1#!/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23# Use is subject to license terms. 24# 25# 26 27# This script provides a simple GUI for managing labeled zones. 28# It takes no arguments, but provides contextual menus which 29# provide appropriate choices. It must be run in the global 30# zone as root. 31 32NSCD_PER_LABEL=0 33NSCD_INDICATOR="/var/tsol/doors/nscd_per_label" 34export NSCD_PER_LABEL 35export NSCD_INDICATOR 36if [ -f $NSCD_INDICATOR ] ; then 37 NSCD_PER_LABEL=1 38fi 39PATH=/usr/bin:/usr/sbin:/usr/lib export PATH 40title="Labeled Zone Manager" 41maxlabel=`chk_encodings -X 2>/dev/null` 42if [[ ! -n $maxlabel ]]; then 43 maxlabel=0x000a-08-f8 44fi 45zonename="" 46export zonename 47config=/tmp/zfg.$$ ; 48 49consoleCheck() { 50 zconsole=`pgrep -f "zlogin -C $zonename"` 51 if [ $? != 0 ]; then 52 console="Zone Console...\n" 53 fi 54} 55 56labelCheck() { 57 hexlabel=`/bin/grep "^$zonename:" \ 58 /etc/security/tsol/tnzonecfg|cut -d ":" -f2`; 59 if [ $hexlabel ] ; then 60 label= 61 curlabel=`hextoalabel $hexlabel` 62 else 63 label="Select Label...\n" 64 curlabel=... 65 fi 66} 67 68snapshotCheck() { 69 filesystem=`zfs list -t snapshot |grep $ZDSET/$zonename |cut -d " " -f1` 70 if [[ $filesystem = '' ]]; then 71 snapshot="Create Snapshot\n" 72 fi 73} 74 75copyCheck() { 76 zonelist="" 77 for p in `zoneadm list -ip`; do 78 q=`echo $p|cut -d ":" -f2` 79 if [ $q != $zonename ]; then 80 zonelist="$zonelist $q" 81 fi 82 done 83 if [[ -n $zonelist ]]; then 84 copy="Copy...\n"; \ 85 clone="Clone\n"; \ 86 fi 87} 88 89relabelCheck() { 90 macstate=`zonecfg -z $zonename info|grep win_mac_write` 91 if [[ -n $macstate ]]; then 92 permitrelabel="Deny Relabeling\n" 93 else 94 permitrelabel="Permit Relabeling\n" 95 fi 96} 97 98selectLabel() { 99 labelList="" 100 for p in `lslabels -h $maxlabel`; do 101 hexlabel=`/bin/grep :$p: /etc/security/tsol/tnzonecfg` 102 if [ $? != 0 ]; then 103 newlabel=`hextoalabel $p` 104 labelList="$labelList $newlabel\n" 105 fi 106 done 107 alabel=$(echo $labelList|zenity --list \ 108 --title="$title" \ 109 --height=300 \ 110 --width=400 \ 111 --column="Available Sensitivity Labels") 112 113 if [[ -n $alabel ]]; then 114 newlabel=`atohexlabel "$alabel" 2>/dev/null` 115 if [[ -n $newlabel ]]; then 116 echo $zonename:$newlabel:0:: >> /etc/security/tsol/tnzonecfg 117 else 118 x=$(zenity --error \ 119 --title="$title" \ 120 --text="$alabel is not valid") 121 fi 122 fi 123} 124 125resolveXdisplay() { 126 export ZONE_PATH 127 export ZONE_ETC_DIR 128 export IPNODES 129 export LIST 130 ERRORLIST="" 131 export ERRORLIST 132 # if using nscd-per-label then we have to be sure the global zone's 133 # hostname resolves because it is used for DISPLAY in X 134 ghostname=`hostname` 135 export ghostname 136 137 if [[ -n "$1" ]] ; then 138 LIST=`zoneadm list -ip | grep ":$1:"` 139 else 140 LIST=`zoneadm list -ip | grep -v "global"` 141 fi 142 143 gipaddress=`getent hosts $ghostname|cut -f1` 144 for i in $LIST; do 145 ZONE_PATH=`echo "$i" |cut -d ":" -f4` 146 ZONE_ETC_DIR=$ZONE_PATH/root/etc 