11e393761Sjpk#!/bin/ksh 2f875b4ebSrica# 3f875b4ebSrica# CDDL HEADER START 4f875b4ebSrica# 5f875b4ebSrica# The contents of this file are subject to the terms of the 6f875b4ebSrica# Common Development and Distribution License (the "License"). 7f875b4ebSrica# You may not use this file except in compliance with the License. 8f875b4ebSrica# 9f875b4ebSrica# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10f875b4ebSrica# or http://www.opensolaris.org/os/licensing. 11f875b4ebSrica# See the License for the specific language governing permissions 12f875b4ebSrica# and limitations under the License. 13f875b4ebSrica# 14f875b4ebSrica# When distributing Covered Code, include this CDDL HEADER in each 15f875b4ebSrica# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16f875b4ebSrica# If applicable, add the following below this CDDL HEADER, with the 17f875b4ebSrica# fields enclosed by brackets "[]" replaced with your own identifying 18f875b4ebSrica# information: Portions Copyright [yyyy] [name of copyright owner] 19f875b4ebSrica# 20f875b4ebSrica# CDDL HEADER END 21f875b4ebSrica# 22770915ebSRic Aleshire# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23*052519c2SGarrett D'Amore# Copyright 2014 Garrett D'Amore 24f875b4ebSrica# 25f875b4ebSrica# 26f875b4ebSrica 27f875b4ebSrica# This script provides a simple GUI for managing labeled zones. 28e27732d8SRic Aleshire# It provides contextual menus which provide appropriate choices. 29e27732d8SRic Aleshire# It must be run in the global zone as root. 30e27732d8SRic Aleshire 31e27732d8SRic Aleshire# These arguments are accepted, and will result in non-interactive 32e27732d8SRic Aleshire# (text-only) mode: 33e27732d8SRic Aleshire# 34e27732d8SRic Aleshire# txzonemgr [-c | -d[f]] 35e27732d8SRic Aleshire# 36e27732d8SRic Aleshire# -c create default zones 37e27732d8SRic Aleshire# -d destroy all zones; prompts for confirmation unless 38e27732d8SRic Aleshire# the -f flag is also specified 39e27732d8SRic Aleshire# -f force 40e27732d8SRic Aleshire# 41e27732d8SRic Aleshire 42e27732d8SRic Aleshire# DISP - use GUI (otherwise use non-interactive mode) 43e27732d8SRic AleshireDISP=1 44e27732d8SRic Aleshire# CREATEDEF - make default zones (non-interactive) 45e27732d8SRic AleshireCREATEDEF=0 46e27732d8SRic Aleshire# DESTROYZONES - tear down all zones (non-interactive) 47e27732d8SRic AleshireDESTROYZONES=0 48e27732d8SRic Aleshire# FORCE - force 49e27732d8SRic AleshireFORCE=0 50f875b4ebSrica 5156dd2b45SjparcelNSCD_PER_LABEL=0 52ead1f93eSLiane PrazaNSCD_INDICATOR=/var/tsol/doors/nscd_per_label 5356dd2b45Sjparcelif [ -f $NSCD_INDICATOR ] ; then 5456dd2b45Sjparcel NSCD_PER_LABEL=1 5556dd2b45Sjparcelfi 56ead1f93eSLiane Praza 57e27732d8SRic Aleshiremyname=$(basename $0) 58e27732d8SRic Aleshire 59ead1f93eSLiane PrazaTXTMP=/tmp/txzonemgr 60ead1f93eSLiane PrazaTNRHTP=/etc/security/tsol/tnrhtp 61ead1f93eSLiane PrazaTNRHDB=/etc/security/tsol/tnrhdb 62ead1f93eSLiane PrazaTNZONECFG=/etc/security/tsol/tnzonecfg 63ead1f93eSLiane PrazaPUBZONE=public 64ead1f93eSLiane PrazaINTZONE=internal 65ead1f93eSLiane Praza 66f875b4ebSricaPATH=/usr/bin:/usr/sbin:/usr/lib export PATH 67ead1f93eSLiane Prazatitle="Labeled Zone Manager 2.1" 68ead1f93eSLiane Praza 69ead1f93eSLiane Prazamsg_defzones=$(gettext "Create default zones using default settings?") 70ead1f93eSLiane Prazamsg_confirmkill=$(gettext "OK to destroy all zones?") 71ead1f93eSLiane Prazamsg_continue=$(gettext "(exit to resume $(basename $0) when ready)") 72ead1f93eSLiane Prazamsg_getlabel=$(gettext "Select a label for the") 73ead1f93eSLiane Prazamsg_getremote=$(gettext "Select a remote host or network from the list below:") 74ead1f93eSLiane Prazamsg_getnet=$(gettext "Select a network configuration for the") 75ead1f93eSLiane Prazamsg_getzone=$(gettext "Select a zone from the list below: 76ead1f93eSLiane Praza(select global for zone creation and shared settings)") 77ead1f93eSLiane Prazamsg_getcmd=$(gettext "Select a command from the list below:") 78ead1f93eSLiane Prazamsg_inuse=$(gettext "That label is already assigned\nto the") 79ead1f93eSLiane Prazamsg_getmin=$(gettext "Select the minimum network label for the") 80ead1f93eSLiane Prazamsg_getmax=$(gettext "Select the maximum network label for the") 81ead1f93eSLiane Prazamsg_badip=$(gettext " is not a valid IP address") 82ead1f93eSLiane Praza 83f875b4ebSrica 84e27732d8SRic Aleshireprocess_options() 85e27732d8SRic Aleshire{ 86e27732d8SRic Aleshire typeset opt optlist 87e27732d8SRic Aleshire 88e27732d8SRic Aleshire optlist='cdf' 89e27732d8SRic Aleshire 90e27732d8SRic Aleshire while getopts ":$optlist" opt 91e27732d8SRic Aleshire do 92e27732d8SRic Aleshire case $opt in 93e27732d8SRic Aleshire c) CREATEDEF=1 94e27732d8SRic Aleshire DISP=0 95e27732d8SRic Aleshire ;; 96e27732d8SRic Aleshire d) DESTROYZONES=1 97e27732d8SRic Aleshire DISP=0 98e27732d8SRic Aleshire ;; 99e27732d8SRic Aleshire f) FORCE=1 100e27732d8SRic Aleshire ;; 101e27732d8SRic Aleshire *) gettext "invalid option -$OPTARG\n" 102e27732d8SRic Aleshire usage 103e27732d8SRic Aleshire return 2 104e27732d8SRic Aleshire ;; 105e27732d8SRic Aleshire esac 106e27732d8SRic Aleshire done 107e27732d8SRic Aleshire 108e27732d8SRic Aleshire if [ $CREATEDEF -eq 1 -a $DESTROYZONES -eq 1 ] ; then 109e27732d8SRic Aleshire gettext "cannot combine options -c and -d\n" 110e27732d8SRic Aleshire usage 111e27732d8SRic Aleshire return 2 112e27732d8SRic Aleshire fi 113e27732d8SRic Aleshire if [ $CREATEDEF -eq 1 -a $FORCE -eq 1 ] ; then 114e27732d8SRic Aleshire gettext "option -f not allowed with -c\n" 115e27732d8SRic Aleshire usage 116e27732d8SRic Aleshire return 2 117e27732d8SRic Aleshire fi 118e27732d8SRic Aleshire if [ $FORCE -eq 1 -a $CREATEDEF -eq 0 -a $DESTROYZONES -eq 0 ] ; then 119e27732d8SRic Aleshire gettext "option -f specified without any other options\n" 120e27732d8SRic Aleshire usage 121e27732d8SRic Aleshire return 2 122e27732d8SRic Aleshire fi 123e27732d8SRic Aleshire 124e27732d8SRic Aleshire shift $((OPTIND - 1)) 125e27732d8SRic Aleshire if [ "x$1" != "x" ] ; then 126e27732d8SRic Aleshire usage 127e27732d8SRic Aleshire return 2 128e27732d8SRic Aleshire fi 129e27732d8SRic Aleshire 130e27732d8SRic Aleshire return 0 131e27732d8SRic Aleshire} 132e27732d8SRic Aleshire 133e27732d8SRic Aleshireusage() { 134e27732d8SRic Aleshire gettext "usage: $myname [-c | -d[f]]\n" 135e27732d8SRic Aleshire} 136e27732d8SRic Aleshire 137f875b4ebSricaconsoleCheck() { 138ead1f93eSLiane Praza if [ $zonename != global ] ; then 139ead1f93eSLiane Praza zconsole=$(pgrep -f "zlogin -C $zonename") 140f875b4ebSrica if [ $? != 0 ] ; then 141f875b4ebSrica console="Zone Console...\n" 142f875b4ebSrica fi 143ead1f93eSLiane Praza fi 144f875b4ebSrica} 145f875b4ebSrica 146f875b4ebSricalabelCheck() { 147ead1f93eSLiane Praza hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2); 148ead1f93eSLiane Praza if [[ $hexlabel ]] ; then 149f875b4ebSrica label= 150ead1f93eSLiane Praza if [ $zonename = global ] ; then 151ead1f93eSLiane Praza template="admin_low" 152ead1f93eSLiane Praza addcipsohost="Add Multilevel Access to Remote Host...\n" 153ead1f93eSLiane Praza removecipsohost="Remove Multilevel Access to Remote Host...\n" 154ead1f93eSLiane Praza setmlps="Configure Multilevel Ports...\n" 155ead1f93eSLiane Praza else 156ead1f93eSLiane Praza template=${zonename}_unlab 157ead1f93eSLiane Praza addcipsohost= 158ead1f93eSLiane Praza removecipsohost= 159ead1f93eSLiane Praza setmlps= 160ead1f93eSLiane Praza 161ead1f93eSLiane Praza net=$(zonecfg -z $zonename info net) 162ead1f93eSLiane Praza if [[ -n $net ]] ; then 163ead1f93eSLiane Praza setmlps="Configure Multilevel Ports...\n" 164ead1f93eSLiane Praza elif [ $zonestate = configured ] ; then 165ead1f93eSLiane Praza addnet="Configure Network Interfaces...\n" 166ead1f93eSLiane Praza fi 167ead1f93eSLiane Praza fi 168ead1f93eSLiane Praza addremotehost="Add Single-level Access to Remote Host...\n" 169ead1f93eSLiane Praza remotes=$(grep -v "^#" $TNRHDB|grep $template) 170ead1f93eSLiane Praza if [ $? = 0 ] ; then 171ead1f93eSLiane Praza removeremotehost="Remove Single-level Access to Remote Host...\n" 172ead1f93eSLiane Praza else 173ead1f93eSLiane Praza removeremotehost= 174ead1f93eSLiane Praza fi 175f875b4ebSrica else 176f875b4ebSrica label="Select Label...\n" 177ead1f93eSLiane Praza addremotehost= 178ead1f93eSLiane Praza removeremotehost= 179ead1f93eSLiane Praza addcipsohost= 180ead1f93eSLiane Praza removecipsohost= 181ead1f93eSLiane Praza setmlps= 182f875b4ebSrica fi 183f875b4ebSrica} 184f875b4ebSrica 185ead1f93eSLiane PrazacloneCheck() { 186ead1f93eSLiane Praza set -A zonelist 187ead1f93eSLiane Praza integer clone_cnt=0 188ead1f93eSLiane Praza for p in $(zoneadm list -ip) ; do 189ead1f93eSLiane Praza z=$(echo "$p"|cut -d : -f2) 190ead1f93eSLiane Praza s=$(echo "$p"|cut -d : -f3) 191ead1f93eSLiane Praza if [ $z = $zonename ] ; then 192ead1f93eSLiane Praza continue 193ead1f93eSLiane Praza elif [ $s = "installed" ] ; then 194ead1f93eSLiane Praza zonelist[clone_cnt]=$z 195ead1f93eSLiane Praza clone_cnt+=1 196f875b4ebSrica fi 197f875b4ebSrica done 198ead1f93eSLiane Praza if [ $clone_cnt -gt 0 ] ; then 199ead1f93eSLiane Praza clone="Clone...