static int
_parse_gids (char *s,
uidgid_t *u)
{
char *pos = NULL;
gid_t gid;
w_assert (s);
w_assert (u);
if (u->ngid >= DMON_GID_COUNT) {
w_printerr ("more than $L groups given, ignoring additional ones\n",
DMON_GID_COUNT);
return 0;
}
pos = strchr (s, ':');
if (pos != NULL)
*pos = '\0';
if (name_to_gid (s, &gid)) {
if (pos != NULL) *pos = ':';
return 1;
}
if (pos != NULL)
*pos = ':';
u->gids[u->ngid++] = gid;
return (pos == NULL) ? 0 : _parse_gids (pos + 1, u);
}
static int map_gid(int id, char *name)
{
gid_t gid;
if (name_to_gid(name, &gid) && gid != 0)
return gid;
return id;
}
int main(int argc, char *argv[])
{
int i;
gid_t user_gid;
uid_t user_uid;
int is_only_group = 0;
int is_only_group_all = 0;
int is_name = 0;
int is_only_user = 0;
int is_real = 0;
//bug!: myid -Gn - err
char *opts="rgGnu";
int opt, opt_c = 0;
while((opt=getopt(argc,argv,opts))!=-1){
switch(opt){
case 'a':
break;
case 'g':
is_only_group = 1;
break;
case 'G':
is_only_group_all = 1;
break;
case 'n':
is_name = 1;
break;
case 'r':
is_real = 1;
break;
case 'u':
is_only_user = 1;
break;
}
opt_c++;
}
//without username
if(argc == 1 || (opt_c + 1) == argc){
if( is_real){
user_gid = getgid();
user_uid = getuid();
}
else{
user_gid = getegid();
user_uid = geteuid();
}
}
//with username in command line
else{
user_gid = name_to_uid(argv[1+opt_c]);
user_uid = name_to_gid(argv[1+opt_c]);
}
// -g flag.
if( is_only_group){
if( is_name)
printf("%s\n",gid_to_name(user_gid));
else
printf("%d\n",user_gid);
return 0;
}
// -G flag.
if( is_only_group_all){
int list_size = 0;
gid_t * user_groups = get_groups(gid_to_name(user_gid),&list_size);
for( i=0;i<list_size;i++)
if( is_name)
printf("%s ",gid_to_name(user_groups[i]));
else
printf("%d ",user_groups[i]);
printf("\n");
return 0;
}
// -u flag.
if( is_only_user){
if( is_name)
printf("%s\n",uid_to_name(user_uid));
else
printf("%d\n",user_uid);
return 0;
}
//wrong flags
if( is_name && is_real){
fprintf(stderr,"id: cannot print only names or real IDs in default format\n");
return EARG;
}
//common case:
printf("uid=%d(%s) ",user_uid,uid_to_name(user_uid));
printf("gid=%d(%s) ",user_gid,gid_to_name(user_gid));
int list_size = 0;
gid_t * user_groups = get_groups(gid_to_name(user_gid),&list_size);
printf("groups=");
printf("%s(%d)",gid_to_name(user_gid),user_gid);
for( i=0;i<list_size;i++)
printf("%d(%s) ", user_groups[i],
gid_to_name(user_groups[i]));
printf("\n");
return 0;
}
/*
* init_irix() - initialize the IRIX format argument list.
