/* returns true iff user is in the UserList file */
static int
FindUser(struct afsconf_dir *adir, register char *auser)
{
char tbuffer[256];
register bufio_p bp;
char tname[64 + 1];
register int flag;
register afs_int32 code;
int rc;
strcompose(tbuffer, sizeof tbuffer, adir->name, "/", AFSDIR_ULIST_FILE,
NULL);
bp = BufioOpen(tbuffer, O_RDONLY, 0);
if (!bp)
return 0;
flag = 0;
while (1) {
/* check for our user id */
rc = BufioGets(bp, tbuffer, sizeof(tbuffer));
if (rc < 0)
break;
code = sscanf(tbuffer, "%64s", tname);
if (code == 1 && strcmp(tname, auser) == 0) {
flag = 1;
break;
}
}
BufioClose(bp);
return flag;
}
int
afsconf_IsSuperIdentity(struct afsconf_dir *adir,
struct rx_identity *user)
{
bufio_p bp;
char tbuffer[1024];
struct rx_identity fileUser;
int match;
afs_int32 code;
UserListFileName(adir, tbuffer, sizeof tbuffer);
bp = BufioOpen(tbuffer, O_RDONLY, 0);
if (!bp)
return 0;
match = 0;
while (!match) {
code = BufioGets(bp, tbuffer, sizeof(tbuffer));
if (code < 0)
break;
code = ParseLine(tbuffer, &fileUser);
if (code != 0)
break;
match = rx_identity_match(user, &fileUser);
rx_identity_freeContents(&fileUser);
}
BufioClose(bp);
return match;
}
/* This is a multi-purpose funciton for use by either
* GetNthIdentity or GetNthUser. The parameter 'id' indicates
* whether we are counting all identities (if true), or just
* ones which can be represented by the old-style interfaces
* We return -1 for EOF, 0 for success, and >0 for all errors.
*/
static int
GetNthIdentityOrUser(struct afsconf_dir *dir, int count,
struct rx_identity **identity, int id)
{
bufio_p bp;
char *tbuffer;
struct rx_identity fileUser;
afs_int32 code;
tbuffer = malloc(AFSDIR_PATH_MAX);
if (tbuffer == NULL)
return ENOMEM;
LOCK_GLOBAL_MUTEX;
UserListFileName(dir, tbuffer, AFSDIR_PATH_MAX);
bp = BufioOpen(tbuffer, O_RDONLY, 0);
if (!bp) {
UNLOCK_GLOBAL_MUTEX;
free(tbuffer);
return -1;
}
while (1) {
code = BufioGets(bp, tbuffer, AFSDIR_PATH_MAX);
if (code < 0) {
code = -1;
break;
}
code = ParseLine(tbuffer, &fileUser);
if (code != 0)
break;
if (id || fileUser.kind == RX_ID_KRB4)
count--;
if (count < 0)
break;
else
rx_identity_freeContents(&fileUser);
}
if (code == 0) {
*identity = rx_identity_copy(&fileUser);
rx_identity_freeContents(&fileUser);
}
BufioClose(bp);
UNLOCK_GLOBAL_MUTEX;
free(tbuffer);
return code;
}
/* This is a multi-purpose funciton for use by either
* GetNthIdentity or GetNthUser. The parameter 'id' indicates
* whether we are counting all identities (if true), or just
* ones which can be represented by the old-style interfaces
*/
static int
GetNthIdentityOrUser(struct afsconf_dir *dir, int count,
struct rx_identity **identity, int id)
{
bufio_p bp;
char tbuffer[1024];
struct rx_identity fileUser;
afs_int32 code;
LOCK_GLOBAL_MUTEX;
UserListFileName(dir, tbuffer, sizeof(tbuffer));
bp = BufioOpen(tbuffer, O_RDONLY, 0);
if (!bp) {
UNLOCK_GLOBAL_MUTEX;
return EIO;
}
while (1) {
code = BufioGets(bp, tbuffer, sizeof(tbuffer));
if (code < 0)
break;
code = ParseLine(tbuffer, &fileUser);
if (code != 0)
break;
if (id || fileUser.kind == RX_ID_KRB4)
count--;
if (count < 0)
break;
else
rx_identity_freeContents(&fileUser);
}
if (code == 0) {
*identity = rx_identity_copy(&fileUser);
rx_identity_freeContents(&fileUser);
}
BufioClose(bp);
UNLOCK_GLOBAL_MUTEX;
return code;
}
int
afsconf_IsSuperIdentity(struct afsconf_dir *adir,
struct rx_identity *user)
{
bufio_p bp;
char *tbuffer;
struct rx_identity fileUser;
int match;
afs_int32 code;
