diff options
| author | gww <gary.winiger@oracle.com> | 2010-07-07 16:44:54 -0700 |
|---|---|---|
| committer | gww <gary.winiger@oracle.com> | 2010-07-07 16:44:54 -0700 |
| commit | 07925104db56e5c3eacc4865b918bd16af5cec59 (patch) | |
| tree | 3cdb281edd4080184ccb9616043abd948e492a18 | |
| parent | 448bf8594153765bb5fce82a8888e01e3f6c3bad (diff) | |
| download | illumos-joyent-07925104db56e5c3eacc4865b918bd16af5cec59.tar.gz | |
PSARC/2010/003 EOL and removal of audit_user(4) and getauusernam(3bsm)
6914742 remove audit_user phase 1 PSARC/2010/003 EOL and removal of audit_user(4) and getauusernam(3bsm)
32 files changed, 376 insertions, 767 deletions
diff --git a/exception_lists/interface_cmp b/exception_lists/interface_cmp index 65dcfd8459..831d1aa5f0 100644 --- a/exception_lists/interface_cmp +++ b/exception_lists/interface_cmp @@ -51,6 +51,17 @@ DELSYM ^(auditsvc|setauclassfile|setaueventfile|setauuserfile|testac)$ \ ^SUNW_(0\.[7-8]|1\.[1-2])$ \ ^MACH(lib)/libbsm\.so\.1$ +# +# - Removed interfaces: getauusernam(3bsm) +# 6914742 remove audit_user phase 1 +# PSARC/2010/003 EOL and removal of audit_user(4) and getauusernam(3bsm) +# +DELSYM ^(getauuserent_r|getauusernam_r)$ \ + ^SUNW_(0\.8|1\.[1-2])$ \ + ^MACH(lib)/libbsm\.so\.1$ +DELSYM ^(endauuser|getauuserent|getauusernam|setauuser)$ \ + ^SUNW_(0\.[7-8]|1\.[1-2])$ \ + ^MACH(lib)/libbsm\.so\.1$ ## libmalloc / libmapmalloc diff --git a/usr/src/cmd/ldap/ns_ldap/idsconfig.sh b/usr/src/cmd/ldap/ns_ldap/idsconfig.sh index 6b53c39698..8f36137cc3 100644 --- a/usr/src/cmd/ldap/ns_ldap/idsconfig.sh +++ b/usr/src/cmd/ldap/ns_ldap/idsconfig.sh @@ -22,8 +22,7 @@ # # idsconfig -- script to setup iDS 5.x/6.x/7.x for Native LDAP II. # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved. # # @@ -3965,7 +3964,6 @@ add_vlv_indexes() # Indexes added during NIS to LDAP transition _INDEX7="${LDAP_DOMAIN}.getauhoent;${LDAP_DOMAIN}_auho_vlv_index;automountmapname=auto_home;objectClass=automount" _INDEX8="${LDAP_DOMAIN}.getsoluent;${LDAP_DOMAIN}_solu_vlv_index;ou=people;objectClass=SolarisUserAttr" - _INDEX9="${LDAP_DOMAIN}.getauduent;${LDAP_DOMAIN}_audu_vlv_index;ou=people;objectClass=SolarisAuditUser" _INDEX10="${LDAP_DOMAIN}.getauthent;${LDAP_DOMAIN}_auth_vlv_index;ou=SolarisAuthAttr;objectClass=SolarisAuthAttr" _INDEX11="${LDAP_DOMAIN}.getexecent;${LDAP_DOMAIN}_exec_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisExecAttr)(SolarisKernelSecurityPolicy=*)" _INDEX12="${LDAP_DOMAIN}.getprofent;${LDAP_DOMAIN}_prof_vlv_index;ou=SolarisProfAttr;&(objectClass=SolarisProfAttr)(SolarisAttrLongDesc=*)" @@ -4431,7 +4429,7 @@ modify_top_aci() dn: ${LDAP_BASEDN} changetype: modify add: aci -aci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid||SolarisAuditAlways||SolarisAuditNever||SolarisAttrKeyValue||SolarisAttrReserved1||SolarisAttrReserved2||SolarisUserQualifier")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";) +aci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid||SolarisAttrKeyValue||SolarisAttrReserved1||SolarisAttrReserved2||SolarisUserQualifier")(version 3.0; acl ${ACI_NAME}; deny (write) userdn = "ldap:///self";) - EOF ) > ${TMPDIR}/top_aci diff --git a/usr/src/cmd/ldap/ns_ldap/ldapaddent.c b/usr/src/cmd/ldap/ns_ldap/ldapaddent.c index a721ba4308..4a9016cf70 100644 --- a/usr/src/cmd/ldap/ns_ldap/ldapaddent.c +++ b/usr/src/cmd/ldap/ns_ldap/ldapaddent.c @@ -4072,8 +4072,6 @@ static struct ttypelist_t ttypelist[] = { filedbmline_comment, "SolarisExecAttr", "cn" }, { NS_LDAP_TYPE_AUTHATTR, genent_auth_attr, dump_auth_attr, filedbmline_comment, "SolarisAuthAttr", "cn" }, - { NS_LDAP_TYPE_AUUSER, genent_audit_user, dump_audit_user, - filedbmline_comment, "SolarisAuditUser", "uid" }, { NS_LDAP_TYPE_TNRHDB, genent_tnrhdb, dump_tnrhdb, filedbmline_comment, "ipTnetHost", "ipTnetNumber" }, { NS_LDAP_TYPE_TNRHTP, genent_tnrhtp, dump_tnrhtp, diff --git a/usr/src/cmd/ldap/ns_ldap/ldapaddent.h b/usr/src/cmd/ldap/ns_ldap/ldapaddent.h index 42973d2c6a..73dbf4122c 100644 --- a/usr/src/cmd/ldap/ns_ldap/ldapaddent.h +++ b/usr/src/cmd/ldap/ns_ldap/ldapaddent.h @@ -19,15 +19,12 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _LDAPADDENT_H #define _LDAPADDENT_H -#pragma ident "%Z%%M% %I% %E% SMI" - /* * ldapaddent.h * common declarations for ldapaddent utility @@ -74,7 +71,6 @@ extern int genent_user_attr(char *line, int (*cback)()); extern int genent_prof_attr(char *line, int (*cback)()); extern int genent_exec_attr(char *line, int (*cback)()); extern int genent_auth_attr(char *line, int (*cback)()); -extern int genent_audit_user(char *line, int (*cback)()); extern int genent_tnrhdb(char *line, int (*cback)()); extern int genent_tnrhtp(char *line, int (*cback)()); @@ -82,7 +78,6 @@ extern void dump_user_attr(ns_ldap_result_t *res); extern void dump_prof_attr(ns_ldap_result_t *res); extern void dump_exec_attr(ns_ldap_result_t *res); extern void dump_auth_attr(ns_ldap_result_t *res); -extern void dump_audit_user(ns_ldap_result_t *res); extern void dump_tnrhdb(ns_ldap_result_t *res); extern void dump_tnrhtp(ns_ldap_result_t *res); diff --git a/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c b/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c index 81596bbdac..6e8d9f76b9 100644 --- a/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c +++ b/usr/src/cmd/ldap/ns_ldap/ldapaddrbac.c @@ -19,12 +19,9 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - /* * ldapaddrbac.c * @@ -58,7 +55,7 @@ extern char *_strtok_escape(char *, char *, char **); /* from libnsl */ #include <auth_attr.h> /* - * The parsing routines for RBAC and audit_user databases + * The parsing routines for RBAC databases */ /* @@ -390,61 +387,3 @@ dump_auth_attr(ns_ldap_result_t *res) (void) fprintf(stdout, "%s", value[0]); (void) fprintf(stdout, "\n"); } - -int -genent_audit_user(char *line, int (*cback)()) -{ - entry_col *ecol; - au_user_str_t data; - int res, retval; - - /* - * parse entry into columns - */ - res = genent_attr(line, AUDITUSER_DB_NCOL, &ecol); - if (res != GENENT_OK) - return (res); - - data.au_name = strdup(ecol[0].ec_value.ec_value_val); - data.au_always = strdup(ecol[1].ec_value.ec_value_val); - data.au_never = strdup(ecol[2].ec_value.ec_value_val); - - if (flags & F_VERBOSE) - (void) fprintf(stdout, - gettext("Adding entry : %s\n"), data.au_name); - - retval = (*cback)(&data, 1); - if (retval != NS_LDAP_SUCCESS) { - if (retval == LDAP_NO_SUCH_OBJECT) - (void) fprintf(stdout, - gettext("Cannot add audit_user entry (%s), " - "add passwd entry first\n"), data.au_name); - if (continue_onerror == 0) res = GENENT_CBERR; - } - - free(ecol); - - return (res); -} - -void -dump_audit_user(ns_ldap_result_t *res) -{ - char **value = NULL; - - value = __ns_ldap_getAttr(res->entry, "uid"); - if (value && value[0]) - (void) fprintf(stdout, "%s", value[0]); - else - return; - - (void) fprintf(stdout, ":"); - value = __ns_ldap_getAttr(res->entry, "SolarisAuditAlways"); - if (value && value[0]) - (void) fprintf(stdout, "%s", value[0]); - (void) fprintf(stdout, ":"); - value = __ns_ldap_getAttr(res->entry, "SolarisAuditNever"); - if (value && value[0]) - (void) fprintf(stdout, "%s", value[0]); - (void) fprintf(stdout, "\n"); -} diff --git a/usr/src/cmd/ldap/ns_ldap/mapping.c b/usr/src/cmd/ldap/ns_ldap/mapping.c index e5b7d26575..8508cbe989 100644 --- a/usr/src/cmd/ldap/ns_ldap/mapping.c +++ b/usr/src/cmd/ldap/ns_ldap/mapping.c @@ -20,12 +20,9 @@ */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <ctype.h> #include <libintl.h> #include <strings.h> @@ -68,7 +65,6 @@ static struct mapping maplist[] = { {"prof_attr", "cn", "SolarisProfAttr", NULL}, {"exec_attr", "cn", "SolarisExecAttr", NULL}, {"user_attr", "uid", "SolarisUserAttr", NULL}, - {"audit_user", "uid", "SolarisAuditUser", NULL}, {"tnrhtp", "ipTnetTemplateName", "ipTnetTemplate", NULL}, {"tnrhdb", "ipTnetNumber", "ipTnetHost", NULL}, {NULL, NULL, NULL, NULL} @@ -115,15 +111,14 @@ printMapping() int i; (void) fprintf(stdout, - gettext("database default type objectclass\n")); + gettext("database default type objectclass\n")); (void) fprintf(stdout, - gettext("============= ================= =============\n")); + gettext("============= ================= =============\n")); /* first dump auto_* and automount which are not in maplist[] */ (void) fprintf(stdout, "%-15s%-20s%s\n", "auto_*", "automountKey", - "automount"); + "automount"); (void) fprintf(stdout, "%-15s%-20s%s\n", "automount", - "automountMapName", - "automountMap"); + "automountMapName", "automountMap"); for (i = 0; maplist[i].database != NULL; i++) { /* skip printing shadow */ if (strcasecmp(maplist[i].database, "shadow") == 0) @@ -195,10 +190,10 @@ set_keys(char **key, char *attrtype) if (keyeq) { (void) snprintf(keyfilter + len, totlen - len, - "(%s)", k); + "(%s)", k); } else { (void) snprintf(keyfilter + len, totlen - len, - "(%s=%s)", attrtype, k); + "(%s=%s)", attrtype, k); } karray++; } @@ -266,10 +261,10 @@ set_keys_publickey(char **key, char *attrtype, int type, char **ret) if (keyeq) { (void) snprintf(pre_filter + len, totlen - len, - "(%s)", k); + "(%s)", k); } else { (void) snprintf(pre_filter + len, totlen - len, - "(%s=%s)", attrtype, k); + "(%s=%s)", attrtype, k); } karray++; count++; @@ -310,18 +305,17 @@ set_filter_publickey(char **key, char *database, int type, char **udata) if (strcasecmp(database, maplist[PUBLICKEY].database) == SAME) { rc = set_keys_publickey(key, - maplist[PUBLICKEY + type].def_type, type, - &keyfilter); + maplist[PUBLICKEY + type].def_type, type, &keyfilter); switch (rc) { case -1: filterlen = strlen(maplist[PUBLICKEY].objectclass) + 13; udatalen = 3; MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + udatalen, nomem); if (!nomem) { (void) snprintf(filter, filterlen, - "objectclass=%s", - maplist[PUBLICKEY].objectclass); + "objectclass=%s", + maplist[PUBLICKEY].objectclass); (void) snprintf(userdata, udatalen, "%%s"); } break; @@ -329,16 +323,16 @@ set_filter_publickey(char **key, char *database, int type, char **udata) return (NULL); default: filterlen = strlen(maplist[PUBLICKEY].objectclass) + - strlen(keyfilter) + 18; + strlen(keyfilter) + 18; udatalen = strlen(keyfilter) + 8; MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + udatalen, nomem); if (!nomem) { - (void) snprintf(filter, filterlen, - "(&(objectclass=%s)%s)", - maplist[PUBLICKEY].objectclass, keyfilter); - (void) snprintf(userdata, udatalen, "(&(%%s)%s)", - keyfilter); + (void) snprintf(filter, filterlen, + "(&(objectclass=%s)%s)", + maplist[PUBLICKEY].objectclass, keyfilter); + (void) snprintf(userdata, udatalen, + "(&(%%s)%s)", keyfilter); } } } else { @@ -346,22 +340,22 @@ set_filter_publickey(char **key, char *database, int type, char **udata) filterlen = 14; udatalen = 3; MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + udatalen, nomem); if (!nomem) { (void) snprintf(filter, filterlen, - "objectclass=*"); + "objectclass=*"); (void) snprintf(userdata, udatalen, "%%s"); } } else { filterlen = strlen(keyfilter) + 1; udatalen = strlen(keyfilter) + 8; MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + udatalen, nomem); if (!nomem) { (void) snprintf(filter, filterlen, "%s", - keyfilter); + keyfilter); (void) snprintf(userdata, udatalen, - "(&(%%s)%s)", keyfilter); + "(&(%%s)%s)", keyfilter); } } } @@ -431,39 +425,39 @@ set_filter(char **key, char *database, char **udata) else if (strcasecmp(database, "tnrhtp") == 0) dbtp = 1; if ((keyfilter = set_keys(key, maplist[i].def_type)) - == NULL) { + == NULL) { filterlen = strlen(maplist[i].objectclass); udatalen = 3; if (dbpf) filterlen += strlen(PROF_ATTR_FILTER) - + 1; + + 1; else if (dbtp) filterlen += strlen(TNRHTP_FILTER) + 1; else filterlen += OC_FLEN; MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + udatalen, nomem); if (nomem) goto done; if (dbpf) (void) snprintf(filter, filterlen, - PROF_ATTR_FILTER, ""); + PROF_ATTR_FILTER, ""); else if (dbtp) (void) snprintf(filter, filterlen, - TNRHTP_FILTER, ""); + TNRHTP_FILTER, ""); else (void) snprintf(filter, filterlen, - OC_FILTER, - maplist[i].objectclass); + OC_FILTER, + maplist[i].objectclass); (void) snprintf(userdata, udatalen, "%%s"); } else { filterlen = strlen(maplist[i].objectclass) + - strlen(keyfilter); + strlen(keyfilter); if (dbpf) filterlen += strlen(PROF_ATTR_FILTER) - + 1; + + 1; else if (dbtp) filterlen += strlen(TNRHTP_FILTER) + 1; else @@ -471,23 +465,22 @@ set_filter(char **key, char *database, char **udata) udatalen = strlen(keyfilter) + 8; MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + udatalen, nomem); if (nomem) goto done; if (dbpf) (void) snprintf(filter, filterlen, - PROF_ATTR_FILTER, keyfilter); + PROF_ATTR_FILTER, keyfilter); else if (dbtp) (void) snprintf(filter, filterlen, - TNRHTP_FILTER, keyfilter); + TNRHTP_FILTER, keyfilter); else (void) snprintf(filter, filterlen, - OC_FILTER2, - maplist[i].objectclass, - keyfilter); + OC_FILTER2, + maplist[i].objectclass, keyfilter); (void) snprintf(userdata, udatalen, - "(&(%%s)%s)", keyfilter); + "(&(%%s)%s)", keyfilter); } goto done; } @@ -497,121 +490,126 @@ set_filter(char **key, char *database, char **udata) /* auto_* services */ if (strncasecmp(database, "auto_", 5) == SAME) { - if (v2) { - if ((keyfilter = set_keys(key, "automountKey")) - != NULL) { - filterlen = strlen(keyfilter) + 27; - udatalen = strlen(keyfilter) + 8; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) snprintf(filter, filterlen, - "(&(objectclass=automount)%s)", - keyfilter); - (void) snprintf(userdata, udatalen, - "(&(%%s)%s)", keyfilter); - } - } else { - filterlen = 22; - udatalen = 3; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) strlcpy(filter, "objectclass=automount", - filterlen); - (void) strlcpy(userdata, "%s", udatalen); - } - } - } else { - if ((keyfilter = set_keys(key, "cn")) != NULL) { - filterlen = strlen(keyfilter) + 27; - udatalen = strlen(keyfilter) + 8; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) snprintf(filter, filterlen, - "(&(objectclass=nisObject)%s)", keyfilter); - (void) snprintf(userdata, udatalen, - "(&(%%s)%s)", keyfilter); + if (v2) { + if ((keyfilter = set_keys(key, "automountKey")) + != NULL) { + filterlen = strlen(keyfilter) + 27; + udatalen = strlen(keyfilter) + 8; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) snprintf(filter, filterlen, + "(&(objectclass=automount)%s)", + keyfilter); + (void) snprintf(userdata, udatalen, + "(&(%%s)%s)", keyfilter); + } + } else { + filterlen = 22; + udatalen = 3; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) strlcpy(filter, + "objectclass=automount", filterlen); + (void) strlcpy(userdata, "%s", + udatalen); + } } } else { - filterlen = 22; - udatalen = 3; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) strlcpy(filter, "objectclass=nisObject", - filterlen); - (void) strlcpy(userdata, "%s", udatalen); + if ((keyfilter = set_keys(key, "cn")) != NULL) { + filterlen = strlen(keyfilter) + 27; + udatalen = strlen(keyfilter) + 8; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) snprintf(filter, filterlen, + "(&(objectclass=nisObject)%s)", + keyfilter); + (void) snprintf(userdata, udatalen, + "(&(%%s)%s)", keyfilter); + } + } else { + filterlen = 22; + udatalen = 3; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) strlcpy(filter, + "objectclass=nisObject", filterlen); + (void) strlcpy(userdata, "%s", + udatalen); + } } } - } - goto done; + goto done; } /* automount service */ if (strcasecmp(database, "automount") == SAME) { - if (v2) { - if ((keyfilter = set_keys(key, "automountMapName")) - != NULL) { - filterlen = strlen(keyfilter) + 30; - udatalen = strlen(keyfilter) + 8; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) snprintf(filter, filterlen, - "(&(objectclass=automountMap)%s)", - keyfilter); - (void) snprintf(userdata, udatalen, - "(&(%%s)%s)", keyfilter); - } - } else { - filterlen = 25; - udatalen = 3; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) strlcpy(filter, - "objectclass=automountMap", - filterlen); - (void) strlcpy(userdata, "%s", udatalen); - } - } - } else { - if ((keyfilter = set_keys(key, "nisMapName")) - != NULL) { - filterlen = strlen(keyfilter) + 24; - udatalen = strlen(keyfilter) + 8; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) snprintf(filter, filterlen, - "(&(objectclass=nisMap)%s)", - keyfilter); - (void) snprintf(userdata, udatalen, - "(&(%%s)%s)", keyfilter); + if (v2) { + if ((keyfilter = set_keys(key, "automountMapName")) + != NULL) { + filterlen = strlen(keyfilter) + 30; + udatalen = strlen(keyfilter) + 8; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) snprintf(filter, filterlen, + "(&(objectclass=automountMap)%s)", + keyfilter); + (void) snprintf(userdata, udatalen, + "(&(%%s)%s)", keyfilter); + } + } else { + filterlen = 25; + udatalen = 3; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) strlcpy(filter, + "objectclass=automountMap", + filterlen); + (void) strlcpy(userdata, "%s", + udatalen); + } } } else { - filterlen = 19; - udatalen = 3; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); - if (!nomem) { - (void) strlcpy(filter, "objectclass=nisMap", - filterlen); - (void) strlcpy(userdata, "%s", udatalen); + if ((keyfilter = set_keys(key, "nisMapName")) + != NULL) { + filterlen = strlen(keyfilter) + 24; + udatalen = strlen(keyfilter) + 8; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) snprintf(filter, filterlen, + "(&(objectclass=nisMap)%s)", + keyfilter); + (void) snprintf(userdata, udatalen, + "(&(%%s)%s)", keyfilter); + } + } else { + filterlen = 19; + udatalen = 3; + MALLOC_FILTER_UDATA(filter, filterlen, + userdata, udatalen, nomem); + if (!nomem) { + (void) strlcpy(filter, + "objectclass=nisMap", filterlen); + (void) strlcpy(userdata, "%s", + udatalen); + } } } - } - goto done; + goto done; } /* other services (catch all) */ if ((keyfilter = set_keys(key, "cn")) == NULL) { filterlen = 14; udatalen = 3; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen, + nomem); if (!nomem) { (void) snprintf(filter, filterlen, "objectclass=*"); (void) strlcpy(userdata, "%s", udatalen); @@ -619,12 +617,12 @@ set_filter(char **key, char *database, char **udata) } else { filterlen = strlen(keyfilter) + 1; udatalen = strlen(keyfilter) + 8; - MALLOC_FILTER_UDATA(filter, filterlen, userdata, - udatalen, nomem); + MALLOC_FILTER_UDATA(filter, filterlen, userdata, udatalen, + nomem); if (!nomem) { (void) snprintf(filter, filterlen, "%s", keyfilter); (void) snprintf(userdata, udatalen, "(&(%%s)%s)", - keyfilter); + keyfilter); } } diff --git a/usr/src/cmd/nscd/Makefile b/usr/src/cmd/nscd/Makefile index 4855a62073..984028cec4 100644 --- a/usr/src/cmd/nscd/Makefile +++ b/usr/src/cmd/nscd/Makefile @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. # # Makefile for name service cache daemon # @@ -35,7 +34,7 @@ ROOTMANIFESTDIR= $(ROOTSVCSYSTEM) OBJS= server.o getpw.o getgr.o gethost.o getnode.o \ getether.o getrpc.o getproto.o getnet.o \ - getbootp.o getauuser.o getauth.o getserv.o \ + getbootp.o getauth.o getserv.o \ getnetmasks.o getprinter.o getproject.o \ getexec.o getprof.o getuser.o cache.o \ nscd_biggest.o nscd_wait.o \ diff --git a/usr/src/cmd/nscd/cache.c b/usr/src/cmd/nscd/cache.c index e595a13c65..a62dfaa890 100644 --- a/usr/src/cmd/nscd/cache.c +++ b/usr/src/cmd/nscd/cache.c @@ -19,12 +19,9 @@ * CDDL HEADER END */ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - /* * Cache routines for nscd */ @@ -169,7 +166,6 @@ char *cache_name[CACHE_CTX_COUNT] = { NSS_DBNAM_PROTOCOLS, NSS_DBNAM_NETWORKS, NSS_DBNAM_BOOTPARAMS, - NSS_DBNAM_AUDITUSER, NSS_DBNAM_AUTHATTR, NSS_DBNAM_SERVICES, NSS_DBNAM_NETMASKS, @@ -193,7 +189,6 @@ static cache_init_ctx_t cache_init_ctx[CACHE_CTX_COUNT] = { proto_init_ctx, net_init_ctx, bootp_init_ctx, - auuser_init_ctx, auth_init_ctx, serv_init_ctx, netmask_init_ctx, diff --git a/usr/src/cmd/nscd/cache.h b/usr/src/cmd/nscd/cache.h index 752c94fd37..8618d12763 100644 --- a/usr/src/cmd/nscd/cache.h +++ b/usr/src/cmd/nscd/cache.h @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _NSCD_H @@ -303,7 +302,7 @@ typedef struct nsc_lookup_args { size_t bufsize; } nsc_lookup_args_t; -#define CACHE_CTX_COUNT 20 +#define CACHE_CTX_COUNT 19 /* Context initialization */ extern void passwd_init_ctx(nsc_ctx_t *); @@ -318,7 +317,6 @@ extern void rpc_init_ctx(nsc_ctx_t *); extern void proto_init_ctx(nsc_ctx_t *); extern void net_init_ctx(nsc_ctx_t *); extern void bootp_init_ctx(nsc_ctx_t *); -extern void auuser_init_ctx(nsc_ctx_t *); extern void auth_init_ctx(nsc_ctx_t *); extern void serv_init_ctx(nsc_ctx_t *); extern void netmask_init_ctx(nsc_ctx_t *); diff --git a/usr/src/cmd/nscd/getauuser.c b/usr/src/cmd/nscd/getauuser.c deleted file mode 100644 index 267bda6238..0000000000 --- a/usr/src/cmd/nscd/getauuser.