2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
29 #include "afs/cellconfig.h"
30 #include "afs/afsutil.h"
31 #include "afs/ptclient.h"
32 #include "afs/ptuser.h"
33 #include "afs/pterror.h"
34 #else /* defined(UKERNEL) */
37 #include <sys/types.h>
41 #include <netinet/in.h>
55 #include <afs/cellconfig.h>
56 #include <afs/afsutil.h>
60 #endif /* defined(UKERNEL) */
63 struct ubik_client *pruclient = 0;
64 static afs_int32 lastLevel; /* security level pruclient, if any */
66 static char *whoami = "libprot";
69 pr_Initialize(IN afs_int32 secLevel, IN char *confDir, IN char *cell)
72 struct rx_connection *serverconns[MAXSERVERS];
73 struct rx_securityClass *sc[3];
74 static struct afsconf_dir *tdir = 0; /* only do this once */
75 static char tconfDir[100];
76 static char tcell[64];
77 struct ktc_token ttoken;
79 static struct afsconf_cell info;
83 initialize_PT_error_table();
84 initialize_RXK_error_table();
85 initialize_ACFG_error_table();
86 initialize_KTC_error_table();
90 cell = afs_LclCellName;
92 #else /* defined(UKERNEL) */
94 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
97 "vos: can't get local cell name - check %s/%s\n",
98 confDir, AFSDIR_THISCELL_FILE);
103 #endif /* defined(UKERNEL) */
105 if (strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
107 * Different conf dir; force re-evaluation.
111 tdir = (struct afsconf_dir *)0;
112 pruclient = (struct ubik_client *)0;
116 strncpy(tconfDir, confDir, sizeof(tconfDir));
117 strncpy(tcell, cell, sizeof(tcell));
121 #else /* defined(UKERNEL) */
122 tdir = afsconf_Open(confDir);
124 if (confDir && strcmp(confDir, ""))
126 "libprot: Could not open configuration directory: %s.\n",
130 #endif /* defined(UKERNEL) */
132 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
134 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
135 cell, confDir, AFSDIR_CELLSERVDB_FILE);
140 /* If we already have a client and it is at the security level we
141 * want, don't get a new one. Unless the security level is 2 in
142 * which case we will get one (and re-read the key file).
144 if (pruclient && (lastLevel == secLevel) && (secLevel != 2))
149 fprintf(stderr, "libprot: Could not initialize rx.\n");
157 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
158 * to force use of the KeyFile. secLevel == 0 implies -noauth was
160 if ((secLevel == 2) && (afsconf_GetLatestKey(tdir, 0, 0) == 0)) {
161 /* If secLevel is two assume we're on a file server and use
162 * ClientAuthSecure if possible. */
163 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
166 "libprot: clientauthsecure returns %d %s"
167 " (so trying noauth)\n", code, error_message(code));
169 scIndex = 0; /* use noauth */
171 /* if there was a problem, an unauthenticated conn is returned */
173 } else if (secLevel > 0) {
174 struct ktc_principal sname;
175 strcpy(sname.cell, info.name);
176 sname.instance[0] = 0;
177 strcpy(sname.name, "afs");
178 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
182 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
183 /* this is a kerberos ticket, set scIndex accordingly */
187 "libprot: funny kvno (%d) in ticket, proceeding\n",
192 rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
193 ttoken.kvno, ttoken.ticketLen,
199 if ((scIndex == 0) && (sc[0] == 0))
200 sc[0] = rxnull_NewClientSecurityObject();
201 if ((scIndex == 0) && (secLevel != 0))
202 com_err(whoami, code,
203 "Could not get afs tokens, running unauthenticated.");
205 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
206 for (i = 0; i < info.numServers; i++)
208 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
209 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
212 code = ubik_ClientInit(serverconns, &pruclient);
214 com_err(whoami, code, "ubik client init failed.");
219 code = rxs_Release(sc[scIndex]);
229 code = ubik_ClientDestroy(pruclient);
238 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
240 register afs_int32 code;
244 code = ubik_Call(PR_INewEntry, pruclient, 0, name, *id, 0);
247 code = ubik_Call(PR_NewEntry, pruclient, 0, name, 0, 0, id);
