author | mattman |
Mon, 13 Aug 2007 17:31:35 +0000 | |
changeset 10303 | cf9f0c6127b2 |
parent 9165 | e6b1518f60ba |
child 10454 | 5358e2411d36 |
permissions | -rwxr-xr-x |
8847 | 1 |
diff -u system-tools-backends-1.4.2/users-conf.in-orig system-tools-backends-1.4.2/users-conf.in |
9165 | 2 |
--- system-tools-backends-1.4.2/users-conf.in-orig 2006-01-02 15:48:06.000000000 +0000 |
3 |
+++ system-tools-backends-1.4.2/users-conf.in 2007-02-02 15:53:30.243300000 +0000 |
|
7860 | 4 |
@@ -47,6 +47,8 @@ |
5 |
# pw: modifying users/groups and user/group data on FreeBSD. |
|
6 |
||
7 |
||
8 |
+use Authen::PAM; |
|
9 |
+ |
|
10 |
BEGIN { |
|
11 |
$SCRIPTSDIR = "@scriptsdir@"; |
|
12 |
if ($SCRIPTSDIR =~ /^@scriptsdir[@]/) |
|
13 |
@@ -74,6 +76,7 @@ |
|
14 |
"mandrake-7.1", "mandrake-7.2", "mandrake-9.0", "mandrake-9.1", "mandrake-9.2", |
|
15 |
"mandrake-10.0", "mandrake-10.1", |
|
16 |
"debian-2.2", "debian-3.0", "debian-sarge", |
|
17 |
+ "nexenta-1.0", "solaris-2.11", |
|
18 |
"suse-7.0", "suse-9.0", "suse-9.1", "turbolinux-7.0", |
|
19 |
"slackware-8.0.0", "slackware-8.1", "slackware-9.0.0", "slackware-9.1.0", "slackware-10.0.0", "slackware-10.1.0", "slackware-10.2.0", |
|
20 |
"freebsd-4", "freebsd-5", "freebsd-6", |
|
8121 | 21 |
@@ -93,6 +96,7 @@ |
22 |
@passwd_names = ( "/etc/passwd" ); |
|
23 |
@shadow_names = ( "/etc/shadow", "/etc/master.passwd" ); |
|
24 |
@group_names = ( "/etc/group" ); |
|
25 |
+@rbac_names = ( "/etc/user_attr" ); # Files that will be changed by RBAC commands |
|
26 |
@login_defs_names = ( "/etc/login.defs", "/etc/adduser.conf" ); |
|
27 |
@shell_names = ( "/etc/shells" ); |
|
28 |
@skel_dir = ( "/usr/share/skel", "/etc/skel" ); |
|
9165 | 29 |
@@ -111,13 +115,38 @@ |
8121 | 30 |
$cmd_gpasswd = &gst_file_locate_tool ("gpasswd"); |
31 |
$cmd_chfn = &gst_file_locate_tool ("chfn"); |
|
32 |
$cmd_pw = &gst_file_locate_tool ("pw"); |
|
33 |
+$cmd_profiles = &gst_file_locate_tool ("profiles"); |
|
34 |
||
7860 | 35 |
# --- Mapping constants --- # |
36 |
||
37 |
%users_prop_map = (); |
|
38 |
+ |
|
39 |
+sub get_users_prop_array |
|
40 |
+{ |
|
41 |
@users_prop_array = (); |
|
42 |
||
43 |
-if ($$tool{"platform"} eq "Linux") |
|
8436 | 44 |
+if ($$tool{"system"} eq "Linux") |
45 |
+{ |
|
46 |
+ @users_prop_array = ( |
|
47 |
+ "key", 0, |
|
48 |
+ "login", 1, |
|
49 |
+ "password", 2, |
|
50 |
+ "uid", 3, |
|
51 |
+ "gid", 4, |
|
52 |
+ "comment", 5, |
|
53 |
+ "home", 6, |
|
54 |
+ "shell", 7, |
|
55 |
+ "last_mod", 8, # Read shadow (5) for these. |
|
56 |
+ "passwd_min_life", 9, |
|
57 |
+ "passwd_max_life", 10, |
|
58 |
+ "passwd_exp_warn", 11, |
|
59 |
+ "passwd_exp_disable", 12, |
|
60 |
+ "passwd_disable", 13, |
|
61 |
+ "reserved", 14, |
|
62 |
+ "is_shadow", 15, |
|
63 |
+ "", ""); |
|
64 |
+} |
|
9165 | 65 |
+if ($$tool{"system"} eq "SunOS") |
7860 | 66 |
{ |
67 |
@users_prop_array = ( |
|
9165 | 68 |
"key", 0, |
69 |
@@ -136,6 +165,7 @@ |
|
70 |
"passwd_disable", 13, |
|
71 |
"reserved", 14, |
|
72 |
"is_shadow", 15, |
|
73 |
+ "rbac", 16, |
|
74 |
"", ""); |
|
75 |
} |
|
76 |
else |
|
8436 | 77 |
@@ -157,6 +187,7 @@ |
7860 | 78 |
$users_prop_map {$users_prop_array[$i]} = $users_prop_array[$i + 1]; |
79 |
$users_prop_map {$users_prop_array[$i + 1]} = $users_prop_array[$i]; |
|
80 |
} |
|
81 |
+} |
|
82 |
||
83 |
%groups_prop_map = (); |
|
84 |
@groups_prop_array = ( |
|
8436 | 85 |
@@ -193,6 +224,30 @@ |
8121 | 86 |
%login_defs_prop_map = (); |
87 |
%profiles_prop_map = (); |
|
88 |
||
89 |
+sub read_rbac() { |
|
90 |
+ return unless ( $gst_dist =~ /^solaris/ ); |
|
91 |
+ |
|
92 |
+ my ($hash) = @_; |
|
93 |
