#!/bin/sh # $Id: cleanlib.sh,v 1.44 2000/11/19 09:00:21 chouanar Exp $ # # # Author: Jean Chouanard # # ******************************************************************************************* # # Copyright (c) 2000 Xerox Corporation. All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # # Redistributions of source code must retain the above copyright notice, # this list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # Neither name of the Xerox, PARC, nor the names of its contributors may be # used to endorse or promote products derived from this software without # specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE XEROX CORPORATION OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # ******************************************************************************************* # # PKGN='' FILESAV='' # # Debuging purpose # if [ -f /var/tmp/seccleandebug ] ; then set -x echo "Turning on debug as /var/tmp/seccleandebug exist" fi # **************************** # For the postinstall first # **************************** Install_file() { DIRN=`dirname $1` FILEN=`basename $1` MODE=`grep "^$1 " $PKGSAV/.${PKGINST}_REC | awk '{print $2 " " $3 " " $4 " " $5 " " $6}'` SFILEN=`echo $1 |sed -e 's/\//\?/g'` if [ ! -f ${PKGSAV}/.${PKGINST}_${SFILEN} ] ; then cp ${BASEDIR}${DIRN}/${PKGINST}_${FILEN} ${PKGSAV}/.${PKGINST}_${SFILEN} else echo "${PKGSAV}/.${PKGINST}_${SFILEN} already exist, not overwriting it" fi mv ${BASEDIR}${DIRN}/${PKGINST}_${FILEN} ${BASEDIR}/$1 /usr/sbin/installf -c none $PKGINST ${BASEDIR}/$1 $MODE } Install_RC_file() { DIRN=`dirname $1` FILEN=`basename $1` SFILEN=`echo $1 |sed -e 's/\//\?/g'` NEWF=${BASEDIR}/$1 NEWF=`echo $NEWF | sed -e 's/\/\//\//g'` if [ ! -f ${PKGSAV}/.${PKGINST}_${SFILEN} ] ; then cp ${BASEDIR}${DIRN}/${PKGINST}_${FILEN} ${PKGSAV}/.${PKGINST}_${SFILEN} else echo "${PKGSAV}/.${PKGINST}_${SFILEN} already exist, not overwriting it" fi mv ${BASEDIR}${DIRN}/${PKGINST}_${FILEN} $NEWF /usr/sbin/installf -c none $PKGINST $NEWF shift for i in $* do ln -s ${NEWF} $i /usr/sbin/installf -c none $PKGINST ${i}=${NEWF} s done } # ########################################################################### # Backup_user_file() # # Will save the file only if it has been modified since its install # The original file from the original pkg install was saved in $PKGSAV # by the postinstall script as $PKGSAV/.${PKGINS}_ # # The files will be saved under $2 # ########################################################################### Backup_user_file() { DIRN=`dirname $1` mkdir -p ${2}${DIRN} 1>/dev/null 2>&1 mv $1 ${2}${1} FILESAV="$1 $FILESAV" } ############################################################################ # For the /etc/rc?.d files: # mv the file as a Disable- to avoid calling it @ the next boot ############################################################################ Disable_RC() { if [ -f $1 -o -h $1 ]; then PKGN=`pkgchk -l -p $1 | sed -e '1,/^Referenced by/d; /^Current status/,$d'` if [ "XX$PKGN" = "XX" ] ; then echo "*** Disable_RC: One RC file is not owned by any PKG" echo "*** $1" echo "*** Please report the error" echo "*** Aborting..." exit 3 fi if [ "$PKGN" != "NONE" ] ; then grep "^$1" /var/sadm/install/contents >> $PKGSAV/.${PKGINST}_DisableRC for i in $PKGN do /usr/sbin/removef $i $1 1>/dev/null 2>&1 if [ ! "`eval echo $\`echo $i\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$i=$i" LPKG="$i $LPKG" fi done fi # if [ "$3" != "NoTrace" ] ; then echo "$1 Was linked to $2" >> `dirname $1`/Disabled-By-${PKGINST} fi /usr/bin/rm -f $1 fi } ############################################################################ # For the /etc/init.d/* files that we want to DISABLE # # Call Disable_RC for each link to it under /etc/rc?.d/[KS]* # # ############################################################################ Disable_Init() { # # Magical grep is : grep "^.*=.*$1" /var/sadm/install/contents # Return: One line per Startup or Kill file linked w/ this file # # We should call Disable_RC for each file linked to this one # for i in `grep "^.*=.*/init.d/$1" /var/sadm/install/contents|sed -e 's/=.