1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <unistd.h> 31 #include <pwd.h> 32 #include <string.h> 33 #include <deflt.h> 34 #include <libintl.h> 35 #include <locale.h> 36 #include <user_attr.h> 37 #include <prof_attr.h> 38 #include <auth_attr.h> 39 40 41 #define ALL_AUTHS "All" 42 #define ALL_SUN_AUTHS "solaris.*" 43 44 #define EXIT_OK 0 45 #define EXIT_FATAL 1 46 #define EXIT_NON_FATAL 2 47 48 #ifndef TEXT_DOMAIN /* Should be defined by cc -D */ 49 #define TEXT_DOMAIN "SYS_TEST" 50 #endif 51 52 #define PROFLIST_SEP "," 53 #define AUTH_SEP "," 54 #define MAXAUTHS 4096 55 56 57 static int show_auths(char *, char **, int, int); 58 static int list_auths(userattr_t *, char **, int *); 59 static char *get_default_auths(char **, int *); 60 static void getProfiles(char *, char **, int *, char **, int *); 61 static void add_auths(char *, char **, int *); 62 63 64 static char *progname = "auths"; 65 66 67 int 68 main(int argc, char *argv[]) 69 { 70 int status = EXIT_OK; 71 char *defauths[MAXAUTHS]; 72 int defauth_cnt = 0; 73 int i; 74 75 (void) setlocale(LC_ALL, ""); 76 (void) textdomain(TEXT_DOMAIN); 77 78 (void) get_default_auths(defauths, &defauth_cnt); 79 80 switch (argc) { 81 case 1: 82 status = show_auths(NULL, defauths, defauth_cnt, 0); 83 break; 84 case 2: 85 status = show_auths(argv[argc-1], defauths, defauth_cnt, 0); 86 break; 87 default: 88 while (*++argv) { 89 status = show_auths(*argv, defauths, defauth_cnt, 1); 90 if (status == EXIT_FATAL) { 91 break; 92 } 93 } 94 break; 95 } 96 97 /* free memory allocated for default authorizations */ 98 for (i = 0; i < defauth_cnt; i++) { 99 free(defauths[i]); 100 } 101 102 status = (status == EXIT_OK) ? status : EXIT_FATAL; 103 104 return (status); 105 } 106 107 108 static int 109 show_auths(char *username, char **defauths, int defauth_cnt, int print_name) 110 { 111 int status = EXIT_OK; 112 struct passwd *pw; 113 userattr_t *user; 114 char *userauths[MAXAUTHS]; 115 int userauth_cnt = 0, old_userauth_cnt; 116 int i, j, have_allauths, duplicate; 117 118 if (username == NULL) { 119 if ((pw = getpwuid(getuid())) == NULL) { 120 status = EXIT_NON_FATAL; 121 (void) fprintf(stderr, "%s: ", progname); 122 (void) fprintf(stderr, gettext("No passwd entry\n")); 123 return (status); 124 } 125 username = pw->pw_name; 126 } else if (getpwnam(username) == NULL) { 127 status = EXIT_NON_FATAL; 128 (void) fprintf(stderr, "%s: %s : ", progname, username); 129 (void) fprintf(stderr, gettext("No such user\n")); 130 return (status); 131 } 132 133 have_allauths = 0; 134 if (username != NULL) { 135 /* if ALL_AUTHS is default, don't need to look at other auths */ 136 for (i = 0; i < defauth_cnt; i++) { 137 if (strcmp(defauths[i], ALL_AUTHS) == 0) { 138 have_allauths = 1; 139 break; 140 } 141 } 142 if (have_allauths) { 143 status = EXIT_OK; 144 } else if ((user = getusernam(username)) != NULL) { 145 status = list_auths(user, userauths, &userauth_cnt); 146 /* check if any profiles have ALL_AUTHS */ 147 for (i = 0; i < userauth_cnt; i++) { 148 if (strcmp(userauths[i], ALL_AUTHS) == 0) { 149 have_allauths = 1; 150 break; 151 } 152 } 153 } 154 if ((defauth_cnt + userauth_cnt) == 0) { 155 status = EXIT_NON_FATAL; 156 } 157 } 158 if (status == EXIT_NON_FATAL) { 159 (void) fprintf(stderr, "%s: %s : ", progname, username); 160 (void) fprintf(stderr, gettext("No authorizations\n")); 161 } else { 162 if (print_name) { 163 (void) printf("%s : ", username); 164 } 165 166 if (have_allauths) { 167 (void) printf("%s\n", ALL_SUN_AUTHS); 168 } else { 169 /* 170 * combine the user auths and default auths, 171 * and eliminate duplicates from the two 172 */ 173 old_userauth_cnt = userauth_cnt; 174 for (i = 0; i < defauth_cnt; i++) { 