Cross Reference: /illumos-gate/usr/src/lib/libsecdb/svc-rbac

	svc-rbac revision 8d0bff0b85e6c35d0d862cff1607cded58bf2341
03831d35f7499c87d51205817c93e9a8d42c4baestevel#! /usr/bin/sh
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel# CDDL HEADER START
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel# The contents of this file are subject to the terms of the
03831d35f7499c87d51205817c93e9a8d42c4baestevel# Common Development and Distribution License (the "License").
03831d35f7499c87d51205817c93e9a8d42c4baestevel# You may not use this file except in compliance with the License.
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
03831d35f7499c87d51205817c93e9a8d42c4baestevel# or http://www.opensolaris.org/os/licensing.
03831d35f7499c87d51205817c93e9a8d42c4baestevel# See the License for the specific language governing permissions
03831d35f7499c87d51205817c93e9a8d42c4baestevel# and limitations under the License.
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel# When distributing Covered Code, include this CDDL HEADER in each
03831d35f7499c87d51205817c93e9a8d42c4baestevel# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
03831d35f7499c87d51205817c93e9a8d42c4baestevel# If applicable, add the following below this CDDL HEADER, with the
03831d35f7499c87d51205817c93e9a8d42c4baestevel# fields enclosed by brackets "[]" replaced with your own identifying
03831d35f7499c87d51205817c93e9a8d42c4baestevel# information: Portions Copyright [yyyy] [name of copyright owner]
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel# CDDL HEADER END
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
03831d35f7499c87d51205817c93e9a8d42c4baestevel#
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevel. /lib/svc/share/smf_include.sh
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelfiles='/etc/user_attr /etc/security/auth_attr /etc/security/exec_attr
03831d35f7499c87d51205817c93e9a8d42c4baestevel    /etc/security/prof_attr'
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelPKGINST=
03831d35f7499c87d51205817c93e9a8d42c4baestevelexport PKGINST
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelirbac=/usr/sadm/install/scripts/i.rbac
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelif [ ! -x $irbac ]
03831d35f7499c87d51205817c93e9a8d42c4baestevelthen
03831d35f7499c87d51205817c93e9a8d42c4baestevel    echo "${irbac}: not found."
03831d35f7499c87d51205817c93e9a8d42c4baestevel    exit $SMF_EXIT_ERR_FATAL
03831d35f7499c87d51205817c93e9a8d42c4baestevelfi
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelcase "$1" in
03831d35f7499c87d51205817c93e9a8d42c4baestevelstart|refresh)
03831d35f7499c87d51205817c93e9a8d42c4baestevel    ;;
03831d35f7499c87d51205817c93e9a8d42c4baestevelstop)
03831d35f7499c87d51205817c93e9a8d42c4baestevel    exit $SMF_EXIT_OK;;
03831d35f7499c87d51205817c93e9a8d42c4baestevel*)
03831d35f7499c87d51205817c93e9a8d42c4baestevel    echo "Usage: $0 { start | refresh | stop }"
03831d35f7499c87d51205817c93e9a8d42c4baestevel    exit $SMF_EXIT_ERR_FATAL;;
03831d35f7499c87d51205817c93e9a8d42c4baestevelesac
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baesteveltmp_rbac=`/usr/bin/mktemp -d /tmp/rbac.XXXXXX`
03831d35f7499c87d51205817c93e9a8d42c4baestevelif [ -z "$tmp_rbac" ]
03831d35f7499c87d51205817c93e9a8d42c4baestevelthen
03831d35f7499c87d51205817c93e9a8d42c4baestevel    echo "Could not create temporary directory."
03831d35f7499c87d51205817c93e9a8d42c4baestevel    exit $SMF_EXIT_ERR_FATAL
03831d35f7499c87d51205817c93e9a8d42c4baestevelfi
03831d35f7499c87d51205817c93e9a8d42c4baesteveltmp_frag=$tmp_rbac/frag
03831d35f7499c87d51205817c93e9a8d42c4baesteveltmp_file=$tmp_rbac/file
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelfor f in $files
03831d35f7499c87d51205817c93e9a8d42c4baesteveldo
03831d35f7499c87d51205817c93e9a8d42c4baestevel    d=${f}.d
03831d35f7499c87d51205817c93e9a8d42c4baestevel    if [ ! -d ${d} ]
03831d35f7499c87d51205817c93e9a8d42c4baestevel    then
03831d35f7499c87d51205817c93e9a8d42c4baestevel        # No directory, nothing to do
03831d35f7499c87d51205817c93e9a8d42c4baestevel        continue
03831d35f7499c87d51205817c93e9a8d42c4baestevel    fi
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # cache user/owner of file to update
03831d35f7499c87d51205817c93e9a8d42c4baestevel    ownergroup=`ls -ln $f | awk '{printf("%s:%s\n", $3, $4);'}`
03831d35f7499c87d51205817c93e9a8d42c4baestevel    #
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # List all the files in the directory and the destination file
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # in the order of their timestamp.  Older files are displayed
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # first.  If a fragment file is listed before the destination
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # file, it is an older fragment that has already been processed.
