xref: /illumos-gate/usr/src/cmd/ypcmd/yp.sh (revision 4eaa471005973e11a6110b69fe990530b3b95a38)
1#!/bin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26
27. /lib/svc/share/smf_include.sh
28. /lib/svc/share/ipf_include.sh
29
30YPDIR=/usr/lib/netsvc/yp
31
32create_client_ipf_rules()
33{
34	FMRI=$1
35	file=`fmri_to_file $FMRI $IPF_SUFFIX`
36	iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
37	domain=`domainname`
38
39	if [ -z "$domain" ]; then
40		return 0
41	fi
42
43	if [ ! -d /var/yp/binding/$domain ]; then
44		return
45	fi
46	echo "# $FMRI" >$file
47
48	ypfile="/var/yp/binding/$domain/ypservers"
49	if [ -f $ypfile ]; then
50		tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
51		uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
52
53		server_addrs=""
54		for ypsvr in `grep -v '^[ ]*#' $ypfile`; do
55			#
56			# Get corresponding IPv4 address in /etc/hosts
57			#
58			servers=`grep -v '^[ ]*#' /etc/hosts | awk ' {
59			    if ($1 !~/:/) {
60				for (i=2; i<=NF; i++) {
61				    if (s == $i) printf("%s ", $1);
62				} }
63			    }' s="$ypsvr"`
64
65			[ -z "$servers"  ] && continue
66			server_addrs="$server_addrs $servers"
67		done
68
69		[ -z "$server_addrs"  ] && return 0
70		for s in $server_addrs; do
71			if [ -n "$tports" ]; then
72				for tport in $tports; do
73					echo "pass in log quick proto tcp" \
74					    "from $s to any port = $tport" >>$file
75				done
76			fi
77
78			if [ -n "$uports" ]; then
79				for uport in $uports; do
80					echo "pass in log quick proto udp" \
81					    "from $s to any port = $uport" >>$file
82				done
83			fi
84		done
85	else
86		#
87		# How do we handle the client broadcast case? Server replies
88		# to the outgoing port that sent the broadcast, but there's
89		# no way the client know a packet is the reply.
90		#
91		# Nis server should be specified and clients shouldn't be
92		# doing broadcasts but if it does, no choice but to allow
93		# all traffic.
94		#
95		echo "pass in log quick proto udp from any to any" \
96		    "port > 32768" >>$file
97	fi
98}
99
100#
101# Ipfilter method
102#
103if [ -n "$1" -a "$1" = "ipfilter" ]; then
104	create_client_ipf_rules $2
105	exit $SMF_EXIT_OK
106fi
107
108case $SMF_FMRI in
109	'svc:/network/nis/client:default')
110		domain=`domainname`
111
112		if [ -z "$domain" ]; then
113			echo "$0: domainname not set"
114			exit $SMF_EXIT_ERR_CONFIG
115		fi
116
117		if [ ! -d /var/yp/binding/$domain ]; then
118			echo "$0: /var/yp/binding/$domain is not a directory"
119			exit $SMF_EXIT_ERR_CONFIG
120		fi
121
122		# Since two ypbinds will cause ypwhich to hang...
123		if pgrep -z `/sbin/zonename` ypbind >/dev/null; then
124			echo "$0: ypbind is already running."
125			exit $SMF_EXIT_ERR_CONFIG
126		fi
127
128		if [ -f /var/yp/binding/$domain/ypservers ]; then
129			$YPDIR/ypbind > /dev/null 2>&1
130		else
131			$YPDIR/ypbind -broadcast > /dev/null 2>&1
132		fi
133
134		rc=$?
135		if [ $rc != 0 ]; then
136			echo "$0: ypbind failed with $rc"
137			exit 1
138		fi
139		;;
140
141	'svc:/network/nis/server:default')
142		domain=`domainname`
143
144		if [ -z "$domain" ]; then
145			echo "$0: domainname not set"
146			exit $SMF_EXIT_ERR_CONFIG
147		fi
148
149		if [ ! -d /var/yp/$domain ]; then
150			echo "$0: domain directory missing"
151			exit $SMF_EXIT_ERR_CONFIG
152		fi
153
154		if [ -f /etc/resolv.conf ]; then
155			$YPDIR/ypserv -d
156		else
157			$YPDIR/ypserv
158		fi
159
160		rc=$?
161		if [ $rc != 0 ]; then
162			echo "$0: ypserv failed with $rc"
163			exit 1
164		fi
165		;;
166
167	'svc:/network/nis/passwd:default')
168		PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \
169		    && PWDIR=`expr "$PWDIR" : '.*=[ 	]*\([^ 	]*\)'`
170		if [ "$PWDIR" ]; then
171			if [ "$PWDIR" = "/etc" ]; then
172				unset PWDIR
173			else
174				PWDIR="-D $PWDIR"
175			fi
176		fi
177		$YPDIR/rpc.yppasswdd $PWDIR -m
178
179		rc=$?
180		if [ $rc != 0 ]; then
181			echo "$0: rpc.yppasswdd failed with $rc"
182			exit 1
183		fi
184		;;
185
186	*)
187		echo "$0: Unknown service \"$SMF_FMRI\"."
188		exit $SMF_EXIT_ERR_CONFIG
189		;;
190esac
191exit $SMF_EXIT_OK
192