1#!/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23# Use is subject to license terms. 24# 25# 26 27# This script provides a simple GUI for managing labeled zones. 28# It takes no arguments, but provides contextual menus which 29# provide appropriate choices. It must be run in the global 30# zone as root. 31 32NSCD_PER_LABEL=0 33NSCD_INDICATOR="/var/tsol/doors/nscd_per_label" 34export NSCD_PER_LABEL 35export NSCD_INDICATOR 36if [ -f $NSCD_INDICATOR ] ; then 37 NSCD_PER_LABEL=1 38fi 39PATH=/usr/bin:/usr/sbin:/usr/lib export PATH 40title="Labeled Zone Manager" 41maxlabel=`chk_encodings -X 2>/dev/null` 42if [[ ! -n $maxlabel ]]; then 43 maxlabel=0x000a-08-f8 44fi 45zonename="" 46export zonename 47config=/tmp/zfg.$$ ; 48 49consoleCheck() { 50 zconsole=`pgrep -f "zlogin -C $zonename"` 51 if [ $? != 0 ]; then 52 console="Zone Console...\n" 53 fi 54} 55 56labelCheck() { 57 hexlabel=`/bin/grep "^$zonename:" \ 58 /etc/security/tsol/tnzonecfg|cut -d ":" -f2`; 59 if [ $hexlabel ] ; then 60 label= 61 curlabel=`hextoalabel $hexlabel` 62 else 63 label="Select Label...\n" 64 curlabel=... 65 fi 66} 67 68snapshotCheck() { 69 filesystem=`zfs list -t snapshot |grep $ZDSET/$zonename |cut -d " " -f1` 70 if [[ -n $filesystem ]]; then 71 snapshot="Create Snapshot\n" 72 fi 73} 74 75copyCheck() { 76 zonelist="" 77 for p in `zoneadm list -ip`; do 78 q=`echo $p|cut -d ":" -f2` 79 if [ $q != $zonename ]; then 80 zonelist="$zonelist $q" 81 fi 82 done 83 if [[ -n $zonelist ]]; then 84 copy="Copy...\n"; \ 85 clone="Clone\n"; \ 86 fi 87} 88 89relabelCheck() { 90 macstate=`zonecfg -z $zonename info|grep win_mac_write` 91 if [[ -n $macstate ]]; then 92 permitrelabel="Deny Relabeling\n" 93 else 94 permitrelabel="Permit Relabeling\n" 95 fi 96} 97 98selectLabel() { 99 labelList="" 100 for p in `lslabels -h $maxlabel`; do 101 hexlabel=`/bin/grep :$p: /etc/security/tsol/tnzonecfg` 102 if [ $? != 0 ]; then 103 newlabel=`hextoalabel $p` 104 labelList="$labelList $newlabel\n" 105 fi 106 done 107 alabel=$(echo $labelList|zenity --list \ 108 --title="$title" \ 109 --height=300 \ 110 --width=400 \ 111 --column="Available Sensitivity Labels") 112 113 if [[ -n $alabel ]]; then 114 newlabel=`atohexlabel "$alabel" 2>/dev/null` 115 if [[ -n $newlabel ]]; then 116 echo $zonename:$newlabel:0:: >> /etc/security/tsol/tnzonecfg 117 else 118 x=$(zenity --error \ 119 --title="$title" \ 120 --text="$alabel is not valid") 121 fi 122 fi 123} 124 125resolveXdisplay() { 126 export ZONE_PATH 127 export ZONE_ETC_DIR 128 export IPNODES 129 export LIST 130 ERRORLIST="" 131 export ERRORLIST 132 # if using nscd-per-label then we have to be sure the global zone's 133 # hostname resolves because it is used for DISPLAY in X 134 ghostname=`hostname` 135 export ghostname 136 137 if [[ -n "$1" ]] ; then 138 LIST=`zoneadm list -ip | grep ":$1:"` 139 else 140 LIST=`zoneadm list -ip | grep -v "global"` 141 fi 142 143 gipaddress=`getent hosts $ghostname|cut -f1` 144 for i in $LIST; do 145 ZONE_PATH=`echo "$i" |cut -d ":" -f4` 146 