*$//'` do Disable_RC $i $1 ; done } ############################################################################ # For the /etc/init.d/* files that we want to control through /etc/yassp.conf # # Call RCconf-ized_Init() to each # # ############################################################################ RCconfized_Init() { if [ -f $1 -o -h $1 ] ; then DIRN=`dirname $1` FILEN=`basename $1` SHFNAME=`echo ${FILEN}|tr "[:lower:]" "[:upper:]"| tr -cd "[:alpha:]` SHORTFILEN=`basename ${FILEN}` SFILEN=`echo $1 |sed -e 's/\//\?/g'` # SEDF=/var/SECclean_tmp/Modif.sed RCF=/var/SECclean_tmp/YASSP.conf # ************************************ # Intro: We save the current state/pkg # ************************************ PKGN=`pkgchk -l -p $1 | sed -e '1,/^Referenced by/d; /^Current status/,$d'` if [ "XX$PKGN" = "XX" ] ; then # echo " --- Save_and_move_file: One file is not owned by any PKG" # echo " --- $1" PKGN="NONE" CPKGN=1 fi if [ "$PKGN" != "NONE" ] ; then grep "^$1" /var/sadm/install/contents >> $PKGSAV/.${PKGINST}_MOD for i in $PKGN do /usr/sbin/removef $i $1 1>/dev/null 2>&1 if [ ! "`eval echo $\`echo $i\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$i=$i" LPKG="$i $LPKG" fi done fi # *********************************** # First, create the sed script # *********************************** rm -f ${SEDF} cat > ${SEDF} << %EOF% 2i\\ \# ${PKGINST} START\\ \# *******************************************************************\\ \# This shell script was modified by ${PKGINST} to start only if \\ \# the shell variable ${SHFNAME} is set to 'YES' in /etc/yassp.conf\\ \# *******************************************************************\\ if [ -f /etc/yassp.conf ] ; then\\ . /etc/yassp.conf\\ fi\\ \# ${PKGINST} END /^# ${PKGINST} START/,/^# ${PKGINST} END/ d /'start')/a\\ \# ${PKGINST} START\\ if [ "X\${$SHFNAME}" != "XYES" ] ; then \\ exit 0 \\ fi\\ \# ${PKGINST} END /start)/a\\ \# ${PKGINST} START\\ if [ "X\${$SHFNAME}" != "XYES" ] ; then \\ exit 0 \\ fi\\ \# ${PKGINST} END /'start'|'rpcstart')/a\\ \# ${PKGINST} START\\ if [ "X\${$SHFNAME}" != "XYES" ] ; then \\ exit 0 \\ fi\\ \# ${PKGINST} END %EOF% # *********************************** # We apply the sed, and replace the # Original file. # *********************************** sed -f ${SEDF} $1 > /var/SECclean_tmp/${SHORTFILEN} rm -f ${SEDF} cp /dev/null $1 cat /var/SECclean_tmp/${SHORTFILEN} > $1 rm -f /var/SECclean_tmp/${SHORTFILEN} # *********************************** # Keep a copy of the original file installed # *********************************** if [ ! -f ${PKGSAV}/.${PKGINST}_${SFILEN} ] ; then cp ${BASEDIR}${DIRN}/${FILEN} ${PKGSAV}/.${PKGINST}_${SFILEN} else echo "${PKGSAV}/.${PKGINST}_${SFILEN} already exist, not overwriting it" fi # *********************************** # Now we must register it # *********************************** chmod 0744 $1 chgrp sys $1 chown root $1 /usr/sbin/installf -c none $PKGINST $1 f 0744 root sys echo "${SHFNAME}=NO" >> /var/SECclean_tmp/YASSP.conf fi } ############################################################################ # Special case for the rpc as we need also to add as an option WVrpcbind ############################################################################ RCconfized_rpc() { if [ -f $1 -o -h $1 ] ; then DIRN=`dirname $1` FILEN=`basename $1` SHFNAME=`echo ${FILEN}|tr "[:lower:]" "[:upper:]"| tr -cd "[:alpha:]` SHORTFILEN=`basename ${FILEN}` SFILEN=`echo $1 |sed -e 's/\//\?/g'` # SEDF=/var/SECclean_tmp/Modif.sed RCF=/var/SECclean_tmp/YASSP.conf # ************************************ # Intro: We save the current state/pkg # ************************************ PKGN=`pkgchk -l -p $1 | sed -e '1,/^Referenced by/d; /^Current status/,$d'` if [ "XX$PKGN" = "XX" ] ; then # echo " --- Save_and_move_file: One file is not owned by any PKG" # echo " --- $1" PKGN="NONE" CPKGN=1 fi if [ "$PKGN" != "NONE" ] ; then grep "^$1" /var/sadm/install/contents >> $PKGSAV/.