PSARC/2010/003 EOL and removal of audit_user(4) and getauusernam(3bsm)
6914742 remove audit_user phase 1 PSARC/2010/003 EOL and removal of audit_user(4) and getauusernam(3bsm)
--- a/exception_lists/interface_cmp Wed Jul 07 15:10:26 2010 -0700
+++ b/exception_lists/interface_cmp Wed Jul 07 16:44:54 2010 -0700
@@ -51,6 +51,17 @@
DELSYM ^(auditsvc|setauclassfile|setaueventfile|setauuserfile|testac)$ \
^SUNW_(0\.[7-8]|1\.[1-2])$ \
^MACH(lib)/libbsm\.so\.1$
+#
+# - Removed interfaces: getauusernam(3bsm)
+# 6914742 remove audit_user phase 1
+# PSARC/2010/003 EOL and removal of audit_user(4) and getauusernam(3bsm)
+#
+DELSYM ^(getauuserent_r|getauusernam_r)$ \
+ ^SUNW_(0\.8|1\.[1-2])$ \
+ ^MACH(lib)/libbsm\.so\.1$
+DELSYM ^(endauuser|getauuserent|getauusernam|setauuser)$ \
+ ^SUNW_(0\.[7-8]|1\.[1-2])$ \
+ ^MACH(lib)/libbsm\.so\.1$
## libmalloc / libmapmalloc
--- a/usr/src/cmd/ldap/ns_ldap/idsconfig.sh Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/ldap/ns_ldap/idsconfig.sh Wed Jul 07 16:44:54 2010 -0700
@@ -22,8 +22,7 @@
#
# idsconfig -- script to setup iDS 5.x/6.x/7.x for Native LDAP II.
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
#
#
@@ -3965,7 +3964,6 @@
# Indexes added during NIS to LDAP transition
_INDEX7="${LDAP_DOMAIN}.getauhoent;${LDAP_DOMAIN}_auho_vlv_index;automountmapname=auto_home;objectClass=automount"
_INDEX8="${LDAP_DOMAIN}.getsoluent;${LDAP_DOMAIN}_solu_vlv_index;ou=people;objectClass=SolarisUserAttr"
- _INDEX9="${LDAP_DOMAIN}.getauduent;${LDAP_DOMAIN}_audu_vlv_index;ou=people;objectClass=SolarisAuditUser"
_INDEX10="${LDAP_DOMAIN}.getauthent;${LDAP_DOMAIN}_auth_vlv_index;ou=SolarisAuthAttr;objectClass=SolarisAuthAttr"
_INDEX11="${LDAP_DOMAIN}.getexecent;${LDAP_DOMAIN}_exec_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisExecAttr)(SolarisKernelSecurityPolicy=*)"
_INDEX12="${LDAP_DOMAIN}.getprofent;${LDAP_DOMAIN}_prof_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisProfAttr)(SolarisAttrLongDesc=*)"
@@ -4431,7 +4429,7 @@
dn: ${LDAP_BASEDN}
changetype: modify
add: aci
-aci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid||SolarisAuditAlways||SolarisAuditNever||SolarisAttrKeyValue||SolarisAttrReserved1||SolarisAttrReserved2||SolarisUserQualifier")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";)
+aci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid||SolarisAttrKeyValue||SolarisAttrReserved1||SolarisAttrReserved2||SolarisUserQualifier")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";)
-
EOF
) > ${TMPDIR}/top_aci
--- a/usr/src/cmd/ldap/ns_ldap/ldapaddent.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/ldap/ns_ldap/ldapaddent.c Wed Jul 07 16:44:54 2010 -0700
@@ -4072,8 +4072,6 @@
filedbmline_comment, "SolarisExecAttr", "cn" },
{ NS_LDAP_TYPE_AUTHATTR, genent_auth_attr, dump_auth_attr,
filedbmline_comment, "SolarisAuthAttr", "cn" },
- { NS_LDAP_TYPE_AUUSER, genent_audit_user, dump_audit_user,
- filedbmline_comment, "SolarisAuditUser", "uid" },
{ NS_LDAP_TYPE_TNRHDB, genent_tnrhdb, dump_tnrhdb,
filedbmline_comment, "ipTnetHost", "ipTnetNumber" },
{ NS_LDAP_TYPE_TNRHTP, genent_tnrhtp, dump_tnrhtp,
--- a/usr/src/cmd/ldap/ns_ldap/ldapaddent.h Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/ldap/ns_ldap/ldapaddent.h Wed Jul 07 16:44:54 2010 -0700
@@ -19,15 +19,12 @@
* CDDL HEADER END
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _LDAPADDENT_H
#define _LDAPADDENT_H
-#pragma ident "%Z%%M% %I% %E% SMI"
-
/*
* ldapaddent.h
* common declarations for ldapaddent utility
@@ -74,7 +71,6 @@
extern int genent_prof_attr(char *line, int (*cback)());
extern int genent_exec_attr(char *line, int (*cback)());
extern int genent_auth_attr(char *line, int (*cback)());
-extern int genent_audit_user(char *line, int (*cback)());
extern int genent_tnrhdb(char *line, int (*cback)());
extern int genent_tnrhtp(char *line, int (*cback)());
@@ -82,7 +78,6 @@
extern void dump_prof_attr(ns_ldap_result_t *res);
extern void dump_exec_attr(ns_ldap_result_t *res);
extern void dump_auth_attr(ns_ldap_result_t *res);
-extern void dump_audit_user(ns_ldap_result_t *res);
extern void dump_tnrhdb(ns_ldap_result_t *res);
extern void dump_tnrhtp(ns_ldap_result_t *res);
--- a/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c Wed Jul 07 16:44:54 2010 -0700
@@ -19,12 +19,9 @@
* CDDL HEADER END
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
/*
* ldapaddrbac.c
*
@@ -58,7 +55,7 @@
#include <auth_attr.h>
/*
- * The parsing routines for RBAC and audit_user databases
+ * The parsing routines for RBAC databases
*/
/*
@@ -390,61 +387,3 @@
(void) fprintf(stdout, "%s", value[0]);
(void) fprintf(stdout, "\n");
}
-
-int
-genent_audit_user(char *line, int (*cback)())
-{
- entry_col *ecol;
- au_user_str_t data;
- int res, retval;
-
- /*
- * parse entry into columns
- */
- res = genent_attr(line, AUDITUSER_DB_NCOL, &ecol);
- if (res != GENENT_OK)
- return (res);
-
- data.au_name = strdup(ecol[0].ec_value.ec_value_val);
- data.au_always = strdup(ecol[1].ec_value.ec_value_val);
- data.au_never = strdup(ecol[2].ec_value.ec_value_val);
-
- if (flags & F_VERBOSE)
- (void) fprintf(stdout,
- gettext("Adding entry : %s\n"), data.au_name);
-
- retval = (*cback)(&data, 1);
- if (retval != NS_LDAP_SUCCESS) {
- if (retval == LDAP_NO_SUCH_OBJECT)
- (void) fprintf(stdout,
- gettext("Cannot add audit_user entry (%s), "
- "add passwd entry first\n"), data.au_name);
- if (continue_onerror == 0) res = GENENT_CBERR;
- }
-
- free(ecol);
-
- return (res);
-}
-
-void
-dump_audit_user(ns_ldap_result_t *res)
-{
- char **value = NULL;
-
- value = __ns_ldap_getAttr(res->entry, "uid");
- if (value && value[0])
- (void) fprintf(stdout, "%s", value[0]);
- else
- return;
-
- (void) fprintf(stdout, ":");
- value = __ns_ldap_getAttr(res->entry, "SolarisAuditAlways");
- if (value && value[0])
- (void) fprintf(stdout, "%s", value[0]);
- (void) fprintf(stdout, ":");
- value = __ns_ldap_getAttr(res->entry, "SolarisAuditNever");
- if (value && value[0])
- (void) fprintf(stdout, "%s", value[0]);
- (void) fprintf(stdout, "\n");
-}
--- a/usr/src/cmd/ldap/ns_ldap/mapping.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/ldap/ns_ldap/mapping.c Wed Jul 07 16:44:54 2010 -0700
@@ -20,12 +20,9 @@
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <ctype.h>
#include <libintl.h>
#include <strings.h>
@@ -68,7 +65,6 @@
{"prof_attr", "cn", "SolarisProfAttr", NULL},
