1 diff --git Python-2.6.4/Modules/authattr.c Python-2.6.4/Modules/authattr.c
2 new file mode 100644
3 --- /dev/null
4 +++ Python-2.6.4/Modules/authattr.c
5 @@ -0,0 +1,262 @@
6 +/*
7 + * CDDL HEADER START
8 + *
9 + * The contents of this file are subject to the terms of the
10 + * Common Development and Distribution License (the "License").
11 + * You may not use this file except in compliance with the License.
12 + *
13 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 + * or http://www.opensolaris.org/os/licensing.
15 + * See the License for the specific language governing permissions
16 + * and limitations under the License.
17 + *
18 + * When distributing Covered Code, include this CDDL HEADER in each
19 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 + * If applicable, add the following below this CDDL HEADER, with the
21 + * fields enclosed by brackets "[]" replaced with your own identifying
22 + * information: Portions Copyright [yyyy] [name of copyright owner]
23 + *
24 + * CDDL HEADER END
25 + */
26 +
27 +/*
28 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
29 + * Use is subject to license terms.
30 + */
31 +
32 +/*
33 + * RBAC Bindings for Python - auth_attr functions
34 + */
35 +
36 +#include <auth_attr.h>
37 +#include "Python.h"
38 +#include "pyrbac.h"
39 +
40 +static PyObject*
41 +pyrbac_setauthattr(PyObject* self, PyObject* args) {
42 + setauthattr();
43 + return Py_None;
44 +}
45 +
46 +static PyObject*
47 +pyrbac_endauthattr(PyObject* self, PyObject* args) {
48 + endauthattr();
49 + return Py_None;
50 +}
51 +
52 +PyObject*
53 +pyrbac_getauthnamattr(PyObject* self, char* authname, int mode) {
54 +
55 +
56 +
57 + authattr_t * ret_authattr = (mode == PYRBAC_NAM_MODE) ? getauthnam(authname) : getauthattr();
58 + if (ret_authattr == NULL)
59 + return Py_None;
60 +
61 + PyObject* kv_data = PyDict_New();
62 + if (kv_data == NULL) {
63 + free_authattr(ret_authattr);
64 + return NULL;
65 + }
66 +
67 + if(ret_authattr->attr != NULL) {
68 + int len;
69 + for(len = 0; len < ret_authattr->attr->length; len++) {
70 + kv_t current = ret_authattr->attr->data[len];
71 +
72 + PyObject* set = PyList_New(NULL);
73 + char* saveptr;
74 + char* item = strtok_r(current.value, ",", &saveptr);
75 + PyList_Append(set, PyString_FromString(item));
76 +
77 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
78 + if(PyList_Append(set, PyString_FromString(item)) != 0) {
79 + Py_XDECREF(set);
80 + Py_XDECREF(kv_data);
81 + free_authattr(ret_authattr);
82 + return NULL;
83 + }
84 + }
85 + if(PyDict_SetItemString(kv_data, current.key, set)) {
86 + free_authattr(ret_authattr);
87 + return NULL;
88 + }
89 + }
90 + }
91 + PyObject * retval = Py_BuildValue("{s:s,s:s,s:s,s:s,s:s,s:O}",
92 + "name",ret_authattr->name,
93 + "res1",ret_authattr->res1,
94 + "res2",ret_authattr->res2,
95 + "short",ret_authattr->short_desc,
96 + "long",ret_authattr->long_desc,
97 + "attributes",kv_data);
98 +
99 + free_authattr(ret_authattr);
100 + return retval;
101 +
102 +}
103 +
104 +static PyObject*
105 +pyrbac_getauthattr(PyObject* self, PyObject* args) {
106 + return(pyrbac_getauthnamattr(self, NULL, PYRBAC_ATTR_MODE));
107 +}
108 +
109 +static PyObject*
110 +pyrbac_getauthnam(PyObject* self, PyObject* args) {
111 + char* name = NULL;
112 + if(!PyArg_ParseTuple(args, "s:getauthnam", &name))
113 + return NULL;
114 + return(pyrbac_getauthnamattr(self, name, PYRBAC_NAM_MODE));
115 +}
116 +
117 +static PyObject *
118 +pyrbac_chkauthattr(PyObject* self, PyObject* args) {
119 + char* authstring = NULL;
120 + char* username = NULL;
121 + if(!PyArg_ParseTuple(args, "ss:chkauthattr", &authstring, &username))
122 + return NULL;
123 + return PyBool_FromLong((long)chkauthattr(authstring, username));
124 +}
125 +
126 +static PyObject*
127 +pyrbac_authattr_next(PyObject* self, PyObject* args) {
128 + PyObject* retval = pyrbac_getauthattr(self, args);
129 + if( retval == Py_None ) {
130 + setauthattr();
131 + return NULL;
132 + }
133 + return retval;
134 +}
135 +static PyObject*
136 +pyrbac_authattr__iter__(PyObject* self, PyObject* args) {
137 + return self;
138 +}
139 +
140 +typedef struct {
141 + PyObject_HEAD
142 +} Authattr;
143 +
144 +static void
145 +Authattr_dealloc(Authattr* self) {
146 + endauthattr();
147 + self->ob_type->tp_free((PyObject*) self);
148 +}
149 +
150 +static PyObject*
151 +Authattr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
152 + Authattr *self;
153 + self = (Authattr*)type->tp_alloc(type, 0);
154 +
155 + return ((PyObject *) self);
156 +}
157 +
158 +static int
159 +Authattr_init(Authattr* self, PyObject *args, PyObject *kwargs) {
160 + setauthattr();
161 + return 0;
162 +}
163 +
164 +static char pyrbac_authattr__doc__[];
165 +
166 +PyDoc_STRVAR(pyrbac_authattr__doc__, """provides interfaces to the auth_attr \
167 +database. may be iterated over to return all auth_attr entries\n\n\
168 +Methods provided:\n\
169 +setauthattr\n\
170 +endauthattr\n\
171 +getauthattr\n\
172 +chkauthattr\n\
173 +getauthnam""");
174 +
175 +static char pyrbac_setauthattr__doc__[];
176 +static char pyrbac_endauthattr__doc__[];
177 +static char pyrbac_getauthattr__doc__[];
178 +static char pyrbac_chkauthattr__doc__[];
179 +
180 +PyDoc_STRVAR(pyrbac_setauthattr__doc__,
181 +"\"rewinds\" the auth_attr functions to the first entry in the db. Called \
182 +automatically by the constructor\n\tArguments: None\n\tReturns: None");
183 +
184 +PyDoc_STRVAR(pyrbac_endauthattr__doc__,
185 +"closes the auth_attr database, cleans up storage. called automatically by \
186 +the destructor\n\tArguments: None\n\tReturns: None");
187 +
188 +PyDoc_STRVAR(pyrbac_chkauthattr__doc__, "verifies if a user has a given \
189 +authorization.\n\tArguments: 2 Python strings, 'authname' and 'username'\n\
190 +\tReturns: True if the user is authorized, False otherwise");
191 +
192 +PyDoc_STRVAR(pyrbac_getauthattr__doc__,
193 +"return one entry from the auth_attr database\n\
194 +\tArguments: None\n\
195 +\tReturns: a dict representing the authattr_t struct:\n\
196 +\t\t\"name\": Authorization Name\n\
197 +\t\t\"res1\": reserved\n\
198 +\t\t\"res2\": reserved\n\
199 +\t\t\"short\": Short Description\n\
200 +\t\t\"long\": Long Description\n\
201 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
202 +or a string depending on value");
203 +
204 +PyDoc_STRVAR(pyrbac_getauthnam__doc__,
