i.rbac revision 06d0f3f39e2f7b67190578d7277d559c32191d6c
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# CDDL HEADER START
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# The contents of this file are subject to the terms of the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Common Development and Distribution License (the "License").
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# You may not use this file except in compliance with the License.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# See the License for the specific language governing permissions
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# and limitations under the License.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# When distributing Covered Code, include this CDDL HEADER in each
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# If applicable, add the following below this CDDL HEADER, with the
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# fields enclosed by brackets "[]" replaced with your own identifying
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# information: Portions Copyright [yyyy] [name of copyright owner]
658280b6253b61dbb155f43d0e3cbcffa85ccb90David Hollister# CDDL HEADER END
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Use is subject to license terms.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# class action script for "rbac" class files
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# installed by pkgadd
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Files in "rbac" class:
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# /etc/security/{prof_attr,exec_attr,auth_attr}
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Allowable exit codes
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# 0 - success
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# 2 - warning or possible error condition. Installation continues. A warning
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# message is displayed at the time of completion.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# $1 is the type
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# $2 is the "old/existing file"
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# $3 is the "new (to be merged)" file
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# $4 is the output file
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# returns 0 on success
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# returns 2 on failure if nawk fails with non-zero exit status
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Remove the ident lines.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh ${egrep_cmd} -v '^#[pragma ]*ident' $2 > $4.old 2>/dev/null
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# If the new file has a Sun copyright, remove the Sun copyright from the old
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh newcr=`${egrep_cmd} '^# Copyright.*Sun Microsystems, Inc.' $3 \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh $4.old > $4.$$ 2>/dev/null
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# If the new file has the CDDL, remove it from the old file.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh newcr=`${egrep_cmd} '^# CDDL HEADER START' $3 2>/dev/null`
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh $sed_cmd -e '/^# CDDL HEADER START/,/^# CDDL HEADER END/d' \
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh $4.old > $4.$$ 2>/dev/null
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Remove empty lines and multiple instances of these comments:
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh $sed_cmd -e '/^# \/etc\/security\/exec_attr/d' -e '/^#$/d' \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Retain old and new header comments.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh $sed_cmd -n -e '/^[^#]/,$d' -e '/^##/,$d' -e p $4.old > $4
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# Handle line continuations (trailing \)
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne# dbmerge type=[auth|prof|user|exec] old-file new-file
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne# Merge two versions of an RBAC database file. The output
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne# consists of the lines from the new-file, while preserving
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# user customizations in the old-file. Specifically, the
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne# keyword/value section of each record contains the union
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh# of the entries found in both files. The value for each
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne# keyword is the value from the new-file, except for three
96c4a178a18cd52ee5001195f1552d9cef0c38f0Chris Horne# keywords ("auths", "profiles", "roles") where the values
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# from the old and new files are merged.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# The output is run through sort except for the comments
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# which will appear first in the output.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh/^#/ || /^$/ {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhtype == "auth" {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh key = $1 ":" $2 ":" $3 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (NR == FNR) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh short_comment[key] = $4 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh long_comment[key] = $5;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh record[key] = $6;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ( $4 != "" ) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh short_comment[key] = $4 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if ( $5 != "" ) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh long_comment[key] = $5 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print key ":" short_comment[key] ":" long_comment[key] ":" \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh merge_attrs(record[key], $6);
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh delete record[key];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhtype == "prof" {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh key = $1 ":" $2 ":" $3 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (NR == FNR) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh comment[key] = $4;
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed record[key] = $5;
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed if ( $4 != "" ) {
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed comment[key] = $4 ;
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed if (key != "::") {
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed print key ":" comment[key] ":" \
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed merge_attrs(record[key], $5);
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed delete record[key];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhtype == "exec" {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh key = $1 ":" $2 ":" $3 ":" $4 ":" $5 ":" $6 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh # Substitute new entries, do not merge.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh record[key] = $7;
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdhtype == "user" {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh key = $1 ":" $2 ":" $3 ":" $4 ;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (NR == FNR)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh record[key] = $5;
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh print key ":" merge_attrs(record[key], $5);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh delete record[key];
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh for (key in record) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (type == "prof") {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (key != "::") {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print key ":" comment[key] ":" record[key];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (type == "auth") {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print key ":" short_comment[key] ":" \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh long_comment[key] ":" record[key];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh print key ":" record[key];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhfunction merge_attrs(old, new, cnt, new_cnt, i, j, list, new_list, keyword)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh cnt = split(old, list, ";");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh new_cnt = split(new, new_list, ";");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (i = 1; i <= new_cnt; i++) {
5c45adf04db8ffdcb5dd969bb5203ff9b17677dbJesse Butler keyword = substr(new_list[i], 1, index(new_list[i], "=")-1);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (j = 1; j <= cnt; j++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (match(list[j], "^" keyword "=")) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh list[j] = merge_values(keyword, list[j],
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh new_list[i]);
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (j > cnt)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh list[++cnt] = new_list[i];
c40ba10d39e7750947725517ec5639ef2d6e90e5Reed return unsplit(list, cnt, ";"); \
c40ba10d39e7750947725517ec5639ef2d6e90e5Reedfunction merge_values(keyword, old, new, cnt, new_cnt, i, j, list, new_list, d)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (keyword != "auths" && keyword != "profiles")
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return new;
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh cnt = split(substr(old, length(keyword)+2), list, ",");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh new_cnt = split(substr(new, length(keyword)+2), new_list, ",");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh # If the existing list contains "All", remove it and add it
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh # to the new list; that way "All" will appear at the only valid
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh # location, the end of the list.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (keyword == "profiles") {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (i = 1; i <= cnt; i++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (list[i] != "All")
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh list[++d] = list[i];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (cnt != d) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh new_list[++new_cnt] = "All";
c3bc407cfbd238a18e4728ad5f36f39cecdb062fdh for (i = 1; i <= new_cnt; i++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (j = 1; j <= cnt; j++) {
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (list[j] == new_list[i])
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if (j > cnt)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh list[++cnt] = new_list[i];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return keyword "=" unsplit(list, cnt, ",");
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dhfunction unsplit(list, cnt, delim, str)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh str = list[1];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh for (i = 2; i <= cnt; i++)
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh str = str delim list[i];
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh return str;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh type=$1 $4.old $4.new > $4.unsorted
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# $1 is the merged file
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh# $2 is the target file
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh type=`echo $fname | $sed_cmd -e s'/^\([a-z][a-z]*\)_attr$/\1/' `
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh *) return 2 ;;
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh $rm_cmd -f $outfile $outfile.old $outfile.new $outfile.unsorted
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if [ -n "$PKGINST" ]
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh # Install the file in the "fragment" directory.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh # Make sure that it is marked read-only.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh # We also execute the rest of the i.rbac script.
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh if [ ! -f $oldfile ]; then
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh echo "$0 : $newfile not one of" \
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh " prof_attr, exec_attr, auth_attr, user_attr"
4c06356b0f0fffb4fc1b6eccc8e5d8e2254a84d6dh echo "$0 : failed to merge $newfile with $oldfile"
499cfd156ad653fc27397c5f021047c091dd12c5David Hollister echo "$0 : failed to mv $outfile to $2"