xref: /illumos-gate/usr/src/cmd/auths/auths.c (revision 4de2612967d06c4fdbf524a62556a1e8118a006f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <unistd.h>
32 #include <pwd.h>
33 #include <string.h>
34 #include <deflt.h>
35 #include <libintl.h>
36 #include <locale.h>
37 #include <user_attr.h>
38 #include <prof_attr.h>
39 #include <auth_attr.h>
40 
41 
42 #define	ALL_AUTHS	"All"
43 #define	ALL_SUN_AUTHS	"solaris.*"
44 
45 #define	EXIT_OK		0
46 #define	EXIT_FATAL	1
47 #define	EXIT_NON_FATAL	2
48 
49 #ifndef	TEXT_DOMAIN			/* Should be defined by cc -D */
50 #define	TEXT_DOMAIN	"SYS_TEST"
51 #endif
52 
53 #define	PROFLIST_SEP	","
54 #define	AUTH_SEP	","
55 #define	MAXAUTHS	4096
56 
57 
58 static int show_auths(char *, char **, int, int);
59 static int list_auths(userattr_t *, char **, int *);
60 static char *get_default_auths(char **, int *);
61 static void getProfiles(char *, char **, int *, char **, int *);
62 static void add_auths(char *, char **, int *);
63 
64 
65 static char *progname = "auths";
66 
67 
68 int
69 main(int argc, char *argv[])
70 {
71 	int		status = EXIT_OK;
72 	char		*defauths[MAXAUTHS];
73 	int		defauth_cnt = 0;
74 	int		i;
75 
76 	(void) setlocale(LC_ALL, "");
77 	(void) textdomain(TEXT_DOMAIN);
78 
79 	(void) get_default_auths(defauths, &defauth_cnt);
80 
81 	switch (argc) {
82 	case 1:
83 		status = show_auths(NULL, defauths, defauth_cnt, 0);
84 		break;
85 	case 2:
86 		status = show_auths(argv[argc-1], defauths, defauth_cnt, 0);
87 		break;
88 	default:
89 		while (*++argv) {
90 			status = show_auths(*argv, defauths, defauth_cnt, 1);
91 			if (status == EXIT_FATAL) {
92 				break;
93 			}
94 		}
95 		break;
96 	}
97 
98 	/* free memory allocated for default authorizations */
99 	for (i = 0; i < defauth_cnt; i++) {
100 		free(defauths[i]);
101 	}
102 
103 	status = (status == EXIT_OK) ? status : EXIT_FATAL;
104 
105 	return (status);
106 }
107 
108 
109 static int
110 show_auths(char *username, char **defauths, int defauth_cnt, int print_name)
111 {
112 	int		status = EXIT_OK;
113 	struct passwd	*pw;
114 	userattr_t	*user;
115 	char		*userauths[MAXAUTHS];
116 	int		userauth_cnt = 0, old_userauth_cnt;
117 	int		i, j, have_allauths, duplicate;
118 
119 	if (username == NULL) {
120 		if ((pw = getpwuid(getuid())) == NULL) {
121 			status = EXIT_NON_FATAL;
122 			(void) fprintf(stderr, "%s: ", progname);
123 			(void) fprintf(stderr, gettext("No passwd entry\n"));
124 			return (status);
125 		}
126 		username = pw->pw_name;
127 	} else if ((pw = getpwnam(username)) == NULL) {
128 		status = EXIT_NON_FATAL;
129 		(void) fprintf(stderr, "%s: %s : ", progname, username);
130 		(void) fprintf(stderr, gettext("No such user\n"));
131 		return (status);
132 	}
133 
134 	have_allauths = 0;
135 	if (username != NULL) {
136 		/* if ALL_AUTHS is default, don't need to look at other auths */
137 		for (i = 0; i < defauth_cnt; i++) {
138 			if (strcmp(defauths[i], ALL_AUTHS) == 0) {
139 				have_allauths = 1;
140 				break;
141 			}
142 		}
143 		if (have_allauths) {
144 			status = EXIT_OK;
145 		} else if ((user = getusernam(username)) != NULL) {
146 			status = list_auths(user, userauths, &userauth_cnt);
147 			/* check if any profiles have ALL_AUTHS */
148 			for (i = 0; i < userauth_cnt; i++) {
149 				if (strcmp(userauths[i], ALL_AUTHS) == 0) {
150 					have_allauths = 1;
151 					break;
152 				}
153 			}
154 		}
155 		if ((defauth_cnt + userauth_cnt) == 0) {
156 			status = EXIT_NON_FATAL;
157 		}
158 	}
159 	if (status == EXIT_NON_FATAL) {
160 		(void) fprintf(stderr, "%s: %s : ", progname, username);
161 		(void) fprintf(stderr, gettext("No authorizations\n"));
162 	} else {
163 		if (print_name) {
164 			(void) printf("%s : ", username);
165 		}
166 
167 		if (have_allauths) {
168 			(void) printf("%s\n", ALL_SUN_AUTHS);
169 		} else {
170 			/*
171 			 * combine the user auths and default auths,
172 			 * and eliminate duplicates from the two
173 			 */
174 			old_userauth_cnt = userauth_cnt;
175 			for (i = 0; i < defauth_cnt; i++) {
