libsecdb/common/i.rbac

	i.rbac revision 1099afd7a24ed1f7d94bdae249576a66e1952d05
936b7af69172dce89b577831f79c0e18d15e854bjw#!/bin/sh
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# CDDL HEADER START
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# The contents of this file are subject to the terms of the
936b7af69172dce89b577831f79c0e18d15e854bjw# Common Development and Distribution License (the "License").
936b7af69172dce89b577831f79c0e18d15e854bjw# You may not use this file except in compliance with the License.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
936b7af69172dce89b577831f79c0e18d15e854bjw# or http://www.opensolaris.org/os/licensing.
936b7af69172dce89b577831f79c0e18d15e854bjw# See the License for the specific language governing permissions
936b7af69172dce89b577831f79c0e18d15e854bjw# and limitations under the License.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# When distributing Covered Code, include this CDDL HEADER in each
936b7af69172dce89b577831f79c0e18d15e854bjw# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
936b7af69172dce89b577831f79c0e18d15e854bjw# If applicable, add the following below this CDDL HEADER, with the
936b7af69172dce89b577831f79c0e18d15e854bjw# fields enclosed by brackets "[]" replaced with your own identifying
936b7af69172dce89b577831f79c0e18d15e854bjw# information: Portions Copyright [yyyy] [name of copyright owner]
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# CDDL HEADER END
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# i.rbac
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#
936b7af69172dce89b577831f79c0e18d15e854bjw# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# class action script for "rbac" class files
936b7af69172dce89b577831f79c0e18d15e854bjw# installed by pkgadd
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# Files in "rbac" class:
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# /etc/security/{prof_attr,exec_attr,auth_attr}
936b7af69172dce89b577831f79c0e18d15e854bjw# /etc/user_attr
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw#  Allowable exit codes
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# 0 - success
936b7af69172dce89b577831f79c0e18d15e854bjw# 2 - warning or possible error condition. Installation continues. A warning
936b7af69172dce89b577831f79c0e18d15e854bjw#     message is displayed at the time of completion.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwumask 022
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwtmp_dir=${TMPDIR:-/tmp}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwPATH="/usr/bin:/usr/sbin:${PATH}"
936b7af69172dce89b577831f79c0e18d15e854bjwexport PATH
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwbasename_cmd=basename
936b7af69172dce89b577831f79c0e18d15e854bjwcp_cmd=cp
936b7af69172dce89b577831f79c0e18d15e854bjwegrep_cmd=egrep
936b7af69172dce89b577831f79c0e18d15e854bjwmv_cmd=mv
936b7af69172dce89b577831f79c0e18d15e854bjwnawk_cmd=nawk
936b7af69172dce89b577831f79c0e18d15e854bjwrm_cmd=rm
936b7af69172dce89b577831f79c0e18d15e854bjwsed_cmd=sed
936b7af69172dce89b577831f79c0e18d15e854bjwsort_cmd=sort
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw# $1 is the type
936b7af69172dce89b577831f79c0e18d15e854bjw# $2 is the "old/existing file"
936b7af69172dce89b577831f79c0e18d15e854bjw# $3 is the "new (to be merged)" file
936b7af69172dce89b577831f79c0e18d15e854bjw# $4 is the output file
936b7af69172dce89b577831f79c0e18d15e854bjw# returns 0 on success
936b7af69172dce89b577831f79c0e18d15e854bjw# returns 2 on failure if nawk fails with non-zero exit status
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjwdbmerge() {
936b7af69172dce89b577831f79c0e18d15e854bjw#
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Remove the ident lines.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh    ${egrep_cmd} -v '^#[pragma  ]*ident' $2 > $4.old 2>/dev/null
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# If the new file has a Sun copyright, remove the Sun copyright from the old
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# file.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh#
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh    newcr=`${egrep_cmd} '^# Copyright.*Sun Microsystems, Inc.' $3 \
936b7af69172dce89b577831f79c0e18d15e854bjw        2>/dev/null`
936b7af69172dce89b577831f79c0e18d15e854bjw    if [ -n "${newcr}" ]; then
936b7af69172dce89b577831f79c0e18d15e854bjw        $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \
936b7af69172dce89b577831f79c0e18d15e854bjw            -e '/^# All rights reserved./d' \
936b7af69172dce89b577831f79c0e18d15e854bjw            -e '/^# Use is subject to license terms./d' \
