2 * Copyright (c) 1998 - 2001, 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #include <sys/types.h>
43 #include <rx/rx_null.h>
51 #include <openssl/des.h>
62 #include "rxkad_locl.h"
78 #include "msecurity.h"
90 SPR_NameToID(struct rx_call
*call
, const namelist
*nlist
, idlist
*ilist
)
95 mlog_log (MDEBPR
, "PR_NameToID: securityIndex: %d ilen: %d",
96 call
->conn
->securityIndex
, nlist
->len
);
99 if (call
->conn
->securityIndex
== 2) {
101 if (sec_getname(call
->conn
, &fullname
))
102 fullname
= "unknown";
103 mlog_log (MDEBPR
, " user: %s", fullname
);
107 ilist
->len
= nlist
->len
;
108 ilist
->val
= malloc(sizeof(int) * ilist
->len
);
109 if (ilist
->val
== NULL
)
112 for (i
= 0; i
< nlist
->len
; i
++) {
113 mlog_log (MDEBPR
, " name: %s", nlist
->val
[i
]);
115 status
= conv_name_to_id(nlist
->val
[i
], &ilist
->val
[i
]);
116 if (status
== PRNOENT
)
117 ilist
->val
[i
] = PR_ANONYMOUSID
;
129 SPR_IDToName(struct rx_call
*call
, const idlist
*ilist
, namelist
*nlist
)
134 mlog_log (MDEBPR
, "PR_IDToName: securityIndex: %d ilen %d",
135 call
->conn
->securityIndex
, ilist
->len
);
138 if (ilist
->len
< 0 || ilist
->len
>= PR_MAXLIST
)
141 nlist
->len
= ilist
->len
;
143 if (ilist
->len
== 0) {
148 nlist
->val
= calloc(nlist
->len
, sizeof(prname
));
149 if (nlist
->val
== NULL
)
152 for (i
= 0; i
< ilist
->len
; i
++) {
153 mlog_log (MDEBPR
, " id: %d", ilist
->val
[i
]);
154 status
= conv_id_to_name(ilist
->val
[i
], nlist
->val
[i
]);
155 if (status
== PRNOENT
)
156 snprintf (nlist
->val
[i
], PR_MAXNAMELEN
, "%d", ilist
->val
[i
]);
168 SPR_NewEntry(struct rx_call
*call
, const char *name
,
169 const int32_t flag
, const int32_t oid
, int32_t *id
)
176 mlog_log (MDEBPR
, "PR_NewEntry: securityIndex: %d name: %s oid: %d",
177 call
->conn
->securityIndex
, name
, oid
);
180 /* XXX should be authuser? */
181 if (!sec_is_superuser(call
))
184 localname
= localize_name(name
, &localp
);
186 /* XXX do it properly! */
188 owner
= PR_SYSADMINID
;
192 if ((flag
& PRTYPE
) == PRUSER
) {
193 error
= next_free_user_id(id
);
195 error
= create_user(localname
, *id
, owner
, PR_SYSADMINID
); /* XXX */
196 } else if ((flag
& PRTYPE
) == PRGRP
) {
197 error
= next_free_group_id(id
);
199 error
= create_group(localname
, *id
, owner
, PR_SYSADMINID
); /* XXX */
212 SPR_INewEntry(struct rx_call
*call
, const char *name
,
213 const int32_t id
, const int32_t oid
)
218 int32_t owner
= PR_SYSADMINID
;
219 int32_t creator
= PR_SYSADMINID
;
221 /* XXX should be authuser? */
222 if (!sec_is_superuser(call
))
225 mlog_log (MDEBPR
, "PR_INewEntry securityIndex: %d name: %s oid: %d",
226 call
->conn
->securityIndex
, name
, oid
);
228 localname
= localize_name(name
, &localp
);
230 /* XXX do it properly! */
235 error
= create_user(localname
, id
, owner
, creator
); /* XXX */
237 error
= create_group(localname
, id
, owner
, creator
); /* XXX */
249 SPR_ListEntry(struct rx_call
*call
, const int32_t id
,
250 struct prcheckentry
*entry
)
255 mlog_log (MDEBPR
, "PR_ListEntry securityIndex: %d id: %d",
256 call
->conn
->securityIndex
, id
);
258 if (call
->conn
->securityIndex
== 2) {
260 if (sec_getname(call
->conn
, &fullname
))
261 fullname