176 				duplicate = 0;
177 				for (j = 0; j < old_userauth_cnt; j++) {
178 					if (strcmp(userauths[j], defauths[i]) ==
179 					    0) {
180 						duplicate = 1;
181 						break;
182 					}
183 				}
184 				if (!duplicate) {
185 					userauths[userauth_cnt] =
186 					    strdup(defauths[i]);
187 					userauth_cnt++;
188 				}
189 			}
190 
191 			/* print out the auths */
192 			for (i = 0; i < (userauth_cnt - 1); i++) {
193 				(void) printf("%s,", userauths[i]);
194 			}
195 
196 			/* print out the last entry, without the comma */
197 			(void) printf("%s\n", userauths[userauth_cnt - 1]);
198 		}
199 	}
200 
201 	/* free memory allocated for authorizations */
202 	for (i = 0; i < userauth_cnt; i++) {
203 		free(userauths[i]);
204 	}
205 
206 	return (status);
207 }
208 
209 
210 static int
211 list_auths(userattr_t *user, char **authArray, int *authcnt)
212 {
213 	int		status = EXIT_OK;
214 	char		*authlist = NULL;
215 	char		*proflist = NULL;
216 	char		*profArray[MAXPROFS];
217 	int		profcnt = 0;
218 
219 	authlist = kva_match(user->attr, USERATTR_AUTHS_KW);
220 	if (authlist != NULL) {
221 		add_auths(authlist, authArray, authcnt);
222 	}
223 	if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) {
224 		if (authcnt == 0) {
225 			status = EXIT_NON_FATAL;
226 		}
227 	} else {
228 		getProfiles(proflist, profArray, &profcnt,
229 		    authArray, authcnt);
230 		free_proflist(profArray, profcnt);
231 	}
232 	if (authcnt == 0) {
233 		status = EXIT_NON_FATAL;
234 	}
235 	free_userattr(user);
236 
237 	return (status);
238 }
239 
240 
241 static char *
242 get_default_auths(char **authArray, int *authcnt)
243 {
244 	char *auths = NULL;
245 	char *profs = NULL;
246 	char *profArray[MAXPROFS];
247 	int profcnt = 0;
248 
249 	if (defopen(AUTH_POLICY) == NULL) {
250 		auths = defread(DEF_AUTH);
251 		if (auths != NULL) {
252 			add_auths(auths, authArray, authcnt);
253 		}
254 
255 		/* get authorizations from default profiles */
256 		profs = defread(DEF_PROF);
257 		if (profs != NULL) {
258 			getProfiles(profs, profArray, &profcnt,
259 			    authArray, authcnt);
260 			free_proflist(profArray, profcnt);
261 		}
262 	}
263 
264 	return (auths);
265 }
266 
267 void
268 add_auths(char *auths, char **authArray, int *authcnt)
269 {
270 	char	*authname, *lasts, *real_authname;
271 	int	i;
272 
273 	for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts);
274 	    authname != NULL;
275 	    authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) {
276 
277 		if ((strcmp(authname, KV_WILDCARD) == 0) ||
278 		    (strcmp(authname, ALL_SUN_AUTHS) == 0)) {
279 			real_authname = ALL_AUTHS;
280 		} else {
281 			real_authname = authname;
282 		}
283 
284 		/* check to see if authorization is already in list */
285 		for (i = 0; i < *authcnt; i++) {
286 			if (strcmp(real_authname, authArray[i]) == 0) {
287 				break;	/* already in list */
288 			}
289 		}
290 
291 		/* not in list, add it in */
292 		if (i == *authcnt) {
293 			authArray[i] = strdup(real_authname);
294 			*authcnt = i + 1;
295 		}
296 	}
297 
298 }
299 
300 static void
301 getProfiles(char *profiles, char **profArray, int *profcnt,
302 	char **authArray, int *authcnt)
303 {
304 
305 	char		*prof;
306 	char		*lasts;
307 	profattr_t	*pa;
308 	char		*auths;
309 	int		i;
310 
311 	for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts);
312 	    prof != NULL;
313 	    prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) {
314 
315 		getproflist(prof, profArray, profcnt);
316 	}
317 
318 	/* get authorizations from list of profiles */
319 	for (i = 0; i < *profcnt; i++) {
320 
321 		if ((pa = getprofnam(profArray[i])) == NULL) {
322 			/*
323 			 *  this should never happen.
324 			 *  unless the database has an undefined profile
325 			 */
326 			continue;
327 		}
328 
329 		/* get auths this profile */
330 		auths = kva_match(pa->attr, PROFATTR_AUTHS_KW);
331 		if (auths != NULL) {
332 			add_auths(auths, authArray, authcnt);
333 		}
334 
335 		free_profattr(pa);
336 	}
337 }
338