1ead1f93eSLiane Praza#!/bin/sh 2ead1f93eSLiane Praza# 3ead1f93eSLiane Praza# CDDL HEADER START 4ead1f93eSLiane Praza# 5ead1f93eSLiane Praza# The contents of this file are subject to the terms of the 6ead1f93eSLiane Praza# Common Development and Distribution License (the "License"). 7ead1f93eSLiane Praza# You may not use this file except in compliance with the License. 8ead1f93eSLiane Praza# 9ead1f93eSLiane Praza# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10ead1f93eSLiane Praza# or http://www.opensolaris.org/os/licensing. 11ead1f93eSLiane Praza# See the License for the specific language governing permissions 12ead1f93eSLiane Praza# and limitations under the License. 13ead1f93eSLiane Praza# 14ead1f93eSLiane Praza# When distributing Covered Code, include this CDDL HEADER in each 15ead1f93eSLiane Praza# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16ead1f93eSLiane Praza# If applicable, add the following below this CDDL HEADER, with the 17ead1f93eSLiane Praza# fields enclosed by brackets "[]" replaced with your own identifying 18ead1f93eSLiane Praza# information: Portions Copyright [yyyy] [name of copyright owner] 19ead1f93eSLiane Praza# 20ead1f93eSLiane Praza# CDDL HEADER END 21ead1f93eSLiane Praza# 22ead1f93eSLiane Praza# i.rbac 23ead1f93eSLiane Praza# 241099afd7SNathan Bush# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 25ead1f93eSLiane Praza# 26*bbe6628eSToomas Soome# Script to build RBAC *_attr files from fragments installed by pkg. 27*bbe6628eSToomas Soome# This script is run by service svc:/system/rbac:default. 28ead1f93eSLiane Praza# 29*bbe6628eSToomas Soome# Related RBAC *_attr files are: 30ead1f93eSLiane Praza# 31ead1f93eSLiane Praza# /etc/security/{prof_attr,exec_attr,auth_attr} 32ead1f93eSLiane Praza# /etc/user_attr 33ead1f93eSLiane Praza# 34ead1f93eSLiane Praza# Allowable exit codes 35ead1f93eSLiane Praza# 36ead1f93eSLiane Praza# 0 - success 37ead1f93eSLiane Praza# 2 - warning or possible error condition. Installation continues. A warning 38ead1f93eSLiane Praza# message is displayed at the time of completion. 39ead1f93eSLiane Praza# 40ead1f93eSLiane Praza 41*bbe6628eSToomas Soome# i.rbac appears to depend on C locale 42*bbe6628eSToomas Soomeexport LC_ALL=C.UTF-8 43*bbe6628eSToomas Soome 44ead1f93eSLiane Prazaumask 022 45ead1f93eSLiane Praza 46ead1f93eSLiane Prazatmp_dir=${TMPDIR:-/tmp} 47ead1f93eSLiane Praza 48ead1f93eSLiane PrazaPATH="/usr/bin:/usr/sbin:${PATH}" 49ead1f93eSLiane Prazaexport PATH 50ead1f93eSLiane Praza 51ead1f93eSLiane Prazabasename_cmd=basename 52ead1f93eSLiane Prazacp_cmd=cp 53ead1f93eSLiane Prazaegrep_cmd=egrep 54ead1f93eSLiane Prazamv_cmd=mv 55ead1f93eSLiane Prazanawk_cmd=nawk 56ead1f93eSLiane Prazarm_cmd=rm 57ead1f93eSLiane Prazased_cmd=sed 58ead1f93eSLiane Prazasort_cmd=sort 59ead1f93eSLiane Praza 60ead1f93eSLiane Praza# $1 is the type 61ead1f93eSLiane Praza# $2 is the "old/existing file" 62ead1f93eSLiane Praza# $3 is the "new (to be merged)" file 63ead1f93eSLiane Praza# $4 is the output file 64ead1f93eSLiane Praza# returns 0 on success 65ead1f93eSLiane Praza# returns 2 on failure if nawk fails with non-zero exit status 66ead1f93eSLiane Praza# 67ead1f93eSLiane Prazadbmerge() { 68ead1f93eSLiane Praza# 69ead1f93eSLiane Praza# Remove the ident lines. 70ead1f93eSLiane Praza# 71ead1f93eSLiane Praza ${egrep_cmd} -v '^#[pragma ]*ident' $2 > $4.old 2>/dev/null 72ead1f93eSLiane Praza# 73ead1f93eSLiane Praza# If the new file has a Sun copyright, remove the Sun copyright from the old 74ead1f93eSLiane Praza# file. 75ead1f93eSLiane Praza# 76ead1f93eSLiane Praza newcr=`${egrep_cmd} '^# Copyright.