1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright (c) 2013 Gary Mills
24 *
25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 */
28
29 #include <sys/types.h>
30 #include <sys/task.h>
31
32 #include <alloca.h>
33 #include <libproc.h>
34 #include <libintl.h>
35 #include <libgen.h>
36 #include <limits.h>
37 #include <project.h>
38 #include <pwd.h>
39 #include <secdb.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/varargs.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <signal.h>
47 #include <priv_utils.h>
48
49 #include "utils.h"
50
51 #define OPTIONS_STRING "Fc:lp:v"
52 #define NENV 8
53 #define ENVSIZE 255
54 #define PATH "PATH=/usr/bin"
55 #define SUPATH "PATH=/usr/sbin:/usr/bin"
56 #define SHELL "/usr/bin/sh"
57 #define SHELL2 "/sbin/sh"
58 #define TIMEZONEFILE "/etc/default/init"
59 #define LOGINFILE "/etc/default/login"
60 #define GLOBAL_ERR_SZ 1024
61 #define GRAB_RETRY_MAX 100
62
63 static const char *pname;
64 extern char **environ;
65 static char *supath = SUPATH;
66 static char *path = PATH;
67 static char global_error[GLOBAL_ERR_SZ];
68 static int verbose = 0;
69
70 static priv_set_t *nset;
71
72 /* Private definitions for libproject */
73 extern projid_t setproject_proc(const char *, const char *, int, pid_t,
74 struct ps_prochandle *, struct project *);
75 extern priv_set_t *setproject_initpriv(void);
76
77 static void usage(void);
78
79 static void preserve_error(const char *format, ...);
80
81 static int update_running_proc(int, char *, char *);
82 static int set_ids(struct ps_prochandle *, struct project *,
83 struct passwd *);
84 static struct passwd *match_user(uid_t, char *, int);
85 static void setproject_err(char *, char *, int, struct project *);
86
87 static void
88 usage(void)
89 {
90 (void) fprintf(stderr, gettext("usage: \n\t%s [-v] [-p project] "
91 "[-c pid | [-Fl] [command [args ...]]]\n"), pname);
92 exit(2);
93 }
94
95 int
96 main(int argc, char *argv[])
97 {
98 int c;
99 struct passwd *pw;
100 char *projname = NULL;
101 uid_t uid;
102 int login_flag = 0;
103 int finalize_flag = TASK_NORMAL;
104 int newproj_flag = 0;
105 taskid_t taskid;
106 char *shell;
107 char *env[NENV];
108 char **targs;
109 char *filename, *procname = NULL;
110 int error;
111
112 nset = setproject_initpriv();
113 if (nset == NULL)
114 die(gettext("privilege initialization failed\n"));
115
116 pname = getpname(argv[0]);
117
118 while ((c = getopt(argc, argv, OPTIONS_STRING)) != EOF) {
119 switch (c) {
120 case 'v':
121 verbose = 1;
122 break;
123 case 'p':
124 newproj_flag = 1;
125 projname = optarg;
126 break;
127 case 'F':
128 finalize_flag = TASK_FINAL;
129 break;
130 case 'l':
131 login_flag++;
132 break;
133 case 'c':
134 procname = optarg;
135 break;
136 case '?':
137 default:
138 usage();
139 /*NOTREACHED*/
140 }
141 }
142
143 /* -c option is invalid with -F, -l, or a specified command */
144 if ((procname != NULL) &&
145 (finalize_flag == TASK_FINAL || login_flag || optind < argc))
146 usage();
147
148 if (procname != NULL) {
149 /* Change project/task of an existing process */
150 return (update_running_proc(newproj_flag, procname, projname));
151 }
152
153 /*
154 * Get user data, so that we can confirm project membership as
155 * well as construct an appropriate login environment.
156 */
157 uid = getuid();
158 if ((pw = match_user(uid, projname, 1)) == NULL) {
159 die("%s\n", global_error);
160 }
161
162 /*
163 * If no projname was specified, we're just creating a new task
164 * under the current project, so we can just set the new taskid.
165 * If our project is changing, we need to update any attendant
166 * pool/rctl bindings, so let setproject() do the dirty work.
