xref: /titanic_44/usr/src/cmd/ypcmd/yp.sh (revision eb1a34638eba7c5add1421327f3eb225a8ea7518) 
17c478bd9Sstevel@tonic-gate#!/bin/sh
27c478bd9Sstevel@tonic-gate#
37c478bd9Sstevel@tonic-gate# CDDL HEADER START
47c478bd9Sstevel@tonic-gate#
57c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the
6*eb1a3463STruong Nguyen# Common Development and Distribution License (the "License").
7*eb1a3463STruong Nguyen# You may not use this file except in compliance with the License.
87c478bd9Sstevel@tonic-gate#
97c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
107c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing.
117c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions
127c478bd9Sstevel@tonic-gate# and limitations under the License.
137c478bd9Sstevel@tonic-gate#
147c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each
157c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
167c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the
177c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying
187c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner]
197c478bd9Sstevel@tonic-gate#
207c478bd9Sstevel@tonic-gate# CDDL HEADER END
217c478bd9Sstevel@tonic-gate#
227c478bd9Sstevel@tonic-gate#
23*eb1a3463STruong Nguyen# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
247c478bd9Sstevel@tonic-gate# Use is subject to license terms.
257c478bd9Sstevel@tonic-gate#
267c478bd9Sstevel@tonic-gate
277c478bd9Sstevel@tonic-gate. /lib/svc/share/smf_include.sh
28*eb1a3463STruong Nguyen. /lib/svc/share/ipf_include.sh
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gateYPDIR=/usr/lib/netsvc/yp
317c478bd9Sstevel@tonic-gate
32*eb1a3463STruong Nguyencreate_client_ipf_rules()
33*eb1a3463STruong Nguyen{
34*eb1a3463STruong Nguyen	FMRI=$1
35*eb1a3463STruong Nguyen	file=`fmri_to_file $FMRI $IPF_SUFFIX`
36*eb1a3463STruong Nguyen	iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
37*eb1a3463STruong Nguyen	domain=`domainname`
38*eb1a3463STruong Nguyen
39*eb1a3463STruong Nguyen	if [ -z "$domain" ]; then
40*eb1a3463STruong Nguyen		return 0
41*eb1a3463STruong Nguyen	fi
42*eb1a3463STruong Nguyen
43*eb1a3463STruong Nguyen	if [ ! -d /var/yp/binding/$domain ]; then
44*eb1a3463STruong Nguyen		return
45*eb1a3463STruong Nguyen	fi
46*eb1a3463STruong Nguyen	echo "# $FMRI" >$file
47*eb1a3463STruong Nguyen
48*eb1a3463STruong Nguyen	ypfile="/var/yp/binding/$domain/ypservers"
49*eb1a3463STruong Nguyen	if [ -f $ypfile ]; then
50*eb1a3463STruong Nguyen		tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
51*eb1a3463STruong Nguyen		uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
52*eb1a3463STruong Nguyen
53*eb1a3463STruong Nguyen		server_addrs=""
54*eb1a3463STruong Nguyen		for ypsvr in `grep -v '^[ ]*#' $ypfile`; do
55*eb1a3463STruong Nguyen			#
56*eb1a3463STruong Nguyen			# Get corresponding IPv4 address in /etc/hosts
57*eb1a3463STruong Nguyen			#
58*eb1a3463STruong Nguyen			servers=`grep -v '^[ ]*#' /etc/hosts | awk ' {
59*eb1a3463STruong Nguyen			    if ($1 !~/:/) {
60*eb1a3463STruong Nguyen				for (i=2; i<=NF; i++) {
61*eb1a3463STruong Nguyen				    if (s == $i) printf("%s ", $1);
62*eb1a3463STruong Nguyen				} }
63*eb1a3463STruong Nguyen			    }' s="$ypsvr"`
64*eb1a3463STruong Nguyen
65*eb1a3463STruong Nguyen			[ -z "$servers"  ] && continue
66*eb1a3463STruong Nguyen			server_addrs="$server_addrs $servers"
67*eb1a3463STruong Nguyen		done
68*eb1a3463STruong Nguyen
69*eb1a3463STruong Nguyen		[ -z "$server_addrs"  ] && return 0
70*eb1a3463STruong Nguyen		for s in $server_addrs; do
71*eb1a3463STruong Nguyen			if [ -n "$tports" ]; then
72*eb1a3463STruong Nguyen				for tport in $tports; do
73*eb1a3463STruong Nguyen					echo "pass in log quick proto tcp" \
74*eb1a3463STruong Nguyen					    "from $s to any port = $tport" >>$file
75*eb1a3463STruong Nguyen				done
76*eb1a3463STruong Nguyen			fi
77*eb1a3463STruong Nguyen
78*eb1a3463STruong Nguyen			if [ -n "$uports" ]; then
79*eb1a3463STruong Nguyen				for uport in $uports; do
80*eb1a3463STruong Nguyen					echo "pass in log quick proto udp" \
81*eb1a3463STruong Nguyen					    "from $s to any port = $uport" >>$file
82*eb1a3463STruong Nguyen				done
83*eb1a3463STruong Nguyen			fi
84*eb1a3463STruong Nguyen		done
85*eb1a3463STruong Nguyen	else
86*eb1a3463STruong Nguyen		#
87*eb1a3463STruong Nguyen		# How do we handle the client broadcast case? Server replies
88*eb1a3463STruong Nguyen		# to the outgoing port that sent the broadcast, but there's
89*eb1a3463STruong Nguyen		# no way the client know a packet is the reply.
