#!/bin/sh set -e . /usr/share/debconf/confmodule db_capb backup # First try to recover as many of the debconf settings from the actual # configuration files. The configuration files have a particular syntax # that can only be understood by the lex/yacc combination in glexec and LCMAPS, # so this shell script parsing is a kind of best-effort fuzzy matching. # This hairy sed regexp substitutes all non-comment lines of the form 'var = value' by # 'GLEXEC_var=value' so we can simply eval this GLEXECCONF=/etc/glexec.conf LCMAPSDB=/etc/lcmaps/lcmaps-glexec.db if [ -r $GLEXECCONF ]; then GLEXEC_log_destination=@unset@ GLEXEC_log_file=@unset@ GLEXEC_lcmaps_log_file=@unset@ GLEXEC_log_level=@unset@ GLEXEC_user_white_list=@unset@ tmpconf=`mktemp glexecconf.XXXXXXXXXX` # deal with continuation lines and comments # here is the program with comments: # : start # label # s/[#;].*$// # '#' and ';' are comment chars # /\\[ \t]*$/ { # a backslash is a continuation character # s/\\[ \t]*$// # remove it and any trailing whitespace # N # join with the next line (inserts a newline) # s/\n[ \t]*//g # remove the inserted newline and leading whitespace # t start # reiterate from the top # } sed ': start s/[#;].*$// /\\[ \t]*$/ { s/\\[ \t]*$// N s/\n[ \t]*//g t start }' $GLEXECCONF > $tmpconf # grep each configurable key from the normalized file find_glexec_conf_key() { val=`sed -n "s/^[ \t]*${1}[ \t]*=[ \t]*\(.*\)/:\1/p" ${2}` if [ ! -z "$val" ]; then db_set $3 `echo "$val" | cut -b2-` fi } find_glexec_conf_key log_destination $tmpconf glexec/logging/destination find_glexec_conf_key log_file $tmpconf glexec/logging/logfile find_glexec_conf_key lcmaps_log_file $tmpconf glexec/logging/lcmapslogfile find_glexec_conf_key log_level $tmpconf glexec/logging/level find_glexec_conf_key user_white_list $tmpconf glexec/whitelist rm -f $tmpconf fi if [ -r $LCMAPSDB ]; then # The parsing of the lcmaps.db is much harder, but if people stick to the examples # this should work # Discovering the framework. Choices are 'local', 'SCAS', and 'ARGUS' which are # reflected by the plug-in referenced in the policy rules. Assumptions: # - the policy is named glexec_get_account # - the plug-in names are identical to those in the examples # - the policy isn't a mix frameworks. The script prints only one of ARGUS, SCAS and local, # in order of preference LCMAPS_FRAMEWORK=`sed ' 1,/^glexec_get_account:/ D /^[ \t]*[^#].*->[ \t]*pepc/ { s/.*/ARGUS/p q } /^[ \t]*[^#].*->[ \t]*scasclient/ { s/.*/SCAS/p q } /^[ \t]*[^#].*->[ \t]*localaccount/ { s/.*/Local/p q }' $LCMAPSDB` # argus endpoint(s), search for --pep-daemon-endpoint-url ARGUSENDPOINTS=`sed -n 's/^[ \t]*[^#].*-pep-daemon-endpoint-url.[ \t]*\([^"]*\).*/\1/p' $LCMAPSDB` # actionid, see -actionid ACTIONID=`sed -n 's/^[ \t]*[^#].*-actionid.[ \t]*\([^"]*\).*/\1/p' $LCMAPSDB` # resourceid, see -resourceid RESOURCEID=`sed -n 's/^[ \t]*[^#].*-resourceid.[ \t]*\([^"]*\).*/\1/p' $LCMAPSDB` # SCAS endpoints, search for --endpoint SCASENDPOINT=`sed -n 's/^[ \t]*[^#].*--endpoint.[ \t]*\([^"]*\).*/\1/p' $LCMAPSDB` # Preserve the settings from the configuration file case "$LCMAPS_FRAMEWORK" in Local|ARGUS|SCAS) db_set glexec/framework $LCMAPS_FRAMEWORK ;; esac if [ ! -z "$ARGUSENDPOINT" ]; then db_set glexec/argus/endpoints "$ARGUSENDPOINTS" fi if [ ! -z "$ACTIONID" ]; then db_set glexec/argus/actionid "$ACTIONID" fi if [ ! -z "$RESOURCEID" ]; then db_set glexec/argus/resourceid "$RESOURCEID" fi if [ ! -z "$SCASENDPOINTS" ]; then db_set glexec/scas/endpoints "$SCASENDPOINTS" fi fi STATE=1 while true; do case "$STATE" in 1) # Ask whether we are logging to syslog or to file db_input low glexec/logging/destination || true ;; 2) db_input medium glexec/logging/level || true ;; 3) db_input medium glexec/whitelist || true ;; 4) db_input medium glexec/framework || true ;; 5) # The log file, only ask if logging to file db_get glexec/logging/destination if [ "$RET" = "file" ]; then # if logfile question is unseen, reset it to the default db_fget glexec/logging/logfile seen if [ "$RET" = "false" ]; then db_reset glexec/logging/logfile fi db_fget glexec/logging/lcmapslogfile seen if [ "$RET" = "false" ]; then db_reset glexec/logging/lcmapslogfile fi db_beginblock db_input medium glexec/logging/logfile || true db_input medium glexec/logging/lcmapslogfile || true db_endblock fi ;; 6) db_get glexec/framework || true case "$RET" in ARGUS) db_fget glexec/argus/actionid seen if [ "$RET" = "false" ]; then db_reset glexec/argus/actionid fi db_fget glexec/argus/resourceid seen if [ "$RET" = "false" ]; then db_reset glexec/argus/resourceid fi db_beginblock db_input high glexec/argus/endpoints || true db_input low glexec/argus/actionid || true db_input low glexec/argus/resourceid || true db_endblock ;; SCAS) db_input high glexec/scas/endpoints || true ;; Local) # no more questions ;; esac ;; *) # The default case catches when $STATE is greater than the # last implemented state, and breaks out of the loop. This # requires that states be numbered consecutively from 1 # with no gaps, as the default case will also be entered # if there is a break in the numbering break # exits the enclosing "while" loop ;; esac if db_go; then STATE=$(($STATE + 1)) else STATE=$(($STATE - 1)) if [ $STATE -eq 0 ]; then # The user has asked to back up from the first # question. This case is problematic. Regular # dpkg and apt package installation isn't capable # of backing up questions between packages as this # is written, so this will exit leaving the package # unconfigured - probably the best way to handle # the situation. exit 10 fi fi done db_stop