2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
21 #include "afs/sysincludes.h"
22 #include "afs_usrops.h"
23 #include "afsincludes.h"
28 #include "afs/cellconfig.h"
29 #include "afs/afsutil.h"
30 #include "afs/ptclient.h"
31 #include "afs/ptuser.h"
32 #include "afs/pterror.h"
33 #else /* defined(UKERNEL) */
36 #include <sys/types.h>
40 #include <netinet/in.h>
47 #include <afs/cellconfig.h>
48 #include <afs/afsutil.h>
49 #include <afs/com_err.h>
53 #endif /* defined(UKERNEL) */
56 struct ubik_client *pruclient = 0;
57 static afs_int32 lastLevel; /* security level pruclient, if any */
59 static char *whoami = "libprot";
62 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
65 struct rx_connection *serverconns[MAXSERVERS];
66 struct rx_securityClass *sc[3];
67 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
68 static char tconfDir[100] = "";
69 static char tcell[64] = "";
70 struct ktc_token ttoken;
72 static struct afsconf_cell info;
75 afs_int32 gottdir = 0;
76 afs_int32 refresh = 0;
78 initialize_PT_error_table();
79 initialize_RXK_error_table();
80 initialize_ACFG_error_table();
81 initialize_KTC_error_table();
85 cell = afs_LclCellName;
87 #else /* defined(UKERNEL) */
90 tdir = afsconf_Open(confDir);
92 if (confDir && strcmp(confDir, ""))
94 "%s: Could not open configuration directory: %s.\n",
98 "%s: No configuration directory specified.\n",
104 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
107 "libprot: Could not get local cell. [%d]\n", code);
112 #endif /* defined(UKERNEL) */
114 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
116 * force re-evaluation. we either don't have an afsconf_dir,
117 * the directory has changed or the cell has changed.
119 if (tdir && !gottdir) {
121 tdir = (struct afsconf_dir *)NULL;
123 pruclient = (struct ubik_client *)NULL;
128 strncpy(tconfDir, confDir, sizeof(tconfDir));
129 strncpy(tcell, cell, sizeof(tcell));
133 #else /* defined(UKERNEL) */
135 tdir = afsconf_Open(confDir);
137 if (confDir && strcmp(confDir, ""))
139 "libprot: Could not open configuration directory: %s.\n",
143 "libprot: No configuration directory specified.\n");
146 #endif /* defined(UKERNEL) */
148 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
150 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
151 cell, confDir, AFSDIR_CELLSERVDB_FILE);
156 /* If we already have a client and it is at the security level we
157 * want, don't get a new one. Unless the security level is 2 in
158 * which case we will get one (and re-read the key file).
160 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
166 fprintf(stderr, "libprot: Could not initialize rx.\n");
174 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
175 * to force use of the KeyFile. secLevel == 0 implies -noauth was
178 code = afsconf_GetLatestKey(tdir, 0, 0);
180 afs_com_err(whoami, code,
181 "(getting key from local KeyFile)\n");
182 scIndex = 0; /* use noauth */
184 /* If secLevel is two assume we're on a file server and use
185 * ClientAuthSecure if possible. */
186 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
188 afs_com_err(whoami, code,
189 "(calling client secure)\n");
190 scIndex = 0; /* use noauth */
194 /* if there was a problem, an unauthenticated conn is returned */
196 } else if (secLevel > 0) {
197 struct ktc_principal sname;
198 strcpy(sname.cell, info.name);
199 sname.instance[0] = 0;
200 strcpy(sname.name, "afs");
201 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
203 afs_com_err(whoami, code, "(getting token)");
206 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
207 /* this is a kerberos ticket, set scIndex accordingly */
211 "%s: funny kvno (%d) in ticket, proceeding\n",
212 whoami, ttoken.kvno);
216 rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
217 ttoken.kvno, ttoken.ticketLen,
224 if ((scIndex == 0) && (sc[0] == 0))
225 sc[0] = rxnull_NewClientSecurityObject();
226 if ((scIndex == 0) && (secLevel != 0))
228 "%s: Could not get afs tokens, running unauthenticated\n",
231 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
232 for (i = 0; i < info.numServers; i++)
234 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
235 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
238 code = ubik_ClientInit(serverconns, &pruclient);
240 afs_com_err(whoami, code, "ubik client init failed.");
245 code = rxs_Release(sc[scIndex]);
255 code = ubik_ClientDestroy(pruclient);
264 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
266 register afs_int32 code;
270 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
273 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
280 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
282 register afs_int32 code;
288 code = pr_SNameToId(owner, &oid);
291 if (oid == ANONYMOUSID)
296 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
299 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
305 pr_Delete(char *name)
307 register afs_int32 code;
311 code = pr_SNameToId(name, &id);
314 if (id == ANONYMOUSID)
316 code = ubik_PR_Delete(pruclient, 0, id);
321 pr_DeleteByID(afs_int32 id)
323 register afs_int32 code;
325 code = ubik_PR_Delete(pruclient, 0, id);
330 pr_AddToGroup(char *user, char *group)
332 register afs_int32 code;
336 lnames.namelist_len = 2;
337 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
338 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
339 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
342 code = pr_NameToId(&lnames, &lids);
345 /* if here, still could be missing an entry */
346 if (lids.idlist_val[0] == ANONYMOUSID
347 || lids.idlist_val[1] == ANONYMOUSID) {
352 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
355 if (lnames.namelist_val)
356 free(lnames.namelist_val);
358 free(lids.idlist_val);
363 pr_RemoveUserFromGroup(char *user, char *group)
365 register afs_int32 code;
369 lnames.namelist_len = 2;
370 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
371 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
372 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
375 code = pr_NameToId(&lnames, &lids);
379 if (lids.idlist_val[0] == ANONYMOUSID
380 || lids.idlist_val[1] == ANONYMOUSID) {
385 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
388 if (lnames.namelist_val)
389 free(lnames.namelist_val);
391 free(lids.idlist_val);