${PKGINST}_MOD for i in $PKGN do /usr/sbin/removef $i $1 1>/dev/null 2>&1 if [ ! "`eval echo $\`echo $i\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$i=$i" LPKG="$i $LPKG" fi done fi # *********************************** # First, create the sed script # *********************************** rm -f ${SEDF} cat > ${SEDF} << %EOF% s/keyserv -d/keyserv/ s/keyserv >/keyserv -d >/ 2i\\ \# SECclean START\\ \# *******************************************************************\\ \# This shell script was modified by ${PKGINST} to start only if \\ \# the shell variable ${SHFNAME} is set to 'YES' in /etc/yassp.conf\\ \# and to handle an option in yassp.conf to run WVrpcbind\\ \# *******************************************************************\\ if [ -f /etc/yassp.conf ] ; then\\ . /etc/yassp.conf\\ fi\\ if [ "X\${WVRPCBIND}" = "XYES" -a -x /usr/sbin/WVrpcbind ] ; then\\ RPCBINDSUF=WV\\ else\\ RPCBINDSUF=""\\ fi\\ \# SECclean END /^# SECclean START/,/^# SECclean END/ d /'start')/a\\ \# SECclean START\\ if [ "X\${RPC}" != "XYES" ] ; then \\ exit 0 \\ fi\\ \# SECclean END /start)/a\\ \# SECclean START\\ if [ "X\${RPC}" != "XYES" ] ; then \\ exit 0 \\ fi\\ \# SECclean END /'start'|'rpcstart')/a\\ \# SECclean START\\ if [ "X\${RPC}" != "XYES" ] ; then \\ exit 0 \\ fi\\ \# SECclean END s/\${RPCBINDSUF}//g s/rpcbind/\${RPCBINDSUF}rpcbind/g %EOF% # *********************************** # We apply the sed, and replace the # Original file. # *********************************** sed -f ${SEDF} $1 > /var/SECclean_tmp/${SHORTFILEN} rm -f ${SEDF} cp /dev/null $1 cat /var/SECclean_tmp/${SHORTFILEN} > $1 rm -f /var/SECclean_tmp/${SHORTFILEN} # *********************************** # Keep a copy of the original file installed # *********************************** if [ ! -f ${PKGSAV}/.${PKGINST}_${SFILEN} ] ; then cp ${BASEDIR}${DIRN}/${FILEN} ${PKGSAV}/.${PKGINST}_${SFILEN} else echo "${PKGSAV}/.${PKGINST}_${SFILEN} already exist, not overwriting it" fi # *********************************** # Now we must register it # *********************************** chmod 0744 $1 chgrp sys $1 chown root $1 /usr/sbin/installf -c none $PKGINST $1 f 0744 root sys echo "${SHFNAME}=NO" >> /var/SECclean_tmp/YASSP.conf fi } ############################################################################ # Special case for the syslog: # From Solaris 8, syslogd can be start without listening to the network # with the '-t' option ############################################################################ RCconfized_syslogd() { if [ -f $1 -o -h $1 ] ; then DIRN=`dirname $1` FILEN=`basename $1` SHORTFILEN=`basename ${FILEN}` SFILEN=`echo $1 |sed -e 's/\//\?/g'` # SEDF=/var/SECclean_tmp/Modif.sed RCF=/var/SECclean_tmp/YASSP.conf # ************************************ # Intro: We save the current state/pkg # ************************************ PKGN=`pkgchk -l -p $1 | sed -e '1,/^Referenced by/d; /^Current status/,$d'` if [ "XX$PKGN" = "XX" ] ; then # echo " --- Save_and_move_file: One file is not owned by any PKG" # echo " --- $1" PKGN="NONE" CPKGN=1 fi if [ "$PKGN" != "NONE" ] ; then grep "^$1" /var/sadm/install/contents >> $PKGSAV/.${PKGINST}_MOD for i in $PKGN do /usr/sbin/removef $i $1 1>/dev/null 2>&1 if [ ! "`eval echo $\`echo $i\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$i=$i" LPKG="$i $LPKG" fi done fi # *********************************** # First, create the sed script # *********************************** rm -f ${SEDF} cat > ${SEDF} << %EOF% 2i\\ \# ${PKGINST} START\\ \# *******************************************************************\\ \# This shell script was modified by ${PKGINST} to start syslogd \\ \# using the \${SYSLOGFLAGS} set in /etc/yassp.conf\\ \# *******************************************************************\\ SYSLOGFLAGS=\"\"\\ if [ -f /etc/yassp.conf ] ; then\\ . /etc/yassp.conf\\ fi\\ \# ${PKGINST} END /^# ${PKGINST} START/,/^# ${PKGINST} END/ d s/\/usr\/sbin\/syslogd >/\/usr\/sbin\/syslogd \${SYSLOGFLAGS} >/ %EOF% # *********************************** # We apply the sed, and replace the # Original file. # *********************************** sed -f ${SEDF} $1 > /var/SECclean_tmp/${SHORTFILEN} rm -f ${SEDF} cp /dev/null $1 cat /var/SECclean_tmp/${SHORTFILEN} > $1 rm -f /var/SECclean_tmp/${SHORTFILEN} # *********************************** # Keep a copy of the original file installed # *********************************** if [ ! -f ${PKGSAV}/.