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -/* - * Routines to handle getauuser* calls in nscd - */ - -#include "cache.h" - -#define nam_db ctx->nsc_db[0] -#define NSC_NAME_AUDITUSER_BYNAME "getauusernam" - -void -auuser_init_ctx(nsc_ctx_t *ctx) { - ctx->dbname = NSS_DBNAM_AUDITUSER; - ctx->file_name = "/etc/security/audit_user"; - ctx->db_count = 1; - nam_db = make_cache(nsc_key_ces, - NSS_DBOP_AUDITUSER_BYNAME, - NSC_NAME_AUDITUSER_BYNAME, - NULL, NULL, NULL, nsc_ht_default, -1); -} diff --git a/usr/src/cmd/nscd/nscd_cfgdef.h b/usr/src/cmd/nscd/nscd_cfgdef.h index cbe8e8de98..a73cf1f6af 100644 --- a/usr/src/cmd/nscd/nscd_cfgdef.h +++ b/usr/src/cmd/nscd/nscd_cfgdef.h @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _NSCD_CFGDEF_H @@ -857,12 +856,11 @@ static nscd_cfg_nsw_db_data_t nscd_cfg_nsw_db_data_default = { } /* - * shadow, user_attr, and audit_user use the same switch policy + * shadow, and user_attr use the same switch policy * as that of passwd. exec_attr use that of prof_attr. */ static char *nscd_cfg_shadow_cfg_db = NSS_DBNAM_PASSWD; static char *nscd_cfg_userattr_cfg_db = NSS_DBNAM_PASSWD; -static char *nscd_cfg_auuser_cfg_db = NSS_DBNAM_PASSWD; static char *nscd_cfg_execattr_cfg_db = NSS_DBNAM_PROFATTR; /* @@ -913,14 +911,6 @@ nscd_cfg_nsw_spc_default_t _nscd_cfg_nsw_spc_default[] = { sizeof (nscd_cfg_userattr_cfg_db)), NSCD_CFG_DB_DEFAULT_PARAM( - NSS_DBNAM_AUDITUSER, - sw, - nsw_config_db, - nscd_cfg_switch_t, - &nscd_cfg_auuser_cfg_db, - sizeof (nscd_cfg_auuser_cfg_db)), - - NSCD_CFG_DB_DEFAULT_PARAM( NSS_DBNAM_EXECATTR, sw, nsw_config_db, diff --git a/usr/src/cmd/nscd/nscd_initf.c b/usr/src/cmd/nscd/nscd_initf.c index e225923907..010e82b438 100644 --- a/usr/src/cmd/nscd/nscd_initf.c +++ b/usr/src/cmd/nscd/nscd_initf.c @@ -19,12 +19,9 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <nss_common.h> #include <nss_dbdefs.h> #include "nscd_common.h" @@ -239,12 +236,10 @@ nss_db_initf_t nscd_nss_db_initf[] = { _nss_initf_passwd_compat, _nss_initf_group_compat, /* - * no initf() for pseudo-databases: passwd, shadow, - * audit_user, user_attr, and group (when called from - * the compat backend) + * no initf() for pseudo-databases: passwd, shadow, user_attr, + * and group (when called from the compat backend) */ NULL, NULL, NULL, - NULL, NULL}; diff --git a/usr/src/cmd/nscd/nscd_nswstate.c b/usr/src/cmd/nscd/nscd_nswstate.c index 9e51ca1f5f..2e72e42c09 100644 --- a/usr/src/cmd/nscd/nscd_nswstate.c +++ b/usr/src/cmd/nscd/nscd_nswstate.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. */ #include <stdio.h> @@ -423,7 +422,7 @@ _get_nsw_state_int( * if getting a nsw state for a request from the compat * backend, create the new switch structures if this * is the first time around for a passwd, shadow, group, - * audit_user, or user_attr database + * or user_attr database */ if (params->compati != -1) { diff --git a/usr/src/cmd/nscd/server.c b/usr/src/cmd/nscd/server.c index d52a68a5cb..85d7572f6b 100644 --- a/usr/src/cmd/nscd/server.c +++ b/usr/src/cmd/nscd/server.c @@ -19,8 +19,7 @@ * CDDL HEADER END */ /* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved. */ /* @@ -505,7 +504,7 @@ usage(char *s) (void) fprintf(stderr, "\n Supported caches:\n"); (void) fprintf(stderr, - " audit_user, auth_attr, bootparams, ethers\n"); + " auth_attr, bootparams, ethers\n"); (void) fprintf(stderr, " exec_attr, group, hosts, ipnodes, netmasks\n"); (void) fprintf(stderr, diff --git a/usr/src/cmd/oamuser/user/Makefile b/usr/src/cmd/oamuser/user/Makefile index da1559d182..64d1a6ed1f 100644 --- a/usr/src/cmd/oamuser/user/Makefile +++ b/usr/src/cmd/oamuser/user/Makefile @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. # # cmd/oamuser/user/Makefile # @@ -85,7 +84,7 @@ $(USERDEL) := LIBS = $(LIBUSRGRP) $(USERMOD) := OBJS = $(MOD_OBJ) $(USERMOD) := LIBS = $(LIBUSRGRP) -LDLIBS += -lsecdb -lproject -ltsol +LDLIBS += -lbsm -lnsl -lsecdb -lproject -ltsol .PARALLEL: $(OBJECTS) diff --git a/usr/src/cmd/oamuser/user/funcs.c b/usr/src/cmd/oamuser/user/funcs.c index 2d26c84ab2..12e9000741 100644 --- a/usr/src/cmd/oamuser/user/funcs.c +++ b/usr/src/cmd/oamuser/user/funcs.c @@ -35,9 +35,12 @@ #include <priv.h> #include <errno.h> #include <ctype.h> +#include <nss.h> +#include <bsm/libbsm.h> #include <tsol/label.h> #include "funcs.h" #include "messages.h" +#undef GROUP #include "userdefs.h" typedef struct ua_key { @@ -57,6 +60,8 @@ static const char lock[] = "lock_after_retries value"; static const char label[] = "label"; static const char idlecmd[] = "idlecmd value"; static const char idletime[] = "idletime value"; +static const char auditflags[] = "audit mask"; +static char auditerr[256]; static const char *check_auth(const char *); @@ -69,6 +74,7 @@ static const char *check_lock_after_retries(const char *); static const char *check_label(const char *); static const char *check_idlecmd(const char *); static const char *check_idletime(const char *); +static const char *check_auditflags(const char *); int nkeys; @@ -86,6 +92,7 @@ static ua_key_t keys[] = { { USERATTR_MINLABEL, check_label, label }, { USERATTR_IDLECMD_KW, check_idlecmd, idlecmd }, { USERATTR_IDLETIME_KW, check_idletime, idletime }, + { USERATTR_AUDIT_FLAGS_KW, check_auditflags, auditflags }, }; #define NKEYS (sizeof (keys)/sizeof (ua_key_t)) @@ -464,3 +471,46 @@ check_idletime(const char *time) return (NULL); } + +static const char * +check_auditflags(const char *auditflags) +{ + au_mask_t mask; + char *flags; + char *last = NULL; + char *err = "NULL"; + + /* if deleting audit_flags */ + if (*auditflags == '\0') { + return (NULL); + } + + if ((flags = _strdup_null((char *)auditflags)) == NULL) { + errmsg(M_NOSPACE); + exit(EX_FAILURE); + } + + if (!__chkflags(_strtok_escape(flags, KV_AUDIT_DELIMIT, &last), &mask, + B_FALSE, &err)) { + (void) snprintf(auditerr, sizeof (auditerr), + "always mask \"%s\"", err); + free(flags); + return (auditerr); + } + if (!