17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5d3186a0eSjeanm * Common Development and Distribution License (the "License"). 6d3186a0eSjeanm * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22ceeba6f9Srui zang - Sun Microsystems - Beijing China * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 237c478bd9Sstevel@tonic-gate */ 247c478bd9Sstevel@tonic-gate 25*134a1f4eSCasper H.S. Dik #include <alloca.h> 267c478bd9Sstevel@tonic-gate #include <stdio.h> 277c478bd9Sstevel@tonic-gate #include <stdlib.h> 287c478bd9Sstevel@tonic-gate #include <string.h> 297c478bd9Sstevel@tonic-gate #include <sys/stat.h> 30499fd601Sgww #include <pwd.h> 31499fd601Sgww #include <nss_dbdefs.h> 327c478bd9Sstevel@tonic-gate #include <deflt.h> 337c478bd9Sstevel@tonic-gate #include <auth_attr.h> 347c478bd9Sstevel@tonic-gate #include <prof_attr.h> 357c478bd9Sstevel@tonic-gate #include <user_attr.h> 367c478bd9Sstevel@tonic-gate 37*134a1f4eSCasper H.S. Dik #define COPYTOSTACK(dst, csrc) { \ 38*134a1f4eSCasper H.S. Dik size_t len = strlen(csrc) + 1; \ 39*134a1f4eSCasper H.S. Dik dst = alloca(len); \ 40*134a1f4eSCasper H.S. Dik (void) memcpy(dst, csrc, len); \ 41*134a1f4eSCasper H.S. Dik } 427c478bd9Sstevel@tonic-gate 43*134a1f4eSCasper H.S. Dik static kva_t *get_default_attrs(const char *); 44*134a1f4eSCasper H.S. Dik static void free_default_attrs(kva_t *); 45*134a1f4eSCasper H.S. Dik 46*134a1f4eSCasper H.S. Dik /* 47*134a1f4eSCasper H.S. Dik * Enumeration functions for auths and profiles; the enumeration functions 48*134a1f4eSCasper H.S. Dik * take a callback with four arguments: 49*134a1f4eSCasper H.S. Dik * const char * profile name (or NULL unless wantattr is false) 50*134a1f4eSCasper H.S. Dik * kva_t * attributes (or NULL unless wantattr is true) 51*134a1f4eSCasper H.S. Dik * void * context 52*134a1f4eSCasper H.S. Dik * void * pointer to the result 53*134a1f4eSCasper H.S. Dik * When the call back returns non-zero, the enumeration ends. 54*134a1f4eSCasper H.S. Dik * The function might be NULL but only for profiles as we are always collecting 55*134a1f4eSCasper H.S. Dik * all the profiles. 56*134a1f4eSCasper H.S. Dik * Both the auths and the profiles arguments may be NULL. 57*134a1f4eSCasper H.S. Dik * 58*134a1f4eSCasper H.S. Dik * These should be the only implementation of the algorithm of "finding me 59*134a1f4eSCasper H.S. Dik * all the profiles/athorizations/keywords/etc. 60*134a1f4eSCasper H.S. Dik */ 61*134a1f4eSCasper H.S. Dik 62*134a1f4eSCasper H.S. Dik #define CONSUSER_PROFILE_KW "consprofile" 63*134a1f4eSCasper H.S. Dik #define DEF_LOCK_AFTER_RETRIES "LOCK_AFTER_RETRIES=" 64*134a1f4eSCasper H.S. Dik 65*134a1f4eSCasper H.S. Dik static struct dfltplcy { 66*134a1f4eSCasper H.S. Dik char *attr; 67*134a1f4eSCasper H.S. Dik const char *defkw; 