From f7724d679b59540db2af2a17eb3ee169dad870d5 Mon Sep 17 00:00:00 2001
From: Yoann Vandoorselaere <yoann@mandriva.com>
Date: Wed, 15 Dec 1999 17:21:06 +0000
Subject: *** empty log message ***

---
 init-sh/group.conf |   2 +
 init-sh/grpuser    | 125 ++++++++++++++++++++++-------------------
 init-sh/grpuser.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 init-sh/lib.sh     |  20 +++----
 4 files changed, 239 insertions(+), 69 deletions(-)
 create mode 100644 init-sh/group.conf
 create mode 100755 init-sh/grpuser.sh

(limited to 'init-sh')

diff --git a/init-sh/group.conf b/init-sh/group.conf
new file mode 100644
index 0000000..bdbca9d
--- /dev/null
+++ b/init-sh/group.conf
@@ -0,0 +1,2 @@
+audio
+urpmi
diff --git a/init-sh/grpuser b/init-sh/grpuser
index fb2ad25..6fa0e5d 100755
--- a/init-sh/grpuser
+++ b/init-sh/grpuser
@@ -13,12 +13,13 @@ user_name=$3
 
 Usage() {
 	echo "Usage :"
-	echo "	--add [ groupname ] [ username ] ---> Add an user to a group."
-	echo "	--del [ groupname ] [ username ] ---> Delete an user from a group."
+	echo "  --refresh    ---> Read group name in /etc/security/msec/group.conf"
+	echo "                    and add each user in /etc/security/msec/user.conf"  
+	echo "                    in these groups ( if security level is <= 2 )" 
 }
 
 ModifyFile() {
-    mv /etc/${file} /tmp/${file}.old
+    cp /etc/${file} /tmp/${file}.old
 
     head -$((group_line_number - 1)) /tmp/${file}.old > /etc/${file}
     echo "${new_group_line}" >> /etc/${file}
@@ -42,10 +43,10 @@ AppendUserToGroup() {
 
 IsUserAlreadyInGroup() {
     if echo ${group_users} | grep -qw "${user_name}"; then
-	return 1
+	return 0
     fi
     
-    return 0
+    return 1
 }
 
 IsGroupExisting() {
@@ -60,8 +61,9 @@ IsGroupExisting() {
     group_users=`echo ${tmp} | awk -F: '{print $5}'`
     group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'`
 
-    [ -z "${tmp}" ] && return 0
-    return 1
+    [ -z "${tmp}" ] && return 1
+    
+    return 0
 }
 
 IsUserExisting() {
@@ -73,68 +75,66 @@ IsUserExisting() {
 	return 1;
 }
 
-Add() {
-    IsGroupExisting;
-    if [[ $? == 0 ]]; then
-	echo "Sorry, group \"${group_name}\" does not exist."
-	echo "Please create it using the \"groupadd\" command."
-	exit 1
-    fi
-
-	IsUserExisting;
-    if [[ $? == 1 ]]; then
-    echo "Sorry, user \"${user_name}\" does not exist."
-    exit 1
-    fi
-
-    IsUserAlreadyInGroup;
-    if [[ $? == 1 ]]; then
-	echo "Sorry, user \"${user_name}\" is already in group \"${group_name}\"."
-	exit 1
+Refresh() {
+    if [[ ${SECURE_LEVEL} > 2 ]]; then
+	echo "You are in a secure level > 2, in this level you need to add group user by yourself."
+	echo "Use the command : usermod -G group_name user_name"
+	exit 1;
     fi
 
-    AppendUserToGroup;
-    ModifyFile;
-
-    exit 0
-}
-
-Del() {
-    IsGroupExisting;
-    if [[ $? == 0 ]]; then
-	echo "Sorry, group \"${group_name}\" does not exist."
-	exit 1
-    fi
-
-    IsUserAlreadyInGroup;
-    if [[ $? == 0 ]]; then
-	echo "Sorry, user \"${user_name}\" is not in group \"${group_name}\"."
-	exit 1
-    fi
-
-    RemoveUserFromGroup;
-    ModifyFile;
-    
-    exit 0
+    cat /etc/security/msec/group.conf | while read group_name; do
+	IsGroupExisting;
+	if [[ $? != 0 ]]; then
+	    echo "Group \"${group_name}\" doesn't exist. skiping it."
+	else
+	    cat /etc/security/msec/user.conf | while read user_name; do
+		IsUserExisting; 
+		if [[ $? != 0 ]]; then
+		    # user doesn't exist
+		    echo "Can't add user \"${user_name}\" to group \"${group_name}\"."
+		    echo "\"${user_name}\" doesn't exist. skiping."
+		    IsUserAlreadyInGroup;
+		    if [[ $? == 0 ]]; then
+			# user doesn't exist but is in a group... delete user from this group.
+			RemoveUserFromgroup;
+			ModifyFile;
+		    fi
+		else
+		    usermod -G ${group_name} ${user_name}
+		fi
+	    done
+	fi
+    done
 }
 
