xref: /illumos-gate/usr/src/cmd/auths/auths.c (revision 7243fb49732852c0e9ce39939a905b2a40f2ddeb)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <unistd.h>
31 #include <pwd.h>
32 #include <string.h>
33 #include <deflt.h>
34 #include <libintl.h>
35 #include <locale.h>
36 #include <user_attr.h>
37 #include <prof_attr.h>
38 #include <auth_attr.h>
39 
40 
41 #define	ALL_AUTHS	"All"
42 #define	ALL_SUN_AUTHS	"solaris.*"
43 
44 #define	EXIT_OK		0
45 #define	EXIT_FATAL	1
46 #define	EXIT_NON_FATAL	2
47 
48 #ifndef	TEXT_DOMAIN			/* Should be defined by cc -D */
49 #define	TEXT_DOMAIN	"SYS_TEST"
50 #endif
51 
52 #define	PROFLIST_SEP	","
53 #define	AUTH_SEP	","
54 #define	MAXAUTHS	4096
55 
56 
57 static int show_auths(char *, char **, int, int);
58 static int list_auths(userattr_t *, char **, int *);
59 static char *get_default_auths(char **, int *);
60 static void getProfiles(char *, char **, int *, char **, int *);
61 static void add_auths(char *, char **, int *);
62 
63 
64 static char *progname = "auths";
65 
66 
67 int
68 main(int argc, char *argv[])
69 {
70 	int		status = EXIT_OK;
71 	char		*defauths[MAXAUTHS];
72 	int		defauth_cnt = 0;
73 	int		i;
74 
75 	(void) setlocale(LC_ALL, "");
76 	(void) textdomain(TEXT_DOMAIN);
77 
78 	(void) get_default_auths(defauths, &defauth_cnt);
79 
80 	switch (argc) {
81 	case 1:
82 		status = show_auths(NULL, defauths, defauth_cnt, 0);
83 		break;
84 	case 2:
85 		status = show_auths(argv[argc-1], defauths, defauth_cnt, 0);
86 		break;
87 	default:
88 		while (*++argv) {
89 			status = show_auths(*argv, defauths, defauth_cnt, 1);
90 			if (status == EXIT_FATAL) {
91 				break;
92 			}
93 		}
94 		break;
95 	}
96 
97 	/* free memory allocated for default authorizations */
98 	for (i = 0; i < defauth_cnt; i++) {
99 		free(defauths[i]);
100 	}
101 
102 	status = (status == EXIT_OK) ? status : EXIT_FATAL;
103 
104 	return (status);
105 }
106 
107 
108 static int
109 show_auths(char *username, char **defauths, int defauth_cnt, int print_name)
110 {
111 	int		status = EXIT_OK;
112 	struct passwd	*pw;
113 	userattr_t	*user;
114 	char		*userauths[MAXAUTHS];
115 	int		userauth_cnt = 0, old_userauth_cnt;
116 	int		i, j, have_allauths, duplicate;
117 
118 	if (username == NULL) {
119 		if ((pw = getpwuid(getuid())) == NULL) {
120 			status = EXIT_NON_FATAL;
121 			(void) fprintf(stderr, "%s: ", progname);
122 			(void) fprintf(stderr, gettext("No passwd entry\n"));
123 			return (status);
124 		}
125 		username = pw->pw_name;
126 	} else if (getpwnam(username) == NULL) {
127 		status = EXIT_NON_FATAL;
128 		(void) fprintf(stderr, "%s: %s : ", progname, username);
129 		(void) fprintf(stderr, gettext("No such user\n"));
130 		return (status);
131 	}
132 
133 	have_allauths = 0;
134 	if (username != NULL) {
135 		/* if ALL_AUTHS is default, don't need to look at other auths */
136 		for (i = 0; i < defauth_cnt; i++) {
137 			if (strcmp(defauths[i], ALL_AUTHS) == 0) {
138 				have_allauths = 1;
139 				break;
140 			}
141 		}
142 		if (have_allauths) {
143 			status = EXIT_OK;
144 		} else if ((user = getusernam(username)) != NULL) {
145 			status = list_auths(user, userauths, &userauth_cnt);
146 			/* check if any profiles have ALL_AUTHS */
147 			for (i = 0; i < userauth_cnt; i++) {
148 				if (strcmp(userauths[i], ALL_AUTHS) == 0) {
149 					have_allauths = 1;
150 					break;
151 				}
152 			}
153 		}
154 		if ((defauth_cnt + userauth_cnt) == 0) {
155 			status = EXIT_NON_FATAL;
156 		}
157 	}
158 	if (status == EXIT_NON_FATAL) {
159 		(void) fprintf(stderr, "%s: %s : ", progname, username);
160 		(void) fprintf(stderr, gettext("No authorizations\n"));
161 	} else {
162 		if (print_name) {
163 			(void) printf("%s : ", username);
164 		}
165 
166 		if (have_allauths) {
167 			(void) printf("%s\n", ALL_SUN_AUTHS);
168 		} else {
169 			/*
170 			 * combine the user auths and default auths,
171 			 * and eliminate duplicates from the two
172 			 */
173 			old_userauth_cnt = userauth_cnt;
174 			for (i = 0; i < defauth_cnt; i++) {