{"exec_attr", "cn", "SolarisExecAttr", NULL},
{"user_attr", "uid", "SolarisUserAttr", NULL},
- {"audit_user", "uid", "SolarisAuditUser", NULL},
{"tnrhtp", "ipTnetTemplateName", "ipTnetTemplate", NULL},
{"tnrhdb", "ipTnetNumber", "ipTnetHost", NULL},
{NULL, NULL, NULL, NULL}
@@ -115,15 +111,14 @@
int i;
(void) fprintf(stdout,
- gettext("database default type objectclass\n"));
+ gettext("database default type objectclass\n"));
(void) fprintf(stdout,
- gettext("============= ================= =============\n"));
+ gettext("============= ================= =============\n"));
/* first dump auto_* and automount which are not in maplist[] */
(void) fprintf(stdout, "%-15s%-20s%s\n", "auto_*", "automountKey",
- "automount");
+ "automount");
(void) fprintf(stdout, "%-15s%-20s%s\n", "automount",
- "automountMapName",
- "automountMap");
+ "automountMapName", "automountMap");
for (i = 0; maplist[i].database != NULL; i++) {
/* skip printing shadow */
if (strcasecmp(maplist[i].database, "shadow") == 0)
@@ -195,10 +190,10 @@
if (keyeq) {
(void) snprintf(keyfilter + len, totlen - len,
- "(%s)", k);
+ "(%s)", k);
} else {
(void) snprintf(keyfilter + len, totlen - len,
- "(%s=%s)", attrtype, k);
+ "(%s=%s)", attrtype, k);
}
karray++;
}
@@ -266,10 +261,10 @@
if (keyeq) {
(void) snprintf(pre_filter + len, totlen - len,
- "(%s)", k);
+ "(%s)", k);
} else {
(void) snprintf(pre_filter + len, totlen - len,
- "(%s=%s)", attrtype, k);
+ "(%s=%s)", attrtype, k);
}
karray++;
count++;
@@ -310,18 +305,17 @@
if (strcasecmp(database, maplist[PUBLICKEY].database) == SAME) {
rc = set_keys_publickey(key,
- maplist[PUBLICKEY + type].def_type, type,
- &keyfilter);
+ maplist[PUBLICKEY + type].def_type, type, &keyfilter);
switch (rc) {
case -1:
filterlen = strlen(maplist[PUBLICKEY].objectclass) + 13;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
- "objectclass=%s",
- maplist[PUBLICKEY].objectclass);
+ "objectclass=%s",
+ maplist[PUBLICKEY].objectclass);
(void) snprintf(userdata, udatalen, "%%s");
}
break;
@@ -329,16 +323,16 @@
return (NULL);
default:
filterlen = strlen(maplist[PUBLICKEY].objectclass) +
- strlen(keyfilter) + 18;
+ strlen(keyfilter) + 18;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ udatalen, nomem);
if (!nomem) {
- (void) snprintf(filter, filterlen,
- "(&(objectclass=%s)%s)",
- maplist[PUBLICKEY].objectclass, keyfilter);
- (void) snprintf(userdata, udatalen, "(&(%%s)%s)",
- keyfilter);
+ (void) snprintf(filter, filterlen,
+ "(&(objectclass=%s)%s)",
+ maplist[PUBLICKEY].objectclass, keyfilter);
+ (void) snprintf(userdata, udatalen,
+ "(&(%%s)%s)", keyfilter);
}
}
} else {
@@ -346,22 +340,22 @@
filterlen = 14;
udatalen = 3;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen,
- "objectclass=*");
+ "objectclass=*");
(void) snprintf(userdata, udatalen, "%%s");
}
} else {
filterlen = strlen(keyfilter) + 1;
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ udatalen, nomem);
if (!nomem) {
(void) snprintf(filter, filterlen, "%s",
- keyfilter);
+ keyfilter);
(void) snprintf(userdata, udatalen,
- "(&(%%s)%s)", keyfilter);
+ "(&(%%s)%s)", keyfilter);
}
}
}
@@ -431,39 +425,39 @@
else if (strcasecmp(database, "tnrhtp") == 0)
dbtp = 1;
if ((keyfilter = set_keys(key, maplist[i].def_type))
- == NULL) {
+ == NULL) {
filterlen = strlen(maplist[i].objectclass);
udatalen = 3;
if (dbpf)
filterlen += strlen(PROF_ATTR_FILTER)
- + 1;
+ + 1;
else if (dbtp)
filterlen += strlen(TNRHTP_FILTER) + 1;
else
filterlen += OC_FLEN;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ udatalen, nomem);
if (nomem)
goto done;
if (dbpf)
(void) snprintf(filter, filterlen,
- PROF_ATTR_FILTER, "");
+ PROF_ATTR_FILTER, "");
else if (dbtp)
(void) snprintf(filter, filterlen,
- TNRHTP_FILTER, "");
+ TNRHTP_FILTER, "");
else
(void) snprintf(filter, filterlen,
- OC_FILTER,
- maplist[i].objectclass);
+ OC_FILTER,
+ maplist[i].objectclass);
(void) snprintf(userdata, udatalen, "%%s");
} else {
filterlen = strlen(maplist[i].objectclass) +
- strlen(keyfilter);
+ strlen(keyfilter);
if (dbpf)
filterlen += strlen(PROF_ATTR_FILTER)
- + 1;
+ + 1;
else if (dbtp)
filterlen += strlen(TNRHTP_FILTER) + 1;
else
@@ -471,23 +465,22 @@
udatalen = strlen(keyfilter) + 8;
MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ udatalen, nomem);
if (nomem)
goto done;
if (dbpf)
(void) snprintf(filter, filterlen,
- PROF_ATTR_FILTER, keyfilter);
+ PROF_ATTR_FILTER, keyfilter);
else if (dbtp)
(void) snprintf(filter, filterlen,
- TNRHTP_FILTER, keyfilter);
+ TNRHTP_FILTER, keyfilter);
else
(void) snprintf(filter, filterlen,
- OC_FILTER2,
- maplist[i].objectclass,
- keyfilter);
+ OC_FILTER2,
+ maplist[i].objectclass, keyfilter);
(void) snprintf(userdata, udatalen,
- "(&(%%s)%s)", keyfilter);
+ "(&(%%s)%s)", keyfilter);
}
goto done;
}
@@ -497,121 +490,126 @@
/* auto_* services */
if (strncasecmp(database, "auto_", 5) == SAME) {
- if (v2) {
- if ((keyfilter = set_keys(key, "automountKey"))
- != NULL) {
- filterlen = strlen(keyfilter) + 27;
- udatalen = strlen(keyfilter) + 8;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) snprintf(filter, filterlen,
- "(&(objectclass=automount)%s)",
- keyfilter);
- (void) snprintf(userdata, udatalen,
- "(&(%%s)%s)", keyfilter);
+ if (v2) {
+ if ((keyfilter = set_keys(key, "automountKey"))
+ != NULL) {
+ filterlen = strlen(keyfilter) + 27;
+ udatalen = strlen(keyfilter) + 8;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) snprintf(filter, filterlen,
+ "(&(objectclass=automount)%s)",
+ keyfilter);
+ (void) snprintf(userdata, udatalen,
+ "(&(%%s)%s)", keyfilter);
+ }
+ } else {
+ filterlen = 22;
+ udatalen = 3;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) strlcpy(filter,
+ "objectclass=automount", filterlen);
+ (void) strlcpy(userdata, "%s",
+ udatalen);
+ }
}
} else {
- filterlen = 22;
- udatalen = 3;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) strlcpy(filter, "objectclass=automount",
- filterlen);
- (void) strlcpy(userdata, "%s", udatalen);
+ if ((keyfilter = set_keys(key, "cn")) != NULL) {
+ filterlen = strlen(keyfilter) + 27;
+ udatalen = strlen(keyfilter) + 8;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) snprintf(filter, filterlen,
+ "(&(objectclass=nisObject)%s)",
+ keyfilter);
+ (void) snprintf(userdata, udatalen,
+ "(&(%%s)%s)", keyfilter);
+ }
+ } else {
+ filterlen = 22;
+ udatalen = 3;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) strlcpy(filter,
