Print this page
2989 Eliminate use of LOGNAME_MAX in ON
1166 useradd have warning with name more 8 chars


   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*


  23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 
  27 #pragma ident   "%Z%%M% %I%     %E% SMI"
  28 
  29 #include <sys/types.h>
  30 #include <sys/task.h>
  31 
  32 #include <alloca.h>
  33 #include <libproc.h>
  34 #include <libintl.h>
  35 #include <libgen.h>
  36 #include <limits.h>
  37 #include <project.h>
  38 #include <pwd.h>
  39 #include <secdb.h>
  40 #include <stdio.h>
  41 #include <stdlib.h>
  42 #include <string.h>
  43 #include <sys/varargs.h>
  44 #include <unistd.h>
  45 #include <errno.h>
  46 #include <signal.h>
  47 #include <priv_utils.h>
  48 






  49 #include "utils.h"
  50 
  51 #define OPTIONS_STRING  "Fc:lp:v"
  52 #define NENV            8
  53 #define ENVSIZE         255
  54 #define PATH            "PATH=/usr/bin"
  55 #define SUPATH          "PATH=/usr/sbin:/usr/bin"
  56 #define SHELL           "/usr/bin/sh"
  57 #define SHELL2          "/sbin/sh"
  58 #define TIMEZONEFILE    "/etc/default/init"
  59 #define LOGINFILE       "/etc/default/login"
  60 #define GLOBAL_ERR_SZ   1024
  61 #define GRAB_RETRY_MAX  100
  62 
  63 static const char *pname;
  64 extern char **environ;
  65 static char *supath = SUPATH;
  66 static char *path = PATH;
  67 static char global_error[GLOBAL_ERR_SZ];
  68 static int verbose = 0;


 637 
 638         /*
 639          * GLOBAL_ERR_SZ is pretty big. If the error is longer
 640          * than that, just truncate it, rather than chance missing
 641          * the error altogether.
 642          */
 643         (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
 644 
 645         va_end(alist);
 646 
 647 }
 648 
 649 /*
 650  * Given the input arguments, return the passwd structure that matches best.
 651  * Also, since we use getpwnam() and friends, subsequent calls to this
 652  * function will re-use the memory previously returned.
 653  */
 654 static struct passwd *
 655 match_user(uid_t uid, char *projname, int is_my_uid)
 656 {
 657         char prbuf[PROJECT_BUFSZ], username[LOGNAME_MAX+1];
 658         struct project prj;
 659         char *tmp_name;
 660         struct passwd *pw = NULL;
 661 
 662         /*
 663          * In order to allow users with the same UID but distinguishable
 664          * user names to be in different projects we play a guessing
 665          * game of which username is most appropriate. If we're checking
 666          * for the uid of the calling process, the login name is a
 667          * good starting point.
 668          */
 669         if (is_my_uid) {
 670                 if ((tmp_name = getlogin()) == NULL ||
 671                     (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
 672                     (pw->pw_name == NULL))
 673                         pw = NULL;
 674         }
 675 
 676         /*
 677          * If the login name doesn't work,  we try the first match for


 679          */
 680         if (pw == NULL) {
 681                 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
 682                         preserve_error(gettext("cannot find username "
 683                             "for uid %d"), uid);
 684                         return (NULL);
 685                 }
 686         }
 687 
 688         /*
 689          * If projname wasn't supplied, we've done our best, so just return
 690          * what we've got now. Alternatively, if newtask's invoker has
 691          * superuser privileges, return the pw structure we've got now, with
 692          * no further checking from inproj(). Superuser should be able to
 693          * join any project, and the subsequent call to setproject() will
 694          * allow this.
 695          */
 696         if (projname == NULL || getuid() == (uid_t)0)
 697                 return (pw);
 698 
 699         (void) strcpy(username, pw->pw_name);

 700 
 701         if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
 702                 char **u;
 703                 tmp_name = NULL;
 704 
 705                 /*
 706                  * If the previous guesses didn't work, walk through all
 707                  * project members and test for UID-equivalence.
 708                  */
 709 
 710                 if (getprojbyname(projname, &prj, prbuf,
 711                     PROJECT_BUFSZ) == NULL) {
 712                         preserve_error(gettext("unknown project \"%s\""),
 713                             projname);
 714                         return (NULL);
 715                 }
 716 
 717                 for (u = prj.pj_users; *u; u++) {
 718                         if ((pw = getpwnam(*u)) == NULL)
 719                                 continue;




   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright (c) 2013 Gary Mills
  24  *
  25  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  26  * Use is subject to license terms.
  27  */
  28 


