17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 237c478bd9Sstevel@tonic-gate * Copyright 2003 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate * 267c478bd9Sstevel@tonic-gate * Device policy specific subroutines. We cannot merge them with 277c478bd9Sstevel@tonic-gate * drvsubr.c because of static linking requirements. 287c478bd9Sstevel@tonic-gate */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include <stdio.h> 337c478bd9Sstevel@tonic-gate #include <stdlib.h> 347c478bd9Sstevel@tonic-gate #include <unistd.h> 357c478bd9Sstevel@tonic-gate #include <string.h> 367c478bd9Sstevel@tonic-gate #include <ctype.h> 377c478bd9Sstevel@tonic-gate #include <priv.h> 387c478bd9Sstevel@tonic-gate #include <string.h> 397c478bd9Sstevel@tonic-gate #include <libgen.h> 407c478bd9Sstevel@tonic-gate #include <libintl.h> 417c478bd9Sstevel@tonic-gate #include <errno.h> 427c478bd9Sstevel@tonic-gate #include <alloca.h> 437c478bd9Sstevel@tonic-gate #include <sys/modctl.h> 447c478bd9Sstevel@tonic-gate #include <sys/devpolicy.h> 457c478bd9Sstevel@tonic-gate #include <sys/stat.h> 467c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate #include "addrem.h" 497c478bd9Sstevel@tonic-gate #include "errmsg.h" 507c478bd9Sstevel@tonic-gate #include "plcysubr.h" 517c478bd9Sstevel@tonic-gate 527c478bd9Sstevel@tonic-gate size_t devplcysys_sz; 537c478bd9Sstevel@tonic-gate const priv_impl_info_t *privimplinfo; 547c478bd9Sstevel@tonic-gate 557c478bd9Sstevel@tonic-gate /* 567c478bd9Sstevel@tonic-gate * New token types should be parsed in parse_plcy_entry. 577c478bd9Sstevel@tonic-gate */ 587c478bd9Sstevel@tonic-gate #define PSET 0 597c478bd9Sstevel@tonic-gate 607c478bd9Sstevel@tonic-gate typedef struct token { 617c478bd9Sstevel@tonic-gate const char *token; 627c478bd9Sstevel@tonic-gate int type; 637c478bd9Sstevel@tonic-gate ptrdiff_t off; 647c478bd9Sstevel@tonic-gate } token_t; 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate static token_t toktab[] = { 677c478bd9Sstevel@tonic-gate { DEVPLCY_TKN_RDP, PSET /* offsetof(devplcysys_t, dps_rdp) */ }, 687c478bd9Sstevel@tonic-gate { DEVPLCY_TKN_WRP, PSET /* offsetof(devplcysys_t, dps_wrp) */ }, 697c478bd9Sstevel@tonic-gate }; 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate #define RDPOL 0 727c478bd9Sstevel@tonic-gate #define WRPOL 1 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate #define NTOK (sizeof (toktab)/sizeof (token_t)) 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate /* 777c478bd9Sstevel@tonic-gate * Compute the size of the datastructures needed. 787c478bd9Sstevel@tonic-gate */ 797c478bd9Sstevel@tonic-gate void 807c478bd9Sstevel@tonic-gate devplcy_init(void) 817c478bd9Sstevel@tonic-gate { 827c478bd9Sstevel@tonic-gate if ((privimplinfo = getprivimplinfo()) == NULL) { 837c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_PRIVIMPL)); 847c478bd9Sstevel@tonic-gate exit(1); 857c478bd9Sstevel@tonic-gate } 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate devplcysys_sz = DEVPLCYSYS_SZ(privimplinfo); 887c478bd9Sstevel@tonic-gate 897c478bd9Sstevel@tonic-gate toktab[RDPOL].off = 907c478bd9Sstevel@tonic-gate (char *)DEVPLCYSYS_RDP((devplcysys_t *)0, privimplinfo) - 917c478bd9Sstevel@tonic-gate (char *)0; 927c478bd9Sstevel@tonic-gate toktab[WRPOL].off = 937c478bd9Sstevel@tonic-gate (char *)DEVPLCYSYS_WRP((devplcysys_t *)0, privimplinfo) - 947c478bd9Sstevel@tonic-gate (char *)0; 957c478bd9Sstevel@tonic-gate } 967c478bd9Sstevel@tonic-gate 977c478bd9Sstevel@tonic-gate /* 987c478bd9Sstevel@tonic-gate * Read a configuration file line and return a static buffer pointing to it. 997c478bd9Sstevel@tonic-gate * It returns a static struct fileentry which has several fields: 1007c478bd9Sstevel@tonic-gate * - rawbuf, which includes the lines including empty lines and comments 1017c478bd9Sstevel@tonic-gate * leading up to the file and the entry as found in the file 1027c478bd9Sstevel@tonic-gate * - orgentry, pointer in rawbuf to the start of the entry proper. 1037c478bd9Sstevel@tonic-gate * - entry, a pre-parsed entry, escaped newlines removed. 