+ "objectclass=nisObject", filterlen);
+ (void) strlcpy(userdata, "%s",
+ udatalen);
+ }
}
}
- } else {
- if ((keyfilter = set_keys(key, "cn")) != NULL) {
- filterlen = strlen(keyfilter) + 27;
- udatalen = strlen(keyfilter) + 8;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) snprintf(filter, filterlen,
- "(&(objectclass=nisObject)%s)", keyfilter);
- (void) snprintf(userdata, udatalen,
- "(&(%%s)%s)", keyfilter);
- }
- } else {
- filterlen = 22;
- udatalen = 3;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) strlcpy(filter, "objectclass=nisObject",
- filterlen);
- (void) strlcpy(userdata, "%s", udatalen);
- }
- }
- }
- goto done;
+ goto done;
}
/* automount service */
if (strcasecmp(database, "automount") == SAME) {
- if (v2) {
- if ((keyfilter = set_keys(key, "automountMapName"))
- != NULL) {
- filterlen = strlen(keyfilter) + 30;
- udatalen = strlen(keyfilter) + 8;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) snprintf(filter, filterlen,
- "(&(objectclass=automountMap)%s)",
- keyfilter);
- (void) snprintf(userdata, udatalen,
- "(&(%%s)%s)", keyfilter);
+ if (v2) {
+ if ((keyfilter = set_keys(key, "automountMapName"))
+ != NULL) {
+ filterlen = strlen(keyfilter) + 30;
+ udatalen = strlen(keyfilter) + 8;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) snprintf(filter, filterlen,
+ "(&(objectclass=automountMap)%s)",
+ keyfilter);
+ (void) snprintf(userdata, udatalen,
+ "(&(%%s)%s)", keyfilter);
+ }
+ } else {
+ filterlen = 25;
+ udatalen = 3;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) strlcpy(filter,
+ "objectclass=automountMap",
+ filterlen);
+ (void) strlcpy(userdata, "%s",
+ udatalen);
+ }
}
} else {
- filterlen = 25;
- udatalen = 3;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) strlcpy(filter,
- "objectclass=automountMap",
- filterlen);
- (void) strlcpy(userdata, "%s", udatalen);
+ if ((keyfilter = set_keys(key, "nisMapName"))
+ != NULL) {
+ filterlen = strlen(keyfilter) + 24;
+ udatalen = strlen(keyfilter) + 8;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) snprintf(filter, filterlen,
+ "(&(objectclass=nisMap)%s)",
+ keyfilter);
+ (void) snprintf(userdata, udatalen,
+ "(&(%%s)%s)", keyfilter);
+ }
+ } else {
+ filterlen = 19;
+ udatalen = 3;
+ MALLOC_FILTER_UDATA(filter, filterlen,
+ userdata, udatalen, nomem);
+ if (!nomem) {
+ (void) strlcpy(filter,
+ "objectclass=nisMap", filterlen);
+ (void) strlcpy(userdata, "%s",
+ udatalen);
+ }
}
}
- } else {
- if ((keyfilter = set_keys(key, "nisMapName"))
- != NULL) {
- filterlen = strlen(keyfilter) + 24;
- udatalen = strlen(keyfilter) + 8;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) snprintf(filter, filterlen,
- "(&(objectclass=nisMap)%s)",
- keyfilter);
- (void) snprintf(userdata, udatalen,
- "(&(%%s)%s)", keyfilter);
- }
- } else {
- filterlen = 19;
- udatalen = 3;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
- if (!nomem) {
- (void) strlcpy(filter, "objectclass=nisMap",
- filterlen);
- (void) strlcpy(userdata, "%s", udatalen);
- }
- }
- }
- goto done;
+ goto done;
}
/* other services (catch all) */
if ((keyfilter = set_keys(key, "cn")) == NULL) {
filterlen = 14;
udatalen = 3;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen,
+ nomem);
if (!nomem) {
(void) snprintf(filter, filterlen, "objectclass=*");
(void) strlcpy(userdata, "%s", udatalen);
@@ -619,12 +617,12 @@
} else {
filterlen = strlen(keyfilter) + 1;
udatalen = strlen(keyfilter) + 8;
- MALLOC_FILTER_UDATA(filter, filterlen, userdata,
- udatalen, nomem);
+ MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen,
+ nomem);
if (!nomem) {
(void) snprintf(filter, filterlen, "%s", keyfilter);
(void) snprintf(userdata, udatalen, "(&(%%s)%s)",
- keyfilter);
+ keyfilter);
}
}
--- a/usr/src/cmd/nscd/Makefile Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/Makefile Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
#
# Makefile for name service cache daemon
#
@@ -35,7 +34,7 @@
OBJS= server.o getpw.o getgr.o gethost.o getnode.o \
getether.o getrpc.o getproto.o getnet.o \
- getbootp.o getauuser.o getauth.o getserv.o \
+ getbootp.o getauth.o getserv.o \
getnetmasks.o getprinter.o getproject.o \
getexec.o getprof.o getuser.o cache.o \
nscd_biggest.o nscd_wait.o \
--- a/usr/src/cmd/nscd/cache.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/cache.c Wed Jul 07 16:44:54 2010 -0700
@@ -19,12 +19,9 @@
* CDDL HEADER END
*/
/*
- * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
/*
* Cache routines for nscd
*/
@@ -169,7 +166,6 @@
NSS_DBNAM_PROTOCOLS,
NSS_DBNAM_NETWORKS,
NSS_DBNAM_BOOTPARAMS,
- NSS_DBNAM_AUDITUSER,
NSS_DBNAM_AUTHATTR,
NSS_DBNAM_SERVICES,
NSS_DBNAM_NETMASKS,
@@ -193,7 +189,6 @@
proto_init_ctx,
net_init_ctx,
bootp_init_ctx,
- auuser_init_ctx,
auth_init_ctx,
serv_init_ctx,
netmask_init_ctx,
--- a/usr/src/cmd/nscd/cache.h Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/cache.h Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _NSCD_H
@@ -303,7 +302,7 @@
size_t bufsize;
} nsc_lookup_args_t;
-#define CACHE_CTX_COUNT 20
+#define CACHE_CTX_COUNT 19
/* Context initialization */
extern void passwd_init_ctx(nsc_ctx_t *);
@@ -318,7 +317,6 @@
extern void proto_init_ctx(nsc_ctx_t *);
extern void net_init_ctx(nsc_ctx_t *);
extern void bootp_init_ctx(nsc_ctx_t *);
-extern void auuser_init_ctx(nsc_ctx_t *);
extern void auth_init_ctx(nsc_ctx_t *);
extern void serv_init_ctx(nsc_ctx_t *);
extern void netmask_init_ctx(nsc_ctx_t *);
--- a/usr/src/cmd/nscd/getauuser.c Wed Jul 07 15:10:26 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-#pragma ident "%Z%%M% %I% %E% SMI"
-
-/*
- * Routines to handle getauuser* calls in nscd
- */
-
-#include "cache.h"
-
-#define nam_db ctx->nsc_db[0]
-#define NSC_NAME_AUDITUSER_BYNAME "getauusernam"
-
-void
-auuser_init_ctx(nsc_ctx_t *ctx) {
- ctx->dbname = NSS_DBNAM_AUDITUSER;
- ctx->file_name = "/etc/security/audit_user";
- ctx->db_count = 1;
- nam_db = make_cache(nsc_key_ces,
- NSS_DBOP_AUDITUSER_BYNAME,
- NSC_NAME_AUDITUSER_BYNAME,
- NULL, NULL, NULL, nsc_ht_default, -1);
-}
--- a/usr/src/cmd/nscd/nscd_cfgdef.h Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/nscd_cfgdef.h Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _NSCD_CFGDEF_H
@@ -857,12 +856,11 @@
}
/*
- * shadow, user_attr, and audit_user use the same switch policy
+ * shadow, and user_attr use the same switch policy
* as that of passwd. exec_attr use that of prof_attr.
