17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*004388ebScasper * Common Development and Distribution License (the "License"). 6*004388ebScasper * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*004388ebScasper * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #include <stdio.h> 29*004388ebScasper #include <stdio_ext.h> 307c478bd9Sstevel@tonic-gate #include <stdlib.h> 317c478bd9Sstevel@tonic-gate #include <unistd.h> 327c478bd9Sstevel@tonic-gate #include <fcntl.h> 337c478bd9Sstevel@tonic-gate #include <string.h> 347c478bd9Sstevel@tonic-gate #include <limits.h> 357c478bd9Sstevel@tonic-gate #include <sys/types.h> 367c478bd9Sstevel@tonic-gate #include <pwd.h> 377c478bd9Sstevel@tonic-gate #include <grp.h> 387c478bd9Sstevel@tonic-gate #include <libproc.h> 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate extern int _getgroupsbymember(const char *, gid_t[], int, int); 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate static int look(char *); 437c478bd9Sstevel@tonic-gate static int perr(char *); 447c478bd9Sstevel@tonic-gate 457c478bd9Sstevel@tonic-gate static void usage(void); 467c478bd9Sstevel@tonic-gate static void initcred(void); 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate static char *command; 497c478bd9Sstevel@tonic-gate static char *procname; 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate static char *user; 527c478bd9Sstevel@tonic-gate static char *group; 537c478bd9Sstevel@tonic-gate static char *grplst; 547c478bd9Sstevel@tonic-gate static char *login; 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate static boolean_t all = B_FALSE; 577c478bd9Sstevel@tonic-gate static boolean_t doset = B_FALSE; 587c478bd9Sstevel@tonic-gate static int ngrp = -1; 597c478bd9Sstevel@tonic-gate static gid_t *groups; 607c478bd9Sstevel@tonic-gate static long ngroups_max; 617c478bd9Sstevel@tonic-gate 627c478bd9Sstevel@tonic-gate static uid_t uid = -1; 637c478bd9Sstevel@tonic-gate static uid_t gid = -1; 647c478bd9Sstevel@tonic-gate 657c478bd9Sstevel@tonic-gate int 667c478bd9Sstevel@tonic-gate main(int argc, char **argv) 677c478bd9Sstevel@tonic-gate { 687c478bd9Sstevel@tonic-gate int rc = 0; 697c478bd9Sstevel@tonic-gate int c; 707c478bd9Sstevel@tonic-gate struct rlimit rlim; 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate if ((command = strrchr(argv[0], '/')) != NULL) 737c478bd9Sstevel@tonic-gate command++; 747c478bd9Sstevel@tonic-gate else 757c478bd9Sstevel@tonic-gate command = argv[0]; 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate if ((ngroups_max = sysconf(_SC_NGROUPS_MAX)) < 0) 787c478bd9Sstevel@tonic-gate return (perr("sysconf(_SC_NGROUPS_MAX)")); 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate opterr = 0; 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate while ((c = getopt(argc, argv, "au:g:l:G:")) != EOF) { 837c478bd9Sstevel@tonic-gate switch (c) { 847c478bd9Sstevel@tonic-gate case 'a': 857c478bd9Sstevel@tonic-gate all = B_TRUE; 867c478bd9Sstevel@tonic-gate break; 877c478bd9Sstevel@tonic-gate case 'u': 887c478bd9Sstevel@tonic-gate user = optarg; 897c478bd9Sstevel@tonic-gate doset = B_TRUE; 907c478bd9Sstevel@tonic-gate break; 917c478bd9Sstevel@tonic-gate case 'g': 927c478bd9Sstevel@tonic-gate group = optarg; 937c478bd9Sstevel@tonic-gate doset = B_TRUE; 947c478bd9Sstevel@tonic-gate break; 957c478bd9Sstevel@tonic-gate case 'G': 967c478bd9Sstevel@tonic-gate grplst = optarg; 977c478bd9Sstevel@tonic-gate doset = B_TRUE; 987c478bd9Sstevel@tonic-gate break; 997c478bd9Sstevel@tonic-gate case 'l': 1007c478bd9Sstevel@tonic-gate login = optarg; 1017c478bd9Sstevel@tonic-gate doset = B_TRUE; 1027c478bd9Sstevel@tonic-gate break; 1037c478bd9Sstevel@tonic-gate default: 1047c478bd9Sstevel@tonic-gate usage(); 1057c478bd9Sstevel@tonic-gate /*NOTREACHED*/ 1067c478bd9Sstevel@tonic-gate } 1077c478bd9Sstevel@tonic-gate } 1087c478bd9Sstevel@tonic-gate if (login != NULL && (user != NULL || group != NULL || grplst != NULL)) 1097c478bd9Sstevel@tonic-gate usage(); 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate if (all && doset) 1127c478bd9Sstevel@tonic-gate usage(); 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate argc -= optind; 1157c478bd9Sstevel@tonic-gate argv += optind; 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate if (argc == 0) 1187c478bd9Sstevel@tonic-gate usage(); 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate if (doset) 1217c478bd9Sstevel@tonic-gate initcred(); 1227c478bd9Sstevel@tonic-gate 1237c478bd9Sstevel@tonic-gate /* 1247c478bd9Sstevel@tonic-gate * Make sure we'll have enough file descriptors to handle a target 1257c478bd9Sstevel@tonic-gate * that has many many mappings. 1267c478bd9Sstevel@tonic-gate */ 1277c478bd9Sstevel@tonic-gate if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) { 1287c478bd9Sstevel@tonic-gate rlim.rlim_cur = rlim.rlim_max; 1297c478bd9Sstevel@tonic-gate (void) setrlimit(RLIMIT_NOFILE, &rlim); 130*004388ebScasper (void) enable_extended_FILE_stdio(-1, -1); 1317c478bd9Sstevel@tonic-gate } 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate while (argc-- > 0) 1347c478bd9Sstevel@tonic-gate rc += look(*argv++); 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate return (rc > 255 ? 255 : rc); 1377c478bd9Sstevel@tonic-gate } 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate static void 1407c478bd9Sstevel@tonic-gate credupdate(prcred_t *pcr) 1417c478bd9Sstevel@tonic-gate { 1427c478bd9Sstevel@tonic-gate if (uid != -1) 1437c478bd9Sstevel@tonic-gate pcr->pr_euid = pcr->pr_ruid = pcr->pr_suid = uid; 1447c478bd9Sstevel@tonic-gate if (gid != -1) 1457c478bd9Sstevel@tonic-gate pcr->pr_egid = pcr->pr_rgid = pcr->pr_sgid = gid; 1467c478bd9Sstevel@tonic-gate if (ngrp >= 0) { 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate pcr->pr_ngroups = ngrp; 1497c478bd9Sstevel@tonic-gate 1507c478bd9Sstevel@tonic-gate (void) memcpy(pcr->pr_groups, groups, ngrp * sizeof (gid_t)); 1517c478bd9Sstevel@tonic-gate } 1527c478bd9Sstevel@tonic-gate } 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate static int 1557c478bd9Sstevel@tonic-gate look(char *arg) 1567c478bd9Sstevel@tonic-gate { 1577c478bd9Sstevel@tonic-gate struct ps_prochandle *Pr; 1587c478bd9Sstevel@tonic-gate static prcred_t *prcred = NULL; 1597c478bd9Sstevel@tonic-gate int gcode; 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate procname = arg; /* for perr() */ 1627c478bd9Sstevel@tonic-gate 1637c478bd9Sstevel@tonic-gate if (prcred == NULL) { 1647c478bd9Sstevel@tonic-gate prcred = malloc(sizeof (prcred_t) + 1657c478bd9Sstevel@tonic-gate (ngroups_max - 1) * sizeof (gid_t)); 1667c478bd9Sstevel@tonic-gate if (prcred == NULL) { 1677c478bd9Sstevel@tonic-gate (void) perr("malloc"); 1687c478bd9Sstevel@tonic-gate exit(1); 1697c478bd9Sstevel@tonic-gate } 1707c478bd9Sstevel@tonic-gate } 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate if ((Pr = proc_arg_grab(arg, doset ? PR_ARG_PIDS : PR_ARG_ANY, 1737c478bd9Sstevel@tonic-gate PGRAB_RETAIN | PGRAB_FORCE | (doset ? 0 : PGRAB_RDONLY) | 1747c478bd9Sstevel@tonic-gate PGRAB_NOSTOP, &gcode)) == NULL) { 1757c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: cannot examine %s: %s\n", 1767c478bd9Sstevel@tonic-gate command, arg, Pgrab_error(gcode)); 1777c478bd9Sstevel@tonic-gate return (1); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate if (Pcred(Pr, prcred, ngroups_max) == -1) { 1817c478bd9Sstevel@tonic-gate (void) perr("getcred"); 1827c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 1837c478bd9Sstevel@tonic-gate return (1); 1847c478bd9Sstevel@tonic-gate } 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate if (doset) { 1877c478bd9Sstevel@tonic-gate credupdate(prcred); 1887c478bd9Sstevel@tonic-gate if (Psetcred(Pr, prcred) != 0) { 1897c478bd9Sstevel@tonic-gate (void) perr("setcred"); 1907c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 1917c478bd9Sstevel@tonic-gate return (1); 1927c478bd9Sstevel@tonic-gate } 1937c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 1947c478bd9Sstevel@tonic-gate return (0); 1957c478bd9Sstevel@tonic-gate } 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate if (Pstate(Pr) == PS_DEAD) 1987c478bd9Sstevel@tonic-gate (void) printf("core of %d:\t", (int)Pstatus(Pr)->pr_pid); 1997c478bd9Sstevel@tonic-gate else 2007c478bd9Sstevel@tonic-gate (void) printf("%d:\t", (int)Pstatus(Pr)->pr_pid); 2017c478bd9Sstevel@tonic-gate 2027c478bd9Sstevel@tonic-gate if (!all && 2037c478bd9Sstevel@tonic-gate prcred->pr_euid == prcred->pr_ruid && 2047c478bd9Sstevel@tonic-gate prcred->pr_ruid == prcred->pr_suid) 2057c478bd9Sstevel@tonic-gate (void) printf("e/r/suid=%d ", 2067c478bd9Sstevel@tonic-gate (int)prcred->pr_euid); 2077c478bd9Sstevel@tonic-gate else 2087c478bd9Sstevel@tonic-gate (void) printf("euid=%d ruid=%d suid=%d ", 2097c478bd9Sstevel@tonic-gate (int)prcred->pr_euid, 2107c478bd9Sstevel@tonic-gate (int)prcred->pr_ruid, 2117c478bd9Sstevel@tonic-gate (int)prcred->pr_suid); 2127c478bd9Sstevel@tonic-gate 2137c478bd9Sstevel@tonic-gate if (!all && 2147c478bd9Sstevel@tonic-gate prcred->pr_egid == prcred->pr_rgid && 2157c478bd9Sstevel@tonic-gate prcred->pr_rgid == prcred->pr_sgid) 2167c478bd9Sstevel@tonic-gate (void) printf("e/r/sgid=%d\n", 2177c478bd9Sstevel@tonic-gate (int)prcred->pr_egid); 2187c478bd9Sstevel@tonic-gate else 2197c478bd9Sstevel@tonic-gate (void) printf("egid=%d rgid=%d