32 # /etc/user_attr
33 #
34 # Allowable exit codes
35 #
36 # 0 - success
37 # 2 - warning or possible error condition. Installation continues. A warning
38 # message is displayed at the time of completion.
39 #
40
41 umask 022
42
43 tmp_dir=${TMPDIR:-/tmp}
44
45 PATH="/usr/bin:/usr/sbin:${PATH}"
46 export PATH
47
48 basename_cmd=basename
49 cp_cmd=cp
50 egrep_cmd=egrep
51 mv_cmd=mv
52 nawk_cmd=nawk
53 rm_cmd=rm
54 sed_cmd=sed
55 sort_cmd=sort
56
57 # $1 is the type
58 # $2 is the "old/existing file"
59 # $3 is the "new (to be merged)" file
60 # $4 is the output file
61 # returns 0 on success
62 # returns 2 on failure if nawk fails with non-zero exit status
63 #
64 dbmerge() {
65 #
66 # Remove the ident lines.
67 #
68 ${egrep_cmd} -v '^#[pragma ]*ident' $2 > $4.old 2>/dev/null
69 #
70 # If the new file has a Sun copyright, remove the Sun copyright from the old
71 # file.
72 #
73 newcr=`${egrep_cmd} '^# Copyright.*Sun Microsystems, Inc.' $3 \
74 2>/dev/null`
75 if [ -n "${newcr}" ]; then
76 $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \
77 -e '/^# All rights reserved./d' \
78 -e '/^# Use is subject to license terms./d' \
79 $4.old > $4.$$ 2>/dev/null
80 $mv_cmd $4.$$ $4.old
81 fi
82 #
136 $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \
137 -e '/^# All rights reserved./d' \
138 -e '/^# Use is subject to license terms./d' \
139 $4 > $4.$$ 2>/dev/null
140 $mv_cmd $4.$$ $4
141 fi
142 #
143 # Handle line continuations (trailing \)
144 #
145 $sed_cmd \
146 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
147 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
148 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
149 $2 > $4.old
150 $sed_cmd \
151 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
152 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
153 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
154 $3 > $4.new
155 #
156 # The nawk script below processes the old and new files using up to
157 # three passes. If the old file is empty, only the final pass over
158 # the new file is required.
159 #
160 if [ -s $4.old ]; then
161 nawk_pass1=$4.old
162 nawk_pass2=$4.new
163 nawk_pass3=$4.new
164 else
165 nawk_pass1=
166 nawk_pass2=
167 nawk_pass3=$4.new
168 fi
169 #
170 #!/usr/bin/nawk -f
171 #
172 # dbmerge type=[auth|prof|user|exec] [ old-file new-file ] new-file
173 #
174 # Merge two versions of an RBAC database file. The output
175 # consists of the lines from the new-file, while preserving
176 # user customizations in the old-file.
177 #
178 # Entries in the new-file replace corresponding entries in the
179 # old-file, except as follows: For exec_attr, all old entries
180 # for profiles contained in the new-file are discarded. For
181 # user_attr, the "root" entry from the old-file is retained,
182 # and new keywords from the new-file are merged into it.
183 #
184 # Records with the same key field(s) are merged, so that the
185 # keyword/value section of each output record contains the union
186 # of the keywords found in all input records with the same key
187 # field(s). For selected multi-value keywords [1] the values from
188 # the new-file are merged with retained values from the old-file.
189 # Otherwise, the value for each keyword is the final value found
190 # in the new-file, except for keywords in the user_attr entry for
191 # "root" where values from the old-file are always retained.
192 #
193 # [1] The following file type and keyword combinations are merged:
194 # prof_attr: auths, profiles, privs
195 # user_attr: auths, profiles, roles
196 #
197 # The output is run through sort except for the comments
198 # which will appear first in the output.
199 #
200 #
201 $nawk_cmd '
202
203 # This script may be invoked with up to three file names. Each file
204 # name corresponds to a separate processing pass. The passes are
205 # defined as follows:
206 #
207 # Pass 1: Read existing data.
208 # Data from the old-file is read into memory.
209 #
210 # Pass 2: Remove obsolete data.
211 # Discard any data from the old-file that is part of profiles that
212 # are also in the new-file. (As a special case, the user_attr entry
213 # for 'root' is always retained.)
214 #
215 # Pass 3: Merge new data.
216 # Data from the new-file is merged with the remaining old-file data.
217 # (As a special case, exec_attr entries are replaced, not merged.)
