17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 2245916cd2Sjpk * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate * 257c478bd9Sstevel@tonic-gate * Program to examine or set process privileges. 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate #include <stdio.h> 31004388ebScasper #include <stdio_ext.h> 327c478bd9Sstevel@tonic-gate #include <stdlib.h> 337c478bd9Sstevel@tonic-gate #include <unistd.h> 347c478bd9Sstevel@tonic-gate #include <fcntl.h> 357c478bd9Sstevel@tonic-gate #include <string.h> 367c478bd9Sstevel@tonic-gate #include <limits.h> 377c478bd9Sstevel@tonic-gate #include <sys/types.h> 387c478bd9Sstevel@tonic-gate #include <libproc.h> 397c478bd9Sstevel@tonic-gate #include <priv.h> 407c478bd9Sstevel@tonic-gate #include <errno.h> 417c478bd9Sstevel@tonic-gate #include <ctype.h> 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate #include <locale.h> 447c478bd9Sstevel@tonic-gate #include <langinfo.h> 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate static int look(char *); 477c478bd9Sstevel@tonic-gate static void perr(char *); 487c478bd9Sstevel@tonic-gate static void usage(void); 497c478bd9Sstevel@tonic-gate static void loadprivinfo(void); 507c478bd9Sstevel@tonic-gate static int parsespec(const char *); 517c478bd9Sstevel@tonic-gate static void privupdate(prpriv_t *, const char *); 527c478bd9Sstevel@tonic-gate static void privupdate_self(void); 537c478bd9Sstevel@tonic-gate static int dumppriv(char **); 547c478bd9Sstevel@tonic-gate static void flags2str(uint_t); 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate static char *command; 577c478bd9Sstevel@tonic-gate static char *procname; 587c478bd9Sstevel@tonic-gate static boolean_t verb = B_FALSE; 597c478bd9Sstevel@tonic-gate static boolean_t set = B_FALSE; 607c478bd9Sstevel@tonic-gate static boolean_t exec = B_FALSE; 617c478bd9Sstevel@tonic-gate static boolean_t Don = B_FALSE; 627c478bd9Sstevel@tonic-gate static boolean_t Doff = B_FALSE; 637c478bd9Sstevel@tonic-gate static boolean_t list = B_FALSE; 6445916cd2Sjpk static boolean_t mac_aware = B_FALSE; 657c478bd9Sstevel@tonic-gate static int mode = PRIV_STR_PORT; 667c478bd9Sstevel@tonic-gate 677c478bd9Sstevel@tonic-gate int 687c478bd9Sstevel@tonic-gate main(int argc, char **argv) 697c478bd9Sstevel@tonic-gate { 707c478bd9Sstevel@tonic-gate int rc = 0; 717c478bd9Sstevel@tonic-gate int opt; 727c478bd9Sstevel@tonic-gate struct rlimit rlim; 737c478bd9Sstevel@tonic-gate 747c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 757c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate if ((command = strrchr(argv[0], '/')) != NULL) 787c478bd9Sstevel@tonic-gate command++; 797c478bd9Sstevel@tonic-gate else 807c478bd9Sstevel@tonic-gate command = argv[0]; 817c478bd9Sstevel@tonic-gate 8245916cd2Sjpk while ((opt = getopt(argc, argv, "lDMNevs:S")) != EOF) { 837c478bd9Sstevel@tonic-gate switch (opt) { 847c478bd9Sstevel@tonic-gate case 'l': 857c478bd9Sstevel@tonic-gate list = B_TRUE; 867c478bd9Sstevel@tonic-gate break; 877c478bd9Sstevel@tonic-gate case 'D': 887c478bd9Sstevel@tonic-gate set = B_TRUE; 897c478bd9Sstevel@tonic-gate Don = B_TRUE; 907c478bd9Sstevel@tonic-gate break; 9145916cd2Sjpk case 'M': 9245916cd2Sjpk mac_aware = B_TRUE; 9345916cd2Sjpk break; 947c478bd9Sstevel@tonic-gate case 'N': 957c478bd9Sstevel@tonic-gate set = B_TRUE; 967c478bd9Sstevel@tonic-gate Doff = B_TRUE; 977c478bd9Sstevel@tonic-gate break; 987c478bd9Sstevel@tonic-gate case 'e': 997c478bd9Sstevel@tonic-gate exec = B_TRUE; 1007c478bd9Sstevel@tonic-gate break; 1017c478bd9Sstevel@tonic-gate case 'S': 1027c478bd9Sstevel@tonic-gate mode = PRIV_STR_SHORT; 1037c478bd9Sstevel@tonic-gate break; 1047c478bd9Sstevel@tonic-gate case 'v': 1057c478bd9Sstevel@tonic-gate verb = B_TRUE; 1067c478bd9Sstevel@tonic-gate mode = PRIV_STR_LIT; 1077c478bd9Sstevel@tonic-gate break; 1087c478bd9Sstevel@tonic-gate case 's': 1097c478bd9Sstevel@tonic-gate