search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
various: no need to link against libsocket
[unleashed-userland.git] / components / python / python27 / patches / 09-rbac.patch
blob919f69974a87f04faaf95f43210243b80e145e2e
1 This patch provides Python RBAC support.
2
3 diff --git Python-2.6.4/Modules/authattr.c Python-2.6.4/Modules/authattr.c
4 new file mode 100644
5 --- /dev/null
6 +++ Python-2.6.4/Modules/authattr.c
7 @@ -0,0 +1,261 @@
8 +/*
9 + * CDDL HEADER START
10 + *
11 + * The contents of this file are subject to the terms of the
12 + * Common Development and Distribution License (the "License").
13 + * You may not use this file except in compliance with the License.
14 + *
15 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
16 + * or http://www.opensolaris.org/os/licensing.
17 + * See the License for the specific language governing permissions
18 + * and limitations under the License.
19 + *
20 + * When distributing Covered Code, include this CDDL HEADER in each
21 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
22 + * If applicable, add the following below this CDDL HEADER, with the
23 + * fields enclosed by brackets "[]" replaced with your own identifying
24 + * information: Portions Copyright [yyyy] [name of copyright owner]
25 + *
26 + * CDDL HEADER END
27 + */
28 +
29 +/*
30 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
31 + */
32 +
33 +/*
34 + * RBAC Bindings for Python - auth_attr functions
35 + */
36 +
37 +#include <auth_attr.h>
38 +#include "Python.h"
39 +#include "pyrbac.h"
40 +
41 +static PyObject*
42 +pyrbac_setauthattr(PyObject* self, PyObject* args) {
43 + setauthattr();
44 + return Py_None;
45 +}
46 +
47 +static PyObject*
48 +pyrbac_endauthattr(PyObject* self, PyObject* args) {
49 + endauthattr();
50 + return Py_None;
51 +}
52 +
53 +PyObject*
54 +pyrbac_getauthnamattr(PyObject* self, char* authname, int mode) {
55 +
56 +
57 +
58 + authattr_t * ret_authattr = (mode == PYRBAC_NAM_MODE) ? getauthnam(authname) : getauthattr();
59 + if (ret_authattr == NULL)
60 + return Py_None;
61 +
62 + PyObject* kv_data = PyDict_New();
63 + if (kv_data == NULL) {
64 + free_authattr(ret_authattr);
65 + return NULL;
66 + }
67 +
68 + if(ret_authattr->attr != NULL) {
69 + int len;
70 + for(len = 0; len < ret_authattr->attr->length; len++) {
71 + kv_t current = ret_authattr->attr->data[len];
72 +
73 + PyObject* set = PyList_New(NULL);
74 + char* saveptr;
75 + char* item = strtok_r(current.value, ",", &saveptr);
76 + PyList_Append(set, PyString_FromString(item));
77 +
78 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
79 + if(PyList_Append(set, PyString_FromString(item)) != 0) {
80 + Py_XDECREF(set);
81 + Py_XDECREF(kv_data);
82 + free_authattr(ret_authattr);
83 + return NULL;
84 + }
85 + }
86 + if(PyDict_SetItemString(kv_data, current.key, set)) {
87 + free_authattr(ret_authattr);
88 + return NULL;
89 + }
90 + }
91 + }
92 + PyObject * retval = Py_BuildValue("{s:s,s:s,s:s,s:s,s:s,s:O}",
93 + "name",ret_authattr->name,
94 + "res1",ret_authattr->res1,
95 + "res2",ret_authattr->res2,
96 + "short",ret_authattr->short_desc,
97 + "long",ret_authattr->long_desc,
98 + "attributes",kv_data);
99 +
100 + free_authattr(ret_authattr);
101 + return retval;
102 +
103 +}
104 +
105 +static PyObject*
106 +pyrbac_getauthattr(PyObject* self, PyObject* args) {
107 + return(pyrbac_getauthnamattr(self, NULL, PYRBAC_ATTR_MODE));
108 +}
109 +
110 +static PyObject*
111 +pyrbac_getauthnam(PyObject* self, PyObject* args) {
112 + char* name = NULL;
113 + if(!PyArg_ParseTuple(args, "s:getauthnam", &name))
114 + return NULL;
115 + return(pyrbac_getauthnamattr(self, name, PYRBAC_NAM_MODE));
116 +}
117 +
118 +static PyObject *
119 +pyrbac_chkauthattr(PyObject* self, PyObject* args) {
120 + char* authstring = NULL;
121 + char* username = NULL;
122 + if(!PyArg_ParseTuple(args, "ss:chkauthattr", &authstring, &username))
123 + return NULL;
124 + return PyBool_FromLong((long)chkauthattr(authstring, username));
125 +}
126 +
127 +static PyObject*
128 +pyrbac_authattr_next(PyObject* self, PyObject* args) {
129 + PyObject* retval = pyrbac_getauthattr(self, args);
130 + if( retval == Py_None ) {
131 + setauthattr();
132 + return NULL;
133 + }
134 + return retval;
135 +}
136 +static PyObject*
137 +pyrbac_authattr__iter__(PyObject* self, PyObject* args) {
138 + return self;
139 +}
140 +
141 +typedef struct {
142 + PyObject_HEAD
143 +} Authattr;
144 +
145 +static void
146 +Authattr_dealloc(Authattr* self) {
147 + endauthattr();
148 + self->ob_type->tp_free((PyObject*) self);
149 +}
150 +
151 +static PyObject*
152 +Authattr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
153 + Authattr *self;
154 + self = (Authattr*)type->tp_alloc(type, 0);
155 +
156 + return ((PyObject *) self);
157 +}
158 +
159 +static int
160 +Authattr_init(Authattr* self, PyObject *args, PyObject *kwargs) {
161 + setauthattr();
162 + return 0;
163 +}
164 +
165 +static char pyrbac_authattr__doc__[];
166 +
167 +PyDoc_STRVAR(pyrbac_authattr__doc__, """provides interfaces to the auth_attr \
168 +database. may be iterated over to return all auth_attr entries\n\n\
169 +Methods provided:\n\
170 +setauthattr\n\
171 +endauthattr\n\
172 +getauthattr\n\
173 +chkauthattr\n\
174 +getauthnam""");
175 +
176 +static char pyrbac_setauthattr__doc__[];
177 +static char pyrbac_endauthattr__doc__[];
178 +static char pyrbac_getauthattr__doc__[];
179 +static char pyrbac_chkauthattr__doc__[];
180 +
181 +PyDoc_STRVAR(pyrbac_setauthattr__doc__,
182 +"\"rewinds\" the auth_attr functions to the first entry in the db. Called \
183 +automatically by the constructor\n\tArguments: None\n\tReturns: None");
184 +
185 +PyDoc_STRVAR(pyrbac_endauthattr__doc__,
186 +"closes the auth_attr database, cleans up storage. called automatically by \
187 +the destructor\n\tArguments: None\n\tReturns: None");
188 +
189 +PyDoc_STRVAR(pyrbac_chkauthattr__doc__, "verifies if a user has a given \
190 +authorization.\n\tArguments: 2 Python strings, 'authname' and 'username'\n\
191 +\tReturns: True if the user is authorized, False otherwise");
192 +
193 +PyDoc_STRVAR(pyrbac_getauthattr__doc__,
194 +"return one entry from the auth_attr database\n\
195 +\tArguments: None\n\
196 +\tReturns: a dict representing the authattr_t struct:\n\
197 +\t\t\"name\": Authorization Name\n\
198 +\t\t\"res1\": reserved\n\
199 +\t\t\"res2\": reserved\n\
200 +\t\t\"short\": Short Description\n\
201 +\t\t\"long\": Long Description\n\
