pfexec.c revision 499fd60129a966ad9d9e752e65f591c3a6a1c697
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <errno.h>
#include <deflt.h>
#include <locale.h>
#include <stdlib.h>
#include <unistd.h>
#include <ctype.h>
#include <pwd.h>
#include <grp.h>
#include <string.h>
#include <exec_attr.h>
#include <user_attr.h>
#include <auth_attr.h>
#include <prof_attr.h>
#include <errno.h>
#include <priv.h>
#include <bsm/adt_event.h>
#ifndef TEXT_DOMAIN /* Should be defined by cc -D */
#define TEXT_DOMAIN "SYS_TEST"
#endif
extern int cannot_audit(int);
static char *pathsearch(char *);
static int getrealpath(const char *, char *);
static int checkattrs(char *, int, char *[]);
static void sanitize_environ();
static priv_set_t *get_privset(const char *);
static void get_default_privs(const char *, priv_set_t *);
static void get_profile_privs(char *, char **, int *, priv_set_t *);
static int isnumber(char *);
static void usage(void);
extern char **environ;
#define PROFLIST_SEP ","
int
{
char *cmd;
char **cmdargs;
char cmd_realpath[MAXPATHLEN];
int c;
(void) textdomain(TEXT_DOMAIN);
switch (c) {
case 'P':
break;
}
/* FALLTHROUGH */
default:
usage();
}
}
if (argc < 1)
usage();
char cwd[MAXPATHLEN];
/* Audit use */
perror("pfexec: adt_start_session");
}
perror("pfexec: adt_alloc_event");
}
gettext("pfexec: can't add cwd path\n"));
}
ADT_SUCCESS) != 0) {
perror("pfexec: adt_put_event");
}
gettext("setppriv(): %s\n"),
}
/* Trick exec into thinking we're not suid */
} else {
ADT_SUCCESS) != 0) {
perror("pfexec: adt_put_event");
}
}
(void) adt_end_session(ah);
}
/*
* We'd be here only if execv fails.
*/
perror("pfexec");
/* LINTED */
}
/*
* gets realpath for cmd.
* return 1 on success, 0 on failure.
*/
static int
{
return (0);
}
return (1);
}
/*
* returns 1 on success, 0 on failure.
*/
static int
{
char *value;
char cwd[MAXPATHLEN];
return (0);
}
/* Set up to audit use */
perror("pfexec: adt_start_session");
return (0);
}
perror("pfexec: adt_alloc_event");
return (0);
}
return (0);
}
/*
* Get the exec attrs: uid, gid, euid and egid
*/
gettext("can't get execution attributes\n"));
return (0);
}
}
}
}
}
}
}
}
/* Finish audit info */
perror("pfexec: adt_put_event");
return (0);
}
(void) adt_end_session(ah);
/*
*
*/
return (0);
}
}
return (0);
}
return (0);
}
return (1);
}
/*
* cleans up environ. code from su.c
*/
static void
{
char **qq, *p;
if (*p == 'L' && p[1] == 'D' && p[2] == '_') {
;
}
} else {
pp++;
}
}
}
static uid_t
{
struct passwd *passwd_ent;
return (passwd_ent->pw_uid);
/*NOTREACHED*/
}
static uid_t
{
/*NOTREACHED*/
}
static int
isnumber(char *s)
{
int c;
if (*s == '\0')
return (0);
while ((c = *s++) != '\0') {
if (!isdigit(c)) {
return (0);
}
}
return (1);
}
static priv_set_t *
get_privset(const char *s)
{
}
return (res);
}
static void
usage(void)
{
}
/*
* This routine exists on failure and returns NULL if no granted privileges
* are set.
*/
static priv_set_t *
{
userattr_t *ua;
char *profs;
int profcnt = 0;
res = priv_allocset();
perror("priv_allocset");
}
}
}
return (res);
}
static void
{
int profcnt = 0;
/* get privileges from default profiles */
}
}
}
static void
{
char *prof;
char *lasts;
profattr_t *pa;
char *privs;
int i;
/* get the privileges from list of profiles */
for (i = 0; i < *profcnt; i++) {
/*
* this should never happen.
* unless the database has an undefined profile
*/
continue;
}
/* get privs from this profile */
}
}
}
}
/*
* This function can return either the first argument or dynamically
* allocated memory. Reuse with care.
*/
static char *
pathsearch(char *cmd)
{
char buf[MAXPATHLEN];
/*
* Implement shell like PATH searching; if the pathname contains
* one or more slashes, don't search the path, even if the '/'
* No path equals to a search in ".", just like the shell.
*/
return (cmd);
return (cmd);
/*
* We need to copy $PATH because our sub processes may need it.
*/
perror("pfexec: strdup $PATH");
}
sizeof (buf)) {
continue;
}
}
}
return (NULL);
}