205 +"searches the auth_attr database for a given authorization name\n\
206 +\tArguments: a Python string containing the auth name\n\
207 +\tReturns: a dict representing the authattr_t struct:\n\
208 +\t\t\"name\": Authorization Name\n\
209 +\t\t\"res1\": reserved\n\
210 +\t\t\"res2\": reserved\n\
211 +\t\t\"short\": Short Description\n\
212 +\t\t\"long\": Long Description\n\
213 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
214 +or a string depending on value");
215 +
216 +static PyMethodDef Authattr_methods[] = {
217 + {"setauthattr", pyrbac_setauthattr, METH_NOARGS, pyrbac_setauthattr__doc__},
218 + {"endauthattr", pyrbac_endauthattr, METH_NOARGS, pyrbac_endauthattr__doc__},
219 + {"chkauthattr", pyrbac_chkauthattr, METH_VARARGS, pyrbac_chkauthattr__doc__},
220 + {"getauthattr", pyrbac_getauthattr, METH_NOARGS, pyrbac_getauthattr__doc__},
221 + {"getauthnam", pyrbac_getauthnam, METH_VARARGS, pyrbac_getauthnam__doc__},
222 + {NULL}
223 +};
224 +
225 +PyTypeObject AuthattrType = {
226 + PyObject_HEAD_INIT(NULL)
227 + 0, /*ob_size*/
228 + "rbac.authattr", /*tp_name*/
229 + sizeof(Authattr), /*tp_basicsize*/
230 + 0, /*tp_itemsize*/
231 + (destructor)Authattr_dealloc, /*tp_dealloc*/
232 + 0, /*tp_print*/
233 + 0, /*tp_getattr*/
234 + 0, /*tp_setattr*/
235 + 0, /*tp_compare*/
236 + 0, /*tp_repr*/
237 + 0, /*tp_as_number*/
238 + 0, /*tp_as_sequence*/
239 + 0, /*tp_as_mapping*/
240 + 0, /*tp_hash */
241 + 0, /*tp_call*/
242 + 0, /*tp_str*/
243 + 0, /*tp_getattro*/
244 + 0, /*tp_setattro*/
245 + 0, /*tp_as_buffer*/
246 + Py_TPFLAGS_DEFAULT |
247 + Py_TPFLAGS_BASETYPE |
248 + Py_TPFLAGS_HAVE_ITER, /*tp_flags*/
249 + pyrbac_authattr__doc__, /* tp_doc */
250 + 0, /* tp_traverse */
251 + 0, /* tp_clear */
252 + 0, /* tp_richcompare */
253 + 0, /* tp_weaklistoffset */
254 + pyrbac_authattr__iter__, /* tp_iter */
255 + pyrbac_authattr_next, /* tp_iternext */
256 + Authattr_methods, /* tp_methods */
257 + 0, /* tp_members */
258 + 0, /* tp_getset */
259 + 0, /* tp_base */
260 + 0, /* tp_dict */
261 + 0, /* tp_descr_get */
262 + 0, /* tp_descr_set */
263 + 0, /* tp_dictoffset */
264 + (initproc)Authattr_init, /* tp_init */
265 + 0, /* tp_alloc */
266 + Authattr_new, /* tp_new */
267 +};
268 diff --git Python-2.6.4/Modules/execattr.c Python-2.6.4/Modules/execattr.c
269 new file mode 100644
270 --- /dev/null
271 +++ Python-2.6.4/Modules/execattr.c
272 @@ -0,0 +1,314 @@
273 +/*
274 + * CDDL HEADER START
275 + *
276 + * The contents of this file are subject to the terms of the
277 + * Common Development and Distribution License (the "License").
278 + * You may not use this file except in compliance with the License.
279 + *
280 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
281 + * or http://www.opensolaris.org/os/licensing.
282 + * See the License for the specific language governing permissions
283 + * and limitations under the License.
284 + *
285 + * When distributing Covered Code, include this CDDL HEADER in each
286 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
287 + * If applicable, add the following below this CDDL HEADER, with the
288 + * fields enclosed by brackets "[]" replaced with your own identifying
289 + * information: Portions Copyright [yyyy] [name of copyright owner]
290 + *
291 + * CDDL HEADER END
292 + */
293 +
294 +/*
295 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
296 + * Use is subject to license terms.
297 + */
298 +
299 +/*
300 + * RBAC Bindings for Python - exec_attr functions
301 + */
302 +
303 +#include <exec_attr.h>
304 +#include "Python.h"
305 +#include "pyrbac.h"
306 +
307 +static PyObject *
308 +pyrbac_setexecattr(PyObject* self, PyObject* args) {
309 + setexecattr();
310 + return Py_None;
311 +}
312 +
313 +static PyObject *
314 +pyrbac_endexecattr(PyObject* self, PyObject* args) {
315 + endexecattr();
316 + return Py_None;
317 +}
318 +
319 +PyObject *
320 +pyrbac_getexecuserprofattr(PyObject* self, char* userprofname, char* type, char* id, int mode) {
321 +
322 + PyObject* ep_data = (mode == PYRBAC_ATTR_MODE) ? NULL : PyList_New(0);
323 +
324 + if (ep_data == NULL && mode != PYRBAC_ATTR_MODE )
325 + return NULL;
326 +
327 + execattr_t *execprof;
328 + if (mode == PYRBAC_USER_MODE)
329 + execprof = getexecuser(userprofname, type, id, GET_ALL);
330 + else if (mode == PYRBAC_PROF_MODE)
331 + execprof = getexecprof(userprofname, type, id, GET_ALL);
332 + else if (mode == PYRBAC_ATTR_MODE)
333 + execprof = getexecattr();
334 + else
335 + return NULL;
336 +
337 + if (execprof == NULL)
338 + return Py_None;
339 +
340 + execattr_t *execprof_head = execprof;
341 +
342 + while(execprof != NULL) {
343 +
344 + PyObject* kv_data = PyDict_New();
345 +
346 + if(execprof->attr != NULL) {
347 + int len;
348 + for(len = 0; len < execprof->attr->length; len++) {
349 + kv_t current = execprof->attr->data[len];
350 +
351 + PyObject* set = PyList_New(NULL);
352 + char* saveptr;
353 + char* item = strtok_r(current.value, ",", &saveptr);
354 + PyList_Append(set, PyString_FromString(item));
355 +
356 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
357 + if(PyList_Append(set, PyString_FromString(item)) != 0) {
358 + Py_XDECREF(set);
359 + Py_XDECREF(kv_data);
360 + free_execattr(execprof_head);
361 + return NULL;
362 + }
363 + }
364 + if(PyDict_SetItemString(kv_data, current.key, set)) {
365 + free_execattr(execprof_head);
366 + return NULL;
367 + }
368 + }
369 + }
370 + PyObject* entry = Py_BuildValue("{s:s,s:s,s:s,s:s,s:s,s:s,s:O}",
371 + "name", execprof->name,
372 + "type", execprof->type,
373 + "policy", execprof->policy,
374 + "res1", execprof->res1,
375 + "res2", execprof->res2,
376 + "id", execprof->id,
377 + "attributes", kv_data);
378 +
379 + if (entry == NULL) {
380 + Py_XDECREF(kv_data);
381 + free_execattr(execprof_head);
382 + return NULL;
383 + }
384 +
385 + if (mode == PYRBAC_ATTR_MODE) {
386 + free_execattr(execprof_head);
387 + return(entry);
388 + }
389 + PyList_Append(ep_data, entry);
390 + execprof = execprof->next;
391 + }
392 +
393 + free_execattr(execprof_head);
394 + return(ep_data);
395 +
396 +}
397 +
398 +static PyObject *
399 +pyrbac_getexecuser(PyObject* self, PyObject* args) {
400 + char* username = NULL;
401 + char* type = NULL;
402 + char* id = NULL;
403 +
404 + if(!PyArg_ParseTuple(args, "sss:getexecuser", &username, &type, &id))
405 + return NULL;
406 +
407 + return (pyrbac_getexecuserprofattr(self, username, type, id, PYRBAC_USER_MODE));
