1#!/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23# 24# 25 26# This script provides a simple GUI for managing labeled zones. 27# It takes no arguments, but provides contextual menus which 28# provide appropriate choices. It must be run in the global 29# zone as root. 30 31NSCD_PER_LABEL=0 32NSCD_INDICATOR=/var/tsol/doors/nscd_per_label 33if [ -f $NSCD_INDICATOR ] ; then 34 NSCD_PER_LABEL=1 35fi 36 37TXTMP=/tmp/txzonemgr 38TNRHTP=/etc/security/tsol/tnrhtp 39TNRHDB=/etc/security/tsol/tnrhdb 40TNZONECFG=/etc/security/tsol/tnzonecfg 41PUBZONE=public 42INTZONE=internal 43 44PATH=/usr/bin:/usr/sbin:/usr/lib export PATH 45title="Labeled Zone Manager 2.1" 46 47msg_defzones=$(gettext "Create default zones using default settings?") 48msg_confirmkill=$(gettext "OK to destroy all zones?") 49msg_continue=$(gettext "(exit to resume $(basename $0) when ready)") 50msg_getlabel=$(gettext "Select a label for the") 51msg_getremote=$(gettext "Select a remote host or network from the list below:") 52msg_getnet=$(gettext "Select a network configuration for the") 53msg_getzone=$(gettext "Select a zone from the list below: 54(select global for zone creation and shared settings)") 55msg_getcmd=$(gettext "Select a command from the list below:") 56msg_inuse=$(gettext "That label is already assigned\nto the") 57msg_getmin=$(gettext "Select the minimum network label for the") 58msg_getmax=$(gettext "Select the maximum network label for the") 59msg_badip=$(gettext " is not a valid IP address") 60 61 62consoleCheck() { 63 if [ $zonename != global ] ; then 64 zconsole=$(pgrep -f "zlogin -C $zonename") 65 if [ $? != 0 ] ; then 66 console="Zone Console...\n" 67 fi 68 fi 69} 70 71labelCheck() { 72 hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2); 73 if [[ $hexlabel ]] ; then 74 label= 75 if [ $zonename = global ] ; then 76 template="admin_low" 77 addcipsohost="Add Multilevel Access to Remote Host...\n" 78 removecipsohost="Remove Multilevel Access to Remote Host...\n" 79 setmlps="Configure Multilevel Ports...\n" 80 else 81 template=${zonename}_unlab 82 addcipsohost= 83 removecipsohost= 84 setmlps= 85 86 net=$(zonecfg -z $zonename info net) 87 if [[ -n $net ]] ; then 88 setmlps="Configure Multilevel Ports...\n" 89 elif [ $zonestate = configured ] ; then 90 addnet="Configure Network Interfaces...\n" 91 fi 92 fi 93 addremotehost="Add Single-level Access to Remote Host...\n" 94 remotes=$(grep -v "^#" $TNRHDB|grep $template) 95 if [ $? = 0 ] ; then 96 removeremotehost="Remove Single-level Access to Remote Host...\n" 97 else 98 removeremotehost= 99 fi 100 else 101 label="Select Label...\n" 102 addremotehost= 103 removeremotehost= 104 addcipsohost= 105 removecipsohost= 106 setmlps= 107 fi 108} 109 110cloneCheck() { 111 set -A zonelist 112 integer clone_cnt=0 113 for p in $(zoneadm list -ip) ; do 114 z=$(echo "$p"|cut -d : -f2) 115 s=$(echo "$p"|cut -d : -f3) 116 if [ $z = $zonename ] ; then 117 continue 118 elif [ $s = "installed" ] ; then 119 zonelist[clone_cnt]=$z 120 clone_cnt+=1 121 fi 122 done 123 if [ $clone_cnt -gt 0 ] ; then 124 clone="Clone...\n"; \ 125 fi 126} 127 128relabelCheck() { 129 macstate=$(zonecfg -z $zonename info|grep win_mac_write) 130 if [[ -n $macstate ]] ; then 131 permitrelabel="Deny Relabeling\n" 132 else 133 permitrelabel="Permit Relabeling\n" 134 fi 135} 136 137autobootCheck() { 138 bootmode=$(zonecfg -z $zonename info autoboot) 139 if [[ $bootmode == 'autoboot: true' ]] ; then 140 autoboot="Set Manual Booting\n" 141 else 142 autoboot="Set Automatic Booting\n" 143 fi 144} 145 146newZone() { 147 if [[ ! -n $zonename ]] ; then 148 zonename=$(zenity --entry \ 149 --title="$title" \ 150 --width=330 \ 151 --entry-text="" \ 152 --text="Enter Zone Name: ") 153 154 if [[ ! -n $zonename ]] ; then 155 zonename=global 156 return 157 fi 158 fi 159 zonecfg -z $zonename "create -t SUNWtsoldef;\ 160 set zonepath=/zone/$zonename" 161} 162 163removeZoneBEs() { 164 delopt=$* 165 166 zfs list -H $ZDSET/$zonename 1>/dev/null 2>&1 167 if [ $? = 0 ] ; then 168 for zbe in $(zfs list -rHo name $ZDSET/$zonename|grep ROOT/zbe) ; do 169 zfs destroy $delopt $zbe 170 done 171 fi 172} 173 174updateTemplate () { 175 if [ $hostType = cipso ] ; then 176 template=${zonename}_cipso 177 deflabel= 178 else 179 template=${zonename}_unlab 180 deflabel="def_label=${hexlabel};" 181 fi 182 183 tnzone=$(grep "^${template}:" $TNRHTP 2>/dev/null) 184 if [ $? -eq 0 ] ; then 185 sed -e "/^${template}/d" $TNRHTP > $TXTMP/tnrhtp.$$ 2>/dev/null 186 mv $TXTMP/tnrhtp.