#!/bin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # Copyright 2006 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "%Z%%M% %I% %E% SMI" # CLEANUP=/tmp/CLEANUP write_ipnodes_message() { echo '\nThe ipnodes policy has been changed to match the hosts' >> $1 echo 'policy. Please review the changes to the ipnodes policy' >> $1 echo 'in the /etc/nsswitch.conf file and refer to the Solaris' >> $1 echo 'Naming Administration Guide for more information' >> $1 echo 'about these changes.\n' >> $1 } write_sed_script() { cat > /tmp/sed.scr.$$ << EOF /hosts:[ ]*nisplus[ ][ ]*dns/i\\ #You must also set up the /etc/resolv.conf file for DNS name\\ #server lookup. See resolv.conf(4). EOF } write_ipnodes_sed_script() { cat > /tmp/sed.scr.$$ << EOF # original hosts entry /^hosts:/p # match ipnodes entry to hosts entry s/^hosts: /ipnodes:/ # Add a commented out line for ipnodes in the example for adding DNS # and update the comment found in nsswitch.conf, based on nsswitch.nisplus. s/#Uncomment the following line/#Uncomment the following two lines/ /^#hosts:/p s/^#hosts:/#ipnodes:/ # add ipnodes comment before ipnodes policy /^ipnodes:/i\\ # Note that IPv4 addresses are searched for in all of the ipnodes databases\\ # before searching the hosts databases. EOF } change_ipnodes_sed_script() { cat > /tmp/sed.scr.$$ << EOF # find ipnodes comment and delete /^# Uncomment the following line and comment out the above to resolve/d /^# both IPv4 and IPv6 addresses from the ipnodes databases. Note that/d /^# IPv4 addresses are searched in all of the ipnodes databases before/d /^# searching the hosts databases. Before turning this option on, consult/d /^# the Network Administration Guide for more details on using IPv6./d /^#ipnodes:/d # Add a commented out line for ipnodes in the example for adding DNS # and update the comment found in nsswitch.conf, based on nsswitch.nisplus. s/#Uncomment the following line/#Uncomment the following two lines/ /^#hosts:/p s/^#hosts:/#ipnodes:/ # add new ipnodes comment before ipnodes policy /^ipnodes:/i\\ # Note that IPv4 addresses are searched for in all of the ipnodes databases\\ # before searching the hosts databases. EOF } while read src dest do if [ ! -f $dest ] ; then cp $src $dest else grep '/etc/nsswitch.nisplus' $dest > /dev/null 2>&1 if [ $? = 0 ] ; then grep 'You must also set up the /etc/resolv.conf' \ $dest > /dev/null 2>&1 if [ $? != 0 ]; then write_sed_script sed -f /tmp/sed.scr.$$ $dest > /tmp/d.$$ cp /tmp/d.$$ $dest rm -f /tmp/d.$$ /tmp/sed.scr.$$ fi fi grep 'nametoaddr_libs of' $dest > /dev/null 2>&1 if [ $? != 0 ]; then cat $dest | \ sed -e 's/# "hosts:" and "services:" in this file are used only if the \/etc\/netconfig.*/# "hosts:" and "services:" in this file are used only if the/' \ -e 's/# file contains "switch.so" as a nametoaddr library for/# \/etc\/netconfig file has a "-" for nametoaddr_libs of/' > /tmp/d2.$$ cp /tmp/d2.$$ $dest rm -f /tmp/d2.$$ fi # # If the file contains "xfn" in the "hosts:" line, omit it. # The support for "xfn" has been removed # grep xfn $dest > /dev/null 2>&1 if [ $? = 0 ]; then sed '/hosts:/s/xfn[ ]*//' $dest > /tmp/d.$$ cp /tmp/d.$$ $dest rm -f /tmp/d.$$ fi # If the file doesn't have a "printers" database entry, add # an appropriate entry. Default to everything if we can't # figure out what is appropriate. grep printers: $dest > /dev/null 2>&1 if [ $? != 0 ]; then PRINTERS="files nis ldap nisplus" egrep '/etc/nsswitch\.(dns|files)' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PRINTERS="files" fi grep '/etc/nsswitch.nis' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PRINTERS="files nis" fi grep '/etc/nsswitch.ldap' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PRINTERS="files ldap" fi grep '/etc/nsswitch.nisplus' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PRINTERS="nisplus files" fi echo "printers: user ${PRINTERS}" >>$dest else # # If the file contains "xfn" in the "printers:" line, # omit it. The support for "xfn" has been removed # grep xfn $dest > /dev/null 2>&1 if [ $? = 0 ]; then sed '/printers:/s/xfn[ ]*//' $dest > /tmp/d.$$ cp /tmp/d.$$ $dest rm -f /tmp/d.