6851603 IPS needs a bit of help for RBAC

5100566 lib/libsecdb/Makefile uses non-unique temp files

3 files changed, 203 insertions, 9 deletions

diff --git a/usr/src/lib/libsecdb/Makefile b/usr/src/lib/libsecdb/Makefile
index 6dbeb3267d..8743e5b9bb 100644
--- a/usr/src/lib/libsecdb/Makefile
+++ b/usr/src/lib/libsecdb/Makefile
@@ -19,11 +19,9 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
-#
 
 include ../Makefile.lib
 
@@ -55,6 +53,18 @@ ESSRC =			$(ESFILES:%=%)
 ETCSECURITYFILES =	$(ESFILES:%=$(ROOTETCSECURITY)/%)
 $(ETCSECURITYFILES) :=	GROUP = sys
 
+MFSTFILES =	rbac.xml
+MANIFESTDIR =	$(ROOT)/var/svc/manifest/system
+MANIFEST =	$(MFSTFILES:%=$(MANIFESTDIR)/%)
+$(MANIFEST) :=	FILEMODE = 0444
+$(MANIFEST) :=	GROUP = sys
+
+METHODFILES =	svc-rbac
+METHODDIR =	$(ROOT)/lib/svc/method
+METHOD =	$(METHODFILES:%=$(METHODDIR)/%)
+$(METHOD) :=	FILEMODE = 0555
+$(METHOD) :=	GROUP = bin
+
 SCRIPTS =		i.rbac r.rbac
 CLASS_SCR_SRC_DIR =	$(SRC)/pkgdefs/common_files
 INSTALL_DIR =		$(ROOT)/usr/sadm/install
@@ -67,21 +77,18 @@ CLASS_SCR_FILES =	$(SCRIPTS:%=$(CLASS_SCR_DIR)/%)
 $(CLASS_SCR_FILES) :=	FILEMODE = 0555
 $(CLASS_SCR_FILES) :=	GROUP = sys
 
-TMPDIR =	/tmp
-
 all clean clobber delete install lint package: $(SUBDIRS)
 _msg: $(MSGSUBDIRS)
 
 install:	install_data
 
-install_data:	$(ETCSECURITYFILES) $(ETCFILES) $(CLASS_SCR_FILES)
+install_data:	$(ETCSECURITYFILES) $(ETCFILES) $(CLASS_SCR_FILES) \
+	$(MANIFESTDIR) $(MANIFEST) $(METHODDIR) $(METHOD)
 
 ATTR_FILES =	auth_attr exec_attr prof_attr user_attr
 ${ATTR_FILES}:	$$@.txt
-	$(CP) $@.txt ${TMPDIR}/$@
 	> $@
-	$(ECHO) ${TMPDIR}/$@ $@ | $(SHELL) ${CLASS_SCR_SRC_DIR}/i.rbac
-	@$(RM) ${TMPDIR}/$@
+	$(ECHO) $@.txt $@ | $(SHELL) ${CLASS_SCR_SRC_DIR}/i.rbac
 
 $(ETCSECURITYFILES) $(ETCFILES): $(ETCSECURITY) $(ROOTETCSECURITY)
 
@@ -97,6 +104,18 @@ $(ROOTETCSECURITY)/%: %
 $(ROOTETC)/% : %
 	$(INS.file)
 
+$(MANIFESTDIR):
+	$(INS.dir)
+
+$(MANIFESTDIR)/% : %
+	$(INS.file)
+
+$(METHODDIR):
+	$(INS.dir)
+
+$(METHODDIR)/% : %
+	$(INS.file)
+
 $(CLASS_SCR_FILES): $(INSTALL_DIR) $(CLASS_SCR_DIR)
 
