1#!/bin/pfksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23# Use is subject to license terms. 24# 25#ident "%Z%%M% %I% %E% SMI" 26# 27 28# This script provides a simple GUI for managing labeled zones. 29# It takes no arguments, but provides contextual menus which 30# provide appropriate choices. It must be run in the global 31# zone as root. 32 33NSCD_PER_LABEL=0 34NSCD_INDICATOR="/var/tsol/doors/nscd_per_label" 35export NSCD_PER_LABEL 36export NSCD_INDICATOR 37if [ -f $NSCD_INDICATOR ] ; then 38 NSCD_PER_LABEL=1 39fi 40PATH=/usr/bin:/usr/sbin:/usr/lib export PATH 41title="Labeled Zone Manager" 42maxlabel=`chk_encodings -X 2>/dev/null` 43if [[ ! -n $maxlabel ]]; then 44 maxlabel=0x000a-08-f8 45fi 46zonename="" 47export zonename 48config=/tmp/zfg.$$ ; 49 50consoleCheck() { 51 zconsole=`pgrep -f "zlogin -C $zonename"` 52 if [ $? != 0 ]; then 53 console="Zone Console...\n" 54 fi 55} 56 57labelCheck() { 58 hexlabel=`/bin/grep "^$zonename:" \ 59 /etc/security/tsol/tnzonecfg|cut -d ":" -f2`; 60 if [ $hexlabel ] ; then 61 label= 62 curlabel=`hextoalabel $hexlabel` 63 else 64 label="Select Label...\n" 65 curlabel=... 66 fi 67} 68 69snapshotCheck() { 70 filesystem=`zfs list |grep zone/$zonename |cut -d " " -f1` 71 if [[ -n $filesystem ]]; then 72 snapshot="Create Snapshot\n" 73 fi 74} 75 76copyCheck() { 77 zonelist="" 78 for p in `zoneadm list -ip`; do 79 q=`echo $p|cut -d ":" -f2` 80 if [ $q != $zonename ]; then 81 zonelist="$zonelist $q" 82 fi 83 done 84 if [[ -n $zonelist ]]; then 85 copy="Copy...\n"; \ 86 clone="Clone\n"; \ 87 fi 88} 89 90relabelCheck() { 91 macstate=`zonecfg -z $zonename info|grep win_mac_write` 92 if [[ -n $macstate ]]; then 93 permitrelabel="Deny Relabeling\n" 94 else 95 permitrelabel="Permit Relabeling\n" 96 fi 97} 98 99selectLabel() { 100 labelList="" 101 for p in `lslabels -h $maxlabel`; do 102 hexlabel=`/bin/grep :$p: /etc/security/tsol/tnzonecfg` 103 if [ $? != 0 ]; then 104 newlabel=`hextoalabel $p` 105 labelList="$labelList $newlabel\n" 106 fi 107 done 108 alabel=$(echo $labelList|zenity --list \ 109 --title="$title" \ 110 --height=300 \ 111 --width=400 \ 112 --column="Available Sensitivity Labels") 113 114 if [[ -n $alabel ]]; then 115 newlabel=`atohexlabel "$alabel" 2>null` 116 if [[ -n $newlabel ]]; then 117 echo $zonename:$newlabel:0:: >> /etc/security/tsol/tnzonecfg 118 else 119 x=$(zenity --error \ 120 --title="$title" \ 121 --text="$alabel is not valid") 122 fi 123 fi 124} 125 126resolveXdisplay() { 127 export ZONE_PATH 128 export ZONE_ETC_DIR 129 export IPNODES 130 export LIST 131 ERRORLIST="" 132 export ERRORLIST 133 # if using nscd-per-label then we have to be sure the global zone's 134 # hostname resolves because it is used for DISPLAY in X 135 ghostname=`hostname` 136 export ghostname 137 138 if [[ -n "$1" ]] ; then 139 LIST=`zoneadm list -ip | grep ":$1:"` 140 else 141 LIST=`zoneadm list -ip | grep -v "global"` 142 fi 143 144 gipaddress=`getent hosts $ghostname|cut -f1` 145 for i in $LIST; do 146 ZONE_PATH=`echo "$i" |cut -d ":" -f4` 147 ZONE_ETC_DIR=$ZONE_PATH/root/etc 148 IPNODES=${ZONE_ETC_DIR}/inet/ipnodes 149 150 # Rather than toggle on and off with NSCD_PER_LABEL, put the 151 # information in there and a sysadmin can remove it if necessary 152 # $DISPLAY will not work in X without global hostname 153 ENTRY=`grep $ghostname $IPNODES` 154 case "$ENTRY" in 155 127.0.0.1* ) 156 if [[ -z $ERRORLIST ]] ; then 157 ERRORLIST="$ghostname address 127.0.0.1 found in:\n" 158 fi 159 ERRORLIST="$ERRORLIST $IPNODES\n" 160 ;; 161 "") 162 gipaddress=`getent hosts $ghostname|cut -f1` 163 echo "$gipaddress\t$ghostname" >> $IPNODES 164 ;; 165 *) 166 continue 167 ;; 168 169 esac 170 done 171 if [[ -n "$ERRORLIST" ]] ; then 172 x=$(zenity --error \ 173 --title="$title" \ 174 --text="WARNING:\n\n\n$ERRORLIST\n\n") 175 fi 176} 177 178clone() { 179 image=`zfs list |grep snapshot|cut -d " " -f1| \ 180 zenity --list \ 181 --title="$title" \ 182 --height=300 \ 183 --column="ZFS Zone Snapshots"` 184 if [[ -n $image ]]; then 185 dataset=`zfs list |grep zone/$zonename |cut -d " " -f1` 186 if [[ -n $dataset ]]; then 187 /usr/sbin/zfs destroy zone/$zonename 188 fi 189 /usr/sbin/zfs clone $image zone/$zonename 190 /usr/sbin/zoneadm -z $zonename attach -F 191 if [ ! -f /var/ldap/ldap_client_file ]; then 192 if [ $NSCD_PER_LABEL = 0 ] ; then 193 sharePasswd 194 else 195 unsharePasswd 196 resolveXdisplay 197 fi 198 fi 199 fi 200} 201 202copy() { 203 204 image=`zenity --list \ 205 --title="$title: Copy From" \ 206 --height=300 \ 207 --column="Installed Zones" $zonelist` 208 209 /usr/bin/gnome-terminal \ 210 --title="$title: Copying $image to $zonename zone" \ 211 --command "zoneadm -z $zonename clone -m copy $image" \ 212 --disable-factory \ 213 --hide-menubar 214 215 if [ ! -f /var/ldap/ldap_client_file ]; then 216 if [ $NSCD_PER_LABEL = 0 ] ; then 217 sharePasswd 218 else 219 unsharePasswd 220 resolveXdisplay 221 fi 222 fi 223} 224 225initialize() { 226 hostname=`hostname` 227 hostname=$(zenity --entry \ 228 --title="$title" \ 229 --text="Enter Host Name: " \ 230 --entry-text $hostname) 231 if [ $? != 0 ]; then 232 exit 1 233 fi 234 235 ZONE_PATH=`zoneadm list -ip|grep ":${zonename}:"|cut -d ":" -f4` 236 if [ -z "$ZONE_PATH" ] ; then 237 x=$(zenity --error \ 238 --title="$title" \ 239 --text="$zonename is not an installed zone") 240 exit 1 241 fi 242 ZONE_ETC_DIR=$ZONE_PATH/root/etc 243 ipaddress=`getent hosts $hostname|cut -f1` 244 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 245 246 if [ -f /var/ldap/ldap_client_file ]; then 247 ldapaddress=`ldapclient list | \ 248 /bin/grep "^NS_LDAP_SERVERS" | cut -d " " -f2` 249 echo "name_service=LDAP {" > ${SYSIDCFG} 250 domain=`domainname` 251 echo "domain_name=$domain" >> ${SYSIDCFG} 252 profName=`ldapclient list | \ 253 /bin/grep "^NS_LDAP_PROFILE" | cut -d " " -f2` 254 proxyPwd=`ldapclient list | \ 255 /bin/grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2` 256 proxyDN=`ldapclient list | \ 257 /bin/grep "^NS_LDAP_BINDDN" | cut -d " " -f 2` 258 if [ "$proxyDN" ]; then 259 echo "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 260 echo "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 261 fi 262 echo "profile=$profName" >> ${SYSIDCFG} 263 echo "profile_server=$ldapaddress }" >> ${SYSIDCFG} 264 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 265 else 266 echo "name_service=NONE" > ${SYSIDCFG} 267 if [ $NSCD_PER_LABEL = 0 ] ; then 268 sharePasswd 269 else 270 # had to put resolveXdisplay lower down for this case 271 unsharePasswd 272 fi 273 fi 274 275 echo "security_policy=NONE" >> ${SYSIDCFG} 276 locale=`locale|grep LANG | cut -d "=" -f2` 277 if [[ -z $locale ]]; then 278 locale="C" 279 fi 280 echo "system_locale=$locale" >> ${SYSIDCFG} 281 timezone=`/bin/grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2` 282 echo "timezone=$timezone" >> ${SYSIDCFG} 283 echo "terminal=vt100" >> ${SYSIDCFG} 284 rootpwd=`/bin/grep "^root:" /etc/shadow|cut -d ":" -f2` 285 echo "root_password=$rootpwd" >> ${SYSIDCFG} 286 echo "network_interface=PRIMARY {" >> ${SYSIDCFG} 287 echo "protocol_ipv6=no" >> ${SYSIDCFG} 288 echo "hostname=$hostname" >> ${SYSIDCFG} 289 echo "ip_address=$ipaddress }" >> ${SYSIDCFG} 290 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 291 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 292 if [ $NSCD_PER_LABEL = 1 ] ; then 293 resolveXdisplay 294 fi 295} 296 297install() { 298 # if there is a zfs pool for zone 299 # create a new dataset for the zone 300 # This step is done automatically by zonecfg 301 # in Solaris Express 8/06 or newer 302 303 zp=`zpool list -H zone 2>/dev/null` 304 if [ $? = 0 ]; then 305 zfs create zone/$zonename 306 chmod 700 /zone/$zonename 307 fi 308 309 /usr/bin/gnome-terminal \ 310 --title="$title: Installing $zonename zone" \ 311 --command "zoneadm -z $zonename install" \ 312 --disable-factory \ 313 --hide-menubar 314 315 initialize 316} 317 318delete() { 319 # if there is an entry for this zone in tnzonecfg, remove it 320 # before deleting the zone. 321 322 tnzone=`egrep "^$zonename:" /etc/security/tsol/tnzonecfg 2>/dev/null` 323 if [ -n "${tnzone}" ]; then 324 sed -e "/^$tnzone:*/d" /etc/security/tsol/tnzonecfg > \ 325 /tmp/tnzonefg.$$ 2>/dev/null 326 mv /tmp/tnzonefg.$$ /etc/security/tsol/tnzonecfg 327 fi 328 zonecfg -z $zonename delete -F 329 zonename= 330} 331 332getNIC(){ 333 334 nics= 335 for i in `ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK` 336 do 337 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 338 if [ $? -eq 1 ]; then 339 continue 340 fi 341 i=${i%:} # Remove colon after interface name 342 echo $i |grep ":" >/dev/null 2>&1 343 if [ $? -eq 0 ]; then 344 continue 345 fi 346 nics="$nics $i" 347 done 348 349 nic=$(zenity --list \ 350 --title="$title" \ 351 --column="Interface" \ 352 $nics) 353} 354 355getNetmask() { 356 357 