*Sun Microsystems, Inc.' $3 \ 77ead1f93eSLiane Praza 2>/dev/null` 78ead1f93eSLiane Praza if [ -n "${newcr}" ]; then 79ead1f93eSLiane Praza $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \ 80ead1f93eSLiane Praza -e '/^# All rights reserved./d' \ 81ead1f93eSLiane Praza -e '/^# Use is subject to license terms./d' \ 82ead1f93eSLiane Praza $4.old > $4.$$ 2>/dev/null 83ead1f93eSLiane Praza $mv_cmd $4.$$ $4.old 84ead1f93eSLiane Praza fi 85ead1f93eSLiane Praza# 8629c3196fSNathan Bush# If the new file has an Oracle copyright, remove both the Sun and Oracle 8729c3196fSNathan Bush# copyrights from the old file. 8829c3196fSNathan Bush# 8929c3196fSNathan Bush oracle_cr=`${egrep_cmd} '^# Copyright.*Oracle and/or its affiliates.' \ 9029c3196fSNathan Bush $3 2>/dev/null` 9129c3196fSNathan Bush if [ -n "${oracle_cr}" ]; then 9229c3196fSNathan Bush $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \ 9329c3196fSNathan Bush -e '/^# All rights reserved./d' \ 9429c3196fSNathan Bush -e '/^# Use is subject to license terms./d' \ 9529c3196fSNathan Bush -e '/^# Copyright.*Oracle and\/or its affiliates./d' \ 9629c3196fSNathan Bush $4.old > $4.$$ 2>/dev/null 9729c3196fSNathan Bush $mv_cmd $4.$$ $4.old 9829c3196fSNathan Bush fi 9929c3196fSNathan Bush# 100ead1f93eSLiane Praza# If the new file has the CDDL, remove it from the old file. 101ead1f93eSLiane Praza# 102ead1f93eSLiane Praza newcr=`${egrep_cmd} '^# CDDL HEADER START' $3 2>/dev/null` 103ead1f93eSLiane Praza if [ -n "${newcr}" ]; then 104ead1f93eSLiane Praza $sed_cmd -e '/^# CDDL HEADER START/,/^# CDDL HEADER END/d' \ 105ead1f93eSLiane Praza $4.old > $4.$$ 2>/dev/null 106ead1f93eSLiane Praza $mv_cmd $4.$$ $4.old 107ead1f93eSLiane Praza fi 108ead1f93eSLiane Praza# 109ead1f93eSLiane Praza# Remove empty lines and multiple instances of these comments: 110ead1f93eSLiane Praza# 111ead1f93eSLiane Praza $sed_cmd -e '/^# \/etc\/security\/exec_attr/d' -e '/^#$/d' \ 112ead1f93eSLiane Praza -e '/^# execution attributes for profiles./d' \ 113bbf21555SRichard Lowe -e '/^# See exec_attr([45])/d' \ 114ead1f93eSLiane Praza -e '/^# \/etc\/user_attr/d' \ 115bbf21555SRichard Lowe -e '/^# user attributes. see user_attr([45])/d' \ 116ead1f93eSLiane Praza -e '/^# \/etc\/security\/prof_attr/d' \ 117bbf21555SRichard Lowe -e '/^# profiles attributes. see prof_attr([45])/d' \ 118bbf21555SRichard Lowe -e '/^# See prof_attr([45])/d' \ 119ead1f93eSLiane Praza -e '/^# \/etc\/security\/auth_attr/d' \ 120bbf21555SRichard Lowe -e '/^# authorizations. see auth_attr([45])/d' \ 121bbf21555SRichard Lowe -e '/^# authorization attributes. see auth_attr([45])/d' \ 122ead1f93eSLiane Praza $4.old > $4.$$ 123ead1f93eSLiane Praza $mv_cmd $4.$$ $4.old 124ead1f93eSLiane Praza# 125ead1f93eSLiane Praza# Retain old and new header comments. 126ead1f93eSLiane Praza# 127ead1f93eSLiane Praza $sed_cmd -n -e '/^[^#]/,$d' -e '/^##/,$d' -e p $4.old > $4 128ead1f93eSLiane Praza $rm_cmd $4.old 129ead1f93eSLiane Praza $sed_cmd -n -e '/^[^#]/,$d' -e '/^##/,$d' -e p $3 >> $4 130ead1f93eSLiane Praza# 13129c3196fSNathan Bush# If the output file now has both Sun and Oracle copyrights, remove 13229c3196fSNathan Bush# the Sun copyright. 13329c3196fSNathan Bush# 13429c3196fSNathan Bush sun_cr=`${egrep_cmd} '^# Copyright.*Sun Microsystems, Inc.' \ 13529c3196fSNathan Bush $4 2>/dev/null` 13629c3196fSNathan Bush oracle_cr=`${egrep_cmd} '^# Copyright.