147 IPNODES=${ZONE_ETC_DIR}/inet/ipnodes 148 149 # Rather than toggle on and off with NSCD_PER_LABEL, put the 150 # information in there and a sysadmin can remove it if necessary 151 # $DISPLAY will not work in X without global hostname 152 ENTRY=`grep $ghostname $IPNODES` 153 case "$ENTRY" in 154 127.0.0.1* ) 155 if [[ -z $ERRORLIST ]] ; then 156 ERRORLIST="$ghostname address 127.0.0.1 found in:\n" 157 fi 158 ERRORLIST="$ERRORLIST $IPNODES\n" 159 ;; 160 "") 161 gipaddress=`getent hosts $ghostname|cut -f1` 162 echo "$gipaddress\t$ghostname" >> $IPNODES 163 ;; 164 *) 165 continue 166 ;; 167 168 esac 169 done 170 if [[ -n "$ERRORLIST" ]] ; then 171 x=$(zenity --error \ 172 --title="$title" \ 173 --text="WARNING:\n\n\n$ERRORLIST\n\n") 174 fi 175} 176 177clone() { 178 image=`zfs list -t snapshot |grep snapshot|cut -d " " -f1| \ 179 zenity --list \ 180 --title="$title" \ 181 --height=300 \ 182 --column="ZFS Zone Snapshots"` 183 if [[ -n $image ]]; then 184 dataset=`zfs list |grep $ZDSET/$zonename |cut -d " " -f1` 185 if [[ -n $dataset ]]; then 186 /usr/sbin/zfs destroy $ZDSET/$zonename 187 fi 188 /usr/sbin/zfs clone $image $ZDSET/$zonename 189 /usr/sbin/zfs set mountpoint=/zone/$zonename $ZDSET/$zonename 190 191 /usr/sbin/zoneadm -z $zonename attach -F 192 if [ ! -f /var/ldap/ldap_client_file ]; then 193 if [ $NSCD_PER_LABEL = 0 ] ; then 194 sharePasswd 195 else 196 unsharePasswd 197 resolveXdisplay 198 fi 199 fi 200 fi 201} 202 203copy() { 204 205 image=`zenity --list \ 206 --title="$title: Copy From" \ 207 --height=300 \ 208 --column="Installed Zones" $zonelist` 209 210 /usr/bin/gnome-terminal \ 211 --title="$title: Copying $image to $zonename zone" \ 212 --command "zoneadm -z $zonename clone -m copy $image" \ 213 --disable-factory \ 214 --hide-menubar 215 216 if [ ! -f /var/ldap/ldap_client_file ]; then 217 if [ $NSCD_PER_LABEL = 0 ] ; then 218 sharePasswd 219 else 220 unsharePasswd 221 resolveXdisplay 222 fi 223 fi 224} 225 226initialize() { 227 hostname=`hostname` 228 hostname=$(zenity --entry \ 229 --title="$title" \ 230 --text="Enter Host Name: " \ 231 --entry-text $hostname) 232 if [ $? != 0 ]; then 233 exit 1 234 fi 235 236 ZONE_PATH=`zoneadm list -ip|grep ":${zonename}:"|cut -d ":" -f4` 237 if [ -z "$ZONE_PATH" ] ; then 238 x=$(zenity --error \ 239 --title="$title" \ 240 --text="$zonename is not an installed zone") 241 exit 1 242 fi 243 ZONE_ETC_DIR=$ZONE_PATH/root/etc 244 ipaddress=`getent hosts $hostname|cut -f1` 245 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 246 247 if [ -f /var/ldap/ldap_client_file ]; then 248 ldapaddress=`ldapclient list | \ 249 /bin/grep "^NS_LDAP_SERVERS" | cut -d " " -f2` 250 echo "name_service=LDAP {" > ${SYSIDCFG} 251 domain=`domainname` 252 echo "domain_name=$domain" >> ${SYSIDCFG} 253 profName=`ldapclient list | \ 254 /bin/grep "^NS_LDAP_PROFILE" | cut -d " " -f2` 255 proxyPwd=`ldapclient list | \ 256 /bin/grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2` 257 proxyDN=`ldapclient list | \ 258 /bin/grep "^NS_LDAP_BINDDN" | cut -d " " -f 2` 259 if [ "$proxyDN" ]; then 260 echo "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 261 echo "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 262 fi 263 echo "profile=$profName" >> ${SYSIDCFG} 264 echo "profile_server=$ldapaddress }" >> ${SYSIDCFG} 265 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 266 else 267 echo "name_service=NONE" > ${SYSIDCFG} 268 if [ $NSCD_PER_LABEL = 0 ] ; then 269 sharePasswd 270 else 271 # had to put resolveXdisplay lower down for this case 272 unsharePasswd 273 fi 274 fi 275 276 echo "security_policy=NONE" >> ${SYSIDCFG} 277 locale=`locale|grep LANG | cut -d "=" -f2` 278 if [[ -z $locale ]]; then 279 locale="C" 280 fi 281 echo "system_locale=$locale" >> ${SYSIDCFG} 282 timezone=`/bin/grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2` 283 echo "timezone=$timezone" >> ${SYSIDCFG} 284 echo "terminal=vt100" >> ${SYSIDCFG} 285 rootpwd=`/bin/grep "^root:" /etc/shadow|cut -d ":" -f2` 286 #echo "root_password=$rootpwd" >> ${SYSIDCFG} 287 echo "nfs4_domain=dynamic" >> ${SYSIDCFG} 288 echo "network_interface=PRIMARY {" >> ${SYSIDCFG} 289 echo "protocol_ipv6=no" >> ${SYSIDCFG} 290 echo "hostname=$hostname" >> ${SYSIDCFG} 291 echo "ip_address=$ipaddress }" >> ${SYSIDCFG} 292 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 293 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 294 if [ $NSCD_PER_LABEL = 1 ] ; then 295 resolveXdisplay 296 fi 297} 298 299install() { 300 # if there is a zfs pool for zone 301 # create a new dataset for the zone 302 # This step is done automatically by zonecfg 303 # in Solaris Express 8/06 or newer 304 305 if [ $ZDSET != none ]; then 306 zfs create -o mountpoint=/zone/$zonename \ 307 $ZDSET/$zonename 308 chmod 700 /zone/$zonename 309 fi 310 311 /usr/bin/gnome-terminal \ 312 --title="$title: Installing $zonename zone" \ 313 --command "zoneadm -z $zonename install" \ 314 --disable-factory \ 315 --hide-menubar 316 317 initialize 318} 319 320delete() { 321 # if there is an entry for this zone in tnzonecfg, remove it 322 # before deleting the zone. 323 324 tnzone=`egrep "^$zonename:" /etc/security/tsol/tnzonecfg 2>/dev/null` 325 if [ -n "${tnzone}" ]; then 326 sed -e "/^$tnzone:*/d" /etc/security/tsol/tnzonecfg > \ 327 /tmp/tnzonefg.$$ 2>/dev/null 328 mv /tmp/tnzonefg.$$ /etc/security/tsol/tnzonecfg 329 fi 330 zonecfg -z $zonename delete -F 331 dataset=`zfs list |grep $ZDSET/$zonename |cut -d " " -f1` 332 if [[ -n $dataset ]]; then 333 /usr/sbin/zfs destroy $ZDSET/$zonename 334 fi 335 zonename= 336} 337 338getNIC(){ 339 340 nics= 341 for i in `ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK` 342 do 343 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 344 if [ $? -eq 1 ]; then 345 continue 346 fi 347 i=${i%:} # Remove colon after interface name 348 echo $i |grep ":" >/dev/null 2>&1 349 if [ $? -eq 0 ]; then 350 continue 351 fi 352 nics="$nics $i" 353 done 354 355 nic=$(zenity --list \ 356 --title="$title" \ 357 --column="Interface" \ 358 $nics) 359} 360 361getNetmask() { 362 