set = B_TRUE; 1107c478bd9Sstevel@tonic-gate if ((rc = parsespec(optarg)) != 0) 1117c478bd9Sstevel@tonic-gate return (rc); 1127c478bd9Sstevel@tonic-gate break; 1137c478bd9Sstevel@tonic-gate default: 1147c478bd9Sstevel@tonic-gate usage(); 1157c478bd9Sstevel@tonic-gate /*NOTREACHED*/ 1167c478bd9Sstevel@tonic-gate } 1177c478bd9Sstevel@tonic-gate } 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate argc -= optind; 1207c478bd9Sstevel@tonic-gate argv += optind; 1217c478bd9Sstevel@tonic-gate 12245916cd2Sjpk if ((argc < 1 && !list) || Doff && Don || list && (set || exec) || 12345916cd2Sjpk (mac_aware && !exec)) 1247c478bd9Sstevel@tonic-gate usage(); 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate /* 1277c478bd9Sstevel@tonic-gate * Make sure we'll have enough file descriptors to handle a target 1287c478bd9Sstevel@tonic-gate * that has many many mappings. 1297c478bd9Sstevel@tonic-gate */ 1307c478bd9Sstevel@tonic-gate if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) { 1317c478bd9Sstevel@tonic-gate rlim.rlim_cur = rlim.rlim_max; 1327c478bd9Sstevel@tonic-gate (void) setrlimit(RLIMIT_NOFILE, &rlim); 133004388ebScasper (void) enable_extended_FILE_stdio(-1, -1); 1347c478bd9Sstevel@tonic-gate } 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate if (exec) { 1377c478bd9Sstevel@tonic-gate privupdate_self(); 1387c478bd9Sstevel@tonic-gate rc = execvp(argv[0], &argv[0]); 1397c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s: %s\n", command, argv[0], 1407c478bd9Sstevel@tonic-gate strerror(errno)); 1417c478bd9Sstevel@tonic-gate } else if (list) { 1427c478bd9Sstevel@tonic-gate rc = dumppriv(argv); 1437c478bd9Sstevel@tonic-gate } else { 1447c478bd9Sstevel@tonic-gate while (argc-- > 0) 1457c478bd9Sstevel@tonic-gate rc += look(*argv++); 1467c478bd9Sstevel@tonic-gate } 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate return (rc); 1497c478bd9Sstevel@tonic-gate } 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate static int 1527c478bd9Sstevel@tonic-gate look(char *arg) 1537c478bd9Sstevel@tonic-gate { 1547c478bd9Sstevel@tonic-gate static size_t pprivsz = sizeof (prpriv_t); 1557c478bd9Sstevel@tonic-gate static prpriv_t *ppriv; 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate struct ps_prochandle *Pr; 1587c478bd9Sstevel@tonic-gate int gcode; 1597c478bd9Sstevel@tonic-gate size_t sz; 1607c478bd9Sstevel@tonic-gate void *pdata; 1617c478bd9Sstevel@tonic-gate char *x; 1627c478bd9Sstevel@tonic-gate int i; 1637c478bd9Sstevel@tonic-gate boolean_t nodata; 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate procname = arg; /* for perr() */ 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate if ((Pr = proc_arg_grab(arg, set ? PR_ARG_PIDS : PR_ARG_ANY, 1687c478bd9Sstevel@tonic-gate PGRAB_RETAIN | PGRAB_FORCE | (set ? 0 : PGRAB_RDONLY) | 1697c478bd9Sstevel@tonic-gate PGRAB_NOSTOP, &gcode)) == NULL) { 1707c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: cannot examine %s: %s\n", 1717c478bd9Sstevel@tonic-gate command, arg, Pgrab_error(gcode)); 1727c478bd9Sstevel@tonic-gate return (1); 1737c478bd9Sstevel@tonic-gate } 1747c478bd9Sstevel@tonic-gate 1757c478bd9Sstevel@tonic-gate if (ppriv == NULL) 1767c478bd9Sstevel@tonic-gate ppriv = malloc(pprivsz); 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate if (Ppriv(Pr, ppriv, pprivsz) == -1) { 1797c478bd9Sstevel@tonic-gate perr(command); 1807c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 1817c478bd9Sstevel@tonic-gate return (1); 1827c478bd9Sstevel@tonic-gate } 1837c478bd9Sstevel@tonic-gate 1847c478bd9Sstevel@tonic-gate sz = PRIV_PRPRIV_SIZE(ppriv); 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate /* 1877c478bd9Sstevel@tonic-gate * The ppriv fields are unsigned and may overflow, so check them 1887c478bd9Sstevel@tonic-gate * separately. Size must be word aligned, so check that too. 1897c478bd9Sstevel@tonic-gate * Make