408 +}
409 +
410 +static PyObject *
411 +pyrbac_getexecprof(PyObject* self, PyObject* args) {
412 +
413 + char* profname = NULL;
414 + char* type = NULL;
415 + char* id = NULL;
416 +
417 + if(!PyArg_ParseTuple(args, "sss:getexecprof", &profname, &type, &id))
418 + return NULL;
419 +
420 + return (pyrbac_getexecuserprofattr(self, profname, type, id, PYRBAC_PROF_MODE));
421 +}
422 +
423 +static PyObject*
424 +pyrbac_getexecattr(PyObject* self, PyObject* args) {
425 + return pyrbac_getexecuserprofattr(self, NULL, NULL, NULL, PYRBAC_ATTR_MODE);
426 +}
427 +
428 +static PyObject*
429 +pyrbac_execattr_next(PyObject* self, PyObject* args) {
430 + PyObject* retval = pyrbac_getexecattr(self, args);
431 + if( retval == Py_None ) {
432 + setexecattr();
433 + return NULL;
434 + }
435 + return retval;
436 +}
437 +static PyObject*
438 +pyrbac_execattr__iter__(PyObject* self, PyObject* args) {
439 + return self;
440 +}
441 +
442 +typedef struct {
443 + PyObject_HEAD
444 +} Execattr;
445 +
446 +static void
447 +Execattr_dealloc(Execattr* self) {
448 + endexecattr();
449 + self->ob_type->tp_free((PyObject*) self);
450 +}
451 +
452 +static PyObject*
453 +Execattr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
454 + Execattr *self;
455 + self = (Execattr*)type->tp_alloc(type, 0);
456 +
457 + return ((PyObject *) self);
458 +}
459 +
460 +static int
461 +Execattr_init(Execattr* self, PyObject *args, PyObject *kwargs) {
462 + setexecattr();
463 + return 0;
464 +}
465 +
466 +static char pyrbac_execattr__doc__[];
467 +
468 +PyDoc_STRVAR(pyrbac_execattr__doc__, "provides functions for \
469 +interacting with the execution profiles database. May be iterated over to \
470 +enumerate exec_attr(4) entries\n\n\
471 +Methods provided:\n\
472 +setexecattr\n\
473 +endexecattr\n\
474 +getexecattr\n\
475 +getexecprof\n\
476 +getexecuser");
477 +
478 +
479 +static char pyrbac_getexecuser__doc__[];
480 +static char pyrbac_getexecprof__doc__[];
481 +static char pyrbac_getexecattr__doc__[];
482 +static char pyrbac_setexecattr__doc__[];
483 +static char pyrbac_endexecattr__doc__[];
484 +
485 +PyDoc_STRVAR(pyrbac_setexecattr__doc__,
486 +"\"rewinds\" the exec_attr functions to the first entry in the db. Called \
487 +automatically by the constructor.\n\
488 +\tArguments: None\
489 +\tReturns: None");
490 +
491 +PyDoc_STRVAR(pyrbac_endexecattr__doc__,
492 +"closes the exec_attr database, cleans up storage. called automatically by \
493 +the destructor.\n\
494 +\tArguments: None\
495 +\tReturns: None");
496 +
497 +PyDoc_STRVAR(pyrbac_getexecuser__doc__, "corresponds with getexecuser(3SECDB)\
498 +\nTakes: \'username\', \'type\', \'id\'\n\
499 +Return: a single exec_attr entry\n\
500 +\tArguments: None\n\
501 +\tReturns: a dict representation of an execattr_t struct:\n\
502 +\t\t\"name\": Authorization Name\n\
503 +\t\t\"type\": Profile Type\n\
504 +\t\t\"policy\": Policy attributes are relevant in\n\
505 +\t\t\"res1\": reserved\n\
506 +\t\t\"res2\": reserved\n\
507 +\t\t\"id\": unique identifier\n\
508 +\t\t\"attributes\": A Python dict keyed by attribute & valued as\
509 +either a list or a string depending on value");
510 +
511 +PyDoc_STRVAR(pyrbac_getexecprof__doc__, "corresponds with getexecprof(3SECDB)\
512 +\nTakes: \'profile name\', \'type\', \'id\'\n\
513 +\tReturns: a dict representation of an execattr_t struct:\n\
514 +\t\t\"name\": Authorization Name\n\
515 +\t\t\"type\": Profile Type\n\
516 +\t\t\"policy\": Policy attributes are relevant in\n\
517 +\t\t\"res1\": reserved\n\
518 +\t\t\"res2\": reserved\n\
519 +\t\t\"id\": unique identifier\n\
520 +\t\t\"attributes\": A Python dict keyed by attribute & valued as\
521 +either a list or a string depending on value");
522 +
523 +PyDoc_STRVAR(pyrbac_getexecattr__doc__, "corresponds with getexecattr(3SECDB)\
524 +\nTakes 0 arguments\n\
525 +\tReturns: a dict representation of an execattr_t struct:\n\
526 +\t\t\"name\": Authorization Name\n\
527 +\t\t\"type\": Profile Type\n\
528 +\t\t\"policy\": Policy attributes are relevant in\n\
529 +\t\t\"res1\": reserved\n\
530 +\t\t\"res2\": reserved\n\
531 +\t\t\"id\": unique identifier\n\
532 +\t\t\"attributes\": A Python dict keyed by attribute & valued as\
533 +either a list or a string depending on value");
534 +
535 +static PyMethodDef Execattr_methods[] = {
536 + {"setexecattr", pyrbac_setexecattr, METH_NOARGS, pyrbac_setexecattr__doc__},
537 + {"endexecattr", pyrbac_endexecattr, METH_NOARGS, pyrbac_endexecattr__doc__},
538 + {"getexecprof", pyrbac_getexecprof, METH_VARARGS, pyrbac_getexecprof__doc__},
539 + {"getexecuser", pyrbac_getexecuser, METH_VARARGS, pyrbac_getexecuser__doc__},
540 + {"getexecattr", pyrbac_getexecattr, METH_NOARGS, pyrbac_getexecattr__doc__},
541 + {NULL}
542 +};
543 +
544 +PyTypeObject ExecattrType = {
545 + PyObject_HEAD_INIT(NULL)
546 + 0, /*ob_size*/
547 + "rbac.execattr", /*tp_name*/
548 + sizeof(Execattr), /*tp_basicsize*/
549 + 0, /*tp_itemsize*/
550 + (destructor)Execattr_dealloc, /*tp_dealloc*/
551 + 0, /*tp_print*/
552 + 0, /*tp_getattr*/
553 + 0, /*tp_setattr*/
554 + 0, /*tp_compare*/
555 + 0, /*tp_repr*/
556 + 0, /*tp_as_number*/
557 + 0, /*tp_as_sequence*/
558 + 0, /*tp_as_mapping*/
559 + 0, /*tp_hash */
560 + 0, /*tp_call*/
561 + 0, /*tp_str*/
562 + 0, /*tp_getattro*/
563 + 0, /*tp_setattro*/
564 + 0, /*tp_as_buffer*/
565 + Py_TPFLAGS_DEFAULT |
566 + Py_TPFLAGS_BASETYPE |
567 + Py_TPFLAGS_HAVE_ITER, /*tp_flags*/
568 + pyrbac_execattr__doc__, /* tp_doc */
569 + 0, /* tp_traverse */
570 + 0, /* tp_clear */
571 + 0, /* tp_richcompare */
572 + 0, /* tp_weaklistoffset */
573 + pyrbac_execattr__iter__, /* tp_iter */
574 + pyrbac_execattr_next, /* tp_iternext */
575 + Execattr_methods, /* tp_methods */
576 + 0, /* tp_members */
577 + 0, /* tp_getset */
578 + 0, /* tp_base */
579 + 0, /* tp_dict */
580 + 0, /* tp_descr_get */
581 + 0, /* tp_descr_set */
582 + 0, /* tp_dictoffset */
583 + (initproc)Execattr_init, /* tp_init */
584 + 0, /* tp_alloc */
585 + Execattr_new, /* tp_new */
586 +};
587 diff --git Python-2.6.4/Modules/privileges.c Python-2.6.4/Modules/privileges.c
588 new file mode 100644
589 --- /dev/null
590 +++ Python-2.6.4/Modules/privileges.c
591 @@ -0,0 +1,230 @@
592 +/*
593 + * CDDL HEADER START
594 + *
595 + * The contents of this file are subject to the terms of the
596 + * Common Development and Distribution License (the "License").
