/* * Get/set solaris default project. * If we fail, just run along gracefully. */ void solaris_set_default_project(struct passwd *pw) { struct project *defaultproject; struct project tempproject; char buf[1024]; /* get default project, if we fail just return gracefully */ if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf, sizeof(buf))) > 0) { /* set default project */ if (setproject(defaultproject->pj_name, pw->pw_name, TASK_NORMAL) != 0) debug("setproject(%s): %s", defaultproject->pj_name, strerror(errno)); } else { /* debug on getdefaultproj() error */ debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno)); } }
static void dtlogin_process(struct dmuser *user, int user_logged_in) { struct project proj; char proj_buf[PROJECT_BUFSZ]; struct passwd *ppasswd; const char *auth_file = NULL; auth_file = GetAuthFilename(); if (auth_file) { if (chown(auth_file, user->uid, user->gid) < 0) DtloginError("Error in changing owner to %d", user->uid); } /* This gid dance is necessary in order to make sure our "saved-set-gid" is 0 so that we can regain gid 0 when necessary for priocntl & power management. The first step sets rgid to the user's gid and makes the egid & saved-gid be 0. The second then sets the egid to the users gid, but leaves the saved-gid as 0. */ if (user->gid != (gid_t) -1) { DtloginInfo("Setting gid to %d\n", user->gid); if (setregid(user->gid, 0) < 0) DtloginError("Error in setting regid to %d\n", user->gid); if (setegid(user->gid) < 0) DtloginError("Error in setting egid to %d\n", user->gid); } if (user->groupid_cnt >= 0) { if (setgroups(user->groupid_cnt, user->groupids) < 0) DtloginError("Error in setting supplemental (%d) groups", user->groupid_cnt); } /* * BUG: 4462531: Set project ID for Xserver * Get user name and default project. * Set before the uid value is set. */ if (user->projid != (uid_t) -1) { if (settaskid(user->projid, TASK_NORMAL) == (taskid_t) -1) { DtloginError("Error in setting project id to %d", user->projid); } } else if (user->uid != (uid_t) -1) { ppasswd = getpwuid(user->uid); if (ppasswd == NULL) { DtloginError("Error in getting user name for %d", user->uid); } else { if (getdefaultproj(ppasswd->pw_name, &proj, (void *)&proj_buf, PROJECT_BUFSZ) == NULL) { DtloginError("Error in getting project id for %s", ppasswd->pw_name); } else { DtloginInfo("Setting project to %s\n", proj.pj_name); if (setproject(proj.pj_name, ppasswd->pw_name, TASK_NORMAL) == -1) { DtloginError("Error in setting project to %s", proj.pj_name); } } } } if (user->uid != (uid_t) -1) { DtloginInfo("Setting uid to %d\n", user->uid); if (setreuid(user->uid, -1) < 0) DtloginError("Error in setting ruid to %d", user->uid); if (setreuid(-1, user->uid) < 0) DtloginError("Error in setting euid to %d", user->uid); /* Wrap closeScreen to allow resetting uid on closedown */ if ((user->uid != 0) && (user != &originalUser)) { int i; if (dixRegisterPrivateKey(dmScreenKey, PRIVATE_SCREEN, 0)) { for (i = 0; i < screenInfo.numScreens; i++) { ScreenPtr pScreen = screenInfo.screens[i]; struct dmScreenPriv *pScreenPriv = calloc(1, sizeof(struct dmScreenPriv)); dixSetPrivate(&pScreen->devPrivates, dmScreenKey, pScreenPriv); if (pScreenPriv != NULL) { pScreenPriv->CloseScreen = pScreen->CloseScreen; pScreen->CloseScreen = DtloginCloseScreen; } else { DtloginError("Failed to allocate %d bytes" " for uid reset info", sizeof(struct dmScreenPriv)); } } } else { DtloginError("Failed to register screen private %s", "for uid reset info"); } } } if (user->homedir != NULL) { char *env_str = Xprintf("HOME=%s", user->homedir); if (env_str == NULL) { DtloginError("Not enough memory to setenv HOME=%s", user->homedir); } else { DtloginInfo("Setting %s\n",env_str); if (putenv(env_str) < 0) DtloginError("Failed to setenv %s", env_str); } if (chdir(user->homedir) < 0) DtloginError("Error in changing working directory to %s", user->homedir); } /* Inform the kernel whether a user has logged in on this VT device */ if (xf86ConsoleFd != -1) ioctl(xf86ConsoleFd, VT_SETDISPLOGIN, user_logged_in); }
void set_project(struct passwd *pw) { struct project proj; char buf[PROJECT_BUFSZ]; int errval; debug_decl(set_project, SUDO_DEBUG_UTIL) /* * Collect the default project for the user and settaskid */ setprojent(); if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) { errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL); switch(errval) { case 0: break; case SETPROJ_ERR_TASK: switch (errno) { case EAGAIN: sudo_warnx(U_("resource control limit has been reached")); break; case ESRCH: sudo_warnx(U_("user \"%s\" is not a member of project \"%s\""), pw->pw_name, proj.pj_name); break; case EACCES: sudo_warnx(U_("the invoking task is final")); break; default: sudo_warnx(U_("could not join project \"%s\""), proj.pj_name); } case SETPROJ_ERR_POOL: switch (errno) { case EACCES: sudo_warnx(U_("no resource pool accepting default bindings " "exists for project \"%s\""), proj.pj_name); break; case ESRCH: sudo_warnx(U_("specified resource pool does not exist for " "project \"%s\""), proj.pj_name); break; default: sudo_warnx(U_("could not bind to default resource pool for " "project \"%s\""), proj.pj_name); } break; default: if (errval <= 0) { sudo_warnx(U_("setproject failed for project \"%s\""), proj.pj_name); } else { sudo_warnx(U_("warning, resource control assignment failed for " "project \"%s\""), proj.pj_name); } } } else { sudo_warn("getdefaultproj"); } endprojent(); debug_return; }