*/
static int
init_irix(int argc, char **argv)
{
int c;
char *optstring = "a:D:g:j:p:u:M:n:cdefhJlmorst";
/* Process options. */
while ((c = getopt(argc, argv, optstring)) != EOF) {
switch (c) {
/* Process the report selection options. */
case 'c': /* command report */
c_opt++;
break;
case 'f': /* command flow report */
f_opt++;
break;
case 'o': /* other command report */
o_opt++;
break;
case 's': /* summary report */
s_opt++;
break;
/* Process the record selection options. */
case 'a': /* select by array session ID */
a_opt++;
sscanf(optarg, "%llx", &s_ash);
break;
case 'g': /* select by group ID */
g_opt++;
if (optarg[0] >= '0' && optarg[0] <= '9') {
sscanf(optarg, "%d", &s_gid);
} else { /* ASCII */
if ((s_gid = name_to_gid(optarg)) == -1) {
acct_err(ACCT_ABORT,
_("An unknown Group name '%s' was given on the -g parameter."),
optarg);
}
}
break;
case 'j': /* select by job ID */
j_opt++;
sscanf(optarg, "%llx", &s_jid);
break;
case 'M': /* select by positioning */
M_opt++;
if ((M_optargc = getoptlst(optarg, &M_optargv))
== -1) {
acct_err(ACCT_ABORT,
_("An error was returned from routine '%s' for the (-%s) option '%s'."),
"getoptlst()",
"M", optarg);
}
break;
case 'n': /* select by command names */
n_opt++;
if ((n_optargc = getoptlst(optarg, &n_optargv))
== -1) {
acct_err(ACCT_ABORT,
_("An error was returned from routine '%s' for the (-%s) option '%s'."),
"getoptlst()",
"n", optarg);
}
names = getnames(n_optargc, n_optargv);
free(n_optargv);
break;
case 'p': /* select by project ID */
p_opt++;
if (optarg[0] >= '0' && optarg[0] <= '9') {
sscanf(optarg, "%lld", &s_prid);
} else { /* ASCII */
if ((s_prid = name_to_prid(optarg)) == -1) {
acct_err(ACCT_ABORT,
_("An unknown Project name '%s' was given on the -p parameter."),
optarg);
}
}
break;
case 'u': /* select by user ID */
u_opt++;
if (optarg[0] >= '0' && optarg[0] <= '9') {
sscanf(optarg, "%d", &s_uid); /* numeric */
} else { /* ASCII */
if ((s_uid = name_to_uid(optarg)) == -1) {
acct_err(ACCT_ABORT,
_("An unknown User name '%s' was given on the -u parameter."),
optarg);
}
}
break;
/* Process the report modification options. */
case 'd': /* daemon report */
d_opt++;
break;
case 'e': /* extended summary report */
e_opt++;
break;
case 'h': /* hiwater report */
h_opt++;
break;
case 'J':
J_opt++; /* select all special pacct */
break;
case 'l': /* long report (-{B c f} only) */
l_opt++;
break;
/* Process the remaining options. */
case 'D': /* debug option */
D_opt++;
db_flag = atoi(optarg);
if ((db_flag < 1) || (db_flag > 4)) {
acct_err(ACCT_FATAL,
_("The (-%s) option's argument, '%s', is invalid."),
"D", optarg);
Nerror("Option -D valid values are 1 to 4\n");
usage();
}
Ndebug("Debugging option set to level %d\n", db_flag);
break;
case 'm': /* mark position */
m_opt++;
break;
case 'r': /* raw mode */
r_opt++;
break;
case 't': /* terminate job accounting */
t_opt++;
break;
default:
usage();
}
}
/* Verify the selected options - must be used with report options. */
if (!c_opt && !f_opt && !o_opt && !s_opt){
if (a_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"a", "{c f o s}");
}
if (g_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"g", "{c f o s}");
}
if (j_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"j", "{c f o s}");
}
if (n_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"n", "{c f o s}");
}
if (p_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"p", "{c f o s}");
}
if (u_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"u", "{c f o s}");
}
if (d_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"d", "{c f o s}");
}
if (r_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"r", "{c f o s}");
}
/* and -m is NOT used with the report options. */
} else if (m_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option cannot be selected when issuing a report."),
"m");
}
/* Insure -m is NOT with t. */
if (t_opt && m_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) and the (-%s) options are mutually exclusive."),
"m", "t");
}
/* Insure -o is NOT with c. */