cidr= 358 nm=$(zenity --entry \ 359 --title="$title" \ 360 --text="$ipaddr: Enter netmask: " \ 361 --entry-text 255.255.255.0) 362 if [ $? != 0 ]; then 363 return; 364 fi 365 366 cidr=`perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm` 367} 368 369addNet() { 370 getNIC 371 if [[ -z $nic ]]; then 372 return; 373 fi 374 getIPaddr 375 if [[ -z $ipaddr ]]; then 376 return; 377 fi 378 getNetmask 379 if [[ -z $cidr ]]; then 380 return; 381 fi 382 zcfg=" 383add net 384set address=${ipaddr}/${cidr} 385set physical=$nic 386end 387commit 388" 389 echo "$zcfg" > $config ; 390 zonecfg -z $zonename -f $config ; 391 rm $config 392} 393 394getAttrs() { 395 zone=global 396 type=ignore 397 for j in `ifconfig $nic` 398 do 399 case $j in 400 inet) type=$j;; 401 zone) type=$j;; 402 all-zones) zone=all-zones;; 403 flags*) flags=$j;; 404 *) case $type in 405 inet) ipaddr=$j ;; 406 zone) zone=$j ;; 407 *) continue ;; 408 esac;\ 409 type=ignore;; 410 esac 411 done 412 if [ $ipaddr != 0.0.0.0 ]; then 413 template=`tninfo -h $ipaddr|grep Template| cut -d" " -f3` 414 else 415 template="..." 416 ipaddr="..." 417 fi 418} 419 420updateTnrhdb() { 421 tnctl -h ${ipaddr}:$template 422 x=`grep "^${ipaddr}[^0-9]" /etc/security/tsol/tnrhdb` 423 if [ $? = 0 ]; then 424 sed s/$x/${ipaddr}:$template/g /etc/security/tsol/tnrhdb \ 425 > /tmp/txnetmgr.$$ 426 mv /tmp/txnetmgr.$$ /etc/security/tsol/tnrhdb 427 else 428 echo ${ipaddr}:$template >> /etc/security/tsol/tnrhdb 429 fi 430} 431 432getIPaddr() { 433 hostname=$(zenity --entry \ 434 --title="$title" \ 435 --text="$nic: Enter hostname: ") 436 437 if [ $? != 0 ]; then 438 return; 439 fi 440 441 ipaddr=`getent hosts $hostname|cut -f1` 442 if [[ -z $ipaddr ]]; then 443 444 ipaddr=$(zenity --entry \ 445 --title="$title" \ 446 --text="$nic: Enter IP address: " \ 447 --entry-text a.b.c.d) 448 if [ $? != 0 ]; then 449 return; 450 fi 451 fi 452 453} 454 455addHost() { 456 # Update hosts and ipnodes 457 if [[ -z $ipaddr ]]; then 458 return; 459 fi 460 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 461 if [ $? -eq 1 ]; then 462 echo "$ipaddr\t$hostname" >> /etc/inet/hosts 463 fi 464 465 grep "^${ipaddr}[^0-9]" /etc/inet/ipnodes >/dev/null 466 if [ $? -eq 1 ]; then 467 echo "$ipaddr\t$hostname" >> /etc/inet/ipnodes 468 fi 469 470 template=cipso 471 updateTnrhdb 472 473 ifconfig $nic $ipaddr netmask + broadcast + 474 echo $hostname > /etc/hostname.$nic 475} 476 477getTemplate() { 478 templates=$(cat /etc/security/tsol/tnrhtp|\ 479 grep "^[A-z]"|grep "type=cipso"|cut -f1 -d":") 480 481 while [ 1 -gt 0 ]; do 482 t_cmd=$(zenity --list \ 483 --title="$title" \ 484 --height=300 \ 485 --column="Network Templates" \ 486 $templates) 487 488 if [ $? != 0 ]; then 489 break; 490 fi 491 492 t_label=$(tninfo -t $t_cmd | grep sl|zenity --list \ 493 --title="$title" \ 494 --height=300 \ 495 --width=450 \ 496 --column="Click OK to associate $t_cmd template with $ipaddr" ) 497 498 if [ $? != 0 ]; then 499 continue 500 fi 501 template=$t_cmd 502 updateTnrhdb 503 break 504 done 505} 506 507createInterface() { 508 msg=`ifconfig $nic addif 0.0.0.0` 509 $(zenity --info \ 510 --title="$title" \ 511 --text="$msg" ) 512} 513 514shareInterface() { 515 ifconfig $nic all-zones;\ 516 if_file=/etc/hostname.