68*134a1f4eSCasper H.S. Dik } dfltply[] = { 69*134a1f4eSCasper H.S. Dik /* CONSUSER MUST BE FIRST! */ 70*134a1f4eSCasper H.S. Dik { CONSUSER_PROFILE_KW, DEF_CONSUSER}, 71*134a1f4eSCasper H.S. Dik { PROFATTR_AUTHS_KW, DEF_AUTH}, 72*134a1f4eSCasper H.S. Dik { PROFATTR_PROFS_KW, DEF_PROF}, 73*134a1f4eSCasper H.S. Dik { USERATTR_LIMPRIV_KW, DEF_LIMITPRIV}, 74*134a1f4eSCasper H.S. Dik { USERATTR_DFLTPRIV_KW, DEF_DFLTPRIV}, 75*134a1f4eSCasper H.S. Dik { USERATTR_LOCK_AFTER_RETRIES_KW, DEF_LOCK_AFTER_RETRIES} 76*134a1f4eSCasper H.S. Dik }; 77*134a1f4eSCasper H.S. Dik 78*134a1f4eSCasper H.S. Dik #define NDFLTPLY (sizeof (dfltply)/sizeof (struct dfltplcy)) 79*134a1f4eSCasper H.S. Dik #define GETCONSPROF(a) (kva_match((a), CONSUSER_PROFILE_KW)) 80*134a1f4eSCasper H.S. Dik #define GETPROF(a) (kva_match((a), PROFATTR_PROFS_KW)) 81*134a1f4eSCasper H.S. Dik 82*134a1f4eSCasper H.S. Dik /* 83*134a1f4eSCasper H.S. Dik * Enumerate profiles from listed profiles. 84*134a1f4eSCasper H.S. Dik */ 857c478bd9Sstevel@tonic-gate int 86*134a1f4eSCasper H.S. Dik _enum_common_p(const char *cprofiles, 87*134a1f4eSCasper H.S. Dik int (*cb)(const char *, kva_t *, void *, void *), 88*134a1f4eSCasper H.S. Dik void *ctxt, void *pres, boolean_t wantattr, 89*134a1f4eSCasper H.S. Dik int *pcnt, char *profs[MAXPROFS]) 907c478bd9Sstevel@tonic-gate { 91*134a1f4eSCasper H.S. Dik char *prof, *last; 927c478bd9Sstevel@tonic-gate char *profiles; 937c478bd9Sstevel@tonic-gate profattr_t *pa; 947c478bd9Sstevel@tonic-gate int i; 95*134a1f4eSCasper H.S. Dik int res = 0; 967c478bd9Sstevel@tonic-gate 97*134a1f4eSCasper H.S. Dik if (cprofiles == NULL) 987c478bd9Sstevel@tonic-gate return (0); 99*134a1f4eSCasper H.S. Dik 100*134a1f4eSCasper H.S. Dik if (*pcnt > 0 && strcmp(profs[*pcnt - 1], PROFILE_STOP) == NULL) 101*134a1f4eSCasper H.S. Dik return (0); 102*134a1f4eSCasper H.S. Dik 103*134a1f4eSCasper H.S. Dik COPYTOSTACK(profiles, cprofiles) 104*134a1f4eSCasper H.S. Dik 105*134a1f4eSCasper H.S. Dik while (prof = strtok_r(profiles, KV_SEPSTR, &last)) { 106*134a1f4eSCasper H.S. Dik 107*134a1f4eSCasper H.S. Dik profiles = NULL; /* For next iterations of strtok_r */ 108*134a1f4eSCasper H.S. Dik 109*134a1f4eSCasper H.S. Dik for (i = 0; i < *pcnt; i++) 110*134a1f4eSCasper H.S. Dik if (strcmp(profs[i], prof) == 0) 111*134a1f4eSCasper H.S. Dik goto cont; 112*134a1f4eSCasper H.S. Dik 113*134a1f4eSCasper H.S. Dik if (*pcnt >= MAXPROFS) /* oops: too many profs */ 114*134a1f4eSCasper H.S. Dik return (-1); 115*134a1f4eSCasper H.S. Dik 116*134a1f4eSCasper H.S. Dik /* Add it */ 117*134a1f4eSCasper H.S. Dik profs[(*pcnt)++] = strdup(prof); 118*134a1f4eSCasper H.S. Dik 119*134a1f4eSCasper H.S. Dik if (strcmp(profs[*pcnt - 1], PROFILE_STOP) == 0) 120*134a1f4eSCasper H.S. Dik break; 121*134a1f4eSCasper