry, pruclient, 0, id, &aentry);
658 /* this should be done in one RPC, but I'm lazy. */
659 code = pr_SIdToName(aentry.owner, owner);
662 code = pr_SIdToName(aentry.creator, creator);
668 pr_ChangeEntry(oldname, newname, newid, newowner)
674 register afs_int32 code;
678 code = pr_SNameToId(oldname, &id);
681 if (id == ANONYMOUSID)
683 if (newowner && *newowner) {
684 code = pr_SNameToId(newowner, &oid);
687 if (oid == ANONYMOUSID)
690 code = ubik_Call(PR_ChangeEntry, pruclient, 0, id, newname, oid, newid);
694 pr_IsAMemberOf(uname, gname, flag)
699 register afs_int32 code;
705 lnames.namelist_len = 2;
706 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
707 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
708 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
711 code = pr_NameToId(&lnames, &lids);
713 if (lnames.namelist_val)
714 free(lnames.namelist_val);
716 free(lids.idlist_val);
720 ubik_Call(PR_IsAMemberOf, pruclient, 0, lids.idlist_val[0],
721 lids.idlist_val[1], flag);
722 if (lnames.namelist_val)
723 free(lnames.namelist_val);
725 free(lids.idlist_val);
730 pr_ListMaxUserId(mid)
733 register afs_int32 code;
735 code = ubik_Call(PR_ListMax, pruclient, 0, mid, &gid);
742 register afs_int32 code;
744 code = ubik_Call(PR_SetMax, pruclient, 0, mid, flag);
748 pr_ListMaxGroupId(mid)
751 register afs_int32 code;
753 code = ubik_Call(PR_ListMax, pruclient, 0, &id, mid);
757 pr_SetMaxGroupId(mid)
760 register afs_int32 code;
764 code = ubik_Call(PR_SetMax, pruclient, 0, mid, flag);
769 pr_SetFieldsEntry(id, mask, flags, ngroups, nusers)
772 afs_int32 flags, ngroups, nusers;
774 register afs_int32 code;
777 ubik_Call(PR_SetFieldsEntry, pruclient, 0, id, mask, flags, ngroups,