1#!/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23# Use is subject to license terms. 24# 25# 26 27# This script provides a simple GUI for managing labeled zones. 28# It takes no arguments, but provides contextual menus which 29# provide appropriate choices. It must be run in the global 30# zone as root. 31 32NSCD_PER_LABEL=0 33NSCD_INDICATOR="/var/tsol/doors/nscd_per_label" 34export NSCD_PER_LABEL 35export NSCD_INDICATOR 36if [ -f $NSCD_INDICATOR ] ; then 37 NSCD_PER_LABEL=1 38fi 39PATH=/usr/bin:/usr/sbin:/usr/lib export PATH 40title="Labeled Zone Manager" 41maxlabel=`chk_encodings -X 2>/dev/null` 42if [[ ! -n $maxlabel ]]; then 43 maxlabel=0x000a-08-f8 44fi 45zonename="" 46export zonename 47config=/tmp/zfg.$$ ; 48 49consoleCheck() { 50 zconsole=`pgrep -f "zlogin -C $zonename"` 51 if [ $? != 0 ]; then 52 console="Zone Console...\n" 53 fi 54} 55 56labelCheck() { 57 hexlabel=`/bin/grep "^$zonename:" \ 58 /etc/security/tsol/tnzonecfg|cut -d ":" -f2`; 59 if [ $hexlabel ] ; then 60 label= 61 curlabel=`hextoalabel $hexlabel` 62 else 63 label="Select Label...\n" 64 curlabel=... 65 fi 66} 67 68copyCheck() { 69 zonelist="" 70 for p in `zoneadm list -ip`; do 71 q=`echo $p|cut -d ":" -f2` 72 if [ $q != $zonename ]; then 73 zonelist="$zonelist $q" 74 fi 75 done 76 if [[ -n $zonelist ]]; then 77 copy="Copy...\n"; \ 78 clone="Clone\n"; \ 79 fi 80} 81 82relabelCheck() { 83 macstate=`zonecfg -z $zonename info|grep win_mac_write` 84 if [[ -n $macstate ]]; then 85 permitrelabel="Deny Relabeling\n" 86 else 87 permitrelabel="Permit Relabeling\n" 88 fi 89} 90 91selectLabel() { 92 labelList="" 93 for p in `lslabels -h $maxlabel`; do 94 hexlabel=`/bin/grep :$p: /etc/security/tsol/tnzonecfg` 95 if [ $? != 0 ]; then 96 newlabel=`hextoalabel $p` 97 labelList="$labelList $newlabel\n" 98 fi 99 done 100 alabel=$(echo $labelList|zenity --list \ 101 --title="$title" \ 102 --height=300 \ 103 --width=400 \ 104 --column="Available Sensitivity Labels") 105 106 if [[ -n $alabel ]]; then 107 newlabel=`atohexlabel "$alabel" 2>/dev/null` 108 if [[ -n $newlabel ]]; then 109 echo $zonename:$newlabel:0:: >> /etc/security/tsol/tnzonecfg 110 else 111 x=$(zenity --error \ 112 --title="$title" \ 113 --text="$alabel is not valid") 114 fi 115 fi 116} 117 118resolveXdisplay() { 119 export ZONE_PATH 120 export ZONE_ETC_DIR 121 export IPNODES 122 export LIST 123 ERRORLIST="" 124 export ERRORLIST 125 # if using nscd-per-label then we have to be sure the global zone's 126 # hostname resolves because it is used for DISPLAY in X 127 ghostname=`hostname` 128 export ghostname 129 130 if [[ -n "$1" ]] ; then 131 LIST=`zoneadm list -ip | grep ":$1:"` 132 else 133 LIST=`zoneadm list -ip | grep -v "global"` 134 fi 135 136 gipaddress=`getent hosts $ghostname|cut -f1` 137 for i in $LIST; do 138 ZONE_PATH=`echo "$i" |cut -d ":" -f4` 139 ZONE_ETC_DIR=$ZONE_PATH/root/etc 140 IPNODES=${ZONE_ETC_DIR}/inet/ipnodes 141 142 # Rather than toggle on and off with NSCD_PER_LABEL, put the 143 # information in there