17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 210a44ef6dSjacobs 227c478bd9Sstevel@tonic-gate /* 23*f48205beScasper * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 287c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate 310a44ef6dSjacobs #pragma ident "%Z%%M% %I% %E% SMI" 327c478bd9Sstevel@tonic-gate /* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */ 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate #include "string.h" 357c478bd9Sstevel@tonic-gate #include "sys/param.h" 367c478bd9Sstevel@tonic-gate #include "stdlib.h" 377c478bd9Sstevel@tonic-gate 387c478bd9Sstevel@tonic-gate #include "lp.h" 397c478bd9Sstevel@tonic-gate #include "secure.h" 4045916cd2Sjpk #include <tsol/label.h> 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /** 437c478bd9Sstevel@tonic-gate ** getsecure() - EXTRACT SECURE REQUEST STRUCTURE FROM DISK FILE 447c478bd9Sstevel@tonic-gate **/ 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate SECURE * 477c478bd9Sstevel@tonic-gate getsecure(char *file) 487c478bd9Sstevel@tonic-gate { 490a44ef6dSjacobs SECURE *secp; 507c478bd9Sstevel@tonic-gate 517c478bd9Sstevel@tonic-gate char buf[BUFSIZ], 527c478bd9Sstevel@tonic-gate *path; 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate int fd; 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate int fld; 577c478bd9Sstevel@tonic-gate 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate if (*file == '/') 607c478bd9Sstevel@tonic-gate path = Strdup(file); 617c478bd9Sstevel@tonic-gate else 627c478bd9Sstevel@tonic-gate path = makepath(Lp_Requests, file, (char *)0); 637c478bd9Sstevel@tonic-gate if (!path) 647c478bd9Sstevel@tonic-gate return (0); 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate if ((fd = open_locked(path, "r", MODE_NOREAD)) < 0) { 677c478bd9Sstevel@tonic-gate Free (path); 687c478bd9Sstevel@tonic-gate return (0); 697c478bd9Sstevel@tonic-gate } 707c478bd9Sstevel@tonic-gate Free (path); 717c478bd9Sstevel@tonic-gate 720a44ef6dSjacobs secp = calloc(sizeof (*secp), 1); 730a44ef6dSjacobs 740a44ef6dSjacobs secp->user = 0; 757c478bd9Sstevel@tonic-gate errno = 0; 767c478bd9Sstevel@tonic-gate for ( 777c478bd9Sstevel@tonic-gate fld = 0; 787c478bd9Sstevel@tonic-gate fld < SC_MAX && fdgets(buf, BUFSIZ, fd); 797c478bd9Sstevel@tonic-gate fld++ 807c478bd9Sstevel@tonic-gate ) { 817c478bd9Sstevel@tonic-gate buf[strlen(buf) - 1] = 0; 827c478bd9Sstevel@tonic-gate switch (fld) { 837c478bd9Sstevel@tonic-gate 847c478bd9Sstevel@tonic-gate case SC_REQID: 850a44ef6dSjacobs secp->req_id = Strdup(buf); 867c478bd9Sstevel@tonic-gate break; 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gate case SC_UID: 890a44ef6dSjacobs secp->uid = (uid_t)atol(buf); 907c478bd9Sstevel@tonic-gate break; 917c478bd9Sstevel@tonic-gate 927c478bd9Sstevel@tonic-gate case SC_USER: 930a44ef6dSjacobs secp->user = Strdup(buf); 947c478bd9Sstevel@tonic-gate break; 957c478bd9Sstevel@tonic-gate 967c478bd9Sstevel@tonic-gate case SC_GID: 970a44ef6dSjacobs secp->gid = (gid_t)atol(buf); 987c478bd9Sstevel@tonic-gate break; 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate case SC_SIZE: 1010a44ef6dSjacobs secp->size = (size_t)atol(buf); 1027c478bd9Sstevel@tonic-gate break; 1037c478bd9Sstevel@tonic-gate 1047c478bd9Sstevel@tonic-gate case SC_DATE: 1050a44ef6dSjacobs secp->date = (time_t)atol(buf); 