1#!/bin/ksh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23# Use is subject to license terms. 24# 25# 26 27# This script provides a simple GUI for managing labeled zones. 28# It takes no arguments, but provides contextual menus which 29# provide appropriate choices. It must be run in the global 30# zone as root. 31 32NSCD_PER_LABEL=0 33NSCD_INDICATOR=/var/tsol/doors/nscd_per_label 34if [ -f $NSCD_INDICATOR ] ; then 35 NSCD_PER_LABEL=1 36fi 37 38TXTMP=/tmp/txzonemgr 39TNRHTP=/etc/security/tsol/tnrhtp 40TNRHDB=/etc/security/tsol/tnrhdb 41TNZONECFG=/etc/security/tsol/tnzonecfg 42PUBZONE=public 43INTZONE=internal 44 45PATH=/usr/bin:/usr/sbin:/usr/lib export PATH 46title="Labeled Zone Manager 2.1" 47 48msg_defzones=$(gettext "Create default zones using default settings?") 49msg_confirmkill=$(gettext "OK to destroy all zones?") 50msg_continue=$(gettext "(exit to resume $(basename $0) when ready)") 51msg_getlabel=$(gettext "Select a label for the") 52msg_getremote=$(gettext "Select a remote host or network from the list below:") 53msg_getnet=$(gettext "Select a network configuration for the") 54msg_getzone=$(gettext "Select a zone from the list below: 55(select global for zone creation and shared settings)") 56msg_getcmd=$(gettext "Select a command from the list below:") 57msg_inuse=$(gettext "That label is already assigned\nto the") 58msg_getmin=$(gettext "Select the minimum network label for the") 59msg_getmax=$(gettext "Select the maximum network label for the") 60msg_badip=$(gettext " is not a valid IP address") 61 62 63consoleCheck() { 64 if [ $zonename != global ] ; then 65 zconsole=$(pgrep -f "zlogin -C $zonename") 66 if [ $? != 0 ] ; then 67 console="Zone Console...\n" 68 fi 69 fi 70} 71 72labelCheck() { 73 hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2); 74 if [[ $hexlabel ]] ; then 75 label= 76 if [ $zonename = global ] ; then 77 template="admin_low" 78 addcipsohost="Add Multilevel Access to Remote Host...\n" 79 removecipsohost="Remove Multilevel Access to Remote Host...\n" 80 setmlps="Configure Multilevel Ports...\n" 81 else 82 template=${zonename}_unlab 83 addcipsohost= 84 removecipsohost= 85 setmlps= 86 87 net=$(zonecfg -z $zonename info net) 88 if [[ -n $net ]] ; then 89 setmlps="Configure Multilevel Ports...\n" 90 elif [ $zonestate = configured ] ; then 91 addnet="Configure Network Interfaces...\n" 92 fi 93 fi 94 addremotehost="Add Single-level Access to Remote Host...\n" 95 remotes=$(grep -v "^#" $TNRHDB|grep $template) 96 if [ $? = 0 ] ; then 97 removeremotehost="Remove Single-level Access to Remote Host...\n" 98 else 99 removeremotehost= 100 fi 101 else 102 label="Select Label...\n" 103 addremotehost= 104 removeremotehost= 105 addcipsohost= 106 removecipsohost= 107 setmlps= 108 fi 109} 110 111cloneCheck() { 112 set -A zonelist 113 integer clone_cnt=0 114 for p in $(zoneadm list -ip) ; do 115 z=$(echo "$p"|cut -d : -f2) 116 s=$(echo "$p"|cut -d : -f3) 117 if [ $z = $zonename ] ; then 118 continue 119 elif [ $s = "installed" ] ; then 120 zonelist[clone_cnt]=$z 121 clone_cnt+=1 122 fi 123 done 124 if [ $clone_cnt -gt 0 ] ; then 125 clone="Clone...\n"; \ 126 fi 127} 128 129relabelCheck() { 130 macstate=$(zonecfg -z $zonename info|grep win_mac_write) 131 if [[ -n $macstate ]] ; then 132 permitrelabel="Deny Relabeling\n" 133 else 134 permitrelabel="Permit Relabeling\n" 135 fi 136} 137 138autobootCheck() { 139 bootmode=$(zonecfg -z $zonename info autoboot) 140 if [[ $bootmode == 'autoboot: true' ]] ; then 141 autoboot="Set Manual Booting\n" 142 else 143 autoboot="Set Automatic Booting\n" 144 fi 145} 146 147newZone() { 148 if [[ ! -n $zonename ]] ; then 149 zonename=$(zenity --entry \ 150 --title="$title" \ 151 --width=330 \ 152 --entry-text="" \ 153 --text="Enter Zone Name: ") 154 155 if [[ ! -n $zonename ]] ; then 156 zonename=global 157 return 158 fi 159 fi 160 zonecfg -z $zonename "create -t SUNWtsoldef;\ 161 set zonepath=/zone/$zonename" 162} 163 164removeZoneBEs() { 165 delopt=$* 166 167 zfs list -H $ZDSET/$zonename 1>/dev/null 2>&1 168 if [ $? = 0 ] ; then 169 for zbe in $(zfs list -rHo name $ZDSET/$zonename|grep ROOT/zbe) ; do 170 zfs destroy $delopt $zbe 171 done 172 fi 173} 174 175updateTemplate () { 176 if [ $hostType = cipso ] ; then 177 template=${zonename}_cipso 178 deflabel= 179 else 180 template=${zonename}_unlab 181 deflabel="def_label=${hexlabel};" 182 fi 183 184 tnzone=$(grep "^${template}:" $TNRHTP 2>/dev/null) 185 if [ $? -eq 0 ] ; then 186 sed -e "/^${template}/d" $TNRHTP > $TXTMP/tnrhtp.$$ 2>/dev/null 187 mv $TXTMP/tnrhtp.