= "unknown";
262 mlog_log (MDEBPR
, "PR_ListEntry user: %s", fullname
);
266 memset(&pr_entry
, 0, sizeof(pr_entry
));
267 status
= read_prentry(id
, &pr_entry
);
270 entry
->flags
= pr_entry
.flags
;
271 entry
->id
= pr_entry
.id
;
272 entry
->owner
= pr_entry
.owner
;
273 entry
->creator
= pr_entry
.creator
;
274 entry
->ngroups
= pr_entry
.ngroups
;
275 entry
->nusers
= pr_entry
.nusers
;
276 entry
->count
= pr_entry
.count
;
277 memcpy(entry
->reserved
, pr_entry
.reserved
, sizeof(pr_entry
.reserved
));
278 strlcpy(entry
->name
, pr_entry
.name
, PR_MAXNAMELEN
);
288 SPR_DumpEntry(struct rx_call
*call
, const int32_t pos
,
289 struct prdebugentry
*entry
)
291 mlog_log (MDEBPR
, "PR_DumpEntry");
300 SPR_ChangeEntry(struct rx_call
*call
, const int32_t id
, const char *name
,
301 const int32_t oid
, const int32_t newid
)
303 mlog_log (MDEBPR
, "PR_ChangeEntry");
313 SPR_SetFieldsEntry(struct rx_call
*call
, const int32_t id
, const int32_t mask
,
314 const int32_t flags
, const int32_t ngroups
,
315 const int32_t nusers
,
316 const int32_t spare1
, const int32_t spare2
)
318 mlog_log (MDEBPR
, "PR_SetFieldsEntry");
328 SPR_Delete(struct rx_call
*call
, const int32_t id
)
330 mlog_log (MDEBPR
, "PR_Delete");
332 if (!sec_is_superuser(call
))
344 SPR_WhereIsIt(struct rx_call
*call
, const int32_t id
, int32_t *ps
)
346 mlog_log (MDEBPR
, "PR_WhereIsIt");
356 SPR_AddToGroup(struct rx_call
*call
, const int32_t uid
, const int32_t gid
)
358 mlog_log (MDEBPR
, "PR_AddToGroup");
360 if (!sec_is_superuser(call
))
363 return addtogroup(uid
,gid
);
372 SPR_RemoveFromGroup(struct rx_call
*call
, const int32_t id
, const int32_t gid
)
374 mlog_log (MDEBPR
, "PR_RemoveFromGroup");
376 if (!sec_is_superuser(call
))
379 return removefromgroup(id
, gid
);
388 SPR_ListMax(struct rx_call
*call
, int32_t *uid
, int32_t *gid
)
390 mlog_log (MDEBPR
, "PR_ListMax");
391 *uid
= pr_header
.maxID
;
392 *gid
= pr_header
.maxGroup
;
402 SPR_SetMax(struct rx_call
*call
, const int32_t uid
, const int32_t gflag
)
404 mlog_log (MDEBPR
, "PR_SetMax");
407 pr_header
.maxGroup
= uid
;
409 pr_header
.maxID
= uid
;
421 SPR_ListElements(struct rx_call
*call
, const int32_t id
,
422 prlist
*elist
, int32_t *over
)
424 mlog_log (MDEBPR
, "PR_ListElements");
426 return listelements(id
, elist
, FALSE
);
435 SPR_GetCPS(struct rx_call
*call
, const int32_t id
,
436 prlist
*elist
, int32_t *over
)
438 mlog_log (MDEBPR
, "PR_GetCPS");
440 return listelements(id
, elist
, TRUE
);
448 SPR_GetCPS2(struct rx_call
*call
, const int32_t id
,
449 const int32_t host
, prlist
*elist
, int32_t *over
)
451 mlog_log (MDEBPR
, "PR_GetCPS2");
461 SPR_GetHostCPS(struct rx_call
*call
, const int32_t host
,
462 prlist
*elist
, int32_t *over
)
464 mlog_log (MDEBPR
, "PR_GetHostCPS");
474 SPR_ListOwned(struct rx_call
*call
, const int32_t id
,
475 prlist
*elist
, int32_t *over
)
477 mlog_log (MDEBPR
, "PR_ListOwned");
487 SPR_IsAMemberOf(struct rx_call
*call
, const int32_t uid
, const int32_t gid
,
491 /* XXX Check authorization */
497 mlog_log (MDEBPR
, "PR_IsAMemberOf");
499 if((ret
= listelements(uid
, &elist
, TRUE
)) !=0) {
504 for(i
=0; i
< elist
.len
; i
++) {
505 if(elist
.val
[i
] == gid
) {