167 */
168 (void) __priv_bracket(PRIV_ON);
169 if (projname == NULL) {
170 if (settaskid(getprojid(), finalize_flag) == -1)
171 if (errno == EAGAIN)
172 die(gettext("resource control limit has been "
173 "reached"));
174 else
175 die(gettext("settaskid failed"));
176 } else {
177 if ((error = setproject(projname,
178 pw->pw_name, finalize_flag)) != 0) {
179 setproject_err(pw->pw_name, projname, error, NULL);
180 if (error < 0)
181 die("%s\n", global_error);
182 else
183 warn("%s\n", global_error);
184 }
185 }
186 __priv_relinquish();
187
188 taskid = gettaskid();
189
190 if (verbose)
191 (void) fprintf(stderr, "%d\n", (int)taskid);
192
193 /*
194 * Validate user's shell from passwd database.
195 */
196 if (strcmp(pw->pw_shell, "") == 0) {
197 if (access(SHELL, X_OK) == 0)
198 pw->pw_shell = SHELL;
199 else
200 pw->pw_shell = SHELL2;
201 }
202
203 if (login_flag) {
204 /*
205 * Since we've been invoked as a "simulated login", set up the
206 * environment.
207 */
208 char *cur_tz = getenv("TZ");
209 char *cur_term = getenv("TERM");
210
211 char **envnext;
212
213 size_t len_home = strlen(pw->pw_dir) + strlen("HOME=") + 1;
214 size_t len_logname = strlen(pw->pw_name) + strlen("LOGNAME=") +
215 1;
216 size_t len_shell = strlen(pw->pw_shell) + strlen("SHELL=") + 1;
217 size_t len_mail = strlen(pw->pw_name) +
218 strlen("MAIL=/var/mail/") + 1;
219 size_t len_tz;
220 size_t len_term;
221
222 char *env_home = safe_malloc(len_home);
223 char *env_logname = safe_malloc(len_logname);
224 char *env_shell = safe_malloc(len_shell);
225 char *env_mail = safe_malloc(len_mail);
226 char *env_tz;
227 char *env_term;
228
229 (void) snprintf(env_home, len_home, "HOME=%s", pw->pw_dir);
230 (void) snprintf(env_logname, len_logname, "LOGNAME=%s",
231 pw->pw_name);
232 (void) snprintf(env_shell, len_shell, "SHELL=%s", pw->pw_shell);
233 (void) snprintf(env_mail, len_mail, "MAIL=/var/mail/%s",
234 pw->pw_name);
235
236 env[0] = env_home;
237 env[1] = env_logname;
238 env[2] = (pw->pw_uid == 0 ? supath : path);
239 env[3] = env_shell;
240 env[4] = env_mail;
241 env[5] = NULL;
242 env[6] = NULL;
243 env[7] = NULL;
244
245 envnext = (char **)&env[5];
246
247 /*
248 * It's possible that TERM wasn't defined in the outer
249 * environment.
250 */
251 if (cur_term != NULL) {
252 len_term = strlen(cur_term) + strlen("TERM=") + 1;
253 env_term = safe_malloc(len_term);
254
255 (void) snprintf(env_term, len_term, "TERM=%s",
256 cur_term);
257 *envnext = env_term;
258 envnext++;
259 }
260
261 /*
262 * It is also possible that TZ wasn't defined in the outer
263 * environment. In that case, we must attempt to open the file
264 * defining the default timezone and select the appropriate
265 * entry. If there is no default timezone there, try
266 * TIMEZONE in /etc/default/login, duplicating the algorithm
267 * that login uses.
268 */
269 if (cur_tz != NULL) {
270 len_tz = strlen(cur_tz) + strlen("TZ=") + 1;
271 env_tz = safe_malloc(len_tz);
272
273 (void) snprintf(env_tz, len_tz, "TZ=%s", cur_tz);
274 *envnext = env_tz;
275 } else {
276 if ((env_tz = getdefault(TIMEZONEFILE, "TZ=",
277 "TZ=")) != NULL)
278 *envnext = env_tz;
279 else {
280 env_tz = getdefault(LOGINFILE, "TIMEZONE=",
281 "TZ=");
282 *envnext = env_tz;
283 }
284 }
285
286 environ = (char **)&env[0];
287
288 /*
289 * Prefix the shell string with a hyphen, indicating a login
290 * shell.