sure size is "smallish" too. 1907c478bd9Sstevel@tonic-gate */ 1917c478bd9Sstevel@tonic-gate if ((sz & 3) || ppriv->pr_nsets == 0 || 1927c478bd9Sstevel@tonic-gate sz / ppriv->pr_nsets < ppriv->pr_setsize || 1937c478bd9Sstevel@tonic-gate ppriv->pr_infosize > sz || sz > 1024 * 1024) { 1947c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 1957c478bd9Sstevel@tonic-gate "%s: %s: bad PRNOTES section, size = %lx\n", 1967c478bd9Sstevel@tonic-gate command, arg, (long)sz); 1977c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 1987c478bd9Sstevel@tonic-gate return (1); 1997c478bd9Sstevel@tonic-gate } 2007c478bd9Sstevel@tonic-gate 2017c478bd9Sstevel@tonic-gate if (sz > pprivsz) { 2027c478bd9Sstevel@tonic-gate ppriv = realloc(ppriv, sz); 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate if (ppriv == NULL || Ppriv(Pr, ppriv, sz) != sz) { 2057c478bd9Sstevel@tonic-gate perr(command); 2067c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 2077c478bd9Sstevel@tonic-gate return (1); 2087c478bd9Sstevel@tonic-gate } 2097c478bd9Sstevel@tonic-gate pprivsz = sz; 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate if (set) { 2137c478bd9Sstevel@tonic-gate privupdate(ppriv, arg); 2147c478bd9Sstevel@tonic-gate if (Psetpriv(Pr, ppriv) != 0) { 2157c478bd9Sstevel@tonic-gate perr(command); 2167c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 2177c478bd9Sstevel@tonic-gate return (1); 2187c478bd9Sstevel@tonic-gate } 2197c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 2207c478bd9Sstevel@tonic-gate return (0); 2217c478bd9Sstevel@tonic-gate } 2227c478bd9Sstevel@tonic-gate 2237c478bd9Sstevel@tonic-gate if (Pstate(Pr) == PS_DEAD) { 2247c478bd9Sstevel@tonic-gate (void) printf("core '%s' of %d:\t%.70s\n", 2257c478bd9Sstevel@tonic-gate arg, (int)Ppsinfo(Pr)->pr_pid, Ppsinfo(Pr)->pr_psargs); 2267c478bd9Sstevel@tonic-gate pdata = Pprivinfo(Pr); 2277c478bd9Sstevel@tonic-gate nodata = Pstate(Pr) == PS_DEAD && pdata == NULL; 2287c478bd9Sstevel@tonic-gate } else { 2297c478bd9Sstevel@tonic-gate (void) printf("%d:\t%.70s\n", 2307c478bd9Sstevel@tonic-gate (int)Ppsinfo(Pr)->pr_pid, Ppsinfo(Pr)->pr_psargs); 2317c478bd9Sstevel@tonic-gate pdata = NULL; 2327c478bd9Sstevel@tonic-gate nodata = B_FALSE; 2337c478bd9Sstevel@tonic-gate } 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate x = (char *)ppriv + sz - ppriv->pr_infosize; 2367c478bd9Sstevel@tonic-gate while (x < (char *)ppriv + sz) { 2377c478bd9Sstevel@tonic-gate /* LINTED: alignment */ 2387c478bd9Sstevel@tonic-gate priv_info_t *pi = (priv_info_t *)x; 2397c478bd9Sstevel@tonic-gate priv_info_uint_t *pii; 2407c478bd9Sstevel@tonic-gate 2417c478bd9Sstevel@tonic-gate switch (pi->priv_info_type) { 2427c478bd9Sstevel@tonic-gate case PRIV_INFO_FLAGS: 2437c478bd9Sstevel@tonic-gate /* LINTED: alignment */ 2447c478bd9Sstevel@tonic-gate pii = (priv_info_uint_t *)x; 2457c478bd9Sstevel@tonic-gate (void) printf("flags ="); 2467c478bd9Sstevel@tonic-gate flags2str(pii->val); 2477c478bd9Sstevel@tonic-gate (void) putchar('\n'); 2487c478bd9Sstevel@tonic-gate break; 2497c478bd9Sstevel@tonic-gate default: 2507c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: unknown priv_info: %d\n", 2517c478bd9Sstevel@tonic-gate arg, pi->priv_info_type); 2527c478bd9Sstevel@tonic-gate break; 2537c478bd9Sstevel@tonic-gate } 2547c478bd9Sstevel@tonic-gate if (pi->priv_info_size > ppriv->pr_infosize || 2557c478bd9Sstevel@tonic-gate pi->priv_info_size <= sizeof (priv_info_t) || 2567c478bd9Sstevel@tonic-gate (pi->priv_info_size & 3) != 0) { 2577c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: bad priv_info_size: %u\n", 2587c478bd9Sstevel@tonic-gate arg, pi->priv_info_size); 2597c478bd9Sstevel@tonic-gate break; 2607c478bd9Sstevel@tonic-gate } 2617c478bd9Sstevel@tonic-gate x += pi->priv_info_size; 2627c478bd9Sstevel@tonic-gate } 2637c478bd9Sstevel@tonic-gate 2647c478bd9Sstevel@tonic-gate for (i = 0; i < ppriv->pr_nsets; i++) { 2657c478bd9Sstevel@tonic-gate extern const char *__priv_getsetbynum(const void *, int); 2667c478bd9Sstevel@tonic-gate const char *setnm = pdata ? __priv_getsetbynum(pdata, i) 2677c478bd9Sstevel@tonic-gate : priv_getsetbynum(i); 2687c478bd9Sstevel@tonic-gate priv_chunk_t *pc = (priv_chunk_t *) 2697c478bd9Sstevel@tonic-gate &ppriv->pr_sets[ppriv->pr_setsize * i]; 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gate 2727c478bd9Sstevel@tonic-gate (void) printf("\t%c: ", setnm && !nodata ? *setnm : '?'); 2737c478bd9Sstevel@tonic-gate if (!nodata) { 2747c478bd9Sstevel@tonic-gate extern char *__priv_set_to_str(void *, 2757c478bd9Sstevel@tonic-gate const priv_set_t *, char, int); 2767c478bd9Sstevel@tonic-gate priv_set_t *pset = (priv_set_t *)pc; 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate char *s; 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate if (pdata) 2817c478bd9Sstevel@tonic-gate s = __priv_set_to_str(pdata, pset, ',', mode); 2827c478bd9Sstevel@tonic-gate else 2837c478bd9Sstevel@tonic-gate s = priv_set_to_str(pset, ',', mode); 2847c478bd9Sstevel@tonic-gate (void) puts(s); 2857c478bd9Sstevel@tonic-gate free(s); 2867c478bd9Sstevel@tonic-gate } else { 2877c478bd9Sstevel@tonic-gate int j; 2887c478bd9Sstevel@tonic-gate for (j = 0; j < ppriv->pr_setsize; j++) 2897c478bd9Sstevel@tonic-gate (void) printf("%08x", pc[j]); 2907c478bd9Sstevel@tonic-gate (void) putchar('\n'); 2917c478bd9Sstevel@tonic-gate } 2927c478bd9Sstevel@tonic-gate } 2937c478bd9Sstevel@tonic-gate Prelease(Pr, 0); 2947c478bd9Sstevel@tonic-gate return (0); 2957c478bd9Sstevel@tonic-gate } 2967c478bd9Sstevel@tonic-gate 2977c478bd9Sstevel@tonic-gate static void 2987c478bd9Sstevel@tonic-gate fatal(const char *s) 2997c478bd9Sstevel@tonic-gate { 3007c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s: %s\n", command, s, strerror(errno)); 3017c478bd9Sstevel@tonic-gate exit(3); 3027c478bd9Sstevel@tonic-gate } 3037c478bd9Sstevel@tonic-gate 3047c478bd9Sstevel@tonic-gate static void 3057c478bd9Sstevel@tonic-gate perr(char *s) 3067c478bd9Sstevel@tonic-gate { 3077c478bd9Sstevel@tonic-gate int err = errno; 3087c478bd9Sstevel@tonic-gate 3097c478bd9Sstevel@tonic-gate if (s != NULL) 3107c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: ", procname); 3117c478bd9Sstevel@tonic-gate else 3127c478bd9Sstevel@tonic-gate s = procname; 3137c478bd9Sstevel@tonic-gate 3147c478bd9Sstevel@tonic-gate errno = err; 3157c478bd9Sstevel@tonic-gate perror(s); 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate static void 3197c478bd9Sstevel@tonic-gate usage(void) 3207c478bd9Sstevel@tonic-gate { 3217c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 3227c478bd9Sstevel@tonic-gate "usage:\t%s [-v] [-S] [-D|-N] [-s spec] { pid | core } ...\n" 32345916cd2Sjpk "\t%s -e [-D|-N] [-M] [-s spec] cmd [args ...]\n" 3247c478bd9Sstevel@tonic-gate "\t%s -l [-v] [privilege ...]\n" 3257c478bd9Sstevel@tonic-gate " (report, set or list process privileges)\n", command, 3267c478bd9Sstevel@tonic-gate command, command); 3277c478bd9Sstevel@tonic-gate exit(2); 3287c478bd9Sstevel@tonic-gate /*NOTREACHED*/ 3297c478bd9Sstevel@tonic-gate } 3307c478bd9Sstevel@tonic-gate 3317c478bd9Sstevel@tonic-gate /* 3327c478bd9Sstevel@tonic-gate * Parse the privilege bits to add and/or remove from 3337c478bd9Sstevel@tonic-gate * a privilege set. 3347c478bd9Sstevel@tonic-gate * 3357c478bd9Sstevel@tonic-gate * [EPIL][+-=]priv,priv,priv 3367c478bd9Sstevel@tonic-gate */ 3377c478bd9Sstevel@tonic-gate 3387c478bd9Sstevel@tonic-gate static int 3397c478bd9Sstevel@tonic-gate strindex(char c, const char *str) 3407c478bd9Sstevel@tonic-gate { 3417c478bd9Sstevel@tonic-gate const char *s; 3427c478bd9Sstevel@tonic-gate 3437c478bd9Sstevel@tonic-gate if (islower(c)) 3447c478bd9Sstevel@tonic-gate c = toupper(c); 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate s = strchr(str, c); 