8436
|
1 |
diff -u system-tools-backends-1.4.2/users-conf.in-orig1 system-tools-backends-1.4.2/users-conf.in
|
|
2 |
--- system-tools-backends-1.4.2/users-conf.in-orig1 2006-01-02 15:48:06.000000000 +0000
|
|
3 |
+++ system-tools-backends-1.4.2/users-conf.in 2006-10-26 11:52:32.542519000 +0100
|
7860
|
4 |
@@ -47,6 +47,8 @@
|
|
5 |
# pw: modifying users/groups and user/group data on FreeBSD.
|
|
6 |
|
|
7 |
|
|
8 |
+use Authen::PAM;
|
|
9 |
+
|
|
10 |
BEGIN {
|
|
11 |
$SCRIPTSDIR = "@scriptsdir@";
|
|
12 |
if ($SCRIPTSDIR =~ /^@scriptsdir[@]/)
|
|
13 |
@@ -74,6 +76,7 @@
|
|
14 |
"mandrake-7.1", "mandrake-7.2", "mandrake-9.0", "mandrake-9.1", "mandrake-9.2",
|
|
15 |
"mandrake-10.0", "mandrake-10.1",
|
|
16 |
"debian-2.2", "debian-3.0", "debian-sarge",
|
|
17 |
+ "nexenta-1.0", "solaris-2.11",
|
|
18 |
"suse-7.0", "suse-9.0", "suse-9.1", "turbolinux-7.0",
|
|
19 |
"slackware-8.0.0", "slackware-8.1", "slackware-9.0.0", "slackware-9.1.0", "slackware-10.0.0", "slackware-10.1.0", "slackware-10.2.0",
|
|
20 |
"freebsd-4", "freebsd-5", "freebsd-6",
|
8121
|
21 |
@@ -93,6 +96,7 @@
|
|
22 |
@passwd_names = ( "/etc/passwd" );
|
|
23 |
@shadow_names = ( "/etc/shadow", "/etc/master.passwd" );
|
|
24 |
@group_names = ( "/etc/group" );
|
|
25 |
+@rbac_names = ( "/etc/user_attr" ); # Files that will be changed by RBAC commands
|
|
26 |
@login_defs_names = ( "/etc/login.defs", "/etc/adduser.conf" );
|
|
27 |
@shell_names = ( "/etc/shells" );
|
|
28 |
@skel_dir = ( "/usr/share/skel", "/etc/skel" );
|
8436
|
29 |
@@ -111,13 +115,38 @@
|
8121
|
30 |
$cmd_gpasswd = &gst_file_locate_tool ("gpasswd");
|
|
31 |
$cmd_chfn = &gst_file_locate_tool ("chfn");
|
|
32 |
$cmd_pw = &gst_file_locate_tool ("pw");
|
|
33 |
+$cmd_profiles = &gst_file_locate_tool ("profiles");
|
|
34 |
|
7860
|
35 |
# --- Mapping constants --- #
|
|
36 |
|
|
37 |
%users_prop_map = ();
|
|
38 |
+
|
|
39 |
+sub get_users_prop_array
|
|
40 |
+{
|
|
41 |
@users_prop_array = ();
|
|
42 |
|
|
43 |
-if ($$tool{"platform"} eq "Linux")
|
8436
|
44 |
+if ($$tool{"system"} eq "Linux")
|
|
45 |
+{
|
|
46 |
+ @users_prop_array = (
|
|
47 |
+ "key", 0,
|
|
48 |
+ "login", 1,
|
|
49 |
+ "password", 2,
|
|
50 |
+ "uid", 3,
|
|
51 |
+ "gid", 4,
|
|
52 |
+ "comment", 5,
|
|
53 |
+ "home", 6,
|
|
54 |
+ "shell", 7,
|
|
55 |
+ "last_mod", 8, # Read shadow (5) for these.
|
|
56 |
+ "passwd_min_life", 9,
|
|
57 |
+ "passwd_max_life", 10,
|
|
58 |
+ "passwd_exp_warn", 11,
|
|
59 |
+ "passwd_exp_disable", 12,
|
|
60 |
+ "passwd_disable", 13,
|
|
61 |
+ "reserved", 14,
|
|
62 |
+ "is_shadow", 15,
|
|
63 |
+ "", "");
|
|
64 |
+}
|
|
65 |
+if ($$tool{"system"} eq "SunOS")
|
7860
|
66 |
{
|
|
67 |
@users_prop_array = (
|
|
68 |
"key", 0,
|
8436
|
69 |
@@ -136,6 +165,7 @@
|
|
70 |
"passwd_disable", 13,
|
|
71 |
"reserved", 14,
|
|
72 |
"is_shadow", 15,
|
|
73 |
+ "rbac", 16,
|
|
74 |
"", "");
|
|
75 |
}
|
|
76 |
else
|
|
77 |
@@ -157,6 +187,7 @@
|
7860
|
78 |
$users_prop_map {$users_prop_array[$i]} = $users_prop_array[$i + 1];
|
|
79 |
$users_prop_map {$users_prop_array[$i + 1]} = $users_prop_array[$i];
|
|
80 |
}
|
|
81 |
+}
|
|
82 |
|
|
83 |
%groups_prop_map = ();
|
|
84 |
@groups_prop_array = (
|
8436
|
85 |
@@ -193,6 +224,30 @@
|
8121
|
86 |
%login_defs_prop_map = ();
|
|
87 |
%profiles_prop_map = ();
|
|
88 |
|
|
89 |
+sub read_rbac() {
|
|
90 |
+ return unless ( $gst_dist =~ /^solaris/ );
|
|
91 |
+
|
|
92 |
+ my ($hash) = @_;
|
|
93 |
+ my ($buffer, $line, $profile, $description, $dummy);
|
|
94 |
+ my (%rbac, %rbac_profiles);
|
|
95 |
+
|
|
96 |
+ %rbac=();
|
|
97 |
+ %rbac_profiles=();
|
|
98 |
+
|
|
99 |
+ $buffer = &gst_file_buffer_load("/etc/security/prof_attr");
|
|
100 |
+ foreach $line ( @$buffer ) {
|
|
101 |
+ # Skip comments, blank lines and the "All" special profile.