+ my ($buffer, $line, $profile, $description, $dummy); |
|
94 |
+ my (%rbac, %rbac_profiles); |
|
95 |
+ |
|
96 |
+ %rbac=(); |
|
97 |
+ %rbac_profiles=(); |
|
98 |
+ |
|
99 |
+ $buffer = &gst_file_buffer_load("/etc/security/prof_attr"); |
|
100 |
+ foreach $line ( @$buffer ) { |
|
101 |
+ # Skip comments, blank lines and the "All" special profile. |
|
102 |
+ next if ( $line =~ /^#|^\s*$|^All:/ ); |
|
103 |
+ |
|
104 |
+ ($profile, $dummy, $dummy, $description, $dummy ) = split(/:/, $line, 5); |
|
105 |
+ $rbac_profiles{$profile} = &gst_xml_quote($description); |
|
106 |
+ } |
|
107 |
+ |
|
108 |
+ $rbac{"rbac_profiles"} = \%rbac_profiles; |
|
109 |
+ |
|
110 |
+ $$hash{"rbacdb"} = \%rbac; |
|
111 |
+} |
|
112 |
+ |
|
113 |
sub get_login_defs_prop_array |
|
114 |
{ |
|
115 |
my @prop_array; |
|
8436 | 116 |
@@ -315,6 +370,30 @@ |
7860 | 117 |
} |
118 |
} |
|
119 |
||
120 |
+my $nexenta_logindefs_defaults = { |
|
121 |
+ 'login_defs' => 0, # Open Solaris doesn't have a login.defs file. |
|
122 |
+ 'shell' => '/bin/bash', |
|
123 |
+ 'group' => 'users', |
|
124 |
+ 'skel_dir' => '/etc/skel/', |
|
125 |
+ 'home_prefix' => '/export/home/$user', |
|
126 |
+ 'gmin' => 1000, |
|
127 |
+ 'gmax' => 2147483647, # Based on MAXUID from sys/param.h |
|
10303
cf9f0c6127b2
* patches/system-tools-backend-08-users.diff : Bug : 6591890, change
mattman
parents:
9165
diff
changeset
|
128 |
+ 'umin' => 100, |
7860 | 129 |
+ 'umax' => 2147483647, # Based on MAXUID from sys/param.h |
130 |
+}; |
|
131 |
+ |
|
132 |
+my $solaris_logindefs_defaults = { |
|
133 |
+ 'login_defs' => 0, # Open Solaris doesn't have a login.defs file. |
|
134 |
+ 'shell' => '/bin/bash', |
|
135 |
+ 'group' => 'users', |
|
136 |
+ 'skel_dir' => '/etc/skel/', |
|
8847 | 137 |
+ 'home_prefix' => '/export/home/$user', |
7860 | 138 |
+ 'gmin' => 1000, |
139 |
+ 'gmax' => 2147483647, # Based on MAXUID from sys/param.h |
|
10303
cf9f0c6127b2
* patches/system-tools-backend-08-users.diff : Bug : 6591890, change
mattman
parents:
9165
diff
changeset
|
140 |
+ 'umin' => 100, |
7860 | 141 |
+ 'umax' => 2147483647, # Based on MAXUID from sys/param.h |
142 |
+}; |
|
143 |
+ |
|
144 |
my $rh_logindefs_defaults = { |
|
145 |
'shell' => '/bin/bash', |
|
146 |
'group' => '$user', |
|
8436 | 147 |
@@ -362,6 +441,8 @@ |
7860 | 148 |
'debian-2.2' => $rh_logindefs_defaults, |
149 |
'debian-3.0' => $rh_logindefs_defaults, |
|
150 |
'debian-sarge' => $rh_logindefs_defaults, |
|
151 |
+ 'nexenta-1.0' => $nexenta_logindefs_defaults, |
|
152 |
+ 'solaris-2.11' => $solaris_logindefs_defaults, |
|
153 |
'vine-3.0' => $rh_logindefs_defaults, |
|
154 |
'vine-3.1' => $rh_logindefs_defaults, |
|
155 |
'gentoo' => $gentoo_logindefs_defaults, |
|
8436 | 156 |
@@ -419,7 +500,8 @@ |
157 |
my ($a1, $a2) = @_; |
|
158 |
my $i; |
|
159 |
||
160 |
- return -1 if ($#$a1 != $#$a2); |
|
161 |
+ return 0 if ( ( $#$a1 < 0 || $#$a2 < 0 ) && $#$a1 == $#$a2 ); |
|
162 |
+ return -1 if ($#$a1 != $#$a2 || $#$a1 < 0 || $#$a2 < 0 ); |
|
163 |
||
164 |
for ($i = 0; $i <= $#$a1; $i++) { |
|
165 |
if (ref ($$a1[$i]) eq "ARRAY") { # see if this is a reference. |
|
166 |
@@ -453,6 +535,7 @@ |
|
8121 | 167 |
&read_passwd_shadow (\%hash); |
168 |
&read_profiledb (\%hash); |
|
169 |
&read_shells (\%hash); |
|
170 |
+ &read_rbac (\%hash) if ( $gst_dist =~ /^solaris/); |
|
171 |
||
172 |
return \%hash; |
|
173 |
} |
|
8436 | 174 |
@@ -553,11 +636,11 @@ |
7860 | 175 |
} |
176 |
else |
|
177 |
{ |
|
178 |
- # Put safe defaults for distros/OS that don't have any defaults file |
|
179 |
- $logindefs->{"umin"} = '1000'; |
|
180 |
