1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 28*7c478bd9Sstevel@tonic-gate 29*7c478bd9Sstevel@tonic-gate #include <stdio.h> 30*7c478bd9Sstevel@tonic-gate #include <stdlib.h> 31*7c478bd9Sstevel@tonic-gate #include <strings.h> 32*7c478bd9Sstevel@tonic-gate #include <auth_attr.h> 33*7c478bd9Sstevel@tonic-gate #include <prof_attr.h> 34*7c478bd9Sstevel@tonic-gate #include <user_attr.h> 35*7c478bd9Sstevel@tonic-gate #include <project.h> 36*7c478bd9Sstevel@tonic-gate #include <secdb.h> 37*7c478bd9Sstevel@tonic-gate #include <pwd.h> 38*7c478bd9Sstevel@tonic-gate #include <unistd.h> 39*7c478bd9Sstevel@tonic-gate #include <priv.h> 40*7c478bd9Sstevel@tonic-gate #include <errno.h> 41*7c478bd9Sstevel@tonic-gate #include "funcs.h" 42*7c478bd9Sstevel@tonic-gate #include "messages.h" 43*7c478bd9Sstevel@tonic-gate #include "userdefs.h" 44*7c478bd9Sstevel@tonic-gate 45*7c478bd9Sstevel@tonic-gate typedef struct ua_key { 46*7c478bd9Sstevel@tonic-gate const char *key; 47*7c478bd9Sstevel@tonic-gate const char *(*check)(const char *); 48*7c478bd9Sstevel@tonic-gate const char *errstr; 49*7c478bd9Sstevel@tonic-gate char *newvalue; 50*7c478bd9Sstevel@tonic-gate } ua_key_t; 51*7c478bd9Sstevel@tonic-gate 52*7c478bd9Sstevel@tonic-gate static const char role[] = "role name"; 53*7c478bd9Sstevel@tonic-gate static const char prof[] = "profile name"; 54*7c478bd9Sstevel@tonic-gate static const char proj[] = "project name"; 55*7c478bd9Sstevel@tonic-gate static const char priv[] = "privilege set"; 56*7c478bd9Sstevel@tonic-gate static const char auth[] = "authorization"; 57*7c478bd9Sstevel@tonic-gate static const char type[] = "user type"; 58*7c478bd9Sstevel@tonic-gate static const char lock[] = "lock_after_retries value"; 59*7c478bd9Sstevel@tonic-gate 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gate static const char *check_auth(const char *); 62*7c478bd9Sstevel@tonic-gate static const char *check_prof(const char *); 63*7c478bd9Sstevel@tonic-gate static const char *check_role(const char *); 64*7c478bd9Sstevel@tonic-gate static const char *check_proj(const char *); 65*7c478bd9Sstevel@tonic-gate static const char *check_privset(const char *); 66*7c478bd9Sstevel@tonic-gate static const char *check_type(const char *); 67*7c478bd9Sstevel@tonic-gate static const char *check_lock_after_retries(const char *); 68*7c478bd9Sstevel@tonic-gate 69*7c478bd9Sstevel@tonic-gate int nkeys; 70*7c478bd9Sstevel@tonic-gate 71*7c478bd9Sstevel@tonic-gate static ua_key_t keys[] = { 72*7c478bd9Sstevel@tonic-gate /* First entry is always set correctly in main() */ 73*7c478bd9Sstevel@tonic-gate { USERATTR_TYPE_KW, check_type, type }, 74*7c478bd9Sstevel@tonic-gate { USERATTR_AUTHS_KW, check_auth, auth }, 75*7c478bd9Sstevel@tonic-gate { USERATTR_PROFILES_KW, check_prof, prof }, 76*7c478bd9Sstevel@tonic-gate { USERATTR_ROLES_KW, check_role, role }, 77*7c478bd9Sstevel@tonic-gate { USERATTR_DEFAULTPROJ_KW, check_proj, proj }, 78*7c478bd9Sstevel@tonic-gate { USERATTR_LIMPRIV_KW, check_privset, priv }, 79*7c478bd9Sstevel@tonic-gate { USERATTR_DFLTPRIV_KW, check_privset, priv }, 80*7c478bd9Sstevel@tonic-gate { USERATTR_LOCK_AFTER_RETRIES_KW, check_lock_after_retries, lock }, 81*7c478bd9Sstevel@tonic-gate }; 82*7c478bd9Sstevel@tonic-gate 83*7c478bd9Sstevel@tonic-gate #define NKEYS (sizeof (keys)/sizeof (ua_key_t)) 84*7c478bd9Sstevel@tonic-gate 85*7c478bd9Sstevel@tonic-gate /* 86*7c478bd9Sstevel@tonic-gate * Change a key, there are three different call sequences: 87*7c478bd9Sstevel@tonic-gate * 88*7c478bd9Sstevel@tonic-gate * key, value - key with option letter, value. 89*7c478bd9Sstevel@tonic-gate * NULL, value - -K key=value option. 90*7c478bd9Sstevel@tonic-gate */ 91*7c478bd9Sstevel@tonic-gate 92*7c478bd9Sstevel@tonic-gate void 93*7c478bd9Sstevel@tonic-gate change_key(const char *key, char *value) 94*7c478bd9Sstevel@tonic-gate { 95*7c478bd9Sstevel@tonic-gate int i; 96*7c478bd9Sstevel@tonic-gate const char *res; 97*7c478bd9Sstevel@tonic-gate 98*7c478bd9Sstevel@tonic-gate if (key == NULL) { 99*7c478bd9Sstevel@tonic-gate key = value; 100*7c478bd9Sstevel@tonic-gate value = strchr(value, '='); 101*7c478bd9Sstevel@tonic-gate /* Bad value */ 102*7c478bd9Sstevel@tonic-gate if (value == NULL) { 103*7c478bd9Sstevel@tonic-gate errmsg(M_INVALID_VALUE); 104*7c478bd9Sstevel@tonic-gate exit(EX_BADARG); 105*7c478bd9Sstevel@tonic-gate } 106*7c478bd9Sstevel@tonic-gate *value++ = '\0'; 107*7c478bd9Sstevel@tonic-gate } 108*7c478bd9Sstevel@tonic-gate 109*7c478bd9Sstevel@tonic-gate for (i = 0; i < NKEYS; i++) { 110*7c478bd9Sstevel@tonic-gate if (strcmp(key, keys[i].key) == 0) { 111*7c478bd9Sstevel@tonic-gate if (keys[i].newvalue != NULL) { 112*7c478bd9Sstevel@tonic-gate /* Can't set a value twice */ 113*7c478bd9Sstevel@tonic-gate errmsg(M_REDEFINED_KEY, key); 114*7c478bd9Sstevel@tonic-gate exit(EX_BADARG); 115*7c478bd9Sstevel@tonic-gate } 116*7c478bd9Sstevel@tonic-gate 117*7c478bd9Sstevel@tonic-gate if (keys[i].check != NULL && 118*7c478bd9Sstevel@tonic-gate (res = keys[i].check(value)) != NULL) { 119*7c478bd9Sstevel@tonic-gate errmsg(M_INVALID, res, keys[i].errstr); 120*7c478bd9Sstevel@tonic-gate exit(EX_BADARG); 121*7c478bd9Sstevel@tonic-gate } 122*7c478bd9Sstevel@tonic-gate keys[i].newvalue = value; 123*7c478bd9Sstevel@tonic-gate nkeys++; 124*7c478bd9Sstevel@tonic-gate return; 125*7c478bd9Sstevel@tonic-gate } 126*7c478bd9Sstevel@tonic-gate } 127*7c478bd9Sstevel@tonic-gate errmsg(M_INVALID_KEY, key); 128*7c478bd9Sstevel@tonic-gate exit(EX_BADARG); 129*7c478bd9Sstevel@tonic-gate } 130*7c478bd9Sstevel@tonic-gate 131*7c478bd9Sstevel@tonic-gate /* 132*7c478bd9Sstevel@tonic-gate * Add the keys to the argument vector. 