$$ $TNRHTP 187 fi 188 print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP 189 tnctl -t $template 190} 191 192setTNdata () { 193 tnzline="$zonename:${hexlabel}:0::" 194 grep "^$tnzline" $TNZONECFG 1>/dev/null 2>&1 195 if [ $? -eq 1 ] ; then 196 print "$tnzline" >> $TNZONECFG 197 fi 198 199 # 200 # Add matching entries in tnrhtp if necessary 201 # 202 minlabel=admin_low 203 maxlabel=admin_high 204 hostType=cipso 205 updateTemplate 206 207 hostType=unlabeled 208 updateTemplate 209} 210 211selectLabel() { 212 hexlabel=$(tgnome-selectlabel \ 213 --title="$title" \ 214 --text="$msg_getlabel $zonename zone:" \ 215 --min="${DEFAULTLABEL}" \ 216 --default="${DEFAULTLABEL}" \ 217 --max=$(chk_encodings -X) \ 218 --accredcheck=yes \ 219 --mode=sensitivity \ 220 --format=internal) 221 if [ $? = 0 ] ; then 222 x=$(grep -i :{$hexlabel}: $TNZONECFG) 223 if [ $? = 0 ] ; then 224 z=$(print $x|cut -d : -f1) 225 x=$(zenity --error \ 226 --title="$title" \ 227 --text="$msg_inuse $z zone.") 228 else 229 setTNdata 230 fi 231 fi 232} 233 234getLabelRange() { 235 deflabel=$(hextoalabel $hexlabel) 236 minlabel=$(tgnome-selectlabel \ 237 --title="$title" \ 238 --text="$msg_getmin $zonename zone:" \ 239 --min="${DEFAULTLABEL}" \ 240 --max="$deflabel" \ 241 --default="$hexlabel" \ 242 --accredcheck=no \ 243 --mode=sensitivity \ 244 --format=internal) 245 [ $? != 0 ] && return 246 247 maxlabel=$(tgnome-selectlabel \ 248 --title="$title" \ 249 --text="$msg_getmax $zonename zone:" \ 250 --min="$deflabel" \ 251 --max=$(chk_encodings -X) \ 252 --default="$hexlabel" \ 253 --accredcheck=no \ 254 --mode=sensitivity \ 255 --format=internal) 256 [ $? != 0 ] && return 257 258 hostType=cipso 259 updateTemplate 260} 261 262 263encryptionValues() { 264 echo $(zfs get 2>&1 | grep encryption | sed -e s/^.*YES// -e s/\|//g) 265} 266 267getPassphrase() { 268 pass1=$(zenity --entry --title="$title" --text="Enter passphrase:" \ 269 --width=330 --hide-text) 270 pass2=$(zenity --entry --title="$title" --text="Re-enter passphrase:" \ 271 --width=330 --hide-text) 272 if [[ "$pass1" != "$pass2" ]]; then 273 zenity --error --title="$title" \ 274 --text="Passphrases do not match" 275 return "" 276 fi 277 file=$(mktemp) 278 echo "$pass1" > $file 279 echo "$file" 280} 281 282createZDSET() { 283 options=$1 284 pool=${2%%/*} 285 286 # First check if ZFS encrytption support is available 287 pversion=$(zpool list -H -o version $pool) 288 cversion=$(zpool upgrade -v | grep Crypto | awk '{ print $1 }') 289 290 if [[ $cversion == "" || $pversion -lt $cversion ]]; then 291 zfs create $options $ZDSET 292 return 293 fi 294 295 encryption=$(zenity --list --title="$title" --height=320 \ 296 --text="Select cipher for encryption of all labels:" \ 297 --column="encryption" $(encryptionValues)) 298 299 if [[ $? != 0 || $encryption == "off" ]]; then 300 zfs create $options $ZDSET 301 return 302 fi 303 304 format=$(zenity --list --title="$title" \ 305 --text "Select encryption key source:" \ 306 --column="Key format and location" \ 307 "Passphrase" "Generate Key in file") 308 [ $? != 0 ] && exit 309 310 if [[ $format == "Passphrase" ]]; then 311 file=$(getPassphrase) 312 if [[ $file == "" ]]; then 313 exit 314 fi 315 keysource="passphrase,file://$file" 316 removefile=1; 317 elif [[ $format == "Generate Key in file" ]]; then 318 file=$(zenity --file-selection \ 319 --title="$title: Location of key file" \ 320 --save --confirm-overwrite) 321 [ $? != 0 ] && exit 322 if [[ $encryption == "on" ]]; then 323 keylen=128 324 else 325 t=${encryption#aes-} && keylen=${t%%-*} 326 fi 327 pktool genkey keystore=file keytype=aes \ 328 keylen=$keylen outkey=$file 329 keysource="raw,file:///$file" 330 fi 331 332 options="$options -o encryption=$encryption -o keysource=$keysource" 333 zfs create $options $ZDSET 334 if [[ $removefile -eq 1 ]]; then 335 zfs set keysource=passphrase,prompt $ZDSET 336 rm $file 337 fi 338} 339 340 341initialize() { 342 zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4) 343 ZONE_ETC_DIR=$zonepath/root/etc 344 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 345 346 if [ -f /var/ldap/ldap_client_file ] ; then 347 ldapaddress=$(ldapclient list | \ 348 grep "^NS_LDAP_SERVERS" | cut -d " " -f2) 349 print "name_service=LDAP {" > ${SYSIDCFG} 350 domain=$(domainname) 351 print "domain_name=$domain" >> ${SYSIDCFG} 352 profName=$(ldapclient list | \ 353 grep "^NS_LDAP_PROFILE" | cut -d " " -f2) 354 proxyPwd=$(ldapclient list | \ 355 grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2) 356 proxyDN=$(ldapclient list | \ 357 grep "^NS_LDAP_BINDDN" | cut -d " " -f 2) 358 if [ "$proxyDN" ] ; then 359 print "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 360 print "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 361 fi 362 print "profile=$profName" >> ${SYSIDCFG} 363 print "profile_server=$ldapaddress }" >> ${SYSIDCFG} 364 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 365 else 366 print "name_service=NONE" > ${SYSIDCFG} 367 if [ $NSCD_PER_LABEL = 0 ] ; then 368 sharePasswd 369 else 370 unsharePasswd 371 fi 372 fi 373 374 print "security_policy=NONE" >> ${SYSIDCFG} 375 locale=$(locale|grep LANG | cut -d "=" -f2) 376 if [[ -z $locale ]] ; then 377 locale="C" 378 fi 379 print "system_locale=$locale" >> ${SYSIDCFG} 380 timezone=$(grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2) 381 print "timezone=$timezone" >> ${SYSIDCFG} 382 