illumos2989-2 Sdiff usr/src/cmd/zlogin/zlogin.c

Print this page

2989 Eliminate use of LOGNAME_MAX in ON
1166 useradd have warning with name more 8 chars

   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*


  22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  23  */
  24 
  25 /*
  26  * zlogin provides three types of login which allow users in the global
  27  * zone to access non-global zones.
  28  *
  29  * - "interactive login" is similar to rlogin(1); for example, the user could
  30  *   issue 'zlogin my-zone' or 'zlogin -e ^ -l me my-zone'.   The user is
  31  *   granted a new pty (which is then shoved into the zone), and an I/O
  32  *   loop between parent and child processes takes care of the interactive
  33  *   session.  In this mode, login(1) (and its -c option, which means
  34  *   "already authenticated") is employed to take care of the initialization
  35  *   of the user's session.
  36  *
  37  * - "non-interactive login" is similar to su(1M); the user could issue
  38  *   'zlogin my-zone ls -l' and the command would be run as specified.
  39  *   In this mode, zlogin sets up pipes as the communication channel, and
  40  *   'su' is used to do the login setup work.
  41  *

1223 
1224         return (new_env);
1225 }
1226 
1227 /*
1228  * Finish the preparation of the envp array for exec'd non-interactive
1229  * zlogins.  This is called in the child process *after* we zone_enter(), since
1230  * it derives things we can only know within the zone, such as $HOME, $SHELL,
1231  * etc.  We need only do this in the non-interactive, mode, since otherwise
1232  * login(1) will do it.  We don't do this in failsafe mode, since it presents
1233  * additional ways in which the command could fail, and we'd prefer to avoid
1234  * that.
1235  */
1236 static char **
1237 prep_env_noninteractive(const char *user_cmd, char **env)
1238 {
1239         size_t size;
1240         char **new_env;
1241         int e, i;
1242         char *estr;
1243         char varmail[LOGNAME_MAX + 11]; /* strlen(/var/mail/) = 10, NUL */

1244         char pwbuf[NSS_BUFLEN_PASSWD + 1];
1245         struct passwd pwent;
1246         struct passwd *pw = NULL;
1247 
1248         assert(env != NULL);
1249         assert(failsafe == 0);
1250 
1251         /*
1252          * Exec the "user_cmd" brand hook to get a pwent for the
1253          * login user.  If this fails, HOME will be set to "/", SHELL
1254          * will be set to $DEFAULTSHELL, and we will continue to exec
1255          * SUPATH <login> -c <cmd>.
1256          */
1257         pw = zone_get_user_pw(user_cmd, &pwent, pwbuf, sizeof (pwbuf));
1258 
1259         /*
1260          * Get existing envp size.
1261          */
1262         for (size = 0; env[size] != NULL; size++)
1263                 ;

   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2013 Gary Mills
  23  *
  24  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  25  */
  26 
  27 /*
  28  * zlogin provides three types of login which allow users in the global
  29  * zone to access non-global zones.
  30  *
  31  * - "interactive login" is similar to rlogin(1); for example, the user could
  32  *   issue 'zlogin my-zone' or 'zlogin -e ^ -l me my-zone'.   The user is
  33  *   granted a new pty (which is then shoved into the zone), and an I/O
  34  *   loop between parent and child processes takes care of the interactive
  35  *   session.  In this mode, login(1) (and its -c option, which means
  36  *   "already authenticated") is employed to take care of the initialization
  37  *   of the user's session.
  38  *
  39  * - "non-interactive login" is similar to su(1M); the user could issue
  40  *   'zlogin my-zone ls -l' and the command would be run as specified.
  41  *   In this mode, zlogin sets up pipes as the communication channel, and
  42  *   'su' is used to do the login setup work.
  43  *

1225 
1226         return (new_env);
1227 }
1228 
1229 /*
1230  * Finish the preparation of the envp array for exec'd non-interactive
1231  * zlogins.  This is called in the child process *after* we zone_enter(), since
1232  * it derives things we can only know within the zone, such as $HOME, $SHELL,
1233  * etc.  We need only do this in the non-interactive, mode, since otherwise
1234  * login(1) will do it.  We don't do this in failsafe mode, since it presents
1235  * additional ways in which the command could fail, and we'd prefer to avoid
1236  * that.
1237  */
1238 static char **
1239 prep_env_noninteractive(const char *user_cmd, char **env)
1240 {
1241         size_t size;
1242         char **new_env;
1243         int e, i;
1244         char *estr;
1245         char varmail[LOGNAME_MAX_ILLUMOS + 11]; /* strlen(/var/mail/) = */
1246                                                 /* 10, NUL */
1247         char pwbuf[NSS_BUFLEN_PASSWD + 1];
1248         struct passwd pwent;
1249         struct passwd *pw = NULL;
1250 
1251         assert(env != NULL);
1252         assert(failsafe == 0);
1253 
1254         /*
1255          * Exec the "user_cmd" brand hook to get a pwent for the
1256          * login user.  If this fails, HOME will be set to "/", SHELL
1257          * will be set to $DEFAULTSHELL, and we will continue to exec
1258          * SUPATH <login> -c <cmd>.
1259          */
1260         pw = zone_get_user_pw(user_cmd, &pwent, pwbuf, sizeof (pwbuf));
1261 
1262         /*
1263          * Get existing envp size.
1264          */
1265         for (size = 0; env[size] != NULL; size++)
1266                 ;