| author | jim |
| Fri, 14 Nov 2008 06:15:22 +0000 | |
| changeset 14599 | e7524d60f11c |
| parent 13240 | 86b4073e507e |
| child 15693 | 503a24a43b0f |
| permissions | -rwxr-xr-x |
| 14599 | 1 |
--- system-tools-backends-1.4.2.orig/users-conf.in Mon Jan 2 23:48:06 2006 |
2 |
+++ system-tools-backends-1.4.2/users-conf.in Fri Nov 14 13:54:34 2008 |
|
| 7860 | 3 |
@@ -47,6 +47,8 @@ |
4 |
# pw: modifying users/groups and user/group data on FreeBSD. |
|
5 |
||
6 |
||
7 |
+use Authen::PAM; |
|
8 |
+ |
|
9 |
BEGIN {
|
|
10 |
$SCRIPTSDIR = "@scriptsdir@"; |
|
11 |
if ($SCRIPTSDIR =~ /^@scriptsdir[@]/) |
|
12 |
@@ -74,6 +76,7 @@ |
|
13 |
"mandrake-7.1", "mandrake-7.2", "mandrake-9.0", "mandrake-9.1", "mandrake-9.2", |
|
14 |
"mandrake-10.0", "mandrake-10.1", |
|
15 |
"debian-2.2", "debian-3.0", "debian-sarge", |
|
16 |
+ "nexenta-1.0", "solaris-2.11", |
|
17 |
"suse-7.0", "suse-9.0", "suse-9.1", "turbolinux-7.0", |
|
18 |
"slackware-8.0.0", "slackware-8.1", "slackware-9.0.0", "slackware-9.1.0", "slackware-10.0.0", "slackware-10.1.0", "slackware-10.2.0", |
|
19 |
"freebsd-4", "freebsd-5", "freebsd-6", |
|
| 8121 | 20 |
@@ -93,6 +96,7 @@ |
21 |
@passwd_names = ( "/etc/passwd" ); |
|
22 |
@shadow_names = ( "/etc/shadow", "/etc/master.passwd" ); |
|
23 |
@group_names = ( "/etc/group" ); |
|
24 |
+@rbac_names = ( "/etc/user_attr" ); # Files that will be changed by RBAC commands |
|
25 |
@login_defs_names = ( "/etc/login.defs", "/etc/adduser.conf" ); |
|
26 |
@shell_names = ( "/etc/shells" ); |
|
27 |
@skel_dir = ( "/usr/share/skel", "/etc/skel" ); |
|
| 13240 | 28 |
@@ -111,13 +115,18 @@ |
| 8121 | 29 |
$cmd_gpasswd = &gst_file_locate_tool ("gpasswd");
|
30 |
$cmd_chfn = &gst_file_locate_tool ("chfn");
|
|
31 |
$cmd_pw = &gst_file_locate_tool ("pw");
|
|
32 |
+$cmd_profiles = &gst_file_locate_tool ("profiles");
|
|
| 13240 | 33 |
+$cmd_roles = &gst_file_locate_tool ("roles");
|
| 8121 | 34 |
|
| 7860 | 35 |
# --- Mapping constants --- # |
36 |
||
37 |
%users_prop_map = (); |
|
38 |
+ |
|
39 |
+sub get_users_prop_array |
|
40 |
+{
|
|
41 |
@users_prop_array = (); |
|
42 |
||
43 |
-if ($$tool{"platform"} eq "Linux")
|
|
| 8436 | 44 |
+if ($$tool{"system"} eq "Linux")
|
| 11320 | 45 |
{
|
46 |
@users_prop_array = ( |
|
47 |
"key", 0, |
|
| 13240 | 48 |
@@ -138,6 +147,29 @@ |
| 11320 | 49 |
"is_shadow", 15, |
50 |
"", ""); |
|
51 |
} |
|
52 |
+if ($$tool{"system"} eq "SunOS")
|
|
| 8436 | 53 |
+{
|
54 |
+ @users_prop_array = ( |
|
55 |
+ "key", 0, |
|
56 |
+ "login", 1, |
|
57 |
+ "password", 2, |
|
58 |
+ "uid", 3, |
|
59 |
+ "gid", 4, |
|
60 |
+ "comment", 5, |
|
61 |
+ "home", 6, |
|
62 |
+ "shell", 7, |
|
63 |
+ "last_mod", 8, # Read shadow (5) for these. |
|
64 |
+ "passwd_min_life", 9, |
|
65 |
+ "passwd_max_life", 10, |
|
66 |
+ "passwd_exp_warn", 11, |
|
67 |
+ "passwd_exp_disable", 12, |
|
68 |
+ "passwd_disable", 13, |
|
69 |
+ "reserved", 14, |
|
70 |
+ "is_shadow", 15, |
|
| 11320 | 71 |
+ "rbac", 16, |
| 13240 | 72 |
+ "role", 17, |
| 8436 | 73 |
+ "", ""); |
74 |
+} |
|
| 11320 | 75 |
else |
| 7860 | 76 |
{
|
77 |
@users_prop_array = ( |
|
| 13240 | 78 |
@@ -157,6 +189,7 @@ |
| 7860 | 79 |
$users_prop_map {$users_prop_array[$i]} = $users_prop_array[$i + 1];
|
80 |
$users_prop_map {$users_prop_array[$i + 1]} = $users_prop_array[$i];
|
|
81 |
} |
|
82 |
+} |
|
83 |
||
84 |
%groups_prop_map = (); |
|
85 |
@groups_prop_array = ( |
|
| 13240 | 86 |
@@ -193,6 +226,66 @@ |
| 8121 | 87 |
%login_defs_prop_map = (); |
88 |
%profiles_prop_map = (); |
|
89 |
||
90 |
+sub read_rbac() {
|
|
91 |
+ return unless ( $gst_dist =~ /^solaris/ ); |
|
92 |
+ |
|
93 |
+ my ($hash) = @_; |
|
94 |
+ my ($buffer, $line, $profile, $description, $dummy); |
|
| 13240 | 95 |
+ my ($user, $attr); |
96 |
+ my (%rbac, %rbac_profiles, %role, %rbac_roles); |
|
| 8121 | 97 |
+ |
98 |
+ %rbac=(); |
|
99 |
+ %rbac_profiles=(); |
|
| 13240 | 100 |
+ %rbac_roles=(); |
| 8121 | 101 |
+ |
102 |
+ $buffer = &gst_file_buffer_load("/etc/security/prof_attr");
|
|
103 |
+ foreach $line ( @$buffer ) {
|
|
104 |