ZONE_ETC_DIR=$ZONE_PATH/root/etc 147 IPNODES=${ZONE_ETC_DIR}/inet/ipnodes 148 149 # Rather than toggle on and off with NSCD_PER_LABEL, put the 150 # information in there and a sysadmin can remove it if necessary 151 # $DISPLAY will not work in X without global hostname 152 ENTRY=`grep $ghostname $IPNODES` 153 case "$ENTRY" in 154 127.0.0.1* ) 155 if [[ -z $ERRORLIST ]] ; then 156 ERRORLIST="$ghostname address 127.0.0.1 found in:\n" 157 fi 158 ERRORLIST="$ERRORLIST $IPNODES\n" 159 ;; 160 "") 161 gipaddress=`getent hosts $ghostname|cut -f1` 162 echo "$gipaddress\t$ghostname" >> $IPNODES 163 ;; 164 *) 165 continue 166 ;; 167 168 esac 169 done 170 if [[ -n "$ERRORLIST" ]] ; then 171 x=$(zenity --error \ 172 --title="$title" \ 173 --text="WARNING:\n\n\n$ERRORLIST\n\n") 174 fi 175} 176 177clone() { 178 image=`zfs list -t snapshot |grep snapshot|cut -d " " -f1| \ 179 zenity --list \ 180 --title="$title" \ 181 --height=300 \ 182 --column="ZFS Zone Snapshots"` 183 if [[ -n $image ]]; then 184 dataset=`zfs list |grep $ZDSET/$zonename |cut -d " " -f1` 185 if [[ -n $dataset ]]; then 186 /usr/sbin/zfs destroy $ZDSET/$zonename 187 fi 188 /usr/sbin/zfs clone $image $ZDSET/$zonename 189 /usr/sbin/zfs set mountpoint=/zone/$zonename $ZDSET/$zonename 190 191 /usr/sbin/zoneadm -z $zonename attach -F 192 if [ ! -f /var/ldap/ldap_client_file ]; then 193 if [ $NSCD_PER_LABEL = 0 ] ; then 194 sharePasswd 195 else 196 unsharePasswd 197 resolveXdisplay 198 fi 199 fi 200 fi 201} 202 203copy() { 204 205 image=`zenity --list \ 206 --title="$title: Copy From" \ 207 --height=300 \ 208 --column="Installed Zones" $zonelist` 209 210 /usr/bin/gnome-terminal \ 211 --title="$title: Copying $image to $zonename zone" \ 212 --command "zoneadm -z $zonename clone -m copy $image" \ 213 --disable-factory \ 214 --hide-menubar 215 216 if [ ! -f /var/ldap/ldap_client_file ]; then 217 if [ $NSCD_PER_LABEL = 0 ] ; then 218 sharePasswd 219 else 220 unsharePasswd 221 resolveXdisplay 222 fi 223 fi 224} 225 226initialize() { 227 hostname=`hostname` 228 hostname=$(zenity --entry \ 229 --title="$title" \ 230 --text="Enter Host Name: " \ 231 --entry-text $hostname) 232 if [ $? != 0 ]; then 233 exit 1 234 fi 235 236 ZONE_PATH=`zoneadm list -ip|grep ":${zonename}:"|cut -d ":" -f4` 237 if [ -z "$ZONE_PATH" ] ; then 238 x=$(zenity --error \ 239 --title="$title" \ 240 --text="$zonename is not an installed zone") 241 exit 1 242 fi 243 ZONE_ETC_DIR=$ZONE_PATH/root/etc 244 ipaddress=`getent hosts $hostname|cut -f1` 245 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 246 247 if [ -f /var/ldap/ldap_client_file ]; then 248 ldapaddress=`ldapclient list | \ 249 /bin/grep "^NS_LDAP_SERVERS" | cut -d " " -f2` 250 echo "name_service=LDAP {" > ${SYSIDCFG} 251 domain=`domainname` 252 echo "domain_name=$domain" >> ${SYSIDCFG} 253 profName=`ldapclient list | \ 254 /bin/grep "^NS_LDAP_PROFILE" | cut -d " " -f2` 255 proxyPwd=`ldapclient list | \ 256 /bin/grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2` 257 proxyDN=`ldapclient list | \ 258 /bin/grep "^NS_LDAP_BINDDN" | cut -d " " -f 2` 259 if [ "$proxyDN" ]; then 260 echo "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 261 echo "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 262 fi 263 echo "profile=$profName" >> ${SYSIDCFG} 264 echo "profile_server=$ldapaddress }" >> ${SYSIDCFG} 265 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 266 else 267 echo "name_service=NONE" > ${SYSIDCFG} 268 if [ $NSCD_PER_LABEL = 0 ] ; then 269 sharePasswd 270 else 271 # had to put resolveXdisplay lower down for this case 272 unsharePasswd 273 fi 274 fi 275 276 echo "security_policy=NONE" >> ${SYSIDCFG} 277 locale=`locale|grep LANG | cut -d "=" -f2` 278 if [[ -z $locale ]]; then 279 locale="C" 280 fi 281 echo "system_locale=$locale" >> ${SYSIDCFG} 282 timezone=`/bin/grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2` 283 echo "timezone=$timezone" >> ${SYSIDCFG} 284 echo "terminal=vt100" >> ${SYSIDCFG} 285 rootpwd=`/bin/grep "^root:" /etc/shadow|cut -d ":" -f2` 286 echo "root_password=$rootpwd" >> ${SYSIDCFG} 287 echo "network_interface=PRIMARY {" >> ${SYSIDCFG} 288 echo "protocol_ipv6=no" >> ${SYSIDCFG} 289 echo "hostname=$hostname" >> ${SYSIDCFG} 290 echo "ip_address=$ipaddress }" >> ${SYSIDCFG} 291 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 292 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 293 if [ $NSCD_PER_LABEL = 1 ] ; then 294 resolveXdisplay 295 fi 296} 297 298install() { 299 # if there is a zfs pool for zone 300 # create a new dataset for the zone 301 # This step is done automatically by zonecfg 302 # in Solaris Express 8/06 or newer 303 304 if [ $ZDSET != none ]; then 305 zfs create -o mountpoint=/zone/$zonename \ 306 $ZDSET/$zonename 307 chmod 700 /zone/$zonename 308 fi 309 310 /usr/bin/gnome-terminal \ 311 --title="$title: Installing $zonename zone" \ 312 --command "zoneadm -z $zonename install" \ 313 --disable-factory \ 314 --hide-menubar 315 316 initialize 317} 318 319delete() { 320 # if there is an entry for this zone in tnzonecfg, remove it 321 # before deleting the zone. 322 323 tnzone=`egrep "^$zonename:" /etc/security/tsol/tnzonecfg 2>/dev/null` 324 if [ -n "${tnzone}" ]; then 325 sed -e "/^$tnzone:*/d" /etc/security/tsol/tnzonecfg > \ 326 /tmp/tnzonefg.$$ 2>/dev/null 327 mv /tmp/tnzonefg.$$ /etc/security/tsol/tnzonecfg 328 fi 329 zonecfg -z $zonename delete -F 330 dataset=`zfs list |grep $ZDSET/$zonename |cut -d " " -f1` 331 if [[ -n $dataset ]]; then 332 /usr/sbin/zfs destroy $ZDSET/$zonename 333 fi 334 zonename= 335} 336 337getNIC(){ 338 339 nics= 340 for i in `ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK` 341 do 342 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 343 if [ $? -eq 1 ]; then 344 continue 345 fi 346 i=${i%:} # Remove colon after interface name 347 echo $i |grep ":" >/dev/null 2>&1 348 if [ $? -eq 0 ]; then 349 continue 350 fi 351 nics="$nics $i" 352 done 353 354 nic=$(zenity --list \ 355 --title="$title" \ 356 --column="Interface" \ 357 $nics) 358} 359 360getNetmask() { 361 362 cidr= 363 nm=$(zenity --entry \ 364 --title="$title" \ 365 --text="$ipaddr: Enter netmask: " \ 366 --entry-text 255.255.255.0) 367 if [ $? != 0 ]; then 368 return; 369 fi 370 371 cidr=`perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm` 372} 373 374addNet() { 375 getNIC 376 if [[ -z $nic ]]; then 377 return; 378 fi 379 getIPaddr 380 if [[ -z $ipaddr ]]; then 381 return; 382 fi 383 getNetmask 384 if [[ -z $cidr ]]; then 385 return; 386 fi 387 zcfg=" 388add net 389set address=${ipaddr}/${cidr} 390set physical=$nic 391end 392commit 393" 394 echo "$zcfg" > $config ; 395 zonecfg -z $zonename -f $config ; 396 rm $config 397} 398 399getAttrs() { 400 zone=global 401 type=ignore 402 for j in `ifconfig $nic` 403 do 404 case $j in 405 inet) type=$j;; 406 zone) type=$j;; 407 all-zones) zone=all-zones;; 408 flags*) flags=$j;; 409 *) case $type in 410 inet) ipaddr=$j ;; 411 zone) zone=$j ;; 412 *) continue ;; 413 esac;\ 414 type=ignore;; 415 esac 416 done 417 if [ $ipaddr != 0.0.0.0 ]; then 418 template=`tninfo -h $ipaddr|grep Template| cut -d" " -f3` 419 else 420 template="..." 421 ipaddr="..." 422 fi 423} 424 425updateTnrhdb() { 426 tnctl -h ${ipaddr}:$template 427 x=`grep "^${ipaddr}[^0-9]" /etc/security/tsol/tnrhdb` 428 if [ $? = 0 ]; then 429 sed s/$x/${ipaddr}:$template/g /etc/security/tsol/tnrhdb \ 430 > /tmp/txnetmgr.$$ 431 mv /tmp/txnetmgr.$$ /etc/security/tsol/tnrhdb 432 else 433 echo ${ipaddr}:$template >> /etc/security/tsol/tnrhdb 434 fi 435} 436 437getIPaddr() { 438 hostname=$(zenity --entry \ 439 --title="$title" \ 440 --text="$nic: Enter hostname: ") 441 442 if [ $? != 0 ]; then 443 return; 444 fi 445 446 ipaddr=`getent hosts $hostname|cut -f1` 447 if [[ -z $ipaddr ]]; then 448 449 ipaddr=$(zenity --entry \ 450 --title="$title" \ 451 --text="$nic: Enter IP address: " \ 452 --entry-text a.b.c.d) 453 if [ $? != 0 ]; then 454 return; 455 fi 456 fi 457 458} 459 460addHost() { 461 # Update hosts and ipnodes 462 if [[ -z $ipaddr ]]; then 463 return; 464 fi 465 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 466 if [ $? -eq 1 ]; then 467 echo "$ipaddr\t$hostname" >> /etc/inet/hosts 468 fi 469 470 grep "^${ipaddr}[^0-9]" /etc/inet/ipnodes >/dev/null 471 if [ $? -eq 1 ]; then 472 echo "$ipaddr\t$hostname" >> /etc/inet/ipnodes 473 fi 474 475 template=cipso 476 updateTnrhdb 477 478 ifconfig $nic $ipaddr netmask + broadcast + 479 echo $hostname > /etc/hostname.$nic 480} 481 482getTemplate() { 483 templates=$(cat /etc/security/tsol/tnrhtp|\ 484 grep "^[A-z]"|grep "type=cipso"|cut -f1 -d":") 485 486 while [ 1 -gt 0 ]; do 487 t_cmd=$(zenity --list \ 488 --title="$title" \ 489 --height=300 \ 490 --column="Network Templates" \ 491 $templates) 492 493 if [ $? != 0 ]; then 494 break; 495 fi 496 497 t_label=$(tninfo -t $t_cmd | grep sl|zenity --list \ 498 --title="$title" \ 499 --height=300 \ 500 --width=450 \ 501 --column="Click OK to associate $t_cmd template with $ipaddr" ) 502 503 if [ $? != 0 ]; then 504 continue 505 fi 506 template=$t_cmd 507 updateTnrhdb 508 break 509 done 510} 511 512createInterface() { 513 msg=`ifconfig $nic addif 0.0.0.0` 514 $(zenity --info \ 515 --title="$title" \ 516 --text="$msg" ) 517} 518 519shareInterface() { 520 ifconfig $nic all-zones;\ 521 if_file=/etc/hostname.