\n"; \ 200f875b4ebSrica fi 201f875b4ebSrica} 202f875b4ebSrica 203f875b4ebSricarelabelCheck() { 204ead1f93eSLiane Praza macstate=$(zonecfg -z $zonename info|grep win_mac_write) 205f875b4ebSrica if [[ -n $macstate ]] ; then 206f875b4ebSrica permitrelabel="Deny Relabeling\n" 207f875b4ebSrica else 208f875b4ebSrica permitrelabel="Permit Relabeling\n" 209f875b4ebSrica fi 210f875b4ebSrica} 211f875b4ebSrica 212ead1f93eSLiane PrazaautobootCheck() { 213ead1f93eSLiane Praza bootmode=$(zonecfg -z $zonename info autoboot) 214ead1f93eSLiane Praza if [[ $bootmode == 'autoboot: true' ]] ; then 215ead1f93eSLiane Praza autoboot="Set Manual Booting\n" 216ead1f93eSLiane Praza else 217ead1f93eSLiane Praza autoboot="Set Automatic Booting\n" 218ead1f93eSLiane Praza fi 219ead1f93eSLiane Praza} 220ead1f93eSLiane Praza 221ead1f93eSLiane PrazanewZone() { 222ead1f93eSLiane Praza if [[ ! -n $zonename ]] ; then 223ead1f93eSLiane Praza zonename=$(zenity --entry \ 224ead1f93eSLiane Praza --title="$title" \ 225ead1f93eSLiane Praza --width=330 \ 226ead1f93eSLiane Praza --entry-text="" \ 227ead1f93eSLiane Praza --text="Enter Zone Name: ") 228ead1f93eSLiane Praza 229ead1f93eSLiane Praza if [[ ! -n $zonename ]] ; then 230ead1f93eSLiane Praza zonename=global 231ead1f93eSLiane Praza return 232ead1f93eSLiane Praza fi 233ead1f93eSLiane Praza fi 234ead1f93eSLiane Praza zonecfg -z $zonename "create -t SUNWtsoldef;\ 235ead1f93eSLiane Praza set zonepath=/zone/$zonename" 236ead1f93eSLiane Praza} 237ead1f93eSLiane Praza 238ead1f93eSLiane PrazaremoveZoneBEs() { 239ead1f93eSLiane Praza delopt=$* 240ead1f93eSLiane Praza 241ead1f93eSLiane Praza zfs list -H $ZDSET/$zonename 1>/dev/null 2>&1 242ead1f93eSLiane Praza if [ $? = 0 ] ; then 243ead1f93eSLiane Praza for zbe in $(zfs list -rHo name $ZDSET/$zonename|grep ROOT/zbe) ; do 244ead1f93eSLiane Praza zfs destroy $delopt $zbe 245ead1f93eSLiane Praza done 246ead1f93eSLiane Praza fi 247ead1f93eSLiane Praza} 248ead1f93eSLiane Praza 249ead1f93eSLiane PrazaupdateTemplate () { 250ead1f93eSLiane Praza if [ $hostType = cipso ] ; then 251ead1f93eSLiane Praza template=${zonename}_cipso 252ead1f93eSLiane Praza deflabel= 253ead1f93eSLiane Praza else 254ead1f93eSLiane Praza template=${zonename}_unlab 255ead1f93eSLiane Praza deflabel="def_label=${hexlabel};" 256ead1f93eSLiane Praza fi 257ead1f93eSLiane Praza 258ead1f93eSLiane Praza tnzone=$(grep "^${template}:" $TNRHTP 2>/dev/null) 259ead1f93eSLiane Praza if [ $? -eq 0 ] ; then 260ead1f93eSLiane Praza sed -e "/^${template}/d" $TNRHTP > $TXTMP/tnrhtp.$$ 2>/dev/null 261ead1f93eSLiane Praza mv $TXTMP/tnrhtp.$$ $TNRHTP 262ead1f93eSLiane Praza fi 263ead1f93eSLiane Praza print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP 264ead1f93eSLiane Praza tnctl -t $template 265ead1f93eSLiane Praza} 266ead1f93eSLiane Praza 267ead1f93eSLiane PrazasetTNdata () { 268ead1f93eSLiane Praza tnzline="$zonename:${hexlabel}:0::" 269ead1f93eSLiane Praza grep "^$tnzline" $TNZONECFG 1>/dev/null 2>&1 270ead1f93eSLiane Praza if [ $? -eq 1 ] ; then 271ead1f93eSLiane Praza print "$tnzline" >> $TNZONECFG 272ead1f93eSLiane Praza fi 273ead1f93eSLiane Praza 274ead1f93eSLiane Praza # 275ead1f93eSLiane Praza # Add matching entries in tnrhtp if necessary 276ead1f93eSLiane Praza # 277ead1f93eSLiane Praza minlabel=admin_low 278ead1f93eSLiane Praza maxlabel=admin_high 279ead1f93eSLiane Praza hostType=cipso 280ead1f93eSLiane Praza updateTemplate 281ead1f93eSLiane Praza 282ead1f93eSLiane Praza hostType=unlabeled 283ead1f93eSLiane Praza updateTemplate 284ead1f93eSLiane Praza} 285ead1f93eSLiane Praza 286f875b4ebSricaselectLabel() { 287ead1f93eSLiane Praza hexlabel=$(tgnome-selectlabel \ 288f875b4ebSrica --title="$title" \ 289ead1f93eSLiane Praza --text="$msg_getlabel $zonename zone:" \ 290ead1f93eSLiane Praza --min="${DEFAULTLABEL}" \ 291ead1f93eSLiane Praza --default="${DEFAULTLABEL}" \ 292ead1f93eSLiane Praza --max=$(chk_encodings -X) \ 293ead1f93eSLiane Praza --accredcheck=yes \ 294ead1f93eSLiane Praza --mode=sensitivity \ 295ead1f93eSLiane Praza --format=internal) 296ead1f93eSLiane Praza if [ $? = 0 ] ; then 297ead1f93eSLiane Praza x=$(grep -i :{$hexlabel}: $TNZONECFG) 298ead1f93eSLiane Praza if [ $? = 0 ] ; then 299ead1f93eSLiane Praza z=$(print $x|cut -d : -f1) 300f875b4ebSrica x=$(zenity --error \ 301f875b4ebSrica --title="$title" \ 302ead1f93eSLiane Praza --text="$msg_inuse $z zone.") 303ead1f93eSLiane Praza else 304ead1f93eSLiane Praza setTNdata 305f875b4ebSrica fi 306f875b4ebSrica fi 307f875b4ebSrica} 308f875b4ebSrica 309ead1f93eSLiane PrazagetLabelRange() { 310ead1f93eSLiane Praza deflabel=$(hextoalabel $hexlabel) 311ead1f93eSLiane Praza minlabel=$(tgnome-selectlabel \ 31256dd2b45Sjparcel --title="$title" \ 313ead1f93eSLiane Praza --text="$msg_getmin $zonename zone:" \ 314ead1f93eSLiane Praza --min="${DEFAULTLABEL}" \ 315ead1f93eSLiane Praza --max="$deflabel" \ 316ead1f93eSLiane Praza --default="$hexlabel" \ 317ead1f93eSLiane Praza --accredcheck=no \ 318ead1f93eSLiane Praza --mode=sensitivity \ 319ead1f93eSLiane Praza --format=internal) 320ead1f93eSLiane Praza [ $? != 0 ] && return 321ead1f93eSLiane Praza 322ead1f93eSLiane Praza maxlabel=$(tgnome-selectlabel \ 323ead1f93eSLiane Praza --title="$title" \ 324ead1f93eSLiane Praza --text="$msg_getmax $zonename zone:" \ 325ead1f93eSLiane Praza --min="$deflabel" \ 326ead1f93eSLiane Praza --max=$(chk_encodings -X) \ 327ead1f93eSLiane Praza --default="$hexlabel" \ 328ead1f93eSLiane Praza --accredcheck=no \ 329ead1f93eSLiane Praza --mode=sensitivity \ 330ead1f93eSLiane Praza --format=internal) 331ead1f93eSLiane Praza [ $? != 0 ] && return 332ead1f93eSLiane Praza 333ead1f93eSLiane Praza hostType=cipso 334ead1f93eSLiane Praza updateTemplate 33556dd2b45Sjparcel} 33656dd2b45Sjparcel 3371e393761Sjpk 338ead1f93eSLiane PrazaencryptionValues() { 339ead1f93eSLiane Praza echo $(zfs get 2>&1 | grep encryption | sed -e s/^.*YES// -e s/\|//g) 340ead1f93eSLiane Praza} 341ead1f93eSLiane Praza 342ead1f93eSLiane PrazagetPassphrase() { 343ead1f93eSLiane Praza pass1=$(zenity --entry --title="$title" --text="Enter passphrase:" \ 344ead1f93eSLiane Praza --width=330 --hide-text) 345ead1f93eSLiane Praza pass2=$(zenity --entry --title="$title" --text="Re-enter passphrase:" \ 346ead1f93eSLiane Praza --width=330 --hide-text) 347ead1f93eSLiane Praza if [[ "$pass1" != "$pass2" ]]; then 348ead1f93eSLiane Praza zenity --error --title="$title" \ 349ead1f93eSLiane Praza --text="Passphrases do not match" 350ead1f93eSLiane Praza return "" 351ead1f93eSLiane Praza fi 352ead1f93eSLiane Praza file=$(mktemp) 353ead1f93eSLiane Praza echo "$pass1" > $file 354ead1f93eSLiane Praza echo "$file" 355ead1f93eSLiane Praza} 356ead1f93eSLiane Praza 357ead1f93eSLiane PrazacreateZDSET() { 358ead1f93eSLiane Praza options=$1 359ead1f93eSLiane Praza pool=${2%%/*} 360ead1f93eSLiane Praza 361ead1f93eSLiane Praza # First check if ZFS encrytption support is available 362ead1f93eSLiane Praza pversion=$(zpool list -H -o version $pool) 363ead1f93eSLiane Praza cversion=$(zpool upgrade -v | grep Crypto | awk '{ print $1 }') 364e27732d8SRic Aleshire if (( cversion == 0 || pversion < cversion )); then 365ead1f93eSLiane Praza zfs create $options $ZDSET 366ead1f93eSLiane Praza return 367ead1f93eSLiane Praza fi 368ead1f93eSLiane Praza 369ead1f93eSLiane Praza encryption=$(zenity --list --title="$title" --height=320 \ 370ead1f93eSLiane Praza --text="Select cipher for encryption of all labels:" \ 371ead1f93eSLiane Praza --column="encryption" $(encryptionValues)) 372ead1f93eSLiane Praza 373ead1f93eSLiane Praza if [[ $? != 0 || $encryption == "off" ]]; then 374ead1f93eSLiane Praza zfs create $options $ZDSET 375ead1f93eSLiane Praza return 376ead1f93eSLiane Praza fi 377ead1f93eSLiane Praza 378ead1f93eSLiane Praza format=$(zenity --list --title="$title" \ 379ead1f93eSLiane Praza --text "Select encryption key source:" \ 380ead1f93eSLiane Praza --column="Key format and location" \ 381ead1f93eSLiane Praza "Passphrase" "Generate Key in file") 382ead1f93eSLiane Praza [ $? != 0 ] && exit 383ead1f93eSLiane Praza 384ead1f93eSLiane Praza if [[ $format == "Passphrase" ]]; then 385ead1f93eSLiane Praza file=$(getPassphrase) 386ead1f93eSLiane Praza if [[ $file == "" ]]; then 387ead1f93eSLiane Praza exit 388ead1f93eSLiane Praza fi 389ead1f93eSLiane Praza keysource="passphrase,file://$file" 390ead1f93eSLiane Praza removefile=1; 391ead1f93eSLiane Praza elif [[ $format == "Generate Key in file" ]]; then 392ead1f93eSLiane Praza file=$(zenity --file-selection \ 393ead1f93eSLiane Praza --title="$title: Location of key file" \ 394ead1f93eSLiane Praza --save --confirm-overwrite) 395ead1f93eSLiane Praza [ $? != 0 ] && exit 396ead1f93eSLiane Praza if [[ $encryption == "on" ]]; then 397ead1f93eSLiane Praza keylen=128 39856dd2b45Sjparcel else 399ead1f93eSLiane Praza t=${encryption#aes-} && keylen=${t%%-*} 40056dd2b45Sjparcel fi 401ead1f93eSLiane Praza pktool genkey keystore=file keytype=aes \ 402ead1f93eSLiane Praza keylen=$keylen outkey=$file 403ead1f93eSLiane Praza keysource="raw,file:///$file" 404f875b4ebSrica fi 405ead1f93eSLiane Praza 406ead1f93eSLiane Praza options="$options -o encryption=$encryption -o keysource=$keysource" 407ead1f93eSLiane Praza zfs create $options $ZDSET 408e27732d8SRic