2N/A/*
2N/A * CDDL HEADER START
2N/A *
2N/A * The contents of this file are subject to the terms of the
2N/A * Common Development and Distribution License (the "License").
2N/A * You may not use this file except in compliance with the License.
2N/A *
2N/A * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A * or http://www.opensolaris.org/os/licensing.
2N/A * See the License for the specific language governing permissions
2N/A * and limitations under the License.
2N/A *
2N/A * When distributing Covered Code, include this CDDL HEADER in each
2N/A * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A * If applicable, add the following below this CDDL HEADER, with the
2N/A * fields enclosed by brackets "[]" replaced with your own identifying
2N/A * information: Portions Copyright [yyyy] [name of copyright owner]
2N/A *
2N/A * CDDL HEADER END
2N/A */
2N/A
2N/A/*
2N/A * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
2N/A */
2N/A
2N/A#include "lint.h"
2N/A
2N/A#include <auth_attr.h> /* for AUTH_POLICY */
2N/A#include <deflt.h>
2N/A#include <nss_dbdefs.h> /* for NSS_BUFLEN_PASSWD */
2N/A#include <pwd.h>
2N/A#include <secdb.h>
2N/A#include <stdio.h>
2N/A#include <stdlib.h>
2N/A#include <string.h>
2N/A
2N/Atypedef struct attrval {
2N/A char *attr;
2N/A char *prof_name;
2N/A} attrval_t;
2N/A
2N/Astatic int
2N/Aattr(const char *name, kva_t *kva, void *key, void *val)
2N/A{
2N/A attrval_t *attrval = val;
2N/A char *match;
2N/A
2N/A if ((match = kva_match(kva, (char *)key)) != NULL) {
2N/A char *deflt_name = "user_attr";
2N/A
2N/A attrval->attr = strdup(match);
2N/A if (name != NULL) {
2N/A deflt_name = (char *)name;
2N/A }
2N/A attrval->prof_name = strdup(deflt_name);
2N/A return (1);
2N/A }
2N/A
2N/A return (0); /* no match */
2N/A}
2N/A
2N/A/*
2N/A * getuserattrnam - get an attribute of the user.
2N/A *
2N/A * Entry user = username.
2N/A * key = the key name of the attribute.
2N/A * where = pointer to where to return the name of
2N/A * where the attribute was found.
2N/A * = NULL, don't return where found.
2N/A * deflt = configuration file to get find a local
2N/A * default copy if no explicit attribute
2N/A * found for user.
2N/A * = NULL use AUTH_POLICY (/etc/security/policy.conf)
2N/A *
2N/A * Exit NULL = if not found or other error such as ENOMEM.
2N/A * pointer to allocated memory for the attribute requested.
2N/A * *where = NULL, if where is specified, ENOMEM.
2N/A *
2N/A * Notes
2N/A * Finds the first value associated with key for the user
2N/A * by first searching attributes directly assigned to the
2N/A * user, then attributes of the profiles of the user, and
2N/A * finally an administrator specified default in policy.conf(4).
2N/A *
2N/A * Memory for the returned value and the optional where should be
2N/A * released when no longer in use with free(3C).
2N/A *
2N/A * Not to be used to enumerate the user's profiles or authorizations.
2N/A *
2N/A */
2N/A
2N/Achar *
2N/Agetuserattrnam(const char *user, const char *key, char **where,
2N/A const char *deflt)
2N/A{
2N/A void *defp;
2N/A int flags;
2N/A char *val = NULL;
2N/A char *ret = NULL;
2N/A char *defkey;
2N/A attrval_t attrval = {NULL, NULL};
2N/A char *deffile = AUTH_POLICY;
2N/A
2N/A /* enumerate attributes for a user */
2N/A (void) _enum_attrs(user, attr, (void *)key, &attrval);
2N/A if (attrval.attr != NULL) {
2N/A if (where != NULL) {
2N/A *where = attrval.prof_name;
2N/A } else {
2N/A free(attrval.prof_name);
2N/A }
2N/A return (attrval.attr);
2N/A }
2N/A
2N/A if (deflt != NULL) {
2N/A deffile = (char *)deflt;
2N/A }
2N/A
2N/A if ((defp = defopen_r(deffile)) == NULL) {
2N/A return (NULL);
2N/A }
2N/A
2N/A flags = defcntl_r(DC_GETFLAGS, 0, defp);
2N/A
2N/A TURNOFF(flags, DC_CASE);
2N/A (void) defcntl_r(DC_SETFLAGS, flags, defp);
2N/A
2N/A if (asprintf(&defkey, "%s=", key) == -1) {
2N/A return (NULL);
2N/A }
2N/A if ((val = defread_r(defkey, defp)) != NULL) {
2N/A ret = strdup(val);
2N/A }
2N/A free(defkey);
2N/A defclose_r(defp);
2N/A
2N/A if (ret != NULL && where != NULL) {
2N/A *where = strdup(deffile);
2N/A }
2N/A return (ret);
2N/A}
2N/A
2N/Achar *
2N/Agetuserattruid(const uid_t u, const char *key, char **where, const char *deflt)
2N/A{
2N/A struct passwd pwd;
2N/A char buf[NSS_BUFLEN_PASSWD];
2N/A
2N/A if (getpwuid_r(u, &pwd, buf, NSS_BUFLEN_PASSWD) == NULL) {
2N/A return (NULL);
2N/A }
2N/A
2N/A return (getuserattrnam(pwd.pw_name, key, where, deflt));
2N/A}