1047c478bd9Sstevel@tonic-gate * - startline, the line number of the first line in the file 1057c478bd9Sstevel@tonic-gate */ 1067c478bd9Sstevel@tonic-gate fileentry_t * 1077c478bd9Sstevel@tonic-gate fgetline(FILE *fp) 1087c478bd9Sstevel@tonic-gate { 1097c478bd9Sstevel@tonic-gate static size_t sz = BUFSIZ; 1107c478bd9Sstevel@tonic-gate static struct fileentry fe; 1117c478bd9Sstevel@tonic-gate static int linecnt = 1; 1127c478bd9Sstevel@tonic-gate 1137c478bd9Sstevel@tonic-gate char *buf = fe.rawbuf; 1147c478bd9Sstevel@tonic-gate ptrdiff_t off; 1157c478bd9Sstevel@tonic-gate char *p; 1167c478bd9Sstevel@tonic-gate int c, lastc, i; 1177c478bd9Sstevel@tonic-gate 1187c478bd9Sstevel@tonic-gate if (buf == NULL) { 1197c478bd9Sstevel@tonic-gate fe.rawbuf = buf = malloc(sz); 1207c478bd9Sstevel@tonic-gate if (buf == NULL) 1217c478bd9Sstevel@tonic-gate return (NULL); 1227c478bd9Sstevel@tonic-gate } 1237c478bd9Sstevel@tonic-gate if (fe.entry != NULL) { 1247c478bd9Sstevel@tonic-gate free(fe.entry); 1257c478bd9Sstevel@tonic-gate fe.orgentry = fe.entry = NULL; 1267c478bd9Sstevel@tonic-gate } 1277c478bd9Sstevel@tonic-gate 1287c478bd9Sstevel@tonic-gate i = 0; 1297c478bd9Sstevel@tonic-gate off = -1; 1307c478bd9Sstevel@tonic-gate c = '\n'; 1317c478bd9Sstevel@tonic-gate 1327c478bd9Sstevel@tonic-gate while (lastc = c, (c = getc(fp)) != EOF) { 1337c478bd9Sstevel@tonic-gate buf[i++] = c; 1347c478bd9Sstevel@tonic-gate 1357c478bd9Sstevel@tonic-gate if (i == sz) { 1367c478bd9Sstevel@tonic-gate sz *= 2; 1377c478bd9Sstevel@tonic-gate fe.rawbuf = buf = realloc(buf, sz); 1387c478bd9Sstevel@tonic-gate if (buf == NULL) 1397c478bd9Sstevel@tonic-gate return (NULL); 1407c478bd9Sstevel@tonic-gate } 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate if (c == '\n') { 1437c478bd9Sstevel@tonic-gate linecnt++; 1447c478bd9Sstevel@tonic-gate /* Newline, escaped or not yet processing an entry */ 1457c478bd9Sstevel@tonic-gate if (off == -1 || lastc == '\\') 1467c478bd9Sstevel@tonic-gate continue; 1477c478bd9Sstevel@tonic-gate } else if (lastc == '\n' && off == -1) { 1487c478bd9Sstevel@tonic-gate /* Start of more comments */ 1497c478bd9Sstevel@tonic-gate if (c == '#') 1507c478bd9Sstevel@tonic-gate continue; 1517c478bd9Sstevel@tonic-gate /* Found start of entry */ 1527c478bd9Sstevel@tonic-gate off = i - 1; 1537c478bd9Sstevel@tonic-gate fe.startline = linecnt; 1547c478bd9Sstevel@tonic-gate continue; 1557c478bd9Sstevel@tonic-gate } else 1567c478bd9Sstevel@tonic-gate continue; 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate buf[i] = '\0'; 1597c478bd9Sstevel@tonic-gate fe.orgentry = buf + off; 1607c478bd9Sstevel@tonic-gate p = fe.entry = strdup(fe.orgentry); 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate if (p == NULL) 1637c478bd9Sstevel@tonic-gate return (NULL); 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate /* Remove <backslash><newline> */ 1667c478bd9Sstevel@tonic-gate if ((p = strchr(p, '\\')) != NULL) { 1677c478bd9Sstevel@tonic-gate for (off = 0; (p[-off] = p[0]) != '\0'; p++) 1687c478bd9Sstevel@tonic-gate if (p[0] == '\\' && p[1] == '\n') { 1697c478bd9Sstevel@tonic-gate off += 2; 1707c478bd9Sstevel@tonic-gate p++; 1717c478bd9Sstevel@tonic-gate } 1727c478bd9Sstevel@tonic-gate } 1737c478bd9Sstevel@tonic-gate return (&fe); 1747c478bd9Sstevel@tonic-gate } 1757c478bd9Sstevel@tonic-gate if (lastc != '\n' || off != -1) 1767c478bd9Sstevel@tonic-gate return (NULL); 1777c478bd9Sstevel@tonic-gate buf[i] = '\0'; 1787c478bd9Sstevel@tonic-gate linecnt = 1; 1797c478bd9Sstevel@tonic-gate return (&fe); 1807c478bd9Sstevel@tonic-gate } 1817c478bd9Sstevel@tonic-gate 1827c478bd9Sstevel@tonic-gate /* 1837c478bd9Sstevel@tonic-gate * Parse minor number ranges: 1847c478bd9Sstevel@tonic-gate * (minor) or (lowminor-highminor) 1857c478bd9Sstevel@tonic-gate * Return 0 for success, -1 for failure. 