597 + * You may not use this file except in compliance with the License.
598 + *
599 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
600 + * or http://www.opensolaris.org/os/licensing.
601 + * See the License for the specific language governing permissions
602 + * and limitations under the License.
603 + *
604 + * When distributing Covered Code, include this CDDL HEADER in each
605 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
606 + * If applicable, add the following below this CDDL HEADER, with the
607 + * fields enclosed by brackets "[]" replaced with your own identifying
608 + * information: Portions Copyright [yyyy] [name of copyright owner]
609 + *
610 + * CDDL HEADER END
611 + */
612 +
613 +/*
614 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
615 + * Use is subject to license terms.
616 + */
617 +
618 +/*
619 + * privileges(5) bindings for Python
620 + */
621 +
622 +#include <priv.h>
623 +#include "Python.h"
624 +
625 +static PyObject *
626 +pyprivileges_setppriv( PyObject *self, PyObject *args) {
627 + priv_op_t op = -1 ;
628 + priv_ptype_t which = NULL;
629 +
630 + PyObject* set_list = NULL;
631 +
632 + priv_set_t * set = NULL;
633 +
634 + if(!PyArg_ParseTuple(args, "iiO:setppriv", &op, &which, &set_list))
635 + return NULL;
636 +
637 + if((op != PRIV_ON && op != PRIV_OFF && op != PRIV_SET) ||
638 + (which != PRIV_PERMITTED && which != PRIV_EFFECTIVE &&
639 + which != PRIV_INHERITABLE && which != PRIV_LIMIT))
640 + return NULL;
641 +
642 + PyObject* set_string = PyList_GetItem(set_list, 0);
643 + int i;
644 + for (i = 1; i < PyList_Size(set_list); ++i) {
645 + PyString_Concat(&set_string, PyString_FromString(","));
646 + PyString_Concat(&set_string, PyList_GetItem(set_list, i));
647 + }
648 +
649 + set = priv_str_to_set(PyString_AsString(set_string), ",", NULL );
650 +
651 + if ( set == NULL )
652 + return NULL;
653 +
654 + long ret = (long) setppriv(op, which, set);
655 + priv_freeset(set);
656 + // Python inverts true & false
657 + if(ret)
658 + Py_RETURN_FALSE;
659 +
660 + Py_RETURN_TRUE;
661 +}
662 +
663 +static PyObject *
664 +pyprivileges_getppriv( PyObject *self, PyObject *args) {
665 +
666 + char* set_str = NULL;
667 + priv_ptype_t which = NULL;
668 + priv_set_t * set = priv_allocset();
669 + if (set == NULL)
670 + return NULL;
671 +
672 + if(!PyArg_ParseTuple(args, "i:getppriv", &which))
673 + return NULL;
674 +
675 + if (which != PRIV_PERMITTED && which != PRIV_EFFECTIVE &&
676 + which != PRIV_INHERITABLE && which != PRIV_LIMIT)
677 + return NULL;
678 +
679 + if (getppriv(which, set) != 0)
680 + return NULL;
681 +
682 + set_str = priv_set_to_str(set, ',', PRIV_STR_LIT);
683 + priv_freeset(set);
684 +
685 + PyObject* set_list = PyList_New(NULL);
686 + char* saveptr;
687 + char* item = strtok_r(set_str, ",", &saveptr);
688 + PyList_Append(set_list, PyString_FromString(item));
689 +
690 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
691 + if(PyList_Append(set_list, PyString_FromString(item)) != 0) {
692 + Py_XDECREF(set_list);
693 + return NULL;
694 + }
695 + }
696 +
697 + return(set_list);
698 +}
699 +
700 +static PyObject *
701 +pyprivileges_priv_inverse( PyObject *self, PyObject *args ) {
702 +
703 + PyObject* set_list_in = NULL;
704 + if(!PyArg_ParseTuple(args, "O:priv_inverse", &set_list_in))
705 + return NULL;
706 +
707 + PyObject* set_string = PyList_GetItem(set_list_in, 0);
708 + int i;
709 + for (i = 1; i < PyList_Size(set_list_in); ++i) {
710 + PyString_Concat(set_string, PyString_FromString(","));
711 + PyString_Concat(set_string, PyList_GetItem(set_list_in, i));
712 + }
713 +
714 + priv_set_t * set = priv_str_to_set(PyString_AsString(set_string), ",", NULL);
715 + if (set == NULL)
716 + return NULL;
717 + priv_inverse(set);
718 + char * ret_str = priv_set_to_str(set, ',', PRIV_STR_LIT);
719 + priv_freeset(set);
720 +
721 + PyObject* set_list_out = PyList_New(NULL);
722 + char* saveptr;
723 + char* item = strtok_r(ret_str, ",", &saveptr);
724 + PyList_Append(set_list_out, PyString_FromString(item));
725 +
726 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
727 + if(PyList_Append(set_list_out, PyString_FromString(item)) != 0) {
728 + Py_XDECREF(set_list_out);
729 + return NULL;
730 + }
731 + }
732 +
733 + Py_XDECREF(set_list_in);
734 +
735 + return(set_list_out);
736 +}
737 +
738 +/* priv_ineffect is a convienient wrapper to priv_get
739 + * however priv_set is, in the context of python, not
740 + * much of a convienience, so it's omitted
741 + */
742 +static PyObject *
743 +pyprivileges_priv_ineffect(PyObject* self, PyObject* args) {
744 + char* privstring=NULL;
745 + if (!PyArg_ParseTuple(args, "s:priv_ineffect", &privstring))
746 + return NULL;
747 + return PyBool_FromLong(priv_ineffect(privstring));
748 +}
749 +
750 +
751 +static char pyprivileges__doc__[];
752 +PyDoc_STRVAR(pyprivileges__doc__,
753 +"Provides functions for interacting with the Solaris privileges(5) framework\n\
754 +Functions provided:\n\
755 +setppriv\n\
756 +getppriv\n\
757 +priv_ineffect\n\
758 +priv_inverse");
759 +
760 +static char pyprivileges_setppriv__doc__[];
761 +static char pyprivileges_getppriv__doc__[];
762 +static char pyprivileges_priv_ineffect__doc__[];
763 +static char pyprivileges_priv_inverse__doc__[];
764 +
765 +PyDoc_STRVAR(pyprivileges_setppriv__doc__,
766 +"Facilitates setting the permitted/inheritable/limit/effective privileges set\n\
767 +\tArguments:\n\
768 +\t\tone of (PRIV_ON|PRIV_OFF|PRIV_SET)\n\
769 +\t\tone of (PRIV_PERMITTED|PRIV_INHERITABLE|PRIV_LIMIT|PRIV_EFFECTIVE)\n\
770 +\t\tset of privileges: a list of strings\n\
771 +\tReturns: True on success, False on failure\
772 +");
773 +
774 +PyDoc_STRVAR(pyprivileges_getppriv__doc__,
775 +"Return the process privilege set\n\
776 +\tArguments:\n\
777 +\t\tone of (PRIV_PERMITTED|PRIV_INHERITABLE|PRIV_LIMIT|PRIV_EFFECTIVE)\n\
778 +\tReturns: a Python list of strings");
779 +
780 +PyDoc_STRVAR(pyprivileges_priv_ineffect__doc__,
781 +"Checks for a privileges presence in the effective set\n\
782 +\tArguments: a String\n\
783 +\tReturns: True if the privilege is in effect, False otherwise");
784 +
785 +PyDoc_STRVAR(pyprivileges_priv_inverse__doc__,
786 +"The complement of the set of privileges\n\
787 +\tArguments: a list of strings\n\tReturns: a list of strings");
788 +
789 +static PyMethodDef module_methods[] = {
790 + {"setppriv", pyprivileges_setppriv, METH_VARARGS, pyprivileges_setppriv__doc__},
791 + {"getppriv", pyprivileges_getppriv, METH_VARARGS, pyprivileges_getppriv__doc__},