254 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
256 register afs_int32 code;
262 code = pr_SNameToId(owner, &oid);
265 if (oid == ANONYMOUSID)
270 code = ubik_Call(PR_INewEntry, pruclient, 0, name, *id, oid);
273 code = ubik_Call(PR_NewEntry, pruclient, 0, name, flags, oid, id);
279 pr_Delete(char *name)
281 register afs_int32 code;
285 code = pr_SNameToId(name, &id);
288 if (id == ANONYMOUSID)
290 code = ubik_Call(PR_Delete, pruclient, 0, id);
295 pr_DeleteByID(afs_int32 id)
297 register afs_int32 code;
299 code = ubik_Call(PR_Delete, pruclient, 0, id);
304 pr_AddToGroup(char *user, char *group)
306 register afs_int32 code;
310 lnames.namelist_len = 2;
311 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
312 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
313 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
316 code = pr_NameToId(&lnames, &lids);
319 /* if here, still could be missing an entry */
320 if (lids.idlist_val[0] == ANONYMOUSID
321 || lids.idlist_val[1] == ANONYMOUSID) {
326 ubik_Call(PR_AddToGroup, pruclient, 0, lids.idlist_val[0],
329 if (lnames.namelist_val)
330 free(lnames.namelist_val);
332 free(lids.idlist_val);
337 pr_RemoveUserFromGroup(char *user, char *group)
339 register afs_int32 code;
343 lnames.namelist_len = 2;
344 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
345 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
346 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
349 code = pr_NameToId(&lnames, &lids);
353 if (lids.idlist_val[0] == ANONYMOUSID
354 || lids.idlist_val[1] == ANONYMOUSID) {
359 ubik_Call(PR_RemoveFromGroup, pruclient, 0, lids.idlist_val[0],
362 if (lnames.namelist_val)
363 free(lnames.namelist_val);
365 free(lids.idlist_val);
371 pr_NameToId(namelist *names, idlist *ids)
373 register afs_int32 code;
374 register afs_int32 i;
376 for (i = 0; i < names->namelist_len; i++)
377 stolower(names->namelist_val[i]);
378 code = ubik_Call(PR_NameToID, pruclient, 0, names, ids);
383 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
387 register afs_int32 code;
391 lnames.namelist_len = 1;
392 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
394 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
395 code = ubik_Call(PR_NameToID, pruclient, 0, &lnames, &lids);
396 if (lids.idlist_val) {
397 *id = *lids.idlist_val;
398 free(lids.idlist_val);
400 if (lnames.namelist_val)
401 free(lnames.namelist_val);
406 pr_IdToName(idlist *ids, namelist *names)
408 register afs_int32 code;
410 code = ubik_Call(PR_IDToName, pruclient, 0, ids, names);
415 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
419 register afs_int32 code;
422 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
423 *lids.idlist_val = id;
424 lnames.namelist_len = 0;
425 lnames.namelist_val = 0;
426 code = ubik_Call(PR_IDToName, pruclient, 0, &lids, &lnames);
427 if (lnames.namelist_val) {
428 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
429 free(lnames.namelist_val);
432 free(lids.idlist_val);
437 pr_GetCPS(afs_int32 id, prlist *CPS)
439 register afs_int32 code;
443 code = ubik_Call(PR_GetCPS, pruclient, 0, id, CPS, &over);
444 if (code != PRSUCCESS)
447 /* do something about this, probably make a new call */
448 /* don't forget there's a hard limit in the interface */
449 fprintf(stderr, "membership list for id %d exceeds display limit\n",
456 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
458 register afs_int32 code;
462 code = ubik_Call(PR_GetCPS2, pruclient, 0, id, host, CPS, &over);
463 if (code != PRSUCCESS)
466 /* do something about this, probably make a new call */
467 /* don't forget there's a hard limit in the interface */
468 fprintf(stderr, "membership list for id %d exceeds display limit\n",
475 pr_GetHostCPS(afs_int32 host, prlist *CPS)
477 register afs_int32 code;
481 code = ubik_Call(PR_GetHostCPS, pruclient, 0, host, CPS, &over);
482 if (code != PRSUCCESS)
485 /* do something about this, probably make a new call */
486 /* don't forget there's a hard limit in the interface */
488 "membership list for host id %d exceeds display limit\n",