- $logindefs->{"umax"} = '60000'; |
|
181 |
- $logindefs->{"gmin"} = '1000'; |
|
182 |
- $logindefs->{"gmax"} = '60000'; |
|
183 |
+ # Put safe defaults for distros/OS that don't have any defaults set |
|
184 |
+ $logindefs->{"umin"} = '1000' unless ($logindefs->{"umin"}); |
|
185 |
+ $logindefs->{"umax"} = '60000' unless ($logindefs->{"umax"}); |
|
186 |
+ $logindefs->{"gmin"} = '1000' unless ($logindefs->{"gmin"}); |
|
187 |
+ $logindefs->{"gmax"} = '60000' unless ($logindefs->{"gmax"}); |
|
188 |
} |
|
189 |
} |
|
190 |
||
8436 | 191 |
@@ -602,6 +685,7 @@ |
8121 | 192 |
my ($ifh, @users, %users_hash, $passwd_last_modified); |
193 |
my (@line, $copy, %tmphash); |
|
194 |
my $login_pos = $users_prop_map{"login"}; |
|
8436 | 195 |
+ #my (%users_rbac_profiles); |
8121 | 196 |
my $i = 0; |
197 |
||
198 |
# Find the passwd file. |
|
8436 | 199 |
@@ -660,6 +744,22 @@ |
8121 | 200 |
|
201 |
&gst_file_close ($ifh); |
|
202 |
} |
|
203 |
+ if ($gst_dist =~ /^solaris/ ) { |
|
8436 | 204 |
+ my $rbac_pos = $users_prop_map{"rbac"}; |
8121 | 205 |
+ my ($fd); |
206 |
+ foreach $user (@users) { |
|
207 |
+ my @profiles; |
|
208 |
+ my $logname = $$user[1]; |
|
209 |
+ my $command = $cmd_profiles . " " . $logname; |
|
210 |
+ $fd = &gst_file_run_pipe_read( $command ); |
|
211 |
+ @profiles = <$fd>; |
|
212 |
+ &gst_file_close($fd); |
|
8436 | 213 |
+ # $users_rbac_profiles{$logname} = \@profiles; |
214 |
+ chomp( @profiles ); |
|
215 |
+ @{$tmphash{$logname}}[$rbac_pos] = \@profiles; |
|
8121 | 216 |
+ } |
8436 | 217 |
+ #$$hash{"users_rbac_profiles"} = \%users_rbac_profiles; |
8121 | 218 |
+ } |
219 |
||
220 |
$$hash{"users"} = \@users; |
|
221 |
$$hash{"users_hash"} = \%users_hash; |
|
8436 | 222 |
@@ -740,7 +840,40 @@ |
7860 | 223 |
push (@shells, "/bin/false") if (stat ("/bin/false")); |
224 |
||
225 |
$ifh = &gst_file_open_read_from_names(@shell_names); |
|
226 |
- return unless $ifh; |
|
227 |
+ unless ($ifh) |
|
228 |
+ { |
|
229 |
+ if ($gst_dist =~ /solaris/) |
|
230 |
+ { |
|
231 |
+ push (@shells, "/bin/bash"); |
|
232 |
+ push (@shells, "/bin/csh"); |
|
233 |
+ push (@shells, "/bin/jsh"); |
|
234 |
+ push (@shells, "/bin/ksh"); |
|
235 |
+ push (@shells, "/bin/pfcsh"); |
|
236 |
+ push (@shells, "/bin/pfksh"); |
|
237 |
+ push (@shells, "/bin/pfsh"); |
|
238 |
+ push (@shells, "/bin/sh"); |
|
239 |
+ push (@shells, "/bin/tcsh"); |
|
240 |
+ push (@shells, "/bin/zsh"); |
|
241 |
+ push (@shells, "/sbin/jsh"); |
|
242 |
+ push (@shells, "/sbin/jsh"); |
|
243 |
+ push (@shells, "/sbin/pfsh"); |
|
244 |
+ push (@shells, "/sbin/sh"); |
|
245 |
+ push (@shells, "/usr/bin/bash"); |
|
246 |
+ push (@shells, "/usr/bin/csh"); |
|
247 |
+ push (@shells, "/usr/bin/jsh"); |
|
248 |
+ push (@shells, "/usr/bin/ksh"); |
|
249 |
+ push (@shells, "/usr/bin/pfcsh"); |
|
250 |
+ push (@shells, "/usr/bin/pfksh"); |
|
251 |
+ push (@shells, "/usr/bin/pfsh"); |
|
252 |
+ push (@shells, "/usr/bin/sh"); |
|
253 |
+ push (@shells, "/usr/bin/tcsh"); |
|
254 |
+ push (@shells, "/usr/bin/zsh"); |
|
255 |
+ push (@shells, "/usr/xpg4/bin/sh"); |
|
256 |
+ $$hash{"shelldb"} = \@shells; |
|
257 |
+ } |
|
258 |
+ return; |
|
259 |
+ } |
|
260 |
+ |
|
261 |
||
262 |
while (<$ifh>) |
|
263 |
{ |
|
8436 | 264 |
@@ -879,6 +1012,11 @@ |
7860 | 265 |
{ |
266 |
$command = "$cmd_pw usermod -n " . $username . " -c \'" . $comment . "\'"; |
|
267 |
} |
|
268 |
+ elsif ($gst_dist =~ /^solaris/) |
|
269 |
+ { |
|
270 |
+ ($fname, $office, $office_phone, $home_phone) = @line; |
|
271 |
+ $command = "$cmd_usermod" . " -c \'" . $fname . "\' " . $username; |
|
272 |
+ } |
|
273 |
else |
|
274 |
{ |
|
