#!/sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
#

# 
# This is a transient service for Trusted Extensions to perform miscellaneous
# set-up in a labeled zone.  It can be extended to disable any selected
# services so they will not be started in zones.
# 

. /lib/svc/share/smf_include.sh


# Add pam entries for labeling.
do_addpam()
{
	pamconf=/etc/pam.conf

	grep '^[ 	]*other.*account.*pam_tsol_account' $pamconf \
	    > /dev/null 2>&1
	if [ $? -ne 0 ] ; then
		# Append new entry
		cat >> $pamconf << EOF
other		account		required	pam_tsol_account.so.1
EOF
	fi
}


# In the global zone, there's nothing to do so this service exits.
if smf_is_globalzone; then
	/usr/sbin/svcadm disable $SMF_FMRI
	exit $SMF_EXIT_OK
fi


# Exit if Trusted Extensions is not enabled.
smf_is_system_labeled || exit $SMF_EXIT_OK


# Add pam entries for the labeled zone.
do_addpam


# Disable any services here (remember to add dependencies to the
# tsol-zones XML manifest) ...


exit $SMF_EXIT_OK