pkgdefs/common_files/i.inetdconf

	i.inetdconf revision 7c478bd95313f5f23a4c958a745db2134aa03244
#!/bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident	"%Z%%M%	%I%	%E% SMI"
#

PATH="/usr/bin:/usr/sbin:${PATH}"
export PATH

# inetd_fini	: clean up temp files
inetd_fini() {
	rm -f -- $inetsed $inettmp $inetsedhdr
	return 0
}

# inetd_undo	: restore original file in case of failure
inetd_undo() {
	cat $inetold > $inetconf
	inetd_fini
}

# inetd_remove	: remove daemons specified as arguments by removing
#		  lines from inetd.conf that match the regular
#		  expressions provided on stdin (one per line)
# 		  original file is restored and script exits on failure
inetd_remove() {
	sed -e 's:/:\\/:g' -e 's:.*:/&/ d:' >> $inetsed
	if [ $? -ne 0 ]; then
		echo "Unable to append to $inetsed"
		inetd_undo
		exit 1
	fi
	return 0
}

# We start by building the giant sed script used to clean out the old
# bundled entries.  Broken up into bite-size sections for easier maintenance

# Location for scripts
inetsed=/tmp/inetd.sed.$$
inetsedhdr=/tmp/inetd.sedhdr.$$

# The header editing is built separately so that we only apply it when needed
cat >$inetsedhdr <<EOF
/^#ident/d
/^# Copyright/d
/^# Use is subject to license terms/d
EOF

# Remove the traditional introductory comments
inetd_remove intro_comment <<EOF
^# Configuration file for inetd(1M).  See inetd.conf(4).
^# To re-configure the running inetd process, edit this file, then
^# send the inetd process a SIGHUP.
^# Syntax for socket-based Internet services:
^#  <service_name> <socket_type> <proto> <flags> <user> <server_pathname> <args>
^# Syntax for TLI-based Internet services:
^#  <service_name> tli <proto> <flags> <user> <server_pathname> <args>
EOF

# Remove the RPC syntax comments
inetd_remove rpc_comments <<EOF
^# RPC services syntax:
^#  <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user>
^#  <pathname> <args>
^# <endpoint-type> can be either "tli" or "stream" or "dgram".
^# For "stream" and "dgram" assume that the endpoint is a socket descriptor.
^# <proto> can be either
^# first treated as a nettype. If it is not a valid nettype then it is
^# treated as a netid
^# transports supported by this system, ie. it equates to the "visible"
^# nettype. The syntax for <proto> is:
^#.*<nettype|netid>
^# For example:
^# dummy/1	tli	rpc/circuit_v,udp
EOF

# Remove the IPv6 comment which appeared starting in Solaris 8
inetd_remove ipv6_comment <<EOF
^# IPv6 and inetd.conf
^# By specifying a <proto> value of tcp6 or udp6 for a service, inetd will
^# pass the given daemon an AF_INET6 socket.  The following daemons have
^# been modified to be able to accept AF_INET6 sockets
^#	ftp telnet shell login exec tftp finger printer
^# and service connection requests coming from either IPv4 or IPv6-based
^# transports.  Such modified services do not normally require separate
^# configuration lines for tcp or udp.  For documentation on how to do this
^# for other services, see the Solaris System Administration Guide.
^# You must verify that a service supports IPv6 before specifying <proto> as
^# tcp6 or udp6.  Also, all inetd built-in commands (time, echo, discard,
^# daytime, chargen) require the specification of <proto> as tcp6 or udp6
^# The remote shell server (shell) and the remote execution server
^# (exec) must have an entry for both the "tcp" and "tcp6" <proto> values.
EOF

# Remove entries in inetd.conf for r* deamons
# This also removes the old SEAM unbundled versions of these services
inetd_remove in.rshd in.rlogind in.rexecd in.comsat in.talkd in.fingerd rpc.statd rpc.rusersd rpc.rwalld rpc.sprayd systat netstat <<EOF
^[#	 ]*shell[ 	]*stream
^[# 	]*kshell[ 	]*stream
^[# 	]*login[ 	]*stream
^[# 	]*klogin[ 	]*stream
^[# 	]*eklogin[ 	]*stream
^[# 	]*exec[ 	]*stream
^[# 	]*comsat[ 	]*dgram
^[# 	]*talk[ 	]*dgram
^[# 	]*finger[ 	]*stream
^[# 	]*rstatd/2-4
^[# 	]*rusersd/2-3
^[# 	]*walld/1
^[# 	]*sprayd/1
^[# 	]*systat[ 	]*stream
^[# 	]*netstat[ 	]*stream
^# RSHD
^# RLOGIND
^# REXECD
^# COMSATD
^# TALKD
^# FINGERD
^# RSTATD
^# RUSERSD
^# RWALLD
^# SPRAYD
^# Shell, login, exec, comsat and talk are BSD protocols
^# The spray server is used primarily for testing.
^# The rwall server allows others to post messages to users
^# Rstatd is used by programs such as perfmeter
^#[	 ]*.note:  Kerberos does not yet support ipv6
^# Finger, systat and netstat give out user information which may be
^# valuable to potential "system crackers."  Many sites choose to disable
^# some or all of these services to improve security.
^# The rusers service gives out user information.  Sites concerned
^# with security may choose to disable it.
EOF