275 |
($fname, $office, $office_phone, $home_phone) = @line; |
|
8436 | 276 |
@@ -886,7 +1024,7 @@ |
7860 | 277 |
$fname = "-f \'" . $fname . "\'"; |
278 |
$home_phone = "-h \'" . $home_phone . "\'"; |
|
279 |
||
280 |
- if ($gst_dist =~ /^debian/ || $gst_dist =~ /^archlinux/) |
|
281 |
+ if ($gst_dist =~ /^debian/ || $gst_dist =~ /^archlinux/ || $gst_dist =~ /^nexenta/) |
|
282 |
{ |
|
283 |
$office = "-r \'" . $office . "\'"; |
|
284 |
$office_phone = "-w \'" . $office_phone . "\'"; |
|
8436 | 285 |
@@ -903,6 +1041,30 @@ |
7860 | 286 |
&gst_file_run ($command); |
287 |
} |
|
288 |
||
289 |
+$service = "passwd"; |
|
290 |
+$username = ""; |
|
291 |
+$newpassword = ""; |
|
292 |
+ |
|
293 |
+sub my_conv_func { |
|
294 |
+ my @res; |
|
295 |
+ while ( @_ ) { |
|
296 |
+ my $code = shift; |
|
297 |
+ my $msg = shift; |
|
298 |
+ my $ans = ""; |
|
299 |
+ |
|
300 |
+ $ans = $username if ($code == PAM_PROMPT_ECHO_ON() ); |
|
301 |
+ if ($code == PAM_PROMPT_ECHO_OFF() ) { |
|
302 |
+ $ans = $newpassword; |
|
303 |
+ $ans = $newpassword; |
|
304 |
+ |
|
305 |
+ } |
|
306 |
+ |
|
307 |
+ push @res, (PAM_SUCCESS(),$ans); |
|
308 |
+ } |
|
309 |
+ push @res, PAM_SUCCESS(); |
|
310 |
+ return @res; |
|
311 |
+} |
|
312 |
+ |
|
313 |
sub add_user |
|
314 |
{ |
|
315 |
my ($data) = @_; |
|
9165 | 316 |
@@ -932,6 +1094,54 @@ |
7860 | 317 |
print $pwdpipe $$data[$users_prop_map{"password"}]; |
318 |
&gst_file_close ($pwdpipe); |
|
319 |
} |
|
320 |
+ elsif ($gst_dist =~ /^nexenta/) |
|
321 |
+ { |
|
322 |
+ my $pwdpipe; |
|
323 |
+ $home_parents = $$data[$users_prop_map{"home"}]; |
|
324 |
+ $home_parents =~ s/\/+[^\/]+\/*$//; |
|
325 |
+ &gst_file_run ("$tool_mkdir -p $home_parents"); |
|
326 |
+ |
|
327 |
+ $command = "$cmd_useradd" . " -d \'" . $$data[$users_prop_map{"home"}] . |
|
328 |
+ "\' -g \'" . $$data[$users_prop_map{"gid"}] . |
|
329 |
+ "\' -s \'" . $$data[$users_prop_map{"shell"}] . |
|
330 |
+ "\' -u \'" . $$data[$users_prop_map{"uid"}] . |
|
331 |
+ "\' \'" . $$data[$users_prop_map{"login"}] . "\'"; |
|
332 |
+ &gst_file_run ($command); |
|
333 |
+ &gst_file_run("echo " . $$data[$users_prop_map{"login"}] . ":" . $$data[$users_prop_map{"password"}] . " | chpasswd -e"); |
|
334 |
+ } |
|
335 |
+ elsif ($gst_dist =~ /^solaris/) |
|
336 |
+ { |
|
337 |
+ $home_parents = $$data[$users_prop_map{"home"}]; |
|
338 |
+ $home_parents =~ s/\/+[^\/]+\/*$//; |
|
339 |
+ &gst_file_run ("$tool_mkdir -p $home_parents"); |
|
340 |
+ |
|
9165 | 341 |
+ $command = "$cmd_useradd"; |
342 |
+ if ($$data[$users_prop_map{"rbac"}] ne undef ) { |
|
343 |
+ my (@profiles, $old_user_profiles, $new_user_profiles ); |
|
344 |
+ $new_user_profiles = $$data[$users_prop_map{"rbac"}]; |
|
345 |
+ @profiles = (); |
|
346 |
+ push( @profiles, @$new_user_profiles ); |
|
347 |
+ if ( $#profiles >= 0 ) { |
|
348 |
+ my $profiles_str = ""; |
|
349 |
+ foreach ( @profiles ) { |
|
350 |
+ $profiles_str .= ',' unless ( $profiles_str eq "" ); |
|
351 |
+ $profiles_str .= $_; |
|
352 |
+ } |
|
353 |
+ $command .= " -P \'" . $profiles_str . "\'"; |
|
354 |
+ } |
|
355 |
+ } |
|
356 |
+ |
|
357 |
+ $command .= " -d \'" . $$data[$users_prop_map{"home"}] . |
|
7860 | 358 |
+ "\' -g \'" . $$data[$users_prop_map{"gid"}] . |
359 |
+ "\' -m -s \'" . $$data[$users_prop_map{"shell"}] . |
|
360 |
+ "\' -u \'" . $$data[$users_prop_map{"uid"}] . |
|
361 |
+ "\' \'" . $$data[$users_prop_map{"login"}] . "\'"; |
|
362 |
+ &gst_file_run ($command); |
|
363 |
+ $username = $$data[$users_prop_map{"login"}]; |
|
364 |
+ $newpassword = $$data[$users_prop_map{"password"}]; |
|
365 |