and a sysadmin can remove it if necessary 144 # $DISPLAY will not work in X without global hostname 145 ENTRY=`grep $ghostname $IPNODES` 146 case "$ENTRY" in 147 127.0.0.1* ) 148 if [[ -z $ERRORLIST ]] ; then 149 ERRORLIST="$ghostname address 127.0.0.1 found in:\n" 150 fi 151 ERRORLIST="$ERRORLIST $IPNODES\n" 152 ;; 153 "") 154 gipaddress=`getent hosts $ghostname|cut -f1` 155 echo "$gipaddress\t$ghostname" >> $IPNODES 156 ;; 157 *) 158 continue 159 ;; 160 161 esac 162 done 163 if [[ -n "$ERRORLIST" ]] ; then 164 x=$(zenity --error \ 165 --title="$title" \ 166 --text="WARNING:\n\n\n$ERRORLIST\n\n") 167 fi 168} 169 170clone() { 171 image=`zenity --list \ 172 --title="$title: Clone From" \ 173 --height=300 \ 174 --column="Installed Zones" $zonelist` 175 if [[ -n $image ]]; then 176 dataset=`zfs list |grep $ZDSET/$zonename |cut -d " " -f1` 177 if [[ -n $dataset ]]; then 178 /usr/sbin/zfs destroy -r $ZDSET/$zonename 179 fi 180 /usr/sbin/zoneadm -z $zonename clone $image 181 /usr/sbin/zoneadm -z $zonename ready 182 183 if [ ! -f /var/ldap/ldap_client_file ]; then 184 if [ $NSCD_PER_LABEL = 0 ] ; then 185 sharePasswd 186 else 187 unsharePasswd 188 resolveXdisplay 189 fi 190 fi 191 initialize 192 /usr/sbin/zoneadm -z $zonename halt 193 fi 194} 195 196copy() { 197 198 image=`zenity --list \ 199 --title="$title: Copy From" \ 200 --height=300 \ 201 --column="Installed Zones" $zonelist` 202 203 /usr/bin/gnome-terminal \ 204 --title="$title: Copying $image to $zonename zone" \ 205 --command "zoneadm -z $zonename clone -m copy $image" \ 206 --disable-factory \ 207 --hide-menubar 208 209 if [ ! -f /var/ldap/ldap_client_file ]; then 210 if [ $NSCD_PER_LABEL = 0 ] ; then 211 sharePasswd 212 else 213 unsharePasswd 214 resolveXdisplay 215 fi 216 fi 217} 218 219initialize() { 220 hostname=`hostname` 221 hostname=$(zenity --entry \ 222 --title="$title" \ 223 --text="Enter Host Name: " \ 224 --entry-text $hostname) 225 if [ $? != 0 ]; then 226 exit 1 227 fi 228 229 ZONE_PATH=`zoneadm list -ip|grep ":${zonename}:"|cut -d ":" -f4` 230 if [ -z "$ZONE_PATH" ] ; then 231 x=$(zenity --error \ 232 --title="$title" \ 233 --text="$zonename is not an installed zone") 234 exit 1 235 fi 236 ZONE_ETC_DIR=$ZONE_PATH/root/etc 237 ipaddress=`getent hosts $hostname|cut -f1` 238 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 239 240 if [ -f /var/ldap/ldap_client_file ]; then 241 ldapaddress=`ldapclient list | \ 242 /bin/grep "^NS_LDAP_SERVERS" | cut -d " " -f2` 243 echo "name_service=LDAP {" > ${SYSIDCFG} 244 domain=`domainname` 245 echo "domain_name=$domain" >> ${SYSIDCFG} 246 profName=`ldapclient list | \ 247 /bin/grep "^NS_LDAP_PROFILE" | cut -d " " -f2` 248 proxyPwd=`ldapclient list | \ 249 /bin/grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2` 250 proxyDN=`ldapclient list | \ 251 /bin/grep "^NS_LDAP_BINDDN" | cut -d " " -f 2` 252 if [ "$proxyDN" ]; then 253 echo "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 254 echo "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 