202 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
203 +or a string depending on value");
204 +
205 +PyDoc_STRVAR(pyrbac_getauthnam__doc__,
206 +"searches the auth_attr database for a given authorization name\n\
207 +\tArguments: a Python string containing the auth name\n\
208 +\tReturns: a dict representing the authattr_t struct:\n\
209 +\t\t\"name\": Authorization Name\n\
210 +\t\t\"res1\": reserved\n\
211 +\t\t\"res2\": reserved\n\
212 +\t\t\"short\": Short Description\n\
213 +\t\t\"long\": Long Description\n\
214 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
215 +or a string depending on value");
216 +
217 +static PyMethodDef Authattr_methods[] = {
218 + {"setauthattr", pyrbac_setauthattr, METH_NOARGS, pyrbac_setauthattr__doc__},
219 + {"endauthattr", pyrbac_endauthattr, METH_NOARGS, pyrbac_endauthattr__doc__},
220 + {"chkauthattr", pyrbac_chkauthattr, METH_VARARGS, pyrbac_chkauthattr__doc__},
221 + {"getauthattr", pyrbac_getauthattr, METH_NOARGS, pyrbac_getauthattr__doc__},
222 + {"getauthnam", pyrbac_getauthnam, METH_VARARGS, pyrbac_getauthnam__doc__},
223 + {NULL}
224 +};
225 +
226 +PyTypeObject AuthattrType = {
227 + PyObject_HEAD_INIT(NULL)
228 + 0, /*ob_size*/
229 + "rbac.authattr", /*tp_name*/
230 + sizeof(Authattr), /*tp_basicsize*/
231 + 0, /*tp_itemsize*/
232 + (destructor)Authattr_dealloc, /*tp_dealloc*/
233 + 0, /*tp_print*/
234 + 0, /*tp_getattr*/
235 + 0, /*tp_setattr*/
236 + 0, /*tp_compare*/
237 + 0, /*tp_repr*/
238 + 0, /*tp_as_number*/
239 + 0, /*tp_as_sequence*/
240 + 0, /*tp_as_mapping*/
241 + 0, /*tp_hash */
242 + 0, /*tp_call*/
243 + 0, /*tp_str*/
244 + 0, /*tp_getattro*/
245 + 0, /*tp_setattro*/
246 + 0, /*tp_as_buffer*/
247 + Py_TPFLAGS_DEFAULT |
248 + Py_TPFLAGS_BASETYPE |
249 + Py_TPFLAGS_HAVE_ITER, /*tp_flags*/
250 + pyrbac_authattr__doc__, /* tp_doc */
251 + 0, /* tp_traverse */
252 + 0, /* tp_clear */
253 + 0, /* tp_richcompare */
254 + 0, /* tp_weaklistoffset */
255 + pyrbac_authattr__iter__, /* tp_iter */
256 + pyrbac_authattr_next, /* tp_iternext */
257 + Authattr_methods, /* tp_methods */
258 + 0, /* tp_members */
259 + 0, /* tp_getset */
260 + 0, /* tp_base */
261 + 0, /* tp_dict */
262 + 0, /* tp_descr_get */
263 + 0, /* tp_descr_set */
264 + 0, /* tp_dictoffset */
265 + (initproc)Authattr_init, /* tp_init */
266 + 0, /* tp_alloc */
267 + Authattr_new, /* tp_new */
268 +};
269 diff --git Python-2.6.4/Modules/execattr.c Python-2.6.4/Modules/execattr.c
270 new file mode 100644
271 --- /dev/null
272 +++ Python-2.6.4/Modules/execattr.c
273 @@ -0,0 +1,313 @@
274 +/*
275 + * CDDL HEADER START
276 + *
277 + * The contents of this file are subject to the terms of the
278 + * Common Development and Distribution License (the "License").
279 + * You may not use this file except in compliance with the License.
280 + *
281 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
282 + * or http://www.opensolaris.org/os/licensing.
283 + * See the License for the specific language governing permissions
284 + * and limitations under the License.
285 + *
286 + * When distributing Covered Code, include this CDDL HEADER in each
287 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
288 + * If applicable, add the following below this CDDL HEADER, with the
289 + * fields enclosed by brackets "[]" replaced with your own identifying
290 + * information: Portions Copyright [yyyy] [name of copyright owner]
291 + *
292 + * CDDL HEADER END
293 + */
294 +
295 +/*
296 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
297 + */
298 +
299 +/*
300 + * RBAC Bindings for Python - exec_attr functions
301 + */
302 +
303 +#include <exec_attr.h>
304 +#include "Python.h"
305 +#include "pyrbac.h"
306 +
307 +static PyObject *
308 +pyrbac_setexecattr(PyObject* self, PyObject* args) {
309 + setexecattr();
310 + return Py_None;
311 +}
312 +
313 +static PyObject *
314 +pyrbac_endexecattr(PyObject* self, PyObject* args) {
315 + endexecattr();
316 + return Py_None;
317 +}
318 +
319 +PyObject *
320 +pyrbac_getexecuserprofattr(PyObject* self, char* userprofname, char* type, char* id, int mode) {
321 +
322 + PyObject* ep_data = (mode == PYRBAC_ATTR_MODE) ? NULL : PyList_New(0);
323 +
324 + if (ep_data == NULL && mode != PYRBAC_ATTR_MODE )
325 + return NULL;
326 +
327 + execattr_t *execprof;
328 + if (mode == PYRBAC_USER_MODE)
329 + execprof = getexecuser(userprofname, type, id, GET_ALL);
330 + else if (mode == PYRBAC_PROF_MODE)
331 + execprof = getexecprof(userprofname, type, id, GET_ALL);
332 + else if (mode == PYRBAC_ATTR_MODE)
333 + execprof = getexecattr();
334 + else
335 + return NULL;
336 +
337 + if (execprof == NULL)
338 + return Py_None;
339 +
340 + execattr_t *execprof_head = execprof;
341 +
342 + while(execprof != NULL) {
343 +
344 + PyObject* kv_data = PyDict_New();
345 +
346 + if(execprof->attr != NULL) {
347 + int len;
348 + for(len = 0; len < execprof->attr->length; len++) {
349 + kv_t current = execprof->attr->data[len];
350 +
351 + PyObject* set = PyList_New(NULL);
352 + char* saveptr;
353 + char* item = strtok_r(current.value, ",", &saveptr);
354 + PyList_Append(set, PyString_FromString(item));
355 +
356 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
357 + if(PyList_Append(set, PyString_FromString(item)) != 0) {
358 + Py_XDECREF(set);
359 + Py_XDECREF(kv_data);
360 + free_execattr(execprof_head);
361 + return NULL;
362 + }
363 + }
364 + if(PyDict_SetItemString(kv_data, current.key, set)) {
365 + free_execattr(execprof_head);
366 + return NULL;
367 + }
368 + }
369 + }
370 + PyObject* entry = Py_BuildValue("{s:s,s:s,s:s,s:s,s:s,s:s,s:O}",
371 + "name", execprof->name,
372 + "type", execprof->type,
373 + "policy", execprof->policy,
374 + "res1", execprof->res1,
375 + "res2", execprof->res2,
376 + "id", execprof->id,
377 + "attributes", kv_data);
378 +
379 + if (entry == NULL) {
380 + Py_XDECREF(kv_data);
381 + free_execattr(execprof_head);
382 + return NULL;
383 + }
384 +
385 + if (mode == PYRBAC_ATTR_MODE) {
386 + free_execattr(execprof_head);
387 + return(entry);
388 + }
389 + PyList_Append(ep_data, entry);
390 + execprof = execprof->next;
391 + }
392 +
393 + free_execattr(execprof_head);
394 + return(ep_data);
395 +
396 +}
397 +
398 +static PyObject *
399 +pyrbac_getexecuser(PyObject* self, PyObject* args) {
400 + char* username = NULL;
401 + char* type = NULL;
402 + char* id = NULL;
403 +
404 + if(!PyArg_ParseTuple(args, "sss:getexecuser", &username, &type, &id))
405 + return NULL;
406 +