+ # Skip comments, blank lines and the "All" special profile. |
|
105 |
+ next if ( $line =~ /^#|^\s*$|^All:/ ); |
|
106 |
+ |
|
107 |
+ ($profile, $dummy, $dummy, $description, $dummy ) = split(/:/, $line, 5); |
|
108 |
+ $rbac_profiles{$profile} = &gst_xml_quote($description);
|
|
109 |
+ } |
|
110 |
+ |
|
111 |
+ $rbac{"rbac_profiles"} = \%rbac_profiles;
|
|
112 |
+ |
|
113 |
+ $$hash{"rbacdb"} = \%rbac;
|
|
| 13240 | 114 |
+ |
115 |
+ $buffer = &gst_file_buffer_load("/etc/user_attr");
|
|
116 |
+ foreach $line ( @$buffer ) {
|
|
117 |
+ # Skip comments, blank lines. |
|
118 |
+ next if ( $line =~ /^#|^\s*$/ ); |
|
119 |
+ |
|
120 |
+ ($user, $dummy, $dummy, $dummy, $attr) = split(/:/, $line, 5); |
|
121 |
+ $rbac_roles{$user} = &gst_xml_quote($user) if ( $attr =~ /type=role/ );
|
|
122 |
+ } |
|
123 |
+ |
|
124 |
+ $role{"rbac_roles"} = \%rbac_roles;
|
|
125 |
+ |
|
126 |
+ $$hash{"roledb"} = \%role;
|
|
| 8121 | 127 |
+} |
128 |
+ |
|
| 11808 | 129 |
+sub read_rbac_default_profiles |
130 |
+{
|
|
131 |
+ return unless ( $gst_dist =~ /^solaris/ ); |
|
132 |
+ |
|
133 |
+ my ($buffer, $line, $dummy, @def_prof, $def_prof_ref); |
|
134 |
+ $buffer = &gst_file_buffer_load("/etc/security/policy.conf");
|
|
135 |
+ foreach $line ( @$buffer ) {
|
|
136 |
+ chomp $line; |
|
137 |
+ if ( $line =~ /^PROFS_GRANTED=/ ) |
|
138 |
+ {
|
|
139 |
+ ($dummy, $def_line) = split(/=/, $line, 2); |
|
140 |
+ @def_prof = split (/,/, $def_line); |
|
141 |
+ foreach ( @def_prof ) {
|
|
142 |
+ $def_prof_ref->{$_} = 1;
|
|
143 |
+ } |
|
144 |
+ return $def_prof_ref; |
|
145 |
+ } |
|
146 |
+ next; |
|
147 |
+ } |
|
148 |
+} |
|
149 |
+ |
|
| 8121 | 150 |
sub get_login_defs_prop_array |
151 |
{
|
|
152 |
my @prop_array; |
|
| 13240 | 153 |
@@ -315,6 +408,30 @@ |
| 7860 | 154 |
} |
155 |
} |
|
156 |
||
157 |
+my $nexenta_logindefs_defaults = {
|
|
158 |
+ 'login_defs' => 0, # Open Solaris doesn't have a login.defs file. |
|
159 |
+ 'shell' => '/bin/bash', |
|
160 |
+ 'group' => 'users', |
|
161 |
+ 'skel_dir' => '/etc/skel/', |
|
162 |
+ 'home_prefix' => '/export/home/$user', |
|
163 |
+ 'gmin' => 1000, |
|
164 |
+ 'gmax' => 2147483647, # Based on MAXUID from sys/param.h |
|
|
10303
cf9f0c6127b2
* patches/system-tools-backend-08-users.diff : Bug : 6591890, change
mattman
parents:
9165
diff
changeset
|
165 |
+ 'umin' => 100, |
| 7860 | 166 |
+ 'umax' => 2147483647, # Based on MAXUID from sys/param.h |
167 |
+}; |
|
168 |
+ |
|
169 |
+my $solaris_logindefs_defaults = {
|
|
170 |
+ 'login_defs' => 0, # Open Solaris doesn't have a login.defs file. |
|
171 |
+ 'shell' => '/bin/bash', |
|
172 |
+ 'group' => 'users', |
|
173 |
+ 'skel_dir' => '/etc/skel/', |
|
| 8847 | 174 |
+ 'home_prefix' => '/export/home/$user', |
| 7860 | 175 |
+ 'gmin' => 1000, |
176 |
+ 'gmax' => 2147483647, # Based on MAXUID from sys/param.h |
|
|
10303
cf9f0c6127b2
* patches/system-tools-backend-08-users.diff : Bug : 6591890, change
mattman
parents:
9165
diff
changeset
|
177 |
+ 'umin' => 100, |
| 7860 | 178 |
+ 'umax' => 2147483647, # Based on MAXUID from sys/param.h |
179 |
+}; |
|
180 |
+ |
|
181 |
my $rh_logindefs_defaults = {
|
|
182 |
'shell' => '/bin/bash', |
|
183 |
'group' => '$user', |
|
| 13240 | 184 |
@@ -362,6 +479,8 @@ |
| 7860 | 185 |
'debian-2.2' => $rh_logindefs_defaults, |
186 |
'debian-3.0' => $rh_logindefs_defaults, |
|
187 |
'debian-sarge' => $rh_logindefs_defaults, |
|
188 |
+ 'nexenta-1.0' => $nexenta_logindefs_defaults, |
|
189 |
+ 'solaris-2.11' => $solaris_logindefs_defaults, |
|
190 |
'vine-3.0' => $rh_logindefs_defaults, |
|
191 |
'vine-3.1' => $rh_logindefs_defaults, |
|
192 |
'gentoo' => $gentoo_logindefs_defaults, |
|
| 13240 | 193 |
@@ -419,7 +538,8 @@ |
| 8436 | 194 |
my ($a1, $a2) = @_; |
195 |
my $i; |
|
196 |
||
197 |
- return -1 if ($#$a1 != $#$a2); |
|
198 |
+ return 0 if ( ( $#$a1 < 0 || $#$a2 < 0 ) && $#$a1 == $#$a2 ); |
|
199 |
+ return -1 if ($#$a1 != $#$a2 || $#$a1 < 0 || $#$a2 < 0 ); |
|
200 |
||
201 |
for ($i = 0; $i <= $#$a1; $i++) {
|
|
202 |
if (ref ($$a1[$i]) eq "ARRAY") { # see if this is a reference.