print "terminal=vt100" >> ${SYSIDCFG} 383 rootpwd=$(grep "^root:" /etc/shadow|cut -d : -f2) 384 #print "root_password=$rootpwd" >> ${SYSIDCFG} 385 print "nfs4_domain=dynamic" >> ${SYSIDCFG} 386 print "network_interface=PRIMARY {" >> ${SYSIDCFG} 387 388 net=$(zonecfg -z $zonename info net) 389 ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2) 390 if [ $ipType = exclusive ] ; then 391 hostname=$(zenity --entry \ 392 --title="$title" \ 393 --width=330 \ 394 --text="${zonename}0: Enter Hostname or dhcp: ") 395 [ $? != 0 ] && return 396 397 if [ $hostname = dhcp ] ; then 398 print "dhcp" >> ${SYSIDCFG} 399 else 400 print "hostname=$hostname" >> ${SYSIDCFG} 401 ipaddr=$(getent hosts $hostname|cut -f1) 402 if [ $? != 0 ] ; then 403 ipaddr=$(zenity --entry \ 404 --title="$title" \ 405 --text="$nic: Enter IP address: " \ 406 --entry-text a.b.c.d) 407 [ $? != 0 ] && return 408 409 validateIPaddr 410 if [[ -z $ipaddr ]] ; then 411 return 412 fi 413 fi 414 print "ip_address=$ipaddr" >> ${SYSIDCFG} 415 getNetmask 416 print "netmask=$nm" >> ${SYSIDCFG} 417 print "default_route=none" >> ${SYSIDCFG} 418 template=${zonename}_cipso 419 cidr=32 420 updateTnrhdb 421 fi 422 elif [[ -n $net ]] ; then 423 hostname=$(hostname) 424 hostname=$(zenity --entry \ 425 --title="$title" \ 426 --width=330 \ 427 --text="Enter Hostname: " \ 428 --entry-text $hostname) 429 [ $? != 0 ] && return 430 431 print "hostname=$hostname" >> ${SYSIDCFG} 432 ipaddr=$(getent hosts $hostname|cut -f1) 433 if [ $? = 0 ] ; then 434 print "ip_address=$ipaddr" >> ${SYSIDCFG} 435 fi 436 else 437 getAllZoneNICs 438 for i in ${aznics[*]} ; do 439 ipaddr=$(ifconfig $i|grep inet|cut -d " " -f2) 440 done 441 print "hostname=$(hostname)" >> ${SYSIDCFG} 442 print "ip_address=$ipaddr" >> ${SYSIDCFG} 443 fi 444 445 print "protocol_ipv6=no }" >> ${SYSIDCFG} 446 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 447 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 448} 449 450clone() { 451 image=$1 452 if [[ -z $image ]] ; then 453 msg_clone=$(gettext "Clone the $zonename zone using a 454snapshot of one of the following halted zones:") 455 image=$(zenity --list \ 456 --title="$title" \ 457 --text="$msg_clone" \ 458 --height=300 \ 459 --width=330 \ 460 --column="Installed Zones" ${zonelist[*]}) 461 fi 462 463 if [[ -n $image ]] ; then 464 removeZoneBEs 465 zoneadm -z $zonename clone $image 466 467 if [ ! -f /var/ldap/ldap_client_file ] ; then 468 if [ $NSCD_PER_LABEL = 0 ] ; then 469 sharePasswd 470 else 471 unsharePasswd 472 fi 473 fi 474 ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2) 475 if [ $ipType = exclusive ] ; then 476 zoneadm -z $zonename ready 477 zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4) 478 sys-unconfig -R $zonepath/root 2>/dev/null 479 initialize 480 zoneadm -z $zonename halt 481 fi 482 fi 483} 484 485install() { 486 removeZoneBEs 487 gnome-terminal \ 488 --title="$title: Installing $zonename zone" \ 489 --command "zoneadm -z $zonename install" \ 490 --disable-factory \ 491 --hide-menubar 492 493 zoneadm -z $zonename ready 494 initialize 495 zoneadm -z $zonename halt 496} 497 498delete() { 499 delopt=$* 500 501 # if there is an entry for this zone in tnzonecfg, remove it 502 # before deleting the zone. 503 504 tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null) 505 if [ -n "${tnzone}" ] ; then 506 sed -e "/^$zonename:/d" $TNZONECFG > \ 507 $TXTMP/tnzonefg.$$ 2>/dev/null 508 mv $TXTMP/tnzonefg.$$ $TNZONECFG 509 fi 510 511 for tnzone in $(grep ":${zonename}_unlab" $TNRHDB 2>/dev/null) ; do 512 tnctl -dh "$tnzone" 513 sed -e "/:${zonename}_unlab/d" $TNRHDB > \ 514 $TXTMP/tnrhdb.$$ 2>/dev/null 515 mv $TXTMP/tnrhdb.$$ $TNRHDB 516 done 517 518 for tnzone in $(grep "^${zonename}_unlab:" $TNRHTP 2>/dev/null) ; do 519 tnctl -dt ${zonename}_unlab 520 sed -e "/^${zonename}_unlab:/d" $TNRHTP > \ 521 $TXTMP/tnrhtp.$$ 2>/dev/null 522 mv $TXTMP/tnrhtp.$$ $TNRHTP 523 done 524 525 for tnzone in $(grep ":${zonename}_cipso" $TNRHDB 2>/dev/null) ; do 526 tnctl -dh "$tnzone" 527 sed -e "/:${zonename}_cipso/d" $TNRHDB > \ 528 $TXTMP/tnrhdb.$$ 2>/dev/null 529 mv $TXTMP/tnrhdb.$$ $TNRHDB 530 done 531 532 for tnzone in $(grep "^${zonename}_cipso:" $TNRHTP 2>/dev/null) ; do 533 tnctl -dt ${zonename}_cipso 534 sed -e "/^${zonename}_cipso:/d" $TNRHTP > \ 535 $TXTMP/tnrhtp.$$ 2>/dev/null 536 mv $TXTMP/tnrhtp.$$ $TNRHTP 537 done 538 539 zonecfg -z $zonename delete -F 540 541 removeZoneBEs $delopt 542 for snap in $(zfs list -Ho name -t snapshot|grep "\@${zonename}_snap") ; do 543 zfs destroy -R $snap 544 done 545} 546 547validateIPaddr () { 548 OLDIFS=$IFS 549 IFS=. 550 integer octet_cnt=0 551 integer dummy 552 set -A octets $ipaddr 553 IFS=$OLDIFS 554 if [ ${#octets[*]} == 4 ] ; then 555 while (( octet_cnt < ${#octets[*]} )); do 556 dummy=${octets[octet_cnt]} 557 if [ $dummy = ${octets[octet_cnt]} ] ; then 558 if (( $dummy >= 0 && \ 559 $dummy < 256 )) ; then 560 octet_cnt+=1 561 continue 562 fi 563 else 564 x=$(zenity --error \ 565 --title="$title" \ 566 --text="$ipaddr $msg_badip") 567 ipaddr= 568 return 569 fi 570 done 571 else 572 x=$(zenity --error \ 573 --title="$title" \ 574 --text="$ipaddr $msg_badip") 575 ipaddr= 576 fi 577} 578 579getAllZoneNICs(){ 580 integer count=0 581 for i in $(ifconfig -a4|grep "^[a-z].