+ ref($pamh = new Authen::PAM($service, $username, \&my_conv_func)); |
|
366 |
+ $pamh->pam_chauthtok(PAM_NO_AUTHTOK_CHECK()); |
|
367 |
+ } |
|
368 |
else |
|
369 |
{ |
|
370 |
$home_parents = $$data[$users_prop_map{"home"}]; |
|
9165 | 371 |
@@ -967,9 +1177,76 @@ |
7860 | 372 |
" -H 0"; # pw(8) reads password from STDIN |
373 |
||
374 |
$pwdpipe = &gst_file_run_pipe($command, $GST_FILE_WRITE); |
|
375 |
- print $pwdpipe $$data[$users_prop_map{"password"}]; |
|
376 |
+ print $pwdpipe $$new_data[$users_prop_map{"password"}]; |
|
377 |
&gst_file_close ($pwdpipe); |
|
378 |
} |
|
379 |
+ elsif ($gst_dist =~ /^nexenta/) |
|
380 |
+ { |
|
381 |
+ $command = "$cmd_usermod" . " -d \'" . $$new_data[$users_prop_map{"home"}] . |
|
382 |
+ "\' -g \'" . $$new_data[$users_prop_map{"gid"}] . |
|
383 |
+ "\' -l \'" . $$new_data[$users_prop_map{"login"}] . |
|
384 |
+ "\' -s \'" . $$new_data[$users_prop_map{"shell"}] . |
|
385 |
+ "\' -u \'" . $$new_data[$users_prop_map{"uid"}] . |
|
386 |
+ "\' \'" . $$old_data[$users_prop_map{"login"}] . "\'"; |
|
387 |
+ &gst_file_run ($command); |
|
388 |
+ &gst_file_run("echo " . $$new_data[$users_prop_map{"login"}] . ":" . $$new_data[$users_prop_map{"password"}] . " | chpasswd -e"); |
|
389 |
+ } |
|
390 |
+ elsif ($gst_dist =~ /^solaris/) |
|
391 |
+ { |
|
392 |
+ $command = "$cmd_usermod" ; |
|
393 |
+ |
|
394 |
+ $command .= " -u \'" . $$new_data[$users_prop_map{"uid"}] . "\'" |
|
395 |
+ if ( $$new_data[$users_prop_map{"uid"}] ne $$old_data[$users_prop_map{"uid"}] ); |
|
396 |
+ $command .= " -g \'" . $$new_data[$users_prop_map{"gid"}] . "\'" |
|
397 |
+ if ( $$new_data[$users_prop_map{"gid"}] ne $$old_data[$users_prop_map{"gid"}] ); |
|
398 |
+ $command .= " -d \'" . $$new_data[$users_prop_map{"home"}] . "\'" |
|
399 |
+ if ( $$new_data[$users_prop_map{"home"}] ne $$old_data[$users_prop_map{"home"}] ); |
|
400 |
+ $command .= " -s \'" . $$new_data[$users_prop_map{"shell"}] . "\'" |
|
401 |
+ if ( $$new_data[$users_prop_map{"shell"}] ne $$old_data[$users_prop_map{"shell"}] ); |
|
8436 | 402 |
+ |
403 |
+ if ($$new_data[$users_prop_map{"rbac"}] ne undef ) { |
|
404 |
+ my (@profiles, $old_user_profiles, $new_user_profiles ); |
|
405 |
+ $old_user_profiles = $$old_data[$users_prop_map{"rbac"}]; |
|
406 |
+ $new_user_profiles = $$new_data[$users_prop_map{"rbac"}]; |
|
407 |
+ @profiles = (); |
|
408 |
+ if ( $old_user_profiles eq undef ) { |
|
409 |
+ # All new profiles, so just use directly |
|
410 |
+ &gst_report("RBAC profiles created for ". $$old_data[$users_prop_map{"login"}] ); |
|
411 |
+ push( @profiles, @$new_user_profiles ); |
|
412 |
+ } |
|
413 |
+ else { |
|
414 |
+ my @sorted_old_user_profiles = sort(@$old_user_profiles); |
|
415 |
+ my @sorted_new_user_profiles = sort(@$new_user_profiles); |
|
416 |
+ if ( &arr_cmp_recurse( \@sorted_new_user_profiles, \@sorted_old_user_profiles) ) { |
|
417 |
+ &gst_report("RBAC profiles changed for ". $$old_data[$users_prop_map{"login"}] ); |
|
8604 | 418 |
+ push( @profiles, @$new_user_profiles ); # Copy unsorted list |
8436 | 419 |
+ } |
420 |
+ } |
|
421 |
+ if ( $#profiles >= 0 ) { |
|
422 |
+ my $profiles_str = ""; |
|
423 |
+ foreach ( @profiles ) { |
|
424 |
+ $profiles_str .= ',' unless ( $profiles_str eq "" ); |
|
425 |
+ $profiles_str .= $_; |
|
426 |
+ } |
|
427 |
+ $command .= " -P \'" . $profiles_str . "\'"; |
|
428 |
+ } |
|
429 |
+ } |
|
7860 | 430 |
+ # If there's nothing to change, then don't... |
431 |
+ if ( $command ne $cmd_usermod ) { |
|
8436 | 432 |
+ $command .= " \'" . $$old_data[$users_prop_map{"login"}] . "\'"; |
7860 | 433 |
+ &gst_file_run ($command); |