*Oracle and/or its affiliates.' \ 13729c3196fSNathan Bush $4 2>/dev/null` 13829c3196fSNathan Bush if [ -n "${sun_cr}" ] && [ -n "${oracle_cr}" ]; then 13929c3196fSNathan Bush $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \ 14029c3196fSNathan Bush -e '/^# All rights reserved./d' \ 14129c3196fSNathan Bush -e '/^# Use is subject to license terms./d' \ 14229c3196fSNathan Bush $4 > $4.$$ 2>/dev/null 14329c3196fSNathan Bush $mv_cmd $4.$$ $4 14429c3196fSNathan Bush fi 14529c3196fSNathan Bush# 146ead1f93eSLiane Praza# Handle line continuations (trailing \) 147ead1f93eSLiane Praza# 148ead1f93eSLiane Praza $sed_cmd \ 149ead1f93eSLiane Praza -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \ 150ead1f93eSLiane Praza -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \ 151ead1f93eSLiane Praza -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \ 152ead1f93eSLiane Praza $2 > $4.old 153ead1f93eSLiane Praza $sed_cmd \ 154ead1f93eSLiane Praza -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \ 155ead1f93eSLiane Praza -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \ 156ead1f93eSLiane Praza -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \ 157ead1f93eSLiane Praza $3 > $4.new 158ead1f93eSLiane Praza# 1598d0bff0bSNathan Bush# The nawk script below processes the old and new files using up to 1608d0bff0bSNathan Bush# three passes. If the old file is empty, only the final pass over 1618d0bff0bSNathan Bush# the new file is required. 1628d0bff0bSNathan Bush# 1638d0bff0bSNathan Bush if [ -s $4.old ]; then 1648d0bff0bSNathan Bush nawk_pass1=$4.old 1658d0bff0bSNathan Bush nawk_pass2=$4.new 1668d0bff0bSNathan Bush nawk_pass3=$4.new 1678d0bff0bSNathan Bush else 1688d0bff0bSNathan Bush nawk_pass1= 1698d0bff0bSNathan Bush nawk_pass2= 1708d0bff0bSNathan Bush nawk_pass3=$4.new 1718d0bff0bSNathan Bush fi 1728d0bff0bSNathan Bush# 173ead1f93eSLiane Praza#!/usr/bin/nawk -f 174ead1f93eSLiane Praza# 1758d0bff0bSNathan Bush# dbmerge type=[auth|prof|user|exec] [ old-file new-file ] new-file 176ead1f93eSLiane Praza# 177ead1f93eSLiane Praza# Merge two versions of an RBAC database file. The output 178ead1f93eSLiane Praza# consists of the lines from the new-file, while preserving 1798d0bff0bSNathan Bush# user customizations in the old-file. 1808d0bff0bSNathan Bush# 1818d0bff0bSNathan Bush# Entries in the new-file replace corresponding entries in the 1828d0bff0bSNathan Bush# old-file, except as follows: For exec_attr, all old entries 1838d0bff0bSNathan Bush# for profiles contained in the new-file are discarded. For 1848d0bff0bSNathan Bush# user_attr, the "root" entry from the old-file is retained, 1858d0bff0bSNathan Bush# and new keywords from the new-file are merged into it. 1868d0bff0bSNathan Bush# 1878d0bff0bSNathan Bush# Records with the same key field(s) are merged, so that the 1888d0bff0bSNathan Bush# keyword/value section of each output record contains the union 1898d0bff0bSNathan Bush# of the keywords found in all input records with the same key 1908d0bff0bSNathan Bush# field(s). For selected multi-value keywords [1] the values from 1918d0bff0bSNathan Bush# the new-file are merged with retained values from the old-file. 1928d0bff0bSNathan Bush# Otherwise, the value for each keyword is the final value found 1938d0bff0bSNathan Bush# in the new-file, except for keywords in the user_attr entry for 1948d0bff0bSNathan Bush# "root" where values from the old-file are always retained. 