407 + return (pyrbac_getexecuserprofattr(self, username, type, id, PYRBAC_USER_MODE));
408 +}
409 +
410 +static PyObject *
411 +pyrbac_getexecprof(PyObject* self, PyObject* args) {
412 +
413 + char* profname = NULL;
414 + char* type = NULL;
415 + char* id = NULL;
416 +
417 + if(!PyArg_ParseTuple(args, "sss:getexecprof", &profname, &type, &id))
418 + return NULL;
419 +
420 + return (pyrbac_getexecuserprofattr(self, profname, type, id, PYRBAC_PROF_MODE));
421 +}
422 +
423 +static PyObject*
424 +pyrbac_getexecattr(PyObject* self, PyObject* args) {
425 + return pyrbac_getexecuserprofattr(self, NULL, NULL, NULL, PYRBAC_ATTR_MODE);
426 +}
427 +
428 +static PyObject*
429 +pyrbac_execattr_next(PyObject* self, PyObject* args) {
430 + PyObject* retval = pyrbac_getexecattr(self, args);
431 + if( retval == Py_None ) {
432 + setexecattr();
433 + return NULL;
434 + }
435 + return retval;
436 +}
437 +static PyObject*
438 +pyrbac_execattr__iter__(PyObject* self, PyObject* args) {
439 + return self;
440 +}
441 +
442 +typedef struct {
443 + PyObject_HEAD
444 +} Execattr;
445 +
446 +static void
447 +Execattr_dealloc(Execattr* self) {
448 + endexecattr();
449 + self->ob_type->tp_free((PyObject*) self);
450 +}
451 +
452 +static PyObject*
453 +Execattr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
454 + Execattr *self;
455 + self = (Execattr*)type->tp_alloc(type, 0);
456 +
457 + return ((PyObject *) self);
458 +}
459 +
460 +static int
461 +Execattr_init(Execattr* self, PyObject *args, PyObject *kwargs) {
462 + setexecattr();
463 + return 0;
464 +}
465 +
466 +static char pyrbac_execattr__doc__[];
467 +
468 +PyDoc_STRVAR(pyrbac_execattr__doc__, "provides functions for \
469 +interacting with the execution profiles database. May be iterated over to \
470 +enumerate exec_attr(4) entries\n\n\
471 +Methods provided:\n\
472 +setexecattr\n\
473 +endexecattr\n\
474 +getexecattr\n\
475 +getexecprof\n\
476 +getexecuser");
477 +
478 +
479 +static char pyrbac_getexecuser__doc__[];
480 +static char pyrbac_getexecprof__doc__[];
481 +static char pyrbac_getexecattr__doc__[];
482 +static char pyrbac_setexecattr__doc__[];
483 +static char pyrbac_endexecattr__doc__[];
484 +
485 +PyDoc_STRVAR(pyrbac_setexecattr__doc__,
486 +"\"rewinds\" the exec_attr functions to the first entry in the db. Called \
487 +automatically by the constructor.\n\
488 +\tArguments: None\
489 +\tReturns: None");
490 +
491 +PyDoc_STRVAR(pyrbac_endexecattr__doc__,
492 +"closes the exec_attr database, cleans up storage. called automatically by \
493 +the destructor.\n\
494 +\tArguments: None\
495 +\tReturns: None");
496 +
497 +PyDoc_STRVAR(pyrbac_getexecuser__doc__, "corresponds with getexecuser(3SECDB)\
498 +\nTakes: \'username\', \'type\', \'id\'\n\
499 +Return: a single exec_attr entry\n\
500 +\tArguments: None\n\
501 +\tReturns: a dict representation of an execattr_t struct:\n\
502 +\t\t\"name\": Authorization Name\n\
503 +\t\t\"type\": Profile Type\n\
504 +\t\t\"policy\": Policy attributes are relevant in\n\
505 +\t\t\"res1\": reserved\n\
506 +\t\t\"res2\": reserved\n\
507 +\t\t\"id\": unique identifier\n\
508 +\t\t\"attributes\": A Python dict keyed by attribute & valued as\
509 +either a list or a string depending on value");
510 +
511 +PyDoc_STRVAR(pyrbac_getexecprof__doc__, "corresponds with getexecprof(3SECDB)\
512 +\nTakes: \'profile name\', \'type\', \'id\'\n\
513 +\tReturns: a dict representation of an execattr_t struct:\n\
514 +\t\t\"name\": Authorization Name\n\
515 +\t\t\"type\": Profile Type\n\
516 +\t\t\"policy\": Policy attributes are relevant in\n\
517 +\t\t\"res1\": reserved\n\
518 +\t\t\"res2\": reserved\n\
519 +\t\t\"id\": unique identifier\n\
520 +\t\t\"attributes\": A Python dict keyed by attribute & valued as\
521 +either a list or a string depending on value");
522 +
523 +PyDoc_STRVAR(pyrbac_getexecattr__doc__, "corresponds with getexecattr(3SECDB)\
524 +\nTakes 0 arguments\n\
525 +\tReturns: a dict representation of an execattr_t struct:\n\
526 +\t\t\"name\": Authorization Name\n\
527 +\t\t\"type\": Profile Type\n\
528 +\t\t\"policy\": Policy attributes are relevant in\n\
529 +\t\t\"res1\": reserved\n\
530 +\t\t\"res2\": reserved\n\
531 +\t\t\"id\": unique identifier\n\
532 +\t\t\"attributes\": A Python dict keyed by attribute & valued as\
533 +either a list or a string depending on value");
534 +
535 +static PyMethodDef Execattr_methods[] = {
536 + {"setexecattr", pyrbac_setexecattr, METH_NOARGS, pyrbac_setexecattr__doc__},
537 + {"endexecattr", pyrbac_endexecattr, METH_NOARGS, pyrbac_endexecattr__doc__},
538 + {"getexecprof", pyrbac_getexecprof, METH_VARARGS, pyrbac_getexecprof__doc__},
539 + {"getexecuser", pyrbac_getexecuser, METH_VARARGS, pyrbac_getexecuser__doc__},
540 + {"getexecattr", pyrbac_getexecattr, METH_NOARGS, pyrbac_getexecattr__doc__},
541 + {NULL}
542 +};
543 +
544 +PyTypeObject ExecattrType = {
545 + PyObject_HEAD_INIT(NULL)
546 + 0, /*ob_size*/
547 + "rbac.execattr", /*tp_name*/
548 + sizeof(Execattr), /*tp_basicsize*/
549 + 0, /*tp_itemsize*/
550 + (destructor)Execattr_dealloc, /*tp_dealloc*/
551 + 0, /*tp_print*/
552 + 0, /*tp_getattr*/
553 + 0, /*tp_setattr*/
554 + 0, /*tp_compare*/
555 + 0, /*tp_repr*/
556 + 0, /*tp_as_number*/
557 + 0, /*tp_as_sequence*/
558 + 0, /*tp_as_mapping*/
559 + 0, /*tp_hash */
560 + 0, /*tp_call*/
561 + 0, /*tp_str*/
562 + 0, /*tp_getattro*/
563 + 0, /*tp_setattro*/
564 + 0, /*tp_as_buffer*/
565 + Py_TPFLAGS_DEFAULT |
566 + Py_TPFLAGS_BASETYPE |
567 + Py_TPFLAGS_HAVE_ITER, /*tp_flags*/
568 + pyrbac_execattr__doc__, /* tp_doc */
569 + 0, /* tp_traverse */
570 + 0, /* tp_clear */
571 + 0, /* tp_richcompare */
572 + 0, /* tp_weaklistoffset */
573 + pyrbac_execattr__iter__, /* tp_iter */
574 + pyrbac_execattr_next, /* tp_iternext */
575 + Execattr_methods, /* tp_methods */
576 + 0, /* tp_members */
577 + 0, /* tp_getset */
578 + 0, /* tp_base */
579 + 0, /* tp_dict */
580 + 0, /* tp_descr_get */
581 + 0, /* tp_descr_set */
582 + 0, /* tp_dictoffset */
583 + (initproc)Execattr_init, /* tp_init */
584 + 0, /* tp_alloc */
585 + Execattr_new, /* tp_new */
586 +};
587 diff --git Python-2.6.4/Modules/privileges.c Python-2.6.4/Modules/privileges.c
588 new file mode 100644
589 --- /dev/null
590 +++ Python-2.6.4/Modules/privileges.c
591 @@ -0,0 +1,229 @@
592 +/*
593 + * CDDL HEADER START
594 + *
595 + * The contents of this file are subject to the terms of the
596 + * Common Development and Distribution License (the "License").