792 + {"priv_ineffect", pyprivileges_priv_ineffect, METH_VARARGS, pyprivileges_priv_ineffect__doc__},
793 + {"priv_inverse", pyprivileges_priv_inverse, METH_VARARGS, pyprivileges_priv_inverse__doc__},
794 + {NULL}
795 +};
796 +
797 +
798 +#ifndef PyMODINIT_FUNC /* declarations for DLL import/export */
799 +#define PyMODINIT_FUNC void
800 +#endif
801 +PyMODINIT_FUNC
802 +initprivileges(void) {
803 + PyObject* m;
804 +
805 + m = Py_InitModule3("privileges", module_methods, pyprivileges__doc__);
806 + if ( m == NULL )
807 + return;
808 +
809 + PyObject* d = PyModule_GetDict(m);
810 + if (d == NULL)
811 + return;
812 +
813 + PyDict_SetItemString(d, "PRIV_ON", PyInt_FromLong((long)PRIV_ON));
814 + PyDict_SetItemString(d, "PRIV_OFF", PyInt_FromLong((long)PRIV_OFF));
815 + PyDict_SetItemString(d, "PRIV_SET", PyInt_FromLong((long)PRIV_SET));
816 +
817 + PyDict_SetItemString(d, "PRIV_PERMITTED", PyInt_FromLong((long)PRIV_PERMITTED));
818 + PyDict_SetItemString(d, "PRIV_INHERITABLE", PyInt_FromLong((long)PRIV_INHERITABLE));
819 + PyDict_SetItemString(d, "PRIV_LIMIT", PyInt_FromLong((long)PRIV_LIMIT));
820 + PyDict_SetItemString(d, "PRIV_EFFECTIVE", PyInt_FromLong((long)PRIV_EFFECTIVE));
821 +}
822 diff --git Python-2.6.4/Modules/pyrbac.c Python-2.6.4/Modules/pyrbac.c
823 new file mode 100644
824 --- /dev/null
825 +++ Python-2.6.4/Modules/pyrbac.c
826 @@ -0,0 +1,69 @@
827 +/*
828 + * CDDL HEADER START
829 + *
830 + * The contents of this file are subject to the terms of the
831 + * Common Development and Distribution License (the "License").
832 + * You may not use this file except in compliance with the License.
833 + *
834 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
835 + * or http://www.opensolaris.org/os/licensing.
836 + * See the License for the specific language governing permissions
837 + * and limitations under the License.
838 + *
839 + * When distributing Covered Code, include this CDDL HEADER in each
840 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
841 + * If applicable, add the following below this CDDL HEADER, with the
842 + * fields enclosed by brackets "[]" replaced with your own identifying
843 + * information: Portions Copyright [yyyy] [name of copyright owner]
844 + *
845 + * CDDL HEADER END
846 + */
847 +
848 +/*
849 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
850 + * Use is subject to license terms.
851 + */
852 +
853 +/*
854 + * RBAC Bindings for Python
855 + */
856 +
857 +#include <Python.h>
858 +#include "pyrbac.h"
859 +
860 +static PyMethodDef module_methods[] = {NULL};
861 +static char pyrbac__doc__[];
862 +
863 +PyDoc_STRVAR(pyrbac__doc__, "provides access to some objects \
864 +for interaction with the Solaris Role-Based Access Control \
865 +framework.\n\nDynamic objects:\n\
866 +userattr -- for interacting with user_attr(4)\n\
867 +authattr -- for interacting with auth_attr(4)\n\
868 +execattr -- for interacting with exec_attr(4)\n");
869 +
870 +#ifndef PyMODINIT_FUNC /* declarations for DLL import/export */
871 +#define PyMODINIT_FUNC void
872 +#endif
873 +PyMODINIT_FUNC
874 +initrbac(void) {
875 + PyObject* m;
876 + if (PyType_Ready(&AuthattrType) < 0 ||
877 + PyType_Ready(&ExecattrType) < 0 ||
878 + PyType_Ready(&UserattrType) < 0 )
879 + return;
880 +
881 + m = Py_InitModule3("rbac", module_methods, pyrbac__doc__);
882 + if ( m == NULL )
883 + return;
884 +
885 + Py_INCREF(&AuthattrType);
886 + PyModule_AddObject(m, "authattr", (PyObject*)&AuthattrType);
887 +
888 + Py_INCREF(&ExecattrType);
889 + PyModule_AddObject(m, "execattr", (PyObject*)&ExecattrType);
890 +
891 + Py_INCREF(&UserattrType);
892 + PyModule_AddObject(m, "userattr", (PyObject*)&UserattrType);
893 +
894 +}
895 +
896 diff --git Python-2.6.4/Modules/pyrbac.h Python-2.6.4/Modules/pyrbac.h
897 new file mode 100644
898 --- /dev/null
899 +++ Python-2.6.4/Modules/pyrbac.h
900 @@ -0,0 +1,46 @@
901 +/*
902 + * CDDL HEADER START
903 + *
904 + * The contents of this file are subject to the terms of the
905 + * Common Development and Distribution License (the "License").
906 + * You may not use this file except in compliance with the License.
907 + *
908 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
909 + * or http://www.opensolaris.org/os/licensing.
910 + * See the License for the specific language governing permissions
911 + * and limitations under the License.
912 + *
913 + * When distributing Covered Code, include this CDDL HEADER in each
914 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
915 + * If applicable, add the following below this CDDL HEADER, with the
916 + * fields enclosed by brackets "[]" replaced with your own identifying
917 + * information: Portions Copyright [yyyy] [name of copyright owner]
918 + *
919 + * CDDL HEADER END
920 + */
921 +
922 +/*
923 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
924 + * Use is subject to license terms.
925 + */
926 +
927 +/*
928 + * RBAC bindings for python
929 + */
930 +#ifndef PYRBAC_H
931 +#define PYRBAC_H
932 +
933 +#include <secdb.h>
934 +
935 +
936 +#define PYRBAC_USER_MODE 1
937 +#define PYRBAC_PROF_MODE 2
938 +#define PYRBAC_ATTR_MODE 3
939 +#define PYRBAC_NAM_MODE 4
940 +#define PYRBAC_UID_MODE 5
941 +
942 +PyTypeObject AuthattrType;
943 +PyTypeObject ExecattrType;
944 +PyTypeObject UserattrType;
945 +
946 +#endif
947 diff --git Python-2.6.4/Modules/userattr.c Python-2.6.4/Modules/userattr.c
948 new file mode 100644
949 --- /dev/null
950 +++ Python-2.6.4/Modules/userattr.c
951 @@ -0,0 +1,309 @@
952 +/*
953 + * CDDL HEADER START
954 + *
955 + * The contents of this file are subject to the terms of the
956 + * Common Development and Distribution License (the "License").
957 + * You may not use this file except in compliance with the License.
958 + *
959 + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
960 + * or http://www.opensolaris.org/os/licensing.
961 + * See the License for the specific language governing permissions
962 + * and limitations under the License.
963 + *
964 + * When distributing Covered Code, include this CDDL HEADER in each
965 + * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
966 + * If applicable, add the following below this CDDL HEADER, with the
967 + * fields enclosed by brackets "[]" replaced with your own identifying
968 + * information: Portions Copyright [yyyy] [name of copyright owner]
969 + *
970 + * CDDL HEADER END
971 + */
972 +
973 +/*
974 + * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
975 + * Use is subject to license terms.