Aleshire if (( removefile == 1 )); then 409ead1f93eSLiane Praza zfs set keysource=passphrase,prompt $ZDSET 410ead1f93eSLiane Praza rm $file 411f875b4ebSrica fi 412f875b4ebSrica} 413f875b4ebSrica 414f875b4ebSrica 415f875b4ebSricainitialize() { 416ead1f93eSLiane Praza zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4) 417ead1f93eSLiane Praza ZONE_ETC_DIR=$zonepath/root/etc 418f875b4ebSrica SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg 419f875b4ebSrica 420f875b4ebSrica if [ -f /var/ldap/ldap_client_file ] ; then 421ead1f93eSLiane Praza ldapaddress=$(ldapclient list | \ 422ead1f93eSLiane Praza grep "^NS_LDAP_SERVERS" | cut -d " " -f2) 423ead1f93eSLiane Praza print "name_service=LDAP {" > ${SYSIDCFG} 424ead1f93eSLiane Praza domain=$(domainname) 425ead1f93eSLiane Praza print "domain_name=$domain" >> ${SYSIDCFG} 426ead1f93eSLiane Praza profName=$(ldapclient list | \ 427ead1f93eSLiane Praza grep "^NS_LDAP_PROFILE" | cut -d " " -f2) 428ead1f93eSLiane Praza proxyPwd=$(ldapclient list | \ 429ead1f93eSLiane Praza grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2) 430ead1f93eSLiane Praza proxyDN=$(ldapclient list | \ 431ead1f93eSLiane Praza grep "^NS_LDAP_BINDDN" | cut -d " " -f 2) 432f875b4ebSrica if [ "$proxyDN" ] ; then 433ead1f93eSLiane Praza print "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG} 434ead1f93eSLiane Praza print "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG} 435f875b4ebSrica fi 436ead1f93eSLiane Praza print "profile=$profName" >> ${SYSIDCFG} 437ead1f93eSLiane Praza print "profile_server=$ldapaddress }" >> ${SYSIDCFG} 438f875b4ebSrica cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap 439f875b4ebSrica else 440ead1f93eSLiane Praza print "name_service=NONE" > ${SYSIDCFG} 44156dd2b45Sjparcel fi 442ead1f93eSLiane Praza print "security_policy=NONE" >> ${SYSIDCFG} 443ead1f93eSLiane Praza locale=$(locale|grep LANG | cut -d "=" -f2) 444f875b4ebSrica if [[ -z $locale ]] ; then 445f875b4ebSrica locale="C" 446f875b4ebSrica fi 447ead1f93eSLiane Praza print "system_locale=$locale" >> ${SYSIDCFG} 448*052519c2SGarrett D'Amore timezone=$(grep "^TZ" /etc/default/init|cut -d "=" -f2) 449ead1f93eSLiane Praza print "timezone=$timezone" >> ${SYSIDCFG} 450ead1f93eSLiane Praza print "terminal=vt100" >> ${SYSIDCFG} 451ead1f93eSLiane Praza rootpwd=$(grep "^root:" /etc/shadow|cut -d : -f2) 452a8449b6bSGlenn Faden 453a8449b6bSGlenn Faden# There are two problems with setting the root password: 454a8449b6bSGlenn Faden# The zone's shadow file may be read-only 455a8449b6bSGlenn Faden# The password contains unparsable characters 456a8449b6bSGlenn Faden# so the following line is commented out until this is resolved. 457a8449b6bSGlenn Faden 458ead1f93eSLiane Praza #print "root_password=$rootpwd" >> ${SYSIDCFG} 459ead1f93eSLiane Praza print "nfs4_domain=dynamic" >> ${SYSIDCFG} 460ead1f93eSLiane Praza print "network_interface=PRIMARY {" >> ${SYSIDCFG} 461ead1f93eSLiane Praza 462ead1f93eSLiane Praza net=$(zonecfg -z $zonename info net) 463ead1f93eSLiane Praza ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2) 464ead1f93eSLiane Praza if [ $ipType = exclusive ] ; then 465ead1f93eSLiane Praza hostname=$(zenity --entry \ 466ead1f93eSLiane Praza --title="$title" \ 467ead1f93eSLiane Praza --width=330 \ 468ead1f93eSLiane Praza --text="${zonename}0: Enter Hostname or dhcp: ") 469ead1f93eSLiane Praza [ $? != 0 ] && return 470ead1f93eSLiane Praza 471ead1f93eSLiane Praza if [ $hostname = dhcp ] ; then 472ead1f93eSLiane Praza print "dhcp" >> ${SYSIDCFG} 473ead1f93eSLiane Praza else 474ead1f93eSLiane Praza print "hostname=$hostname" >> ${SYSIDCFG} 475ead1f93eSLiane Praza ipaddr=$(getent hosts $hostname|cut -f1) 476ead1f93eSLiane Praza if [ $? != 0 ] ; then 477ead1f93eSLiane Praza ipaddr=$(zenity --entry \ 478ead1f93eSLiane Praza --title="$title" \ 479ead1f93eSLiane Praza --text="$nic: Enter IP address: " \ 480ead1f93eSLiane Praza --entry-text a.b.c.d) 481ead1f93eSLiane Praza [ $? != 0 ] && return 482ead1f93eSLiane Praza 483ead1f93eSLiane Praza validateIPaddr 484ead1f93eSLiane Praza if [[ -z $ipaddr ]] ; then 485ead1f93eSLiane Praza return 486ead1f93eSLiane Praza fi 487ead1f93eSLiane Praza fi 488ead1f93eSLiane Praza print "ip_address=$ipaddr" >> ${SYSIDCFG} 489ead1f93eSLiane Praza getNetmask 490ead1f93eSLiane Praza print "netmask=$nm" >> ${SYSIDCFG} 491ead1f93eSLiane Praza print "default_route=none" >> ${SYSIDCFG} 492ead1f93eSLiane Praza template=${zonename}_cipso 493ead1f93eSLiane Praza cidr=32 494ead1f93eSLiane Praza updateTnrhdb 495ead1f93eSLiane Praza fi 496ead1f93eSLiane Praza elif [[ -n $net ]] ; then 497ead1f93eSLiane Praza hostname=$(hostname) 498ead1f93eSLiane Praza hostname=$(zenity --entry \ 499ead1f93eSLiane Praza --title="$title" \ 500ead1f93eSLiane Praza --width=330 \ 501ead1f93eSLiane Praza --text="Enter Hostname: " \ 502ead1f93eSLiane Praza --entry-text $hostname) 503ead1f93eSLiane Praza [ $? != 0 ] && return 504ead1f93eSLiane Praza 505ead1f93eSLiane Praza print "hostname=$hostname" >> ${SYSIDCFG} 506ead1f93eSLiane Praza ipaddr=$(getent hosts $hostname|cut -f1) 507ead1f93eSLiane Praza if [ $? = 0 ] ; then 508ead1f93eSLiane Praza print "ip_address=$ipaddr" >> ${SYSIDCFG} 509ead1f93eSLiane Praza fi 510ead1f93eSLiane Praza else 511ead1f93eSLiane Praza getAllZoneNICs 512ead1f93eSLiane Praza for i in ${aznics[*]} ; do 513ead1f93eSLiane Praza ipaddr=$(ifconfig $i|grep inet|cut -d " " -f2) 514ead1f93eSLiane Praza done 515ead1f93eSLiane Praza print "hostname=$(hostname)" >> ${SYSIDCFG} 516ead1f93eSLiane Praza print "ip_address=$ipaddr" >> ${SYSIDCFG} 517ead1f93eSLiane Praza fi 518ead1f93eSLiane Praza 519ead1f93eSLiane Praza print "protocol_ipv6=no }" >> ${SYSIDCFG} 520f875b4ebSrica cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs 521f875b4ebSrica touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain 522ead1f93eSLiane Praza} 523ead1f93eSLiane Praza 524ead1f93eSLiane Prazaclone() { 525ead1f93eSLiane Praza image=$1 526ead1f93eSLiane Praza if [[ -z $image ]] ; then 527ead1f93eSLiane Praza msg_clone=$(gettext "Clone the $zonename zone using a 528ead1f93eSLiane Prazasnapshot of one of the following halted zones:") 529ead1f93eSLiane Praza image=$(zenity --list \ 530ead1f93eSLiane Praza --title="$title" \ 531ead1f93eSLiane Praza --text="$msg_clone" \ 532ead1f93eSLiane Praza --height=300 \ 533ead1f93eSLiane Praza --width=330 \ 534ead1f93eSLiane Praza --column="Installed Zones" ${zonelist[*]}) 535ead1f93eSLiane Praza fi 536ead1f93eSLiane Praza 537ead1f93eSLiane Praza if [[ -n $image ]] ; then 538ead1f93eSLiane Praza removeZoneBEs 539ead1f93eSLiane Praza zoneadm -z $zonename clone $image 540ead1f93eSLiane Praza 541ead1f93eSLiane Praza if [ $NSCD_PER_LABEL = 0 ] ; then 542a8449b6bSGlenn Faden sharePasswd $zonename 543ead1f93eSLiane Praza else 544a8449b6bSGlenn Faden unsharePasswd $zonename 545ead1f93eSLiane Praza fi 546a8449b6bSGlenn Faden 547ead1f93eSLiane Praza ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2) 548ead1f93eSLiane Praza if [ $ipType = exclusive ] ; then 549ead1f93eSLiane Praza zoneadm -z $zonename ready 550ead1f93eSLiane Praza zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4) 551ead1f93eSLiane Praza sys-unconfig -R $zonepath/root 2>/dev/null 552ead1f93eSLiane Praza initialize 553ead1f93eSLiane Praza zoneadm -z $zonename halt 554ead1f93eSLiane Praza fi 55556dd2b45Sjparcel fi 556f875b4ebSrica} 557f875b4ebSrica 558f875b4ebSricainstall() { 559ead1f93eSLiane Praza removeZoneBEs 560e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 561e27732d8SRic Aleshire gettext "installing zone $zonename ...\n" 562e27732d8SRic Aleshire zoneadm -z $zonename install 563e27732d8SRic Aleshire else 564e27732d8SRic Aleshire # sleep is needed here to avoid occasional timing 565e27732d8SRic Aleshire # problem with gnome-terminal display... 566e27732d8SRic Aleshire sleep 2 567ead1f93eSLiane Praza gnome-terminal \ 568f875b4ebSrica --title="$title: Installing $zonename zone" \ 569f875b4ebSrica --command "zoneadm -z $zonename install" \ 57056dd2b45Sjparcel --disable-factory \ 571f875b4ebSrica --hide-menubar 572e27732d8SRic Aleshire fi 573e27732d8SRic Aleshire 574e27732d8SRic Aleshire zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3) 575e27732d8SRic Aleshire if [ $zonestate != installed ] ; then 576e27732d8SRic Aleshire gettext "error installing zone $zonename.\n" 577e27732d8SRic Aleshire return 1 578e27732d8SRic Aleshire fi 579f875b4ebSrica 5803492b163SRic Aleshire if [ $NSCD_PER_LABEL = 0 ] ; then 5813492b163SRic Aleshire sharePasswd $zonename 5823492b163SRic Aleshire else 5833492b163SRic Aleshire unsharePasswd $zonename 5843492b163SRic Aleshire fi 5853492b163SRic Aleshire 586abddfefbSRic Aleshire zoneadm -z $zonename ready 587e27732d8SRic Aleshire zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3) 588e27732d8SRic Aleshire if [ $zonestate != ready ] ; then 589e27732d8SRic Aleshire gettext "error making zone $zonename ready.