tbuffer = malloc(AFSDIR_PATH_MAX);
if (tbuffer == NULL)
return 0;
UserListFileName(adir, tbuffer, AFSDIR_PATH_MAX);
bp = BufioOpen(tbuffer, O_RDONLY, 0);
if (!bp) {
free(tbuffer);
return 0;
}
match = 0;
while (!match) {
code = BufioGets(bp, tbuffer, AFSDIR_PATH_MAX);
if (code < 0)
break;
code = ParseLine(tbuffer, &fileUser);
if (code != 0)
break;
match = rx_identity_match(user, &fileUser);
rx_identity_freeContents(&fileUser);
}
BufioClose(bp);
free(tbuffer);
return match;
}
static int
readHPSSconf()
{
int i, j, cos, code = ENOENT;
afs_uint64 value;
struct stat64 tstat;
char tbuffer[256];
char minstr[128];
char maxstr[128];
char tmpstr[128];
static time_t lastVersion = 0;
if (!initialized) {
MUTEX_INIT(&rxosd_hpss_mutex, "rxosd hpss lock", 0, 0);
memset(&info, 0, sizeof(info));
initialized = 1;
}
sprintf(tbuffer, "%s/HPSS.conf", AFSDIR_SERVER_BIN_DIRPATH);
if (stat64(tbuffer, &tstat) == 0) {
code = 0;
#ifdef AFS_AIX53_ENV
if (tstat.st_mtime > lastVersion) {
#else
if (tstat.st_mtim.tv_sec > lastVersion) {
#endif
bufio_p bp = BufioOpen(tbuffer, O_RDONLY, 0);
if (bp) {
while (1) {
j = BufioGets(bp, tbuffer, sizeof(tbuffer));
if (j < 0)
break;
j = sscanf(tbuffer, "COS %u min %s max %s",
&cos, &minstr, &maxstr);
if (j == 3) {
for (i=0; i<MAXCOS; i++) {
if (cos == info[i].cosId)
break;
if (info[i].cosId == 0)
break;
}
if (i<MAXCOS)
code = fillInfo(&info[i], cos, minstr, maxstr);
} else {
j = sscanf(tbuffer, "PRINCIPAL %s", &tmpstr);
if (j == 1) {
strncpy(ourPrincipal, tmpstr, sizeof(ourPrincipal));
ourPrincipal[sizeof(ourPrincipal) -1] = 0; /*just in case */
continue;
}
j = sscanf(tbuffer, "KEYTAB %s", &tmpstr);
if (j == 1) {
strncpy(ourKeytab, tmpstr, sizeof(ourKeytab));
ourKeytab[sizeof(ourKeytab) -1] = 0; /*just in case */
continue;
}
j = sscanf(tbuffer, "PATH %s", &tmpstr);
if (j == 1) {
strncpy(ourPath, tmpstr, sizeof(ourPath));
ourPath[sizeof(ourPath) -1] = 0; /*just in case */
continue;
}
j = sscanf(tbuffer, "LIB %s", &tmpstr);
if (j == 1) {
int k;
for (k=0; k<MAX_HPSS_LIBS; k++) {
if (parms.ourLibs[k] == NULL)
break;
if (strcmp(parms.ourLibs[k], tmpstr) == 0)
goto found;
}
for (k=0; k<MAX_HPSS_LIBS; k++) {
if (parms.ourLibs[k] == NULL) {
parms.ourLibs[k] = malloc(strlen(tmpstr) + 1);
sprintf(parms.ourLibs[k], "%s", tmpstr);
break;
}
}
found:
continue;
}
}
}
BufioClose(bp);
}
if (!code)
#ifdef AFS_AIX53_ENV
lastVersion = tstat.st_mtime;
#else
lastVersion = tstat.st_mtim.tv_sec;
#endif
}
}
return code;
}
static void checkCode(afs_int32 code)
{
/*
* If we get a code of -13 back from HPSS something is wrong with our
* authentication. Try to force e new authentication.
*/
if (code == -13) /* permission */
*(rxosd_var->lastAuth) = 0;
}
/*
* This routine is called by the FiveMinuteCcheck
*/
afs_int32
authenticate_for_hpss(void)
{
afs_int32 code = 0, i;
time_t now = time(0);
static int authenticated = 0;
char *principal;
char *keytab;
code = readHPSSconf();
if (code)
return code;
if (now - *(rxosd_var->lastAuth) > TWENTYDAYS) {
if (authenticated) {
waiting = 1;
while (HPSStransactions > 0) {
CV_WAIT(&auth_cond, &rxosd_hpss_mutex);
}
hpss_ClientAPIReset();
hpss_PurgeLoginCred();
authenticated = 0;
}
principal = &ourPrincipal;
keytab = &ourKeytab;
code = hpss_SetLoginCred(principal, hpss_authn_mech_krb5,
hpss_rpc_cred_client,
hpss_rpc_auth_type_keytab, keytab);
if (!code) {
authenticated = 1;
*(rxosd_var->lastAuth) = now;
}
waiting = 0;
if (waiters)
assert(pthread_cond_broadcast(&auth_cond) == 0);
}
return code;
}
