2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
10 #include <afsconfig.h>
12 #include "afs/param.h"
14 #include <afs/param.h>
19 #include "afs/sysincludes.h"
20 #include "afs_usrops.h"
21 #include "afsincludes.h"
26 #include "afs/cellconfig.h"
27 #include "afs/afsutil.h"
28 #include "afs/ptclient.h"
29 #include "afs/ptuser.h"
30 #include "afs/pterror.h"
31 #include "afs/com_err.h"
32 #else /* defined(UKERNEL) */
35 #include <sys/types.h>
39 #include <netinet/in.h>
46 #include <afs/cellconfig.h>
47 #include <afs/afsutil.h>
48 #include <afs/com_err.h>
52 #endif /* defined(UKERNEL) */
55 struct ubik_client *pruclient = 0;
56 static afs_int32 lastLevel; /* security level pruclient, if any */
58 static char *whoami = "libprot";
61 pr_Initialize(IN afs_int32 secLevel, IN const char *confDir, IN char *cell)
64 struct rx_connection *serverconns[MAXSERVERS];
65 struct rx_securityClass *sc[3];
66 static struct afsconf_dir *tdir = (struct afsconf_dir *)NULL; /* only do this once */
67 static char tconfDir[100] = "";
68 static char tcell[64] = "";
69 struct ktc_token ttoken;
71 static struct afsconf_cell info;
76 afs_int32 gottdir = 0;
77 afs_int32 refresh = 0;
79 initialize_PT_error_table();
80 initialize_RXK_error_table();
81 initialize_ACFG_error_table();
82 initialize_KTC_error_table();
86 cell = afs_LclCellName;
88 #else /* defined(UKERNEL) */
91 tdir = afsconf_Open(confDir);
93 if (confDir && strcmp(confDir, ""))
95 "%s: Could not open configuration directory: %s.\n",
99 "%s: No configuration directory specified.\n",
105 code = afsconf_GetLocalCell(tdir, cellstr, sizeof(cellstr));
108 "libprot: Could not get local cell. [%d]\n", code);
113 #endif /* defined(UKERNEL) */
115 if (tdir == NULL || strcmp(confDir, tconfDir) || strcmp(cell, tcell)) {
117 * force re-evaluation. we either don't have an afsconf_dir,
118 * the directory has changed or the cell has changed.
120 if (tdir && !gottdir) {
122 tdir = (struct afsconf_dir *)NULL;
124 pruclient = (struct ubik_client *)NULL;
129 strncpy(tconfDir, confDir, sizeof(tconfDir));
130 strncpy(tcell, cell, sizeof(tcell));
134 #else /* defined(UKERNEL) */
136 tdir = afsconf_Open(confDir);
138 if (confDir && strcmp(confDir, ""))
140 "libprot: Could not open configuration directory: %s.\n",
144 "libprot: No configuration directory specified.\n");
147 #endif /* defined(UKERNEL) */
149 code = afsconf_GetCellInfo(tdir, cell, "afsprot", &info);
151 fprintf(stderr, "libprot: Could not locate cell %s in %s/%s\n",
152 cell, confDir, AFSDIR_CELLSERVDB_FILE);
157 /* If we already have a client and it is at the security level we
158 * want, don't get a new one. Unless the security level is 2 in
159 * which case we will get one (and re-read the key file).