# Remove entries in inetd.conf for common network service deamons
inetd_remove time daytime echo discard chargen <<EOF
^[# 	]*time[ 	]*stream
^[# 	]*time[ 	]*dgram
^[# 	]*daytime[ 	]*stream
^[# 	]*daytime[ 	]*dgram
^[# 	]*echo[ 	]*stream
^[# 	]*echo[ 	]*dgram
^[# 	]*discard[ 	]*stream
^[# 	]*discard[ 	]*dgram
^[# 	]*chargen[ 	]*stream
^[# 	]*chargen[ 	]*dgram
^# Time service is used for clock synchronization.
^# Echo, discard, daytime, and chargen are used primarily for testing.
^# Daytime provides a legible form of date and time.
^# Echo is used primarily for testing.
^# Discard is used primarily for testing.
^# Chargen is used primarily for testing.
EOF

# Remove entry in inetd.conf for smserverd daemon
inetd_remove rpc.smserverd <<EOF
^[# 	]*100155/1
^# smserverd
EOF

# Remove entry in inetd.conf for telnetd
# Also removes the old SEAM version
inetd_remove in.telnetd <<EOF
^[# 	]*telnet[ 	]*stream
^[# 	]*telnet.*/usr/krb5/lib/telnetd
^# TELNETD
^# Ftp and telnet are standard Internet services.
EOF

# Remove entry in inetd.conf for in.tnamed
inetd_remove in.tnamed <<EOF
^[# 	]*name[ 	]*dgram
^# TNAMED
^# Tnamed serves the obsolete IEN-116 name server protocol.
EOF

# Remove entry in inetd.conf for printer daemon
inetd_remove in.lpd <<EOF
^[# 	]*printer[ 	]*stream
^# LPD
^# Print Protocol Adaptor - BSD listener
EOF

# Remove entry in inetd.conf for ocfserv daemon
inetd_remove ocfserv <<EOF
^[# 	]*100150/1
^# OCFSERV
^# OCF (Smart card) Daemon
EOF

# Remove entry in inetd.conf for rpc.rexd
inetd_remove rpc.rexd <<EOF
^[# 	]*rexd/1
^# REXD
^# The rexd server provides only minimal authentication
EOF

# Remove entry in inetd.conf for rquotad
inetd_remove rquotad <<EOF
^[# 	]*rquotad/1
^# RQUOTAD
^# Rquotad supports UFS disk quotas for NFS clients
EOF

# Remove entries in inetd.conf for SLVM daemons
inetd_remove rpc.metad rpc.metamhd rpc.metamedd <<EOF
^[# 	]*100229/1
^[# 	]*100230/1
^[#      ]*100242/1
^# METAD
^# METAMHD
^# METAMEDD
^# SLVM Daemons
EOF

# Remove entry in inetd.conf for ktkt_warnd daemon
inetd_remove ktkt_warnd <<EOF
^[# 	]*100134/1
^# KTKT_WARND
^# Kerberos V5 Warning Message Daemon
EOF

# Remove entries in inetd.conf for kpropd
inetd_remove kpropd << EOF
^[# 	]*krb5_prop[ 	]*stream
^# Kerberos V5 DB Propagation Daemon
EOF

# Remove entry in inetd.conf for GSS daemon
inetd_remove gssd <<EOF
^[# 	]*100234/1
^# GSSD
^# GSS Daemon
EOF

# Remove entry in inetd.conf for ftp daemon
# Also removes the old SEAM entry
inetd_remove in.ftpd <<EOF
^[# 	]*ftp[ 	]*stream
^[# 	]*ftp.*/usr/krb5/lib/ftpd
^# FTPD
^# Ftp and telnet are standard Internet services.
EOF

# Remove dr_daemon entry if it is present.
inetd_remove dr_daemon <<EOF
^[# 	]*300326/4[ 	]*tli
EOF

# Remove the DCS entries from /etc/inetd.conf.
inetd_remove dcs <<EOF
^[# 	]*sun-dr[ 	]*stream
EOF

# Remove entry in inetd.conf for uucp daemon
inetd_remove in.uucpd <<EOF
^[# 	]*uucp[ 	]*stream
^# UUCPD
^# Must run as root
EOF