291 */
292 shell = safe_malloc(PATH_MAX);
293 (void) snprintf(shell, PATH_MAX, "-%s", basename(pw->pw_shell));
294 } else {
295 shell = basename(pw->pw_shell);
296 }
297
298 /*
299 * If there are no arguments, we launch the user's shell; otherwise, the
300 * remaining commands are assumed to form a valid command invocation
301 * that we can exec.
302 */
303 if (optind >= argc) {
304 targs = alloca(2 * sizeof (char *));
305 filename = pw->pw_shell;
306 targs[0] = shell;
307 targs[1] = NULL;
308 } else {
309 targs = &argv[optind];
310 filename = targs[0];
311 }
312
313 if (execvp(filename, targs) == -1)
314 die(gettext("exec of %s failed"), targs[0]);
315
316 /*
317 * We should never get here.
318 */
319 return (1);
320 }
321
322 static int
323 update_running_proc(int newproj_flag, char *procname, char *projname)
324 {
325 struct ps_prochandle *p;
326 prcred_t original_prcred, current_prcred;
327 projid_t prprojid;
328 taskid_t taskid;
329 int error = 0, gret;
330 struct project project;
331 char prbuf[PROJECT_BUFSZ];
332 struct passwd *passwd_entry;
333 int grab_retry_count = 0;
334
335 /*
336 * Catch signals from terminal. There isn't much sense in
337 * doing anything but ignoring them since we don't do anything
338 * after the point we'd be capable of handling them again.
339 */
340 (void) sigignore(SIGHUP);
341 (void) sigignore(SIGINT);
342 (void) sigignore(SIGQUIT);
343 (void) sigignore(SIGTERM);
344
345 /* flush stdout before grabbing the proc to avoid deadlock */
346 (void) fflush(stdout);
347
348 /*
349 * We need to grab the process, which will force it to stop execution
350 * until the grab is released, in order to aquire some information about
351 * it, such as its current project (which is achieved via an injected
352 * system call and therefore needs an agent) and its credentials. We
353 * will then need to release it again because it may be a process that
354 * we rely on for later calls, for example nscd.
355 */
356 if ((p = proc_arg_grab(procname, PR_ARG_PIDS, 0, &gret)) == NULL) {
357 warn(gettext("failed to grab for process %s: %s\n"),
358 procname, Pgrab_error(gret));
359 return (1);
360 }
361 if (Pcreate_agent(p) != 0) {
362 Prelease(p, 0);
363 warn(gettext("cannot control process %s\n"), procname);
364 return (1);
365 }
366
367 /*
368 * The victim process is now held. Do not call any functions
369 * which generate stdout/stderr until the process has been
370 * released.
371 */
372
373 /*
374 * The target process will soon be restarted (in case it is in newtask's
375 * execution path) and then stopped again. We need to ensure that our cached
376 * data doesn't change while the process runs so return here if the target
377 * process changes its user id in between our stop operations, so that we can
378 * try again.
379 */
380 pgrab_retry:
381
382 /* Cache required information about the process. */
383 if (Pcred(p, &original_prcred, 0) != 0) {
384 preserve_error(gettext("cannot get process credentials %s\n"),
385 procname);
386 error = 1;
387 }
388 if ((prprojid = pr_getprojid(p)) == -1) {
389 preserve_error(gettext("cannot get process project id %s\n"),
390 procname);
391 error = 1;
392 }
393
394 /*
395 * We now have all the required information, so release the target
396 * process and perform our sanity checks. The process needs to be
397 * running at this point because it may be in the execution path of the
398 * calls made below.
399 */
400 Pdestroy_agent(p);
401 Prelease(p, 0);
402
403 /* if our data acquisition failed, then we can't continue. */
404 if (error) {
405 warn("%s\n", global_error);
406 return (1);
407 }
408
409 if (newproj_flag == 0) {
410 /*
411 * Just changing the task, so set projname to the current
412 * project of the running process.