$nic 517 sed q | sed -e "s/$/ all-zones/" < $if_file >/tmp/txnetmgr.$$ 518 mv /tmp/txnetmgr.$$ $if_file 519} 520 521setMacPrivs() { 522 zcfg=" 523set limitpriv=default,win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,file_downgrade_sl,file_upgrade_sl,sys_trans_label 524commit 525" 526 echo "$zcfg" > $config ; 527 zonecfg -z $zonename -f $config ; 528 rm $config 529} 530 531resetMacPrivs() { 532 zcfg=" 533set limitpriv=default 534commit 535" 536 echo "$zcfg" > $config ; 537 zonecfg -z $zonename -f $config ; 538 rm $config 539} 540 541unsharePasswd() { 542 for i in `zoneadm list -i | grep -v global`; do 543 zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such 544 zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such 545 done 546} 547 548sharePasswd() { 549 if [ $NSCD_PER_LABEL -ne 0 ] ; then 550 return 551 fi 552 passwd=`zonecfg -z $zonename info|grep /etc/passwd` 553 if [[ $? -eq 1 ]]; then 554 zcfg=" 555add fs 556set special=/etc/passwd 557set dir=/etc/passwd 558set type=lofs 559add options ro 560end 561add fs 562set special=/etc/shadow 563set dir=/etc/shadow 564set type=lofs 565add options ro 566end 567commit 568" 569 echo "$zcfg" > $config ; 570 zonecfg -z $zonename -f $config ; 571 rm $config 572 fi 573} 574 575# This routine is a toggle -- if we find it configured for global nscd, 576# change to nscd-per-label and vice-versa. 577# 578# The user was presented with only the choice to CHANGE the existing 579# configuration. 580 581manageNscd() { 582 if [ $NSCD_PER_LABEL -eq 0 ] ; then 583 # this MUST be a regular file for svc-nscd to detect 584 touch $NSCD_INDICATOR 585 NSCD_PER_LABEL=1 586 unsharePasswd 587 resolveXdisplay 588 else 589 export zonename 590 rm -f $NSCD_INDICATOR 591 NSCD_PER_LABEL=0 592 for i in `zoneadm list -i | grep -v global`; do 593 zonename=$i 594 sharePasswd 595 done 596 zonename= 597 fi 598} 599 600manageNets() { 601 while [ 1 -gt 0 ]; do 602 attrs= 603 for i in `ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK` 604 do 605 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 606 if [ $? -eq 1 ]; then 607 continue 608 fi 609 nic=${i%:} # Remove colon after interface name 610 getAttrs 611 attrs="$nic $zone $ipaddr $template Up $attrs" 612 done 613 614 for i in `ifconfig -ad4 |grep "^[a-z].*:" |grep -v LOOPBACK` 615 do 616 echo $i |grep "^[a-z].