|
|
102 |
+ next if ( $line =~ /^#|^\s*$|^All:/ );
|
|
103 |
+
|
|
104 |
+ ($profile, $dummy, $dummy, $description, $dummy ) = split(/:/, $line, 5);
|
|
105 |
+ $rbac_profiles{$profile} = &gst_xml_quote($description);
|
|
106 |
+ }
|
|
107 |
+
|
|
108 |
+ $rbac{"rbac_profiles"} = \%rbac_profiles;
|
|
109 |
+
|
|
110 |
+ $$hash{"rbacdb"} = \%rbac;
|
|
111 |
+}
|
|
112 |
+
|
|
113 |
sub get_login_defs_prop_array
|
|
114 |
{
|
|
115 |
my @prop_array;
|
8436
|
116 |
@@ -315,6 +370,30 @@
|
7860
|
117 |
}
|
|
118 |
}
|
|
119 |
|
|
120 |
+my $nexenta_logindefs_defaults = {
|
|
121 |
+ 'login_defs' => 0, # Open Solaris doesn't have a login.defs file.
|
|
122 |
+ 'shell' => '/bin/bash',
|
|
123 |
+ 'group' => 'users',
|
|
124 |
+ 'skel_dir' => '/etc/skel/',
|
|
125 |
+ 'home_prefix' => '/export/home/$user',
|
|
126 |
+ 'gmin' => 1000,
|
|
127 |
+ 'gmax' => 2147483647, # Based on MAXUID from sys/param.h
|
|
128 |
+ 'umin' => 1000,
|
|
129 |
+ 'umax' => 2147483647, # Based on MAXUID from sys/param.h
|
|
130 |
+};
|
|
131 |
+
|
|
132 |
+my $solaris_logindefs_defaults = {
|
|
133 |
+ 'login_defs' => 0, # Open Solaris doesn't have a login.defs file.
|
|
134 |
+ 'shell' => '/bin/bash',
|
|
135 |
+ 'group' => 'users',
|
|
136 |
+ 'skel_dir' => '/etc/skel/',
|
|
137 |
+ 'home_prefix' => '/home/$user',
|
|
138 |
+ 'gmin' => 1000,
|
|
139 |
+ 'gmax' => 2147483647, # Based on MAXUID from sys/param.h
|
|
140 |
+ 'umin' => 1000,
|
|
141 |
+ 'umax' => 2147483647, # Based on MAXUID from sys/param.h
|
|
142 |
+};
|
|
143 |
+
|
|
144 |
my $rh_logindefs_defaults = {
|
|
145 |
'shell' => '/bin/bash',
|
|
146 |
'group' => '$user',
|
8436
|
147 |
@@ -362,6 +441,8 @@
|
7860
|
148 |
'debian-2.2' => $rh_logindefs_defaults,
|
|
149 |
'debian-3.0' => $rh_logindefs_defaults,
|
|
150 |
'debian-sarge' => $rh_logindefs_defaults,
|
|
151 |
+ 'nexenta-1.0' => $nexenta_logindefs_defaults,
|
|
152 |
+ 'solaris-2.11' => $solaris_logindefs_defaults,
|
|
153 |
'vine-3.0' => $rh_logindefs_defaults,
|
|
154 |
'vine-3.1' => $rh_logindefs_defaults,
|
|
155 |
'gentoo' => $gentoo_logindefs_defaults,
|
8436
|
156 |
@@ -419,7 +500,8 @@
|
|
157 |
my ($a1, $a2) = @_;
|
|
158 |
my $i;
|
|
159 |
|
|
160 |
- return -1 if ($#$a1 != $#$a2);
|
|
161 |
+ return 0 if ( ( $#$a1 < 0 || $#$a2 < 0 ) && $#$a1 == $#$a2 );
|
|
162 |
+ return -1 if ($#$a1 != $#$a2 || $#$a1 < 0 || $#$a2 < 0 );
|
|
163 |
|
|
164 |
for ($i = 0; $i <= $#$a1; $i++) {
|
|
165 |
if (ref ($$a1[$i]) eq "ARRAY") { # see if this is a reference.
