/*
* Get/set solaris default project.
* If we fail, just run along gracefully.
*/
void
solaris_set_default_project(struct passwd *pw)
{
struct project *defaultproject;
struct project tempproject;
char buf[1024];
/* get default project, if we fail just return gracefully */
if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf,
sizeof(buf))) > 0) {
/* set default project */
if (setproject(defaultproject->pj_name, pw->pw_name,
TASK_NORMAL) != 0)
debug("setproject(%s): %s", defaultproject->pj_name,
strerror(errno));
} else {
/* debug on getdefaultproj() error */
debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno));
}
}
static void
dtlogin_process(struct dmuser *user, int user_logged_in)
{
struct project proj;
char proj_buf[PROJECT_BUFSZ];
struct passwd *ppasswd;
const char *auth_file = NULL;
auth_file = GetAuthFilename();
if (auth_file) {
if (chown(auth_file, user->uid, user->gid) < 0)
DtloginError("Error in changing owner to %d", user->uid);
}
/* This gid dance is necessary in order to make sure
our "saved-set-gid" is 0 so that we can regain gid
0 when necessary for priocntl & power management.
The first step sets rgid to the user's gid and
makes the egid & saved-gid be 0. The second then
sets the egid to the users gid, but leaves the
saved-gid as 0. */
if (user->gid != (gid_t) -1) {
DtloginInfo("Setting gid to %d\n", user->gid);
if (setregid(user->gid, 0) < 0)
DtloginError("Error in setting regid to %d\n", user->gid);
if (setegid(user->gid) < 0)
DtloginError("Error in setting egid to %d\n", user->gid);
}
if (user->groupid_cnt >= 0) {
if (setgroups(user->groupid_cnt, user->groupids) < 0)
DtloginError("Error in setting supplemental (%d) groups",
user->groupid_cnt);
}
/*
* BUG: 4462531: Set project ID for Xserver
* Get user name and default project.
* Set before the uid value is set.
*/
if (user->projid != (uid_t) -1) {
if (settaskid(user->projid, TASK_NORMAL) == (taskid_t) -1) {
DtloginError("Error in setting project id to %d", user->projid);
}
} else if (user->uid != (uid_t) -1) {
ppasswd = getpwuid(user->uid);
if (ppasswd == NULL) {
DtloginError("Error in getting user name for %d", user->uid);
} else {
if (getdefaultproj(ppasswd->pw_name, &proj,
(void *)&proj_buf, PROJECT_BUFSZ) == NULL) {
DtloginError("Error in getting project id for %s",
ppasswd->pw_name);
} else {
DtloginInfo("Setting project to %s\n", proj.pj_name);
if (setproject(proj.pj_name, ppasswd->pw_name,
TASK_NORMAL) == -1) {
DtloginError("Error in setting project to %s",
proj.pj_name);
}
}
}
}
if (user->uid != (uid_t) -1) {
DtloginInfo("Setting uid to %d\n", user->uid);
if (setreuid(user->uid, -1) < 0)
DtloginError("Error in setting ruid to %d", user->uid);
if (setreuid(-1, user->uid) < 0)
DtloginError("Error in setting euid to %d", user->uid);
/* Wrap closeScreen to allow resetting uid on closedown */
if ((user->uid != 0) && (user != &originalUser)) {
int i;
if (dixRegisterPrivateKey(dmScreenKey, PRIVATE_SCREEN, 0)) {
for (i = 0; i < screenInfo.numScreens; i++)
{
ScreenPtr pScreen = screenInfo.screens[i];
struct dmScreenPriv *pScreenPriv
= calloc(1, sizeof(struct dmScreenPriv));
dixSetPrivate(&pScreen->devPrivates, dmScreenKey,
pScreenPriv);
if (pScreenPriv != NULL) {
pScreenPriv->CloseScreen = pScreen->CloseScreen;
pScreen->CloseScreen = DtloginCloseScreen;
} else {
DtloginError("Failed to allocate %d bytes"
" for uid reset info",
sizeof(struct dmScreenPriv));
}
}
} else {
DtloginError("Failed to register screen private %s",
"for uid reset info");
}
}
}
if (user->homedir != NULL) {
char *env_str = Xprintf("HOME=%s", user->homedir);
if (env_str == NULL) {
DtloginError("Not enough memory to setenv HOME=%s", user->homedir);
} else {
DtloginInfo("Setting %s\n",env_str);
if (putenv(env_str) < 0)
DtloginError("Failed to setenv %s", env_str);
}
if (chdir(user->homedir) < 0)
DtloginError("Error in changing working directory to %s",
user->homedir);
}
/* Inform the kernel whether a user has logged in on this VT device */
if (xf86ConsoleFd != -1)
ioctl(xf86ConsoleFd, VT_SETDISPLOGIN, user_logged_in);
}
void
set_project(struct passwd *pw)
{
struct project proj;
char buf[PROJECT_BUFSZ];
int errval;
debug_decl(set_project, SUDO_DEBUG_UTIL)
/*
* Collect the default project for the user and settaskid
*/
setprojent();
if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
switch(errval) {
case 0:
break;
case SETPROJ_ERR_TASK:
switch (errno) {
case EAGAIN:
sudo_warnx(U_("resource control limit has been reached"));
break;
case ESRCH:
sudo_warnx(U_("user \"%s\" is not a member of project \"%s\""),
pw->pw_name, proj.pj_name);
break;
case EACCES:
sudo_warnx(U_("the invoking task is final"));
break;
default:
sudo_warnx(U_("could not join project \"%s\""), proj.pj_name);
}
case SETPROJ_ERR_POOL:
switch (errno) {
case EACCES:
sudo_warnx(U_("no resource pool accepting default bindings "
"exists for project \"%s\""), proj.pj_name);
break;
case ESRCH:
sudo_warnx(U_("specified resource pool does not exist for "
"project \"%s\""), proj.pj_name);
break;
default:
sudo_warnx(U_("could not bind to default resource pool for "
"project \"%s\""), proj.pj_name);
}
break;
default:
if (errval <= 0) {
sudo_warnx(U_("setproject failed for project \"%s\""), proj.pj_name);
} else {
sudo_warnx(U_("warning, resource control assignment failed for "
"project \"%s\""), proj.pj_name);
}
}
} else {
sudo_warn("getdefaultproj");
}
endprojent();
debug_return;
}