936b7af69172dce89b577831f79c0e18d15e854bjw            $4.old > $4.$$ 2>/dev/null
936b7af69172dce89b577831f79c0e18d15e854bjw        $mv_cmd $4.$$ $4.old
936b7af69172dce89b577831f79c0e18d15e854bjw    fi
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# If the new file has the CDDL, remove it from the old file.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw    newcr=`${egrep_cmd} '^# CDDL HEADER START' $3 2>/dev/null`
936b7af69172dce89b577831f79c0e18d15e854bjw    if [ -n "${newcr}" ]; then
936b7af69172dce89b577831f79c0e18d15e854bjw        $sed_cmd -e '/^# CDDL HEADER START/,/^# CDDL HEADER END/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw            $4.old > $4.$$ 2>/dev/null
936b7af69172dce89b577831f79c0e18d15e854bjw        $mv_cmd $4.$$ $4.old
936b7af69172dce89b577831f79c0e18d15e854bjw    fi
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# Remove empty lines and multiple instances of these comments:
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw    $sed_cmd -e '/^# \/etc\/security\/exec_attr/d' -e '/^#$/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# execution attributes for profiles./d' \
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        -e '/^# See exec_attr(4)/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# \/etc\/user_attr/d' \
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        -e '/^# user attributes. see user_attr(4)/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# \/etc\/security\/prof_attr/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# profiles attributes. see prof_attr(4)/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# See prof_attr(4)/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# \/etc\/security\/auth_attr/d' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/^# authorizations. see auth_attr(4)/d' \
193974072f41a843678abf5f61979c748687e66bSherry Moore        -e '/^# authorization attributes. see auth_attr(4)/d' \
193974072f41a843678abf5f61979c748687e66bSherry Moore            $4.old > $4.$$
936b7af69172dce89b577831f79c0e18d15e854bjw    $mv_cmd $4.$$ $4.old
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# Retain old and new header comments.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw    $sed_cmd -n -e '/^[^#]/,$d' -e '/^##/,$d' -e p $4.old > $4
193974072f41a843678abf5f61979c748687e66bSherry Moore    $rm_cmd $4.old
936b7af69172dce89b577831f79c0e18d15e854bjw    $sed_cmd -n -e '/^[^#]/,$d' -e '/^##/,$d' -e p $3 >> $4
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw# Handle line continuations (trailing \)
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw    $sed_cmd \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/\\$/{N;s/\\\n//;}'  -e '/\\$/{N;s/\\\n//;}' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/\\$/{N;s/\\\n//;}'  -e '/\\$/{N;s/\\\n//;}' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/\\$/{N;s/\\\n//;}'  -e '/\\$/{N;s/\\\n//;}' \
936b7af69172dce89b577831f79c0e18d15e854bjw        $2 > $4.old
936b7af69172dce89b577831f79c0e18d15e854bjw    $sed_cmd \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/\\$/{N;s/\\\n//;}'  -e '/\\$/{N;s/\\\n//;}' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/\\$/{N;s/\\\n//;}'  -e '/\\$/{N;s/\\\n//;}' \
936b7af69172dce89b577831f79c0e18d15e854bjw        -e '/\\$/{N;s/\\\n//;}'  -e '/\\$/{N;s/\\\n//;}' \
936b7af69172dce89b577831f79c0e18d15e854bjw        $3 > $4.new
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw#!/usr/bin/nawk -f
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw#       dbmerge type=[auth|prof|user|exec] old-file new-file
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw#       Merge two versions of an RBAC database file. The output
936b7af69172dce89b577831f79c0e18d15e854bjw#       consists of the lines from the new-file, while preserving
936b7af69172dce89b577831f79c0e18d15e854bjw#       user customizations in the old-file. Specifically, the
936b7af69172dce89b577831f79c0e18d15e854bjw#       keyword/value section of each record contains the union
936b7af69172dce89b577831f79c0e18d15e854bjw#       of the entries found in both files. The value for each
936b7af69172dce89b577831f79c0e18d15e854bjw#       keyword is the value from the new-file, except for three
936b7af69172dce89b577831f79c0e18d15e854bjw#       keywords ("auths", "profiles", "roles") where the values
936b7af69172dce89b577831f79c0e18d15e854bjw#       from the old and new files are merged.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw#   The output is run through sort except for the comments
936b7af69172dce89b577831f79c0e18d15e854bjw#   which will appear first in the output.