218
219 BEGIN {
220 # The variable 'pass' specifies which type of processing to perform.
221 # When processing only one file, skip passes 1 and 2.
222 if (ARGC == 3)
223 pass += 2;
224
225 # The array 'keyword_behavior' specifies the special treatment of
226 # [type, keyword] combinations subject to value merging.
227 keyword_behavior["prof", "auths"] = "merge";
228 keyword_behavior["prof", "profiles"] = "merge";
229 keyword_behavior["prof", "privs"] = "merge";
230 keyword_behavior["user", "auths"] = "merge";
231 keyword_behavior["user", "profiles"] = "merge";
232 keyword_behavior["user", "roles"] = "merge";
233
234 FS=":"
235 }
236
237 # When FNR (current file record number) is 1 it indicates that nawk
238 # is starting to read the next file specified on its command line,
239 # and is beginning the next processing pass.
240 FNR == 1 {
241 pass++;
242 }
243
244 /^#/ || /^$/ {
245 continue;
246 }
247
248 {
249 # For each input line, nawk automatically assigns the complete
250 # line to $0 and also splits the line at field separators and
251 # assigns each field to a variable $1..$n. Assignment to $0
252 # re-splits the line into the field variables. Conversely,
253 # assgnment to a variable $1..$n will cause $0 to be recomputed
254 # from the field variable values.
255 #
256 # This code adds awareness of escaped field separators by using
257 # a custom function to split the line into a temporary array.
258 # It assigns the empty string to $0 to clear any excess field
259 # variables, and assigns the desired elements of the temporary
260 # array back to the field variables $1..$7.
261 #
262 # Subsequent code must not assign directly to $0 or the fields
263 # will be re-split without regard to escaped field separators.
264 split_escape($0, f, ":");
265 $0 = "";
266 $1 = f[1];
267 $2 = f[2];
268 $3 = f[3];
269 $4 = f[4];
270 $5 = f[5];
271 $6 = f[6];
272 $7 = f[7];
273 }
403 if (list[i] != "All")
404 list[++d] = list[i];
405 }
406 if (cnt != d) {
407 new_list[++new_cnt] = "All";
408 cnt = d;
409 }
410 }
411 for (i = 1; i <= new_cnt; i++) {
412 for (j = 1; j <= cnt; j++) {
413 if (list[j] == new_list[i])
414 break;
415 }
416 if (j > cnt)
417 list[++cnt] = new_list[i];
418 }
419
420 return keyword "=" unsplit(list, cnt, ",");
421 }
422
423 # This function is similar to the nawk built-in split() function,
424 # except that a "\" character may be used to escape any subsequent
425 # character, so that the escaped character will not be treated as a
426 # field separator or as part of a field separator regular expression.
427 # The "\" characters will remain in the elements of the output array
428 # variable upon completion.
429 function split_escape(str, list, fs, cnt, saved, sep)
430 {
431 # default to global FS
432 if (fs == "")
433 fs = FS;
434 # initialize empty list, cnt, saved
435 split("", list, " ");
436 cnt = 0;
437 saved = "";
438 # track whether last token was a field separator
439 sep = 0;
440 # nonzero str length indicates more string left to scan
441 while (length(str)) {
442 if (match(str, fs) == 1) {
443 # field separator, terminates current field
454 # regular character
455 saved = saved substr(str, 1, 1);
456 str = substr(str, 2);
457 sep = 0;
458 }
459 }
460 # if required, append final field to list
461 if (sep || length(saved))
462 list[++cnt] = saved;
463
464 return cnt;
465 }
466
467 function unsplit(list, cnt, delim, str)
468 {
469 str = list[1];
470 for (i = 2; i <= cnt; i++)
471 str = str delim list[i];
472 return str;
473 }' \
474 type=$1 $nawk_pass1 $nawk_pass2 $nawk_pass3 > $4.unsorted
475 rc=$?
476 $sort_cmd < $4.unsorted >> $4
477 return $rc
478 }
479
480 # $1 is the merged file
481 # $2 is the target file
482 #
483 commit() {
484 # Make sure that the last mv uses rename(2) by first moving to
485 # the same filesystem.
486 $mv_cmd $1 $2.$$
487 $mv_cmd $2.$$ $2
488 return $?
489 }
490
491 outfile=""
492 type=""
493 set_type_and_outfile() {
494 #
|
32 # /etc/user_attr
33 #
34 # Allowable exit codes
35 #
36 # 0 - success
37 # 2 - warning or possible error condition. Installation continues. A warning
38 # message is displayed at the time of completion.
