#!/bin/sh
#
# Backup RSBAC attributes
#
# This script generates a backup of most RSBAC settings on stdout.
#
# Current exceptions: PM data structures, ADF log levels
#
# Please make sure you have READ right in all Directories and
# READ_ATTRIBUTES for all objects,
# e.g. use setuid 0, RC force_role 'Role Admin', etc.,
# or set min_caps to DAC_READ_SEARCH for non-root user with READ_ATTRIBUTE etc.
# or ( set softmode | switch off all modules | start Maintenance kernel ) and run as root
#

if test "$1" == "-p"
then PRINTALL="-p"
fi

echo "#!/bin/sh"
echo "#"
echo "# RSBAC Backup of all attributes"
echo "#"
echo "# `date`"
echo "#"

# Log Levels
switch_adf_log -b

# Network Templates
echo ""
net_temp -a -b

# MAC
echo ""
mac_back_trusted -r /

# PM
# Sorry, no backup yet. Copy /rsbac/backup/pm* to backup
# dir. To restore boot non-RSBAC kernel and copy back.

# AUTH
echo ""
auth_back_cap -r /

# RC
echo ""
rc_get_item $PRINTALL backup

# ACL
echo ""
acl_tlist -br $PRINTALL FD :DEFAULT: /
acl_tlist -b $PRINTALL DEV :DEFAULT:
acl_tlist -Db $PRINTALL
acl_tlist -br $PRINTALL IPC :DEFAULT:
acl_tlist -br $PRINTALL SCD :DEFAULT: `acl_tlist -n`
acl_tlist -ab $PRINTALL
acl_tlist -br $PRINTALL PROCESS :DEFAULT:
acl_tlist -br $PRINTALL NETDEV :DEFAULT:
ALLTEMP=`net_temp list_temp_nr`
acl_tlist -br $PRINTALL NETTEMP_NT :DEFAULT: $ALLTEMP
acl_tlist -br $PRINTALL NETTEMP $ALLTEMP
acl_tlist -br $PRINTALL NETOBJ :DEFAULT:
acl_mask -br $PRINTALL FD /
acl_mask -Db $PRINTALL
acl_mask -ab $PRINTALL
acl_mask -b $PRINTALL SCD `acl_tlist -n`

# User management
rsbac_groupshow -b -p -a
rsbac_usershow -b -p -a

# RES default user settings
attr_get_user RES 4294967292 res_min |
while read name value
do
  if test "$value" != "0"
  then
    echo attr_set_user RES $user res_min $name $value
  fi
done
attr_get_user RES 4294967292 res_max |
while read name value
do
  if test "$value" != "0"
  then
    echo attr_set_user RES $user res_max $name $value
  fi
done

# General attributes (last because of RC types at restore time - if RC is active)
echo ""
attr_back_fd -r -m /
attr_back_dev -b
attr_back_user -a
attr_back_net -a NETDEV
attr_back_net -a NETTEMP

echo "#"
echo "# RSBAC Backup finished at `date`"