$$ fi fi # # If not there, add "ipnodes:" databases for unified host # addresses. In all cases except the simple "hosts: files" one, # add an ipnodes policy that matches the "hosts" policy and a # comment regarding the search order of the "ipnodes" and # "hosts" databases. All of this is followed by a blank line. # grep -s 'ipnodes:' $dest > /dev/null 2>&1 if [ $? != 0 ] ; then grep -s '^hosts:[ ]*files[ ]*$' $dest \ > /dev/null 2>&1 if [ $? = 0 ]; then sed '/^hosts:/p;s/^hosts.*/ipnodes: files/' \ $dest > /tmp/d.$$ if [ $? = 0 ]; then cp /tmp/d.$$ $dest fi else write_ipnodes_sed_script sed -f /tmp/sed.scr.$$ $dest > /tmp/d.$$ if [ $? = 0 ]; then cp /tmp/d.$$ $dest fi rm -f /tmp/sed.scr.$$ fi rm -f /tmp/d.$$ else # # The ipnodes policy is there (post S8), we just need # to update the ipnodes policy to match the hosts # policy. # grep -s '^hosts:[ ]*files[ ]*$' $dest \ > /dev/null 2>&1 if [ $? != 0 ]; then # # find ipnodes entry, delete it and replace it # with one matching the hosts policy. Do this # only if it's not been changed. # grep -s '^ipnodes:[ ]*files[ ]*$' \ $dest > /dev/null 2>&1 if [ $? = 0 ]; then sed -e '/^ipnodes:[ ]*files*$/d' \ -e '/^hosts:/p' \ -e 's/^hosts: /ipnodes:/' $dest \ > /tmp/d.$$ if [ $? = 0 ]; then cp /tmp/d.$$ $dest fi if [ "$UPDATE" = yes ]; then write_ipnodes_message $CLEANUP fi rm -f /tmp/d.$$ fi # # Now clean up the comments, if they haven't # already been cleaned. # grep -s '^# Note that IPv4 addresses' \ $dest > /dev/null 2>&1 if [ $? != 0 ]; then change_ipnodes_sed_script sed -f /tmp/sed.scr.$$ $dest > /tmp/d.$$ if [ $? = 0 ]; then cp /tmp/d.$$ $dest fi rm -f /tmp/sed.scr.$$ /tmp/d.$$ fi fi fi #role-based access control databases # Solaris 8 Beta refresh had audit_user, exec_attr and # user_attr entries for dns, files, nis, nis+ and ldap. # Remove them if they are present sed -e '/^# role-based access control/d'\ -e '/^exec_attr:/d' \ -e '/^user_attr:/d' \ -e '/^# audit/d' \ -e '/^audit_user:/d' \ $dest > /tmp/d.$$ cp /tmp/d.$$ $dest rm -f /tmp/d.$$ # If the file doesn't have user attr database entries, add # appropriate entries. Default to everything if we can't # figure out what is appropriate. for DB in auth_attr prof_attr do grep $DB: $dest > /dev/null 2>&1 if [ $? != 0 ]; then ATTR="files nis nisplus ldap" egrep '/etc/nsswitch\.(dns|files)' $dest >\ /dev/null 2>&1 if [ $? = 0 ] ; then ATTR="files" fi grep '/etc/nsswitch.nis' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then ATTR="files nis" fi grep '/etc/nsswitch.nisplus' $dest >/dev/null \ 2>&1 if [ $? = 0 ] ; then ATTR="files nisplus" fi echo "${DB}: ${ATTR}" >> $dest grep '/etc/nsswitch.ldap' $dest >/dev/null \ 2>&1 if [ $? = 0 ] ; then ATTR="files ldap" fi echo "${DB}: ${ATTR}" >> $dest fi done # If the file doesn't have a "project" database entry, add # an appropriate entry. Default to "files" if we can't # figure out what is appropriate. grep project: $dest > /dev/null 2>&1 if [ $? != 0 ]; then PROJECT="files" egrep '/etc/nsswitch\.(dns|files)' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PROJECT="files" fi grep '/etc/nsswitch.nis' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PROJECT="files nis" fi grep '/etc/nsswitch.ldap' $dest >/dev/null 2>&1 if [ $? = 0 ] ; then PROJECT="files ldap" fi echo "project: ${PROJECT}" >>$dest fi # sendmailvars bites the dust in S10 sed -e '/^sendmailvars:/d' $dest > /tmp/d.$$ cp /tmp/d.$$ $dest rm -f /tmp/d.$$ # If the file doesn't have Trusted Extensions networking # database (TNdb) entries, add appropriate entries. # TNdb entries is not supported in nis/nisplus, So avoid # appending these entries in /etc/nsswitch.conf. # And for rest of the name services append these TNdb entries # according to name service. egrep '/etc/nsswitch.(nis|nisplus)' $dest >\ /dev/null 2>&1 if [ $? != 0 ] ; then for DB in tnrhtp tnrhdb do grep $DB: $dest > /dev/null 2>&1 if [ $? != 0 ]; then ATTR="files ldap" egrep '/etc/nsswitch\.(dns|files)' $dest >\ /dev/null 2>&1 if [ $? = 0 ] ; then ATTR="files" fi grep '/etc/nsswitch.ldap' $dest >/dev/null \ 2>&1 if [ $? = 0 ] ; then ATTR="files ldap" fi echo "${DB}: ${ATTR}" >> $dest fi done fi fi done exit 0