|
|
| 13240 | 203 |
@@ -453,6 +573,7 @@ |
| 8121 | 204 |
&read_passwd_shadow (\%hash); |
205 |
&read_profiledb (\%hash); |
|
206 |
&read_shells (\%hash); |
|
207 |
+ &read_rbac (\%hash) if ( $gst_dist =~ /^solaris/); |
|
208 |
||
209 |
return \%hash; |
|
210 |
} |
|
| 13240 | 211 |
@@ -553,11 +674,11 @@ |
| 7860 | 212 |
} |
213 |
else |
|
214 |
{
|
|
215 |
- # Put safe defaults for distros/OS that don't have any defaults file |
|
216 |
- $logindefs->{"umin"} = '1000';
|
|
217 |
- $logindefs->{"umax"} = '60000';
|
|
218 |
- $logindefs->{"gmin"} = '1000';
|
|
219 |
- $logindefs->{"gmax"} = '60000';
|
|
220 |
+ # Put safe defaults for distros/OS that don't have any defaults set |
|
221 |
+ $logindefs->{"umin"} = '1000' unless ($logindefs->{"umin"});
|
|
222 |
+ $logindefs->{"umax"} = '60000' unless ($logindefs->{"umax"});
|
|
223 |
+ $logindefs->{"gmin"} = '1000' unless ($logindefs->{"gmin"});
|
|
224 |
+ $logindefs->{"gmax"} = '60000' unless ($logindefs->{"gmax"});
|
|
225 |
} |
|
226 |
} |
|
227 |
||
| 13240 | 228 |
@@ -602,6 +723,7 @@ |
| 8121 | 229 |
my ($ifh, @users, %users_hash, $passwd_last_modified); |
230 |
my (@line, $copy, %tmphash); |
|
231 |
my $login_pos = $users_prop_map{"login"};
|
|
| 8436 | 232 |
+ #my (%users_rbac_profiles); |
| 8121 | 233 |
my $i = 0; |
234 |
||
235 |
# Find the passwd file. |
|
| 13240 | 236 |
@@ -660,7 +782,36 @@ |
| 8121 | 237 |
|
238 |
&gst_file_close ($ifh); |
|
239 |
} |
|
240 |
+ if ($gst_dist =~ /^solaris/ ) {
|
|
| 8436 | 241 |
+ my $rbac_pos = $users_prop_map{"rbac"};
|
| 13240 | 242 |
+ my $role_pos = $users_prop_map{"role"};
|
| 8121 | 243 |
+ my ($fd); |
244 |
+ foreach $user (@users) {
|
|
245 |
+ my @profiles; |
|
| 13240 | 246 |
+ my @roles, $tmproles; |
| 8121 | 247 |
+ my $logname = $$user[1]; |
| 13240 | 248 |
|
| 8121 | 249 |
+ my $command = $cmd_profiles . " " . $logname; |
250 |
+ $fd = &gst_file_run_pipe_read( $command ); |
|
251 |
+ @profiles = <$fd>; |
|
252 |
+ &gst_file_close($fd); |
|
| 8436 | 253 |
+ # $users_rbac_profiles{$logname} = \@profiles;
|
254 |
+ chomp( @profiles ); |
|
255 |
+ @{$tmphash{$logname}}[$rbac_pos] = \@profiles;
|
|
| 13240 | 256 |
+ |
257 |
+ $command = $cmd_roles . " " . $logname; |
|
258 |
+ $fd = &gst_file_run_pipe_read( $command ); |
|
259 |
+ $tmproles = <$fd>; |
|
260 |
+ &gst_file_close($fd); |
|
261 |
+ chomp( $tmproles ); |
|
262 |
+ next if ($tmproles eq "No roles"); |
|
263 |
+ @roles = split ',', $tmproles, -1; |
|
264 |
+ @{$tmphash{$logname}}[$role_pos] = \@roles;
|
|
265 |
+ |
|
| 8121 | 266 |
+ } |
| 8436 | 267 |
+ #$$hash{"users_rbac_profiles"} = \%users_rbac_profiles;
|
| 8121 | 268 |
+ } |
| 13240 | 269 |
+ |
| 8121 | 270 |
$$hash{"users"} = \@users;
|
271 |
$$hash{"users_hash"} = \%users_hash;
|
|
| 13240 | 272 |
$$hash{"passwd_last_modified"} = $passwd_last_modified;
|
273 |
@@ -740,7 +891,40 @@ |
|
| 7860 | 274 |
push (@shells, "/bin/false") if (stat ("/bin/false"));
|
275 |
||
276 |
$ifh = &gst_file_open_read_from_names(@shell_names); |
|
277 |
- return unless $ifh; |
|
278 |
+ unless ($ifh) |
|
279 |
+ {
|
|
280 |
+ if ($gst_dist =~ /solaris/) |
|
281 |
+ {
|
|
| 14599 | 282 |
+ push (@shells, "/bin/bash") if (stat ("/bin/bash"));
|
283 |
+ push (@shells, "/bin/csh") if (stat ("/bin/csh"));
|
|
284 |
+ push (@shells, "/bin/jsh") if (stat ("/bin/jsh"));
|
|
285 |
+ push (@shells, "/bin/ksh") if (stat ("/bin/ksh"));
|
|
286 |
+ push (@shells, "/bin/pfcsh") if (stat ("/bin/pfcsh"));
|
|
287 |
+ push (@shells, "/bin/pfksh") if (stat ("/bin/pfksh"));
|
|
288 |
+ push (@shells, "/bin/pfsh") if (stat ("/bin/pfsh"));
|
|
289 |
+ push (@shells, "/bin/sh") if (stat ("/bin/sh"));
|
|
290 |
+ push (@shells, "/bin/tcsh") if (stat ("/bin/tcsh"));
|
|
291 |
+ push (@shells, "/bin/zsh") if (stat ("/bin/zsh"));
|
|
292 |
+ push (@shells, "/bin/jsh") if (stat ("/bin/jsh"));
|
|
293 |
+ push (@shells, "/sbin/jsh") if (stat ("/sbin/jsh"));
|
|
294 |
+ push (@shells, "/sbin/pfsh") if (stat ("/sbin/pfsh"));
|
|
295 |
+ push (@shells, "/sbin/sh") if (stat ("/sbin/sh"));
|
|
296 |
+ push (@shells, "/usr/bin/bash") if (stat ("/usr/bin/bash"));
|
|
297 |
+ push (@shells, "/usr/bin/csh") if (stat ("/usr/bin/csh"));
|
|
298 |
+ push (@shells, "/usr/bin/jsh") if (stat ("/usr/bin/jsh"));
|
|
299 |
+ push (@shells, "/usr/bin/ksh") if (stat ("/usr/bin/ksh"));
|
|
300 |
+ push (@shells, "/usr/bin/pfcsh") if (stat ("/usr/bin/pfcsh"));
|
|
301 |
+ push (@shells, "/usr/bin/pfksh") if (stat ("/usr/bin/pfksh"));
|
|
302 |
+ push (@shells, "/usr/bin/pfsh") if (stat ("/usr/bin/pfsh"));
|
|
303 |
+ push (@shells, "/usr/bin/sh") if (stat ("/usr/bin/sh"));
|
|
304 |
+ push (@shells, "/usr/bin/tcsh") if (stat ("/usr/bin/tcsh"));
|
|
305 |
+ push (@shells, "/usr/bin/zsh") if (stat ("/usr/bin/zsh"));
|
|
306 |
+ push (@shells, "/usr/xpg4/bin/sh") if (stat ("/usr/xpg4/bin/sh"));
|
|
| 7860 | 307 |
+ $$hash{"shelldb"} = \@shells;
|
308 |
+ } |
|
309 |
+ return; |
|
310 |
+ } |
|
311 |
