milko/pts/pr.c

   1 /*
   2  * Copyright (c) 1998 - 2001, 2003 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #ifdef HAVE_CONFIG_H
  35 #include <config.h>
  36 #endif
  37
  38 #include <sys/types.h>
  39 #include <ctype.h>
  40 #include <assert.h>
  41
  42 #include <rx/rx.h>
  43 #include <rx/rx_null.h>
  44
  45 #include <ports.h>
  46 #include <ko.h>
  47 #include <bool.h>
  48
  49 #ifdef KERBEROS
  50 #ifdef HAVE_OPENSSL
  51 #include <openssl/des.h>
  52 #else
  53 #include <des.h>
  54 #endif
  55 #ifdef HAVE_KRB4
  56 #include <krb.h>
  57 #endif
  58 #ifdef HAVE_KRB5
  59 #include <krb5.h>
  60 #endif
  61 #include <rxkad.h>
  62 #include "rxkad_locl.h"
  63 #endif
  64
  65 #include <err.h>
  66
  67 #ifndef HAVE_UNISTD_H
  68 #include <unistd.h>
  69 #endif
  70
  71 #include <service.h>
  72
  73 #include "pts.h"
  74 #include "pts.ss.h"
  75 #include "ptserver.h"
  76 #include "pts.ss.h"
  77
  78 #include "msecurity.h"
  79
  80 #include <mlog.h>
  81 #include <mdebug.h>
  82
  83 RCSID("$Id$");
  84
  85 /*
  86  *
  87  */
  88
  89 int
  90 SPR_NameToID(struct rx_call *call, const namelist *nlist, idlist *ilist)
  91 {
  92     int i;
  93     int status;
  94
  95     mlog_log (MDEBPR, "PR_NameToID: securityIndex: %d ilen: %d",
  96               call->conn->securityIndex, nlist->len);
  97
  98 #ifdef KERBEROS
  99     if (call->conn->securityIndex == 2) {
 100         char *fullname;
 101         if (sec_getname(call->conn, &fullname))
 102             fullname = "unknown";
 103         mlog_log (MDEBPR, "  user: %s", fullname);
 104     }
 105 #endif
 106
 107     ilist->len = nlist->len;
 108     ilist->val = malloc(sizeof(int) * ilist->len);
 109     if (ilist->val == NULL)
 110         return PRDBBAD;
 111
 112     for (i = 0; i < nlist->len; i++) {
 113         mlog_log (MDEBPR, "  name: %s", nlist->val[i]);
 114
 115         status = conv_name_to_id(nlist->val[i], &ilist->val[i]);
 116         if (status == PRNOENT)
 117             ilist->val[i] = PR_ANONYMOUSID;
 118         else if (status)
 119             return status;
 120     }
 121     return 0;
 122 }
 123
 124 /*
 125  *
 126  */
 127
 128 int
 129 SPR_IDToName(struct rx_call *call, const idlist *ilist, namelist *nlist)
 130 {
 131     int i;
 132     int status;
 133
 134     mlog_log (MDEBPR, "PR_IDToName: securityIndex: %d ilen %d",
 135               call->conn->securityIndex, ilist->len);
 136
 137
 138     if (ilist->len < 0 || ilist->len >= PR_MAXLIST)
 139         return PRTOOMANY;
 140
 141     nlist->len = ilist->len;
 142
 143     if (ilist->len == 0) {
 144         nlist->val = NULL;
 145         return 0;
 146     }
 147
 148     nlist->val = calloc(nlist->len, sizeof(prname));
 149     if (nlist->val == NULL)
 150         return PRDBBAD;
 151
 152     for (i = 0; i < ilist->len; i++) {
 153         mlog_log (MDEBPR, "  id: %d", ilist->val[i]);
 154         status = conv_id_to_name(ilist->val[i], nlist->val[i]);
 155         if (status == PRNOENT)
 156             snprintf (nlist->val[i], PR_MAXNAMELEN, "%d", ilist->val[i]);
 157         else if (status)
 158             return status;
 159     }
 160     return 0;
 161 }
 162
 163 /*
 164  *
 165  */
 166
 167 int
 168 SPR_NewEntry(struct rx_call *call, const char *name,
 169              const int32_t flag, const int32_t oid, int32_t *id)
 170 {
 171     int error;
 172     int32_t owner;
 173     char *localname;
 174     Bool localp;
 175
 176     mlog_log (MDEBPR, "PR_NewEntry: securityIndex: %d name: %s oid: %d",
 177               call->conn->securityIndex, name, oid);
 178
 179
 180     /* XXX should be authuser? */
 181     if (!sec_is_superuser(call))
 182         return PRPERM;
 183