\n" 590e27732d8SRic Aleshire return 1 591e27732d8SRic Aleshire fi 592e27732d8SRic Aleshire 593f875b4ebSrica initialize 594abddfefbSRic Aleshire zoneadm -z $zonename halt 595f875b4ebSrica} 596f875b4ebSrica 597f875b4ebSricadelete() { 598ead1f93eSLiane Praza delopt=$* 599ead1f93eSLiane Praza 600f875b4ebSrica # if there is an entry for this zone in tnzonecfg, remove it 601f875b4ebSrica # before deleting the zone. 602f875b4ebSrica 603ead1f93eSLiane Praza tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null) 604f875b4ebSrica if [ -n "${tnzone}" ] ; then 605ead1f93eSLiane Praza sed -e "/^$zonename:/d" $TNZONECFG > \ 606ead1f93eSLiane Praza $TXTMP/tnzonefg.$$ 2>/dev/null 607ead1f93eSLiane Praza mv $TXTMP/tnzonefg.$$ $TNZONECFG 608f875b4ebSrica fi 609f875b4ebSrica 610ead1f93eSLiane Praza for tnzone in $(grep ":${zonename}_unlab" $TNRHDB 2>/dev/null) ; do 611ead1f93eSLiane Praza tnctl -dh "$tnzone" 612ead1f93eSLiane Praza sed -e "/:${zonename}_unlab/d" $TNRHDB > \ 613ead1f93eSLiane Praza $TXTMP/tnrhdb.$$ 2>/dev/null 614ead1f93eSLiane Praza mv $TXTMP/tnrhdb.$$ $TNRHDB 615f875b4ebSrica done 616f875b4ebSrica 617ead1f93eSLiane Praza for tnzone in $(grep "^${zonename}_unlab:" $TNRHTP 2>/dev/null) ; do 618ead1f93eSLiane Praza tnctl -dt ${zonename}_unlab 619ead1f93eSLiane Praza sed -e "/^${zonename}_unlab:/d" $TNRHTP > \ 620ead1f93eSLiane Praza $TXTMP/tnrhtp.$$ 2>/dev/null 621ead1f93eSLiane Praza mv $TXTMP/tnrhtp.$$ $TNRHTP 622ead1f93eSLiane Praza done 623ead1f93eSLiane Praza 624ead1f93eSLiane Praza for tnzone in $(grep ":${zonename}_cipso" $TNRHDB 2>/dev/null) ; do 625ead1f93eSLiane Praza tnctl -dh "$tnzone" 626ead1f93eSLiane Praza sed -e "/:${zonename}_cipso/d" $TNRHDB > \ 627ead1f93eSLiane Praza $TXTMP/tnrhdb.$$ 2>/dev/null 628ead1f93eSLiane Praza mv $TXTMP/tnrhdb.$$ $TNRHDB 629ead1f93eSLiane Praza done 630ead1f93eSLiane Praza 631ead1f93eSLiane Praza for tnzone in $(grep "^${zonename}_cipso:" $TNRHTP 2>/dev/null) ; do 632ead1f93eSLiane Praza tnctl -dt ${zonename}_cipso 633ead1f93eSLiane Praza sed -e "/^${zonename}_cipso:/d" $TNRHTP > \ 634ead1f93eSLiane Praza $TXTMP/tnrhtp.$$ 2>/dev/null 635ead1f93eSLiane Praza mv $TXTMP/tnrhtp.$$ $TNRHTP 636ead1f93eSLiane Praza done 637ead1f93eSLiane Praza 638ead1f93eSLiane Praza zonecfg -z $zonename delete -F 639ead1f93eSLiane Praza 640ead1f93eSLiane Praza removeZoneBEs $delopt 641ead1f93eSLiane Praza for snap in $(zfs list -Ho name -t snapshot|grep "\@${zonename}_snap") ; do 642ead1f93eSLiane Praza zfs destroy -R $snap 643ead1f93eSLiane Praza done 644ead1f93eSLiane Praza} 645ead1f93eSLiane Praza 646ead1f93eSLiane PrazavalidateIPaddr () { 647ead1f93eSLiane Praza OLDIFS=$IFS 648ead1f93eSLiane Praza IFS=. 649ead1f93eSLiane Praza integer octet_cnt=0 650ead1f93eSLiane Praza integer dummy 651ead1f93eSLiane Praza set -A octets $ipaddr 652ead1f93eSLiane Praza IFS=$OLDIFS 653ead1f93eSLiane Praza if [ ${#octets[*]} == 4 ] ; then 654ead1f93eSLiane Praza while (( octet_cnt < ${#octets[*]} )); do 655ead1f93eSLiane Praza dummy=${octets[octet_cnt]} 656ead1f93eSLiane Praza if [ $dummy = ${octets[octet_cnt]} ] ; then 657e27732d8SRic Aleshire if (( dummy >= 0 && \ 658e27732d8SRic Aleshire dummy < 256 )) ; then 659ead1f93eSLiane Praza octet_cnt+=1 660ead1f93eSLiane Praza continue 661ead1f93eSLiane Praza fi 662a8449b6bSGlenn Faden else 663ead1f93eSLiane Praza x=$(zenity --error \ 664f875b4ebSrica --title="$title" \ 665ead1f93eSLiane Praza --text="$ipaddr $msg_badip") 666ead1f93eSLiane Praza ipaddr= 667ead1f93eSLiane Praza return 668a8449b6bSGlenn Faden fi 669ead1f93eSLiane Praza done 670ead1f93eSLiane Praza else 671ead1f93eSLiane Praza x=$(zenity --error \ 672ead1f93eSLiane Praza --title="$title" \ 673ead1f93eSLiane Praza --text="$ipaddr $msg_badip") 674ead1f93eSLiane Praza ipaddr= 675ead1f93eSLiane Praza fi 676ead1f93eSLiane Praza} 677ead1f93eSLiane Praza 678ead1f93eSLiane PrazagetAllZoneNICs(){ 679ead1f93eSLiane Praza integer count=0 680ead1f93eSLiane Praza for i in $(ifconfig -a4|grep "^[a-z].*:") 681ead1f93eSLiane Praza do 682ead1f93eSLiane Praza print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 683ead1f93eSLiane Praza [ $? -eq 1 ] && continue 684ead1f93eSLiane Praza 685ead1f93eSLiane Praza i=${i%:} # Remove colon after interface name 686ead1f93eSLiane Praza for j in $(ifconfig $i) 687ead1f93eSLiane Praza do 688ead1f93eSLiane Praza case $j in 689ead1f93eSLiane Praza all-zones) 690ead1f93eSLiane Praza aznics[count]=$i 691ead1f93eSLiane Praza count+=1 692ead1f93eSLiane Praza ;; 693ead1f93eSLiane Praza esac 694ead1f93eSLiane Praza done 695ead1f93eSLiane Praza done 696f875b4ebSrica} 697f875b4ebSrica 698f875b4ebSricagetNetmask() { 699f875b4ebSrica cidr= 700f875b4ebSrica nm=$(zenity --entry \ 701f875b4ebSrica --title="$title" \ 702ead1f93eSLiane Praza --width=330 \ 703f875b4ebSrica --text="$ipaddr: Enter netmask: " \ 704f875b4ebSrica --entry-text 255.255.255.0) 705ead1f93eSLiane Praza [ $? != 0 ] && return; 706f875b4ebSrica 707ead1f93eSLiane Praza cidr=$(perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm) 708f875b4ebSrica} 709f875b4ebSrica 710f875b4ebSricaaddNet() { 711f875b4ebSrica getIPaddr 712f875b4ebSrica if [[ -z $ipaddr ]] ; then 713f875b4ebSrica return; 714f875b4ebSrica fi 715f875b4ebSrica getNetmask 716f875b4ebSrica if [[ -z $cidr ]] ; then 717f875b4ebSrica return; 718f875b4ebSrica fi 719ead1f93eSLiane Praza zonecfg -z $zonename "add net; \ 720ead1f93eSLiane Praza set address=${ipaddr}/${cidr}; \ 721ead1f93eSLiane Praza set physical=$nic; \ 722ead1f93eSLiane Praza end" 723ead1f93eSLiane Praza template=${zonename}_cipso 724ead1f93eSLiane Praza cidr=32 725ead1f93eSLiane Praza updateTnrhdb 726f875b4ebSrica} 727f875b4ebSrica 728f875b4ebSricagetAttrs() { 729f875b4ebSrica zone=global 730f875b4ebSrica type=ignore 731ead1f93eSLiane Praza for j in $(ifconfig $nic) 732f875b4ebSrica do 733f875b4ebSrica case $j in 734f875b4ebSrica inet) type=$j;; 735f875b4ebSrica zone) type=$j;; 736f875b4ebSrica all-zones) zone=all-zones;; 737f875b4ebSrica flags*) flags=$j;; 738f875b4ebSrica *) case $type in 739f875b4ebSrica inet) ipaddr=$j ;; 740f875b4ebSrica zone) zone=$j ;; 741f875b4ebSrica *) continue ;; 742ead1f93eSLiane Praza esac; 743f875b4ebSrica type=ignore;; 744f875b4ebSrica esac 745f875b4ebSrica done 746ead1f93eSLiane Praza if [[ $flags == ~(E).UP, ]] ; then 747ead1f93eSLiane Praza updown=Up 748ead1f93eSLiane Praza else 749ead1f93eSLiane Praza updown=Down 750ead1f93eSLiane Praza fi 751ead1f93eSLiane Praza if [[ $nic == ~(E).: ]] ; then 752ead1f93eSLiane Praza linktype=logical 753ead1f93eSLiane Praza else 754ead1f93eSLiane Praza vnic=$(dladm show-vnic -po link $nic 2>/dev/null) 755ead1f93eSLiane Praza if [[ -n $vnic ]] ; then 756ead1f93eSLiane Praza linktype=virtual 757ead1f93eSLiane Praza else 758ead1f93eSLiane Praza linktype=physical 759ead1f93eSLiane Praza fi 760ead1f93eSLiane Praza fi 761f875b4ebSrica if [ $ipaddr != 0.0.0.0 ] ; then 762ead1f93eSLiane Praza x=$(grep "^${ipaddr}[^0-9]" $TNRHDB) 763ead1f93eSLiane Praza if [ $? = 1 ] ; then 764ead1f93eSLiane Praza template=cipso 765ead1f93eSLiane Praza cidr=32 766ead1f93eSLiane Praza updateTnrhdb 767ead1f93eSLiane Praza else 768ead1f93eSLiane Praza template=$(print "$x"|cut -d : -f2) 769ead1f93eSLiane Praza fi 770f875b4ebSrica else 771f875b4ebSrica template="..." 772f875b4ebSrica ipaddr="..." 773f875b4ebSrica fi 774f875b4ebSrica} 775ead1f93eSLiane PrazadeleteTnrhdbEntry() { 776ead1f93eSLiane Praza remote=$(grep "^${ipaddr}[^0-9]" $TNRHDB) 777ead1f93eSLiane Praza if [ $? = 0 ] ; then 778ead1f93eSLiane Praza ip=$(print $remote|cut -d "/" -f1) 779ead1f93eSLiane Praza if [[ $remote == ~(E)./ ]] ; then 780ead1f93eSLiane Praza pr=$(print $remote|cut -d "/" -f2) 781ead1f93eSLiane Praza remote="$ip\\/$pr" 782ead1f93eSLiane Praza fi 783ead1f93eSLiane Praza sed -e "/^${remote}/d" $TNRHDB > /tmp/tnrhdb.$$ 2>/dev/null 784ead1f93eSLiane Praza mv /tmp/tnrhdb.$$ $TNRHDB 785ead1f93eSLiane Praza fi 786ead1f93eSLiane Praza} 787f875b4ebSrica 788f875b4ebSricaupdateTnrhdb() { 789ead1f93eSLiane Praza deleteTnrhdbEntry 790ead1f93eSLiane Praza if [[ -n $cidr ]] ; then 791ead1f93eSLiane Praza print "${ipaddr}/$cidr:$template" >> $TNRHDB 792ead1f93eSLiane Praza tnctl -h ${ipaddr}/$cidr:$template 793f875b4ebSrica else 794ead1f93eSLiane Praza print "${ipaddr}:$template" >> $TNRHDB 795ead1f93eSLiane Praza tnctl -h ${ipaddr}:$template 796f875b4ebSrica fi 797f875b4ebSrica} 798f875b4ebSrica 799f875b4ebSricagetIPaddr() { 800f875b4ebSrica hostname=$(zenity --entry \ 801f875b4ebSrica --title="$title" \ 802ead1f93eSLiane Praza --width=330 \ 803ead1f93eSLiane Praza --text="$nic: Enter Hostname: ") 804f875b4ebSrica 805ead1f93eSLiane Praza [ $? != 0 ] && return 806f875b4ebSrica 807ead1f93eSLiane Praza ipaddr=$(getent hosts $hostname|cut -f1) 808f875b4ebSrica if [[ -z $ipaddr ]] ; then 809f875b4ebSrica ipaddr=$(zenity --entry \ 810f875b4ebSrica --title="$title" \ 811f875b4ebSrica --text="$nic: Enter IP address: " \ 812f875b4ebSrica --entry-text a.b.c.d) 813ead1f93eSLiane Praza [ $? != 0 ] && return 814ead1f93eSLiane Praza validateIPaddr 815f875b4ebSrica fi 816f875b4ebSrica 817f875b4ebSrica} 818f875b4ebSrica 819f875b4ebSricaaddHost() { 820ead1f93eSLiane Praza # Update hosts 821f875b4ebSrica if [[ -z $ipaddr ]] ; then 822f875b4ebSrica return; 823f875b4ebSrica fi 824f875b4ebSrica grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null 825f875b4ebSrica if [ $? -eq 1 ] ; then 826ead1f93eSLiane Praza print "$ipaddr\t$hostname" >> /etc/inet/hosts 827f875b4ebSrica fi 828f875b4ebSrica 829f875b4ebSrica template=cipso 830ead1f93eSLiane Praza cidr=32 831f875b4ebSrica updateTnrhdb 832f875b4ebSrica 833f875b4ebSrica ifconfig $nic $ipaddr netmask + broadcast + 834ead1f93eSLiane Praza # 835ead1f93eSLiane Praza # TODO: better integration with nwam 836ead1f93eSLiane Praza # TODO: get/set netmask for IP address 837ead1f93eSLiane Praza # 838ead1f93eSLiane Praza print $hostname > /etc/hostname.