*/
static char *nscd_cfg_shadow_cfg_db = NSS_DBNAM_PASSWD;
static char *nscd_cfg_userattr_cfg_db = NSS_DBNAM_PASSWD;
-static char *nscd_cfg_auuser_cfg_db = NSS_DBNAM_PASSWD;
static char *nscd_cfg_execattr_cfg_db = NSS_DBNAM_PROFATTR;
/*
@@ -913,14 +911,6 @@
sizeof (nscd_cfg_userattr_cfg_db)),
NSCD_CFG_DB_DEFAULT_PARAM(
- NSS_DBNAM_AUDITUSER,
- sw,
- nsw_config_db,
- nscd_cfg_switch_t,
- &nscd_cfg_auuser_cfg_db,
- sizeof (nscd_cfg_auuser_cfg_db)),
-
- NSCD_CFG_DB_DEFAULT_PARAM(
NSS_DBNAM_EXECATTR,
sw,
nsw_config_db,
--- a/usr/src/cmd/nscd/nscd_initf.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/nscd_initf.c Wed Jul 07 16:44:54 2010 -0700
@@ -19,12 +19,9 @@
* CDDL HEADER END
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <nss_common.h>
#include <nss_dbdefs.h>
#include "nscd_common.h"
@@ -239,12 +236,10 @@
_nss_initf_passwd_compat,
_nss_initf_group_compat,
/*
- * no initf() for pseudo-databases: passwd, shadow,
- * audit_user, user_attr, and group (when called from
- * the compat backend)
+ * no initf() for pseudo-databases: passwd, shadow, user_attr,
+ * and group (when called from the compat backend)
*/
NULL,
NULL,
NULL,
- NULL,
NULL};
--- a/usr/src/cmd/nscd/nscd_nswstate.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/nscd_nswstate.c Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#include <stdio.h>
@@ -423,7 +422,7 @@
* if getting a nsw state for a request from the compat
* backend, create the new switch structures if this
* is the first time around for a passwd, shadow, group,
- * audit_user, or user_attr database
+ * or user_attr database
*/
if (params->compati != -1) {
--- a/usr/src/cmd/nscd/server.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/nscd/server.c Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
* CDDL HEADER END
*/
/*
- * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
*/
/*
@@ -505,7 +504,7 @@
(void) fprintf(stderr,
"\n Supported caches:\n");
(void) fprintf(stderr,
- " audit_user, auth_attr, bootparams, ethers\n");
+ " auth_attr, bootparams, ethers\n");
(void) fprintf(stderr,
" exec_attr, group, hosts, ipnodes, netmasks\n");
(void) fprintf(stderr,
--- a/usr/src/cmd/oamuser/user/Makefile Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/oamuser/user/Makefile Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
#
# cmd/oamuser/user/Makefile
#
@@ -85,7 +84,7 @@
$(USERMOD) := OBJS = $(MOD_OBJ)
$(USERMOD) := LIBS = $(LIBUSRGRP)
-LDLIBS += -lsecdb -lproject -ltsol
+LDLIBS += -lbsm -lnsl -lsecdb -lproject -ltsol
.PARALLEL: $(OBJECTS)
--- a/usr/src/cmd/oamuser/user/funcs.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/oamuser/user/funcs.c Wed Jul 07 16:44:54 2010 -0700
@@ -35,9 +35,12 @@
#include <priv.h>
#include <errno.h>
#include <ctype.h>
+#include <nss.h>
+#include <bsm/libbsm.h>
#include <tsol/label.h>
#include "funcs.h"
#include "messages.h"
+#undef GROUP
#include "userdefs.h"
typedef struct ua_key {
@@ -57,6 +60,8 @@
static const char label[] = "label";
static const char idlecmd[] = "idlecmd value";
static const char idletime[] = "idletime value";
+static const char auditflags[] = "audit mask";
+static char auditerr[256];
static const char *check_auth(const char *);
@@ -69,6 +74,7 @@
static const char *check_label(const char *);
static const char *check_idlecmd(const char *);
static const char *check_idletime(const char *);
+static const char *check_auditflags(const char *);
int nkeys;
@@ -86,6 +92,7 @@
{ USERATTR_MINLABEL, check_label, label },
{ USERATTR_IDLECMD_KW, check_idlecmd, idlecmd },
{ USERATTR_IDLETIME_KW, check_idletime, idletime },
+ { USERATTR_AUDIT_FLAGS_KW, check_auditflags, auditflags },
};
#define NKEYS (sizeof (keys)/sizeof (ua_key_t))
@@ -464,3 +471,46 @@
return (NULL);
}
+
+static const char *
+check_auditflags(const char *auditflags)
+{
+ au_mask_t mask;
+ char *flags;
+ char *last = NULL;
+ char *err = "NULL";
+
+ /* if deleting audit_flags */
+ if (*auditflags == '\0') {
+ return (NULL);
+ }
+
+ if ((flags = _strdup_null((char *)auditflags)) == NULL) {
+ errmsg(M_NOSPACE);
+ exit(EX_FAILURE);
+ }
+
+ if (!__chkflags(_strtok_escape(flags, KV_AUDIT_DELIMIT, &last), &mask,
+ B_FALSE, &err)) {
+ (void) snprintf(auditerr, sizeof (auditerr),
+ "always mask \"%s\"", err);
+ free(flags);
+ return (auditerr);
+ }
+ if (!__chkflags(_strtok_escape(NULL, KV_AUDIT_DELIMIT, &last), &mask,
+ B_FALSE, &err)) {
+ (void) snprintf(auditerr, sizeof (auditerr),
+ "never mask \"%s\"", err);
+ free(flags);
+ return (auditerr);
+ }
+ if (last != NULL) {
+ (void) snprintf(auditerr, sizeof (auditerr), "\"%s\"",
+ auditflags);
+ free(flags);
+ return (auditerr);
+ }
+ free(flags);
+
+ return (NULL);
+}
--- a/usr/src/cmd/passmgmt/Makefile Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/passmgmt/Makefile Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
#
@@ -40,7 +39,7 @@
.KEEP_STATE:
-LDLIBS += -lsecdb
+LDLIBS += -lsecdb -lnsl
all: $(PROG) $(TXTS)
--- a/usr/src/cmd/passmgmt/passmgmt.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/passmgmt/passmgmt.c Wed Jul 07 16:44:54 2010 -0700
@@ -19,16 +19,12 @@
* CDDL HEADER END
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
-
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#include <stdio.h>
#include <sys/types.h>
#include <shadow.h>
@@ -44,6 +40,7 @@
#include <fcntl.h>
#include <secdb.h>
#include <user_attr.h>
+#include <nss.h>
#define CMT_SIZE (128+1) /* Argument sizes + 1 (for '\0') */
#define DIR_SIZE (256+1)
@@ -98,6 +95,7 @@
{ '\0', USERATTR_MINLABEL },
{ '\0', USERATTR_IDLECMD_KW },
{ '\0', USERATTR_IDLETIME_KW },
+{ '\0', USERATTR_AUDIT_FLAGS_KW },
};
#define UA_KEYS (sizeof (ua_opts)/sizeof (kvopts_t))