413 */
414 if (getprojbyid(prprojid, &project, &prbuf,
415 PROJECT_BUFSZ) == NULL) {
416 warn(gettext("unable to get project name "
417 "for projid %d"), prprojid);
418 return (1);
419 }
420 projname = project.pj_name;
421 } else {
422 /*
423 * cache info for the project which user passed in via the
424 * command line
425 */
426 if (getprojbyname(projname, &project, &prbuf,
427 PROJECT_BUFSZ) == NULL) {
428 warn(gettext("unknown project \"%s\"\n"), projname);
429 return (1);
430 }
431 }
432
433 /*
434 * Use our cached information to verify that the owner of the running
435 * process is a member of proj
436 */
437 if ((passwd_entry = match_user(original_prcred.pr_ruid,
438 projname, 0)) == NULL) {
439 warn("%s\n", global_error);
440 return (1);
441 }
442
443 /*
444 * We can now safely stop the process again in order to change the
445 * project and taskid as required.
446 */
447 if ((p = proc_arg_grab(procname, PR_ARG_PIDS, 0, &gret)) == NULL) {
448 warn(gettext("failed to grab for process %s: %s\n"),
449 procname, Pgrab_error(gret));
450 return (1);
451 }
452 if (Pcreate_agent(p) != 0) {
453 Prelease(p, 0);
454 warn(gettext("cannot control process %s\n"), procname);
455 return (1);
456 }
457
458 /*
459 * Now that the target process is stopped, check the validity of our
460 * cached info. If we aren't superuser then match_user() will have
461 * checked to make sure that the owner of the process is in the relevant
462 * project. If our ruid has changed, then match_user()'s conclusion may
463 * be invalid.
464 */
465 if (getuid() != 0) {
466 if (Pcred(p, ¤t_prcred, 0) != 0) {
467 Pdestroy_agent(p);
468 Prelease(p, 0);
469 warn(gettext("can't get process credentials %s\n"),
470 procname);
471 return (1);
472 }
473
474 if (original_prcred.pr_ruid != current_prcred.pr_ruid) {
475 if (grab_retry_count++ < GRAB_RETRY_MAX)
476 goto pgrab_retry;
477
478 warn(gettext("process consistently changed its "
479 "user id %s\n"), procname);
480 return (1);
481 }
482 }
483
484 error = set_ids(p, &project, passwd_entry);
485
486 if (verbose)
487 taskid = pr_gettaskid(p);
488
489 Pdestroy_agent(p);
490 Prelease(p, 0);
491
492 if (error) {
493 /*
494 * error is serious enough to stop, only if negative.
495 * Otherwise, it simply indicates one of the resource
496 * control assignments failed, which is worth warning
497 * about.
498 */
499 warn("%s\n", global_error);
500 if (error < 0)
501 return (1);
502 }
503
504 if (verbose)
505 (void) fprintf(stderr, "%d\n", (int)taskid);
506
507 return (0);
508 }
509
510 static int
511 set_ids(struct ps_prochandle *p, struct project *project,
512 struct passwd *passwd_entry)
513 {
514 int be_su = 0;
515 prcred_t old_prcred;
516 int error;
517 prpriv_t *old_prpriv, *new_prpriv;
518 size_t prsz = sizeof (prpriv_t);
519 priv_set_t *eset, *pset;
520 int ind;
521
522 if (Pcred(p, &old_prcred, 0) != 0) {
523 preserve_error(gettext("can't get process credentials"));
524 return (1);
525 }
526
527 old_prpriv = proc_get_priv(Pstatus(p)->pr_pid);
528 if (old_prpriv == NULL) {
529 preserve_error(gettext("can't get process privileges"));
530 return (1);
531 }
532
533 prsz = PRIV_PRPRIV_SIZE(old_prpriv);
534
535 new_prpriv = malloc(prsz);
536 if (new_prpriv == NULL) {
537 preserve_error(gettext("can't allocate memory"));
538 free(old_prpriv);
539 return (1);
540 }
541
542 (void) memcpy(new_prpriv, old_prpriv, prsz);
543
544 /*
545 * If the process already has the proc_taskid privilege,
546 * we don't need to elevate its privileges; if it doesn't,
547 * we try to do it here.
548 * As we do not wish to leave a window in which the process runs
549 * with elevated privileges, we make sure that the process dies
550 * when we go away unexpectedly.
