2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
11 #include <afs/param.h>
15 #include <sys/types.h>
19 #include <netinet/in.h>
26 #include <afs/cellconfig.h>
27 #include <afs/afsutil.h>
28 #include <afs/com_err.h>
35 # include "afs_usrops.h"
38 struct ubik_client *pruclient = 0;
39 static afs_int32 lastLevel; /* security level pruclient, if any */
41 static char *whoami = "libprot";
44 #define ID_HASH_SIZE 1024
45 #define ID_STACK_SIZE 1024
48 * Hash table chain of user and group ids.
56 * Hash table of user and group ids.
59 afs_uint32 userEntries; /**< number of user id entries hashed */
60 afs_uint32 groupEntries; /**< number of group id entries hashed */
61 struct idchain *hash[ID_HASH_SIZE];
65 * Allocate a new id hash table.
68 AllocateIdHash(struct idhash **aidhash)
70 struct idhash *idhash;
72 idhash = (struct idhash *)malloc(sizeof(struct idhash));
76 memset((void *)idhash, 0, sizeof(struct idhash));
85 FreeIdHash(struct idhash *idhash)
88 struct idchain *chain;
91 for (index = 0; index < ID_HASH_SIZE; index++) {
92 for (chain = idhash->hash[index]; chain; chain = next) {
101 * Indicate if group/user id is already hashed, and
104 * @returns whether id is present
105 * @retval >0 id is already present in the hash
106 * @retval 0 id was not found and was inserted into the hash
107 * @retval <0 error encountered
110 FindId(struct idhash *idhash, afs_int32 id)
113 struct idchain *chain;
114 struct idchain *newChain;
116 index = abs(id) % ID_HASH_SIZE;
117 for (chain = idhash->hash[index]; chain; chain = chain->next) {
118 if (chain->id == id) {
123 /* Insert this id but return not found. */
124 newChain = (struct idchain *)malloc(sizeof(struct idchain));
129 newChain->next = idhash->hash[index];
130 idhash->hash[index] = newChain;
132 idhash->groupEntries++;
134 idhash->userEntries++;
141 * Create an idlist from the ids in the hash.
144 CreateIdList(struct idhash *idhash, idlist * alist, afs_int32 select)
146 struct idchain *chain;
147 afs_int32 entries = 0;
151 if (select & PRGROUPS) {
152 entries += idhash->groupEntries;
154 if (select & PRUSERS) {
155 entries += idhash->userEntries;
158 alist->idlist_len = entries;
159 alist->idlist_val = (afs_int32 *) malloc(sizeof(afs_int32) * entries);
160 if (!alist->idlist_val) {
164 for (i = 0, index = 0; index < ID_HASH_SIZE; index++) {
165 for (chain = idhash->hash[index]; chain; chain = chain->next) {
167 if (select & PRGROUPS) {
168 alist->idlist_val[i++] = chain->id;
171 if (select & PRUSERS) {
172 alist->idlist_val[i++] = chain->id;
181 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
184 struct rx_connection *serverconns[MAXSERVERS];
185 struct rx_securityClass *sc = NULL;
186 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
187 static char tconfDir[100] = "";
188 static char tcell[64] = "";
191 static struct afsconf_cell info;
193 #if !defined(UKERNEL)
196 afs_int32 gottdir = 0;
197 afs_int32 refresh = 0;
199 initialize_PT_error_table();
200 initialize_RXK_error_table();
201 initialize_ACFG_error_table();
202 initialize_KTC_error_table();
206 cell = afs_LclCellName;
208 #else /* defined(UKERNEL) */
211 tdir = afsconf_Open(confDir);
213 if (confDir && strcmp(confDir, ""))
215 "%s: Could not open configuration directory: %s.\n",
219 "%s: No configuration directory specified.\n",
225 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
228 "libprot: Could not get local cell. [%d]\n", code);
233 #endif /* defined(UKERNEL) */
235 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
237 * force re-evaluation. we either don't have an afsconf_dir,
238 * the directory has changed or the cell has changed.
240 if (tdir && !gottdir) {
242 tdir = (struct afsconf_dir *)NULL;
244 pruclient = (struct ubik_client *)NULL;
249 strncpy(tconfDir, confDir, sizeof(tconfDir));
250 strncpy(tcell, cell, sizeof(tcell));
254 #else /* defined(UKERNEL) */
256 tdir = afsconf_Open(confDir);
258 if (confDir && strcmp(confDir, ""))
260 "libprot: Could not open configuration directory: %s.\n",
264 "libprot: No configuration directory specified.\n");
267 #endif /* defined(UKERNEL) */
269 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
271 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
272 cell, confDir, AFSDIR_CELLSERVDB_FILE);
277 /* If we already have a client and it is at the security level we
278 * want, don't get a new one. Unless the security level is 2 in
279 * which case we will get one (and re-read the key file).
