17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 23*fa9e4066Sahrens * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #include <auth_attr.h> 307c478bd9Sstevel@tonic-gate #include <auth_list.h> 317c478bd9Sstevel@tonic-gate #include <dirent.h> 327c478bd9Sstevel@tonic-gate #include <errno.h> 337c478bd9Sstevel@tonic-gate #include <fcntl.h> 347c478bd9Sstevel@tonic-gate #include <libintl.h> 357c478bd9Sstevel@tonic-gate #include <locale.h> 367c478bd9Sstevel@tonic-gate #include <pwd.h> 377c478bd9Sstevel@tonic-gate #include <signal.h> 387c478bd9Sstevel@tonic-gate #include <stdio.h> 397c478bd9Sstevel@tonic-gate #include <stdlib.h> 407c478bd9Sstevel@tonic-gate #include <string.h> 417c478bd9Sstevel@tonic-gate #include <unistd.h> 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate #include <bsm/devices.h> 447c478bd9Sstevel@tonic-gate #include <bsm/audit_uevents.h> 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate #include <sys/acl.h> 477c478bd9Sstevel@tonic-gate #include <sys/file.h> 487c478bd9Sstevel@tonic-gate #include <sys/procfs.h> 497c478bd9Sstevel@tonic-gate #include <sys/param.h> 507c478bd9Sstevel@tonic-gate #include <sys/resource.h> 517c478bd9Sstevel@tonic-gate #include <sys/stat.h> 527c478bd9Sstevel@tonic-gate #include <sys/time.h> 537c478bd9Sstevel@tonic-gate #include <sys/types.h> 547c478bd9Sstevel@tonic-gate #include <sys/wait.h> 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate #include "allocate.h" 577c478bd9Sstevel@tonic-gate 587c478bd9Sstevel@tonic-gate #ifdef DEBUG 597c478bd9Sstevel@tonic-gate #define dprintf(s, a) (void) fprintf(stderr, s, a) 607c478bd9Sstevel@tonic-gate #define dperror(s) perror(s) 617c478bd9Sstevel@tonic-gate #else /* !DEBUG */ 627c478bd9Sstevel@tonic-gate #define dprintf(s, a) 637c478bd9Sstevel@tonic-gate #define dperror(s) 647c478bd9Sstevel@tonic-gate #endif /* DEBUG */ 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate #define EXIT(number) { \ 677c478bd9Sstevel@tonic-gate if (optflg & FORCE) \ 687c478bd9Sstevel@tonic-gate error = number; \ 697c478bd9Sstevel@tonic-gate else \ 707c478bd9Sstevel@tonic-gate return (number); \ 717c478bd9Sstevel@tonic-gate } 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate #define DEV_ALLOCATED(sbuf) ((sbuf).st_uid != ALLOC_UID || \ 747c478bd9Sstevel@tonic-gate ((sbuf).st_mode & ~S_IFMT) == ALLOC_MODE) 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate #define DEVICE_AUTH_SEPARATOR "," 777c478bd9Sstevel@tonic-gate #define PROCFS "/proc/" 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate extern void audit_allocate_list(char *); 807c478bd9Sstevel@tonic-gate extern void audit_allocate_device(char *); 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate extern char *newenv[]; 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate /* 857c478bd9Sstevel@tonic-gate * Checks if the specified user has any of the authorizations in the 867c478bd9Sstevel@tonic-gate * list of authorizations 877c478bd9Sstevel@tonic-gate */ 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate static int 907c478bd9Sstevel@tonic-gate is_authorized(char *auth_list, uid_t uid) 917c478bd9Sstevel@tonic-gate { 927c478bd9Sstevel@tonic-gate char *auth; 937c478bd9Sstevel@tonic-gate struct passwd *pw; 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate pw = getpwuid(uid); 967c478bd9Sstevel@tonic-gate if (pw == NULL) { 977c478bd9Sstevel@tonic-gate dprintf("Can't get user info for uid=%d\n", (int)uid); 987c478bd9Sstevel@tonic-gate return (0); 997c478bd9Sstevel@tonic-gate } 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate auth = strtok(auth_list, DEVICE_AUTH_SEPARATOR); 1027c478bd9Sstevel@tonic-gate while (auth != NULL) { 1037c478bd9Sstevel@tonic-gate if (chkauthattr(auth, pw->pw_name)) 1047c478bd9Sstevel@tonic-gate return (1); 1057c478bd9Sstevel@tonic-gate auth = strtok(NULL, DEVICE_AUTH_SEPARATOR); 1067c478bd9Sstevel@tonic-gate } 1077c478bd9Sstevel@tonic-gate return (0); 1087c478bd9Sstevel@tonic-gate } 1097c478bd9Sstevel@tonic-gate 1107c478bd9Sstevel@tonic-gate static int 1117c478bd9Sstevel@tonic-gate check_devs(char *list) 1127c478bd9Sstevel@tonic-gate { 1137c478bd9Sstevel@tonic-gate char *file; 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate file = strtok(list, " "); 1167c478bd9Sstevel@tonic-gate while (file != NULL) { 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate if (access(file, F_OK) == -1) { 1197c478bd9Sstevel@tonic-gate dprintf("Unable to access file %s\n", file); 1207c478bd9Sstevel@tonic-gate return (-1); 1217c478bd9Sstevel@tonic-gate } 1227c478bd9Sstevel@tonic-gate file = strtok(NULL, " "); 1237c478bd9Sstevel@tonic-gate } 1247c478bd9Sstevel@tonic-gate return (0); 1257c478bd9Sstevel@tonic-gate } 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate static void 1287c478bd9Sstevel@tonic-gate print_dev(devmap_t *dev_list) 1297c478bd9Sstevel@tonic-gate { 1307c478bd9Sstevel@tonic-gate char *file; 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate (void) printf(gettext("device: %s "), dev_list->dmap_devname); 1337c478bd9Sstevel@tonic-gate (void) printf(gettext("type: %s "), dev_list->dmap_devtype); 1347c478bd9Sstevel@tonic-gate (void) printf(gettext("files: ")); 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate file = strtok(dev_list->dmap_devlist, " "); 1377c478bd9Sstevel@tonic-gate while (file != NULL) { 1387c478bd9Sstevel@tonic-gate (void) printf("%s ", file); 1397c478bd9Sstevel@tonic-gate file = strtok(NULL, " "); 1407c478bd9Sstevel@tonic-gate } 1417c478bd9Sstevel@tonic-gate (void) printf("\n"); 1427c478bd9Sstevel@tonic-gate } 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate static int 1457c478bd9Sstevel@tonic-gate list_device(int optflg, uid_t uid, char *device) 1467c478bd9Sstevel@tonic-gate { 1477c478bd9Sstevel@tonic-gate devalloc_t *dev_ent; 1487c478bd9Sstevel@tonic-gate devmap_t *dev_list; 1497c478bd9Sstevel@tonic-gate char file_name[MAXPATHLEN]; 1507c478bd9Sstevel@tonic-gate struct stat stat_buf; 1517c478bd9Sstevel@tonic-gate char *list; 1527c478bd9Sstevel@tonic-gate int bytes_formated; 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate if ((dev_ent = getdanam(device)) == NULL) { 1557c478bd9Sstevel@tonic-gate if ((dev_list = getdmapdev(device)) == NULL) { 1567c478bd9Sstevel@tonic-gate dprintf("Unable to find %s in the allocate database\n", 1577c478bd9Sstevel@tonic-gate device); 1587c478bd9Sstevel@tonic-gate return (NODMAPENT); 1597c478bd9Sstevel@tonic-gate } else if ((dev_ent = getdanam(dev_list->dmap_devname)) == 1607c478bd9Sstevel@tonic-gate NULL) { 1617c478bd9Sstevel@tonic-gate dprintf("Unable to find %s in the allocate database\n", 1627c478bd9Sstevel@tonic-gate device); 1637c478bd9Sstevel@tonic-gate return (NODAENT); 1647c478bd9Sstevel@tonic-gate } 1657c478bd9Sstevel@tonic-gate } else if ((dev_list = getdmapnam(device)) == NULL) { 1667c478bd9Sstevel@tonic-gate dprintf("Unable to find %s in the allocate database\n", device); 1677c478bd9Sstevel@tonic-gate return (NODMAPENT); 1687c478bd9Sstevel@tonic-gate } 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate bytes_formated = snprintf(file_name, MAXPATHLEN, "%s/%s", DAC_DIR, 1717c478bd9Sstevel@tonic-gate dev_ent->da_devname); 1727c478bd9Sstevel@tonic-gate if (bytes_formated <= 0) { 1737c478bd9Sstevel@tonic-gate return (DEVNAME_ERR); 1747c478bd9Sstevel@tonic-gate } else if (bytes_formated >= MAXPATHLEN) { 1757c478bd9Sstevel@tonic-gate dprintf("device name %s is too long.\n", dev_ent->da_devname); 1767c478bd9Sstevel@tonic-gate return (DEVNAME_TOOLONG); 1777c478bd9Sstevel@tonic-gate } 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate if (stat(file_name, &stat_buf)) { 1807c478bd9Sstevel@tonic-gate dprintf("Unable to stat %s\n", file_name); 1817c478bd9Sstevel@tonic-gate dperror("Error:"); 1827c478bd9Sstevel@tonic-gate return (DACACC); 1837c478bd9Sstevel@tonic-gate } 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate if ((optflg & FREE) && DEV_ALLOCATED(stat_buf)) 1867c478bd9Sstevel@tonic-gate return (ALLOC); 1877c478bd9Sstevel@tonic-gate 1887c478bd9Sstevel@tonic-gate if ((optflg & LIST) && DEV_ALLOCATED(stat_buf) && 1897c478bd9Sstevel@tonic-gate (stat_buf.st_uid != uid)) 1907c478bd9Sstevel@tonic-gate return (ALLOC_OTHER); 1917c478bd9Sstevel@tonic-gate 1927c478bd9Sstevel@tonic-gate if ((optflg & CURRENT) && (stat_buf.st_uid != uid)) 1937c478bd9Sstevel@tonic-gate return (NALLOC); 1947c478bd9Sstevel@tonic-gate 1957c478bd9Sstevel@tonic-gate if ((stat_buf.st_mode & ~S_IFMT) == ALLOC_ERR_MODE) 1967c478bd9Sstevel@tonic-gate return (ALLOCERR); 1977c478bd9Sstevel@tonic-gate 1987c478bd9Sstevel@tonic-gate if ((list = strdup(dev_list->dmap_devlist)) == NULL) 1997c478bd9Sstevel@tonic-gate return (SYSERROR); 2007c478bd9Sstevel@tonic-gate 2017c478bd9Sstevel@tonic-gate if (check_devs(list) == -1) { 2027c478bd9Sstevel@tonic-gate free(list); 2037c478bd9Sstevel@tonic-gate return (DSPMISS); 2047c478bd9Sstevel@tonic-gate } 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate print_dev(dev_list); 2077c478bd9Sstevel@tonic-gate 2087c478bd9Sstevel@tonic-gate free(list); 2097c478bd9Sstevel@tonic-gate return (0); 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate int 2137c478bd9Sstevel@tonic-gate