$nic 839f875b4ebSrica} 840f875b4ebSrica 841f875b4ebSricacreateInterface() { 842ead1f93eSLiane Praza msg=$(ifconfig $nic addif 0.0.0.0) 843f875b4ebSrica $(zenity --info \ 844f875b4ebSrica --title="$title" \ 845f875b4ebSrica --text="$msg" ) 846ead1f93eSLiane Praza nic=$(print "$msg"|cut -d" " -f5) 847ead1f93eSLiane Praza 848ead1f93eSLiane Praza} 849ead1f93eSLiane Praza 850ead1f93eSLiane PrazacreateVNIC() { 851ead1f93eSLiane Praza if [ $zonename != global ] ; then 852ead1f93eSLiane Praza vnicname=${zonename}0 853ead1f93eSLiane Praza else 854ead1f93eSLiane Praza vnicname=$(zenity --entry \ 855ead1f93eSLiane Praza --title="$title" \ 856ead1f93eSLiane Praza --width=330 \ 857ead1f93eSLiane Praza --entry-text="" \ 858ead1f93eSLiane Praza --text="Enter VNIC Name: ") 859ead1f93eSLiane Praza 860ead1f93eSLiane Praza if [[ ! -n $vnicname ]] ; then 861ead1f93eSLiane Praza return 862ead1f93eSLiane Praza fi 863ead1f93eSLiane Praza fi 864ead1f93eSLiane Praza x=$(dladm show-vnic|grep "^$vnicname " ) 865ead1f93eSLiane Praza if [[ ! -n $x ]] ; then 866ead1f93eSLiane Praza dladm create-vnic -l $nic $vnicname 867ead1f93eSLiane Praza fi 868ead1f93eSLiane Praza if [ $zonename = global ] ; then 869ead1f93eSLiane Praza ifconfig $vnicname plumb 870ead1f93eSLiane Praza else 871ead1f93eSLiane Praza zonecfg -z $zonename "add net; \ 872ead1f93eSLiane Praza set physical=$vnicname; \ 873ead1f93eSLiane Praza end" 874ead1f93eSLiane Praza fi 875ead1f93eSLiane Praza nic=$vnicname 876f875b4ebSrica} 877f875b4ebSrica 878f875b4ebSricashareInterface() { 879ead1f93eSLiane Praza # 880ead1f93eSLiane Praza # TODO: better integration with nwam 881ead1f93eSLiane Praza # 882f875b4ebSrica ifconfig $nic all-zones;\ 883f875b4ebSrica if_file=/etc/hostname.$nic 884ead1f93eSLiane Praza sed q | sed -e "s/$/ all-zones/" < $if_file >$TXTMP/txnetmgr.$$ 885ead1f93eSLiane Praza mv $TXTMP/txnetmgr.$$ $if_file 886f875b4ebSrica} 887f875b4ebSrica 888a8449b6bSGlenn FadenunshareInterface() { 889a8449b6bSGlenn Faden # 890a8449b6bSGlenn Faden # TODO: better integration with nwam 891a8449b6bSGlenn Faden # 892a8449b6bSGlenn Faden ifconfig $nic -zone;\ 893a8449b6bSGlenn Faden if_file=/etc/hostname.$nic 894a8449b6bSGlenn Faden sed q | sed -e "s/all-zones/ /" < $if_file >$TXTMP/txnetmgr.$$ 895a8449b6bSGlenn Faden mv $TXTMP/txnetmgr.$$ $if_file 896a8449b6bSGlenn Faden} 897a8449b6bSGlenn Faden 898ead1f93eSLiane PrazaaddTnrhdb() { 899ead1f93eSLiane Praza ipaddr=$(zenity --entry \ 900ead1f93eSLiane Praza --title="$title" \ 901ead1f93eSLiane Praza --width=330 \ 902ead1f93eSLiane Praza --text="Zone:$zonename. Enter IP address of remote host or network: " \ 903ead1f93eSLiane Praza --entry-text a.b.c.d) 904ead1f93eSLiane Praza [ $? != 0 ] && return 905ead1f93eSLiane Praza validateIPaddr 906ead1f93eSLiane Praza if [[ -z $ipaddr ]] ; then 907ead1f93eSLiane Praza return; 908ead1f93eSLiane Praza fi 909ead1f93eSLiane Praza if [ ${octets[3]} = 0 ] ; then 910ead1f93eSLiane Praza nic="$ipaddr" 911ead1f93eSLiane Praza getNetmask 912ead1f93eSLiane Praza if [[ -z $cidr ]] ; then 913ead1f93eSLiane Praza return; 914ead1f93eSLiane Praza fi 915ead1f93eSLiane Praza else 916ead1f93eSLiane Praza cidr=32 917ead1f93eSLiane Praza fi 918ead1f93eSLiane Praza print "${ipaddr}/$cidr:$template" > $TXTMP/tnrhdb_new.$$ 919ead1f93eSLiane Praza x=$(tnchkdb -h $TXTMP/tnrhdb_new.$$ 2>$TXTMP/syntax_error.$$) 920ead1f93eSLiane Praza if [ $? = 0 ] ; then 921ead1f93eSLiane Praza updateTnrhdb 922ead1f93eSLiane Praza else 923ead1f93eSLiane Praza syntax=$(cat $TXTMP/syntax_error.$$) 924ead1f93eSLiane Praza x=$(zenity --error \ 925ead1f93eSLiane Praza --title="$title" \ 926ead1f93eSLiane Praza --text="$syntax") 927ead1f93eSLiane Praza fi 928ead1f93eSLiane Praza rm $TXTMP/tnrhdb_new.$$ 929ead1f93eSLiane Praza rm $TXTMP/syntax_error.$$ 930f875b4ebSrica} 931f875b4ebSrica 932ead1f93eSLiane PrazaremoveTnrhdb() { 933ead1f93eSLiane Praza while (( 1 )) do 934ead1f93eSLiane Praza remotes=$(grep "^[^#][0-9.]" $TNRHDB|grep ":$template"|cut -d : -f1-2|tr : " ") 935ead1f93eSLiane Praza if [ $template = cipso ] ; then 936ead1f93eSLiane Praza templateHeading="from All Zones": 937ead1f93eSLiane Praza else 938ead1f93eSLiane Praza templateHeading="from this Zone": 939ead1f93eSLiane Praza fi 940ead1f93eSLiane Praza if [[ -n $remotes ]] ; then 941ead1f93eSLiane Praza ipaddr=$(zenity --list \ 942ead1f93eSLiane Praza --title="$title" \ 943ead1f93eSLiane Praza --text="$msg_getremote" \ 944ead1f93eSLiane Praza --height=250 \ 945ead1f93eSLiane Praza --width=300 \ 946ead1f93eSLiane Praza --column="Remove Access to:" \ 947ead1f93eSLiane Praza --column="$templateHeading" \ 948ead1f93eSLiane Praza $remotes) 949ead1f93eSLiane Praza 950ead1f93eSLiane Praza if [[ -n $ipaddr ]] ; then 951ead1f93eSLiane Praza deleteTnrhdbEntry 952ead1f93eSLiane Praza tnctl -dh ${ip}:$template 953ead1f93eSLiane Praza else 954ead1f93eSLiane Praza return 955ead1f93eSLiane Praza fi 956ead1f93eSLiane Praza else 957ead1f93eSLiane Praza return 958ead1f93eSLiane Praza fi 959ead1f93eSLiane Praza done 960ead1f93eSLiane Praza} 961ead1f93eSLiane Praza 962ead1f93eSLiane PrazasetMLPs() { 963ead1f93eSLiane Praza tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null) 964ead1f93eSLiane Praza zoneMLPs=:$(print "$tnzone"|cut -d : -f4) 965ead1f93eSLiane Praza sharedMLPs=:$(print "$tnzone"|cut -d : -f5) 966ead1f93eSLiane Praza attrs="Private Interfaces$zoneMLPs\nShared Interfaces$sharedMLPs" 967ead1f93eSLiane Praza ports=$(print "$attrs"|zenity --list \ 968ead1f93eSLiane Praza --title="$title" \ 969ead1f93eSLiane Praza --height=200 \ 970ead1f93eSLiane Praza --width=450 \ 971ead1f93eSLiane Praza --text="Zone: $zonename\nClick once to select, twice to edit.\nShift-click to select both rows." \ 972ead1f93eSLiane Praza --column="Multilevel Ports (example: 80-81/tcp;111/udp;)" \ 973ead1f93eSLiane Praza --editable \ 974ead1f93eSLiane Praza --multiple 975ead1f93eSLiane Praza ) 976ead1f93eSLiane Praza 977ead1f93eSLiane Praza if [[ -z $ports ]] ; then 978ead1f93eSLiane Praza return 979ead1f93eSLiane Praza fi 980ead1f93eSLiane Praza 981ead1f93eSLiane Praza # getopts needs another a blank and another dash 982ead1f93eSLiane Praza ports=--$(print "$ports"|sed 's/ //g'|sed 's/|/ --/g'|sed 's/Interfaces:/ :/g') 983ead1f93eSLiane Praza 984ead1f93eSLiane Praza OPTIND=1 985ead1f93eSLiane Praza while getopts "z:(Private)s:(Shared)" opt $ports ; do 986ead1f93eSLiane Praza case $opt in 987ead1f93eSLiane Praza z) zoneMLPs=$OPTARG ;; 988ead1f93eSLiane Praza s) sharedMLPs=$OPTARG ;; 989ead1f93eSLiane Praza esac 990ead1f93eSLiane Praza done 991ead1f93eSLiane Praza 992ead1f93eSLiane Praza sed -e "/^$zonename:*/d" $TNZONECFG > $TXTMP/tnzonecfg.$$ 2>/dev/null 993ead1f93eSLiane Praza tnzone=$(print "$tnzone"|cut -d : -f1-3) 994ead1f93eSLiane Praza echo "${tnzone}${zoneMLPs}${sharedMLPs}" >> $TXTMP/tnzonecfg.$$ 995ead1f93eSLiane Praza 996ead1f93eSLiane Praza x=$(tnchkdb -z $TXTMP/tnzonecfg.$$ 2>$TXTMP/syntax_error.$$) 997ead1f93eSLiane Praza 998ead1f93eSLiane Praza if [ $? = 0 ] ; then 999ead1f93eSLiane Praza mv $TXTMP/tnzonecfg.$$ $TNZONECFG 1000ead1f93eSLiane Praza zenity --info \ 1001ead1f93eSLiane Praza --title="$title" \ 1002ead1f93eSLiane Praza --text="Multilevel ports for the $zonename zone\nwill be interpreted on next reboot." 1003ead1f93eSLiane Praza if [ $zonename != global ] ; then 1004ead1f93eSLiane Praza getLabelRange 1005ead1f93eSLiane Praza fi 1006ead1f93eSLiane Praza else 1007ead1f93eSLiane Praza syntax=$(cat $TXTMP/syntax_error.$$) 1008ead1f93eSLiane Praza x=$(zenity --error \ 1009ead1f93eSLiane Praza --title="$title" \ 1010ead1f93eSLiane Praza --text="$syntax") 1011ead1f93eSLiane Praza rm $TXTMP/tnzonecfg.$$ 1012ead1f93eSLiane Praza fi 1013ead1f93eSLiane Praza rm $TXTMP/syntax_error.$$ 1014f875b4ebSrica} 1015f875b4ebSrica 1016a8449b6bSGlenn FadenenableAuthentication() { 1017a8449b6bSGlenn Faden integer file_cnt=0 1018a8449b6bSGlenn Faden 1019a8449b6bSGlenn Faden zonepath=$(zoneadm -z $1 list -p|cut -d : -f4) 1020a8449b6bSGlenn Faden ZONE_ETC_DIR=$zonepath/root/etc 1021a8449b6bSGlenn Faden 1022a8449b6bSGlenn Faden # If the zone's shadow file was previously read-only 1023a8449b6bSGlenn Faden # there may be no root password entry for this zone. 1024a8449b6bSGlenn Faden # If so, replace the root password entry with the global zone's. 1025a8449b6bSGlenn Faden 1026a8449b6bSGlenn Faden entry=$(grep ^root:: $ZONE_ETC_DIR/shadow) 1027a8449b6bSGlenn Faden if [ $? -eq 0 ] ; then 1028a8449b6bSGlenn Faden grep ^root: /etc/shadow > $TXTMP/shadow.$$ 1029a8449b6bSGlenn Faden sed -e "/^root::/d" $ZONE_ETC_DIR/shadow >> \ 1030a8449b6bSGlenn Faden $TXTMP/shadow.$$ 2>/dev/null 1031a8449b6bSGlenn Faden mv $TXTMP/shadow.