pkgdefs/common_files/i.nsswitch

	i.nsswitch revision 45916cd2fec6e79bca5dee0421bd39e3c2910d1e
#!/bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"%Z%%M%	%I%	%E% SMI"
#

CLEANUP=/tmp/CLEANUP

write_ipnodes_message() {
echo '\nThe ipnodes policy has been changed to match the hosts' >> $1
echo 'policy. Please review the changes to the ipnodes policy' >> $1
echo 'in the /etc/nsswitch.conf file and refer to the Solaris' >> $1
echo 'Naming Administration Guide for more information' >> $1
echo 'about these changes.\n' >> $1
}

write_sed_script() {
cat > /tmp/sed.scr.$$ << EOF
/hosts:[ 	]*nisplus[ 	][ 	]*dns/i\\
#You must also set up the /etc/resolv.conf file for DNS name\\
#server lookup.  See resolv.conf(4).
EOF
}

write_ipnodes_sed_script() {
cat > /tmp/sed.scr.$$ << EOF
# original hosts entry
/^hosts:/p
# match ipnodes entry to hosts entry
s/^hosts:  /ipnodes:/

# Add a commented out line for ipnodes in the example for adding DNS
# and update the comment found in nsswitch.conf, based on nsswitch.nisplus.
s/#Uncomment the following line/#Uncomment the following two lines/
/^#hosts:/p
s/^#hosts:/#ipnodes:/

# add ipnodes comment before ipnodes policy
/^ipnodes:/i\\
# Note that IPv4 addresses are searched for in all of the ipnodes databases\\
# before searching the hosts databases.
EOF
}

change_ipnodes_sed_script() {
cat > /tmp/sed.scr.$$ << EOF

# find ipnodes comment and delete
/^# Uncomment the following line and comment out the above to resolve/d
/^# both IPv4 and IPv6 addresses from the ipnodes databases. Note that/d
/^# IPv4 addresses are searched in all of the ipnodes databases before/d
/^# searching the hosts databases. Before turning this option on, consult/d
/^# the Network Administration Guide for more details on using IPv6./d
/^#ipnodes:/d

# Add a commented out line for ipnodes in the example for adding DNS
# and update the comment found in nsswitch.conf, based on nsswitch.nisplus.
s/#Uncomment the following line/#Uncomment the following two lines/
/^#hosts:/p
s/^#hosts:/#ipnodes:/

# add new ipnodes comment before ipnodes policy
/^ipnodes:/i\\
# Note that IPv4 addresses are searched for in all of the ipnodes databases\\
# before searching the hosts databases.
EOF
}

while read src dest
do
	if [ ! -f $dest ] ; then
		cp $src $dest
	else
		grep '/etc/nsswitch.nisplus' $dest > /dev/null 2>&1
		if [ $? = 0 ] ; then
			grep 'You must also set up the /etc/resolv.conf' \
			    $dest > /dev/null 2>&1
			if [ $? != 0 ]; then
				write_sed_script
				sed -f /tmp/sed.scr.$$ $dest > /tmp/d.$$
				cp /tmp/d.$$ $dest
				rm -f /tmp/d.$$ /tmp/sed.scr.$$
			fi
		fi
		grep 'nametoaddr_libs of' $dest > /dev/null 2>&1
		if [ $? != 0 ]; then
			cat $dest | \
			sed -e 's/# "hosts:" and "services:" in this file are used only if the \/etc\/netconfig.*/# "hosts:" and "services:" in this file are used only if the/' \
			    -e 's/# file contains "switch.so" as a nametoaddr library for/# \/etc\/netconfig file has a "-" for nametoaddr_libs of/' > /tmp/d2.$$
			cp /tmp/d2.$$ $dest
			rm -f /tmp/d2.$$
		fi

		#
		# If the file contains "xfn" in the "hosts:" line, omit it.
		# The support for "xfn" has been removed
		#
		grep xfn $dest > /dev/null 2>&1
		if [ $? = 0 ]; then
			sed '/hosts:/s/xfn[ 	]*//' $dest > /tmp/d.$$
			cp /tmp/d.$$ $dest
			rm -f /tmp/d.$$
		fi

		# If the file doesn't have a "printers" database entry, add
		# an appropriate entry.  Default to everything if we can't
		# figure out what is appropriate.
		grep printers: $dest > /dev/null 2>&1
		if [ $? != 0 ]; then
			PRINTERS="files nis ldap nisplus"
			egrep '/etc/nsswitch\.(dns|files)' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PRINTERS="files"
			fi
			grep '/etc/nsswitch.nis' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PRINTERS="files nis"
			fi
			grep '/etc/nsswitch.ldap' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PRINTERS="files ldap"
			fi
			grep '/etc/nsswitch.nisplus' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PRINTERS="nisplus files"
			fi
			echo "printers:	user ${PRINTERS}" >>$dest
		else
			#
			# If the file contains "xfn" in the "printers:" line,
			# omit it.  The support for "xfn" has been removed
			#
			grep xfn $dest > /dev/null 2>&1
			if [ $? = 0 ]; then
				sed '/printers:/s/xfn[ 	]*//' $dest > /tmp/d.$$
				cp /tmp/d.$$ $dest
				rm -f /tmp/d.$$
			fi
		fi