list_devices(int optflg, uid_t uid, char *device) 2147c478bd9Sstevel@tonic-gate { 2157c478bd9Sstevel@tonic-gate DIR * dev_dir; 2167c478bd9Sstevel@tonic-gate struct dirent *dac_file; 2177c478bd9Sstevel@tonic-gate int error = 0, ret_code = 1; 2187c478bd9Sstevel@tonic-gate 2197c478bd9Sstevel@tonic-gate if (optflg & USERID) { 2207c478bd9Sstevel@tonic-gate if (!is_authorized(DEVICE_REVOKE_AUTH, getuid())) 2217c478bd9Sstevel@tonic-gate return (NOTAUTH); 2227c478bd9Sstevel@tonic-gate } 2237c478bd9Sstevel@tonic-gate setdaent(); 2247c478bd9Sstevel@tonic-gate 2257c478bd9Sstevel@tonic-gate if (device) { 2267c478bd9Sstevel@tonic-gate return (list_device(optflg, uid, device)); 2277c478bd9Sstevel@tonic-gate } 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate if ((dev_dir = opendir(DAC_DIR)) == NULL) { 2307c478bd9Sstevel@tonic-gate 2317c478bd9Sstevel@tonic-gate dperror("Can't open DAC_DIR"); 2327c478bd9Sstevel@tonic-gate return (DACACC); 2337c478bd9Sstevel@tonic-gate } 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate while ((dac_file = readdir(dev_dir)) != NULL) { 2367c478bd9Sstevel@tonic-gate if ((strcmp(dac_file->d_name, ".") == 0) || 2377c478bd9Sstevel@tonic-gate (strcmp(dac_file->d_name, "..") == 0)) { 2387c478bd9Sstevel@tonic-gate continue; 2397c478bd9Sstevel@tonic-gate } else { 2407c478bd9Sstevel@tonic-gate error = list_device(optflg, uid, dac_file->d_name); 2417c478bd9Sstevel@tonic-gate ret_code = ret_code ? error : ret_code; 2427c478bd9Sstevel@tonic-gate } 2437c478bd9Sstevel@tonic-gate } 2447c478bd9Sstevel@tonic-gate (void) closedir(dev_dir); 2457c478bd9Sstevel@tonic-gate enddaent(); 2467c478bd9Sstevel@tonic-gate return (ret_code); 2477c478bd9Sstevel@tonic-gate } 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate /* 2507c478bd9Sstevel@tonic-gate * Set the DAC characteristics of the file. 2517c478bd9Sstevel@tonic-gate * This uses a fancy chmod() by setting a minimal ACL which sets the mode 2527c478bd9Sstevel@tonic-gate * and discards any existing ACL. 2537c478bd9Sstevel@tonic-gate */ 2547c478bd9Sstevel@tonic-gate 2557c478bd9Sstevel@tonic-gate static int 2567c478bd9Sstevel@tonic-gate newdac(char *file, uid_t owner, gid_t group, o_mode_t mode) 2577c478bd9Sstevel@tonic-gate { 2587c478bd9Sstevel@tonic-gate int err = 0; 2597c478bd9Sstevel@tonic-gate 2607c478bd9Sstevel@tonic-gate do { 2617c478bd9Sstevel@tonic-gate if (chown(file, owner, group) == -1) { 2627c478bd9Sstevel@tonic-gate dperror("newdac, unable to chown"); 2637c478bd9Sstevel@tonic-gate err = CHOWN_PERR; 2647c478bd9Sstevel@tonic-gate } 2657c478bd9Sstevel@tonic-gate } while (fdetach(file) == 0); 2667c478bd9Sstevel@tonic-gate 267*fa9e4066Sahrens err = acl_strip(file, owner, group, (mode_t)mode); 268*fa9e4066Sahrens 269*fa9e4066Sahrens if (err != 0) { 2707c478bd9Sstevel@tonic-gate dperror("newdac, unable to setacl"); 2717c478bd9Sstevel@tonic-gate err = SETACL_PERR; 2727c478bd9Sstevel@tonic-gate } 2737c478bd9Sstevel@tonic-gate 2747c478bd9Sstevel@tonic-gate return (err); 2757c478bd9Sstevel@tonic-gate } 2767c478bd9Sstevel@tonic-gate 2777c478bd9Sstevel@tonic-gate static int 2787c478bd9Sstevel@tonic-gate lock_dev(char *file) 2797c478bd9Sstevel@tonic-gate { 2807c478bd9Sstevel@tonic-gate int fd; 2817c478bd9Sstevel@tonic-gate 2827c478bd9Sstevel@tonic-gate dprintf("locking %s\n", file); 2837c478bd9Sstevel@tonic-gate if ((fd = open(file, O_RDWR)) == -1) { 2847c478bd9Sstevel@tonic-gate dperror("lock_dev, cannot open DAC file"); 2857c478bd9Sstevel@tonic-gate return (DACACC); 2867c478bd9Sstevel@tonic-gate } 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate if (lockf(fd, F_TLOCK, 0) == -1) { 2897c478bd9Sstevel@tonic-gate dperror("lock_dev, cannot set lock"); 2907c478bd9Sstevel@tonic-gate return (DACLCK); 2917c478bd9Sstevel@tonic-gate } 2927c478bd9Sstevel@tonic-gate 2937c478bd9Sstevel@tonic-gate return (0); 2947c478bd9Sstevel@tonic-gate } 2957c478bd9Sstevel@tonic-gate 2967c478bd9Sstevel@tonic-gate static int 2977c478bd9Sstevel@tonic-gate mk_alloc(char *list, uid_t uid) 2987c478bd9Sstevel@tonic-gate { 2997c478bd9Sstevel@tonic-gate char *file; 3007c478bd9Sstevel@tonic-gate int err; 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate file = strtok(list, " "); 3037c478bd9Sstevel@tonic-gate while (file != NULL) { 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gate dprintf("Allocating %s\n", file); 3067c478bd9Sstevel@tonic-gate if ((err = newdac(file, uid, getgid(), ALLOC_MODE)) != 0) { 3077c478bd9Sstevel@tonic-gate (void) newdac(file, ALLOC_UID, ALLOC_GID, 3087c478bd9Sstevel@tonic-gate ALLOC_ERR_MODE); 3097c478bd9Sstevel@tonic-gate return (err); 3107c478bd9Sstevel@tonic-gate } 3117c478bd9Sstevel@tonic-gate 3127c478bd9Sstevel@tonic-gate file = strtok(NULL, " "); 3137c478bd9Sstevel@tonic-gate } 3147c478bd9Sstevel@tonic-gate return (0); 3157c478bd9Sstevel@tonic-gate } 3167c478bd9Sstevel@tonic-gate 3177c478bd9Sstevel@tonic-gate /* 3187c478bd9Sstevel@tonic-gate * mk_revoke() is used instead of system("/usr/sbin/fuser -k file") 3197c478bd9Sstevel@tonic-gate * because "/usr/sbin/fuser -k file" kills all processes 3207c478bd9Sstevel@tonic-gate * working with the file, even "vold" (bug #4095152). 