*:" >/dev/null 2>&1 617 if [ $? -eq 1 ]; then 618 continue 619 fi 620 nic=${i%:} # Remove colon after interface name 621 getAttrs 622 attrs="$nic $zone $ipaddr $template Down $attrs" 623 done 624 625 nic=$(zenity --list \ 626 --title="$title" \ 627 --height=300 \ 628 --width=450 \ 629 --column="Interface" \ 630 --column="Zone Name" \ 631 --column="IP Address" \ 632 --column="Template" \ 633 --column="State" \ 634 $attrs) 635 636 if [[ -z $nic ]]; then 637 return 638 fi 639 640 getAttrs 641 642 # Clear list of commands 643 644 share= 645 setipaddr= 646 settemplate= 647 newlogical= 648 unplumb= 649 bringup= 650 bringdown= 651 652 # Check for physical interface 653 654 hascolon=`echo $nic |grep :` 655 if [ $? != 0 ]; then 656 newlogical="Create Logical Interface\n"; 657 else 658 up=`echo $flags|grep "UP,"` 659 if [ $? != 0 ]; then 660 unplumb="Remove Logical Interface\n" 661 if [ $ipaddr != "..." ]; then 662 bringup="Bring Up\n" 663 fi 664 else 665 bringdown="Bring Down\n" 666 fi 667 fi 668 669 if [ $ipaddr = "..." ]; then 670 setipaddr="Set IP address...\n"; 671 else 672 settemplate="View Templates...\n" 673 if [ $zone = global ]; then 674 share="Share\n" 675 fi 676 fi 677 678 command=$(echo ""\ 679 $share \ 680 $setipaddr \ 681 $settemplate \ 682 $newlogical \ 683 $unplumb \ 684 $bringup \ 685 $bringdown \ 686 | zenity --list \ 687 --title="$title" \ 688 --height=300 \ 689 --column "Interface: $nic" ) 690 691 case $command in 692 " Create Logical Interface")\ 693 createInterface;; 694 " Set IP address...")\ 695 getIPaddr 696 addHost;; 697 " Share")\ 698 shareInterface;; 699 " View Templates...")\ 700 getTemplate;; 701 " Remove Logical Interface")\ 702 ifconfig $nic unplumb;\ 703 rm -f /etc/hostname.$nic;; 704 " Bring Up")\ 705 ifconfig $nic up;; 706 " Bring Down")\ 707 ifconfig $nic down;; 708 *) continue;; 709 esac 710 done 711} 712 713createLDAPclient() { 714 ldaptitle="$title: Create LDAP Client" 715 ldapdomain=$(zenity --entry \ 716 --width=400 \ 717 --title="$ldaptitle" \ 718 --text="Enter Domain Name: ") 719 ldapserver=$(zenity --entry \ 720 --width=400 \ 721 --title="$ldaptitle" \ 722 --text="Enter Hostname of LDAP Server: ") 723 ldapserveraddr=$(zenity --entry \ 724 --width=400 \ 725 --title="$ldaptitle" \ 726 --text="Enter IP adddress of LDAP Server $ldapserver: ") 727 ldappassword="" 728 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]]; do 729 ldappassword=$(zenity --entry \ 730 --width=400 \ 731 --title="$ldaptitle" \ 732 --hide-text \ 733 --text="Enter LDAP Proxy Password:") 734 ldappasswordconfirm=$(zenity --entry \ 735 --width=400 \ 736 --title="$ldaptitle" \ 737 --hide-text \ 738 --text="Confirm LDAP Proxy Password:") 739 done 740 ldapprofile=$(zenity --entry \ 741 --width=400 \ 742 --title="$ldaptitle" \ 743 --text="Enter LDAP Profile Name: ") 744 whatnext=$(zenity --list \ 745 --width=400 \ 746 --height=250 \ 747 --title="$ldaptitle" \ 748 --text="Proceed to create LDAP Client?" \ 749 --column=Parameter --column=Value \ 750 "Domain Name" "$ldapdomain" \ 751 "Hostname" "$ldapserver" \ 752 "IP Address" "$ldapserveraddr" \ 753 "Password" "`echo "$ldappassword" | sed 's/./*/g'`" \ 754 "Profile" "$ldapprofile") 755 if [ $? != 0 ]; then 756 return 757 fi 758 759 /bin/grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 