xref: /titanic_53/usr/src/cmd/auths/auths.c (revision 14839a76b454c7de413fbc7c57842b674873ee79)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pwd.h>
#include <string.h>
#include <deflt.h>
#include <libintl.h>
#include <locale.h>
#include <user_attr.h>
#include <prof_attr.h>
#include <auth_attr.h>


#define	ALL_AUTHS	"All"
#define	ALL_SUN_AUTHS	"solaris.*"

#define	EXIT_OK		0
#define	EXIT_FATAL	1
#define	EXIT_NON_FATAL	2

#ifndef	TEXT_DOMAIN			/* Should be defined by cc -D */
#define	TEXT_DOMAIN	"SYS_TEST"
#endif

#define	PROFLIST_SEP	","
#define	AUTH_SEP	","
#define	MAXAUTHS	4096


static int show_auths(char *, char **, int, int);
static int list_auths(userattr_t *, char **, int *);
static char *get_default_auths(char **, int *);
static void getProfiles(char *, char **, int *, char **, int *);
static void add_auths(char *, char **, int *);


static char *progname = "auths";


int
main(int argc, char *argv[])
{
	int		status = EXIT_OK;
	char		*defauths[MAXAUTHS];
	int		defauth_cnt = 0;
	int		i;

	(void) setlocale(LC_ALL, "");
	(void) textdomain(TEXT_DOMAIN);

	(void) get_default_auths(defauths, &defauth_cnt);

	switch (argc) {
	case 1:
		status = show_auths(NULL, defauths, defauth_cnt, 0);
		break;
	case 2:
		status = show_auths(argv[argc-1], defauths, defauth_cnt, 0);
		break;
	default:
		while (*++argv) {
			status = show_auths(*argv, defauths, defauth_cnt, 1);
			if (status == EXIT_FATAL) {
				break;
			}
		}
		break;
	}

	/* free memory allocated for default authorizations */
	for (i = 0; i < defauth_cnt; i++) {
		free(defauths[i]);
	}

	status = (status == EXIT_OK) ? status : EXIT_FATAL;

	return (status);
}


static int
show_auths(char *username, char **defauths, int defauth_cnt, int print_name)
{
	int		status = EXIT_OK;
	struct passwd	*pw;
	userattr_t	*user;
	char		*userauths[MAXAUTHS];
	int		userauth_cnt = 0, old_userauth_cnt;
	int		i, j, have_allauths, duplicate;

	if (username == NULL) {
		if ((pw = getpwuid(getuid())) == NULL) {
			status = EXIT_NON_FATAL;
			(void) fprintf(stderr, "%s: ", progname);
			(void) fprintf(stderr, gettext("No passwd entry\n"));
			return (status);
		}
		username = pw->pw_name;
	} else if (getpwnam(username) == NULL) {
		status = EXIT_NON_FATAL;
		(void) fprintf(stderr, "%s: %s : ", progname, username);
		(void) fprintf(stderr, gettext("No such user\n"));
		return (status);
	}

	have_allauths = 0;
	if (username != NULL) {
		/* if ALL_AUTHS is default, don't need to look at other auths */
		for (i = 0; i < defauth_cnt; i++) {
			if (strcmp(defauths[i], ALL_AUTHS) == 0) {
				have_allauths = 1;
				break;
			}
		}
		if (have_allauths) {
			status = EXIT_OK;
		} else if ((user = getusernam(username)) != NULL) {
			status = list_auths(user, userauths, &userauth_cnt);
			/* check if any profiles have ALL_AUTHS */
			for (i = 0; i < userauth_cnt; i++) {
				if (strcmp(userauths[i], ALL_AUTHS) == 0) {
					have_allauths = 1;
					break;
				}
			}
		}
		if ((defauth_cnt + userauth_cnt) == 0) {
			status = EXIT_NON_FATAL;
		}
	}
	if (status == EXIT_NON_FATAL) {
		(void) fprintf(stderr, "%s: %s : ", progname, username);
		(void) fprintf(stderr, gettext("No authorizations\n"));
	} else {
		if (print_name) {
			(void) printf("%s : ", username);
		}