1958d0bff0bSNathan Bush# 1968d0bff0bSNathan Bush# [1] The following file type and keyword combinations are merged: 1978d0bff0bSNathan Bush# prof_attr: auths, profiles, privs 1988d0bff0bSNathan Bush# user_attr: auths, profiles, roles 199ead1f93eSLiane Praza# 200ead1f93eSLiane Praza# The output is run through sort except for the comments 201ead1f93eSLiane Praza# which will appear first in the output. 202ead1f93eSLiane Praza# 203ead1f93eSLiane Praza# 204ead1f93eSLiane Praza $nawk_cmd ' 205ead1f93eSLiane Praza 2068d0bff0bSNathan Bush# This script may be invoked with up to three file names. Each file 2078d0bff0bSNathan Bush# name corresponds to a separate processing pass. The passes are 2088d0bff0bSNathan Bush# defined as follows: 2098d0bff0bSNathan Bush# 2108d0bff0bSNathan Bush# Pass 1: Read existing data. 2118d0bff0bSNathan Bush# Data from the old-file is read into memory. 2128d0bff0bSNathan Bush# 2138d0bff0bSNathan Bush# Pass 2: Remove obsolete data. 2148d0bff0bSNathan Bush# Discard any data from the old-file that is part of profiles that 2158d0bff0bSNathan Bush# are also in the new-file. (As a special case, the user_attr entry 2168d0bff0bSNathan Bush# for 'root' is always retained.) 2178d0bff0bSNathan Bush# 2188d0bff0bSNathan Bush# Pass 3: Merge new data. 2198d0bff0bSNathan Bush# Data from the new-file is merged with the remaining old-file data. 2208d0bff0bSNathan Bush# (As a special case, exec_attr entries are replaced, not merged.) 2218d0bff0bSNathan Bush 222ead1f93eSLiane PrazaBEGIN { 2238d0bff0bSNathan Bush # The variable 'pass' specifies which type of processing to perform. 2248d0bff0bSNathan Bush # When processing only one file, skip passes 1 and 2. 2258d0bff0bSNathan Bush if (ARGC == 3) 2268d0bff0bSNathan Bush pass += 2; 2278d0bff0bSNathan Bush 2288d0bff0bSNathan Bush # The array 'keyword_behavior' specifies the special treatment of 2298d0bff0bSNathan Bush # [type, keyword] combinations subject to value merging. 2308d0bff0bSNathan Bush keyword_behavior["prof", "auths"] = "merge"; 2318d0bff0bSNathan Bush keyword_behavior["prof", "profiles"] = "merge"; 2328d0bff0bSNathan Bush keyword_behavior["prof", "privs"] = "merge"; 2338d0bff0bSNathan Bush keyword_behavior["user", "auths"] = "merge"; 2348d0bff0bSNathan Bush keyword_behavior["user", "profiles"] = "merge"; 2358d0bff0bSNathan Bush keyword_behavior["user", "roles"] = "merge"; 2368d0bff0bSNathan Bush 237ead1f93eSLiane Praza FS=":" 238ead1f93eSLiane Praza} 239ead1f93eSLiane Praza 2408d0bff0bSNathan Bush# When FNR (current file record number) is 1 it indicates that nawk 2418d0bff0bSNathan Bush# is starting to read the next file specified on its command line, 2428d0bff0bSNathan Bush# and is beginning the next processing pass. 2438d0bff0bSNathan BushFNR == 1 { 2448d0bff0bSNathan Bush pass++; 2458d0bff0bSNathan Bush} 2468d0bff0bSNathan Bush 247ead1f93eSLiane Praza/^#/ || /^$/ { 248ac05f74fSCody Peter Mello next; 249ead1f93eSLiane Praza} 250ead1f93eSLiane Praza 2511099afd7SNathan Bush{ 2521099afd7SNathan Bush # For each input line, nawk automatically assigns the complete 2531099afd7SNathan Bush # line to $0 and also splits the line at field separators and 2541099afd7SNathan Bush # assigns each field to a variable $1..$n. Assignment to $0 2551099afd7SNathan Bush # re-splits the line into the field variables. Conversely, 2561099afd7SNathan Bush # assgnment to a variable $1..$n will cause $0 to be recomputed 2571099afd7SNathan Bush # from the field variable values. 2581099afd7SNathan Bush # 2591099afd7SNathan Bush # This code adds awareness of escaped field separators by using 2601099afd7SNathan Bush # a custom function to split the line into a temporary array. 