397 pr_NameToId(namelist *names, idlist *ids)
399 register afs_int32 code;
400 register afs_int32 i;
402 for (i = 0; i < names->namelist_len; i++)
403 stolower(names->namelist_val[i]);
404 code = ubik_PR_NameToID(pruclient, 0, names, ids);
409 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
413 register afs_int32 code;
417 lnames.namelist_len = 1;
418 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
420 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
421 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
422 if (lids.idlist_val) {
423 *id = *lids.idlist_val;
424 free(lids.idlist_val);
426 if (lnames.namelist_val)
427 free(lnames.namelist_val);
432 pr_IdToName(idlist *ids, namelist *names)
434 register afs_int32 code;
436 code = ubik_PR_IDToName(pruclient, 0, ids, names);
441 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
445 register afs_int32 code;
448 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
449 *lids.idlist_val = id;
450 lnames.namelist_len = 0;
451 lnames.namelist_val = 0;
452 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
453 if (lnames.namelist_val) {
454 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
455 free(lnames.namelist_val);
458 free(lids.idlist_val);
463 pr_GetCPS(afs_int32 id, prlist *CPS)
465 register afs_int32 code;
469 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
470 if (code != PRSUCCESS)
473 /* do something about this, probably make a new call */
474 /* don't forget there's a hard limit in the interface */
475 fprintf(stderr, "membership list for id %d exceeds display limit\n",
482 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
484 register afs_int32 code;
488 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
489 if (code != PRSUCCESS)
492 /* do something about this, probably make a new call */
493 /* don't forget there's a hard limit in the interface */
494 fprintf(stderr, "membership list for id %d exceeds display limit\n",
501 pr_GetHostCPS(afs_int32 host, prlist *CPS)
503 register afs_int32 code;
507 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
508 if (code != PRSUCCESS)
511 /* do something about this, probably make a new call */
512 /* don't forget there's a hard limit in the interface */
514 "membership list for host id %d exceeds display limit\n",
521 pr_ListMembers(char *group, namelist *lnames)
523 register afs_int32 code;
526 code = pr_SNameToId(group, &gid);
529 if (gid == ANONYMOUSID)
531 code = pr_IDListMembers(gid, lnames);
536 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
538 register afs_int32 code;
542 alist.prlist_len = 0;
543 alist.prlist_val = 0;
544 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
548 /* Remain backwards compatible when moreP was a T/F bit */
549 fprintf(stderr, "membership list for id %d exceeds display limit\n",
553 lids = (idlist *) & alist;
554 code = pr_IdToName(lids, lnames);
557 if (alist.prlist_val)
558 free(alist.prlist_val);
563 pr_IDListMembers(afs_int32 gid, namelist *lnames)
565 register afs_int32 code;
570 alist.prlist_len = 0;
571 alist.prlist_val = 0;
572 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
576 fprintf(stderr, "membership list for id %d exceeds display limit\n",
579 lids = (idlist *) & alist;
580 code = pr_IdToName(lids, lnames);
583 if (alist.prlist_val)
584 free(alist.prlist_val);
589 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
591 register afs_int32 code;
593 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
598 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
601 prentries bulkentries;
605 *nextstartindex = -1;
606 bulkentries.prentries_val = 0;
607 bulkentries.prentries_len = 0;
610 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
611 &bulkentries, nextstartindex);
612 *nentries = bulkentries.prentries_len;
613 *entries = bulkentries.prentries_val;
618 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
620 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
621 register afs_int32 code;
622 struct prcheckentry aentry;
624 code = pr_SNameToId(name, id);
627 if (*id == ANONYMOUSID)
629 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
632 /* this should be done in one RPC, but I'm lazy. */
633 code = pr_SIdToName(aentry.owner, owner);
636 code = pr_SIdToName(aentry.creator, creator);
643 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
645 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
646 register afs_int32 code;
647 struct prcheckentry aentry;
649 code = pr_SIdToName(id, name);
652 if (id == ANONYMOUSID)
654 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
657 /* this should be done in one RPC, but I'm lazy. */
658 code = pr_SIdToName(aentry.owner, owner);
661 code = pr_SIdToName(aentry.creator, creator);
668 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
670 register afs_int32 code;
674 code = pr_SNameToId(oldname, &id);
677 if (id == ANONYMOUSID)
679 if (newowner && *newowner) {
680 code = pr_SNameToId(newowner, &oid);
683 if (oid == ANONYMOUSID)
687 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
689 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
694 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
696 register afs_int32 code;
702 lnames.namelist_len = 2;
703 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
704 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
705 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
708 code = pr_NameToId(&lnames, &lids);
710 if (lnames.namelist_val)
711 free(lnames.namelist_val);
713 free(lids.idlist_val);
717 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
718 lids.idlist_val[1], flag);
719 if (lnames.namelist_val)
720 free(lnames.namelist_val);
722 free(lids.idlist_val);
727 pr_ListMaxUserId(afs_int32 *mid)
729 register afs_int32 code;
731 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
736 pr_SetMaxUserId(afs_int32 mid)
738 register afs_int32 code;
740 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
745 pr_ListMaxGroupId(afs_int32 *mid)
747 register afs_int32 code;
749 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
754 pr_SetMaxGroupId(afs_int32 mid)
756 register afs_int32 code;
760 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
765 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
767 register afs_int32 code;
770 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,