chkauthattr.c revision ace0ce487bf50def2cf7ed0dfe532a37bb784c0b
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <limits.h>
#include <deflt.h>
#include <auth_attr.h>
#include <prof_attr.h>
#include <user_attr.h>
static int _is_authorized(const char *, char *);
static int _chk_policy_auth(const char *, char **, int *);
static int _chkprof_for_auth(const char *, const char *, char **, int *);
int
{
int auth_granted = 0;
char *auths;
char *profiles;
int chkedprof_cnt = 0;
int i;
return (0);
/* Check against AUTHS_GRANTED and PROFS_GRANTED in policy.conf */
if (auth_granted)
goto exit;
goto exit;
/* Check against authorizations listed in user_attr */
if (auth_granted)
goto exit;
}
/* Check against authorizations specified by profiles */
exit:
/* free memory allocated for checked array */
for (i = 0; i < chkedprof_cnt; i++) {
}
return (auth_granted);
}
static int
char **chkedprof, int *chkedprof_cnt)
{
profattr_t *pa;
int i;
int checked = 0;
checked = 0;
/* check if this profile has been checked */
for (i = 0; i < *chkedprof_cnt; i++) {
checked = 1;
break;
}
}
if (!checked) {
continue;
PROFATTR_AUTHS_KW)) != NULL) {
return (1);
}
}
if ((profiles =
/* Check for authorization in subprofiles */
chkedprof, chkedprof_cnt)) {
return (1);
}
}
}
}
/* authorization not found in any profile */
return (0);
}
int
{
char wildcard = KV_WILDCHAR;
char *grant;
/*
* If the wildcard is not in the last position in the string, don't
* match against it.
*/
return (0);
/*
* If the strings are identical up to the wildcard and auth does not
* end in "grant", then we have a match.
*/
return (1);
}
}
return (0);
}
static int
{
int found = 0; /* have we got a match, yet */
char wildcard = '*';
char *auth; /* current authorization being compared */
char *buf;
char *lasts;
/* Exact match. We're done. */
found = 1;
found = 1;
break;
}
}
}
return (found);
}
int
{
char *cp;
if (defopen(AUTH_POLICY) != 0)
return (-1);
return (-1);
} else {
}
return (-1);
}
} else {
}
return (0);
}
void
{
}
/*
* read /etc/security/policy.conf for AUTHS_GRANTED.
* return 1 if found matching authname.
* Otherwise, read PROFS_GRANTED to see if authname exists in any
* default profiles.
*/
static int
{
int ret = 1;
return (0);
goto exit;
}
goto exit;
}
ret = 0;
exit:
return (ret);
}