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjw    $nawk_cmd  '
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwBEGIN {
936b7af69172dce89b577831f79c0e18d15e854bjw    FS=":"
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw/^#/ || /^$/ {
936b7af69172dce89b577831f79c0e18d15e854bjw    continue;
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw{
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh    # For each input line, nawk automatically assigns the complete
936b7af69172dce89b577831f79c0e18d15e854bjw    # line to $0 and also splits the line at field separators and
936b7af69172dce89b577831f79c0e18d15e854bjw    # assigns each field to a variable $1..$n.  Assignment to $0
936b7af69172dce89b577831f79c0e18d15e854bjw    # re-splits the line into the field variables.  Conversely,
936b7af69172dce89b577831f79c0e18d15e854bjw    # assgnment to a variable $1..$n will cause $0 to be recomputed
936b7af69172dce89b577831f79c0e18d15e854bjw    # from the field variable values.
936b7af69172dce89b577831f79c0e18d15e854bjw    #
936b7af69172dce89b577831f79c0e18d15e854bjw    # This code adds awareness of escaped field separators by using
936b7af69172dce89b577831f79c0e18d15e854bjw    # a custom function to split the line into a temporary array.
936b7af69172dce89b577831f79c0e18d15e854bjw    # It assigns the empty string to $0 to clear any excess field
936b7af69172dce89b577831f79c0e18d15e854bjw    # variables, and assigns the desired elements of the temporary
936b7af69172dce89b577831f79c0e18d15e854bjw    # array back to the field variables $1..$7.
936b7af69172dce89b577831f79c0e18d15e854bjw    #
936b7af69172dce89b577831f79c0e18d15e854bjw    # Subsequent code must not assign directly to $0 or the fields
936b7af69172dce89b577831f79c0e18d15e854bjw    # will be re-split without regard to escaped field separators.
936b7af69172dce89b577831f79c0e18d15e854bjw    split_escape($0, f, ":");
936b7af69172dce89b577831f79c0e18d15e854bjw    $0 = "";
936b7af69172dce89b577831f79c0e18d15e854bjw    $1 = f[1];
936b7af69172dce89b577831f79c0e18d15e854bjw    $2 = f[2];
936b7af69172dce89b577831f79c0e18d15e854bjw    $3 = f[3];
936b7af69172dce89b577831f79c0e18d15e854bjw    $4 = f[4];
936b7af69172dce89b577831f79c0e18d15e854bjw    $5 = f[5];
936b7af69172dce89b577831f79c0e18d15e854bjw    $6 = f[6];
936b7af69172dce89b577831f79c0e18d15e854bjw    $7 = f[7];
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwtype == "auth" {
936b7af69172dce89b577831f79c0e18d15e854bjw    key = $1 ":" $2 ":" $3 ;
936b7af69172dce89b577831f79c0e18d15e854bjw    if (NR == FNR) {
936b7af69172dce89b577831f79c0e18d15e854bjw        short_comment[key] = $4 ;
936b7af69172dce89b577831f79c0e18d15e854bjw        long_comment[key] = $5;
936b7af69172dce89b577831f79c0e18d15e854bjw        record[key] = $6;
936b7af69172dce89b577831f79c0e18d15e854bjw    }
936b7af69172dce89b577831f79c0e18d15e854bjw    else {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        if ( $4 != "" ) {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne            short_comment[key] = $4 ;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        }
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        if ( $5 != "" ) {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne            long_comment[key] =  $5 ;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        }
936b7af69172dce89b577831f79c0e18d15e854bjw        print key ":" short_comment[key] ":" long_comment[key] ":" \
936b7af69172dce89b577831f79c0e18d15e854bjw            merge_attrs(record[key], $6);
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        delete record[key];
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    }
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwtype == "prof" {
936b7af69172dce89b577831f79c0e18d15e854bjw    key = $1 ":" $2 ":" $3 ;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    if (NR == FNR) {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        comment[key] = $4;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        record[key] = $5;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    }
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    else {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        if ( $4 != "" ) {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne            comment[key] = $4 ;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        }
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        if (key != "::") {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne            print key ":" comment[key] ":" \
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne                merge_attrs(record[key], $5);
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        }
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        delete record[key];
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    }
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne}
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Hornetype == "exec" {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    key = $1 ":" $2 ":" $3 ":" $4 ":" $5 ":" $6 ;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    # Substitute new entries, do not merge.
