/* * This function checks to make sure the current user has * the right to modify the registry */ static boolean_t _write_auth_granted(void) { uid_t ruid; struct passwd *pwp; /* get the user's effective uid */ ruid = geteuid(); /* find the passwd entry corresponding to this euid */ if ((pwp = getpwuid(ruid)) == NULL) { /* no passwd entry for this user! */ return (B_FALSE); } /* * see if the prodreg command exists in a profile * that has been granted to the user */ if (getexecuser(pwp->pw_name, KV_COMMAND, PRODREG_CLI, GET_ONE) == NULL) { return (B_FALSE); } else { /* * This means that the prodreg command can * be run by this user and inherit the * security attributes given to it via the * exec_attr RBAC database. */ return (B_TRUE); } }
static int show_profs(char *username, int print_flag) { int status = EXIT_OK; struct passwd *pw; execattr_t *exec; if (username == NULL) { if ((pw = getpwuid(getuid())) == NULL) { status = EXIT_NON_FATAL; (void) fprintf(stderr, "%s: ", progname); (void) fprintf(stderr, gettext("No passwd entry\n")); return (status); } username = pw->pw_name; } else if (getpwnam(username) == NULL) { status = EXIT_NON_FATAL; (void) fprintf(stderr, "%s: %s: ", progname, username); (void) fprintf(stderr, gettext("No such user\n")); return (status); } if (print_flag & PRINT_LONG) { exec = getexecuser(username, KV_COMMAND, NULL, GET_ALL|__SEARCH_ALL_POLS); if (exec != NULL) { print_profs_long(exec); free_execattr(exec); } else { status = EXIT_NON_FATAL; } } else { int cnt = 0; (void) _enum_profs(username, show_profs_callback, &print_flag, &cnt); if (cnt == 0) status = EXIT_NON_FATAL; } if (status == EXIT_NON_FATAL) { (void) fprintf(stderr, "%s: %s: ", progname, username); (void) fprintf(stderr, gettext("No profiles\n")); } return (status); }
int path_xattr(Shell_t *shp, const char *path, char *rpath) { char resolvedpath[PATH_MAX + 1]; if (shp->gd->user && *shp->gd->user) { execattr_t *pf; if(!rpath) rpath = resolvedpath; if (!realpath(path, resolvedpath)) return -1; if(pf=getexecuser(shp->gd->user, KV_COMMAND, resolvedpath, GET_ONE)) { if (!pf->attr || pf->attr->length == 0) { free_execattr(pf); return(0); } free_execattr(pf); return(1); } } errno = ENOENT; return(-1); }