$$ $TNRHTP 188 fi 189 print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP 190 tnctl -t $template 191} 192 193setTNdata () { 194 tnzline="$zonename:${hexlabel}:0::" 195 grep "^$tnzline" $TNZONECFG 1>/dev/null 2>&1 196 if [ $? -eq 1 ] ; then 197 print "$tnzline" >> $TNZONECFG 198 fi 199 200 # 201 # Add matching entries in tnrhtp if necessary 202 # 203 minlabel=admin_low 204 maxlabel=admin_high 205 hostType=cipso 206 updateTemplate 207 208 hostType=unlabeled 209 updateTemplate 210} 211 212selectLabel() { 213 hexlabel=$(tgnome-selectlabel \ 214 --title="$title" \ 215 --text="$msg_getlabel $zonename zone:" \ 216 --min="${DEFAULTLABEL}" \ 217 --default="${DEFAULTLABEL}" \ 218 --max=$(chk_encodings -X) \ 219 --accredcheck=yes \ 220 --mode=sensitivity \ 221 --format=internal) 222 if [ $? = 0 ] ; then 223 x=$(grep -i :{$hexlabel}: $TNZONECFG) 224 if [ $? = 0 ] ; then 225 z=$(print $x|cut -d : -f1) 226 x=$(zenity --error \ 227 --title="$title" \ 228 --text="$msg_inuse $z zone.") 229 else 230 setTNdata 231 fi 232 fi 233} 234 235getLabelRange() { 236 deflabel=$(hextoalabel $hexlabel) 237 minlabel=$(tgnome-selectlabel \ 238 --title="$title" \ 239 --text="$msg_getmin $zonename zone:" \ 240 --min="${DEFAULTLABEL}" \ 241 --max="$deflabel" \ 242 --default="$hexlabel" \ 243 --accredcheck=no \ 244 --mode=sensitivity \ 245 --format=internal) 246 [ $? != 0 ] && return 247 248 maxlabel=$(tgnome-selectlabel \ 249 --title="$title" \ 250 --text="$msg_getmax $zonename zone:" \ 251 --min="$deflabel" \ 252 --max=$(chk_encodings -X) \ 253 --default="$hexlabel" \ 254 --accredcheck=no \ 255 --mode=sensitivity \ 256 --format=internal) 257 [ $? != 0 ] && return 258 259 hostType=cipso 260 updateTemplate 261} 262 263 264encryptionValues() { 265 echo $(zfs get 2>&1 | grep encryption | sed -e s/^.*YES// -e s/\|//g) 266} 267 268getPassphrase() { 269 pass1=$(zenity --entry --title="$title" --text="Enter passphrase:" \ 270 --width=330 --hide-text) 271 pass2=$(zenity --entry --title="$title" --text="Re-enter passphrase:" \ 272 --width=330 --hide-text) 273 if [[ "$pass1" != "$pass2" ]]; then 274 zenity --error --title="$title" \ 275 --text="Passphrases do not match" 276 return "" 277 fi 278 file=$(mktemp) 279 echo "$pass1" > $file 280 echo "$file" 281} 282 283createZDSET() { 284 options=$1 285 pool=${2%%/*} 286 287 # First check if ZFS encrytption support is available 288 pversion=$(zpool list -H -o version $pool) 289 cversion=$(zpool upgrade -v | grep Crypto | awk '{ print $1 }') 290 291 if [[ $cversion == "" || $pversion -lt $cversion ]]; then 292 zfs create $options $ZDSET 293 return 294 fi 295 296 encryption=$(zenity --list --title="$title" --height=320 \ 297 --text="Select cipher for encryption of all labels:" \ 298 --column="encryption" $(encryptionValues)) 299 300 if [[ $? != 0 || $encryption == "off" ]]; then 301 zfs create $options $ZDSET 302 return 303 fi 304 305 format=$(zenity --list --title="$title" \ 306 --text "Select encryption key source:" \ 307 --column="Key format and location" \ 308 "Passphrase" "Generate Key in file") 309 [ $? != 0 ] && exit 310 311 if [[ $format == "Passphrase" ]]; then 312 file=$(getPassphrase) 313 if [[ $file == "" ]]; then 314 exit 315 fi 316 keysource="passphrase,file://$file" 317 removefile=1; 318 elif [[ $format == "Generate Key in file" ]]; then 319 file=$(zenity --file-selection \ 320 --title="$title: Location of key file" \ 321 --save --confirm-overwrite) 322 [ $? != 0 ] && exit 323 if [[ $encryption == "on" ]]; then 324 keylen=128 325 else 326 t=${encryption#aes-} && keylen=${t%%-*} 327 fi 328 pktool genkey keystore=file keytype=aes \ 329 keylen=$keylen outkey=$file 330 keysource="raw,file:///$file" 331 fi 332 333 options="$options -o encryption=$encryption -o keysource=$keysource" 334 zfs create $options $ZDSET 335 if [[ $removefile -eq 1 ]]; then 336 zfs set keysource=passphrase,prompt $ZDSET 337 rm $file 338 fi 339} 340 341 342initialize() { 343 zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4) 344 ZONE_ETC_DIR=$zonepath/root/etc 345 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 346 347 if [ -f /var/ldap/ldap_client_file ] ; then 348 ldapaddress=$(ldapclient list | \ 349 grep "^NS_LDAP_SERVERS" | cut -d " " -f2) 350 print "name_service=LDAP {" > ${SYSIDCFG} 351 domain=$(domainname) 352 print "domain_name=$domain" >> ${SYSIDCFG} 353 profName=$(ldapclient list | \ 354 grep "^NS_LDAP_PROFILE" | cut -d " " -f2) 355 proxyPwd=$(ldapclient list | \ 356 grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2) 357 proxyDN=$(ldapclient list | \ 358 grep "^NS_LDAP_BINDDN" | cut -d " " -f 2) 359 if [ "$proxyDN" ] ; then 360 print "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 361 print "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 362 fi 363 print "profile=$profName" >> ${SYSIDCFG} 364 print "profile_server=$ldapaddress }" >> ${SYSIDCFG} 365 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 366 else 367 print "name_service=NONE" > ${SYSIDCFG} 368 if [ $NSCD_PER_LABEL = 0 ] ; then 369 sharePasswd 370 else 371 unsharePasswd 372 fi 373 fi 374 375 print "security_policy=NONE" >> ${SYSIDCFG} 376 locale=$(locale|grep LANG | cut -d "=" -f2) 377 if [[ -z $locale ]] ; then 378 locale="C" 379 fi 380 print "system_locale=$locale" >> ${SYSIDCFG} 381 