1 #! /usr/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27 # ident "@(#)security.kshlib 1.2 08/05/22 SMI"
28 #
29
30 readonly lib=security.kshlib
31
32 #
33 # Function: user_attr_mod
34 # Purpose: Modify the user's entry in the /etc/user_attr file
35 # Parameters:
36 # input: action = { add | delete }
37 # whether to add or delete the user's entry from user_attr
38 # type = { auths | profiles }
39 # whether the entry to add is an auth or a profile
40 # data = the actual auth or profile to add or delete
41 #
42 function user_attr_mod {
43 typeset func="user_attr_mod"
44
45 typeset action="${1}"
46 typeset type="${2}"
47 typeset data="${3}"
48
49 typeset tmpfile=${STF_RESULTS:-/tmp}/user_attr_mod.$$
50 typeset userattr=/etc/user_attr
51 typeset backup_file=/etc/user_attr.user_attr_mod.stf_backup
52
53 if [[ "${action}" == "add" ]]; then
54 # If there is already an entry for the user in /etc/user_attr
55 # we will fail to add the new auth
56 entry=$(grep -v ^# /etc/user_attr | grep ${LOGNAME} 2>/dev/null)
57 if [[ $? -eq 0 ]] || [[ -n "${entry}" ]]; then
58 echo "--DIAG: [${lib}:$func] User ${LOGNAME} is already
59 present in ${userattr}"
60 return $STF_UNRESOLVED
61 fi ### [[ -n ${entry} ]]
62
63 # If we are here, we need to add a new entry to /etc/user_attr
64 # We first keep a backup, then add the new entry
65 entry=""
66 cp -f /dev/null ${tmpfile}
67 cp -f ${userattr} ${backup_file}
68
69 entry="${LOGNAME}::::${type}=${data}"
70 echo ${entry} >> ${userattr}
71
72 echo "--INFO: [${lib}:$func] Entry added to ${userattr}:
73 ${entry}"
74 #
75 rm -f ${tmpfile}
76 return $STF_PASS
77
78 elif [[ "${action}" == "delete" ]]; then
79 # First check if an STF-created backup file exists,
80 # and, if found, copy it over.
81 if [[ -s ${backup_file} ]]; then
82 cp -f ${backup_file} /etc/user_attr
83 rm -f ${backup_file}
84 return $STF_PASS
85 fi
86
87 # If we are here, a backup file was not found.
88 # We must forcibly delete the entry for the user
89 entry=$(grep -v ^# /etc/user_attr | grep ${LOGNAME} | \
90 grep "${data}" 2>/dev/null)
91 # if user not found in /etc/user_attr, return PASS
92 [[ $? -ne 0 ]] | [[ -z "${entry}" ]] && return $STF_PASS
93
94 # User found. Delete entry
95 cp /dev/null ${tmpfile}
96 grep -v "${entry}" /etc/user_attr > ${tmpfile}
97
98 if [[ -s ${tmpfile} ]]; then
99 cp -f ${tmpfile} /etc/user_attr
100 fi
101 #
102 rm -f ${tmpfile}
103 return $STF_PASS
104
105 else # action != add && action != delete => invalid action
106 echo "--DIAG: [${lib}:${func}] ${action}: Invalid action"
107 return $STF_UNRESOLVED
108 fi
109
110 } ### user_attr_mod
111
112
113 #
114 # Function: setup_repository
115 # Purpose: Add to the repository all data needed for the test
116 # Parameters:
117 # input: none
118 # Assumes that the following variables have been set and exported
119 # by the test invoking this function
120 # GL_TEST_SERVICE
121 # GL_TEST_INSTANCE
122 # GL_TEST_SVCPG, GL_TEST_SVCPG_TYPE
123 # GL_TEST_INSTPG, GL_TEST_INSTPG_TYPE
124 # GL_TEST_USERNAME
125 # output: none
126 #
127 function setup_repository {
128 func=setup_repository
129
130 # Forcibly delete the test instance and service
131 svccfg delete svc:/${GL_TEST_SERVICE}:${GL_TEST_INSTANCE} \
132 > /dev/null 2>&1
133 svccfg delete svc:/${GL_TEST_SERVICE} > /dev/null 2>&1
134
135 # Add all the required data to the repository
136 #
137 # (a) Add a service, (b) add 5 pgs to service: method, dependency,
138 # application, framework and user-defined type (c) Add one property
139 # named 'createdby' to each pg, with the value "root"
140 # (d) Add an instance to the service, (e) add 5 pgs: method, dependency,
141 # application, framework and user-defined type, (f) add one property
142 # to each pg, with the value "root"
143 #
144 svccfg -f - 2>&1 <<EOF
145 #
146 # Service and service-pg addition
147 add ${GL_TEST_SERVICE}
148 select ${GL_TEST_SERVICE}
149 #
150 addpg ${GL_TEST_SVCPG}_method method
151 addpg ${GL_TEST_SVCPG}_dependency dependency
152 addpg ${GL_TEST_SVCPG}_application application
153 addpg ${GL_TEST_SVCPG}_framework framework
154 addpg ${GL_TEST_SVCPG}_userdefined ${GL_TEST_SVCPG_TYPE}
155 #
156 setprop ${GL_TEST_SVCPG}_method/createdby = astring: "root"
157 setprop ${GL_TEST_SVCPG}_dependency/createdby = astring: "root"
158 setprop ${GL_TEST_SVCPG}_application/createdby = astring: "root"
159 setprop ${GL_TEST_SVCPG}_framework/createdby = astring: "root"
160 setprop ${GL_TEST_SVCPG}_userdefined/createdby = astring: "root"
161 #
162 # Instance and instance pg addition
163 #
164 add ${GL_TEST_INSTANCE}
165 select ${GL_TEST_INSTANCE}
166 #
167 addpg ${GL_TEST_INSTPG}_method method
168 addpg ${GL_TEST_INSTPG}_dependency dependency
169 addpg ${GL_TEST_INSTPG}_application application
170 addpg ${GL_TEST_INSTPG}_framework framework
171 addpg ${GL_TEST_INSTPG}_userdefined ${GL_TEST_SVCPG_TYPE}
172 #
173 setprop ${GL_TEST_INSTPG}_method/createdby = astring: "root"
174 setprop ${GL_TEST_INSTPG}_dependency/createdby = astring: "root"
175 setprop ${GL_TEST_INSTPG}_application/createdby = astring: "root"
176 setprop ${GL_TEST_INSTPG}_framework/createdby = astring: "root"
177 setprop ${GL_TEST_INSTPG}_userdefined/createdby = astring: "root"
178 #
179 quit
180 EOF
181
182 rc=$?