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    record[key] = $7;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne}
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Hornetype == "user" {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    key = $1 ":" $2 ":" $3 ":" $4 ;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    if (NR == FNR)
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        record[key] = $5;
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    else {
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        print key ":" merge_attrs(record[key], $5);
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        delete record[key];
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne    }
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne}
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris HorneEND {
936b7af69172dce89b577831f79c0e18d15e854bjw    for (key in record) {
936b7af69172dce89b577831f79c0e18d15e854bjw        if (type == "prof") {
936b7af69172dce89b577831f79c0e18d15e854bjw            if (key != "::") {
936b7af69172dce89b577831f79c0e18d15e854bjw                print key ":" comment[key] ":" record[key];
936b7af69172dce89b577831f79c0e18d15e854bjw            }
936b7af69172dce89b577831f79c0e18d15e854bjw        } else
936b7af69172dce89b577831f79c0e18d15e854bjw            if (type == "auth") {
936b7af69172dce89b577831f79c0e18d15e854bjw                print key ":" short_comment[key] ":"  \
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne                    long_comment[key] ":" record[key];
936b7af69172dce89b577831f79c0e18d15e854bjw            } else
936b7af69172dce89b577831f79c0e18d15e854bjw                print key ":" record[key];
936b7af69172dce89b577831f79c0e18d15e854bjw        }
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwfunction merge_attrs(old, new, cnt, new_cnt, i, j, list, new_list, keyword)
936b7af69172dce89b577831f79c0e18d15e854bjw{
936b7af69172dce89b577831f79c0e18d15e854bjw    cnt = split_escape(old, list, ";");
936b7af69172dce89b577831f79c0e18d15e854bjw    new_cnt = split_escape(new, new_list, ";");
936b7af69172dce89b577831f79c0e18d15e854bjw    for (i = 1; i <= new_cnt; i++) {
936b7af69172dce89b577831f79c0e18d15e854bjw        keyword = substr(new_list[i], 1, index(new_list[i], "=")-1);
936b7af69172dce89b577831f79c0e18d15e854bjw        for (j = 1; j <= cnt; j++) {
936b7af69172dce89b577831f79c0e18d15e854bjw            if (match(list[j], "^" keyword "=")) {
936b7af69172dce89b577831f79c0e18d15e854bjw                list[j] = merge_values(keyword, list[j],
936b7af69172dce89b577831f79c0e18d15e854bjw                    new_list[i]);
936b7af69172dce89b577831f79c0e18d15e854bjw                break;
936b7af69172dce89b577831f79c0e18d15e854bjw            }
936b7af69172dce89b577831f79c0e18d15e854bjw        }
936b7af69172dce89b577831f79c0e18d15e854bjw        if (j > cnt)
936b7af69172dce89b577831f79c0e18d15e854bjw            list[++cnt] = new_list[i];
936b7af69172dce89b577831f79c0e18d15e854bjw    }
936b7af69172dce89b577831f79c0e18d15e854bjw
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh    return unsplit(list, cnt, ";"); \
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwfunction merge_values(keyword, old, new, cnt, new_cnt, i, j, list, new_list, d)
936b7af69172dce89b577831f79c0e18d15e854bjw{
936b7af69172dce89b577831f79c0e18d15e854bjw    if (keyword != "auths" && keyword != "profiles")
936b7af69172dce89b577831f79c0e18d15e854bjw        return new;
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    cnt = split(substr(old, length(keyword)+2), list, ",");
936b7af69172dce89b577831f79c0e18d15e854bjw    new_cnt = split(substr(new, length(keyword)+2), new_list, ",");
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    # If the existing list contains "All", remove it and add it
936b7af69172dce89b577831f79c0e18d15e854bjw    # to the new list; that way "All" will appear at the only valid
936b7af69172dce89b577831f79c0e18d15e854bjw    # location, the end of the list.