760 if [ $? -eq 1 ]; then 761 /bin/echo "$ldapserveraddr $ldapserver" >> /etc/hosts 762 fi 763 764 /bin/grep "${ldapserver}:" /etc/security/tsol/tnrhdb > /dev/null 765 if [ $? -eq 1 ]; then 766 /bin/echo "# ${ldapserver} - ldap server" \ 767 >> /etc/security/tsol/tnrhdb 768 /bin/echo "${ldapserveraddr}:cipso" \ 769 >> /etc/security/tsol/tnrhdb 770 /usr/sbin/tnctl -h "${ldapserveraddr}:cipso" 771 fi 772 773 proxyDN=`echo $ldapdomain|awk -F"." \ 774 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }"` 775 776 zenity --info \ 777 --title="$ldaptitle" \ 778 --width=500 \ 779 --text="global zone will be LDAP client of $ldapserver" 780 781 ldapout=/tmp/ldapclient.$$ 782 783 ldapclient init -a profileName="$ldapprofile" \ 784 -a domainName="$ldapdomain" \ 785 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 786 -a proxyPassword="$ldappassword" \ 787 "$ldapserveraddr" >$ldapout 2>&1 788 789 if [ $? -eq 0 ]; then 790 ldapstatus=Success 791 else 792 ldapstatus=Error 793 fi 794 795 zenity --text-info \ 796 --width=700 \ 797 --height=300 \ 798 --title="$ldaptitle: $ldapstatus" \ 799 --filename=$ldapout 800 801 rm -f $ldapout 802 803 804} 805 806# Loop for single-zone menu 807singleZone() { 808 809 while [ "${command}" != Exit ]; do 810 if [[ ! -n $zonename ]]; then 811 x=$(zenity --error \ 812 --title="$title" \ 813 --text="zonename \"$zonename\" is not valid") 814 return 815 fi 816 # Clear list of commands 817 818 console= 819 label= 820 start= 821 reboot= 822 stop= 823 clone= 824 copy= 825 install= 826 ready= 827 uninstall= 828 delete= 829 snapshot= 830 addnet= 831 deletenet= 832 permitrelabel= 833 834 zonestate=`zoneadm -z $zonename list -p | cut -d ":" -f 3` 835 836 consoleCheck; 837 labelCheck; 838 delay=0 839 840 case $zonestate in 841 running) ready="Ready\n"; \ 842 reboot="Reboot\n"; \ 843 stop="Halt\n"; \ 844 ;; 845 ready) start="Boot\n"; \ 846 stop="Halt\n" \ 847 ;; 848 installed) 849 if [[ -z $label ]]; then \ 850 ready="Ready\n"; \ 851 start="Boot\n"; \ 852 fi; \ 853 uninstall="Uninstall\n"; \ 854 snapshotCheck; \ 855 relabelCheck; 856 addnet="Add Network...\n" 857 ;; 858 configured) install="Install...\n"; \ 859 copyCheck; \ 860 delete="Delete\n"; \ 861 console=; \ 862 ;; 863 incomplete) delete="Delete\n"; \ 864 ;; 865 *) 866 ;; 867 esac 868 869 command=$(echo ""\ 870 $console \ 871 $label \ 872 $start \ 873 $reboot \ 874 $stop \ 875 $clone \ 876 $copy \ 877 $install \ 878 $ready \ 879 $uninstall \ 880 $delete \ 881 $snapshot \ 882 $addnet \ 883 $deletenet \ 884 $permitrelabel \ 885 "Return to Main Menu" \ 886 | zenity --list \ 887 --title="$title" \ 888 --height=300 \ 889 --column "$zonename: $zonestate" ) 890 891 case $command in 892 " Zone Console...") 893 delay=2; \ 894 /usr/bin/gnome-terminal \ 895 --title="Zone Terminal Console: $zonename" \ 896 --command "/usr/sbin/zlogin -C $zonename" &;; 897 898 " Select Label...") 