3217c478bd9Sstevel@tonic-gate */ 3227c478bd9Sstevel@tonic-gate static int 3237c478bd9Sstevel@tonic-gate mk_revoke(int optflg, char *file) 3247c478bd9Sstevel@tonic-gate { 3257c478bd9Sstevel@tonic-gate char buf[MAXPATHLEN]; 3267c478bd9Sstevel@tonic-gate int r = 0, p[2], fp, lock; 3277c478bd9Sstevel@tonic-gate FILE *ptr; 3287c478bd9Sstevel@tonic-gate prpsinfo_t info; 3297c478bd9Sstevel@tonic-gate pid_t pid, c_pid; 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gate (void) strcpy(buf, PROCFS); 3327c478bd9Sstevel@tonic-gate 3337c478bd9Sstevel@tonic-gate /* 3347c478bd9Sstevel@tonic-gate * vfork() and execle() just to make the same output 3357c478bd9Sstevel@tonic-gate * as before fixing of bug #4095152. 3367c478bd9Sstevel@tonic-gate * The problem is that the "fuser" command prints 3377c478bd9Sstevel@tonic-gate * one part of output into stderr and another into stdout, 3387c478bd9Sstevel@tonic-gate * but user sees them mixed. Of course, better to change "fuser" 3397c478bd9Sstevel@tonic-gate * or to intercept and not to print its output. 3407c478bd9Sstevel@tonic-gate */ 3417c478bd9Sstevel@tonic-gate if (!(optflg & SILENT)) { 3427c478bd9Sstevel@tonic-gate c_pid = vfork(); 3437c478bd9Sstevel@tonic-gate if (c_pid == -1) 3447c478bd9Sstevel@tonic-gate return (-1); 3457c478bd9Sstevel@tonic-gate if (c_pid == 0) { 3467c478bd9Sstevel@tonic-gate dprintf("first exec fuser %s\n", file); 3477c478bd9Sstevel@tonic-gate (void) execle("/usr/sbin/fuser", "fuser", file, NULL, 3487c478bd9Sstevel@tonic-gate newenv); 3497c478bd9Sstevel@tonic-gate dperror("first exec fuser"); 3507c478bd9Sstevel@tonic-gate _exit(1); 3517c478bd9Sstevel@tonic-gate } 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate (void) waitpid(c_pid, &lock, 0); 3547c478bd9Sstevel@tonic-gate dprintf("exit status %x\n", lock); 3557c478bd9Sstevel@tonic-gate if (WEXITSTATUS(lock) != 0) 3567c478bd9Sstevel@tonic-gate return (-1); 3577c478bd9Sstevel@tonic-gate } 3587c478bd9Sstevel@tonic-gate dprintf("first continuing c_pid=%d\n", c_pid); 3597c478bd9Sstevel@tonic-gate 3607c478bd9Sstevel@tonic-gate if (pipe(p)) { 3617c478bd9Sstevel@tonic-gate dperror("pipe"); 3627c478bd9Sstevel@tonic-gate return (-1); 3637c478bd9Sstevel@tonic-gate } 3647c478bd9Sstevel@tonic-gate 3657c478bd9Sstevel@tonic-gate /* vfork() and execle() to catch output and to process it */ 3667c478bd9Sstevel@tonic-gate c_pid = vfork(); 3677c478bd9Sstevel@tonic-gate if (c_pid == -1) { 3687c478bd9Sstevel@tonic-gate dperror("second vfork"); 3697c478bd9Sstevel@tonic-gate return (-1); 3707c478bd9Sstevel@tonic-gate } 3717c478bd9Sstevel@tonic-gate dprintf("second continuing c_pid=%d\n", c_pid); 3727c478bd9Sstevel@tonic-gate 3737c478bd9Sstevel@tonic-gate if (c_pid == 0) { 3747c478bd9Sstevel@tonic-gate (void) close(p[0]); 3757c478bd9Sstevel@tonic-gate (void) close(1); 3767c478bd9Sstevel@tonic-gate (void) fcntl(p[1], F_DUPFD, 1); 3777c478bd9Sstevel@tonic-gate (void) close(p[1]); 3787c478bd9Sstevel@tonic-gate (void) close(2); 3797c478bd9Sstevel@tonic-gate dprintf("second exec fuser %s\n", file); 3807c478bd9Sstevel@tonic-gate (void) execle("/usr/sbin/fuser", "fuser", file, NULL, newenv); 3817c478bd9Sstevel@tonic-gate dperror("second exec fuser"); 3827c478bd9Sstevel@tonic-gate _exit(1); 3837c478bd9Sstevel@tonic-gate } 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate (void) close(p[1]); 3867c478bd9Sstevel@tonic-gate if ((ptr = fdopen(p[0], "r")) != NULL) { 3877c478bd9Sstevel@tonic-gate while (!feof(ptr)) { 3887c478bd9Sstevel@tonic-gate if (fscanf(ptr, "%d", &pid) > 0) { 3897c478bd9Sstevel@tonic-gate (void) sprintf(buf + strlen(PROCFS), "%d", pid); 3907c478bd9Sstevel@tonic-gate if ((fp = open(buf, O_RDONLY)) == -1) { 3917c478bd9Sstevel@tonic-gate dperror(buf); 3927c478bd9Sstevel@tonic-gate continue; 3937c478bd9Sstevel@tonic-gate } 3947c478bd9Sstevel@tonic-gate if (ioctl(fp, PIOCPSINFO, (char *)&info) 3957c478bd9Sstevel@tonic-gate == -1) { 3967c478bd9Sstevel@tonic-gate dprintf("%d psinfo failed", pid); 3977c478bd9Sstevel@tonic-gate dperror(""); 