936b7af69172dce89b577831f79c0e18d15e854bjw    if (keyword == "profiles") {
936b7af69172dce89b577831f79c0e18d15e854bjw        d = 0;
936b7af69172dce89b577831f79c0e18d15e854bjw        for (i = 1; i <= cnt; i++) {
936b7af69172dce89b577831f79c0e18d15e854bjw            if (list[i] != "All")
936b7af69172dce89b577831f79c0e18d15e854bjw                list[++d] = list[i];
936b7af69172dce89b577831f79c0e18d15e854bjw        }
936b7af69172dce89b577831f79c0e18d15e854bjw        if (cnt != d) {
936b7af69172dce89b577831f79c0e18d15e854bjw            new_list[++new_cnt] = "All";
936b7af69172dce89b577831f79c0e18d15e854bjw            cnt = d;
936b7af69172dce89b577831f79c0e18d15e854bjw        }
936b7af69172dce89b577831f79c0e18d15e854bjw    }
936b7af69172dce89b577831f79c0e18d15e854bjw    for (i = 1; i <= new_cnt; i++) {
936b7af69172dce89b577831f79c0e18d15e854bjw        for (j = 1; j <= cnt; j++) {
936b7af69172dce89b577831f79c0e18d15e854bjw            if (list[j] == new_list[i])
936b7af69172dce89b577831f79c0e18d15e854bjw                break;
936b7af69172dce89b577831f79c0e18d15e854bjw        }
936b7af69172dce89b577831f79c0e18d15e854bjw        if (j > cnt)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh            list[++cnt] = new_list[i];
936b7af69172dce89b577831f79c0e18d15e854bjw    }
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    return keyword "=" unsplit(list, cnt, ",");
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw# This function is similar to the nawk built-in split() function,
936b7af69172dce89b577831f79c0e18d15e854bjw# except that a "\" character may be used to escape any subsequent
936b7af69172dce89b577831f79c0e18d15e854bjw# character, so that the escaped character will not be treated as a
936b7af69172dce89b577831f79c0e18d15e854bjw# field separator or as part of a field separator regular expression.
936b7af69172dce89b577831f79c0e18d15e854bjw# The "\" characters will remain in the elements of the output array
936b7af69172dce89b577831f79c0e18d15e854bjw# variable upon completion.
936b7af69172dce89b577831f79c0e18d15e854bjwfunction split_escape(str, list, fs, cnt, saved, sep)
936b7af69172dce89b577831f79c0e18d15e854bjw{
936b7af69172dce89b577831f79c0e18d15e854bjw    # default to global FS
936b7af69172dce89b577831f79c0e18d15e854bjw    if (fs == "")
936b7af69172dce89b577831f79c0e18d15e854bjw        fs = FS;
936b7af69172dce89b577831f79c0e18d15e854bjw    # initialize empty list, cnt, saved
936b7af69172dce89b577831f79c0e18d15e854bjw    split("", list, " ");
936b7af69172dce89b577831f79c0e18d15e854bjw    cnt = 0;
936b7af69172dce89b577831f79c0e18d15e854bjw    saved = "";
936b7af69172dce89b577831f79c0e18d15e854bjw    # track whether last token was a field separator
936b7af69172dce89b577831f79c0e18d15e854bjw    sep = 0;
936b7af69172dce89b577831f79c0e18d15e854bjw    # nonzero str length indicates more string left to scan
936b7af69172dce89b577831f79c0e18d15e854bjw    while (length(str)) {
936b7af69172dce89b577831f79c0e18d15e854bjw        if (match(str, fs) == 1) {
936b7af69172dce89b577831f79c0e18d15e854bjw            # field separator, terminates current field
936b7af69172dce89b577831f79c0e18d15e854bjw            list[++cnt] = saved;
936b7af69172dce89b577831f79c0e18d15e854bjw            saved = "";
936b7af69172dce89b577831f79c0e18d15e854bjw            str = substr(str, RLENGTH + 1);
936b7af69172dce89b577831f79c0e18d15e854bjw            sep = 1;
936b7af69172dce89b577831f79c0e18d15e854bjw        } else if (substr(str, 1, 1) == "\\") {
936b7af69172dce89b577831f79c0e18d15e854bjw            # escaped character
936b7af69172dce89b577831f79c0e18d15e854bjw            saved = saved substr(str, 1, 2);
936b7af69172dce89b577831f79c0e18d15e854bjw            str = substr(str, 3);
936b7af69172dce89b577831f79c0e18d15e854bjw            sep = 0;
936b7af69172dce89b577831f79c0e18d15e854bjw        } else {