1867c478bd9Sstevel@tonic-gate */ 1877c478bd9Sstevel@tonic-gate int 1887c478bd9Sstevel@tonic-gate parse_minor_range(const char *range, minor_t *lo, minor_t *hi, char *type) 1897c478bd9Sstevel@tonic-gate { 1907c478bd9Sstevel@tonic-gate unsigned long tmp; 1917c478bd9Sstevel@tonic-gate char *p; 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate if (*range++ != '(') 1947c478bd9Sstevel@tonic-gate return (-1); 1957c478bd9Sstevel@tonic-gate 1967c478bd9Sstevel@tonic-gate errno = 0; 1977c478bd9Sstevel@tonic-gate tmp = strtoul(range, &p, 0); 1987c478bd9Sstevel@tonic-gate if (tmp > L_MAXMIN32 || (tmp == 0 && errno != 0) || 1997c478bd9Sstevel@tonic-gate (*p != '-' && *p != ')')) 2007c478bd9Sstevel@tonic-gate return (-1); 2017c478bd9Sstevel@tonic-gate *lo = tmp; 2027c478bd9Sstevel@tonic-gate if (*p == '-') { 2037c478bd9Sstevel@tonic-gate errno = 0; 2047c478bd9Sstevel@tonic-gate tmp = strtoul(p + 1, &p, 0); 2057c478bd9Sstevel@tonic-gate if (tmp > L_MAXMIN32 || (tmp == 0 && errno != 0) || *p != ')') 2067c478bd9Sstevel@tonic-gate return (-1); 2077c478bd9Sstevel@tonic-gate } 2087c478bd9Sstevel@tonic-gate *hi = tmp; 2097c478bd9Sstevel@tonic-gate if (*lo > *hi) 2107c478bd9Sstevel@tonic-gate return (-1); 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate switch (p[1]) { 2137c478bd9Sstevel@tonic-gate case '\0': 2147c478bd9Sstevel@tonic-gate *type = '\0'; 2157c478bd9Sstevel@tonic-gate break; 2167c478bd9Sstevel@tonic-gate case 'c': 2177c478bd9Sstevel@tonic-gate case 'C': 2187c478bd9Sstevel@tonic-gate *type = 'c'; 2197c478bd9Sstevel@tonic-gate break; 2207c478bd9Sstevel@tonic-gate case 'b': 2217c478bd9Sstevel@tonic-gate case 'B': 2227c478bd9Sstevel@tonic-gate *type = 'b'; 2237c478bd9Sstevel@tonic-gate break; 2247c478bd9Sstevel@tonic-gate default: 2257c478bd9Sstevel@tonic-gate return (-1); 2267c478bd9Sstevel@tonic-gate } 2277c478bd9Sstevel@tonic-gate return (0); 2287c478bd9Sstevel@tonic-gate } 2297c478bd9Sstevel@tonic-gate 2307c478bd9Sstevel@tonic-gate static void 2317c478bd9Sstevel@tonic-gate put_minor_range(FILE *fp, fileentry_t *old, const char *devn, const char *tail, 2327c478bd9Sstevel@tonic-gate minor_t lo, minor_t hi, char type) 2337c478bd9Sstevel@tonic-gate { 2347c478bd9Sstevel@tonic-gate /* Preserve preceeding comments */ 2357c478bd9Sstevel@tonic-gate if (old != NULL && old->rawbuf != old->orgentry) 2367c478bd9Sstevel@tonic-gate (void) fwrite(old->rawbuf, 1, old->orgentry - old->rawbuf, fp); 2377c478bd9Sstevel@tonic-gate 2387c478bd9Sstevel@tonic-gate if (type == '\0') { 2397c478bd9Sstevel@tonic-gate put_minor_range(fp, NULL, devn, tail, lo, hi, 'b'); 2407c478bd9Sstevel@tonic-gate put_minor_range(fp, NULL, devn, tail, lo, hi, 'c'); 2417c478bd9Sstevel@tonic-gate } else if (lo == hi) { 2427c478bd9Sstevel@tonic-gate (void) fprintf(fp, "%s:(%d)%c%s", devn, (int)lo, type, tail); 2437c478bd9Sstevel@tonic-gate } else { 2447c478bd9Sstevel@tonic-gate (void) fprintf(fp, "%s:(%d-%d)%c%s", devn, (int)lo, (int)hi, 2457c478bd9Sstevel@tonic-gate type, tail); 2467c478bd9Sstevel@tonic-gate } 2477c478bd9Sstevel@tonic-gate } 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate static int 2507c478bd9Sstevel@tonic-gate delete_one_entry(const char *filename, const char *entry) 2517c478bd9Sstevel@tonic-gate { 2527c478bd9Sstevel@tonic-gate char tfile[MAXPATHLEN]; 2537c478bd9Sstevel@tonic-gate char ofile[MAXPATHLEN]; 2547c478bd9Sstevel@tonic-gate char *nfile; 2557c478bd9Sstevel@tonic-gate FILE *old, *new; 2567c478bd9Sstevel@tonic-gate fileentry_t *fep; 2577c478bd9Sstevel@tonic-gate struct stat buf; 2587c478bd9Sstevel@tonic-gate int newfd; 2597c478bd9Sstevel@tonic-gate char *mpart; 2607c478bd9Sstevel@tonic-gate boolean_t delall; 2617c478bd9Sstevel@tonic-gate boolean_t delrange; 2627c478bd9Sstevel@tonic-gate minor_t rlo, rhi; 2637c478bd9Sstevel@tonic-gate char rtype; 2647c478bd9Sstevel@tonic-gate 2657c478bd9Sstevel@tonic-gate mpart = strchr(entry, ':'); 2667c478bd9Sstevel@tonic-gate if (mpart == NULL) { 2677c478bd9Sstevel@tonic-gate delall = B_TRUE; 2687c478bd9Sstevel@tonic-gate delrange = B_FALSE; 2697c478bd9Sstevel@tonic-gate } else { 2707c478bd9Sstevel@tonic-gate delall = B_FALSE; 2717c478bd9Sstevel@tonic-gate mpart++; 2727c478bd9Sstevel@tonic-gate if (*mpart == '(') { 2737c478bd9Sstevel@tonic-gate if (parse_minor_range(mpart, &rlo, &rhi, &rtype) != 0) 