 Perm() {
+	if [[ ${UID} != 0 ]]; then
+	    echo "You need root access to use this tool."
+	    echo "And this script shouldn't be used by users."
+	    exit 1
+	fi
+
 	if [[ ! -w /etc/${file} ]]; then
-		echo "You're not allowed to write to /etc/group..." 
-		exit 1
+	    echo "You're not allowed to write to /etc/group..." 
+	    exit 1
+	fi
+
+	if [[ ! -f /etc/security/msec/group.conf ]]; then
+	    echo "/etc/security/msec/group.conf doesn't exist..."
+	    exit 1
+	fi
+       
+	if [[ ! -f /etc/security/msec/user.conf ]]; then
+	    echo "/etc/security/msec/user.conf doesn't exist..."
+	    exit 1
 	fi
 }
 
-if [[ $# == 3 ]]; then
+if [[ $# == 1 ]]; then
 	case $1 in
-		"--add")
-			Perm;
-			Add;
-		        exit 0
-			;;
-		"--del")
+		"--refresh")
 			Perm;
-			Del;
+			Refresh;
 			exit 0
 			;;
 		esac
@@ -150,3 +150,12 @@ fi
 
 
 
+
+
+
+
+
+
+
+
+
diff --git a/init-sh/grpuser.sh b/init-sh/grpuser.sh
new file mode 100755
index 0000000..6fa0e5d
--- /dev/null
+++ b/init-sh/grpuser.sh
@@ -0,0 +1,161 @@
+#!/bin/sh
+
+#
+# Writen by Vandoorselaere Yoann <yoann@mandrakesoft.com>
+# Thanks to Francis Galiegue.
+#
+
+file="group"
+group_line=""
+new_group_line=""
+group_name=$2
+user_name=$3
+
+Usage() {
+	echo "Usage :"
+	echo "  --refresh    ---> Read group name in /etc/security/msec/group.conf"
+	echo "                    and add each user in /etc/security/msec/user.conf"  
+	echo "                    in these groups ( if security level is <= 2 )" 
+}
+
+ModifyFile() {
+    cp /etc/${file} /tmp/${file}.old
+
+    head -$((group_line_number - 1)) /tmp/${file}.old > /etc/${file}
+    echo "${new_group_line}" >> /etc/${file}
+    tail +$((group_line_number + 1)) /tmp/${file}.old >> /etc/${file}
+	
+    rm -f /tmp/${file}.old
+}
+
+RemoveUserFromGroup() {
+    new_group_line=${group}`echo ${group_users} | 
+	sed -e s/,${user_name}$//g -e s/${user_name},//g -e s/${user_name}$//g`
+}
+
+AppendUserToGroup() {
+    if [[ -z ${group_users} ]]; then
+	new_group_line=${group_line}${user_name}
+    else
+	new_group_line=${group_line}",${user_name}"
+    fi
+}
+
+IsUserAlreadyInGroup() {
+    if echo ${group_users} | grep -qw "${user_name}"; then
+	return 0
+    fi
+    
+    return 1
+}
+
+IsGroupExisting() {
+    group_line=""
+    group_line_number=""
+    
+    # We get some group infos as well, will be used later
+    tmp=`grep -n "^${group_name}:" /etc/${file} | tr -d " "`
+    
+    group_line_number=`echo ${tmp} | awk -F: '{print $1}'`
+    group=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"}'`
+    group_users=`echo ${tmp} | awk -F: '{print $5}'`
+    group_line=`echo ${tmp} | awk -F: '{print $2":"$3":"$4":"$5}'`
+
+    [ -z "${tmp}" ] && return 1
+    
+    return 0
+}
+
+IsUserExisting() {
+	grep -qn "^${user_name}:" /etc/passwd
+	if [[ $? == 0 ]]; then
+		return 0;
+	fi
+
+	return 1;
+}
+
+Refresh() {
+    if [[ ${SECURE_LEVEL} > 2 ]]; then
+	echo "You are in a secure level > 2, in this level you need to add group user by yourself."
+	echo "Use the command : usermod -G group_name user_name"
+	exit 1;
+    fi
+
+    cat /etc/security/msec/group.conf | while read group_name; do
+	IsGroupExisting;
+	if [[ $? != 0 ]]; then
+	    echo "Group \"${group_name}\" doesn't exist. skiping it."
+	else
+	    cat /etc/security/msec/user.conf | while read user_name; do
+		IsUserExisting; 
+		if [[ $? != 0 ]]; then
+		    # user doesn't exist
+		    echo "Can't add user \"${user_name}\" to group \"${group_name}\"."
+		    echo "\"${user_name}\" doesn't exist. skiping."
+		    IsUserAlreadyInGroup;
+		    if [[ $? == 0 ]]; then
+			# user doesn't exist but is in a group... delete user from this group.
+			RemoveUserFromgroup;
+			ModifyFile;
+		    fi
+		else
+		    usermod -G ${group_name} ${user_name}
+		fi
+	    done
+	fi
+    done
+}
+
+Perm() {
+	if [[ ${UID} != 0 ]]; then
+	    echo "You need root access to use this tool."
+	    echo "And this script shouldn't be used by users."
+	    exit 1
+	fi
+
+	if [[ ! -w /etc/${file} ]]; then
+	    echo "You're not allowed to write to /etc/group..." 
+	    exit 1
+	fi
+
+	if [[ ! -f /etc/security/msec/group.conf ]]; then
+	    echo "/etc/security/msec/group.conf doesn't exist..."
+	    exit 1
+	fi
+       
+	if [[ ! -f /etc/security/msec/user.conf ]]; then
+	    echo "/etc/security/msec/user.conf doesn't exist..."
+	    exit 1
+	fi
+}
+
+if [[ $# == 1 ]]; then
+	case $1 in
+		"--refresh")
+			Perm;
+			Refresh;
+			exit 0
+			;;
+		esac
+			Usage;
+			exit 0
+else
+    Usage;
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/init-sh/lib.sh b/init-sh/lib.sh
index e519ad8..124fc63 100644
--- a/init-sh/lib.sh
+++ b/init-sh/lib.sh
@@ -57,10 +57,10 @@ AddBegRules() {
 	echo "Modifying config in ${file}..."
     fi
 