*:") 582 do 583 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 584 [ $? -eq 1 ] && continue 585 586 i=${i%:} # Remove colon after interface name 587 for j in $(ifconfig $i) 588 do 589 case $j in 590 all-zones) 591 aznics[count]=$i 592 count+=1 593 ;; 594 esac 595 done 596 done 597} 598 599getNetmask() { 600 cidr= 601 nm=$(zenity --entry \ 602 --title="$title" \ 603 --width=330 \ 604 --text="$ipaddr: Enter netmask: " \ 605 --entry-text 255.255.255.0) 606 [ $? != 0 ] && return; 607 608 cidr=$(perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm) 609} 610 611addNet() { 612 getIPaddr 613 if [[ -z $ipaddr ]] ; then 614 return; 615 fi 616 getNetmask 617 if [[ -z $cidr ]] ; then 618 return; 619 fi 620 zonecfg -z $zonename "add net; \ 621 set address=${ipaddr}/${cidr}; \ 622 set physical=$nic; \ 623 end" 624 template=${zonename}_cipso 625 cidr=32 626 updateTnrhdb 627} 628 629getAttrs() { 630 zone=global 631 type=ignore 632 for j in $(ifconfig $nic) 633 do 634 case $j in 635 inet) type=$j;; 636 zone) type=$j;; 637 all-zones) zone=all-zones;; 638 flags*) flags=$j;; 639 *) case $type in 640 inet) ipaddr=$j ;; 641 zone) zone=$j ;; 642 *) continue ;; 643 esac; 644 type=ignore;; 645 esac 646 done 647 if [[ $flags == ~(E).UP, ]] ; then 648 updown=Up 649 else 650 updown=Down 651 fi 652 if [[ $nic == ~(E).: ]] ; then 653 linktype=logical 654 else 655 vnic=$(dladm show-vnic -po link $nic 2>/dev/null) 656 if [[ -n $vnic ]] ; then 657 linktype=virtual 658 else 659 linktype=physical 660 fi 661 fi 662 if [ $ipaddr != 0.0.0.0 ] ; then 663 x=$(grep "^${ipaddr}[^0-9]" $TNRHDB) 664 if [ $? = 1 ] ; then 665 template=cipso 666 cidr=32 667 updateTnrhdb 668 else 669 template=$(print "$x"|cut -d : -f2) 670 fi 671 else 672 template="..." 673 ipaddr="..." 674 fi 675} 676deleteTnrhdbEntry() { 677 remote=$(grep "^${ipaddr}[^0-9]" $TNRHDB) 678 if [ $? = 0 ] ; then 679 ip=$(print $remote|cut -d "/" -f1) 680 if [[ $remote == ~(E)./ ]] ; then 681 pr=$(print $remote|cut -d "/" -f2) 682 remote="$ip\\/$pr" 683 fi 684 sed -e "/^${remote}/d" $TNRHDB > /tmp/tnrhdb.$$ 2>/dev/null 685 mv /tmp/tnrhdb.$$ $TNRHDB 686 fi 687} 688 689updateTnrhdb() { 690 deleteTnrhdbEntry 691 if [[ -n $cidr ]] ; then 692 print "${ipaddr}/$cidr:$template" >> $TNRHDB 693 tnctl -h ${ipaddr}/$cidr:$template 694 else 695 print "${ipaddr}:$template" >> $TNRHDB 696 tnctl -h ${ipaddr}:$template 697 fi 698} 699 700getIPaddr() { 701 hostname=$(zenity --entry \ 702 --title="$title" \ 703 --width=330 \ 704 --text="$nic: Enter Hostname: ") 705 706 [ $? != 0 ] && return 707 708 ipaddr=$(getent hosts $hostname|cut -f1) 709 if [[ -z $ipaddr ]] ; then 710 ipaddr=$(zenity --entry \ 711 --title="$title" \ 712 --text="$nic: Enter IP address: " \ 713 --entry-text a.b.c.d) 714 [ $? != 0 ] && return 715 validateIPaddr 716 fi 717 718} 719 720addHost() { 721 # Update hosts 722 if [[ -z $ipaddr ]] ; then 723 return; 724 fi 725 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 726 if [ $? -eq 1 ] ; then 727 print "$ipaddr\t$hostname" >> /etc/inet/hosts 728 fi 729 730 template=cipso 731 cidr=32 732 updateTnrhdb 733 734 ifconfig $nic $ipaddr netmask + broadcast + 735 # 736 # TODO: better integration with nwam 737 # TODO: get/set netmask for IP address 738 # 739 print $hostname > /etc/hostname.$nic 740} 741 742createInterface() { 743 msg=$(ifconfig $nic addif 0.0.0.0) 744 $(zenity --info \ 745 --title="$title" \ 746 --text="$msg" ) 747 nic=$(print "$msg"|cut -d" " -f5) 748 749} 750 751createVNIC() { 752 if [ $zonename != global ] ; then 753 vnicname=${zonename}0 754 else 755 vnicname=$(zenity --entry \ 756 --title="$title" \ 757 --width=330 \ 758 --entry-text="" \ 759 --text="Enter VNIC Name: ") 760 761 if [[ ! -n $vnicname ]] ; then 762 return 763 fi 764 fi 765 x=$(dladm show-vnic|grep "^$vnicname " ) 766 if [[ ! -n $x ]] ; then 767 dladm create-vnic -l $nic $vnicname 768 fi 769 if [ $zonename = global ] ; then 770 ifconfig $vnicname plumb 771 else 772 zonecfg -z $zonename "add net; \ 773 set physical=$vnicname; \ 774 end" 775 fi 776 nic=$vnicname 777} 778 779shareInterface() { 780 # 781 # TODO: better integration with nwam 782 # 783 ifconfig $nic all-zones;\ 784 if_file=/etc/hostname.$nic 785 sed q | sed -e "s/$/ all-zones/" < $if_file >$TXTMP/txnetmgr.$$ 786 mv $TXTMP/txnetmgr.$$ $if_file 787} 788 789addTnrhdb() { 790 ipaddr=$(zenity --entry \ 791 --title="$title" \ 792 --width=330 \ 793 --text="Zone:$zonename. Enter IP address of remote host or network: " \ 794 --entry-text a.b.c.d) 795 [ $? != 0 ] && return 796 validateIPaddr 797 if [[ -z $ipaddr ]] ; then 798 return; 799 fi 800 if [ ${octets[3]} = 0 ] ; then 801 nic="$ipaddr" 802 getNetmask 803 if [[ -z $cidr ]] ; then 804 return; 805 fi 806 else 807 cidr=32 808 fi 809 print "${ipaddr}/$cidr:$template" > $TXTMP/tnrhdb_new.