|
|
166 |
@@ -453,6 +535,7 @@
|
8121
|
167 |
&read_passwd_shadow (\%hash);
|
|
168 |
&read_profiledb (\%hash);
|
|
169 |
&read_shells (\%hash);
|
|
170 |
+ &read_rbac (\%hash) if ( $gst_dist =~ /^solaris/);
|
|
171 |
|
|
172 |
return \%hash;
|
|
173 |
}
|
8436
|
174 |
@@ -553,11 +636,11 @@
|
7860
|
175 |
}
|
|
176 |
else
|
|
177 |
{
|
|
178 |
- # Put safe defaults for distros/OS that don't have any defaults file
|
|
179 |
- $logindefs->{"umin"} = '1000';
|
|
180 |
- $logindefs->{"umax"} = '60000';
|
|
181 |
- $logindefs->{"gmin"} = '1000';
|
|
182 |
- $logindefs->{"gmax"} = '60000';
|
|
183 |
+ # Put safe defaults for distros/OS that don't have any defaults set
|
|
184 |
+ $logindefs->{"umin"} = '1000' unless ($logindefs->{"umin"});
|
|
185 |
+ $logindefs->{"umax"} = '60000' unless ($logindefs->{"umax"});
|
|
186 |
+ $logindefs->{"gmin"} = '1000' unless ($logindefs->{"gmin"});
|
|
187 |
+ $logindefs->{"gmax"} = '60000' unless ($logindefs->{"gmax"});
|
|
188 |
}
|
|
189 |
}
|
|
190 |
|
8436
|
191 |
@@ -602,6 +685,7 @@
|
8121
|
192 |
my ($ifh, @users, %users_hash, $passwd_last_modified);
|
|
193 |
my (@line, $copy, %tmphash);
|
|
194 |
my $login_pos = $users_prop_map{"login"};
|
8436
|
195 |
+ #my (%users_rbac_profiles);
|
8121
|
196 |
my $i = 0;
|
|
197 |
|
|
198 |
# Find the passwd file.
|
8436
|
199 |
@@ -660,6 +744,22 @@
|
8121
|
200 |
|
|
201 |
&gst_file_close ($ifh);
|
|
202 |
}
|
|
203 |
+ if ($gst_dist =~ /^solaris/ ) {
|
8436
|
204 |
+ my $rbac_pos = $users_prop_map{"rbac"};
|
8121
|
205 |
+ my ($fd);
|
|
206 |
+ foreach $user (@users) {
|
|
207 |
+ my @profiles;
|
|
208 |
+ my $logname = $$user[1];
|
|
209 |
+ my $command = $cmd_profiles . " " . $logname;
|
|
210 |
+ $fd = &gst_file_run_pipe_read( $command );
|
|
211 |
+ @profiles = <$fd>;
|
|
212 |
+ &gst_file_close($fd);
|
8436
|
213 |
+ # $users_rbac_profiles{$logname} = \@profiles;
|
|
214 |
+ chomp( @profiles );
|
|
215 |
+ @{$tmphash{$logname}}[$rbac_pos] = \@profiles;
|
8121
|
216 |
+ }
|
8436
|
217 |
+ #$$hash{"users_rbac_profiles"} = \%users_rbac_profiles;
|
8121
|
218 |
+ }
|
|
219 |
|
|
220 |
$$hash{"users"} = \@users;
|
|
221 |
$$hash{"users_hash"} = \%users_hash;
|
8436
|
222 |
@@ -740,7 +840,40 @@
|
7860
|
223 |
push (@shells, "/bin/false") if (stat ("/bin/false"));
|
|
224 |
|
|
225 |
$ifh = &gst_file_open_read_from_names(@shell_names);
|
|
226 |
- return unless $ifh;
|
|
227 |
+ unless ($ifh)
|
|
228 |
+ {
|
|
229 |
+ if ($gst_dist =~ /solaris/)
|
|
230 |
+ {
|
|
231 |
+ push (@shells, "/bin/bash");
|
|
232 |
+ push (@shells, "/bin/csh");
|
|
233 |
+ push (@shells, "/bin/jsh");
|
|
234 |
+ push (@shells, "/bin/ksh");
|
|
235 |
+ push (@shells, "/bin/pfcsh");
|
|
236 |
+ push (@shells, "/bin/pfksh");
|
|
237 |
+ push (@shells, "/bin/pfsh");
|
|
238 |
+ push (@shells, "/bin/sh");
|
|
239 |
+ push (@shells, "/bin/tcsh");
|
|
240 |
+ push (@shells, "/bin/zsh");
|
|
241 |
+ push (@shells, "/sbin/jsh");
|
|
242 |
+ push (@shells, "/sbin/jsh");
|
|
243 |
+ push (@shells, "/sbin/pfsh");
|
|
244 |
+ push (@shells, "/sbin/sh");
|
|
245 |
+ push (@shells, "/usr/bin/bash");
|
|
246 |
+ push (@shells, "/usr/bin/csh");
|
|
247 |
+ push (@shells, "/usr/bin/jsh");
|
|
248 |
+ push (@shells, "/usr/bin/ksh");
|
|
249 |
+ push (@shells, "/usr/bin/pfcsh");
|
|
250 |
+ push (@shells, "/usr/bin/pfksh");
|
|
251 |
+ push (@shells, "/usr/bin/pfsh");
|
|
252 |
+ push (@shells, "/usr/bin/sh");
|
|