if (o_opt && c_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) and the (-%s) options are mutually exclusive."),
"o", "c");
}
/* Insure -e is with {s}. */
if (e_opt && !(s_opt) ) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"e", "s");
}
/* Insure -h is with l and c. */
if (h_opt && !(c_opt && l_opt)) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"h", "c and l");
}
/* Insure -l is with -{ c f} */
if (l_opt && !(c_opt || f_opt)) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"l", "{c f}");
}
/* Insure -M is with -{c}. */
if (M_opt && !c_opt) {
acct_err(ACCT_ABORT,
_("The (-%s) option must be used with the (-%s) option."),
"M", "c");
}
return(0);
}
static int rsync_module(int fd, int i)
{
int argc=0;
char *argv[MAX_ARGS];
char **argp;
char line[MAXPATHLEN];
uid_t uid = (uid_t)-2;
gid_t gid = (gid_t)-2;
char *p;
char *addr = client_addr(fd);
char *host = client_name(fd);
char *name = lp_name(i);
int use_chroot = lp_use_chroot(i);
int start_glob=0;
int ret;
char *request=NULL;
extern int am_sender;
extern int remote_version;
extern int am_root;
if (!allow_access(addr, host, lp_hosts_allow(i), lp_hosts_deny(i))) {
rprintf(FERROR,"rsync denied on module %s from %s (%s)\n",
name, client_name(fd), client_addr(fd));
io_printf(fd,"@ERROR: access denied to %s from %s (%s)\n",
name, client_name(fd), client_addr(fd));
return -1;
}
if (!claim_connection(lp_lock_file(i), lp_max_connections(i))) {
if (errno) {
rprintf(FERROR,"failed to open lock file %s : %s\n",
lp_lock_file(i), strerror(errno));
io_printf(fd,"@ERROR: failed to open lock file %s : %s\n",
lp_lock_file(i), strerror(errno));
} else {
rprintf(FERROR,"max connections (%d) reached\n",
lp_max_connections(i));
io_printf(fd,"@ERROR: max connections (%d) reached - try again later\n", lp_max_connections(i));
}
return -1;
}
auth_user = auth_server(fd, i, addr, "@RSYNCD: AUTHREQD ");
if (!auth_user) {
rprintf(FERROR,"auth failed on module %s from %s (%s)\n",
name, client_name(fd), client_addr(fd));
io_printf(fd,"@ERROR: auth failed on module %s\n",name);
return -1;
}
module_id = i;
if (lp_read_only(i))
read_only = 1;
am_root = (getuid() == 0);
if (am_root) {
p = lp_uid(i);
if (!name_to_uid(p, &uid)) {
if (!isdigit(*p)) {
rprintf(FERROR,"Invalid uid %s\n", p);
io_printf(fd,"@ERROR: invalid uid\n");
return -1;
}
uid = atoi(p);
}
p = lp_gid(i);
if (!name_to_gid(p, &gid)) {
if (!isdigit(*p)) {
rprintf(FERROR,"Invalid gid %s\n", p);
io_printf(fd,"@ERROR: invalid gid\n");
return -1;
}
gid = atoi(p);
}
}
p = lp_include_from(i);
add_exclude_file(p, 1, 1);
p = lp_include(i);
add_include_line(p);
p = lp_exclude_from(i);
add_exclude_file(p, 1, 0);
p = lp_exclude(i);
add_exclude_line(p);
log_open();
if (use_chroot) {
if (chroot(lp_path(i))) {
rprintf(FERROR,"chroot %s failed\n", lp_path(i));
io_printf(fd,"@ERROR: chroot failed\n");
return -1;
}
if (!push_dir("/", 0)) {
rprintf(FERROR,"chdir %s failed\n", lp_path(i));
io_printf(fd,"@ERROR: chdir failed\n");
return -1;
}
} else {
if (!push_dir(lp_path(i), 0)) {
rprintf(FERROR,"chdir %s failed\n", lp_path(i));
io_printf(fd,"@ERROR: chdir failed\n");
return -1;
}
}
if (am_root) {
if (setgid(gid)) {
rprintf(FERROR,"setgid %d failed\n", gid);
io_printf(fd,"@ERROR: setgid failed\n");
return -1;
}
if (setuid(uid)) {
rprintf(FERROR,"setuid %d failed\n", uid);
io_printf(fd,"@ERROR: setuid failed\n");
return -1;
}
am_root = (getuid() == 0);
}
io_printf(fd,"@RSYNCD: OK\n");
argv[argc++] = "rsyncd";
while (1) {
if (!read_line(fd, line, sizeof(line)-1)) {
return -1;
}
if (!*line) break;
p = line;
argv[argc] = strdup(p);
if (!argv[argc]) {
return -1;
}
if (start_glob) {
if (start_glob == 1) {
request = strdup(p);
start_glob++;
}
glob_expand(name, argv, &argc, MAX_ARGS, !use_chroot);
} else {
argc++;
}
if (strcmp(line,".") == 0) {
start_glob = 1;
}
if (argc == MAX_ARGS) {
return -1;
}
}
if (!use_chroot) {
/*
* Note that this is applied to all parameters, whether or not
* they are filenames, but no other legal parameters contain
* the forms that need to be sanitized so it doesn't hurt;
* it is not known at this point which parameters are files
* and which aren't.