597 + * You may not use this file except in compliance with the License.
598 + *
599 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
600 + * or http://www.opensolaris.org/os/licensing.
601 + * See the License for the specific language governing permissions
602 + * and limitations under the License.
603 + *
604 + * When distributing Covered Code, include this CDDL HEADER in each
605 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
606 + * If applicable, add the following below this CDDL HEADER, with the
607 + * fields enclosed by brackets "[]" replaced with your own identifying
608 + * information: Portions Copyright [yyyy] [name of copyright owner]
609 + *
610 + * CDDL HEADER END
611 + */
612 +
613 +/*
614 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
615 + */
616 +
617 +/*
618 + * privileges(5) bindings for Python
619 + */
620 +
621 +#include <priv.h>
622 +#include "Python.h"
623 +
624 +static PyObject *
625 +pyprivileges_setppriv( PyObject *self, PyObject *args) {
626 + priv_op_t op = -1 ;
627 + priv_ptype_t which = NULL;
628 +
629 + PyObject* set_list = NULL;
630 +
631 + priv_set_t * set = NULL;
632 +
633 + if(!PyArg_ParseTuple(args, "iiO:setppriv", &op, &which, &set_list))
634 + return NULL;
635 +
636 + if((op != PRIV_ON && op != PRIV_OFF && op != PRIV_SET) ||
637 + (which != PRIV_PERMITTED && which != PRIV_EFFECTIVE &&
638 + which != PRIV_INHERITABLE && which != PRIV_LIMIT))
639 + return NULL;
640 +
641 + PyObject* set_string = PyList_GetItem(set_list, 0);
642 + int i;
643 + for (i = 1; i < PyList_Size(set_list); ++i) {
644 + PyString_Concat(&set_string, PyString_FromString(","));
645 + PyString_Concat(&set_string, PyList_GetItem(set_list, i));
646 + }
647 +
648 + set = priv_str_to_set(PyString_AsString(set_string), ",", NULL );
649 +
650 + if ( set == NULL )
651 + return NULL;
652 +
653 + long ret = (long) setppriv(op, which, set);
654 + priv_freeset(set);
655 + // Python inverts true & false
656 + if(ret)
657 + Py_RETURN_FALSE;
658 +
659 + Py_RETURN_TRUE;
660 +}
661 +
662 +static PyObject *
663 +pyprivileges_getppriv( PyObject *self, PyObject *args) {
664 +
665 + char* set_str = NULL;
666 + priv_ptype_t which = NULL;
667 + priv_set_t * set = priv_allocset();
668 + if (set == NULL)
669 + return NULL;
670 +
671 + if(!PyArg_ParseTuple(args, "i:getppriv", &which))
672 + return NULL;
673 +
674 + if (which != PRIV_PERMITTED && which != PRIV_EFFECTIVE &&
675 + which != PRIV_INHERITABLE && which != PRIV_LIMIT)
676 + return NULL;
677 +
678 + if (getppriv(which, set) != 0)
679 + return NULL;
680 +
681 + set_str = priv_set_to_str(set, ',', PRIV_STR_LIT);
682 + priv_freeset(set);
683 +
684 + PyObject* set_list = PyList_New(NULL);
685 + char* saveptr;
686 + char* item = strtok_r(set_str, ",", &saveptr);
687 + PyList_Append(set_list, PyString_FromString(item));
688 +
689 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
690 + if(PyList_Append(set_list, PyString_FromString(item)) != 0) {
691 + Py_XDECREF(set_list);
692 + return NULL;
693 + }
694 + }
695 +
696 + return(set_list);
697 +}
698 +
699 +static PyObject *
700 +pyprivileges_priv_inverse( PyObject *self, PyObject *args ) {
701 +
702 + PyObject* set_list_in = NULL;
703 + if(!PyArg_ParseTuple(args, "O:priv_inverse", &set_list_in))
704 + return NULL;
705 +
706 + PyObject* set_string = PyList_GetItem(set_list_in, 0);
707 + int i;
708 + for (i = 1; i < PyList_Size(set_list_in); ++i) {
709 + PyString_Concat(set_string, PyString_FromString(","));
710 + PyString_Concat(set_string, PyList_GetItem(set_list_in, i));
711 + }
712 +
713 + priv_set_t * set = priv_str_to_set(PyString_AsString(set_string), ",", NULL);
714 + if (set == NULL)
715 + return NULL;
716 + priv_inverse(set);
717 + char * ret_str = priv_set_to_str(set, ',', PRIV_STR_LIT);
718 + priv_freeset(set);
719 +
720 + PyObject* set_list_out = PyList_New(NULL);
721 + char* saveptr;
722 + char* item = strtok_r(ret_str, ",", &saveptr);
723 + PyList_Append(set_list_out, PyString_FromString(item));
724 +
725 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
726 + if(PyList_Append(set_list_out, PyString_FromString(item)) != 0) {
727 + Py_XDECREF(set_list_out);
728 + return NULL;
729 + }
730 + }
731 +
732 + Py_XDECREF(set_list_in);
733 +
734 + return(set_list_out);
735 +}
736 +
737 +/* priv_ineffect is a convienient wrapper to priv_get
738 + * however priv_set is, in the context of python, not
739 + * much of a convienience, so it's omitted
740 + */
741 +static PyObject *
742 +pyprivileges_priv_ineffect(PyObject* self, PyObject* args) {
743 + char* privstring=NULL;
744 + if (!PyArg_ParseTuple(args, "s:priv_ineffect", &privstring))
745 + return NULL;
746 + return PyBool_FromLong(priv_ineffect(privstring));
747 +}
748 +
749 +
750 +static char pyprivileges__doc__[];
751 +PyDoc_STRVAR(pyprivileges__doc__,
752 +"Provides functions for interacting with the Solaris privileges(5) framework\n\
753 +Functions provided:\n\
754 +setppriv\n\
755 +getppriv\n\
756 +priv_ineffect\n\
757 +priv_inverse");
758 +
759 +static char pyprivileges_setppriv__doc__[];
760 +static char pyprivileges_getppriv__doc__[];
761 +static char pyprivileges_priv_ineffect__doc__[];
762 +static char pyprivileges_priv_inverse__doc__[];
763 +
764 +PyDoc_STRVAR(pyprivileges_setppriv__doc__,
765 +"Facilitates setting the permitted/inheritable/limit/effective privileges set\n\
766 +\tArguments:\n\
767 +\t\tone of (PRIV_ON|PRIV_OFF|PRIV_SET)\n\
768 +\t\tone of (PRIV_PERMITTED|PRIV_INHERITABLE|PRIV_LIMIT|PRIV_EFFECTIVE)\n\
769 +\t\tset of privileges: a list of strings\n\
770 +\tReturns: True on success, False on failure\
771 +");
772 +
773 +PyDoc_STRVAR(pyprivileges_getppriv__doc__,
774 +"Return the process privilege set\n\
775 +\tArguments:\n\
776 +\t\tone of (PRIV_PERMITTED|PRIV_INHERITABLE|PRIV_LIMIT|PRIV_EFFECTIVE)\n\
777 +\tReturns: a Python list of strings");
778 +
779 +PyDoc_STRVAR(pyprivileges_priv_ineffect__doc__,
780 +"Checks for a privileges presence in the effective set\n\
781 +\tArguments: a String\n\
782 +\tReturns: True if the privilege is in effect, False otherwise");
783 +
784 +PyDoc_STRVAR(pyprivileges_priv_inverse__doc__,
785 +"The complement of the set of privileges\n\
