home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The World of Computer Software
/
World_Of_Computer_Software-02-385-Vol-1of3.iso
/
c
/
cops_104.zip
/
cops_104
/
docs
/
readme.C2
/
group.file.chk
< prev
next >
Wrap
Text File
|
1992-03-10
|
6KB
|
201 lines
#!/bin/sh
#
# group.file.chk
#
# Awk part based on _passwd_ from _The AWK Programming Language_, page 78
#
# Mechanism: Group.check uses awk to ensure that each line of the group
# has 4 fields, as well as examining each line for any duplicate groups or
# any duplicate user id's in a given group by using "sort -u" to ferret
# out any duplications. It also checks to make sure that the password
# field (the second one) is a "*", meaning the group has no password (a
# group password is usually not necessary because each member listed on
# the line has all the privilages that the group has.) All results are
# echoed to standard output. Finally it ensures that the group names
# are alphanumeric, that the group id's are numeric, and that there are
# no blank lines. For yellow pages groups, it does the same checking,
# but in order to get a listing of all members of the groups, it does a
# "ypcat group > ./$$" and uses that temporary file for a groupfile.
# It removes the tmp file after using it, of course.
# The /etc/group file has a very specific format, making the task
# fairly simple. Normally it has lines with 4 fields, each field
# separated by a colon (:). The first field is the group name, the second
# field is the encrypted password (an asterix (*) means the group has no
# password, otherwise the first two characters are the salt), the third
# field is the group id number, and the fourth field is a list of user
# ids in the group. If a line begins with a plus sign (+), it is a yellow
# pages entry. See group(5) for more information.
# The SUN /etc/security/group.adjunct file also has a very specific
# format, makeing the check task simple. Each entry has 2 fields separated
# by a colon (:). THe first field is the user name which matches the user
# name contained in the /etc/group file. The second field is the encrypted
# password (an asterix (*) means the group has no password, otherwise the
# first two characters are the salt). The password contained in the
# /etc/group file is comprised of the #$user_id where the user_id matches
# the entry of the first field in both group files.
#
#
# Parameters
#
group_file=$1
group_adjunct_file=$2
SUN_SECURITY=$3
#
# Utilities
#
AWK=/bin/awk
DIFF=/usr/bin/diff
ECHO=/bin/echo
JOIN=/usr/bin/join
RM=/bin/rm
SORT=/usr/bin/sort
TEST=/bin/test
UNIQ=/usr/bin/uniq
#
# Important files:
#
join_group_1=./grp$$.1.join
join_group_2=./grp$$.2.join
sort_group=./grp$$.sort
sort_secure_group=./sgrp$$.sort
#
# Testing the group file for problems
#
result=`$AWK -F: '{print $1}' $group_file | $SORT |$UNIQ -d`
if $TEST "$result"
then
$ECHO "Warning! Duplicate gid(s) found in group file:"
for USER in $result
do
$ECHO " $USER"
done
fi
#
# First line is for a yellow pages entry in the group file.
# It really should check for correct yellow pages syntax....
#
$AWK 'BEGIN {FS = ":" } {
if (substr($1,1,1) != "+") { \
if ($0 ~ /^[ ]*$/) { printf("Warning! Group file, line %d, is blank\n", NR) } else {
if (NF != 4) { printf("Warning! Group file, line %d, does not have 4 fields: \n\t%s\n", NR, $0) } \
if ($1 !~ /[A-Za-z0-9]/) {
printf("Warning! Group file, line %d, nonalphanumeric user id: \n\t%s\n", NR, $0) } \
if ($2 != "" && $2 != "*") {
if ("'$SUN_SECURITY'" != "TRUE")
printf("Warning! Group file, line %d, has password: \n\t%s\n", NR, $0)
else {
if ("#$"$1 != $2)
printf("Warning! Group file, line %d, invalid password field for SUN C2 Security: \n\t%s\n", NR, $0) } \
} \
if ($3 !~ /[0-9]/) {
printf("Warning! Group file, line %d, nonnumeric group id: \n\t%s\n", NR, $0) \
}}}} ' $group_file
#
# Ignore all groups with less than two members.
#
awk -F: '
split($4, users, ",") > 1 {
ct = 0
for (i in users) {
curuser = users[i]
for (j in users) {
if (j > i && curuser == users[j]) {
if (ct++ == 0) print "Warning! Group "$1" has duplicate user(s):"
print curuser
}
}
}
}
' $group_file
#
# Perform checks on the security enhanced version of SUNOS
#
if $TEST $SUN_SECURITY = "TRUE"
then
result=`$AWK -F: '{print $1}' $group_adjunct_file | $SORT -t: | $UNIQ -d`
if $TEST "$result"
then
$ECHO
$ECHO "Warning! Duplicate uid(s) found in group adjunct file:"
for USER in $result
do
$ECHO " $USER"
done
fi
#
# Check that for each entry in the group file that there is a matching
# entry in the group.adjunct file.
#
$SORT -t: -o $sort_group $group_file
$SORT -t: -o $sort_secure_group $group_adjunct_file
$JOIN -t: $sort_group $sort_secure_group > $join_group_1
$JOIN -t: -a1 $sort_group $sort_secure_group > $join_group_2
result=`$DIFF $join_group_1 $join_group_2`
if $TEST "$result"
then
$ECHO
$ECHO "Warning! Matching record(s) in group adjunct file not found for"
$ECHO "these records in group file:"
PREV=$$
for USER in $result
do
if $TEST $PREV = ">"
then
$ECHO " $USER"
fi
PREV=$USER
done
fi
#
# Check that for each entry in the group.adjunct file that there is a
# matching entry in the group file.
#
$RM -f $join_group_2
$JOIN -t: -a2 $sort_group $sort_secure_group > $join_group_2
result=`$DIFF $join_group_1 $join_group_2`
if $TEST "$result"
then
$ECHO
$ECHO "Warning! Matching record(s) in group file not found for"
$ECHO "these records in group adjunct file"
PREV=$$
for USER in $result
do
if $TEST $PREV = ">"
then
$ECHO " $USER"
fi
PREV=$USER
done
fi
#
# Test the fields in the group.adjunct file for validity
#
$AWK 'BEGIN {FS = ":" } \
{if (substr($1,1,1) != "+") { \
if ($0 ~ /^[ ]*$/) { printf("\nWarning! Group adjunct file, line %d, is blank\n", NR) } else {
if (NF != 2) {
printf("\nWarning! Group adjunct file, line %d, does not have 2 fields: \n\t%s\n", NR, $0) } \
if ($1 !~ /[A-Za-z0-9]/) {
printf("\nWarning! Group adjunct file, line %d, nonalphanumeric login: \n\t%s\n", NR, $0) } \
if ($2 != "" && $2 != "*") {
printf("\nWarning! Group adjunct file, line %d, has password: \n\t%s\n", NR, $0) } \
}}}' $group_adjunct_file
fi
#
# Clean up after ourself
#
$RM -f $join_group_1
$RM -f $join_group_2
$RM -f $sort_group
$RM -f $sort_secure_group
# end