3987c478bd9Sstevel@tonic-gate (void) close(fp); 3997c478bd9Sstevel@tonic-gate continue; 4007c478bd9Sstevel@tonic-gate } 4017c478bd9Sstevel@tonic-gate (void) close(fp); 4027c478bd9Sstevel@tonic-gate if (strcmp(info.pr_fname, "vold") == NULL) { 4037c478bd9Sstevel@tonic-gate dprintf("%d matched vold name\n", pid); 4047c478bd9Sstevel@tonic-gate continue; 4057c478bd9Sstevel@tonic-gate } 4067c478bd9Sstevel@tonic-gate dprintf("killing %s", info.pr_fname); 4077c478bd9Sstevel@tonic-gate dprintf("(%d)\n", pid); 4087c478bd9Sstevel@tonic-gate if ((r = kill(pid, SIGKILL)) == -1) { 4097c478bd9Sstevel@tonic-gate dprintf("kill %d", pid); 4107c478bd9Sstevel@tonic-gate dperror(""); 4117c478bd9Sstevel@tonic-gate break; 4127c478bd9Sstevel@tonic-gate } 4137c478bd9Sstevel@tonic-gate } 4147c478bd9Sstevel@tonic-gate } 4157c478bd9Sstevel@tonic-gate dprintf("eof reached %x\n", ptr); 4167c478bd9Sstevel@tonic-gate } else { 4177c478bd9Sstevel@tonic-gate dperror("fdopen(p[0])"); 4187c478bd9Sstevel@tonic-gate r = -1; 4197c478bd9Sstevel@tonic-gate } 4207c478bd9Sstevel@tonic-gate 4217c478bd9Sstevel@tonic-gate (void) fclose(ptr); 4227c478bd9Sstevel@tonic-gate return (r); 4237c478bd9Sstevel@tonic-gate } 4247c478bd9Sstevel@tonic-gate 4257c478bd9Sstevel@tonic-gate static int 4267c478bd9Sstevel@tonic-gate mk_unalloc(int optflg, char *list) 4277c478bd9Sstevel@tonic-gate { 4287c478bd9Sstevel@tonic-gate char *file; 4297c478bd9Sstevel@tonic-gate int error = 0; 4307c478bd9Sstevel@tonic-gate int child, status; 4317c478bd9Sstevel@tonic-gate 4327c478bd9Sstevel@tonic-gate audit_allocate_list(list); 4337c478bd9Sstevel@tonic-gate 4347c478bd9Sstevel@tonic-gate child = vfork(); 4357c478bd9Sstevel@tonic-gate switch (child) { 4367c478bd9Sstevel@tonic-gate case -1: 4377c478bd9Sstevel@tonic-gate return (-1); 4387c478bd9Sstevel@tonic-gate case 0: 4397c478bd9Sstevel@tonic-gate (void) setuid(0); 4407c478bd9Sstevel@tonic-gate file = strtok(list, " "); 4417c478bd9Sstevel@tonic-gate while (file != NULL) { 4427c478bd9Sstevel@tonic-gate dprintf("Deallocating %s\n", file); 4437c478bd9Sstevel@tonic-gate if (mk_revoke(optflg, file) < 0) { 4447c478bd9Sstevel@tonic-gate dprintf("mk_unalloc: unable to revoke %s\n", 4457c478bd9Sstevel@tonic-gate file); 4467c478bd9Sstevel@tonic-gate dperror(""); 4477c478bd9Sstevel@tonic-gate error = CNTFRC; 4487c478bd9Sstevel@tonic-gate break; 4497c478bd9Sstevel@tonic-gate } 4507c478bd9Sstevel@tonic-gate error = newdac(file, ALLOC_UID, ALLOC_GID, 4517c478bd9Sstevel@tonic-gate DEALLOC_MODE); 4527c478bd9Sstevel@tonic-gate file = strtok(NULL, " "); 4537c478bd9Sstevel@tonic-gate } 4547c478bd9Sstevel@tonic-gate exit(error); 4557c478bd9Sstevel@tonic-gate default: 4567c478bd9Sstevel@tonic-gate while (wait(&status) != child); 4577c478bd9Sstevel@tonic-gate if (WIFEXITED(status)) { 4587c478bd9Sstevel@tonic-gate return (WEXITSTATUS(status)); 4597c478bd9Sstevel@tonic-gate } 4607c478bd9Sstevel@tonic-gate return (-1); 4617c478bd9Sstevel@tonic-gate } 4627c478bd9Sstevel@tonic-gate } 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate static int 4657c478bd9Sstevel@tonic-gate exec_clean(int optflg, char *name, char *path) 4667c478bd9Sstevel@tonic-gate { 4677c478bd9Sstevel@tonic-gate char *mode, *cmd; 4687c478bd9Sstevel@tonic-gate int status; 4697c478bd9Sstevel@tonic-gate int c; 4707c478bd9Sstevel@tonic-gate 4717c478bd9Sstevel@tonic-gate if ((optflg & (FORCE_ALL | SILENT)) == (FORCE_ALL | SILENT)) 4727c478bd9Sstevel@tonic-gate mode = "-I"; 4737c478bd9Sstevel@tonic-gate else if (optflg & FORCE_ALL) 4747c478bd9Sstevel@tonic-gate mode = "-i"; 4757c478bd9Sstevel@tonic-gate else if (optflg & FORCE) 4767c478bd9Sstevel@tonic-gate mode = "-f"; 4777c478bd9Sstevel@tonic-gate else 4787c478bd9Sstevel@tonic-gate mode = "-s"; 4797c478bd9Sstevel@tonic-gate if ((cmd = strrchr(path, '/')) == NULL) 4807c478bd9Sstevel@tonic-gate cmd = path; 4817c478bd9Sstevel@tonic-gate else 4827c478bd9Sstevel@tonic-gate cmd++; /* skip leading '/' */ 4837c478bd9Sstevel@tonic-gate 4847c478bd9Sstevel@tonic-gate c = vfork(); 4857c478bd9Sstevel@tonic-gate switch (c) { 4867c478bd9Sstevel@tonic-gate case -1: 4877c478bd9Sstevel@tonic-gate return (-1); 4887c478bd9Sstevel@tonic-gate case 0: 4897c478bd9Sstevel@tonic-gate (void) setuid(0); 4907c478bd9Sstevel@tonic-gate dprintf("clean script: %s, ", path); 4917c478bd9Sstevel@tonic-gate dprintf("cmd=%s, ", cmd); 4927c478bd9Sstevel@tonic-gate dprintf("mode=%s, ", mode); 4937c478bd9Sstevel@tonic-gate dprintf("name=%s\n", name); 4947c478bd9Sstevel@tonic-gate (void) execle(path, cmd, mode, name, NULL, newenv); 4957c478bd9Sstevel@tonic-gate dprintf("Unable