255 fi 256 echo "profile=$profName" >> ${SYSIDCFG} 257 echo "profile_server=$ldapaddress }" >> ${SYSIDCFG} 258 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 259 else 260 echo "name_service=NONE" > ${SYSIDCFG} 261 if [ $NSCD_PER_LABEL = 0 ] ; then 262 sharePasswd 263 else 264 # had to put resolveXdisplay lower down for this case 265 unsharePasswd 266 fi 267 fi 268 269 echo "security_policy=NONE" >> ${SYSIDCFG} 270 locale=`locale|grep LANG | cut -d "=" -f2` 271 if [[ -z $locale ]]; then 272 locale="C" 273 fi 274 echo "system_locale=$locale" >> ${SYSIDCFG} 275 timezone=`/bin/grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2` 276 echo "timezone=$timezone" >> ${SYSIDCFG} 277 echo "terminal=vt100" >> ${SYSIDCFG} 278 rootpwd=`/bin/grep "^root:" /etc/shadow|cut -d ":" -f2` 279 #echo "root_password=$rootpwd" >> ${SYSIDCFG} 280 echo "nfs4_domain=dynamic" >> ${SYSIDCFG} 281 echo "network_interface=PRIMARY {" >> ${SYSIDCFG} 282 echo "protocol_ipv6=no" >> ${SYSIDCFG} 283 echo "hostname=$hostname" >> ${SYSIDCFG} 284 echo "ip_address=$ipaddress }" >> ${SYSIDCFG} 285 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 286 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 287 rm -f ${ZONE_ETC_DIR}/.UNCONFIGURED 288 if [ $NSCD_PER_LABEL = 1 ] ; then 289 resolveXdisplay 290 fi 291} 292 293install() { 294 # if there is a zfs pool for zone 295 # create a new dataset for the zone 296 # This step is done automatically by zonecfg 297 # in Solaris Express 8/06 or newer 298 299 if [ $ZDSET != none ]; then 300 zfs create -o mountpoint=/zone/$zonename \ 301 $ZDSET/$zonename 302 chmod 700 /zone/$zonename 303 fi 304 305 /usr/bin/gnome-terminal \ 306 --title="$title: Installing $zonename zone" \ 307 --command "zoneadm -z $zonename install" \ 308 --disable-factory \ 309 --hide-menubar 310 311 zoneadm -z $zonename ready 312 initialize 313 zoneadm -z $zonename halt 314} 315 316delete() { 317 # if there is an entry for this zone in tnzonecfg, remove it 318 # before deleting the zone. 319 320 tnzone=`egrep "^$zonename:" /etc/security/tsol/tnzonecfg 2>/dev/null` 321 if [ -n "${tnzone}" ]; then 322 sed -e "/^$tnzone:*/d" /etc/security/tsol/tnzonecfg > \ 323 /tmp/tnzonefg.$$ 2>/dev/null 324 mv /tmp/tnzonefg.$$ /etc/security/tsol/tnzonecfg 325 fi 326 zonecfg -z $zonename delete -F 327 dataset=`zfs list |grep $ZDSET/$zonename |cut -d " " -f1` 328 if [[ -n $dataset ]]; then 329 /usr/sbin/zfs destroy $ZDSET/$zonename 330 fi 331 zonename= 332} 333 334getNIC(){ 335 336 nics= 337 for i in `ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK` 338 do 339 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 340 if [ $? -eq 1 ]; then 341 continue 342 fi 343 i=${i%:} # Remove colon after interface name 344 echo $i |grep ":" >/dev/null 2>&1 345 if [ $? -eq 0 ]; then 346 continue 347 fi 348 nics="$nics $i" 349 done 350 351 nic=$(zenity --list \ 352 --title="$title" \ 353 --column="Interface" \ 354 $nics) 355} 356 357getNetmask() { 358 359 cidr= 360 nm=$(zenity --entry \ 361 --title="$title" \ 362 --text="$ipaddr: Enter netmask: " \ 363 --entry-text 255.255.255.0) 364 if [ $? != 0 ]; then 365 return; 366 fi 367 368 cidr=`perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm` 369} 370 371addNet() { 372 getNIC 373 if [[ -z $nic ]]; then 374 return; 375 fi 376 getIPaddr 377 if [[ -z $ipaddr ]]; then 378 return; 379 fi 380 getNetmask 381 if [[ -z $cidr ]]; then 382 return; 383 fi 384 zcfg=" 385add net 386set address=${ipaddr}/${cidr} 387set physical=$nic 388end 389commit 390" 391 echo "$zcfg" > $config ; 392 zonecfg -z $zonename -f $config ; 393 rm $config 394} 395 396getAttrs() { 397 zone=global 398 type=ignore 399 for j in `ifconfig $nic` 400 do 401 case $j in 402 inet) type=$j;; 403 zone) type=$j;; 404 all-zones) zone=all-zones;; 405 flags*) flags=$j;; 406 *) case $type in 407 inet) ipaddr=$j ;; 408 zone) zone=$j ;; 409 *) continue ;; 410 esac;\ 411 type=ignore;; 412 esac 413 done 414 if [ $ipaddr != 0.0.0.0 ]; then 415 template=`tninfo -h $ipaddr|grep Template| cut -d" " -f3` 416 else 417 template="..." 418 ipaddr="..." 419 fi 420} 421 422updateTnrhdb() { 423 tnctl -h ${ipaddr}:$template 424 x=`grep "^${ipaddr}[^0-9]" /etc/security/tsol/tnrhdb` 425 if [ $? = 0 ]; then 426 sed s/$x/${ipaddr}:$template/g /etc/security/tsol/tnrhdb \ 427 > /tmp/txnetmgr.$$ 428 mv /tmp/txnetmgr.$$ /etc/security/tsol/tnrhdb 429 else 430 echo ${ipaddr}:$template >> /etc/security/tsol/tnrhdb 431 fi 432} 433 434getIPaddr() { 435 hostname=$(zenity --entry \ 436 --title="$title" \ 437 --text="$nic: Enter hostname: ") 438 439 if [ $? != 0 ]; then 440 return; 441 fi 442 443 ipaddr=`getent hosts $hostname|cut -f1` 444 if [[ -z $ipaddr ]]; then 445 446 ipaddr=$(zenity --entry \ 447 --title="$title" \ 448 --text="$nic: Enter IP address: " \ 449 --entry-text a.b.c.d) 450 if [ $? != 0 ]; then 451 return; 452 fi 453 fi 454 455} 456 457addHost() { 458 # Update hosts and ipnodes 459 if [[ -z $ipaddr ]]; then 460 return; 461 fi 462 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 463 if [ $? -eq 1 ]; then 464 echo "$ipaddr\t$hostname" >> /etc/inet/hosts 465 fi 466 467 grep "^${ipaddr}[^0-9]" /etc/inet/ipnodes >/dev/null 468 if [ $? -eq 1 ]; then 469 echo "$ipaddr\t$hostname" >> /etc/inet/ipnodes 470 fi 471 472 template=cipso 473 updateTnrhdb 474 475 ifconfig $nic $ipaddr netmask + broadcast + 476 echo $hostname > /etc/hostname.$nic 477} 478 479getTemplate() { 480 templates=$(cat /etc/security/tsol/tnrhtp|\ 481 grep "^[A-z]"|grep "type=cipso"|cut -f1 -d":") 482 483 while [ 1 -gt 0 ]; do 484 t_cmd=$(zenity --list \ 485 --title="$title" \ 486 --height=300 \ 487 --column="Network Templates" \ 488 $templates) 489 490 if [ $? != 0 ]; then 491 break; 492 fi 493 494 t_label=$(tninfo -t $t_cmd | grep sl|zenity --list \ 495 --title="$title" \ 496 --height=300 \ 497 --width=450 \ 498 --column="Click OK to associate $t_cmd template with $ipaddr" ) 499 500 if [ $? != 0 ]; then 501 continue 502 fi 503 template=$t_cmd 504 updateTnrhdb 505 break 506 done 507} 508 509createInterface() { 510 msg=`ifconfig $nic addif 0.0.0.0` 511 $(zenity --info \ 512 --title="$title" \ 513 --text="$msg" ) 514} 515 516shareInterface() { 517 ifconfig $nic all-zones;\ 518 if_file=/etc/hostname.