  29 #include <sys/types.h>
  30 #include <sys/task.h>
  31 
  32 #include <alloca.h>
  33 #include <libproc.h>
  34 #include <libintl.h>
  35 #include <libgen.h>
  36 #include <limits.h>
  37 #include <project.h>
  38 #include <pwd.h>
  39 #include <secdb.h>
  40 #include <stdio.h>
  41 #include <stdlib.h>
  42 #include <string.h>
  43 #include <sys/varargs.h>
  44 #include <unistd.h>
  45 #include <errno.h>
  46 #include <signal.h>
  47 #include <priv_utils.h>
  48 
  49 #ifdef  LOGNAME_MAX_ILLUMOS
  50 #define _LOGNAME_MAX    LOGNAME_MAX_ILLUMOS
  51 #else /* LOGNAME_MAX_ILLUMOS */
  52 #define _LOGNAME_MAX    LOGNAME_MAX
  53 #endif /* LOGNAME_MAX_ILLUMOS */
  54 
  55 #include "utils.h"
  56 
  57 #define OPTIONS_STRING  "Fc:lp:v"
  58 #define NENV            8
  59 #define ENVSIZE         255
  60 #define PATH            "PATH=/usr/bin"
  61 #define SUPATH          "PATH=/usr/sbin:/usr/bin"
  62 #define SHELL           "/usr/bin/sh"
  63 #define SHELL2          "/sbin/sh"
  64 #define TIMEZONEFILE    "/etc/default/init"
  65 #define LOGINFILE       "/etc/default/login"
  66 #define GLOBAL_ERR_SZ   1024
  67 #define GRAB_RETRY_MAX  100
  68 
  69 static const char *pname;
  70 extern char **environ;
  71 static char *supath = SUPATH;
  72 static char *path = PATH;
  73 static char global_error[GLOBAL_ERR_SZ];
  74 static int verbose = 0;


 643 
 644         /*
 645          * GLOBAL_ERR_SZ is pretty big. If the error is longer
 646          * than that, just truncate it, rather than chance missing
 647          * the error altogether.
 648          */
 649         (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
 650 
 651         va_end(alist);
 652 
 653 }
 654 
 655 /*
 656  * Given the input arguments, return the passwd structure that matches best.
 657  * Also, since we use getpwnam() and friends, subsequent calls to this
 658  * function will re-use the memory previously returned.
 659  */
 660 static struct passwd *
 661 match_user(uid_t uid, char *projname, int is_my_uid)
 662 {
 663         char prbuf[PROJECT_BUFSZ], username[_LOGNAME_MAX+1];
 664         struct project prj;
 665         char *tmp_name;
 666         struct passwd *pw = NULL;
 667 
 668         /*
 669          * In order to allow users with the same UID but distinguishable
 670          * user names to be in different projects we play a guessing
 671          * game of which username is most appropriate. If we're checking
 672          * for the uid of the calling process, the login name is a
 673          * good starting point.
 674          */
 675         if (is_my_uid) {
 676                 if ((tmp_name = getlogin()) == NULL ||
 677                     (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
 678                     (pw->pw_name == NULL))
 679                         pw = NULL;
 680         }
 681 
 682         /*
 683          * If the login name doesn't work,  we try the first match for


 685          */
 686         if (pw == NULL) {
 687                 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
 688                         preserve_error(gettext("cannot find username "
 689                             "for uid %d"), uid);
 690                         return (NULL);
 691                 }
 692         }
 693 
 694         /*
 695          * If projname wasn't supplied, we've done our best, so just return
 696          * what we've got now. Alternatively, if newtask's invoker has
 697          * superuser privileges, return the pw structure we've got now, with
 698          * no further checking from inproj(). Superuser should be able to
 699          * join any project, and the subsequent call to setproject() will
 700          * allow this.
 701          */
 702         if (projname == NULL || getuid() == (uid_t)0)
 703                 return (pw);
 704 
 705         (void) strncpy(username, pw->pw_name, sizeof (username) - 1);
 706         username[sizeof (username) - 1] = '\0';
 707 
 708         if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
 709                 char **u;
 710                 tmp_name = NULL;
 711 
 712                 /*
 713                  * If the previous guesses didn't work, walk through all
 714                  * project members and test for UID-equivalence.
 715                  */
 716 
 717                 if (getprojbyname(projname, &prj, prbuf,
 718                     PROJECT_BUFSZ) == NULL) {
 719                         preserve_error(gettext("unknown project \"%s\""),
 720                             projname);
 721                         return (NULL);
 722                 }
 723 
 724                 for (u = prj.pj_users; *u; u++) {
 725                         if ((pw = getpwnam(*u)) == NULL)
 726                                 continue;