253 |
+ push (@shells, "/usr/bin/tcsh");
|
|
254 |
+ push (@shells, "/usr/bin/zsh");
|
|
255 |
+ push (@shells, "/usr/xpg4/bin/sh");
|
|
256 |
+ $$hash{"shelldb"} = \@shells;
|
|
257 |
+ }
|
|
258 |
+ return;
|
|
259 |
+ }
|
|
260 |
+
|
|
261 |
|
|
262 |
while (<$ifh>)
|
|
263 |
{
|
8436
|
264 |
@@ -879,6 +1012,11 @@
|
7860
|
265 |
{
|
|
266 |
$command = "$cmd_pw usermod -n " . $username . " -c \'" . $comment . "\'";
|
|
267 |
}
|
|
268 |
+ elsif ($gst_dist =~ /^solaris/)
|
|
269 |
+ {
|
|
270 |
+ ($fname, $office, $office_phone, $home_phone) = @line;
|
|
271 |
+ $command = "$cmd_usermod" . " -c \'" . $fname . "\' " . $username;
|
|
272 |
+ }
|
|
273 |
else
|
|
274 |
{
|
|
275 |
($fname, $office, $office_phone, $home_phone) = @line;
|
8436
|
276 |
@@ -886,7 +1024,7 @@
|
7860
|
277 |
$fname = "-f \'" . $fname . "\'";
|
|
278 |
$home_phone = "-h \'" . $home_phone . "\'";
|
|
279 |
|
|
280 |
- if ($gst_dist =~ /^debian/ || $gst_dist =~ /^archlinux/)
|
|
281 |
+ if ($gst_dist =~ /^debian/ || $gst_dist =~ /^archlinux/ || $gst_dist =~ /^nexenta/)
|
|
282 |
{
|
|
283 |
$office = "-r \'" . $office . "\'";
|
|
284 |
$office_phone = "-w \'" . $office_phone . "\'";
|
8436
|
285 |
@@ -903,6 +1041,30 @@
|
7860
|
286 |
&gst_file_run ($command);
|
|
287 |
}
|
|
288 |
|
|
289 |
+$service = "passwd";
|
|
290 |
+$username = "";
|
|
291 |
+$newpassword = "";
|
|
292 |
+
|
|
293 |
+sub my_conv_func {
|
|
294 |
+ my @res;
|
|
295 |
+ while ( @_ ) {
|
|
296 |
+ my $code = shift;
|
|
297 |
+ my $msg = shift;
|
|
298 |
+ my $ans = "";
|
|
299 |
+
|
|
300 |
+ $ans = $username if ($code == PAM_PROMPT_ECHO_ON() );
|
|
301 |
+ if ($code == PAM_PROMPT_ECHO_OFF() ) {
|
|
302 |
+ $ans = $newpassword;
|
|
303 |
+ $ans = $newpassword;
|
|
304 |
+
|
|
305 |
+ }
|
|
306 |
+
|
|
307 |
+ push @res, (PAM_SUCCESS(),$ans);
|
|
308 |
+ }
|
|
309 |
+ push @res, PAM_SUCCESS();
|
|
310 |
+ return @res;
|
|
311 |
+}
|
|
312 |
+
|
|
313 |
sub add_user
|
|
314 |
{
|
|
315 |
my ($data) = @_;
|
8436
|
316 |
@@ -932,6 +1094,38 @@
|
7860
|
317 |
print $pwdpipe $$data[$users_prop_map{"password"}];
|
|
318 |
&gst_file_close ($pwdpipe);
|
|
319 |
}
|
|
320 |
+ elsif ($gst_dist =~ /^nexenta/)
|
|
321 |
+ {
|
|
322 |
+ my $pwdpipe;
|
|
323 |
+ $home_parents = $$data[$users_prop_map{"home"}];
|
|
324 |
+ $home_parents =~ s/\/+[^\/]+\/*$//;
|
|
325 |
+ &gst_file_run ("$tool_mkdir -p $home_parents");
|
|
326 |
+
|
|
327 |
+ $command = "$cmd_useradd" . " -d \'" . $$data[$users_prop_map{"home"}] .
|
|
328 |
+ "\' -g \'" . $$data[$users_prop_map{"gid"}] .
|
|
329 |
+ "\' -s \'" . $$data[$users_prop_map{"shell"}] .
|
|
330 |
+ "\' -u \'" . $$data[$users_prop_map{"uid"}] .
|
|
331 |
+ "\' \'" . $$data[$users_prop_map{"login"}] . "\'";
|
|
332 |
+ &gst_file_run ($command);
|
|
333 |
+ &gst_file_run("echo " . $$data[$users_prop_map{"login"}] . ":" . $$data[$users_prop_map{"password"}] . " | chpasswd -e");
|
|
334 |
+ }
|
|
335 |
+ elsif ($gst_dist =~ /^solaris/)
|
|
336 |
+ {
|
|
337 |
+ $home_parents = $$data[$users_prop_map{"home"}];
|
|
338 |
+ $home_parents =~ s/\/+[^\/]+\/*$//;
|
|
339 |
+ &gst_file_run ("$tool_mkdir -p $home_parents");
|
|
340 |
+
|
|
341 |
+ $command = "$cmd_useradd" . " -d \'" . $$data[$users_prop_map{"home"}] .
|
|
342 |
+ "\' -g \'" . $$data[$users_prop_map{"gid"}] .
|
|
343 |
+ "\' -m -s \'" . $$data[$users_prop_map{"shell"}] .
|
|
344 |
+ "\' -u \'" . $$data[$users_prop_map{"uid"}] .