281 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
287 fprintf(stderr, "libprot: Could not initialize rx.\n");
291 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
292 * to force use of the KeyFile. secLevel == 0 implies -noauth was
295 code = afsconf_GetLatestKey(tdir, 0, 0);
297 afs_com_err(whoami, code, "(getting key from local KeyFile)\n");
299 /* If secLevel is two assume we're on a file server and use
300 * ClientAuthSecure if possible. */
301 code = afsconf_ClientAuthSecure(tdir, &sc, &scIndex);
303 afs_com_err(whoami, code, "(calling client secure)\n");
305 } else if (secLevel > 0) {
308 secFlags |= AFSCONF_SECOPTS_ALWAYSENCRYPT;
310 code = afsconf_ClientAuthToken(&info, secFlags, &sc, &scIndex, NULL);
312 afs_com_err(whoami, code, "(getting token)");
319 sc = rxnull_NewClientSecurityObject();
320 scIndex = RX_SECIDX_NULL;
323 if ((scIndex == RX_SECIDX_NULL) && (secLevel != 0))
325 "%s: Could not get afs tokens, running unauthenticated\n",
328 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
329 for (i = 0; i < info.numServers; i++)
331 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
332 info.hostAddr[i].sin_port, PRSRV, sc,
335 code = ubik_ClientInit(serverconns, &pruclient);
337 afs_com_err(whoami, code, "ubik client init failed.");
342 code = rxs_Release(sc);
352 code = ubik_ClientDestroy(pruclient);
361 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
367 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
370 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
377 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
385 code = pr_SNameToId(owner, &oid);
388 if (oid == ANONYMOUSID)
393 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
396 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
402 pr_Delete(char *name)
408 code = pr_SNameToId(name, &id);
411 if (id == ANONYMOUSID)
413 code = ubik_PR_Delete(pruclient, 0, id);
418 pr_DeleteByID(afs_int32 id)
422 code = ubik_PR_Delete(pruclient, 0, id);
427 pr_AddToGroup(char *user, char *group)
433 lnames.namelist_len = 2;
434 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
435 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
436 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
439 code = pr_NameToId(&lnames, &lids);
442 /* if here, still could be missing an entry */
443 if (lids.idlist_val[0] == ANONYMOUSID
444 || lids.idlist_val[1] == ANONYMOUSID) {
449 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
452 if (lnames.namelist_val)
453 free(lnames.namelist_val);
455 xdr_free((xdrproc_t) xdr_idlist, &lids);
460 pr_RemoveUserFromGroup(char *user, char *group)
466 lnames.namelist_len = 2;
467 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
468 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
469 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
472 code = pr_NameToId(&lnames, &lids);
476 if (lids.idlist_val[0] == ANONYMOUSID
477 || lids.idlist_val[1] == ANONYMOUSID) {
482 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
485 if (lnames.namelist_val)
486 free(lnames.namelist_val);
488 xdr_free((xdrproc_t) xdr_idlist, &lids);
494 pr_NameToId(namelist *names, idlist *ids)
499 for (i = 0; i < names->namelist_len; i++)
500 stolower(names->namelist_val[i]);
501 code = ubik_PR_NameToID(pruclient, 0, names, ids);
506 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
514 lnames.namelist_len = 1;
515 lnames.namelist_val = malloc(PR_MAXNAMELEN);
517 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
518 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
519 if (lids.idlist_val) {
520 *id = *lids.idlist_val;
521 xdr_free((xdrproc_t) xdr_idlist, &lids);
523 if (lnames.namelist_val)
524 free(lnames.namelist_val);
529 pr_IdToName(idlist *ids, namelist *names)
533 code = ubik_PR_IDToName(pruclient, 0, ids, names);
538 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
545 lids.idlist_val = malloc(sizeof(afs_int32));
546 *lids.idlist_val = id;
547 lnames.namelist_len = 0;
548 lnames.namelist_val = 0;
549 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
551 if (lnames.namelist_val)
552 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
555 free(lids.idlist_val);
557 xdr_free((xdrproc_t) xdr_namelist, &lnames);
563 pr_GetCPS(afs_int32 id, prlist *CPS)
569 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
570 if (code != PRSUCCESS)
573 /* do something about this, probably make a new call */
574 /* don't forget there's a hard limit in the interface */
575 fprintf(stderr, "membership list for id %d exceeds display limit\n",
582 pr_GetCPS2(afs_int32 id, afs_uint32 host, prlist *CPS)
588 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
589 if (code != PRSUCCESS)
592 /* do something about this, probably make a new call */
593 /* don't forget there's a hard limit in the interface */
594 fprintf(stderr, "membership list for id %d exceeds display limit\n",
601 pr_GetHostCPS(afs_uint32 host, prlist *CPS)
607 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
608 if (code != PRSUCCESS)
611 /* do something about this, probably make a new call */
612 /* don't forget there's a hard limit in the interface */
614 "membership list for host id %d exceeds display limit\n",
621 pr_ListMembers(char *group, namelist *lnames)
626 code = pr_SNameToId(group, &gid);
