xref: /illumos-gate/usr/src/cmd/ypcmd/yp.sh (revision c3d26abc9ee97b4f60233556aadeb57e0bd30bb9) 
1#!/bin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24# Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
25#
26
27. /lib/svc/share/smf_include.sh
28. /lib/svc/share/ipf_include.sh
29
30YPDIR=/usr/lib/netsvc/yp
31
32create_client_ipf_rules()
33{
34	FMRI=$1
35	file=`fmri_to_file $FMRI $IPF_SUFFIX`
36	file6=`fmri_to_file $FMRI $IPF6_SUFFIX`
37	iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
38	domain=`domainname`
39
40	if [ -z "$domain" ]; then
41		return 0
42	fi
43
44	if [ ! -d /var/yp/binding/$domain ]; then
45		return
46	fi
47	echo "# $FMRI" >$file
48	echo "# $FMRI" >$file6
49
50	ypfile="/var/yp/binding/$domain/ypservers"
51	if [ -f $ypfile ]; then
52		tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
53		uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
54		tports_6=`$SERVINFO -R -p -t6 -s $iana_name 2>/dev/null`
55		uports_6=`$SERVINFO -R -p -u6 -s $iana_name 2>/dev/null`
56
57		server_addrs=""
58                server_addrs_6=""
59		for ypsvr in `grep -v '^[ ]*#' $ypfile`; do
60			#
61			# Get corresponding IPv4/IPv6 addresses
62			#
63			servers=`getent ipnodes $ypsvr | awk '/^:/{ print $1 }'`
64			servers_6=`getent ipnodes $ypsvr | awk '/:/{ print $1 }'`
65
66			if [ -n "$servers" ]; then
67				server_addrs="$server_addrs $servers"
68			fi
69
70			if [ -n "$servers_6" ]; then
71				server_addrs_6="$server_addrs_6 $servers"
72			fi
73		done
74
75		if [ -n "$server_addrs"  ]; then
76			for s in $server_addrs; do
77				if [ -n "$tports" ]; then
78					for tport in $tports; do
79						echo "pass in log quick" \
80						    "proto tcp from $s" \
81						    "to any port = $tport" \
82						    >>$file
83					done
84				fi
85
86				if [ -n "$uports" ]; then
87					for uport in $uports; do
88						echo "pass in log quick" \
89						    "proto udp from $s" \
90						    "to any port = $uport" \
91						     >>$file
92					done
93				fi
94			done
95		fi
96
97		if [ -n "$server_addrs_6"  ]; then
98			for s in $server_addrs_6; do
99				if [ -n "$tports_6" ]; then
100					for tport in $tports_6; do
101						echo "pass in log quick" \
102						    "proto tcp from $s" \
103						    "to any port = $tport" \
104						    >>$file6
105					done
106				fi
107
108				if [ -n "$uports_6" ]; then
109					for uport in $uports_6; do
110						echo "pass in log quick" \
111						    "proto udp from $s" \
112						    "to any port = $uport" \
113						     >>$file6
114					done
115				fi
116			done
117		fi
118	else
119		#
120		# How do we handle the client broadcast case? Server replies
121		# to the outgoing port that sent the broadcast, but there's
122		# no way the client know a packet is the reply.
123		#
124		# Nis server should be specified and clients shouldn't be
125		# doing broadcasts but if it does, no choice but to allow
126		# all traffic.
127		#
128		echo "pass in log quick proto udp from any to any" \
129		    "port > 32768" >>$file
130		echo "pass in log quick proto udp from any to any" \
131		    "port > 32768" >>$file6
132	fi
133}
134
135#
136# Ipfilter method
137#
138if [ -n "$1" -a "$1" = "ipfilter" ]; then
139	create_client_ipf_rules $2
140	exit $SMF_EXIT_OK
141fi
142
143case $SMF_FMRI in
144	'svc:/network/nis/client:default')
145		domain=`domainname`
146
147		if [ -z "$domain" ]; then
148			echo "$0: domainname not set"
149			exit $SMF_EXIT_ERR_CONFIG
150		fi
151
152		if [ ! -d /var/yp/binding/$domain ]; then
153			echo "$0: /var/yp/binding/$domain is not a directory"
154			exit $SMF_EXIT_ERR_CONFIG
155		fi
156
157		# Since two ypbinds will cause ypwhich to hang...
158		if pgrep -z `/sbin/zonename` ypbind >/dev/null; then
159			echo "$0: ypbind is already running."
160			exit $SMF_EXIT_ERR_CONFIG
161		fi
162
163		if [ -f /var/yp/binding/$domain/ypservers ]; then
164			$YPDIR/ypbind > /dev/null 2>&1
165		else
166			$YPDIR/ypbind -broadcast > /dev/null 2>&1
167		fi
168
169		rc=$?
170		if [ $rc != 0 ]; then
171			echo "$0: ypbind failed with $rc"
172			exit 1
173		fi
174		;;
175
176	'svc:/network/nis/server:default')
177		domain=`domainname`
178
179		if [ -z "$domain" ]; then
180			echo "$0: domainname not set"
181			exit $SMF_EXIT_ERR_CONFIG
182		fi
183
184		if [ ! -d /var/yp/$domain ]; then
185			echo "$0: domain directory missing"
186			exit $SMF_EXIT_ERR_CONFIG
187		fi
188
189		if [ -f /etc/resolv.conf ]; then
190			$YPDIR/ypserv -d
191		else
192			$YPDIR/ypserv
193		fi
194
195		rc=$?
196		if [ $rc != 0 ]; then
197			echo "$0: ypserv failed with $rc"
198			exit 1
199		fi
200		;;
201
202	'svc:/network/nis/passwd:default')
203		PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \
204		    && PWDIR=`expr "$PWDIR" : '.*=[ 	]*\([^ 	]*\)'`
205		if [ "$PWDIR" ]; then
206			if [ "$PWDIR" = "/etc" ]; then
207				unset PWDIR
208			else
209				PWDIR="-D $PWDIR"
210			fi
211		fi
212		$YPDIR/rpc.yppasswdd $PWDIR -m
213
214		rc=$?
215		if [ $rc != 0 ]; then
216			echo "$0: rpc.yppasswdd failed with $rc"
217			exit 1
218		fi
219		;;
220
221	*)
222		echo "$0: Unknown service \"$SMF_FMRI\"."
223		exit $SMF_EXIT_ERR_CONFIG
224		;;
225esac
226exit $SMF_EXIT_OK
227