--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/auths/auths.c Tue Jun 14 00:00:00 2005 -0700
@@ -0,0 +1,337 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License"). You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident "%Z%%M% %I% %E% SMI"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <string.h>
+#include <deflt.h>
+#include <libintl.h>
+#include <locale.h>
+#include <user_attr.h>
+#include <prof_attr.h>
+#include <auth_attr.h>
+
+
+#define ALL_AUTHS "All"
+#define ALL_SUN_AUTHS "solaris.*"
+
+#define EXIT_OK 0
+#define EXIT_FATAL 1
+#define EXIT_NON_FATAL 2
+
+#ifndef TEXT_DOMAIN /* Should be defined by cc -D */
+#define TEXT_DOMAIN "SYS_TEST"
+#endif
+
+#define PROFLIST_SEP ","
+#define AUTH_SEP ","
+#define MAXAUTHS 4096
+
+
+static int show_auths(char *, char **, int, int);
+static int list_auths(userattr_t *, char **, int *);
+static char *get_default_auths(char **, int *);
+static void getProfiles(char *, char **, int *, char **, int *);
+static void add_auths(char *, char **, int *);
+
+
+static char *progname = "auths";
+
+
+int
+main(int argc, char *argv[])
+{
+ int status = EXIT_OK;
+ char *defauths[MAXAUTHS];
+ int defauth_cnt = 0;
+ int i;
+
+ (void) setlocale(LC_ALL, "");
+ (void) textdomain(TEXT_DOMAIN);
+
+ (void) get_default_auths(defauths, &defauth_cnt);
+
+ switch (argc) {
+ case 1:
+ status = show_auths(NULL, defauths, defauth_cnt, 0);
+ break;
+ case 2:
+ status = show_auths(argv[argc-1], defauths, defauth_cnt, 0);
+ break;
+ default:
+ while (*++argv) {
+ status = show_auths(*argv, defauths, defauth_cnt, 1);
+ if (status == EXIT_FATAL) {
+ break;
+ }
+ }
+ break;
+ }
+
+ /* free memory allocated for default authorizations */
+ for (i = 0; i < defauth_cnt; i++) {
+ free(defauths[i]);
+ }
+
+ status = (status == EXIT_OK) ? status : EXIT_FATAL;
+
+ return (status);
+}
+
+
+static int
+show_auths(char *username, char **defauths, int defauth_cnt, int print_name)
+{
+ int status = EXIT_OK;
+ struct passwd *pw;
+ userattr_t *user;
+ char *userauths[MAXAUTHS];
+ int userauth_cnt = 0, old_userauth_cnt;
+ int i, j, have_allauths, duplicate;
+
+ if (username == NULL) {
+ if ((pw = getpwuid(getuid())) == NULL) {
+ status = EXIT_NON_FATAL;
+ (void) fprintf(stderr, "%s: ", progname);
+ (void) fprintf(stderr, gettext("No passwd entry\n"));
+ return (status);
+ }
+ username = pw->pw_name;
+ } else if ((pw = getpwnam(username)) == NULL) {
+ status = EXIT_NON_FATAL;
+ (void) fprintf(stderr, "%s: %s : ", progname, username);
+ (void) fprintf(stderr, gettext("No such user\n"));
+ return (status);
+ }
+
+ have_allauths = 0;
+ if (username != NULL) {
+ /* if ALL_AUTHS is default, don't need to look at other auths */
+ for (i = 0; i < defauth_cnt; i++) {
+ if (strcmp(defauths[i], ALL_AUTHS) == 0) {
+ have_allauths = 1;
+ break;
+ }
+ }
+ if (have_allauths) {
+ status = EXIT_OK;
+ } else if ((user = getusernam(username)) != NULL) {
+ status = list_auths(user, userauths, &userauth_cnt);
+ /* check if any profiles have ALL_AUTHS */
+ for (i = 0; i < userauth_cnt; i++) {
+ if (strcmp(userauths[i], ALL_AUTHS) == 0) {
+ have_allauths = 1;
+ break;
+ }
+ }
+ }
+ if ((defauth_cnt + userauth_cnt) == 0) {
+ status = EXIT_NON_FATAL;
+ }
+ }
+ if (status == EXIT_NON_FATAL) {
+ (void) fprintf(stderr, "%s: %s : ", progname, username);
+ (void) fprintf(stderr, gettext("No authorizations\n"));
+ } else {
+ if (print_name) {
+ (void) printf("%s : ", username);
+ }
+
+ if (have_allauths) {
+ (void) printf("%s\n", ALL_SUN_AUTHS);
+ } else {
+ /*