3477c478bd9Sstevel@tonic-gate 3487c478bd9Sstevel@tonic-gate if (s == NULL) 3497c478bd9Sstevel@tonic-gate return (-1); 3507c478bd9Sstevel@tonic-gate else 3517c478bd9Sstevel@tonic-gate return (s - str); 3527c478bd9Sstevel@tonic-gate } 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate static void 3557c478bd9Sstevel@tonic-gate badspec(const char *spec) 3567c478bd9Sstevel@tonic-gate { 3577c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: bad privilege specification: \"%s\"\n", 3587c478bd9Sstevel@tonic-gate command, spec); 3597c478bd9Sstevel@tonic-gate exit(3); 3607c478bd9Sstevel@tonic-gate /*NOTREACHED*/ 3617c478bd9Sstevel@tonic-gate } 3627c478bd9Sstevel@tonic-gate 3637c478bd9Sstevel@tonic-gate /* 3647c478bd9Sstevel@tonic-gate * For each set, you can set either add and/or 3657c478bd9Sstevel@tonic-gate * remove or you can set assign. 3667c478bd9Sstevel@tonic-gate */ 3677c478bd9Sstevel@tonic-gate static priv_set_t **rem, **add, **assign; 3687c478bd9Sstevel@tonic-gate static const priv_impl_info_t *pri = NULL; 3697c478bd9Sstevel@tonic-gate static char *sets; 3707c478bd9Sstevel@tonic-gate 3717c478bd9Sstevel@tonic-gate static void 3727c478bd9Sstevel@tonic-gate loadprivinfo(void) 3737c478bd9Sstevel@tonic-gate { 3747c478bd9Sstevel@tonic-gate int i; 3757c478bd9Sstevel@tonic-gate 3767c478bd9Sstevel@tonic-gate if (pri != NULL) 3777c478bd9Sstevel@tonic-gate return; 3787c478bd9Sstevel@tonic-gate 3797c478bd9Sstevel@tonic-gate pri = getprivimplinfo(); 3807c478bd9Sstevel@tonic-gate 3817c478bd9Sstevel@tonic-gate if (pri == NULL) 3827c478bd9Sstevel@tonic-gate fatal("getprivimplinfo"); 3837c478bd9Sstevel@tonic-gate 3847c478bd9Sstevel@tonic-gate sets = malloc(pri->priv_nsets + 1); 3857c478bd9Sstevel@tonic-gate if (sets == NULL) 3867c478bd9Sstevel@tonic-gate fatal("malloc"); 3877c478bd9Sstevel@tonic-gate 3887c478bd9Sstevel@tonic-gate for (i = 0; i < pri->priv_nsets; i++) { 3897c478bd9Sstevel@tonic-gate sets[i] = *priv_getsetbynum(i); 3907c478bd9Sstevel@tonic-gate if (islower(sets[i])) 3917c478bd9Sstevel@tonic-gate sets[i] = toupper(sets[i]); 3927c478bd9Sstevel@tonic-gate } 3937c478bd9Sstevel@tonic-gate 3947c478bd9Sstevel@tonic-gate sets[pri->priv_nsets] = '\0'; 3957c478bd9Sstevel@tonic-gate 3967c478bd9Sstevel@tonic-gate rem = calloc(pri->priv_nsets, sizeof (priv_set_t *)); 3977c478bd9Sstevel@tonic-gate add = calloc(pri->priv_nsets, sizeof (priv_set_t *)); 3987c478bd9Sstevel@tonic-gate assign = calloc(pri->priv_nsets, sizeof (priv_set_t *)); 3997c478bd9Sstevel@tonic-gate if (rem == NULL || add == NULL || assign == NULL) 4007c478bd9Sstevel@tonic-gate fatal("calloc"); 4017c478bd9Sstevel@tonic-gate } 4027c478bd9Sstevel@tonic-gate 4037c478bd9Sstevel@tonic-gate static int 4047c478bd9Sstevel@tonic-gate parsespec(const char *spec) 4057c478bd9Sstevel@tonic-gate { 4067c478bd9Sstevel@tonic-gate char *p; 4077c478bd9Sstevel@tonic-gate const char *q; 4087c478bd9Sstevel@tonic-gate int count; 4097c478bd9Sstevel@tonic-gate priv_set_t ***toupd; 4107c478bd9Sstevel@tonic-gate priv_set_t *upd; 4117c478bd9Sstevel@tonic-gate int i; 4127c478bd9Sstevel@tonic-gate boolean_t freeupd = B_TRUE; 4137c478bd9Sstevel@tonic-gate 4147c478bd9Sstevel@tonic-gate if (pri == NULL) 4157c478bd9Sstevel@tonic-gate loadprivinfo(); 4167c478bd9Sstevel@tonic-gate 4177c478bd9Sstevel@tonic-gate p = strpbrk(spec, "+-="); 4187c478bd9Sstevel@tonic-gate 4197c478bd9Sstevel@tonic-gate if (p == NULL || p - spec > pri->priv_nsets) 4207c478bd9Sstevel@tonic-gate badspec(spec); 4217c478bd9Sstevel@tonic-gate 4227c478bd9Sstevel@tonic-gate if (p[1] == '\0' || (upd = priv_str_to_set(p + 1, ",", NULL)) == NULL) 4237c478bd9Sstevel@tonic-gate badspec(p + 1); 4247c478bd9Sstevel@tonic-gate 4257c478bd9Sstevel@tonic-gate count = p - spec; 4267c478bd9Sstevel@tonic-gate switch (*p) { 4277c478bd9Sstevel@tonic-gate case '+': 4287c478bd9Sstevel@tonic-gate toupd = &add; 4297c478bd9Sstevel@tonic-gate break; 