2611099afd7SNathan Bush # It assigns the empty string to $0 to clear any excess field 2621099afd7SNathan Bush # variables, and assigns the desired elements of the temporary 2631099afd7SNathan Bush # array back to the field variables $1..$7. 2641099afd7SNathan Bush # 2651099afd7SNathan Bush # Subsequent code must not assign directly to $0 or the fields 2661099afd7SNathan Bush # will be re-split without regard to escaped field separators. 2671099afd7SNathan Bush split_escape($0, f, ":"); 2681099afd7SNathan Bush $0 = ""; 2691099afd7SNathan Bush $1 = f[1]; 2701099afd7SNathan Bush $2 = f[2]; 2711099afd7SNathan Bush $3 = f[3]; 2721099afd7SNathan Bush $4 = f[4]; 2731099afd7SNathan Bush $5 = f[5]; 2741099afd7SNathan Bush $6 = f[6]; 2751099afd7SNathan Bush $7 = f[7]; 2761099afd7SNathan Bush} 2771099afd7SNathan Bush 278ead1f93eSLiane Prazatype == "auth" { 279ead1f93eSLiane Praza key = $1 ":" $2 ":" $3 ; 2808d0bff0bSNathan Bush if (pass == 1) { 281ead1f93eSLiane Praza short_comment[key] = $4 ; 282ead1f93eSLiane Praza long_comment[key] = $5; 283ead1f93eSLiane Praza record[key] = $6; 2848d0bff0bSNathan Bush } else if (pass == 2) { 2858d0bff0bSNathan Bush delete short_comment[key]; 2868d0bff0bSNathan Bush delete long_comment[key]; 2878d0bff0bSNathan Bush delete record[key]; 2888d0bff0bSNathan Bush } else if (pass == 3) { 289ead1f93eSLiane Praza if ( $4 != "" ) { 290ead1f93eSLiane Praza short_comment[key] = $4 ; 291ead1f93eSLiane Praza } 292ead1f93eSLiane Praza if ( $5 != "" ) { 293ead1f93eSLiane Praza long_comment[key] = $5 ; 294ead1f93eSLiane Praza } 2958d0bff0bSNathan Bush record[key] = merge_attrs(record[key], $6); 296ead1f93eSLiane Praza } 297ead1f93eSLiane Praza} 298ead1f93eSLiane Praza 299ead1f93eSLiane Prazatype == "prof" { 300ead1f93eSLiane Praza key = $1 ":" $2 ":" $3 ; 3018d0bff0bSNathan Bush if (pass == 1) { 302ead1f93eSLiane Praza comment[key] = $4; 303ead1f93eSLiane Praza record[key] = $5; 3048d0bff0bSNathan Bush } else if (pass == 2) { 3058d0bff0bSNathan Bush delete comment[key]; 3068d0bff0bSNathan Bush delete record[key]; 3078d0bff0bSNathan Bush } else if (pass == 3) { 308ead1f93eSLiane Praza if ( $4 != "" ) { 309ead1f93eSLiane Praza comment[key] = $4 ; 310ead1f93eSLiane Praza } 311ead1f93eSLiane Praza if (key != "::") { 3128d0bff0bSNathan Bush record[key] = merge_attrs(record[key], $5); 313ead1f93eSLiane Praza } 314ead1f93eSLiane Praza } 315ead1f93eSLiane Praza} 316ead1f93eSLiane Praza 317ead1f93eSLiane Prazatype == "exec" { 318ead1f93eSLiane Praza key = $1 ":" $2 ":" $3 ":" $4 ":" $5 ":" $6 ; 3198d0bff0bSNathan Bush if (pass == 1) { 3208d0bff0bSNathan Bush record[key] = $7; 3218d0bff0bSNathan Bush } else if (pass == 2) { 3228d0bff0bSNathan Bush # For exec_attr, deletion is based on the 'name' field only, 3238d0bff0bSNathan Bush # so that all old entries for the profile are removed. 3248d0bff0bSNathan Bush for (oldkey in record) { 3258d0bff0bSNathan Bush split_escape(oldkey, oldkey_fields, ":"); 3268d0bff0bSNathan Bush if (oldkey_fields[1] == $1) 3278d0bff0bSNathan Bush delete record[oldkey]; 3288d0bff0bSNathan Bush } 3298d0bff0bSNathan Bush } else if (pass == 3) { 330ead1f93eSLiane Praza # Substitute new entries, do not merge. 