xref: /illumos-gate/usr/src/cmd/ypcmd/yp.sh (revision 598f4ceed9327d2d6c2325dd67cae3aa06f7fea6)
1#!/bin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26. /lib/svc/share/smf_include.sh
27. /lib/svc/share/ipf_include.sh
28
29YPDIR=/usr/lib/netsvc/yp
30
31create_client_ipf_rules()
32{
33	FMRI=$1
34	file=`fmri_to_file $FMRI $IPF_SUFFIX`
35	iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
36	domain=`domainname`
37
38	if [ -z "$domain" ]; then
39		return 0
40	fi
41
42	if [ ! -d /var/yp/binding/$domain ]; then
43		return
44	fi
45	echo "# $FMRI" >$file
46
47	ypfile="/var/yp/binding/$domain/ypservers"
48	if [ -f $ypfile ]; then
49		tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
50		uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
51
52		server_addrs=""
53		for ypsvr in `grep -v '^[ ]*#' $ypfile`; do
54			#
55			# Get corresponding IPv4 address in /etc/hosts
56			#
57			servers=`grep -v '^[ ]*#' /etc/hosts | awk ' {
58			    if ($1 !~/:/) {
59				for (i=2; i<=NF; i++) {
60				    if (s == $i) printf("%s ", $1);
61				} }
62			    }' s="$ypsvr"`
63
64			[ -z "$servers"  ] && continue
65			server_addrs="$server_addrs $servers"
66		done
67
68		[ -z "$server_addrs"  ] && return 0
69		for s in $server_addrs; do
70			if [ -n "$tports" ]; then
71				for tport in $tports; do
72					echo "pass in log quick proto tcp" \
73					    "from $s to any port = $tport" >>$file
74				done
75			fi
76
77			if [ -n "$uports" ]; then
78				for uport in $uports; do
79					echo "pass in log quick proto udp" \
80					    "from $s to any port = $uport" >>$file
81				done
82			fi
83		done
84	else
85		#
86		# How do we handle the client broadcast case? Server replies
87		# to the outgoing port that sent the broadcast, but there's
88		# no way the client know a packet is the reply.
89		#
90		# Nis server should be specified and clients shouldn't be
91		# doing broadcasts but if it does, no choice but to allow
92		# all traffic.
93		#
94		echo "pass in log quick proto udp from any to any" \
95		    "port > 32768" >>$file
96	fi
97}
98
99#
100# Ipfilter method
101#
102if [ -n "$1" -a "$1" = "ipfilter" ]; then
103	create_client_ipf_rules $2
104	exit $SMF_EXIT_OK
105fi
106
107case $SMF_FMRI in
108	'svc:/network/nis/client:default')
109		domain=`domainname`
110
111		if [ -z "$domain" ]; then
112			echo "$0: domainname not set"
113			exit $SMF_EXIT_ERR_CONFIG
114		fi
115
116		if [ ! -d /var/yp/binding/$domain ]; then
117			echo "$0: /var/yp/binding/$domain is not a directory"
118			exit $SMF_EXIT_ERR_CONFIG
119		fi
120
121		# Since two ypbinds will cause ypwhich to hang...
122		if pgrep -z `/sbin/zonename` ypbind >/dev/null; then
123			echo "$0: ypbind is already running."
124			exit $SMF_EXIT_ERR_CONFIG
125		fi
126
127		if [ -f /var/yp/binding/$domain/ypservers ]; then
128			$YPDIR/ypbind > /dev/null 2>&1
129		else
130			$YPDIR/ypbind -broadcast > /dev/null 2>&1
131		fi
132
133		rc=$?
134		if [ $rc != 0 ]; then
135			echo "$0: ypbind failed with $rc"
136			exit 1
137		fi
138		;;
139
140	'svc:/network/nis/server:default')
141		domain=`domainname`
142
143		if [ -z "$domain" ]; then
144			echo "$0: domainname not set"
145			exit $SMF_EXIT_ERR_CONFIG
146		fi
147
148		if [ ! -d /var/yp/$domain ]; then
149			echo "$0: domain directory missing"
150			exit $SMF_EXIT_ERR_CONFIG
151		fi
152
153		if [ -f /etc/resolv.conf ]; then
154			$YPDIR/ypserv -d
155		else
156			$YPDIR/ypserv
157		fi
158
159		rc=$?
160		if [ $rc != 0 ]; then
161			echo "$0: ypserv failed with $rc"
162			exit 1
163		fi
164		;;
165
166	'svc:/network/nis/passwd:default')
167		PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \
168		    && PWDIR=`expr "$PWDIR" : '.*=[ 	]*\([^ 	]*\)'`
169		if [ "$PWDIR" ]; then
170			if [ "$PWDIR" = "/etc" ]; then
171				unset PWDIR
172			else
173				PWDIR="-D $PWDIR"
174			fi
175		fi
176		$YPDIR/rpc.yppasswdd $PWDIR -m
177
178		rc=$?
179		if [ $rc != 0 ]; then
180			echo "$0: rpc.yppasswdd failed with $rc"
181			exit 1
182		fi
183		;;
184
185	*)
186		echo "$0: Unknown service \"$SMF_FMRI\"."
187		exit $SMF_EXIT_ERR_CONFIG
188		;;
189esac
190exit $SMF_EXIT_OK
191