${PKGINST}_${SFILEN} ] ; then cp ${BASEDIR}${DIRN}/${FILEN} ${PKGSAV}/.${PKGINST}_${SFILEN} else echo "${PKGSAV}/.${PKGINST}_${SFILEN} already exist, not overwriting it" fi # *********************************** # Now we must register it # *********************************** chmod 0744 $1 chgrp sys $1 chown root $1 /usr/sbin/installf -c none $PKGINST $1 f 0744 root sys echo "# On Solaris 8, syslogd is started with the '-t' option," >> /etc/yassp.conf echo "# which disable the syslogd UPD port to turn off logging of remote messages." >> /etc/yassp.conf echo "# If you want syslogd to listen to remote messages, set SYSLOGFLAGS=\"\"" >> /etc/yassp.conf echo "SYSLOGFLAGS=\"-t\"" >> /etc/yassp.conf fi } ############################################################################ # To Create the real /etc/yassp.conf after all the call to RCconfized_Init # have been done ############################################################################ Create_RCconf() { if [ -f /var/SECclean_tmp/YASSP.conf ] ; then cat /var/SECclean_tmp/YASSP.conf >> /etc/yassp.conf fi cat >> /etc/yassp.conf <<%EOF% # DO NOT DELETE THIS LINE # # End of the initfile section # # *************************************** # These are the dependency lines. # Just a start right now. # *************************************** # # Example of what is run on a workstion. # if [ "X\${WORKSTATION}" = "XYES" ] ; then NSCD=YES CDE=YES NFS=YES VOLMGT=YES LP=YES fi # If CDE is needed if [ "X\${CDE}" = "XYES" ] ; then RPC=YES DTLOGIN=YES fi # If NFS is needed if [ "X\${NFS}" = "XYES" ] ; then NFSCLIENT=YES NFSSERVER=YES fi # NFS need RPC! if [ "X\${NFSCLIENT}" = "XYES" -o "X\${NFSSERVER}" = "XYES" ] ; then RPC=YES fi # And netscape need nscd if [ "X\${NETSCAPE}" = "XYES" ] ; then NSCD=YES fi # ************************************************************************ # # The following section deal with some variable more generic # # The example shown in the comment line always reflects the default value # used by the script # # ************************************************************************ # ************************************ # SEC_UMASK value set in /etc/init.d/umask.sh # # Default umask used by most of the daemons. # (And will be the default for DEF_UMASK # if not defined ) # # Default = 077 # ************************************ # SEC_UMASK=077 # ************************************ # DEF_UMASK value set in /etc/default/login # # Default umask for most of the users. # # If not set, will use the SEC_UMASK value if defined. # Default = 077. # ************************************ # DEF_UMASK=077 # ************************************ # USERDENIED used in /opt/local/sbin/clean_passwd # # It represents the list of accounts the clean_passwd script will lock # # Default = 'daemon bin sys adm lp smtp uucp nuucp listen nobody noaccess nobody4' # ************************************ # USERDENIED='daemon bin sys adm lp smtp uucp nuucp listen nobody noaccess nobody4' # ************************************ # ROOTALLOWED used in /opt/local/sbin/clean_passwd # # It represents the list of accounts with a uid=0 that clean_passwd script will accept # without locking them. # Its value must be a nawk regexp, like for example: 'root|bobsu|jacksu' # Default = 'root' # # Note: even if root is not part of this list,root will never be locked by clean_passwd # ************************************ # ROOTALLOWED='root' # ************************************ # USERSDELETED used in /opt/local/sbin/clean_passwd # # It represents the list of accounts to be deleted. # Its value should be a list as 'uucp snmp' # 'root' is always excluded from this list by clean_passwd # Default = '' # # Note: 'root' is always excluded from this list by clean_passwd # ************************************ # USERSDELETED='' # ************************************ # ROOTNAME value set in /opt/local/sbin/clean_passwd # # It represents the Root description in passwd # # Default = "Root at `uname -n`" # ************************************ # ROOTNAME="Root at `uname -n`" # ************************************ # WVRPCBIND used in /etc/init.d/rpc # # Do we want to run Wietse Venema rpcbind # with host access control? # # Note: Will run *ONLY* if RPC was set to yes # and if /usr/sbin/WVrpcbind is executable # (WVrpcbind is part of WVtcpd package) # Default NO # ************************************ # WVRPCBIND=NO # ************************************ # RUNINETD used in /etc/init.d/inetsvc # # Do we want to run inetd? # # Default NO # ************************************ # RUNINETD=NO # ************************************ # SUNSTARTUP used in /etc/init.d/inetsvc # # Do we want to use the standard SUN startup inet[svc|init] # (which includes the use of DHCP, the modification at boot time # of /etc/inet/hosts, /etc/nsswitch.conf and /etc/resolv.conf, and # will eventualy start routed or rdist) # or do we want a simple startup script (NO DHCP, # no files modifications, nor routed/rdist) # # Default NO # ************************************ # SUNSTARTUP=NO # ************************************ # MULTICAST used in /etc/init.d/inetsvc # # Do we want to enable multicast? # # Default NO # ************************************ # MULTICAST=NO # ************************************ # NET_SECURITY used in /etc/init.d/nettune # # If set to NO, no security tuning will be done # BEWARE!!! # # Default YES # ************************************ # NET_SECURITY=YES # ************************************ # NOSHELL is used in clean_passwd # # If set to the path to an executable file # it will be use to replace the shell of the # user account we blocked, otherwise, it will use /dev/null # # Default /usr/sbin/noshell if it exist, /dev/null otherwise # ************************************ # NOSHELL="/usr/sbin/noshell" %EOF% rm -f /var/SECclean_tmp/YASSP.conf } ############################################################################ # And for the postremove ############################################################################ DE_RCconfized_Init() { if [ -f $1.Save_${PKGINST} -o -h $1.Save_${PKGINST} ] ; then DIRN=`dirname $1` FILEN=$1 SHFNAME=`basename ${FILEN}|tr "[:lower:]" "[:upper:]"| tr -cd "[:alpha:]` SHORTFILEN=`basename ${FILEN}` SFILEN=`echo $1 |sed -e 's/\//\?/g'` # SEDF=/var/SECclean_tmp/Modif.sed # ************************************ # Undo the sed # ************************************ rm -f ${SEDF} cat > ${SEDF} << %EOF% /^# ${PKGINST} START/,/^# ${PKGINST} END/ d %EOF% sed -f ${SEDF} ${FILEN}.Save_${PKGINST} > /var/SECclean_tmp/${SHORTFILEN} rm -f ${SEDF} cp /dev/null ${FILEN}.Save_${PKGINST} cat /var/SECclean_tmp/${SHORTFILEN} > ${FILEN}.Save_${PKGINST} rm -f /var/SECclean_tmp/${SHORTFILEN} mv ${FILEN}.Save_${PKGINST} ${FILEN} # ************************************ # Re-gesister the package # ************************************ PKOLD=`grep "^$1" $PKGSAV/.${PKGINST}_MOD` if [ "X$PKOLD" != "X" ] ; then LNAME=`echo $PKOLD|awk '{print $1}'` TYPEL=`echo $PKOLD|awk '{print $2}'` PKGLI=`echo $PKOLD | awk '{for ( i = 1; i <= NF; i++ ) { if ( index($i, ":") != 0) { printf ("%s ", $i) }} ; print $NF ":" $3 }'` for i in $PKGLI do CLASS=`echo $i|sed -e 's/^.*://'` PKGN=`echo $i|sed -e 's/:.*$//'` if [ $TYPEL = "l" -o $TYPEL = "s" ] ; then SOURCEF=`echo $LNAME| sed -e 's/^\/.*=//; s/ .*$//'` TARGETF=`echo $LNAME| sed -e 's/=.*//'` installf -c $CLASS $PKGN ${TARGETF}=${SOURCEF} $TYPEL 1>/dev/null 2>&1 else installf -c $CLASS $PKGN $LNAME $TYPEL 1>/dev/null 2>&1 fi if [ ! "`eval echo $\`echo $PKGN\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$PKGN=$PKGN" LPKG="$PKGN $LPKG" fi done fi fi } ############################################################################ # Special case for RPC ############################################################################ DE_RCconfized_rpc() { if [ -f $1.Save_${PKGINST} -o -h $1.Save_${PKGINST} ] ; then DIRN=`dirname $1` FILEN=$1 SHFNAME=`basename ${FILEN}|tr "[:lower:]" "[:upper:]"| tr -cd "[:alpha:]` SHORTFILEN=`basename ${FILEN}` SFILEN=`echo $1 |sed -e 's/\//\?