976 + */
977 +
978 +/*
979 + * RBAC Bindings for Python - user_attr functions
980 + */
981 +
982 +#include <stdio.h>
983 +#include <user_attr.h>
984 +#include "Python.h"
985 +#include "pyrbac.h"
986 +
987 +static PyObject*
988 +pyrbac_setuserattr(PyObject* self, PyObject* args) {
989 + setuserattr();
990 + return Py_None;
991 +}
992 +
993 +static PyObject*
994 +pyrbac_enduserattr(PyObject* self, PyObject* args) {
995 + enduserattr();
996 + return Py_None;
997 +}
998 +
999 +PyObject*
1000 +pyrbac_getuseruidnamattr(PyObject* self, void* arg, int mode, char* filename) {
1001 +
1002 + userattr_t *ret_userattr;
1003 +
1004 + if (mode == PYRBAC_ATTR_MODE) {
1005 + if (filename != NULL) {
1006 + FILE* file = fopen(filename, "r");
1007 + if (file == NULL)
1008 + return NULL;
1009 + ret_userattr = fgetuserattr(file);
1010 + if (fclose(file))
1011 + return NULL;
1012 + }
1013 + else
1014 + ret_userattr = getuserattr();
1015 + }
1016 + else if (mode == PYRBAC_NAM_MODE)
1017 + ret_userattr = getusernam((char*) arg);
1018 + else if (mode == PYRBAC_UID_MODE)
1019 + ret_userattr = getuseruid(*((uid_t*) arg));
1020 +
1021 + if (ret_userattr == NULL)
1022 + return Py_None;
1023 +
1024 + PyObject* entry = PyTuple_New(5);
1025 + if (entry == NULL) {
1026 + free_userattr(ret_userattr);
1027 + return NULL;
1028 + }
1029 +
1030 + PyObject* kv_data = PyDict_New();
1031 +
1032 + if(ret_userattr->attr != NULL) {
1033 + int len;
1034 + for(len = 0; len < ret_userattr->attr->length; len++) {
1035 + kv_t current = ret_userattr->attr->data[len];
1036 +
1037 + PyObject* set = PyList_New(NULL);
1038 + char* saveptr;
1039 + char* item = strtok_r(current.value, ",", &saveptr);
1040 + PyList_Append(set, PyString_FromString(item));
1041 +
1042 + while((item = strtok_r(NULL, ",", &saveptr)) != NULL) {
1043 + if(PyList_Append(set, PyString_FromString(item)) != 0) {
1044 + Py_XDECREF(set);
1045 + Py_XDECREF(kv_data);
1046 + free_userattr(ret_userattr);
1047 + return NULL;
1048 + }
1049 + }
1050 + if(PyDict_SetItemString(kv_data, current.key, set)) {
1051 + free_userattr(ret_userattr);
1052 + return NULL;
1053 + }
1054 + }
1055 + }
1056 + entry = Py_BuildValue("{s:s,s:s,s:s,s:s,s:O}",
1057 + "name", ret_userattr->name,
1058 + "qualifier", ret_userattr->qualifier,
1059 + "res1", ret_userattr->res1,
1060 + "res2", ret_userattr->res2,
1061 + "attributes", kv_data);
1062 +
1063 + free_userattr(ret_userattr);
1064 +
1065 + return entry;
1066 +}
1067 +
1068 +
1069 +static PyObject*
1070 +pyrbac_getuserattr(PyObject* self, PyObject* args) {
1071 + return(pyrbac_getuseruidnamattr(self, (void*) NULL, PYRBAC_ATTR_MODE, NULL));
1072 +}
1073 +
1074 +static PyObject*
1075 +pyrbac_fgetuserattr(PyObject* self, PyObject* args) {
1076 + char* filename = NULL;
1077 + if(!PyArg_ParseTuple(args, "s:fgetuserattr", &filename))
1078 + return NULL;
1079 + return(pyrbac_getuseruidnamattr(self, NULL, PYRBAC_ATTR_MODE, filename));
1080 +}
1081 +
1082 +static PyObject*
1083 +pyrbac_getusernam(PyObject* self, PyObject* args) {
1084 + char* name = NULL;
1085 + if(!PyArg_ParseTuple(args, "s:getusernam", &name))
1086 + return NULL;
1087 + return(pyrbac_getuseruidnamattr(self, (void*) name, PYRBAC_NAM_MODE, NULL));
1088 +}
1089 +
1090 +static PyObject*
1091 +pyrbac_getuseruid(PyObject* self, PyObject* args) {
1092 + uid_t uid;
1093 + if(!PyArg_ParseTuple(args, "i:getuseruid", &uid))
1094 + return NULL;
1095 + return(pyrbac_getuseruidnamattr(self, (void*) &uid, PYRBAC_UID_MODE, NULL));
1096 +}
1097 +
1098 +static PyObject*
1099 +pyrbac_userattr_next(PyObject* self, PyObject* args) {
1100 + PyObject* retval = pyrbac_getuserattr(self, args);
1101 + if( retval == Py_None ) {
1102 + setuserattr();
1103 + return NULL;
1104 + }
1105 + return retval;
1106 +}
1107 +static PyObject*
1108 +pyrbac_userattr__iter__(PyObject* self, PyObject* args) {
1109 + return self;
1110 +}
1111 +
1112 +typedef struct {
1113 + PyObject_HEAD
1114 +} Userattr;
1115 +
1116 +static void
1117 +Userattr_dealloc(Userattr* self) {
1118 + enduserattr();
1119 + self->ob_type->tp_free((PyObject*) self);
1120 +}
1121 +
1122 +static PyObject*
1123 +Userattr_new(PyTypeObject *type, PyObject *args, PyObject *kwds) {
1124 + Userattr *self;
1125 + self = (Userattr*)type->tp_alloc(type, 0);
1126 +
1127 + return ((PyObject *) self);
1128 +}
1129 +
1130 +static int
1131 +Userattr_init(Userattr* self, PyObject *args, PyObject *kwargs) {
1132 + setuserattr();
1133 + return 0;
1134 +}
1135 +
1136 +static char pyrbac_userattr__doc__[];
1137 +PyDoc_STRVAR(pyrbac_userattr__doc__, "provides functions for \
1138 +interacting with the extended user attributes database. May be iterated over \
1139 +to enumerate user_attr(4) entries\n\n\
1140 +Methods provided:\n\
1141 +setuserattr\n\
1142 +enduserattr\n\
1143 +getuserattr\n\
1144 +fgetuserattr\n\
1145 +getusernam\n\
1146 +getuseruid");
1147 +
1148 +static char pyrbac_setuserattr__doc__[];
1149 +static char pyrbac_enduserattr__doc__[];
1150 +static char pyrbac_getuserattr__doc__[];
1151 +static char pyrbac_getusernam__doc__[];
1152 +static char pyrbac_getuseruid__doc__[];
1153 +
1154 +PyDoc_STRVAR(pyrbac_setuserattr__doc__, "\"rewinds\" the user_attr functions \
1155 +to the first entry in the db. Called automatically by the constructor.\n\
1156 +\tArguments: None\n\
1157 +\tReturns: None");
1158 +
1159 +PyDoc_STRVAR(pyrbac_enduserattr__doc__, "closes the user_attr database, \
1160 +cleans up storage. called automatically by the destructor\n\
1161 +\tArguments: None\n\
1162 +\tReturns: None");
1163 +
1164 +PyDoc_STRVAR(pyrbac_getuserattr__doc__, "Return a single user_attr entry\n \
1165 +\tArguments: None\n\
1166 +\tReturns: a dict representation of a userattr_t struct:\n\
1167 +\t\t\"name\": username\n\
1168 +\t\t\"qualifier\": reserved\n\