4307c478bd9Sstevel@tonic-gate case '-': 4317c478bd9Sstevel@tonic-gate toupd = &rem; 4327c478bd9Sstevel@tonic-gate priv_inverse(upd); 4337c478bd9Sstevel@tonic-gate break; 4347c478bd9Sstevel@tonic-gate case '=': 4357c478bd9Sstevel@tonic-gate toupd = &assign; 4367c478bd9Sstevel@tonic-gate break; 4377c478bd9Sstevel@tonic-gate } 4387c478bd9Sstevel@tonic-gate 4397c478bd9Sstevel@tonic-gate /* Update all sets? */ 4407c478bd9Sstevel@tonic-gate if (count == 0 || *spec == 'a' || *spec == 'A') { 4417c478bd9Sstevel@tonic-gate count = pri->priv_nsets; 4427c478bd9Sstevel@tonic-gate q = sets; 4437c478bd9Sstevel@tonic-gate } else 4447c478bd9Sstevel@tonic-gate q = spec; 4457c478bd9Sstevel@tonic-gate 4467c478bd9Sstevel@tonic-gate for (i = 0; i < count; i++) { 4477c478bd9Sstevel@tonic-gate int ind = strindex(q[i], sets); 4487c478bd9Sstevel@tonic-gate 4497c478bd9Sstevel@tonic-gate if (ind == -1) 4507c478bd9Sstevel@tonic-gate badspec(spec); 4517c478bd9Sstevel@tonic-gate 4527c478bd9Sstevel@tonic-gate /* Assign is mutually exclusive with add/remove and itself */ 4537c478bd9Sstevel@tonic-gate if (((toupd == &rem || toupd == &add) && assign[ind] != NULL) || 4547c478bd9Sstevel@tonic-gate (toupd == &assign && (assign[ind] != NULL || 4557c478bd9Sstevel@tonic-gate rem[ind] != NULL || add[ind] != NULL))) { 4567c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: conflicting spec: %s\n", 4577c478bd9Sstevel@tonic-gate command, spec); 4587c478bd9Sstevel@tonic-gate exit(1); 4597c478bd9Sstevel@tonic-gate } 4607c478bd9Sstevel@tonic-gate if ((*toupd)[ind] != NULL) { 4617c478bd9Sstevel@tonic-gate if (*p == '-') 4627c478bd9Sstevel@tonic-gate priv_intersect(upd, (*toupd)[ind]); 4637c478bd9Sstevel@tonic-gate else 4647c478bd9Sstevel@tonic-gate priv_union(upd, (*toupd)[ind]); 4657c478bd9Sstevel@tonic-gate } else { 4667c478bd9Sstevel@tonic-gate (*toupd)[ind] = upd; 4677c478bd9Sstevel@tonic-gate freeupd = B_FALSE; 4687c478bd9Sstevel@tonic-gate } 4697c478bd9Sstevel@tonic-gate } 4707c478bd9Sstevel@tonic-gate if (freeupd) 4717c478bd9Sstevel@tonic-gate priv_freeset(upd); 4727c478bd9Sstevel@tonic-gate return (0); 4737c478bd9Sstevel@tonic-gate } 4747c478bd9Sstevel@tonic-gate 4757c478bd9Sstevel@tonic-gate static void 4767c478bd9Sstevel@tonic-gate privupdate(prpriv_t *pr, const char *arg) 4777c478bd9Sstevel@tonic-gate { 4787c478bd9Sstevel@tonic-gate int i; 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate if (sets != NULL) { 4817c478bd9Sstevel@tonic-gate for (i = 0; i < pri->priv_nsets; i++) { 4827c478bd9Sstevel@tonic-gate priv_set_t *target = 4837c478bd9Sstevel@tonic-gate (priv_set_t *)&pr->pr_sets[pr->pr_setsize * i]; 4847c478bd9Sstevel@tonic-gate if (rem[i] != NULL) 4857c478bd9Sstevel@tonic-gate priv_intersect(rem[i], target); 4867c478bd9Sstevel@tonic-gate if (add[i] != NULL) 4877c478bd9Sstevel@tonic-gate priv_union(add[i], target); 4887c478bd9Sstevel@tonic-gate if (assign[i] != NULL) 4897c478bd9Sstevel@tonic-gate priv_copyset(assign[i], target); 4907c478bd9Sstevel@tonic-gate } 4917c478bd9Sstevel@tonic-gate } 4927c478bd9Sstevel@tonic-gate 4937c478bd9Sstevel@tonic-gate if (Doff || Don) { 4947c478bd9Sstevel@tonic-gate priv_info_uint_t *pii; 4957c478bd9Sstevel@tonic-gate int sz = PRIV_PRPRIV_SIZE(pr); 4967c478bd9Sstevel@tonic-gate char *x = (char *)pr + PRIV_PRPRIV_INFO_OFFSET(pr); 4977c478bd9Sstevel@tonic-gate uint32_t fl = 0; 4987c478bd9Sstevel@tonic-gate 4997c478bd9Sstevel@tonic-gate while (x < (char *)pr + sz) { 5007c478bd9Sstevel@tonic-gate /* LINTED: alignment */ 5017c478bd9Sstevel@tonic-gate priv_info_t *pi = (priv_info_t *)x; 5027c478bd9Sstevel@tonic-gate 5037c478bd9Sstevel@tonic-gate if (pi->priv_info_type == PRIV_INFO_FLAGS) { 5047c478bd9Sstevel@tonic-gate /* LINTED: alignment */ 5057c478bd9Sstevel@tonic-gate pii = (priv_info_uint_t *)x; 5067c478bd9Sstevel@tonic-gate fl = pii->val; 5077c478bd9Sstevel@tonic-gate goto done; 5087c478bd9Sstevel@tonic-gate } 5097c478bd9Sstevel@tonic-gate if (pi->priv_info_size > pr->pr_infosize || 5107c478bd9Sstevel@tonic-gate pi->priv_info_size <= sizeof (priv_info_t) || 5117c478bd9Sstevel@tonic-gate (pi->priv_info_size & 3) != 0) 5127c478bd9Sstevel@tonic-gate break; 5137c478bd9Sstevel@tonic-gate x += pi->priv_info_size; 5147c478bd9Sstevel@tonic-gate } 5157c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5167c478bd9Sstevel@tonic-gate "%s: cannot find privilege flags to set\n", arg); 5177c478bd9Sstevel@tonic-gate pr->pr_infosize = 0; 5187c478bd9Sstevel@tonic-gate return; 5197c478bd9Sstevel@tonic-gate done: 5207c478bd9Sstevel@tonic-gate 5217c478bd9Sstevel@tonic-gate pr->pr_infosize = sizeof (priv_info_uint_t); 5227c478bd9Sstevel@tonic-gate /* LINTED: alignment */ 5237c478bd9Sstevel@tonic-gate pii = (priv_info_uint_t *) 5247c478bd9Sstevel@tonic-gate ((char *)pr + PRIV_PRPRIV_INFO_OFFSET(pr)); 5257c478bd9Sstevel@tonic-gate 5267c478bd9Sstevel@tonic-gate if (Don) 5277c478bd9Sstevel@tonic-gate fl |= PRIV_DEBUG; 5287c478bd9Sstevel@tonic-gate else 5297c478bd9Sstevel@tonic-gate fl &= ~PRIV_DEBUG; 5307c478bd9Sstevel@tonic-gate 5317c478bd9Sstevel@tonic-gate pii->info.priv_info_size = sizeof (*pii); 5327c478bd9Sstevel@tonic-gate pii->info.priv_info_type = PRIV_INFO_FLAGS; 5337c478bd9Sstevel@tonic-gate pii->val = fl; 5347c478bd9Sstevel@tonic-gate } else { 5357c478bd9Sstevel@tonic-gate pr->pr_infosize = 0; 5367c478bd9Sstevel@tonic-gate } 5377c478bd9Sstevel@tonic-gate } 5387c478bd9Sstevel@tonic-gate 5397c478bd9Sstevel@tonic-gate static void 5407c478bd9Sstevel@tonic-gate privupdate_self(void) 5417c478bd9Sstevel@tonic-gate { 5427c478bd9Sstevel@tonic-gate int set; 5437c478bd9Sstevel@tonic-gate 54445916cd2Sjpk if (mac_aware) { 54545916cd2Sjpk if (setpflags(NET_MAC_AWARE, 1) != 0) 54645916cd2Sjpk fatal("setpflags(NET_MAC_AWARE)"); 54745916cd2Sjpk if (setpflags(NET_MAC_AWARE_INHERIT, 1) != 0) 54845916cd2Sjpk fatal("setpflags(NET_MAC_AWARE_INHERIT)"); 54945916cd2Sjpk } 55045916cd2Sjpk 5517c478bd9Sstevel@tonic-gate if (sets != NULL) { 5527c478bd9Sstevel@tonic-gate priv_set_t *target = priv_allocset(); 5537c478bd9Sstevel@tonic-gate 5547c478bd9Sstevel@tonic-gate if (target == NULL) 5557c478bd9Sstevel@tonic-gate fatal("priv_allocet"); 5567c478bd9Sstevel@tonic-gate 5577c478bd9Sstevel@tonic-gate set = priv_getsetbyname(PRIV_INHERITABLE); 5587c478bd9Sstevel@tonic-gate if (rem[set] != NULL || add[set] != NULL || 5597c478bd9Sstevel@tonic-gate assign[set] != NULL) { 5607c478bd9Sstevel@tonic-gate (void) getppriv(PRIV_INHERITABLE, target); 5617c478bd9Sstevel@tonic-gate if (rem[set] != NULL) 5627c478bd9Sstevel@tonic-gate priv_intersect(rem[set], target); 5637c478bd9Sstevel@tonic-gate if (add[set] != NULL) 5647c478bd9Sstevel@tonic-gate priv_union(add[set], target); 5657c478bd9Sstevel@tonic-gate if (assign[set] != NULL) 5667c478bd9Sstevel@tonic-gate priv_copyset(assign[set], target); 5677c478bd9Sstevel@tonic-gate if (setppriv(PRIV_SET, PRIV_INHERITABLE, target) != 0) 5687c478bd9Sstevel@tonic-gate fatal("setppriv(Inheritable)"); 5697c478bd9Sstevel@tonic-gate } 5707c478bd9Sstevel@tonic-gate set = priv_getsetbyname(PRIV_LIMIT); 5717c478bd9Sstevel@tonic-gate if (rem[set] != NULL || add[set] != NULL || 5727c478bd9Sstevel@tonic-gate assign[set] != NULL) { 5737c478bd9Sstevel@tonic-gate (void) getppriv(PRIV_LIMIT, target); 5747c478bd9Sstevel@tonic-gate if (rem[set] != NULL) 5757c478bd9Sstevel@tonic-gate priv_intersect(rem[set], target); 5767c478bd9Sstevel@tonic-gate if (add[set] != NULL) 5777c478bd9Sstevel@tonic-gate priv_union(add[set], target); 5787c478bd9Sstevel@tonic-gate if (assign[set] != NULL) 5797c478bd9Sstevel@tonic-gate priv_copyset(assign[set], target); 5807c478bd9Sstevel@tonic-gate if (setppriv(PRIV_SET, PRIV_LIMIT, target) != 0) 5817c478bd9Sstevel@tonic-gate fatal("setppriv(Limit)"); 5827c478bd9Sstevel@tonic-gate } 5837c478bd9Sstevel@tonic-gate priv_freeset(target); 5847c478bd9Sstevel@tonic-gate } 5857c478bd9Sstevel@tonic-gate 5867c478bd9Sstevel@tonic-gate if (Doff || Don) 5877c478bd9Sstevel@tonic-gate (void) setpflags(PRIV_DEBUG, Don ? 