6351677 bootadm should allow certain sub-commands to be run by non-root users

6369346 bootadm emits error message when running init under pfexec 6429888 bootadm doesn't check arguments as well as it could
author: vikram <none@none> 2006-06-02 13:16:25 -0700
committer: vikram <none@none> 2006-06-02 13:16:25 -0700
commit: 1a97e40eb1d972776a1a1cc4093fc399eb2a59d3 (patch)
tree: e96dafd3e85311d6bd6b90048f6c884e16e0f900 /usr/src
parent: e3e793b1c4791518f806cd8a8a4fafe1a675ba52 (diff)
download: illumos-joyent-1a97e40eb1d972776a1a1cc4093fc399eb2a59d3.tar.gz
3 files changed, 34 insertions, 18 deletions
diff --git a/usr/src/cmd/boot/bootadm/bootadm.c b/usr/src/cmd/boot/bootadm/bootadm.c
index df68f1e116..a2193ed766 100644
--- a/usr/src/cmd/boot/bootadm/bootadm.c
+++ b/usr/src/cmd/boot/bootadm/bootadm.c
@@ -130,6 +130,7 @@ typedef struct {
 	char	*subcmd;
 	option_t option;
 	error_t (*handler)();
+	int	unpriv;			/* is this an unprivileged command */
 } subcmd_defn_t;
 
 
@@ -295,20 +296,20 @@ static void sparc_abort(void);
 
 /* Menu related sub commands */
 static subcmd_defn_t menu_subcmds[] = {
-	"set_option",		OPT_OPTIONAL,	set_option,	/* PUB */
-	"list_entry",		OPT_OPTIONAL,	list_entry,	/* PUB */
-	"delete_all_entries",	OPT_ABSENT,	delete_all_entries, /* PVT */
-	"update_entry",		OPT_REQ,	update_entry,	/* menu */
-	"update_temp",		OPT_OPTIONAL,	update_temp,	/* reboot */
-	NULL,			0,		NULL	/* must be last */
+	"set_option",		OPT_OPTIONAL,	set_option, 0,	/* PUB */
+	"list_entry",		OPT_OPTIONAL,	list_entry, 1,	/* PUB */
+	"delete_all_entries",	OPT_ABSENT,	delete_all_entries, 0, /* PVT */
+	"update_entry",		OPT_REQ,	update_entry, 0, /* menu */
+	"update_temp",		OPT_OPTIONAL,	update_temp, 0,	/* reboot */
+	NULL,			0,		NULL, 0	/* must be last */
 };
 
 /* Archive related sub commands */
 static subcmd_defn_t arch_subcmds[] = {
-	"update",		OPT_ABSENT,	update_archive, /* PUB */
-	"update_all",		OPT_ABSENT,	update_all,	/* PVT */
-	"list",			OPT_OPTIONAL,	list_archive,	/* PUB */
-	NULL,			0,		NULL	/* must be last */
+	"update",		OPT_ABSENT,	update_archive, 0, /* PUB */
+	"update_all",		OPT_ABSENT,	update_all, 0,	/* PVT */
+	"list",			OPT_OPTIONAL,	list_archive, 1, /* PUB */
+	NULL,			0,		NULL, 0	/* must be last */
 };
 
 static struct {
@@ -348,12 +349,6 @@ main(int argc, char *argv[])
 		prog++;
 	}
 
-	if (geteuid() != 0) {
-		bam_error(MUST_BE_ROOT);
-		bam_exit(1);
-	}
-
-	bam_lock();
 
 	/*
 	 * Don't depend on caller's umask
@@ -610,6 +605,14 @@ check_subcmd_and_options(
 		return (BAM_ERROR);
 	}
 
+	if (bam_argc != 0 || bam_argv) {
+		if (strcmp(subcmd, "set_option") != 0 || bam_argc != 1) {
+			bam_error(TRAILING_ARGS);
+			usage();
+			return (BAM_ERROR);
+		}
+	}
+
 	if (bam_root == NULL) {
 		bam_root = rootbuf;
 		bam_rootlen = 1;
@@ -626,6 +629,17 @@ check_subcmd_and_options(
 		return (BAM_ERROR);
 	}
 
+	if (table[i].unpriv == 0 && geteuid() != 0) {
+		bam_error(MUST_BE_ROOT);
+		return (BAM_ERROR);
+	}
+
+	/*
+	 * Currently only privileged commands need a lock
+	 */
+	if (table[i].unpriv == 0)
+		bam_lock();
+
 	/* subcmd verifies that opt is appropriate */
 	if (table[i].option != OPT_OPTIONAL) {
 		if ((table[i].option == OPT_REQ) ^ (opt != NULL)) {
diff --git a/usr/src/cmd/boot/bootadm/message.h b/usr/src/cmd/boot/bootadm/message.h
index 7b4117e717..5620fbb04c 100644
--- a/usr/src/cmd/boot/bootadm/message.h
+++ b/usr/src/cmd/boot/bootadm/message.h
@@ -38,7 +38,7 @@ extern "C" {
 
 #define	DIR_MISS gettext("directory not found: %s\n")
 
-#define	MUST_BE_ROOT gettext("you must be root to run this program\n")
+#define	MUST_BE_ROOT gettext("you must be root to run this command\n")
 
 #define	NOT_GRUB_BOOT gettext("%s: not a GRUB boot OS instance\n")
 
@@ -301,6 +301,8 @@ the failsafe archive unbootable\n")
 
 #define	BAD_ROOT_FILE gettext("file is invalid: %s\n")
 
+#define	TRAILING_ARGS gettext("invalid trailing arguments\n")
+
 #define	RESTORING_GRUB \
 	gettext("No GRUB installation found. Restoring GRUB from backup\n")
 
diff --git a/usr/src/lib/libsecdb/exec_attr.txt b/usr/src/lib/libsecdb/exec_attr.txt
index e7d8774173..6ded54c77d 100644
--- a/usr/src/lib/libsecdb/exec_attr.txt
+++ b/usr/src/lib/libsecdb/exec_attr.txt
@@ -129,7 +129,7 @@ Maintenance and Repair:suser:cmd:::/usr/bin/ldd:euid=0
 Maintenance and Repair:suser:cmd:::/usr/bin/vmstat:euid=0
 Maintenance and Repair:suser:cmd:::/usr/sbin/eeprom:euid=0
 Maintenance and Repair:suser:cmd:::/usr/sbin/halt:euid=0
-Maintenance and Repair:suser:cmd:::/sbin/init:euid=0
+Maintenance and Repair:suser:cmd:::/sbin/init:uid=0
 Maintenance and Repair:suser:cmd:::/usr/sbin/poweroff:uid=0
 Maintenance and Repair:suser:cmd:::/usr/sbin/prtconf:euid=0
 Maintenance and Repair:suser:cmd:::/usr/sbin/reboot:uid=0
author	vikram <none@none>	2006-06-02 13:16:25 -0700
committer	vikram <none@none>	2006-06-02 13:16:25 -0700
commit	1a97e40eb1d972776a1a1cc4093fc399eb2a59d3 (patch)
tree	e96dafd3e85311d6bd6b90048f6c884e16e0f900 /usr/src
parent	e3e793b1c4791518f806cd8a8a4fafe1a675ba52 (diff)
download	illumos-joyent-1a97e40eb1d972776a1a1cc4093fc399eb2a59d3.tar.gz