@@ -207,7 +205,7 @@
for (i = j = 0; i < user->attr->length; i++) {
key = kv_pair[i].key;
- val = kv_pair[i].value;
+ val = _escape(kv_pair[i].value, KV_SPECIAL);
if ((key == NULL) || (val == NULL))
break;
if (strlen(val) == 0)
@@ -367,7 +365,7 @@
/* parse the command line */
while ((c = getopt(argc, argv,
- "ml:c:h:u:g:s:f:e:k:A:P:R:T:oadK:")) != -1) {
+ "ml:c:h:u:g:s:f:e:k:A:P:R:T:oadK:")) != -1) {
switch (c) {
case 'm':
@@ -448,24 +446,24 @@
strpbrk(optarg, ":\n"))
bad_arg("Invalid argument to option -c");
- optn_mask |= C_MASK;
- passwd_st.pw_comment = optarg;
- passwd_st.pw_gecos = optarg;
- break;
+ optn_mask |= C_MASK;
+ passwd_st.pw_comment = optarg;
+ passwd_st.pw_gecos = optarg;
+ break;
case 'h' :
- /* The home directory */
+ /* The home directory */
- if ((D_MASK|H_MASK) & optn_mask)
- bad_usage("Invalid combination of options");
+ if ((D_MASK|H_MASK) & optn_mask)
+ bad_usage("Invalid combination of options");
- if (strlen(optarg) > (size_t)DIR_SIZE ||
- strpbrk(optarg, ":\n"))
- bad_arg("Invalid argument to option -h");
+ if (strlen(optarg) > (size_t)DIR_SIZE ||
+ strpbrk(optarg, ":\n"))
+ bad_arg("Invalid argument to option -h");
- optn_mask |= H_MASK;
- passwd_st.pw_dir = optarg;
- break;
+ optn_mask |= H_MASK;
+ passwd_st.pw_dir = optarg;
+ break;
case 'u' :
/* The uid */
@@ -551,9 +549,10 @@
for (i = 0; i < UA_KEYS; i++) {
if (strcmp(optarg, ua_opts[i].key) == 0) {
- ua_opts[i].newvalue = char_p;
+ ua_opts[i].newvalue =
+ _escape(char_p, KV_SPECIAL);
assign_attr(&userattr_st, optarg,
- char_p);
+ char_p);
break;
}
}
@@ -570,21 +569,25 @@
default :
/* Extended User Attributes */
{
- int j;
+ int j;
- for (j = 0; j < UA_KEYS; j++) {
- if (ua_opts[j].option == (char)c) {
- if ((D_MASK) & optn_mask)
- bad_usage("Invalid combination"
- " of options");
- optn_mask |= UATTR_MASK;
- assign_attr(&userattr_st,
- ua_opts[j].key, optarg);
- ua_opts[j].newvalue = optarg;
- break;
+ for (j = 0; j < UA_KEYS; j++) {
+ if (ua_opts[j].option == (char)c) {
+ if ((D_MASK) & optn_mask)
+ bad_usage("Invalid "
+ "combination of "
+ " options");
+ optn_mask |= UATTR_MASK;
+ assign_attr(&userattr_st,
+ ua_opts[j].key,
+ _escape(optarg,
+ KV_SPECIAL));
+ ua_opts[j].newvalue =
+ _escape(optarg, KV_SPECIAL);
+ break;
+ }
}
- }
- break;
+ break;
}
}
}
@@ -601,8 +604,8 @@
((optn_mask & M_MASK) &&
!(optn_mask &
(L_MASK|C_MASK|H_MASK|U_MASK|G_MASK|S_MASK|F_MASK|
- E_MASK|UATTR_MASK))))
- bad_usage("Invalid command syntax");
+ E_MASK|UATTR_MASK))))
+ bad_usage("Invalid command syntax");
/* null string argument or bad characters ? */
if ((strlen(argv[optind]) == 0) || strpbrk(argv[optind], ":\n"))
@@ -637,8 +640,8 @@
/* Check the number of password files we are touching */
if ((!((M_MASK & optn_mask) && !(L_MASK & optn_mask))) ||
- ((M_MASK & optn_mask) && ((E_MASK & optn_mask) ||
- (F_MASK & optn_mask))))
+ ((M_MASK & optn_mask) && ((E_MASK & optn_mask) ||
+ (F_MASK & optn_mask))))
info_mask |= BOTH_FILES;
if ((D_MASK|L_MASK|UATTR_MASK) & optn_mask)
@@ -656,10 +659,10 @@
if (unlink(PASSTEMP)) {
msg = "%s: warning: cannot unlink %s\n";
(void) fprintf(stderr, gettext(msg), prognamp,
- PASSTEMP);
+ PASSTEMP);
}
fd_ptemp = open(PASSTEMP, O_CREAT|O_EXCL|O_WRONLY,
- statbuf.st_mode);
+ statbuf.st_mode);
if (fd_ptemp == -1) {
file_error();
}
@@ -678,7 +681,7 @@
if (unlink(PASSTEMP)) {
msg = "%s: warning: cannot unlink %s\n";
(void) fprintf(stderr, gettext(msg), prognamp,
- PASSTEMP);
+ PASSTEMP);
}
file_error();
}
@@ -695,11 +698,10 @@
if (unlink(SHADTEMP)) {
msg = "%s: warning: cannot unlink %s\n";
(void) fprintf(stderr, gettext(msg),
- prognamp, SHADTEMP);
+ prognamp, SHADTEMP);
}
fd_stemp = open(SHADTEMP,
- O_CREAT|O_EXCL|O_WRONLY,
- statbuf.st_mode);
+ O_CREAT|O_EXCL|O_WRONLY, statbuf.st_mode);
if (fd_stemp == -1) {
rid_tmpf();
file_error();
@@ -736,11 +738,10 @@
if (unlink(USERATTR_TEMP)) {
msg = "%s: warning: cannot unlink %s\n";
(void) fprintf(stderr, gettext(msg),
- prognamp, USERATTR_TEMP);
+ prognamp, USERATTR_TEMP);
}
fd_uatemp = open(USERATTR_TEMP,
- O_CREAT|O_EXCL|O_WRONLY,
- statbuf.st_mode);
+ O_CREAT|O_EXCL|O_WRONLY, statbuf.st_mode);
if (fd_uatemp == -1) {
rid_tmpf();
file_error();
@@ -913,10 +914,10 @@
if (optn_mask & C_MASK) {
pw_ptr1p->pw_comment =
- passwd_st.pw_comment;
+ passwd_st.pw_comment;
pw_ptr1p->pw_gecos =
- passwd_st.pw_comment;
+ passwd_st.pw_comment;
}
if (optn_mask & H_MASK)
@@ -999,7 +1000,7 @@
}
while ((n = fread(buf, sizeof (char), 1024, pwf)) > 0) {
if (fwrite(buf, sizeof (char), n, fp_ptemp)
- != n) {
+ != n) {
rid_tmpf();
file_error();
}
@@ -1076,10 +1077,10 @@
sp_ptr1p->sp_namp = shadow_st.sp_namp;
if (F_MASK & optn_mask)
sp_ptr1p->sp_inact =
- shadow_st.sp_inact;
+ shadow_st.sp_inact;
if (E_MASK & optn_mask)
sp_ptr1p->sp_expire =
- shadow_st.sp_expire;
+ shadow_st.sp_expire;
ck_s_sz(sp_ptr1p);
}
@@ -1240,7 +1241,7 @@
continue;
value =
kva_match(ua_ptr1p->attr,
- (char *)ua_opts[j].key);
+ (char *)ua_opts[j].key);
if (value == NULL)
continue;
assign_attr(&userattr_st,
@@ -1460,14 +1461,14 @@
uid_p = uid_p->link;
else if (uid >= uid_p->low &&
- uid <= uid_p->high) {
+ uid <= uid_p->high) {
uid_p = NULL;
}
else if (uid == (uid_p->high+1)) {
if (++uid_p->high ==
- (uid_p->link->low - 1)) {
+ (uid_p->link->low - 1)) {
uid_bcom(uid_p);
}
uid_p = NULL;
@@ -1490,7 +1491,7 @@
uid_p->high++;
uid_p = NULL;
} else if (uid >= uid_p->low &&
- uid <= uid_p->high) {
+ uid <= uid_p->high) {
uid_p = NULL;
} else {
add_ublk(uid, uid_p);
@@ -1611,11 +1612,11 @@
/* fields will fit in a passwd entry. The 1 accounts for the */
/* newline and the 6 accounts for the colons (:'s) */
if (((int)strlen(pwp->pw_name) + 1 +
- sprintf(ctp, "%d", pwp->pw_uid) +