331ead1f93eSLiane Praza record[key] = $7; 332ead1f93eSLiane Praza } 3338d0bff0bSNathan Bush} 334ead1f93eSLiane Praza 335ead1f93eSLiane Prazatype == "user" { 336ead1f93eSLiane Praza key = $1 ":" $2 ":" $3 ":" $4 ; 3378d0bff0bSNathan Bush if (pass == 1) { 338ead1f93eSLiane Praza record[key] = $5; 3398d0bff0bSNathan Bush } else if (pass == 2) { 3408d0bff0bSNathan Bush if ($1 != "root") 341ead1f93eSLiane Praza delete record[key]; 3428d0bff0bSNathan Bush } else if (pass == 3) { 3438d0bff0bSNathan Bush record[key] = merge_attrs(record[key], $5); 344ead1f93eSLiane Praza } 345ead1f93eSLiane Praza} 346ead1f93eSLiane Praza 347ead1f93eSLiane PrazaEND { 348ead1f93eSLiane Praza for (key in record) { 349ead1f93eSLiane Praza if (type == "prof") { 350ead1f93eSLiane Praza if (key != "::") { 351ead1f93eSLiane Praza print key ":" comment[key] ":" record[key]; 352ead1f93eSLiane Praza } 353ead1f93eSLiane Praza } else 354ead1f93eSLiane Praza if (type == "auth") { 355ead1f93eSLiane Praza print key ":" short_comment[key] ":" \ 356ead1f93eSLiane Praza long_comment[key] ":" record[key]; 357ead1f93eSLiane Praza } else 358ead1f93eSLiane Praza print key ":" record[key]; 359ead1f93eSLiane Praza } 360ead1f93eSLiane Praza} 361ead1f93eSLiane Praza 362ead1f93eSLiane Prazafunction merge_attrs(old, new, cnt, new_cnt, i, j, list, new_list, keyword) 363ead1f93eSLiane Praza{ 3641099afd7SNathan Bush cnt = split_escape(old, list, ";"); 3651099afd7SNathan Bush new_cnt = split_escape(new, new_list, ";"); 366ead1f93eSLiane Praza for (i = 1; i <= new_cnt; i++) { 367ead1f93eSLiane Praza keyword = substr(new_list[i], 1, index(new_list[i], "=")-1); 368ead1f93eSLiane Praza for (j = 1; j <= cnt; j++) { 369ead1f93eSLiane Praza if (match(list[j], "^" keyword "=")) { 370ead1f93eSLiane Praza list[j] = merge_values(keyword, list[j], 371ead1f93eSLiane Praza new_list[i]); 372ead1f93eSLiane Praza break; 373ead1f93eSLiane Praza } 374ead1f93eSLiane Praza } 375ead1f93eSLiane Praza if (j > cnt) 376ead1f93eSLiane Praza list[++cnt] = new_list[i]; 377ead1f93eSLiane Praza } 378ead1f93eSLiane Praza 379ead1f93eSLiane Praza return unsplit(list, cnt, ";"); \ 380ead1f93eSLiane Praza} 381ead1f93eSLiane Praza 382ead1f93eSLiane Prazafunction merge_values(keyword, old, new, cnt, new_cnt, i, j, list, new_list, d) 383ead1f93eSLiane Praza{ 3848d0bff0bSNathan Bush # Keywords with multivalued attributes that are subject to merging 3858d0bff0bSNathan Bush # are processed by the algorithm implemented further below. 3868d0bff0bSNathan Bush # Otherwise, the keyword is not subject to merging, and: 3878d0bff0bSNathan Bush # For user_attr, the existing value is retained. 3888d0bff0bSNathan Bush # For any other file, the new value is substituted. 3898d0bff0bSNathan Bush if (keyword_behavior[type, keyword] != "merge") { 3908d0bff0bSNathan Bush if (type == "user") { 3918d0bff0bSNathan Bush return old; 3928d0bff0bSNathan Bush } else { 393ead1f93eSLiane Praza return new; 3948d0bff0bSNathan Bush } 3958d0bff0bSNathan Bush } 396ead1f93eSLiane Praza 397ead1f93eSLiane Praza cnt = split(substr(old, length(keyword)+2), list, ","); 398ead1f93eSLiane Praza new_cnt = split(substr(new, length(keyword)+2), new_list, ","); 399ead1f93eSLiane Praza 400ead1f93eSLiane Praza # If the existing list contains "All", remove it and add it 401ead1f93eSLiane Praza # to the new list; that way "All" will appear at the only valid 402ead1f93eSLiane Praza # location, the end of the list. 403ead1f93eSLiane Praza if (keyword == "profiles") { 404ead1f93eSLiane Praza d = 0; 405ead1f93eSLiane Praza for (i = 1; i <= cnt; i++) { 406ead1f93eSLiane Praza if (list[i] != "All") 407ead1f93eSLiane Praza list[++d] = list[i]; 408ead1f93eSLiane Praza } 409ead1f93eSLiane Praza if (cnt != d) { 410ead1f93eSLiane Praza new_list[++new_cnt] = "All"; 411ead1f93eSLiane Praza