363 cidr= 364 nm=$(zenity --entry \ 365 --title="$title" \ 366 --text="$ipaddr: Enter netmask: " \ 367 --entry-text 255.255.255.0) 368 if [ $? != 0 ]; then 369 return; 370 fi 371 372 cidr=`perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm` 373} 374 375addNet() { 376 getNIC 377 if [[ -z $nic ]]; then 378 return; 379 fi 380 getIPaddr 381 if [[ -z $ipaddr ]]; then 382 return; 383 fi 384 getNetmask 385 if [[ -z $cidr ]]; then 386 return; 387 fi 388 zcfg=" 389add net 390set address=${ipaddr}/${cidr} 391set physical=$nic 392end 393commit 394" 395 echo "$zcfg" > $config ; 396 zonecfg -z $zonename -f $config ; 397 rm $config 398} 399 400getAttrs() { 401 zone=global 402 type=ignore 403 for j in `ifconfig $nic` 404 do 405 case $j in 406 inet) type=$j;; 407 zone) type=$j;; 408 all-zones) zone=all-zones;; 409 flags*) flags=$j;; 410 *) case $type in 411 inet) ipaddr=$j ;; 412 zone) zone=$j ;; 413 *) continue ;; 414 esac;\ 415 type=ignore;; 416 esac 417 done 418 if [ $ipaddr != 0.0.0.0 ]; then 419 template=`tninfo -h $ipaddr|grep Template| cut -d" " -f3` 420 else 421 template="..." 422 ipaddr="..." 423 fi 424} 425 426updateTnrhdb() { 427 tnctl -h ${ipaddr}:$template 428 x=`grep "^${ipaddr}[^0-9]" /etc/security/tsol/tnrhdb` 429 if [ $? = 0 ]; then 430 sed s/$x/${ipaddr}:$template/g /etc/security/tsol/tnrhdb \ 431 > /tmp/txnetmgr.$$ 432 mv /tmp/txnetmgr.$$ /etc/security/tsol/tnrhdb 433 else 434 echo ${ipaddr}:$template >> /etc/security/tsol/tnrhdb 435 fi 436} 437 438getIPaddr() { 439 hostname=$(zenity --entry \ 440 --title="$title" \ 441 --text="$nic: Enter hostname: ") 442 443 if [ $? != 0 ]; then 444 return; 445 fi 446 447 ipaddr=`getent hosts $hostname|cut -f1` 448 if [[ -z $ipaddr ]]; then 449 450 ipaddr=$(zenity --entry \ 451 --title="$title" \ 452 --text="$nic: Enter IP address: " \ 453 --entry-text a.b.c.d) 454 if [ $? != 0 ]; then 455 return; 456 fi 457 fi 458 459} 460 461addHost() { 462 # Update hosts and ipnodes 463 if [[ -z $ipaddr ]]; then 464 return; 465 fi 466 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 467 if [ $? -eq 1 ]; then 468 echo "$ipaddr\t$hostname" >> /etc/inet/hosts 469 fi 470 471 grep "^${ipaddr}[^0-9]" /etc/inet/ipnodes >/dev/null 472 if [ $? -eq 1 ]; then 473 echo "$ipaddr\t$hostname" >> /etc/inet/ipnodes 474 fi 475 476 template=cipso 477 updateTnrhdb 478 479 ifconfig $nic $ipaddr netmask + broadcast + 480 echo $hostname > /etc/hostname.$nic 481} 482 483getTemplate() { 484 templates=$(cat /etc/security/tsol/tnrhtp|\ 485 grep "^[A-z]"|grep "type=cipso"|cut -f1 -d":") 486 487 while [ 1 -gt 0 ]; do 488 t_cmd=$(zenity --list \ 489 --title="$title" \ 490 --height=300 \ 491 --column="Network Templates" \ 492 $templates) 493 494 if [ $? != 0 ]; then 495 break; 496 fi 497 498 t_label=$(tninfo -t $t_cmd | grep sl|zenity --list \ 499 --title="$title" \ 500 --height=300 \ 501 --width=450 \ 502 --column="Click OK to associate $t_cmd template with $ipaddr" ) 503 504 if [ $? != 0 ]; then 505 continue 506 fi 507 template=$t_cmd 508 updateTnrhdb 509 break 510 done 511} 512 513createInterface() { 514 msg=`ifconfig $nic addif 0.0.0.0` 515 $(zenity --info \ 516 --title="$title" \ 517 --text="$msg" ) 518} 519 520shareInterface() { 521 ifconfig $nic all-zones;\ 522 if_file=/etc/hostname.