551 */
552
553 ind = priv_getsetbyname(PRIV_EFFECTIVE);
554 eset = (priv_set_t *)&new_prpriv->pr_sets[new_prpriv->pr_setsize * ind];
555 ind = priv_getsetbyname(PRIV_PERMITTED);
556 pset = (priv_set_t *)&new_prpriv->pr_sets[new_prpriv->pr_setsize * ind];
557
558 if (!priv_issubset(nset, eset)) {
559 be_su = 1;
560 priv_union(nset, eset);
561 priv_union(nset, pset);
562 if (Psetflags(p, PR_KLC) != 0) {
563 preserve_error(gettext("cannot set process "
564 "privileges"));
565 (void) Punsetflags(p, PR_KLC);
566 free(new_prpriv);
567 free(old_prpriv);
568 return (1);
569 }
570 (void) __priv_bracket(PRIV_ON);
571 if (Psetpriv(p, new_prpriv) != 0) {
572 (void) __priv_bracket(PRIV_OFF);
573 preserve_error(gettext("cannot set process "
574 "privileges"));
575 (void) Punsetflags(p, PR_KLC);
576 free(new_prpriv);
577 free(old_prpriv);
578 return (1);
579 }
580 (void) __priv_bracket(PRIV_OFF);
581 }
582
583 (void) __priv_bracket(PRIV_ON);
584 if ((error = setproject_proc(project->pj_name,
585 passwd_entry->pw_name, 0, Pstatus(p)->pr_pid, p, project)) != 0) {
586 /* global_error is set by setproject_err */
587 setproject_err(passwd_entry->pw_name, project->pj_name,
588 error, project);
589 }
590 (void) __priv_bracket(PRIV_OFF);
591
592 /* relinquish added privileges */
593 if (be_su) {
594 (void) __priv_bracket(PRIV_ON);
595 if (Psetpriv(p, old_prpriv) != 0) {
596 /*
597 * We shouldn't ever be in a state where we can't
598 * set the process back to its old creds, but we
599 * don't want to take the chance of leaving a
600 * non-privileged process with enhanced creds. So,
601 * release the process from libproc control, knowing
602 * that it will be killed.
603 */
604 (void) __priv_bracket(PRIV_OFF);
605 Pdestroy_agent(p);
606 die(gettext("cannot relinquish superuser credentials "
607 "for pid %d. The process was killed."),
608 Pstatus(p)->pr_pid);
609 }
610 (void) __priv_bracket(PRIV_OFF);
611 if (Punsetflags(p, PR_KLC) != 0)
612 preserve_error(gettext("error relinquishing "
613 "credentials. Process %d will be killed."),
614 Pstatus(p)->pr_pid);
615 }
616 free(new_prpriv);
617 free(old_prpriv);
618
619 return (error);
620 }
621
622 /*
623 * preserve_error() should be called rather than warn() by any
624 * function that is called while the victim process is being
625 * held by Pgrab.
626 *
627 * It saves a single error message to be printed until after
628 * the process has been released. Since multiple errors are not
629 * stored, any error should be considered critical.
630 */
631 void
632 preserve_error(const char *format, ...)
633 {
634 va_list alist;
635
636 va_start(alist, format);
637
638 /*
639 * GLOBAL_ERR_SZ is pretty big. If the error is longer
640 * than that, just truncate it, rather than chance missing
641 * the error altogether.
642 */
643 (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
644
645 va_end(alist);
646
647 }
648
649 /*
650 * Given the input arguments, return the passwd structure that matches best.
651 * Also, since we use getpwnam() and friends, subsequent calls to this
652 * function will re-use the memory previously returned.
653 */
654 static struct passwd *
655 match_user(uid_t uid, char *projname, int is_my_uid)
656 {
657 char prbuf[PROJECT_BUFSZ], username[LOGNAME_MAX_ILLUMOS+1];
658 struct project prj;
659 char *tmp_name;
660 struct passwd *pw = NULL;
661
662 /*
663 * In order to allow users with the same UID but distinguishable
664 * user names to be in different projects we play a guessing
665 * game of which username is most appropriate. If we're checking
666 * for the uid of the calling process, the login name is a
667 * good starting point.