2747c478bd9Sstevel@tonic-gate return (-1); 2757c478bd9Sstevel@tonic-gate delrange = B_TRUE; 2767c478bd9Sstevel@tonic-gate } else { 2777c478bd9Sstevel@tonic-gate delrange = B_FALSE; 2787c478bd9Sstevel@tonic-gate } 2797c478bd9Sstevel@tonic-gate } 2807c478bd9Sstevel@tonic-gate 2817c478bd9Sstevel@tonic-gate if (strlen(filename) + sizeof (XEND) > sizeof (tfile)) 2827c478bd9Sstevel@tonic-gate return (-1); 2837c478bd9Sstevel@tonic-gate 2847c478bd9Sstevel@tonic-gate old = fopen(filename, "r"); 2857c478bd9Sstevel@tonic-gate 2867c478bd9Sstevel@tonic-gate if (old == NULL) 2877c478bd9Sstevel@tonic-gate return (-1); 2887c478bd9Sstevel@tonic-gate 2897c478bd9Sstevel@tonic-gate (void) snprintf(tfile, sizeof (tfile), "%s%s", filename, XEND); 2907c478bd9Sstevel@tonic-gate (void) snprintf(ofile, sizeof (ofile), "%s%s", filename, ".old"); 2917c478bd9Sstevel@tonic-gate 2927c478bd9Sstevel@tonic-gate nfile = mktemp(tfile); 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gate new = fopen(nfile, "w"); 2957c478bd9Sstevel@tonic-gate if (new == NULL) { 2967c478bd9Sstevel@tonic-gate (void) fclose(old); 2977c478bd9Sstevel@tonic-gate return (ERROR); 2987c478bd9Sstevel@tonic-gate } 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate newfd = fileno(new); 3017c478bd9Sstevel@tonic-gate 3027c478bd9Sstevel@tonic-gate /* Copy permissions, ownership */ 3037c478bd9Sstevel@tonic-gate if (fstat(fileno(old), &buf) == 0) { 3047c478bd9Sstevel@tonic-gate (void) fchown(newfd, buf.st_uid, buf.st_gid); 3057c478bd9Sstevel@tonic-gate (void) fchmod(newfd, buf.st_mode); 3067c478bd9Sstevel@tonic-gate } else { 3077c478bd9Sstevel@tonic-gate (void) fchown(newfd, 0, 3); /* root:sys */ 3087c478bd9Sstevel@tonic-gate (void) fchmod(newfd, 0644); 3097c478bd9Sstevel@tonic-gate } 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate while ((fep = fgetline(old))) { 3127c478bd9Sstevel@tonic-gate char *tok; 3137c478bd9Sstevel@tonic-gate char *min; 3147c478bd9Sstevel@tonic-gate char *tail; 3157c478bd9Sstevel@tonic-gate char tc; 3167c478bd9Sstevel@tonic-gate int len; 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate /* Trailing comments */ 3197c478bd9Sstevel@tonic-gate if (fep->entry == NULL) { 3207c478bd9Sstevel@tonic-gate (void) fputs(fep->rawbuf, new); 3217c478bd9Sstevel@tonic-gate break; 3227c478bd9Sstevel@tonic-gate } 3237c478bd9Sstevel@tonic-gate 3247c478bd9Sstevel@tonic-gate tok = fep->entry; 3257c478bd9Sstevel@tonic-gate while (*tok && isspace(*tok)) 3267c478bd9Sstevel@tonic-gate tok++; 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate if (*tok == '\0') { 3297c478bd9Sstevel@tonic-gate (void) fputs(fep->rawbuf, new); 3307c478bd9Sstevel@tonic-gate break; 3317c478bd9Sstevel@tonic-gate } 3327c478bd9Sstevel@tonic-gate 3337c478bd9Sstevel@tonic-gate /* Make sure we can recover the remainder incl. whitespace */ 3347c478bd9Sstevel@tonic-gate tail = strpbrk(tok, "\t\n "); 3357c478bd9Sstevel@tonic-gate if (tail == NULL) 3367c478bd9Sstevel@tonic-gate tail = tok + strlen(tok); 3377c478bd9Sstevel@tonic-gate tc = *tail; 3387c478bd9Sstevel@tonic-gate *tail = '\0'; 3397c478bd9Sstevel@tonic-gate 3407c478bd9Sstevel@tonic-gate if (delall || delrange) { 3417c478bd9Sstevel@tonic-gate min = strchr(tok, ':'); 3427c478bd9Sstevel@tonic-gate if (min) 3437c478bd9Sstevel@tonic-gate *min++ = '\0'; 3447c478bd9Sstevel@tonic-gate } 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate len = strlen(tok); 3477c478bd9Sstevel@tonic-gate if (delrange) { 3487c478bd9Sstevel@tonic-gate minor_t lo, hi; 3497c478bd9Sstevel@tonic-gate char type; 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate /* 3527c478bd9Sstevel@tonic-gate * Delete or shrink overlapping ranges. 