static void delete_prop(const scf_instance_t *inst, const char *pg, const char *prop) { scf_transaction_t *tx; scf_transaction_entry_t *ent; scf_propertygroup_t *gpg; scf_property_t *eprop; int ret; if ((gpg = scf_pg_create(h)) == NULL || (eprop = scf_property_create(h)) == NULL || (tx = scf_transaction_create(h)) == NULL || (ent = scf_entry_create(h)) == NULL) scfdie(); if (scf_instance_get_pg(inst, pg, gpg) != SCF_SUCCESS) { if (scf_error() != SCF_ERROR_NOT_FOUND) scfdie(); uu_die(gettext("Error: \"%s\" property group missing.\n"), pg); } do { if (scf_transaction_start(tx, gpg) != SCF_SUCCESS) { if (scf_error() != SCF_ERROR_PERMISSION_DENIED) scfdie(); uu_die(gettext("Error: Permission denied.\n")); } if (scf_transaction_property_delete(tx, ent, prop) != SCF_SUCCESS) { if (scf_error() != SCF_ERROR_NOT_FOUND) scfdie(); uu_die( gettext("Error: \"%s\" property does not exist.\n"), prop); } ret = scf_transaction_commit(tx); if (ret < 0) { if (scf_error() != SCF_ERROR_PERMISSION_DENIED) scfdie(); uu_die(gettext("Error: Permission denied.\n")); } if (ret == 0) { scf_transaction_reset(tx); if (scf_pg_update(gpg) == -1) scfdie(); } } while (ret == 0); (void) scf_entry_destroy(ent); scf_transaction_destroy(tx); scf_property_destroy(eprop); scf_pg_destroy(gpg); }
/* * Delete a property (for properties obsoleted during an upgrade). */ int smb_smf_delete_property(smb_scfhandle_t *handle, char *propname) { scf_transaction_entry_t *entry; int ret = SMBD_SMF_OK; if (handle == NULL) return (SMBD_SMF_SYSTEM_ERR); if (handle->scf_trans == NULL) return (SMBD_SMF_SYSTEM_ERR); /* * properties must be set in transactions and don't take * effect until the transaction has been ended/committed. */ entry = scf_entry_create(handle->scf_handle); if (entry == NULL) { ret = SMBD_SMF_SYSTEM_ERR; goto out; } if (scf_transaction_property_delete(handle->scf_trans, entry, propname) == 0) { /* the entry is in the transaction */ entry = NULL; } else { switch (scf_error()) { case SCF_ERROR_NOT_FOUND: /* Did not exist. We're done. */ ret = SMBD_SMF_OK; goto out; case SCF_ERROR_PERMISSION_DENIED: ret = SMBD_SMF_NO_PERMISSION; goto out; default: ret = SMBD_SMF_SYSTEM_ERR; goto out; } } out: scf_entry_destroy(entry); return (ret); }
/* * Deletes property in current pg */ int smb_smf_delete_property(smb_scfhandle_t *handle, char *propname) { int ret = SMBC_SMF_OK; scf_transaction_entry_t *entry = NULL; if (handle == NULL) { return (SMBC_SMF_SYSTEM_ERR); } /* * properties must be set in transactions and don't take * effect until the transaction has been ended/committed. */ entry = scf_entry_create(handle->scf_handle); if (entry != NULL) { if (scf_transaction_property_delete(handle->scf_trans, entry, propname) != 0) { ret = SMBC_SMF_SYSTEM_ERR; } } else { ret = SMBC_SMF_SYSTEM_ERR; } if (ret == SMBC_SMF_SYSTEM_ERR) { switch (scf_error()) { case SCF_ERROR_PERMISSION_DENIED: ret = SMBC_SMF_NO_PERMISSION; break; } } /* * cleanup if there were any errors that didn't leave these * values where they would be cleaned up later. */ if ((ret != SMBC_SMF_OK) && (entry != NULL)) { scf_entry_destroy(entry); } return (ret); }
/* * check_auth_modify() checks if a given cred has * the authorization to add/change/remove configuration values. * cred is from the door call. */ Boolean_t check_auth_modify(ucred_t *cred) { targ_scf_t *h = NULL; Boolean_t ret = False; int exit_code = -1; uid_t uid; gid_t gid; pid_t pid; tgt_node_t *n = NULL; scf_transaction_entry_t *ent = NULL; const priv_set_t *eset; pid = fork(); switch (pid) { case 0: /* Child process to check authorization */ uid = ucred_geteuid(cred); if (seteuid(uid) != 0) { syslog(LOG_ERR, "not priviliged\n"); exit(-1); } gid = ucred_getegid(cred); if (setegid(gid) != 0) { syslog(LOG_ERR, "not priviliged\n"); exit(-1); } eset = ucred_getprivset(cred, PRIV_EFFECTIVE); setppriv(PRIV_ON, PRIV_EFFECTIVE, eset); h = mgmt_handle_init(); if (h == NULL) { exit(-1); } if (mgmt_transaction_start(h, "iscsitgt", "basic") == True) { n = tgt_node_alloc("dummy", String, "dummy"); new_property(h, n); tgt_node_free(n); if (mgmt_transaction_end(h) == True) { exit_code = 0; } else { exit_code = -1; } } else { exit_code = -1; } if (exit_code != 0) { mgmt_handle_fini(h); exit(exit_code); } if (mgmt_transaction_start(h, "iscsitgt", "basic") == True) { ent = scf_entry_create(h->t_handle); if (ent) { scf_transaction_property_delete(h->t_trans, ent, "dummy"); } } mgmt_transaction_end(h); mgmt_handle_fini(h); exit(exit_code); break; case -1: /* Fail to fork */ exit(SMF_EXIT_ERR_CONFIG); default: wait(&exit_code); exit_code = exit_code >> 8; if (exit_code == 0) ret = True; else ret = False; break; } return (ret); }