1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <unistd.h> 31 #include <pwd.h> 32 #include <string.h> 33 #include <deflt.h> 34 #include <libintl.h> 35 #include <locale.h> 36 #include <user_attr.h> 37 #include <prof_attr.h> 38 #include <auth_attr.h> 39 40 41 #define ALL_AUTHS "All" 42 #define ALL_SUN_AUTHS "solaris.*" 43 44 #define EXIT_OK 0 45 #define EXIT_FATAL 1 46 #define EXIT_NON_FATAL 2 47 48 #ifndef TEXT_DOMAIN /* Should be defined by cc -D */ 49 #define TEXT_DOMAIN "SYS_TEST" 50 #endif 51 52 #define PROFLIST_SEP "," 53 #define AUTH_SEP "," 54 #define MAXAUTHS 4096 55 56 57 static int show_auths(char *, char **, int, int); 58 static int list_auths(userattr_t *, char **, int *); 59 static void get_default_auths(char *, char **, int *); 60 static void getProfiles(char *, char **, int *, char **, int *); 61 static void add_auths(char *, char **, int *); 62 static void free_auths(char **, int *); 63 64 static char *progname = "auths"; 65 66 67 int 68 main(int argc, char *argv[]) 69 { 70 int status = EXIT_OK; 71 char *defauths[MAXAUTHS]; 72 int defauth_cnt = 0; 73 74 (void) setlocale(LC_ALL, ""); 75 (void) textdomain(TEXT_DOMAIN); 76 77 switch (argc) { 78 case 1: 79 get_default_auths(NULL, defauths, &defauth_cnt); 80 status = show_auths(NULL, defauths, defauth_cnt, 0); 81 break; 82 case 2: 83 get_default_auths(argv[argc-1], defauths, &defauth_cnt); 84 status = show_auths(argv[argc-1], defauths, defauth_cnt, 0); 85 break; 86 default: 87 while (*++argv) { 88 get_default_auths(*argv, defauths, &defauth_cnt); 89 status = show_auths(*argv, defauths, defauth_cnt, 1); 90 if (status == EXIT_FATAL) { 91 break; 92 } 93 /* free memory allocated for default authorizations */ 94 free_auths(defauths, &defauth_cnt); 95 } 96 break; 97 } 98 99 /* free memory allocated for default authorizations */ 100 free_auths(defauths, &defauth_cnt); 101 status = (status == EXIT_OK) ? status : EXIT_FATAL; 102 103 return (status); 104 } 105 106 107 static int 108 show_auths(char *username, char **defauths, int defauth_cnt, int print_name) 109 { 110 int status = EXIT_OK; 111 struct passwd *pw; 112 userattr_t *user; 113 char *userauths[MAXAUTHS]; 114 int userauth_cnt = 0, old_userauth_cnt; 115 int i, j, have_allauths, duplicate; 116 117 if (username == NULL) { 118 if ((pw = getpwuid(getuid())) == NULL) { 119 status = EXIT_NON_FATAL; 120 (void) fprintf(stderr, "%s: ", progname); 121 (void) fprintf(stderr, gettext("No passwd entry\n")); 122 return (status); 123 } 124 username = pw->pw_name; 125 } else if (getpwnam(username) == NULL) { 126 status = EXIT_NON_FATAL; 127 (void) fprintf(stderr, "%s: %s : ", progname, username); 128 (void) fprintf(stderr, gettext("No such user\n")); 129 return (status); 130 } 131 132 have_allauths = 0; 133 if (username != NULL) { 134 /* if ALL_AUTHS is default, don't need to look at other auths */ 135 for (i = 0; i < defauth_cnt; i++) { 136 if (strcmp(defauths[i], ALL_AUTHS) == 0) { 137 have_allauths = 1; 138 break; 139 } 140 } 141 if (have_allauths) { 142 status = EXIT_OK; 143 } else if ((user = getusernam(username)) != NULL) { 144 status = list_auths(user, userauths, &userauth_cnt); 145 /* check if any profiles have ALL_AUTHS */ 146 for (i = 0; i < userauth_cnt; i++) { 147 if (strcmp(userauths[i], ALL_AUTHS) == 0) { 148 have_allauths = 1; 149 break; 150 } 151 } 152 } 153 if ((defauth_cnt + userauth_cnt) == 0) { 154 status = EXIT_NON_FATAL; 155 } 156 } 157 if (status == EXIT_NON_FATAL) { 158 (void) fprintf(stderr, "%s: %s : ", progname, username); 159 (void) fprintf(stderr, gettext("No authorizations\n")); 160 } else { 161 if (print_name) { 162 (void) printf("%s : ", username); 163 } 164 165 if (have_allauths) { 166 (void) printf("%s\n", ALL_SUN_AUTHS); 167 } else { 168 /* 169 * combine the user auths and default auths, 170 * and eliminate duplicates from the two 171 */ 172 old_userauth_cnt = userauth_cnt; 173 for (i = 0; i < defauth_cnt; i++) { 174 duplicate = 0; 