- sprintf(ctp, "%d", pwp->pw_gid) +
- (int)strlen(pwp->pw_comment) +
- (int)strlen(pwp->pw_dir) +
- (int)strlen(pwp->pw_shell) + 6) > (ENTRY_LENGTH-1)) {
+ sprintf(ctp, "%d", pwp->pw_uid) +
+ sprintf(ctp, "%d", pwp->pw_gid) +
+ (int)strlen(pwp->pw_comment) +
+ (int)strlen(pwp->pw_dir) +
+ (int)strlen(pwp->pw_shell) + 6) > (ENTRY_LENGTH-1)) {
rid_tmpf();
bad_arg("New password entry too long");
}
@@ -1631,13 +1632,13 @@
/* fields will fit in a shadow entry. The 1 accounts for the */
/* newline and the 7 accounts for the colons (:'s) */
if (((int)strlen(ssp->sp_namp) + 1 +
- (int)strlen(ssp->sp_pwdp) +
- sprintf(ctp, "%d", ssp->sp_lstchg) +
- sprintf(ctp, "%d", ssp->sp_min) +
- sprintf(ctp, "%d", ssp->sp_max) +
- sprintf(ctp, "%d", ssp->sp_warn) +
- sprintf(ctp, "%d", ssp->sp_inact) +
- sprintf(ctp, "%d", ssp->sp_expire) + 7) > (ENTRY_LENGTH - 1)) {
+ (int)strlen(ssp->sp_pwdp) +
+ sprintf(ctp, "%d", ssp->sp_lstchg) +
+ sprintf(ctp, "%d", ssp->sp_min) +
+ sprintf(ctp, "%d", ssp->sp_max) +
+ sprintf(ctp, "%d", ssp->sp_warn) +
+ sprintf(ctp, "%d", ssp->sp_inact) +
+ sprintf(ctp, "%d", ssp->sp_expire) + 7) > (ENTRY_LENGTH - 1)) {
rid_tmpf();
bad_arg("New password entry too long");
}
@@ -1660,7 +1661,7 @@
if (unlink(SHADTEMP)) {
msg = "%s: warning: cannot unlink %s\n";
(void) fprintf(stderr, gettext(msg), prognamp,
- SHADTEMP);
+ SHADTEMP);
}
}
@@ -1670,7 +1671,7 @@
if (unlink(USERATTR_TEMP)) {
msg = "%s: warning: cannot unlink %s\n";
(void) fprintf(stderr, gettext(msg), prognamp,
- USERATTR_TEMP);
+ USERATTR_TEMP);
}
}
}
--- a/usr/src/cmd/ypcmd/net_files/Makefile Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/cmd/ypcmd/net_files/Makefile Wed Jul 07 16:44:54 2010 -0700
@@ -18,8 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
#
# Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T
# All Rights Reserved
@@ -28,8 +27,6 @@
# under license from the Regents of the University of
# California.
#
-# ident "%Z%%M% %I% %E% SMI"
-#
#----
# It is somewhat confusing to note that Solaris 2.x uses /etc/auto_master
# instead of the 4.x /etc/auto.master file name because of NIS+ treating a
@@ -46,7 +43,7 @@
#
INETDIR=/etc/inet
#
-# If the audit_user, auth_attr, exec_attr, prof_attr files
+# If the auth_attr, exec_attr, prof_attr files
# live in a directory other than /etc/security, then you'll
# need to change the following line.
#
@@ -84,7 +81,7 @@
all: passwd group hosts ipnodes ethers networks rpc services protocols \
netgroup bootparams aliases publickey netid netmasks c2secure \
timezone auto.master auto.home ageing \
- auth.attr exec.attr prof.attr user.attr audit.user
+ auth.attr exec.attr prof.attr user.attr
c2secure:
-@if [ -f $(PWDIR)/security/passwd.adjunct ]; then \
@@ -444,26 +441,6 @@
echo "couldn't find $(DIR)/user_attr"; \
fi
-audit.user.time: $(RBACDIR)/audit_user
- -@if [ -f $(RBACDIR)/audit_user ]; then \
- sed -e "/^#/d" -e s/#.*$$// $(RBACDIR)/audit_user \
- |sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \
- -e 's/\\$$/\\/;t l' -e } \
- | (nawk 'BEGIN { FS=":"; OFS="\t" } /^[a-zA-Z0-9_]/ \
- {print $$1, $$0 }' $(CHKPIPE)) \
- | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/audit_user; \
- touch audit.user.time; \
- echo "updated audit_user"; \
- if [ ! $(NOPUSH) ]; then \
- $(YPPUSH) audit_user; \
- echo "pushed audit_user"; \
- else \
- : ; \
- fi \
- else \
- echo "couldn't find $(RBACDIR)/audit_user"; \
- fi
-
ageing.time: $(PWDIR)/shadow
-@if [ -f $(PWDIR)/shadow ]; then \
(awk 'BEGIN {FS=":"; OFS=":"} $$1 !~ /^#/ {printf "%s\t%s:%s:%s:%s:%s:%s:%s:%s\n", $$1,$$1,$$3,$$4,$$5,$$6,$$7,$$8,$$9}' $(PWDIR)/shadow) | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/ageing.byname; \
@@ -473,8 +450,6 @@
echo "couldn't find $(PWDIR)/shadow"; \
fi
-
-
passwd: passwd.time
group: group.time
project: project.time
@@ -500,7 +475,6 @@
exec.attr:exec.attr.time
prof.attr:prof.attr.time
user.attr:user.attr.time
-audit.user:audit.user.time
$(DIR)/netid:
$(DIR)/timezone:
$(DIR)/auto_master:
@@ -510,5 +484,4 @@
$(DIR)/exec_attr:
$(DIR)/prof_attr:
$(DIR)/user_attr:
-$(DIR)/audit_user:
ageing: ageing.time
--- a/usr/src/head/secdb.h Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/head/secdb.h Wed Jul 07 16:44:54 2010 -0700
@@ -43,7 +43,7 @@
#define KV_EMPTY ""
#define KV_ESCAPE '\\'
#define KV_ADD_KEYS 16 /* number of key value pairs to realloc */
-#define KV_SPECIAL "=;:\\";
+#define KV_SPECIAL "=;:\\"
#define KV_TOKEN_DELIMIT ":"
#define KV_WILDCARD "*"
#define KV_WILDCHAR '*'
@@ -52,6 +52,7 @@
#define KV_SEPSTR ","
#define KV_OBJECTCHAR '/'
#define KV_OBJECT "/"
+#define KV_AUDIT_DELIMIT ":"
#define KV_FLAG_NONE 0x0000
#define KV_FLAG_REQUIRED 0x0001
--- a/usr/src/head/user_attr.h Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/head/user_attr.h Wed Jul 07 16:44:54 2010 -0700
@@ -19,15 +19,12 @@
* CDDL HEADER END
*/
/*
- * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _USER_ATTR_H
#define _USER_ATTR_H
-#pragma ident "%Z%%M% %I% %E% SMI"
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -107,6 +104,7 @@
#define USERATTR_PASSWD_AUTOMATIC "automatic"
#define USERATTR_PASSWD_MANUAL "manual"
#define USERATTR_TYPE_ROLE USERATTR_TYPE_NONADMIN_KW
+#define USERATTR_AUDIT_FLAGS_KW "audit_flags"
/*
--- a/usr/src/lib/libbc/libc/gen/common/getfaudflgs.c Wed Jul 07 15:10:26 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright 1992 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-#pragma ident "%Z%%M% %I% %E% SMI"
-
-#include <sys/types.h>
-#include <sys/label.h>
-#include <sys/audit.h>
-
-#define MAXSTRLEN 360
-
-/* getfaudflgs.c */
-
-/*
- * getfauditflags() - combines system event flag mask with user event
- * flag masks.
