#!/bin/bash # $Id: getsacls.sh 409 2009-07-09 14:30:01Z patpro $ # # BSD LICENCE: # # Copyright (c) 2009, Patrick Proniewski # All rights reserved. # Redistribution and use in source and binary forms, with or without modification, # are permitted provided that the following conditions are met: # Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # Neither the name of the Patrick Proniewski nor the names of its contributors # may be used to endorse or promote products derived from this software without # specific prior written permission. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON # ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # traps ^C / exit, and cleanup the mess. trap '[ "${FANCY:-YES}" == "YES" ] && echo "cleanning up" ; if [ -n "$(/bin/ps p $BBPID | grep $0 | head -1)" ]; then kill $BBPID; fi ; rm -f "${MY_ROOT}/${MY_GETSACLSDB}"* ; exit' TERM INT EXIT ################################################################################ # FEW USER TUNABLE MISCS. OUTOFOD="_OUT_OF_OD" # string appended to the login when generating # the GUID field of users out of open directory # (for users in corporate LDAP for example) USERUNKNOWN="USER_UNKNOWN" # A user listed in GroupMembership but living in # a remote LDAP can disappear from this LDAP without # GroupMembership beeing updated. It causes a # DS Error: -14136 (eDSRecordNotFound) error DSCLERROR="ERROR" # BBPID=0 # bogus default for beachball PID, just in case. BOLD=`echo -en "\033[1m"` # ENDBOLD=`echo -en "\033[0m"` # MY_ROOT="/tmp" # working directory MY_GETSACLSDB="getsacls.db." # SACLs sqlite DB prefix MY_SQLITE="/usr/bin/sqlite3" # path to sqlite binary #FANCY="NO" # if FANCY then use beachball and output formating # uncomment to force value OR define at runtime: # `FANCY=NO ./gestsacls.sh` # FANCY output (default) is designed to be more human readable # not FANCY output is designed to be more machine readable ################################################################################ # FANCY OR NOT if [ "${FANCY:-YES}" == "YES" ] ; then # enable beachball beachball="YES" # cascading style shit (hu-ho) # formating the final users&groups output css() { while read type level name location guid; do tab=" " tab=$(jot -s "" -b " " $level) if [ "$type" == "g" ] ; then name=${BOLD}${name}${ENDBOLD} fi echo "$tab $name"$'\t'"$location"$'\t'"$guid" done } else # not fancy: no css formating, no bold, no beachball # disable beachball and bold beachball="NO" BOLD="" # disabled ENDBOLD="" # disabled # "blank" formating css() { while read type level name location guid; do echo "$type $level $name $location $guid" done } fi ################################################################################ # SOME INIT MOJO AND FUNCTION DEFINITIONS # create & move to MY_ROOT sandbox or die [ -d $MY_ROOT ] || mkdir -p "${MY_ROOT}" cd "${MY_ROOT}" || exit 1 # some cleanup before running, just in case. rm -f "${MY_GETSACLSDB}"* # function to create DB createdb() { ${MY_SQLITE} "${MY_GETSACLSDB}${sacl}" <