File: check_nisplus

package info (click to toggle)
tiger 2.2.4-22
  • links: PTS
  • area: main
  • in suites: woody
  • size: 2,188 kB
  • ctags: 240
  • sloc: sh: 8,388; ansic: 2,109; makefile: 141; perl: 106
file content (142 lines) | stat: -rwxr-xr-x 3,166 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_xxxx - MM/DD/YY
#
#-----------------------------------------------------------------------------
#
TigerInstallDir='.'

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds AWK CAT FMT GEN_PASSWD_SETS JOIN LS RM || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------

getaccessmsg()
{
  r="$1"
  m="$2"
  c="$3"
  d="$4"

  sep=""
  txt=""
  [ $r -eq 1 ] && {
    txt="read"
    sep=", "
  }
  [ $m -eq 1 ] && {
    txt="$txt${sep}modify"
    sep=", "
    [ "$r$m$c" = '110' ] && sep=", and"
  }
  [ $c -eq 1 ] && {
    txt="$txt${sep}create"
    sep=", and "
  }
  [ $d -eq 1 ] && {
    txt="$txt${sep}delete"
  }
  echo "$txt"
}

ownread="0000100000000000"


/usr/bin/nisdefaults -s |
while read domain
do
  /usr/bin/niscat -o "[],passwd.org_dir.$domain" |
  $AWK '
  /^Owner[ 	]*:/ {
    split($0, data, ":");
    split(data[2], ownerd, ".");
    owner=substr(ownerd[1], 2);
  }
  /^Access Rights[ 	]*:/ {
    split($0, data, ":");
    printf("%s ", owner);
    for(i=2;i<=17;i++)
      if(substr(data[2], i, 1) == "-")
        printf("0 ");
      else
	printf("1 ");
    needuser=1
  }
  /[ 	][ 	]*/ && needuser == 1 {
    start=index($0, "'"'"'");
    if(start != 0){
      temp=substr($0, start+1);
      len=length(temp)-1;
      user=substr(temp, 1, len);
      print user;
      needuser=0
    }
  }
  ' |
  while read owner nr nm nc nd or om oc od gr gm gc gd wr wm wc wd user
  do
    [ "$nr$nm$nc$nd$or$om$oc$od$gr$gm$gc$gd$wr$wm$wc$wd" != "$ownread" ] && {
      nobody_access="`getaccessmsg $nr $nm $nc $nd`"
      owner_access="`getaccessmsg 0 $om $oc $od`"
      group_access="`getaccessmsg $gr $gm $gc $gd`"
      world_access="`getaccessmsg $wr $wm $wc $wd`"

      [ -n "$nobody_access" ] && {
	message WARN nisplus001 "" "NIS+ passwd entry for $user has $nobody_access for \`nobody'."
      }
      [ -n "$owner_access" ] && {
	message WARN nisplus002 "" "NIS+ passwd entry for $user has owner $owner_access."
      }
      [ -n "$group_access" ] && {
	message WARN nisplus003 "" "NIS+ passwd entry for $user has group $group_access."
      }
      [ -n "$world_access" ] && {
	message WARN nisplus004 "" "NIS+ passwd entry for $user has world $world_access."
      }
    }
  done
done