to execute clean up script %s\n", path); 4967c478bd9Sstevel@tonic-gate dperror(""); 4977c478bd9Sstevel@tonic-gate exit(CNTDEXEC); 4987c478bd9Sstevel@tonic-gate default: 4997c478bd9Sstevel@tonic-gate while (wait(&status) != c); 5007c478bd9Sstevel@tonic-gate if (WIFEXITED(status)) 5017c478bd9Sstevel@tonic-gate return (WEXITSTATUS(status)); 5027c478bd9Sstevel@tonic-gate dprintf("exit status %d\n", status); 5037c478bd9Sstevel@tonic-gate return (-1); 5047c478bd9Sstevel@tonic-gate } 5057c478bd9Sstevel@tonic-gate } 5067c478bd9Sstevel@tonic-gate 5077c478bd9Sstevel@tonic-gate static int 5087c478bd9Sstevel@tonic-gate deallocate_dev(int optflg, devalloc_t *dev_ent, uid_t uid) 5097c478bd9Sstevel@tonic-gate { 5107c478bd9Sstevel@tonic-gate devmap_t *dev_list; 5117c478bd9Sstevel@tonic-gate char file_name[MAXPATHLEN]; 5127c478bd9Sstevel@tonic-gate struct stat stat_buf; 5137c478bd9Sstevel@tonic-gate char *list; 5147c478bd9Sstevel@tonic-gate int error = 0, err; 5157c478bd9Sstevel@tonic-gate int bytes_formated; 5167c478bd9Sstevel@tonic-gate 5177c478bd9Sstevel@tonic-gate bytes_formated = snprintf(file_name, MAXPATHLEN, "%s/%s", DAC_DIR, 5187c478bd9Sstevel@tonic-gate dev_ent->da_devname); 5197c478bd9Sstevel@tonic-gate if (bytes_formated <= 0) { 5207c478bd9Sstevel@tonic-gate return (DEVNAME_ERR); 5217c478bd9Sstevel@tonic-gate } else if (bytes_formated >= MAXPATHLEN) { 5227c478bd9Sstevel@tonic-gate dprintf("device name %s is too long.\n", dev_ent->da_devname); 5237c478bd9Sstevel@tonic-gate return (DEVNAME_TOOLONG); 5247c478bd9Sstevel@tonic-gate } 5257c478bd9Sstevel@tonic-gate 5267c478bd9Sstevel@tonic-gate audit_allocate_device(file_name); 5277c478bd9Sstevel@tonic-gate 5287c478bd9Sstevel@tonic-gate if (stat(file_name, &stat_buf)) { 5297c478bd9Sstevel@tonic-gate dprintf("Unable to stat %s\n", file_name); 5307c478bd9Sstevel@tonic-gate dperror("Error:"); 5317c478bd9Sstevel@tonic-gate return (DACACC); 5327c478bd9Sstevel@tonic-gate } 5337c478bd9Sstevel@tonic-gate 5347c478bd9Sstevel@tonic-gate if (!(optflg & FORCE) && stat_buf.st_uid != uid && 5357c478bd9Sstevel@tonic-gate DEV_ALLOCATED(stat_buf)) { 5367c478bd9Sstevel@tonic-gate return (NALLOCU); 5377c478bd9Sstevel@tonic-gate } 5387c478bd9Sstevel@tonic-gate 5397c478bd9Sstevel@tonic-gate if (!(optflg & FORCE_ALL) && !DEV_ALLOCATED(stat_buf)) { 5407c478bd9Sstevel@tonic-gate if ((stat_buf.st_mode & ~S_IFMT) == ALLOC_ERR_MODE) { 5417c478bd9Sstevel@tonic-gate if (!(optflg & FORCE)) 5427c478bd9Sstevel@tonic-gate return (ALLOCERR); 5437c478bd9Sstevel@tonic-gate } else 5447c478bd9Sstevel@tonic-gate return (NALLOC); 5457c478bd9Sstevel@tonic-gate } 5467c478bd9Sstevel@tonic-gate 5477c478bd9Sstevel@tonic-gate /* All checks passed, time to lock and deallocate */ 5487c478bd9Sstevel@tonic-gate if ((error = lock_dev(file_name)) != 0) 5497c478bd9Sstevel@tonic-gate return (error); 5507c478bd9Sstevel@tonic-gate 5517c478bd9Sstevel@tonic-gate if ((err = newdac(file_name, ALLOC_UID, ALLOC_GID, DEALLOC_MODE)) 5527c478bd9Sstevel@tonic-gate != 0) { 5537c478bd9Sstevel@tonic-gate (void) newdac(file_name, ALLOC_UID, ALLOC_GID, ALLOC_ERR_MODE); 5547c478bd9Sstevel@tonic-gate EXIT(err); 5557c478bd9Sstevel@tonic-gate } 5567c478bd9Sstevel@tonic-gate 5577c478bd9Sstevel@tonic-gate if ((dev_list = getdmapnam(dev_ent->da_devname)) == NULL) { 5587c478bd9Sstevel@tonic-gate dprintf("Unable to find %s in the device map database\n", 5597c478bd9Sstevel@tonic-gate dev_ent->da_devname); 5607c478bd9Sstevel@tonic-gate EXIT(NODMAPENT); 5617c478bd9Sstevel@tonic-gate } else { 5627c478bd9Sstevel@tonic-gate if ((list = strdup(dev_list->dmap_devlist)) == NULL) { 5637c478bd9Sstevel@tonic-gate EXIT(SYSERROR) 5647c478bd9Sstevel@tonic-gate } else { 5657c478bd9Sstevel@tonic-gate if (mk_unalloc(optflg, list) != 0) { 5667c478bd9Sstevel@tonic-gate (void) newdac(file_name, ALLOC_UID, ALLOC_GID, 5677c478bd9Sstevel@tonic-gate ALLOC_ERR_MODE); 5687c478bd9Sstevel@tonic-gate free(list); 5697c478bd9Sstevel@tonic-gate list = NULL; 5707c478bd9Sstevel@tonic-gate EXIT(DEVLST); 5717c478bd9Sstevel@tonic-gate } 5727c478bd9Sstevel@tonic-gate } 5737c478bd9Sstevel@tonic-gate } 5747c478bd9Sstevel@tonic-gate 5757c478bd9Sstevel@tonic-gate if (list != NULL) 5767c478bd9Sstevel@tonic-gate free(list); 5777c478bd9Sstevel@tonic-gate if (exec_clean(optflg, dev_ent->da_devname, dev_ent->da_devexec)) 5787c478bd9Sstevel@tonic-gate EXIT(CLEAN_ERR); 5797c478bd9Sstevel@tonic-gate return (error); 5807c478bd9Sstevel@tonic-gate } 5817c478bd9Sstevel@tonic-gate 5827c478bd9Sstevel@tonic-gate static int 5837c478bd9Sstevel@tonic-gate allocate_dev(int optflg, uid_t uid, devalloc_t *dev_ent) 5847c478bd9Sstevel@tonic-gate { 5857c478bd9Sstevel@tonic-gate devmap_t *dev_list; 5867c478bd9Sstevel@tonic-gate char file_name[MAXPATHLEN]; 5877c478bd9Sstevel@tonic-gate struct stat stat_buf; 5887c478bd9Sstevel@tonic-gate char *list; 5897c478bd9Sstevel@tonic-gate int error = 0; 5907c478bd9Sstevel@tonic-gate int bytes_formated; 5917c478bd9Sstevel@tonic-gate 5927c478bd9Sstevel@tonic-gate bytes_formated = snprintf(file_name, MAXPATHLEN, "%s/%s", DAC_DIR, 5937c478bd9Sstevel@tonic-gate dev_ent->da_devname); 5947c478bd9Sstevel@tonic-gate if (bytes_formated <= 0) { 5957c478bd9Sstevel@tonic-gate return (DEVNAME_ERR); 5967c478bd9Sstevel@tonic-gate } else if (bytes_formated >= MAXPATHLEN) { 5977c478bd9Sstevel@tonic-gate dprintf("device name %s is too long.\n", dev_ent->da_devname); 5987c478bd9Sstevel@tonic-gate return (DEVNAME_TOOLONG); 5997c478bd9Sstevel@tonic-gate } 6007c478bd9Sstevel@tonic-gate 6017c478bd9Sstevel@tonic-gate audit_allocate_device(file_name); 6027c478bd9Sstevel@tonic-gate 6037c478bd9Sstevel@tonic-gate if (stat(file_name, &stat_buf)) { 6047c478bd9Sstevel@tonic-gate dprintf("Unable to stat %s\n", file_name); 6057c478bd9Sstevel@tonic-gate dperror("Error:"); 6067c478bd9Sstevel@tonic-gate return (DACACC); 6077c478bd9Sstevel@tonic-gate } 6087c478bd9Sstevel@tonic-gate 6097c478bd9Sstevel@tonic-gate if (DEV_ALLOCATED(stat_buf)) { 6107c478bd9Sstevel@tonic-gate if (optflg & FORCE) { 6117c478bd9Sstevel@tonic-gate if (deallocate_dev(FORCE, dev_ent, uid)) { 6127c478bd9Sstevel@tonic-gate dprintf("Couldn't force deallocate device %s\n", 6137c478bd9Sstevel@tonic-gate dev_ent->da_devname); 6147c478bd9Sstevel@tonic-gate return (CNTFRC); 6157c478bd9Sstevel@tonic-gate } 6167c478bd9Sstevel@tonic-gate } else if (stat_buf.st_uid == uid) { 6177c478bd9Sstevel@tonic-gate return (ALLOC); 6187c478bd9Sstevel@tonic-gate } else 6197c478bd9Sstevel@tonic-gate return (ALLOC_OTHER); 6207c478bd9Sstevel@tonic-gate } 6217c478bd9Sstevel@tonic-gate if ((stat_buf.st_mode & ~S_IFMT) == ALLOC_ERR_MODE) 6227c478bd9Sstevel@tonic-gate return (ALLOCERR); 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate if (strcmp(dev_ent->da_devauth, "*") == 0) { 6257c478bd9Sstevel@tonic-gate dprintf("Device %s is not allocatable\n", dev_ent->da_devname); 6267c478bd9Sstevel@tonic-gate return (AUTHERR); 6277c478bd9Sstevel@tonic-gate } 6287c478bd9Sstevel@tonic-gate 6297c478bd9Sstevel@tonic-gate if (strcmp(dev_ent->da_devauth, "@")) { 6307c478bd9Sstevel@tonic-gate if (!is_authorized(dev_ent->da_devauth, uid)) { 6317c478bd9Sstevel@tonic-gate dprintf("User %d is unauthorized to allocate\n", 6327c478bd9Sstevel@tonic-gate (int)uid); 6337c478bd9Sstevel@tonic-gate return (IMPORT_ERR); 6347c478bd9Sstevel@tonic-gate } 6357c478bd9Sstevel@tonic-gate } 6367c478bd9Sstevel@tonic-gate 6377c478bd9Sstevel@tonic-gate if ((dev_list = getdmapnam(dev_ent->da_devname)) == NULL) { 6387c478bd9Sstevel@tonic-gate dprintf("Unable to find %s in device map database\n", 6397c478bd9Sstevel@tonic-gate dev_ent->da_devname); 6407c478bd9Sstevel@tonic-gate return (NODMAPENT); 6417c478bd9Sstevel@tonic-gate } 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate if ((list = strdup(dev_list->dmap_devlist)) == NULL) 6447c478bd9Sstevel@tonic-gate return (SYSERROR); 6457c478bd9Sstevel@tonic-gate 6467c478bd9Sstevel@tonic-gate if (check_devs(list) == -1) { 6477c478bd9Sstevel@tonic-gate free(list); 6487c478bd9Sstevel@tonic-gate return (DSPMISS); 6497c478bd9Sstevel@tonic-gate } 6507c478bd9Sstevel@tonic-gate 6517c478bd9Sstevel@tonic-gate /* All checks passed, time to lock and allocate */ 6527c478bd9Sstevel@tonic-gate if ((error = lock_dev(file_name)) != 0) { 6537c478bd9Sstevel@tonic-gate free(list); 6547c478bd9Sstevel@tonic-gate return (error); 6557c478bd9Sstevel@tonic-gate } 6567c478bd9Sstevel@tonic-gate 6577c478bd9Sstevel@tonic-gate if ((error = newdac(file_name, uid, getgid(), ALLOC_MODE)) != 0) { 6587c478bd9Sstevel@tonic-gate (void) newdac(file_name, ALLOC_UID, ALLOC_GID, ALLOC_ERR_MODE); 6597c478bd9Sstevel@tonic-gate free(list); 6607c478bd9Sstevel@tonic-gate return (error); 6617c478bd9Sstevel@tonic-gate } 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate /* refresh list from check_devs overwritting it */ 6647c478bd9Sstevel@tonic-gate (void) strcpy(list, dev_list->dmap_devlist); 6657c478bd9Sstevel@tonic-gate audit_allocate_list(list); 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate if (mk_alloc(list, uid) != 0) { 6687c478bd9Sstevel@tonic-gate /* refresh list from mk_alloc overwritting it */ 6697c478bd9Sstevel@tonic-gate (void) strcpy(list, dev_list->dmap_devlist); 