sgid=%d\n", 2207c478bd9Sstevel@tonic-gate (int)prcred->pr_egid, 2217c478bd9Sstevel@tonic-gate (int)prcred->pr_rgid, 2227c478bd9Sstevel@tonic-gate (int)prcred->pr_sgid); 2237c478bd9Sstevel@tonic-gate 2247c478bd9Sstevel@tonic-gate if (prcred->pr_ngroups != 0 && 2257c478bd9Sstevel@tonic-gate (all || prcred->pr_ngroups != 1 || 2267c478bd9Sstevel@tonic-gate prcred->pr_groups[0] != prcred->pr_rgid)) { 2277c478bd9Sstevel@tonic-gate int i; 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate (void) printf("\tgroups:"); 2307c478bd9Sstevel@tonic-gate for (i = 0; i < prcred->pr_ngroups; i++) 2317c478bd9Sstevel@tonic-gate (void) printf(" %d", (int)prcred->pr_groups[i]); 2327c478bd9Sstevel@tonic-gate (void) printf("\n"); 2337c478bd9Sstevel@tonic-gate } 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 2367c478bd9Sstevel@tonic-gate return (0); 2377c478bd9Sstevel@tonic-gate } 2387c478bd9Sstevel@tonic-gate 2397c478bd9Sstevel@tonic-gate static int 2407c478bd9Sstevel@tonic-gate perr(char *s) 2417c478bd9Sstevel@tonic-gate { 2427c478bd9Sstevel@tonic-gate if (s) 2437c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: ", procname); 2447c478bd9Sstevel@tonic-gate else 2457c478bd9Sstevel@tonic-gate s = procname; 2467c478bd9Sstevel@tonic-gate perror(s); 2477c478bd9Sstevel@tonic-gate return (1); 2487c478bd9Sstevel@tonic-gate } 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate static void 2517c478bd9Sstevel@tonic-gate usage(void) 2527c478bd9Sstevel@tonic-gate { 2537c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "usage:\t%s [-a] { pid | core } ...\n" 2547c478bd9Sstevel@tonic-gate "\t%s [-u user] [-g group] [-G groups] pid ...\n" 2557c478bd9Sstevel@tonic-gate "\t%s -l login pid ...\n" 2567c478bd9Sstevel@tonic-gate " (report or modify process credentials)\n", 2577c478bd9Sstevel@tonic-gate command, command, command); 2587c478bd9Sstevel@tonic-gate exit(2); 2597c478bd9Sstevel@tonic-gate } 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate 2627c478bd9Sstevel@tonic-gate static id_t 2637c478bd9Sstevel@tonic-gate str2id(const char *str) 2647c478bd9Sstevel@tonic-gate { 2657c478bd9Sstevel@tonic-gate long res; 2667c478bd9Sstevel@tonic-gate char *p; 2677c478bd9Sstevel@tonic-gate 2687c478bd9Sstevel@tonic-gate res = strtol(str, &p, 0); 2697c478bd9Sstevel@tonic-gate if (p == str || *p != '\0' || res < 0) 2707c478bd9Sstevel@tonic-gate return (-1); 2717c478bd9Sstevel@tonic-gate else 2727c478bd9Sstevel@tonic-gate return ((id_t)res); 2737c478bd9Sstevel@tonic-gate } 2747c478bd9Sstevel@tonic-gate 2757c478bd9Sstevel@tonic-gate static gid_t 2767c478bd9Sstevel@tonic-gate str2gid(const char *grnam) 2777c478bd9Sstevel@tonic-gate { 2787c478bd9Sstevel@tonic-gate struct group *grp = getgrnam(grnam); 2797c478bd9Sstevel@tonic-gate gid_t res; 2807c478bd9Sstevel@tonic-gate 2817c478bd9Sstevel@tonic-gate if (grp == NULL) { 2827c478bd9Sstevel@tonic-gate res = str2id(grnam); 2837c478bd9Sstevel@tonic-gate if (res < 0) { 2847c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s: unknown group" 2857c478bd9Sstevel@tonic-gate " or bad gid\n", 2867c478bd9Sstevel@tonic-gate command, grnam); 