H.S. Dik 122*134a1f4eSCasper H.S. Dik /* find the profiles for this profile */ 123*134a1f4eSCasper H.S. Dik pa = getprofnam(prof); 124*134a1f4eSCasper H.S. Dik 125*134a1f4eSCasper H.S. Dik if (cb != NULL && (!wantattr || pa != NULL && pa->attr != NULL)) 126*134a1f4eSCasper H.S. Dik res = cb(prof, pa ? pa->attr : NULL, ctxt, pres); 127*134a1f4eSCasper H.S. Dik 128*134a1f4eSCasper H.S. Dik if (pa != NULL) { 129*134a1f4eSCasper H.S. Dik if (res == 0 && pa->attr != NULL) { 130*134a1f4eSCasper H.S. Dik res = _enum_common_p(GETPROF(pa->attr), cb, 131*134a1f4eSCasper H.S. Dik ctxt, pres, wantattr, pcnt, profs); 132*134a1f4eSCasper H.S. Dik } 133*134a1f4eSCasper H.S. Dik free_profattr(pa); 134*134a1f4eSCasper H.S. Dik } 135*134a1f4eSCasper H.S. Dik if (res != 0) 136*134a1f4eSCasper H.S. Dik return (res); 137*134a1f4eSCasper H.S. Dik cont: 138*134a1f4eSCasper H.S. Dik continue; 139*134a1f4eSCasper H.S. Dik } 140*134a1f4eSCasper H.S. Dik return (res); 141*134a1f4eSCasper H.S. Dik } 142*134a1f4eSCasper H.S. Dik 143*134a1f4eSCasper H.S. Dik /* 144*134a1f4eSCasper H.S. Dik * Enumerate all attributes associated with a username and the profiles 145*134a1f4eSCasper H.S. Dik * associated with the user. 146*134a1f4eSCasper H.S. Dik */ 147*134a1f4eSCasper H.S. Dik static int 148*134a1f4eSCasper H.S. Dik _enum_common(const char *username, 149*134a1f4eSCasper H.S. Dik int (*cb)(const char *, kva_t *, void *, void *), 150*134a1f4eSCasper H.S. Dik void *ctxt, void *pres, boolean_t wantattr) 151*134a1f4eSCasper H.S. Dik { 152*134a1f4eSCasper H.S. Dik userattr_t *ua; 153*134a1f4eSCasper H.S. Dik int res = 0; 154*134a1f4eSCasper H.S. Dik int cnt = 0; 155*134a1f4eSCasper H.S. Dik char *profs[MAXPROFS]; 156*134a1f4eSCasper H.S. Dik kva_t *kattrs; 157*134a1f4eSCasper H.S. Dik 158*134a1f4eSCasper H.S. Dik if (cb == NULL) 159*134a1f4eSCasper H.S. Dik return (-1); 160*134a1f4eSCasper H.S. Dik 161*134a1f4eSCasper H.S. Dik ua = getusernam(username); 162*134a1f4eSCasper H.S. Dik 163*134a1f4eSCasper H.S. Dik if (ua != NULL) { 164*134a1f4eSCasper H.S. Dik if (ua->attr != NULL) { 165*134a1f4eSCasper H.S. Dik if (wantattr) 166*134a1f4eSCasper H.S. Dik res = cb(NULL, ua->attr, ctxt, pres); 167*134a1f4eSCasper H.S. Dik if (res == 0) { 168*134a1f4eSCasper H.S. Dik res = _enum_common_p(GETPROF(ua->attr), 169*134a1f4eSCasper H.S. Dik cb, ctxt, pres, wantattr, &cnt, profs); 170*134a1f4eSCasper H.S. Dik } 171*134a1f4eSCasper H.S. Dik } 172*134a1f4eSCasper H.S. Dik free_userattr(ua); 173*134a1f4eSCasper H.S. Dik if (res != 0) 174*134a1f4eSCasper H.S. Dik return (res); 175*134a1f4eSCasper H.S. Dik } 176*134a1f4eSCasper H.S. Dik 177*134a1f4eSCasper H.S. Dik if ((cnt == 0 || strcmp(profs[cnt-1], PROFILE_STOP) != 0) && 178*134a1f4eSCasper H.S. Dik (kattrs = get_default_attrs(username)) != NULL) { 179*134a1f4eSCasper H.S. Dik 180*134a1f4eSCasper H.S. Dik res = _enum_common_p(GETCONSPROF(kattrs), cb, ctxt, pres, 181*134a1f4eSCasper H.S. Dik wantattr, &cnt, profs); 182*134a1f4eSCasper H.S. Dik 183*134a1f4eSCasper H.S. Dik if (res == 0) { 184*134a1f4eSCasper H.S. Dik res = _enum_common_p(GETPROF(kattrs), cb, ctxt, pres, 185*134a1f4eSCasper H.S. Dik wantattr, &cnt, profs); 186*134a1f4eSCasper H.S. Dik } 187*134a1f4eSCasper H.S. Dik 188*134a1f4eSCasper H.S. Dik if (res == 0 && wantattr) 189*134a1f4eSCasper H.S. Dik res = cb(NULL, kattrs, ctxt, pres); 190*134a1f4eSCasper H.S. Dik 191*134a1f4eSCasper H.S. Dik free_default_attrs(kattrs); 192*134a1f4eSCasper H.S. Dik } 193*134a1f4eSCasper H.S. Dik 194*134a1f4eSCasper H.S. Dik free_proflist(profs, cnt); 195*134a1f4eSCasper H.S. Dik 196*134a1f4eSCasper H.S. Dik return (res); 197*134a1f4eSCasper H.S. Dik } 198*134a1f4eSCasper H.S. Dik 199*134a1f4eSCasper H.S. Dik /* 200*134a1f4eSCasper H.S. Dik * Enumerate profiles with a username argument. 201*134a1f4eSCasper H.S. Dik */ 202*134a1f4eSCasper H.S. Dik int 203*134a1f4eSCasper H.S. Dik _enum_profs(const char *username, 204*134a1f4eSCasper H.S. Dik int (*cb)(const char *, kva_t *, void *, void *), 205*134a1f4eSCasper H.S. Dik void *ctxt, void *pres) 206*134a1f4eSCasper H.S. Dik { 207*134a1f4eSCasper H.S. Dik return (_enum_common(username, cb, ctxt, pres, B_FALSE)); 208*134a1f4eSCasper H.S. Dik } 209*134a1f4eSCasper H.S. Dik 210*134a1f4eSCasper H.S. Dik /* 211*134a1f4eSCasper H.S. Dik * Enumerate attributes with a username argument. 212*134a1f4eSCasper H.S. Dik */ 213*134a1f4eSCasper H.S. Dik int 214*134a1f4eSCasper H.S. Dik _enum_attrs(const char *username, 215*134a1f4eSCasper H.S. Dik int (*cb)(const char *, kva_t *, void *, void *), 216*134a1f4eSCasper H.S. Dik void *ctxt, void *pres) 217*134a1f4eSCasper H.S. Dik { 218*134a1f4eSCasper H.S. Dik return (_enum_common(username, cb, ctxt, pres, B_TRUE)); 219*134a1f4eSCasper H.S. Dik } 220*134a1f4eSCasper H.S. Dik 221*134a1f4eSCasper H.S. Dik 222*134a1f4eSCasper H.S. Dik /* 223*134a1f4eSCasper H.S. Dik * Enumerate authorizations in the "auths" argument. 224*134a1f4eSCasper H.S. Dik */ 225*134a1f4eSCasper H.S. Dik static int 226*134a1f4eSCasper H.S. Dik _enum_auths_a(const char *cauths, int (*cb)(const char *, void *, void *), 227*134a1f4eSCasper H.S. Dik void *ctxt, void *pres) 228*134a1f4eSCasper H.S. Dik { 229*134a1f4eSCasper H.S. Dik char *auth, *last, *auths; 230*134a1f4eSCasper H.S. Dik int res = 0; 231*134a1f4eSCasper H.S. Dik 232*134a1f4eSCasper H.S. Dik if (cauths == NULL || cb == NULL) 233*134a1f4eSCasper H.S. Dik return (0); 234*134a1f4eSCasper H.S. Dik 235*134a1f4eSCasper H.S. Dik COPYTOSTACK(auths, cauths) 236*134a1f4eSCasper H.S. Dik 237*134a1f4eSCasper