nispopulate.sh revision 7c478bd95313f5f23a4c958a745db2134aa03244
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright (c) 1992-1997 by Sun Microsystems, Inc.
# All rights reserved.
#
# ident "%Z%%M% %I% %E% SMI"
#
# nispopulate -- script to populate NIS+ tables
#
# print_usage(): ask user if they want to see detailed usage msg.
#
{
echo
get_yesno " Do you want to see more information on this command? \\n\
(type 'y' to get a detailed description, 'n' to exit)"
then
fi
echo ""
exit 1
}
{
more << EOF
USAGE:
o to populate the table from NIS maps:
$PROG -Y [-f] [-n] [-S 0|2] [-u] [-v] [-x] -h <NIS_server_host>
[-a <NIS_server_addr>] [-l <network_passwd>]
[-d <NIS+_domain>] -y <NIS_domain> [table] ...
o to populate the table from files:
$PROG -F [-f] [-u] [-v] [-x] [-S 0|2] [-d <NIS+_domain>]
[-l <network_passwd>] [-p <directory_path>] [table] ...
o to populate the credential table from hosts/passwd tables:
$PROG -C [-f] [-v] [-x] [-d <NIS+_domain>]
[-l <network_passwd>] [hosts|passwd]
OPTIONS:
-a <NIS_server_addr>
specifies the IP address for the NIS server. This option is
*ONLY* used with the "-Y" option.
-C populate the NIS+ credential table from passwd and hosts tables
using DES authentication (security level 2).
-d <NIS+_domain>
specifies the NIS+ domain. The default is the local domain.
-F populate NIS+ tables from files.
-f forces this script to populate the NIS+ tables without prompting
for confirmation.
-h <NIS_server_host>
specifies the NIS server hostname to copy the NIS map from. This
is *ONLY* used with the "-Y" option. This host must be already
exist in either the NIS+ hosts table or /etc/hosts file. If the
hostname is not defined, this script will prompt you for its IP
address.
-l <network_passwd>
specifies the network password for populating the NIS+ credential
table. This is *ONLY* used when you are populating the hosts and
passwd tables. The default passwd is "nisplus".
-n do not overwrite local NIS maps in /var/yp/<NISdomain>
directory if they already exist. The default is to overwrite
the existing NIS maps in the local /var/yp/<NISdomain>
directory. This is *ONLY* used with the "-Y" option.
-p <directory_path>
specifies the directory path where the files are stored.
This is *ONLY* used with the "-F" option. The default is the
current working directory.
-S 0|2
specifies the authentication level for the NIS+ client. Level 0 is
for unauthenticated clients and no credentials will be created for
users and hosts in the specified domain. Level 2 is for authenticated
(DES) clients and DES credentials will be created for users and hosts
in the specified domain. The default is to set up with level 2
authentication (DES). There is no need to run nispopulate with -C
for level 0 authentication.
-u updates the NIS+ tables (ie., adds, deletes, modifies) from either
files or NIS maps. This option should be used to bring an NIS+
table up to date when there are only a small number of changes.
The default is to add to the NIS+ tables without deleting any
existing entries. Also, see the -n option for updating NIS+
tables from existing maps in the /var/yp directory.
-v runs this script in verbose mode.
-x turns the "echo" mode on. This script just prints the commands
that it would have executed. The commands are printed with
leading "+++". Note that the commands are not actually executed.
The default is off.
-Y populate the NIS+ tables from NIS maps.
-y <NIS_domain>
specifies the NIS domain to copy the NIS maps from. This is
*ONLY* used with the "-Y" option. The default domain name is
the same as the local domain name.
EOF
}
{
then
echo "**WARNING: You have specified the '$CFY_OPTION' option twice."
return
fi
echo
echo "**ERROR: You have specified the '$ERRCFY_OPTION' option after"
echo " having selected the '$CFY_OPTION' option."
echo "Please select only one of these options: '-C', '-F' or '-Y'."
exit 1
}
#NOTE:
#Standard NIS+ table names are:
#$MAPS shadow
#(shadow map is only used when populating from files)
#
# Generic Routines:
# -----------------
#
# This section contains general routines.
# get_ans() - prompts the message and waits for an input
# get_yesno() - prompts the message and waits for a Y or N answer
# tolower() - converts upper to lower case.
#
#
# get_ans(): gets an asnwer from the user.
# $2 default value
#
get_ans()
{
if [ -z "$2" ]
then
then
echo "$1 \c"
else
echo -n "$1 "
fi
else
then
echo "$1 [$2] \c"
else
echo -n "$1 [$2] "
fi
fi
read ANS
then
ANS=$2
fi
}
########## get_yesno constants:
##
## There are two very common phrases passed to get_yesno:
## These have been parameterized to provide "ease of use".
## Thus, there are three message "types" which are possible:
## --$CONTINUE: "Do you want to continue? (type 'y' to continue, 'n' to exit this script)"
## --$CONFIRM: "Is this information correct? (type 'y' to accept, 'n' to change)"
## --actual string is passed.
##
## If the message is $CONTINUE, get_yesno will exit if the response is no.
##
###########
CONTINUE=2
CONFIRM=1
#
# get_yesno(): get the yes or no answer.
# $1 message type or message.
#
#
#
{
ANS="X"
case $1 in
INFOTEXT="Do you want to continue? (type 'y' to continue, 'n' to exit this script)"
;;
$CONFIRM )
INFOTEXT="Is this information correct? (type 'y' to accept, 'n' to change)"
;;
*) INFOTEXT="$1"
;;
esac
do
done
then
exit
fi
fi
}
#
# tolower(): converts upper to lower case.
# $1 string to convert
#
tolower()
{
}
#
# Common Routines:
# ---------------
#
# This section contains common routines for the script.
# init() - initializes all the variables
# parse_arg() - parses the command line arguments
# check_perm() - checks for the write permission for an object
# get_security() - gets the security information
# update_info() - updates the setup information
# print_info() - prints the setup information
# confirm() - prompts the user for confirmation
# is_standard() - check if it's a member of the standard maps
#
#
# init(): initializes variables and options
#
init()
{
BACKUP="no_nisplus"
SEC=2 # security level
MAPS="auto_master auto_home ethers group hosts ipnodes networks passwd protocols services rpc netmasks bootparams netgroup aliases timezone"
then
else
fi
}
#
# parse_arg(): parses the input arguments.
# It returns the number to be shift in the argument list.
#
{
do
then
ACTION="cred"
CFY_OPTION="-C"
else
ERRCFY_OPTION="-C"
fi;;
then
else
fi ;;
then
ACTION="file"
CFY_OPTION="-F"
else
ERRCFY_OPTION="-F"
fi;;
p) if [ -d $OPTARG ]
then
else
echo "**ERROR: directory $OPTARG does not exist."
exit 1
fi;;
then
echo "**ERROR: invalid security level."
echo " It must be either 0 or 2."
echo " This can only be used with -F and -Y options."
exit 1
fi
v) VERB=""
then
ACTION="yp"
CFY_OPTION="-Y"
else
ERRCFY_OPTION="-Y"
fi;;
then
else
fi ;;
\?) print_usage ;;
*) echo "**ERROR: Should never get to this point!!!!!"
print_usage ;;
esac
done
}
#
# get_security(): gets the security information
#
{
do
then
echo "**ERROR: invalid security level."
echo " It must be either 2 or 3."
else
break
fi
done
}
#
# update_info(): updates the information.
#
{
echo ""
then
else
fi
do
then
then
else
fi
break
fi
echo "**WARNING: you must specify the NIS domain name."
done
# ...YP host name
do
then
break
fi
echo "**WARNING: you must specify the NIS server hostname."
done
;;
do
then
if [ -d $ANS ]
then
break
else
echo "**ERROR: directory $ANS does not exist."
echo " Please try again."
fi
else
break
fi
done
;;
"cred") # ... security level
# ... credential password
;;
esac
}
#
# print_info(): prints the information on the screen.
#
{
echo "NIS+ domain name : $DOM"
# ...YP info
"yp") echo "NIS (YP) domain : ${YPDOM:-(not available)}"
echo "NIS (YP) server hostname : ${YPHOST:-(not available)}"
;;
"file") echo "Directory Path : ${DIRPATH:-(current directory)}"
;;
esac
echo "Security Level : $MESS"
echo "Credential Password : $PASSWD"
;;
esac
}
#
# confirm(): asks for user confirmation. If declined, then it will step
# the user through a question answer session.
#
confirm()
{
do
echo ""
echo ""
then
return
fi
done
}
#
# check_perm(): checks if we have write permission to the NIS+ object
# This should be replaced with nisaccess command when it's available
# $1 the table to be checked.
#
{
eval "echo checking $1 permission... $VERB"
MYPRINC=`nisdefaults -p`
then
if nistest -a n=c $1;
then
return
else
return 1
fi
fi
if [ $? -ne 0 ]
then
exit 1
fi
then
if nistest -a o=c $1;
then
return
else
return 1
fi
fi
if [ $? -ne 0 ]
then
exit 1
fi
then
then
if nistest -a g=c $1;
then
return
else
return 1
fi
fi
fi
if nistest -a w=c $1;