133*7c478bd9Sstevel@tonic-gate */ 134*7c478bd9Sstevel@tonic-gate void 135*7c478bd9Sstevel@tonic-gate addkey_args(char **argv, int *index) 136*7c478bd9Sstevel@tonic-gate { 137*7c478bd9Sstevel@tonic-gate int i; 138*7c478bd9Sstevel@tonic-gate 139*7c478bd9Sstevel@tonic-gate for (i = 0; i < NKEYS; i++) { 140*7c478bd9Sstevel@tonic-gate const char *key = keys[i].key; 141*7c478bd9Sstevel@tonic-gate char *val = keys[i].newvalue; 142*7c478bd9Sstevel@tonic-gate size_t len; 143*7c478bd9Sstevel@tonic-gate char *arg; 144*7c478bd9Sstevel@tonic-gate 145*7c478bd9Sstevel@tonic-gate if (val == NULL) 146*7c478bd9Sstevel@tonic-gate continue; 147*7c478bd9Sstevel@tonic-gate 148*7c478bd9Sstevel@tonic-gate len = strlen(key) + strlen(val) + 2; 149*7c478bd9Sstevel@tonic-gate arg = malloc(len); 150*7c478bd9Sstevel@tonic-gate 151*7c478bd9Sstevel@tonic-gate (void) snprintf(arg, len, "%s=%s", key, val); 152*7c478bd9Sstevel@tonic-gate argv[(*index)++] = "-K"; 153*7c478bd9Sstevel@tonic-gate argv[(*index)++] = arg; 154*7c478bd9Sstevel@tonic-gate } 155*7c478bd9Sstevel@tonic-gate } 156*7c478bd9Sstevel@tonic-gate 157*7c478bd9Sstevel@tonic-gate /* 158*7c478bd9Sstevel@tonic-gate * Propose a default value for a key and get the actual value back. 159*7c478bd9Sstevel@tonic-gate * If the proposed default value is NULL, return the actual value set. 160*7c478bd9Sstevel@tonic-gate * The key argument is the user_attr key. 161*7c478bd9Sstevel@tonic-gate */ 162*7c478bd9Sstevel@tonic-gate char * 163*7c478bd9Sstevel@tonic-gate getsetdefval(const char *key, char *dflt) 164*7c478bd9Sstevel@tonic-gate { 165*7c478bd9Sstevel@tonic-gate int i; 166*7c478bd9Sstevel@tonic-gate 167*7c478bd9Sstevel@tonic-gate for (i = 0; i < NKEYS; i++) 168*7c478bd9Sstevel@tonic-gate if (strcmp(keys[i].key, key) == 0) 169*7c478bd9Sstevel@tonic-gate if (keys[i].newvalue != NULL) 170*7c478bd9Sstevel@tonic-gate return (keys[i].newvalue); 171*7c478bd9Sstevel@tonic-gate else 172*7c478bd9Sstevel@tonic-gate return (keys[i].newvalue = dflt); 173*7c478bd9Sstevel@tonic-gate return (NULL); 174*7c478bd9Sstevel@tonic-gate } 175*7c478bd9Sstevel@tonic-gate 176*7c478bd9Sstevel@tonic-gate char * 177*7c478bd9Sstevel@tonic-gate getusertype(char *cmdname) 178*7c478bd9Sstevel@tonic-gate { 179*7c478bd9Sstevel@tonic-gate static char usertype[MAX_TYPE_LENGTH]; 180*7c478bd9Sstevel@tonic-gate