cnt = d; 412ead1f93eSLiane Praza } 413ead1f93eSLiane Praza } 414ead1f93eSLiane Praza for (i = 1; i <= new_cnt; i++) { 415ead1f93eSLiane Praza for (j = 1; j <= cnt; j++) { 416ead1f93eSLiane Praza if (list[j] == new_list[i]) 417ead1f93eSLiane Praza break; 418ead1f93eSLiane Praza } 419ead1f93eSLiane Praza if (j > cnt) 420ead1f93eSLiane Praza list[++cnt] = new_list[i]; 421ead1f93eSLiane Praza } 422ead1f93eSLiane Praza 423ead1f93eSLiane Praza return keyword "=" unsplit(list, cnt, ","); 424ead1f93eSLiane Praza} 425ead1f93eSLiane Praza 4261099afd7SNathan Bush# This function is similar to the nawk built-in split() function, 4271099afd7SNathan Bush# except that a "\" character may be used to escape any subsequent 4281099afd7SNathan Bush# character, so that the escaped character will not be treated as a 4291099afd7SNathan Bush# field separator or as part of a field separator regular expression. 4301099afd7SNathan Bush# The "\" characters will remain in the elements of the output array 4311099afd7SNathan Bush# variable upon completion. 4321099afd7SNathan Bushfunction split_escape(str, list, fs, cnt, saved, sep) 4331099afd7SNathan Bush{ 4341099afd7SNathan Bush # default to global FS 4351099afd7SNathan Bush if (fs == "") 4361099afd7SNathan Bush fs = FS; 4371099afd7SNathan Bush # initialize empty list, cnt, saved 4381099afd7SNathan Bush split("", list, " "); 4391099afd7SNathan Bush cnt = 0; 4401099afd7SNathan Bush saved = ""; 4411099afd7SNathan Bush # track whether last token was a field separator 4421099afd7SNathan Bush sep = 0; 4431099afd7SNathan Bush # nonzero str length indicates more string left to scan 4441099afd7SNathan Bush while (length(str)) { 4451099afd7SNathan Bush if (match(str, fs) == 1) { 4461099afd7SNathan Bush # field separator, terminates current field 4471099afd7SNathan Bush list[++cnt] = saved; 4481099afd7SNathan Bush saved = ""; 4491099afd7SNathan Bush str = substr(str, RLENGTH + 1); 4501099afd7SNathan Bush sep = 1; 4511099afd7SNathan Bush } else if (substr(str, 1, 1) == "\\") { 4521099afd7SNathan Bush # escaped character 4531099afd7SNathan Bush saved = saved substr(str, 1, 2); 4541099afd7SNathan Bush str = substr(str, 3); 4551099afd7SNathan Bush sep = 0; 4561099afd7SNathan Bush } else { 4571099afd7SNathan Bush # regular character 4581099afd7SNathan Bush saved = saved substr(str, 1, 1); 4591099afd7SNathan Bush str = substr(str, 2); 4601099afd7SNathan Bush sep = 0; 4611099afd7SNathan Bush } 4621099afd7SNathan Bush } 4631099afd7SNathan Bush # if required, append final field to list 4641099afd7SNathan Bush if (sep || length(saved)) 4651099afd7SNathan Bush list[++cnt] = saved; 4661099afd7SNathan Bush 4671099afd7SNathan Bush return cnt; 4681099afd7SNathan Bush} 4691099afd7SNathan Bush 470ead1f93eSLiane Prazafunction unsplit(list, cnt, delim, str) 471ead1f93eSLiane Praza{ 472ead1f93eSLiane Praza str = list[1]; 473ead1f93eSLiane Praza for (i = 2; i <= cnt; i++) 474ead1f93eSLiane Praza str = str delim list[i]; 475ead1f93eSLiane Praza return str; 476ead1f93eSLiane Praza}' \ 4778d0bff0bSNathan Bush type=$1 $nawk_pass1 $nawk_pass2 $nawk_pass3 > $4.unsorted 478ead1f93eSLiane Praza rc=$? 479ead1f93eSLiane Praza $sort_cmd < $4.unsorted >> $4 480ead1f93eSLiane Praza return $rc 481ead1f93eSLiane Praza} 482ead1f93eSLiane Praza 483ead1f93eSLiane Praza# $1 is the merged file 484ead1f93eSLiane Praza# $2 is the target file 485ead1f93eSLiane Praza# 486ead1f93eSLiane Prazacommit() { 487ead1f93eSLiane Praza # Make sure that the last mv uses rename(2) by first moving to 488ead1f93eSLiane Praza # the same filesystem. 