timezone=$(grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2) 382 print "timezone=$timezone" >> ${SYSIDCFG} 383 print "terminal=vt100" >> ${SYSIDCFG} 384 rootpwd=$(grep "^root:" /etc/shadow|cut -d : -f2) 385 #print "root_password=$rootpwd" >> ${SYSIDCFG} 386 print "nfs4_domain=dynamic" >> ${SYSIDCFG} 387 print "network_interface=PRIMARY {" >> ${SYSIDCFG} 388 389 net=$(zonecfg -z $zonename info net) 390 ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2) 391 if [ $ipType = exclusive ] ; then 392 hostname=$(zenity --entry \ 393 --title="$title" \ 394 --width=330 \ 395 --text="${zonename}0: Enter Hostname or dhcp: ") 396 [ $? != 0 ] && return 397 398 if [ $hostname = dhcp ] ; then 399 print "dhcp" >> ${SYSIDCFG} 400 else 401 print "hostname=$hostname" >> ${SYSIDCFG} 402 ipaddr=$(getent hosts $hostname|cut -f1) 403 if [ $? != 0 ] ; then 404 ipaddr=$(zenity --entry \ 405 --title="$title" \ 406 --text="$nic: Enter IP address: " \ 407 --entry-text a.b.c.d) 408 [ $? != 0 ] && return 409 410 validateIPaddr 411 if [[ -z $ipaddr ]] ; then 412 return 413 fi 414 fi 415 print "ip_address=$ipaddr" >> ${SYSIDCFG} 416 getNetmask 417 print "netmask=$nm" >> ${SYSIDCFG} 418 print "default_route=none" >> ${SYSIDCFG} 419 template=${zonename}_cipso 420 cidr=32 421 updateTnrhdb 422 fi 423 elif [[ -n $net ]] ; then 424 hostname=$(hostname) 425 hostname=$(zenity --entry \ 426 --title="$title" \ 427 --width=330 \ 428 --text="Enter Hostname: " \ 429 --entry-text $hostname) 430 [ $? != 0 ] && return 431 432 print "hostname=$hostname" >> ${SYSIDCFG} 433 ipaddr=$(getent hosts $hostname|cut -f1) 434 if [ $? = 0 ] ; then 435 print "ip_address=$ipaddr" >> ${SYSIDCFG} 436 fi 437 else 438 getAllZoneNICs 439 for i in ${aznics[*]} ; do 440 ipaddr=$(ifconfig $i|grep inet|cut -d " " -f2) 441 done 442 print "hostname=$(hostname)" >> ${SYSIDCFG} 443 print "ip_address=$ipaddr" >> ${SYSIDCFG} 444 fi 445 446 print "protocol_ipv6=no }" >> ${SYSIDCFG} 447 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 448 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 449} 450 451clone() { 452 image=$1 453 if [[ -z $image ]] ; then 454 msg_clone=$(gettext "Clone the $zonename zone using a 455snapshot of one of the following halted zones:") 456 image=$(zenity --list \ 457 --title="$title" \ 458 --text="$msg_clone" \ 459 --height=300 \ 460 --width=330 \ 461 --column="Installed Zones" ${zonelist[*]}) 462 fi 463 464 if [[ -n $image ]] ; then 465 removeZoneBEs 466 zoneadm -z $zonename clone $image 467 468 if [ ! -f /var/ldap/ldap_client_file ] ; then 469 if [ $NSCD_PER_LABEL = 0 ] ; then 470 sharePasswd 471 else 472 unsharePasswd 473 fi 474 fi 475 ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2) 476 if [ $ipType = exclusive ] ; then 477 zoneadm -z $zonename ready 478 zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4) 479 sys-unconfig -R $zonepath/root 2>/dev/null 480 initialize 481 zoneadm -z $zonename halt 482 fi 483 fi 484} 485 486install() { 487 removeZoneBEs 488 gnome-terminal \ 489 --title="$title: Installing $zonename zone" \ 490 --command "zoneadm -z $zonename install" \ 491 --disable-factory \ 492 --hide-menubar 493 494 zoneadm -z $zonename ready 495 initialize 496 zoneadm -z $zonename halt 497} 498 499delete() { 500 delopt=$* 501 502 # if there is an entry for this zone in tnzonecfg, remove it 503 # before deleting the zone. 504 505 tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null) 506 if [ -n "${tnzone}" ] ; then 507 sed -e "/^$zonename:/d" $TNZONECFG > \ 508 $TXTMP/tnzonefg.$$ 2>/dev/null 509 mv $TXTMP/tnzonefg.$$ $TNZONECFG 510 fi 511 512 for tnzone in $(grep ":${zonename}_unlab" $TNRHDB 2>/dev/null) ; do 513 tnctl -dh "$tnzone" 514 sed -e "/:${zonename}_unlab/d" $TNRHDB > \ 515 $TXTMP/tnrhdb.$$ 2>/dev/null 516 mv $TXTMP/tnrhdb.$$ $TNRHDB 517 done 518 519 for tnzone in $(grep "^${zonename}_unlab:" $TNRHTP 2>/dev/null) ; do 520 tnctl -dt ${zonename}_unlab 521 sed -e "/^${zonename}_unlab:/d" $TNRHTP > \ 522 $TXTMP/tnrhtp.$$ 2>/dev/null 523 mv $TXTMP/tnrhtp.$$ $TNRHTP 524 done 525 526 for tnzone in $(grep ":${zonename}_cipso" $TNRHDB 2>/dev/null) ; do 527 tnctl -dh "$tnzone" 528 sed -e "/:${zonename}_cipso/d" $TNRHDB > \ 529 $TXTMP/tnrhdb.$$ 2>/dev/null 530 mv $TXTMP/tnrhdb.$$ $TNRHDB 531 done 532 533 for tnzone in $(grep "^${zonename}_cipso:" $TNRHTP 2>/dev/null) ; do 534 tnctl -dt ${zonename}_cipso 535 sed -e "/^${zonename}_cipso:/d" $TNRHTP > \ 536 $TXTMP/tnrhtp.$$ 2>/dev/null 537 mv $TXTMP/tnrhtp.$$ $TNRHTP 538 done 539 540 zonecfg -z $zonename delete -F 541 542 removeZoneBEs $delopt 543 for snap in $(zfs list -Ho name -t snapshot|grep "\@${zonename}_snap") ; do 544 zfs destroy -R $snap 545 done 546} 547 548validateIPaddr () { 549 OLDIFS=$IFS 550 IFS=. 