$$ $ZONE_ETC_DIR/shadow 1032a8449b6bSGlenn Faden chmod 400 $ZONE_ETC_DIR/shadow 1033a8449b6bSGlenn Faden fi 1034a8449b6bSGlenn Faden 1035a8449b6bSGlenn Faden if [ $LOGNAME = "root" ]; then 1036a8449b6bSGlenn Faden return 1037a8449b6bSGlenn Faden fi 1038a8449b6bSGlenn Faden 1039a8449b6bSGlenn Faden file[0]="passwd" 1040a8449b6bSGlenn Faden file[1]="shadow" 1041a8449b6bSGlenn Faden file[2]="user_attr" 1042a8449b6bSGlenn Faden # 1043a8449b6bSGlenn Faden # Add the user who assumed the root role to each installed zone 1044a8449b6bSGlenn Faden # 1045a8449b6bSGlenn Faden while (( file_cnt < ${#file[*]} )); do 1046a8449b6bSGlenn Faden exists=$(grep "^${LOGNAME}:" \ 1047a8449b6bSGlenn Faden $ZONE_ETC_DIR/${file[file_cnt]} >/dev/null) 1048a8449b6bSGlenn Faden if [ $? -ne 0 ] ; then 1049a8449b6bSGlenn Faden entry=$(grep "^${LOGNAME}:" \ 1050a8449b6bSGlenn Faden /etc/${file[file_cnt]}) 1051a8449b6bSGlenn Faden if [ $? -eq 0 ] ; then 1052a8449b6bSGlenn Faden print "$entry" >> \ 1053a8449b6bSGlenn Faden $ZONE_ETC_DIR/${file[file_cnt]} 1054a8449b6bSGlenn Faden fi 1055a8449b6bSGlenn Faden fi 1056a8449b6bSGlenn Faden file_cnt+=1 105756dd2b45Sjparcel done 1058a8449b6bSGlenn Faden chmod 400 $ZONE_ETC_DIR/shadow 1059a8449b6bSGlenn Faden} 1060a8449b6bSGlenn Faden 1061a8449b6bSGlenn FadenunsharePasswd() { 1062a8449b6bSGlenn Faden zonecfg -z $1 remove fs dir=/etc/passwd >/dev/null 2>&1 | grep -v such 1063a8449b6bSGlenn Faden zonecfg -z $1 remove fs dir=/etc/shadow >/dev/null 2>&1 | grep -v such 1064a8449b6bSGlenn Faden zoneadm -z $1 ready >/dev/null 2>&1 1065a8449b6bSGlenn Faden if [ $? -eq 0 ] ; then 1066a8449b6bSGlenn Faden enableAuthentication $1 1067a8449b6bSGlenn Faden zoneadm -z $1 halt >/dev/null 2>&1 1068a8449b6bSGlenn Faden else 1069a8449b6bSGlenn Faden echo Skipping $1 1070a8449b6bSGlenn Faden fi 107156dd2b45Sjparcel} 107256dd2b45Sjparcel 1073f875b4ebSricasharePasswd() { 1074a8449b6bSGlenn Faden passwd=$(zonecfg -z $1 info|grep /etc/passwd) 1075ead1f93eSLiane Praza if [ $? -eq 1 ] ; then 1076a8449b6bSGlenn Faden zonecfg -z $1 "add fs; \ 1077ead1f93eSLiane Praza set special=/etc/passwd; \ 1078ead1f93eSLiane Praza set dir=/etc/passwd; \ 1079ead1f93eSLiane Praza set type=lofs; \ 1080ead1f93eSLiane Praza add options ro; \ 1081ead1f93eSLiane Praza end; \ 1082ead1f93eSLiane Praza add fs; \ 1083ead1f93eSLiane Praza set special=/etc/shadow; \ 1084ead1f93eSLiane Praza set dir=/etc/shadow; \ 1085ead1f93eSLiane Praza set type=lofs; \ 1086ead1f93eSLiane Praza add options ro; \ 1087ead1f93eSLiane Praza end" 1088f875b4ebSrica fi 1089a8449b6bSGlenn Faden zoneadm -z $1 halt >/dev/null 2>&1 1090f875b4ebSrica} 1091f875b4ebSrica 109256dd2b45Sjparcel# This routine is a toggle -- if we find it configured for global nscd, 109356dd2b45Sjparcel# change to nscd-per-label and vice-versa. 109456dd2b45Sjparcel# 109556dd2b45Sjparcel# The user was presented with only the choice to CHANGE the existing 109656dd2b45Sjparcel# configuration. 109756dd2b45Sjparcel 109856dd2b45SjparcelmanageNscd() { 109956dd2b45Sjparcel if [ $NSCD_PER_LABEL -eq 0 ] ; then 110056dd2b45Sjparcel # this MUST be a regular file for svc-nscd to detect 110156dd2b45Sjparcel touch $NSCD_INDICATOR 1102ead1f93eSLiane Praza NSCD_OPT="Unconfigure per-zone name service" 110356dd2b45Sjparcel NSCD_PER_LABEL=1 1104a8449b6bSGlenn Faden for i in $(zoneadm list -i | grep -v global) ; do 1105a8449b6bSGlenn Faden zoneadm -z $i halt >/dev/null 2>&1 1106a8449b6bSGlenn Faden unsharePasswd $i 1107a8449b6bSGlenn Faden done 110856dd2b45Sjparcel else 110956dd2b45Sjparcel rm -f $NSCD_INDICATOR 1110ead1f93eSLiane Praza NSCD_OPT="Configure per-zone name service" 111156dd2b45Sjparcel NSCD_PER_LABEL=0 1112ead1f93eSLiane Praza for i in $(zoneadm list -i | grep -v global) ; do 1113a8449b6bSGlenn Faden zoneadm -z $i halt >/dev/null 2>&1 1114a8449b6bSGlenn Faden sharePasswd $i 111556dd2b45Sjparcel done 111656dd2b45Sjparcel fi 111756dd2b45Sjparcel} 111856dd2b45Sjparcel 1119ead1f93eSLiane PrazamanageZoneNets () { 1120ead1f93eSLiane Praza ncmds[0]="Only use all-zones interfaces" 1121ead1f93eSLiane Praza ncmds[1]="Add a logical interface" 1122ead1f93eSLiane Praza ncmds[2]="Add a virtual interface (VNIC)" 1123ead1f93eSLiane Praza 1124ead1f93eSLiane Praza stacks[0]="Shared Stack" 1125ead1f93eSLiane Praza stacks[1]="Exclusive Stack" 1126ead1f93eSLiane Praza 1127ead1f93eSLiane Praza getAllZoneNICs 1128ead1f93eSLiane Praza netOps[0]="1\n${ncmds[0]}\nShared Stack\n${aznics[*]}" 1129ead1f93eSLiane Praza 1130ead1f93eSLiane Praza integer nic_cnt=0 1131ead1f93eSLiane Praza integer netOp_cnt=2 1132ead1f93eSLiane Praza 1133ead1f93eSLiane Praza set -A nics $(dladm show-phys|grep -v LINK|cut -f1 -d " ") 1134ead1f93eSLiane Praza 1135ead1f93eSLiane Praza while (( nic_cnt < ${#nics[*]} )); do 1136ead1f93eSLiane Praza netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[1]}\n${stacks[0]}\n${nics[nic_cnt]}" 1137ead1f93eSLiane Praza netOp_cnt+=1 1138ead1f93eSLiane Praza netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[2]}\n${stacks[1]}\n${nics[nic_cnt]}" 1139ead1f93eSLiane Praza netOp_cnt+=1 1140ead1f93eSLiane Praza nic_cnt+=1 1141f875b4ebSrica done 1142f875b4ebSrica 1143ead1f93eSLiane Praza netOp=$(print "${netOps[*]}"|zenity --list \ 1144ead1f93eSLiane Praza --title="$title" \ 1145ead1f93eSLiane Praza --text="$msg_getnet $zonename zone:" \ 1146ead1f93eSLiane Praza --height=300 \ 1147ead1f93eSLiane Praza --width=500 \ 1148ead1f93eSLiane Praza --column="#" \ 1149ead1f93eSLiane Praza --column="Network Configuration " \ 1150ead1f93eSLiane Praza --column="IP Type" \ 1151ead1f93eSLiane Praza --column="Available Interfaces" \ 1152ead1f93eSLiane Praza --hide-column=1 1153ead1f93eSLiane Praza ) 1154ead1f93eSLiane Praza 1155ead1f93eSLiane Praza # User picked cancel or no selection 1156ead1f93eSLiane Praza if [[ -z $netOp ]] ; then 1157ead1f93eSLiane Praza return 1158f875b4ebSrica fi 1159ead1f93eSLiane Praza 1160ead1f93eSLiane Praza # All-zones is the default, so just return 1161ead1f93eSLiane Praza if [ $netOp = 1 ] ; then 1162ead1f93eSLiane Praza return 1163ead1f93eSLiane Praza fi 1164ead1f93eSLiane Praza 1165ead1f93eSLiane Praza cmd=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 3) 1166ead1f93eSLiane Praza nic=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 5) 1167ead1f93eSLiane Praza case $cmd in 1168ead1f93eSLiane Praza ${ncmds[1]} ) 1169ead1f93eSLiane Praza addNet; 1170ead1f93eSLiane Praza ;; 1171ead1f93eSLiane Praza ${ncmds[2]} ) 1172ead1f93eSLiane Praza zonecfg -z $zonename set ip-type=exclusive 1173ead1f93eSLiane Praza createVNIC 1174ead1f93eSLiane Praza ;; 1175ead1f93eSLiane Praza esac 1176ead1f93eSLiane Praza} 1177ead1f93eSLiane Praza 1178ead1f93eSLiane PrazamanageInterface () { 1179ead1f93eSLiane Praza while (( 1 )) do 1180ead1f93eSLiane Praza getAttrs 1181ead1f93eSLiane Praza 1182ead1f93eSLiane Praza # Clear list of commands 1183ead1f93eSLiane Praza 1184ead1f93eSLiane Praza share= 1185ead1f93eSLiane Praza setipaddr= 1186ead1f93eSLiane Praza newlogical= 1187ead1f93eSLiane Praza newvnic= 1188ead1f93eSLiane Praza unplumb= 1189ead1f93eSLiane Praza bringup= 1190ead1f93eSLiane Praza bringdown= 1191ead1f93eSLiane Praza 1192ead1f93eSLiane Praza if [ $updown = Down ] ; then 1193ead1f93eSLiane Praza bringup="Bring Up\n" 1194ead1f93eSLiane Praza else 1195ead1f93eSLiane Praza bringdown="Bring Down\n" 1196ead1f93eSLiane Praza fi 1197ead1f93eSLiane Praza 1198ead1f93eSLiane Praza case $linktype in 1199ead1f93eSLiane Praza physical ) 1200ead1f93eSLiane Praza newlogical="Create Logical Interface...\n"; 1201ead1f93eSLiane Praza newvnic="Create Virtual Interface (VNIC)...\n"; 1202ead1f93eSLiane Praza ;; 1203ead1f93eSLiane Praza logical ) 1204ead1f93eSLiane Praza unplumb="Remove Logical Interface\n" 1205ead1f93eSLiane Praza ;; 1206ead1f93eSLiane Praza virtual ) 1207ead1f93eSLiane Praza newlogical="Create Logical Interface...\n"; 1208ead1f93eSLiane Praza unplumb="Remove Virtual Interface\n" ; 1209ead1f93eSLiane Praza ;; 1210ead1f93eSLiane Praza esac 1211ead1f93eSLiane Praza 1212ead1f93eSLiane Praza if [ $ipaddr = "..." ] ; then 1213ead1f93eSLiane Praza setipaddr="Set IP address...\n" 1214ead1f93eSLiane Praza elif [ $zone != all-zones ] ; then 1215ead1f93eSLiane Praza share="Share with Shared-IP Zones\n" 1216a8449b6bSGlenn Faden else 1217a8449b6bSGlenn Faden share="Remove from Shared-IP Zones\n" 1218ead1f93eSLiane Praza fi 1219ead1f93eSLiane Praza 1220ead1f93eSLiane Praza command=$(print ""\ 1221ead1f93eSLiane Praza $share \ 1222ead1f93eSLiane Praza $setipaddr \ 1223ead1f93eSLiane Praza $newlogical \ 1224ead1f93eSLiane Praza $newvnic \ 1225ead1f93eSLiane Praza $unplumb \ 1226ead1f93eSLiane Praza $bringup \ 1227ead1f93eSLiane Praza $bringdown \ 1228ead1f93eSLiane Praza | zenity --list \ 1229ead1f93eSLiane Praza --title="$title" \ 1230ead1f93eSLiane Praza --text="Select a command from the list below:" \ 1231ead1f93eSLiane Praza --height=300 \ 1232ead1f93eSLiane Praza --column "Interface: $nic" ) 1233ead1f93eSLiane Praza 1234ead1f93eSLiane Praza case $command in 1235ead1f93eSLiane Praza " Create Logical Interface...") 1236ead1f93eSLiane Praza createInterface;; 1237ead1f93eSLiane Praza " Create Virtual Interface (VNIC)...") 1238ead1f93eSLiane Praza createVNIC ;; 1239ead1f93eSLiane Praza " Set IP address...") 