From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Tue, 19 Jun 2007 22:24:51 +0000 (+0000)
Subject: Add Solaris 10 "project" support.  From Michael Brantley.
X-Git-Tag: SUDO_1_7_0~535
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=60b7ac61bfb7fb24a8f298668f3220c93f394334;p=sudo

Add Solaris 10 "project" support.  From Michael Brantley.
---

diff --git a/config.h.in b/config.h.in
index 4179f5ebb..27a41a176 100644
--- a/config.h.in
+++ b/config.h.in
@@ -263,6 +263,9 @@
 /* Define to 1 if you have the <paths.h> header file. */
 #undef HAVE_PATHS_H
 
+/* Define to 1 if you have the <project.h> header file. */
+#undef HAVE_PROJECT_H
+
 /* Define to 1 if you have the `random' function. */
 #undef HAVE_RANDOM
 
diff --git a/configure.in b/configure.in
index 61c881cfd..c67e8e696 100644
--- a/configure.in
+++ b/configure.in
@@ -396,6 +396,14 @@ AC_ARG_WITH(systrace, [  --with-systrace[[=DIR]]   enable systrace(4) support],
     *)		;;
 esac])
 
+AC_ARG_WITH(project, [  --with-project          enable Solaris project support],
+[case $with_project in
+    yes|no)	;;
+    no)	;;
+    *)		AC_MSG_ERROR(["--with-project does not take an argument."])
+		;;
+esac])
+
 AC_MSG_CHECKING(whether to lecture users the first time they run sudo)
 AC_ARG_WITH(lecture, [  --without-lecture       don't print lecture for first-time sudoer],
 [case $with_lecture in
@@ -1627,6 +1635,10 @@ if test "$with_bsdauth" = "yes"; then
     AC_CHECK_HEADER(bsd_auth.h, AC_DEFINE(HAVE_BSD_AUTH_H)
 	[SUDO_ADD_AUTH([BSD authentication], [bsdauth.o], [true])], -)
 fi
+if test ${with_project-'no'} != "no"; then
+    AC_CHECK_HEADER(project.h, AC_DEFINE(HAVE_PROJECT_H)
+	[SUDO_LIBS="${SUDO_LIBS} -lproject"], -)
+fi
 dnl
 dnl typedef checks
 dnl
diff --git a/sudo.c b/sudo.c
index 37989650f..35a4c558b 100644
--- a/sudo.c
+++ b/sudo.c
@@ -87,6 +87,10 @@
 #  define LOGIN_DEFROOTCLASS	"daemon"
 # endif
 #endif
+#ifdef HAVE_PROJECT_H
+# include <project.h>
+# include <sys/task.h>
+#endif
 
 #include "sudo.h"
 #include "interfaces.h"
@@ -104,6 +108,7 @@ static int set_cmnd			__P((int));
 static int parse_args			__P((int, char **));
 static void initial_setup		__P((void));
 static void set_loginclass		__P((struct passwd *));
+static void set_project			__P((struct passwd *));
 static void usage			__P((int))
 					    __attribute__((__noreturn__));
 static void usage_excl			__P((int))
@@ -658,6 +663,9 @@ set_cmnd(sudo_mode)
 {
     int rval;
 
+    /* Set project if applicable. */
+    set_project(runas_pw);
+
     /* Resolve the path and return. */
     rval = FOUND;
     user_stat = emalloc(sizeof(struct stat));
@@ -1082,6 +1090,72 @@ set_loginclass(pw)
 }
 #endif /* HAVE_LOGIN_CAP_H */
 
+#ifdef HAVE_PROJECT_H
+static void
+set_project(pw)
+    struct passwd *pw;
+{
+    int errflags = NO_MAIL|MSG_ONLY|NO_EXIT;
+    int errval;
+    struct project proj;
+    struct project *resultp = '\0';
+    char buf[1024];
+
+    /*
+     * Collect the default project for the user and settaskid
+     */
+    setprojent();
+    if (resultp = getdefaultproj(pw->pw_name, &proj, buf, sizeof(buf))) {
+	errval = setproject(resultp->pj_name, pw->pw_name, TASK_NORMAL);
+	if (errval != 0) {
+	    switch(errval) {
+	    case SETPROJ_ERR_TASK:
+		if (errno == EAGAIN)
+		    log_error(errflags, "resource control limit has been reached");
+		else if (errno == ESRCH)
+		    log_error(errflags, "user \"%s\" is not a member of "
+			"project \"%s\"", pw->pw_name, resultp->pj_name);
+		else if (errno == EACCES)
+		    log_error(errflags, "the invoking task is final");
+		else
+		    log_error(errflags, "could not join project \"%s\"",
+			resultp->pj_name);
+		break;
+	    case SETPROJ_ERR_POOL:
+		if (errno == EACCES)
+		    log_error(errflags, "no resource pool accepting "
+			    "default bindings exists for project \"%s\"",
+			    resultp->pj_name);
+		else if (errno == ESRCH)
+		    log_error(errflags, "specified resource pool does "
+			    "not exist for project \"%s\"", resultp->pj_name);
+		else
+		    log_error(errflags, "could not bind to default "
+			    "resource pool for project \"%s\"", resultp->pj_name);
+		break;
+	    default:
+		if (error <= 0) {
+		    log_error(errflags, "setproject failed for project \"%s\"",
+			resultp->pj_name);
+		} else {
+		    log_error(errflags, "warning, resource control assignment "
+			"failed for project \"%s\"", resultp->pj_name);
+		}
+	    }
+	}
+    } else {
+	log_error(errflags, "getdefaultproj() error: %s", strerror(errno));
+    }
+    endprojent();
+}
+#else
+static void
+set_project(pw)
+    struct passwd *pw;
+{
+}
+#endif /* HAVE_PROJECT_H */
+
 /*
  * Look up the fully qualified domain name and set user_host and user_shost.
  */