3537c478bd9Sstevel@tonic-gate */ 3547c478bd9Sstevel@tonic-gate if (strncmp(entry, tok, len) == 0 && 3557c478bd9Sstevel@tonic-gate entry[len] == ':' && 3567c478bd9Sstevel@tonic-gate min != NULL && 3577c478bd9Sstevel@tonic-gate parse_minor_range(min, &lo, &hi, &type) == 0 && 3587c478bd9Sstevel@tonic-gate (type == rtype || rtype == '\0') && 3597c478bd9Sstevel@tonic-gate lo <= rhi && hi >= rlo) { 3607c478bd9Sstevel@tonic-gate minor_t newlo, newhi; 3617c478bd9Sstevel@tonic-gate 3627c478bd9Sstevel@tonic-gate /* Complete overlap, then drop it. */ 3637c478bd9Sstevel@tonic-gate if (lo >= rlo && hi <= rhi) 3647c478bd9Sstevel@tonic-gate continue; 3657c478bd9Sstevel@tonic-gate 3667c478bd9Sstevel@tonic-gate /* Partial overlap, shrink range */ 3677c478bd9Sstevel@tonic-gate if (lo < rlo) 3687c478bd9Sstevel@tonic-gate newhi = rlo - 1; 3697c478bd9Sstevel@tonic-gate else 3707c478bd9Sstevel@tonic-gate newhi = hi; 3717c478bd9Sstevel@tonic-gate if (hi > rhi) 3727c478bd9Sstevel@tonic-gate newlo = rhi + 1; 3737c478bd9Sstevel@tonic-gate else 3747c478bd9Sstevel@tonic-gate newlo = lo; 3757c478bd9Sstevel@tonic-gate 3767c478bd9Sstevel@tonic-gate /* restore NULed character */ 3777c478bd9Sstevel@tonic-gate *tail = tc; 3787c478bd9Sstevel@tonic-gate 3797c478bd9Sstevel@tonic-gate /* Split range? */ 3807c478bd9Sstevel@tonic-gate if (newlo > newhi) { 3817c478bd9Sstevel@tonic-gate /* 3827c478bd9Sstevel@tonic-gate * We have two ranges: 3837c478bd9Sstevel@tonic-gate * lo ... newhi (== rlo - 1) 3847c478bd9Sstevel@tonic-gate * newlo (== rhi + 1) .. hi 3857c478bd9Sstevel@tonic-gate */ 3867c478bd9Sstevel@tonic-gate put_minor_range(new, fep, tok, tail, 3877c478bd9Sstevel@tonic-gate lo, newhi, type); 3887c478bd9Sstevel@tonic-gate put_minor_range(new, NULL, tok, tail, 3897c478bd9Sstevel@tonic-gate newlo, hi, type); 3907c478bd9Sstevel@tonic-gate } else { 3917c478bd9Sstevel@tonic-gate put_minor_range(new, fep, tok, tail, 3927c478bd9Sstevel@tonic-gate newlo, newhi, type); 3937c478bd9Sstevel@tonic-gate } 3947c478bd9Sstevel@tonic-gate continue; 3957c478bd9Sstevel@tonic-gate } 3967c478bd9Sstevel@tonic-gate } else if (strcmp(entry, tok) == 0 || 3977c478bd9Sstevel@tonic-gate (strncmp(entry, tok, len) == 0 && 3987c478bd9Sstevel@tonic-gate entry[len] == ':' && 3997c478bd9Sstevel@tonic-gate entry[len+1] == '*' && 4007c478bd9Sstevel@tonic-gate entry[len+2] == '\0')) { 4017c478bd9Sstevel@tonic-gate /* 4027c478bd9Sstevel@tonic-gate * Delete exact match. 4037c478bd9Sstevel@tonic-gate */ 4047c478bd9Sstevel@tonic-gate continue; 4057c478bd9Sstevel@tonic-gate } 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate /* Copy unaffected entry. */ 4087c478bd9Sstevel@tonic-gate (void) fputs(fep->rawbuf, new); 4097c478bd9Sstevel@tonic-gate } 4107c478bd9Sstevel@tonic-gate (void) fclose(old); 4117c478bd9Sstevel@tonic-gate (void) fflush(new); 4127c478bd9Sstevel@tonic-gate (void) fsync(newfd); 4137c478bd9Sstevel@tonic-gate if (ferror(new) == 0 && fclose(new) == 0 && fep != NULL) { 4147c478bd9Sstevel@tonic-gate if (rename(filename, ofile) != 0) { 4157c478bd9Sstevel@tonic-gate perror(NULL); 4167c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_UPDATE), ofile); 4177c478bd9Sstevel@tonic-gate (void) unlink(ofile); 4187c478bd9Sstevel@tonic-gate (void) unlink(nfile); 4197c478bd9Sstevel@tonic-gate return (ERROR); 4207c478bd9Sstevel@tonic-gate } else if (rename(nfile, filename) != 0) { 4217c478bd9Sstevel@tonic-gate perror(NULL); 4227c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_UPDATE), ofile); 4237c478bd9Sstevel@tonic-gate (void) rename(ofile, filename); 4247c478bd9Sstevel@tonic-gate (void) unlink(nfile); 4257c478bd9Sstevel@tonic-gate return (ERROR); 4267c478bd9Sstevel@tonic-gate } 4277c478bd9Sstevel@tonic-gate (void) unlink(ofile); 4287c478bd9Sstevel@tonic-gate } else 4297c478bd9Sstevel@tonic-gate (void) unlink(nfile); 4307c478bd9Sstevel@tonic-gate return (0); 4317c478bd9Sstevel@tonic-gate } 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate 4347c478bd9Sstevel@tonic-gate int 4357c478bd9Sstevel@tonic-gate delete_plcy_entry(const char *filename, const char *entry) 4367c478bd9Sstevel@tonic-gate { 4377c478bd9Sstevel@tonic-gate char *p, *single; 4387c478bd9Sstevel@tonic-gate char *copy; 4397c478bd9Sstevel@tonic-gate int ret = 0; 4407c478bd9Sstevel@tonic-gate 4417c478bd9Sstevel@tonic-gate copy = strdup(entry); 4427c478bd9Sstevel@tonic-gate if (copy == NULL) 4437c478bd9Sstevel@tonic-gate return (ERROR); 4447c478bd9Sstevel@tonic-gate 4457c478bd9Sstevel@tonic-gate