434 |
+ } |
|
435 |
+ $username = $$old_data[$users_prop_map{"login"}]; |
|
436 |
+ $oldpassword = $$old_data[$users_prop_map{"password"}]; |
|
437 |
+ $newpassword = $$new_data[$users_prop_map{"password"}]; |
|
438 |
+ # Should only change password if old and new differ - this is especially |
|
439 |
+ # important since the old password is usually the "crypted" one!! Only if |
|
440 |
+ # it's different has a user entered a clear string here. |
|
8436 | 441 |
+ if ( $newpassword ne undef && $newpassword ne $oldpassword ) { |
7860 | 442 |
+ ref($pamh = new Authen::PAM($service, $username, \&my_conv_func)); |
443 |
+ $pamh->pam_chauthtok(PAM_NO_AUTHTOK_CHECK()); |
|
444 |
+ } |
|
445 |
+ } |
|
446 |
else |
|
447 |
{ |
|
448 |
$command = "$cmd_usermod" . " -d \'" . $$new_data[$users_prop_map{"home"}] . |
|
9165 | 449 |
@@ -1026,8 +1303,24 @@ |
7860 | 450 |
|
451 |
foreach $user (@$u) |
|
452 |
{ |
|
453 |
- $command = "$cmd_gpasswd -a \'" . $user . |
|
454 |
- "\' " . $$data[$groups_prop_map{"name"}]; |
|
455 |
+ if ($gst_dist =~ /^solaris/) |
|
456 |
+ { |
|
457 |
+ my ($groups, @a); |
|
458 |
+ $command = "groups \'" . $user . "\'"; |
|
459 |
+ $groups = &gst_file_run_backtick ($command); |
|
460 |
+ chomp ($groups); |
|
461 |
+ @a = split (/ /, $groups); |
|
462 |
+ $groups = join (',', @a); |
|
463 |
+ |
|
464 |
+ $command = "$cmd_usermod -G " . $groups . "," . |
|
465 |
+ $$data[$groups_prop_map{"name"}] . " " . |
|
466 |
+ $user . " "; |
|
467 |
+ } |
|
468 |
+ else |
|
469 |
+ { |
|
470 |
+ $command = "$cmd_gpasswd -a \'" . $user . |
|
471 |
+ "\' " . $$data[$groups_prop_map{"name"}]; |
|
472 |
+ } |
|
473 |
&gst_file_run ($command); |
|
474 |
} |
|
475 |
} |
|
9165 | 476 |
@@ -1069,25 +1362,62 @@ |
7860 | 477 |
$max_o = $#$o; |
478 |
for ($i = 0, $j = 0; $i <= &max ($max_n, $max_o); ) { |
|
479 |
$r = $$n[$i] cmp $$o[$j]; |
|
480 |
- $r *= -1 if (($$o[$j] eq "") || ($$n[$i] eq "")); |
|
481 |
||
482 |
- if ($r < 0) { # add this user to the group. |
|
483 |
- $command = "$cmd_gpasswd -a \'" . $$n[$i] . "\' \'" . |
|
484 |
- $$new_data[$groups_prop_map{"name"}] . "\'"; |
|
485 |
+ if ($r > 0) { # add this user to the group. |
|
486 |
+ if ($gst_dist =~ /^solaris/) |
|
487 |
+ { |
|
488 |
+ my ($groups, @a); |
|
489 |
+ $command = "groups \'" . $$n[$i] . "\'"; |
|
490 |
+ $groups = &gst_file_run_backtick ($command); |
|
491 |
+ chomp ($groups); |
|
492 |
+ @a = split (/ /, $groups); |
|
493 |
+ $groups = join (',', @a); |
|
494 |
+ |
|
495 |
+ $command = "$cmd_usermod -G " . $groups . "," . |
|
496 |
+ $$new_data[$groups_prop_map{"name"}] . " " . |
|
497 |
+ $$n[$i] . " "; |
|
498 |
+ } |
|
499 |
+ else |
|
500 |
+ { |
|
501 |
+ $command = "$cmd_gpasswd -a " . $$n[$i] . " " . $$new_data[$groups_prop_map{"name"}] . " "; |
|
502 |
+ } |
|
503 |
$i ++; |
|
504 |
- |
|
505 |
+ |
|
506 |
&gst_file_run ($command); |
|
507 |
- } elsif ($r > 0) { # delete the user from the group. |
|
508 |
- $command = "$cmd_gpasswd -d \'" . $$o[$j] . "\' \'" . |
|
509 |
- $$new_data[$groups_prop_map{"name"}] . "\'"; |
|
510 |
+ } elsif ($r < 0) { # delete the user from the group. |
|
511 |
+ if ($gst_dist =~ /^solaris/) |
|
512 |
+ { |
|
513 |
+ my ($groups, @a, $k); |
|
514 |
+ $command = "groups \'" . $$o[$j] . "\'"; |
|
515 |
+ $groups = &gst_file_run_backtick ($command); |
|
516 |
+ chomp ($groups); |
|
517 |
+ @a = split (/ /, $groups); |
|
518 |
+ for ($k = 0; $k < $#a + 1; $k++) |
|
519 |
+ { |
|
520 |
+ if ($a[$k] eq $$new_data[$groups_prop_map{"name"}]) |
|
521 |
+ { |
|
522 |
+ splice (@a, $k, 1); |
|
523 |
+ last; |
|
524 |
+ } |
|
525 |