+ |
|
312 |
||
313 |
while (<$ifh>) |
|
314 |
{
|
|
| 13240 | 315 |
@@ -879,6 +1063,11 @@ |
| 7860 | 316 |
{
|
317 |
$command = "$cmd_pw usermod -n " . $username . " -c \'" . $comment . "\'"; |
|
318 |
} |
|
319 |
+ elsif ($gst_dist =~ /^solaris/) |
|
320 |
+ {
|
|
321 |
+ ($fname, $office, $office_phone, $home_phone) = @line; |
|
322 |
+ $command = "$cmd_usermod" . " -c \'" . $fname . "\' " . $username; |
|
323 |
+ } |
|
324 |
else |
|
325 |
{
|
|
326 |
($fname, $office, $office_phone, $home_phone) = @line; |
|
| 13240 | 327 |
@@ -886,7 +1075,7 @@ |
| 7860 | 328 |
$fname = "-f \'" . $fname . "\'"; |
329 |
$home_phone = "-h \'" . $home_phone . "\'"; |
|
330 |
||
331 |
- if ($gst_dist =~ /^debian/ || $gst_dist =~ /^archlinux/) |
|
332 |
+ if ($gst_dist =~ /^debian/ || $gst_dist =~ /^archlinux/ || $gst_dist =~ /^nexenta/) |
|
333 |
{
|
|
334 |
$office = "-r \'" . $office . "\'"; |
|
335 |
$office_phone = "-w \'" . $office_phone . "\'"; |
|
| 13240 | 336 |
@@ -903,6 +1092,30 @@ |
| 7860 | 337 |
&gst_file_run ($command); |
338 |
} |
|
339 |
||
340 |
+$service = "passwd"; |
|
341 |
+$username = ""; |
|
342 |
+$newpassword = ""; |
|
343 |
+ |
|
344 |
+sub my_conv_func {
|
|
345 |
+ my @res; |
|
346 |
+ while ( @_ ) {
|
|
347 |
+ my $code = shift; |
|
348 |
+ my $msg = shift; |
|
349 |
+ my $ans = ""; |
|
350 |
+ |
|
351 |
+ $ans = $username if ($code == PAM_PROMPT_ECHO_ON() ); |
|
352 |
+ if ($code == PAM_PROMPT_ECHO_OFF() ) {
|
|
353 |
+ $ans = $newpassword; |
|
354 |
+ $ans = $newpassword; |
|
355 |
+ |
|
356 |
+ } |
|
357 |
+ |
|
358 |
+ push @res, (PAM_SUCCESS(),$ans); |
|
359 |
+ } |
|
360 |
+ push @res, PAM_SUCCESS(); |
|
361 |
+ return @res; |
|
362 |
+} |
|
363 |
+ |
|
364 |
sub add_user |
|
365 |
{
|
|
366 |
my ($data) = @_; |
|
| 13240 | 367 |
@@ -932,6 +1145,56 @@ |
| 7860 | 368 |
print $pwdpipe $$data[$users_prop_map{"password"}];
|
369 |
&gst_file_close ($pwdpipe); |
|
370 |
} |
|
371 |
+ elsif ($gst_dist =~ /^nexenta/) |
|
372 |
+ {
|
|
373 |
+ my $pwdpipe; |
|
374 |
+ $home_parents = $$data[$users_prop_map{"home"}];
|
|
375 |
+ $home_parents =~ s/\/+[^\/]+\/*$//; |
|
376 |
+ &gst_file_run ("$tool_mkdir -p $home_parents");
|
|
377 |
+ |
|
378 |
+ $command = "$cmd_useradd" . " -d \'" . $$data[$users_prop_map{"home"}] .
|
|
379 |
+ "\' -g \'" . $$data[$users_prop_map{"gid"}] .
|
|
380 |
+ "\' -s \'" . $$data[$users_prop_map{"shell"}] .
|
|
381 |
+ "\' -u \'" . $$data[$users_prop_map{"uid"}] .
|
|
382 |
+ "\' \'" . $$data[$users_prop_map{"login"}] . "\'";
|
|
383 |
+ &gst_file_run ($command); |
|
384 |
+ &gst_file_run("echo " . $$data[$users_prop_map{"login"}] . ":" . $$data[$users_prop_map{"password"}] . " | chpasswd -e");
|
|
385 |
+ } |
|
386 |
+ elsif ($gst_dist =~ /^solaris/) |
|
387 |
+ {
|
|
388 |
+ $home_parents = $$data[$users_prop_map{"home"}];
|
|
389 |
+ $home_parents =~ s/\/+[^\/]+\/*$//; |
|
390 |
+ &gst_file_run ("$tool_mkdir -p $home_parents");
|
|
391 |
+ |
|
| 9165 | 392 |
+ $command = "$cmd_useradd"; |
393 |
+ if ($$data[$users_prop_map{"rbac"}] ne undef ) {
|
|
394 |
+ my (@profiles, $old_user_profiles, $new_user_profiles ); |
|
395 |
+ $new_user_profiles = $$data[$users_prop_map{"rbac"}];
|
|
396 |
+ @profiles = (); |
|
397 |
+ push( @profiles, @$new_user_profiles ); |
|
398 |
+ if ( $#profiles >= 0 ) {
|
|
399 |
+ my $profiles_str = ""; |
|
| 11808 | 400 |
+ my $def_profiles = read_rbac_default_profiles(); |
| 9165 | 401 |
+ foreach ( @profiles ) {
|
| 11808 | 402 |
+ next if ( exists ($def_profiles->{$_}) );
|
| 9165 | 403 |
+ $profiles_str .= ',' unless ( $profiles_str eq "" ); |
404 |
+ $profiles_str .= $_; |
|
405 |
+ } |
|
406 |
+ $command .= " -P \'" . $profiles_str . "\'"; |
|
407 |
+ } |
|
408 |
+ } |
|
409 |
+ |
|
410 |
+ $command .= " -d \'" . $$data[$users_prop_map{"home"}] .
|
|
| 7860 | 411 |
+ "\' -g \'" . $$data[$users_prop_map{"gid"}] .
|
412 |
+ "\' -m -s \'" . $$data[$users_prop_map{"shell"}] .
|
|
413 |
+ "\' -u \'" . $$data[$users_prop_map{"uid"}] .
|
|
414 |
+ "\' \'" . $$data[$users_prop_map{"login"}] . "\'";
|
|
415 |
+ &gst_file_run ($command); |
|
416 |
+ $username = $$data[$users_prop_map{"login"}];
|
|
417 |
+ $newpassword = $$data[$users_prop_map{"password"}];
|
|
418 |
+ ref($pamh = new Authen::PAM($service, $username, \&my_conv_func)); |
|
419 |
+ $pamh->pam_chauthtok(PAM_NO_AUTHTOK_CHECK()); |
|
420 |
+ } |
|
421 |
else |
|
422 |
{
|
|
423 |
$home_parents = $$data[$users_prop_map{"home"}];
|
|
| 13240 | 424 |
@@ -967,9 +1230,109 @@ |
| 7860 | 425 |
" -H 0"; # pw(8) reads password from STDIN |
426 |
||
427 |
$pwdpipe = &gst_file_run_pipe($command, $GST_FILE_WRITE); |
|
428 |
- print $pwdpipe $$data[$users_prop_map{"password"}];
|
|
429 |
+ print $pwdpipe $$new_data[$users_prop_map{"password"}];
|
|
430 |
&gst_file_close ($pwdpipe); |
|
431 |
} |
|
432 |
+ elsif ($gst_dist =~ /^nexenta/) |
|
433 |
+ {
|
|
434 |
+ $command = "$cmd_usermod" . " -d \'" . $$new_data[$users_prop_map{"home"}] .