161 if (pruclient && (lastLevel == secLevel) && (secLevel != 2)) {
167 fprintf(stderr, "libprot: Could not initialize rx.\n");
175 /* Most callers use secLevel==1, however, the fileserver uses secLevel==2
176 * to force use of the KeyFile. secLevel == 0 implies -noauth was
179 code = afsconf_GetLatestKey(tdir, 0, 0);
181 afs_com_err(whoami, code,
182 "(getting key from local KeyFile)\n");
183 scIndex = 0; /* use noauth */
185 /* If secLevel is two assume we're on a file server and use
186 * ClientAuthSecure if possible. */
187 code = afsconf_ClientAuthSecure(tdir, &sc[2], &scIndex);
189 afs_com_err(whoami, code,
190 "(calling client secure)\n");
191 scIndex = 0; /* use noauth */
195 /* if there was a problem, an unauthenticated conn is returned */
197 } else if (secLevel > 0) {
198 struct ktc_principal sname;
199 strcpy(sname.cell, info.name);
200 sname.instance[0] = 0;
201 strcpy(sname.name, "afs");
202 code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
204 afs_com_err(whoami, code, "(getting token)");
209 if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
210 /* this is a kerberos ticket, set scIndex accordingly */
214 "%s: funny kvno (%d) in ticket, proceeding\n",
215 whoami, ttoken.kvno);
219 rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
220 rxkad_clear, &ttoken.sessionKey,
221 ttoken.kvno, ttoken.ticketLen,
228 if ((scIndex == 0) && (sc[0] == 0))
229 sc[0] = rxnull_NewClientSecurityObject();
230 if ((scIndex == 0) && (secLevel != 0))
232 "%s: Could not get afs tokens, running unauthenticated\n",
235 memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */
236 for (i = 0; i < info.numServers; i++)
238 rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
239 info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
242 code = ubik_ClientInit(serverconns, &pruclient);
244 afs_com_err(whoami, code, "ubik client init failed.");
249 code = rxs_Release(sc[scIndex]);
259 code = ubik_ClientDestroy(pruclient);
268 pr_CreateUser(char name[PR_MAXNAMELEN], afs_int32 *id)
270 register afs_int32 code;
274 code = ubik_PR_INewEntry(pruclient, 0, name, *id, 0);
277 code = ubik_PR_NewEntry(pruclient, 0, name, 0, 0, id);
284 pr_CreateGroup(char name[PR_MAXNAMELEN], char owner[PR_MAXNAMELEN], afs_int32 *id)
286 register afs_int32 code;
292 code = pr_SNameToId(owner, &oid);
295 if (oid == ANONYMOUSID)
300 code = ubik_PR_INewEntry(pruclient, 0, name, *id, oid);
303 code = ubik_PR_NewEntry(pruclient, 0, name, flags, oid, id);
309 pr_Delete(char *name)
311 register afs_int32 code;
315 code = pr_SNameToId(name, &id);
318 if (id == ANONYMOUSID)
320 code = ubik_PR_Delete(pruclient, 0, id);
325 pr_DeleteByID(afs_int32 id)
327 register afs_int32 code;
329 code = ubik_PR_Delete(pruclient, 0, id);
334 pr_AddToGroup(char *user, char *group)
336 register afs_int32 code;
340 lnames.namelist_len = 2;
341 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
342 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
343 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
346 code = pr_NameToId(&lnames, &lids);
349 /* if here, still could be missing an entry */
350 if (lids.idlist_val[0] == ANONYMOUSID
351 || lids.idlist_val[1] == ANONYMOUSID) {
356 ubik_PR_AddToGroup(pruclient, 0, lids.idlist_val[0],
359 if (lnames.namelist_val)
360 free(lnames.namelist_val);
362 free(lids.idlist_val);
367 pr_RemoveUserFromGroup(char *user, char *group)
369 register afs_int32 code;
373 lnames.namelist_len = 2;
374 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
