/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
*/
#include "lint.h"
#include <auth_attr.h> /* for AUTH_POLICY */
#include <deflt.h>
#include <nss_dbdefs.h> /* for NSS_BUFLEN_PASSWD */
#include <pwd.h>
#include <secdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
typedef struct attrval {
char *attr;
char *prof_name;
} attrval_t;
static int
attr(const char *name, kva_t *kva, void *key, void *val)
{
attrval_t *attrval = val;
char *match;
if ((match = kva_match(kva, (char *)key)) != NULL) {
char *deflt_name = "user_attr";
attrval->attr = strdup(match);
if (name != NULL) {
deflt_name = (char *)name;
}
attrval->prof_name = strdup(deflt_name);
return (1);
}
return (0); /* no match */
}
/*
* getuserattrnam - get an attribute of the user.
*
* Entry user = username.
* key = the key name of the attribute.
* where = pointer to where to return the name of
* where the attribute was found.
* = NULL, don't return where found.
* deflt = configuration file to get find a local
* default copy if no explicit attribute
* found for user.
* = NULL use AUTH_POLICY (/etc/security/policy.conf)
*
* Exit NULL = if not found or other error such as ENOMEM.
* pointer to allocated memory for the attribute requested.
* *where = NULL, if where is specified, ENOMEM.
*
* Notes
* Finds the first value associated with key for the user
* by first searching attributes directly assigned to the
* user, then attributes of the profiles of the user, and
* finally an administrator specified default in policy.conf(4).
*
* Memory for the returned value and the optional where should be
* released when no longer in use with free(3C).
*
* Not to be used to enumerate the user's profiles or authorizations.
*
*/
char *
getuserattrnam(const char *user, const char *key, char **where,
const char *deflt)
{
void *defp;
int flags;
char *val = NULL;
char *ret = NULL;
char *defkey;
attrval_t attrval = {NULL, NULL};
char *deffile = AUTH_POLICY;
/* enumerate attributes for a user */
(void) _enum_attrs(user, attr, (void *)key, &attrval);
if (attrval.attr != NULL) {
if (where != NULL) {
*where = attrval.prof_name;
} else {
free(attrval.prof_name);
}
return (attrval.attr);
}
if (deflt != NULL) {
deffile = (char *)deflt;
}
if ((defp = defopen_r(deffile)) == NULL) {
return (NULL);
}
flags = defcntl_r(DC_GETFLAGS, 0, defp);
TURNOFF(flags, DC_CASE);
(void) defcntl_r(DC_SETFLAGS, flags, defp);
if (asprintf(&defkey, "%s=", key) == -1) {
return (NULL);
}
if ((val = defread_r(defkey, defp)) != NULL) {
ret = strdup(val);
}
free(defkey);
defclose_r(defp);
if (ret != NULL && where != NULL) {
*where = strdup(deffile);
}
return (ret);
}
char *
getuserattruid(const uid_t u, const char *key, char **where, const char *deflt)
{
struct passwd pwd;
char buf[NSS_BUFLEN_PASSWD];
if (getpwuid_r(u, &pwd, buf, NSS_BUFLEN_PASSWD) == NULL) {
return (NULL);
}
return (getuserattrnam(pwd.pw_name, key, where, deflt));
}