|
|
435 |
+ "\' -g \'" . $$new_data[$users_prop_map{"gid"}] .
|
|
436 |
+ "\' -l \'" . $$new_data[$users_prop_map{"login"}] .
|
|
437 |
+ "\' -s \'" . $$new_data[$users_prop_map{"shell"}] .
|
|
438 |
+ "\' -u \'" . $$new_data[$users_prop_map{"uid"}] .
|
|
439 |
+ "\' \'" . $$old_data[$users_prop_map{"login"}] . "\'";
|
|
440 |
+ &gst_file_run ($command); |
|
441 |
+ &gst_file_run("echo " . $$new_data[$users_prop_map{"login"}] . ":" . $$new_data[$users_prop_map{"password"}] . " | chpasswd -e");
|
|
442 |
+ } |
|
443 |
+ elsif ($gst_dist =~ /^solaris/) |
|
444 |
+ {
|
|
445 |
+ $command = "$cmd_usermod" ; |
|
446 |
+ |
|
447 |
+ $command .= " -u \'" . $$new_data[$users_prop_map{"uid"}] . "\'"
|
|
448 |
+ if ( $$new_data[$users_prop_map{"uid"}] ne $$old_data[$users_prop_map{"uid"}] );
|
|
449 |
+ $command .= " -g \'" . $$new_data[$users_prop_map{"gid"}] . "\'"
|
|
450 |
+ if ( $$new_data[$users_prop_map{"gid"}] ne $$old_data[$users_prop_map{"gid"}] );
|
|
451 |
+ $command .= " -d \'" . $$new_data[$users_prop_map{"home"}] . "\'"
|
|
452 |
+ if ( $$new_data[$users_prop_map{"home"}] ne $$old_data[$users_prop_map{"home"}] );
|
|
453 |
+ $command .= " -s \'" . $$new_data[$users_prop_map{"shell"}] . "\'"
|
|
454 |
+ if ( $$new_data[$users_prop_map{"shell"}] ne $$old_data[$users_prop_map{"shell"}] );
|
|
| 8436 | 455 |
+ |
456 |
+ if ($$new_data[$users_prop_map{"rbac"}] ne undef ) {
|
|
457 |
+ my (@profiles, $old_user_profiles, $new_user_profiles ); |
|
458 |
+ $old_user_profiles = $$old_data[$users_prop_map{"rbac"}];
|
|
459 |
+ $new_user_profiles = $$new_data[$users_prop_map{"rbac"}];
|
|
460 |
+ @profiles = (); |
|
461 |
+ if ( $old_user_profiles eq undef ) {
|
|
462 |
+ # All new profiles, so just use directly |
|
463 |
+ &gst_report("RBAC profiles created for ". $$old_data[$users_prop_map{"login"}] );
|
|
464 |
+ push( @profiles, @$new_user_profiles ); |
|
465 |
+ } |
|
466 |
+ else {
|
|
467 |
+ my @sorted_old_user_profiles = sort(@$old_user_profiles); |
|
468 |
+ my @sorted_new_user_profiles = sort(@$new_user_profiles); |
|
469 |
+ if ( &arr_cmp_recurse( \@sorted_new_user_profiles, \@sorted_old_user_profiles) ) {
|
|
470 |
+ &gst_report("RBAC profiles changed for ". $$old_data[$users_prop_map{"login"}] );
|
|
| 8604 | 471 |
+ push( @profiles, @$new_user_profiles ); # Copy unsorted list |
| 8436 | 472 |
+ } |
473 |
+ } |
|
474 |
+ if ( $#profiles >= 0 ) {
|
|
475 |
+ my $profiles_str = ""; |
|
| 11808 | 476 |
+ my $def_profiles = read_rbac_default_profiles(); |
| 8436 | 477 |
+ foreach ( @profiles ) {
|
| 11808 | 478 |
+ next if ( exists ($def_profiles->{$_}) );
|
| 8436 | 479 |
+ $profiles_str .= ',' unless ( $profiles_str eq "" ); |
480 |
+ $profiles_str .= $_; |
|
481 |
+ } |
|
482 |
+ $command .= " -P \'" . $profiles_str . "\'"; |
|
483 |
+ } |
|
484 |
+ } |
|
| 13240 | 485 |
+ |
486 |
+ if ($$new_data[$users_prop_map{"role"}] ne undef ) {
|
|
487 |
+ my (@roles, $old_user_roles, $new_user_roles ); |
|
488 |
+ $old_user_roles = $$old_data[$users_prop_map{"role"}];
|
|
489 |
+ $new_user_roles = $$new_data[$users_prop_map{"role"}];
|
|
490 |
+ @roles = (); |
|
491 |
+ if ( $old_user_roles eq undef ) {
|
|
492 |
+ # All new roles, so just use directly |
|
493 |
+ &gst_report("RBAC roles created for ". $$old_data[$users_prop_map{"login"}] );
|
|
494 |
+ push( @roles, @$new_user_roles ); |
|
495 |
+ } |
|
496 |
+ else {
|
|
497 |
+ my @sorted_old_user_roles = sort(@$old_user_roles); |
|
498 |
+ my @sorted_new_user_roles = sort(@$new_user_roles); |
|
499 |
+ if ( &arr_cmp_recurse( \@sorted_new_user_roles, \@sorted_old_user_roles) ) {
|
|
500 |
+ &gst_report("RBAC roles changed for ". $$old_data[$users_prop_map{"login"}] );
|
|
501 |
+ push( @roles, @$new_user_roles ); # Copy unsorted list |
|
502 |
+ } |
|
503 |
+ } |
|
504 |
+ if ( $#roles >= 0 ) {
|
|
505 |
+ my $roles_str = ""; |
|
506 |
+ foreach ( @roles ) {
|
|
507 |
+ $roles_str .= ',' unless ( $roles_str eq "" ); |
|
508 |
+ $roles_str .= $_; |
|
509 |
+ } |
|
510 |
+ $command .= " -R \'" . $roles_str . "\'"; |
|
511 |
+ } else {
|
|
512 |
+ $command .= " -R \'\'"; |
|
513 |
+ } |
|
514 |
+ } |
|
515 |
+ |
|
| 7860 | 516 |
+ # If there's nothing to change, then don't... |
517 |
+ if ( $command ne $cmd_usermod ) {
|
|
| 8436 | 518 |
+ $command .= " \'" . $$old_data[$users_prop_map{"login"}] . "\'";
|
| 7860 | 519 |
+ &gst_file_run ($command); |
520 |
+ } |
|
521 |
+ $username = $$old_data[$users_prop_map{"login"}];
|
|
522 |
+ $oldpassword = $$old_data[$users_prop_map{"password"}];
|
|
523 |
+ $newpassword = $$new_data[$users_prop_map{"password"}];
|
|
524 |
+ # Should only change password if old and new differ - this is especially |
|
525 |
+ # important since the old password is usually the "crypted" one!! Only if |
|
526 |
+ # it's different has a user entered a clear string here. |
|
| 8436 | 527 |
+ if ( $newpassword ne undef && $newpassword ne $oldpassword ) {
|
| 7860 | 528 |
+ ref($pamh = new Authen::PAM($service, $username, \&my_conv_func)); |
529 |
+ $pamh->pam_chauthtok(PAM_NO_AUTHTOK_CHECK()); |
|
530 |
+ } |
|
531 |
+ } |
|
532 |
else |
|
533 |
{
|
|
534 |
$command = "$cmd_usermod" . " -d \'" . $$new_data[$users_prop_map{"home"}] .
