2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
20 #include <afs/cellconfig.h>
21 #include <afs/afsutil.h>
22 #include <afs/com_err.h>
29 # include "afs_usrops.h"
32 struct ubik_client *pruclient = 0;
33 static afs_int32 lastLevel; /* security level pruclient, if any */
35 static char *whoami = "libprot";
38 #define ID_HASH_SIZE 1024
39 #define ID_STACK_SIZE 1024
42 * Hash table chain of user and group ids.
50 * Hash table of user and group ids.
53 afs_uint32 userEntries; /**< number of user id entries hashed */
54 afs_uint32 groupEntries; /**< number of group id entries hashed */
55 struct idchain *hash[ID_HASH_SIZE];
59 * Allocate a new id hash table.
62 AllocateIdHash(struct idhash **aidhash)
64 struct idhash *idhash;
66 idhash = calloc(1, sizeof(struct idhash));
78 FreeIdHash(struct idhash *idhash)
81 struct idchain *chain;
84 for (index = 0; index < ID_HASH_SIZE; index++) {
85 for (chain = idhash->hash[index]; chain; chain = next) {
94 * Indicate if group/user id is already hashed, and
97 * @returns whether id is present
98 * @retval >0 id is already present in the hash
99 * @retval 0 id was not found and was inserted into the hash
100 * @retval <0 error encountered
103 FindId(struct idhash *idhash, afs_int32 id)
106 struct idchain *chain;
107 struct idchain *newChain;
109 index = abs(id) % ID_HASH_SIZE;
110 for (chain = idhash->hash[index]; chain; chain = chain->next) {
111 if (chain->id == id) {
116 /* Insert this id but return not found. */
117 newChain = malloc(sizeof(struct idchain));
122 newChain->next = idhash->hash[index];
123 idhash->hash[index] = newChain;
125 idhash->groupEntries++;
127 idhash->userEntries++;
134 * Create an idlist from the ids in the hash.
137 CreateIdList(struct idhash *idhash, idlist * alist, afs_int32 select)
139 struct idchain *chain;
140 afs_int32 entries = 0;
144 if (select & PRGROUPS) {
145 entries += idhash->groupEntries;
147 if (select & PRUSERS) {
148 entries += idhash->userEntries;
151 alist->idlist_len = entries;
152 alist->idlist_val = malloc(sizeof(afs_int32) * entries);
153 if (!alist->idlist_val) {
157 for (i = 0, index = 0; index < ID_HASH_SIZE; index++) {
158 for (chain = idhash->hash[index]; chain; chain = chain->next) {
160 if (select & PRGROUPS) {
161 alist->idlist_val[i++] = chain->id;
164 if (select & PRUSERS) {
165 alist->idlist_val[i++] = chain->id;
174 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
177 struct rx_connection *serverconns[MAXSERVERS];
178 struct rx_securityClass *sc = NULL;
179 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
180 static char tconfDir[100] = "";
181 static char tcell[64] = "";
184 static struct afsconf_cell info;
186 #if !defined(UKERNEL)
189 afs_int32 gottdir = 0;
190 afs_int32 refresh = 0;
192 initialize_PT_error_table();
193 initialize_RXK_error_table();
194 initialize_ACFG_error_table();
195 initialize_KTC_error_table();
199 cell = afs_LclCellName;
201 #else /* defined(UKERNEL) */
204 tdir = afsconf_Open(confDir);
206 if (confDir && strcmp(confDir, ""))
208 "%s: Could not open configuration directory: %s.\n",
212 "%s: No configuration directory specified.\n",
218 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
221 "libprot: Could not get local cell. [%d]\n", code);
226 #endif /* defined(UKERNEL) */
228 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
230 * force re-evaluation. we either don't have an afsconf_dir,
231 * the directory has changed or the cell has changed.
233 if (tdir && !gottdir) {
235 tdir = (struct afsconf_dir *)NULL;
237 pruclient = (struct ubik_client *)NULL;
242 strncpy(tconfDir, confDir, sizeof(tconfDir));
243 strncpy(tcell, cell, sizeof(tcell));
247 #else /* defined(UKERNEL) */
249 tdir = afsconf_Open(confDir);
251 if (confDir && strcmp(confDir, ""))
253 "libprot: Could not open configuration directory: %s.\n",
257 "libprot: No configuration directory specified.\n");
260 #endif /* defined(UKERNEL) */
262 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
264 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
265 cell, confDir, AFSDIR_CELLSERVDB_FILE);
270 /* If we already have a client and it is at the security level we
271 * want, don't get a new one. Unless the security level is 2 in
272 * which case we will get one (and re-read the key file).