899 selectLabel;; 900 901 " Ready") 902 zoneadm -z $zonename ready ;; 903 904 " Boot") 905 zoneadm -z $zonename boot ;; 906 907 " Halt") 908 zoneadm -z $zonename halt ;; 909 910 " Reboot") 911 zoneadm -z $zonename reboot ;; 912 913 " Install...") 914 install;; 915 916 " Clone") 917 clone ;; 918 919 " Copy...") 920 copy ;; 921 922 " Uninstall") 923 zoneadm -z $zonename uninstall -F;; 924 925 " Delete") 926 delete 927 return ;; 928 929 " Create Snapshot") 930 zfs snapshot zone/${zonename}@snapshot;; 931 932 " Add Network...") 933 addNet ;; 934 935 " Permit Relabeling") 936 setMacPrivs ;; 937 938 " Deny Relabeling") 939 resetMacPrivs ;; 940 941 *) 942 zonename= 943 return ;; 944 esac 945 sleep $delay; 946 done 947} 948 949# Main loop for top-level window 950# 951# Always display vni0 since it is useful for cross-zone networking 952# 953ifconfig vni0 > /dev/null 2>&1 954if [ $? != 0 ]; then 955 ifconfig vni0 plumb >/dev/null 2>&1 956fi 957export NSCD_OPT 958while [ "${command}" != Exit ]; do 959 zonelist="" 960 for p in `zoneadm list -cp |grep -v global:`; do 961 zonename=`echo $p|cut -d : -f2` 962 state=`echo $p|cut -d : -f3` 963 labelCheck 964 zonelist="$zonelist$zonename\n$state\n$curlabel\n" 965 done 966 967 if [ $NSCD_PER_LABEL -eq 0 ] ; then 968 NSCD_OPT="Configure per-zone name service" 969 else 970 NSCD_OPT="Unconfigure per-zone name service" 971 fi 972 zonelist=${zonelist}"Manage Network Interfaces...\n\n\n" 973 zonelist=${zonelist}"Create a new zone...\n\n\n" 974 zonelist=${zonelist}"${NSCD_OPT}" 975 zonelist=${zonelist}"\n\n\nCreate LDAP Client...\n\n\n" 976 zonelist=${zonelist}"Exit\n\n" 977 978 zonename="" 979 topcommand=$(echo $zonelist|zenity --list \ 980 --title="$title" \ 981 --height=300 \ 982 --width=500 \ 983 --column="Zone Name" \ 984 --column="Status" \ 985 --column="Sensitivity Label" \ 986 ) 987 988 if [[ ! -n $topcommand ]]; then 989 command=Exit 990 exit 991 fi 992 993 if [ "$topcommand" = "$NSCD_OPT" ]; then 994 topcommand= 995 manageNscd 996 continue 997 elif [ "$topcommand" = "Manage Network Interfaces..." ]; then 998 topcommand= 999 manageNets 1000 continue 1001 elif [ "$topcommand" = "Exit" ]; then 1002 command=Exit 1003 exit 1004 elif [ "$topcommand" = "Create a new zone..." ]; then 1005 zonename=$(zenity --entry \ 1006 --title="$title" \ 1007 --entry-text="" \ 1008 --text="Enter Zone Name: ") 1009 1010 if [[ ! -n $zonename ]]; then 1011 continue 1012 fi 1013 1014 zcfg=" 1015create -t SUNWtsoldef 1016set zonepath=/zone/$zonename 1017commit 1018" 1019 echo "$zcfg" > $config ; 1020 zonecfg -z $zonename -f $config ; 1021 rm $config 1022 # Now, go to the singleZone menu, using the global 1023 # variable zonename, and continue with zone creation 1024 singleZone 1025 continue 1026 elif [ "$topcommand" = "Create LDAP Client..." ]; then 1027 command=LDAPclient 1028 createLDAPclient 1029 continue 1030 fi 1031 # if the menu choice was a zonename, pop up zone menu 1032 zonename=$topcommand 1033 singleZone 1034done 1035