Tue Jun 11 14:39:07 2013 UTC ()
more thorough passwd/group checks.


(christos)
diff -r1.151 -r1.152 src/usr.sbin/postinstall/postinstall
cvs diff -r1.151 -r1.152 src/usr.sbin/postinstall/Attic/postinstall (expand / switch to unified diff)

--- src/usr.sbin/postinstall/Attic/postinstall 2013/06/10 20:33:31 1.151
+++ src/usr.sbin/postinstall/Attic/postinstall 2013/06/11 14:39:07 1.152
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $NetBSD: postinstall,v 1.151 2013/06/10 20:33:31 mrg Exp $ 3# $NetBSD: postinstall,v 1.152 2013/06/11 14:39:07 christos Exp $
4# 4#
5# Copyright (c) 2002-2008 The NetBSD Foundation, Inc. 5# Copyright (c) 2002-2008 The NetBSD Foundation, Inc.
6# All rights reserved. 6# All rights reserved.
7# 7#
8# This code is derived from software contributed to The NetBSD Foundation 8# This code is derived from software contributed to The NetBSD Foundation
9# by Luke Mewburn. 9# by Luke Mewburn.
10# 10#
11# Redistribution and use in source and binary forms, with or without 11# Redistribution and use in source and binary forms, with or without
12# modification, are permitted provided that the following conditions 12# modification, are permitted provided that the following conditions
13# are met: 13# are met:
14# 1. Redistributions of source code must retain the above copyright 14# 1. Redistributions of source code must retain the above copyright
15# notice, this list of conditions and the following disclaimer. 15# notice, this list of conditions and the following disclaimer.
16# 2. Redistributions in binary form must reproduce the above copyright 16# 2. Redistributions in binary form must reproduce the above copyright
@@ -162,69 +162,79 @@ check_dir() @@ -162,69 +162,79 @@ check_dir()
162 [ -d "${_cddir}" ] && return 0 162 [ -d "${_cddir}" ] && return 0
163 if [ "${_cdop}" = "check" ]; then 163 if [ "${_cdop}" = "check" ]; then
164 msg "${_cddir} is not a directory" 164 msg "${_cddir} is not a directory"
165 return 1 165 return 1
166 elif ! mkdir -m "${_cdmode}" "${_cddir}" ; then 166 elif ! mkdir -m "${_cdmode}" "${_cddir}" ; then
167 msg "Can't create missing ${_cddir}" 167 msg "Can't create missing ${_cddir}"
168 return 1 168 return 1
169 else 169 else
170 msg "Missing ${_cddir} created" 170 msg "Missing ${_cddir} created"
171 fi 171 fi
172 return 0 172 return 0
173} 173}
174 174
175# check_ids op type file id [...] 175# check_ids op type file start id [...]
176# Check if file of type "users" or "groups" contains the relevant IDs 176# Check if file of type "users" or "groups" contains the relevant IDs
177# Returns 0 if ok, 1 otherwise. 177# Returns 0 if ok, 1 otherwise.
178#  178#
179check_ids() 179check_ids()
180{ 180{
181 [ $# -ge 4 ] || err 3 "USAGE: checks_ids op type file id [...]" 181 [ $# -ge 5 ] || err 3 "USAGE: checks_ids op type file start id [...]"
182 _op="$1" 182 _op="$1"
183 _type="$2" 183 _type="$2"
184 _file="$3" 184 _file="$3"
185 shift 3 185 _start="$4"
 186 shift 4
186 #_ids="$@" 187 #_ids="$@"
187 188
188 if [ ! -f "${_file}" ]; then 189 if [ ! -f "${_file}" ]; then
189 msg "${_file} doesn't exist; can't check for missing ${_type}" 190 msg "${_file} doesn't exist; can't check for missing ${_type}"
190 return 1 191 return 1
191 fi 192 fi
192 if [ ! -r "${_file}" ]; then 193 if [ ! -r "${_file}" ]; then
193 msg "${_file} is not readable; can't check for missing ${_type}" 194 msg "${_file} is not readable; can't check for missing ${_type}"
194 return 1 195 return 1
195 fi 196 fi
196 _notfixed="" 197 _notfixed=""
197 if [ "${_op}" = "fix" ]; then 198 if [ "${_op}" = "fix" ]; then
198 _notfixed="${NOT_FIXED}" 199 _notfixed="${NOT_FIXED}"
199 fi 200 fi
200 _missing="$(${AWK} -F: ' 201 _missing="$(${AWK} -v start=$_start -F: '
201 BEGIN { 202 BEGIN {
202 for (x = 1; x < ARGC; x++) 203 for (x = 1; x < ARGC; x++) {
 204 if (ARGV[x] = "SKIP")
 205 continue;
203 idlist[ARGV[x]]++ 206 idlist[ARGV[x]]++
 207 value[ARGV[x]] = start + x - 1;
 208 }
204 ARGC=1 209 ARGC=1
205 } 210 }
206 { 211 {
207 found[$1]++ 212 found[$1]++
 213 number[$1] = $3
208 } 214 }
209 END { 215 END {
210 for (id in idlist) { 216 for (id in idlist) {
211 if (! (id in found)) 217 if (!(id in found))
212 print id 218 printf("%s (missing)\n", id)
 219 else if (number[id] != value[id])
 220 printf("%s (%d != %d)\n", id,
 221 number[id], value[id])
 222 start++;
213 } 223 }
214 } 224 }
215 ' "$@" < "${_file}")" || return 1 225 ' "$@" < "${_file}")" || return 1
216 if [ -n "${_missing}" ]; then 226 if [ -n "${_missing}" ]; then
217 msg "Missing ${_type}${_notfixed}:" $(echo ${_missing}) 227 msg "Error ${_type}${_notfixed}:" $(echo ${_missing})
218 return 1 228 return 1
219 fi 229 fi
220 return 0 230 return 0
221} 231}
222 232
223# populate_dir op onlynew src dest mode file [file ...] 233# populate_dir op onlynew src dest mode file [file ...]