1240ead1f93eSLiane Praza getIPaddr 1241ead1f93eSLiane Praza addHost;; 1242ead1f93eSLiane Praza " Share with Shared-IP Zones") 1243ead1f93eSLiane Praza shareInterface;; 1244a8449b6bSGlenn Faden " Remove from Shared-IP Zones") 1245a8449b6bSGlenn Faden unshareInterface;; 1246ead1f93eSLiane Praza " Remove Logical Interface") 1247ead1f93eSLiane Praza ifconfig $nic unplumb 1248ead1f93eSLiane Praza rm -f /etc/hostname.$nic 1249ead1f93eSLiane Praza return;; 1250ead1f93eSLiane Praza " Remove Virtual Interface") 1251ead1f93eSLiane Praza ifconfig $nic unplumb 1252ead1f93eSLiane Praza dladm delete-vnic $nic 1253ead1f93eSLiane Praza rm -f /etc/hostname.$nic 1254ead1f93eSLiane Praza return;; 1255ead1f93eSLiane Praza " Bring Up") 1256ead1f93eSLiane Praza ifconfig $nic up;; 1257ead1f93eSLiane Praza " Bring Down") 1258ead1f93eSLiane Praza ifconfig $nic down;; 1259ead1f93eSLiane Praza *) return;; 1260ead1f93eSLiane Praza esac 1261ead1f93eSLiane Praza done 1262ead1f93eSLiane Praza} 1263ead1f93eSLiane Praza 1264ead1f93eSLiane PrazasharePrimaryNic() { 1265ead1f93eSLiane Praza set -A ip $(getent hosts $(cat /etc/nodename)) 1266ead1f93eSLiane Praza for i in $(ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK) 1267ead1f93eSLiane Praza do 1268ead1f93eSLiane Praza print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 1269ead1f93eSLiane Praza [ $? -eq 1 ] && continue 1270ead1f93eSLiane Praza 1271f875b4ebSrica nic=${i%:} # Remove colon after interface name 1272f875b4ebSrica getAttrs 1273ead1f93eSLiane Praza if [ ${ip[0]} = $ipaddr ]; then 1274ead1f93eSLiane Praza shareInterface 1275ead1f93eSLiane Praza break 1276ead1f93eSLiane Praza fi 1277ead1f93eSLiane Praza done 1278ead1f93eSLiane Praza} 1279ead1f93eSLiane Praza 1280ead1f93eSLiane PrazamanageNets() { 1281ead1f93eSLiane Praza while (( 1 )) do 1282ead1f93eSLiane Praza attrs= 1283ead1f93eSLiane Praza for i in $(ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK) 1284ead1f93eSLiane Praza do 1285ead1f93eSLiane Praza print "$i" |grep "^[a-z].*:" >/dev/null 2>&1 1286ead1f93eSLiane Praza [ $? -eq 1 ] && continue 1287ead1f93eSLiane Praza 1288ead1f93eSLiane Praza nic=${i%:} # Remove colon after interface name 1289ead1f93eSLiane Praza getAttrs 1290ead1f93eSLiane Praza attrs="$nic $linktype $zone $ipaddr $template $updown $attrs" 1291f875b4ebSrica done 1292f875b4ebSrica 1293f875b4ebSrica nic=$(zenity --list \ 1294f875b4ebSrica --title="$title" \ 1295ead1f93eSLiane Praza --text="Select an interface from the list below:" \ 1296f875b4ebSrica --height=300 \ 1297ead1f93eSLiane Praza --width=500 \ 1298f875b4ebSrica --column="Interface" \ 1299ead1f93eSLiane Praza --column="Type" \ 1300f875b4ebSrica --column="Zone Name" \ 1301f875b4ebSrica --column="IP Address" \ 1302f875b4ebSrica --column="Template" \ 1303f875b4ebSrica --column="State" \ 1304f875b4ebSrica $attrs) 1305f875b4ebSrica 1306f875b4ebSrica if [[ -z $nic ]] ; then 1307f875b4ebSrica return 1308f875b4ebSrica fi 1309ead1f93eSLiane Praza manageInterface 1310f875b4ebSrica done 1311f875b4ebSrica} 1312f875b4ebSrica 1313392f053cSjpkcreateLDAPclient() { 1314392f053cSjpk ldaptitle="$title: Create LDAP Client" 1315392f053cSjpk ldapdomain=$(zenity --entry \ 1316392f053cSjpk --width=400 \ 1317392f053cSjpk --title="$ldaptitle" \ 1318392f053cSjpk --text="Enter Domain Name: ") 1319ead1f93eSLiane Praza if [[ -n $ldapdomain ]] ; then 1320392f053cSjpk ldapserver=$(zenity --entry \ 1321392f053cSjpk --width=400 \ 1322392f053cSjpk --title="$ldaptitle" \ 1323392f053cSjpk --text="Enter Hostname of LDAP Server: ") 1324ead1f93eSLiane Praza else 1325ead1f93eSLiane Praza return 1326ead1f93eSLiane Praza fi 1327ead1f93eSLiane Praza if [[ -n $ldapserver ]] ; then 1328392f053cSjpk ldapserveraddr=$(zenity --entry \ 1329392f053cSjpk --width=400 \ 1330392f053cSjpk --title="$ldaptitle" \ 1331392f053cSjpk --text="Enter IP adddress of LDAP Server $ldapserver: ") 1332ead1f93eSLiane Praza else 1333ead1f93eSLiane Praza return 1334ead1f93eSLiane Praza fi 1335392f053cSjpk ldappassword="" 1336392f053cSjpk while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]] ; do 1337392f053cSjpk ldappassword=$(zenity --entry \ 1338392f053cSjpk --width=400 \ 1339392f053cSjpk --title="$ldaptitle" \ 1340392f053cSjpk --hide-text \ 1341392f053cSjpk --text="Enter LDAP Proxy Password:") 1342392f053cSjpk ldappasswordconfirm=$(zenity --entry \ 1343392f053cSjpk --width=400 \ 1344392f053cSjpk --title="$ldaptitle" \ 1345392f053cSjpk --hide-text \ 1346392f053cSjpk --text="Confirm LDAP Proxy Password:") 1347392f053cSjpk done 1348392f053cSjpk ldapprofile=$(zenity --entry \ 1349392f053cSjpk --width=400 \ 1350392f053cSjpk --title="$ldaptitle" \ 1351392f053cSjpk --text="Enter LDAP Profile Name: ") 1352392f053cSjpk whatnext=$(zenity --list \ 1353392f053cSjpk --width=400 \ 1354392f053cSjpk --height=250 \ 1355392f053cSjpk --title="$ldaptitle" \ 1356392f053cSjpk --text="Proceed to create LDAP Client?" \ 1357392f053cSjpk --column=Parameter --column=Value \ 1358392f053cSjpk "Domain Name" "$ldapdomain" \ 1359392f053cSjpk "Hostname" "$ldapserver" \ 1360392f053cSjpk "IP Address" "$ldapserveraddr" \ 1361ead1f93eSLiane Praza "Password" "$(print "$ldappassword" | sed 's/./*/g')" \ 1362392f053cSjpk "Profile" "$ldapprofile") 1363ead1f93eSLiane Praza [ $? != 0 ] && return 1364392f053cSjpk 1365ead1f93eSLiane Praza grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null 1366392f053cSjpk if [ $? -eq 1 ] ; then 1367ead1f93eSLiane Praza print "$ldapserveraddr $ldapserver" >> /etc/hosts 1368392f053cSjpk fi 1369392f053cSjpk 1370ead1f93eSLiane Praza grep "${ldapserver}:" $TNRHDB > /dev/null 1371392f053cSjpk if [ $? -eq 1 ] ; then 1372ead1f93eSLiane Praza print "# ${ldapserver} - ldap server" \ 1373ead1f93eSLiane Praza >> $TNRHDB 1374ead1f93eSLiane Praza print "${ldapserveraddr}:cipso" \ 1375ead1f93eSLiane Praza >> $TNRHDB 1376ead1f93eSLiane Praza tnctl -h "${ldapserveraddr}:cipso" 1377392f053cSjpk fi 1378392f053cSjpk 1379ead1f93eSLiane Praza proxyDN=$(print $ldapdomain|awk -F"." \ 1380ead1f93eSLiane Praza "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }") 1381392f053cSjpk 1382392f053cSjpk zenity --info \ 1383392f053cSjpk --title="$ldaptitle" \ 1384392f053cSjpk --width=500 \ 1385392f053cSjpk --text="global zone will be LDAP client of $ldapserver" 1386392f053cSjpk 1387ead1f93eSLiane Praza ldapout=$TXTMP/ldapclient.$$ 1388392f053cSjpk 1389392f053cSjpk ldapclient init -a profileName="$ldapprofile" \ 1390392f053cSjpk -a domainName="$ldapdomain" \ 1391392f053cSjpk -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \ 1392392f053cSjpk -a proxyPassword="$ldappassword" \ 1393392f053cSjpk "$ldapserveraddr" >$ldapout 2>&1 1394392f053cSjpk 1395392f053cSjpk if [ $? -eq 0 ] ; then 1396392f053cSjpk ldapstatus=Success 1397392f053cSjpk else 1398392f053cSjpk ldapstatus=Error 1399392f053cSjpk fi 1400392f053cSjpk 1401392f053cSjpk zenity --text-info \ 1402392f053cSjpk --width=700 \ 1403392f053cSjpk --height=300 \ 1404392f053cSjpk --title="$ldaptitle: $ldapstatus" \ 1405392f053cSjpk --filename=$ldapout 1406392f053cSjpk 1407392f053cSjpk rm -f $ldapout 1408392f053cSjpk 1409392f053cSjpk 1410392f053cSjpk} 1411392f053cSjpk 1412ead1f93eSLiane PrazatearDownZones() { 1413e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1414e27732d8SRic Aleshire if [ $FORCE -eq 0 ] ; then 1415e27732d8SRic Aleshire gettext "OK to destroy all zones [y|N]? " 1416e27732d8SRic Aleshire read ans 1417e27732d8SRic Aleshire printf "%s\n" "$ans" \ 1418e27732d8SRic Aleshire | /usr/xpg4/bin/grep -Eq "$(locale yesexpr)" 1419e27732d8SRic Aleshire if [ $? -ne 0 ] ; then 1420e27732d8SRic Aleshire gettext "canceled.\n" 1421e27732d8SRic Aleshire return 1 1422e27732d8SRic Aleshire fi 1423e27732d8SRic Aleshire fi 1424e27732d8SRic Aleshire gettext "destroying all zones ...\n" 1425e27732d8SRic Aleshire else 1426ead1f93eSLiane Praza killall=$(zenity --question \ 1427ead1f93eSLiane Praza --title="$title" \ 1428ead1f93eSLiane Praza --width=330 \ 1429ead1f93eSLiane Praza --text="$msg_confirmkill") 1430ead1f93eSLiane Praza if [[ $? != 0 ]]; then 1431ead1f93eSLiane Praza return 1432ead1f93eSLiane Praza fi 1433e27732d8SRic Aleshire fi 1434ead1f93eSLiane Praza 1435ead1f93eSLiane Praza for p in $(zoneadm list -cp|grep -v global:) ; do 1436ead1f93eSLiane Praza zonename=$(echo "$p"|cut -d : -f2) 1437e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1438e27732d8SRic Aleshire gettext "destroying zone $zonename ...