+ } |
|
526 |
+ $groups = join (',', @a); |
|
527 |
+ |
|
528 |
+ $command = "$cmd_usermod -G " . $groups . " " . |
|
529 |
+ $$o[$j] . " "; |
|
530 |
+ } |
|
531 |
+ else |
|
532 |
+ { |
|
533 |
+ $command = "$cmd_gpasswd -d \'" . $$o[$j] . "\' \'" . |
|
534 |
+ $$new_data[$groups_prop_map{"name"}] . "\'"; |
|
535 |
+ } |
|
536 |
$j ++; |
|
537 |
- |
|
538 |
+ |
|
539 |
&gst_file_run ($command); |
|
540 |
- } else { # The information is the same. Go to next tuple. |
|
541 |
+ } else { # The information is the same. Go to next tuple. |
|
542 |
$i ++; $j ++; |
|
543 |
- } |
|
544 |
- } |
|
545 |
- } |
|
546 |
+ } |
|
547 |
+ } |
|
548 |
+ } |
|
549 |
} |
|
550 |
} |
|
551 |
||
9165 | 552 |
@@ -1204,8 +1534,10 @@ |
7860 | 553 |
elsif ($$tree[0] eq "group_last_modified") { &xml_parse_group_last_modified ($$tree[1], $hash); } |
554 |
elsif ($$tree[0] eq "userdb") { &xml_parse_userdb ($$tree[1], $hash); } |
|
555 |
elsif ($$tree[0] eq "groupdb") { &xml_parse_groupdb ($$tree[1], $hash); } |
|
556 |
+ elsif ($$tree[0] eq "use_md5") { } |
|
557 |
elsif ($$tree[0] eq "shelldb") { } |
|
558 |
elsif ($$tree[0] eq "profiledb") { &xml_parse_profiledb ($$tree[1], $hash); } |
|
8436 | 559 |
+ elsif ($$tree[0] eq "rbacdb") { } # if rbacdb is there ignore, can't be changed. |
7860 | 560 |
else |
8436 | 561 |
{ |
562 |
&gst_report ("xml_unexp_tag", $$tree[0]); |
|
9165 | 563 |
@@ -1268,10 +1600,42 @@ |
8436 | 564 |
|
565 |
while (@$tree) |
|
566 |
{ |
|
567 |
- if ($users_prop_map{$$tree[0]} ne undef) |
|
568 |
+ if ($users_prop_map{$$tree[0]} ne undef && $$tree[0] ne "rbac") |
|
569 |
{ |
|
570 |
$line[$users_prop_map{$$tree[0]}] = &gst_xml_unquote($$tree[1][2]); |
|
571 |
} |
|
572 |
+ elsif ($$tree[0] eq "rbac") |
|
573 |
+ { |
|
574 |
+ my $rbac = $$tree[1]; # rbac children |
|
575 |
+ shift @$rbac; # Skip attributes |
|
576 |
+ my $rbac_profiles = $$rbac[1]; # rbac children |
|
577 |
+ shift @$rbac_profiles; # Skip attributes |
|
578 |
+ |
|
579 |
+ my @user_profiles; |
|
580 |
+ # my $users_rbac_profiles = $$hash{"users_rbac_profiles"}; |
|
581 |
+ |
|
582 |
+ # if ( $users_rbac_profiles eq undef ) { # Allocate a new one if none exists |
|
583 |
+ # my %dummy = (); |
|
584 |
+ # $users_rbac_profiles = \%dummy; |
|
585 |
+ # $$hash{"users_rbac_profiles"} = $users_rbac_profiles; |
|
586 |
+ #} |
|
587 |
+ |
|
8604 | 588 |
+ my $basic_solaris_user = 0; # will be set to 1 if we find this profile in list |
8436 | 589 |
+ while (@$rbac_profiles) { |
590 |
+ my $profile = $$rbac_profiles[1][2]; |
|
8604 | 591 |
+ $basic_solaris_user = 1 if ( $profile eq "Basic Solaris User" ); # take note |
592 |
+ push(@user_profiles, $profile ) unless ( $profile eq "All" || $profile eq "Basic Solaris User" ); # only include once |
|
8436 | 593 |
+ shift( @$rbac_profiles ); |
594 |
+ shift( @$rbac_profiles ); |
|
595 |
+ } |
|
8604 | 596 |
+ # First include "All" special profile - needs to be always there. |
597 |
+ push(@user_profiles, "All" ); |
|
598 |
+ push(@user_profiles, "Basic Solaris User" ) if ( $basic_solaris_user == 1 ); |
|
599 |
+ |
|
8436 | 600 |
+ #$$users_rbac_profiles{ $line[$users_prop_map{"login"}] } = \@user_profiles; |
601 |
+ #XXX Here |
|
602 |
+ $line[$users_prop_map{$$tree[0]}] = \@user_profiles; |
|
603 |
+ } |
|
604 |
else |
|
605 |
{ |
|
606 |
&gst_report ("xml_unexp_tag", $$tree[0]); |
|
9165 | 607 |
@@ -1323,6 +1687,7 @@ |
7860 | 608 |
if ($$tree[0] eq "users") { $line[$groups_prop_map{$$tree[0]}] = $$tree[1]; } |
609 |
else { $line[$groups_prop_map{$$tree[0]}] = $$tree[1][2]; } |
|
610 |
} |
|
611 |
+ elsif ($$tree[0] eq "allows_to") { } |