char *cmd; 181*7c478bd9Sstevel@tonic-gate 182*7c478bd9Sstevel@tonic-gate if (cmd = strrchr(cmdname, '/')) 183*7c478bd9Sstevel@tonic-gate ++cmd; 184*7c478bd9Sstevel@tonic-gate else 185*7c478bd9Sstevel@tonic-gate cmd = cmdname; 186*7c478bd9Sstevel@tonic-gate 187*7c478bd9Sstevel@tonic-gate /* get user type based on the program name */ 188*7c478bd9Sstevel@tonic-gate if (strncmp(cmd, CMD_PREFIX_USER, 189*7c478bd9Sstevel@tonic-gate strlen(CMD_PREFIX_USER)) == 0) 190*7c478bd9Sstevel@tonic-gate strcpy(usertype, USERATTR_TYPE_NORMAL_KW); 191*7c478bd9Sstevel@tonic-gate else 192*7c478bd9Sstevel@tonic-gate strcpy(usertype, USERATTR_TYPE_NONADMIN_KW); 193*7c478bd9Sstevel@tonic-gate 194*7c478bd9Sstevel@tonic-gate return (usertype); 195*7c478bd9Sstevel@tonic-gate } 196*7c478bd9Sstevel@tonic-gate 197*7c478bd9Sstevel@tonic-gate int 198*7c478bd9Sstevel@tonic-gate is_role(char *usertype) 199*7c478bd9Sstevel@tonic-gate { 200*7c478bd9Sstevel@tonic-gate if (strcmp(usertype, USERATTR_TYPE_NONADMIN_KW) == 0) 201*7c478bd9Sstevel@tonic-gate return (1); 202*7c478bd9Sstevel@tonic-gate /* not a role */ 203*7c478bd9Sstevel@tonic-gate return (0); 204*7c478bd9Sstevel@tonic-gate } 205*7c478bd9Sstevel@tonic-gate 206*7c478bd9Sstevel@tonic-gate /* 207*7c478bd9Sstevel@tonic-gate * Verifies the provided list of authorizations are all valid. 208*7c478bd9Sstevel@tonic-gate * 209*7c478bd9Sstevel@tonic-gate * Returns NULL if all authorization names are valid. 210*7c478bd9Sstevel@tonic-gate * Otherwise, returns the invalid authorization name 211*7c478bd9Sstevel@tonic-gate * 212*7c478bd9Sstevel@tonic-gate */ 213*7c478bd9Sstevel@tonic-gate static const char * 214*7c478bd9Sstevel@tonic-gate check_auth(const char *auths) 215*7c478bd9Sstevel@tonic-gate { 216*7c478bd9Sstevel@tonic-gate char *authname; 217*7c478bd9Sstevel@tonic-gate authattr_t *result; 218*7c478bd9Sstevel@tonic-gate char *tmp; 219*7c478bd9Sstevel@tonic-gate struct passwd *pw; 220*7c478bd9Sstevel@tonic-gate int have_grant = 0; 221*7c478bd9Sstevel@tonic-gate 222*7c478bd9Sstevel@tonic-gate tmp = strdup(auths); 223*7c478bd9Sstevel@tonic-gate 224*7c478bd9Sstevel@tonic-gate authname = strtok(tmp, AUTH_SEP); 225*7c478bd9Sstevel@tonic-gate pw = getpwuid(getuid()); 226*7c478bd9Sstevel@tonic-gate if (pw == NULL) { 227*7c478bd9Sstevel@tonic-gate return (authname); 228*7c478bd9Sstevel@tonic-gate } 229*7c478bd9Sstevel@tonic-gate 230*7c478bd9Sstevel@tonic-gate while (authname != NULL) { 231*7c478bd9Sstevel@tonic-gate char *suffix; 232*7c478bd9Sstevel@tonic-gate char *authtoks; 233*7c478bd9Sstevel@tonic-gate 234*7c478bd9Sstevel@tonic-gate /* Find the suffix */ 235*7c478bd9Sstevel@tonic-gate if ((suffix = rindex(authname, '.')) == NULL) 236*7c478bd9Sstevel@tonic-gate return (authname); 237*7c478bd9Sstevel@tonic-gate 238*7c478bd9Sstevel@tonic-gate /* Check for existence in auth_attr */ 239*7c478bd9Sstevel@tonic-gate suffix++; 240*7c478bd9Sstevel@tonic-gate if (strcmp(suffix, KV_WILDCARD)) { /* Not a wildcard */ 241*7c478bd9Sstevel@tonic-gate result = getauthnam(authname); 242*7c478bd9Sstevel@tonic-gate if (result == NULL) { 243*7c478bd9Sstevel@tonic-gate /* can't find the auth */ 244*7c478bd9Sstevel@tonic-gate free_authattr(result); 245*7c478bd9Sstevel@tonic-gate return (authname); 246*7c478bd9Sstevel@tonic-gate } 247*7c478bd9Sstevel@tonic-gate free_authattr(result); 248*7c478bd9Sstevel@tonic-gate } 249*7c478bd9Sstevel@tonic-gate 250*7c478bd9Sstevel@tonic-gate /* Check if user has been granted this authorization */ 251*7c478bd9Sstevel@tonic-gate if (!chkauthattr(authname, pw->pw_name)) { 252*7c478bd9Sstevel@tonic-gate return (authname); 253*7c478bd9Sstevel@tonic-gate } 254*7c478bd9Sstevel@tonic-gate 255*7c478bd9Sstevel@tonic-gate /* Check if user can delegate this authorization */ 256*7c478bd9Sstevel@tonic-gate if (strcmp(suffix, "grant")) { /* Not a grant option */ 257*7c478bd9Sstevel@tonic-gate authtoks = malloc(strlen(authname) + sizeof ("grant")); 258*7c478bd9Sstevel@tonic-gate strcpy(authtoks, authname); 259*7c478bd9Sstevel@tonic-gate have_grant = 0; 260*7c478bd9Sstevel@tonic-gate while ((suffix = rindex(authtoks, '.')) && 261*7c478bd9Sstevel@tonic-gate !have_grant) { 262*7c478bd9Sstevel@tonic-gate strcpy(suffix, ".grant"); 263*7c478bd9Sstevel@tonic-gate if (chkauthattr(authtoks, pw->pw_name)) 264*7c478bd9Sstevel@tonic-gate have_grant = 1; 265*7c478bd9Sstevel@tonic-gate else 266*7c478bd9Sstevel@tonic-gate *suffix = '\0'; 267*7c478bd9Sstevel@tonic-gate } 268*7c478bd9Sstevel@tonic-gate if (!have_grant) 269*7c478bd9Sstevel@tonic-gate return (authname); 270*7c478bd9Sstevel@tonic-gate } 271*7c478bd9Sstevel@tonic-gate authname = strtok(NULL, AUTH_SEP); 272*7c478bd9Sstevel@tonic-gate } 273*7c478bd9Sstevel@tonic-gate return (NULL); 274*7c478bd9Sstevel@tonic-gate } 275*7c478bd9Sstevel@tonic-gate 276*7c478bd9Sstevel@tonic-gate /* 277*7c478bd9Sstevel@tonic-gate * Verifies the provided list of profile names are valid. 278*7c478bd9Sstevel@tonic-gate * 279*7c478bd9Sstevel@tonic-gate * Returns NULL if all profile names are valid. 