3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 #include <sys/types.h>
30 #include <sys/task.h>
31
32 #include <alloca.h>
33 #include <libproc.h>
34 #include <libintl.h>
35 #include <libgen.h>
36 #include <limits.h>
37 #include <project.h>
38 #include <pwd.h>
39 #include <secdb.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/varargs.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <signal.h>
47 #include <priv_utils.h>
48
637
638 /*
639 * GLOBAL_ERR_SZ is pretty big. If the error is longer
640 * than that, just truncate it, rather than chance missing
641 * the error altogether.
642 */
643 (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
644
645 va_end(alist);
646
647 }
648
649 /*
650 * Given the input arguments, return the passwd structure that matches best.
651 * Also, since we use getpwnam() and friends, subsequent calls to this
652 * function will re-use the memory previously returned.
653 */
654 static struct passwd *
655 match_user(uid_t uid, char *projname, int is_my_uid)
656 {
657 char prbuf[PROJECT_BUFSZ], username[LOGNAME_MAX+1];
658 struct project prj;
659 char *tmp_name;
660 struct passwd *pw = NULL;
661
662 /*
663 * In order to allow users with the same UID but distinguishable
664 * user names to be in different projects we play a guessing
665 * game of which username is most appropriate. If we're checking
666 * for the uid of the calling process, the login name is a
667 * good starting point.
668 */
669 if (is_my_uid) {
670 if ((tmp_name = getlogin()) == NULL ||
671 (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
672 (pw->pw_name == NULL))
673 pw = NULL;
674 }
675
676 /*
677 * If the login name doesn't work, we try the first match for
679 */
680 if (pw == NULL) {
681 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
682 preserve_error(gettext("cannot find username "
683 "for uid %d"), uid);
684 return (NULL);
685 }
686 }
687
688 /*
689 * If projname wasn't supplied, we've done our best, so just return
690 * what we've got now. Alternatively, if newtask's invoker has
691 * superuser privileges, return the pw structure we've got now, with
692 * no further checking from inproj(). Superuser should be able to
693 * join any project, and the subsequent call to setproject() will
694 * allow this.
695 */
696 if (projname == NULL || getuid() == (uid_t)0)
697 return (pw);
698
699 (void) strcpy(username, pw->pw_name);
700
701 if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
702 char **u;
703 tmp_name = NULL;
704
705 /*
706 * If the previous guesses didn't work, walk through all
707 * project members and test for UID-equivalence.
708 */
709
710 if (getprojbyname(projname, &prj, prbuf,
711 PROJECT_BUFSZ) == NULL) {
712 preserve_error(gettext("unknown project \"%s\""),
713 projname);
714 return (NULL);
715 }
716
717 for (u = prj.pj_users; *u; u++) {
718 if ((pw = getpwnam(*u)) == NULL)
719 continue;
|
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright (c) 2013 Gary Mills
24 *
25 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 */
28
29 #include <sys/types.h>
30 #include <sys/task.h>
31
32 #include <alloca.h>
33 #include <libproc.h>
34 #include <libintl.h>
35 #include <libgen.h>
36 #include <limits.h>
37 #include <project.h>
38 #include <pwd.h>
39 #include <secdb.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <sys/varargs.h>
44 #include <unistd.h>
45 #include <errno.h>
46 #include <signal.h>
47 #include <priv_utils.h>
48
637
638 /*
639 * GLOBAL_ERR_SZ is pretty big. If the error is longer
640 * than that, just truncate it, rather than chance missing
641 * the error altogether.
642 */
643 (void) vsnprintf(global_error, GLOBAL_ERR_SZ-1, format, alist);
644
645 va_end(alist);
646
647 }
648
649 /*
650 * Given the input arguments, return the passwd structure that matches best.
651 * Also, since we use getpwnam() and friends, subsequent calls to this
652 * function will re-use the memory previously returned.
653 */
654 static struct passwd *
655 match_user(uid_t uid, char *projname, int is_my_uid)
656 {
657 char prbuf[PROJECT_BUFSZ], username[LOGNAME_MAX_ILLUMOS+1];
658 struct project prj;
659 char *tmp_name;
660 struct passwd *pw = NULL;
661
662 /*
663 * In order to allow users with the same UID but distinguishable
664 * user names to be in different projects we play a guessing
665 * game of which username is most appropriate. If we're checking
666 * for the uid of the calling process, the login name is a
667 * good starting point.
668 */
669 if (is_my_uid) {
670 if ((tmp_name = getlogin()) == NULL ||
671 (pw = getpwnam(tmp_name)) == NULL || (pw->pw_uid != uid) ||
672 (pw->pw_name == NULL))
673 pw = NULL;
674 }
675
676 /*
677 * If the login name doesn't work, we try the first match for
679 */
680 if (pw == NULL) {
681 if (((pw = getpwuid(uid)) == NULL) || pw->pw_name == NULL) {
682 preserve_error(gettext("cannot find username "
683 "for uid %d"), uid);
684 return (NULL);
685 }
686 }
687
688 /*
689 * If projname wasn't supplied, we've done our best, so just return
690 * what we've got now. Alternatively, if newtask's invoker has
691 * superuser privileges, return the pw structure we've got now, with
692 * no further checking from inproj(). Superuser should be able to
693 * join any project, and the subsequent call to setproject() will
694 * allow this.
695 */
696 if (projname == NULL || getuid() == (uid_t)0)
697 return (pw);
698
699 (void) strncpy(username, pw->pw_name, sizeof (username) - 1);
700 username[sizeof (username) - 1] = '\0';
701
702 if (inproj(username, projname, prbuf, PROJECT_BUFSZ) == 0) {
703 char **u;
704 tmp_name = NULL;
705
706 /*
707 * If the previous guesses didn't work, walk through all
708 * project members and test for UID-equivalence.
709 */
710
711 if (getprojbyname(projname, &prj, prbuf,
712 PROJECT_BUFSZ) == NULL) {
713 preserve_error(gettext("unknown project \"%s\""),
714 projname);
715 return (NULL);
716 }
717
718 for (u = prj.pj_users; *u; u++) {
719 if ((pw = getpwnam(*u)) == NULL)
720 continue;
|