6707c478bd9Sstevel@tonic-gate (void) mk_unalloc(optflg, list); 6717c478bd9Sstevel@tonic-gate free(list); 6727c478bd9Sstevel@tonic-gate return (DEVLST); 6737c478bd9Sstevel@tonic-gate } 6747c478bd9Sstevel@tonic-gate 6757c478bd9Sstevel@tonic-gate free(list); 6767c478bd9Sstevel@tonic-gate return (0); 6777c478bd9Sstevel@tonic-gate } 6787c478bd9Sstevel@tonic-gate 6797c478bd9Sstevel@tonic-gate int 6807c478bd9Sstevel@tonic-gate allocate(int optflg, uid_t uid, char *device) 6817c478bd9Sstevel@tonic-gate { 6827c478bd9Sstevel@tonic-gate devalloc_t *dev_ent; 6837c478bd9Sstevel@tonic-gate devmap_t *dev_list; 6847c478bd9Sstevel@tonic-gate 6857c478bd9Sstevel@tonic-gate if (((optflg & FORCE) || uid != getuid()) && 6867c478bd9Sstevel@tonic-gate !is_authorized(DEVICE_REVOKE_AUTH, getuid())) 6877c478bd9Sstevel@tonic-gate return (NOTAUTH); 6887c478bd9Sstevel@tonic-gate 6897c478bd9Sstevel@tonic-gate setdaent(); 6907c478bd9Sstevel@tonic-gate setdmapent(); 6917c478bd9Sstevel@tonic-gate 6927c478bd9Sstevel@tonic-gate if (!(optflg & TYPE)) { 6937c478bd9Sstevel@tonic-gate if ((dev_ent = getdanam(device)) == NULL) { 6947c478bd9Sstevel@tonic-gate if ((dev_list = getdmapdev(device)) == NULL) 6957c478bd9Sstevel@tonic-gate return (NODMAPENT); 6967c478bd9Sstevel@tonic-gate else if ((dev_ent = getdanam(dev_list->dmap_devname)) 6977c478bd9Sstevel@tonic-gate == NULL) 6987c478bd9Sstevel@tonic-gate return (NODAENT); 6997c478bd9Sstevel@tonic-gate } 7007c478bd9Sstevel@tonic-gate return (allocate_dev(optflg, uid, dev_ent)); 7017c478bd9Sstevel@tonic-gate } 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate while ((dev_ent = getdatype(device)) != NULL) { 7047c478bd9Sstevel@tonic-gate dprintf("trying to allocate %s\n", dev_ent->da_devname); 7057c478bd9Sstevel@tonic-gate if (!allocate_dev(optflg, uid, dev_ent)) { 7067c478bd9Sstevel@tonic-gate return (0); 7077c478bd9Sstevel@tonic-gate } 7087c478bd9Sstevel@tonic-gate } 7097c478bd9Sstevel@tonic-gate enddaent(); 7107c478bd9Sstevel@tonic-gate return (NO_DEVICE); 7117c478bd9Sstevel@tonic-gate } 7127c478bd9Sstevel@tonic-gate 7137c478bd9Sstevel@tonic-gate int 7147c478bd9Sstevel@tonic-gate deallocate(int optflg, uid_t uid, char *device) 7157c478bd9Sstevel@tonic-gate { 7167c478bd9Sstevel@tonic-gate DIR *dev_dir; 7177c478bd9Sstevel@tonic-gate struct dirent *dac_file; 7187c478bd9Sstevel@tonic-gate devalloc_t *dev_ent; 7197c478bd9Sstevel@tonic-gate devmap_t *dev_list; 7207c478bd9Sstevel@tonic-gate int error = NODAENT; 7217c478bd9Sstevel@tonic-gate 7227c478bd9Sstevel@tonic-gate if (optflg & (FORCE | FORCE_ALL) && 7237c478bd9Sstevel@tonic-gate !is_authorized(DEVICE_REVOKE_AUTH, getuid())) 7247c478bd9Sstevel@tonic-gate return (NOTAUTH); 7257c478bd9Sstevel@tonic-gate if (optflg & FORCE_ALL) 7267c478bd9Sstevel@tonic-gate optflg |= FORCE; 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate setdaent(); 7297c478bd9Sstevel@tonic-gate setdmapent(); 7307c478bd9Sstevel@tonic-gate 7317c478bd9Sstevel@tonic-gate if (!(optflg & FORCE_ALL)) { 7327c478bd9Sstevel@tonic-gate if ((dev_ent = getdanam(device)) == NULL) { 7337c478bd9Sstevel@tonic-gate if ((dev_list = getdmapdev(device)) == NULL) 7347c478bd9Sstevel@tonic-gate return (NODMAPENT); 7357c478bd9Sstevel@tonic-gate else if ((dev_ent = getdanam(dev_list->dmap_devname)) 7367c478bd9Sstevel@tonic-gate == NULL) 7377c478bd9Sstevel@tonic-gate return (NODAENT); 7387c478bd9Sstevel@tonic-gate } 7397c478bd9Sstevel@tonic-gate 7407c478bd9Sstevel@tonic-gate return (deallocate_dev(optflg, dev_ent, uid)); 7417c478bd9Sstevel@tonic-gate } 7427c478bd9Sstevel@tonic-gate 7437c478bd9Sstevel@tonic-gate if ((dev_dir = opendir(DAC_DIR)) == NULL) { 7447c478bd9Sstevel@tonic-gate dperror("Can't open DAC_DIR"); 7457c478bd9Sstevel@tonic-gate return (DACACC); 7467c478bd9Sstevel@tonic-gate } 7477c478bd9Sstevel@tonic-gate 7487c478bd9Sstevel@tonic-gate while ((dac_file = readdir(dev_dir)) != NULL) { 7497c478bd9Sstevel@tonic-gate if ((strcmp(dac_file->d_name, ".") == 0) || 7507c478bd9Sstevel@tonic-gate (strcmp(dac_file->d_name, "..") == 0)) { 7517c478bd9Sstevel@tonic-gate continue; 7527c478bd9Sstevel@tonic-gate } else { 7537c478bd9Sstevel@tonic-gate if ((dev_ent = getdanam(dac_file->d_name)) == NULL) { 7547c478bd9Sstevel@tonic-gate continue; 7557c478bd9Sstevel@tonic-gate } 7567c478bd9Sstevel@tonic-gate error = deallocate_dev(optflg, dev_ent, uid); 7577c478bd9Sstevel@tonic-gate } 7587c478bd9Sstevel@tonic-gate } 7597c478bd9Sstevel@tonic-gate (void) closedir(dev_dir); 7607c478bd9Sstevel@tonic-gate enddaent(); 7617c478bd9Sstevel@tonic-gate return (error); 7627c478bd9Sstevel@tonic-gate } 763