3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <sys/types.h>
30 #include <sys/task.h>
31
32 #include <alloca.h>
33 #include <libproc.h>
34 #include <libintl.h>
35 #include <libgen.h>
36 #include <limits.h>
37 #include <project.h>
38 #include <pwd.h>
39 #include <secdb.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/varargs.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <signal.h>
47 #include <priv_utils.h>
48
49 #include "utils.h"
50
51 #define OPTIONS_STRING "Fc:lp:v"
52 #define NENV 8
53 #define ENVSIZE 255
54 #define PATH "PATH=/usr/bin"
55 #define SUPATH "PATH=/usr/sbin:/usr/bin"
56 #define SHELL "/usr/bin/sh"
57 #define SHELL2 "/sbin/sh"
58 #define TIMEZONEFILE "/etc/default/init"
59 #define LOGINFILE "/etc/default/login"
60 #define GLOBAL_ERR_SZ 1024
61 #define GRAB_RETRY_MAX 100
62
63 static const char *pname;
64 extern char **environ;
65 static char *supath = SUPATH;
66 static char *path = PATH;
67 static char global_error[GLOBAL_ERR_SZ];
68 static int verbose = 0;
637
638 /*
639 * GLOBAL_ERR_SZ is pretty big. If the error is longer
640 * than that, just truncate it, rather than chance missing
641 * the error altogether.
642 */
643 (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
644
645 va_end(alist);
646
647 }
648
649 /*
650 * Given the input arguments, return the passwd structure that matches best.
651 * Also, since we use getpwnam() and friends, subsequent calls to this
652 * function will re-use the memory previously returned.
653 */
654 static struct passwd *
655 match_user(uid_t uid, char *projname, int is_my_uid)
656 {
657 char prbuf[PROJECT_BUFSZ], username[LOGNAME_MAX+1];
658 struct project prj;
659 char *tmp_name;
660 struct passwd *pw = NULL;
661
662 /*
663 * In order to allow users with the same UID but distinguishable
664 * user names to be in different projects we play a guessing
665 * game of which username is most appropriate. If we're checking
666 * for the uid of the calling process, the login name is a
667 * good starting point.
668 */
669 if (is_my_uid) {
670 if ((tmp_name = getlogin()) == NULL ||
671 (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
672 (pw->pw_name == NULL))
673 pw = NULL;
674 }
675
676 /*
677 * If the login name doesn't work, we try the first match for
679 */
680 if (pw == NULL) {
681 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
682 preserve_error(gettext("cannot find username "
683 "for uid %d"), uid);
684 return (NULL);
685 }
686 }
687
688 /*
689 * If projname wasn't supplied, we've done our best, so just return
690 * what we've got now. Alternatively, if newtask's invoker has
691 * superuser privileges, return the pw structure we've got now, with
692 * no further checking from inproj(). Superuser should be able to
693 * join any project, and the subsequent call to setproject() will
694 * allow this.
695 */
696 if (projname == NULL || getuid() == (uid_t)0)
697 return (pw);
698
699 (void) strcpy(username, pw->pw_name);
700
701 if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
702 char **u;
703 tmp_name = NULL;
704
705 /*
706 * If the previous guesses didn't work, walk through all
707 * project members and test for UID-equivalence.