|
|
| 13240 | 535 |
@@ -1026,8 +1389,24 @@ |
| 7860 | 536 |
|
537 |
foreach $user (@$u) |
|
538 |
{
|
|
539 |
- $command = "$cmd_gpasswd -a \'" . $user . |
|
540 |
- "\' " . $$data[$groups_prop_map{"name"}];
|
|
541 |
+ if ($gst_dist =~ /^solaris/) |
|
542 |
+ {
|
|
543 |
+ my ($groups, @a); |
|
544 |
+ $command = "groups \'" . $user . "\'"; |
|
545 |
+ $groups = &gst_file_run_backtick ($command); |
|
546 |
+ chomp ($groups); |
|
547 |
+ @a = split (/ /, $groups); |
|
548 |
+ $groups = join (',', @a);
|
|
549 |
+ |
|
550 |
+ $command = "$cmd_usermod -G " . $groups . "," . |
|
551 |
+ $$data[$groups_prop_map{"name"}] . " " .
|
|
552 |
+ $user . " "; |
|
553 |
+ } |
|
554 |
+ else |
|
555 |
+ {
|
|
556 |
+ $command = "$cmd_gpasswd -a \'" . $user . |
|
557 |
+ "\' " . $$data[$groups_prop_map{"name"}];
|
|
558 |
+ } |
|
559 |
&gst_file_run ($command); |
|
560 |
} |
|
561 |
} |
|
| 13240 | 562 |
@@ -1052,10 +1431,18 @@ |
| 11320 | 563 |
} |
564 |
else |
|
565 |
{
|
|
566 |
- $command = "$cmd_groupmod -g \'" . $$new_data[$groups_prop_map{"gid"}] .
|
|
567 |
- "\' -n \'" . $$new_data[$groups_prop_map{"name"}] . "\' " .
|
|
568 |
- "\'" . $$old_data[$groups_prop_map{"name"}] . "\'";
|
|
569 |
- |
|
570 |
+ if ( $$new_data[$groups_propmap{"name"}] eq $$old_data[$group_prop_map{"name"}] )
|
|
571 |
+ {
|
|
572 |
+ $command = "$cmd_groupmod -g \'" . $$new_data[$groups_prop_map{"gid"}] .
|
|
573 |
+ "\' \'" . $$old_data[$groups_prop_map{"name"}] . "\'";
|
|
574 |
+ } |
|
575 |
+ else |
|
576 |
+ {
|
|
577 |
+ $command = "$cmd_groupmod -g \'" . $$new_data[$groups_prop_map{"gid"}] .
|
|
578 |
+ "\' -n \'" . $$new_data[$groups_prop_map{"name"}] . "\' " .
|
|
579 |
+ "\'" . $$old_data[$groups_prop_map{"name"}] . "\'";
|
|
580 |
+ } |
|
581 |
+ |
|
582 |
&gst_file_run ($command); |
|
583 |
||
584 |
# Let's see if the users that compose the group have changed. |
|
| 13240 | 585 |
@@ -1069,25 +1456,62 @@ |
| 7860 | 586 |
$max_o = $#$o; |
587 |
for ($i = 0, $j = 0; $i <= &max ($max_n, $max_o); ) {
|
|
588 |
$r = $$n[$i] cmp $$o[$j]; |
|
589 |
- $r *= -1 if (($$o[$j] eq "") || ($$n[$i] eq "")); |
|
590 |
||
591 |
- if ($r < 0) { # add this user to the group.
|
|
592 |
- $command = "$cmd_gpasswd -a \'" . $$n[$i] . "\' \'" . |
|
593 |
- $$new_data[$groups_prop_map{"name"}] . "\'";
|
|
594 |
+ if ($r > 0) { # add this user to the group.
|
|
595 |
+ if ($gst_dist =~ /^solaris/) |
|
596 |
+ {
|
|
597 |
+ my ($groups, @a); |
|
598 |
+ $command = "groups \'" . $$n[$i] . "\'"; |
|
599 |
+ $groups = &gst_file_run_backtick ($command); |
|
600 |
+ chomp ($groups); |
|
601 |
+ @a = split (/ /, $groups); |
|
602 |
+ $groups = join (',', @a);
|
|
603 |
+ |
|
604 |
+ $command = "$cmd_usermod -G " . $groups . "," . |
|
605 |
+ $$new_data[$groups_prop_map{"name"}] . " " .
|
|
606 |
+ $$n[$i] . " "; |
|
607 |
+ } |
|
608 |
+ else |
|
609 |
+ {
|
|
610 |
+ $command = "$cmd_gpasswd -a " . $$n[$i] . " " . $$new_data[$groups_prop_map{"name"}] . " ";
|
|
611 |
+ } |
|
612 |
$i ++; |
|
613 |
- |
|
614 |
+ |
|
615 |
&gst_file_run ($command); |
|
616 |
- } elsif ($r > 0) { # delete the user from the group.
|
|
617 |
- $command = "$cmd_gpasswd -d \'" . $$o[$j] . "\' \'" . |
|
618 |
- $$new_data[$groups_prop_map{"name"}] . "\'";
|
|
619 |
+ } elsif ($r < 0) { # delete the user from the group.
|
|
620 |
+ if ($gst_dist =~ /^solaris/) |
|
621 |
+ {
|
|
622 |
+ my ($groups, @a, $k); |
|
623 |
+ $command = "groups \'" . $$o[$j] . "\'"; |
|
624 |
+ $groups = &gst_file_run_backtick ($command); |
|
625 |
+ chomp ($groups); |
|
626 |
+ @a = split (/ /, $groups); |
|
627 |
+ for ($k = 0; $k < $#a + 1; $k++) |
|
628 |
+ {
|
|
629 |
+ if ($a[$k] eq $$new_data[$groups_prop_map{"name"}])
|
|
630 |
+ {
|
|
631 |
+ splice (@a, $k, 1); |
|
632 |
+ last; |
|
633 |
+ } |
|
634 |
+ } |
|
635 |
+ $groups = join (',', @a);
|
|
636 |
+ |
|
637 |
+ $command = "$cmd_usermod -G " . $groups . " " . |
|
638 |
+ $$o[$j] . " "; |
|
639 |
+ } |
|
640 |
+ else |
|
641 |
+ {
|
|
642 |
+ $command = "$cmd_gpasswd -d \'" . $$o[$j] . "\' \'" . |
|
643 |
+ $$new_data[$groups_prop_map{"name"}] . "\'";
|
|
644 |
+ } |
|
645 |
$j ++; |
|
646 |
- |
|
647 |
+ |
|
648 |
&gst_file_run ($command); |
|
649 |
- } else { # The information is the same. Go to next tuple.
