1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/bin/bash
# Author: Steven Shiau <steven _at_ clonezilla org>, Ceasar Sun <ceasar _at_ nchc org tw>
# License: GPL
#
# To generate or clean NIS/YP securenets setting for DRBL clients to access
# Load DRBL setting and functions
DRBL_SCRIPT_PATH="${DRBL_SCRIPT_PATH:-/usr/share/drbl}"
. $DRBL_SCRIPT_PATH/sbin/drbl-conf-functions
#
check_if_root
# main
usage() {
echo "To generate or clean NIS/YP securenets setting for DRBL clients to access"
echo "Usage: $0 [Options] {generate|clean}"
echo "Options:"
echo "-a, --all-subnet: Make all subnet can access to this NIS/YP server."
echo "-n, --no-restart: Not restart NIS/YP service"
echo "-v, --verbose: Verbose mode."
echo "Example: To generate NIS/YP securenets for DRBL clients to access"
echo "$0 generate"
}
# default setting
all_subnet="no"
restart_yp="yes"
while [ $# -gt 0 ]; do
case "$1" in
-a|--all-subnet)
all_subnet="yes"
shift;;
-n|--no-restart)
restart_yp="no"
shift;;
-v|--verbose)
shift; verbose="on"
;;
-*) echo "${0}: ${1}: invalid option" >&2
usage >& 2
exit 2 ;;
*) break ;;
esac
done
switch=$1
[ -z "$switch" ] && usage && exit 1
#
if [ -e /etc/debian_version ]; then
# Debian
securenets_file=/etc/ypserv.securenets
else
# RH-like or SUSE
securenets_file=/var/yp/securenets
fi
case "$switch" in
"generate"|"on")
echo "Now set the YP securenets..."
echo "Backup the original $securenets_file as $securenets_file.drblsave"
[ -f "$securenets_file" ] && mv -f $securenets_file ${securenets_file}.drblsave
time_now="$(date "+%T %Y/%m/%d")"
cat <<EOF > $securenets_file
# Generated by DRBL at $time_now
255.0.0.0 127.0.0.0
EOF
# for DRBL server
echo "# For DRBL server" >> $securenets_file
private_ips="$(get-all-nic-ip --all-ip-address)"
for ip in $private_ips; do
cat <<EOF >> $securenets_file
255.255.255.255 $ip
EOF
done
echo >> $securenets_file
echo "# For DRBL clients" >> $securenets_file
if [ "$all_subnet" = "yes" ]; then
# for DRBL clients
# open the subnet to clients
echo "Exporting whole subnet to clients..."
subnet_list="$(get-client-ip-list | awk -F"." '{print $1"."$2"."$3}' | sort | uniq )"
for subnet in $subnet_list; do
cat <<EOF >> $securenets_file
255.255.255.0 ${subnet}.0
EOF
done
else
# line by line set
for ip in `get-client-ip-list`; do
cat <<EOF >> $securenets_file
255.255.255.255 $ip
EOF
done
fi
echo "The $securenets_file setting is done!"
# restart yp if necessary
if [ "$restart_yp" = "yes" ]; then
echo "Restarting NIS service..."
echo "$msg_delimiter_star_line"
/etc/init.d/$YP_SRV_NAME restart
echo "$msg_delimiter_star_line"
fi
;;
"clean"|"off")
echo "Now disable the YP access for DRBL clients..."
# stop yp if necessary
if [ "$restart_yp" = "yes" ]; then
echo "Stopping NIS service..."
echo "$msg_delimiter_star_line"
if [ -n "$(command -v systemctl 2>/dev/null)" -a \
-e "/lib/systemd/system/$YP_SRV_NAME.service" ]; then
# For systemd
systemctl stop $YP_SRV_NAME.service
fi
if [ -x "/etc/init.d/$YP_SRV_NAME" ]; then
# For SysV service
/etc/init.d/$YP_SRV_NAME stop
fi
echo "$msg_delimiter_star_line"
fi
echo "done!"
if [ -f $securenets_file ]; then
echo "Remove the $securenets_file..."
mv -f $securenets_file ${securenets_file}.drblsave
fi
;;
*)
usage
exit 1
;;
esac
|