$$ 810 x=$(tnchkdb -h $TXTMP/tnrhdb_new.$$ 2>$TXTMP/syntax_error.$$) 811 if [ $? = 0 ] ; then 812 updateTnrhdb 813 else 814 syntax=$(cat $TXTMP/syntax_error.$$) 815 x=$(zenity --error \ 816 --title="$title" \ 817 --text="$syntax") 818 fi 819 rm $TXTMP/tnrhdb_new.$$ 820 rm $TXTMP/syntax_error.$$ 821} 822 823removeTnrhdb() { 824 while (( 1 )) do 825 remotes=$(grep "^[^#][0-9.]" $TNRHDB|grep ":$template"|cut -d : -f1-2|tr : " ") 826 if [ $template = cipso ] ; then 827 templateHeading="from All Zones": 828 else 829 templateHeading="from this Zone": 830 fi 831 if [[ -n $remotes ]] ; then 832 ipaddr=$(zenity --list \ 833 --title="$title" \ 834 --text="$msg_getremote" \ 835 --height=250 \ 836 --width=300 \ 837 --column="Remove Access to:" \ 838 --column="$templateHeading" \ 839 $remotes) 840 841 if [[ -n $ipaddr ]] ; then 842 deleteTnrhdbEntry 843 tnctl -dh ${ip}:$template 844 else 845 return 846 fi 847 else 848 return 849 fi 850 done 851} 852 853setMLPs() { 854 tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null) 855 zoneMLPs=:$(print "$tnzone"|cut -d : -f4) 856 sharedMLPs=:$(print "$tnzone"|cut -d : -f5) 857 attrs="Private Interfaces$zoneMLPs\nShared Interfaces$sharedMLPs" 858 ports=$(print "$attrs"|zenity --list \ 859 --title="$title" \ 860 --height=200 \ 861 --width=450 \ 862 --text="Zone: $zonename\nClick once to select, twice to edit.\nShift-click to select both rows." \ 863 --column="Multilevel Ports (example: 80-81/tcp;111/udp;)" \ 864 --editable \ 865 --multiple 866 ) 867 868 if [[ -z $ports ]] ; then 869 return 870 fi 871 872 # getopts needs another a blank and another dash 873 ports=--$(print "$ports"|sed 's/ //g'|sed 's/|/ --/g'|sed 's/Interfaces:/ :/g') 874 875 OPTIND=1 876 while getopts "z:(Private)s:(Shared)" opt $ports ; do 877 case $opt in 878 z) zoneMLPs=$OPTARG ;; 879 s) sharedMLPs=$OPTARG ;; 880 esac 881 done 882 883 sed -e "/^$zonename:*/d" $TNZONECFG > $TXTMP/tnzonecfg.$$ 2>/dev/null 884 tnzone=$(print "$tnzone"|cut -d : -f1-3) 885 echo "${tnzone}${zoneMLPs}${sharedMLPs}" >> $TXTMP/tnzonecfg.$$ 886 887 x=$(tnchkdb -z $TXTMP/tnzonecfg.$$ 2>$TXTMP/syntax_error.$$) 888 889 if [ $? = 0 ] ; then 890 mv $TXTMP/tnzonecfg.$$ $TNZONECFG 891 zenity --info \ 892 --title="$title" \ 893 --text="Multilevel ports for the $zonename zone\nwill be interpreted on next reboot." 894 if [ $zonename != global ] ; then 895 getLabelRange 896 fi 897 else 898 syntax=$(cat $TXTMP/syntax_error.$$) 899 x=$(zenity --error \ 900 --title="$title" \ 901 --text="$syntax") 902 rm $TXTMP/tnzonecfg.$$ 903 fi 904 rm $TXTMP/syntax_error.$$ 905} 906 907unsharePasswd() { 908 for i in $(zoneadm list -i | grep -v global) ; do 909 zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such 910 zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such 911 done 912} 913 914sharePasswd() { 915 if [ $NSCD_PER_LABEL -ne 0 ] ; then 916 return 917 fi 918 passwd=$(zonecfg -z $zonename info|grep /etc/passwd) 919 if [ $? -eq 1 ] ; then 920 zonecfg -z $zonename "add fs; \ 921 set special=/etc/passwd; \ 922 set dir=/etc/passwd; \ 923 set type=lofs; \ 924 add options ro; \ 925 end; \ 926 add fs; \ 927 set special=/etc/shadow; \ 928 set dir=/etc/shadow; \ 929 set type=lofs; \ 930 add options ro; \ 931 end" 932 fi 933} 934 935# This routine is a toggle -- if we find it configured for global nscd, 936# change to nscd-per-label and vice-versa. 937# 938# The user was presented with only the choice to CHANGE the existing 939# configuration. 940 941manageNscd() { 942 if [ $NSCD_PER_LABEL -eq 0 ] ; then 943 # this MUST be a regular file for svc-nscd to detect 944 touch $NSCD_INDICATOR 945 NSCD_OPT="Unconfigure per-zone name service" 946 NSCD_PER_LABEL=1 947 unsharePasswd 948 else 949 rm -f $NSCD_INDICATOR 950 NSCD_OPT="Configure per-zone name service" 951 NSCD_PER_LABEL=0 952 for i in $(zoneadm list -i | grep -v global) ; do 953 zonename=$i 954 sharePasswd 955 done 956 zonename=global 957 fi 958} 959 960manageZoneNets () { 961 ncmds[0]="Only use all-zones interfaces" 962 ncmds[1]="Add a logical interface" 963 ncmds[2]="Add a virtual interface (VNIC)" 964 965 stacks[0]="Shared Stack" 966 stacks[1]="Exclusive Stack" 967 968 getAllZoneNICs 969 netOps[0]="1\n${ncmds[0]}\nShared Stack\n${aznics[*]}" 970 971 integer nic_cnt=0 972 integer netOp_cnt=2 973 974 set -A nics $(dladm show-phys|grep -v LINK|cut -f1 -d " ") 975 976 while (( nic_cnt < ${#nics[*]} )); do 977 netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[1]}\n${stacks[0]}\n${nics[nic_cnt]}" 978 netOp_cnt+=1 979 netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[2]}\n${stacks[1]}\n${nics[nic_cnt]}" 980 netOp_cnt+=1 981 nic_cnt+=1 982 done 983 984 netOp=$(print "${netOps[*]}"|zenity --list \ 985 --title="$title" \ 986 --text="$msg_getnet $zonename zone:" \ 987 --height=300 \ 988 --width=500 \ 989 --column="#" \ 990 --column="Network Configuration " \ 991 --column="IP Type" \ 992 --column="Available Interfaces" \ 993 --hide-column=1 994 ) 995 996 # User picked cancel or no selection 997 if [[ -z $netOp ]] ; then 998 return 999 fi 1000 1001 # All-zones is the default, so just return 1002 if [ $netOp = 1 ] ; then 1003 return 1004 fi 1005 1006 cmd=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 3) 1007 nic=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 5) 1008 case $cmd in 1009 ${ncmds[1]} ) 1010 addNet; 1011 ;; 1012 ${ncmds[2]} ) 1013 zonecfg -z $zonename set ip-type=exclusive 1014 createVNIC 1015 ;; 1016 esac 1017} 1018 1019manageInterface () { 1020 while (( 1 )) do 1021 getAttrs 1022 1023 # Clear list of commands 1024 1025 share= 1026 setipaddr= 1027 newlogical= 1028 newvnic= 1029 unplumb= 1030 bringup= 1031 bringdown= 1032 1033 if [ $updown = Down ] ; then 1034 bringup="Bring Up\n" 1035 else 1036 bringdown="Bring Down\n" 1037 fi 1038 1039 case $linktype in 1040 physical ) 1041 newlogical="Create Logical Interface...\n"; 1042 newvnic="Create Virtual Interface (VNIC)...\n"; 1043 ;; 1044 logical ) 1045 unplumb="Remove Logical Interface\n" 1046 ;; 1047 virtual ) 1048 newlogical="Create Logical Interface...\n"; 1049 unplumb="Remove Virtual Interface\n" ; 1050 ;; 1051 esac 1052 1053 if [ $ipaddr = "..." ] ; then 1054 setipaddr="Set IP address...\n" 1055 elif [ $zone != all-zones ] ; then 1056 share="Share with Shared-IP Zones\n" 1057 fi 1058 1059 command=$(print ""\ 1060 $share \ 1061 $setipaddr \ 1062 $newlogical \ 1063 $newvnic \ 1064 $unplumb \ 1065 $bringup \ 1066 $bringdown \ 1067 | zenity --list \ 1068 --title="$title" \ 1069 --text="Select a command from the list below:" \ 1070 --height=300 \ 1071 --column "Interface: $nic" ) 1072 1073 case $command in 1074 " Create Logical Interface...") 1075 createInterface;; 1076 " Create Virtual Interface (VNIC)...") 1077 createVNIC ;; 1078 " Set IP address...") 1079 getIPaddr 1080 addHost;; 1081 " Share with Shared-IP Zones") 1082 shareInterface;; 1083 " Remove Logical Interface") 1084 ifconfig $nic unplumb 1085 rm -f /etc/hostname.$nic 1086 return;; 1087 " Remove Virtual Interface") 1088 ifconfig $nic unplumb 1089 dladm delete-vnic $nic 1090 rm -f /etc/hostname.$nic 1091 return;; 1092 " Bring Up") 1093 ifconfig $nic up;; 1094 " Bring Down") 1095 ifconfig $nic down;; 1096 *) return;; 1097 esac 1098 done 1099} 1100 1101sharePrimaryNic() { 1102 set -A ip $(getent hosts $(cat /etc/nodename)) 1103 for i in $(ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK) 1104 do 1105 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 1106 [ $? -eq 1 ] && continue 1107 1108 nic=${i%:} # Remove colon after interface name 1109 getAttrs 1110 if [ ${ip[0]} = $ipaddr ]; then 1111 shareInterface 1112 break 1113 fi 1114 done 1115} 1116 1117manageNets() { 1118 while (( 1 )) do 1119 attrs= 1120 for i in $(ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK) 1121 do 1122 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 1123 [ $? -eq 1 ] && continue 1124 1125 nic=${i%:} # Remove colon after interface name 1126 getAttrs 1127 attrs="$nic $linktype $zone $ipaddr $template $updown $attrs" 1128 done 1129 1130 nic=$(zenity --list \ 1131 --title="$title" \ 1132 --text="Select an interface from the list below:" \ 1133 --height=300 \ 1134 --width=500 \ 1135 --column="Interface" \ 1136 --column="Type" \ 1137 --column="Zone Name" \ 1138 --column="IP Address" \ 1139 --column="Template" \ 1140 --column="State" \ 1141 $attrs) 1142 1143 if [[ -z $nic ]] ; then 1144 return 1145 fi 1146 manageInterface 1147 done 1148} 1149 1150createLDAPclient() { 1151 ldaptitle="$title: Create LDAP Client" 1152 ldapdomain=$(zenity --entry \ 1153 --width=400 \ 1154 --title="$ldaptitle" \ 1155 --text="Enter Domain Name: ") 1156 if [[ -n $ldapdomain ]] ; then 1157 ldapserver=$(zenity --entry \ 1158 --width=400 \ 1159 --title="$ldaptitle" \ 1160 --text="Enter Hostname of LDAP Server: ") 1161 else 1162 return 1163 fi 1164 if [[ -n $ldapserver ]] ; then 1165 ldapserveraddr=$(zenity --entry \ 1166 --width=400 \ 1167 --title="$ldaptitle" \ 1168 --text="Enter IP adddress of LDAP Server $ldapserver: ") 1169 else 1170 return 1171 fi 1172 ldappassword="" 1173 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]] ; do 1174 ldappassword=$(zenity --entry \ 1175 --width=400 \ 1176 --title="$ldaptitle" \ 1177 --hide-text \ 1178 --text="Enter LDAP Proxy Password:") 1179 ldappasswordconfirm=$(zenity --entry \ 1180 --width=400 \ 1181 --title="$ldaptitle" \ 1182 --hide-text \ 1183 --text="Confirm LDAP Proxy Password:") 1184 done 1185 ldapprofile=$(zenity --entry \ 1186 --width=400 \ 1187 --title="$ldaptitle" \ 1188 --text="Enter LDAP Profile Name: ") 1189 whatnext=$(zenity --list \ 1190 --width=400 \ 1191 --height=250 \ 1192 --title="$ldaptitle" \ 1193 --text="Proceed to create LDAP Client?" \ 1194 --column=Parameter --column=Value \ 1195 "Domain