/g'` # SEDF=/var/SECclean_tmp/Modif.sed # ************************************ # Undo the sed # ************************************ rm -f ${SEDF} cat > ${SEDF} << %EOF% /^# ${PKGINST} START/,/^# ${PKGINST} END/ d s/\${RPCBINDSUF}rpcbind/rpcbind/g s/keyserv -d/keyserv/ %EOF% sed -f ${SEDF} ${FILEN}.Save_${PKGINST} > /var/SECclean_tmp/${SHORTFILEN} rm -f ${SEDF} cp /dev/null ${FILEN}.Save_${PKGINST} cat /var/SECclean_tmp/${SHORTFILEN} > ${FILEN}.Save_${PKGINST} rm -f /var/SECclean_tmp/${SHORTFILEN} mv ${FILEN}.Save_${PKGINST} ${FILEN} # ************************************ # Re-gesister the package # ************************************ PKOLD=`grep "^$1" $PKGSAV/.${PKGINST}_MOD` if [ "X$PKOLD" != "X" ] ; then LNAME=`echo $PKOLD|awk '{print $1}'` TYPEL=`echo $PKOLD|awk '{print $2}'` PKGLI=`echo $PKOLD | awk '{for ( i = 1; i <= NF; i++ ) { if ( index($i, ":") != 0) { printf ("%s ", $i) }} ; print $NF ":" $3 }'` for i in $PKGLI do CLASS=`echo $i|sed -e 's/^.*://'` PKGN=`echo $i|sed -e 's/:.*$//'` if [ $TYPEL = "l" -o $TYPEL = "s" ] ; then SOURCEF=`echo $LNAME| sed -e 's/^\/.*=//; s/ .*$//'` TARGETF=`echo $LNAME| sed -e 's/=.*//'` installf -c $CLASS $PKGN ${TARGETF}=${SOURCEF} $TYPEL 1>/dev/null 2>&1 else installf -c $CLASS $PKGN $LNAME $TYPEL 1>/dev/null 2>&1 fi if [ ! "`eval echo $\`echo $PKGN\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$PKGN=$PKGN" LPKG="$PKGN $LPKG" fi done fi fi } # # For the special case of syslog startup script # DE_RCconfized_syslogd() { if [ -f $1.Save_${PKGINST} -o -h $1.Save_${PKGINST} ] ; then DIRN=`dirname $1` FILEN=$1 SHFNAME=`basename ${FILEN}|tr "[:lower:]" "[:upper:]"| tr -cd "[:alpha:]` SHORTFILEN=`basename ${FILEN}` SFILEN=`echo $1 |sed -e 's/\//\?/g'` # SEDF=/var/SECclean_tmp/Modif.sed # ************************************ # Undo the sed # ************************************ rm -f ${SEDF} cat > ${SEDF} << %EOF% /^# ${PKGINST} START/,/^# ${PKGINST} END/ d s/\/usr\/sbin\/syslogd \${SYSLOGFLAGS} >/\/usr\/sbin\/syslogd >/ %EOF% sed -f ${SEDF} ${FILEN}.Save_${PKGINST} > /var/SECclean_tmp/${SHORTFILEN} rm -f ${SEDF} cp /dev/null ${FILEN}.Save_${PKGINST} cat /var/SECclean_tmp/${SHORTFILEN} > ${FILEN}.Save_${PKGINST} rm -f /var/SECclean_tmp/${SHORTFILEN} mv ${FILEN}.Save_${PKGINST} ${FILEN} # ************************************ # Re-gesister the package # ************************************ PKOLD=`grep "^$1" $PKGSAV/.${PKGINST}_MOD` if [ "X$PKOLD" != "X" ] ; then LNAME=`echo $PKOLD|awk '{print $1}'` TYPEL=`echo $PKOLD|awk '{print $2}'` PKGLI=`echo $PKOLD | awk '{for ( i = 1; i <= NF; i++ ) { if ( index($i, ":") != 0) { printf ("%s ", $i) }} ; print $NF ":" $3 }'` for i in $PKGLI do CLASS=`echo $i|sed -e 's/^.*://'` PKGN=`echo $i|sed -e 's/:.*$//'` if [ $TYPEL = "l" -o $TYPEL = "s" ] ; then SOURCEF=`echo $LNAME| sed -e 's/^\/.*=//; s/ .*$//'` TARGETF=`echo $LNAME| sed -e 's/=.*//'` installf -c $CLASS $PKGN ${TARGETF}=${SOURCEF} $TYPEL 1>/dev/null 2>&1 else installf -c $CLASS $PKGN $LNAME $TYPEL 1>/dev/null 2>&1 fi if [ ! "`eval echo $\`echo $PKGN\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$PKGN=$PKGN" LPKG="$PKGN $LPKG" fi done fi fi } ############################################################################ # For the *normal* files: # move them to the save directory ############################################################################ Save_and_move_file() { if [ -f $1 -o -h $1 ] ; then PKGN=`pkgchk -l -p $1 | sed -e '1,/^Referenced by/d; /^Current status/,$d'` if [ "XX$PKGN" = "XX" ] ; then # echo "\n --- Save_and_move_file: One file is not owned by any PKG" # echo " --- $1" PKGN="NONE" CPKGN=1 fi if [ "$PKGN" != "NONE" ] ; then grep "^$1 " /var/sadm/install/contents >> $PKGSAV/.${PKGINST}_MOD for i in $PKGN do /usr/sbin/removef $i $1 1>/dev/null 2>&1 if [ ! "`eval echo $\`echo $i\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$i=$i" LPKG="$i $LPKG" fi done fi Backup_user_file $1 $PKGSAV fi } # **************************** # Now the postremove # **************************** ############################################################################ # Restore_RC() # for the /etc/rc?.d files. will be called for each files found under: # $PKGSAV/.SEC_RC_ # we must resotre the link, delete the Disable- file # and update the pkg DB ############################################################################ Restore_RC() { # The file is $PKGSAV/.