224# Perform op ("check" or "fix") on files in src/ against dest/ 234# Perform op ("check" or "fix") on files in src/ against dest/
225# If op = "check" display missing or changed files, optionally with diffs. 235# If op = "check" display missing or changed files, optionally with diffs.
226# If op != "check" copies any missing or changed files. 236# If op != "check" copies any missing or changed files.
227# If onlynew evaluates to true, changed files are ignored. 237# If onlynew evaluates to true, changed files are ignored.
228# Returns 0 if ok, 1 otherwise. 238# Returns 0 if ok, 1 otherwise.
229# 239#
230populate_dir() 240populate_dir()
@@ -887,28 +897,28 @@ do_fontconfig() @@ -887,28 +897,28 @@ do_fontconfig()
887 fi 897 fi
888 898
889 return ${failed} 899 return ${failed}
890} 900}
891 901
892# 902#
893# gid 903# gid
894# 904#
895additem gid "required groups in /etc/group" 905additem gid "required groups in /etc/group"
896do_gid() 906do_gid()
897{ 907{
898 [ -n "$1" ] || err 3 "USAGE: do_gid fix|check" 908 [ -n "$1" ] || err 3 "USAGE: do_gid fix|check"
899 909
900 check_ids "$1" groups "${DEST_DIR}/etc/group" \ 910 check_ids "$1" groups "${DEST_DIR}/etc/group" 14 \
901 named ntpd sshd authpf _pflogd _rwhod _proxy _timedc \ 911 named ntpd sshd _pflogd _rwhod staff _proxy _timedc \
902 _sdpd _httpd _mdnsd _tests _tcpdump _tss _gpio 912 _sdpd _httpd _mdnsd _tests _tcpdump _tss _gpio
903} 913}
904 914
905# 915#
906# gpio 916# gpio
907# 917#
908additem gpio "gpio configuration is up to date" 918additem gpio "gpio configuration is up to date"
909do_gpio() 919do_gpio()
910{ 920{
911 [ -n "$1" ] || err 3 "USAGE: do_gpio fix|check" 921 [ -n "$1" ] || err 3 "USAGE: do_gpio fix|check"
912 op="$1" 922 op="$1"
913 failed=0 923 failed=0
914 924
@@ -1563,28 +1573,28 @@ ${pcpath} was a directory, should be a f @@ -1563,28 +1573,28 @@ ${pcpath} was a directory, should be a f
1563 fi 1573 fi
1564 1574
1565 return $failed 1575 return $failed
1566} 1576}
1567 1577
1568# 1578#
1569# uid 1579# uid
1570# 1580#
1571additem uid "required users in /etc/master.passwd" 1581additem uid "required users in /etc/master.passwd"
1572do_uid() 1582do_uid()
1573{ 1583{
1574 [ -n "$1" ] || err 3 "USAGE: do_uid fix|check" 1584 [ -n "$1" ] || err 3 "USAGE: do_uid fix|check"
1575 1585
1576 check_ids "$1" users "${DEST_DIR}/etc/master.passwd" \ 1586 check_ids "$1" users "${DEST_DIR}/etc/master.passwd" 12 \
1577 named ntpd postfix sshd _pflogd _rwhod _proxy _timedc \ 1587 postfix named ntpd sshd SKIP _pflogd _rwhod SKIP _proxy _timedc \
1578 _sdpd _httpd _mdnsd _tests _tcpdump _tss 1588 _sdpd _httpd _mdnsd _tests _tcpdump _tss
1579} 1589}
1580 1590
1581 1591
1582# 1592#
1583# varrwho 1593# varrwho
1584# 1594#
1585additem varrwho "required ownership of files in /var/rwho" 1595additem varrwho "required ownership of files in /var/rwho"
1586do_varrwho() 1596do_varrwho()
1587{ 1597{
1588 [ -n "$1" ] || err 3 "USAGE: do_varrwho fix|check" 1598 [ -n "$1" ] || err 3 "USAGE: do_varrwho fix|check"
1589 1599
1590 contents_owner "$1" "${DEST_DIR}/var/rwho" _rwhod _rwhod 1600 contents_owner "$1" "${DEST_DIR}/var/rwho" _rwhod _rwhod