786 +\tArguments: a list of strings\n\tReturns: a list of strings");
787 +
788 +static PyMethodDef module_methods[] = {
789 + {"setppriv", pyprivileges_setppriv, METH_VARARGS, pyprivileges_setppriv__doc__},
790 + {"getppriv", pyprivileges_getppriv, METH_VARARGS, pyprivileges_getppriv__doc__},
791 + {"priv_ineffect", pyprivileges_priv_ineffect, METH_VARARGS, pyprivileges_priv_ineffect__doc__},
792 + {"priv_inverse", pyprivileges_priv_inverse, METH_VARARGS, pyprivileges_priv_inverse__doc__},
793 + {NULL}
794 +};
795 +
796 +
797 +#ifndef PyMODINIT_FUNC /* declarations for DLL import/export */
798 +#define PyMODINIT_FUNC void
799 +#endif
800 +PyMODINIT_FUNC
801 +initprivileges(void) {
802 + PyObject* m;
803 +
804 + m = Py_InitModule3("privileges", module_methods, pyprivileges__doc__);
805 + if ( m == NULL )
806 + return;
807 +
808 + PyObject* d = PyModule_GetDict(m);
809 + if (d == NULL)
810 + return;
811 +
812 + PyDict_SetItemString(d, "PRIV_ON", PyInt_FromLong((long)PRIV_ON));
813 + PyDict_SetItemString(d, "PRIV_OFF", PyInt_FromLong((long)PRIV_OFF));
814 + PyDict_SetItemString(d, "PRIV_SET", PyInt_FromLong((long)PRIV_SET));
815 +
816 + PyDict_SetItemString(d, "PRIV_PERMITTED", PyInt_FromLong((long)PRIV_PERMITTED));
817 + PyDict_SetItemString(d, "PRIV_INHERITABLE", PyInt_FromLong((long)PRIV_INHERITABLE));
818 + PyDict_SetItemString(d, "PRIV_LIMIT", PyInt_FromLong((long)PRIV_LIMIT));
819 + PyDict_SetItemString(d, "PRIV_EFFECTIVE", PyInt_FromLong((long)PRIV_EFFECTIVE));
820 +}
821 diff --git Python-2.6.4/Modules/pyrbac.c Python-2.6.4/Modules/pyrbac.c
822 new file mode 100644
823 --- /dev/null
824 +++ Python-2.6.4/Modules/pyrbac.c
825 @@ -0,0 +1,68 @@
826 +/*
827 + * CDDL HEADER START
828 + *
829 + * The contents of this file are subject to the terms of the
830 + * Common Development and Distribution License (the "License").
831 + * You may not use this file except in compliance with the License.
832 + *
833 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
834 + * or http://www.opensolaris.org/os/licensing.
835 + * See the License for the specific language governing permissions
836 + * and limitations under the License.
837 + *
838 + * When distributing Covered Code, include this CDDL HEADER in each
839 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
840 + * If applicable, add the following below this CDDL HEADER, with the
841 + * fields enclosed by brackets "[]" replaced with your own identifying
842 + * information: Portions Copyright [yyyy] [name of copyright owner]
843 + *
844 + * CDDL HEADER END
845 + */
846 +
847 +/*
848 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
849 + */
850 +
851 +/*
852 + * RBAC Bindings for Python
853 + */
854 +
855 +#include <Python.h>
856 +#include "pyrbac.h"
857 +
858 +static PyMethodDef module_methods[] = {NULL};
859 +static char pyrbac__doc__[];
860 +
861 +PyDoc_STRVAR(pyrbac__doc__, "provides access to some objects \
862 +for interaction with the Solaris Role-Based Access Control \
863 +framework.\n\nDynamic objects:\n\
864 +userattr -- for interacting with user_attr(4)\n\
865 +authattr -- for interacting with auth_attr(4)\n\
866 +execattr -- for interacting with exec_attr(4)\n");
867 +
868 +#ifndef PyMODINIT_FUNC /* declarations for DLL import/export */
869 +#define PyMODINIT_FUNC void
870 +#endif
871 +PyMODINIT_FUNC
872 +initrbac(void) {
873 + PyObject* m;
874 + if (PyType_Ready(&AuthattrType) < 0 ||
875 + PyType_Ready(&ExecattrType) < 0 ||
876 + PyType_Ready(&UserattrType) < 0 )
877 + return;
878 +
879 + m = Py_InitModule3("rbac", module_methods, pyrbac__doc__);
880 + if ( m == NULL )
881 + return;
882 +
883 + Py_INCREF(&AuthattrType);
884 + PyModule_AddObject(m, "authattr", (PyObject*)&AuthattrType);
885 +
886 + Py_INCREF(&ExecattrType);
887 + PyModule_AddObject(m, "execattr", (PyObject*)&ExecattrType);
888 +
889 + Py_INCREF(&UserattrType);
890 + PyModule_AddObject(m, "userattr", (PyObject*)&UserattrType);
891 +
892 +}
893 +
894 diff --git Python-2.6.4/Modules/pyrbac.h Python-2.6.4/Modules/pyrbac.h
895 new file mode 100644
896 --- /dev/null
897 +++ Python-2.6.4/Modules/pyrbac.h
898 @@ -0,0 +1,45 @@
899 +/*
900 + * CDDL HEADER START
901 + *
902 + * The contents of this file are subject to the terms of the
903 + * Common Development and Distribution License (the "License").
904 + * You may not use this file except in compliance with the License.
905 + *
906 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
907 + * or http://www.opensolaris.org/os/licensing.
908 + * See the License for the specific language governing permissions
909 + * and limitations under the License.
910 + *
911 + * When distributing Covered Code, include this CDDL HEADER in each
912 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
913 + * If applicable, add the following below this CDDL HEADER, with the
914 + * fields enclosed by brackets "[]" replaced with your own identifying
915 + * information: Portions Copyright [yyyy] [name of copyright owner]
916 + *
917 + * CDDL HEADER END
918 + */
919 +
920 +/*
921 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
922 + */
923 +
924 +/*
925 + * RBAC bindings for python
926 + */
927 +#ifndef PYRBAC_H
928 +#define PYRBAC_H
929 +
930 +#include <secdb.h>
931 +
932 +
933 +#define PYRBAC_USER_MODE 1
934 +#define PYRBAC_PROF_MODE 2
935 +#define PYRBAC_ATTR_MODE 3
936 +#define PYRBAC_NAM_MODE 4
937 +#define PYRBAC_UID_MODE 5
938 +
939 +PyTypeObject AuthattrType;
940 +PyTypeObject ExecattrType;
941 +PyTypeObject UserattrType;
942 +
943 +#endif
944 diff --git Python-2.6.4/Modules/userattr.c Python-2.6.4/Modules/userattr.c
945 new file mode 100644
946 --- /dev/null
947 +++ Python-2.6.4/Modules/userattr.c
948 @@ -0,0 +1,308 @@
949 +/*
950 + * CDDL HEADER START
951 + *
952 + * The contents of this file are subject to the terms of the
953 + * Common Development and Distribution License (the "License").
954 + * You may not use this file except in compliance with the License.
955 + *
956 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
957 + * or http://www.opensolaris.org/os/licensing.
958 + * See the License for the specific language governing permissions
959 + * and limitations under the License.