H.S. Dik while (auth = strtok_r(auths, KV_SEPSTR, &last)) { 238*134a1f4eSCasper H.S. Dik auths = NULL; /* For next iterations of strtok_r */ 239*134a1f4eSCasper H.S. Dik 240*134a1f4eSCasper H.S. Dik res = cb(auth, ctxt, pres); 241*134a1f4eSCasper H.S. Dik 242*134a1f4eSCasper H.S. Dik if (res != 0) 243*134a1f4eSCasper H.S. Dik return (res); 244*134a1f4eSCasper H.S. Dik } 245*134a1f4eSCasper H.S. Dik return (res); 246*134a1f4eSCasper H.S. Dik } 247*134a1f4eSCasper H.S. Dik 248*134a1f4eSCasper H.S. Dik /* 249*134a1f4eSCasper H.S. Dik * Magic struct and function to allow using the _enum_attrs functions to 250*134a1f4eSCasper H.S. Dik * enumerate the authorizations. 251*134a1f4eSCasper H.S. Dik */ 252*134a1f4eSCasper H.S. Dik typedef struct ccomm2auth { 253*134a1f4eSCasper H.S. Dik int (*cb)(const char *, void *, void *); 254*134a1f4eSCasper H.S. Dik void *ctxt; 255*134a1f4eSCasper H.S. Dik } ccomm2auth; 256*134a1f4eSCasper H.S. Dik 257*134a1f4eSCasper H.S. Dik /*ARGSUSED*/ 258*134a1f4eSCasper H.S. Dik static int 259*134a1f4eSCasper H.S. Dik comm2auth(const char *name, kva_t *attr, void *ctxt, void *pres) 260*134a1f4eSCasper H.S. Dik { 261*134a1f4eSCasper H.S. Dik ccomm2auth *ca = ctxt; 262*134a1f4eSCasper H.S. Dik char *auths; 263*134a1f4eSCasper H.S. Dik 264*134a1f4eSCasper H.S. Dik /* Note: PROFATTR_AUTHS_KW is equal to USERATTR_AUTHS_KW */ 265*134a1f4eSCasper H.S. Dik auths = kva_match(attr, PROFATTR_AUTHS_KW); 266*134a1f4eSCasper H.S. Dik return (_enum_auths_a(auths, ca->cb, ca->ctxt, pres)); 267*134a1f4eSCasper H.S. Dik } 268*134a1f4eSCasper H.S. Dik 269*134a1f4eSCasper H.S. Dik /* 270*134a1f4eSCasper H.S. Dik * Enumerate authorizations for username. 271*134a1f4eSCasper H.S. Dik */ 272*134a1f4eSCasper H.S. Dik int 273*134a1f4eSCasper H.S. Dik _enum_auths(const char *username, 274*134a1f4eSCasper H.S. Dik int (*cb)(const char *, void *, void *), 275*134a1f4eSCasper H.S. Dik void *ctxt, void *pres) 276*134a1f4eSCasper H.S. Dik { 277*134a1f4eSCasper H.S. Dik ccomm2auth c2a; 278*134a1f4eSCasper H.S. Dik 279*134a1f4eSCasper H.S. Dik if (cb == NULL) 280*134a1f4eSCasper H.S. Dik return (-1); 281*134a1f4eSCasper H.S. Dik 282*134a1f4eSCasper H.S. Dik c2a.cb = cb; 283*134a1f4eSCasper H.S. Dik c2a.ctxt = ctxt; 284*134a1f4eSCasper H.S. Dik 285*134a1f4eSCasper H.S. Dik return (_enum_common(username, comm2auth, &c2a, pres, B_TRUE)); 2867c478bd9Sstevel@tonic-gate } 2877c478bd9Sstevel@tonic-gate 2887c478bd9Sstevel@tonic-gate int 2897c478bd9Sstevel@tonic-gate _auth_match(const char *pattern, const char *auth) 2907c478bd9Sstevel@tonic-gate { 2917c478bd9Sstevel@tonic-gate size_t len; 2927c478bd9Sstevel@tonic-gate char *grant; 2937c478bd9Sstevel@tonic-gate 2947c478bd9Sstevel@tonic-gate len = strlen(pattern); 2957c478bd9Sstevel@tonic-gate 