175 				duplicate = 0;
176 				for (j = 0; j < old_userauth_cnt; j++) {
177 					if (strcmp(userauths[j], defauths[i]) ==
178 					    0) {
179 						duplicate = 1;
180 						break;
181 					}
182 				}
183 				if (!duplicate) {
184 					userauths[userauth_cnt] =
185 					    strdup(defauths[i]);
186 					userauth_cnt++;
187 				}
188 			}
189 
190 			/* print out the auths */
191 			for (i = 0; i < (userauth_cnt - 1); i++) {
192 				(void) printf("%s,", userauths[i]);
193 			}
194 
195 			/* print out the last entry, without the comma */
196 			(void) printf("%s\n", userauths[userauth_cnt - 1]);
197 		}
198 	}
199 
200 	/* free memory allocated for authorizations */
201 	for (i = 0; i < userauth_cnt; i++) {
202 		free(userauths[i]);
203 	}
204 
205 	return (status);
206 }
207 
208 
209 static int
210 list_auths(userattr_t *user, char **authArray, int *authcnt)
211 {
212 	int		status = EXIT_OK;
213 	char		*authlist = NULL;
214 	char		*proflist = NULL;
215 	char		*profArray[MAXPROFS];
216 	int		profcnt = 0;
217 
218 	authlist = kva_match(user->attr, USERATTR_AUTHS_KW);
219 	if (authlist != NULL) {
220 		add_auths(authlist, authArray, authcnt);
221 	}
222 	if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) {
223 		if (authcnt == 0) {
224 			status = EXIT_NON_FATAL;
225 		}
226 	} else {
227 		getProfiles(proflist, profArray, &profcnt,
228 		    authArray, authcnt);
229 		free_proflist(profArray, profcnt);
230 	}
231 	if (authcnt == 0) {
232 		status = EXIT_NON_FATAL;
233 	}
234 	free_userattr(user);
235 
236 	return (status);
237 }
238 
239 
240 static char *
241 get_default_auths(char **authArray, int *authcnt)
242 {
243 	char *auths = NULL;
244 	char *profs = NULL;
245 	char *profArray[MAXPROFS];
246 	int profcnt = 0;
247 
248 	if (defopen(AUTH_POLICY) == NULL) {
249 		auths = defread(DEF_AUTH);
250 		if (auths != NULL) {
251 			add_auths(auths, authArray, authcnt);
252 		}
253 
254 		/* get authorizations from default profiles */
255 		profs = defread(DEF_PROF);
256 		if (profs != NULL) {
257 			getProfiles(profs, profArray, &profcnt,
258 			    authArray, authcnt);
259 			free_proflist(profArray, profcnt);
260 		}
261 	}
262 
263 	return (auths);
264 }
265 
266 void
267 add_auths(char *auths, char **authArray, int *authcnt)
268 {
269 	char	*authname, *lasts, *real_authname;
270 	int	i;
271 
272 	for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts);
273 	    authname != NULL;
274 	    authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) {
275 
276 		if ((strcmp(authname, KV_WILDCARD) == 0) ||
277 		    (strcmp(authname, ALL_SUN_AUTHS) == 0)) {
278 			real_authname = ALL_AUTHS;
279 		} else {
280 			real_authname = authname;
281 		}
282 
283 		/* check to see if authorization is already in list */
284 		for (i = 0; i < *authcnt; i++) {
285 			if (strcmp(real_authname, authArray[i]) == 0) {
286 				break;	/* already in list */
287 			}
288 		}
289 
290 		/* not in list, add it in */
291 		if (i == *authcnt) {
292 			authArray[i] = strdup(real_authname);
293 			*authcnt = i + 1;
294 		}
295 	}
296 
297 }
298 
299 static void
300 getProfiles(char *profiles, char **profArray, int *profcnt,
301 	char **authArray, int *authcnt)
302 {
303 
304 	char		*prof;
305 	char		*lasts;
306 	profattr_t	*pa;
307 	char		*auths;
308 	int		i;
309 
310 	for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts);
311 	    prof != NULL;
312 	    prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) {
313 
314 		getproflist(prof, profArray, profcnt);
315 	}
316 
317 	/* get authorizations from list of profiles */
318 	for (i = 0; i < *profcnt; i++) {
319 
320 		if ((pa = getprofnam(profArray[i])) == NULL) {
321 			/*
322 			 *  this should never happen.
323 			 *  unless the database has an undefined profile
324 			 */
325 			continue;
326 		}
327 
328 		/* get auths this profile */
329 		auths = kva_match(pa->attr, PROFATTR_AUTHS_KW);
330 		if (auths != NULL) {
331 			add_auths(auths, authArray, authcnt);
332 		}
333 
334 		free_profattr(pa);
335 	}
336 }
337