${PKGINST}_DisableRC if [ -f $PKGSAV/.${PKGINST}_DisableRC ] ; then cat $PKGSAV/.${PKGINST}_DisableRC | ( while read PKOLD do if [ "X$PKOLD" != "X" ] ; then FILEC=`echo $PKOLD|awk '{print $1}'` TYPEL=`echo $PKOLD|awk '{print $2}'` SOURCEF=`echo $FILEC| sed -e 's/^\/.*=//; s/ .*$//'` TARGETF=`echo $FILEC| sed -e 's/=.*//'` DIRN=`dirname $TARGETF` PKGLI=`echo $PKOLD | awk '{for ( i = 1; i <= NF; i++ ) { if ( index($i, ":") != 0) { printf ("%s ", $i) }} ; print $NF ":" $3 }'` if [ $TYPEL != "l" -a $TYPEL != "s" ] ; then echo "*** Restore_RC: RC file not a link!!!" 1>&2 echo "*** $1 $PKGN $TYPEL" 1>&2 echo "*** Please report the error" 1>&2 echo "*** Aborting..." 1>&2 exit 3 fi rm -f $TARGETF if [ $TYPEL = "l" ] ; then (cd $DIRN ; ln $SOURCEF $TARGETF) else (cd $DIRN ; ln -s $SOURCEF $TARGETF) fi SOURCEF=`echo $SOURCEF|sed -e 's/\.\.\/\.\.\//\//' |sed -e 's/\.\.\//\/etc\//; s/^/\//'` # # We need now to update the package database # for i in $PKGLI do CLASS=`echo $i|sed -e 's/^.*://'` PKGN=`echo $i|sed -e 's/:.*$//'` installf -c $CLASS $PKGN ${TARGETF}=${SOURCEF} $TYPEL 1>/dev/null 2>&1 if [ ! "`eval echo $\`echo $PKGN\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$PKGN=$PKGN" LPKG="$PKGN $LPKG" fi done fi done; echo $LPKG ) > /tmp/.lo$$ LPKG=`cat /tmp/.lo$$` rm -f /tmp/.lo$$ rm $PKGSAV/.${PKGINST}_DisableRC fi } ############################################################################ # Restore_file # restore the original file. (The file is *not* supose to exist, as either # the install or the preremove have delete it.) # deal with the PKG info (Stored under $PKGSAV/.${PKGINST}_MOD ############################################################################ Restore_file() { if [ -f ${PKGSAV}/${1} -o -h ${PKGSAV}/${1} ] ; then rm -f ${BASEDIR}/$1 mv ${PKGSAV}/${1} ${BASEDIR}/$1 # # get the original class/type for the PKG if any # It was saved by portinstall # PKOLD=`grep "^$1" $PKGSAV/.${PKGINST}_MOD` if [ "X$PKOLD" != "X" ] ; then LNAME=`echo $PKOLD|awk '{print $1}'` TYPEL=`echo $PKOLD|awk '{print $2}'` PKGLI=`echo $PKOLD | awk '{for ( i = 1; i <= NF; i++ ) { if ( index($i, ":") != 0) { printf ("%s ", $i) }} ; print $NF ":" $3 }'` for i in $PKGLI do CLASS=`echo $i|sed -e 's/^.*://'` PKGN=`echo $i|sed -e 's/:.*$//'` if [ $TYPEL = "l" -o $TYPEL = "s" ] ; then SOURCEF=`echo $LNAME| sed -e 's/^\/.*=//; s/ .*$//'` TARGETF=`echo $LNAME| sed -e 's/=.*//'` installf -c $CLASS $PKGN ${TARGETF}=${SOURCEF} $TYPEL 1>/dev/null 2>&1 else installf -c $CLASS $PKGN $LNAME $TYPEL 1>/dev/null 2>&1 fi if [ ! "`eval echo $\`echo $PKGN\``" ] ; then # # The pkg has not been modify already # we will have to close it after # eval "$PKGN=$PKGN" LPKG="$PKGN $LPKG" fi done fi fi } ############################################################################ # pre remove stuff ############################################################################ Init_preremove() { BACKUPD="/var/tmp/${PKGINST}.Backup_$$" echo >> $PKGSAV/.PROC_Init_Var echo "BACKUPD=${BACKUPD}" >> $PKGSAV/.PROC_Init_Var echo >> $PKGSAV/.PROC_Init_Var rm -f $PKGSAV/.VAR_FNC if [ `ls $BACKUPD 1>/dev/null 2>&1` ] ; then echo "*** Backup_user_file: Backup dir already exist: cannot backup modified files!!!" echo "*** $BACKUPD" echo "*** Please remove/move $BACKUPD and try again" echo "*** Aborting..." exit 3 fi } Cmp_and_backup_file() { if [ -f $1 -o -h $1 ] ; then SFILEN=`echo $1 |sed -e 's/\//\?/g'` if [ ! -f ${PKGSAV}/.${PKGINST}_$SFILEN ] ; then echo "*** Backup_user_file: Save file do not exist!!!" echo "*** $1 ${PKGSAV}/.${PKGINST}_$SFILEN" echo "*** Please report the error" echo "*** Aborting..." exit 3 fi diff $1 ${PKGSAV}/.