39 #
40
41 umask 022
42
43 tmp_dir=${TMPDIR:-/tmp}
44
45 PATH="/usr/bin:/usr/sbin:${PATH}"
46 export PATH
47
48 basename_cmd=basename
49 cp_cmd=cp
50 egrep_cmd=egrep
51 mv_cmd=mv
52 awk_cmd=/usr/xpg4/bin/awk
53 rm_cmd=rm
54 sed_cmd=sed
55 sort_cmd=sort
56
57 # $1 is the type
58 # $2 is the "old/existing file"
59 # $3 is the "new (to be merged)" file
60 # $4 is the output file
61 # returns 0 on success
62 # returns 2 on failure if awk fails with non-zero exit status
63 #
64 dbmerge() {
65 #
66 # Remove the ident lines.
67 #
68 ${egrep_cmd} -v '^#[pragma ]*ident' $2 > $4.old 2>/dev/null
69 #
70 # If the new file has a Sun copyright, remove the Sun copyright from the old
71 # file.
72 #
73 newcr=`${egrep_cmd} '^# Copyright.*Sun Microsystems, Inc.' $3 \
74 2>/dev/null`
75 if [ -n "${newcr}" ]; then
76 $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \
77 -e '/^# All rights reserved./d' \
78 -e '/^# Use is subject to license terms./d' \
79 $4.old > $4.$$ 2>/dev/null
80 $mv_cmd $4.$$ $4.old
81 fi
82 #
136 $sed_cmd -e '/^# Copyright.*Sun Microsystems, Inc./d' \
137 -e '/^# All rights reserved./d' \
138 -e '/^# Use is subject to license terms./d' \
139 $4 > $4.$$ 2>/dev/null
140 $mv_cmd $4.$$ $4
141 fi
142 #
143 # Handle line continuations (trailing \)
144 #
145 $sed_cmd \
146 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
147 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
148 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
149 $2 > $4.old
150 $sed_cmd \
151 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
152 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
153 -e '/\\$/{N;s/\\\n//;}' -e '/\\$/{N;s/\\\n//;}' \
154 $3 > $4.new
155 #
156 # The awk script below processes the old and new files using up to
157 # three passes. If the old file is empty, only the final pass over
158 # the new file is required.
159 #
160 if [ -s $4.old ]; then
161 awk_pass1=$4.old
162 awk_pass2=$4.new
163 awk_pass3=$4.new
164 else
165 awk_pass1=
166 awk_pass2=
167 awk_pass3=$4.new
168 fi
169 #
170 #!/usr/xpg4/bin/awk -f
171 #
172 # dbmerge type=[auth|prof|user|exec] [ old-file new-file ] new-file
173 #
174 # Merge two versions of an RBAC database file. The output
175 # consists of the lines from the new-file, while preserving
176 # user customizations in the old-file.
177 #
178 # Entries in the new-file replace corresponding entries in the
179 # old-file, except as follows: For exec_attr, all old entries
180 # for profiles contained in the new-file are discarded. For
181 # user_attr, the "root" entry from the old-file is retained,
182 # and new keywords from the new-file are merged into it.
183 #
184 # Records with the same key field(s) are merged, so that the
185 # keyword/value section of each output record contains the union
186 # of the keywords found in all input records with the same key
187 # field(s). For selected multi-value keywords [1] the values from
188 # the new-file are merged with retained values from the old-file.
189 # Otherwise, the value for each keyword is the final value found
190 # in the new-file, except for keywords in the user_attr entry for
191 # "root" where values from the old-file are always retained.
192 #
193 # [1] The following file type and keyword combinations are merged:
194 # prof_attr: auths, profiles, privs
195 # user_attr: auths, profiles, roles
196 #
197 # The output is run through sort except for the comments
198 # which will appear first in the output.
199 #
200 #
201 $awk_cmd '
202
203 # This script may be invoked with up to three file names. Each file
204 # name corresponds to a separate processing pass. The passes are
205 # defined as follows:
206 #
207 # Pass 1: Read existing data.
208 # Data from the old-file is read into memory.
209 #
210 # Pass 2: Remove obsolete data.
211 # Discard any data from the old-file that is part of profiles that
212 # are also in the new-file. (As a special case, the user_attr entry
213 # for 'root' is always retained.)
214 #
215 # Pass 3: Merge new data.
