xref: /illumos-gate/usr/src/lib/libsecdb/svc-rbac (revision 2aeafac3612e19716bf8164f89c3c9196342979c)
1#! /usr/bin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
25#
26
27. /lib/svc/share/smf_include.sh
28
29files='/etc/user_attr /etc/security/auth_attr /etc/security/exec_attr
30    /etc/security/prof_attr'
31
32PKGINST=
33export PKGINST
34
35irbac=/usr/sadm/install/scripts/i.rbac
36
37if [ ! -x $irbac ]
38then
39	echo "${irbac}: not found."
40	exit $SMF_EXIT_ERR_FATAL
41fi
42
43case "$1" in
44start|refresh)
45	;;
46stop)
47	exit $SMF_EXIT_OK;;
48*)
49	echo "Usage: $0 { start | refresh | stop }"
50	exit $SMF_EXIT_ERR_FATAL;;
51esac
52
53tmp_rbac=`/usr/bin/mktemp -d /tmp/rbac.XXXXXX`
54if [ -z "$tmp_rbac" ]
55then
56	echo "Could not create temporary directory."
57	exit $SMF_EXIT_ERR_FATAL
58fi
59tmp_frag=$tmp_rbac/frag
60tmp_file=$tmp_rbac/file
61
62for f in $files
63do
64	d=${f}.d
65	if [ ! -d ${d} ]
66	then
67		# No directory, nothing to do
68		continue
69	fi
70	# cache user/owner of file to update
71	ownergroup=`ls -ln $f | awk '{printf("%s:%s\n", $3, $4);'}`
72	#
73	# List all the files in the directory and the destination file
74	# in the order of their timestamp.  Older files are displayed
75	# first.  If a fragment file is listed before the destination
76	# file, it is an older fragment that has already been processed.
77	# If a fragment file is listed after the destination file, it is
78	# new, and the destination file must be updated.
79	#
80	# Comments are processed separately from the other file contents.
81	# For new fragments only, the comments are processed as they are
82	# encountered.  For all fragments, the non-comment contents are
83	# saved in a temporary file.  After all fragments have been
84	# processed, and only if new fragments were found, the contents
85	# of the temporary file are processed.  This ensures that older
86	# but still valid entries are retained in the destination file.
87	#
88	/usr/bin/rm -f $tmp_file
89	new_frag=0
90	update=0
91	for frag in `ls -tr $f $d/* 2> /dev/null`
92	do
93		if [ "$frag" = "$f" ]
94		then
95			new_frag=1
96			continue
97		fi
98		if [ -f "$frag" ]
99		then
100			if [ $new_frag -eq 1 ]
101			then
102				/usr/bin/rm -f $tmp_frag
103				/usr/bin/grep '^#' $frag > $tmp_frag
104				update=1
105				echo $tmp_frag $f | $irbac
106			fi
107			/usr/bin/grep -v '^#' $frag >> $tmp_file
108		fi
109	done
110	if [ $update -eq 1 ]
111	then
112		echo $tmp_file $f | $irbac
113		chown $ownergroup $f
114	fi
115done
116
117/usr/bin/rm -rf $tmp_rbac
118
119exit $SMF_EXIT_OK
120