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # If a fragment file is listed after the destination file, it is
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # new, and the destination file must be updated.
03831d35f7499c87d51205817c93e9a8d42c4baestevel    #
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # Comments are processed separately from the other file contents.
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # For new fragments only, the comments are processed as they are
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # encountered.  For all fragments, the non-comment contents are
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # saved in a temporary file.  After all fragments have been
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # processed, and only if new fragments were found, the contents
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # of the temporary file are processed.  This ensures that older
03831d35f7499c87d51205817c93e9a8d42c4baestevel    # but still valid entries are retained in the destination file.
03831d35f7499c87d51205817c93e9a8d42c4baestevel    #
03831d35f7499c87d51205817c93e9a8d42c4baestevel    /usr/bin/rm -f $tmp_file
03831d35f7499c87d51205817c93e9a8d42c4baestevel    new_frag=0
03831d35f7499c87d51205817c93e9a8d42c4baestevel    update=0
03831d35f7499c87d51205817c93e9a8d42c4baestevel    for frag in `ls -tr $f $d/* 2> /dev/null`
03831d35f7499c87d51205817c93e9a8d42c4baestevel    do
03831d35f7499c87d51205817c93e9a8d42c4baestevel        if [ "$frag" = "$f" ]
03831d35f7499c87d51205817c93e9a8d42c4baestevel        then
03831d35f7499c87d51205817c93e9a8d42c4baestevel            new_frag=1
03831d35f7499c87d51205817c93e9a8d42c4baestevel            continue
03831d35f7499c87d51205817c93e9a8d42c4baestevel        fi
03831d35f7499c87d51205817c93e9a8d42c4baestevel        if [ -f "$frag" ]
03831d35f7499c87d51205817c93e9a8d42c4baestevel        then
03831d35f7499c87d51205817c93e9a8d42c4baestevel            if [ $new_frag -eq 1 ]
03831d35f7499c87d51205817c93e9a8d42c4baestevel            then
03831d35f7499c87d51205817c93e9a8d42c4baestevel                /usr/bin/rm -f $tmp_frag
03831d35f7499c87d51205817c93e9a8d42c4baestevel                /usr/bin/grep '^#' $frag > $tmp_frag
03831d35f7499c87d51205817c93e9a8d42c4baestevel                update=1
03831d35f7499c87d51205817c93e9a8d42c4baestevel                echo $tmp_frag $f | $irbac
03831d35f7499c87d51205817c93e9a8d42c4baestevel            fi
03831d35f7499c87d51205817c93e9a8d42c4baestevel            /usr/bin/grep -v '^#' $frag >> $tmp_file
03831d35f7499c87d51205817c93e9a8d42c4baestevel        fi
03831d35f7499c87d51205817c93e9a8d42c4baestevel    done
03831d35f7499c87d51205817c93e9a8d42c4baestevel    if [ $update -eq 1 ]
03831d35f7499c87d51205817c93e9a8d42c4baestevel    then
03831d35f7499c87d51205817c93e9a8d42c4baestevel        echo $tmp_file $f | $irbac
03831d35f7499c87d51205817c93e9a8d42c4baestevel        chown $ownergroup $f
03831d35f7499c87d51205817c93e9a8d42c4baestevel    fi
03831d35f7499c87d51205817c93e9a8d42c4baesteveldone
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevel/usr/bin/rm -rf $tmp_rbac
03831d35f7499c87d51205817c93e9a8d42c4baestevel
03831d35f7499c87d51205817c93e9a8d42c4baestevelexit $SMF_EXIT_OK
03831d35f7499c87d51205817c93e9a8d42c4baestevel