$nic 523 sed q | sed -e "s/$/ all-zones/" < $if_file >/tmp/txnetmgr.$$ 524 mv /tmp/txnetmgr.$$ $if_file 525} 526 527setMacPrivs() { 528 zcfg=" 529set limitpriv=default,win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,file_downgrade_sl,file_upgrade_sl,sys_trans_label 530commit 531" 532 echo "$zcfg" > $config ; 533 zonecfg -z $zonename -f $config ; 534 rm $config 535} 536 537resetMacPrivs() { 538 zcfg=" 539set limitpriv=default 540commit 541" 542 echo "$zcfg" > $config ; 543 zonecfg -z $zonename -f $config ; 544 rm $config 545} 546 547unsharePasswd() { 548 for i in `zoneadm list -i | grep -v global`; do 549 zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such 550 zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such 551 done 552} 553 554sharePasswd() { 555 if [ $NSCD_PER_LABEL -ne 0 ] ; then 556 return 557 fi 558 passwd=`zonecfg -z $zonename info|grep /etc/passwd` 559 if [[ $? -eq 1 ]]; then 560 zcfg=" 561add fs 562set special=/etc/passwd 563set dir=/etc/passwd 564set type=lofs 565add options ro 566end 567add fs 568set special=/etc/shadow 569set dir=/etc/shadow 570set type=lofs 571add options ro 572end 573commit 574" 575 echo "$zcfg" > $config ; 576 zonecfg -z $zonename -f $config ; 577 rm $config 578 fi 579} 580 581# This routine is a toggle -- if we find it configured for global nscd, 582# change to nscd-per-label and vice-versa. 583# 584# The user was presented with only the choice to CHANGE the existing 585# configuration. 586 587manageNscd() { 588 if [ $NSCD_PER_LABEL -eq 0 ] ; then 589 # this MUST be a regular file for svc-nscd to detect 590 touch $NSCD_INDICATOR 591 NSCD_PER_LABEL=1 592 unsharePasswd 593 resolveXdisplay 594 else 595 export zonename 596 rm -f $NSCD_INDICATOR 597 NSCD_PER_LABEL=0 598 for i in `zoneadm list -i | grep -v global`; do 599 zonename=$i 600 sharePasswd 601 done 602 zonename= 603 fi 604} 605 606manageNets() { 607 while [ 1 -gt 0 ]; do 608 attrs= 609 for i in `ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK` 610 do 611 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 612 if [ $? -eq 1 ]; then 613 continue 614 fi 615 nic=${i%:} # Remove colon after interface name 616 getAttrs 617 attrs="$nic $zone $ipaddr $template Up $attrs" 618 done 619 620 for i in `ifconfig -ad4 |grep "^[a-z].*:" |grep -v LOOPBACK` 621 do 622 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 623 if [ $? -eq 1 ]; then 624 continue 625 fi 626 nic=${i%:} # Remove colon after interface name 627 getAttrs 628 attrs="$nic $zone $ipaddr $template Down $attrs" 629 done 630 631 nic=$(zenity --list \ 632 --title="$title" \ 633 --height=300 \ 634 --width=450 \ 635 --column="Interface" \ 636 --column="Zone Name" \ 637 --column="IP Address" \ 638 --column="Template" \ 639 --column="State" \ 640 $attrs) 641 642 if [[ -z $nic ]]; then 643 return 644 fi 