274 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
280 fprintf(stderr, "libprot: Could not initialize rx.\n");
284 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
285 * to force use of the KeyFile. secLevel == 0 implies -noauth was
288 /* If secLevel is two assume we're on a file server and use
289 * ClientAuthSecure if possible. */
290 code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
292 afs_com_err(whoami, code, "(calling client secure)\n");
293 } else if (secLevel > 0) {
296 secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
298 code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
300 afs_com_err(whoami, code, "(getting token)");
307 sc = rxnull_NewClientSecurityObject();
308 scIndex = RX_SECIDX_NULL;
311 if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0))
313 "%s: Could not get afs tokens, running unauthenticated\n",
316 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
317 for (i = 0; i < info.numServers; i++)
319 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
320 info.hostAddr[i].sin_port, PRSRV, sc,
323 code = ubik_ClientInit(serverconns, &pruclient);
325 afs_com_err(whoami, code, "ubik client init failed.");
330 code = rxs_Release(sc);
340 code = ubik_ClientDestroy(pruclient);
349 pr_CreateUser(prname name, afs_int32 *id)
355 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
358 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
365 pr_CreateGroup(prname name, prname owner, afs_int32 *id)
373 code = pr_SNameToId(owner, &oid);
376 if (oid == ANONYMOUSID)
381 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
384 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
390 pr_Delete(char *name)
396 code = pr_SNameToId(name, &id);
399 if (id == ANONYMOUSID)
401 code = ubik_PR_Delete(pruclient, 0, id);
406 pr_DeleteByID(afs_int32 id)
410 code = ubik_PR_Delete(pruclient, 0, id);
415 pr_AddToGroup(char *user, char *group)
421 lnames.namelist_len = 2;
422 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
423 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
424 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
427 code = pr_NameToId(&lnames, &lids);
430 /* if here, still could be missing an entry */
431 if (lids.idlist_val[0] == ANONYMOUSID
432 || lids.idlist_val[1] == ANONYMOUSID) {
437 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
440 if (lnames.namelist_val)
441 free(lnames.namelist_val);
443 xdr_free((xdrproc_t) xdr_idlist, &lids);
448 pr_RemoveUserFromGroup(char *user, char *group)
454 lnames.namelist_len = 2;
455 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
456 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
457 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
460 code = pr_NameToId(&lnames, &lids);
464 if (lids.idlist_val[0] == ANONYMOUSID
465 || lids.idlist_val[1] == ANONYMOUSID) {
470 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
473 if (lnames.namelist_val)
474 free(lnames.namelist_val);
476 xdr_free((xdrproc_t) xdr_idlist, &lids);
482 pr_NameToId(namelist *names, idlist *ids)
487 for (i = 0; i < names->namelist_len; i++)
488 stolower(names->namelist_val[i]);
489 code = ubik_PR_NameToID(pruclient, 0, names, ids);
494 pr_SNameToId(prname name, afs_int32 *id)
502 lnames.namelist_len = 1;
503 lnames.namelist_val = malloc(PR_MAXNAMELEN);
505 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
506 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
507 if (lids.idlist_val) {
508 *id = *lids.idlist_val;
509 xdr_free((xdrproc_t) xdr_idlist, &lids);
510 } else if (code == 0) {
513 if (lnames.namelist_val)
514 free(lnames.namelist_val);
519 pr_IdToName(idlist *ids, namelist *names)
523 code = ubik_PR_IDToName(pruclient, 0, ids, names);
528 pr_SIdToName(afs_int32 id, prname name)
535 lids.idlist_val = malloc(sizeof(afs_int32));
536 *lids.idlist_val = id;
537 lnames.namelist_len = 0;
538 lnames.namelist_val = 0;
539 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
541 if (lnames.namelist_val)
542 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
547 free(lids.idlist_val);
549 xdr_free((xdrproc_t) xdr_namelist, &lnames);
555 pr_GetCPS(afs_int32 id, prlist *CPS)
561 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
562 if (code != PRSUCCESS)
565 /* do something about this, probably make a new call */
566 /* don't forget there's a hard limit in the interface */
567 fprintf(stderr, "membership list for id %d exceeds display limit\n",
574 pr_GetCPS2(afs_int32 id, afs_uint32 host, prlist *CPS)
580 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
581 if (code != PRSUCCESS)
584 /* do something about this, probably make a new call */
585 /* don't forget there's a hard limit in the interface */
586 fprintf(stderr, "membership list for id %d exceeds display limit\n",
593 pr_GetHostCPS(afs_uint32 host, prlist *CPS)
599 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
600 if (code != PRSUCCESS)
603 /* do something about this, probably make a new call */
604 /* don't forget there's a hard limit in the interface */
606 "membership list for host id %d exceeds display limit\n",
613 pr_ListMembers(char *group, namelist *lnames)
618 code = pr_SNameToId(group, &gid);
621 if (gid == ANONYMOUSID)
623 code = pr_IDListMembers(gid, lnames);
