search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / cmd / ypcmd / yp.sh
blob773f74810e416c4f7884c487b535fd9117adf008
1 #!/bin/sh
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22 #
23 # Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
25 #
26
27 . /lib/svc/share/smf_include.sh
28 . /lib/svc/share/ipf_include.sh
29
30 YPDIR=/usr/lib/netsvc/yp
31
32 create_client_ipf_rules()
33 {
34 FMRI=$1
35 file=`fmri_to_file $FMRI $IPF_SUFFIX`
36 file6=`fmri_to_file $FMRI $IPF6_SUFFIX`
37 iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
38 domain=`domainname`
39 block_policy=$GLOBAL_BLOCK_POLICY
40
41 if [ "$block_policy" = "return" ]; then
42 block_policy_tcp="return-rst"
43 block_policy_udp="return-icmp-as-dest"
44 fi
45
46 if [ -z "$domain" ]; then
47 return 0
48 fi
49
50 if [ ! -d /var/yp/binding/$domain ]; then
51 return
52 fi
53 echo "# $FMRI" >$file
54 echo "# $FMRI" >$file6
55
56 ypfile="/var/yp/binding/$domain/ypservers"
57 if [ -f $ypfile ]; then
58 tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
59 uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
60 tports_6=`$SERVINFO -R -p -t6 -s $iana_name 2>/dev/null`
61 uports_6=`$SERVINFO -R -p -u6 -s $iana_name 2>/dev/null`
62
63 server_addrs=""
64 server_addrs_6=""
65 for ypsvr in `grep -v '^[ ]*#' $ypfile`; do
66 #
67 # Get corresponding IPv4/IPv6 addresses
68 #
69 servers=`getent ipnodes $ypsvr | \
70 /usr/xpg4/bin/awk '$1 ~ !/:/{ print $1 }'`
71 servers_6=`getent ipnodes $ypsvr | \
72 /usr/xpg4/bin/awk '$1 ~ /:/{ print $1 }'`
73
74 if [ -n "$servers" ]; then
75 server_addrs="$server_addrs $servers"
76 fi
77
78 if [ -n "$servers_6" ]; then
79 server_addrs_6="$server_addrs_6 $servers_6"
80 fi
81 done
82
83 if [ -n "$tports" -o -n "$tports_6" ]; then
84 for tport in $tports $tports_6; do
85 echo "block $block_policy_tcp in log" \
86 "proto tcp from any to any" \
87 "port = $tport" >>$file
88 if [ -n "$server_addrs" ]; then
89 for s in $server_addrs; do
90 echo "pass in log quick" \
91 "proto tcp from $s" \
92 "to any port = $tport" \
93 >>$file
94 done
95 fi
96 done
97 fi
98
99 if [ -n "$uports" -o -n "$uports_6" ]; then
100 for uport in $uports $uports_6; do
101 echo "block $block_policy_udp in log" \
102 "proto udp from any to any" \
103 "port = $uport" >>$file
104 if [ -n "$server_addrs" ]; then
105 for s in $server_addrs; do
106 echo "pass in log quick" \
107 "proto udp from $s" \
108 "to any port = $uport" \
109 >>$file
110 done
111 fi
112 done
113 fi
114
115 if [ -n "$tports_6" ]; then
116 for tport in $tports_6; do
117 echo "block $block_policy_tcp in log" \
118 "proto tcp from any to any" \
119 "port = $tport" >>$file6
120 if [ -n "$server_addrs_6" ]; then
121 for s in $server_addrs_6; do
122 echo "pass in log quick" \
123 "proto tcp from $s" \
124 "to any port = $tport" \
125 >>$file6
126 done
127 fi
128 done
129 fi
130
131 if [ -n "$uports_6" ]; then
132 for uport in $uports_6; do
133 echo "block $block_policy_udp in log" \
134 "proto udp from any to any" \
135 "port = $uport" >>$file6
136 if [ -n "$server_addrs_6" ]; then
137 for s in $server_addrs_6; do
138 echo "pass in log quick" \
139 "proto udp from $s" \
140 "to any port = $uport" \
141 >>$file6
142 done
143 fi
144 done
145 fi
146 else
147 #
148 # How do we handle the client broadcast case? Server replies
149 # to the outgoing port that sent the broadcast, but there's
150 # no way the client know a packet is the reply.
151 #
152 # Nis server should be specified and clients shouldn't be
153 # doing broadcasts but if it does, no choice but to allow
154 # all traffic.
155 #
156 echo "pass in log quick proto udp from any to any" \
157 "port > 32768" >>$file
158 echo "pass in log quick proto udp from any to any" \
159 "port > 32768" >>$file6
160 fi
161 }
162
163 #
164 # Ipfilter method
165 #
166 if [ -n "$1" -a "$1" = "ipfilter" ]; then
167 create_client_ipf_rules $2
168 exit $SMF_EXIT_OK
169 fi
170
171 case $SMF_FMRI in
172 'svc:/network/nis/client:default')
173 domain=`domainname`
174
175 if [ -z "$domain" ]; then
176 echo "$0: domainname not set"
177 exit $SMF_EXIT_ERR_CONFIG
178 fi
179
180 if [ ! -d /var/yp/binding/$domain ]; then
181 echo "$0: /var/yp/binding/$domain is not a directory"
182 exit $SMF_EXIT_ERR_CONFIG
183 fi
184
185 # Since two ypbinds will cause ypwhich to hang...
186 if pgrep -z `/sbin/zonename` ypbind >/dev/null; then
187 echo "$0: ypbind is already running."
188 exit $SMF_EXIT_ERR_CONFIG
189 fi
190
191 if [ -f /var/yp/binding/$domain/ypservers ]; then
192 $YPDIR/ypbind > /dev/null 2>&1
193 else
194 $YPDIR/ypbind -broadcast > /dev/null 2>&1
195 fi
196
197 rc=$?
198 if [ $rc != 0 ]; then
199 echo "$0: ypbind failed with $rc"
200 exit 1
201 fi
202 ;;
203
204 'svc:/network/nis/server:default')
205 domain=`domainname`
206
207 if [ -z "$domain" ]; then
208 echo "$0: domainname not set"
209 exit $SMF_EXIT_ERR_CONFIG
210 fi
211
212 if [ ! -d /var/yp/$domain ]; then
213 echo "$0: domain directory missing"
214 exit $SMF_EXIT_ERR_CONFIG
215 fi
216
217 if [ -f /etc/resolv.conf ]; then
218 $YPDIR/ypserv -d
219 else
220 $YPDIR/ypserv
221 fi
222
223 rc=$?
224 if [ $rc != 0 ]; then
225 echo "$0: ypserv failed with $rc"
226 exit 1
227 fi
228 ;;
229
230 'svc:/network/nis/passwd:default')
231 PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \
232 && PWDIR=`expr "$PWDIR" : '.*=[ ]*\([^ ]*\)'`
233 if [ "$PWDIR" ]; then
234 if [ "$PWDIR" = "/etc" ]; then
235 unset PWDIR
236 else
237 PWDIR="-D $PWDIR"
238 fi
239 fi
240 $YPDIR/rpc.yppasswdd $PWDIR -m
241
242 rc=$?
243 if [ $rc != 0 ]; then
244 echo "$0: rpc.yppasswdd failed with $rc"
245 exit 1
246 fi
247 ;;
248
249 *)
250 echo "$0: Unknown service \"$SMF_FMRI\"."
251 exit $SMF_EXIT_ERR_CONFIG
252 ;;
253 esac
254 exit $SMF_EXIT_OK
unleashed repo fork