645 646 getAttrs 647 648 # Clear list of commands 649 650 share= 651 setipaddr= 652 settemplate= 653 newlogical= 654 unplumb= 655 bringup= 656 bringdown= 657 658 # Check for physical interface 659 660 hascolon=`echo $nic |grep :` 661 if [ $? != 0 ]; then 662 newlogical="Create Logical Interface\n"; 663 else 664 up=`echo $flags|grep "UP,"` 665 if [ $? != 0 ]; then 666 unplumb="Remove Logical Interface\n" 667 if [ $ipaddr != "..." ]; then 668 bringup="Bring Up\n" 669 fi 670 else 671 bringdown="Bring Down\n" 672 fi 673 fi 674 675 if [ $ipaddr = "..." ]; then 676 setipaddr="Set IP address...\n"; 677 else 678 settemplate="View Templates...\n" 679 if [ $zone = global ]; then 680 share="Share\n" 681 fi 682 fi 683 684 command=$(echo ""\ 685 $share \ 686 $setipaddr \ 687 $settemplate \ 688 $newlogical \ 689 $unplumb \ 690 $bringup \ 691 $bringdown \ 692 | zenity --list \ 693 --title="$title" \ 694 --height=300 \ 695 --column "Interface: $nic" ) 696 697 case $command in 698 " Create Logical Interface")\ 699 createInterface;; 700 " Set IP address...")\ 701 getIPaddr 702 addHost;; 703 " Share")\ 704 shareInterface;; 705 " View Templates...")\ 706 getTemplate;; 707 " Remove Logical Interface")\ 708 ifconfig $nic unplumb;\ 709 rm -f /etc/hostname.$nic;; 710 " Bring Up")\ 711 ifconfig $nic up;; 712 " Bring Down")\ 713 ifconfig $nic down;; 714 *) continue;; 715 esac 716 done 717} 718 719createLDAPclient() { 720 ldaptitle="$title: Create LDAP Client" 721 ldapdomain=$(zenity --entry \ 722 --width=400 \ 723 --title="$ldaptitle" \ 724 --text="Enter Domain Name: ") 725 ldapserver=$(zenity --entry \ 726 --width=400 \ 727 --title="$ldaptitle" \ 728 --text="Enter Hostname of LDAP Server: ") 729 ldapserveraddr=$(zenity --entry \ 730 --width=400 \ 731 --title="$ldaptitle" \ 732 --text="Enter IP adddress of LDAP Server $ldapserver: ") 733 ldappassword="" 734 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]]; do 735 ldappassword=$(zenity --entry \ 736 --width=400 \ 737 --title="$ldaptitle" \ 738 --hide-text \ 739 --text="Enter LDAP Proxy Password:") 740 ldappasswordconfirm=$(zenity --entry \ 741 --width=400 \ 742 --title="$ldaptitle" \ 743 --hide-text \ 744 --text="Confirm LDAP Proxy Password:") 745 done 746 ldapprofile=$(zenity --entry \ 747 --width=400 \ 748 --title="$ldaptitle" \ 749 --text="Enter LDAP Profile Name: ") 750 whatnext=$(zenity --list \ 751 --width=400 \ 752 --height=250 \ 753 --title="$ldaptitle" \ 754 --text="Proceed to create LDAP Client?" \ 755 --column=Parameter --column=Value \ 756 "Domain Name" "$ldapdomain" \ 757 "Hostname" "$ldapserver" \ 758 "IP Address" "$ldapserveraddr" \ 759 "Password" "`echo "$ldappassword" | sed 's/./*/g'`" \ 760 "Profile" "$ldapprofile") 761 if [ $? != 0 ]; then 762 return 763 fi 764 765 /bin/grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 766 if [ $? -eq 1 ]; then 767 /bin/echo "$ldapserveraddr $ldapserver" >> /etc/hosts 768 fi 769 770 /bin/grep "${ldapserver}:" /etc/security/tsol/tnrhdb > /dev/null 771 if [ $? -eq 1 ]; then 772 /bin/echo "# ${ldapserver} - ldap server" \ 773 >> /etc/security/tsol/tnrhdb 774 /bin/echo "${ldapserveraddr}:cipso" \ 775 >> /etc/security/tsol/tnrhdb 776 /usr/sbin/tnctl -h "${ldapserveraddr}:cipso" 777 fi 778 779 proxyDN=`echo $ldapdomain|awk -F"." \ 780 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }"` 781 782 zenity --info \ 783 --title="$ldaptitle" \ 784 --width=500 \ 785 --text="global zone will be LDAP client of $ldapserver" 786 787 ldapout=/tmp/ldapclient.$$ 788 789 ldapclient init -a profileName="$ldapprofile" \ 790 -a domainName="$ldapdomain" \ 791 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 792 -a proxyPassword="$ldappassword" \ 793 "$ldapserveraddr" >$ldapout 2>&1 794 795 if [ $? -eq 0 ]; then 796 ldapstatus=Success 797 else 798 ldapstatus=Error 799 fi 800 801 zenity --text-info \ 802 --width=700 \ 803 --height=300 \ 804 --title="$ldaptitle: $ldapstatus" \ 805 --filename=$ldapout 806 807 rm -f $ldapout 808 809 810} 811 812# Loop for single-zone menu 813singleZone() { 814 815 while [ "${command}" != Exit ]; do 816 if [[ ! -n $zonename ]]; then 817 x=$(zenity --error \ 818 --title="$title" \ 819 --text="zonename \"$zonename\" is not valid") 820 return 821 fi 822 # Clear list of commands 823 824 console= 825 label= 826 start= 827 reboot= 828 stop= 829 clone= 830 copy= 831 install= 832 ready= 833 uninstall= 834 delete= 835 snapshot= 836 addnet= 837 deletenet= 838 permitrelabel= 839 840 zonestate=`zoneadm -z $zonename list -p | cut -d ":" -f 3` 841 842 consoleCheck; 843 labelCheck; 844 delay=0 845 846 case $zonestate in 847 running) ready="Ready\n"; \ 848 reboot="Reboot\n"; \ 849 stop="Halt\n"; \ 850 ;; 851 ready) start="Boot\n"; \ 852 stop="Halt\n" \ 853 ;; 854 installed) 855 if [[ -z $label ]]; then \ 856 ready="Ready\n"; \ 857 start="Boot\n"; \ 858 fi; \ 859 uninstall="Uninstall\n"; \ 860 snapshotCheck; \ 861 relabelCheck; 862 addnet="Add Network...\n" 863 ;; 864 configured) install="Install...\n"; \ 865 copyCheck; \ 866 delete="Delete\n"; \ 867 console=; \ 868 ;; 869 incomplete) delete="Delete\n"; \ 870 ;; 871 *) 872 ;; 873 esac 874 875 command=$(echo ""\ 876 $console \ 877 $label \ 878 $start \ 879 $reboot \ 880 $stop \ 881 $clone \ 882 $copy \ 883 $install \ 884 $ready \ 885 $uninstall \ 886 $delete \ 887 $snapshot \ 888 $addnet \ 889 $deletenet \ 890 $permitrelabel \ 891 "Return to Main Menu" \ 892 | zenity --list \ 893 --title="$title" \ 894 --height=300 \ 895 --column "$zonename: $zonestate" ) 896 897 case $command in 898 " Zone Console...") 899 delay=2; \ 900 /usr/bin/gnome-terminal \ 901 --title="Zone Terminal Console: $zonename" \ 902 --command "/usr/sbin/zlogin -C $zonename" &;; 903 904 " Select Label...") 905 selectLabel;; 906 907 " Ready") 908 zoneadm -z $zonename ready ;; 909 910 " Boot") 911 zoneadm -z $zonename boot ;; 912 913 " Halt") 914 zoneadm -z $zonename halt ;; 915 916 " Reboot") 917 zoneadm -z $zonename reboot ;; 918 919 " Install...") 