$nic 519 sed q | sed -e "s/$/ all-zones/" < $if_file >/tmp/txnetmgr.$$ 520 mv /tmp/txnetmgr.$$ $if_file 521} 522 523setMacPrivs() { 524 zcfg=" 525set limitpriv=default,win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,file_downgrade_sl,file_upgrade_sl,sys_trans_label 526commit 527" 528 echo "$zcfg" > $config ; 529 zonecfg -z $zonename -f $config ; 530 rm $config 531} 532 533resetMacPrivs() { 534 zcfg=" 535set limitpriv=default 536commit 537" 538 echo "$zcfg" > $config ; 539 zonecfg -z $zonename -f $config ; 540 rm $config 541} 542 543unsharePasswd() { 544 for i in `zoneadm list -i | grep -v global`; do 545 zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such 546 zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such 547 done 548} 549 550sharePasswd() { 551 if [ $NSCD_PER_LABEL -ne 0 ] ; then 552 return 553 fi 554 passwd=`zonecfg -z $zonename info|grep /etc/passwd` 555 if [[ $? -eq 1 ]]; then 556 zcfg=" 557add fs 558set special=/etc/passwd 559set dir=/etc/passwd 560set type=lofs 561add options ro 562end 563add fs 564set special=/etc/shadow 565set dir=/etc/shadow 566set type=lofs 567add options ro 568end 569commit 570" 571 echo "$zcfg" > $config ; 572 zonecfg -z $zonename -f $config ; 573 rm $config 574 fi 575} 576 577# This routine is a toggle -- if we find it configured for global nscd, 578# change to nscd-per-label and vice-versa. 579# 580# The user was presented with only the choice to CHANGE the existing 581# configuration. 582 583manageNscd() { 584 if [ $NSCD_PER_LABEL -eq 0 ] ; then 585 # this MUST be a regular file for svc-nscd to detect 586 touch $NSCD_INDICATOR 587 NSCD_PER_LABEL=1 588 unsharePasswd 589 resolveXdisplay 590 else 591 export zonename 592 rm -f $NSCD_INDICATOR 593 NSCD_PER_LABEL=0 594 for i in `zoneadm list -i | grep -v global`; do 595 zonename=$i 596 sharePasswd 597 done 598 zonename= 599 fi 600} 601 602manageNets() { 603 while [ 1 -gt 0 ]; do 604 attrs= 605 for i in `ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK` 606 do 607 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 608 if [ $? -eq 1 ]; then 609 continue 610 fi 611 nic=${i%:} # Remove colon after interface name 612 getAttrs 613 attrs="$nic $zone $ipaddr $template Up $attrs" 614 done 615 616 for i in `ifconfig -ad4 |grep "^[a-z].*:" |grep -v LOOPBACK` 617 do 618 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 619 if [ $? -eq 1 ]; then 620 continue 621 fi 622 nic=${i%:} # Remove colon after interface name 623 getAttrs 624 attrs="$nic $zone $ipaddr $template Down $attrs" 625 done 626 627 nic=$(zenity --list \ 628 --title="$title" \ 629 --height=300 \ 630 --width=450 \ 631 --column="Interface" \ 632 --column="Zone Name" \ 633 --column="IP Address" \ 634 --column="Template" \ 635 --column="State" \ 636 $attrs) 637 638 if [[ -z $nic ]]; then 639 return 640 fi 641 642 getAttrs 643 644 # Clear list of commands 645 646 share= 647 setipaddr= 648 settemplate= 649 newlogical= 650 unplumb= 651 bringup= 652 bringdown= 653 654 # Check for physical interface 655 656 hascolon=`echo $nic |grep :` 657 if [ $? != 0 ]; then 658 newlogical="Create Logical Interface\n"; 659 else 660 up=`echo $flags|grep "UP,"` 661 if [ $? != 0 ]; then 662 unplumb="Remove Logical Interface\n" 663 if [ $ipaddr != "..." ]; then 664 bringup="Bring Up\n" 665 fi 666 else 667 bringdown="Bring Down\n" 668 fi 669 fi 670 671 if [ $ipaddr = "..." ]; then 672 setipaddr="Set IP address...\n"; 673 else 674 settemplate="View Templates...\n" 675 if [ $zone = global ]; then 676 share="Share\n" 677 fi 678 fi 679 680 command=$(echo ""\ 681 $share \ 682 $setipaddr \ 683 $settemplate \ 684 $newlogical \ 685 $unplumb \ 686 $bringup \ 687 $bringdown \ 688 | zenity --list \ 689 --title="$title" \ 690 --height=300 \ 691 --column "Interface: $nic" ) 692 693 case $command in 694 " Create Logical Interface")\ 695 createInterface;; 696 " Set IP address...")\ 697 getIPaddr 698 addHost;; 699 " Share")\ 700 shareInterface;; 701 " View Templates...")\ 702 getTemplate;; 703 " Remove Logical Interface")\ 704 ifconfig $nic unplumb;\ 705 rm -f /etc/hostname.$nic;; 706 " Bring Up")\ 707 ifconfig $nic up;; 708 " Bring Down")\ 709 ifconfig $nic down;; 710 *) continue;; 711 esac 712 done 713} 714 715createLDAPclient() { 716 ldaptitle="$title: Create LDAP Client" 717 ldapdomain=$(zenity --entry \ 718 --width=400 \ 719 --title="$ldaptitle" \ 720 --text="Enter Domain Name: ") 721 ldapserver=$(zenity --entry \ 722 --width=400 \ 723 --title="$ldaptitle" \ 724 --text="Enter Hostname of LDAP Server: ") 725 ldapserveraddr=$(zenity --entry \ 726 --width=400 \ 727 --title="$ldaptitle" \ 728 --text="Enter IP adddress of LDAP Server $ldapserver: ") 729 ldappassword="" 730 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]]; do 731 ldappassword=$(zenity --entry \ 732 --width=400 \ 733 --title="$ldaptitle" \ 734 --hide-text \ 735 --text="Enter LDAP Proxy Password:") 736 ldappasswordconfirm=$(zenity --entry \ 737 --width=400 \ 738 --title="$ldaptitle" \ 739 --hide-text \ 740 --text="Confirm LDAP Proxy Password:") 741 done 742 ldapprofile=$(zenity --entry \ 743 --width=400 \ 744 --title="$ldaptitle" \ 745 --text="Enter LDAP Profile Name: ") 746 whatnext=$(zenity --list \ 747 --width=400 \ 748 --height=250 \ 749 --title="$ldaptitle" \ 750 --text="Proceed to create LDAP Client?" \ 751 --column=Parameter --column=Value \ 752 "Domain Name" "$ldapdomain" \ 753 "Hostname" "$ldapserver" \ 754 "IP Address" "$ldapserveraddr" \ 755 "Password" "`echo "$ldappassword" | sed 's/./*/g'`" \ 756 "Profile" "$ldapprofile") 757 if [ $? != 0 ]; then 758 return 759 fi 760 761 /bin/grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 762 if [ $? -eq 1 ]; then 763 /bin/echo "$ldapserveraddr $ldapserver" >> /etc/hosts 764 fi 765 766 /bin/grep "${ldapserver}:" /etc/security/tsol/tnrhdb > /dev/null 767 if [ $? -eq 1 ]; then 768 /bin/echo "# ${ldapserver} - ldap server" \ 769 >> /etc/security/tsol/tnrhdb 770 /bin/echo "${ldapserveraddr}:cipso" \ 771 >> /etc/security/tsol/tnrhdb 772 /usr/sbin/tnctl -h "${ldapserveraddr}:cipso" 773 fi 774 775 proxyDN=`echo $ldapdomain|awk -F"." \ 776 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }"` 777 778 zenity --info \ 779 --title="$ldaptitle" \ 780 --width=500 \ 781 --text="global zone will be LDAP client of $ldapserver" 782 783 ldapout=/tmp/ldapclient.$$ 784 785 ldapclient init -a profileName="$ldapprofile" \ 786 -a domainName="$ldapdomain" \ 787 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 788 -a proxyPassword="$ldappassword" \ 789 "$ldapserveraddr" >$ldapout 2>&1 790 791 if [ $? -eq 0 ]; then 792 ldapstatus=Success 793 else 794 ldapstatus=Error 795 fi 796 797 zenity --text-info \ 798 --width=700 \ 799 --height=300 \ 800 --title="$ldaptitle: $ldapstatus" \ 801 --filename=$ldapout 802 803 rm -f $ldapout 804 805 806} 807 808# Loop for single-zone menu 809singleZone() { 810 811 while [ "${command}" != Exit ]; do 812 if [[ ! -n $zonename ]]; then 813 x=$(zenity --error \ 814 --title="$title" \ 815 --text="zonename \"$zonename\" is not valid") 816 return 817 fi 818 # Clear list of commands 819 820 console= 821 label= 822 start= 823 reboot= 824 stop= 825 clone= 826 copy= 827 install= 828 ready= 829 uninstall= 830 delete= 831 addnet= 832 deletenet= 833 permitrelabel= 834 835 zonestate=`zoneadm -z $zonename list -p | cut -d ":" -f 3` 836 837 consoleCheck; 838 labelCheck; 839 delay=0 840 841 case $zonestate in 842 running) ready="Ready\n"; \ 843 reboot="Reboot\n"; \ 844 stop="Halt\n"; \ 845 ;; 846 ready) start="Boot\n"; \ 847 stop="Halt\n" \ 848 ;; 849 installed) 850 if [[ -z $label ]]; then \ 851 ready="Ready\n"; \ 852 start="Boot\n"; \ 853 fi; \ 854 uninstall="Uninstall\n"; \ 855 relabelCheck; 856 addnet="Add Network...\n" 857 ;; 858 configured) install="Install...\n"; \ 859 copyCheck; \ 860 delete="Delete\n"; \ 861 console=; \ 862 ;; 863 incomplete) delete="Delete\n"; \ 864 ;; 865 *) 866 ;; 867 esac 868 869 command=$(echo ""\ 870 $console \ 871 $label \ 872 $start \ 873 $reboot \ 874 $stop \ 875 $clone \ 876 $copy \ 877 $install \ 878 $ready \ 879 $uninstall \ 880 $delete \ 881 $addnet \ 882 $deletenet \ 883 $permitrelabel \ 884 "Return to Main Menu" \ 885 | zenity --list \ 886 --title="$title" \ 887 --height=300 \ 888 --column "$zonename: $zonestate" ) 889 890 case $command in 891 " Zone Console...") 892 delay=2; \ 893 /usr/bin/gnome-terminal \ 894 --title="Zone Terminal Console: $zonename" \ 895 --command "/usr/sbin/zlogin -C $zonename" &;; 896 897 " Select Label...") 898 selectLabel;; 899 900 " Ready") 901 zoneadm -z $zonename ready ;; 902 903 " Boot") 904 zoneadm -z $zonename boot ;; 905 906 " Halt") 907 zoneadm -z $zonename halt ;; 908 909 " Reboot") 910 zoneadm -z $zonename reboot ;; 911 912 " Install...") 