90*eb1a3463STruong Nguyen		#
91*eb1a3463STruong Nguyen		# Nis server should be specified and clients shouldn't be
92*eb1a3463STruong Nguyen		# doing broadcasts but if it does, no choice but to allow
93*eb1a3463STruong Nguyen		# all traffic.
94*eb1a3463STruong Nguyen		#
95*eb1a3463STruong Nguyen		echo "pass in log quick proto udp from any to any" \
96*eb1a3463STruong Nguyen		    "port > 32768" >>$file
97*eb1a3463STruong Nguyen	fi
98*eb1a3463STruong Nguyen}
99*eb1a3463STruong Nguyen
100*eb1a3463STruong Nguyen#
101*eb1a3463STruong Nguyen# Ipfilter method
102*eb1a3463STruong Nguyen#
103*eb1a3463STruong Nguyenif [ -n "$1" -a "$1" = "ipfilter" ]; then
104*eb1a3463STruong Nguyen	create_client_ipf_rules $2
105*eb1a3463STruong Nguyen	exit $SMF_EXIT_OK
106*eb1a3463STruong Nguyenfi
107*eb1a3463STruong Nguyen
1087c478bd9Sstevel@tonic-gatecase $SMF_FMRI in
1097c478bd9Sstevel@tonic-gate	'svc:/network/nis/client:default')
1107c478bd9Sstevel@tonic-gate		domain=`domainname`
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate		if [ -z "$domain" ]; then
1137c478bd9Sstevel@tonic-gate			echo "$0: domainname not set"
1147c478bd9Sstevel@tonic-gate			exit $SMF_EXIT_ERR_CONFIG
1157c478bd9Sstevel@tonic-gate		fi
1167c478bd9Sstevel@tonic-gate
1177c478bd9Sstevel@tonic-gate		if [ ! -d /var/yp/binding/$domain ]; then
1187c478bd9Sstevel@tonic-gate			echo "$0: /var/yp/binding/$domain is not a directory"
1197c478bd9Sstevel@tonic-gate			exit $SMF_EXIT_ERR_CONFIG
1207c478bd9Sstevel@tonic-gate		fi
1217c478bd9Sstevel@tonic-gate
1227c478bd9Sstevel@tonic-gate		# Since two ypbinds will cause ypwhich to hang...
1237c478bd9Sstevel@tonic-gate		if pgrep -z `/sbin/zonename` ypbind >/dev/null; then
1247c478bd9Sstevel@tonic-gate			echo "$0: ypbind is already running."
1257c478bd9Sstevel@tonic-gate			exit $SMF_EXIT_ERR_CONFIG
1267c478bd9Sstevel@tonic-gate		fi
1277c478bd9Sstevel@tonic-gate
1287c478bd9Sstevel@tonic-gate		if [ -f /var/yp/binding/$domain/ypservers ]; then
1297c478bd9Sstevel@tonic-gate			$YPDIR/ypbind > /dev/null 2>&1
1307c478bd9Sstevel@tonic-gate		else
1317c478bd9Sstevel@tonic-gate			$YPDIR/ypbind -broadcast > /dev/null 2>&1
1327c478bd9Sstevel@tonic-gate		fi
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate		rc=$?