960 + *
961 + * When distributing Covered Code, include this CDDL HEADER in each
962 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
963 + * If applicable, add the following below this CDDL HEADER, with the
964 + * fields enclosed by brackets "[]" replaced with your own identifying
965 + * information: Portions Copyright [yyyy] [name of copyright owner]
966 + *
967 + * CDDL HEADER END
968 + */
969 +
970 +/*
971 + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
972 + */
973 +
974 +/*
975 + * RBAC Bindings for Python - user_attr functions
976 + */
977 +
978 +#include <stdio.h>
979 +#include <user_attr.h>
980 +#include "Python.h"
981 +#include "pyrbac.h"
982 +
983 +static PyObject*
984 +pyrbac_setuserattr(PyObject* self, PyObject* args) {
985 + setuserattr();
986 + return Py_None;
987 +}
988 +
989 +static PyObject*
990 +pyrbac_enduserattr(PyObject* self, PyObject* args) {
991 + enduserattr();
992 + return Py_None;
993 +}
994 +
995 +PyObject*
996 +pyrbac_getuseruidnamattr(PyObject* self, void* arg, int mode, char* filename) {
997 +
998 + userattr_t *ret_userattr;
999 +
1000 + if (mode == PYRBAC_ATTR_MODE) {
1001 + if (filename != NULL) {
1002 + FILE* file = fopen(filename, "r");
1003 + if (file == NULL)
1004 + return NULL;
1005 + ret_userattr = fgetuserattr(file);
1006 + if (fclose(file))
1007 + return NULL;
1008 + }
1009 + else
1010 + ret_userattr = getuserattr();
1011 + }
1012 + else if (mode == PYRBAC_NAM_MODE)
1013 + ret_userattr = getusernam((char*) arg);
1014 + else if (mode == PYRBAC_UID_MODE)
1015 + ret_userattr = getuseruid(*((uid_t*) arg));
1016 +
1017 + if (ret_userattr == NULL)
1018 + return Py_None;
1019 +
1020 + PyObject* entry = PyTuple_New(5);
1021 + if (entry == NULL) {
1022 + free_userattr(ret_userattr);
1023 + return NULL;
1024 + }
1025 +
1026 + PyObject* kv_data = PyDict_New();
1027 +
1028 + if(ret_userattr->attr != NULL) {
1029 + int len;
1030 + for(len = 0; len < ret_userattr->attr->length; len++) {
1031 + kv_t current = ret_userattr->attr->data[len];
1032 +
1033 + PyObject* set = PyList_New(NULL);
1034 + char* saveptr;
1035 + char* item = strtok_r(current.value, ",", &saveptr);
1036 + PyList_Append(set, PyString_FromString(item));
1037 +
1038 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
1039 + if(PyList_Append(set, PyString_FromString(item)) != 0) {
1040 + Py_XDECREF(set);
1041 + Py_XDECREF(kv_data);
1042 + free_userattr(ret_userattr);
1043 + return NULL;
1044 + }
1045 + }
1046 + if(PyDict_SetItemString(kv_data, current.key, set)) {
1047 + free_userattr(ret_userattr);
1048 + return NULL;
1049 + }
1050 + }
1051 + }
1052 + entry = Py_BuildValue("{s:s,s:s,s:s,s:s,s:O}",
1053 + "name", ret_userattr->name,
1054 + "qualifier", ret_userattr->qualifier,
1055 + "res1", ret_userattr->res1,
1056 + "res2", ret_userattr->res2,
1057 + "attributes", kv_data);
1058 +
1059 + free_userattr(ret_userattr);
1060 +
1061 + return entry;
1062 +}
1063 +
1064 +
1065 +static PyObject*
1066 +pyrbac_getuserattr(PyObject* self, PyObject* args) {
1067 + return(pyrbac_getuseruidnamattr(self, (void*) NULL, PYRBAC_ATTR_MODE, NULL));
1068 +}
1069 +
1070 +static PyObject*
1071 +pyrbac_fgetuserattr(PyObject* self, PyObject* args) {
1072 + char* filename = NULL;
1073 + if(!PyArg_ParseTuple(args, "s:fgetuserattr", &filename))
1074 + return NULL;
1075 + return(pyrbac_getuseruidnamattr(self, NULL, PYRBAC_ATTR_MODE, filename));
1076 +}
1077 +
1078 +static PyObject*
1079 +pyrbac_getusernam(PyObject* self, PyObject* args) {
1080 + char* name = NULL;
1081 + if(!PyArg_ParseTuple(args, "s:getusernam", &name))
1082 + return NULL;
1083 + return(pyrbac_getuseruidnamattr(self, (void*) name, PYRBAC_NAM_MODE, NULL));
1084 +}
1085 +
1086 +static PyObject*
1087 +pyrbac_getuseruid(PyObject* self, PyObject* args) {
1088 + uid_t uid;
1089 + if(!PyArg_ParseTuple(args, "i:getuseruid", &uid))
1090 + return NULL;
1091 + return(pyrbac_getuseruidnamattr(self, (void*) &uid, PYRBAC_UID_MODE, NULL));
1092 +}
1093 +
1094 +static PyObject*
1095 +pyrbac_userattr_next(PyObject* self, PyObject* args) {
1096 + PyObject* retval = pyrbac_getuserattr(self, args);
1097 + if( retval == Py_None ) {
1098 + setuserattr();
1099 + return NULL;
1100 + }
1101 + return retval;
1102 +}
1103 +static PyObject*
1104 +pyrbac_userattr__iter__(PyObject* self, PyObject* args) {
1105 + return self;
1106 +}
1107 +
1108 +typedef struct {
1109 + PyObject_HEAD
1110 +} Userattr;
1111 +
1112 +static void
1113 +Userattr_dealloc(Userattr* self) {
1114 + enduserattr();
1115 + self->ob_type->tp_free((PyObject*) self);
1116 +}
1117 +
1118 +static PyObject*
1119 +Userattr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
1120 + Userattr *self;
1121 + self = (Userattr*)type->tp_alloc(type, 0);
1122 +
1123 + return ((PyObject *) self);
1124 +}
1125 +
1126 +static int
1127 +Userattr_init(Userattr* self, PyObject *args, PyObject *kwargs) {
1128 + setuserattr();
1129 + return 0;
1130 +}
1131 +
1132 +static char pyrbac_userattr__doc__[];
1133 +PyDoc_STRVAR(pyrbac_userattr__doc__, "provides functions for \
1134 +interacting with the extended user attributes database. May be iterated over \
1135 +to enumerate user_attr(4) entries\n\n\
1136 +Methods provided:\n\
1137 +setuserattr\n\
1138 +enduserattr\n\
1139 +getuserattr\n\
1140 +fgetuserattr\n\
1141 +getusernam\n\
1142 +getuseruid");
1143 +
1144 +static char pyrbac_setuserattr__doc__[];
1145 +static char pyrbac_enduserattr__doc__[];
1146 +static char pyrbac_getuserattr__doc__[];
1147 +static char pyrbac_getusernam__doc__[];
1148 +static char pyrbac_getuseruid__doc__[];
1149 +
1150 +PyDoc_STRVAR(pyrbac_setuserattr__doc__, "\"rewinds\" the user_attr functions \
1151 +to the first entry in the db. Called automatically by the constructor.\n\
1152 +\tArguments: None\n\
1153 +\tReturns: None");
1154 +
1155 +PyDoc_STRVAR(pyrbac_enduserattr__doc__, "closes the user_attr database, \
1156 +cleans up storage. called automatically by the destructor\n\
1157 +\tArguments: None\n\
1158 +\tReturns: None");
1159 +
1160 +PyDoc_STRVAR(pyrbac_getuserattr__doc__, "Return a single user_attr entry\n \
1161 +\tArguments: None\n\
1162 +\tReturns: a dict representation of a userattr_t struct:\n\
1163 +\t\t\"name\": username\n\
1164 +\t\t\"qualifier\": reserved\n\
1165 +\t\t\"res1\": reserved\n\
1166 +\t\t\"res2\": reserved\n\
1167 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1168 +or a string depending on value"
1169 +);
1170 +
1171 +PyDoc_STRVAR(pyrbac_fgetuserattr__doc__, "Return a single user_attr entry \
1172 +from a file, bypassing nsswitch.conf\n\
1173 +\tArguments: \'filename\'\n\
1174 +\tReturns: a dict representation of a userattr_t struct:\n\
1175 +\t\t\"name\": username\n\
1176 +\t\t\"qualifier\": reserved\n\
1177 +\t\t\"res1\": reserved\n\
1178 +\t\t\"res2\": reserved\n\
1179 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1180 +or a string depending on value");
1181 +
1182 +PyDoc_STRVAR(pyrbac_getusernam__doc__, "Searches for a user_attr entry with a \
1183 +given user name\n\