$nic 522 sed q | sed -e "s/$/ all-zones/" < $if_file >/tmp/txnetmgr.$$ 523 mv /tmp/txnetmgr.$$ $if_file 524} 525 526setMacPrivs() { 527 zcfg=" 528set limitpriv=default,win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,file_downgrade_sl,file_upgrade_sl,sys_trans_label 529commit 530" 531 echo "$zcfg" > $config ; 532 zonecfg -z $zonename -f $config ; 533 rm $config 534} 535 536resetMacPrivs() { 537 zcfg=" 538set limitpriv=default 539commit 540" 541 echo "$zcfg" > $config ; 542 zonecfg -z $zonename -f $config ; 543 rm $config 544} 545 546unsharePasswd() { 547 for i in `zoneadm list -i | grep -v global`; do 548 zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such 549 zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such 550 done 551} 552 553sharePasswd() { 554 if [ $NSCD_PER_LABEL -ne 0 ] ; then 555 return 556 fi 557 passwd=`zonecfg -z $zonename info|grep /etc/passwd` 558 if [[ $? -eq 1 ]]; then 559 zcfg=" 560add fs 561set special=/etc/passwd 562set dir=/etc/passwd 563set type=lofs 564add options ro 565end 566add fs 567set special=/etc/shadow 568set dir=/etc/shadow 569set type=lofs 570add options ro 571end 572commit 573" 574 echo "$zcfg" > $config ; 575 zonecfg -z $zonename -f $config ; 576 rm $config 577 fi 578} 579 580# This routine is a toggle -- if we find it configured for global nscd, 581# change to nscd-per-label and vice-versa. 582# 583# The user was presented with only the choice to CHANGE the existing 584# configuration. 585 586manageNscd() { 587 if [ $NSCD_PER_LABEL -eq 0 ] ; then 588 # this MUST be a regular file for svc-nscd to detect 589 touch $NSCD_INDICATOR 590 NSCD_PER_LABEL=1 591 unsharePasswd 592 resolveXdisplay 593 else 594 export zonename 595 rm -f $NSCD_INDICATOR 596 NSCD_PER_LABEL=0 597 for i in `zoneadm list -i | grep -v global`; do 598 zonename=$i 599 sharePasswd 600 done 601 zonename= 602 fi 603} 604 605manageNets() { 606 while [ 1 -gt 0 ]; do 607 attrs= 608 for i in `ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK` 609 do 610 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 611 if [ $? -eq 1 ]; then 612 continue 613 fi 614 nic=${i%:} # Remove colon after interface name 615 getAttrs 616 attrs="$nic $zone $ipaddr $template Up $attrs" 617 done 618 619 for i in `ifconfig -ad4 |grep "^[a-z].*:" |grep -v LOOPBACK` 620 do 621 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 622 if [ $? -eq 1 ]; then 623 continue 624 fi 625 nic=${i%:} # Remove colon after interface name 626 getAttrs 627 attrs="$nic $zone $ipaddr $template Down $attrs" 628 done 629 630 nic=$(zenity --list \ 631 --title="$title" \ 632 --height=300 \ 633 --width=450 \ 634 --column="Interface" \ 635 --column="Zone Name" \ 636 --column="IP Address" \ 637 --column="Template" \ 638 --column="State" \ 639 $attrs) 640 641 if [[ -z $nic ]]; then 642 return 643 fi 644 645 getAttrs 