# define LOGIN_DEFROOTCLASS "daemon"
# endif
#endif
-#ifdef HAVE_PROJECT_H
-# include <project.h>
-# include <sys/task.h>
-#endif
#ifdef HAVE_SELINUX
# include <selinux/selinux.h>
#endif
static void init_vars(char * const *);
static int set_cmnd(int);
static void set_loginclass(struct passwd *);
-static void set_project(struct passwd *);
static void set_runasgr(char *);
static void set_runaspw(char *);
static int sudoers_policy_version(int verbose);
int rval;
char *path = user_path;
- /* Set project if applicable. */
- set_project(runas_pw);
-
/* Resolve the path and return. */
rval = FOUND;
user_stat = emalloc(sizeof(struct stat));
}
#endif /* HAVE_LOGIN_CAP_H */
-#ifdef HAVE_PROJECT_H
-static void
-set_project(struct passwd *pw)
-{
- int errflags = NO_MAIL|MSG_ONLY|NO_EXIT;
- int errval;
- struct project proj;
- struct project *resultp = '\0';
- char buf[1024];
-
- /*
- * Collect the default project for the user and settaskid
- */
- setprojent();
- if (resultp = getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf))) {
- errval = setproject(resultp->pj_name, pw->pw_name, TASK_NORMAL);
- if (errval != 0) {
- switch(errval) {
- case SETPROJ_ERR_TASK:
- if (errno == EAGAIN)
- log_error(errflags, "resource control limit has been reached");
- else if (errno == ESRCH)
- log_error(errflags, "user \"%s\" is not a member of "
- "project \"%s\"", pw->pw_name, resultp->pj_name);
- else if (errno == EACCES)
- log_error(errflags, "the invoking task is final");
- else
- log_error(errflags, "could not join project \"%s\"",
- resultp->pj_name);
- break;
- case SETPROJ_ERR_POOL:
- if (errno == EACCES)
- log_error(errflags, "no resource pool accepting "
- "default bindings exists for project \"%s\"",
- resultp->pj_name);
- else if (errno == ESRCH)
- log_error(errflags, "specified resource pool does "
- "not exist for project \"%s\"", resultp->pj_name);
- else
- log_error(errflags, "could not bind to default "
- "resource pool for project \"%s\"", resultp->pj_name);
- break;
- default:
- if (errval <= 0) {
- log_error(errflags, "setproject failed for project \"%s\"",
- resultp->pj_name);
- } else {
- log_error(errflags, "warning, resource control assignment "
- "failed for project \"%s\"", resultp->pj_name);
- }
- }
- }
- } else {
- log_error(errflags, "getdefaultproj() error: %s", strerror(errno));
- }
- endprojent();
-}
-#else
-static void
-set_project(struct passwd *pw)
-{
-}
-#endif /* HAVE_PROJECT_H */
-
/*
* Look up the fully qualified domain name and set user_host and user_shost.
*/
#ifdef HAVE_LOGIN_CAP_H
# include <login_cap.h>
#endif
+#ifdef HAVE_PROJECT_H
+# include <project.h>
+# include <sys/task.h>
+#endif
#ifdef HAVE_SELINUX
# include <selinux/selinux.h>
#endif
#endif /* RLIMIT_CORE && !SUDO_DEVEL */
}
+#ifdef HAVE_PROJECT_H
+static void
+set_project(struct passwd *pw)
+{
+ struct project proj;
+ char buf[PROJECT_BUFSZ];
+ int errval;
+
+ /*
+ * Collect the default project for the user and settaskid
+ */
+ setprojent();
+ if (getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf)) != NULL) {
+ errval = setproject(proj.pj_name, pw->pw_name, TASK_NORMAL);
+ switch(errval) {
+ case 0:
+ break;
+ case SETPROJ_ERR_TASK:
+ switch (errno) {
+ case EAGAIN:
+ warningx("resource control limit has been reached");
+ break;
+ case ESRCH:
+ warningx("user \"%s\" is not a member of project \"%s\"",
+ pw->pw_name, proj.pj_name);
+ break;
+ case EACCES:
+ warningx("the invoking task is final");
+ break;
+ default:
+ warningx("could not join project \"%s\"", proj.pj_name);
+ }
+ case SETPROJ_ERR_POOL:
+ switch (errno) {
+ case EACCES:
+ warningx("no resource pool accepting default bindings "
+ "exists for project \"%s\"", proj.pj_name);
+ break;
+ case ESRCH:
+ warningx("specified resource pool does not exist for "
+ "project \"%s\"", proj.pj_name);
+ break;
+ default:
+ warningx("could not bind to default resource pool for "
+ "project \"%s\"", proj.pj_name);
+ }
+ break;
+ default:
+ if (errval <= 0) {
+ warningx("setproject failed for project \"%s\"", proj.pj_name);
+ } else {
+ warningx("warning, resource control assignment failed for "
+ "project \"%s\"", proj.pj_name);
+ }
+ }
+ } else {
+ warning("getdefaultproj");
+ }
+ endprojent();
+}
+#endif /* HAVE_PROJECT_H */
+
/*
* Setup the execution environment immediately prior to the call to execve()
* Returns TRUE on success and FALSE on failure.
#endif
if (pw != NULL) {
+#ifdef HAVE_PROJECT_H
+ set_project(pw);
+#endif
#ifdef HAVE_GETUSERATTR
aix_prep_user(pw->pw_name, ptyname ? ptyname : user_details.tty);
#endif
projects / sudo / commitdiff