629 if (gid == ANONYMOUSID)
631 code = pr_IDListMembers(gid, lnames);
636 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
642 alist.prlist_len = 0;
643 alist.prlist_val = 0;
644 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
648 /* Remain backwards compatible when moreP was a T/F bit */
649 fprintf(stderr, "membership list for id %d exceeds display limit\n",
653 lids = (idlist *) &alist;
654 code = pr_IdToName(lids, lnames);
656 xdr_free((xdrproc_t) xdr_prlist, &alist);
665 pr_IDListMembers(afs_int32 gid, namelist *lnames)
672 alist.prlist_len = 0;
673 alist.prlist_val = 0;
674 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
678 fprintf(stderr, "membership list for id %d exceeds display limit\n",
681 lids = (idlist *) &alist;
682 code = pr_IdToName(lids, lnames);
684 xdr_free((xdrproc_t) xdr_prlist, &alist);
692 pr_IDListExpandedMembers(afs_int32 aid, namelist * lnames)
699 struct idhash *members = NULL;
700 afs_int32 *stack = NULL;
701 afs_int32 maxstack = ID_STACK_SIZE;
702 int n = 0; /* number of ids stacked */
706 code = AllocateIdHash(&members);
710 stack = (afs_int32 *) malloc(sizeof(afs_int32) * maxstack);
718 gid = stack[--n]; /* pop next group id */
719 alist.prlist_len = 0;
720 alist.prlist_val = NULL;
721 if (firstpass || aid < 0) {
723 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
725 code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
726 if (code == RXGEN_OPCODE) {
727 alist.prlist_len = 0;
728 alist.prlist_val = NULL;
729 code = 0; /* server does not support supergroups. */
736 "membership list for id %d exceeds display limit\n", gid);
738 for (i = 0; i < alist.prlist_len; i++) {
742 id = alist.prlist_val[i];
743 found = FindId(members, id);
746 xdr_free((xdrproc_t) xdr_prlist, &alist);
749 if (found == 0 && id < 0) {
750 if (n == maxstack) { /* need more stack space */
754 (afs_int32 *) realloc(stack,
755 maxstack * sizeof(afs_int32));
758 xdr_free((xdrproc_t) xdr_prlist, &alist);
763 stack[n++] = id; /* push group id */
766 xdr_free((xdrproc_t) xdr_prlist, &alist);
769 code = CreateIdList(members, &lids, (aid < 0 ? PRUSERS : PRGROUPS));
773 code = pr_IdToName(&lids, lnames);
775 free(lids.idlist_val);
786 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
790 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
795 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
798 prentries bulkentries;
802 *nextstartindex = -1;
803 bulkentries.prentries_val = 0;
804 bulkentries.prentries_len = 0;
807 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
808 &bulkentries, nextstartindex);
809 *nentries = bulkentries.prentries_len;
810 *entries = bulkentries.prentries_val;
815 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
817 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
819 struct prcheckentry aentry;
821 code = pr_SNameToId(name, id);
824 if (*id == ANONYMOUSID)
826 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
829 /* this should be done in one RPC, but I'm lazy. */
830 code = pr_SIdToName(aentry.owner, owner);
833 code = pr_SIdToName(aentry.creator, creator);
840 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
842 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
844 struct prcheckentry aentry;
846 code = pr_SIdToName(id, name);
849 if (id == ANONYMOUSID)
851 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
854 /* this should be done in one RPC, but I'm lazy. */
855 code = pr_SIdToName(aentry.owner, owner);
858 code = pr_SIdToName(aentry.creator, creator);
865 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
871 code = pr_SNameToId(oldname, &id);
874 if (id == ANONYMOUSID)
876 if (newowner && *newowner) {
877 code = pr_SNameToId(newowner, &oid);
880 if (oid == ANONYMOUSID)
884 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
886 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
891 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
899 lnames.namelist_len = 2;
900 lnames.namelist_val = malloc(2 * PR_MAXNAMELEN);
901 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
902 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
905 code = pr_NameToId(&lnames, &lids);
907 if (lnames.namelist_val)
908 free(lnames.namelist_val);
909 xdr_free((xdrproc_t) xdr_idlist, &lids);
913 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
914 lids.idlist_val[1], flag);
915 if (lnames.namelist_val)
916 free(lnames.namelist_val);
917 xdr_free((xdrproc_t) xdr_idlist, &lids);
922 pr_ListMaxUserId(afs_int32 *mid)
926 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
931 pr_SetMaxUserId(afs_int32 mid)
935 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
940 pr_ListMaxGroupId(afs_int32 *mid)
944 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
949 pr_SetMaxGroupId(afs_int32 mid)
955 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
960 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
965 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,
971 pr_ListSuperGroups(afs_int32 gid, namelist * lnames)
978 alist.prlist_len = 0;
979 alist.prlist_val = 0;
980 code = ubik_PR_ListSuperGroups(pruclient, 0, gid, &alist, &over);
984 fprintf(stderr, "supergroup list for id %d exceeds display limit\n",
987 lids = (idlist *) & alist;
988 code = pr_IdToName(lids, lnames);
990 xdr_free((xdrproc_t) xdr_prlist, &alist);