then
return
else
return 1
fi
}
#
# is_standard(): checks if the argument passed is a member of the standard
# maps. It returns standard if the argument is a member, else it returns
# non-standard.
# $1 the table name to be checked.
#
{
do
then
echo "standard"
return
fi
done
echo "non-standard"
return
}
#
# Populate from YP Routines:
# --------------------------
#
# This section contains the routine to populate the table from YP maps.
# It will copy the maps from the YP server if not already exists in the
# from_yp() - populates the NIS+ tables from YP map.
#
#
# yp_trans(): translate a name type to NIS map name for ypxfr.
# $1 type name
# NOTE: netid.byname map is not supported.
#
yp_trans()
{
if [ $# -eq 0 ]
then
return
fi
case $1 in
"bootparams") echo "bootparams";;
"netgroup") echo "netgroup";;
auto.*) echo $1;;
*) echo $1;;
esac
}
#
# nisplus_trans(): translate a name type to NIS+ map name for ypxfr.
# $1 name type
# NOTE: netid.byname map is not supported.
#
{
if [ $# -eq 0 ]
then
return
fi
case $1 in
"shadow") echo "passwd";;
"aliases") echo "mail_aliases";;
*) echo $1;;
esac
}
#
# print_interrupt_warning
#
# used by from_yp & from_files to caution user.
#
{
echo "**WARNING: Interrupting this script after choosing to continue"
echo "may leave the tables only partially populated. This script does"
echo "not do any automatic recovery or cleanup."
echo ""
}
#
# from_yp(): populates the NIS+ tables from YP map.
#
from_yp()
{
ERRFOUND=""
then
else
echo ""
fi
then
echo ""
echo "**ERROR: you must specify both the NIS domain name (-y)"
echo " and the NIS server hostname (-h)."
fi
#
# Try to determine IP address. If it was specified on the
# command line, we use that. If that fails, we try going through
# the switch (with the getent command). If that fails, we
# we ask. If we have to ask, then we add the IP address
# to the hosts file so we won't have to bug them if this
# script is run again (adding the entry is a little incorrect,
# but quite helpful).
#
# May have to modify at this point to support IPV6
then
fi
then
fi
then
get_ans "Type the IP address for NIS (YP) server ${YPHOST}:" ""
if [ ! -f $HOSTS_FILE.$BACKUP ]
then
fi
$ECHO "echo $ADDR $YPHOST >> $HOSTS_FILE"
fi
if [ $# -eq 0 ]
then
else
TABLES=$*
fi
# ...remove the "." from the domainname
echo ""
echo "This script will populate the $STANDARD NIS+ tables for domain "
echo "$DOM from the NIS (YP) maps in domain ${YPDOM}:"
echo $TABLES
echo ""
then
echo ""
fi
then
fi
then
fi
# ... populating standard files
do
# ... check if table exits
then
else
echo " $NISTAB table will not be loaded."
then
continue
fi
fi
# ...transfer the YP map from YP server
YPXFR="ypxfr"
then
then
eval "echo removing existing local NIS \(YP\) map... $VERB"
fi
eval "echo copying NIS \(YP\) map from server... $VERB"
if [ $? -ne 0 ]
then
echo "**ERROR: NIS map transfer failed."
echo " $NISTAB table will not be loaded."
echo ""
continue
fi
else
then
eval "echo using the existing NIS \(YP\) map... $VERB"
else
eval "echo copying NIS \(YP\) map from server... $VERB"
if [ $? -ne 0 ]
then
echo "**ERROR: NIS map transfer failed."
echo " $NISTAB table will not be loaded."
echo ""
continue
fi
fi
fi
# ...special conversion for netgroup, timezone and auto.master
# maps
OK="yes"
then
if [ $? -eq 0 ]
then
eval "echo makedbm -u OK... $VERB"
else
OK=""
fi
then
echo "**WARNING: NIS netgroup map conversion failed."
echo " netgroup table will not be loaded."
continue
fi
then
$ECHO "makedbm -u /var/yp/$YPDOM/timezone.byname \
> $TMPFILE"
if [ $? -eq 0 ]
then
eval "echo makedbm -u OK... $VERB"
if [ $? -eq 1 ]
then
then
echo "**WARNING: couldn't convert timezone!"
echo "Please manually add timezone for $NODOT.\n"
else
fi
fi
else
echo "**WARNING: NIS timezone map conversion failed."
echo " timezone table will not be loaded."
