static void
set_selfcred_cfg(
char param,
void *data)
{
int64_t prop_int;
uint8_t prop_boolean;
char *me = "set_selfcred_cfg";
if (param == 'e') {
prop_boolean = *(uint8_t *)data;
pu_nscd_enabled = *(uint8_t *)get_smf_prop(
"enable_per_user_lookup", 'b', &prop_boolean);
_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
(me, "self cred config: enabled = %d\n", pu_nscd_enabled);
}
if (param == 't') {
prop_int = *(int *)data;
pu_nscd_ttl = *(int64_t *)get_smf_prop(
"per_user_nscd_time_to_live", 'i', &prop_int);
_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
(me, "self cred config: PUN TTL = %d\n", pu_nscd_ttl);
}
}
TSS_RESULT
conf_file_init(struct tcsd_config *conf)
{
FILE *f = NULL;
struct stat stat_buf;
#ifndef SOLARIS
struct group *grp;
struct passwd *pw;
mode_t mode = (S_IRUSR|S_IWUSR);
#endif /* SOLARIS */
TSS_RESULT result;
init_tcsd_config(conf);
#ifdef SOLARIS
/*
* Solaris runs as Rajiv Andrade <[email protected].:sys but with reduced privileges
* so we don't need to create a new user/group and also so
* we can have auditing support. The permissions on
* the tcsd configuration file are not checked on Solaris.
*/
#endif
/* look for a config file, create if it doesn't exist */
if (stat(tcsd_config_file, &stat_buf) == -1) {
if (errno == ENOENT) {
/* no config file? use defaults */
config_set_defaults(conf);
LogInfo("Config file %s not found, using defaults.", tcsd_config_file);
return TSS_SUCCESS;
} else {
LogError("stat(%s): %s", tcsd_config_file, strerror(errno));
return TCSERR(TSS_E_INTERNAL_ERROR);
}
}
#ifndef SOLARIS
/* find the gid that owns the conf file */
errno = 0;
grp = getgrnam(TSS_GROUP_NAME);
if (grp == NULL) {
if (errno == 0) {
LogError("Group \"%s\" not found, please add this group"
" manually.", TSS_GROUP_NAME);
} else {
LogError("getgrnam(%s): %s", TSS_GROUP_NAME, strerror(errno));
}
return TCSERR(TSS_E_INTERNAL_ERROR);
}
errno = 0;
pw = getpwnam(TSS_USER_NAME);
if (pw == NULL) {
if (errno == 0) {
LogError("User \"%s\" not found, please add this user"
" manually.", TSS_USER_NAME);
} else {
LogError("getpwnam(%s): %s", TSS_USER_NAME, strerror(errno));
}
return TCSERR(TSS_E_INTERNAL_ERROR);
}
/* make sure user/group TSS owns the conf file */
if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) {
LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file,
TSS_USER_NAME, TSS_GROUP_NAME);
return TCSERR(TSS_E_INTERNAL_ERROR);
}
/* make sure only the tss user can manipulate the config file */
if (((stat_buf.st_mode & 0777) ^ mode) != 0) {
LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file);
return TCSERR(TSS_E_INTERNAL_ERROR);
}
#endif /* SOLARIS */
if ((f = fopen(tcsd_config_file, "r")) == NULL) {
LogError("fopen(%s): %s", tcsd_config_file, strerror(errno));
return TCSERR(TSS_E_INTERNAL_ERROR);
}
result = read_conf_file(f, conf);
fclose(f);
/* fill out any uninitialized options */
config_set_defaults(conf);
#ifdef SOLARIS
/*
* The SMF value for "local_only" overrides the config file and
* disables all remote operations.
*/
if (get_smf_prop("local_only", B_TRUE)) {
(void) memset(conf->remote_ops, 0, sizeof(conf->remote_ops));
conf->unset |= TCSD_OPTION_REMOTE_OPS;
}
#endif
return result;
}