551 integer octet_cnt=0 552 integer dummy 553 set -A octets $ipaddr 554 IFS=$OLDIFS 555 if [ ${#octets[*]} == 4 ] ; then 556 while (( octet_cnt < ${#octets[*]} )); do 557 dummy=${octets[octet_cnt]} 558 if [ $dummy = ${octets[octet_cnt]} ] ; then 559 if (( $dummy >= 0 && \ 560 $dummy < 256 )) ; then 561 octet_cnt+=1 562 continue 563 fi 564 else 565 x=$(zenity --error \ 566 --title="$title" \ 567 --text="$ipaddr $msg_badip") 568 ipaddr= 569 return 570 fi 571 done 572 else 573 x=$(zenity --error \ 574 --title="$title" \ 575 --text="$ipaddr $msg_badip") 576 ipaddr= 577 fi 578} 579 580getAllZoneNICs(){ 581 integer count=0 582 for i in $(ifconfig -a4|grep "^[a-z].*:") 583 do 584 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 585 [ $? -eq 1 ] && continue 586 587 i=${i%:} # Remove colon after interface name 588 for j in $(ifconfig $i) 589 do 590 case $j in 591 all-zones) 592 aznics[count]=$i 593 count+=1 594 ;; 595 esac 596 done 597 done 598} 599 600getNetmask() { 601 cidr= 602 nm=$(zenity --entry \ 603 --title="$title" \ 604 --width=330 \ 605 --text="$ipaddr: Enter netmask: " \ 606 --entry-text 255.255.255.0) 607 [ $? != 0 ] && return; 608 609 cidr=$(perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm) 610} 611 612addNet() { 613 getIPaddr 614 if [[ -z $ipaddr ]] ; then 615 return; 616 fi 617 getNetmask 618 if [[ -z $cidr ]] ; then 619 return; 620 fi 621 zonecfg -z $zonename "add net; \ 622 set address=${ipaddr}/${cidr}; \ 623 set physical=$nic; \ 624 end" 625 template=${zonename}_cipso 626 cidr=32 627 updateTnrhdb 628} 629 630getAttrs() { 631 zone=global 632 type=ignore 633 for j in $(ifconfig $nic) 634 do 635 case $j in 636 inet) type=$j;; 637 zone) type=$j;; 638 all-zones) zone=all-zones;; 639 flags*) flags=$j;; 640 *) case $type in 641 inet) ipaddr=$j ;; 642 zone) zone=$j ;; 643 *) continue ;; 644 esac; 645 type=ignore;; 646 esac 647 done 648 if [[ $flags == ~(E).UP, ]] ; then 649 updown=Up 650 else 651 updown=Down 652 fi 653 if [[ $nic == ~(E).: ]] ; then 654 linktype=logical 655 else 656 vnic=$(dladm show-vnic -po link $nic 2>/dev/null) 657 if [[ -n $vnic ]] ; then 658 linktype=virtual 659 else 660 linktype=physical 661 fi 662 fi 663 if [ $ipaddr != 0.0.0.0 ] ; then 664 x=$(grep "^${ipaddr}[^0-9]" $TNRHDB) 665 if [ $? = 1 ] ; then 666 template=cipso 667 cidr=32 668 updateTnrhdb 669 else 670 template=$(print "$x"|cut -d : -f2) 671 fi 672 else 673 template="..." 674 ipaddr="..." 675 fi 676} 677deleteTnrhdbEntry() { 678 remote=$(grep "^${ipaddr}[^0-9]" $TNRHDB) 679 if [ $? = 0 ] ; then 680 ip=$(print $remote|cut -d "/" -f1) 681 if [[ $remote == ~(E)./ ]] ; then 682 pr=$(print $remote|cut -d "/" -f2) 683 remote="$ip\\/$pr" 684 fi 685 sed -e "/^${remote}/d" $TNRHDB > /tmp/tnrhdb.$$ 2>/dev/null 686 mv /tmp/tnrhdb.$$ $TNRHDB 687 fi 688} 689 690updateTnrhdb() { 691 deleteTnrhdbEntry 692 if [[ -n $cidr ]] ; then 693 print "${ipaddr}/$cidr:$template" >> $TNRHDB 694 tnctl -h ${ipaddr}/$cidr:$template 695 else 696 print "${ipaddr}:$template" >> $TNRHDB 697 tnctl -h ${ipaddr}:$template 698 fi 699} 700 701getIPaddr() { 702 hostname=$(zenity --entry \ 703 --title="$title" \ 704 --width=330 \ 705 --text="$nic: Enter Hostname: ") 706 707 [ $? != 0 ] && return 708 709 ipaddr=$(getent hosts $hostname|cut -f1) 710 if [[ -z $ipaddr ]] ; then 711 ipaddr=$(zenity --entry \ 712 --title="$title" \ 713 --text="$nic: Enter IP address: " \ 714 --entry-text a.b.c.d) 715 [ $? != 0 ] && return 716 validateIPaddr 717 fi 718 719} 720 721addHost() { 722 # Update hosts 723 if [[ -z $ipaddr ]] ; then 724 return; 725 fi 726 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 727 if [ $? -eq 1 ] ; then 728 print "$ipaddr\t$hostname" >> /etc/inet/hosts 729 fi 730 731 template=cipso 732 cidr=32 733 updateTnrhdb 734 735 ifconfig $nic $ipaddr netmask + broadcast + 736 # 737 # TODO: better integration with nwam 738 # TODO: get/set netmask for IP address 739 # 740 print $hostname > /etc/hostname.$nic 741} 742 743createInterface() { 744 msg=$(ifconfig $nic addif 0.0.0.0) 745 $(zenity --info \ 746 --title="$title" \ 747 --text="$msg" ) 748 nic=$(print "$msg"|cut -d" " -f5) 749 750} 751 752createVNIC() { 753 if [ $zonename != global ] ; then 754 vnicname=${zonename}0 755 else 756 vnicname=$(zenity --entry \ 757 --title="$title" \ 758 --width=330 \ 759 --entry-text="" \ 760 --text="Enter VNIC Name: ") 761 762 if [[ ! -n $vnicname ]] ; then 763 return 764 fi 765 fi 766 x=$(dladm show-vnic|grep "^$vnicname " ) 767 if [[ ! -n $x ]] ; then 768 dladm create-vnic -l $nic $vnicname 769 fi 770 if [ $zonename = global ] ; then 771 ifconfig $vnicname plumb 772 else 773 zonecfg -z $zonename "add net; \ 774 set physical=$vnicname; \ 775 end" 776 fi 777 nic=$vnicname 778} 779 780shareInterface() { 781 # 782 # TODO: better integration with nwam 783 # 784 ifconfig $nic all-zones;\ 785 if_file=/etc/hostname.$nic 786 sed q | sed -e "s/$/ all-zones/" < $if_file >$TXTMP/txnetmgr.$$ 787 mv $TXTMP/txnetmgr.