Name" "$ldapdomain" \ 1196 "Hostname" "$ldapserver" \ 1197 "IP Address" "$ldapserveraddr" \ 1198 "Password" "$(print "$ldappassword" | sed 's/./*/g')" \ 1199 "Profile" "$ldapprofile") 1200 [ $? != 0 ] && return 1201 1202 grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 1203 if [ $? -eq 1 ] ; then 1204 print "$ldapserveraddr $ldapserver" >> /etc/hosts 1205 fi 1206 1207 grep "${ldapserver}:" $TNRHDB > /dev/null 1208 if [ $? -eq 1 ] ; then 1209 print "# ${ldapserver} - ldap server" \ 1210 >> $TNRHDB 1211 print "${ldapserveraddr}:cipso" \ 1212 >> $TNRHDB 1213 tnctl -h "${ldapserveraddr}:cipso" 1214 fi 1215 1216 proxyDN=$(print $ldapdomain|awk -F"." \ 1217 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }") 1218 1219 zenity --info \ 1220 --title="$ldaptitle" \ 1221 --width=500 \ 1222 --text="global zone will be LDAP client of $ldapserver" 1223 1224 ldapout=$TXTMP/ldapclient.$$ 1225 1226 ldapclient init -a profileName="$ldapprofile" \ 1227 -a domainName="$ldapdomain" \ 1228 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 1229 -a proxyPassword="$ldappassword" \ 1230 "$ldapserveraddr" >$ldapout 2>&1 1231 1232 if [ $? -eq 0 ] ; then 1233 ldapstatus=Success 1234 else 1235 ldapstatus=Error 1236 fi 1237 1238 zenity --text-info \ 1239 --width=700 \ 1240 --height=300 \ 1241 --title="$ldaptitle: $ldapstatus" \ 1242 --filename=$ldapout 1243 1244 rm -f $ldapout 1245 1246 1247} 1248 1249tearDownZones() { 1250 killall=$(zenity --question \ 1251 --title="$title" \ 1252 --width=330 \ 1253 --text="$msg_confirmkill") 1254 if [[ $? != 0 ]]; then 1255 return 1256 fi 1257 1258 for p in $(zoneadm list -cp|grep -v global:) ; do 1259 zonename=$(echo "$p"|cut -d : -f2) 1260 zoneadm -z $zonename halt 1>/dev/null 2>&1 1261 zoneadm -z $zonename uninstall -F 1>/dev/null 2>&1 1262 delete -rRf 1263 done 1264 zonename=global 1265} 1266 1267createDefaultZones() { 1268 msg_choose1=$(gettext "Choose one:") 1269 defpub=$(gettext "$PUBZONE zone only") 1270 defboth=$(gettext "$PUBZONE and $INTZONE zones") 1271 defskip=$(gettext "Main Menu...") 1272 command=$(echo ""\ 1273 "$defpub\n" \ 1274 "$defboth\n" \ 1275 "$defskip\n" \ 1276 | zenity --list \ 1277 --title="$title" \ 1278 --text="$msg_defzones" \ 1279 --column="$msg_choose1" \ 1280 --height=400 \ 1281 --width=330 ) 1282 1283 case $command in 1284 " $defpub") 1285 createDefaultPublic ;; 1286 1287 " $defboth") 1288 createDefaultPublic 1289 createDefaultInternal ;; 1290 1291 *) 1292 return;; 1293 esac 1294} 1295 1296createDefaultPublic() { 1297 zonename=$PUBZONE 1298 newZone 1299 zone_cnt+=1 1300 hexlabel=$DEFAULTLABEL 1301 setTNdata 1302 sharePrimaryNic 1303 install 1304 zoneadm -z $zonename boot & 1305 gnome-terminal \ 1306 --disable-factory \ 1307 --title="Zone Console: $zonename $msg_continue" \ 1308 --command "zlogin -C $zonename" 1309} 1310 1311createDefaultInternal() { 1312 zoneadm -z $PUBZONE halt 1313 1314 zonename=snapshot 1315 newZone 1316 zone_cnt+=1 1317 zonecfg -z $zonename set autoboot=false 1318 1319 clone $PUBZONE 1320 zoneadm -z $PUBZONE boot & 1321 1322 zonename=$INTZONE 1323 newZone 1324 zone_cnt+=1 1325 selectLabel 1326 1327 clone snapshot 1328 gnome-terminal \ 1329 --title="Zone Console: $zonename" \ 1330 --command "zlogin -C $zonename" & 1331 zoneadm -z $zonename boot & 1332} 1333 1334selectZone() { 1335 set -A zonelist "global\nrunning\nADMIN_HIGH" 1336 integer zone_cnt=1 1337 1338 for p in $(zoneadm list -cp|grep -v global:) ; do 1339 zone_cnt+=1 1340 done 1341 if [ $zone_cnt == 1 ] ; then 1342 createDefaultZones 1343 fi 1344 if [ $zone_cnt == 1 ] ; then 1345 zonename=global 1346 singleZone 1347 return 1348 fi 1349 1350 zone_cnt=1 1351 for p in $(zoneadm list -cp|grep -v global:) ; do 1352 zonename=$(echo "$p"|cut -d : -f2) 1353 state=$(echo "$p"|cut -d : -f3) 1354 hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2) 1355 if [[ $hexlabel ]] ; then 1356 curlabel=$(hextoalabel $hexlabel) 1357 else 1358 curlabel=... 1359 fi 1360 zonelist[zone_cnt]="\n$zonename\n$state\n$curlabel" 1361 zone_cnt+=1 1362 done 1363 zonename=$(print "${zonelist[*]}"|zenity --list \ 1364 --title="$title" \ 1365 --text="$msg_getzone" \ 1366 --height=300 \ 1367 --width=500 \ 1368 --column="Zone Name" \ 1369 --column="Status" \ 1370 --column="Sensitivity Label" \ 1371 ) 1372 1373 # if the menu choice was a zonename, pop up zone menu 1374 if [[ -n $zonename ]] ; then 1375 singleZone 1376 else 1377 exit 1378 fi 1379} 1380 1381# Loop for single-zone menu 1382singleZone() { 1383 1384 while (( 1 )) do 1385 # Clear list of commands 1386 1387 console= 1388 label= 1389 start= 1390 reboot= 1391 stop= 1392 clone= 1393 install= 1394 ready= 1395 uninstall= 1396 autoboot= 1397 delete= 1398 deletenet= 1399 permitrelabel= 1400 1401 if [ $zone_cnt -gt 1 ] ; then 1402 killZones="Destroy all zones...\n" 1403 xit="Select another zone..." 1404 else 1405 killZones= 1406 xit="Exit" 1407 fi 1408 if [ $zonename = global ] ; then 1409 ldapClient="Create LDAP Client...