for (single = strtok_r(copy, " \t\n", &p); 4467c478bd9Sstevel@tonic-gate single != NULL; 4477c478bd9Sstevel@tonic-gate single = strtok_r(NULL, " \t\n", &p)) { 4487c478bd9Sstevel@tonic-gate if ((ret = delete_one_entry(filename, single)) != 0) { 4497c478bd9Sstevel@tonic-gate free(copy); 4507c478bd9Sstevel@tonic-gate return (ret); 4517c478bd9Sstevel@tonic-gate } 4527c478bd9Sstevel@tonic-gate } 4537c478bd9Sstevel@tonic-gate free(copy); 4547c478bd9Sstevel@tonic-gate return (0); 4557c478bd9Sstevel@tonic-gate } 4567c478bd9Sstevel@tonic-gate 4577c478bd9Sstevel@tonic-gate /* 4587c478bd9Sstevel@tonic-gate * Analyze the device policy token; new tokens should be added to 4597c478bd9Sstevel@tonic-gate * toktab; new token types should be coded here. 4607c478bd9Sstevel@tonic-gate */ 4617c478bd9Sstevel@tonic-gate int 4627c478bd9Sstevel@tonic-gate parse_plcy_token(char *token, devplcysys_t *dp) 4637c478bd9Sstevel@tonic-gate { 4647c478bd9Sstevel@tonic-gate char *val = strchr(token, '='); 4657c478bd9Sstevel@tonic-gate const char *perr; 4667c478bd9Sstevel@tonic-gate int i; 4677c478bd9Sstevel@tonic-gate priv_set_t *pset; 4687c478bd9Sstevel@tonic-gate 4697c478bd9Sstevel@tonic-gate if (val == NULL) { 4707c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_NO_EQUALS), token); 4717c478bd9Sstevel@tonic-gate return (1); 4727c478bd9Sstevel@tonic-gate } 4737c478bd9Sstevel@tonic-gate *val++ = '\0'; 4747c478bd9Sstevel@tonic-gate 4757c478bd9Sstevel@tonic-gate for (i = 0; i < NTOK; i++) { 4767c478bd9Sstevel@tonic-gate if (strcmp(token, toktab[i].token) == 0) { 4777c478bd9Sstevel@tonic-gate /* standard pointer computation for tokens */ 4787c478bd9Sstevel@tonic-gate void *item = (char *)dp + toktab[i].off; 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate switch (toktab[i].type) { 4817c478bd9Sstevel@tonic-gate case PSET: 4827c478bd9Sstevel@tonic-gate pset = priv_str_to_set(val, ",", &perr); 4837c478bd9Sstevel@tonic-gate if (pset == NULL) { 4847c478bd9Sstevel@tonic-gate if (perr == NULL) 4857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 4867c478bd9Sstevel@tonic-gate gettext(ERR_NO_MEM)); 4877c478bd9Sstevel@tonic-gate else 4887c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 4897c478bd9Sstevel@tonic-gate gettext(ERR_BAD_PRIVS), 4907c478bd9Sstevel@tonic-gate perr - val, val, perr); 4917c478bd9Sstevel@tonic-gate return (1); 4927c478bd9Sstevel@tonic-gate } 4937c478bd9Sstevel@tonic-gate priv_copyset(pset, item); 4947c478bd9Sstevel@tonic-gate priv_freeset(pset); 4957c478bd9Sstevel@tonic-gate break; 4967c478bd9Sstevel@tonic-gate default: 4977c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 4987c478bd9Sstevel@tonic-gate "Internal Error: bad token type: %d\n", 4997c478bd9Sstevel@tonic-gate toktab[i].type); 5007c478bd9Sstevel@tonic-gate return (1); 5017c478bd9Sstevel@tonic-gate } 5027c478bd9Sstevel@tonic-gate /* Standard cleanup & return for good tokens */ 5037c478bd9Sstevel@tonic-gate val[-1] = '='; 5047c478bd9Sstevel@tonic-gate return (0); 5057c478bd9Sstevel@tonic-gate } 5067c478bd9Sstevel@tonic-gate } 5077c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_BAD_TOKEN), token); 5087c478bd9Sstevel@tonic-gate return (1); 5097c478bd9Sstevel@tonic-gate } 5107c478bd9Sstevel@tonic-gate 5117c478bd9Sstevel@tonic-gate static int 5127c478bd9Sstevel@tonic-gate add2str(char **dstp, const char *str, size_t *sz) 5137c478bd9Sstevel@tonic-gate { 5147c478bd9Sstevel@tonic-gate char *p = *dstp; 5157c478bd9Sstevel@tonic-gate size_t len = strlen(p) + strlen(str) + 1; 5167c478bd9Sstevel@tonic-gate 5177c478bd9Sstevel@tonic-gate if (len > *sz) { 5187c478bd9Sstevel@tonic-gate *sz *= 2; 5197c478bd9Sstevel@tonic-gate if (*sz < len) 5207c478bd9Sstevel@tonic-gate *sz = len; 5217c478bd9Sstevel@tonic-gate *dstp = p = realloc(p, *sz); 5227c478bd9Sstevel@tonic-gate if (p == NULL) { 5237c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_NO_MEM)); 5247c478bd9Sstevel@tonic-gate return (-1); 5257c478bd9Sstevel@tonic-gate } 5267c478bd9Sstevel@tonic-gate } 5277c478bd9Sstevel@tonic-gate (void) strcat(p, str); 5287c478bd9Sstevel@tonic-gate return (0); 5297c478bd9Sstevel@tonic-gate } 5307c478bd9Sstevel@tonic-gate 5317c478bd9Sstevel@tonic-gate /* 5327c478bd9Sstevel@tonic-gate * Verify that the policy entry is valid and return the canonical entry. 