1 : 0); 5887c478bd9Sstevel@tonic-gate } 5897c478bd9Sstevel@tonic-gate 5907c478bd9Sstevel@tonic-gate static int 5917c478bd9Sstevel@tonic-gate dopriv(const char *p) 5927c478bd9Sstevel@tonic-gate { 5937c478bd9Sstevel@tonic-gate (void) puts(p); 5947c478bd9Sstevel@tonic-gate if (verb) { 5957c478bd9Sstevel@tonic-gate char *text = priv_gettext(p); 5967c478bd9Sstevel@tonic-gate char *p, *q; 5977c478bd9Sstevel@tonic-gate if (text == NULL) 5987c478bd9Sstevel@tonic-gate return (1); 599*c8d28497Ssayama for (p = text; q = strchr(p, '\n'); p = q + 1) { 600*c8d28497Ssayama *q = '\0'; 601*c8d28497Ssayama (void) printf("\t%s\n", p); 602*c8d28497Ssayama } 6037c478bd9Sstevel@tonic-gate free(text); 6047c478bd9Sstevel@tonic-gate } 6057c478bd9Sstevel@tonic-gate return (0); 6067c478bd9Sstevel@tonic-gate } 6077c478bd9Sstevel@tonic-gate 6087c478bd9Sstevel@tonic-gate static int 6097c478bd9Sstevel@tonic-gate dumppriv(char **argv) 6107c478bd9Sstevel@tonic-gate { 6117c478bd9Sstevel@tonic-gate int rc = 0; 6127c478bd9Sstevel@tonic-gate const char *pname; 6137c478bd9Sstevel@tonic-gate int i; 6147c478bd9Sstevel@tonic-gate 6157c478bd9Sstevel@tonic-gate if (argv[0] == NULL) { 6167c478bd9Sstevel@tonic-gate for (i = 0; ((pname = priv_getbynum(i++)) != NULL); ) 6177c478bd9Sstevel@tonic-gate rc += dopriv(pname); 6187c478bd9Sstevel@tonic-gate } else { 6197c478bd9Sstevel@tonic-gate for (; *argv; argv++) { 6207c478bd9Sstevel@tonic-gate priv_set_t *pset = priv_str_to_set(*argv, ",", NULL); 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate if (pset == NULL) { 6237c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s: bad privilege" 6247c478bd9Sstevel@tonic-gate " list\n", command, *argv); 6257c478bd9Sstevel@tonic-gate rc++; 6267c478bd9Sstevel@tonic-gate continue; 6277c478bd9Sstevel@tonic-gate } 6287c478bd9Sstevel@tonic-gate for (i = 0; ((pname = priv_getbynum(i++)) != NULL); ) 6297c478bd9Sstevel@tonic-gate if (priv_ismember(pset, pname)) 6307c478bd9Sstevel@tonic-gate rc += dopriv(pname); 6317c478bd9Sstevel@tonic-gate } 6327c478bd9Sstevel@tonic-gate } 6337c478bd9Sstevel@tonic-gate return (rc); 6347c478bd9Sstevel@tonic-gate } 6357c478bd9Sstevel@tonic-gate 6367c478bd9Sstevel@tonic-gate static struct { 6377c478bd9Sstevel@tonic-gate int flag; 6387c478bd9Sstevel@tonic-gate char *name; 6397c478bd9Sstevel@tonic-gate } flags[] = { 6407c478bd9Sstevel@tonic-gate { PRIV_DEBUG, "PRIV_DEBUG" }, 6417c478bd9Sstevel@tonic-gate { PRIV_AWARE, "PRIV_AWARE" }, 6427c478bd9Sstevel@tonic-gate { PRIV_AWARE_INHERIT, "PRIV_AWARE_INHERIT" }, 6437c478bd9Sstevel@tonic-gate }; 6447c478bd9Sstevel@tonic-gate 6457c478bd9Sstevel@tonic-gate /* 6467c478bd9Sstevel@tonic-gate * Print flags preceeded by a space. 6477c478bd9Sstevel@tonic-gate */ 6487c478bd9Sstevel@tonic-gate static void 6497c478bd9Sstevel@tonic-gate flags2str(uint_t pflags) 6507c478bd9Sstevel@tonic-gate { 6517c478bd9Sstevel@tonic-gate char c = ' '; 6527c478bd9Sstevel@tonic-gate int i; 6537c478bd9Sstevel@tonic-gate 6547c478bd9Sstevel@tonic-gate if (pflags == 0) { 6557c478bd9Sstevel@tonic-gate (void) fputs(" <none>", stdout); 6567c478bd9Sstevel@tonic-gate return; 6577c478bd9Sstevel@tonic-gate } 6587c478bd9Sstevel@tonic-gate for (i = 0; i < sizeof (flags)/sizeof (flags[0]) && pflags != 0; i++) { 6597c478bd9Sstevel@tonic-gate if ((pflags & flags[i].flag) != 0) { 6607c478bd9Sstevel@tonic-gate (void) printf("%c%s", c, flags[i].name); 6617c478bd9Sstevel@tonic-gate pflags &= ~flags[i].flag; 6627c478bd9Sstevel@tonic-gate c = '|'; 6637c478bd9Sstevel@tonic-gate } 6647c478bd9Sstevel@tonic-gate } 6657c478bd9Sstevel@tonic-gate if (pflags != 0) 6667c478bd9Sstevel@tonic-gate (void) printf("%c<0x%x>", c, pflags); 6677c478bd9Sstevel@tonic-gate } 668