+ * combine the user auths and default auths,
+ * and eliminate duplicates from the two
+ */
+ old_userauth_cnt = userauth_cnt;
+ for (i = 0; i < defauth_cnt; i++) {
+ duplicate = 0;
+ for (j = 0; j < old_userauth_cnt; j++) {
+ if (strcmp(userauths[j], defauths[i]) ==
+ 0) {
+ duplicate = 1;
+ break;
+ }
+ }
+ if (!duplicate) {
+ userauths[userauth_cnt] =
+ strdup(defauths[i]);
+ userauth_cnt++;
+ }
+ }
+
+ /* print out the auths */
+ for (i = 0; i < (userauth_cnt - 1); i++) {
+ (void) printf("%s,", userauths[i]);
+ }
+
+ /* print out the last entry, without the comma */
+ (void) printf("%s\n", userauths[userauth_cnt - 1]);
+ }
+ }
+
+ /* free memory allocated for authorizations */
+ for (i = 0; i < userauth_cnt; i++) {
+ free(userauths[i]);
+ }
+
+ return (status);
+}
+
+
+static int
+list_auths(userattr_t *user, char **authArray, int *authcnt)
+{
+ int status = EXIT_OK;
+ char *authlist = NULL;
+ char *proflist = NULL;
+ char *profArray[MAXPROFS];
+ int profcnt = 0;
+
+ authlist = kva_match(user->attr, USERATTR_AUTHS_KW);
+ if (authlist != NULL) {
+ add_auths(authlist, authArray, authcnt);
+ }
+ if ((proflist = kva_match(user->attr, USERATTR_PROFILES_KW)) == NULL) {
+ if (authcnt == 0) {
+ status = EXIT_NON_FATAL;
+ }
+ } else {
+ getProfiles(proflist, profArray, &profcnt,
+ authArray, authcnt);
+ free_proflist(profArray, profcnt);
+ }
+ if (authcnt == 0) {
+ status = EXIT_NON_FATAL;
+ }
+ free_userattr(user);
+
+ return (status);
+}
+
+
+static char *
+get_default_auths(char **authArray, int *authcnt)
+{
+ char *auths = NULL;
+ char *profs = NULL;
+ char *profArray[MAXPROFS];
+ int profcnt = 0;
+
+ if (defopen(AUTH_POLICY) == NULL) {
+ auths = defread(DEF_AUTH);
+ if (auths != NULL) {
+ add_auths(auths, authArray, authcnt);
+ }
+
+ /* get authorizations from default profiles */
+ profs = defread(DEF_PROF);
+ if (profs != NULL) {
+ getProfiles(profs, profArray, &profcnt,
+ authArray, authcnt);
+ free_proflist(profArray, profcnt);
+ }
+ }
+
+ return (auths);
+}
+
+void
+add_auths(char *auths, char **authArray, int *authcnt)
+{
+ char *authname, *lasts, *real_authname;
+ int i;
+
+ for (authname = (char *)strtok_r(auths, AUTH_SEP, &lasts);
+ authname != NULL;
+ authname = (char *)strtok_r(NULL, AUTH_SEP, &lasts)) {
+
+ if ((strcmp(authname, KV_WILDCARD) == 0) ||
+ (strcmp(authname, ALL_SUN_AUTHS) == 0)) {
+ real_authname = ALL_AUTHS;
+ } else {
+ real_authname = authname;
+ }
+
+ /* check to see if authorization is already in list */
+ for (i = 0; i < *authcnt; i++) {
+ if (strcmp(real_authname, authArray[i]) == 0) {
+ break; /* already in list */
+ }
+ }
+
+ /* not in list, add it in */
+ if (i == *authcnt) {
+ authArray[i] = strdup(real_authname);
+ *authcnt = i + 1;
+ }
+ }
+
+}
+
+static void
+getProfiles(char *profiles, char **profArray, int *profcnt,
+ char **authArray, int *authcnt)
+{
+
+ char *prof;
+ char *lasts;
+ profattr_t *pa;
+ char *auths;
+ int i;
+
+ for (prof = (char *)strtok_r(profiles, PROFLIST_SEP, &lasts);
+ prof != NULL;
+ prof = (char *)strtok_r(NULL, PROFLIST_SEP, &lasts)) {
+
+ getproflist(prof, profArray, profcnt);
+ }
+
+ /* get authorizations from list of profiles */
+ for (i = 0; i < *profcnt; i++) {
+
+ if ((pa = getprofnam(profArray[i])) == NULL) {
+ /*
+ * this should never happen.
+ * unless the database has an undefined profile
+ */
+ continue;
+ }
+
+ /* get auths this profile */
+ auths = kva_match(pa->attr, PROFATTR_AUTHS_KW);
+ if (auths != NULL) {
+ add_auths(auths, authArray, authcnt);
+ }
+
+ free_profattr(pa);
+ }
+}