__chkflags(_strtok_escape(NULL, KV_AUDIT_DELIMIT, &last), &mask, + B_FALSE, &err)) { + (void) snprintf(auditerr, sizeof (auditerr), + "never mask \"%s\"", err); + free(flags); + return (auditerr); + } + if (last != NULL) { + (void) snprintf(auditerr, sizeof (auditerr), "\"%s\"", + auditflags); + free(flags); + return (auditerr); + } + free(flags); + + return (NULL); +} diff --git a/usr/src/cmd/passmgmt/Makefile b/usr/src/cmd/passmgmt/Makefile index 2c1391c2e9..19eb77901b 100644 --- a/usr/src/cmd/passmgmt/Makefile +++ b/usr/src/cmd/passmgmt/Makefile @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. # @@ -40,7 +39,7 @@ $(ROOTFILE):= FILEMODE= $(LIBFILEMODE) .KEEP_STATE: -LDLIBS += -lsecdb +LDLIBS += -lsecdb -lnsl all: $(PROG) $(TXTS) diff --git a/usr/src/cmd/passmgmt/passmgmt.c b/usr/src/cmd/passmgmt/passmgmt.c index 5449bbb958..ffb54ff890 100644 --- a/usr/src/cmd/passmgmt/passmgmt.c +++ b/usr/src/cmd/passmgmt/passmgmt.c @@ -19,16 +19,12 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ /* All Rights Reserved */ - -#pragma ident "%Z%%M% %I% %E% SMI" - #include <stdio.h> #include <sys/types.h> #include <shadow.h> @@ -44,6 +40,7 @@ #include <fcntl.h> #include <secdb.h> #include <user_attr.h> +#include <nss.h> #define CMT_SIZE (128+1) /* Argument sizes + 1 (for '\0') */ #define DIR_SIZE (256+1) @@ -98,6 +95,7 @@ kvopts_t ua_opts[] = { { '\0', USERATTR_MINLABEL }, { '\0', USERATTR_IDLECMD_KW }, { '\0', USERATTR_IDLETIME_KW }, +{ '\0', USERATTR_AUDIT_FLAGS_KW }, }; #define UA_KEYS (sizeof (ua_opts)/sizeof (kvopts_t)) @@ -207,7 +205,7 @@ putuserattrent(userattr_t *user, FILE *f) for (i = j = 0; i < user->attr->length; i++) { key = kv_pair[i].key; - val = kv_pair[i].value; + val = _escape(kv_pair[i].value, KV_SPECIAL); if ((key == NULL) || (val == NULL)) break; if (strlen(val) == 0) @@ -367,7 +365,7 @@ main(int argc, char **argv) /* parse the command line */ while ((c = getopt(argc, argv, - "ml:c:h:u:g:s:f:e:k:A:P:R:T:oadK:")) != -1) { + "ml:c:h:u:g:s:f:e:k:A:P:R:T:oadK:")) != -1) { switch (c) { case 'm': @@ -448,24 +446,24 @@ main(int argc, char **argv) strpbrk(optarg, ":\n")) bad_arg("Invalid argument to option -c"); - optn_mask |= C_MASK; - passwd_st.pw_comment = optarg; - passwd_st.pw_gecos = optarg; - break; + optn_mask |= C_MASK; + passwd_st.pw_comment = optarg; + passwd_st.pw_gecos = optarg; + break; case 'h' : - /* The home directory */ + /* The home directory */ - if ((D_MASK|H_MASK) & optn_mask) - bad_usage("Invalid combination of options"); + if ((D_MASK|H_MASK) & optn_mask) + bad_usage("Invalid combination of options"); - if (strlen(optarg) > (size_t)DIR_SIZE || - strpbrk(optarg, ":\n")) - bad_arg("Invalid argument to option -h"); + if (strlen(optarg) > (size_t)DIR_SIZE || + strpbrk(optarg, ":\n")) + bad_arg("Invalid argument to option -h"); - optn_mask |= H_MASK; - passwd_st.pw_dir = optarg; - break; + optn_mask |= H_MASK; + passwd_st.pw_dir = optarg; + break; case 'u' : /* The uid */ @@ -551,9 +549,10 @@ main(int argc, char **argv) for (i = 0; i < UA_KEYS; i++) { if (strcmp(optarg, ua_opts[i].key) == 0) { - ua_opts[i].newvalue = char_p; + ua_opts[i].newvalue = + _escape(char_p, KV_SPECIAL); assign_attr(&userattr_st, optarg, - char_p); + char_p); break; } } @@ -570,21 +569,25 @@ main(int argc, char **argv) default : /* Extended User Attributes */ { - int j; - - for (j = 0; j < UA_KEYS; j++) { - if (ua_opts[j].option == (char)c) { - if ((D_MASK) & optn_mask) - bad_usage("Invalid combination" - " of options"); - optn_mask |= UATTR_MASK; - assign_attr(&userattr_st, - ua_opts[j].key, optarg); - ua_opts[j].newvalue = optarg; - break; + int j; + + for (j = 0; j < UA_KEYS; j++) { + if (ua_opts[j].option == (char)c) { + if ((D_MASK) & optn_mask) + bad_usage("Invalid " + "combination of " + " options"); + optn_mask |= UATTR_MASK; + assign_attr(&userattr_st, + ua_opts[j].key, + _escape(optarg, + KV_SPECIAL)); + ua_opts[j].newvalue = + _escape(optarg, KV_SPECIAL); + break; + } } - } - break; + break; } } } @@ -601,8 +604,8 @@ main(int argc, char **argv) ((optn_mask & M_MASK) && !(optn_mask & (L_MASK|C_MASK|H_MASK|U_MASK|G_MASK|S_MASK|F_MASK| - E_MASK|UATTR_MASK)))) - bad_usage("Invalid command syntax"); + E_MASK|UATTR_MASK)))) + bad_usage("Invalid command syntax"); /* null string argument or bad characters ? */ if ((strlen(argv[optind]) == 0) || strpbrk(argv[optind], ":\n")) @@ -637,8 +640,8 @@ main(int argc, char **argv) /* Check the number of password files we are touching */ if ((!((M_MASK & optn_mask) && !(L_MASK & optn_mask))) || - ((M_MASK & optn_mask) && ((E_MASK & optn_mask) || - (F_MASK & optn_mask)))) + ((M_MASK & optn_mask) && ((E_MASK & optn_mask) || + (F_MASK & optn_mask)))) info_mask |= BOTH_FILES; if ((D_MASK|L_MASK|UATTR_MASK) & optn_mask) @@ -656,10 +659,10 @@ main(int argc, char **argv) if (unlink(PASSTEMP)) { msg = "%s: warning: cannot unlink %s\n"; (void) fprintf(stderr, gettext(msg), prognamp, - PASSTEMP); + PASSTEMP); } fd_ptemp = open(PASSTEMP, O_CREAT|O_EXCL|O_WRONLY, - statbuf.st_mode); + statbuf.st_mode); if (fd_ptemp == -1) { file_error(); } @@ -678,7 +681,7 @@ main(int argc, char **argv) if (unlink(PASSTEMP)) { msg = "%s: warning: cannot unlink %s\n"; (void) fprintf(stderr, gettext(msg), prognamp, - PASSTEMP); + PASSTEMP); } file_error(); } @@ -695,11 +698,10 @@ main(int argc, char **argv) if (unlink(SHADTEMP)) { msg = "%s: warning: cannot unlink %s\n"; (void) fprintf(stderr, gettext(msg), - prognamp, SHADTEMP); + prognamp, SHADTEMP); } fd_stemp = open(SHADTEMP, - O_CREAT|O_EXCL|O_WRONLY, - statbuf.st_mode); + O_CREAT|O_EXCL|O_WRONLY, statbuf.st_mode); if (fd_stemp == -1) { rid_tmpf(); file_error(); @@ -736,11 +738,10 @@ main(int argc, char **argv) if (unlink(USERATTR_TEMP)) { msg = "%s: warning: cannot unlink %s\n"; (void) fprintf(stderr, gettext(msg), - prognamp, USERATTR_TEMP); + prognamp, USERATTR_TEMP); } fd_uatemp = open(USERATTR_TEMP, - O_CREAT|O_EXCL|O_WRONLY, - statbuf.st_mode); + O_CREAT|O_EXCL|O_WRONLY, statbuf.st_mode); if (fd_uatemp == -1) { rid_tmpf(); file_error(); @@ -913,10 +914,10 @@ main(int argc, char **argv) if (optn_mask & C_MASK) { pw_ptr1p->pw_comment = - passwd_st.pw_comment; + passwd_st.pw_comment; pw_ptr1p->pw_gecos = - passwd_st.pw_comment; + passwd_st.pw_comment; } if (optn_mask & H_MASK) @@ -999,7 +1000,7 @@ main(int argc, char **argv) } while ((n = fread(buf, sizeof (char), 1024, pwf)) > 0) { if (fwrite(buf, sizeof (char), n, fp_ptemp) - != n) { + != n) { rid_tmpf(); file_error(); } @@ -1076,10 +1077,10 @@ main(int argc, char **argv) sp_ptr1p->sp_namp = shadow_st.sp_namp; if (F_MASK & optn_mask) sp_ptr1p->sp_inact = - shadow_st.sp_inact; + shadow_st.sp_inact; if (E_MASK & optn_mask) sp_ptr1p->sp_expire = - shadow_st.sp_expire; + shadow_st.sp_expire; ck_s_sz(sp_ptr1p); } @@ -1240,7 +1241,7 @@ main(int argc, char **argv) continue; value = kva_match(ua_ptr1p->attr, - (char *)ua_opts[j].key); + (char *)ua_opts[j].key); if (value == NULL) continue; assign_attr(&userattr_st, @@ -1460,14 +1461,14 @@ add_uid(uid_t uid) uid_p = uid_p->link; else if (uid >= uid_p->low && - uid <= uid_p->high) { + uid <= uid_p->high) { uid_p = NULL; } else if (uid == (uid_p->high+1)) { if (++uid_p->high == - (uid_p->link->low - 1)) { + (uid_p->link->low - 1)) { uid_bcom(uid_p); } uid_p = NULL; @@ -1490,7 +1491,7 @@ add_uid(uid_t uid) uid_p->high++; uid_p = NULL; } else if (uid >= uid_p->low && - uid <= uid_p->high) { + uid <= uid_p->high) { uid_p = NULL; } else { add_ublk(uid, uid_p); @@ -1611,11 +1612,11 @@ ck_p_sz(struct passwd *pwp) /* fields will fit in a passwd entry. The 1 accounts for the */ /* newline and the 6 accounts for the colons (:'s) */ if (((int)strlen(pwp->pw_name) + 1 + - sprintf(ctp, "%d", pwp->pw_uid) + - sprintf(ctp, "%d", pwp->pw_gid) + - (int)strlen(pwp->pw_comment) + - (int)strlen(pwp->pw_dir) + - (int)strlen(pwp->pw_shell) + 6) > (ENTRY_LENGTH-1)) { + sprintf(ctp, "%d", pwp->pw_uid) + + sprintf(ctp, "%d", pwp->pw_gid) + + (int)strlen(pwp->pw_comment) + + (int)strlen(pwp->pw_dir) + + (int)strlen(pwp->pw_shell) + 6) > (ENTRY_LENGTH-1)) { rid_tmpf(); bad_arg("New password entry too long"); } @@ -1631,13 +1632,13 @@ ck_s_sz(struct spwd *ssp) /* fields will fit in a shadow entry. The 1 accounts for the */ /* newline and the 7 accounts for the colons (:'s) */ if (((int)strlen(ssp->sp_namp) + 1 + - (int)strlen(ssp->sp_pwdp) + - sprintf(ctp, "%d", ssp->sp_lstchg) + - sprintf(ctp, "%d", ssp->sp_min) + - sprintf(ctp, "%d", ssp->sp_max) + - sprintf(ctp, "%d", ssp->sp_warn) + - sprintf(ctp, "%d", ssp->sp_inact) + - sprintf(ctp, "%d", ssp->sp_expire) + 7) > (ENTRY_LENGTH - 1)) { + (int)strlen(ssp->sp_pwdp) + + sprintf(ctp, "%d", ssp->sp_lstchg) + + sprintf(ctp, "%d", ssp->sp_min) + + sprintf(ctp, "%d", ssp->sp_max) + + sprintf(ctp, "%d", ssp->sp_warn) + + sprintf(ctp, "%d", ssp->sp_inact) + + sprintf(ctp, "%d", ssp->sp_expire) + 7) > (ENTRY_LENGTH - 1)) { rid_tmpf(); bad_arg("New password entry too long"); } @@ -1660,7 +1661,7 @@ rid_tmpf(void) if (unlink(SHADTEMP)) { msg = "%s: warning: cannot unlink %s\n"; (void) fprintf(stderr, gettext(msg), prognamp, - SHADTEMP); + SHADTEMP); } } @@ -1670,7 +1671,7 @@ rid_tmpf(void) if (unlink(USERATTR_TEMP)) { msg = "%s: warning: cannot unlink %s\n"; (void) fprintf(stderr, gettext(msg), prognamp, - USERATTR_TEMP); + USERATTR_TEMP); } } } diff --git a/usr/src/cmd/ypcmd/net_files/Makefile b/usr/src/cmd/ypcmd/net_files/Makefile index aa72fd8d9e..8495763636 100644 --- a/usr/src/cmd/ypcmd/net_files/Makefile +++ b/usr/src/cmd/ypcmd/net_files/Makefile @@ -18,8 +18,7 @@ # # CDDL HEADER END # -# Copyright 2007 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. # # Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T # All Rights Reserved @@ -28,8 +27,6 @@ # under license from the Regents of the University of # California. # -# ident "%Z%%M% %I% %E% SMI" -# #---- # It is somewhat confusing to note that Solaris 2.x uses /etc/auto_master # instead of the 4.x /etc/auto.master file name because of NIS+ treating a @@ -46,7 +43,7 @@ DIR =/etc # INETDIR=/etc/inet # -# If the audit_user, auth_attr, exec_attr, prof_attr files +# If the auth_attr, exec_attr, prof_attr files # live in a directory other than /etc/security, then you'll # need to change the following line. # @@ -84,7 +81,7 @@ k: all: passwd group hosts ipnodes ethers networks rpc services protocols \ netgroup bootparams aliases publickey netid netmasks c2secure \ timezone auto.master auto.home ageing \ - auth.attr exec.attr prof.attr user.attr audit.user + auth.attr exec.attr prof.attr user.attr c2secure: -@if [ -f $(PWDIR)/security/passwd.adjunct ]; then \ @@ -444,26 +441,6 @@ user.attr.time: $(DIR)/user_attr echo "couldn't find $(DIR)/user_attr"; \ fi -audit.user.time: $(RBACDIR)/audit_user - -@if [ -f $(RBACDIR)/audit_user ]; then \ - sed -e "/^#/d" -e s/#.*$$// $(RBACDIR)/audit_user \ - |sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \ - -e 's/\\$$/\\/;t l' -e } \ - | (nawk 'BEGIN { FS=":"; OFS="\t" } /^[a-zA-Z0-9_]/ \ - {print $$1, $$0 }' $(CHKPIPE)) \ - | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/audit_user; \ - touch audit.user.time; \ - echo "updated audit_user"; \ - if [ ! $(NOPUSH) ]; then \ - $(YPPUSH) audit_user; \ - echo "pushed audit_user"; \ - else \ - : ; \ - fi \ - else \ - echo "couldn't find $(RBACDIR)/audit_user"; \ - fi - ageing.time: $(PWDIR)/shadow -@if [ -f $(PWDIR)/shadow ]; then \ (awk 'BEGIN {FS=":"; OFS=":"} $$1 !~ /^#/ {printf "%s\t%s:%s:%s:%s:%s:%s:%s:%s\n", $$1,$$1,$$3,$$4,$$5,$$6,$$7,$$8,$$9}' $(PWDIR)/shadow) | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/ageing.byname; \ @@ -473,8 +450,6 @@ ageing.time: $(PWDIR)/shadow echo "couldn't find $(PWDIR)/shadow"; \ fi - - passwd: passwd.time group: group.time project: project.time @@ -500,7 +475,6 @@ auth.attr:auth.attr.time exec.attr:exec.attr.time prof.attr:prof.attr.time user.attr:user.attr.time -audit.user:audit.user.time $(DIR)/netid: $(DIR)/timezone: $(DIR)/auto_master: @@ -510,5 +484,4 @@ $(DIR)/auth_attr: $(DIR)/exec_attr: $(DIR)/prof_attr: $(DIR)/user_attr: -$(DIR)/audit_user: ageing: ageing.time diff --git a/usr/src/head/secdb.h b/usr/src/head/secdb.h index 54eca363ef..52ff87cb64 100644 --- a/usr/src/head/secdb.h +++ b/usr/src/head/secdb.h @@ -43,7 +43,7 @@ extern "C" { #define KV_EMPTY "" #define KV_ESCAPE '\\' #define KV_ADD_KEYS 16 /* number of key value pairs to realloc */ -#define KV_SPECIAL "=;:\\"; +#define KV_SPECIAL "=;:\\" #define KV_TOKEN_DELIMIT ":" #define KV_WILDCARD "*" #define KV_WILDCHAR '*' @@ -52,6 +52,7 @@ extern "C" { #define KV_SEPSTR "," #define KV_OBJECTCHAR '/' #define KV_OBJECT "/" +#define KV_AUDIT_DELIMIT ":" #define KV_FLAG_NONE 0x0000 #define KV_FLAG_REQUIRED 0x0001 diff --git a/usr/src/head/user_attr.h b/usr/src/head/user_attr.h index e5e6c9329c..42fbea0a03 100644 --- a/usr/src/head/user_attr.h +++ b/usr/src/head/user_attr.h @@ -19,15 +19,12 @@ * CDDL HEADER END */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. */ #ifndef _USER_ATTR_H #define _USER_ATTR_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif @@ -107,6 +104,7 @@ struct __FILE; /* structure tag for type FILE defined in stdio.h */ #define USERATTR_PASSWD_AUTOMATIC "automatic" #define USERATTR_PASSWD_MANUAL "manual" #define USERATTR_TYPE_ROLE USERATTR_TYPE_NONADMIN_KW +#define USERATTR_AUDIT_FLAGS_KW "audit_flags" /* diff --git a/usr/src/lib/libbc/libc/gen/common/getfaudflgs.c b/usr/src/lib/libbc/libc/gen/common/getfaudflgs.c deleted file mode 100644 index 7a17b58af9..0000000000 --- a/usr/src/lib/libbc/libc/gen/common/getfaudflgs.