$$ $if_file 788} 789 790addTnrhdb() { 791 ipaddr=$(zenity --entry \ 792 --title="$title" \ 793 --width=330 \ 794 --text="Zone:$zonename. Enter IP address of remote host or network: " \ 795 --entry-text a.b.c.d) 796 [ $? != 0 ] && return 797 validateIPaddr 798 if [[ -z $ipaddr ]] ; then 799 return; 800 fi 801 if [ ${octets[3]} = 0 ] ; then 802 nic="$ipaddr" 803 getNetmask 804 if [[ -z $cidr ]] ; then 805 return; 806 fi 807 else 808 cidr=32 809 fi 810 print "${ipaddr}/$cidr:$template" > $TXTMP/tnrhdb_new.$$ 811 x=$(tnchkdb -h $TXTMP/tnrhdb_new.$$ 2>$TXTMP/syntax_error.$$) 812 if [ $? = 0 ] ; then 813 updateTnrhdb 814 else 815 syntax=$(cat $TXTMP/syntax_error.$$) 816 x=$(zenity --error \ 817 --title="$title" \ 818 --text="$syntax") 819 fi 820 rm $TXTMP/tnrhdb_new.$$ 821 rm $TXTMP/syntax_error.$$ 822} 823 824removeTnrhdb() { 825 while (( 1 )) do 826 remotes=$(grep "^[^#][0-9.]" $TNRHDB|grep ":$template"|cut -d : -f1-2|tr : " ") 827 if [ $template = cipso ] ; then 828 templateHeading="from All Zones": 829 else 830 templateHeading="from this Zone": 831 fi 832 if [[ -n $remotes ]] ; then 833 ipaddr=$(zenity --list \ 834 --title="$title" \ 835 --text="$msg_getremote" \ 836 --height=250 \ 837 --width=300 \ 838 --column="Remove Access to:" \ 839 --column="$templateHeading" \ 840 $remotes) 841 842 if [[ -n $ipaddr ]] ; then 843 deleteTnrhdbEntry 844 tnctl -dh ${ip}:$template 845 else 846 return 847 fi 848 else 849 return 850 fi 851 done 852} 853 854setMLPs() { 855 tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null) 856 zoneMLPs=:$(print "$tnzone"|cut -d : -f4) 857 sharedMLPs=:$(print "$tnzone"|cut -d : -f5) 858 attrs="Private Interfaces$zoneMLPs\nShared Interfaces$sharedMLPs" 859 ports=$(print "$attrs"|zenity --list \ 860 --title="$title" \ 861 --height=200 \ 862 --width=450 \ 863 --text="Zone: $zonename\nClick once to select, twice to edit.\nShift-click to select both rows." \ 864 --column="Multilevel Ports (example: 80-81/tcp;111/udp;)" \ 865 --editable \ 866 --multiple 867 ) 868 869 if [[ -z $ports ]] ; then 870 return 871 fi 872 873 # getopts needs another a blank and another dash 874 ports=--$(print "$ports"|sed 's/ //g'|sed 's/|/ --/g'|sed 's/Interfaces:/ :/g') 875 876 OPTIND=1 877 while getopts "z:(Private)s:(Shared)" opt $ports ; do 878 case $opt in 879 z) zoneMLPs=$OPTARG ;; 880 s) sharedMLPs=$OPTARG ;; 881 esac 882 done 883 884 sed -e "/^$zonename:*/d" $TNZONECFG > $TXTMP/tnzonecfg.$$ 2>/dev/null 885 tnzone=$(print "$tnzone"|cut -d : -f1-3) 886 echo "${tnzone}${zoneMLPs}${sharedMLPs}" >> $TXTMP/tnzonecfg.$$ 887 888 x=$(tnchkdb -z $TXTMP/tnzonecfg.$$ 2>$TXTMP/syntax_error.$$) 889 890 if [ $? = 0 ] ; then 891 mv $TXTMP/tnzonecfg.$$ $TNZONECFG 892 zenity --info \ 893 --title="$title" \ 894 --text="Multilevel ports for the $zonename zone\nwill be interpreted on next reboot." 895 if [ $zonename != global ] ; then 896 getLabelRange 897 fi 898 else 899 syntax=$(cat $TXTMP/syntax_error.$$) 900 x=$(zenity --error \ 901 --title="$title" \ 902 --text="$syntax") 903 rm $TXTMP/tnzonecfg.$$ 904 fi 905 rm $TXTMP/syntax_error.$$ 906} 907 908unsharePasswd() { 909 for i in $(zoneadm list -i | grep -v global) ; do 910 zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such 911 zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such 912 done 913} 914 915sharePasswd() { 916 if [ $NSCD_PER_LABEL -ne 0 ] ; then 917 return 918 fi 919 passwd=$(zonecfg -z $zonename info|grep /etc/passwd) 920 if [ $? -eq 1 ] ; then 921 zonecfg -z $zonename "add fs; \ 922 set special=/etc/passwd; \ 923 set dir=/etc/passwd; \ 924 set type=lofs; \ 925 add options ro; \ 926 end; \ 927 add fs; \ 928 set special=/etc/shadow; \ 929 set dir=/etc/shadow; \ 930 set type=lofs; \ 931 add options ro; \ 932 end" 933 fi 934} 935 936# This routine is a toggle -- if we find it configured for global nscd, 937# change to nscd-per-label and vice-versa. 938# 939# The user was presented with only the choice to CHANGE the existing 940# configuration. 941 942manageNscd() { 943 if [ $NSCD_PER_LABEL -eq 0 ] ; then 944 # this MUST be a regular file for svc-nscd to detect 945 touch $NSCD_INDICATOR 946 NSCD_OPT="Unconfigure per-zone name service" 947 NSCD_PER_LABEL=1 948 unsharePasswd 949 else 950 rm -f $NSCD_INDICATOR 951 NSCD_OPT="Configure per-zone name service" 952 NSCD_PER_LABEL=0 953 for i in $(zoneadm list -i | grep -v global) ; do 954 zonename=$i 955 sharePasswd 956 done 957 zonename=global 958 fi 959} 960 961manageZoneNets () { 962 ncmds[0]="Only use all-zones interfaces" 963 ncmds[1]="Add a logical interface" 964 ncmds[2]="Add a virtual interface (VNIC)" 965 966 stacks[0]="Shared Stack" 967 stacks[1]="Exclusive Stack" 968 969 getAllZoneNICs 970 netOps[0]="1\n${ncmds[0]}\nShared Stack\n${aznics[*]}" 971 972 integer nic_cnt=0 973 integer netOp_cnt=2 974 975 set -A nics $(dladm show-phys|grep -v LINK|cut -f1 -d " ") 976 977 while (( nic_cnt < ${#nics[*]} )); do 978 netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[1]}\n${stacks[0]}\n${nics[nic_cnt]}" 979 netOp_cnt+=1 980 netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[2]}\n${stacks[1]}\n${nics[nic_cnt]}" 