continue
fi
then
$ECHO "makedbm -u /var/yp/$YPDOM/auto.master \
if [ $? -eq 0 ]
then
eval "echo makedbm -u OK... $VERB"
else
OK=""
fi
then
echo "**WARNING: NIS auto.master map conversion failed."
echo " auto.master table will not be loaded."
continue
fi
fi
then
else
then
else
fi
fi
if [ $? -eq 1 ]
then
echo "**WARNING: failed to populate $NISTAB table."
else
then
fi
if [ $? -eq 1 ]
then
echo "**WARNING: failed to populate $NISTAB table."
else
echo "$NISTAB table done."
then
then
fi
fi
fi
fi
echo ""
done
then
echo ""
echo "Done!"
else
echo ""
echo "nispopulate failed to populate the following tables:"
echo "$ERRFOUND"
exit 1
fi
}
#
# Populate from files Routines:
# -----------------------------
#
# This section contains the routine to populate the table from files.
# from_files() - populates the NIS+ tables from files.
# $* table types to be added, defaults to all standard tables
#
#
# from_files(): populates the NIS+ tables from files.
#
{
ERRFOUND=""
then
else
echo ""
fi
# shadow file is only supported in 5.x
then
fi
if [ $# -eq 0 ]
then
STANDARD="standard"
else
TABLES=$*
STANDARD="following"
fi
echo ""
echo "This script will populate the $STANDARD NIS+ tables for domain "
echo "$DOM from the files in ${DIRPATH:-current directory}:"
echo $TABLES
echo ""
then
echo ""
fi
then
fi
# ... populating standard files
do
# ... check if table exits
then
else
echo " $NISTAB table will not be loaded."
then
continue
fi
fi
then
then
else
then
else
fi
fi
if [ $? -eq 1 ]
then
echo "**WARNING: failed to populate $NISTAB table."
else
echo "$NISTAB table done."
then
then
fi
fi
fi
else
echo "**WARNING: file ${DIRPATH}/$EACH does not exist!"
echo " $NISTAB table will not be loaded."
fi
echo ""
done
then
echo ""
echo "Done!"
else
echo ""
echo "nispopulate failed to populate the following tables:"
echo "$ERRFOUND"
exit 1
fi
}
#
# Populate the credential table Routines:
# --------------------------------------
#
# This section contains the routine to populate the credential table from
# either passwd or hosts tabls. Default is both passwd and hosts.
#
# add_cred() - routine to populate credential
# add_cred_auto() - routine to populate credential automatically
# after populating the passwd or hosts table.
#
# print_passwd__add_cred
# print_host__add_cred
# These routines are used by do_cred to create a shell
# commands file that contains a routine (add_cred) which
# is called by each entry in the respective table.
# do_cred subsequently runs this shell script.
#
# do_cred() - populates the NIS+ credential table.
# $* tables to populate from, defaults to both passwd and hosts
# tables.
# do_print_password() - this routine is used to print the
# password used for the credential entries at the END of
# populating all tables (per request of tech pubs).
#
#
# Check that "publickey: nisplus" appears in nsswitch.conf. We
# Do this by stripping comments and the running an awk script.
# The awk script searches for the publickey line and then looks
# for "nisplus" within the line. It prints:
#
# 0 - no publickey entry in nswitch.conf
# 1 - no "nisplus" in publickey entry
# 2 - publickey entry is okay (has "nisplus")
#
/^[ ]*publickey[ ]*:/ {
for (i=2; i<=NF; i++)
if ($(i) == "nisplus") {
found = 2;
exit;
}
found = 1;
exit;
}
END {
if (found)
print found
else
print 0
}
if [ ! -f $NSSWITCH ]
then
echo "**ERROR: the $NSSWITCH file does not exist."
exit 1
fi
then
echo "**ERROR: there is no publickey entry in $NSSWITCH."
echo "It should be:"
echo " publickey: nisplus"
exit 1
then
echo "**ERROR: the publickey entry in $NSSWITCH is:"
echo "It should be:"
echo " publickey: nisplus"
exit 1
fi
}
#
# add_cred(): populate the NIS+ credential from hosts, ipnodes or passwd
# tables. This is for -C option:
# $* tables to populate from.
#
add_cred()
{
then
else
echo ""
fi
then
echo "***WARNING: no credential will be created for level 0 security."
exit
fi
if [ $# -eq 0 ]
then
TABS="passwd hosts ipnodes"
else
TABS=$*
fi
echo ""
echo "This script will populate the NIS+ credential tables for domain "
echo ""
then
echo ""
fi
}
#
# add_cred_auto(): populate the NIS+ credential tables automatically
# after populating the passwd or hosts tables.
# $* table to populate from
#
{
echo ""
echo "Populating the NIS+ credential table for domain $DOM"
echo "from $1 table."