# Not yet converted
# Remove cachefsd
#inetd_remove cachefsd <<EOF
#^[# 	]*100235/1[ 	]*tli
#^# CacheFS Daemon
#EOF

# Remove font server
inetd_remove fs <<EOF
^[# 	]*fs[ 	]*stream
^# Sun Font Server
EOF

# Not yet converted
# Remove ToolTalk DB server
#inetd_remove rpc.ttdbserverd <<EOF
#^[# 	]*100083/1[ 	]*tli
#^# Sun ToolTalk Database Server
#EOF

# Not yet converted
# Remove rpc.cmsd
#inetd_remove rpc.cmsd <<EOF
#^[# 	]*100068/2-5[ 	]*dgram
#^# rpc.cmsd
#^#.*/var/spool/calendar
#EOF

# Not yet converted
# Remove dtspcd
#inetd_remove dtspcd <<EOF
#^[# 	]*dtspc[ 	]*stream
#EOF

# Remove nfsmapid
# Only appears in Solaris 10
inetd_remove nfsmapid <<EOF
^[# 	]*100166/1
^# NFSv4
EOF

# Remove stfsloader
inetd_remove stfsloader <<EOF
^[# 	]*100424/1
^# Standard Type Services Framework
EOF

# Things below here don't appear after Solaris 9

# Remove KCMS
inetd_remove kcms_server <<EOF
^[# 	]*100221/1[ 	]*tli
^# Sun KCMS Profile Server
EOF

# Remove sadmind
inetd_remove sadmind <<EOF
^[# 	]*100232/10[ 	]*tli
^# Solstice system
EOF

# Things below here don't appear after Solaris 8

# Remove ufsd
inetd_remove ufsd <<EOF
^[# 	]*ufsd/1[ 	]*tli
^# UFS-aware service daemon
EOF

# Remove amiserv
inetd_remove amiserv <<EOF
^[# 	]*100146/1[ 	]*tli
^[# 	]*100147/1[ 	]*tli
^# AMI Daemon
EOF

# Things below here don't appear after Solaris 7

# Remove kerbd
inetd_remove kerbd <<EOF
^[# 	]*kerbd/4[ 	]*tli
^# Kerbd Daemon
EOF

# Things below here don't appear after Solaris 2.6

# Remove xaudio
inetd_remove xaudio <<EOF
^[# 	]*xaudio[ 	]*stream
EOF

# End of setup, now process the file
while read src dest
do
	sedhdr="-f $inetsedhdr"

	if [ ! -f $dest ] ; then
		# Must be a fresh install, skip the gymnastics
		cp $src $dest
	else
		inetconf=$dest
		inetold=$dest.preupgrade
		inettmp=/tmp/inetd.tmp.$$

		# Save existing file first
		cp $dest $inetold
		if [ $? -ne 0 ]; then
			echo "Unable to create $inetold"
			exit 1
		fi

		# if new header already there, don't strip copyright or prepend
		# new header
		grep inetconv $inetconf >/dev/null 2>&1 && sedhdr= && src=

		# Execute the stored sed script to remove all standard stuff
		sed $sedhdr -f $inetsed < $inetconf > $inettmp
		if [ $? -ne 0 ]; then
			echo "Unable to create $inettmp"
			inetd_undo
			exit 1
		fi

		# Now we have just the customer/3rd-party records and comments.
		# Stick our new header on the front, and clean up all the
		# extraneous blank comment lines left over from above.
		cmp -s $inetconf $inettmp
		case $? in
		0)	;;
		1)	cat $src $inettmp | nawk '
				BEGIN { lastblank = 0 }
				/^#[ \t]*$/ {
					if (lastblank == 0) {
						lastblank = 1
						print
					}
					next
				}
				{ lastblank = 0; print }
				' > $inetconf
			if [ $? -ne 0 ]; then
				echo "Unable to construct $inetconf"
				inetd_undo
				exit 1
			fi
			;;

		*)	echo "Unable to read $inetconf or $inettmp"
			inetd_undo
			exit 1
			;;
		esac
	fi

	# Add cachefsd if not there
	grep "^[#	 ]*100235/1[ 	]" $dest >/dev/null 2>&1 || \
	    cat >>$dest <<EOF
#
# CacheFS daemon.  Provided only as a basis for conversion by inetconv(1M).
#
100235/1 tli rpc/ticotsord wait root /usr/lib/fs/cachefs/cachefsd cachefsd"
EOF

done

# Clean up temp files
inetd_fini

exit 0