- *
- * input: usremasks->as_success - always audit on success
- * usremasks->as_failure - always audit on failure
- * usrdmasks->as_success - never audit on success
- * usrdmasks->as_failure - never audit on failure
- *
- * output: lastmasks->as_success - audit on success
- * lastmasks->as_failure - audit on failure
- *
- * returns: 0 - ok
- * -1 - error
- */
-
-int
-getfauditflags(audit_state_t *usremasks, audit_state_t *usrdmasks,
- audit_state_t *lastmasks)
-{
- int len = MAXSTRLEN, retstat = 0;
- char s_auditstring[MAXSTRLEN];
- audit_state_t masks;
-
- masks.as_success = 0;
- masks.as_failure = 0;
- /*
- * get system audit mask and convert to bit mask
- */
- if ((getacflg(s_auditstring, len)) >= 0) {
- if ((getauditflagsbin(s_auditstring, &masks)) != 0)
- retstat = -1;
- } else
- retstat = -1;
-
- /*
- * combine system and user event masks
- */
- if (retstat == 0) {
- lastmasks->as_success = masks.as_success;
- lastmasks->as_failure = masks.as_failure;
-
- lastmasks->as_success |= usremasks->as_success;
- lastmasks->as_failure |= usremasks->as_failure;
-
- lastmasks->as_success &= ~(usrdmasks->as_success);
- lastmasks->as_failure &= ~(usrdmasks->as_failure);
- }
- return (retstat);
-}
--- a/usr/src/lib/libbc/sparc/Makefile Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libbc/sparc/Makefile Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
#
#
@@ -61,7 +60,7 @@
drand48.o dysize.o errlst.o execvp.o exit.o exportent.o ecvt.o\
fabs.o fmod.o frexp.o\
fstab.o ftok.o ftw.o getacinfo.o getauid.o getauditflags.o \
-getcwd.o getenv.o getfaudflgs.o getgraent.o getlogin.o \
+getcwd.o getenv.o getgraent.o getlogin.o \
getopt.o getsubopt.o getpwaent.o getttyent.o\
getttynam.o getusershell.o grpauth.o hsearch.o\
ieee_globals.o index.o isatty.o \
--- a/usr/src/lib/libbsm/Makefile Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libbsm/Makefile Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
#
include ../Makefile.lib
@@ -71,7 +70,7 @@
ROOTETCSECURITY = $(ROOT)/etc/security
$(ROOTETCSECURITY) := DIRMODE = 0755
-ESFILES = audit_class audit_control audit_event audit_user
+ESFILES = audit_class audit_control audit_event
ESSRC = $(ESFILES:%=%.txt)
ETCSECURITYFILES = $(ESFILES:%=$(ROOTETCSECURITY)/%)
$(ETCSECURITYFILES) := FILEMODE = 0644
--- a/usr/src/lib/libbsm/Makefile.com Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libbsm/Makefile.com Wed Jul 07 16:44:54 2010 -0700
@@ -19,8 +19,7 @@
# CDDL HEADER END
#
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
#
LIBRARY = libbsm.a
@@ -53,7 +52,6 @@
audit_rshd.o \
audit_settid.o \
audit_shutdown.o \
- audit_user.o \
bsm.o \
generic.o \
getacinfo.o \
--- a/usr/src/lib/libbsm/audit_user.txt Wed Jul 07 15:10:26 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-#
-# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License"). You may not use this file except in compliance
-# with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# ident "%Z%%M% %I% %E% SMI"
-#
-#
-# User Level Audit User File
-#
-# File Format
-#
-# username:always:never
-#
-root:lo:no
--- a/usr/src/lib/libbsm/common/au_usermask.c Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libbsm/common/au_usermask.c Wed Jul 07 16:44:54 2010 -0700
@@ -20,83 +20,90 @@
*/
/*
- * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
+ * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
*/
-#include <sys/types.h>
-#include <stdio.h>
-#include <bsm/audit.h>
+#include <errno.h>
+#include <nss.h>
+#include <secdb.h>
+#include <stdlib.h>
+#include <string.h>
+#include <user_attr.h>
+#include <zone.h>
+
#include <bsm/libbsm.h>
-#define AUDITSTRING_LEN 512
+#include <adt_xlate.h> /* adt_write_syslog */
+
+/* ARGSUSED */
+static int
+audit_flags(const char *name, kva_t *kva, void *ctxt, void *pres)
+{
+ char *val;
+
+ if ((val = kva_match(kva, USERATTR_AUDIT_FLAGS_KW)) != NULL) {
+ if ((*(char **)ctxt = strdup(val)) == NULL) {
+ adt_write_syslog("au_user_mask strdup failed", errno);
+ }
+ return (1);
+ }
+ return (0);
+}
/*
- * Initialize audit preselection mask. This function should be used
- * by applications like login that set the process preselection mask
- * when a connection or a session is created.
+ * Build user's audit preselection mask.
*
- * First, the system wide default audit flags are obtained
- * from the audit_control(5) file.
- *
- * Next, the "always audit" flags, obtained from the audit_user(5) database,
- * are added.
+ * per-user audit flags are optional and may be missing.
+ * If global zone auditing is set, a local zone cannot reduce the default
+ * flags.
*
- * Finally, the "never audit" flags, also obtained from the audit_user(5)
- * database, are subtracted.
- *
- * The mask returned can be expressed as:
- *
- * (default audit flags + alway audit flags) - never audit flags
- *
- * If the lookup to audit_control(5) fails, then this function returns
- * an error. If the lookup to audit_user(5), the function silently
- * continues.
+ * success flags = (system default success flags + per-user always success) -
+ * per-user never success flags
+ * failure flags = (system default failure flags + per-user always failure) -
+ * per-user never failure flags
*/
+
int
-au_user_mask(char *username, au_mask_t *p_mask)
+au_user_mask(char *user, au_mask_t *mask)
{
- char auditstring[AUDITSTRING_LEN];
- au_user_ent_t *p_user = NULL;
- int retval = -1;
-
- if (p_mask == NULL)
- return (-1);
+ char *last = NULL;
+ char deflt[360]; /* matches stuff in getac*.c */
+ char *user_flags = NULL;
- /*
- * Get the system wide default audit flags out of the audit_control(5)
- * file.
- */
- setac();
- if (getacflg(auditstring, AUDITSTRING_LEN) == 0) {
- if (getauditflagsbin(auditstring, p_mask) == 0) {
- retval = 0;
- }
- }
- endac();
-
- /*
- * If you can't get the system wide flags, return an error code
- * now and don't bother trying to get the user specific flags.
- */
- if (retval != 0) {
+ if (mask == NULL) {
return (-1);
}
/*
- * Get the always audit flags and the never audit flags from
- * the audit_user(5) database.
+ * Get the default audit flags.
+ */
+
+ setac();
+ if (getacflg(deflt, sizeof (deflt)) != 0) {
+ endac();
+ return (-1);
+ }
+ endac();
+ (void) getauditflagsbin(deflt, mask);
+
+ /*
+ * Get per-user audit flags.
