Cross Reference: /illumos-gate/usr/src/lib/libsecdb/svc-rbac

06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#! /usr/bin/sh
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# CDDL HEADER START
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# The contents of this file are subject to the terms of the
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# Common Development and Distribution License (the "License").
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# You may not use this file except in compliance with the License.
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# or http://www.opensolaris.org/os/licensing.
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# See the License for the specific language governing permissions
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# and limitations under the License.
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# When distributing Covered Code, include this CDDL HEADER in each
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# If applicable, add the following below this CDDL HEADER, with the
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# fields enclosed by brackets "[]" replaced with your own identifying
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# information: Portions Copyright [yyyy] [name of copyright owner]
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik# CDDL HEADER END
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik#
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik. /lib/svc/share/smf_include.sh
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikfiles='/etc/user_attr /etc/security/auth_attr /etc/security/exec_attr
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    /etc/security/prof_attr'
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. DikPKGINST=
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikexport PKGINST
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikirbac=/usr/sadm/install/scripts/i.rbac
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikif [ ! -x $irbac ]
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikthen
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    echo "${irbac}: not found."
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    exit $SMF_EXIT_ERR_FATAL
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikfi
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikcase "$1" in
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikstart|refresh)
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    ;;
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikstop)
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    exit $SMF_EXIT_OK;;
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik*)
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    echo "Usage: $0 { start | refresh | stop }"
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    exit $SMF_EXIT_ERR_FATAL;;
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikesac
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bushtmp_rbac=`/usr/bin/mktemp -d /tmp/rbac.XXXXXX`
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bushif [ -z "$tmp_rbac" ]
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bushthen
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    echo "Could not create temporary directory."
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    exit $SMF_EXIT_ERR_FATAL
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bushfi
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bushtmp_frag=$tmp_rbac/frag
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bushtmp_file=$tmp_rbac/file
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikfor f in $files
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikdo
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    d=${f}.d
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    if [ ! -d ${d} ]
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    then
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        # No directory, nothing to do
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        continue
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    fi
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur    # cache user/owner of file to update
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur    ownergroup=`ls -ln $f | awk '{printf("%s:%s\n", $3, $4);'}`
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    #
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    # List all the files in the directory and the destination file
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # in the order of their timestamp.  Older files are displayed
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # first.  If a fragment file is listed before the destination
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # file, it is an older fragment that has already been processed.
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # If a fragment file is listed after the destination file, it is
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # new, and the destination file must be updated.
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    #
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # Comments are processed separately from the other file contents.
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # For new fragments only, the comments are processed as they are
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # encountered.  For all fragments, the non-comment contents are
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # saved in a temporary file.  After all fragments have been
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # processed, and only if new fragments were found, the contents
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # of the temporary file are processed.  This ensures that older
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    # but still valid entries are retained in the destination file.
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    #
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    /usr/bin/rm -f $tmp_file
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    new_frag=0
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur    update=0
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush    for frag in `ls -tr $f $d/* 2> /dev/null`
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    do
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        if [ "$frag" = "$f" ]
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        then
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush            new_frag=1
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush            continue
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        fi
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        if [ -f "$frag" ]
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        then
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush            if [ $new_frag -eq 1 ]
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush            then
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush                /usr/bin/rm -f $tmp_frag
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush                /usr/bin/grep '^#' $frag > $tmp_frag
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush                update=1
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush                echo $tmp_frag $f | $irbac
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush            fi
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush            /usr/bin/grep -v '^#' $frag >> $tmp_file
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik        fi
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik    done
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur    if [ $update -eq 1 ]
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur    then
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush        echo $tmp_file $f | $irbac
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur        chown $ownergroup $f
c11c3631128bd03ca6eb2504d1d2c1b5ec1c130fJoep Vesseur    fi
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikdone
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dik
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush/usr/bin/rm -rf $tmp_rbac
8d0bff0b85e6c35d0d862cff1607cded58bf2341Nathan Bush
06d0f3f39e2f7b67190578d7277d559c32191d6cCasper H.S. Dikexit $SMF_EXIT_OK