646 647 # Clear list of commands 648 649 share= 650 setipaddr= 651 settemplate= 652 newlogical= 653 unplumb= 654 bringup= 655 bringdown= 656 657 # Check for physical interface 658 659 hascolon=`echo $nic |grep :` 660 if [ $? != 0 ]; then 661 newlogical="Create Logical Interface\n"; 662 else 663 up=`echo $flags|grep "UP,"` 664 if [ $? != 0 ]; then 665 unplumb="Remove Logical Interface\n" 666 if [ $ipaddr != "..." ]; then 667 bringup="Bring Up\n" 668 fi 669 else 670 bringdown="Bring Down\n" 671 fi 672 fi 673 674 if [ $ipaddr = "..." ]; then 675 setipaddr="Set IP address...\n"; 676 else 677 settemplate="View Templates...\n" 678 if [ $zone = global ]; then 679 share="Share\n" 680 fi 681 fi 682 683 command=$(echo ""\ 684 $share \ 685 $setipaddr \ 686 $settemplate \ 687 $newlogical \ 688 $unplumb \ 689 $bringup \ 690 $bringdown \ 691 | zenity --list \ 692 --title="$title" \ 693 --height=300 \ 694 --column "Interface: $nic" ) 695 696 case $command in 697 " Create Logical Interface")\ 698 createInterface;; 699 " Set IP address...")\ 700 getIPaddr 701 addHost;; 702 " Share")\ 703 shareInterface;; 704 " View Templates...")\ 705 getTemplate;; 706 " Remove Logical Interface")\ 707 ifconfig $nic unplumb;\ 708 rm -f /etc/hostname.$nic;; 709 " Bring Up")\ 710 ifconfig $nic up;; 711 " Bring Down")\ 712 ifconfig $nic down;; 713 *) continue;; 714 esac 715 done 716} 717 718createLDAPclient() { 719 ldaptitle="$title: Create LDAP Client" 720 ldapdomain=$(zenity --entry \ 721 --width=400 \ 722 --title="$ldaptitle" \ 723 --text="Enter Domain Name: ") 724 ldapserver=$(zenity --entry \ 725 --width=400 \ 726 --title="$ldaptitle" \ 727 --text="Enter Hostname of LDAP Server: ") 728 ldapserveraddr=$(zenity --entry \ 729 --width=400 \ 730 --title="$ldaptitle" \ 731 --text="Enter IP adddress of LDAP Server $ldapserver: ") 732 ldappassword="" 733 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]]; do 734 ldappassword=$(zenity --entry \ 735 --width=400 \ 736 --title="$ldaptitle" \ 737 --hide-text \ 738 --text="Enter LDAP Proxy Password:") 739 ldappasswordconfirm=$(zenity --entry \ 740 --width=400 \ 741 --title="$ldaptitle" \ 742 --hide-text \ 743 --text="Confirm LDAP Proxy Password:") 744 done 745 ldapprofile=$(zenity --entry \ 746 --width=400 \ 747 --title="$ldaptitle" \ 748 --text="Enter LDAP Profile Name: ") 749 whatnext=$(zenity --list \ 750 --width=400 \ 751 --height=250 \ 752 --title="$ldaptitle" \ 753 --text="Proceed to create LDAP Client?" \ 754 --column=Parameter --column=Value \ 755 "Domain Name" "$ldapdomain" \ 756 "Hostname" "$ldapserver" \ 757 "IP Address" "$ldapserveraddr" \ 758 "Password" "`echo "$ldappassword" | sed 's/./*/g'`" \ 759 "Profile" "$ldapprofile") 760 if [ $? != 0 ]; then 761 return 762 fi 763 764 /bin/grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 765 if [ $? -eq 1 ]; then 766 /bin/echo "$ldapserveraddr $ldapserver" >> /etc/hosts 767 fi 768 769 /bin/grep "${ldapserver}:" /etc/security/tsol/tnrhdb > /dev/null 770 if [ $? -eq 1 ]; then 771 /bin/echo "# ${ldapserver} - ldap server" \ 772 >> /etc/security/tsol/tnrhdb 773 /bin/echo "${ldapserveraddr}:cipso" \ 774 >> /etc/security/tsol/tnrhdb 775 /usr/sbin/tnctl -h "${ldapserveraddr}:cipso" 776 fi 777 778 proxyDN=`echo $ldapdomain|awk -F"." \ 779 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }"` 780 781 zenity --info \ 782 --title="$ldaptitle" \ 783 --width=500 \ 784 --text="global zone will be LDAP client of $ldapserver" 785 786 ldapout=/tmp/ldapclient.