i.rbac revision 58f7c256785c251b0530bbdba65a1b5529b1c84a
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# i.rbac
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# class action script for "rbac" class files
# installed by pkgadd
#
# Files in "rbac" class:
#
#
# Allowable exit codes
#
# 0 - success
# 2 - warning or possible error condition. Installation continues. A warning
# message is displayed at the time of completion.
#
umask 022
export PATH
# $1 is the type
# $3 is the "new (to be merged)" file
# $4 is the output file
# returns 0 on success
# returns 2 on failure if nawk fails with non-zero exit status
#
#
# Remove the ident lines.
#
#
# If the new file has a Sun copyright, remove the Sun copyright from the old
# file.
#
if [ -n "${newcr}" ]; then
-e '/^# All rights reserved./d' \
-e '/^# Use is subject to license terms./d' \
fi
#
# If the new file has the CDDL, remove it from the old file.
#
if [ -n "${newcr}" ]; then
fi
#
# Remove empty lines and multiple instances of these comments:
#
-e '/^# execution attributes for profiles./d' \
-e '/^# See exec_attr(4)/d' \
-e '/^# \/etc\/user_attr/d' \
-e '/^# user attributes. see user_attr(4)/d' \
-e '/^# \/etc\/security\/prof_attr/d' \
-e '/^# profiles attributes. see prof_attr(4)/d' \
-e '/^# See prof_attr(4)/d' \
-e '/^# \/etc\/security\/auth_attr/d' \
-e '/^# authorizations. see auth_attr(4)/d' \
-e '/^# authorization attributes. see auth_attr(4)/d' \
$4.old > $4.$$
#
# Retain old and new header comments.
#
#
# Handle line continuations (trailing \)
#
$sed_cmd \
-e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
-e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
-e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
$2 > $4.old
$sed_cmd \
-e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
-e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
-e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
$3 > $4.new
#
#
# dbmerge type=[auth|prof|user|exec] old-file new-file
#
# Merge two versions of an RBAC database file. The output
# consists of the lines from the new-file, while preserving
# user customizations in the old-file. Specifically, the
# of the entries found in both files. The value for each
# keyword is the value from the new-file, except for three
# keywords ("auths", "profiles", "roles") where the values
# from the old and new files are merged.
#
# The output is run through sort except for the comments
# which will appear first in the output.
#
#
BEGIN {
FS=":"
}
/^#/ || /^$/ {
continue;
}
type == "auth" {
key = $1 ":" $2 ":" $3 ;
if (NR == FNR) {
short_comment[key] = $4 ;
long_comment[key] = $5;
record[key] = $6;
}
else {
if ( $4 != "" ) {
short_comment[key] = $4 ;
}
if ( $5 != "" ) {
long_comment[key] = $5 ;
}
print key ":" short_comment[key] ":" long_comment[key] ":" \
merge_attrs(record[key], $6);
delete record[key];
}
}
type == "prof" {
key = $1 ":" $2 ":" $3 ;
if (NR == FNR) {
comment[key] = $4;
record[key] = $5;
}
else {
if ( $4 != "" ) {
comment[key] = $4 ;
}
if (key != "::") {
print key ":" comment[key] ":" \
merge_attrs(record[key], $5);
}
delete record[key];
}
}
type == "exec" {
key = $1 ":" $2 ":" $3 ":" $4 ":" $5 ":" $6 ;
# Substitute new entries, do not merge.
record[key] = $7;
}
type == "user" {
key = $1 ":" $2 ":" $3 ":" $4 ;
if (NR == FNR)
record[key] = $5;
else {
print key ":" merge_attrs(record[key], $5);
delete record[key];
}
}
END {
for (key in record) {
if (type == "prof") {
if (key != "::") {
print key ":" comment[key] ":" record[key];
}
} else
if (type == "auth") {
print key ":" short_comment[key] ":" \
long_comment[key] ":" record[key];
} else
print key ":" record[key];
}
}
function merge_attrs(old, new, cnt, new_cnt, i, j, list, new_list, keyword)
{
cnt = split(old, list, ";");
new_cnt = split(new, new_list, ";");
for (i = 1; i <= new_cnt; i++) {
keyword = substr(new_list[i], 1, index(new_list[i], "=")-1);
for (j = 1; j <= cnt; j++) {
if (match(list[j], "^" keyword "=")) {
list[j] = merge_values(keyword, list[j],
new_list[i]);
break;
}
}
if (j > cnt)
list[++cnt] = new_list[i];
}
return unsplit(list, cnt, ";"); \
}
function merge_values(keyword, old, new, cnt, new_cnt, i, j, list, new_list, d)
{
if (keyword != "auths" && keyword != "profiles")
return new;
cnt = split(substr(old, length(keyword)+2), list, ",");
new_cnt = split(substr(new, length(keyword)+2), new_list, ",");
# If the existing list contains "All", remove it and add it
# to the new list; that way "All" will appear at the only valid
# location, the end of the list.
if (keyword == "profiles") {
d = 0;
for (i = 1; i <= cnt; i++) {
if (list[i] != "All")
list[++d] = list[i];
}
if (cnt != d) {
new_list[++new_cnt] = "All";
cnt = d;
}
}
for (i = 1; i <= new_cnt; i++) {
for (j = 1; j <= cnt; j++) {
if (list[j] == new_list[i])
break;
}
if (j > cnt)
list[++cnt] = new_list[i];
}
return keyword "=" unsplit(list, cnt, ",");
}
function unsplit(list, cnt, delim, str)
{
str = list[1];
for (i = 2; i <= cnt; i++)
str = str delim list[i];
return str;
}' \
type=$1 $4.old $4.new > $4.unsorted
rc=$?
$sort_cmd < $4.unsorted >> $4
return $rc
}
# $1 is the merged file
# $2 is the target file
#
# Make sure that the last mv uses rename(2) by first moving to
# the same filesystem.
$mv_cmd $1 $2.$$
$mv_cmd $2.$$ $2
return $?
}
outfile=""
type=""
#
# Assumes basename $1 returns one of
# prof_attr, exec_attr, auth_attr, or user_attr
#
fname=`$basename_cmd $1`
"prof"|"exec"|"user"|"auth") ;;
*) return 2 ;;
esac
return 0
}
return 0
}
# main
if [ -n "$PKGINST" ]
then
# Install the file in the "fragment" directory.
# Make sure that it is marked read-only.
# We also execute the rest of the i.rbac script.
fi
if [ ! -f $oldfile ]; then
else
if [ $? -ne 0 ]; then
echo "$0 : $newfile not one of" \
" prof_attr, exec_attr, auth_attr, user_attr"
continue
fi
if [ $? -ne 0 ]; then
continue
fi
if [ $? -ne 0 ]; then
echo "$0 : failed to mv $outfile to $2"
continue
fi
fi
done
if [ "$1" = "ENDOFCLASS" ]; then
exit 0
fi
exit $exit_status