${PKGINST}_$SFILEN 1>/dev/null 2>&1 if [ $? = 1 ] ; then # the file was modified since its install Backup_user_file $1 $BACKUPD # We don't want the postremove script to check that again rm -f $1 fi fi } ########################################################## # $Log: cleanlib.sh,v $ # Revision 1.44 2000/11/19 09:00:21 chouanar # Copyright # # Revision 1.43 2000/11/17 00:21:57 chouanar # *** empty log message *** # # Revision 1.42 2000/11/16 22:19:45 chouanar # *** empty log message *** # # Revision 1.41 2000/11/16 21:12:03 chouanar # undo the keyserv modif in rpc startup at the de-install # # Revision 1.40 2000/11/16 20:15:28 chouanar # add the rpc function as the rpc init is no more handle by a sed class # # Revision 1.39 2000/11/11 01:58:38 chouanar # *** empty log message *** # # Revision 1.38 2000/11/11 01:53:51 chouanar # *** empty log message *** # # Revision 1.37 2000/11/10 21:54:21 chouanar # *** empty log message *** # # Revision 1.36 2000/11/10 19:57:37 chouanar # syslog startup script again # # Revision 1.35 2000/11/10 00:39:08 chouanar # SYSLOGFLAGS -> SYSLOGFLAGS # # Revision 1.34 2000/11/09 23:29:06 chouanar # corrected for syslogd flags in yassp.conf # # Revision 1.33 2000/11/08 00:10:35 chouanar # From Solaris 8, syslogd can be start without listening to the network # with the '-t' option # # Add RCconfized_syslogd() to handle that # # Revision 1.32 2000/07/07 23:23:37 chouanar # corrected the bug reported by Paolo Pugliese for replaced files: # the type of the file was always 'f' (file) # We must save the pkg info associated with the file ${PKGINST}_file and use it when we do # the installf of the file. # # Revision 1.31 2000/07/05 21:17:50 chouanar # tyopo in WVrpcbin -> WVrpcbind # # Revision 1.30 2000/07/04 22:53:14 chouanar # typo # reported by Sweth Chandramouli # # Revision 1.29 2000/07/04 22:50:36 chouanar # typo # reported by Sweth Chandramouli # # Revision 1.28 2000/06/26 04:47:52 chouanar # files were not all removed after use under /var/SECclean_tmp # # Revision 1.27 2000/06/25 22:41:01 chouanar # typo # # Revision 1.26 2000/06/20 23:00:15 chouanar # noshel => noshell # # Revision 1.25 2000/06/20 22:32:04 chouanar # Add USERDELETED and ROOTALLOWED in the yassp.conf default file. # Change USERSDENIED to be a list and not a regexp for nawk. # # Revision 1.24 2000/05/31 18:09:25 chouanar # *** empty log message *** # # Revision 1.23 2000/05/31 16:56:28 chouanar # *** empty log message *** # # Revision 1.22 2000/05/31 14:44:03 chouanar # must save backupd for the postremove # # Revision 1.21 2000/05/31 06:47:09 chouanar # BACKUPD was reset incorrectly. # # Revision 1.20 2000/05/30 21:26:51 chouanar # *** empty log message *** # # Revision 1.19 2000/05/25 17:05:15 chouanar # rc.conf -> yassp.conf # # Revision 1.18 2000/05/22 15:37:41 chouanar # be more silent for file not owned by any PKG # # It only confuse people # # Revision 1.17 2000/05/22 15:25:57 chouanar # add NOSHELL # # Revision 1.16 2000/05/21 21:01:26 chouanar # merge rc.conf and yassp.conf # add ROOTNAME support in rc.conf # # Revision 1.15 2000/03/16 16:54:17 chouanar # error in save_and_move file # # Revision 1.14 2000/03/16 03:57:16 chouanar # nscd script start with a : # start) # in the case instead of the # 'start') # # Revision 1.13 2000/03/16 01:56:13 chouanar # document it better # # Revision 1.12 2000/03/16 00:32:57 chouanar # Correct the dependency append at the end of the rc.conf. # # Revision 1.11 2000/03/16 00:31:46 chouanar # *** empty log message *** # # Revision 1.10 2000/03/08 18:20:54 chouanar # corrected the way to restore Startup file modified by RCconfized. # # Revision 1.9 2000/03/08 04:20:49 chouanar # change the 'exit' to 'exit 0' in RCconfized # # Revision 1.8 2000/03/08 01:29:40 chouanar # corrected startrpc regexp # # Revision 1.7 2000/03/08 01:25:54 chouanar # typo on the RCconfized again # # Revision 1.6 2000/03/08 01:12:17 chouanar # repare the RCCONF # # Revision 1.5 2000/03/08 00:29:23 chouanar # correct the sed in for RCconfized_Init so it will work also for rpc which accept also rpcstart as first argument. # # Revision 1.4 2000/03/08 00:16:33 chouanar # typo again (them -> then) # # Revision 1.3 2000/03/08 00:03:55 chouanar # corrected some typo # # Revision 1.2 2000/03/07 00:21:00 chouanar # add the routine to manage the startup files through rc.conf # # Revision 1.1 2000/03/06 06:33:12 chouanar # Initial revision # # # Based on PARCpkgu: Revision 3.17 1999/08/11 23:16:54 chouanar # #########################################################