[jds-review] Fix for #263 Adding profiles via Users & Groups tab cause password to be required

Sun, 09 Mar 2008 11:17:45 +1300 

Jim,

This doesn't sound like the right fix to me, more like a quick
workaround.

I think system tools should know the right order of profiles
and/or allow the admin to change the order in the GUI.

Laca

On Thu, 2008-03-06 at 21:33 +0800, Jim Li wrote:
> All,
> 
> When adding some profiles for a user, Users & Groups also add system 
> default profiles to user's profile list in alphabetic order which cause 
> that "Basic Solaris User" and "All" profile are before other profiles, 
> for instance, "Primary Administrator", in which pfexec doesn't work in 
> right way.
> 
> So just remove system default profile from user's profile list.
> 
> Thanks
> 
> Jim
> plain text document attachment (buffix263)
> --- system-tools-backends-1.4.2.pre-fix/users-conf.in Thu Mar  6 18:41:21 2008
> +++ system-tools-backends-1.4.2/users-conf.in Thu Mar  6 18:45:07 2008
> @@ -248,6 +248,27 @@
>    $$hash{"rbacdb"} = \%rbac;
>  }
>  
> +sub read_rbac_default_profiles
> +{
> +  return unless ( $gst_dist =~ /^solaris/ );
> +
> +  my ($buffer, $line, $dummy, @def_prof, $def_prof_ref);
> +  $buffer = &gst_file_buffer_load("/etc/security/policy.conf");
> +  foreach $line ( @$buffer ) {
> +    chomp $line;
> +    if ( $line =~ /^PROFS_GRANTED=/ )
> +      {
> +        ($dummy, $def_line) = split(/=/, $line, 2);
> +        @def_prof = split (/,/, $def_line);
> +        foreach ( @def_prof ) {
> +          $def_prof_ref->{$_} = 1;
> +        }
> +        return $def_prof_ref;
> +      }
> +    next;
> +  }
> +}
> +
>  sub get_login_defs_prop_array
>  {
>    my @prop_array;
> @@ -1123,7 +1144,9 @@
>        push( @profiles, @$new_user_profiles );
>        if ( $#profiles >= 0 ) {
>          my $profiles_str = "";
> +        my $def_profiles = read_rbac_default_profiles();
>          foreach ( @profiles ) {
> +          next if ( exists ($def_profiles->{$_}) );
>            $profiles_str .= ',' unless ( $profiles_str eq "" );
>            $profiles_str .= $_;
>          }
> @@ -1224,7 +1247,9 @@
>        }
>        if ( $#profiles >= 0 ) {
>          my $profiles_str = "";
> +        my $def_profiles = read_rbac_default_profiles();
>          foreach ( @profiles ) {
> +          next if ( exists ($def_profiles->{$_}) );
>            $profiles_str .= ',' unless ( $profiles_str eq "" );
>            $profiles_str .= $_;
>          }

Reply via email to