175 duplicate = 0; 176 for (j = 0; j < old_userauth_cnt; j++) { 177 if (strcmp(userauths[j], defauths[i]) == 178 0) { 179 duplicate = 1; 180 break; 181 } 182 } 183 if (!duplicate) { 184 userauths[userauth_cnt] = 185 strdup(defauths[i]); 186 userauth_cnt++; 187 } 188 } 189 190 /* print out the auths */ 191 for (i = 0; i < (userauth_cnt - 1); i++) { 192 (void) printf("%s,", userauths[i]); 193 } 194 195 /* print out the last entry, without the comma */ 196 (void) printf("%s\n", userauths[userauth_cnt - 1]); 197 } 198 } 199 200 /* free memory allocated for authorizations */ 201 for (i = 0; i < userauth_cnt; i++) { 202 free(userauths[i]); 203 } 204 205 return (status); 206 } 207 208 209 static int 210 list_auths(userattr_t *user, char **authArray, int *authcnt) 211 { 212 int status = EXIT_OK; 213 char *authlist = NULL; 214 char *proflist = NULL; 215 char *profArray[MAXPROFS]; 216 int profcnt = 0; 217 218 authlist = kva_match(user->attr, USERATTR_AUTHS_KW); 219 if (authlist != NULL) { 220 add_auths(authlist, authArray, authcnt); 221 } 222 if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) { 223 if (authcnt == 0) { 224 status = EXIT_NON_FATAL; 225 } 226 } else { 227 getProfiles(proflist, profArray, &profcnt, 228 authArray, authcnt); 229 free_proflist(profArray, profcnt); 230 } 231 if (authcnt == 0) { 232 status = EXIT_NON_FATAL; 233 } 234 free_userattr(user); 235 236 return (status); 237 } 238 239 240 static char * 241 get_default_auths(char **authArray, int *authcnt) 242 { 243 char *auths = NULL; 244 char *profs = NULL; 245 char *profArray[MAXPROFS]; 246 int profcnt = 0; 247 248 if (defopen(AUTH_POLICY) == NULL) { 249 auths = defread(DEF_AUTH); 250 if (auths != NULL) { 251 add_auths(auths, authArray, authcnt); 252 } 253 254 /* get authorizations from default profiles */ 255 profs = defread(DEF_PROF); 256 if (profs != NULL) { 257 getProfiles(profs, profArray, &profcnt, 258 authArray, authcnt); 259 free_proflist(profArray, profcnt); 260 } 261 } 262 263 return (auths); 264 } 265 266 void 267 add_auths(char *auths, char **authArray, int *authcnt) 268 { 269 char *authname, *lasts, *real_authname; 270 int i; 271 272 for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts); 273 authname != NULL; 274 authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) { 275 276 if ((strcmp(authname, KV_WILDCARD) == 0) || 277 (strcmp(authname, ALL_SUN_AUTHS) == 0)) { 278 real_authname = ALL_AUTHS; 279 } else { 280 real_authname = authname; 281 } 282 283 /* check to see if authorization is already in list */ 284 for (i = 0; i < *authcnt; i++) { 285 if (strcmp(real_authname, authArray[i]) == 0) { 286 break; /* already in list */ 287 } 288 } 289 290 /* not in list, add it in */ 291 if (i == *authcnt) { 292 authArray[i] = strdup(real_authname); 293 *authcnt = i + 1; 294 } 295 } 296 297 } 298 299 static void 300 getProfiles(char *profiles, char **profArray, int *profcnt, 301 char **authArray, int *authcnt) 302 { 303 304 char *prof; 305 char *lasts; 306 profattr_t *pa; 307 char *auths; 308 int i; 309 310 for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts); 311 prof != NULL; 312 prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) { 313 314 getproflist(prof, profArray, profcnt); 315 } 316 317 /* get authorizations from list of profiles */ 318 for (i = 0; i < *profcnt; i++) { 319 320 if ((pa = getprofnam(profArray[i])) == NULL) { 321 /* 322 * this should never happen. 323 * unless the database has an undefined profile 324 */ 325 continue; 326 } 327 328 /* get auths this profile */ 329 auths = kva_match(pa->attr, PROFATTR_AUTHS_KW); 330 if (auths != NULL) { 331 add_auths(auths, authArray, authcnt); 332 } 333 334 free_profattr(pa); 335 } 336 } 337