 184     localname = localize_name(name, &localp);
 185
 186     /* XXX do it properly! */
 187     if (localp == FALSE)
 188         owner = PR_SYSADMINID;
 189     else
 190         owner = oid;
 191
 192     if ((flag & PRTYPE) == PRUSER) {
 193         error = next_free_user_id(id);
 194         if (!error)
 195             error = create_user(localname, *id, owner, PR_SYSADMINID); /* XXX */
 196     } else if ((flag & PRTYPE) == PRGRP) {
 197         error = next_free_group_id(id);
 198         if (!error)
 199             error = create_group(localname, *id, owner, PR_SYSADMINID); /* XXX */
 200     } else {
 201         error = PRPERM;
 202     }
 203
 204     return error;
 205 }
 206
 207 /*
 208  *
 209  */
 210
 211 int
 212 SPR_INewEntry(struct rx_call *call, const char *name,
 213               const int32_t id, const int32_t oid)
 214 {
 215     int error;
 216     char *localname;
 217     Bool localp;
 218     int32_t owner = PR_SYSADMINID;
 219     int32_t creator = PR_SYSADMINID;
 220
 221     /* XXX should be authuser? */
 222     if (!sec_is_superuser(call))
 223         return PRPERM;
 224
 225     mlog_log (MDEBPR, "PR_INewEntry securityIndex: %d name: %s oid: %d",
 226               call->conn->securityIndex, name, oid);
 227
 228     localname = localize_name(name, &localp);
 229
 230     /* XXX do it properly! */
 231     if (localp == TRUE)
 232         owner = oid;
 233
 234     if (id > 0)
 235         error = create_user(localname, id, owner, creator); /* XXX */
 236     else if (id < 0)
 237         error = create_group(localname, id, owner, creator); /* XXX */
 238     else
 239         error = PRPERM;
 240
 241     return error;
 242 }
 243
 244 /*
 245  *
 246  */
 247
 248 int
 249 SPR_ListEntry(struct rx_call *call, const int32_t id,
 250               struct prcheckentry *entry)
 251 {
 252     prentry pr_entry;
 253     int status;
 254
 255     mlog_log (MDEBPR, "PR_ListEntry securityIndex: %d id: %d",
 256               call->conn->securityIndex, id);
 257 #ifdef KERBEROS
 258     if (call->conn->securityIndex == 2) {
 259         char *fullname;
 260         if (sec_getname(call->conn, &fullname))
 261             fullname = "unknown";
 262         mlog_log (MDEBPR, "PR_ListEntry user: %s", fullname);
 263     }
 264 #endif
 265
 266     memset(&pr_entry, 0, sizeof(pr_entry));
 267     status = read_prentry(id, &pr_entry);
 268     if (status)
 269         return status;
 270     entry->flags = pr_entry.flags;
 271     entry->id = pr_entry.id;
 272     entry->owner = pr_entry.owner;
 273     entry->creator = pr_entry.creator;
 274     entry->ngroups = pr_entry.ngroups;
 275     entry->nusers = pr_entry.nusers;
 276     entry->count = pr_entry.count;
 277     memcpy(entry->reserved, pr_entry.reserved, sizeof(pr_entry.reserved));
 278     strlcpy(entry->name, pr_entry.name, PR_MAXNAMELEN);
 279
 280     return 0;
 281 }
 282
 283 /*
 284  *
 285  */
 286
 287 int
 288 SPR_DumpEntry(struct rx_call *call, const int32_t pos,
 289               struct prdebugentry *entry)
 290 {
 291     mlog_log (MDEBPR, "PR_DumpEntry");
 292     return -1;
 293 }
 294
 295 /*
 296  *
 297  */
 298
 299 int
 300 SPR_ChangeEntry(struct rx_call *call, const int32_t id, const char *name,
 301                 const int32_t oid, const int32_t newid)
 302 {
 303     mlog_log (MDEBPR, "PR_ChangeEntry");
 304     return -1;
 305 }
 306
 307
 308 /*
 309  *
 310  */
 311
 312 int
 313 SPR_SetFieldsEntry(struct rx_call *call, const int32_t id, const int32_t mask,
 314                    const int32_t flags, const int32_t ngroups,
 315                    const int32_t nusers,
 316                    const int32_t spare1, const int32_t spare2)