1169 +\t\t\"res1\": reserved\n\
1170 +\t\t\"res2\": reserved\n\
1171 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1172 +or a string depending on value"
1173 +);
1174 +
1175 +PyDoc_STRVAR(pyrbac_fgetuserattr__doc__, "Return a single user_attr entry \
1176 +from a file, bypassing nsswitch.conf\n\
1177 +\tArguments: \'filename\'\n\
1178 +\tReturns: a dict representation of a userattr_t struct:\n\
1179 +\t\t\"name\": username\n\
1180 +\t\t\"qualifier\": reserved\n\
1181 +\t\t\"res1\": reserved\n\
1182 +\t\t\"res2\": reserved\n\
1183 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1184 +or a string depending on value");
1185 +
1186 +PyDoc_STRVAR(pyrbac_getusernam__doc__, "Searches for a user_attr entry with a \
1187 +given user name\n\
1188 +\tArgument: \'username\'\n\
1189 +\tReturns: a dict representation of a userattr_t struct:\n\
1190 +\t\t\"name\": username\n\
1191 +\t\t\"qualifier\": reserved\n\
1192 +\t\t\"res1\": reserved\n\
1193 +\t\t\"res2\": reserved\n\
1194 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1195 +or a string depending on value");
1196 +
1197 +PyDoc_STRVAR(pyrbac_getuseruid__doc__, "Searches for a user_attr entry with a \
1198 +given uid\n\
1199 +\tArgument: uid\n\
1200 +\tReturns: a dict representation of a userattr_t struct:\n\
1201 +\t\t\"name\": username\n\
1202 +\t\t\"qualifier\": reserved\n\
1203 +\t\t\"res1\": reserved\n\
1204 +\t\t\"res2\": reserved\n\
1205 +\t\t\"attributes\": A Python dict keyed by attribute & valued as either a list \
1206 +or a string depending on value");
1207 +
1208 +static PyMethodDef Userattr_methods[] = {
1209 + {"setuserattr", pyrbac_setuserattr, METH_NOARGS, pyrbac_setuserattr__doc__},
1210 + {"enduserattr", pyrbac_enduserattr, METH_NOARGS, pyrbac_enduserattr__doc__},
1211 + {"getuserattr", pyrbac_getuserattr, METH_NOARGS, pyrbac_getuserattr__doc__},
1212 + {"fgetuserattr", pyrbac_fgetuserattr, METH_VARARGS, pyrbac_fgetuserattr__doc__},
1213 + {"getusernam", pyrbac_getusernam, METH_VARARGS, pyrbac_getusernam__doc__},
1214 + {"getuseruid", pyrbac_getuseruid, METH_VARARGS, pyrbac_getuseruid__doc__},
1215 + {NULL}
1216 +};
1217 +
1218 +PyTypeObject UserattrType = {
1219 + PyObject_HEAD_INIT(NULL)
1220 + 0, /*ob_size*/
1221 + "rbac.userattr", /*tp_name*/
1222 + sizeof(Userattr), /*tp_basicsize*/
1223 + 0, /*tp_itemsize*/
1224 + (destructor)Userattr_dealloc, /*tp_dealloc*/
1225 + 0, /*tp_print*/
1226 + 0, /*tp_getattr*/
1227 + 0, /*tp_setattr*/
1228 + 0, /*tp_compare*/
1229 + 0, /*tp_repr*/
1230 + 0, /*tp_as_number*/
1231 + 0, /*tp_as_sequence*/
1232 + 0, /*tp_as_mapping*/
1233 + 0, /*tp_hash */
1234 + 0, /*tp_call*/
1235 + 0, /*tp_str*/
1236 + 0, /*tp_getattro*/
1237 + 0, /*tp_setattro*/
1238 + 0, /*tp_as_buffer*/
1239 + Py_TPFLAGS_DEFAULT |
1240 + Py_TPFLAGS_BASETYPE |
1241 + Py_TPFLAGS_HAVE_ITER, /*tp_flags*/
1242 + pyrbac_userattr__doc__, /* tp_doc */
1243 + 0, /* tp_traverse */
1244 + 0, /* tp_clear */
1245 + 0, /* tp_richcompare */
1246 + 0, /* tp_weaklistoffset */
1247 + pyrbac_userattr__iter__, /* tp_iter */
1248 + pyrbac_userattr_next, /* tp_iternext */
1249 + Userattr_methods, /* tp_methods */
1250 + 0, /* tp_members */
1251 + 0, /* tp_getset */
1252 + 0, /* tp_base */
1253 + 0, /* tp_dict */
1254 + 0, /* tp_descr_get */
1255 + 0, /* tp_descr_set */
1256 + 0, /* tp_dictoffset */
1257 + (initproc)Userattr_init, /* tp_init */
1258 + 0, /* tp_alloc */
1259 + Userattr_new, /* tp_new */
1260 +};
1261 diff --git Python-2.6.4/setup.py Python-2.6.4/setup.py
1262 --- Python-2.6.4/setup.py
1263 +++ Python-2.6.4/setup.py
1264 @@ -1290,6 +1290,22 @@
1265 exts.append( Extension('dlpi', ['dlpimodule.c'],
1266 libraries = ['dlpi']) )
1267
1268 + # privileges module (Solaris)
1269 + priv_inc = find_file('priv.h', [], inc_dirs)
1270 + if priv_inc is not None:
1271 + exts.append( Extension('privileges', ['privileges.c']))
1272 +
1273 + # rbac module (Solaris)
1274 + secdb_inc = find_file('secdb.h', [], inc_dirs)
1275 + aa_inc = find_file('auth_attr.h', [], inc_dirs)
1276 + ea_inc = find_file('exec_attr.h', [], inc_dirs)
1277 + ua_inc = find_file('user_attr.h', [], inc_dirs)
1278 + if secdb_inc is not None and aa_inc is not None and \
1279 + ea_inc is not None and ua_inc is not None:
1280 + exts.append( Extension('rbac', ['pyrbac.c', 'authattr.c', \
1281 + 'execattr.c', 'userattr.c'],
1282 + libraries = ['nsl', 'socket', 'secdb']) )
1283 +
1284 # Thomas Heller's _ctypes module
1285 self.detect_ctypes(inc_dirs, lib_dirs)
1286
1287 diff --git Python-2.6.4/Lib/test/privrbac.py Python-2.6.4/Lib/test/privrbac.py
1288 new file mode 100644
1289 --- /dev/null 2011-02-12 03:13:57.000000000 -0600
1290 +++ Python-2.6.4/Lib/test/privrbactest.py 2011-01-20 13:52:42.862305331 -0600
1291 @@ -0,0 +1,290 @@
1292 +#!/usr/bin/python2.6
1293 +#
1294 +# CDDL HEADER START
1295 +#
1296 +# The contents of this file are subject to the terms of the
1297 +# Common Development and Distribution License (the "License").
1298 +# You may not use this file except in compliance with the License.
1299 +#
1300 +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1301 +# or http://www.opensolaris.org/os/licensing.
1302 +# See the License for the specific language governing permissions
1303 +# and limitations under the License.
1304 +#
1305 +# When distributing Covered Code, include this CDDL HEADER in each
1306 +# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1307 +# If applicable, add the following below this CDDL HEADER, with the
1308 +# fields enclosed by brackets "[]" replaced with your own identifying
1309 +# information: Portions Copyright [yyyy] [name of copyright owner]
1310 +#
1311 +# CDDL HEADER END
1312 +#
1313 +
1314 +# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
1315 +# Use is subject to license terms.