*/
for (i = 1; i < argc; i++) {
sanitize_path(argv[i]);
}
}
ret = parse_arguments(argc, argv, 0);
if (request) {
if (*auth_user) {
rprintf(FINFO,"rsync %s %s from %s@%s (%s)\n",
am_sender?"on":"to",
request, auth_user, host, addr);
} else {
rprintf(FINFO,"rsync %s %s from %s (%s)\n",
am_sender?"on":"to",
request, host, addr);
}
free(request);
}
#if !TRIDGE
/* don't allow the logs to be flooded too fast */
if (verbose > 1) verbose = 1;
#endif
argc -= optind;
argp = argv + optind;
optind = 0;
if (remote_version > 17 && am_sender)
io_start_multiplex_out(fd);
if (!ret) {
option_error();
}
if (lp_timeout(i)) {
extern int io_timeout;
io_timeout = lp_timeout(i);
}
start_server(fd, fd, argc, argp);
return 0;
}
/*****************************************************************************
*
* NAME
* check_file - Make sure the specified file exists as specified.
*
* SYNOPSIS
* check_file_retval = check_file( file, own, grp, mode );
*
* file r The name of the file to be verified, changed
* or created.
* own r The file's owner.
* grp r The file's group.
* mode r The file's mode.
*
* DESCRIPTION
* This routine determines whether <file> exists -and- is a regular file.
* If the file doesn't exist, this routine will create it.
*
* In either case, the file's owner will be set to <own>, group will be
* set to <grp>, mode will be set to <mode>, and MAC label will be set
* to dbadmin (for Trusted IRIX only).
*
* NOTES: If the owner cannot be changed to <own> because the executing
* user does NOT have permission, the error is ignored and this
* routine will return a successful indication.
*
* Only the -low order- 9 bits of <mode> are expected to be used.
*
* All file descriptors opened by the processing contained in
* this routine are closed -before- control is returned.
*
* If an error occurs and the file was NOT created, this routine
* attempts to put the file back to the way it existed upon entry
* to this routine.
*
* If an error occurs and the file was created by this routine,
* it is removed -before- control is returned to the caller.
*
* RETURNS
* 0 - If the file exists as requested.
* 1 - If <own> is NOT a valid user name.
* 2 - If <grp> is NOT a valid group name.
* 3 - If <mode> has more than the -low order- 9 bits set.
* 4 - If the file could NOT be creat()'d.
* 5 - If the stat() system call failed.
* 6 - If the file's mode could NOT be set as requested.
* 7 - If the file's group could NOT be set as requested.
* 8 - If the file's owner could NOT be set as requested.
* 9 - If <file> exists -and- is NOT a regular file.
* 10 - If we cannot get the mac_t structure for dbadmin.
* 11 - If the file's MAC label could NOT be set as requested.
