1#!/bin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26 27. /lib/svc/share/smf_include.sh 28. /lib/svc/share/ipf_include.sh 29 30YPDIR=/usr/lib/netsvc/yp 31 32create_client_ipf_rules() 33{ 34 FMRI=$1 35 file=`fmri_to_file $FMRI $IPF_SUFFIX` 36 iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI` 37 domain=`domainname` 38 39 if [ -z "$domain" ]; then 40 return 0 41 fi 42 43 if [ ! -d /var/yp/binding/$domain ]; then 44 return 45 fi 46 echo "# $FMRI" >$file 47 48 ypfile="/var/yp/binding/$domain/ypservers" 49 if [ -f $ypfile ]; then 50 tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` 51 uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` 52 53 server_addrs="" 54 for ypsvr in `grep -v '^[ ]*#' $ypfile`; do 55 # 56 # Get corresponding IPv4 address in /etc/hosts 57 # 58 servers=`grep -v '^[ ]*#' /etc/hosts | awk ' { 59 if ($1 !~/:/) { 60 for (i=2; i<=NF; i++) { 61 if (s == $i) printf("%s ", $1); 62 } } 63 }' s="$ypsvr"` 64 65 [ -z "$servers" ] && continue 66 server_addrs="$server_addrs $servers" 67 done 68 69 [ -z "$server_addrs" ] && return 0 70 for s in $server_addrs; do 71 if [ -n "$tports" ]; then 72 for tport in $tports; do 73 echo "pass in log quick proto tcp" \ 74 "from $s to any port = $tport" >>$file 75 done 76 fi 77 78 if [ -n "$uports" ]; then 79 for uport in $uports; do 80 echo "pass in log quick proto udp" \ 81 "from $s to any port = $uport" >>$file 82 done 83 fi 84 done 85 else 86 # 87 # How do we handle the client broadcast case? Server replies 88 # to the outgoing port that sent the broadcast, but there's 89 # no way the client know a packet is the reply. 90 # 91 # Nis server should be specified and clients shouldn't be 92 # doing broadcasts but if it does, no choice but to allow 93 # all traffic. 94 # 95 echo "pass in log quick proto udp from any to any" \ 96 "port > 32768" >>$file 97 fi 98} 99 100# 101# Ipfilter method 102# 103if [ -n "$1" -a "$1" = "ipfilter" ]; then 104 create_client_ipf_rules $2 105 exit $SMF_EXIT_OK 106fi 107 108case $SMF_FMRI in 109 'svc:/network/nis/client:default') 110 domain=`domainname` 111 112 if [ -z "$domain" ]; then 113 echo "$0: domainname not set" 114 exit $SMF_EXIT_ERR_CONFIG 115 fi 116 117 if [ ! -d /var/yp/binding/$domain ]; then 118 echo "$0: /var/yp/binding/$domain is not a directory" 119 exit $SMF_EXIT_ERR_CONFIG 120 fi 121 122 # Since two ypbinds will cause ypwhich to hang... 123 if pgrep -z `/sbin/zonename` ypbind >/dev/null; then 124 echo "$0: ypbind is already running." 125 exit $SMF_EXIT_ERR_CONFIG 126 fi 127 128 if [ -f /var/yp/binding/$domain/ypservers ]; then 129 $YPDIR/ypbind > /dev/null 2>&1 130 else 131 $YPDIR/ypbind -broadcast > /dev/null 2>&1 132 fi 133 134 rc=$? 135 if [ $rc != 0 ]; then 136 echo "$0: ypbind failed with $rc" 137 exit 1 138 fi 139 ;; 140 141 'svc:/network/nis/server:default') 142 domain=`domainname` 143 144 if [ -z "$domain" ]; then 145 echo "$0: domainname not set" 146 exit $SMF_EXIT_ERR_CONFIG 147 fi 148 149 if [ ! -d /var/yp/$domain ]; then 150 echo "$0: domain directory missing" 151 exit $SMF_EXIT_ERR_CONFIG 152 fi 153 154 if [ -f /etc/resolv.conf ]; then 155 /usr/bin/env NSS_STRICT_NOFORK=DISABLED $YPDIR/ypserv -d 156 else 157 /usr/bin/env NSS_STRICT_NOFORK=DISABLED $YPDIR/ypserv 158 fi 159 160 rc=$? 161 if [ $rc != 0 ]; then 162 echo "$0: ypserv failed with $rc" 163 exit 1 164 fi 165 ;; 166 167 'svc:/network/nis/passwd:default') 168 PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \ 169 && PWDIR=`expr "$PWDIR" : '.*=[ ]*\([^ ]*\)'` 170 if [ "$PWDIR" ]; then 171 if [ "$PWDIR" = "/etc" ]; then 172 unset PWDIR 173 else 174 PWDIR="-D $PWDIR" 175 fi 176 fi 177 $YPDIR/rpc.yppasswdd $PWDIR -m 178 179 rc=$? 180 if [ $rc != 0 ]; then 181 echo "$0: rpc.yppasswdd failed with $rc" 182 exit 1 183 fi 184 ;; 185 186 *) 187 echo "$0: Unknown service \"$SMF_FMRI\"." 188 exit $SMF_EXIT_ERR_CONFIG 189 ;; 190esac 191exit $SMF_EXIT_OK 192