913 install;; 914 915 " Clone") 916 clone ;; 917 918 " Copy...") 919 copy ;; 920 921 " Uninstall") 922 zoneadm -z $zonename uninstall -F;; 923 924 " Delete") 925 delete 926 return ;; 927 928 " Add Network...") 929 addNet ;; 930 931 " Permit Relabeling") 932 setMacPrivs ;; 933 934 " Deny Relabeling") 935 resetMacPrivs ;; 936 937 *) 938 zonename= 939 return ;; 940 esac 941 sleep $delay; 942 done 943} 944 945# Main loop for top-level window 946# 947 948 949ZDSET=none 950# are there any zfs pools? 951zpool iostat 1>/dev/null 2>&1 952if [ $? = 0 ]; then 953 # is there a zfs pool named "zone"? 954 zpool list -H zone 1>/dev/null 2>&1 955 if [ $? = 0 ]; then 956 # yes 957 ZDSET=zone 958 else 959 # no, but is there a root pool? 960 rootfs=`df -n / | awk '{print $3}'` 961 if [ $rootfs = "zfs" ]; then 962 # yes, use it 963 ZDSET=`zfs list -Ho name / | cut -d/ -f 1`/zones 964 zfs list -H $ZDSET 1>/dev/null 2>&1 965 if [ $? = 1 ]; then 966 zfs create -o mountpoint=/zone $ZDSET 967 fi 968 fi 969 fi 970fi 971 972export NSCD_OPT 973while [ "${command}" != Exit ]; do 974 zonelist="" 975 for p in `zoneadm list -cp |grep -v global:`; do 976 zonename=`echo $p|cut -d : -f2` 977 state=`echo $p|cut -d : -f3` 978 labelCheck 979 zonelist="$zonelist$zonename\n$state\n$curlabel\n" 980 done 981 982 if [ $NSCD_PER_LABEL -eq 0 ] ; then 983 NSCD_OPT="Configure per-zone name service" 984 else 985 NSCD_OPT="Unconfigure per-zone name service" 986 fi 987 zonelist=${zonelist}"Manage Network Interfaces...\n\n\n" 988 zonelist=${zonelist}"Create a new zone...\n\n\n" 989 zonelist=${zonelist}"${NSCD_OPT}" 990 zonelist=${zonelist}"\n\n\nCreate LDAP Client...\n\n\n" 991 zonelist=${zonelist}"Exit\n\n" 992 993 zonename="" 994 topcommand=$(echo $zonelist|zenity --list \ 995 --title="$title" \ 996 --height=300 \ 997 --width=500 \ 998 --column="Zone Name" \ 999 --column="Status" \ 1000 --column="Sensitivity Label" \ 1001 ) 1002 1003 if [[ ! -n $topcommand ]]; then 1004 command=Exit 1005 exit 1006 fi 1007 1008 if [ "$topcommand" = "$NSCD_OPT" ]; then 1009 topcommand= 1010 manageNscd 1011 continue 1012 elif [ "$topcommand" = "Manage Network Interfaces..." ]; then 1013 topcommand= 1014 manageNets 1015 continue 1016 elif [ "$topcommand" = "Exit" ]; then 1017 command=Exit 1018 exit 1019 elif [ "$topcommand" = "Create a new zone..." ]; then 1020 zonename=$(zenity --entry \ 1021 --title="$title" \ 1022 --entry-text="" \ 1023 --text="Enter Zone Name: ") 1024 1025 if [[ ! -n $zonename ]]; then 1026 continue 1027 fi 1028 1029 zcfg=" 1030create -t SUNWtsoldef 1031set zonepath=/zone/$zonename 1032commit 1033" 1034 echo "$zcfg" > $config ; 1035 zonecfg -z $zonename -f $config ; 1036 rm $config 1037 # Now, go to the singleZone menu, using the global 1038 # variable zonename, and continue with zone creation 1039 singleZone 1040 continue 1041 elif [ "$topcommand" = "Create LDAP Client..." ]; then 1042 command=LDAPclient 1043 createLDAPclient 1044 continue 1045 fi 1046 # if the menu choice was a zonename, pop up zone menu 1047 zonename=$topcommand 1048 singleZone 1049done 1050