1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <stdio.h> 30 #include <stdlib.h> 31 #include <unistd.h> 32 #include <pwd.h> 33 #include <string.h> 34 #include <deflt.h> 35 #include <libintl.h> 36 #include <locale.h> 37 #include <user_attr.h> 38 #include <prof_attr.h> 39 #include <auth_attr.h> 40 41 42 #define ALL_AUTHS "All" 43 #define ALL_SUN_AUTHS "solaris.*" 44 45 #define EXIT_OK 0 46 #define EXIT_FATAL 1 47 #define EXIT_NON_FATAL 2 48 49 #ifndef TEXT_DOMAIN /* Should be defined by cc -D */ 50 #define TEXT_DOMAIN "SYS_TEST" 51 #endif 52 53 #define PROFLIST_SEP "," 54 #define AUTH_SEP "," 55 #define MAXAUTHS 4096 56 57 58 static int show_auths(char *, char **, int, int); 59 static int list_auths(userattr_t *, char **, int *); 60 static char *get_default_auths(char **, int *); 61 static void getProfiles(char *, char **, int *, char **, int *); 62 static void add_auths(char *, char **, int *); 63 64 65 static char *progname = "auths"; 66 67 68 int 69 main(int argc, char *argv[]) 70 { 71 int status = EXIT_OK; 72 char *defauths[MAXAUTHS]; 73 int defauth_cnt = 0; 74 int i; 75 76 (void) setlocale(LC_ALL, ""); 77 (void) textdomain(TEXT_DOMAIN); 78 79 (void) get_default_auths(defauths, &defauth_cnt); 80 81 switch (argc) { 82 case 1: 83 status = show_auths(NULL, defauths, defauth_cnt, 0); 84 break; 85 case 2: 86 status = show_auths(argv[argc-1], defauths, defauth_cnt, 0); 87 break; 88 default: 89 while (*++argv) { 90 status = show_auths(*argv, defauths, defauth_cnt, 1); 91 if (status == EXIT_FATAL) { 92 break; 93 } 94 } 95 break; 96 } 97 98 /* free memory allocated for default authorizations */ 99 for (i = 0; i < defauth_cnt; i++) { 100 free(defauths[i]); 101 } 102 103 status = (status == EXIT_OK) ? status : EXIT_FATAL; 104 105 return (status); 106 } 107 108 109 static int 110 show_auths(char *username, char **defauths, int defauth_cnt, int print_name) 111 { 112 int status = EXIT_OK; 113 struct passwd *pw; 114 userattr_t *user; 115 char *userauths[MAXAUTHS]; 116 int userauth_cnt = 0, old_userauth_cnt; 117 int i, j, have_allauths, duplicate; 118 119 if (username == NULL) { 120 if ((pw = getpwuid(getuid())) == NULL) { 121 status = EXIT_NON_FATAL; 122 (void) fprintf(stderr, "%s: ", progname); 123 (void) fprintf(stderr, gettext("No passwd entry\n")); 124 return (status); 125 } 126 username = pw->pw_name; 127 } else if ((pw = getpwnam(username)) == NULL) { 128 status = EXIT_NON_FATAL; 129 (void) fprintf(stderr, "%s: %s : ", progname, username); 130 (void) fprintf(stderr, gettext("No such user\n")); 131 return (status); 132 } 133 134 have_allauths = 0; 135 if (username != NULL) { 136 /* if ALL_AUTHS is default, don't need to look at other auths */ 137 for (i = 0; i < defauth_cnt; i++) { 138 if (strcmp(defauths[i], ALL_AUTHS) == 0) { 139 have_allauths = 1; 140 break; 141 } 142 } 143 if (have_allauths) { 144 status = EXIT_OK; 145 } else if ((user = getusernam(username)) != NULL) { 146 status = list_auths(user, userauths, &userauth_cnt); 147 /* check if any profiles have ALL_AUTHS */ 148 for (i = 0; i < userauth_cnt; i++) { 149 if (strcmp(userauths[i], ALL_AUTHS) == 0) { 150 have_allauths = 1; 151 break; 152 } 153 } 154 } 155 if ((defauth_cnt + userauth_cnt) == 0) { 156 status = EXIT_NON_FATAL; 157 } 158 } 159 if (status == EXIT_NON_FATAL) { 160 (void) fprintf(stderr, "%s: %s : ", progname, username); 161 (void) fprintf(stderr, gettext("No authorizations\n")); 162 } else { 163 if (print_name) { 164 (void) printf("%s : ", username); 165 } 166 167 if (have_allauths) { 168 (void) printf("%s\n", ALL_SUN_AUTHS); 169 } else { 170 /* 171 * combine the user auths and default auths, 172 * and eliminate duplicates from the two 173 */ 174 old_userauth_cnt = userauth_cnt; 175 for (i = 0; i < defauth_cnt; i++) { 176 duplicate = 0; 177 for (j = 0; j < old_userauth_cnt; j++) { 178 if (strcmp(userauths[j], defauths[i]) == 179 0) { 180 duplicate = 1; 181 break; 182 } 183 } 184 if (!duplicate) { 185 userauths[userauth_cnt] = 186 strdup(defauths[i]); 187 userauth_cnt++; 188 } 189 } 190 191 /* print out the auths */ 192 for (i = 0; i < (userauth_cnt - 1); i++) { 193 (void) printf("%s,", userauths[i]); 194 } 195 196 /* print out the last entry, without the comma */ 197 (void) printf("%s\n", userauths[userauth_cnt - 1]); 198 } 199 } 200 201 /* free memory allocated for authorizations */ 202 for (i = 0; i < userauth_cnt; i++) { 203 free(userauths[i]); 204 } 205 206 return (status); 207 } 208 209 210 static int 211 list_auths(userattr_t *user, char **authArray, int *authcnt) 212 { 213 int status = EXIT_OK; 214 char *authlist = NULL; 215 char *proflist = NULL; 216 char *profArray[MAXPROFS]; 217 int profcnt = 0; 218 219 authlist = kva_match(user->attr, USERATTR_AUTHS_KW); 220 if (authlist != NULL) { 221 add_auths(authlist, authArray, authcnt); 222 } 223 if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) { 224 if (authcnt == 0) { 225 status = EXIT_NON_FATAL; 226 } 227 } else { 228 getProfiles(proflist, profArray, &profcnt, 229 authArray, authcnt); 230 free_proflist(profArray, profcnt); 231 } 232 if (authcnt == 0) { 233 status = EXIT_NON_FATAL; 234 } 235 free_userattr(user); 236 237 return (status); 238 } 239 240 241 static char * 242 get_default_auths(char **authArray, int *authcnt) 243 { 244 char *auths = NULL; 245 char *profs = NULL; 246 char *profArray[MAXPROFS]; 247 int profcnt = 0; 248 249 if (defopen(AUTH_POLICY) == NULL) { 250 auths = defread(DEF_AUTH); 251 if (auths != NULL) { 252 add_auths(auths, authArray, authcnt); 253 } 254 255 /* get authorizations from default profiles */ 256 profs = defread(DEF_PROF); 257 if (profs != NULL) { 258 getProfiles(profs, profArray, &profcnt, 259 authArray, authcnt); 260 free_proflist(profArray, profcnt); 261 } 262 } 263 264 return (auths); 265 } 266 267 void 268 add_auths(char *auths, char **authArray, int *authcnt) 269 { 270 char *authname, *lasts, *real_authname; 271 int i; 272 273 for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts); 274 authname != NULL; 275 authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) { 276 277 if ((strcmp(authname, KV_WILDCARD) == 0) || 278 (strcmp(authname, ALL_SUN_AUTHS) == 0)) { 279 real_authname = ALL_AUTHS; 280 } else { 281 real_authname = authname; 282 } 283 284 /* check to see if authorization is already in list */ 285 for (i = 0; i < *authcnt; i++) { 286 if (strcmp(real_authname, authArray[i]) == 0) { 287 break; /* already in list */ 288 } 289 } 290 291 /* not in list, add it in */ 292 if (i == *authcnt) { 293 authArray[i] = strdup(real_authname); 294 *authcnt = i + 1; 295 } 296 } 297 298 } 299 300 static void 301 getProfiles(char *profiles, char **profArray, int *profcnt, 302 char **authArray, int *authcnt) 303 { 304 305 char *prof; 306 char *lasts; 307 profattr_t *pa; 308 char *auths; 309 int i; 310 311 for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts); 312 prof != NULL; 313 prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) { 314 315 getproflist(prof, profArray, profcnt); 316 } 317 318 /* get authorizations from list of profiles */ 319 for (i = 0; i < *profcnt; i++) { 320 321 if ((pa = getprofnam(profArray[i])) == NULL) { 322 /* 323 * this should never happen. 324 * unless the database has an undefined profile 325 */ 326 continue; 327 } 328 329 /* get auths this profile */ 330 auths = kva_match(pa->attr, PROFATTR_AUTHS_KW); 331 if (auths != NULL) { 332 add_auths(auths, authArray, authcnt); 333 } 334 335 free_profattr(pa); 336 } 337 } 338