936b7af69172dce89b577831f79c0e18d15e854bjw            # regular character
936b7af69172dce89b577831f79c0e18d15e854bjw            saved = saved substr(str, 1, 1);
936b7af69172dce89b577831f79c0e18d15e854bjw            str = substr(str, 2);
936b7af69172dce89b577831f79c0e18d15e854bjw            sep = 0;
936b7af69172dce89b577831f79c0e18d15e854bjw        }
936b7af69172dce89b577831f79c0e18d15e854bjw    }
936b7af69172dce89b577831f79c0e18d15e854bjw    # if required, append final field to list
936b7af69172dce89b577831f79c0e18d15e854bjw    if (sep || length(saved))
936b7af69172dce89b577831f79c0e18d15e854bjw        list[++cnt] = saved;
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    return cnt;
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwfunction unsplit(list, cnt, delim, str)
936b7af69172dce89b577831f79c0e18d15e854bjw{
936b7af69172dce89b577831f79c0e18d15e854bjw    str = list[1];
936b7af69172dce89b577831f79c0e18d15e854bjw    for (i = 2; i <= cnt; i++)
936b7af69172dce89b577831f79c0e18d15e854bjw        str = str delim list[i];
936b7af69172dce89b577831f79c0e18d15e854bjw    return str;
936b7af69172dce89b577831f79c0e18d15e854bjw}' \
936b7af69172dce89b577831f79c0e18d15e854bjw    type=$1 $4.old $4.new > $4.unsorted
936b7af69172dce89b577831f79c0e18d15e854bjw    rc=$?
936b7af69172dce89b577831f79c0e18d15e854bjw    $sort_cmd < $4.unsorted >> $4
936b7af69172dce89b577831f79c0e18d15e854bjw    return $rc
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw# $1 is the merged file
936b7af69172dce89b577831f79c0e18d15e854bjw# $2 is the target file
936b7af69172dce89b577831f79c0e18d15e854bjw#
936b7af69172dce89b577831f79c0e18d15e854bjwcommit() {
936b7af69172dce89b577831f79c0e18d15e854bjw    # Make sure that the last mv uses rename(2) by first moving to
8eadeb3489ef8b23c9940c162fade966feeaa2d0ml    # the same filesystem.
8eadeb3489ef8b23c9940c162fade966feeaa2d0ml    $mv_cmd $1 $2.$$
8eadeb3489ef8b23c9940c162fade966feeaa2d0ml    $mv_cmd $2.$$ $2
936b7af69172dce89b577831f79c0e18d15e854bjw    return $?
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwoutfile=""
936b7af69172dce89b577831f79c0e18d15e854bjwtype=""
936b7af69172dce89b577831f79c0e18d15e854bjwset_type_and_outfile() {
936b7af69172dce89b577831f79c0e18d15e854bjw    #
936b7af69172dce89b577831f79c0e18d15e854bjw    # Assumes basename $1 returns one of
936b7af69172dce89b577831f79c0e18d15e854bjw    # prof_attr, exec_attr, auth_attr, or user_attr
936b7af69172dce89b577831f79c0e18d15e854bjw    #
936b7af69172dce89b577831f79c0e18d15e854bjw    fname=`$basename_cmd $1`
936b7af69172dce89b577831f79c0e18d15e854bjw    type=`echo $fname | $sed_cmd -e s'/^\([a-z][a-z]*\)_attr$/\1/' `
936b7af69172dce89b577831f79c0e18d15e854bjw    case "$type" in
936b7af69172dce89b577831f79c0e18d15e854bjw        "prof"|"exec"|"user"|"auth") ;;
936b7af69172dce89b577831f79c0e18d15e854bjw        *) return 2 ;;
936b7af69172dce89b577831f79c0e18d15e854bjw    esac
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    outfile=$tmp_dir/rbac_${PKGINST}_${fname}_merge.$$
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    return 0
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwcleanup() {
936b7af69172dce89b577831f79c0e18d15e854bjw    $rm_cmd -f $outfile $outfile.old $outfile.new $outfile.unsorted
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    return 0
936b7af69172dce89b577831f79c0e18d15e854bjw}
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwexit_status=0
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw# main
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwwhile read newfile oldfile ; do
936b7af69172dce89b577831f79c0e18d15e854bjw    if [ -n "$PKGINST" ]
936b7af69172dce89b577831f79c0e18d15e854bjw    then
936b7af69172dce89b577831f79c0e18d15e854bjw        # Install the file in the "fragment" directory.
