Mercurial > illumos > illumos-gate
changeset 12635:c51051e2d948
6960903 zonecfg sometimes updates user_attr when it doesn't need to
author | Glenn Faden <Glenn.Faden@Sun.COM> |
---|---|
date | Wed, 16 Jun 2010 16:53:13 -0700 |
parents | 09fce1ed6a60 |
children | 13b5d698941e |
files | usr/src/lib/libzonecfg/common/libzonecfg.c |
diffstat | 1 files changed, 19 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/libzonecfg/common/libzonecfg.c Wed Jun 16 18:11:17 2010 -0400 +++ b/usr/src/lib/libzonecfg/common/libzonecfg.c Wed Jun 16 16:53:13 2010 -0700 @@ -7810,7 +7810,7 @@ if (getauthnam(authname) == NULL) { status = B_FALSE; zerror(zonename, - gettext("%s is not a valid authorization"), + gettext("'%s' is not a valid authorization"), right); } right = strtok_r(NULL, ",", &lasts); @@ -7860,13 +7860,12 @@ offset = strlen(ZONE_AUTH_PREFIX); if ((strncmp(*auth, ZONE_AUTH_PREFIX, offset) == 0) && ((suffix = strchr(*auth, '/')) != NULL)) { - if (strncmp(suffix + 1, zonename, strlen(zonename)) == 0) { + if (strcmp(suffix + 1, zonename) == 0) { *auth += offset; suffix[0] = '\0'; return (B_TRUE); } else if ((oldzonename != NULL) && - (strncmp(suffix + 1, oldzonename, - strlen(oldzonename)) == 0)) { + (strcmp(suffix + 1, oldzonename) == 0)) { *auth += offset; suffix[0] = '\0'; return (B_TRUE); @@ -8092,7 +8091,9 @@ boolean_t is_zone_admin = B_FALSE; char user_cmd[] = "/usr/sbin/usermod"; char role_cmd[] = "/usr/sbin/rolemod"; - char *auths_cmd = user_cmd; + char *auths_cmd = user_cmd; /* either usermod or rolemod */ + char *new_auth_start; /* string containing the new auths */ + int new_auth_cnt = 0; /* delta of changed authorizations */ /* * First get the existing authorizations for this user @@ -8153,6 +8154,8 @@ if (strncmp(cur_auth, ZONE_AUTH_PREFIX, offset) == 0) is_zone_admin = B_TRUE; + } else { + new_auth_cnt++; } cur_auth = strtok_r(NULL, ",", &lasts); } @@ -8172,6 +8175,9 @@ /* * Convert each right into a properly formatted authorization */ + new_auth_start = new_auths + strlen(new_auths); + if (!first) + new_auth_start++; right = strtok_r(auths, ",", &lasts); while (right != NULL) { char auth[MAXAUTHS]; @@ -8185,14 +8191,20 @@ } (void) strlcat(new_auths, auth, MAXAUTHS); is_zone_admin = B_TRUE; + new_auth_cnt--; right = strtok_r(NULL, ",", &lasts); } /* + * Need to update the authorizations in user_attr unless + * the number of old and new authorizations is unchanged + * and the new auths are a substrings of the old auths. + * * If the user's previous authorizations have changed - * execute the usermod progam to update them in user_attr + * execute the usermod progam to update them in user_attr. */ - if (strcmp(old_auths, new_auths) != 0) { + if ((new_auth_cnt != 0) || + (strstr(old_auths, new_auth_start) == NULL)) { char *cmdbuf; size_t cmd_len;