|
612 |
else |
|
613 |
{ |
|
614 |
&gst_report ("xml_unexp_tag", $$tree[0]); |
|
9165 | 615 |
@@ -1487,11 +1852,18 @@ |
8121 | 616 |
my ($hash) = @_; |
617 |
my ($key, $value, $i, $j, $k); |
|
618 |
my ($passwd_last_modified, $users, $desc); |
|
8436 | 619 |
+ # my ($users_rbac_profiles); |
8121 | 620 |
+ my ($rbac, $rbac_profiles); |
621 |
||
622 |
$passwd_last_modified = $$hash{"passwd_last_modified"}; |
|
623 |
$users = $$hash{"users"}; |
|
624 |
$group_last_modified = $$hash{"group_last_modified"}; |
|
625 |
$groups = $$hash{"groups"}; |
|
626 |
+ if ( $gst_dist =~ /^solaris/ ) { |
|
627 |
+ $rbac = $$hash{"rbacdb"}; |
|
628 |
+ $rbac_profiles = $$rbac{"rbac_profiles"}; |
|
8436 | 629 |
+ # $users_rbac_profiles = $$hash{"users_rbac_profiles"}; |
8121 | 630 |
+ } |
631 |
||
632 |
&gst_xml_print_begin (); |
|
633 |
||
9165 | 634 |
@@ -1519,8 +1891,23 @@ |
8436 | 635 |
&gst_xml_container_enter ('user'); |
636 |
for ($j = 0; $j < ($#users_prop_array - 1) / 2; $j++) |
|
8121 | 637 |
{ |
8436 | 638 |
- &gst_xml_print_pcdata ($users_prop_map{$j}, $$i[$j]); |
639 |
+ if ( $users_prop_map{$j} eq "rbac" && $gst_dist =~ /^solaris/ ) { |
|
640 |
+ my ($user_profiles); |
|
641 |
+ &gst_xml_container_enter ('rbac'); |
|
642 |
+ &gst_xml_container_enter ('rbac_profiles'); |
|
643 |
+ # $user_profiles = $$users_rbac_profiles{$$i[1]}; |
|
644 |
+ $user_profiles = $$i[$j]; |
|
645 |
+ foreach $prof ( @$user_profiles ) { |
|
646 |
+ &gst_xml_print_pcdata ("rbac_profile", $prof); |
|
647 |
+ } |
|
648 |
+ &gst_xml_container_leave (); |
|
649 |
+ &gst_xml_container_leave (); |
|
650 |
+ } |
|
651 |
+ else { |
|
652 |
+ &gst_xml_print_pcdata ($users_prop_map{$j}, $$i[$j]); |
|
653 |
+ } |
|
8121 | 654 |
} |
655 |
+ |
|
656 |
&gst_xml_container_leave (); |
|
657 |
} |
|
658 |
&gst_xml_container_leave (); |
|
9165 | 659 |
@@ -1559,9 +1946,30 @@ |
8121 | 660 |
&gst_xml_container_leave (); |
661 |
} |
|
662 |
&gst_xml_container_leave (); |
|
663 |
- &gst_xml_print_vspace (); |
|
664 |
||
665 |
- &gst_xml_print_end (); |
|
666 |
+ if ( $gst_dist =~ /^solaris/ ) { |
|
667 |
+ &gst_xml_print_vspace (); |
|
668 |
+ |
|
669 |
+ &gst_xml_print_comment ('Now the RBAC Profiles'); |
|
670 |
+ &gst_xml_print_vspace (); |
|
671 |
+ |
|
672 |
+ &gst_xml_container_enter ('rbacdb'); |
|
673 |
+ &gst_xml_container_enter ('rbac_profiles'); |
|
674 |
+ |
|
675 |
+ foreach $prof ( sort keys %$rbac_profiles ) |
|
676 |
+ { |
|
677 |
+ &gst_xml_print_vspace (); |
|
678 |
+ &gst_xml_container_enter ('rbac_profile'); |
|
679 |
+ &gst_xml_print_pcdata ('name', $prof ); |
|
680 |
+ &gst_xml_print_pcdata ('description', $$rbac_profiles{$prof} ); |
|
681 |
+ &gst_xml_container_leave (); |
|
682 |
+ } |
|
683 |
+ &gst_xml_container_leave (); |
|
684 |
+ &gst_xml_container_leave (); |
|
685 |
+ &gst_xml_print_vspace (); |
|
686 |
+ } |
|
687 |
+ |
|
688 |
+ &gst_xml_print_end (); |
|
689 |
} |
|
690 |
||
691 |
||
9165 | 692 |
@@ -1590,6 +1998,7 @@ |
8121 | 693 |
&gst_file_backup ($_) foreach (@passwd_names); |
694 |
&gst_file_backup ($_) foreach (@shadow_names); |
|
695 |
&gst_file_backup ($_) foreach (@group_names); |
|
696 |
+ &gst_file_backup ($_) foreach (@rbac_names); |
|
697 |
||
698 |
&write_profiledb ($hash); |
|
699 |
&write_group_passwd ($hash); |
|
9165 | 700 |
@@ -1627,6 +2036,7 @@ |
7860 | 701 |
$tool = &gst_init ($name, $version, $description, $directives, @ARGV); |
702 |
&gst_platform_ensure_supported ($tool, @platforms); |
|
703 |
||
704 |
+&get_users_prop_array (); |
|
705 |
&get_login_defs_prop_array (); |
|
706 |
&get_profiles_prop_array (); |
|
707 |
||
708 |