*/
- setauuser();
- if ((p_user = getauusernam(username)) != (au_user_ent_t *)NULL) {
- /* Add always audit flags. */
- p_mask->as_success |= p_user->au_always.as_success;
- p_mask->as_failure |= p_user->au_always.as_failure;
- /* Subtract never audit flags. */
- p_mask->as_success &= ~(p_user->au_never.as_success);
- p_mask->as_failure &= ~(p_user->au_never.as_failure);
+ (void) _enum_attrs(user, audit_flags, &user_flags, NULL);
+ if (user_flags != NULL) {
+ au_user_ent_t per_user;
+
+ (void) getauditflagsbin(_strtok_escape(user_flags,
+ KV_AUDIT_DELIMIT, &last), &(per_user.au_always));
+ (void) getauditflagsbin(_strtok_escape(NULL,
+ KV_AUDIT_DELIMIT, &last), &(per_user.au_never));
+ /* merge default and per-user */
+ mask->as_success |= per_user.au_always.as_success;
+ mask->as_failure |= per_user.au_always.as_failure;
+ mask->as_success &= ~(per_user.au_never.as_success);
+ mask->as_failure &= ~(per_user.au_never.as_failure);
+ free(user_flags);
}
- endauuser();
return (0);
}
--- a/usr/src/lib/libbsm/common/audit_user.c Wed Jul 07 15:10:26 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,141 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License (the "License").
- * You may not use this file except in compliance with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-
-/*
- * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
- * Use is subject to license terms.
- */
-
-/* Interfaces to audit_user(4) (/etc/security/audit_user) */
-
-#include <stdio.h>
-#include <limits.h>
-#include <sys/types.h>
-#include <string.h>
-#include <bsm/audit.h>
-#include <bsm/libbsm.h>
-#include <synch.h>
-#include <nss_dbdefs.h>
-#include <stdlib.h>
-#include <utmpx.h>
-
-#define MAX_USERNAME sizeof (((struct utmpx *)0)->ut_user)
-
-static mutex_t mutex_userfile = DEFAULTMUTEX;
-static au_user_ent_t *auuserstr2ent(au_user_ent_t *, au_user_str_t *);
-
-/* Externs from libnsl */
-extern void _setauuser(void);
-extern void _endauuser(void);
-extern au_user_str_t *_getauuserent(au_user_str_t *, char *, int, int *);
-extern au_user_str_t *_getauusernam(char *, au_user_str_t *, char *, int,
- int *);
-
-void
-setauuser()
-{
- (void) mutex_lock(&mutex_userfile);
- _setauuser();
- (void) mutex_unlock(&mutex_userfile);
-}
-
-void
-endauuser()
-{
- (void) mutex_lock(&mutex_userfile);
- _endauuser();
- (void) mutex_unlock(&mutex_userfile);
-}
-
-au_user_ent_t *
-getauuserent()
-{
- static au_user_ent_t au_user_entry;
- static char logname[MAX_USERNAME+1];
-
- /* initialize au_user_entry structure */
- au_user_entry.au_name = logname;
-
- return (getauuserent_r(&au_user_entry));
-
-}
-
-au_user_ent_t *
-getauuserent_r(au_user_ent_t *au_user_entry)
-{
- au_user_str_t us;
- au_user_str_t *tmp;
- char buf[NSS_BUFLEN_AUDITUSER];
- int errp = 0;
-
- (void) mutex_lock(&mutex_userfile);
- (void) memset(buf, NULL, NSS_BUFLEN_AUDITUSER);
- tmp = _getauuserent(&us, buf, NSS_BUFLEN_AUDITUSER, &errp);
- (void) mutex_unlock(&mutex_userfile);
-
- return (auuserstr2ent(au_user_entry, tmp));
-}
-
-au_user_ent_t *
-getauusernam(char *name)
-{
- static au_user_ent_t u;
- static char logname[MAX_USERNAME+1];
-
- /* initialize au_user_entry structure */
- u.au_name = logname;
-
- return (getauusernam_r(&u, name));
-}
-
-au_user_ent_t *
-getauusernam_r(au_user_ent_t *u, char *name)
-{
- au_user_str_t us;
- au_user_str_t *tmp;
- char buf[NSS_BUFLEN_AUDITUSER];
- int errp = 0;
-
- if (name == NULL) {
- return ((au_user_ent_t *)NULL);
- }
- tmp = _getauusernam(name, &us, buf, NSS_BUFLEN_AUDITUSER, &errp);
-
- return (auuserstr2ent(u, tmp));
-}
-
-static au_user_ent_t *
-auuserstr2ent(au_user_ent_t *ue, au_user_str_t *us)
-{
- if (us == NULL)
- return (NULL);
-
- if (getauditflagsbin(us->au_always, &ue->au_always) < 0) {
- return (NULL);
- }
- if (getauditflagsbin(us->au_never, &ue->au_never) < 0) {
- ue->au_never.am_success = AU_MASK_NONE;
- ue->au_never.am_failure = AU_MASK_NONE;
- }
- (void) strncpy(ue->au_name, us->au_name, MAX_USERNAME);
-
- return (ue);
-}
--- a/usr/src/lib/libbsm/common/libbsm.h Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libbsm/common/libbsm.h Wed Jul 07 16:44:54 2010 -0700
@@ -176,18 +176,6 @@
extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *);
/*
- * Functions that manipulate audit attributes of users
- */
-
-void setauuser(void);
-void endauuser(void);
-
-au_user_ent_t *getauuserent(void);
-au_user_ent_t *getauuserent_r(au_user_ent_t *);
-au_user_ent_t *getauusernam(char *);
-au_user_ent_t *getauusernam_r(au_user_ent_t *, char *);
-
-/*
* Functions that manipulate the audit control file
*/
@@ -239,8 +227,6 @@
extern int setaudit_addr(auditinfo_addr_t *, int);
extern int setauid(au_id_t *);
-#define BSM_TEXTBUFSZ 256 /* size of string for generic text token */
-
/*
* Defines for au_preselect(3)
*/
--- a/usr/src/lib/libbsm/common/mapfile-vers Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libbsm/common/mapfile-vers Wed Jul 07 16:44:54 2010 -0700
@@ -67,8 +67,6 @@
getauevent_r;
getauevnam_r;
getauevnum_r;
- getauuserent_r;
- getauusernam_r;
} SUNW_0.7;
SYMBOL_VERSION SUNW_0.7 {
@@ -99,7 +97,6 @@
endac;
endauclass;
endauevent;
- endauuser;
getacdir;
getacflg;
getacmin;
@@ -114,15 +111,12 @@
getauevnonam;
getauevnum;
getauid;
- getauuserent;
- getauusernam;
getfauditflags;
setac;
setauclass;
setaudit;
setauevent;
setauid;
- setauuser;
};
SYMBOL_VERSION SUNWprivate_1.1 {
--- a/usr/src/lib/libsecdb/user_attr.txt Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/lib/libsecdb/user_attr.txt Wed Jul 07 16:44:54 2010 -0700
@@ -1,6 +1,5 @@
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
#
# CDDL HEADER START
#
@@ -26,7 +25,7 @@
# user attributes. see user_attr(4)
#
#
-root::::auths=solaris.*,solaris.grant;profiles=All;lock_after_retries=no;min_label=admin_low;clearance=admin_high
+root::::auths=solaris.*,solaris.grant;profiles=All;audit_flags=lo\:no;lock_after_retries=no;min_label=admin_low;clearance=admin_high
lp::::profiles=Printer Management
adm::::profiles=Log Management
dladm::::auths=solaris.smf.manage.wpa,solaris.smf.modify
--- a/usr/src/pkg/manifests/SUNWcs.mf Wed Jul 07 15:10:26 2010 -0700
+++ b/usr/src/pkg/manifests/SUNWcs.mf Wed Jul 07 16:44:54 2010 -0700
@@ -442,7 +442,6 @@
file path=etc/security/audit_class group=sys preserve=renamenew
file path=etc/security/audit_control group=sys preserve=renamenew
file path=etc/security/audit_event group=sys preserve=renamenew
-file path=etc/security/audit_user group=sys preserve=renamenew
file path=etc/security/audit_warn group=sys mode=0740 preserve=renamenew
file path=etc/security/auth_attr group=sys preserve=true \
timestamp=19700101T000000Z