628 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
634 alist.prlist_len = 0;
635 alist.prlist_val = 0;
636 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
640 /* Remain backwards compatible when moreP was a T/F bit */
641 fprintf(stderr, "membership list for id %d exceeds display limit\n",
645 lids = (idlist *) &alist;
646 code = pr_IdToName(lids, lnames);
648 xdr_free((xdrproc_t) xdr_prlist, &alist);
657 pr_IDListMembers(afs_int32 gid, namelist *lnames)
664 alist.prlist_len = 0;
665 alist.prlist_val = 0;
666 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
670 fprintf(stderr, "membership list for id %d exceeds display limit\n",
673 lids = (idlist *) &alist;
674 code = pr_IdToName(lids, lnames);
676 xdr_free((xdrproc_t) xdr_prlist, &alist);
684 pr_IDListExpandedMembers(afs_int32 aid, namelist * lnames)
691 struct idhash *members = NULL;
692 afs_int32 *stack = NULL;
693 afs_int32 maxstack = ID_STACK_SIZE;
694 int n = 0; /* number of ids stacked */
698 code = AllocateIdHash(&members);
702 stack = malloc(sizeof(afs_int32) * maxstack);
710 gid = stack[--n]; /* pop next group id */
711 alist.prlist_len = 0;
712 alist.prlist_val = NULL;
713 if (firstpass || aid < 0) {
715 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
717 code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
718 if (code == RXGEN_OPCODE) {
719 alist.prlist_len = 0;
720 alist.prlist_val = NULL;
721 code = 0; /* server does not support supergroups. */
728 "membership list for id %d exceeds display limit\n", gid);
730 for (i = 0; i < alist.prlist_len; i++) {
734 id = alist.prlist_val[i];
735 found = FindId(members, id);
738 xdr_free((xdrproc_t) xdr_prlist, &alist);
741 if (found == 0 && id < 0) {
742 if (n == maxstack) { /* need more stack space */
745 tmp = realloc(stack, maxstack * sizeof(afs_int32));
748 xdr_free((xdrproc_t) xdr_prlist, &alist);
753 stack[n++] = id; /* push group id */
756 xdr_free((xdrproc_t) xdr_prlist, &alist);
759 code = CreateIdList(members, &lids, (aid < 0 ? PRUSERS : PRGROUPS));
763 code = pr_IdToName(&lids, lnames);
765 free(lids.idlist_val);
776 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
780 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
785 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
788 prentries bulkentries;
792 *nextstartindex = -1;
793 bulkentries.prentries_val = 0;
794 bulkentries.prentries_len = 0;
797 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
798 &bulkentries, nextstartindex);
799 *nentries = bulkentries.prentries_len;
800 *entries = bulkentries.prentries_val;
805 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
807 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
809 struct prcheckentry aentry;
811 code = pr_SNameToId(name, id);
814 if (*id == ANONYMOUSID)
816 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
819 /* this should be done in one RPC, but I'm lazy. */
820 code = pr_SIdToName(aentry.owner, owner);
823 code = pr_SIdToName(aentry.creator, creator);
830 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
832 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
834 struct prcheckentry aentry;
836 code = pr_SIdToName(id, name);
839 if (id == ANONYMOUSID)
841 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
844 /* this should be done in one RPC, but I'm lazy. */
845 code = pr_SIdToName(aentry.owner, owner);
848 code = pr_SIdToName(aentry.creator, creator);
855 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
861 code = pr_SNameToId(oldname, &id);
864 if (id == ANONYMOUSID)
866 if (newowner && *newowner) {
867 code = pr_SNameToId(newowner, &oid);
870 if (oid == ANONYMOUSID)
874 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
876 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
881 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
889 lnames.namelist_len = 2;
890 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
891 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
892 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
895 code = pr_NameToId(&lnames, &lids);
897 if (lnames.namelist_val)
898 free(lnames.namelist_val);
899 xdr_free((xdrproc_t) xdr_idlist, &lids);
903 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
904 lids.idlist_val[1], flag);
905 if (lnames.namelist_val)
906 free(lnames.namelist_val);
907 xdr_free((xdrproc_t) xdr_idlist, &lids);
912 pr_ListMaxUserId(afs_int32 *mid)
916 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
921 pr_SetMaxUserId(afs_int32 mid)
925 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
930 pr_ListMaxGroupId(afs_int32 *mid)
934 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
939 pr_SetMaxGroupId(afs_int32 mid)
945 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
950 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
955 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,
961 pr_ListSuperGroups(afs_int32 gid, namelist * lnames)
968 alist.prlist_len = 0;
969 alist.prlist_val = 0;
970 code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
974 fprintf(stderr, "supergroup list for id %d exceeds display limit\n",
977 lids = (idlist *) & alist;
978 code = pr_IdToName(lids, lnames);
980 xdr_free((xdrproc_t) xdr_prlist, &alist);