*
*****************************************************************************/
check_file_retval
check_file( char *file, char *own, char *grp, mode_t mode )
{
uid_t uid;
gid_t gid;
#ifdef HAVE_MAC_H
mac_t mac_label;
#endif /* HAVE_MAC_H */
int we_created_it = 0;
check_file_retval rc = CHK_SUCCESS;
int fd;
struct stat stbuf;
if ( ( mode & ~0777 ) != 0 )
return( CHK_BAD_MODE );
uid = name_to_uid( own );
if ( uid < 0 )
return( CHK_BAD_OWNER );
gid = name_to_gid( grp );
if ( gid < 0 )
return( CHK_BAD_GROUP );
if ( stat( file, &stbuf ) < 0 )
{
if ( ( fd = creat( file, mode ) ) < 0 )
return( CHK_NOT_CREATED );
(void) close( fd );
we_created_it = 1;
if ( stat( file, &stbuf ) < 0 )
rc = CHK_STAT_FAILED;
}
if ( rc == CHK_SUCCESS && ! ( stbuf.st_mode & S_IFREG ) )
rc = CHK_FILE_NOT_REGULAR;
if ( rc == CHK_SUCCESS && stbuf.st_gid != gid )
{
if ( chown( file, stbuf.st_uid, gid ) < 0 )
rc = CHK_CANNOT_SET_GROUP;
}
if ( rc == CHK_SUCCESS && ( stbuf.st_mode & 0777 ) != mode )
{
if ( chmod( file, mode ) < 0 )
rc = CHK_CANNOT_SET_MODE;
}
if ( rc == CHK_SUCCESS && stbuf.st_uid != uid )
{
if ( chown( file, uid, gid ) < 0 )
{
if ( errno != EPERM )
rc = CHK_CANNOT_SET_OWNER;
}
}
#ifdef HAVE_MAC_H
if ( rc == CHK_SUCCESS && sysconf(_SC_MAC) )
{
/*
* Set the MAC label of the accounting file to dbadmin.
*/
if (( mac_label = mac_from_text( "dbadmin" ) ) == NULL)
rc = CHK_CANNOT_GET_MAC;
else if ( mac_set_file( file, mac_label ) < 0 )
rc = CHK_CANNOT_SET_MAC;
mac_free( mac_label );
}
#endif /* HAVE_MAC_H */
if ( rc != CHK_SUCCESS )
{
if ( we_created_it == 1 )
(void) unlink( file );
else
{
(void) chown( file, stbuf.st_uid, stbuf.st_gid );
(void) chmod( file, ( stbuf.st_mode & 0777 ) );
}
}
return( rc );
}
int audit_rule_fieldpair(struct audit_rule *rule, const char *pair, int flags)
{
const char *f = pair;
char *v;
int op;
int field;
int vlen;
if (f == NULL)
return -1;
/* look for 2-char operators first
then look for 1-char operators afterwards
when found, null out the bytes under the operators to split
and set value pointer just past operator bytes
*/
if ( (v = strstr(pair, "!=")) ) {
*v++ = '\0';
*v++ = '\0';
op = AUDIT_NEGATE; // legacy
// op = AUDIT_NOT_EQUAL;
} else if ( (v = strstr(pair, ">")) ) {
return -10;
} else if ( (v = strstr(pair, "<")) ) {
return -10;
} else if ( (v = strstr(pair, "&")) ) {
return -10;
} else if ( (v = strstr(pair, "=")) ) {
*v++ = '\0';
op = 0; // legacy
// op = AUDIT_EQUAL;
}
if (v == NULL)
return -1;
if (*f == 0)
return -22;
if (*v == 0)
return -20;
audit_msg(LOG_DEBUG,"pair=%s\n", f);
if ((field = audit_name_to_field(f)) < 0)
return -2;
/* Exclude filter can be used only with MSGTYPE field */
if (flags == AUDIT_FILTER_EXCLUDE && field != AUDIT_MSGTYPE)
return -12;
audit_msg(LOG_DEBUG,"f%d%s%s\n", field, audit_operator_to_symbol(op),v);
rule->fields[rule->field_count] = field | op;
switch (field)
{
case AUDIT_UID:
case AUDIT_EUID:
case AUDIT_SUID:
case AUDIT_FSUID:
case AUDIT_LOGINUID:
// Do positive & negative separate for 32 bit systems
vlen = strlen(v);
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
(isdigit((char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
if (name_to_uid(v,
&rule->values[rule->field_count])) {
audit_msg(LOG_ERR, "Unknown user: %s",
v);
return -2;
}
}
break;
case AUDIT_GID:
case AUDIT_EGID:
case AUDIT_SGID:
case AUDIT_FSGID:
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
if (name_to_gid(v,
&rule->values[rule->field_count])) {
audit_msg(LOG_ERR, "Unknown group: %s",
v);
return -2;
}
}
break;
case AUDIT_EXIT:
if (flags != AUDIT_FILTER_EXIT)
return -7;
vlen = strlen(v);
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
(isdigit((char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else {
rule->values[rule->field_count] =
audit_name_to_errno(v);
if (rule->values[rule->field_count] == 0)
return -15;
}
break;
case AUDIT_MSGTYPE:
if (flags != AUDIT_FILTER_EXCLUDE)
return -9;
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
if (audit_name_to_msg_type(v) > 0)
rule->values[rule->field_count] =
audit_name_to_msg_type(v);
else
return -8;
break;
case AUDIT_ARCH:
if (audit_syscalladded)
return -3;
if (!(op == AUDIT_NEGATE || op == 0))
return -13;
if (isdigit((char)*(v))) {
int machine;
errno = 0;
audit_elf = strtoul(v, NULL, 0);
if (errno)
return -5;
// Make sure we have a valid mapping
machine = audit_elf_to_machine(audit_elf);
if (machine < 0)
return -5;
}
else {
// what do we want? i686, x86_64, ia64
// or b64, b32
int machine;
unsigned int bits=0, elf;
const char *arch=v;
if (strcasecmp("b64", arch) == 0) {
bits = __AUDIT_ARCH_64BIT;
machine = audit_detect_machine();
} else if (strcasecmp("b32", arch) == 0) {
bits = ~__AUDIT_ARCH_64BIT;
machine = audit_detect_machine();
}
else
machine = audit_name_to_machine(arch);
if (machine < 0)
return -4;
/* Here's where we fixup the machine.
* for example, they give x86_64 & want 32 bits.
* we translate that to i686. */
if (bits == ~__AUDIT_ARCH_64BIT &&
machine == MACH_86_64)
machine = MACH_X86;
else if (bits == ~__AUDIT_ARCH_64BIT &&
machine == MACH_PPC64)
machine = MACH_PPC;
else if (bits == ~__AUDIT_ARCH_64BIT &&
machine == MACH_S390X)
machine = MACH_S390;
/* Check for errors - return -6
* We don't allow 32 bit machines to specify
* 64 bit. */
switch (machine)
{
case MACH_X86:
if (bits == __AUDIT_ARCH_64BIT)
return -6;
break;
case MACH_IA64:
if (bits == ~__AUDIT_ARCH_64BIT)
return -6;
break;
case MACH_PPC:
if (bits == __AUDIT_ARCH_64BIT)
return -6;
break;
case MACH_S390:
if (bits == __AUDIT_ARCH_64BIT)
return -6;
break;
case MACH_86_64: /* fallthrough */
case MACH_PPC64: /* fallthrough */
case MACH_S390X: /* fallthrough */
break;
default:
return -6;
}
/* OK, we have the machine type, now convert
to elf. */
elf = audit_machine_to_elf(machine);
if (elf == 0)
return -5;
audit_elf = elf;
}
rule->values[rule->field_count] = audit_elf;
audit_archadded = 1;
break;
case AUDIT_FILETYPE:
if (flags != AUDIT_FILTER_EXIT && flags != AUDIT_FILTER_ENTRY)
return -17;
rule->values[rule->field_count] =
audit_name_to_ftype(v);
if (rule->values[rule->field_count] < 0) {
return -16;
}
break;
/* These are strings */
case AUDIT_SUBJ_USER:
case AUDIT_SUBJ_ROLE:
case AUDIT_SUBJ_TYPE:
case AUDIT_SUBJ_SEN:
case AUDIT_SUBJ_CLR:
case AUDIT_OBJ_USER:
case AUDIT_OBJ_ROLE:
case AUDIT_OBJ_TYPE:
case AUDIT_OBJ_LEV_LOW:
case AUDIT_OBJ_LEV_HIGH:
case AUDIT_WATCH:
case AUDIT_PERM:
case AUDIT_DIR:
case AUDIT_FILTERKEY:
return -10;
case AUDIT_ARG0...AUDIT_ARG3:
vlen = strlen(v);
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else if (vlen >= 2 && *(v)=='-' &&
(isdigit((char)*(v+1))))
rule->values[rule->field_count] =
strtol(v, NULL, 0);
else
return -21;
break;
case AUDIT_DEVMAJOR...AUDIT_INODE:
case AUDIT_SUCCESS:
if (flags != AUDIT_FILTER_EXIT)
return -7;
/* fallthrough */
default:
if (field == AUDIT_INODE) {
if (!(op == AUDIT_NEGATE || op == 0))
return -13;
}
if (field == AUDIT_PPID && (flags != AUDIT_FILTER_EXIT
&& flags != AUDIT_FILTER_ENTRY))
return -17;
if (flags == AUDIT_FILTER_EXCLUDE)
return -18;
if (!isdigit((char)*(v)))
return -21;
if (field == AUDIT_INODE)
rule->values[rule->field_count] =
strtoul(v, NULL, 0);
else
rule->values[rule->field_count] =
strtol(v, NULL, 0);
break;
}
++rule->field_count;
return 0;
}
/**
* @brief Lookup a name using PAM
*
* @param[in] name C string of name
* @param[in] len Length of name
* @param[out] id ID found
* @param[in] anon ID to use in case of nobody
* @param[in] group Whether this a group lookup
* @param[out] gss_gid Found GID
* @param[out] gss_uid Found UID
* @apram[out] gotgss_gid Found a GID.
* @param[in] at Location of the @
*
* @return true on success, false not making the grade
*/
static bool pwentname2id(char *name, size_t len, uint32_t *id,
const uint32_t anon, bool group, gid_t *gid,
bool *got_gid, char *at)
{
if (at != NULL) {
if (strcmp(at + 1, owner_domain.addr) != 0) {
/* We won't map what isn't even in the right domain */
return false;
}
*at = '\0';
}
if (group) {
int err;
err = name_to_gid(name, id);
if (err == 0)
return true;
else if (err != ENOENT) {
LogWarn(COMPONENT_IDMAPPER,
"getgrnam_r %s failed, error: %d", name, err);
return false;
}
#ifndef USE_NFSIDMAP
else {
char *end = NULL;
gid_t gid;
gid = strtol(name, &end, 10);
if (end && *end != '\0')
return 0;
*id = gid;
return true;
}
#endif
} else {
struct passwd p;
struct passwd *pres;
int size = sysconf(_SC_GETPW_R_SIZE_MAX);
char *buf;
if (size == -1)
size = PWENT_BEST_GUESS_LEN;
buf = alloca(size);
if (getpwnam_r(name, &p, buf, size, &pres) != 0) {
LogInfo(COMPONENT_IDMAPPER, "getpwnam_r %s failed",
name);
return false;
} else if (pres != NULL) {
*id = pres->pw_uid;
*gid = pres->pw_gid;
*got_gid = true;
return true;
}
#ifndef USE_NFSIDMAP
else {
char *end = NULL;
uid_t uid;
uid = strtol(name, &end, 10);
if (end && *end != '\0')
return 0;
*id = uid;
*got_gid = false;
return true;
}
#endif
}
return false;
}