1316 +
1317 +import privileges
1318 +import rbac
1319 +import os
1320 +import sys
1321 +import tempfile
1322 +
1323 +# privileges tests
1324 +
1325 +def test_setppriv():
1326 + amchild = os.fork()
1327 + if amchild == 0:
1328 + if privileges.setppriv(privileges.PRIV_OFF, privileges.PRIV_EFFECTIVE,
1329 + ['proc_fork']):
1330 + try:
1331 + os.fork()
1332 + sys.exit(1)
1333 + except OSError, e:
1334 + sys.exit(0)
1335 +
1336 + child = os.wait()
1337 + if child[1] is not 0:
1338 + print "setppriv. Bad exit status from pid %i\n" % child[0]
1339 + return False
1340 + return True
1341 +
1342 +def test_getppriv():
1343 + if 'proc_fork' in privileges.getppriv(privileges.PRIV_LIMIT):
1344 + return True
1345 + print "getppriv or PRIV_PROC_FORK not in PRIV_LIMIT.\n"
1346 + return False
1347 +
1348 +def test_priv_ineffect():
1349 + if privileges.priv_ineffect('proc_fork'):
1350 + return True
1351 + print "priv_ineffect or PRIV_PROC_FORK not in effect\n"
1352 + return False
1353 +
1354 +# authattr tests
1355 +
1356 +def test_chkauthattr():
1357 + try:
1358 + a = rbac.authattr()
1359 + except Exception, e:
1360 + print "Could not instantiate authattr object: %s\n" % e
1361 + return False
1362 + try:
1363 + res = a.chkauthattr('solaris.*', 'root')
1364 + except Exception, e:
1365 + print "chkauthattr failed: %s\n" % e
1366 + return False
1367 + if not res:
1368 + print "chkauthattr failed or \'root\' lacks \'solaris.*\'\n"
1369 + return False
1370 + return True
1371 +
1372 +def test_getauthattr():
1373 + try:
1374 + a = rbac.authattr()
1375 + except Exception, e:
1376 + print "Could not instantiate authattr object: %s\n" % e
1377 + return False
1378 + try:
1379 + res = a.getauthattr()
1380 + except Exception, e:
1381 + print "getauthattr failed: %s\n" % e
1382 + return False
1383 + if not 'name' in res.keys():
1384 + print "getauthattr failed\n"
1385 + return False
1386 + return True
1387 +
1388 +def test_getauthnam():
1389 + try:
1390 + a = rbac.authattr()
1391 + except Exception, e:
1392 + print "Could not instantiate authattr object: %s\n" % e
1393 + return False
1394 + try:
1395 + res = a.getauthnam('solaris.')
1396 + except Exception, e:
1397 + print "getauthnam failed: %s\n" % e
1398 + return False
1399 + if not res:
1400 + print "getauthnam failed or \'solaris.\' not in auth_attr(4)\n"
1401 + return False
1402 + return True
1403 +
1404 +def test_authattr_iter():
1405 + try:
1406 + a = rbac.authattr()
1407 + except Exception, e:
1408 + print "Could not instantiate authattr object: %s\n" % e
1409 + return False
1410 + res = a.next()
1411 + if not 'name' in res.keys() or type(a) != type(a.__iter__()):
1412 + print "authattr object is not an iterable\n"
1413 + return False
1414 + return True
1415 +
1416 +# execattr tests
1417 +
1418 +def test_getexecattr():
1419 + try:
1420 + a = rbac.execattr()
1421 + except Exception, e:
1422 + print "Could not instantiate execattr object: %s\n" % e
1423 + return False
1424 + try:
1425 + res = a.getexecattr()
1426 + except Exception, e:
1427 + print "getexecattr failed: %s\n" % e
1428 + return False
1429 + if not 'name' in res.keys():
1430 + print "getexecattr failed\n"
1431 + return False
1432 + return True
1433 +
1434 +def test_getexecuser():
1435 + try:
1436 + a = rbac.execattr()
1437 + except Exception, e:
1438 + print "Could not instantiate execattr object: %s\n" % e
1439 + return False
1440 + try:
1441 + res = a.getexecuser("root", "act", "*;*;*;*;*")
1442 + except Exception, e:
1443 + print "getexecuser failed: %s\n" % e
1444 + return False
1445 + if not res:
1446 + print "getexecuser failed or \'root\' not assigned to \'act\', " \
1447 + "\'*;*;*;*;*\' \n"
1448 + return False
1449 + return True
1450 +
1451 +
1452 +def test_getexecprof():
1453 + try:
1454 + a = rbac.execattr()
1455 + except Exception, e:
1456 + print "Could not instantiate execattr object: %s\n" % e
1457 + return False
1458 + try:
1459 + res = a.getexecprof("All", "cmd", "*")
1460 + except Exception, e:
1461 + print "getexecprof failed: %s\n" % e
1462 + return False
1463 + if not res:
1464 + print "getexecprof failed or \'All\' not granted \'cmd\' : \'*\'\n"
1465 + return False
1466 + return True
1467 +
1468 +def test_execattr_iter():
1469 + try:
1470 + a = rbac.execattr()
1471 + except Exception, e:
1472 + print "Could not instantiate execattr object: %s\n" % e
1473 + return False
1474 + res = a.next()
1475 + if not 'name' in res.keys() or type(a) != type(a.__iter__()):
1476 + print "execattr object is not an iterable\n"
1477 + return False
1478 + return True
1479 +
1480 +# userattr tests
1481 +
1482 +def test_getuserattr():
1483 + try:
1484 + a = rbac.userattr()
1485 + except Exception, e:
1486 + print "Could not instantiate userattr object: %s\n" % e
1487 + return False
1488 + try:
1489 + res = a.getuserattr()
1490 + except Exception, e:
1491 + print "getuserattr failed: %s\n" % e
1492 + return False
1493 + if not 'name' in res.keys():
1494 + print "getuserattr failed\n"
1495 + return False
1496 + return True
1497 +
1498 +def test_fgetuserattr():
1499 + temp = tempfile.NamedTemporaryFile()
1500 + temp.write("user::::profiles=Software Installation;roles=foo;"\
1501 + "auths=solaris.foo.bar")
1502 + temp.seek(0)
1503 + try:
1504 + a = rbac.userattr()
1505 + except Exception, e:
1506 + print "Could not instantiate userattr object: %s\n" % e
1507 + return False
1508 + try:
1509 + res = a.fgetuserattr(temp.name)
1510 + temp.close()
1511 + except Exception, e:
1512 + print "fgetuserattr failed: %s\n" % e
1513 + temp.close()
1514 + return False
1515 + if not 'name' in res.keys():
1516 + print "fgetuserattr failed\n"
1517 + return False
1518 + return True
1519 +
1520 +def test_getuseruid():
1521 + try:
1522 + a = rbac.userattr()
1523 + except Exception, e:
1524 + print "Could not instantiate userattr object: %s\n" % e
1525 + return False
1526 + try:
1527 + res = a.getuseruid(0)
1528 + except Exception, e:
1529 + print "getusernam failed: %s\n" % e
1530 + return False
1531 + if not 'name' in res:
1532 + print "getusernam failed or no uid 0\n"
1533 + return False
1534 + return True
1535 +
1536 +def test_getusernam():
1537 + try:
1538 + a = rbac.userattr()
1539 + except Exception, e:
1540 + print "Could not instantiate userattr object: %s\n" % e
1541 + return False
1542 + try:
1543 + res = a.getusernam('root')
1544 + except Exception, e:
1545 + print "getusernam failed: %s\n" % e
1546 + return False
1547 + if not 'name' in res:
1548 + print "getusernam failed or no \'root\' user\n"
1549 + return False
1550 + return True
1551 +
1552 +def test_userattr_iter():
1553 + try:
1554 + a = rbac.userattr()
1555 + except Exception, e:
1556 + print "Could not instantiate userattr object: %s\n" % e
1557 + return False
1558 + res = a.next()
1559 + if not 'name' in res.keys() or type(a) != type(a.__iter__()):
1560 + print "userattr object is not an iterable\n"
1561 + return False
1562 + return True
1563 +
1564 +if not test_setppriv() or not test_getppriv() or not test_priv_ineffect():
1565 + print "*** Failures detected in privileges module\n"
1566 + sys.exit(1)
1567 +
1568 +if not test_getauthattr() or not test_chkauthattr() or not test_getauthnam() \
1569 + or not test_authattr_iter:
1570 + print "*** Failures detected in rbac.authattr\n"
1571 + sys.exit(1)
1572 +
1573 +if not test_getexecattr() or not test_getexecuser() or not test_getexecprof() \
1574 + or not test_execattr_iter():
1575 + print "*** Failures detected in rbac.execattr\n"
1576 + sys.exit(1)
1577 +
1578 +if not test_getuserattr() or not test_fgetuserattr() or not test_getusernam()\
1579 + or not test_getuseruid() or not test_userattr_iter():
1580 + print "*** Failures detected in rbac.userattr\n"
1581 + sys.exit(1)