-    mv ${file} /tmp/secure.tmp
+    cp -f ${file} /tmp/secure.tmp
 
     if ! grep -Eqx "^${string}" /tmp/secure.tmp; then
-	echo -e "${COMMENT}" >> ${file};
+	echo -e "${COMMENT}" > ${file};
 	echo -e "${string}" >> ${file};
     fi
 
@@ -81,8 +81,7 @@ CleanRules() {
     fi
 
     echo -en "\t- Cleaning msec appended line in ${file} : "
-    mv -f ${file} /tmp/secure.tmp
-    touch ${file}
+    cp -f ${file} /tmp/secure.tmp
 
     while read line; do
 	if [[ ${ctrl} == 1 ]]; then
@@ -95,7 +94,7 @@ CleanRules() {
 	fi
 		
 	if [[ ${ctrl} == 0 ]]; then
-	    echo "${line}" >> ${file}
+	    echo "${line}" > ${file}
 	fi
     done < /tmp/secure.tmp
 
@@ -113,12 +112,11 @@ CommentUserRules() {
 
     echo -en "\t- Cleaning user appended line in ${file} : "
 
-    mv -f ${file} /tmp/secure.tmp
-    touch ${file}
-     
+    cp -f ${file} /tmp/secure.tmp
+         
     while read line; do 
 	if ! echo "${line}" | grep -qE "^#"; then
-	    echo "# ${line}" >> ${file}
+	    echo "# ${line}" > ${file}
 	fi
     done < /tmp/secure.tmp
   
@@ -158,10 +156,10 @@ LiloUpdate() {
     fi
 
     if [[ ! -z "${password}" ]]; then
-    	mv /etc/lilo.conf /tmp/secure.tmp
+    	cp -f /etc/lilo.conf /tmp/secure.tmp
 	while read line; do
 	    if ! echo "${line}" | grep -q "password"; then
-		echo "${line}" >> /etc/lilo.conf
+		echo "${line}" > /etc/lilo.conf
 	    fi
     	done < /tmp/secure.tmp
 	
-- 
cgit v1.2.1