		#
		# If not there, add "ipnodes:" databases for unified host
		# addresses.  In all cases except the simple "hosts: files" one,
		# add an ipnodes policy that matches the "hosts" policy and a
		# comment regarding the search order of the "ipnodes" and
		# "hosts" databases.  All of this is followed by a blank line.
		#
		grep -s 'ipnodes:' $dest > /dev/null 2>&1
		if [ $? != 0 ] ; then
			grep -s '^hosts:[ 	]*files[ 	]*$' $dest \
				> /dev/null 2>&1
			if [ $? = 0 ]; then
				sed '/^hosts:/p;s/^hosts.*/ipnodes:    files/' \
					$dest > /tmp/d.$$
				if [ $? = 0 ]; then
					cp /tmp/d.$$ $dest
				fi
			else
				write_ipnodes_sed_script
				sed -f /tmp/sed.scr.$$ $dest > /tmp/d.$$
				if [ $? = 0 ]; then
					cp /tmp/d.$$ $dest
				fi
				rm -f /tmp/sed.scr.$$
			fi
			rm -f /tmp/d.$$
		else
			#
			# The ipnodes policy is there (post S8), we just need
			# to update the ipnodes policy to match the hosts
			# policy.
			#
			grep -s '^hosts:[ 	]*files[ 	]*$' $dest \
				> /dev/null 2>&1
			if [ $? != 0 ]; then
				#
				# find ipnodes entry, delete it and replace it
				# with one matching the hosts policy. Do this
				# only if it's not been changed.
				#
				grep -s '^ipnodes:[ 	]*files[ 	]*$' \
				$dest > /dev/null 2>&1
				if [ $? = 0 ]; then
					sed -e '/^ipnodes:[ 	]*files*$/d' \
					    -e '/^hosts:/p' \
					    -e 's/^hosts:  /ipnodes:/' $dest \
					    > /tmp/d.$$
					if [ $? = 0 ]; then
						cp /tmp/d.$$ $dest
					fi
					if [ "$UPDATE" = yes ]; then
						write_ipnodes_message $CLEANUP
					fi
					rm -f /tmp/d.$$
				fi
				#
				# Now clean up the comments, if they haven't
				# already been cleaned.
				#
				grep -s '^# Note that IPv4 addresses' \
				$dest > /dev/null 2>&1
				if [ $? != 0 ]; then
					change_ipnodes_sed_script
					sed -f /tmp/sed.scr.$$ $dest > /tmp/d.$$
					if [ $? = 0 ]; then
						cp /tmp/d.$$ $dest
					fi
					rm -f /tmp/sed.scr.$$ /tmp/d.$$
				fi
			fi
		fi

		#role-based access control databases
		# Solaris 8 Beta refresh had audit_user, exec_attr and
		# user_attr entries for dns, files, nis, nis+ and ldap.
		# Remove them if they are present
                sed -e '/^# role-based access control/d'\
                    -e '/^exec_attr:/d' \
                    -e '/^user_attr:/d' \
                    -e '/^# audit/d' \
                    -e '/^audit_user:/d' \
                    $dest > /tmp/d.$$
                cp /tmp/d.$$ $dest
                rm -f /tmp/d.$$
		# If the file doesn't have user attr database entries, add
		# appropriate entries.  Default to everything if we can't
		# figure out what is appropriate.
		for DB in auth_attr prof_attr
		do
			grep $DB: $dest > /dev/null 2>&1
			if [ $? != 0 ]; then
				ATTR="files nis nisplus ldap"
				egrep '/etc/nsswitch\.(dns|files)' $dest >\
				    /dev/null 2>&1
				if [ $? = 0 ] ; then
					ATTR="files"
				fi
				grep '/etc/nsswitch.nis' $dest >/dev/null 2>&1
				if [ $? = 0 ] ; then
					ATTR="files nis"
				fi
				grep '/etc/nsswitch.nisplus' $dest >/dev/null \
				    2>&1
				if [ $? = 0 ] ; then
					ATTR="files nisplus"
				fi
				echo "${DB}:	${ATTR}" >> $dest
				grep '/etc/nsswitch.ldap' $dest >/dev/null \
				    2>&1
				if [ $? = 0 ] ; then
					ATTR="files ldap"
				fi
				echo "${DB}:	${ATTR}" >> $dest
			fi
		done

		# If the file doesn't have a "project" database entry, add
		# an appropriate entry.  Default to "files" if we can't
		# figure out what is appropriate.
		grep project: $dest > /dev/null 2>&1
		if [ $? != 0 ]; then
			PROJECT="files"
			egrep '/etc/nsswitch\.(dns|files)' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PROJECT="files"
			fi
			grep '/etc/nsswitch.nis' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PROJECT="files nis"
			fi
			grep '/etc/nsswitch.ldap' $dest >/dev/null 2>&1
			if [ $? = 0 ] ; then
				PROJECT="files ldap"
			fi
			echo "project:    ${PROJECT}" >>$dest
		fi

		# sendmailvars bites the dust in S10
		sed -e '/^sendmailvars:/d' $dest > /tmp/d.$$
		cp /tmp/d.$$ $dest
		rm -f /tmp/d.$$

		# If the file doesn't have Trusted Extensions networking
		# database (TNdb) entries, add appropriate entries. Default
		# to everything if we can't figure out what is appropriate.
		for DB in tnrhtp tnrhdb
		do
			grep $DB: $dest > /dev/null 2>&1
			if [ $? != 0 ]; then
				ATTR="files ldap"
				egrep '/etc/nsswitch\.(dns|files)' $dest >\
				    /dev/null 2>&1
				if [ $? = 0 ] ; then
					ATTR="files"
				fi
				grep '/etc/nsswitch.ldap' $dest >/dev/null \
				    2>&1
				if [ $? = 0 ] ; then
					ATTR="files ldap"
				fi
				echo "${DB}:	${ATTR}" >> $dest
			fi
		done
	fi
done

exit 0