183
184 if [[ $rc -ne 0 ]]; then
185 result=$STF_UNRESOLVED
186 echo "--DIAG: [${lib}:$func]
187 Error adding test data to repository"
188 # Forcibly delete everything under the test service and exit
189 svccfg delete ${GL_TEST_SERVICE}
190 fi
191
192 return $result
193
194 } ### setup_repository
195
196
197 #
198 # Function: cleanup_repository
199 # Purpose: Cleanup all data added by setup_repository
200 # Parameters:
201 # input: none
202 # Assumes that the following variables have been set and exported
203 # by the test invoking this function
204 # GL_TEST_SERVICE
205 # GL_TEST_INSTANCE
206 # GL_TEST_SVCPG, GL_TEST_SVCPG_TYPE
207 # GL_TEST_INSTPG, GL_TEST_INSTPG_TYPE
208 # GL_TEST_USERNAME
209 # output: none
210 #
211 function cleanup_repository {
212 func=cleanup_repository
213
214 # Delete the tested service, instance and pgs from the repository
215 svccfg list ${GL_TEST_SERVICE}\* 2>/dev/null | \
216 egrep -s "${GL_TEST_SERVICE}"
217 rc=$?
218
219 if [[ $rc -eq 0 ]]; then
220 svccfg delete ${GL_TEST_SERVICE}
221
222 [[ $? -ne 0 ]] && {
223 result=$STF_UNRESOLVED
224 echo "--DIAG: [${lib}:$func] failed to delete service:\
225 ${GL_TEST_SERVICE}"
226 }
227 fi
228
229 # cleanup never fails
230 return 0
231
232 } ### cleanup_repository
233
234 #
235 # Function: cleanup_repository_with_return
236 # Purpose: Remove various entities from the repository, returning
237 # success or failure
238 # Parameters:
239 # input: none
240 # Assumes that the following variables have been set and exported
241 # by the test invoking this function
242 # GL_TEST_SERVICE
243 # GL_TEST_INSTANCE
244 # GL_TEST_SVCPG, GL_TEST_SVCPG_TYPE
245 # GL_TEST_INSTPG, GL_TEST_INSTPG_TYPE
246 # GL_TEST_USERNAME
247 # output: none
248 #
249 function cleanup_repository_with_return {
250 func="cleanup_repository_with_return"
251
252 # (a) Select service, (b) select instance (c) delete properties from
253 # 5 types of inst-pgs (d) delete inst-pgs of 5 types, (e) unselect
254 # (f) delete instance, (g) delete properties from 5 types of svc-pgs
255 # (h) delete svc-pgs of 5 types, (j) unselect (k) delete service
256 #
257 svccfg -f - 2>&1 <<EOF
258 #
259 # Service and service-pg addition
260 select svc:/${GL_TEST_SERVICE}:${GL_TEST_INSTANCE}
261 #
262 delprop ${GL_TEST_INSTPG}_method/createdby
263 delprop ${GL_TEST_INSTPG}_dependency/createdby
264 delprop ${GL_TEST_INSTPG}_application/createdby
265 delprop ${GL_TEST_INSTPG}_framework/createdby
266 delprop ${GL_TEST_INSTPG}_userdefined/createdby
267 #
268 delpg ${GL_TEST_INSTPG}_method
269 delpg ${GL_TEST_INSTPG}_dependency
270 delpg ${GL_TEST_INSTPG}_application
271 delpg ${GL_TEST_INSTPG}_framework
272 delpg ${GL_TEST_INSTPG}_userdefined
273 #
274 unselect
275 delete ${GL_TEST_INSTANCE}
276 #
277 delprop ${GL_TEST_SVCPG}_method/createdby
278 delprop ${GL_TEST_SVCPG}_dependency/createdby
279 delprop ${GL_TEST_SVCPG}_application/createdby
280 delprop ${GL_TEST_SVCPG}_framework/createdby
281 delprop ${GL_TEST_SVCPG}_userdefined/createdby
282 #
283 delpg ${GL_TEST_SVCPG}_method
284 delpg ${GL_TEST_SVCPG}_dependency
285 delpg ${GL_TEST_SVCPG}_application
286 delpg ${GL_TEST_SVCPG}_framework
287 delpg ${GL_TEST_SVCPG}_userdefined
288 #
289 quit
290 EOF
291
292 rc=$?
293
294 if [[ $rc -ne 0 ]]; then
295 result=$STF_UNRESOLVED
296 echo "--DIAG: [${lib}:$func]
297 Error deleting repository data"
298 fi
299
300 return $result
301
302 } ### cleanup_repository_with_return