5337c478bd9Sstevel@tonic-gate */ 5347c478bd9Sstevel@tonic-gate char * 5357c478bd9Sstevel@tonic-gate check_plcy_entry(char *entry, const char *driver, boolean_t todel) 5367c478bd9Sstevel@tonic-gate { 5377c478bd9Sstevel@tonic-gate char *res; 5387c478bd9Sstevel@tonic-gate devplcysys_t *ds; 5397c478bd9Sstevel@tonic-gate char *tok; 5407c478bd9Sstevel@tonic-gate size_t sz = strlen(entry) * 2 + strlen(driver) + 3; 5417c478bd9Sstevel@tonic-gate boolean_t tokseen = B_FALSE; 5427c478bd9Sstevel@tonic-gate 5437c478bd9Sstevel@tonic-gate devplcy_init(); 5447c478bd9Sstevel@tonic-gate 5457c478bd9Sstevel@tonic-gate res = malloc(sz); 5467c478bd9Sstevel@tonic-gate ds = alloca(devplcysys_sz); 5477c478bd9Sstevel@tonic-gate 5487c478bd9Sstevel@tonic-gate if (res == NULL || ds == NULL) { 5497c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_NO_MEM)); 5507c478bd9Sstevel@tonic-gate return (NULL); 5517c478bd9Sstevel@tonic-gate } 5527c478bd9Sstevel@tonic-gate 5537c478bd9Sstevel@tonic-gate *res = '\0'; 5547c478bd9Sstevel@tonic-gate 5557c478bd9Sstevel@tonic-gate while ((tok = strtok(entry, " \t\n")) != NULL) { 5567c478bd9Sstevel@tonic-gate entry = NULL; 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate /* It's not a token */ 5597c478bd9Sstevel@tonic-gate if (strchr(tok, '=') == NULL) { 5607c478bd9Sstevel@tonic-gate if (strchr(tok, ':') != NULL) { 5617c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_BAD_MINOR)); 5627c478bd9Sstevel@tonic-gate free(res); 5637c478bd9Sstevel@tonic-gate return (NULL); 5647c478bd9Sstevel@tonic-gate } 5657c478bd9Sstevel@tonic-gate if (*res != '\0' && add2str(&res, "\n", &sz) != 0) 5667c478bd9Sstevel@tonic-gate return (NULL); 5677c478bd9Sstevel@tonic-gate 5687c478bd9Sstevel@tonic-gate if (*tok == '(') { 5697c478bd9Sstevel@tonic-gate char type; 5707c478bd9Sstevel@tonic-gate if (parse_minor_range(tok, &ds->dps_lomin, 5717c478bd9Sstevel@tonic-gate &ds->dps_himin, &type) != 0 || 5727c478bd9Sstevel@tonic-gate (!todel && type == '\0')) { 5737c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5747c478bd9Sstevel@tonic-gate gettext(ERR_BAD_MINOR)); 5757c478bd9Sstevel@tonic-gate free(res); 5767c478bd9Sstevel@tonic-gate return (NULL); 5777c478bd9Sstevel@tonic-gate } 5787c478bd9Sstevel@tonic-gate } else { 5797c478bd9Sstevel@tonic-gate char *tmp = strchr(tok, '*'); 5807c478bd9Sstevel@tonic-gate 5817c478bd9Sstevel@tonic-gate if (tmp != NULL && 5827c478bd9Sstevel@tonic-gate strchr(tmp + 1, '*') != NULL) { 5837c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5847c478bd9Sstevel@tonic-gate gettext(ERR_BAD_MINOR)); 5857c478bd9Sstevel@tonic-gate free(res); 5867c478bd9Sstevel@tonic-gate } 5877c478bd9Sstevel@tonic-gate } 5887c478bd9Sstevel@tonic-gate 5897c478bd9Sstevel@tonic-gate if (add2str(&res, driver, &sz) != 0) 5907c478bd9Sstevel@tonic-gate return (NULL); 5917c478bd9Sstevel@tonic-gate if (add2str(&res, ":", &sz) != 0) 5927c478bd9Sstevel@tonic-gate return (NULL); 5937c478bd9Sstevel@tonic-gate if (add2str(&res, tok, &sz) != 0) 5947c478bd9Sstevel@tonic-gate return (NULL); 5957c478bd9Sstevel@tonic-gate tokseen = B_FALSE; 5967c478bd9Sstevel@tonic-gate } else { 5977c478bd9Sstevel@tonic-gate if (*res == '\0') { 5987c478bd9Sstevel@tonic-gate if (add2str(&res, driver, &sz) != 0) 5997c478bd9Sstevel@tonic-gate return (NULL); 6007c478bd9Sstevel@tonic-gate if (add2str(&res, ":*", &sz) != 0) 6017c478bd9Sstevel@tonic-gate return (NULL); 6027c478bd9Sstevel@tonic-gate } 6037c478bd9Sstevel@tonic-gate if (parse_plcy_token(tok, ds) != 0) { 6047c478bd9Sstevel@tonic-gate free(res); 6057c478bd9Sstevel@tonic-gate return (NULL); 6067c478bd9Sstevel@tonic-gate } 6077c478bd9Sstevel@tonic-gate 6087c478bd9Sstevel@tonic-gate if (add2str(&res, "\t", &sz) != 0) 6097c478bd9Sstevel@tonic-gate return (NULL); 6107c478bd9Sstevel@tonic-gate if (add2str(&res, tok, &sz) != 0) 6117c478bd9Sstevel@tonic-gate return (NULL); 