|
|
650 |
+ } else { # The information is the same. Go to next tuple.
|
|
651 |
$i ++; $j ++; |
|
652 |
- } |
|
653 |
- } |
|
654 |
- } |
|
655 |
+ } |
|
656 |
+ } |
|
657 |
+ } |
|
658 |
} |
|
659 |
} |
|
660 |
||
| 13240 | 661 |
@@ -1204,8 +1628,11 @@ |
| 7860 | 662 |
elsif ($$tree[0] eq "group_last_modified") { &xml_parse_group_last_modified ($$tree[1], $hash); }
|
663 |
elsif ($$tree[0] eq "userdb") { &xml_parse_userdb ($$tree[1], $hash); }
|
|
664 |
elsif ($$tree[0] eq "groupdb") { &xml_parse_groupdb ($$tree[1], $hash); }
|
|
665 |
+ elsif ($$tree[0] eq "use_md5") { }
|
|
666 |
elsif ($$tree[0] eq "shelldb") { }
|
|
667 |
elsif ($$tree[0] eq "profiledb") { &xml_parse_profiledb ($$tree[1], $hash); }
|
|
| 8436 | 668 |
+ elsif ($$tree[0] eq "rbacdb") { } # if rbacdb is there ignore, can't be changed.
|
| 13240 | 669 |
+ elsif ($$tree[0] eq "roledb") { } # if roledb is there ignore, can't be changed.
|
| 7860 | 670 |
else |
| 8436 | 671 |
{
|
672 |
&gst_report ("xml_unexp_tag", $$tree[0]);
|
|
| 13240 | 673 |
@@ -1268,19 +1695,61 @@ |
| 8436 | 674 |
|
675 |
while (@$tree) |
|
676 |
{
|
|
677 |
- if ($users_prop_map{$$tree[0]} ne undef)
|
|
| 13240 | 678 |
+ if ($users_prop_map{$$tree[0]} ne undef && $$tree[0] ne "rbac" && $$tree[0] ne "role" )
|
| 8436 | 679 |
{
|
680 |
$line[$users_prop_map{$$tree[0]}] = &gst_xml_unquote($$tree[1][2]);
|
|
681 |
} |
|
| 13240 | 682 |
- else |
683 |
- {
|
|
684 |
- &gst_report ("xml_unexp_tag", $$tree[0]);
|
|
685 |
- } |
|
686 |
- |
|
687 |
- shift @$tree; |
|
688 |
- shift @$tree; |
|
689 |
- } |
|
| 8436 | 690 |
+ elsif ($$tree[0] eq "rbac") |
691 |
+ {
|
|
692 |
+ my $rbac = $$tree[1]; # rbac children |
|
693 |
+ shift @$rbac; # Skip attributes |
|
694 |
+ my $rbac_profiles = $$rbac[1]; # rbac children |
|
695 |
+ shift @$rbac_profiles; # Skip attributes |
|
| 13240 | 696 |
|
| 8436 | 697 |
+ my @user_profiles; |
698 |
+ # my $users_rbac_profiles = $$hash{"users_rbac_profiles"};
|
|
699 |
+ |
|
700 |
+ # if ( $users_rbac_profiles eq undef ) { # Allocate a new one if none exists
|
|
701 |
+ # my %dummy = (); |
|
702 |
+ # $users_rbac_profiles = \%dummy; |
|
703 |
+ # $$hash{"users_rbac_profiles"} = $users_rbac_profiles;
|
|
704 |
+ #} |
|
705 |
+ |
|
706 |
+ while (@$rbac_profiles) {
|
|
707 |
+ my $profile = $$rbac_profiles[1][2]; |
|
| 10454 | 708 |
+ push(@user_profiles, $profile ); |
| 8436 | 709 |
+ shift( @$rbac_profiles ); |
710 |
+ shift( @$rbac_profiles ); |
|
711 |
+ } |
|
712 |
+ #$$users_rbac_profiles{ $line[$users_prop_map{"login"}] } = \@user_profiles;
|
|
713 |
+ #XXX Here |
|
714 |
+ $line[$users_prop_map{$$tree[0]}] = \@user_profiles;
|
|
715 |
+ } |
|
| 13240 | 716 |
+ elsif ($$tree[0] eq "role") |
717 |
+ {
|
|
718 |
+ my $role = $$tree[1]; # role children |
|
719 |
+ shift @$role; # Skip attributes |
|
720 |
+ my $role_lists = $$role[1]; # role children |
|
721 |
+ shift @$role_lists; # Skip attributes |
|
722 |
+ |
|
723 |
+ my @user_roles; |
|
724 |
+ |
|
725 |
+ while (@$role_lists) {
|
|
726 |
+ my $role = $$role_lists[1][2]; |
|
727 |
+ push(@user_roles, $role ); |
|
728 |
+ shift( @$role_lists ); |
|
729 |
+ shift( @$role_lists ); |
|
730 |
+ } |
|
731 |
+ $line[$users_prop_map{$$tree[0]}] = \@user_roles;
|
|
732 |
+ } |
|
733 |
+ else |
|
734 |
+ {
|
|
735 |
+ &gst_report ("xml_unexp_tag", $$tree[0]);
|
|
736 |
+ } |
|
737 |
+ shift @$tree; |
|
738 |
+ shift @$tree; |
|
739 |
+ } |
|
740 |
+ |
|
741 |
$$users_hash{sprintf ("%06d", $line[0])} = [@line];
|
|
742 |
push (@$users, [@line]); |
|
743 |
} |
|
744 |
@@ -1323,6 +1792,7 @@ |
|
| 7860 | 745 |
if ($$tree[0] eq "users") { $line[$groups_prop_map{$$tree[0]}] = $$tree[1]; }
|
746 |
else { $line[$groups_prop_map{$$tree[0]}] = $$tree[1][2]; }
|
|
747 |
} |
|
748 |
+ elsif ($$tree[0] eq "allows_to") { }
|
|
749 |
else |
|
750 |
{
|
|
751 |
&gst_report ("xml_unexp_tag", $$tree[0]);
|
|
| 13240 | 752 |
@@ -1487,11 +1957,20 @@ |
| 8121 | 753 |
my ($hash) = @_; |
754 |
my ($key, $value, $i, $j, $k); |
|
755 |
my ($passwd_last_modified, $users, $desc); |
|
| 8436 | 756 |
+ # my ($users_rbac_profiles); |
| 13240 | 757 |
+ my ($rbac, $rbac_profiles, $role, $rbac_roles); |
| 8121 | 758 |
|
759 |
$passwd_last_modified = $$hash{"passwd_last_modified"};
|
|
760 |
$users = $$hash{"users"};
|
|
761 |
$group_last_modified = $$hash{"group_last_modified"};
|
|
762 |
