chkperm.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2000 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
*
* chkperm -t cap-name [-u username]
*
* Test the user's permission or preference for cap-name.
* cap-name is a capability that chkperm understands
* the current list is:
*
* unix - can the user escape to the shell with the unix command
* admin - does the user have the System Admin menu entry
* invoke - does the user invoke FACE at login
* exit - does the user get a confirmation when exiting FACE
* progs - does the user have personal programs installed
* NOTE: this is used by user vmsys to determine
* if any global applications are installed
*
* if the user has permission for the feature or the preference
* is selected, chkperm does a return(0) else it does return(1)
*
* if there is no entry for the user in the permission file,
* an entry is created with default values and the default
* value for the selected cap-name is returned.
* The default values are:
*
* unix - yes
* admin - no
* invoke - no
* exit - yes
* progs - no
*
* if the -u option is specified, its argument overides the username
* of the user who invoked the command.
*
*
* chkperm -e cap-name [-u username]
*
* echo the value of the cap-name for the user as
* a string on stdout. yes and no are possible results.
*
* if there is no entry for the user in the permission file,
* an entry is created with default values and the default
* value for the selected cap-name is returned.
*
* always does a return (0) unless an error occurs.
*
*
* chkperm -y cap-name [-u username]
*
* Set the cap-name value for user to yes
*
* if there is no entry for the user, an entry is created with
* the above default values for the other cap-names
*
* always does a return (0) unless an error occurs.
*
*
* chkperm -n cap-name [-u username]
*
* Set the cap-name value for user to no
*
* if there is no entry for the user, an entry is created with
* the above default values for the other cap-names
*
* always does a return (0) unless an error occurs.
*
*
* chkperm -v [-u username]
*
* Verify if the user is defined as a FACE user.
*
* If the user is a FACE user, chkperm does a return (0)
* otherwise it does a return (255)
*
*
* chkperm -d [-u username]
*
* Delete the user as a FACE user. It only invalidates the
* the user's entry in the permissions file. It does not
* remove any FACE specific files from the user's environment.
*
* always does a return (0) unless an error occurs.
*
*
* chkperm -l
*
* Return to standard output a list of all defined face users.
*
* It does a return (255) if no users exist yet otherwise it does
* a return (0) unless an error occurs.
*
*
* general comments:
*
*
* if chkperm is invoked and the file does not exist, it will
* be created.
*
* this file is owned by vmsys with permissions 600
*
* chkperm runs setuid vmsys so it can read and write this file
*
* if new cap-names are added to chkperm and the program is
* then run on an old datafile, the values returned for the
* given values with -y or -n.
*
*
* errorrs ( sic ):
*
* if file io errors occur, chkperm -t will return the default
* value for cap-name.
*
* all variants of chkperm will put error strings on stderr
*
* if any syntax errors occur,
* a return (1) is done and an
* error is put on stderr.
*
*/
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <pwd.h>
#include <unistd.h>
#include <fcntl.h>
#include "wish.h"
#ifdef DEBUG
#define BASE "HOME"
#else
#define BASE "VMSYS"
#define FACERC "/lib/.facerc"
#endif /* DEBUG */
struct caps_type {
char *name;
int dflt;
};
#define YES '0'
#define NO '1'
#define CAPLENGTH 7
#define CAPS 5
#define MAXCAPS 32
/*
* Dont change MAXCAPS. If you do, this program will not be
* compatible with old versions.
*
* Changing CAPS is OK as long as it is < MAXCAPS
*/
{ "unix", SUCCESS },
{ "admin", FAIL },
{ "invoke", FAIL },
{ "exit", SUCCESS },
{ "progs", FAIL }
};
struct cap_file_type {
};
int argc;
char **argv;
{
register optchar;
extern char *optarg;
int list_user();
int del_user();
int get_value();
int set_value();
int cap_index();
extern char *getenv();
uflg = 0;
eflg = 0;
vflg = 0;
dflg = 0;
switch (optchar)
{
case 'l':
opterr++;
break;
}
lflg++;
continue;
case 'd':
opterr++;
break;
}
dflg++;
continue;
case 'v':
opterr++;
break;
}
vflg++;
continue;
case 't':
opterr++;
break;
}
tflg++;
continue;
case 'e':
opterr++;
break;
}
eflg++;
continue;
case 'y':
opterr++;
break;
}
yflg++;
continue;
case 'n':
opterr++;
break;
}
nflg++;
continue;
case 'u':
opterr++;
break;
}
uflg++;
continue;
case '?':
opterr++;
break;
}
if (opterr)
{
"Usage: chkperm -l|-d|-v|-t cap|-e cap|-y cap|-n cap [-u user-name]\n");
}
if (dflg)
"You must be super-user to undefine a FACE user.\n");
else if (uflg)
"You must be super-user to act for another FACE user.\n");
else if (lflg)
"You must be super-user to list all FACE users.\n");
else
"You must be super-user to set FACE permissions for a user.\n");
}
if (lflg)
if (dflg)
if (vflg)
if (yflg)
if (nflg)
"Usage: chkperm -l|-d|-v|-t cap|-e cap|-y cap|-n cap [-u user-name]\n"
);
}
int
char *capname;
{
register index;
return (index);
return (FAIL);
}
int
int cap_index;
{
char *uname;
struct cap_file_type *iobuf;
char *get_uname();
return (FAIL);
return (FAIL);
return (FAIL);
found = 0;
found++;
break;
}
}
if (vflg) {
if (found)
return (SUCCESS);
else
return (FAIL);
}
if (!found) {
/*
(void) fseek(fp, 0L, 2);
if (fwrite((char *)iobuf, sizeof (*iobuf), 1, fp) != 1) {
fprintf(stderr, "Error writing permissions file.\n");
return (FAIL);
}
*/
}
if (eflg) {
return (SUCCESS);
}
else
}
int
{
char *uname;
struct cap_file_type *iobuf;
long foff;
char *get_uname();
return (FAIL);
return (FAIL);
return (FAIL);
found = 0;
found++;
break;
}
}
if (!found) {
}
if (found)
else
return (FAIL);
}
return (SUCCESS);
}
int
del_user()
{
char *uname;
struct cap_file_type *iobuf;
long foff;
char *get_uname();
return (FAIL);
return (FAIL);
found = 0;
found++;
break;
}
}
if (found) {
return (FAIL);
}
}
return (SUCCESS);
}
int
{
struct cap_file_type *iobuf;
int found = 0;
return (FAIL);
found++;
}
}
}
char *
{
char *user;
if (uflg)
return (uname_in);
/*
* Get login name from uid. getpwuid was used because
* getlogin() fails when running layers.
*/
return (NULL);
}
endpwent();
return (user);
}
FILE *
{
char *fpt;
int fd;
char *getenv();
return (NULL);
}
/*
* for now, make sure we can only create non-world writable files
* called ".facerc" (the O_EXCL|O_CREAT won't follow symlinks
*/
if (fd < 0) {
return (NULL);
}
} else {
if (fd < 0) {
return (NULL);
}
}
return (NULL);
}
return (fp);
}