280*7c478bd9Sstevel@tonic-gate * Otherwise, returns the invalid profile name 281*7c478bd9Sstevel@tonic-gate * 282*7c478bd9Sstevel@tonic-gate */ 283*7c478bd9Sstevel@tonic-gate static const char * 284*7c478bd9Sstevel@tonic-gate check_prof(const char *profs) 285*7c478bd9Sstevel@tonic-gate { 286*7c478bd9Sstevel@tonic-gate char *profname; 287*7c478bd9Sstevel@tonic-gate profattr_t *result; 288*7c478bd9Sstevel@tonic-gate char *tmp; 289*7c478bd9Sstevel@tonic-gate 290*7c478bd9Sstevel@tonic-gate tmp = strdup(profs); 291*7c478bd9Sstevel@tonic-gate 292*7c478bd9Sstevel@tonic-gate profname = strtok(tmp, PROF_SEP); 293*7c478bd9Sstevel@tonic-gate while (profname != NULL) { 294*7c478bd9Sstevel@tonic-gate result = getprofnam(profname); 295*7c478bd9Sstevel@tonic-gate if (result == NULL) { 296*7c478bd9Sstevel@tonic-gate /* can't find the profile */ 297*7c478bd9Sstevel@tonic-gate return (profname); 298*7c478bd9Sstevel@tonic-gate } 299*7c478bd9Sstevel@tonic-gate free_profattr(result); 300*7c478bd9Sstevel@tonic-gate profname = strtok(NULL, PROF_SEP); 301*7c478bd9Sstevel@tonic-gate } 302*7c478bd9Sstevel@tonic-gate return (NULL); 303*7c478bd9Sstevel@tonic-gate } 304*7c478bd9Sstevel@tonic-gate 305*7c478bd9Sstevel@tonic-gate 306*7c478bd9Sstevel@tonic-gate /* 307*7c478bd9Sstevel@tonic-gate * Verifies the provided list of role names are valid. 308*7c478bd9Sstevel@tonic-gate * 309*7c478bd9Sstevel@tonic-gate * Returns NULL if all role names are valid. 310*7c478bd9Sstevel@tonic-gate * Otherwise, returns the invalid role name 311*7c478bd9Sstevel@tonic-gate * 312*7c478bd9Sstevel@tonic-gate */ 313*7c478bd9Sstevel@tonic-gate static const char * 314*7c478bd9Sstevel@tonic-gate check_role(const char *roles) 315*7c478bd9Sstevel@tonic-gate { 316*7c478bd9Sstevel@tonic-gate char *rolename; 317*7c478bd9Sstevel@tonic-gate userattr_t *result; 318*7c478bd9Sstevel@tonic-gate char *utype; 319*7c478bd9Sstevel@tonic-gate char *tmp; 320*7c478bd9Sstevel@tonic-gate 321*7c478bd9Sstevel@tonic-gate tmp = strdup(roles); 322*7c478bd9Sstevel@tonic-gate 323*7c478bd9Sstevel@tonic-gate rolename = strtok(tmp, ROLE_SEP); 324*7c478bd9Sstevel@tonic-gate while (rolename != NULL) { 325*7c478bd9Sstevel@tonic-gate result = getusernam(rolename); 326*7c478bd9Sstevel@tonic-gate if (result == NULL) { 327*7c478bd9Sstevel@tonic-gate /* can't find the rolename */ 328*7c478bd9Sstevel@tonic-gate return (rolename); 329*7c478bd9Sstevel@tonic-gate } 330*7c478bd9Sstevel@tonic-gate /* Now, make sure it is a role */ 331*7c478bd9Sstevel@tonic-gate utype = kva_match(result->attr, USERATTR_TYPE_KW); 332*7c478bd9Sstevel@tonic-gate if (utype == NULL) { 333*7c478bd9Sstevel@tonic-gate /* no user type defined. not a role */ 334*7c478bd9Sstevel@tonic-gate free_userattr(result); 335*7c478bd9Sstevel@tonic-gate return (rolename); 336*7c478bd9Sstevel@tonic-gate } 337*7c478bd9Sstevel@tonic-gate if (strcmp(utype, USERATTR_TYPE_NONADMIN_KW) != 0) { 338*7c478bd9Sstevel@tonic-gate