708 */
709
710 if (getprojbyname(projname, &prj, prbuf,
711 PROJECT_BUFSZ) == NULL) {
712 preserve_error(gettext("unknown project \"%s\""),
713 projname);
714 return (NULL);
715 }
716
717 for (u = prj.pj_users; *u; u++) {
718 if ((pw = getpwnam(*u)) == NULL)
719 continue;
|
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright (c) 2013 Gary Mills
24 *
25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 */
28
29 #include <sys/types.h>
30 #include <sys/task.h>
31
32 #include <alloca.h>
33 #include <libproc.h>
34 #include <libintl.h>
35 #include <libgen.h>
36 #include <limits.h>
37 #include <project.h>
38 #include <pwd.h>
39 #include <secdb.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/varargs.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <signal.h>
47 #include <priv_utils.h>
48
49 #ifdef LOGNAME_MAX_ILLUMOS
50 #define _LOGNAME_MAX LOGNAME_MAX_ILLUMOS
51 #else /* LOGNAME_MAX_ILLUMOS */
52 #define _LOGNAME_MAX LOGNAME_MAX
53 #endif /* LOGNAME_MAX_ILLUMOS */
54
55 #include "utils.h"
56
57 #define OPTIONS_STRING "Fc:lp:v"
58 #define NENV 8
59 #define ENVSIZE 255
60 #define PATH "PATH=/usr/bin"
61 #define SUPATH "PATH=/usr/sbin:/usr/bin"
62 #define SHELL "/usr/bin/sh"
63 #define SHELL2 "/sbin/sh"
64 #define TIMEZONEFILE "/etc/default/init"
65 #define LOGINFILE "/etc/default/login"
66 #define GLOBAL_ERR_SZ 1024
67 #define GRAB_RETRY_MAX 100
68
69 static const char *pname;
70 extern char **environ;
71 static char *supath = SUPATH;
72 static char *path = PATH;
73 static char global_error[GLOBAL_ERR_SZ];
74 static int verbose = 0;
643
644 /*
645 * GLOBAL_ERR_SZ is pretty big. If the error is longer
646 * than that, just truncate it, rather than chance missing
647 * the error altogether.
648 */
649 (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
650
651 va_end(alist);
652
653 }
654
655 /*
656 * Given the input arguments, return the passwd structure that matches best.
657 * Also, since we use getpwnam() and friends, subsequent calls to this
658 * function will re-use the memory previously returned.
659 */
660 static struct passwd *
661 match_user(uid_t uid, char *projname, int is_my_uid)
662 {
663 char prbuf[PROJECT_BUFSZ], username[_LOGNAME_MAX+1];
664 struct project prj;
665 char *tmp_name;
666 struct passwd *pw = NULL;
667
668 /*
669 * In order to allow users with the same UID but distinguishable
670 * user names to be in different projects we play a guessing
671 * game of which username is most appropriate. If we're checking
672 * for the uid of the calling process, the login name is a
673 * good starting point.
674 */
675 if (is_my_uid) {
676 if ((tmp_name = getlogin()) == NULL ||
677 (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
678 (pw->pw_name == NULL))
679 pw = NULL;
680 }
681
682 /*
683 * If the login name doesn't work, we try the first match for
685 */
686 if (pw == NULL) {
687 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
688 preserve_error(gettext("cannot find username "
689 "for uid %d"), uid);
690 return (NULL);
691 }
692 }
693
694 /*
695 * If projname wasn't supplied, we've done our best, so just return
696 * what we've got now. Alternatively, if newtask's invoker has
697 * superuser privileges, return the pw structure we've got now, with
698 * no further checking from inproj(). Superuser should be able to
699 * join any project, and the subsequent call to setproject() will
700 * allow this.
701 */
702 if (projname == NULL || getuid() == (uid_t)0)
703 return (pw);
704
705 (void) strncpy(username, pw->pw_name, sizeof (username) - 1);
706 username[sizeof (username) - 1] = '\0';
707
708 if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
709 char **u;
710 tmp_name = NULL;
711
712 /*
713 * If the previous guesses didn't work, walk through all
714 * project members and test for UID-equivalence.
715 */
716
717 if (getprojbyname(projname, &prj, prbuf,
718 PROJECT_BUFSZ) == NULL) {
719 preserve_error(gettext("unknown project \"%s\""),
720 projname);
721 return (NULL);
722 }
723
724 for (u = prj.pj_users; *u; u++) {
725 if ((pw = getpwnam(*u)) == NULL)
726 continue;
|