375 strncpy(lnames.namelist_val[0], user, PR_MAXNAMELEN);
376 strncpy(lnames.namelist_val[1], group, PR_MAXNAMELEN);
379 code = pr_NameToId(&lnames, &lids);
383 if (lids.idlist_val[0] == ANONYMOUSID
384 || lids.idlist_val[1] == ANONYMOUSID) {
389 ubik_PR_RemoveFromGroup(pruclient, 0, lids.idlist_val[0],
392 if (lnames.namelist_val)
393 free(lnames.namelist_val);
395 free(lids.idlist_val);
401 pr_NameToId(namelist *names, idlist *ids)
403 register afs_int32 code;
404 register afs_int32 i;
406 for (i = 0; i < names->namelist_len; i++)
407 stolower(names->namelist_val[i]);
408 code = ubik_PR_NameToID(pruclient, 0, names, ids);
413 pr_SNameToId(char name[PR_MAXNAMELEN], afs_int32 *id)
417 register afs_int32 code;
421 lnames.namelist_len = 1;
422 lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
424 strncpy(lnames.namelist_val[0], name, PR_MAXNAMELEN);
425 code = ubik_PR_NameToID(pruclient, 0, &lnames, &lids);
426 if (lids.idlist_val) {
427 *id = *lids.idlist_val;
428 free(lids.idlist_val);
430 if (lnames.namelist_val)
431 free(lnames.namelist_val);
436 pr_IdToName(idlist *ids, namelist *names)
438 register afs_int32 code;
440 code = ubik_PR_IDToName(pruclient, 0, ids, names);
445 pr_SIdToName(afs_int32 id, char name[PR_MAXNAMELEN])
449 register afs_int32 code;
452 lids.idlist_val = (afs_int32 *) malloc(sizeof(afs_int32));
453 *lids.idlist_val = id;
454 lnames.namelist_len = 0;
455 lnames.namelist_val = 0;
456 code = ubik_PR_IDToName(pruclient, 0, &lids, &lnames);
457 if (lnames.namelist_val) {
458 strncpy(name, lnames.namelist_val[0], PR_MAXNAMELEN);
459 free(lnames.namelist_val);
462 free(lids.idlist_val);
467 pr_GetCPS(afs_int32 id, prlist *CPS)
469 register afs_int32 code;
473 code = ubik_PR_GetCPS(pruclient, 0, id, CPS, &over);
474 if (code != PRSUCCESS)
477 /* do something about this, probably make a new call */
478 /* don't forget there's a hard limit in the interface */
479 fprintf(stderr, "membership list for id %d exceeds display limit\n",
486 pr_GetCPS2(afs_int32 id, afs_int32 host, prlist *CPS)
488 register afs_int32 code;
492 code = ubik_PR_GetCPS2(pruclient, 0, id, host, CPS, &over);
493 if (code != PRSUCCESS)
496 /* do something about this, probably make a new call */
497 /* don't forget there's a hard limit in the interface */
498 fprintf(stderr, "membership list for id %d exceeds display limit\n",
505 pr_GetHostCPS(afs_int32 host, prlist *CPS)
507 register afs_int32 code;
511 code = ubik_PR_GetHostCPS(pruclient, 0, host, CPS, &over);
512 if (code != PRSUCCESS)
515 /* do something about this, probably make a new call */
516 /* don't forget there's a hard limit in the interface */
518 "membership list for host id %d exceeds display limit\n",
525 pr_ListMembers(char *group, namelist *lnames)
527 register afs_int32 code;
530 code = pr_SNameToId(group, &gid);
533 if (gid == ANONYMOUSID)
535 code = pr_IDListMembers(gid, lnames);
540 pr_ListOwned(afs_int32 oid, namelist *lnames, afs_int32 *moreP)
542 register afs_int32 code;
546 alist.prlist_len = 0;
547 alist.prlist_val = 0;
548 code = ubik_PR_ListOwned(pruclient, 0, oid, &alist, moreP);
552 /* Remain backwards compatible when moreP was a T/F bit */
553 fprintf(stderr, "membership list for id %d exceeds display limit\n",
557 lids = (idlist *) & alist;
558 code = pr_IdToName(lids, lnames);
561 if (alist.prlist_val)
562 free(alist.prlist_val);
567 pr_IDListMembers(afs_int32 gid, namelist *lnames)
569 register afs_int32 code;
574 alist.prlist_len = 0;
575 alist.prlist_val = 0;