920 install;; 921 922 " Clone") 923 clone ;; 924 925 " Copy...") 926 copy ;; 927 928 " Uninstall") 929 zoneadm -z $zonename uninstall -F;; 930 931 " Delete") 932 delete 933 return ;; 934 935 " Create Snapshot") 936 zfs snapshot $ZDSET/${zonename}@snapshot;; 937 938 " Add Network...") 939 addNet ;; 940 941 " Permit Relabeling") 942 setMacPrivs ;; 943 944 " Deny Relabeling") 945 resetMacPrivs ;; 946 947 *) 948 zonename= 949 return ;; 950 esac 951 sleep $delay; 952 done 953} 954 955# Main loop for top-level window 956# 957 958 959ZDSET=none 960# are there any zfs pools? 961zpool iostat 1>/dev/null 2>&1 962if [ $? = 0 ]; then 963 # is there a zfs pool named "zone"? 964 zpool list -H zone 1>/dev/null 2>&1 965 if [ $? = 0 ]; then 966 # yes 967 ZDSET=zone 968 else 969 # no, but is there a root pool? 970 rootfs=`df -n / | awk '{print $3}'` 971 if [ $rootfs = "zfs" ]; then 972 # yes, use it 973 ZDSET=`zfs list -Ho name / | cut -d/ -f 1`/zones 974 zfs list -H $ZDSET 1>/dev/null 2>&1 975 if [ $? = 1 ]; then 976 zfs create -o mountpoint=/zone $ZDSET 977 fi 978 fi 979 fi 980fi 981 982export NSCD_OPT 983while [ "${command}" != Exit ]; do 984 zonelist="" 985 for p in `zoneadm list -cp |grep -v global:`; do 986 zonename=`echo $p|cut -d : -f2` 987 state=`echo $p|cut -d : -f3` 988 labelCheck 989 zonelist="$zonelist$zonename\n$state\n$curlabel\n" 990 done 991 992 if [ $NSCD_PER_LABEL -eq 0 ] ; then 993 NSCD_OPT="Configure per-zone name service" 994 else 995 NSCD_OPT="Unconfigure per-zone name service" 996 fi 997 zonelist=${zonelist}"Manage Network Interfaces...\n\n\n" 998 zonelist=${zonelist}"Create a new zone...\n\n\n" 999 zonelist=${zonelist}"${NSCD_OPT}" 1000 zonelist=${zonelist}"\n\n\nCreate LDAP Client...\n\n\n" 1001 zonelist=${zonelist}"Exit\n\n" 1002 1003 zonename="" 1004 topcommand=$(echo $zonelist|zenity --list \ 1005 --title="$title" \ 1006 --height=300 \ 1007 --width=500 \ 1008 --column="Zone Name" \ 1009 --column="Status" \ 1010 --column="Sensitivity Label" \ 1011 ) 1012 1013 if [[ ! -n $topcommand ]]; then 1014 command=Exit 1015 exit 1016 fi 1017 1018 if [ "$topcommand" = "$NSCD_OPT" ]; then 1019 topcommand= 1020 manageNscd 1021 continue 1022 elif [ "$topcommand" = "Manage Network Interfaces..." ]; then 1023 topcommand= 1024 manageNets 1025 continue 1026 elif [ "$topcommand" = "Exit" ]; then 1027 command=Exit 1028 exit 1029 elif [ "$topcommand" = "Create a new zone..." ]; then 1030 zonename=$(zenity --entry \ 1031 --title="$title" \ 1032 --entry-text="" \ 1033 --text="Enter Zone Name: ") 1034 1035 if [[ ! -n $zonename ]]; then 1036 continue 1037 fi 1038 1039 zcfg=" 1040create -t SUNWtsoldef 1041set zonepath=/zone/$zonename 1042commit 1043" 1044 echo "$zcfg" > $config ; 1045 zonecfg -z $zonename -f $config ; 1046 rm $config 1047 # Now, go to the singleZone menu, using the global 1048 # variable zonename, and continue with zone creation 1049 singleZone 1050 continue 1051 elif [ "$topcommand" = "Create LDAP Client..." ]; then 1052 command=LDAPclient 1053 createLDAPclient 1054 continue 1055 fi 1056 # if the menu choice was a zonename, pop up zone menu 1057 zonename=$topcommand 1058 singleZone 1059done 1060