2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * Enumeration functions for auths and profiles; the enumeration functions 2N/A * take a callback with four arguments: 2N/A * const char * profile name (or NULL unless wantattr is false) 2N/A * kva_t * attributes (or NULL unless wantattr is true) 2N/A * void * pointer to the result 2N/A * When the call back returns non-zero, the enumeration ends. 2N/A * The function might be NULL but only for profiles as we are always collecting 2N/A * Both the auths and the profiles arguments may be NULL. 2N/A * These should be the only implementation of the algorithm of "finding me 2N/A * Enumerate profiles from listed profiles. 2N/A /* Add it, fail if no memory. */ 2N/A /* find the profiles for this profile */ 2N/A * Enumerate all attributes associated with a username and the profiles 2N/A * associated with the user. 2N/A * Find the default profiles if this is a valid user and we 2N/A * didn't encounter the Stop profile. 2N/A * Enumerate profiles with a username argument. 2N/A * Enumerate attributes with a username argument. 2N/A * Magic struct and function to allow using the _enum_attrs functions to 2N/A * enumerate the authorizations. In order to make the system survive 2N/A * bad configuration, we make sure that root always has the "solaris.*" 2N/A * authorization. This is implemented by first marking "wantdef" to 2N/A * true when the user is root; while we enumerating the auths, we compare 2N/A * and set wantdef to false if "solaris.*" is encountered. If wantdef 2N/A * remains true and callback hasn't short circuited, call the callback with 2N/A int (*
cb)(
const char *,
void *,
void *);
2N/A /* Note: PROFATTR_AUTHS_KW is equal to USERATTR_AUTHS_KW */ 2N/A * Enumerate authorizations for username. 2N/A int (*
cb)(
const char *,
void *,
void *),
2N/A * If the specified authorization has a trailing object 2N/A * and the current authorization we're checking also has 2N/A * a trailing object, the object names must match. 2N/A * If there is no object name failure, then we must 2N/A * check for an exact match of the two authorizations 2N/A * If the wildcard is not in the last position in the string, don't 2N/A * If the strings are identical up to the wildcard 2N/A * then we have a match. 2N/A * For more info see LSARC 2008/332. 2N/A /* exact match, we're done */ 2N/A * Return the default attributes; these are ignored when a STOP profile 2N/A * Map the contents of AUTH_POLICY to a profile called 2N/A * AUTH_POLICY. Even when we're not nscd we just cache 2N/A * the data: it's not that much and usually this code 2N/A * is only run inside nscd.