936b7af69172dce89b577831f79c0e18d15e854bjw        mkdir -m 755 -p ${oldfile}.d
936b7af69172dce89b577831f79c0e18d15e854bjw        rm -f ${oldfile}.d/"$PKGINST"
936b7af69172dce89b577831f79c0e18d15e854bjw        cp $newfile ${oldfile}.d/"$PKGINST"
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw        # Make sure that it is marked read-only.
936b7af69172dce89b577831f79c0e18d15e854bjw        chmod a-w,a+r ${oldfile}.d/"$PKGINST"
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw        # We also execute the rest of the i.rbac script.
936b7af69172dce89b577831f79c0e18d15e854bjw    fi
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw    if [ ! -f $oldfile ]; then
936b7af69172dce89b577831f79c0e18d15e854bjw        cp $newfile $oldfile
936b7af69172dce89b577831f79c0e18d15e854bjw    else
936b7af69172dce89b577831f79c0e18d15e854bjw        set_type_and_outfile $newfile ||
936b7af69172dce89b577831f79c0e18d15e854bjw            set_type_and_outfile $oldfile
936b7af69172dce89b577831f79c0e18d15e854bjw        if [ $? -ne 0 ]; then
936b7af69172dce89b577831f79c0e18d15e854bjw            echo "$0 : $newfile not one of" \
936b7af69172dce89b577831f79c0e18d15e854bjw                " prof_attr, exec_attr, auth_attr, user_attr"
936b7af69172dce89b577831f79c0e18d15e854bjw            exit_status=2
936b7af69172dce89b577831f79c0e18d15e854bjw            continue
936b7af69172dce89b577831f79c0e18d15e854bjw        fi
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw        dbmerge $type $oldfile $newfile $outfile
936b7af69172dce89b577831f79c0e18d15e854bjw        if [ $? -ne 0 ]; then
936b7af69172dce89b577831f79c0e18d15e854bjw            echo "$0 : failed to merge $newfile with $oldfile"
936b7af69172dce89b577831f79c0e18d15e854bjw            cleanup
936b7af69172dce89b577831f79c0e18d15e854bjw            exit_status=2
936b7af69172dce89b577831f79c0e18d15e854bjw            continue
936b7af69172dce89b577831f79c0e18d15e854bjw        fi
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw        commit $outfile $oldfile
936b7af69172dce89b577831f79c0e18d15e854bjw        if [ $? -ne 0 ]; then
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne            echo "$0 : failed to mv $outfile to $2"
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne            cleanup
936b7af69172dce89b577831f79c0e18d15e854bjw            exit_status=2
936b7af69172dce89b577831f79c0e18d15e854bjw            continue
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne        fi
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjw        cleanup
936b7af69172dce89b577831f79c0e18d15e854bjw    fi
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Hornedone
936b7af69172dce89b577831f79c0e18d15e854bjw
936b7af69172dce89b577831f79c0e18d15e854bjwif [ "$1" = "ENDOFCLASS" ]; then
936b7af69172dce89b577831f79c0e18d15e854bjw    exit 0
936b7af69172dce89b577831f79c0e18d15e854bjwfi
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne
936b7af69172dce89b577831f79c0e18d15e854bjwexit $exit_status
936b7af69172dce89b577831f79c0e18d15e854bjw