xref: /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/manual-key.xml (revision fec047081731fd77caf46ec0471c501b2cb33894)
1<?xml version="1.0"?>
2<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3<!--
4 Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
5 Use is subject to license terms.
6
7 CDDL HEADER START
8
9 The contents of this file are subject to the terms of the
10 Common Development and Distribution License (the "License").
11 You may not use this file except in compliance with the License.
12
13 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
14 or http://www.opensolaris.org/os/licensing.
15 See the License for the specific language governing permissions
16 and limitations under the License.
17
18 When distributing Covered Code, include this CDDL HEADER in each
19 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
20 If applicable, add the following below this CDDL HEADER, with the
21 fields enclosed by brackets "[]" replaced with your own identifying
22 information: Portions Copyright [yyyy] [name of copyright owner]
23
24 CDDL HEADER END
25
26        NOTE:  This service manifest is not editable; its contents will
27        be overwritten by package or patch operations, including
28        operating system upgrade.  Make customizations in a different
29        file.
30-->
31<service_bundle type='manifest' name='SUNWcsr:manual-key'>
32
33<service
34        name='network/ipsec/manual-key'
35        type='service'
36        version='1'>
37
38        <!-- The 'manual-key' service is delivered disabled
39	because there is not a default configuration file.
40        See note below on changing the default configuration file. -->
41
42        <create_default_instance enabled='false' />
43
44        <single_instance />
45
46	<!-- Read/Write access to /var/run required for lock files -->
47	<dependency
48		name='filesystem'
49		grouping='require_all'
50		restart_on='none'
51		type='service'>
52		<service_fmri
53			value='svc:/system/filesystem/minimal'
54		/>
55	</dependency>
56	<!-- Kernel needs to know IPsec supported algorithms -->
57        <dependency
58                name='algorithms'
59                grouping='require_all'
60                restart_on='none'
61                type='service'>
62                <service_fmri
63                        value='svc:/network/ipsec/ipsecalgs'
64                />
65        </dependency>
66
67        <!-- If we are enabled, we should be running fairly early -->
68
69        <dependent
70                name='ipseckey-network'
71                grouping='optional_all'
72                restart_on='none'>
73                <service_fmri
74                        value='svc:/milestone/network'
75                />
76        </dependent>
77
78        <exec_method
79                type='method'
80                name='start'
81                exec='/usr/sbin/ipseckey -f  %{config/config_file}'
82                timeout_seconds='60'
83        />
84
85	<!-- To prevent ipseckey generating warnings about duplicate
86	SAs when the service is refreshed, ipseckey will flush the
87	existing SAs when its called from smf(7). -->
88
89        <exec_method
90                type='method'
91                name='refresh'
92                exec='/usr/sbin/ipseckey -f  %{config/config_file}'
93                timeout_seconds='60'
94        />
95
96        <exec_method
97                type='method'
98                name='stop'
99                exec='/usr/sbin/ipseckey flush'
100                timeout_seconds='60'
101        />
102
103	<property_group name='general' type='framework'>
104		<!-- A user with this authorization can:
105
106			svcadm restart manual-key
107			svcadm refresh manual-key
108			svcadm mark <state> manual-key
109			svcadm clear manual-key
110
111		see auths(1) and user_attr(5)-->
112
113		<propval
114			name='action_authorization'
115			type='astring'
116			value='solaris.smf.manage.ipsec'
117		/>
118		<!-- A user with this authorization can:
119
120			svcadm disable manual-key
121			svcadm enable manual-key
122
123		see auths(1) and user_attr(5)-->
124
125		<propval
126			name='value_authorization'
127			type='astring'
128			value='solaris.smf.manage.ipsec'
129		/>
130	</property_group>
131
132        <!-- The properties defined below can be changed by a user
133	with 'solaris.smf.value.ipsec' authorization using the
134	svccfg(8) command.
135
136	EG:
137
138        svccfg -s manual-key setprop config/config_file = /new/config_file
139
140	The new configurations will be read on service refresh:
141
142	svcadm refresh ipsec/manual-key
143
144	Note: svcadm disable/enable does not use the new property
145	until after the service has been refreshed.
146
147        ***Do not edit this manifest to change these properties! -->
148
149        <property_group name='config' type='application'>
150                <propval
151                        name='config_file'
152                        type='astring'
153                        value='/etc/inet/secret/ipseckeys'
154                />
155		<propval
156			name='value_authorization'
157			type='astring'
158			value='solaris.smf.value.ipsec'
159		/>
160        </property_group>
161
162        <property_group name='startd' type='framework'>
163                <propval
164                        name='duration'
165                        type='astring'
166                        value='transient'
167                />
168        </property_group>
169
170        <stability value='Unstable' />
171
172        <template>
173                <common_name>
174                        <loctext xml:lang='C'>
175                                manually keyed IPsec startup
176                        </loctext>
177                </common_name>
178                <description>
179                        <loctext xml:lang='C'>
180                                Loads static security associations
181                        </loctext>
182                </description>
183                <documentation>
184                        <manpage title='ipseckey' section='8'
185                                manpath='/usr/share/man' />
186                </documentation>
187        </template>
188</service>
189</service_bundle>
190
191