175 for (j = 0; j < old_userauth_cnt; j++) { 176 if (strcmp(userauths[j], defauths[i]) == 177 0) { 178 duplicate = 1; 179 break; 180 } 181 } 182 if (!duplicate) { 183 userauths[userauth_cnt] = 184 strdup(defauths[i]); 185 userauth_cnt++; 186 } 187 } 188 189 /* print out the auths */ 190 for (i = 0; i < (userauth_cnt - 1); i++) { 191 (void) printf("%s,", userauths[i]); 192 } 193 194 /* print out the last entry, without the comma */ 195 (void) printf("%s\n", userauths[userauth_cnt - 1]); 196 } 197 } 198 199 /* free memory allocated for authorizations */ 200 free_auths(userauths, &userauth_cnt); 201 202 return (status); 203 } 204 205 206 static int 207 list_auths(userattr_t *user, char **authArray, int *authcnt) 208 { 209 int status = EXIT_OK; 210 char *authlist = NULL; 211 char *proflist = NULL; 212 char *profArray[MAXPROFS]; 213 int profcnt = 0; 214 215 authlist = kva_match(user->attr, USERATTR_AUTHS_KW); 216 if (authlist != NULL) { 217 add_auths(authlist, authArray, authcnt); 218 } 219 if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) { 220 if (authcnt == 0) { 221 status = EXIT_NON_FATAL; 222 } 223 } else { 224 getProfiles(proflist, profArray, &profcnt, 225 authArray, authcnt); 226 free_proflist(profArray, profcnt); 227 } 228 if (authcnt == 0) { 229 status = EXIT_NON_FATAL; 230 } 231 free_userattr(user); 232 233 return (status); 234 } 235 236 237 static void 238 get_default_auths(char *user, char **authArray, int *authcnt) 239 { 240 char *auths = NULL; 241 char *profs = NULL; 242 char *profArray[MAXPROFS]; 243 int profcnt = 0; 244 245 if (user == NULL) { 246 struct passwd *pw; 247 248 if ((pw = getpwuid(getuid())) != NULL) { 249 user = pw->pw_name; 250 } 251 } 252 253 if (_get_user_defs(user, &auths, &profs) == 0) { 254 if (auths != NULL) { 255 add_auths(auths, authArray, authcnt); 256 } 257 258 /* get authorizations from default profiles */ 259 if (profs != NULL) { 260 getProfiles(profs, profArray, &profcnt, 261 authArray, authcnt); 262 free_proflist(profArray, profcnt); 263 } 264 _free_user_defs(auths, profs); 265 } 266 } 267 268 void 269 add_auths(char *auths, char **authArray, int *authcnt) 270 { 271 char *authname, *lasts, *real_authname; 272 int i; 273 274 for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts); 275 authname != NULL; 276 authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) { 277 278 if ((strcmp(authname, KV_WILDCARD) == 0) || 279 (strcmp(authname, ALL_SUN_AUTHS) == 0)) { 280 real_authname = ALL_AUTHS; 281 } else { 282 real_authname = authname; 283 } 284 285 /* check to see if authorization is already in list */ 286 for (i = 0; i < *authcnt; i++) { 287 if (strcmp(real_authname, authArray[i]) == 0) { 288 break; /* already in list */ 289 } 290 } 291 292 /* not in list, add it in */ 293 if (i == *authcnt) { 294 authArray[i] = strdup(real_authname); 295 *authcnt = i + 1; 296 } 297 } 298 299 } 300 301 static void 302 free_auths(char *auths[], int *auth_cnt) 303 { 304 int i; 305 306 for (i = 0; i < *auth_cnt; i++) { 307 free(auths[i]); 308 } 309 *auth_cnt = 0; 310 } 311 312 static void 313 getProfiles(char *profiles, char **profArray, int *profcnt, 314 char **authArray, int *authcnt) 315 { 316 317 char *prof; 318 char *lasts; 319 profattr_t *pa; 320 char *auths; 321 int i; 322 323 for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts); 324 prof != NULL; 325 prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) { 326 327 getproflist(prof, profArray, profcnt); 328 } 329 330 /* get authorizations from list of profiles */ 331 for (i = 0; i < *profcnt; i++) { 332 333 if ((pa = getprofnam(profArray[i])) == NULL) { 334 /* 335 * this should never happen. 336 * unless the database has an undefined profile 337 */ 338 continue; 339 } 340 341 /* get auths this profile */ 342 auths = kva_match(pa->attr, PROFATTR_AUTHS_KW); 343 if (auths != NULL) { 344 add_auths(auths, authArray, authcnt); 345 } 346 347 free_profattr(pa); 348 } 349 } 350