981 netOp_cnt+=1 982 nic_cnt+=1 983 done 984 985 netOp=$(print "${netOps[*]}"|zenity --list \ 986 --title="$title" \ 987 --text="$msg_getnet $zonename zone:" \ 988 --height=300 \ 989 --width=500 \ 990 --column="#" \ 991 --column="Network Configuration " \ 992 --column="IP Type" \ 993 --column="Available Interfaces" \ 994 --hide-column=1 995 ) 996 997 # User picked cancel or no selection 998 if [[ -z $netOp ]] ; then 999 return 1000 fi 1001 1002 # All-zones is the default, so just return 1003 if [ $netOp = 1 ] ; then 1004 return 1005 fi 1006 1007 cmd=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 3) 1008 nic=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 5) 1009 case $cmd in 1010 ${ncmds[1]} ) 1011 addNet; 1012 ;; 1013 ${ncmds[2]} ) 1014 zonecfg -z $zonename set ip-type=exclusive 1015 createVNIC 1016 ;; 1017 esac 1018} 1019 1020manageInterface () { 1021 while (( 1 )) do 1022 getAttrs 1023 1024 # Clear list of commands 1025 1026 share= 1027 setipaddr= 1028 newlogical= 1029 newvnic= 1030 unplumb= 1031 bringup= 1032 bringdown= 1033 1034 if [ $updown = Down ] ; then 1035 bringup="Bring Up\n" 1036 else 1037 bringdown="Bring Down\n" 1038 fi 1039 1040 case $linktype in 1041 physical ) 1042 newlogical="Create Logical Interface...\n"; 1043 newvnic="Create Virtual Interface (VNIC)...\n"; 1044 ;; 1045 logical ) 1046 unplumb="Remove Logical Interface\n" 1047 ;; 1048 virtual ) 1049 newlogical="Create Logical Interface...\n"; 1050 unplumb="Remove Virtual Interface\n" ; 1051 ;; 1052 esac 1053 1054 if [ $ipaddr = "..." ] ; then 1055 setipaddr="Set IP address...\n" 1056 elif [ $zone != all-zones ] ; then 1057 share="Share with Shared-IP Zones\n" 1058 fi 1059 1060 command=$(print ""\ 1061 $share \ 1062 $setipaddr \ 1063 $newlogical \ 1064 $newvnic \ 1065 $unplumb \ 1066 $bringup \ 1067 $bringdown \ 1068 | zenity --list \ 1069 --title="$title" \ 1070 --text="Select a command from the list below:" \ 1071 --height=300 \ 1072 --column "Interface: $nic" ) 1073 1074 case $command in 1075 " Create Logical Interface...") 1076 createInterface;; 1077 " Create Virtual Interface (VNIC)...") 1078 createVNIC ;; 1079 " Set IP address...") 1080 getIPaddr 1081 addHost;; 1082 " Share with Shared-IP Zones") 1083 shareInterface;; 1084 " Remove Logical Interface") 1085 ifconfig $nic unplumb 1086 rm -f /etc/hostname.$nic 1087 return;; 1088 " Remove Virtual Interface") 1089 ifconfig $nic unplumb 1090 dladm delete-vnic $nic 1091 rm -f /etc/hostname.$nic 1092 return;; 1093 " Bring Up") 1094 ifconfig $nic up;; 1095 " Bring Down") 1096 ifconfig $nic down;; 1097 *) return;; 1098 esac 1099 done 1100} 1101 1102sharePrimaryNic() { 1103 set -A ip $(getent hosts $(cat /etc/nodename)) 1104 for i in $(ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK) 1105 do 1106 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 1107 [ $? -eq 1 ] && continue 1108 1109 nic=${i%:} # Remove colon after interface name 1110 getAttrs 1111 if [ ${ip[0]} = $ipaddr ]; then 1112 shareInterface 1113 break 1114 fi 1115 done 1116} 1117 1118manageNets() { 1119 while (( 1 )) do 1120 attrs= 1121 for i in $(ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK) 1122 do 1123 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 1124 [ $? -eq 1 ] && continue 1125 1126 nic=${i%:} # Remove colon after interface name 1127 getAttrs 1128 attrs="$nic $linktype $zone $ipaddr $template $updown $attrs" 1129 done 1130 1131 nic=$(zenity --list \ 1132 --title="$title" \ 1133 --text="Select an interface from the list below:" \ 1134 --height=300 \ 1135 --width=500 \ 1136 --column="Interface" \ 1137 --column="Type" \ 1138 --column="Zone Name" \ 1139 --column="IP Address" \ 1140 --column="Template" \ 1141 --column="State" \ 1142 $attrs) 1143 1144 if [[ -z $nic ]] ; then 1145 return 1146 fi 1147 manageInterface 1148 done 1149} 1150 1151createLDAPclient() { 1152 ldaptitle="$title: Create LDAP Client" 1153 ldapdomain=$(zenity --entry \ 1154 --width=400 \ 1155 --title="$ldaptitle" \ 1156 --text="Enter Domain Name: ") 1157 if [[ -n $ldapdomain ]] ; then 1158 ldapserver=$(zenity --entry \ 1159 --width=400 \ 1160 --title="$ldaptitle" \ 1161 --text="Enter Hostname of LDAP Server: ") 1162 else 1163 return 1164 fi 1165 if [[ -n $ldapserver ]] ; then 1166 ldapserveraddr=$(zenity --entry \ 1167 --width=400 \ 1168 --title="$ldaptitle" \ 1169 --text="Enter IP adddress of LDAP Server $ldapserver: ") 1170 else 1171 return 1172 fi 1173 ldappassword="" 1174 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]] ; do 1175 ldappassword=$(zenity --entry \ 1176 --width=400 \ 1177 --title="$ldaptitle" \ 1178 --hide-text \ 1179 --text="Enter LDAP Proxy Password:") 1180 ldappasswordconfirm=$(zenity --entry \ 1181 --width=400 \ 1182 --title="$ldaptitle" \ 1183 --hide-text \ 1184 --text="Confirm LDAP Proxy Password:") 1185 done 1186 ldapprofile=$(zenity --entry \ 1187 --width=400 \ 1188 --title="$ldaptitle" \ 1189 --text="Enter