 317 {
 318     mlog_log (MDEBPR, "PR_SetFieldsEntry");
 319     return -1;
 320 }
 321
 322
 323 /*
 324  *
 325  */
 326
 327 int
 328 SPR_Delete(struct rx_call *call, const int32_t id)
 329 {
 330     mlog_log (MDEBPR, "PR_Delete");
 331
 332     if (!sec_is_superuser(call))
 333         return PRPERM;
 334
 335     return -1;
 336 }
 337
 338
 339 /*
 340  *
 341  */
 342
 343 int
 344 SPR_WhereIsIt(struct rx_call *call, const int32_t id, int32_t *ps)
 345 {
 346     mlog_log (MDEBPR, "PR_WhereIsIt");
 347     return -1;
 348 }
 349
 350
 351 /*
 352  *
 353  */
 354
 355 int
 356 SPR_AddToGroup(struct rx_call *call, const int32_t uid, const int32_t gid)
 357 {
 358     mlog_log (MDEBPR, "PR_AddToGroup");
 359
 360     if (!sec_is_superuser(call))
 361         return PRPERM;
 362
 363     return addtogroup(uid,gid);
 364 }
 365
 366
 367 /*
 368  *
 369  */
 370
 371 int
 372 SPR_RemoveFromGroup(struct rx_call *call, const int32_t id, const int32_t gid)
 373 {
 374     mlog_log (MDEBPR, "PR_RemoveFromGroup");
 375
 376     if (!sec_is_superuser(call))
 377         return PRPERM;
 378
 379     return removefromgroup(id, gid);
 380 }
 381
 382
 383 /*
 384  *
 385  */
 386
 387 int
 388 SPR_ListMax(struct rx_call *call, int32_t *uid, int32_t *gid)
 389 {
 390     mlog_log (MDEBPR, "PR_ListMax");
 391     *uid = pr_header.maxID;
 392     *gid = pr_header.maxGroup;
 393     return 0;
 394 }
 395
 396
 397 /*
 398  *
 399  */
 400
 401 int
 402 SPR_SetMax(struct rx_call *call, const int32_t uid, const int32_t gflag)
 403 {
 404     mlog_log (MDEBPR, "PR_SetMax");
 405
 406     if(gflag) {
 407         pr_header.maxGroup = uid;
 408     } else {
 409         pr_header.maxID = uid;
 410     }
 411
 412     return 0;
 413 }
 414
 415
 416 /*
 417  *
 418  */
 419
 420 int
 421 SPR_ListElements(struct rx_call *call, const int32_t id,
 422                  prlist *elist, int32_t *over)
 423 {
 424     mlog_log (MDEBPR, "PR_ListElements");
 425
 426     return listelements(id, elist, FALSE);
 427 }
 428
 429
 430 /*
 431  *
 432  */
 433
 434 int
 435 SPR_GetCPS(struct rx_call *call, const int32_t id,
 436            prlist *elist, int32_t *over)
 437 {
 438     mlog_log (MDEBPR, "PR_GetCPS");
 439
 440     return listelements(id, elist, TRUE);
 441 }
 442
 443 /*
 444  *
 445  */
 446
 447 int
 448 SPR_GetCPS2(struct rx_call *call, const int32_t id,
 449             const int32_t host, prlist *elist, int32_t *over)
 450 {
 451     mlog_log (MDEBPR, "PR_GetCPS2");
 452
 453     return -1;
 454 }
 455
 456 /*
 457  *
 458  */
 459
 460 int
 461 SPR_GetHostCPS(struct rx_call *call, const int32_t host,
 462                prlist *elist, int32_t *over)
 463 {
 464     mlog_log (MDEBPR, "PR_GetHostCPS");
 465
 466     return -1;
 467 }
 468
 469 /*
 470  *
 471  */
 472
 473 int
 474 SPR_ListOwned(struct rx_call *call, const int32_t id,
 475               prlist *elist, int32_t *over)
 476 {
 477     mlog_log (MDEBPR, "PR_ListOwned");
 478     return -1;
 479 }
 480
 481
 482 /*
 483  *
 484  */
 485
 486 int
 487 SPR_IsAMemberOf(struct rx_call *call, const int32_t uid, const int32_t gid,
 488                 int32_t *flag)
 489 {
 490
 491     /* XXX Check authorization */
 492
 493     prlist elist;
 494     int ret=0;
 495     int i=0;
 496
 497     mlog_log (MDEBPR, "PR_IsAMemberOf");
 498
 499     if((ret = listelements(uid, &elist, TRUE)) !=0) {
 500         free(elist.val);
 501         return ret;
 502     }
 503
 504     for(i=0; i < elist.len ; i++) {
 505         if(elist.val[i] == gid) {
 506             *flag=1;
 507             free(elist.val);
 508             return 0;
 509         }
 510     }
 511
 512     free(elist.val);
 513     return 0;
 514 }