576 code = ubik_PR_ListElements(pruclient, 0, gid, &alist, &over);
580 fprintf(stderr, "membership list for id %d exceeds display limit\n",
583 lids = (idlist *) & alist;
584 code = pr_IdToName(lids, lnames);
587 if (alist.prlist_val)
588 free(alist.prlist_val);
593 pr_ListEntry(afs_int32 id, struct prcheckentry *aentry)
595 register afs_int32 code;
597 code = ubik_PR_ListEntry(pruclient, 0, id, aentry);
602 pr_ListEntries(int flag, afs_int32 startindex, afs_int32 *nentries, struct prlistentries **entries, afs_int32 *nextstartindex)
605 prentries bulkentries;
609 *nextstartindex = -1;
610 bulkentries.prentries_val = 0;
611 bulkentries.prentries_len = 0;
614 ubik_PR_ListEntries(pruclient, 0, flag, startindex,
615 &bulkentries, nextstartindex);
616 *nentries = bulkentries.prentries_len;
617 *entries = bulkentries.prentries_val;
622 pr_CheckEntryByName(char *name, afs_int32 *id, char *owner, char *creator)
624 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
625 register afs_int32 code;
626 struct prcheckentry aentry;
628 code = pr_SNameToId(name, id);
631 if (*id == ANONYMOUSID)
633 code = ubik_PR_ListEntry(pruclient, 0, *id, &aentry);
636 /* this should be done in one RPC, but I'm lazy. */
637 code = pr_SIdToName(aentry.owner, owner);
640 code = pr_SIdToName(aentry.creator, creator);
647 pr_CheckEntryById(char *name, afs_int32 id, char *owner, char *creator)
649 /* struct prcheckentry returns other things, which aren't useful to show at this time. */
650 register afs_int32 code;
651 struct prcheckentry aentry;
653 code = pr_SIdToName(id, name);
656 if (id == ANONYMOUSID)
658 code = ubik_PR_ListEntry(pruclient, 0, id, &aentry);
661 /* this should be done in one RPC, but I'm lazy. */
662 code = pr_SIdToName(aentry.owner, owner);
665 code = pr_SIdToName(aentry.creator, creator);
672 pr_ChangeEntry(char *oldname, char *newname, afs_int32 *newid, char *newowner)
674 register afs_int32 code;
678 code = pr_SNameToId(oldname, &id);
681 if (id == ANONYMOUSID)
683 if (newowner && *newowner) {
684 code = pr_SNameToId(newowner, &oid);
687 if (oid == ANONYMOUSID)
691 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, *newid);
693 code = ubik_PR_ChangeEntry(pruclient, 0, id, newname, oid, 0);
698 pr_IsAMemberOf(char *uname, char *gname, afs_int32 *flag)
700 register afs_int32 code;
706 lnames.namelist_len = 2;
707 lnames.namelist_val = (prname *) malloc(2 * PR_MAXNAMELEN);
708 strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
709 strncpy(lnames.namelist_val[1], gname, PR_MAXNAMELEN);
712 code = pr_NameToId(&lnames, &lids);
714 if (lnames.namelist_val)
715 free(lnames.namelist_val);
717 free(lids.idlist_val);
721 ubik_PR_IsAMemberOf(pruclient, 0, lids.idlist_val[0],
722 lids.idlist_val[1], flag);
723 if (lnames.namelist_val)
724 free(lnames.namelist_val);
726 free(lids.idlist_val);
731 pr_ListMaxUserId(afs_int32 *mid)
733 register afs_int32 code;
735 code = ubik_PR_ListMax(pruclient, 0, mid, &gid);
740 pr_SetMaxUserId(afs_int32 mid)
742 register afs_int32 code;
744 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
749 pr_ListMaxGroupId(afs_int32 *mid)
751 register afs_int32 code;
753 code = ubik_PR_ListMax(pruclient, 0, &id, mid);
758 pr_SetMaxGroupId(afs_int32 mid)
760 register afs_int32 code;
764 code = ubik_PR_SetMax(pruclient, 0, mid, flag);
769 pr_SetFieldsEntry(afs_int32 id, afs_int32 mask, afs_int32 flags, afs_int32 ngroups, afs_int32 nusers)
771 register afs_int32 code;
774 ubik_PR_SetFieldsEntry(pruclient, 0, id, mask, flags, ngroups,