495 pr_ListMembers(char *group, namelist *lnames)
497 register afs_int32 code;
500 code = pr_SNameToId(group, &gid);
503 if (gid == ANONYMOUSID)
505 code = pr_IDListMembers(gid, lnames);
510 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
512 register afs_int32 code;
516 alist.prlist_len = 0;
517 alist.prlist_val = 0;
518 code = ubik_Call(PR_ListOwned, pruclient, 0, oid, &alist, moreP);
522 /* Remain backwards compatible when moreP was a T/F bit */
523 fprintf(stderr, "membership list for id %d exceeds display limit\n",
527 lids = (idlist *) & alist;
528 code = pr_IdToName(lids, lnames);
531 if (alist.prlist_val)
532 free(alist.prlist_val);
537 pr_IDListMembers(afs_int32 gid, namelist *lnames)
539 register afs_int32 code;
544 alist.prlist_len = 0;
545 alist.prlist_val = 0;
546 code = ubik_Call(PR_ListElements, pruclient, 0, gid, &alist, &over);
550 fprintf(stderr, "membership list for id %d exceeds display limit\n",
553 lids = (idlist *) & alist;
554 code = pr_IdToName(lids, lnames);
557 if (alist.prlist_val)
558 free(alist.prlist_val);
563 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
565 register afs_int32 code;
567 code = ubik_Call(PR_ListEntry, pruclient, 0, id, aentry);
572 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
575 prentries bulkentries;
579 *nextstartindex = -1;
580 bulkentries.prentries_val = 0;
581 bulkentries.prentries_len = 0;
584 ubik_Call(PR_ListEntries, pruclient, 0, flag, startindex,
585 &bulkentries, nextstartindex);
586 *nentries = bulkentries.prentries_len;
587 *entries = bulkentries.prentries_val;
592 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
594 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
595 register afs_int32 code;
596 struct prcheckentry aentry;
598 code = pr_SNameToId(name, id);
601 if (*id == ANONYMOUSID)
603 code = ubik_Call(PR_ListEntry, pruclient, 0, *id, &aentry);
606 /* this should be done in one RPC, but I'm lazy. */
607 code = pr_SIdToName(aentry.owner, owner);
610 code = pr_SIdToName(aentry.creator, creator);
617 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
619 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
620 register afs_int32 code;
621 struct prcheckentry aentry;
623 code = pr_SIdToName(id, name);
626 if (id == ANONYMOUSID)
628 code = ubik_Call(PR_ListEntry, pruclient, 0, id, &aentry);
631 /* this should be done in one RPC, but I'm lazy. */
632 code = pr_SIdToName(aentry.owner, owner);
635 code = pr_SIdToName(aentry.creator, creator);
642 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
644 register afs_int32 code;
648 code = pr_SNameToId(oldname, &id);
651 if (id == ANONYMOUSID)
653 if (newowner && *newowner) {
654 code = pr_SNameToId(newowner, &oid);
657 if (oid == ANONYMOUSID)
660 code = ubik_Call(PR_ChangeEntry, pruclient, 0, id, newname, oid, newid);
665 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
667 register afs_int32 code;
673 lnames.namelist_len = 2;
674 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
675 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
676 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
679 code = pr_NameToId(&lnames, &lids);
681 if (lnames.namelist_val)
682 free(lnames.namelist_val);
684 free(lids.idlist_val);
688 ubik_Call(PR_IsAMemberOf, pruclient, 0, lids.idlist_val[0],
689 lids.idlist_val[1], flag);
690 if (lnames.namelist_val)
691 free(lnames.namelist_val);
693 free(lids.idlist_val);
698 pr_ListMaxUserId(afs_int32 *mid)
700 register afs_int32 code;
702 code = ubik_Call(PR_ListMax, pruclient, 0, mid, &gid);
707 pr_SetMaxUserId(afs_int32 mid)
709 register afs_int32 code;
711 code = ubik_Call(PR_SetMax, pruclient, 0, mid, flag);
716 pr_ListMaxGroupId(afs_int32 *mid)
718 register afs_int32 code;
720 code = ubik_Call(PR_ListMax, pruclient, 0, &id, mid);
725 pr_SetMaxGroupId(afs_int32 mid)
727 register afs_int32 code;
731 code = ubik_Call(PR_SetMax, pruclient, 0, mid, flag);
736 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
738 register afs_int32 code;
741 ubik_Call(PR_SetFieldsEntry, pruclient, 0, id, mask, flags, ngroups,