 $(INSTALL_DIR):
diff --git a/usr/src/lib/libsecdb/rbac.xml b/usr/src/lib/libsecdb/rbac.xml
new file mode 100644
index 0000000000..2ee3294fd3
--- /dev/null
+++ b/usr/src/lib/libsecdb/rbac.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+
+   
+    CDDL HEADER START
+   
+    The contents of this file are subject to the terms of the
+    Common Development and Distribution License (the "License").
+    You may not use this file except in compliance with the License.
+
+    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+    or http://www.opensolaris.org/os/licensing.
+    See the License for the specific language governing permissions
+    and limitations under the License.
+
+    When distributing Covered Code, include this CDDL HEADER in each
+    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+    If applicable, add the following below this CDDL HEADER, with the
+    fields enclosed by brackets "[]" replaced with your own identifying
+    information: Portions Copyright [yyyy] [name of copyright owner]
+
+    CDDL HEADER END
+
+    Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+    Use is subject to license terms.
+
+    NOTE:  This service manifest is not editable; its contents will
+    be overwritten by package or patch operations, including
+    operating system upgrade.  Make customizations in a different
+    file.
+-->
+
+<service_bundle type='manifest' name='SUNWcsr:rbac'>
+
+<service
+	name='system/rbac'
+	type='service'
+	version='1'>
+
+	<create_default_instance enabled='true' />
+
+	<single_instance />
+
+        <dependency
+                name='usr'
+                type='service'
+                grouping='require_all'
+                restart_on='none'>
+                <service_fmri value='svc:/system/filesystem/minimal' />
+        </dependency>
+
+	<exec_method
+		type='method'
+		name='start'
+		exec='/lib/svc/method/svc-rbac start'
+		timeout_seconds='300'>
+	</exec_method>
+
+	<exec_method
+		type='method'
+		name='refresh'
+		exec='/lib/svc/method/svc-rbac refresh'
+		timeout_seconds='300'>
+	</exec_method>
+
+	<exec_method
+		type='method'
+		name='stop'
+		exec=':true'
+		timeout_seconds='300'>
+	</exec_method>
+
+	<property_group name='startd' type='framework'>
+		<propval name='duration' type='astring'
+			value='transient' />
+	</property_group>
+
+	<property_group name='options' type='application'>
+	</property_group>
+
+	<stability value='Unstable' />
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+			Assemble the RBAC *attr files.
+			</loctext>
+		</common_name>
+	</template>
+</service>
+
+</service_bundle>
diff --git a/usr/src/lib/libsecdb/svc-rbac b/usr/src/lib/libsecdb/svc-rbac
new file mode 100644
index 0000000000..1fc4359ea7
--- /dev/null
+++ b/usr/src/lib/libsecdb/svc-rbac
@@ -0,0 +1,82 @@
+#! /usr/bin/sh
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+
+. /lib/svc/share/smf_include.sh
+
+files='/etc/user_attr /etc/security/auth_attr /etc/security/exec_attr
+    /etc/security/prof_attr'
+
+PKGINST=
+export PKGINST
+
+irbac=/usr/sadm/install/scripts/i.rbac
+
+if [ ! -x $irbac ]
+then
+	echo "${irbac}: not found."
+	exit $SMF_EXIT_ERR_FATAL
+fi
+
+case "$1" in
+start|refresh)
+	;;
+stop)
+	exit $SMF_EXIT_OK;;
+*)
+	echo "Usage: $0 { start | refresh | stop }"
+	exit $SMF_EXIT_ERR_FATAL;;
+esac
+	
+for f in $files
+do
+	d=${f}.d
+	if [ ! -d ${d} ]
+	then
+		# No directory, nothing to do
+		continue
+	fi
+	#
+	# List all the files in the directory and the destination file
+	# in the order of their timestamp.  Most recent files are
+	# displayed first.  When we find the destination file, we're
+	# done as the rest of the files are older and they are already
+	# incorporated.
+	#
+	for frag in `ls -t $f $d/* 2> /dev/null`
+	do
+		if [ "$frag" = "$f" ]
+		then
+			break
+		fi
+		if [ -f "$frag" ]
+		then
+			echo $frag $f | $irbac
+		fi
+	done
+done
+
+exit $SMF_EXIT_OK