1184 +\tArgument: \'username\'\n\
1185 +\tReturns: a dict representation of a userattr_t struct:\n\
1186 +\t\t\"name\": username\n\
1187 +\t\t\"qualifier\": reserved\n\
1188 +\t\t\"res1\": reserved\n\
1189 +\t\t\"res2\": reserved\n\
1190 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1191 +or a string depending on value");
1192 +
1193 +PyDoc_STRVAR(pyrbac_getuseruid__doc__, "Searches for a user_attr entry with a \
1194 +given uid\n\
1195 +\tArgument: uid\n\
1196 +\tReturns: a dict representation of a userattr_t struct:\n\
1197 +\t\t\"name\": username\n\
1198 +\t\t\"qualifier\": reserved\n\
1199 +\t\t\"res1\": reserved\n\
1200 +\t\t\"res2\": reserved\n\
1201 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1202 +or a string depending on value");
1203 +
1204 +static PyMethodDef Userattr_methods[] = {
1205 + {"setuserattr", pyrbac_setuserattr, METH_NOARGS, pyrbac_setuserattr__doc__},
1206 + {"enduserattr", pyrbac_enduserattr, METH_NOARGS, pyrbac_enduserattr__doc__},
1207 + {"getuserattr", pyrbac_getuserattr, METH_NOARGS, pyrbac_getuserattr__doc__},
1208 + {"fgetuserattr", pyrbac_fgetuserattr, METH_VARARGS, pyrbac_fgetuserattr__doc__},
1209 + {"getusernam", pyrbac_getusernam, METH_VARARGS, pyrbac_getusernam__doc__},
1210 + {"getuseruid", pyrbac_getuseruid, METH_VARARGS, pyrbac_getuseruid__doc__},
1211 + {NULL}
1212 +};
1213 +
1214 +PyTypeObject UserattrType = {
1215 + PyObject_HEAD_INIT(NULL)
1216 + 0, /*ob_size*/
1217 + "rbac.userattr", /*tp_name*/
1218 + sizeof(Userattr), /*tp_basicsize*/
1219 + 0, /*tp_itemsize*/
1220 + (destructor)Userattr_dealloc, /*tp_dealloc*/
1221 + 0, /*tp_print*/
1222 + 0, /*tp_getattr*/
1223 + 0, /*tp_setattr*/
1224 + 0, /*tp_compare*/
1225 + 0, /*tp_repr*/
1226 + 0, /*tp_as_number*/
1227 + 0, /*tp_as_sequence*/
1228 + 0, /*tp_as_mapping*/
1229 + 0, /*tp_hash */
1230 + 0, /*tp_call*/
1231 + 0, /*tp_str*/
1232 + 0, /*tp_getattro*/
1233 + 0, /*tp_setattro*/
1234 + 0, /*tp_as_buffer*/
1235 + Py_TPFLAGS_DEFAULT |
1236 + Py_TPFLAGS_BASETYPE |
1237 + Py_TPFLAGS_HAVE_ITER, /*tp_flags*/
1238 + pyrbac_userattr__doc__, /* tp_doc */
1239 + 0, /* tp_traverse */
1240 + 0, /* tp_clear */
1241 + 0, /* tp_richcompare */
1242 + 0, /* tp_weaklistoffset */
1243 + pyrbac_userattr__iter__, /* tp_iter */
1244 + pyrbac_userattr_next, /* tp_iternext */
1245 + Userattr_methods, /* tp_methods */
1246 + 0, /* tp_members */
1247 + 0, /* tp_getset */
1248 + 0, /* tp_base */
1249 + 0, /* tp_dict */
1250 + 0, /* tp_descr_get */
1251 + 0, /* tp_descr_set */
1252 + 0, /* tp_dictoffset */
1253 + (initproc)Userattr_init, /* tp_init */
1254 + 0, /* tp_alloc */
1255 + Userattr_new, /* tp_new */
1256 +};
1257 --- Python-2.7.6/setup.py.~4~ 2014-05-14 13:16:33.749494047 -0700
1258 +++ Python-2.7.6/setup.py 2014-05-14 13:16:33.803607449 -0700
1259 @@ -1549,6 +1549,22 @@
1260 exts.append( Extension('dlpi', ['dlpimodule.c'],
1261 libraries = ['dlpi']) )
1262
1263 + # privileges module (Solaris)
1264 + priv_inc = find_file('priv.h', [], inc_dirs)
1265 + if priv_inc is not None:
1266 + exts.append( Extension('privileges', ['privileges.c']))
1267 +
1268 + # rbac module (Solaris)
1269 + secdb_inc = find_file('secdb.h', [], inc_dirs)
1270 + aa_inc = find_file('auth_attr.h', [], inc_dirs)
1271 + ea_inc = find_file('exec_attr.h', [], inc_dirs)
1272 + ua_inc = find_file('user_attr.h', [], inc_dirs)
1273 + if secdb_inc is not None and aa_inc is not None and \
1274 + ea_inc is not None and ua_inc is not None:
1275 + exts.append( Extension('rbac', ['pyrbac.c', 'authattr.c', \
1276 + 'execattr.c', 'userattr.c'],
1277 + libraries = ['nsl', 'secdb']) )
1278 +
1279 # Thomas Heller's _ctypes module
1280 self.detect_ctypes(inc_dirs, lib_dirs)
1281
1282 --- /dev/null 2011-02-12 03:13:57.000000000 -0600
1283 +++ Python-2.6.4/Lib/test/privrbactest.py 2011-01-20 13:52:42.862305331 -0600
1284 @@ -0,0 +1,289 @@
1285 +#!/usr/bin/python2.7
1286 +#
1287 +# CDDL HEADER START
1288 +#
1289 +# The contents of this file are subject to the terms of the
1290 +# Common Development and Distribution License (the "License").
1291 +# You may not use this file except in compliance with the License.
1292 +#
1293 +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1294 +# or http://www.opensolaris.org/os/licensing.
1295 +# See the License for the specific language governing permissions
1296 +# and limitations under the License.
1297 +#
1298 +# When distributing Covered Code, include this CDDL HEADER in each
1299 +# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1300 +# If applicable, add the following below this CDDL HEADER, with the
1301 +# fields enclosed by brackets "[]" replaced with your own identifying
1302 +# information: Portions Copyright [yyyy] [name of copyright owner]
1303 +#
1304 +# CDDL HEADER END
1305 +#
1306 +
1307 +# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
1308 +
1309 +import privileges
1310 +import rbac
1311 +import os
1312 +import sys
1313 +import tempfile
1314 +
1315 +# privileges tests
1316 +
1317 +def test_setppriv():
1318 + amchild = os.fork()
1319 + if amchild == 0:
1320 + if privileges.setppriv(privileges.PRIV_OFF, privileges.PRIV_EFFECTIVE,
1321 + ['proc_fork']):
1322 + try:
1323 + os.fork()
1324 + sys.exit(1)
1325 + except OSError, e:
1326 + sys.exit(0)
1327 +
1328 + child = os.wait()
1329 + if child[1] is not 0:
1330 + print "setppriv. Bad exit status from pid %i\n" % child[0]
1331 + return False
1332 + return True
1333 +
1334 +def test_getppriv():
1335 + if 'proc_fork' in privileges.getppriv(privileges.PRIV_LIMIT):
1336 + return True
1337 + print "getppriv or PRIV_PROC_FORK not in PRIV_LIMIT.\n"
1338 + return False
1339 +
1340 +def test_priv_ineffect():
1341 + if privileges.priv_ineffect('proc_fork'):
1342 + return True
1343 + print "priv_ineffect or PRIV_PROC_FORK not in effect\n"
1344 + return False
1345 +
1346 +# authattr tests
1347 +
1348 +def test_chkauthattr():
1349 + try:
1350 + a = rbac.authattr()
1351 + except Exception, e:
1352 + print "Could not instantiate authattr object: %s\n" % e
1353 + return False
1354 + try:
1355 + res = a.chkauthattr('solaris.*', 'root')
1356 + except Exception, e:
1357 + print "chkauthattr failed: %s\n" % e
1358 + return False
1359 + if not res:
1360 + print "chkauthattr failed or \'root\' lacks \'solaris.*\'\n"
1361 + return False
1362 + return True
1363 +
1364 +def test_getauthattr():
1365 + try:
1366 + a = rbac.authattr()
1367 + except Exception, e:
1368 + print "Could not instantiate authattr object: %s\n" % e
1369 + return False
1370 + try:
1371 + res = a.getauthattr()
1372 + except Exception, e:
1373 + print "getauthattr failed: %s\n" % e
1374 + return False
1375 + if not 'name' in res.keys():
1376 + print "getauthattr failed\n"
1377 + return False
1378 + return True
1379 +
1380 +def test_getauthnam():
1381 + try:
1382 + a = rbac.authattr()
1383 + except Exception, e:
1384 + print "Could not instantiate authattr object: %s\n" % e
1385 + return False
1386 + try:
1387 + res = a.getauthnam('solaris.')
