X-Git-Url: http://andersk.mit.edu/gitweb/moira.git/blobdiff_plain/dba0cf81984c56e6f2b1486f247952a0358bb0b5..67805159a972397342c342ee735c8acd640e1399:/afssync/ptprocs.c diff --git a/afssync/ptprocs.c b/afssync/ptprocs.c index ab8a1195..a38b6b7f 100644 --- a/afssync/ptprocs.c +++ b/afssync/ptprocs.c @@ -1,15 +1,10 @@ -/* Copyright (C) 1989 Transarc Corporation - All rights reserved */ - +/* Copyright (C) 1990, 1989 Transarc Corporation - All rights reserved */ /* * P_R_P_Q_# (C) COPYRIGHT IBM CORPORATION 1988 * LICENSED MATERIALS - PROPERTY OF IBM * REFER TO COPYRIGHT INSTRUCTIONS FORM NUMBER G120-2083 */ -#ifndef lint -static char rcsid[] = "$Header$"; -#endif - /* Sherri Nichols Information Technology Center @@ -17,27 +12,35 @@ static char rcsid[] = "$Header$"; */ #include +#include #include #include +#ifdef AFS_HPUX_ENV +#include +#else +#include +#endif #include #include #include #include -#include #include #include #include #include "ptserver.h" #include "pterror.h" -#include -#ifdef AFS_ATHENA_STDENV -#include +#if defined(CROSS_CELL) && !defined(WhoIsThisWithName) +static long WhoIsThisWithName(); #endif + +RCSID ("$Header$") + extern struct ubik_dbase *dbase; extern long Initdb(); extern int pr_noAuth; +extern char *prdir; static int CreateOK (ut, cid, oid, flag, admin) struct ubik_trans *ut; @@ -59,53 +62,53 @@ static int CreateOK (ut, cid, oid, flag, admin) return 1; /* OK! */ } +#if !defined(WhoIsThis) long WhoIsThis (acall, at, aid) struct rx_call *acall; struct ubik_trans *at; long *aid; { - /* aid is set to the identity of the caller, if known, ANONYMOUSID otherwise */ + /* aid is set to the identity of the caller, if known, else ANONYMOUSID */ /* returns -1 and sets aid to ANONYMOUSID on any failure */ register struct rx_connection *tconn; - struct rxvab_conn *tc; register long code; char tcell[MAXKTCREALMLEN]; - long exp; char name[MAXKTCNAMELEN]; char inst[MAXKTCNAMELEN]; int ilen; char vname[256]; +#ifdef CROSS_CELL + int foreign = 0; +#endif + + *aid = SYSADMINID; + return 0; *aid = ANONYMOUSID; tconn = rx_ConnectionOf(acall); code = rx_SecurityClassOf(tconn); if (code == 0) return 0; else if (code == 1) { /* vab class */ - tc = (struct rxvab_conn *) tconn->securityData; - if (!tc) goto done; - *aid = ntohl(tc->viceID); - code = 0; + goto done; /* no longer supported */ } else if (code == 2) { /* kad class */ if (code = rxkad_GetServerInfo - (acall->conn, (long *) 0, &exp, name, inst, tcell, (long *) 0)) + (acall->conn, (long *) 0, 0/*was &exp*/, + name, inst, tcell, (long *) 0)) goto done; +#if 0 + /* This test is unnecessary, since rxkad_GetServerInfo already check. + * In addition, this is wrong since exp must be unsigned. */ if (exp < FT_ApproxTime()) goto done; - if (strlen (tcell)) { - extern char *pr_realmName; -#ifdef AFS_ATHENA_STDENV - static char local_realm[REALM_SZ] = ""; - if (!local_realm[0]) { - krb_get_lrealm (local_realm, 0); - } #endif - if ( -#ifdef AFS_ATHENA_STDENV - strcasecmp (local_realm, tcell) && -#endif - strcasecmp (pr_realmName, tcell)) + if (strlen (tcell)) { + if (!afsconf_LocalRealm(prdir, tcell)) { +#ifdef CROSS_CELL + foreign = 1; +#else goto done; - +#endif + } } strncpy (vname, name, sizeof(vname)); if (ilen = strlen (inst)) { @@ -113,13 +116,27 @@ long WhoIsThis (acall, at, aid) strcat (vname, "."); strcat (vname, inst); } - lcstring(vname, vname, sizeof(vname)); - code = NameToID(at,vname,aid); +#ifdef CROSS_CELL + if (foreign) { + if ((strlen(name)+strlen(tcell)+1) >= sizeof(vname)) { + goto done; + } + strcat (vname, "@"); + strcat (vname, tcell); + } +#endif + if (strcmp (AUTH_SUPERUSER, vname) == 0) + *aid = SYSADMINID; /* special case for the fileserver */ + else { + lcstring(vname, vname, sizeof(vname)); + code = NameToID(at,vname,aid); + } } done: if (code && !pr_noAuth) return -1; return 0; } +#endif long PR_INewEntry(call,aname,aid,oid) struct rx_call *call; @@ -185,6 +202,9 @@ long PR_NewEntry (call, aname, flag, oid, aid) struct ubik_trans *tt; long cid; int admin; +#ifdef CROSS_CELL + char cname[PR_MAXNAMELEN]; +#endif stolower(aname); code = Initdb(); @@ -197,6 +217,22 @@ long PR_NewEntry (call, aname, flag, oid, aid) ubik_AbortTrans(tt); return code; } + +#ifdef CROSS_CELL + /* this is for cross-cell self registration */ + code = WhoIsThisWithName(call,tt,&cid,cname); + if (code != 2) { /* 2 specifies that this is a foreign cell request */ + if (code) { + perm: + ubik_AbortTrans(tt); + return PRPERM; + } + admin = IsAMemberOf(tt,cid,SYSADMINID); + } else { + admin = (!strcmp(aname,cname)) || IsAMemberOf(tt,cid,SYSADMINID); + oid = cid = SYSADMINID; + } +#else code = WhoIsThis(call,tt,&cid); if (code) { perm: @@ -204,7 +240,8 @@ long PR_NewEntry (call, aname, flag, oid, aid) return PRPERM; } admin = IsAMemberOf(tt,cid,SYSADMINID); - +#endif + if (!CreateOK (tt, cid, oid, flag, admin)) goto perm; code = CreateEntry (tt,aname,aid,0,flag,oid,cid); @@ -257,7 +294,7 @@ struct prdebugentry *aentry; code = Initdb(); if (code != PRSUCCESS) return code; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) return code; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -268,10 +305,14 @@ struct prdebugentry *aentry; code = pr_ReadEntry(tt, 0, apos, aentry); if (code) goto abort; + /* Since prdebugentry is in the form of a prentry not a coentry, we will + * return the coentry slots in network order where the string is. */ +#if 0 if (aentry->flags & PRCONT) { /* wrong type, get coentry instead */ code = pr_ReadCoEntry(tt, 0, apos, aentry); if (code) goto abort; } +#endif code = ubik_EndTrans(tt); if (code) return code; return PRSUCCESS; @@ -379,7 +420,7 @@ long PR_NameToID (call, aname, aid) code = Initdb(); if (code != PRSUCCESS) return code; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) return code; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -419,7 +460,7 @@ long PR_IDToName (call, aid, aname) code = Initdb(); if (code != PRSUCCESS) return code; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) return code; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -454,7 +495,8 @@ long PR_Delete (call, aid) code = Initdb(); if (code) return code; if (code != PRSUCCESS) return code; - if (aid == SYSADMINID || aid == ANYUSERID || aid == AUTHUSERID || aid == ANONYMOUSID) return PRPERM; + if (aid == SYSADMINID || aid == ANYUSERID || aid == AUTHUSERID || + aid == ANONYMOUSID) return PRPERM; code = ubik_BeginTrans(dbase,UBIK_WRITETRANS,&tt); if (code) return code; code = ubik_SetLock(tt,1,1,LOCKWRITE); @@ -665,7 +707,7 @@ long PR_GetCPS (call, aid, alist, over) alist->prlist_val = (long *) 0; code = Initdb(); if (code != PRSUCCESS) goto done; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) goto done; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -674,18 +716,16 @@ long PR_GetCPS (call, aid, alist, over) goto done; } - - temp = FindByID(tt,aid); + temp = FindByID (tt, aid); if (!temp) {code = PRNOENT; goto abort;} code = pr_ReadEntry (tt, 0, temp, &tentry); if (code) goto abort; - if (0) { /* afs doesn't authenticate yet */ - code = WhoIsThis (call, tt, &cid); - if (code || !AccessOK (tt, cid, &tentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY)) { - code = PRPERM; - goto abort; - } + /* afs does authenticate now */ + code = WhoIsThis (call, tt, &cid); + if (code || !AccessOK (tt, cid, &tentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY)) { + code = PRPERM; + goto abort; } code = GetList(tt, &tentry, alist, 1); @@ -715,7 +755,7 @@ long *gid; code = Initdb(); if (code != PRSUCCESS) return code; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) return code; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -789,7 +829,7 @@ struct prcheckentry *aentry; code = Initdb(); if (code != PRSUCCESS) return code; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) return code; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -812,14 +852,14 @@ struct prcheckentry *aentry; ubik_AbortTrans(tt); return code; } - if (!AccessOK (tt, cid, &tentry, PRP_STATUS_MEM, PRP_STATUS_ANY)) goto perm; + if (!AccessOK (tt, cid, &tentry, PRP_STATUS_MEM, PRP_STATUS_ANY)) + goto perm; aentry->flags = tentry.flags >> PRIVATE_SHIFT; if (aentry->flags == 0) if (tentry.flags & PRGRP) aentry->flags = PRP_GROUP_DEFAULT >> PRIVATE_SHIFT; else aentry->flags = PRP_USER_DEFAULT >> PRIVATE_SHIFT; - aentry->flags; aentry->owner = tentry.owner; aentry->id = tentry.id; strncpy(aentry->name,tentry.name,PR_MAXNAMELEN); @@ -848,7 +888,8 @@ long newid; stolower(name); code = Initdb(); if (code) return code; - if (aid == ANYUSERID || aid == AUTHUSERID || aid == ANONYMOUSID || aid == SYSADMINID) return PRPERM; + if (aid == ANYUSERID || aid == AUTHUSERID || aid == ANONYMOUSID || + aid == SYSADMINID) return PRPERM; if (code != PRSUCCESS) return code; code = ubik_BeginTrans(dbase,UBIK_WRITETRANS,&tt); if (code) return code; @@ -973,7 +1014,7 @@ long PR_ListElements (call, aid, alist, over) code = Initdb(); if (code != PRSUCCESS) goto done; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) goto done; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -1029,7 +1070,7 @@ PR_ListOwned (call, aid, alist, over) code = Initdb(); if (code != PRSUCCESS) goto done; - code = ubik_BeginTrans(dbase,UBIK_READTRANS,&tt); + code = ubik_BeginTransReadAny(dbase,UBIK_READTRANS,&tt); if (code) goto done; code = ubik_SetLock(tt,1,1,LOCKREAD); if (code) { @@ -1114,7 +1155,8 @@ long *flag; goto abort; } if (!AccessOK (tt, cid, &uentry, 0, PRP_MEMBER_ANY) && - !AccessOK (tt, cid, &gentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY)) goto perm; + !AccessOK (tt, cid, &gentry, PRP_MEMBER_MEM, PRP_MEMBER_ANY)) + goto perm; } *flag = IsAMemberOf(tt,uid,gid); @@ -1132,3 +1174,72 @@ register char *s; s++; } } + +#if defined(CROSS_CELL) && !defined(WhoIsThisWithName) +static long WhoIsThisWithName(acall, at, aid, aname) + struct rx_call *acall; + struct ubik_trans *at; + long *aid; + char *aname; +{ + /* aid is set to the identity of the caller, if known, else ANONYMOUSID */ + /* returns -1 and sets aid to ANONYMOUSID on any failure */ + + register struct rx_connection *tconn; + register long code; + char tcell[MAXKTCREALMLEN]; + char name[MAXKTCNAMELEN]; + char inst[MAXKTCNAMELEN]; + int ilen; + char vname[256]; + + *aid = SYSADMINID; + return 0; + + *aid = ANONYMOUSID; + tconn = rx_ConnectionOf(acall); + code = rx_SecurityClassOf(tconn); + if (code == 0) return 0; + else if (code == 1) { /* vab class */ + goto done; /* no longer supported */ + } + else if (code == 2) { /* kad class */ + + int clen; + extern char *pr_realmName; + + if (code = rxkad_GetServerInfo + (acall->conn, (long *)0, 0 /*was &exp*/, + name, inst, tcell, (long *)0)) + goto done; + strncpy (vname, name, sizeof(vname)); + if (ilen = strlen (inst)) { + if (strlen(vname) + 1 + ilen >= sizeof(vname)) goto done; + strcat (vname, "."); + strcat (vname, inst); + } + if (clen = strlen (tcell)) { + if (!afsconf_LocalRealm(prdir, tcell)) { + if (strlen(vname) + 1 + clen >= sizeof(vname)) goto done; + strcat(vname,"@"); + strcat(vname,tcell); + lcstring(vname, vname, sizeof(vname)); + code = NameToID(at,vname,aid); + strcpy(aname,vname); + return 2; + } + } + + if (strcmp (AUTH_SUPERUSER, vname) == 0) + /* special case for the fileserver */ + *aid = SYSADMINID; + else { + lcstring(vname, vname, sizeof(vname)); + code = NameToID(at,vname,aid); + } + } +done: + if (code && !pr_noAuth) return -1; + return 0; +} +#endif