2967c478bd9Sstevel@tonic-gate /* 2977c478bd9Sstevel@tonic-gate * If the wildcard is not in the last position in the string, don't 2987c478bd9Sstevel@tonic-gate * match against it. 2997c478bd9Sstevel@tonic-gate */ 300*134a1f4eSCasper H.S. Dik if (pattern[len-1] != KV_WILDCHAR) 3017c478bd9Sstevel@tonic-gate return (0); 3027c478bd9Sstevel@tonic-gate 3037c478bd9Sstevel@tonic-gate /* 3047c478bd9Sstevel@tonic-gate * If the strings are identical up to the wildcard and auth does not 3057c478bd9Sstevel@tonic-gate * end in "grant", then we have a match. 3067c478bd9Sstevel@tonic-gate */ 3077c478bd9Sstevel@tonic-gate if (strncmp(pattern, auth, len-1) == 0) { 3087c478bd9Sstevel@tonic-gate grant = strrchr(auth, '.'); 3097c478bd9Sstevel@tonic-gate if (grant != NULL) { 3107c478bd9Sstevel@tonic-gate if (strncmp(grant + 1, "grant", 5) != NULL) 3117c478bd9Sstevel@tonic-gate return (1); 3127c478bd9Sstevel@tonic-gate } 3137c478bd9Sstevel@tonic-gate } 3147c478bd9Sstevel@tonic-gate 3157c478bd9Sstevel@tonic-gate return (0); 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate static int 319*134a1f4eSCasper H.S. Dik _is_authorized(const char *auth, void *authname, void *res) 3207c478bd9Sstevel@tonic-gate { 321*134a1f4eSCasper H.S. Dik int *resp = res; 3227c478bd9Sstevel@tonic-gate 323*134a1f4eSCasper H.S. Dik if (strcmp(authname, auth) == 0 || 324*134a1f4eSCasper H.S. Dik (strchr(auth, KV_WILDCHAR) != NULL && 325*134a1f4eSCasper H.S. Dik _auth_match(auth, authname))) { 326*134a1f4eSCasper H.S. Dik *resp = 1; 327*134a1f4eSCasper H.S. Dik return (1); 3287c478bd9Sstevel@tonic-gate } 3297c478bd9Sstevel@tonic-gate 330*134a1f4eSCasper H.S. Dik return (0); 3317c478bd9Sstevel@tonic-gate } 3327c478bd9Sstevel@tonic-gate 333*134a1f4eSCasper H.S. Dik int 334*134a1f4eSCasper H.S. Dik chkauthattr(const char *authname, const char *username) 3357c478bd9Sstevel@tonic-gate { 336*134a1f4eSCasper H.S. Dik int auth_granted = 0; 3377c478bd9Sstevel@tonic-gate 338*134a1f4eSCasper H.S. Dik if (authname == NULL || username == NULL) 3397c478bd9Sstevel@tonic-gate return (0); 3407c478bd9Sstevel@tonic-gate 341*134a1f4eSCasper H.S. Dik (void) _enum_auths(username, _is_authorized, (char *)authname, 342*134a1f4eSCasper H.S. Dik &auth_granted); 3437c478bd9Sstevel@tonic-gate 344*134a1f4eSCasper H.S. Dik return (auth_granted); 3457c478bd9Sstevel@tonic-gate } 346499fd601Sgww 347ceeba6f9Srui zang - Sun Microsystems - Beijing China #define CONSOLE_USER_LINK "/dev/vt/console_user" 348499fd601Sgww 349499fd601Sgww static int 350499fd601Sgww is_cons_user(const char *user) 351499fd601Sgww { 352499fd601Sgww struct stat cons; 353499fd601Sgww struct passwd pw; 354499fd601Sgww char pwbuf[NSS_BUFLEN_PASSWD]; 355499fd601Sgww 356499fd601Sgww if (user == NULL) { 357499fd601Sgww return (0); 358499fd601Sgww } 