1388 + except Exception, e:
1389 + print "getauthnam failed: %s\n" % e
1390 + return False
1391 + if not res:
1392 + print "getauthnam failed or \'solaris.\' not in auth_attr(4)\n"
1393 + return False
1394 + return True
1395 +
1396 +def test_authattr_iter():
1397 + try:
1398 + a = rbac.authattr()
1399 + except Exception, e:
1400 + print "Could not instantiate authattr object: %s\n" % e
1401 + return False
1402 + res = a.next()
1403 + if not 'name' in res.keys() or type(a) != type(a.__iter__()):
1404 + print "authattr object is not an iterable\n"
1405 + return False
1406 + return True
1407 +
1408 +# execattr tests
1409 +
1410 +def test_getexecattr():
1411 + try:
1412 + a = rbac.execattr()
1413 + except Exception, e:
1414 + print "Could not instantiate execattr object: %s\n" % e
1415 + return False
1416 + try:
1417 + res = a.getexecattr()
1418 + except Exception, e:
1419 + print "getexecattr failed: %s\n" % e
1420 + return False
1421 + if not 'name' in res.keys():
1422 + print "getexecattr failed\n"
1423 + return False
1424 + return True
1425 +
1426 +def test_getexecuser():
1427 + try:
1428 + a = rbac.execattr()
1429 + except Exception, e:
1430 + print "Could not instantiate execattr object: %s\n" % e
1431 + return False
1432 + try:
1433 + res = a.getexecuser("root", "act", "*;*;*;*;*")
1434 + except Exception, e:
1435 + print "getexecuser failed: %s\n" % e
1436 + return False
1437 + if not res:
1438 + print "getexecuser failed or \'root\' not assigned to \'act\', " \
1439 + "\'*;*;*;*;*\' \n"
1440 + return False
1441 + return True
1442 +
1443 +
1444 +def test_getexecprof():
1445 + try:
1446 + a = rbac.execattr()
1447 + except Exception, e:
1448 + print "Could not instantiate execattr object: %s\n" % e
1449 + return False
1450 + try:
1451 + res = a.getexecprof("All", "cmd", "*")
1452 + except Exception, e:
1453 + print "getexecprof failed: %s\n" % e
1454 + return False
1455 + if not res:
1456 + print "getexecprof failed or \'All\' not granted \'cmd\' : \'*\'\n"
1457 + return False
1458 + return True
1459 +
1460 +def test_execattr_iter():
1461 + try:
1462 + a = rbac.execattr()
1463 + except Exception, e:
1464 + print "Could not instantiate execattr object: %s\n" % e
1465 + return False
1466 + res = a.next()
1467 + if not 'name' in res.keys() or type(a) != type(a.__iter__()):
1468 + print "execattr object is not an iterable\n"
1469 + return False
1470 + return True
1471 +
1472 +# userattr tests
1473 +
1474 +def test_getuserattr():
1475 + try:
1476 + a = rbac.userattr()
1477 + except Exception, e:
1478 + print "Could not instantiate userattr object: %s\n" % e
1479 + return False
1480 + try:
1481 + res = a.getuserattr()
1482 + except Exception, e:
1483 + print "getuserattr failed: %s\n" % e
1484 + return False
1485 + if not 'name' in res.keys():
1486 + print "getuserattr failed\n"
1487 + return False
1488 + return True
1489 +
1490 +def test_fgetuserattr():
1491 + temp = tempfile.NamedTemporaryFile()
1492 + temp.write("user::::profiles=Software Installation;roles=foo;"\
1493 + "auths=solaris.foo.bar")
1494 + temp.seek(0)
1495 + try:
1496 + a = rbac.userattr()
1497 + except Exception, e:
1498 + print "Could not instantiate userattr object: %s\n" % e
1499 + return False
1500 + try:
1501 + res = a.fgetuserattr(temp.name)
1502 + temp.close()
1503 + except Exception, e:
1504 + print "fgetuserattr failed: %s\n" % e
1505 + temp.close()
1506 + return False
1507 + if not 'name' in res.keys():
1508 + print "fgetuserattr failed\n"
1509 + return False
1510 + return True
1511 +
1512 +def test_getuseruid():
1513 + try:
1514 + a = rbac.userattr()
1515 + except Exception, e:
1516 + print "Could not instantiate userattr object: %s\n" % e
1517 + return False
1518 + try:
1519 + res = a.getuseruid(0)
1520 + except Exception, e:
1521 + print "getusernam failed: %s\n" % e
1522 + return False
1523 + if not 'name' in res:
1524 + print "getusernam failed or no uid 0\n"
1525 + return False
1526 + return True
1527 +
1528 +def test_getusernam():
1529 + try:
1530 + a = rbac.userattr()
1531 + except Exception, e:
1532 + print "Could not instantiate userattr object: %s\n" % e
1533 + return False
1534 + try:
1535 + res = a.getusernam('root')
1536 + except Exception, e:
1537 + print "getusernam failed: %s\n" % e
1538 + return False
1539 + if not 'name' in res:
1540 + print "getusernam failed or no \'root\' user\n"
1541 + return False
1542 + return True
1543 +
1544 +def test_userattr_iter():
1545 + try:
1546 + a = rbac.userattr()
1547 + except Exception, e:
1548 + print "Could not instantiate userattr object: %s\n" % e
1549 + return False
1550 + res = a.next()
1551 + if not 'name' in res.keys() or type(a) != type(a.__iter__()):
1552 + print "userattr object is not an iterable\n"
1553 + return False
1554 + return True
1555 +
1556 +if not test_setppriv() or not test_getppriv() or not test_priv_ineffect():
1557 + print "*** Failures detected in privileges module\n"
1558 + sys.exit(1)
1559 +
1560 +if not test_getauthattr() or not test_chkauthattr() or not test_getauthnam() \
1561 + or not test_authattr_iter:
1562 + print "*** Failures detected in rbac.authattr\n"
1563 + sys.exit(1)
1564 +
1565 +if not test_getexecattr() or not test_getexecuser() or not test_getexecprof() \
1566 + or not test_execattr_iter():
1567 + print "*** Failures detected in rbac.execattr\n"
1568 + sys.exit(1)
1569 +
1570 +if not test_getuserattr() or not test_fgetuserattr() or not test_getusernam()\
1571 + or not test_getuseruid() or not test_userattr_iter():
1572 + print "*** Failures detected in rbac.userattr\n"
1573 + sys.exit(1)
Unleashed OS - userland