489ead1f93eSLiane Praza $mv_cmd $1 $2.$$ 490ead1f93eSLiane Praza $mv_cmd $2.$$ $2 491ead1f93eSLiane Praza return $? 492ead1f93eSLiane Praza} 493ead1f93eSLiane Praza 494ead1f93eSLiane Prazaoutfile="" 495ead1f93eSLiane Prazatype="" 496ead1f93eSLiane Prazaset_type_and_outfile() { 497ead1f93eSLiane Praza # 498ead1f93eSLiane Praza # Assumes basename $1 returns one of 499ead1f93eSLiane Praza # prof_attr, exec_attr, auth_attr, or user_attr 500ead1f93eSLiane Praza # 501ead1f93eSLiane Praza fname=`$basename_cmd $1` 502ead1f93eSLiane Praza type=`echo $fname | $sed_cmd -e s'/^\([a-z][a-z]*\)_attr$/\1/' ` 503ead1f93eSLiane Praza case "$type" in 504ead1f93eSLiane Praza "prof"|"exec"|"user"|"auth") ;; 505ead1f93eSLiane Praza *) return 2 ;; 506ead1f93eSLiane Praza esac 507ead1f93eSLiane Praza 508ead1f93eSLiane Praza outfile=$tmp_dir/rbac_${PKGINST}_${fname}_merge.$$ 509ead1f93eSLiane Praza 510ead1f93eSLiane Praza return 0 511ead1f93eSLiane Praza} 512ead1f93eSLiane Praza 513ead1f93eSLiane Prazacleanup() { 514ead1f93eSLiane Praza $rm_cmd -f $outfile $outfile.old $outfile.new $outfile.unsorted 515ead1f93eSLiane Praza 516ead1f93eSLiane Praza return 0 517ead1f93eSLiane Praza} 518ead1f93eSLiane Praza 519ead1f93eSLiane Prazaexit_status=0 520ead1f93eSLiane Praza 521ead1f93eSLiane Praza# main 522ead1f93eSLiane Praza 523ead1f93eSLiane Prazawhile read newfile oldfile ; do 524ead1f93eSLiane Praza if [ -n "$PKGINST" ] 525ead1f93eSLiane Praza then 526ead1f93eSLiane Praza # Install the file in the "fragment" directory. 527ead1f93eSLiane Praza mkdir -m 755 -p ${oldfile}.d 528ead1f93eSLiane Praza rm -f ${oldfile}.d/"$PKGINST" 529ead1f93eSLiane Praza cp $newfile ${oldfile}.d/"$PKGINST" 530ead1f93eSLiane Praza 531ead1f93eSLiane Praza # Make sure that it is marked read-only. 532ead1f93eSLiane Praza chmod a-w,a+r ${oldfile}.d/"$PKGINST" 533ead1f93eSLiane Praza 534ead1f93eSLiane Praza # We also execute the rest of the i.rbac script. 535ead1f93eSLiane Praza fi 536ead1f93eSLiane Praza 537ead1f93eSLiane Praza if [ ! -f $oldfile ]; then 538ead1f93eSLiane Praza cp $newfile $oldfile 539ead1f93eSLiane Praza else 540ead1f93eSLiane Praza set_type_and_outfile $newfile || 541ead1f93eSLiane Praza set_type_and_outfile $oldfile 542ead1f93eSLiane Praza if [ $? -ne 0 ]; then 543ead1f93eSLiane Praza echo "$0 : $newfile not one of" \ 544ead1f93eSLiane Praza " prof_attr, exec_attr, auth_attr, user_attr" 545ead1f93eSLiane Praza exit_status=2 546ead1f93eSLiane Praza continue 547ead1f93eSLiane Praza fi 548ead1f93eSLiane Praza 549ead1f93eSLiane Praza dbmerge $type $oldfile $newfile $outfile 550ead1f93eSLiane Praza if [ $? -ne 0 ]; then 551ead1f93eSLiane Praza echo "$0 : failed to merge $newfile with $oldfile" 552ead1f93eSLiane Praza cleanup 553ead1f93eSLiane Praza exit_status=2 554ead1f93eSLiane Praza continue 555ead1f93eSLiane Praza fi 556ead1f93eSLiane Praza 557ead1f93eSLiane Praza commit $outfile $oldfile 558ead1f93eSLiane Praza if [ $? -ne 0 ]; then 559ead1f93eSLiane Praza echo "$0 : failed to mv $outfile to $2" 560ead1f93eSLiane Praza cleanup 561ead1f93eSLiane Praza exit_status=2 562ead1f93eSLiane Praza continue 563ead1f93eSLiane Praza fi 564ead1f93eSLiane Praza 565ead1f93eSLiane Praza cleanup 566ead1f93eSLiane Praza fi 567ead1f93eSLiane Prazadone 568ead1f93eSLiane Praza 569ead1f93eSLiane Prazaif [ "$1" = "ENDOFCLASS" ]; then 570ead1f93eSLiane Praza exit 0 571ead1f93eSLiane Prazafi 572ead1f93eSLiane Praza 573ead1f93eSLiane Prazaexit $exit_status 574