free_userattr(result); 339*7c478bd9Sstevel@tonic-gate return (rolename); 340*7c478bd9Sstevel@tonic-gate } 341*7c478bd9Sstevel@tonic-gate free_userattr(result); 342*7c478bd9Sstevel@tonic-gate rolename = strtok(NULL, ROLE_SEP); 343*7c478bd9Sstevel@tonic-gate } 344*7c478bd9Sstevel@tonic-gate return (NULL); 345*7c478bd9Sstevel@tonic-gate } 346*7c478bd9Sstevel@tonic-gate 347*7c478bd9Sstevel@tonic-gate static const char * 348*7c478bd9Sstevel@tonic-gate check_proj(const char *proj) 349*7c478bd9Sstevel@tonic-gate { 350*7c478bd9Sstevel@tonic-gate if (getprojidbyname(proj) < 0) { 351*7c478bd9Sstevel@tonic-gate return (proj); 352*7c478bd9Sstevel@tonic-gate } else { 353*7c478bd9Sstevel@tonic-gate return (NULL); 354*7c478bd9Sstevel@tonic-gate } 355*7c478bd9Sstevel@tonic-gate } 356*7c478bd9Sstevel@tonic-gate 357*7c478bd9Sstevel@tonic-gate static const char * 358*7c478bd9Sstevel@tonic-gate check_privset(const char *pset) 359*7c478bd9Sstevel@tonic-gate { 360*7c478bd9Sstevel@tonic-gate priv_set_t *tmp; 361*7c478bd9Sstevel@tonic-gate const char *res; 362*7c478bd9Sstevel@tonic-gate 363*7c478bd9Sstevel@tonic-gate tmp = priv_str_to_set(pset, ",", &res); 364*7c478bd9Sstevel@tonic-gate 365*7c478bd9Sstevel@tonic-gate if (tmp != NULL) { 366*7c478bd9Sstevel@tonic-gate res = NULL; 367*7c478bd9Sstevel@tonic-gate priv_freeset(tmp); 368*7c478bd9Sstevel@tonic-gate } else if (res == NULL) 369*7c478bd9Sstevel@tonic-gate res = strerror(errno); 370*7c478bd9Sstevel@tonic-gate 371*7c478bd9Sstevel@tonic-gate return (res); 372*7c478bd9Sstevel@tonic-gate } 373*7c478bd9Sstevel@tonic-gate 374*7c478bd9Sstevel@tonic-gate static const char * 375*7c478bd9Sstevel@tonic-gate check_type(const char *type) 376*7c478bd9Sstevel@tonic-gate { 377*7c478bd9Sstevel@tonic-gate if (strcmp(type, USERATTR_TYPE_NONADMIN_KW) != 0 && 378*7c478bd9Sstevel@tonic-gate strcmp(type, USERATTR_TYPE_NORMAL_KW) != 0) 379*7c478bd9Sstevel@tonic-gate return (type); 380*7c478bd9Sstevel@tonic-gate 381*7c478bd9Sstevel@tonic-gate return (NULL); 382*7c478bd9Sstevel@tonic-gate } 383*7c478bd9Sstevel@tonic-gate 384*7c478bd9Sstevel@tonic-gate static const char * 385*7c478bd9Sstevel@tonic-gate check_lock_after_retries(const char *keyval) 386*7c478bd9Sstevel@tonic-gate { 387*7c478bd9Sstevel@tonic-gate if (keyval != NULL) { 388*7c478bd9Sstevel@tonic-gate if ((strcasecmp(keyval, "no") != 0) && 389*7c478bd9Sstevel@tonic-gate (strcasecmp(keyval, "yes") != 0) && 390*7c478bd9Sstevel@tonic-gate (*keyval != '\0')) { 391*7c478bd9Sstevel@tonic-gate return (keyval); 392*7c478bd9Sstevel@tonic-gate } 393*7c478bd9Sstevel@tonic-gate } 394*7c478bd9Sstevel@tonic-gate return (NULL); 395*7c478bd9Sstevel@tonic-gate } 396