6127c478bd9Sstevel@tonic-gate tokseen = B_TRUE; 6137c478bd9Sstevel@tonic-gate } 6147c478bd9Sstevel@tonic-gate } 6157c478bd9Sstevel@tonic-gate if (todel && tokseen || *res == '\0' || !todel && !tokseen) { 6167c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_INVALID_PLCY)); 6177c478bd9Sstevel@tonic-gate free(res); 6187c478bd9Sstevel@tonic-gate return (NULL); 6197c478bd9Sstevel@tonic-gate } 6207c478bd9Sstevel@tonic-gate if (!todel) 6217c478bd9Sstevel@tonic-gate if (add2str(&res, "\n", &sz) != 0) 6227c478bd9Sstevel@tonic-gate return (NULL); 6237c478bd9Sstevel@tonic-gate return (res); 6247c478bd9Sstevel@tonic-gate } 6257c478bd9Sstevel@tonic-gate 6267c478bd9Sstevel@tonic-gate int 6277c478bd9Sstevel@tonic-gate update_device_policy(const char *filename, const char *entry, boolean_t repl) 6287c478bd9Sstevel@tonic-gate { 6297c478bd9Sstevel@tonic-gate FILE *fp; 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate if (repl) { 6327c478bd9Sstevel@tonic-gate char *dup, *tok, *s1; 6337c478bd9Sstevel@tonic-gate 6347c478bd9Sstevel@tonic-gate dup = strdup(entry); 6357c478bd9Sstevel@tonic-gate if (dup == NULL) { 6367c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_NO_MEM)); 6377c478bd9Sstevel@tonic-gate return (ERROR); 6387c478bd9Sstevel@tonic-gate } 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate /* 6417c478bd9Sstevel@tonic-gate * Split the entry in lines; then get the first token 6427c478bd9Sstevel@tonic-gate * of each line. 6437c478bd9Sstevel@tonic-gate */ 6447c478bd9Sstevel@tonic-gate for (tok = strtok_r(dup, "\n", &s1); tok != NULL; 6457c478bd9Sstevel@tonic-gate tok = strtok_r(NULL, "\n", &s1)) { 6467c478bd9Sstevel@tonic-gate 6477c478bd9Sstevel@tonic-gate tok = strtok(tok, " \n\t"); 6487c478bd9Sstevel@tonic-gate 6497c478bd9Sstevel@tonic-gate if (delete_one_entry(filename, tok) != 0) { 6507c478bd9Sstevel@tonic-gate free(dup); 6517c478bd9Sstevel@tonic-gate return (ERROR); 6527c478bd9Sstevel@tonic-gate } 6537c478bd9Sstevel@tonic-gate } 6547c478bd9Sstevel@tonic-gate 6557c478bd9Sstevel@tonic-gate free(dup); 6567c478bd9Sstevel@tonic-gate } 6577c478bd9Sstevel@tonic-gate 6587c478bd9Sstevel@tonic-gate fp = fopen(filename, "a"); 6597c478bd9Sstevel@tonic-gate if (fp == NULL) 6607c478bd9Sstevel@tonic-gate return (ERROR); 6617c478bd9Sstevel@tonic-gate 6627c478bd9Sstevel@tonic-gate (void) fputs(entry, fp); 6637c478bd9Sstevel@tonic-gate 6647c478bd9Sstevel@tonic-gate if (fflush(fp) != 0 || fsync(fileno(fp)) != 0 || fclose(fp) != 0) 6657c478bd9Sstevel@tonic-gate return (ERROR); 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate return (NOERR); 6687c478bd9Sstevel@tonic-gate } 6697c478bd9Sstevel@tonic-gate 6707c478bd9Sstevel@tonic-gate 6717c478bd9Sstevel@tonic-gate /* 6727c478bd9Sstevel@tonic-gate * We need to allocate the privileges now or the privilege set 6737c478bd9Sstevel@tonic-gate * parsing code will not allow them. 6747c478bd9Sstevel@tonic-gate */ 6757c478bd9Sstevel@tonic-gate int 6767c478bd9Sstevel@tonic-gate check_priv_entry(const char *privlist, boolean_t add) 6777c478bd9Sstevel@tonic-gate { 6787c478bd9Sstevel@tonic-gate char *l = strdup(privlist); 6797c478bd9Sstevel@tonic-gate char *pr; 6807c478bd9Sstevel@tonic-gate 6817c478bd9Sstevel@tonic-gate if (l == NULL) { 6827c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_NO_MEM)); 6837c478bd9Sstevel@tonic-gate return (ERROR); 6847c478bd9Sstevel@tonic-gate } 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate while ((pr = strtok_r(l, ",", &l)) != NULL) { 6877c478bd9Sstevel@tonic-gate /* Privilege already exists */ 6887c478bd9Sstevel@tonic-gate if (priv_getbyname(pr) != -1) 6897c478bd9Sstevel@tonic-gate continue; 6907c478bd9Sstevel@tonic-gate 6917c478bd9Sstevel@tonic-gate if (add && modctl(MODALLOCPRIV, pr) != 0) { 6927c478bd9Sstevel@tonic-gate (void) fprintf(stderr, gettext(ERR_BAD_PRIV), pr, 6937c478bd9Sstevel@tonic-gate strerror(errno)); 6947c478bd9Sstevel@tonic-gate return (ERROR); 6957c478bd9Sstevel@tonic-gate } 6967c478bd9Sstevel@tonic-gate } 6977c478bd9Sstevel@tonic-gate return (NOERR); 6987c478bd9Sstevel@tonic-gate } 699