|
|
345 |
+ "\' \'" . $$data[$users_prop_map{"login"}] . "\'";
|
|
346 |
+ &gst_file_run ($command);
|
|
347 |
+ $username = $$data[$users_prop_map{"login"}];
|
|
348 |
+ $newpassword = $$data[$users_prop_map{"password"}];
|
|
349 |
+ ref($pamh = new Authen::PAM($service, $username, \&my_conv_func));
|
|
350 |
+ $pamh->pam_chauthtok(PAM_NO_AUTHTOK_CHECK());
|
|
351 |
+ }
|
|
352 |
else
|
|
353 |
{
|
|
354 |
$home_parents = $$data[$users_prop_map{"home"}];
|
8436
|
355 |
@@ -967,9 +1161,76 @@
|
7860
|
356 |
" -H 0"; # pw(8) reads password from STDIN
|
|
357 |
|
|
358 |
$pwdpipe = &gst_file_run_pipe($command, $GST_FILE_WRITE);
|
|
359 |
- print $pwdpipe $$data[$users_prop_map{"password"}];
|
|
360 |
+ print $pwdpipe $$new_data[$users_prop_map{"password"}];
|
|
361 |
&gst_file_close ($pwdpipe);
|
|
362 |
}
|
|
363 |
+ elsif ($gst_dist =~ /^nexenta/)
|
|
364 |
+ {
|
|
365 |
+ $command = "$cmd_usermod" . " -d \'" . $$new_data[$users_prop_map{"home"}] .
|
|
366 |
+ "\' -g \'" . $$new_data[$users_prop_map{"gid"}] .
|
|
367 |
+ "\' -l \'" . $$new_data[$users_prop_map{"login"}] .
|
|
368 |
+ "\' -s \'" . $$new_data[$users_prop_map{"shell"}] .
|
|
369 |
+ "\' -u \'" . $$new_data[$users_prop_map{"uid"}] .
|
|
370 |
+ "\' \'" . $$old_data[$users_prop_map{"login"}] . "\'";
|
|
371 |
+ &gst_file_run ($command);
|
|
372 |
+ &gst_file_run("echo " . $$new_data[$users_prop_map{"login"}] . ":" . $$new_data[$users_prop_map{"password"}] . " | chpasswd -e");
|
|
373 |
+ }
|
|
374 |
+ elsif ($gst_dist =~ /^solaris/)
|
|
375 |
+ {
|
|
376 |
+ $command = "$cmd_usermod" ;
|
|
377 |
+
|
|
378 |
+ $command .= " -u \'" . $$new_data[$users_prop_map{"uid"}] . "\'"
|
|
379 |
+ if ( $$new_data[$users_prop_map{"uid"}] ne $$old_data[$users_prop_map{"uid"}] );
|
|
380 |
+ $command .= " -g \'" . $$new_data[$users_prop_map{"gid"}] . "\'"
|
|
381 |
+ if ( $$new_data[$users_prop_map{"gid"}] ne $$old_data[$users_prop_map{"gid"}] );
|
|
382 |
+ $command .= " -d \'" . $$new_data[$users_prop_map{"home"}] . "\'"
|
|
383 |
+ if ( $$new_data[$users_prop_map{"home"}] ne $$old_data[$users_prop_map{"home"}] );
|
|
384 |
+ $command .= " -s \'" . $$new_data[$users_prop_map{"shell"}] . "\'"
|
|
385 |
+ if ( $$new_data[$users_prop_map{"shell"}] ne $$old_data[$users_prop_map{"shell"}] );
|
8436
|
386 |
+
|
|
387 |
+ if ($$new_data[$users_prop_map{"rbac"}] ne undef ) {
|
|
388 |
+ my (@profiles, $old_user_profiles, $new_user_profiles );
|
|
389 |
+ $old_user_profiles = $$old_data[$users_prop_map{"rbac"}];
|
|
390 |
+ $new_user_profiles = $$new_data[$users_prop_map{"rbac"}];
|
|
391 |
+ @profiles = ();
|
|
392 |
+ if ( $old_user_profiles eq undef ) {
|
|
393 |
+ # All new profiles, so just use directly
|
|
394 |
+ &gst_report("RBAC profiles created for ". $$old_data[$users_prop_map{"login"}] );
|
|
395 |
+ push( @profiles, @$new_user_profiles );
|
|
396 |
+ }
|
|
397 |
+ else {
|
|
398 |
+ my @sorted_old_user_profiles = sort(@$old_user_profiles);
|
|
399 |
+ my @sorted_new_user_profiles = sort(@$new_user_profiles);
|
|
400 |
+ if ( &arr_cmp_recurse( \@sorted_new_user_profiles, \@sorted_old_user_profiles) ) {
|
|
401 |
+ &gst_report("RBAC profiles changed for ". $$old_data[$users_prop_map{"login"}] );
|
|
402 |
+ push( @profiles, @sorted_new_user_profiles );
|
|
403 |
+ }
|
|
404 |
+ }
|
|
405 |
+ if ( $#profiles >= 0 ) {
|
|
406 |
+ my $profiles_str = "";
|
|
407 |
+ foreach ( @profiles ) {
|
|
408 |
+ $profiles_str .= ',' unless ( $profiles_str eq "" );
|
|
409 |
+ $profiles_str .= $_;
|
|
410 |
+ }
|
|
411 |
+ $command .= " -P \'" . $profiles_str . "\'";
|
|
412 |
+ }
|
|
413 |
+ }
|
7860
|
414 |
+ # If there's nothing to change, then don't...