1067c478bd9Sstevel@tonic-gate break; 10745916cd2Sjpk 10845916cd2Sjpk case SC_SLABEL: 1090a44ef6dSjacobs secp->slabel = Strdup(buf); 11045916cd2Sjpk break; 1117c478bd9Sstevel@tonic-gate } 1127c478bd9Sstevel@tonic-gate } 1137c478bd9Sstevel@tonic-gate if (errno != 0 || fld != SC_MAX) { 1147c478bd9Sstevel@tonic-gate int save_errno = errno; 1157c478bd9Sstevel@tonic-gate 1160a44ef6dSjacobs freesecure (secp); 1177c478bd9Sstevel@tonic-gate close(fd); 1187c478bd9Sstevel@tonic-gate errno = save_errno; 1197c478bd9Sstevel@tonic-gate return (0); 1207c478bd9Sstevel@tonic-gate } 1217c478bd9Sstevel@tonic-gate close(fd); 1227c478bd9Sstevel@tonic-gate 1237c478bd9Sstevel@tonic-gate /* 1247c478bd9Sstevel@tonic-gate * Now go through the structure and see if we have 1257c478bd9Sstevel@tonic-gate * anything strange. 1267c478bd9Sstevel@tonic-gate */ 1277c478bd9Sstevel@tonic-gate if ( 128*f48205beScasper secp->uid > MAXUID 1290a44ef6dSjacobs || !secp->user 130*f48205beScasper || secp->gid > MAXUID 1310a44ef6dSjacobs || secp->size == 0 1320a44ef6dSjacobs || secp->date <= 0 1337c478bd9Sstevel@tonic-gate ) { 1340a44ef6dSjacobs freesecure (secp); 1357c478bd9Sstevel@tonic-gate errno = EBADF; 1367c478bd9Sstevel@tonic-gate return (0); 1377c478bd9Sstevel@tonic-gate } 1387c478bd9Sstevel@tonic-gate 1390a44ef6dSjacobs return (secp); 1407c478bd9Sstevel@tonic-gate } 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate /** 1437c478bd9Sstevel@tonic-gate ** putsecure() - WRITE SECURE REQUEST STRUCTURE TO DISK FILE 1447c478bd9Sstevel@tonic-gate **/ 1457c478bd9Sstevel@tonic-gate 1467c478bd9Sstevel@tonic-gate int 1477c478bd9Sstevel@tonic-gate putsecure(char *file, SECURE *secbufp) 1487c478bd9Sstevel@tonic-gate { 1497c478bd9Sstevel@tonic-gate char *path; 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate int fd; 1527c478bd9Sstevel@tonic-gate 1537c478bd9Sstevel@tonic-gate int fld; 1547c478bd9Sstevel@tonic-gate 1557c478bd9Sstevel@tonic-gate if (*file == '/') 1567c478bd9Sstevel@tonic-gate path = Strdup(file); 1577c478bd9Sstevel@tonic-gate else 1587c478bd9Sstevel@tonic-gate path = makepath(Lp_Requests, file, (char *)0); 1597c478bd9Sstevel@tonic-gate if (!path) 1607c478bd9Sstevel@tonic-gate return (-1); 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate if ((fd = open_locked(path, "w", MODE_NOREAD)) < 0) { 1637c478bd9Sstevel@tonic-gate Free (path); 1647c478bd9Sstevel@tonic-gate return (-1); 1657c478bd9Sstevel@tonic-gate } 1667c478bd9Sstevel@tonic-gate Free (path); 1677c478bd9Sstevel@tonic-gate 1687c478bd9Sstevel@tonic-gate if ( 1697c478bd9Sstevel@tonic-gate !secbufp->req_id || 1707c478bd9Sstevel@tonic-gate !secbufp->user 1717c478bd9Sstevel@tonic-gate ) 1727c478bd9Sstevel@tonic-gate return (-1); 1737c478bd9Sstevel@tonic-gate 1747c478bd9Sstevel@tonic-gate for (fld = 0; fld < SC_MAX; fld++) 1757c478bd9Sstevel@tonic-gate 1767c478bd9Sstevel@tonic-gate switch (fld) { 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate case SC_REQID: 1797c478bd9Sstevel@tonic-gate (void)fdprintf(fd, "%s\n", secbufp->req_id); 1807c478bd9Sstevel@tonic-gate break; 1817c478bd9Sstevel@tonic-gate 1827c478bd9Sstevel@tonic-gate case SC_UID: 183*f48205beScasper (void)fdprintf(fd, "%u\n", secbufp->uid); 1847c478bd9Sstevel@tonic-gate break; 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate case SC_USER: 