2877c478bd9Sstevel@tonic-gate exit(1); 2887c478bd9Sstevel@tonic-gate } 2897c478bd9Sstevel@tonic-gate } else { 2907c478bd9Sstevel@tonic-gate res = grp->gr_gid; 2917c478bd9Sstevel@tonic-gate } 2927c478bd9Sstevel@tonic-gate return (res); 2937c478bd9Sstevel@tonic-gate } 2947c478bd9Sstevel@tonic-gate 2957c478bd9Sstevel@tonic-gate static void 2967c478bd9Sstevel@tonic-gate initcred(void) 2977c478bd9Sstevel@tonic-gate { 2987c478bd9Sstevel@tonic-gate struct passwd *pwd; 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate if ((groups = malloc(ngroups_max * sizeof (gid_t))) == NULL) { 3017c478bd9Sstevel@tonic-gate (void) perr("malloc"); 3027c478bd9Sstevel@tonic-gate exit(1); 3037c478bd9Sstevel@tonic-gate } 3047c478bd9Sstevel@tonic-gate 3057c478bd9Sstevel@tonic-gate if (login != NULL) { 3067c478bd9Sstevel@tonic-gate pwd = getpwnam(login); 3077c478bd9Sstevel@tonic-gate 3087c478bd9Sstevel@tonic-gate if (pwd == NULL) { 3097c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s: unknown user\n", 3107c478bd9Sstevel@tonic-gate command, login); 3117c478bd9Sstevel@tonic-gate exit(1); 3127c478bd9Sstevel@tonic-gate } 3137c478bd9Sstevel@tonic-gate uid = pwd->pw_uid; 3147c478bd9Sstevel@tonic-gate gid = pwd->pw_gid; 3157c478bd9Sstevel@tonic-gate 3167c478bd9Sstevel@tonic-gate groups[0] = gid; 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate ngrp = _getgroupsbymember(login, groups, (int)ngroups_max, 1); 3197c478bd9Sstevel@tonic-gate } 3207c478bd9Sstevel@tonic-gate 3217c478bd9Sstevel@tonic-gate if (user != NULL) { 3227c478bd9Sstevel@tonic-gate pwd = getpwnam(user); 3237c478bd9Sstevel@tonic-gate if (pwd == NULL) { 3247c478bd9Sstevel@tonic-gate uid = str2id(user); 3257c478bd9Sstevel@tonic-gate if (uid < 0) { 3267c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s: unknown user" 3277c478bd9Sstevel@tonic-gate " or bad uid\n", 3287c478bd9Sstevel@tonic-gate command, user); 3297c478bd9Sstevel@tonic-gate exit(1); 3307c478bd9Sstevel@tonic-gate } 3317c478bd9Sstevel@tonic-gate } else { 3327c478bd9Sstevel@tonic-gate uid = pwd->pw_uid; 3337c478bd9Sstevel@tonic-gate } 3347c478bd9Sstevel@tonic-gate } 3357c478bd9Sstevel@tonic-gate 3367c478bd9Sstevel@tonic-gate if (group != NULL) 3377c478bd9Sstevel@tonic-gate gid = str2gid(group); 3387c478bd9Sstevel@tonic-gate 3397c478bd9Sstevel@tonic-gate if (grplst != NULL) { 3407c478bd9Sstevel@tonic-gate char *cgrp; 3417c478bd9Sstevel@tonic-gate 3427c478bd9Sstevel@tonic-gate ngrp = 0; 3437c478bd9Sstevel@tonic-gate 3447c478bd9Sstevel@tonic-gate while ((cgrp = strtok(grplst, ",")) != NULL) { 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate if (ngrp >= ngroups_max) { 3477c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: Too many groups\n", 3487c478bd9Sstevel@tonic-gate command); 3497c478bd9Sstevel@tonic-gate exit(1); 3507c478bd9Sstevel@tonic-gate } 3517c478bd9Sstevel@tonic-gate groups[ngrp++] = str2gid(cgrp); 3527c478bd9Sstevel@tonic-gate 3537c478bd9Sstevel@tonic-gate /* For iterations of strtok */ 3547c478bd9Sstevel@tonic-gate grplst = NULL; 3557c478bd9Sstevel@tonic-gate } 3567c478bd9Sstevel@tonic-gate } 3577c478bd9Sstevel@tonic-gate } 358