$$ 787 788 ldapclient init -a profileName="$ldapprofile" \ 789 -a domainName="$ldapdomain" \ 790 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 791 -a proxyPassword="$ldappassword" \ 792 "$ldapserveraddr" >$ldapout 2>&1 793 794 if [ $? -eq 0 ]; then 795 ldapstatus=Success 796 else 797 ldapstatus=Error 798 fi 799 800 zenity --text-info \ 801 --width=700 \ 802 --height=300 \ 803 --title="$ldaptitle: $ldapstatus" \ 804 --filename=$ldapout 805 806 rm -f $ldapout 807 808 809} 810 811# Loop for single-zone menu 812singleZone() { 813 814 while [ "${command}" != Exit ]; do 815 if [[ ! -n $zonename ]]; then 816 x=$(zenity --error \ 817 --title="$title" \ 818 --text="zonename \"$zonename\" is not valid") 819 return 820 fi 821 # Clear list of commands 822 823 console= 824 label= 825 start= 826 reboot= 827 stop= 828 clone= 829 copy= 830 install= 831 ready= 832 uninstall= 833 delete= 834 snapshot= 835 addnet= 836 deletenet= 837 permitrelabel= 838 839 zonestate=`zoneadm -z $zonename list -p | cut -d ":" -f 3` 840 841 consoleCheck; 842 labelCheck; 843 delay=0 844 845 case $zonestate in 846 running) ready="Ready\n"; \ 847 reboot="Reboot\n"; \ 848 stop="Halt\n"; \ 849 ;; 850 ready) start="Boot\n"; \ 851 stop="Halt\n" \ 852 ;; 853 installed) 854 if [[ -z $label ]]; then \ 855 ready="Ready\n"; \ 856 start="Boot\n"; \ 857 fi; \ 858 uninstall="Uninstall\n"; \ 859 snapshotCheck; \ 860 relabelCheck; 861 addnet="Add Network...\n" 862 ;; 863 configured) install="Install...\n"; \ 864 copyCheck; \ 865 delete="Delete\n"; \ 866 console=; \ 867 ;; 868 incomplete) delete="Delete\n"; \ 869 ;; 870 *) 871 ;; 872 esac 873 874 command=$(echo ""\ 875 $console \ 876 $label \ 877 $start \ 878 $reboot \ 879 $stop \ 880 $clone \ 881 $copy \ 882 $install \ 883 $ready \ 884 $uninstall \ 885 $delete \ 886 $snapshot \ 887 $addnet \ 888 $deletenet \ 889 $permitrelabel \ 890 "Return to Main Menu" \ 891 | zenity --list \ 892 --title="$title" \ 893 --height=300 \ 894 --column "$zonename: $zonestate" ) 895 896 case $command in 897 " Zone Console...") 898 delay=2; \ 899 /usr/bin/gnome-terminal \ 900 --title="Zone Terminal Console: $zonename" \ 901 --command "/usr/sbin/zlogin -C $zonename" &;; 902 903 " Select Label...") 904 selectLabel;; 905 906 " Ready") 907 zoneadm -z $zonename ready ;; 908 909 " Boot") 910 zoneadm -z $zonename boot ;; 911 912 " Halt") 913 zoneadm -z $zonename halt ;; 914 915 " Reboot") 916 zoneadm -z $zonename reboot ;; 917 918 " Install...") 