xref: /titanic_41/usr/src/cmd/auths/auths.c (revision 40db2e2b777b79f3dd0d6d9629593a07f86b9c0a)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <unistd.h>
31 #include <pwd.h>
32 #include <string.h>
33 #include <deflt.h>
34 #include <libintl.h>
35 #include <locale.h>
36 #include <user_attr.h>
37 #include <prof_attr.h>
38 #include <auth_attr.h>
39 
40 
41 #define	ALL_AUTHS	"All"
42 #define	ALL_SUN_AUTHS	"solaris.*"
43 
44 #define	EXIT_OK		0
45 #define	EXIT_FATAL	1
46 #define	EXIT_NON_FATAL	2
47 
48 #ifndef	TEXT_DOMAIN			/* Should be defined by cc -D */
49 #define	TEXT_DOMAIN	"SYS_TEST"
50 #endif
51 
52 #define	PROFLIST_SEP	","
53 #define	AUTH_SEP	","
54 #define	MAXAUTHS	4096
55 
56 
57 static int show_auths(char *, char **, int, int);
58 static int list_auths(userattr_t *, char **, int *);
59 static void get_default_auths(char *, char **, int *);
60 static void getProfiles(char *, char **, int *, char **, int *);
61 static void add_auths(char *, char **, int *);
62 static void free_auths(char **, int *);
63 
64 static char *progname = "auths";
65 
66 
67 int
68 main(int argc, char *argv[])
69 {
70 	int		status = EXIT_OK;
71 	char		*defauths[MAXAUTHS];
72 	int		defauth_cnt = 0;
73 
74 	(void) setlocale(LC_ALL, "");
75 	(void) textdomain(TEXT_DOMAIN);
76 
77 	switch (argc) {
78 	case 1:
79 		get_default_auths(NULL, defauths, &defauth_cnt);
80 		status = show_auths(NULL, defauths, defauth_cnt, 0);
81 		break;
82 	case 2:
83 		get_default_auths(argv[argc-1], defauths, &defauth_cnt);
84 		status = show_auths(argv[argc-1], defauths, defauth_cnt, 0);
85 		break;
86 	default:
87 		while (*++argv) {
88 			get_default_auths(*argv, defauths, &defauth_cnt);
89 			status = show_auths(*argv, defauths, defauth_cnt, 1);
90 			if (status == EXIT_FATAL) {
91 				break;
92 			}
93 			/* free memory allocated for default authorizations */
94 			free_auths(defauths, &defauth_cnt);
95 		}
96 		break;
97 	}
98 
99 	/* free memory allocated for default authorizations */
100 	free_auths(defauths, &defauth_cnt);
101 	status = (status == EXIT_OK) ? status : EXIT_FATAL;
102 
103 	return (status);
104 }
105 
106 
107 static int
108 show_auths(char *username, char **defauths, int defauth_cnt, int print_name)
109 {
110 	int		status = EXIT_OK;
111 	struct passwd	*pw;
112 	userattr_t	*user;
113 	char		*userauths[MAXAUTHS];
114 	int		userauth_cnt = 0, old_userauth_cnt;
115 	int		i, j, have_allauths, duplicate;
116 
117 	if (username == NULL) {
118 		if ((pw = getpwuid(getuid())) == NULL) {
119 			status = EXIT_NON_FATAL;
120 			(void) fprintf(stderr, "%s: ", progname);
121 			(void) fprintf(stderr, gettext("No passwd entry\n"));
122 			return (status);
123 		}
124 		username = pw->pw_name;
125 	} else if (getpwnam(username) == NULL) {
126 		status = EXIT_NON_FATAL;
127 		(void) fprintf(stderr, "%s: %s : ", progname, username);
128 		(void) fprintf(stderr, gettext("No such user\n"));
129 		return (status);
130 	}
131 
132 	have_allauths = 0;
133 	if (username != NULL) {
134 		/* if ALL_AUTHS is default, don't need to look at other auths */
135 		for (i = 0; i < defauth_cnt; i++) {
136 			if (strcmp(defauths[i], ALL_AUTHS) == 0) {
137 				have_allauths = 1;
138 				break;
139 			}
140 		}
141 		if (have_allauths) {
142 			status = EXIT_OK;
143 		} else if ((user = getusernam(username)) != NULL) {
144 			status = list_auths(user, userauths, &userauth_cnt);
145 			/* check if any profiles have ALL_AUTHS */
146 			for (i = 0; i < userauth_cnt; i++) {
147 				if (strcmp(userauths[i], ALL_AUTHS) == 0) {
148 					have_allauths = 1;
149 					break;
150 				}
151 			}
152 		}
153 		if ((defauth_cnt + userauth_cnt) == 0) {
154 			status = EXIT_NON_FATAL;
155 		}
156 	}
157 	if (status == EXIT_NON_FATAL) {
158 		(void) fprintf(stderr, "%s: %s : ", progname, username);
159 		(void) fprintf(stderr, gettext("No authorizations\n"));
160 	} else {
161 		if (print_name) {
162 			(void) printf("%s : ", username);
163 		}
164 
165 		if (have_allauths) {
166 			(void) printf("%s\n", ALL_SUN_AUTHS);
167 		} else {
168 			/*
169 			 * combine the user auths and default auths,
170 			 * and eliminate duplicates from the two
171 			 */
172 			old_userauth_cnt = userauth_cnt;
173 			for (i = 0; i < defauth_cnt; i++) {
174 				duplicate = 0;