|
|
415 |
+ if ( $command ne $cmd_usermod ) {
|
8436
|
416 |
+ $command .= " \'" . $$old_data[$users_prop_map{"login"}] . "\'";
|
7860
|
417 |
+ &gst_file_run ($command);
|
|
418 |
+ }
|
|
419 |
+ $username = $$old_data[$users_prop_map{"login"}];
|
|
420 |
+ $oldpassword = $$old_data[$users_prop_map{"password"}];
|
|
421 |
+ $newpassword = $$new_data[$users_prop_map{"password"}];
|
|
422 |
+ # Should only change password if old and new differ - this is especially
|
|
423 |
+ # important since the old password is usually the "crypted" one!! Only if
|
|
424 |
+ # it's different has a user entered a clear string here.
|
8436
|
425 |
+ if ( $newpassword ne undef && $newpassword ne $oldpassword ) {
|
7860
|
426 |
+ ref($pamh = new Authen::PAM($service, $username, \&my_conv_func));
|
|
427 |
+ $pamh->pam_chauthtok(PAM_NO_AUTHTOK_CHECK());
|
|
428 |
+ }
|
|
429 |
+ }
|
|
430 |
else
|
|
431 |
{
|
|
432 |
$command = "$cmd_usermod" . " -d \'" . $$new_data[$users_prop_map{"home"}] .
|
8436
|
433 |
@@ -1026,8 +1287,24 @@
|
7860
|
434 |
|
|
435 |
foreach $user (@$u)
|
|
436 |
{
|
|
437 |
- $command = "$cmd_gpasswd -a \'" . $user .
|
|
438 |
- "\' " . $$data[$groups_prop_map{"name"}];
|
|
439 |
+ if ($gst_dist =~ /^solaris/)
|
|
440 |
+ {
|
|
441 |
+ my ($groups, @a);
|
|
442 |
+ $command = "groups \'" . $user . "\'";
|
|
443 |
+ $groups = &gst_file_run_backtick ($command);
|
|
444 |
+ chomp ($groups);
|
|
445 |
+ @a = split (/ /, $groups);
|
|
446 |
+ $groups = join (',', @a);
|
|
447 |
+
|
|
448 |
+ $command = "$cmd_usermod -G " . $groups . "," .
|
|
449 |
+ $$data[$groups_prop_map{"name"}] . " " .
|
|
450 |
+ $user . " ";
|
|
451 |
+ }
|
|
452 |
+ else
|
|
453 |
+ {
|
|
454 |
+ $command = "$cmd_gpasswd -a \'" . $user .
|
|
455 |
+ "\' " . $$data[$groups_prop_map{"name"}];
|
|
456 |
+ }
|
|
457 |
&gst_file_run ($command);
|
|
458 |
}
|
|
459 |
}
|
8436
|
460 |
@@ -1069,25 +1346,62 @@
|
7860
|
461 |
$max_o = $#$o;
|
|
462 |
for ($i = 0, $j = 0; $i <= &max ($max_n, $max_o); ) {
|
|
463 |
$r = $$n[$i] cmp $$o[$j];
|
|
464 |
- $r *= -1 if (($$o[$j] eq "") || ($$n[$i] eq ""));
|
|
465 |
|
|
466 |
- if ($r < 0) { # add this user to the group.
|
|
467 |
- $command = "$cmd_gpasswd -a \'" . $$n[$i] . "\' \'" .
|
|
468 |
- $$new_data[$groups_prop_map{"name"}] . "\'";
|
|
469 |
+ if ($r > 0) { # add this user to the group.
|
|
470 |
+ if ($gst_dist =~ /^solaris/)
|
|
471 |
+ {
|
|
472 |
+ my ($groups, @a);
|
|
473 |
+ $command = "groups \'" . $$n[$i] . "\'";
|
|
474 |
+ $groups = &gst_file_run_backtick ($command);
|
|
475 |
+ chomp ($groups);
|
|
476 |
+ @a = split (/ /, $groups);
|
|
477 |
+ $groups = join (',', @a);
|
|
478 |
+
|
|
479 |
+ $command = "$cmd_usermod -G " . $groups . "," .
|
|
480 |
+ $$new_data[$groups_prop_map{"name"}] . " " .
|
|
481 |
+ $$n[$i] . " ";
|
|
482 |
+ }
|
|
483 |
+ else
|
|
484 |
+ {
|
|
485 |
+ $command = "$cmd_gpasswd -a " . $$n[$i] . " " . $$new_data[$groups_prop_map{"name"}] . " ";
|
|
486 |
+ }
|
|
487 |
$i ++;
|
|
488 |
-
|
|
489 |
+
|
|
490 |
&gst_file_run ($command);
|
|
491 |
- } elsif ($r > 0) { # delete the user from the group.
|
|
492 |
- $command = "$cmd_gpasswd -d \'" . $$o[$j] . "\' \'" .
|
|
493 |
- $$new_data[$groups_prop_map{"name"}] . "\'";
|
|
494 |
+ } elsif ($r < 0) { # delete the user from the group.
|
|
495 |
+ if ($gst_dist =~ /^solaris/)
|
|
496 |
+ {
|
|
497 |
+ my ($groups, @a, $k);
|
|
498 |
+ $command = "groups \'" . $$o[$j] . "\'";
|
|
499 |
+ $groups = &gst_file_run_backtick ($command);
|
|
500 |
+ chomp ($groups);
|
|
501 |
+ @a = split (/ /, $groups);
|
|
502 |
+ for ($k = 0; $k < $#a + 1; $k++)
|
|
503 |
+ {
|
|
504 |
+ if ($a[$k] eq $$new_data[$groups_prop_map{"name"}])
|
|
505 |
+ {
|
|
506 |
+ splice (@a, $k, 1);
|
|
507 |
+ last;
|
|
508 |
+ }
|
|
509 |
+ }
|
|
510 |
+ $groups = join (',', @a);
|
|
511 |
+
|
|
512 |
+ $command = "$cmd_usermod -G " . $groups . " " .