919 install;; 920 921 " Clone") 922 clone ;; 923 924 " Copy...") 925 copy ;; 926 927 " Uninstall") 928 zoneadm -z $zonename uninstall -F;; 929 930 " Delete") 931 delete 932 return ;; 933 934 " Create Snapshot") 935 zfs snapshot $ZDSET/${zonename}@snapshot;; 936 937 " Add Network...") 938 addNet ;; 939 940 " Permit Relabeling") 941 setMacPrivs ;; 942 943 " Deny Relabeling") 944 resetMacPrivs ;; 945 946 *) 947 zonename= 948 return ;; 949 esac 950 sleep $delay; 951 done 952} 953 954# Main loop for top-level window 955# 956 957 958ZDSET=none 959# are there any zfs pools? 960zpool iostat 1>/dev/null 2>&1 961if [ $? = 0 ]; then 962 # is there a zfs pool named "zone"? 963 zpool list -H zone 1>/dev/null 2>&1 964 if [ $? = 0 ]; then 965 # yes 966 ZDSET=zone 967 else 968 # no, but is there a root pool? 969 rootfs=`df -n / | awk '{print $3}'` 970 if [ $rootfs = "zfs" ]; then 971 # yes, use it 972 ZDSET=`zfs list -Ho name / | cut -d/ -f 1`/zones 973 zfs list -H $ZDSET 1>/dev/null 2>&1 974 if [ $? = 1 ]; then 975 zfs create -o mountpoint=/zone $ZDSET 976 fi 977 fi 978 fi 979fi 980 981export NSCD_OPT 982while [ "${command}" != Exit ]; do 983 zonelist="" 984 for p in `zoneadm list -cp |grep -v global:`; do 985 zonename=`echo $p|cut -d : -f2` 986 state=`echo $p|cut -d : -f3` 987 labelCheck 988 zonelist="$zonelist$zonename\n$state\n$curlabel\n" 989 done 990 991 if [ $NSCD_PER_LABEL -eq 0 ] ; then 992 NSCD_OPT="Configure per-zone name service" 993 else 994 NSCD_OPT="Unconfigure per-zone name service" 995 fi 996 zonelist=${zonelist}"Manage Network Interfaces...\n\n\n" 997 zonelist=${zonelist}"Create a new zone...\n\n\n" 998 zonelist=${zonelist}"${NSCD_OPT}" 999 zonelist=${zonelist}"\n\n\nCreate LDAP Client...\n\n\n" 1000 zonelist=${zonelist}"Exit\n\n" 1001 1002 zonename="" 1003 topcommand=$(echo $zonelist|zenity --list \ 1004 --title="$title" \ 1005 --height=300 \ 1006 --width=500 \ 1007 --column="Zone Name" \ 1008 --column="Status" \ 1009 --column="Sensitivity Label" \ 1010 ) 1011 1012 if [[ ! -n $topcommand ]]; then 1013 command=Exit 1014 exit 1015 fi 1016 1017 if [ "$topcommand" = "$NSCD_OPT" ]; then 1018 topcommand= 1019 manageNscd 1020 continue 1021 elif [ "$topcommand" = "Manage Network Interfaces..." ]; then 1022 topcommand= 1023 manageNets 1024 continue 1025 elif [ "$topcommand" = "Exit" ]; then 1026 command=Exit 1027 exit 1028 elif [ "$topcommand" = "Create a new zone..." ]; then 1029 zonename=$(zenity --entry \ 1030 --title="$title" \ 1031 --entry-text="" \ 1032 --text="Enter Zone Name: ") 1033 1034 if [[ ! -n $zonename ]]; then 1035 continue 1036 fi 1037 1038 zcfg=" 1039create -t SUNWtsoldef 1040set zonepath=/zone/$zonename 1041commit 1042" 1043 echo "$zcfg" > $config ; 1044 zonecfg -z $zonename -f $config ; 1045 rm $config 1046 # Now, go to the singleZone menu, using the global 1047 # variable zonename, and continue with zone creation 1048 singleZone 1049 continue 1050 elif [ "$topcommand" = "Create LDAP Client..." ]; then 1051 command=LDAPclient 1052 createLDAPclient 1053 continue 1054 fi 1055 # if the menu choice was a zonename, pop up zone menu 1056 zonename=$topcommand 1057 singleZone 1058done 1059