$groups = $$hash{"groups"};
|
|
763 |
+ if ( $gst_dist =~ /^solaris/ ) {
|
|
764 |
+ $rbac = $$hash{"rbacdb"};
|
|
765 |
+ $rbac_profiles = $$rbac{"rbac_profiles"};
|
|
| 13240 | 766 |
+ $role = $$hash{"roledb"};
|
767 |
+ $rbac_roles = $$role{"rbac_roles"};
|
|
| 8436 | 768 |
+ # $users_rbac_profiles = $$hash{"users_rbac_profiles"};
|
| 8121 | 769 |
+ } |
770 |
||
771 |
&gst_xml_print_begin (); |
|
772 |
||
| 13240 | 773 |
@@ -1519,8 +1998,35 @@ |
| 8436 | 774 |
&gst_xml_container_enter ('user');
|
775 |
for ($j = 0; $j < ($#users_prop_array - 1) / 2; $j++) |
|
| 8121 | 776 |
{
|
| 8436 | 777 |
- &gst_xml_print_pcdata ($users_prop_map{$j}, $$i[$j]);
|
778 |
+ if ( $users_prop_map{$j} eq "rbac" && $gst_dist =~ /^solaris/ ) {
|
|
779 |
+ my ($user_profiles); |
|
780 |
+ &gst_xml_container_enter ('rbac');
|
|
781 |
+ &gst_xml_container_enter ('rbac_profiles');
|
|
782 |
+ # $user_profiles = $$users_rbac_profiles{$$i[1]};
|
|
783 |
+ $user_profiles = $$i[$j]; |
|
784 |
+ foreach $prof ( @$user_profiles ) {
|
|
785 |
+ &gst_xml_print_pcdata ("rbac_profile", $prof);
|
|
786 |
+ } |
|
787 |
+ &gst_xml_container_leave (); |
|
788 |
+ &gst_xml_container_leave (); |
|
789 |
+ } |
|
| 13240 | 790 |
+ elsif ( $users_prop_map{$j} eq "role" && $gst_dist =~ /^solaris/ ) {
|
791 |
+ my ($user_roles); |
|
792 |
+ &gst_xml_container_enter ('role');
|
|
793 |
+ &gst_xml_container_enter ('rbac_roles');
|
|
794 |
+ # $user_profiles = $$users_rbac_profiles{$$i[1]};
|
|
795 |
+ $user_roles = $$i[$j]; |
|
796 |
+ foreach $role ( @$user_roles ) {
|
|
797 |
+ &gst_xml_print_pcdata ("rbac_role", $role);
|
|
798 |
+ } |
|
799 |
+ &gst_xml_container_leave (); |
|
800 |
+ &gst_xml_container_leave (); |
|
801 |
+ } |
|
| 8436 | 802 |
+ else {
|
803 |
+ &gst_xml_print_pcdata ($users_prop_map{$j}, $$i[$j]);
|
|
804 |
+ } |
|
| 8121 | 805 |
} |
806 |
+ |
|
807 |
&gst_xml_container_leave (); |
|
808 |
} |
|
809 |
&gst_xml_container_leave (); |
|
| 13240 | 810 |
@@ -1559,9 +2065,47 @@ |
| 8121 | 811 |
&gst_xml_container_leave (); |
812 |
} |
|
813 |
&gst_xml_container_leave (); |
|
814 |
- &gst_xml_print_vspace (); |
|
815 |
||
816 |
- &gst_xml_print_end (); |
|
817 |
+ if ( $gst_dist =~ /^solaris/ ) {
|
|
818 |
+ &gst_xml_print_vspace (); |
|
819 |
+ |
|
820 |
+ &gst_xml_print_comment ('Now the RBAC Profiles');
|
|
821 |
+ &gst_xml_print_vspace (); |
|
822 |
+ |
|
823 |
+ &gst_xml_container_enter ('rbacdb');
|
|
824 |
+ &gst_xml_container_enter ('rbac_profiles');
|
|
825 |
+ |
|
826 |
+ foreach $prof ( sort keys %$rbac_profiles ) |
|
827 |
+ {
|
|
828 |
+ &gst_xml_print_vspace (); |
|
829 |
+ &gst_xml_container_enter ('rbac_profile');
|
|
830 |
+ &gst_xml_print_pcdata ('name', $prof );
|
|
831 |
+ &gst_xml_print_pcdata ('description', $$rbac_profiles{$prof} );
|
|
832 |
+ &gst_xml_container_leave (); |
|
833 |
+ } |
|
834 |
+ &gst_xml_container_leave (); |
|
835 |
+ &gst_xml_container_leave (); |
|
836 |
+ &gst_xml_print_vspace (); |
|
| 13240 | 837 |
+ |
838 |
+ &gst_xml_print_comment ('Now the ROLE');
|
|
839 |
+ &gst_xml_print_vspace (); |
|
840 |
+ |
|
841 |
+ &gst_xml_container_enter ('roledb');
|
|
842 |
+ &gst_xml_container_enter ('rbac_roles');
|
|
843 |
+ |
|
844 |
+ foreach $role ( sort keys %$rbac_roles ) |
|
845 |
+ {
|
|
846 |
+ &gst_xml_print_vspace (); |
|
847 |
+ &gst_xml_container_enter ('rbac_role');
|
|
848 |
+ &gst_xml_print_pcdata ('role', $role );
|
|
849 |
+ &gst_xml_container_leave (); |
|
850 |
+ } |
|
851 |
+ &gst_xml_container_leave (); |
|
852 |
+ &gst_xml_container_leave (); |
|
853 |
+ &gst_xml_print_vspace (); |
|
| 8121 | 854 |
+ } |
855 |
+ |
|
856 |
+ &gst_xml_print_end (); |
|
857 |
} |
|
858 |
||
859 |
||
| 13240 | 860 |
@@ -1590,6 +2134,7 @@ |
| 8121 | 861 |
&gst_file_backup ($_) foreach (@passwd_names); |
862 |
&gst_file_backup ($_) foreach (@shadow_names); |
|
863 |
&gst_file_backup ($_) foreach (@group_names); |
|
864 |
+ &gst_file_backup ($_) foreach (@rbac_names); |
|
865 |
||
866 |
&write_profiledb ($hash); |
|
867 |
&write_group_passwd ($hash); |
|
| 13240 | 868 |
@@ -1627,6 +2172,7 @@ |
| 7860 | 869 |
$tool = &gst_init ($name, $version, $description, $directives, @ARGV); |
870 |
&gst_platform_ensure_supported ($tool, @platforms); |
|
871 |
||
872 |
+&get_users_prop_array (); |
|
873 |
&get_login_defs_prop_array (); |
|
874 |
&get_profiles_prop_array (); |
|
875 |