echo ""
do_cred $1
}
#
##################################
# SHELL FILE CREATION ROUTINES
##################################
#
# These routines create the actual cmd files that
# are used in do_cred to load the passwd, hosts and ipnodes tables.
#
##################################
{
### 3 strings are dependent upon user options.
## as listed under "1." "2. & 3."
####
# 1. the form of the nisaddcred command:
####
;;
;;
esac
# 2. & 3. the lines output if verbose has been selected:
VERB1='echo " ...$1 already exists"'
else
VERB1=""
VERB2=""
fi
cat << EOF > $TMPFILE
###################
# WHAT THE PASSWORD FILE LOOKS LIKE
###################
#! /bin/sh
# \$1 user name
# \$2 user id
ERR=2
add_cred()
{
DUMMY=\`nismatch \$1.'$DOM' cred.org_dir.'$DOM' > /dev/null\`
if [ \$? -eq 0 ]; then
$VERB1
return
fi
nisaddcred -p \$2 -P \$1.$DOM local $DOM $VERB
if [ \$? -eq 0 ]; then
$NISADDCRED
if [ \$? -eq 0 ]; then
$VERB2
ERR=0
else
ERR=1
fi
else
ERR=1
fi
}
EOF
##################
# END OF PASSWORD FILE
##################
}
{
### 3 strings are dependent upon user options.
## as listed under "1." "2. & 3."
####
# 1. the form of the nisaddcred command:
####
;;
;;
esac
# 2. & 3. the lines output if verbose has been selected:
VERB1='echo " ...$1 already exists"'
else
VERB1=""
VERB2=""
fi
cat << EOF > $TMPFILE
###################
# WHAT THE HOSTS FILE LOOKS LIKE
###################
#! /bin/sh
# \$1 host name
ERR=2
add_cred()
{
DUMMY=\`nismatch \$1.$DOM cred.org_dir.$DOM > /dev/null\`
if [ \$? -eq 0 ]; then
$VERB1
return
fi
$NISADDCRED
if [ \$? -eq 0 ]; then
ERR=0
$VERB2
else
ERR=1
fi
}
EOF
##################
# END OF HOSTS FILE
##################
}
#
#
# do_cred(): populates the NIS+ credential table.
#
do_cred()
{
if [ $# -eq 0 ]
then
TABLES="passwd hosts ipnodes"
else
TABLES=$*
fi
# ... populating the credential table
do
# ... check if table exits
"passwd")
$ECHO "niscat -M passwd.org_dir.$DOM | \
awk -F: '{ printf (\"add_cred %s %s\n\", \$1, \$3) }' \
>> $TMPFILE"
if [ $? -ne 0 ]
then
DUMP_ERR=1
else
DUMP_ERR=0
fi
;;
"hosts")
awk '{ printf (\"add_cred %s\n\", \$1) }' | \
sort | uniq >> $TMPFILE"
if [ $? -ne 0 ]
then
DUMP_ERR=1
else
DUMP_ERR=0
fi
;;
"ipnodes")
$ECHO "niscat -M ipnodes.org_dir.$DOM | \
awk '{ printf (\"add_cred %s\n\", \$1) }' | \
sort | uniq >> $TMPFILE"
if [ $? -ne 0 ]
then
DUMP_ERR=1
else
DUMP_ERR=0
fi
;;
*) echo "Don't know how to do >>$EACH<<"
exit;;
esac
then
echo "loading credential table..."
if [ $CRED_ERRFOUND -eq 0 ]
then
then
else
fi
fi
else
echo "**ERROR: failed dumping $EACH table."
fi
echo
done
if [ $CRED_ERRFOUND -eq 0 ]
then
echo ""
echo "The credential table for domain $DOM has been populated."
echo
echo "The password used will be $PASSWD."
echo
else
echo ""
echo "nispopulate failed to populate the credential table."
return 1
fi
}
#
# Routine to print password for hosts, ipnodes and password table,
# at END of populating all of the tables.
#
{
then
echo
echo
echo "Credentials have been added for the entries in the"
echo "$CREDTABLESADDED table(s). Each entry was given a default"
echo "network password (also known as a Secure-RPC password)."
echo "This password is:"
echo
echo " $PASSWD"
echo
echo "Use this password when the nisclient script requests the"
echo "network password."
echo
fi
}
#
#
# * * * MAIN * * *
#
parse_arg $*
shift $?
"yp")
from_yp $*;;
"file")
from_files $*;;
"cred")
add_cred $*
*)
echo
echo "**ERROR: you must specify one of these options: -C, -F, or -Y"
esac