359ceeba6f9Srui zang - Sun Microsystems - Beijing China if (stat(CONSOLE_USER_LINK, &cons) == -1) { 360499fd601Sgww return (0); 361499fd601Sgww } 362499fd601Sgww if (getpwnam_r(user, &pw, pwbuf, sizeof (pwbuf)) == NULL) { 363499fd601Sgww return (0); 364499fd601Sgww } 365499fd601Sgww 366499fd601Sgww return (pw.pw_uid == cons.st_uid); 367499fd601Sgww } 368499fd601Sgww 369*134a1f4eSCasper H.S. Dik static void 370*134a1f4eSCasper H.S. Dik free_default_attrs(kva_t *kva) 371499fd601Sgww { 372*134a1f4eSCasper H.S. Dik int i; 373*134a1f4eSCasper H.S. Dik 374*134a1f4eSCasper H.S. Dik for (i = 0; i < kva->length; i++) 375*134a1f4eSCasper H.S. Dik free(kva->data[i].value); 376*134a1f4eSCasper H.S. Dik 377*134a1f4eSCasper H.S. Dik free(kva); 378*134a1f4eSCasper H.S. Dik } 379*134a1f4eSCasper H.S. Dik 380*134a1f4eSCasper H.S. Dik /* 381*134a1f4eSCasper H.S. Dik * Return the default attributes; this are ignored when a STOP profile 382*134a1f4eSCasper H.S. Dik * was found. 383*134a1f4eSCasper H.S. Dik */ 384*134a1f4eSCasper H.S. Dik static kva_t * 385*134a1f4eSCasper H.S. Dik get_default_attrs(const char *user) 386*134a1f4eSCasper H.S. Dik { 387b9175c69SKenjiro Tsuji void *defp; 388*134a1f4eSCasper H.S. Dik kva_t *kva; 389*134a1f4eSCasper H.S. Dik int i; 390499fd601Sgww 391*134a1f4eSCasper H.S. Dik kva = malloc(sizeof (kva_t) + sizeof (kv_t) * NDFLTPLY); 392*134a1f4eSCasper H.S. Dik 393*134a1f4eSCasper H.S. Dik if (kva == NULL) 394*134a1f4eSCasper H.S. Dik return (NULL); 395*134a1f4eSCasper H.S. Dik 396*134a1f4eSCasper H.S. Dik kva->data = (kv_t *)(void *)&kva[1]; 397*134a1f4eSCasper H.S. Dik kva->length = 0; 398*134a1f4eSCasper H.S. Dik 399*134a1f4eSCasper H.S. Dik if ((defp = defopen_r(AUTH_POLICY)) == NULL) 400*134a1f4eSCasper H.S. Dik goto return_null; 401*134a1f4eSCasper H.S. Dik 402*134a1f4eSCasper H.S. Dik for (i = is_cons_user(user) ? 0 : 1; i < NDFLTPLY; i++) { 403*134a1f4eSCasper H.S. Dik char *cp = defread_r(dfltply[i].defkw, defp); 404*134a1f4eSCasper H.S. Dik 405*134a1f4eSCasper H.S. Dik if (cp == NULL) 406*134a1f4eSCasper H.S. Dik continue; 407*134a1f4eSCasper H.S. Dik if ((cp = strdup(cp)) == NULL) 408*134a1f4eSCasper H.S. Dik goto return_null; 409*134a1f4eSCasper H.S. Dik 410*134a1f4eSCasper H.S. Dik kva->data[kva->length].key = dfltply[i].attr; 411*134a1f4eSCasper H.S. Dik kva->data[kva->length++].value = cp; 412499fd601Sgww } 413499fd601Sgww 414*134a1f4eSCasper H.S. Dik (void) defclose_r(defp); 415*134a1f4eSCasper H.S. Dik return (kva); 416499fd601Sgww 417*134a1f4eSCasper H.S. Dik return_null: 418*134a1f4eSCasper H.S. Dik if (defp != NULL) 419*134a1f4eSCasper H.S. Dik (void) defclose_r(defp); 420499fd601Sgww 421*134a1f4eSCasper H.S. Dik free_default_attrs(kva); 422*134a1f4eSCasper H.S. Dik return (NULL); 423499fd601Sgww } 424