668 */
669 if (is_my_uid) {
670 if ((tmp_name = getlogin()) == NULL ||
671 (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
672 (pw->pw_name == NULL))
673 pw = NULL;
674 }
675
676 /*
677 * If the login name doesn't work, we try the first match for
678 * the current uid in the password file.
679 */
680 if (pw == NULL) {
681 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
682 preserve_error(gettext("cannot find username "
683 "for uid %d"), uid);
684 return (NULL);
685 }
686 }
687
688 /*
689 * If projname wasn't supplied, we've done our best, so just return
690 * what we've got now. Alternatively, if newtask's invoker has
691 * superuser privileges, return the pw structure we've got now, with
692 * no further checking from inproj(). Superuser should be able to
693 * join any project, and the subsequent call to setproject() will
694 * allow this.
695 */
696 if (projname == NULL || getuid() == (uid_t)0)
697 return (pw);
698
699 (void) strncpy(username, pw->pw_name, sizeof (username) - 1);
700 username[sizeof (username) - 1] = '\0';
701
702 if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
703 char **u;
704 tmp_name = NULL;
705
706 /*
707 * If the previous guesses didn't work, walk through all
708 * project members and test for UID-equivalence.
709 */
710
711 if (getprojbyname(projname, &prj, prbuf,
712 PROJECT_BUFSZ) == NULL) {
713 preserve_error(gettext("unknown project \"%s\""),
714 projname);
715 return (NULL);
716 }
717
718 for (u = prj.pj_users; *u; u++) {
719 if ((pw = getpwnam(*u)) == NULL)
720 continue;
721
722 if (pw->pw_uid == uid) {
723 tmp_name = pw->pw_name;
724 break;
725 }
726 }
727
728 if (tmp_name == NULL) {
729 preserve_error(gettext("user \"%s\" is not a member of "
730 "project \"%s\""), username, projname);
731 return (NULL);
732 }
733 }
734
735 return (pw);
736 }
737
738 void
739 setproject_err(char *username, char *projname, int error, struct project *proj)
740 {
741 kva_t *kv_array = NULL;
742 char prbuf[PROJECT_BUFSZ];
743 struct project local_proj;
744
745 switch (error) {
746 case SETPROJ_ERR_TASK:
747 if (errno == EAGAIN)
748 preserve_error(gettext("resource control limit has "
749 "been reached"));
750 else if (errno == ESRCH)
751 preserve_error(gettext("user \"%s\" is not a member of "
752 "project \"%s\""), username, projname);
753 else if (errno == EACCES)
754 preserve_error(gettext("the invoking task is final"));
755 else
756 preserve_error(
757 gettext("could not join project \"%s\""),
758 projname);
759 break;
760 case SETPROJ_ERR_POOL:
761 if (errno == EACCES)
762 preserve_error(gettext("no resource pool accepting "
763 "default bindings exists for project \"%s\""),
764 projname);
765 else if (errno == ESRCH)
766 preserve_error(gettext("specified resource pool does "
767 "not exist for project \"%s\""), projname);
768 else
769 preserve_error(gettext("could not bind to default "
770 "resource pool for project \"%s\""), projname);
771 break;
772 default:
773 if (error <= 0) {
774 preserve_error(gettext("setproject failed for "
775 "project \"%s\""), projname);
776 return;
777 }
778 /*
779 * If we have a stopped target process it may be in
780 * getprojbyname()'s execution path which would make it unsafe
781 * to access the project table, so only do that if the caller
782 * hasn't provided a cached version of the project structure.
783 */
784 if (proj == NULL)
785 proj = getprojbyname(projname, &local_proj, prbuf,
786 PROJECT_BUFSZ);
787
788 if (proj == NULL || (kv_array = _str2kva(proj->pj_attr,
789 KV_ASSIGN, KV_DELIMITER)) == NULL ||
790 kv_array->length < error) {
791 preserve_error(gettext("warning, resource control "
792 "assignment failed for project \"%s\" "
793 "attribute %d"),
794 projname, error);
795 if (kv_array)
796 _kva_free(kv_array);
797 return;
798 }
799 preserve_error(gettext("warning, %s resource control "
800 "assignment failed for project \"%s\""),
801 kv_array->data[error - 1].key, projname);
802 _kva_free(kv_array);
803 }
804 }