216 # Data from the new-file is merged with the remaining old-file data.
217 # (As a special case, exec_attr entries are replaced, not merged.)
218
219 BEGIN {
220 # The variable 'pass' specifies which type of processing to perform.
221 # When processing only one file, skip passes 1 and 2.
222 if (ARGC == 3)
223 pass += 2;
224
225 # The array 'keyword_behavior' specifies the special treatment of
226 # [type, keyword] combinations subject to value merging.
227 keyword_behavior["prof", "auths"] = "merge";
228 keyword_behavior["prof", "profiles"] = "merge";
229 keyword_behavior["prof", "privs"] = "merge";
230 keyword_behavior["user", "auths"] = "merge";
231 keyword_behavior["user", "profiles"] = "merge";
232 keyword_behavior["user", "roles"] = "merge";
233
234 FS=":"
235 }
236
237 # When FNR (current file record number) is 1 it indicates that awk
238 # is starting to read the next file specified on its command line,
239 # and is beginning the next processing pass.
240 FNR == 1 {
241 pass++;
242 }
243
244 /^#/ || /^$/ {
245 next;
246 }
247
248 {
249 # For each input line, awk automatically assigns the complete
250 # line to $0 and also splits the line at field separators and
251 # assigns each field to a variable $1..$n. Assignment to $0
252 # re-splits the line into the field variables. Conversely,
253 # assignment to a variable $1..$n will cause $0 to be recomputed
254 # from the field variable values.
255 #
256 # This code adds awareness of escaped field separators by using
257 # a custom function to split the line into a temporary array.
258 # It assigns the empty string to $0 to clear any excess field
259 # variables, and assigns the desired elements of the temporary
260 # array back to the field variables $1..$7.
261 #
262 # Subsequent code must not assign directly to $0 or the fields
263 # will be re-split without regard to escaped field separators.
264 split_escape($0, f, ":");
265 $0 = "";
266 $1 = f[1];
267 $2 = f[2];
268 $3 = f[3];
269 $4 = f[4];
270 $5 = f[5];
271 $6 = f[6];
272 $7 = f[7];
273 }
403 if (list[i] != "All")
404 list[++d] = list[i];
405 }
406 if (cnt != d) {
407 new_list[++new_cnt] = "All";
408 cnt = d;
409 }
410 }
411 for (i = 1; i <= new_cnt; i++) {
412 for (j = 1; j <= cnt; j++) {
413 if (list[j] == new_list[i])
414 break;
415 }
416 if (j > cnt)
417 list[++cnt] = new_list[i];
418 }
419
420 return keyword "=" unsplit(list, cnt, ",");
421 }
422
423 # This function is similar to the awk built-in split() function,
424 # except that a "\" character may be used to escape any subsequent
425 # character, so that the escaped character will not be treated as a
426 # field separator or as part of a field separator regular expression.
427 # The "\" characters will remain in the elements of the output array
428 # variable upon completion.
429 function split_escape(str, list, fs, cnt, saved, sep)
430 {
431 # default to global FS
432 if (fs == "")
433 fs = FS;
434 # initialize empty list, cnt, saved
435 split("", list, " ");
436 cnt = 0;
437 saved = "";
438 # track whether last token was a field separator
439 sep = 0;
440 # nonzero str length indicates more string left to scan
441 while (length(str)) {
442 if (match(str, fs) == 1) {
443 # field separator, terminates current field
454 # regular character
455 saved = saved substr(str, 1, 1);
456 str = substr(str, 2);
457 sep = 0;
458 }
459 }
460 # if required, append final field to list
461 if (sep || length(saved))
462 list[++cnt] = saved;
463
464 return cnt;
465 }
466
467 function unsplit(list, cnt, delim, str)
468 {
469 str = list[1];
470 for (i = 2; i <= cnt; i++)
471 str = str delim list[i];
472 return str;
473 }' \
474 type=$1 $awk_pass1 $awk_pass2 $awk_pass3 > $4.unsorted
475 rc=$?
476 $sort_cmd < $4.unsorted >> $4
477 return $rc
478 }
479
480 # $1 is the merged file
481 # $2 is the target file
482 #
483 commit() {
484 # Make sure that the last mv uses rename(2) by first moving to
485 # the same filesystem.
486 $mv_cmd $1 $2.$$
487 $mv_cmd $2.$$ $2
488 return $?
489 }
490
491 outfile=""
492 type=""
493 set_type_and_outfile() {
494 #
|