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 1992 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#pragma ident "%Z%%M% %I% %E% SMI" - -#include <sys/types.h> -#include <sys/label.h> -#include <sys/audit.h> - -#define MAXSTRLEN 360 - -/* getfaudflgs.c */ - -/* - * getfauditflags() - combines system event flag mask with user event - * flag masks. - * - * input: usremasks->as_success - always audit on success - * usremasks->as_failure - always audit on failure - * usrdmasks->as_success - never audit on success - * usrdmasks->as_failure - never audit on failure - * - * output: lastmasks->as_success - audit on success - * lastmasks->as_failure - audit on failure - * - * returns: 0 - ok - * -1 - error - */ - -int -getfauditflags(audit_state_t *usremasks, audit_state_t *usrdmasks, - audit_state_t *lastmasks) -{ - int len = MAXSTRLEN, retstat = 0; - char s_auditstring[MAXSTRLEN]; - audit_state_t masks; - - masks.as_success = 0; - masks.as_failure = 0; - /* - * get system audit mask and convert to bit mask - */ - if ((getacflg(s_auditstring, len)) >= 0) { - if ((getauditflagsbin(s_auditstring, &masks)) != 0) - retstat = -1; - } else - retstat = -1; - - /* - * combine system and user event masks - */ - if (retstat == 0) { - lastmasks->as_success = masks.as_success; - lastmasks->as_failure = masks.as_failure; - - lastmasks->as_success |= usremasks->as_success; - lastmasks->as_failure |= usremasks->as_failure; - - lastmasks->as_success &= ~(usrdmasks->as_success); - lastmasks->as_failure &= ~(usrdmasks->as_failure); - } - return (retstat); -} diff --git a/usr/src/lib/libbc/sparc/Makefile b/usr/src/lib/libbc/sparc/Makefile index b36c5a35ab..a0c3098dfc 100644 --- a/usr/src/lib/libbc/sparc/Makefile +++ b/usr/src/lib/libbc/sparc/Makefile @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. # # @@ -61,7 +60,7 @@ clock.o closedir.o crypt.o ctime.o ctype_.o\ drand48.o dysize.o errlst.o execvp.o exit.o exportent.o ecvt.o\ fabs.o fmod.o frexp.o\ fstab.o ftok.o ftw.o getacinfo.o getauid.o getauditflags.o \ -getcwd.o getenv.o getfaudflgs.o getgraent.o getlogin.o \ +getcwd.o getenv.o getgraent.o getlogin.o \ getopt.o getsubopt.o getpwaent.o getttyent.o\ getttynam.o getusershell.o grpauth.o hsearch.o\ ieee_globals.o index.o isatty.o \ diff --git a/usr/src/lib/libbsm/Makefile b/usr/src/lib/libbsm/Makefile index e437475e3b..9b522bff9e 100644 --- a/usr/src/lib/libbsm/Makefile +++ b/usr/src/lib/libbsm/Makefile @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. # include ../Makefile.lib @@ -71,7 +70,7 @@ clean clobber delete: $(SUBDIRS) ROOTETCSECURITY = $(ROOT)/etc/security $(ROOTETCSECURITY) := DIRMODE = 0755 -ESFILES = audit_class audit_control audit_event audit_user +ESFILES = audit_class audit_control audit_event ESSRC = $(ESFILES:%=%.txt) ETCSECURITYFILES = $(ESFILES:%=$(ROOTETCSECURITY)/%) $(ETCSECURITYFILES) := FILEMODE = 0644 diff --git a/usr/src/lib/libbsm/Makefile.com b/usr/src/lib/libbsm/Makefile.com index f3c98c8467..857b565826 100644 --- a/usr/src/lib/libbsm/Makefile.com +++ b/usr/src/lib/libbsm/Makefile.com @@ -19,8 +19,7 @@ # CDDL HEADER END # # -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. # LIBRARY = libbsm.a @@ -53,7 +52,6 @@ OBJECTS= adr.o \ audit_rshd.o \ audit_settid.o \ audit_shutdown.o \ - audit_user.o \ bsm.o \ generic.o \ getacinfo.o \ diff --git a/usr/src/lib/libbsm/audit_user.txt b/usr/src/lib/libbsm/audit_user.txt deleted file mode 100644 index e951336a85..0000000000 --- a/usr/src/lib/libbsm/audit_user.txt +++ /dev/null @@ -1,34 +0,0 @@ -# -# Copyright 2005 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# ident "%Z%%M% %I% %E% SMI" -# -# -# User Level Audit User File -# -# File Format -# -# username:always:never -# -root:lo:no diff --git a/usr/src/lib/libbsm/common/au_usermask.c b/usr/src/lib/libbsm/common/au_usermask.c index 4ab8313fe4..a693c1f4cb 100644 --- a/usr/src/lib/libbsm/common/au_usermask.c +++ b/usr/src/lib/libbsm/common/au_usermask.c @@ -20,83 +20,90 @@ */ /* - * Copyright 2009 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. + * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. */ -#include <sys/types.h> -#include <stdio.h> -#include <bsm/audit.h> +#include <errno.h> +#include <nss.h> +#include <secdb.h> +#include <stdlib.h> +#include <string.h> +#include <user_attr.h> +#include <zone.h> + #include <bsm/libbsm.h> -#define AUDITSTRING_LEN 512 +#include <adt_xlate.h> /* adt_write_syslog */ + +/* ARGSUSED */ +static int +audit_flags(const char *name, kva_t *kva, void *ctxt, void *pres) +{ + char *val; + + if ((val = kva_match(kva, USERATTR_AUDIT_FLAGS_KW)) != NULL) { + if ((*(char **)ctxt = strdup(val)) == NULL) { + adt_write_syslog("au_user_mask strdup failed", errno); + } + return (1); + } + return (0); +} /* - * Initialize audit preselection mask. This function should be used - * by applications like login that set the process preselection mask - * when a connection or a session is created. - * - * First, the system wide default audit flags are obtained - * from the audit_control(5) file. - * - * Next, the "always audit" flags, obtained from the audit_user(5) database, - * are added. - * - * Finally, the "never audit" flags, also obtained from the audit_user(5) - * database, are subtracted. + * Build user's audit preselection mask. * - * The mask returned can be expressed as: + * per-user audit flags are optional and may be missing. + * If global zone auditing is set, a local zone cannot reduce the default + * flags. * - * (default audit flags + alway audit flags) - never audit flags - * - * If the lookup to audit_control(5) fails, then this function returns - * an error. If the lookup to audit_user(5), the function silently - * continues. + * success flags = (system default success flags + per-user always success) - + * per-user never success flags + * failure flags = (system default failure flags + per-user always failure) - + * per-user never failure flags */ + int -au_user_mask(char *username, au_mask_t *p_mask) +au_user_mask(char *user, au_mask_t *mask) { - char auditstring[AUDITSTRING_LEN]; - au_user_ent_t *p_user = NULL; - int retval = -1; + char *last = NULL; + char deflt[360]; /* matches stuff in getac*.c */ + char *user_flags = NULL; - if (p_mask == NULL) + if (mask == NULL) { return (-1); + } /* - * Get the system wide default audit flags out of the audit_control(5) - * file. + * Get the default audit flags. */ + setac(); - if (getacflg(auditstring, AUDITSTRING_LEN) == 0) { - if (getauditflagsbin(auditstring, p_mask) == 0) { - retval = 0; - } + if (getacflg(deflt, sizeof (deflt)) != 0) { + endac(); + return (-1); } endac(); + (void) getauditflagsbin(deflt, mask); /* - * If you can't get the system wide flags, return an error code - * now and don't bother trying to get the user specific flags. + * Get per-user audit flags. */ - if (retval != 0) { - return (-1); - } + (void) _enum_attrs(user, audit_flags, &user_flags, NULL); + if (user_flags != NULL) { + au_user_ent_t per_user; - /* - * Get the always audit flags and the never audit flags from - * the audit_user(5) database. - */ - setauuser(); - if ((p_user = getauusernam(username)) != (au_user_ent_t *)NULL) { - /* Add always audit flags. */ - p_mask->as_success |= p_user->au_always.as_success; - p_mask->as_failure |= p_user->au_always.as_failure; - /* Subtract never audit flags. */ - p_mask->as_success &= ~(p_user->au_never.as_success); - p_mask->as_failure &= ~(p_user->au_never.as_failure); + (void) getauditflagsbin(_strtok_escape(user_flags, + KV_AUDIT_DELIMIT, &last), &(per_user.au_always)); + (void) getauditflagsbin(_strtok_escape(NULL, + KV_AUDIT_DELIMIT, &last), &(per_user.au_never)); + /* merge default and per-user */ + mask->as_success |= per_user.au_always.as_success; + mask->as_failure |= per_user.au_always.as_failure; + mask->as_success &= ~(per_user.au_never.as_success); + mask->as_failure &= ~(per_user.au_never.as_failure); + free(user_flags); } - endauuser(); return (0); } diff --git a/usr/src/lib/libbsm/common/audit_user.c b/usr/src/lib/libbsm/common/audit_user.c deleted file mode 100644 index 8342687717..0000000000 --- a/usr/src/lib/libbsm/common/audit_user.c +++ /dev/null @@ -1,141 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -/* Interfaces to audit_user(4) (/etc/security/audit_user) */ - -#include <stdio.h> -#include <limits.h> -#include <sys/types.h> -#include <string.h> -#include <bsm/audit.h> -#include <bsm/libbsm.h> -#include <synch.h> -#include <nss_dbdefs.h> -#include <stdlib.h> -#include <utmpx.h> - -#define MAX_USERNAME sizeof (((struct utmpx *)0)->ut_user) - -static mutex_t mutex_userfile = DEFAULTMUTEX; -static au_user_ent_t *auuserstr2ent(au_user_ent_t *, au_user_str_t *); - -/* Externs from libnsl */ -extern void _setauuser(void); -extern void _endauuser(void); -extern au_user_str_t *_getauuserent(au_user_str_t *, char *, int, int *); -extern au_user_str_t *_getauusernam(char *, au_user_str_t *, char *, int, - int *); - -void -setauuser() -{ - (void) mutex_lock(&mutex_userfile); - _setauuser(); - (void) mutex_unlock(&mutex_userfile); -} - -void -endauuser() -{ - (void) mutex_lock(&mutex_userfile); - _endauuser(); - (void) mutex_unlock(&mutex_userfile); -} - -au_user_ent_t * -getauuserent() -{ - static au_user_ent_t au_user_entry; - static char logname[MAX_USERNAME+1]; - - /* initialize au_user_entry structure */ - au_user_entry.au_name = logname; - - return (getauuserent_r(&au_user_entry)); - -} - -au_user_ent_t * -getauuserent_r(au_user_ent_t *au_user_entry) -{ - au_user_str_t us; - au_user_str_t *tmp; - char buf[NSS_BUFLEN_AUDITUSER]; - int errp = 0; - - (void) mutex_lock(&mutex_userfile); - (void) memset(buf, NULL, NSS_BUFLEN_AUDITUSER); - tmp = _getauuserent(&us, buf, NSS_BUFLEN_AUDITUSER, &errp); - (void) mutex_unlock(&mutex_userfile); - - return (auuserstr2ent(au_user_entry, tmp)); -} - -au_user_ent_t * -getauusernam(char *name) -{ - static au_user_ent_t u; - static char logname[MAX_USERNAME+1]; - - /* initialize au_user_entry structure */ - u.au_name = logname; - - return (getauusernam_r(&u, name)); -} - -au_user_ent_t * -getauusernam_r(au_user_ent_t *u, char *name) -{ - au_user_str_t us; - au_user_str_t *tmp; - char buf[NSS_BUFLEN_AUDITUSER]; - int errp = 0; - - if (name == NULL) { - return ((au_user_ent_t *)NULL); - } - tmp = _getauusernam(name, &us, buf, NSS_BUFLEN_AUDITUSER, &errp); - - return (auuserstr2ent(u, tmp)); -} - -static au_user_ent_t * -auuserstr2ent(au_user_ent_t *ue, au_user_str_t *us) -{ - if (us == NULL) - return (NULL); - - if (getauditflagsbin(us->au_always, &ue->au_always) < 0) { - return (NULL); - } - if (getauditflagsbin(us->au_never, &ue->au_never) < 0) { - ue->au_never.am_success = AU_MASK_NONE; - ue->au_never.am_failure = AU_MASK_NONE; - } - (void) strncpy(ue->au_name, us->au_name, MAX_USERNAME); - - return (ue); -} diff --git a/usr/src/lib/libbsm/common/libbsm.h b/usr/src/lib/libbsm/common/libbsm.h index 54b1b4b152..b3f63e28b4 100644 --- a/usr/src/lib/libbsm/common/libbsm.h +++ b/usr/src/lib/libbsm/common/libbsm.h @@ -176,18 +176,6 @@ extern au_class_ent_t *getauclassnam(char *); extern au_class_ent_t *getauclassnam_r(au_class_ent_t *, char *); /* - * Functions that manipulate audit attributes of users - */ - -void setauuser(void); -void endauuser(void); - -au_user_ent_t *getauuserent(void); -au_user_ent_t *getauuserent_r(au_user_ent_t *); -au_user_ent_t *getauusernam(char *); -au_user_ent_t *getauusernam_r(au_user_ent_t *, char *); - -/* * Functions that manipulate the audit control file */ @@ -239,8 +227,6 @@ extern int setaudit(auditinfo_t *); extern int setaudit_addr(auditinfo_addr_t *, int); extern int setauid(au_id_t *); -#define BSM_TEXTBUFSZ 256 /* size of string for generic text token */ - /* * Defines for au_preselect(3) */ diff --git a/usr/src/lib/libbsm/common/mapfile-vers b/usr/src/lib/libbsm/common/mapfile-vers index 673d72efe6..671dd66d10 100644 --- a/usr/src/lib/libbsm/common/mapfile-vers +++ b/usr/src/lib/libbsm/common/mapfile-vers @@ -67,8 +67,6 @@ SYMBOL_VERSION SUNW_0.8 { getauevent_r; getauevnam_r; getauevnum_r; - getauuserent_r; - getauusernam_r; } SUNW_0.7; SYMBOL_VERSION SUNW_0.7 { @@ -99,7 +97,6 @@ SYMBOL_VERSION SUNW_0.7 { endac; endauclass; endauevent; - endauuser; getacdir; getacflg; getacmin; @@ -114,15 +111,12 @@ SYMBOL_VERSION SUNW_0.7 { getauevnonam; getauevnum; getauid; - getauuserent; - getauusernam; getfauditflags; setac; setauclass; setaudit; setauevent; setauid; - setauuser; }; SYMBOL_VERSION SUNWprivate_1.1 { diff --git a/usr/src/lib/libsecdb/user_attr.txt b/usr/src/lib/libsecdb/user_attr.txt index ac804537c9..aa31d7373b 100644 --- a/usr/src/lib/libsecdb/user_attr.txt +++ b/usr/src/lib/libsecdb/user_attr.txt @@ -1,6 +1,5 @@ # -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. # # CDDL HEADER START # @@ -26,7 +25,7 @@ # user attributes. see user_attr(4) # # -root::::auths=solaris.*,solaris.grant;profiles=All;lock_after_retries=no;min_label=admin_low;clearance=admin_high +root::::auths=solaris.*,solaris.grant;profiles=All;audit_flags=lo\:no;lock_after_retries=no;min_label=admin_low;clearance=admin_high lp::::profiles=Printer Management adm::::profiles=Log Management dladm::::auths=solaris.smf.manage.wpa,solaris.smf.modify diff --git a/usr/src/pkg/manifests/SUNWcs.mf b/usr/src/pkg/manifests/SUNWcs.mf index 3f864de738..960b177ada 100644 --- a/usr/src/pkg/manifests/SUNWcs.mf +++ b/usr/src/pkg/manifests/SUNWcs.mf @@ -442,7 +442,6 @@ file path=etc/saf/zsmon/_pmtab group=sys preserve=true file path=etc/security/audit_class group=sys preserve=renamenew file path=etc/security/audit_control group=sys preserve=renamenew file path=etc/security/audit_event group=sys preserve=renamenew -file path=etc/security/audit_user group=sys preserve=renamenew file path=etc/security/audit_warn group=sys mode=0740 preserve=renamenew file path=etc/security/auth_attr group=sys preserve=true \ timestamp=19700101T000000Z |