175 				for (j = 0; j < old_userauth_cnt; j++) {
176 					if (strcmp(userauths[j], defauths[i]) ==
177 					    0) {
178 						duplicate = 1;
179 						break;
180 					}
181 				}
182 				if (!duplicate) {
183 					userauths[userauth_cnt] =
184 					    strdup(defauths[i]);
185 					userauth_cnt++;
186 				}
187 			}
188 
189 			/* print out the auths */
190 			for (i = 0; i < (userauth_cnt - 1); i++) {
191 				(void) printf("%s,", userauths[i]);
192 			}
193 
194 			/* print out the last entry, without the comma */
195 			(void) printf("%s\n", userauths[userauth_cnt - 1]);
196 		}
197 	}
198 
199 	/* free memory allocated for authorizations */
200 	free_auths(userauths, &userauth_cnt);
201 
202 	return (status);
203 }
204 
205 
206 static int
207 list_auths(userattr_t *user, char **authArray, int *authcnt)
208 {
209 	int		status = EXIT_OK;
210 	char		*authlist = NULL;
211 	char		*proflist = NULL;
212 	char		*profArray[MAXPROFS];
213 	int		profcnt = 0;
214 
215 	authlist = kva_match(user->attr, USERATTR_AUTHS_KW);
216 	if (authlist != NULL) {
217 		add_auths(authlist, authArray, authcnt);
218 	}
219 	if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) {
220 		if (authcnt == 0) {
221 			status = EXIT_NON_FATAL;
222 		}
223 	} else {
224 		getProfiles(proflist, profArray, &profcnt,
225 		    authArray, authcnt);
226 		free_proflist(profArray, profcnt);
227 	}
228 	if (authcnt == 0) {
229 		status = EXIT_NON_FATAL;
230 	}
231 	free_userattr(user);
232 
233 	return (status);
234 }
235 
236 
237 static void
238 get_default_auths(char *user, char **authArray, int *authcnt)
239 {
240 	char *auths = NULL;
241 	char *profs = NULL;
242 	char *profArray[MAXPROFS];
243 	int profcnt = 0;
244 
245 	if (user == NULL) {
246 		struct passwd *pw;
247 
248 		if ((pw = getpwuid(getuid())) != NULL) {
249 			user = pw->pw_name;
250 		}
251 	}
252 
253 	if (_get_user_defs(user, &auths, &profs) == 0) {
254 		if (auths != NULL) {
255 			add_auths(auths, authArray, authcnt);
256 		}
257 
258 		/* get authorizations from default profiles */
259 		if (profs != NULL) {
260 			getProfiles(profs, profArray, &profcnt,
261 			    authArray, authcnt);
262 			free_proflist(profArray, profcnt);
263 		}
264 		_free_user_defs(auths, profs);
265 	}
266 }
267 
268 void
269 add_auths(char *auths, char **authArray, int *authcnt)
270 {
271 	char	*authname, *lasts, *real_authname;
272 	int	i;
273 
274 	for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts);
275 	    authname != NULL;
276 	    authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) {
277 
278 		if ((strcmp(authname, KV_WILDCARD) == 0) ||
279 		    (strcmp(authname, ALL_SUN_AUTHS) == 0)) {
280 			real_authname = ALL_AUTHS;
281 		} else {
282 			real_authname = authname;
283 		}
284 
285 		/* check to see if authorization is already in list */
286 		for (i = 0; i < *authcnt; i++) {
287 			if (strcmp(real_authname, authArray[i]) == 0) {
288 				break;	/* already in list */
289 			}
290 		}
291 
292 		/* not in list, add it in */
293 		if (i == *authcnt) {
294 			authArray[i] = strdup(real_authname);
295 			*authcnt = i + 1;
296 		}
297 	}
298 
299 }
300 
301 static void
302 free_auths(char *auths[], int *auth_cnt)
303 {
304 	int i;
305 
306 	for (i = 0; i < *auth_cnt; i++) {
307 		free(auths[i]);
308 	}
309 	*auth_cnt = 0;
310 }
311 
312 static void
313 getProfiles(char *profiles, char **profArray, int *profcnt,
314 	char **authArray, int *authcnt)
315 {
316 
317 	char		*prof;
318 	char		*lasts;
319 	profattr_t	*pa;
320 	char		*auths;
321 	int		i;
322 
323 	for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts);
324 	    prof != NULL;
325 	    prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) {
326 
327 		getproflist(prof, profArray, profcnt);
328 	}
329 
330 	/* get authorizations from list of profiles */
331 	for (i = 0; i < *profcnt; i++) {
332 
333 		if ((pa = getprofnam(profArray[i])) == NULL) {
334 			/*
335 			 *  this should never happen.
336 			 *  unless the database has an undefined profile
337 			 */
338 			continue;
339 		}
340 
341 		/* get auths this profile */
342 		auths = kva_match(pa->attr, PROFATTR_AUTHS_KW);
343 		if (auths != NULL) {
344 			add_auths(auths, authArray, authcnt);
345 		}
346 
347 		free_profattr(pa);
348 	}
349 }
350