|
|
513 |
+ $$o[$j] . " ";
|
|
514 |
+ }
|
|
515 |
+ else
|
|
516 |
+ {
|
|
517 |
+ $command = "$cmd_gpasswd -d \'" . $$o[$j] . "\' \'" .
|
|
518 |
+ $$new_data[$groups_prop_map{"name"}] . "\'";
|
|
519 |
+ }
|
|
520 |
$j ++;
|
|
521 |
-
|
|
522 |
+
|
|
523 |
&gst_file_run ($command);
|
|
524 |
- } else { # The information is the same. Go to next tuple.
|
|
525 |
+ } else { # The information is the same. Go to next tuple.
|
|
526 |
$i ++; $j ++;
|
|
527 |
- }
|
|
528 |
- }
|
|
529 |
- }
|
|
530 |
+ }
|
|
531 |
+ }
|
|
532 |
+ }
|
|
533 |
}
|
|
534 |
}
|
|
535 |
|
8436
|
536 |
@@ -1204,8 +1518,10 @@
|
7860
|
537 |
elsif ($$tree[0] eq "group_last_modified") { &xml_parse_group_last_modified ($$tree[1], $hash); }
|
|
538 |
elsif ($$tree[0] eq "userdb") { &xml_parse_userdb ($$tree[1], $hash); }
|
|
539 |
elsif ($$tree[0] eq "groupdb") { &xml_parse_groupdb ($$tree[1], $hash); }
|
|
540 |
+ elsif ($$tree[0] eq "use_md5") { }
|
|
541 |
elsif ($$tree[0] eq "shelldb") { }
|
|
542 |
elsif ($$tree[0] eq "profiledb") { &xml_parse_profiledb ($$tree[1], $hash); }
|
8436
|
543 |
+ elsif ($$tree[0] eq "rbacdb") { } # if rbacdb is there ignore, can't be changed.
|
7860
|
544 |
else
|
8436
|
545 |
{
|
|
546 |
&gst_report ("xml_unexp_tag", $$tree[0]);
|
|
547 |
@@ -1268,10 +1584,39 @@
|
|
548 |
|
|
549 |
while (@$tree)
|
|
550 |
{
|
|
551 |
- if ($users_prop_map{$$tree[0]} ne undef)
|
|
552 |
+ if ($users_prop_map{$$tree[0]} ne undef && $$tree[0] ne "rbac")
|
|
553 |
{
|
|
554 |
$line[$users_prop_map{$$tree[0]}] = &gst_xml_unquote($$tree[1][2]);
|
|
555 |
}
|
|
556 |
+ elsif ($$tree[0] eq "rbac")
|
|
557 |
+ {
|
|
558 |
+ my $rbac = $$tree[1]; # rbac children
|
|
559 |
+ shift @$rbac; # Skip attributes
|
|
560 |
+ my $rbac_profiles = $$rbac[1]; # rbac children
|
|
561 |
+ shift @$rbac_profiles; # Skip attributes
|
|
562 |
+
|
|
563 |
+ my @user_profiles;
|
|
564 |
+ # my $users_rbac_profiles = $$hash{"users_rbac_profiles"};
|
|
565 |
+
|
|
566 |
+ # if ( $users_rbac_profiles eq undef ) { # Allocate a new one if none exists
|
|
567 |
+ # my %dummy = ();
|
|
568 |
+ # $users_rbac_profiles = \%dummy;
|
|
569 |
+ # $$hash{"users_rbac_profiles"} = $users_rbac_profiles;
|
|
570 |
+ #}
|
|
571 |
+
|
|
572 |
+ # First include "All" special profile - needs to be always there.