		if (have_allauths) {
			(void) printf("%s\n", ALL_SUN_AUTHS);
		} else {
			/*
			 * combine the user auths and default auths,
			 * and eliminate duplicates from the two
			 */
			old_userauth_cnt = userauth_cnt;
			for (i = 0; i < defauth_cnt; i++) {
				duplicate = 0;
				for (j = 0; j < old_userauth_cnt; j++) {
					if (strcmp(userauths[j], defauths[i]) ==
					    0) {
						duplicate = 1;
						break;
					}
				}
				if (!duplicate) {
					userauths[userauth_cnt] =
					    strdup(defauths[i]);
					userauth_cnt++;
				}
			}

			/* print out the auths */
			for (i = 0; i < (userauth_cnt - 1); i++) {
				(void) printf("%s,", userauths[i]);
			}

			/* print out the last entry, without the comma */
			(void) printf("%s\n", userauths[userauth_cnt - 1]);
		}
	}

	/* free memory allocated for authorizations */
	for (i = 0; i < userauth_cnt; i++) {
		free(userauths[i]);
	}

	return (status);
}


static int
list_auths(userattr_t *user, char **authArray, int *authcnt)
{
	int		status = EXIT_OK;
	char		*authlist = NULL;
	char		*proflist = NULL;
	char		*profArray[MAXPROFS];
	int		profcnt = 0;

	authlist = kva_match(user->attr, USERATTR_AUTHS_KW);
	if (authlist != NULL) {
		add_auths(authlist, authArray, authcnt);
	}
	if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) {
		if (authcnt == 0) {
			status = EXIT_NON_FATAL;
		}
	} else {
		getProfiles(proflist, profArray, &profcnt,
		    authArray, authcnt);
		free_proflist(profArray, profcnt);
	}
	if (authcnt == 0) {
		status = EXIT_NON_FATAL;
	}
	free_userattr(user);

	return (status);
}


static char *
get_default_auths(char **authArray, int *authcnt)
{
	char *auths = NULL;
	char *profs = NULL;
	char *profArray[MAXPROFS];
	int profcnt = 0;

	if (defopen(AUTH_POLICY) == NULL) {
		auths = defread(DEF_AUTH);
		if (auths != NULL) {
			add_auths(auths, authArray, authcnt);
		}

		/* get authorizations from default profiles */
		profs = defread(DEF_PROF);
		if (profs != NULL) {
			getProfiles(profs, profArray, &profcnt,
			    authArray, authcnt);
			free_proflist(profArray, profcnt);
		}
	}

	return (auths);
}

void
add_auths(char *auths, char **authArray, int *authcnt)
{
	char	*authname, *lasts, *real_authname;
	int	i;

	for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts);
	    authname != NULL;
	    authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) {

		if ((strcmp(authname, KV_WILDCARD) == 0) ||
		    (strcmp(authname, ALL_SUN_AUTHS) == 0)) {
			real_authname = ALL_AUTHS;
		} else {
			real_authname = authname;
		}

		/* check to see if authorization is already in list */
		for (i = 0; i < *authcnt; i++) {
			if (strcmp(real_authname, authArray[i]) == 0) {
				break;	/* already in list */
			}
		}

		/* not in list, add it in */
		if (i == *authcnt) {
			authArray[i] = strdup(real_authname);
			*authcnt = i + 1;
		}
	}

}

static void
getProfiles(char *profiles, char **profArray, int *profcnt,
	char **authArray, int *authcnt)
{

	char		*prof;
	char		*lasts;
	profattr_t	*pa;
	char		*auths;
	int		i;

	for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts);
	    prof != NULL;
	    prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) {

		getproflist(prof, profArray, profcnt);
	}

	/* get authorizations from list of profiles */
	for (i = 0; i < *profcnt; i++) {

		if ((pa = getprofnam(profArray[i])) == NULL) {
			/*
			 *  this should never happen.
			 *  unless the database has an undefined profile
			 */
			continue;
		}

		/* get auths this profile */
		auths = kva_match(pa->attr, PROFATTR_AUTHS_KW);
		if (auths != NULL) {
			add_auths(auths, authArray, authcnt);
		}

		free_profattr(pa);
	}
}