LDAP Profile Name: ") 1190 whatnext=$(zenity --list \ 1191 --width=400 \ 1192 --height=250 \ 1193 --title="$ldaptitle" \ 1194 --text="Proceed to create LDAP Client?" \ 1195 --column=Parameter --column=Value \ 1196 "Domain Name" "$ldapdomain" \ 1197 "Hostname" "$ldapserver" \ 1198 "IP Address" "$ldapserveraddr" \ 1199 "Password" "$(print "$ldappassword" | sed 's/./*/g')" \ 1200 "Profile" "$ldapprofile") 1201 [ $? != 0 ] && return 1202 1203 grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 1204 if [ $? -eq 1 ] ; then 1205 print "$ldapserveraddr $ldapserver" >> /etc/hosts 1206 fi 1207 1208 grep "${ldapserver}:" $TNRHDB > /dev/null 1209 if [ $? -eq 1 ] ; then 1210 print "# ${ldapserver} - ldap server" \ 1211 >> $TNRHDB 1212 print "${ldapserveraddr}:cipso" \ 1213 >> $TNRHDB 1214 tnctl -h "${ldapserveraddr}:cipso" 1215 fi 1216 1217 proxyDN=$(print $ldapdomain|awk -F"." \ 1218 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }") 1219 1220 zenity --info \ 1221 --title="$ldaptitle" \ 1222 --width=500 \ 1223 --text="global zone will be LDAP client of $ldapserver" 1224 1225 ldapout=$TXTMP/ldapclient.$$ 1226 1227 ldapclient init -a profileName="$ldapprofile" \ 1228 -a domainName="$ldapdomain" \ 1229 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 1230 -a proxyPassword="$ldappassword" \ 1231 "$ldapserveraddr" >$ldapout 2>&1 1232 1233 if [ $? -eq 0 ] ; then 1234 ldapstatus=Success 1235 else 1236 ldapstatus=Error 1237 fi 1238 1239 zenity --text-info \ 1240 --width=700 \ 1241 --height=300 \ 1242 --title="$ldaptitle: $ldapstatus" \ 1243 --filename=$ldapout 1244 1245 rm -f $ldapout 1246 1247 1248} 1249 1250tearDownZones() { 1251 killall=$(zenity --question \ 1252 --title="$title" \ 1253 --width=330 \ 1254 --text="$msg_confirmkill") 1255 if [[ $? != 0 ]]; then 1256 return 1257 fi 1258 1259 for p in $(zoneadm list -cp|grep -v global:) ; do 1260 zonename=$(echo "$p"|cut -d : -f2) 1261 zoneadm -z $zonename halt 1>/dev/null 2>&1 1262 zoneadm -z $zonename uninstall -F 1>/dev/null 2>&1 1263 delete -rRf 1264 done 1265 zonename=global 1266} 1267 1268createDefaultZones() { 1269 msg_choose1=$(gettext "Choose one:") 1270 defpub=$(gettext "$PUBZONE zone only") 1271 defboth=$(gettext "$PUBZONE and $INTZONE zones") 1272 defskip=$(gettext "Main Menu...") 1273 command=$(echo ""\ 1274 "$defpub\n" \ 1275 "$defboth\n" \ 1276 "$defskip\n" \ 1277 | zenity --list \ 1278 --title="$title" \ 1279 --text="$msg_defzones" \ 1280 --column="$msg_choose1" \ 1281 --height=400 \ 1282 --width=330 ) 1283 1284 case $command in 1285 " $defpub") 1286 createDefaultPublic ;; 1287 1288 " $defboth") 1289 createDefaultPublic 1290 createDefaultInternal ;; 1291 1292 *) 1293 return;; 1294 esac 1295} 1296 1297createDefaultPublic() { 1298 zonename=$PUBZONE 1299 newZone 1300 zone_cnt+=1 1301 hexlabel=$DEFAULTLABEL 1302 setTNdata 1303 sharePrimaryNic 1304 install 1305 zoneadm -z $zonename boot & 1306 gnome-terminal \ 1307 --disable-factory \ 1308 --title="Zone Console: $zonename $msg_continue" \ 1309 --command "zlogin -C $zonename" 1310} 1311 1312createDefaultInternal() { 1313 zoneadm -z $PUBZONE halt 1314 1315 zonename=snapshot 1316 newZone 1317 zone_cnt+=1 1318 zonecfg -z $zonename set autoboot=false 1319 1320 clone $PUBZONE 1321 zoneadm -z $PUBZONE boot & 1322 1323 zonename=$INTZONE 1324 newZone 1325 zone_cnt+=1 1326 selectLabel 1327 1328 clone snapshot 1329 gnome-terminal \ 1330 --title="Zone Console: $zonename" \ 1331 --command "zlogin -C $zonename" & 1332 zoneadm -z $zonename boot & 1333} 1334 1335selectZone() { 1336 set -A zonelist "global\nrunning\nADMIN_HIGH" 1337 integer zone_cnt=1 1338 1339 for p in $(zoneadm list -cp|grep -v global:) ; do 1340 zone_cnt+=1 1341 done 1342 if [ $zone_cnt == 1 ] ; then 1343 createDefaultZones 1344 fi 1345 if [ $zone_cnt == 1 ] ; then 1346 zonename=global 1347 singleZone 1348 return 1349 fi 1350 1351 zone_cnt=1 1352 for p in $(zoneadm list -cp|grep -v global:) ; do 1353 zonename=$(echo "$p"|cut -d : -f2) 1354 state=$(echo "$p"|cut -d : -f3) 1355 hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2) 1356 if [[ $hexlabel ]] ; then 1357 curlabel=$(hextoalabel $hexlabel) 1358 else 1359 curlabel=... 1360 fi 1361 zonelist[zone_cnt]="\n$zonename\n$state\n$curlabel" 1362 zone_cnt+=1 1363 done 1364 zonename=$(print "${zonelist[*]}"|zenity --list \ 1365 --title="$title" \ 1366 --text="$msg_getzone" \ 1367 --height=300 \ 1368 --width=500 \ 1369 --column="Zone Name" \ 1370 --column="Status" \ 1371 --column="Sensitivity Label" \ 1372 ) 1373 1374 # if the menu choice was a zonename, pop up zone menu 1375 if [[ -n $zonename ]] ; then 1376 singleZone 1377 else 1378 exit 1379 fi 1380} 1381 1382# Loop for single-zone menu 1383singleZone() { 1384 1385 while (( 1 )) do 1386 # Clear list of commands 1387 1388 console= 1389 label= 1390 start= 1391 reboot= 1392 stop= 1393 clone= 1394 install= 1395 ready= 1396 uninstall= 1397 autoboot= 1398 delete= 1399 deletenet= 1400 permitrelabel= 1401 1402 if [ $zone_cnt -gt 1 ] ; then 1403 killZones="Destroy all zones...