\n" 1410 nscdOpt="$NSCD_OPT\n" 1411 createZone="Create a new zone...\n" 1412 addnet="Configure Network Interfaces...\n" 1413 else 1414 ldapClient= 1415 nscdOpt= 1416 createZone= 1417 addnet= 1418 killZones= 1419 fi 1420 1421 zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3) 1422 1423 consoleCheck; 1424 labelCheck; 1425 delay=0 1426 1427 if [ $zonename != global ] ; then 1428 case $zonestate in 1429 running) 1430 ready="Ready\n" 1431 reboot="Reboot\n" 1432 stop="Halt\n" 1433 ;; 1434 ready) 1435 start="Boot\n" 1436 stop="Halt\n" 1437 ;; 1438 installed) 1439 if [[ -z $label ]] ; then 1440 ready="Ready\n" 1441 start="Boot\n" 1442 fi 1443 uninstall="Uninstall\n" 1444 relabelCheck 1445 autobootCheck 1446 ;; 1447 configured) 1448 install="Install...\n" 1449 cloneCheck 1450 delete="Delete\n" 1451 console= 1452 ;; 1453 incomplete) 1454 uninstall="Uninstall\n" 1455 ;; 1456 *) 1457 ;; 1458 esac 1459 fi 1460 1461 command=$(echo ""\ 1462 $createZone \ 1463 $console \ 1464 $label \ 1465 $start \ 1466 $reboot \ 1467 $stop \ 1468 $clone \ 1469 $install \ 1470 $ready \ 1471 $uninstall \ 1472 $delete \ 1473 $addnet \ 1474 $deletenet \ 1475 $addremotehost \ 1476 $addcipsohost \ 1477 $removeremotehost \ 1478 $removecipsohost \ 1479 $setmlps \ 1480 $permitrelabel \ 1481 $autoboot \ 1482 $ldapClient \ 1483 $nscdOpt \ 1484 $killZones \ 1485 $xit \ 1486 | zenity --list \ 1487 --title="$title" \ 1488 --text="$msg_getcmd" \ 1489 --height=400 \ 1490 --width=330 \ 1491 --column "Zone: $zonename Status: $zonestate" ) 1492 1493 case $command in 1494 " Create a new zone...") 1495 zonename= 1496 newZone ;; 1497 1498 " Zone Console...") 1499 delay=2 1500 gnome-terminal \ 1501 --title="Zone Console: $zonename" \ 1502 --command "zlogin -C $zonename" & ;; 1503 1504 " Select Label...") 1505 selectLabel;; 1506 1507 " Ready") 1508 zoneadm -z $zonename ready ;; 1509 1510 " Boot") 1511 zoneadm -z $zonename boot ;; 1512 1513 " Halt") 1514 zoneadm -z $zonename halt ;; 1515 1516 " Reboot") 1517 zoneadm -z $zonename reboot ;; 1518 1519 " Install...") 1520 install;; 1521 1522 " Clone...") 1523 clone ;; 1524 1525 " Uninstall") 1526 zoneadm -z $zonename uninstall -F;; 1527 1528 " Delete") 1529 delete 1530 return ;; 1531 1532 " Configure Network Interfaces...") 1533 if [ $zonename = global ] ; then 1534 manageNets 1535 else 1536 manageZoneNets 1537 fi;; 1538 1539 " Add Single-level Access to Remote Host...") 1540 addTnrhdb ;; 1541 1542 " Add Multilevel Access to Remote Host...") 1543 template=cipso 1544 addTnrhdb ;; 1545 1546 " Remove Single-level Access to Remote Host...") 1547 removeTnrhdb ;; 1548 1549 " Remove Multilevel Access to Remote Host...") 1550 template=cipso 1551 removeTnrhdb ;; 1552 1553 " Configure Multilevel Ports...") 1554 setMLPs;; 1555 1556 " Permit Relabeling") 1557 zonecfg -z $zonename set limitpriv=default,\ 1558win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,\ 1559file_downgrade_sl,file_upgrade_sl,sys_trans_label ;; 1560 1561 " Deny Relabeling") 1562 zonecfg -z $zonename set limitpriv=default ;; 1563 1564 " Set Automatic Booting") 1565 zonecfg -z $zonename set autoboot=true ;; 1566 1567 " Set Manual Booting") 1568 zonecfg -z $zonename set autoboot=false ;; 1569 1570 " Create LDAP Client...") 1571 createLDAPclient ;; 1572 1573 " Configure per-zone name service") 1574 manageNscd ;; 1575 1576 " Unconfigure per-zone name service") 1577 manageNscd ;; 1578 1579 " Destroy all zones...") 1580 tearDownZones 1581 return ;; 1582 1583 *) 1584 if [ $zone_cnt == 1 ] ; then 1585 exit 1586 else 1587 return 1588 fi;; 1589 esac 1590 sleep $delay; 1591 done 1592} 1593 1594# Main loop for top-level window 1595# 1596 1597/usr/bin/plabel $$ 1>/dev/null 2>&1 1598if [ $? != 0 ] ; then 1599 echo "$0 : Trusted Extensions must be enabled." 1600 exit 1 1601fi 1602 1603myzone=$(/sbin/zonename) 1604if [ $myzone != "global" ] ; then 1605 echo "$0 : must be in global zone to run." 1606 exit 1 1607fi 1608 1609mkdir $TXTMP 2>/dev/null 1610deflabel=$(chk_encodings -a|grep "Default User Sensitivity"|\ 1611 sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2) 1612DEFAULTLABEL=$(atohexlabel ${deflabel}) 1613 1614# are there any zfs pools? 1615ZDSET=none 1616zpool iostat 1>/dev/null 2>&1 1617if [ $? = 0 ] ; then 1618 # is there a zfs pool named "zone"? 1619 zpool list -H zone 1>/dev/null 2>&1 1620 if [ $? = 0 ] ; then 1621 # yes 1622 ZDSET=zone 1623 else 1624 # no, but is there a root pool? 1625 rootfs=$(df -n / | awk '{print $3}') 1626 if [ $rootfs = "zfs" ] ; then 1627 # yes, use it 1628 ZDSET=$(zfs list -Ho name / | cut -d/ -f 1)/zones 1629 zfs list -H $ZDSET 1>/dev/null 2>&1 1630 if [ $? = 1 ] ; then 1631 createZDSET "-o mountpoint=/zone" $ZDSET 1632 fi 1633 fi 1634 fi 1635fi 1636 1637if [ $NSCD_PER_LABEL -eq 0 ] ; then 1638 NSCD_OPT="Configure per-zone name service" 1639else 1640 NSCD_OPT="Unconfigure per-zone name service" 1641fi 1642 1643 1644while (( 1 )) do 1645 selectZone 1646done 1647