static void
delete_prop(const scf_instance_t *inst, const char *pg, const char *prop)
{
scf_transaction_t *tx;
scf_transaction_entry_t *ent;
scf_propertygroup_t *gpg;
scf_property_t *eprop;
int ret;
if ((gpg = scf_pg_create(h)) == NULL ||
(eprop = scf_property_create(h)) == NULL ||
(tx = scf_transaction_create(h)) == NULL ||
(ent = scf_entry_create(h)) == NULL)
scfdie();
if (scf_instance_get_pg(inst, pg, gpg) != SCF_SUCCESS) {
if (scf_error() != SCF_ERROR_NOT_FOUND)
scfdie();
uu_die(gettext("Error: \"%s\" property group missing.\n"), pg);
}
do {
if (scf_transaction_start(tx, gpg) != SCF_SUCCESS) {
if (scf_error() != SCF_ERROR_PERMISSION_DENIED)
scfdie();
uu_die(gettext("Error: Permission denied.\n"));
}
if (scf_transaction_property_delete(tx, ent,
prop) != SCF_SUCCESS) {
if (scf_error() != SCF_ERROR_NOT_FOUND)
scfdie();
uu_die(
gettext("Error: \"%s\" property does not exist.\n"),
prop);
}
ret = scf_transaction_commit(tx);
if (ret < 0) {
if (scf_error() != SCF_ERROR_PERMISSION_DENIED)
scfdie();
uu_die(gettext("Error: Permission denied.\n"));
}
if (ret == 0) {
scf_transaction_reset(tx);
if (scf_pg_update(gpg) == -1)
scfdie();
}
} while (ret == 0);
(void) scf_entry_destroy(ent);
scf_transaction_destroy(tx);
scf_property_destroy(eprop);
scf_pg_destroy(gpg);
}
/*
* Delete a property (for properties obsoleted during an upgrade).
*/
int
smb_smf_delete_property(smb_scfhandle_t *handle, char *propname)
{
scf_transaction_entry_t *entry;
int ret = SMBD_SMF_OK;
if (handle == NULL)
return (SMBD_SMF_SYSTEM_ERR);
if (handle->scf_trans == NULL)
return (SMBD_SMF_SYSTEM_ERR);
/*
* properties must be set in transactions and don't take
* effect until the transaction has been ended/committed.
*/
entry = scf_entry_create(handle->scf_handle);
if (entry == NULL) {
ret = SMBD_SMF_SYSTEM_ERR;
goto out;
}
if (scf_transaction_property_delete(handle->scf_trans,
entry, propname) == 0) {
/* the entry is in the transaction */
entry = NULL;
} else {
switch (scf_error()) {
case SCF_ERROR_NOT_FOUND:
/* Did not exist. We're done. */
ret = SMBD_SMF_OK;
goto out;
case SCF_ERROR_PERMISSION_DENIED:
ret = SMBD_SMF_NO_PERMISSION;
goto out;
default:
ret = SMBD_SMF_SYSTEM_ERR;
goto out;
}
}
out:
scf_entry_destroy(entry);
return (ret);
}
/*
* Deletes property in current pg
*/
int
smb_smf_delete_property(smb_scfhandle_t *handle, char *propname)
{
int ret = SMBC_SMF_OK;
scf_transaction_entry_t *entry = NULL;
if (handle == NULL) {
return (SMBC_SMF_SYSTEM_ERR);
}
/*
* properties must be set in transactions and don't take
* effect until the transaction has been ended/committed.
*/
entry = scf_entry_create(handle->scf_handle);
if (entry != NULL) {
if (scf_transaction_property_delete(handle->scf_trans, entry,
propname) != 0) {
ret = SMBC_SMF_SYSTEM_ERR;
}
} else {
ret = SMBC_SMF_SYSTEM_ERR;
}
if (ret == SMBC_SMF_SYSTEM_ERR) {
switch (scf_error()) {
case SCF_ERROR_PERMISSION_DENIED:
ret = SMBC_SMF_NO_PERMISSION;
break;
}
}
/*
* cleanup if there were any errors that didn't leave these
* values where they would be cleaned up later.
*/
if ((ret != SMBC_SMF_OK) && (entry != NULL)) {
scf_entry_destroy(entry);
}
return (ret);
}
/*
* check_auth_modify() checks if a given cred has
* the authorization to add/change/remove configuration values.
* cred is from the door call.
*/
Boolean_t
check_auth_modify(ucred_t *cred)
{
targ_scf_t *h = NULL;
Boolean_t ret = False;
int exit_code = -1;
uid_t uid;
gid_t gid;
pid_t pid;
tgt_node_t *n = NULL;
scf_transaction_entry_t *ent = NULL;
const priv_set_t *eset;
pid = fork();
switch (pid) {
case 0:
/* Child process to check authorization */
uid = ucred_geteuid(cred);
if (seteuid(uid) != 0) {
syslog(LOG_ERR, "not priviliged\n");
exit(-1);
}
gid = ucred_getegid(cred);
if (setegid(gid) != 0) {
syslog(LOG_ERR, "not priviliged\n");
exit(-1);
}
eset = ucred_getprivset(cred, PRIV_EFFECTIVE);
setppriv(PRIV_ON, PRIV_EFFECTIVE, eset);
h = mgmt_handle_init();
if (h == NULL) {
exit(-1);
}
if (mgmt_transaction_start(h, "iscsitgt", "basic") == True) {
n = tgt_node_alloc("dummy", String, "dummy");
new_property(h, n);
tgt_node_free(n);
if (mgmt_transaction_end(h) == True) {
exit_code = 0;
} else {
exit_code = -1;
}
} else {
exit_code = -1;
}
if (exit_code != 0) {
mgmt_handle_fini(h);
exit(exit_code);
}
if (mgmt_transaction_start(h, "iscsitgt", "basic") == True) {
ent = scf_entry_create(h->t_handle);
if (ent) {
scf_transaction_property_delete(h->t_trans,
ent, "dummy");
}
}
mgmt_transaction_end(h);
mgmt_handle_fini(h);
exit(exit_code);
break;
case -1:
/* Fail to fork */
exit(SMF_EXIT_ERR_CONFIG);
default:
wait(&exit_code);
exit_code = exit_code >> 8;
if (exit_code == 0)
ret = True;
else
ret = False;
break;
}
return (ret);
}