\n" 1404 xit="Select another zone..." 1405 else 1406 killZones= 1407 xit="Exit" 1408 fi 1409 if [ $zonename = global ] ; then 1410 ldapClient="Create LDAP Client...\n" 1411 nscdOpt="$NSCD_OPT\n" 1412 createZone="Create a new zone...\n" 1413 addnet="Configure Network Interfaces...\n" 1414 else 1415 ldapClient= 1416 nscdOpt= 1417 createZone= 1418 addnet= 1419 killZones= 1420 fi 1421 1422 zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3) 1423 1424 consoleCheck; 1425 labelCheck; 1426 delay=0 1427 1428 if [ $zonename != global ] ; then 1429 case $zonestate in 1430 running) 1431 ready="Ready\n" 1432 reboot="Reboot\n" 1433 stop="Halt\n" 1434 ;; 1435 ready) 1436 start="Boot\n" 1437 stop="Halt\n" 1438 ;; 1439 installed) 1440 if [[ -z $label ]] ; then 1441 ready="Ready\n" 1442 start="Boot\n" 1443 fi 1444 uninstall="Uninstall\n" 1445 relabelCheck 1446 autobootCheck 1447 ;; 1448 configured) 1449 install="Install...\n" 1450 cloneCheck 1451 delete="Delete\n" 1452 console= 1453 ;; 1454 incomplete) 1455 uninstall="Uninstall\n" 1456 ;; 1457 *) 1458 ;; 1459 esac 1460 fi 1461 1462 command=$(echo ""\ 1463 $createZone \ 1464 $console \ 1465 $label \ 1466 $start \ 1467 $reboot \ 1468 $stop \ 1469 $clone \ 1470 $install \ 1471 $ready \ 1472 $uninstall \ 1473 $delete \ 1474 $addnet \ 1475 $deletenet \ 1476 $addremotehost \ 1477 $addcipsohost \ 1478 $removeremotehost \ 1479 $removecipsohost \ 1480 $setmlps \ 1481 $permitrelabel \ 1482 $autoboot \ 1483 $ldapClient \ 1484 $nscdOpt \ 1485 $killZones \ 1486 $xit \ 1487 | zenity --list \ 1488 --title="$title" \ 1489 --text="$msg_getcmd" \ 1490 --height=400 \ 1491 --width=330 \ 1492 --column "Zone: $zonename Status: $zonestate" ) 1493 1494 case $command in 1495 " Create a new zone...") 1496 zonename= 1497 newZone ;; 1498 1499 " Zone Console...") 1500 delay=2 1501 gnome-terminal \ 1502 --title="Zone Console: $zonename" \ 1503 --command "zlogin -C $zonename" & ;; 1504 1505 " Select Label...") 1506 selectLabel;; 1507 1508 " Ready") 1509 zoneadm -z $zonename ready ;; 1510 1511 " Boot") 1512 zoneadm -z $zonename boot ;; 1513 1514 " Halt") 1515 zoneadm -z $zonename halt ;; 1516 1517 " Reboot") 1518 zoneadm -z $zonename reboot ;; 1519 1520 " Install...") 1521 install;; 1522 1523 " Clone...") 1524 clone ;; 1525 1526 " Uninstall") 1527 zoneadm -z $zonename uninstall -F;; 1528 1529 " Delete") 1530 delete 1531 return ;; 1532 1533 " Configure Network Interfaces...") 1534 if [ $zonename = global ] ; then 1535 manageNets 1536 else 1537 manageZoneNets 1538 fi;; 1539 1540 " Add Single-level Access to Remote Host...") 1541 addTnrhdb ;; 1542 1543 " Add Multilevel Access to Remote Host...") 1544 template=cipso 1545 addTnrhdb ;; 1546 1547 " Remove Single-level Access to Remote Host...") 1548 removeTnrhdb ;; 1549 1550 " Remove Multilevel Access to Remote Host...") 1551 template=cipso 1552 removeTnrhdb ;; 1553 1554 " Configure Multilevel Ports...") 1555 setMLPs;; 1556 1557 " Permit Relabeling") 1558 zonecfg -z $zonename set limitpriv=default,\ 1559win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,\ 1560file_downgrade_sl,file_upgrade_sl,sys_trans_label ;; 1561 1562 " Deny Relabeling") 1563 zonecfg -z $zonename set limitpriv=default ;; 1564 1565 " Set Automatic Booting") 1566 zonecfg -z $zonename set autoboot=true ;; 1567 1568 " Set Manual Booting") 1569 zonecfg -z $zonename set autoboot=false ;; 1570 1571 " Create LDAP Client...") 1572 createLDAPclient ;; 1573 1574 " Configure per-zone name service") 1575 manageNscd ;; 1576 1577 " Unconfigure per-zone name service") 1578 manageNscd ;; 1579 1580 " Destroy all zones...") 1581 tearDownZones 1582 return ;; 1583 1584 *) 1585 if [ $zone_cnt == 1 ] ; then 1586 exit 1587 else 1588 return 1589 fi;; 1590 esac 1591 sleep $delay; 1592 done 1593} 1594 1595# Main loop for top-level window 1596# 1597 1598mkdir $TXTMP 2>/dev/null 1599deflabel=$(chk_encodings -a|grep "Default User Sensitivity"|\ 1600 sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2) 1601DEFAULTLABEL=$(atohexlabel ${deflabel}) 1602 1603# are there any zfs pools? 1604ZDSET=none 1605zpool iostat 1>/dev/null 2>&1 1606if [ $? = 0 ] ; then 1607 # is there a zfs pool named "zone"? 1608 zpool list -H zone 1>/dev/null 2>&1 1609 if [ $? = 0 ] ; then 1610 # yes 1611 ZDSET=zone 1612 else 1613 # no, but is there a root pool? 1614 rootfs=$(df -n / | awk '{print $3}') 1615 if [ $rootfs = "zfs" ] ; then 1616 # yes, use it 1617 ZDSET=$(zfs list -Ho name / | cut -d/ -f 1)/zones 1618 zfs list -H $ZDSET 1>/dev/null 2>&1 1619 if [ $? = 1 ] ; then 1620 createZDSET "-o mountpoint=/zone" $ZDSET 1621 fi 1622 fi 1623 fi 1624fi 1625 1626if [ $NSCD_PER_LABEL -eq 0 ] ; then 1627 NSCD_OPT="Configure per-zone name service" 1628else 1629 NSCD_OPT="Unconfigure per-zone name service" 1630fi 1631 1632 1633while (( 1 )) do 1634 selectZone 1635done 1636