|
|
573 |
+ push(@user_profiles, "All" );
|
|
574 |
+
|
|
575 |
+ while (@$rbac_profiles) {
|
|
576 |
+ my $profile = $$rbac_profiles[1][2];
|
|
577 |
+ push(@user_profiles, $profile ) unless ( $profile eq "All" ); # only include once
|
|
578 |
+ shift( @$rbac_profiles );
|
|
579 |
+ shift( @$rbac_profiles );
|
|
580 |
+ }
|
|
581 |
+ #$$users_rbac_profiles{ $line[$users_prop_map{"login"}] } = \@user_profiles;
|
|
582 |
+ #XXX Here
|
|
583 |
+ $line[$users_prop_map{$$tree[0]}] = \@user_profiles;
|
|
584 |
+ }
|
|
585 |
else
|
|
586 |
{
|
|
587 |
&gst_report ("xml_unexp_tag", $$tree[0]);
|
|
588 |
@@ -1323,6 +1668,7 @@
|
7860
|
589 |
if ($$tree[0] eq "users") { $line[$groups_prop_map{$$tree[0]}] = $$tree[1]; }
|
|
590 |
else { $line[$groups_prop_map{$$tree[0]}] = $$tree[1][2]; }
|
|
591 |
}
|
|
592 |
+ elsif ($$tree[0] eq "allows_to") { }
|
|
593 |
else
|
|
594 |
{
|
|
595 |
&gst_report ("xml_unexp_tag", $$tree[0]);
|
8436
|
596 |
@@ -1487,11 +1833,18 @@
|
8121
|
597 |
my ($hash) = @_;
|
|
598 |
my ($key, $value, $i, $j, $k);
|
|
599 |
my ($passwd_last_modified, $users, $desc);
|
8436
|
600 |
+ # my ($users_rbac_profiles);
|
8121
|
601 |
+ my ($rbac, $rbac_profiles);
|
|
602 |
|
|
603 |
$passwd_last_modified = $$hash{"passwd_last_modified"};
|
|
604 |
$users = $$hash{"users"};
|
|
605 |
$group_last_modified = $$hash{"group_last_modified"};
|
|
606 |
$groups = $$hash{"groups"};
|
|
607 |
+ if ( $gst_dist =~ /^solaris/ ) {
|
|
608 |
+ $rbac = $$hash{"rbacdb"};
|
|
609 |
+ $rbac_profiles = $$rbac{"rbac_profiles"};
|
8436
|
610 |
+ # $users_rbac_profiles = $$hash{"users_rbac_profiles"};
|
8121
|
611 |
+ }
|
|
612 |
|
|
613 |
&gst_xml_print_begin ();
|
|
614 |
|
8436
|
615 |
@@ -1519,8 +1872,23 @@
|
|
616 |
&gst_xml_container_enter ('user');
|
|
617 |
for ($j = 0; $j < ($#users_prop_array - 1) / 2; $j++)
|
8121
|
618 |
{
|
8436
|
619 |
- &gst_xml_print_pcdata ($users_prop_map{$j}, $$i[$j]);
|
|
620 |
+ if ( $users_prop_map{$j} eq "rbac" && $gst_dist =~ /^solaris/ ) {
|
|
621 |
+ my ($user_profiles);
|
|
622 |
+ &gst_xml_container_enter ('rbac');
|
|
623 |
+ &gst_xml_container_enter ('rbac_profiles');
|
|
624 |
+ # $user_profiles = $$users_rbac_profiles{$$i[1]};
|
|
625 |
+ $user_profiles = $$i[$j];
|
|
626 |
+ foreach $prof ( @$user_profiles ) {
|
|
627 |
+ &gst_xml_print_pcdata ("rbac_profile", $prof);
|
|
628 |
+ }
|
|
629 |
+ &gst_xml_container_leave ();
|
|
630 |
+ &gst_xml_container_leave ();
|
|
631 |
+ }
|
|
632 |
+ else {
|
|
633 |
+ &gst_xml_print_pcdata ($users_prop_map{$j}, $$i[$j]);
|
|
634 |
+ }
|
8121
|
635 |
}
|
|
636 |
+
|
|
637 |
&gst_xml_container_leave ();
|
|
638 |
}
|
|
639 |
&gst_xml_container_leave ();
|
8436
|
640 |
@@ -1559,9 +1927,30 @@
|
8121
|
641 |
&gst_xml_container_leave ();
|
|
642 |
}
|
|
643 |
&gst_xml_container_leave ();
|
|
644 |
- &gst_xml_print_vspace ();
|
|
645 |
|
|
646 |
- &gst_xml_print_end ();
|
|
647 |
+ if ( $gst_dist =~ /^solaris/ ) {
|
|
648 |
+ &gst_xml_print_vspace ();
|
|
649 |
+
|
|
650 |
+ &gst_xml_print_comment ('Now the RBAC Profiles');
|
|
651 |
+ &gst_xml_print_vspace ();
|
|
652 |
+
|
|
653 |
+ &gst_xml_container_enter ('rbacdb');
|
|
654 |
+ &gst_xml_container_enter ('rbac_profiles');
|
|
655 |
+
|
|
656 |
+ foreach $prof ( sort keys %$rbac_profiles )
|
|
657 |
+ {
|
|
658 |
+ &gst_xml_print_vspace ();
|
|
659 |
+ &gst_xml_container_enter ('rbac_profile');
|
|
660 |
+ &gst_xml_print_pcdata ('name', $prof );
|
|
661 |
+ &gst_xml_print_pcdata ('description', $$rbac_profiles{$prof} );
|
|
662 |
+ &gst_xml_container_leave ();
|
|
663 |
+ }
|
|
664 |
+ &gst_xml_container_leave ();
|
|
665 |
+ &gst_xml_container_leave ();
|
|
666 |
+ &gst_xml_print_vspace ();
|
|
667 |
+ }
|
|
668 |
+
|
|
669 |
+ &gst_xml_print_end ();
|
|
670 |
}
|
|
671 |
|
|
672 |
|
8436
|
673 |
@@ -1590,6 +1979,7 @@
|
8121
|
674 |
&gst_file_backup ($_) foreach (@passwd_names);
|
|
675 |
&gst_file_backup ($_) foreach (@shadow_names);
|
|
676 |
&gst_file_backup ($_) foreach (@group_names);
|
|
677 |
+ &gst_file_backup ($_) foreach (@rbac_names);
|
|
678 |
|
|
679 |
&write_profiledb ($hash);
|
|
680 |
&write_group_passwd ($hash);
|
8436
|
681 |
@@ -1627,6 +2017,7 @@
|
7860
|
682 |
$tool = &gst_init ($name, $version, $description, $directives, @ARGV);
|
|
683 |
&gst_platform_ensure_supported ($tool, @platforms);
|
|
684 |
|
|
685 |
+&get_users_prop_array ();
|
|
686 |
&get_login_defs_prop_array ();
|
|
687 |
&get_profiles_prop_array ();
|
|
688 |
|
|
689 |
|