1357c478bd9Sstevel@tonic-gate		if [ $rc != 0 ]; then
1367c478bd9Sstevel@tonic-gate			echo "$0: ypbind failed with $rc"
1377c478bd9Sstevel@tonic-gate			exit 1
1387c478bd9Sstevel@tonic-gate		fi
1397c478bd9Sstevel@tonic-gate		;;
1407c478bd9Sstevel@tonic-gate
1417c478bd9Sstevel@tonic-gate	'svc:/network/nis/server:default')
1427c478bd9Sstevel@tonic-gate		domain=`domainname`
1437c478bd9Sstevel@tonic-gate
1447c478bd9Sstevel@tonic-gate		if [ -z "$domain" ]; then
1457c478bd9Sstevel@tonic-gate			echo "$0: domainname not set"
1467c478bd9Sstevel@tonic-gate			exit $SMF_EXIT_ERR_CONFIG
1477c478bd9Sstevel@tonic-gate		fi
1487c478bd9Sstevel@tonic-gate
1497c478bd9Sstevel@tonic-gate		if [ ! -d /var/yp/$domain ]; then
1507c478bd9Sstevel@tonic-gate			echo "$0: domain directory missing"
1517c478bd9Sstevel@tonic-gate			exit $SMF_EXIT_ERR_CONFIG
1527c478bd9Sstevel@tonic-gate		fi
1537c478bd9Sstevel@tonic-gate
1547c478bd9Sstevel@tonic-gate		if [ -f /etc/resolv.conf ]; then
1557c478bd9Sstevel@tonic-gate			$YPDIR/ypserv -d
1567c478bd9Sstevel@tonic-gate		else
1577c478bd9Sstevel@tonic-gate			$YPDIR/ypserv
1587c478bd9Sstevel@tonic-gate		fi
1597c478bd9Sstevel@tonic-gate
1607c478bd9Sstevel@tonic-gate		rc=$?
1617c478bd9Sstevel@tonic-gate		if [ $rc != 0 ]; then
1627c478bd9Sstevel@tonic-gate			echo "$0: ypserv failed with $rc"
1637c478bd9Sstevel@tonic-gate			exit 1
1647c478bd9Sstevel@tonic-gate		fi
1657c478bd9Sstevel@tonic-gate		;;
1667c478bd9Sstevel@tonic-gate
1677c478bd9Sstevel@tonic-gate	'svc:/network/nis/passwd:default')
1687c478bd9Sstevel@tonic-gate		PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \
1697c478bd9Sstevel@tonic-gate		    && PWDIR=`expr "$PWDIR" : '.*=[ 	]*\([^ 	]*\)'`
1707c478bd9Sstevel@tonic-gate		if [ "$PWDIR" ]; then
1717c478bd9Sstevel@tonic-gate			if [ "$PWDIR" = "/etc" ]; then
1727c478bd9Sstevel@tonic-gate				unset PWDIR
1737c478bd9Sstevel@tonic-gate			else
1747c478bd9Sstevel@tonic-gate				PWDIR="-D $PWDIR"
1757c478bd9Sstevel@tonic-gate			fi
1767c478bd9Sstevel@tonic-gate		fi
1777c478bd9Sstevel@tonic-gate		$YPDIR/rpc.yppasswdd $PWDIR -m
1787c478bd9Sstevel@tonic-gate
1797c478bd9Sstevel@tonic-gate		rc=$?
1807c478bd9Sstevel@tonic-gate		if [ $rc != 0 ]; then
1817c478bd9Sstevel@tonic-gate			echo "$0: rpc.yppasswdd failed with $rc"
1827c478bd9Sstevel@tonic-gate			exit 1
1837c478bd9Sstevel@tonic-gate		fi
1847c478bd9Sstevel@tonic-gate		;;
1857c478bd9Sstevel@tonic-gate
1867c478bd9Sstevel@tonic-gate	*)
1877c478bd9Sstevel@tonic-gate		echo "$0: Unknown service \"$SMF_FMRI\"."
1887c478bd9Sstevel@tonic-gate		exit $SMF_EXIT_ERR_CONFIG
1897c478bd9Sstevel@tonic-gate		;;
1907c478bd9Sstevel@tonic-gateesac
1917c478bd9Sstevel@tonic-gateexit $SMF_EXIT_OK
192