1877c478bd9Sstevel@tonic-gate (void)fdprintf(fd, "%s\n", secbufp->user); 1887c478bd9Sstevel@tonic-gate break; 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate case SC_GID: 191*f48205beScasper (void)fdprintf(fd, "%u\n", secbufp->gid); 1927c478bd9Sstevel@tonic-gate break; 1937c478bd9Sstevel@tonic-gate 1947c478bd9Sstevel@tonic-gate case SC_SIZE: 1957c478bd9Sstevel@tonic-gate (void)fdprintf(fd, "%lu\n", secbufp->size); 1967c478bd9Sstevel@tonic-gate break; 1977c478bd9Sstevel@tonic-gate 1987c478bd9Sstevel@tonic-gate case SC_DATE: 1997c478bd9Sstevel@tonic-gate (void)fdprintf(fd, "%ld\n", secbufp->date); 2007c478bd9Sstevel@tonic-gate break; 2017c478bd9Sstevel@tonic-gate 20245916cd2Sjpk case SC_SLABEL: 20345916cd2Sjpk if (secbufp->slabel == NULL) { 20445916cd2Sjpk if (is_system_labeled()) { 20545916cd2Sjpk m_label_t *sl; 20645916cd2Sjpk 20745916cd2Sjpk sl = m_label_alloc(MAC_LABEL); 20845916cd2Sjpk (void) getplabel(sl); 20945916cd2Sjpk if (label_to_str(sl, &(secbufp->slabel), 21045916cd2Sjpk M_INTERNAL, DEF_NAMES) != 0) { 21145916cd2Sjpk perror("label_to_str"); 21245916cd2Sjpk secbufp->slabel = 21345916cd2Sjpk strdup("bad_label"); 21445916cd2Sjpk } 21545916cd2Sjpk m_label_free(sl); 21645916cd2Sjpk (void) fdprintf(fd, "%s\n", 21745916cd2Sjpk secbufp->slabel); 21845916cd2Sjpk } else { 21945916cd2Sjpk (void) fdprintf(fd, "none\n"); 22045916cd2Sjpk } 22145916cd2Sjpk } else { 22245916cd2Sjpk (void) fdprintf(fd, "%s\n", secbufp->slabel); 22345916cd2Sjpk } 22445916cd2Sjpk break; 22545916cd2Sjpk } 2267c478bd9Sstevel@tonic-gate close(fd); 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate return (0); 2297c478bd9Sstevel@tonic-gate } 2307c478bd9Sstevel@tonic-gate 2317c478bd9Sstevel@tonic-gate /* 2327c478bd9Sstevel@tonic-gate ** rmsecure () 2337c478bd9Sstevel@tonic-gate ** 2347c478bd9Sstevel@tonic-gate ** o 'reqfilep' is of the form 'node-name/request-file' 2357c478bd9Sstevel@tonic-gate ** e.g. 'sfcalv/123-0'. 2367c478bd9Sstevel@tonic-gate */ 2377c478bd9Sstevel@tonic-gate int 2387c478bd9Sstevel@tonic-gate rmsecure (char *reqfilep) 2397c478bd9Sstevel@tonic-gate { 2407c478bd9Sstevel@tonic-gate int n; 2417c478bd9Sstevel@tonic-gate char * pathp; 2427c478bd9Sstevel@tonic-gate 2437c478bd9Sstevel@tonic-gate pathp = makepath (Lp_Requests, reqfilep, (char *) 0); 2447c478bd9Sstevel@tonic-gate if (! pathp) 2457c478bd9Sstevel@tonic-gate return -1; 2467c478bd9Sstevel@tonic-gate 2477c478bd9Sstevel@tonic-gate n = Unlink (pathp); 2487c478bd9Sstevel@tonic-gate Free (pathp); 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate return n; 2517c478bd9Sstevel@tonic-gate } 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate /** 2547c478bd9Sstevel@tonic-gate ** freesecure() - FREE A SECURE STRUCTURE 2557c478bd9Sstevel@tonic-gate **/ 2567c478bd9Sstevel@tonic-gate 2577c478bd9Sstevel@tonic-gate void 2587c478bd9Sstevel@tonic-gate freesecure(SECURE *secbufp) 2597c478bd9Sstevel@tonic-gate { 2607c478bd9Sstevel@tonic-gate if (!secbufp) 2617c478bd9Sstevel@tonic-gate return; 2627c478bd9Sstevel@tonic-gate if (secbufp->req_id) 2637c478bd9Sstevel@tonic-gate Free (secbufp->req_id); 2647c478bd9Sstevel@tonic-gate if (secbufp->user) 2657c478bd9Sstevel@tonic-gate Free (secbufp->user); 2660a44ef6dSjacobs Free (secbufp); 2670a44ef6dSjacobs 2687c478bd9Sstevel@tonic-gate return; 2697c478bd9Sstevel@tonic-gate } 270