\n" 1439e27732d8SRic Aleshire fi 1440ead1f93eSLiane Praza zoneadm -z $zonename halt 1>/dev/null 2>&1 1441ead1f93eSLiane Praza zoneadm -z $zonename uninstall -F 1>/dev/null 2>&1 1442ead1f93eSLiane Praza delete -rRf 1443ead1f93eSLiane Praza done 1444ead1f93eSLiane Praza zonename=global 1445ead1f93eSLiane Praza} 1446ead1f93eSLiane Praza 1447ead1f93eSLiane PrazacreateDefaultZones() { 1448e27732d8SRic Aleshire # If GUI display is not used, skip the dialog 1449e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1450e27732d8SRic Aleshire createDefaultPublic 1451e27732d8SRic Aleshire if [ $? -ne 0 ] ; then 1452e27732d8SRic Aleshire return 1 1453e27732d8SRic Aleshire fi 1454e27732d8SRic Aleshire createDefaultInternal 1455e27732d8SRic Aleshire return 1456e27732d8SRic Aleshire fi 1457e27732d8SRic Aleshire 1458ead1f93eSLiane Praza msg_choose1=$(gettext "Choose one:") 1459ead1f93eSLiane Praza defpub=$(gettext "$PUBZONE zone only") 1460ead1f93eSLiane Praza defboth=$(gettext "$PUBZONE and $INTZONE zones") 1461ead1f93eSLiane Praza defskip=$(gettext "Main Menu...") 1462ead1f93eSLiane Praza command=$(echo ""\ 1463ead1f93eSLiane Praza "$defpub\n" \ 1464ead1f93eSLiane Praza "$defboth\n" \ 1465ead1f93eSLiane Praza "$defskip\n" \ 1466ead1f93eSLiane Praza | zenity --list \ 1467ead1f93eSLiane Praza --title="$title" \ 1468ead1f93eSLiane Praza --text="$msg_defzones" \ 1469ead1f93eSLiane Praza --column="$msg_choose1" \ 1470ead1f93eSLiane Praza --height=400 \ 1471ead1f93eSLiane Praza --width=330 ) 1472ead1f93eSLiane Praza 1473ead1f93eSLiane Praza case $command in 1474ead1f93eSLiane Praza " $defpub") 1475ead1f93eSLiane Praza createDefaultPublic ;; 1476ead1f93eSLiane Praza 1477ead1f93eSLiane Praza " $defboth") 1478ead1f93eSLiane Praza createDefaultPublic 1479e27732d8SRic Aleshire if [ $? -ne 0 ] ; then 1480e27732d8SRic Aleshire return 1 1481e27732d8SRic Aleshire fi 1482ead1f93eSLiane Praza createDefaultInternal ;; 1483ead1f93eSLiane Praza 1484ead1f93eSLiane Praza *) 1485ead1f93eSLiane Praza return;; 1486ead1f93eSLiane Praza esac 1487ead1f93eSLiane Praza} 1488ead1f93eSLiane Praza 1489ead1f93eSLiane PrazacreateDefaultPublic() { 1490ead1f93eSLiane Praza zonename=$PUBZONE 1491e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1492e27732d8SRic Aleshire gettext "creating default $zonename zone ...\n" 1493e27732d8SRic Aleshire fi 1494ead1f93eSLiane Praza newZone 1495ead1f93eSLiane Praza zone_cnt+=1 1496ead1f93eSLiane Praza hexlabel=$DEFAULTLABEL 1497ead1f93eSLiane Praza setTNdata 1498ead1f93eSLiane Praza sharePrimaryNic 1499e27732d8SRic Aleshire 1500ead1f93eSLiane Praza install 1501e27732d8SRic Aleshire if [ $? -ne 0 ] ; then 1502e27732d8SRic Aleshire return 1 1503e27732d8SRic Aleshire fi 1504e27732d8SRic Aleshire 1505e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1506e27732d8SRic Aleshire gettext "booting zone $zonename ...\n" 1507e27732d8SRic Aleshire zoneadm -z $zonename boot 1508e27732d8SRic Aleshire else 1509ead1f93eSLiane Praza zoneadm -z $zonename boot & 1510ead1f93eSLiane Praza gnome-terminal \ 1511ead1f93eSLiane Praza --disable-factory \ 1512ead1f93eSLiane Praza --title="Zone Console: $zonename $msg_continue" \ 1513ead1f93eSLiane Praza --command "zlogin -C $zonename" 1514e27732d8SRic Aleshire fi 1515ead1f93eSLiane Praza} 1516ead1f93eSLiane Praza 1517ead1f93eSLiane PrazacreateDefaultInternal() { 1518ead1f93eSLiane Praza zoneadm -z $PUBZONE halt 1519ead1f93eSLiane Praza 1520ead1f93eSLiane Praza zonename=snapshot 1521ead1f93eSLiane Praza newZone 1522ead1f93eSLiane Praza zone_cnt+=1 1523ead1f93eSLiane Praza zonecfg -z $zonename set autoboot=false 1524ead1f93eSLiane Praza 1525ead1f93eSLiane Praza clone $PUBZONE 1526ead1f93eSLiane Praza zoneadm -z $PUBZONE boot & 1527ead1f93eSLiane Praza 1528ead1f93eSLiane Praza zonename=$INTZONE 1529e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1530e27732d8SRic Aleshire gettext "creating default $zonename zone ...\n" 1531e27732d8SRic Aleshire fi 1532ead1f93eSLiane Praza newZone 1533ead1f93eSLiane Praza zone_cnt+=1 1534e27732d8SRic Aleshire 1535e27732d8SRic Aleshire hexlabel=$INTLABEL 1536e27732d8SRic Aleshire x=$(grep -i :{$hexlabel}: $TNZONECFG) 1537e27732d8SRic Aleshire if [ $? = 0 ] ; then 1538e27732d8SRic Aleshire z=$(print $x|cut -d : -f1) 1539e27732d8SRic Aleshire echo "$msg_inuse $z zone." 1540e27732d8SRic Aleshire else 1541e27732d8SRic Aleshire setTNdata 1542e27732d8SRic Aleshire fi 1543ead1f93eSLiane Praza 1544ead1f93eSLiane Praza clone snapshot 1545e27732d8SRic Aleshire if [ $DISP -eq 0 ] ; then 1546e27732d8SRic Aleshire gettext "booting zone $zonename ...\n" 1547e27732d8SRic Aleshire else 1548ead1f93eSLiane Praza gnome-terminal \ 1549ead1f93eSLiane Praza --title="Zone Console: $zonename" \ 1550ead1f93eSLiane Praza --command "zlogin -C $zonename" & 1551e27732d8SRic Aleshire fi 1552ead1f93eSLiane Praza zoneadm -z $zonename boot & 1553ead1f93eSLiane Praza} 1554ead1f93eSLiane Praza 1555ead1f93eSLiane PrazaselectZone() { 1556ead1f93eSLiane Praza set -A zonelist "global\nrunning\nADMIN_HIGH" 1557ead1f93eSLiane Praza integer zone_cnt=1 1558ead1f93eSLiane Praza 1559ead1f93eSLiane Praza for p in $(zoneadm list -cp|grep -v global:) ; do 1560ead1f93eSLiane Praza zone_cnt+=1 1561ead1f93eSLiane Praza done 1562ead1f93eSLiane Praza if [ $zone_cnt == 1 ] ; then 1563ead1f93eSLiane Praza createDefaultZones 1564ead1f93eSLiane Praza fi 1565ead1f93eSLiane Praza if [ $zone_cnt == 1 ] ; then 1566ead1f93eSLiane Praza zonename=global 1567ead1f93eSLiane Praza singleZone 1568ead1f93eSLiane Praza return 1569ead1f93eSLiane Praza fi 1570ead1f93eSLiane Praza 1571ead1f93eSLiane Praza zone_cnt=1 1572ead1f93eSLiane Praza for p in $(zoneadm list -cp|grep -v global:) ; do 1573ead1f93eSLiane Praza zonename=$(echo "$p"|cut -d : -f2) 1574ead1f93eSLiane Praza state=$(echo "$p"|cut -d : -f3) 1575ead1f93eSLiane Praza hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2) 1576ead1f93eSLiane Praza if [[ $hexlabel ]] ; then 1577ead1f93eSLiane Praza curlabel=$(hextoalabel $hexlabel) 1578ead1f93eSLiane Praza else 1579ead1f93eSLiane Praza curlabel=... 1580ead1f93eSLiane Praza fi 1581ead1f93eSLiane Praza zonelist[zone_cnt]="\n$zonename\n$state\n$curlabel" 1582ead1f93eSLiane Praza zone_cnt+=1 1583ead1f93eSLiane Praza done 1584ead1f93eSLiane Praza zonename=$(print "${zonelist[*]}"|zenity --list \ 1585ead1f93eSLiane Praza --title="$title" \ 1586ead1f93eSLiane Praza --text="$msg_getzone" \ 1587ead1f93eSLiane Praza --height=300 \ 1588ead1f93eSLiane Praza --width=500 \ 1589ead1f93eSLiane Praza --column="Zone Name" \ 1590ead1f93eSLiane Praza --column="Status" \ 1591ead1f93eSLiane Praza --column="Sensitivity Label" \ 1592ead1f93eSLiane Praza ) 1593ead1f93eSLiane Praza 1594ead1f93eSLiane Praza # if the menu choice was a zonename, pop up zone menu 1595ead1f93eSLiane Praza if [[ -n $zonename ]] ; then 1596ead1f93eSLiane Praza singleZone 1597ead1f93eSLiane Praza else 1598ead1f93eSLiane Praza exit 1599ead1f93eSLiane Praza fi 1600ead1f93eSLiane Praza} 1601ead1f93eSLiane Praza 160256dd2b45Sjparcel# Loop for single-zone menu 160356dd2b45SjparcelsingleZone() { 160456dd2b45Sjparcel 1605ead1f93eSLiane Praza while (( 1 )) do 1606f875b4ebSrica # Clear list of commands 1607f875b4ebSrica 1608f875b4ebSrica console= 1609f875b4ebSrica label= 1610f875b4ebSrica start= 1611f875b4ebSrica reboot= 1612f875b4ebSrica stop= 1613f875b4ebSrica clone= 1614f875b4ebSrica install= 1615f875b4ebSrica ready= 1616f875b4ebSrica uninstall= 1617ead1f93eSLiane Praza autoboot= 1618f875b4ebSrica delete= 1619f875b4ebSrica deletenet= 1620f875b4ebSrica permitrelabel= 1621f875b4ebSrica 1622ead1f93eSLiane Praza if [ $zone_cnt -gt 1 ] ; then 1623ead1f93eSLiane Praza killZones="Destroy all zones...\n" 1624ead1f93eSLiane Praza xit="Select another zone..." 1625ead1f93eSLiane Praza else 1626ead1f93eSLiane Praza killZones= 1627ead1f93eSLiane Praza xit="Exit" 1628ead1f93eSLiane Praza fi 1629ead1f93eSLiane Praza if [ $zonename = global ] ; then 1630ead1f93eSLiane Praza ldapClient="Create LDAP Client...\n" 1631ead1f93eSLiane Praza nscdOpt="$NSCD_OPT\n" 1632ead1f93eSLiane Praza createZone="Create a new zone...\n" 1633ead1f93eSLiane Praza addnet="Configure Network Interfaces...\n" 1634ead1f93eSLiane Praza else 1635ead1f93eSLiane Praza ldapClient= 1636ead1f93eSLiane Praza nscdOpt= 1637ead1f93eSLiane Praza createZone= 1638ead1f93eSLiane Praza addnet= 1639ead1f93eSLiane Praza killZones= 1640ead1f93eSLiane Praza fi 1641ead1f93eSLiane Praza 1642ead1f93eSLiane Praza zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3) 1643f875b4ebSrica 1644f875b4ebSrica consoleCheck; 1645f875b4ebSrica labelCheck; 1646f875b4ebSrica delay=0 1647f875b4ebSrica 1648ead1f93eSLiane Praza if [ $zonename != global ] ; then 1649f875b4ebSrica case $zonestate in 1650ead1f93eSLiane Praza running) 1651ead1f93eSLiane Praza ready="Ready\n" 1652ead1f93eSLiane Praza reboot="Reboot\n" 1653ead1f93eSLiane Praza stop="Halt\n" 1654f875b4ebSrica ;; 1655ead1f93eSLiane Praza ready) 1656ead1f93eSLiane Praza start="Boot\n" 1657ead1f93eSLiane Praza stop="Halt\n" 1658f875b4ebSrica ;; 1659f875b4ebSrica installed) 1660ead1f93eSLiane Praza if [[ -z $label ]] ; then 1661ead1f93eSLiane Praza ready="Ready\n" 1662ead1f93eSLiane Praza start="Boot\n" 1663ead1f93eSLiane Praza fi 1664ead1f93eSLiane Praza uninstall="Uninstall\n" 1665ead1f93eSLiane Praza relabelCheck 1666ead1f93eSLiane Praza autobootCheck 1667f875b4ebSrica ;; 1668ead1f93eSLiane Praza configured) 1669ead1f93eSLiane Praza install="Install...\n" 1670ead1f93eSLiane Praza cloneCheck 1671ead1f93eSLiane Praza delete="Delete\n" 1672ead1f93eSLiane Praza console= 1673f875b4ebSrica ;; 1674ead1f93eSLiane Praza incomplete) 1675ead1f93eSLiane Praza uninstall="Uninstall\n" 1676f875b4ebSrica ;; 1677f875b4ebSrica *) 1678f875b4ebSrica ;; 1679f875b4ebSrica esac 1680ead1f93eSLiane Praza fi 1681f875b4ebSrica 1682f875b4ebSrica command=$(echo ""\ 1683ead1f93eSLiane Praza $createZone \ 1684f875b4ebSrica $console \ 1685f875b4ebSrica $label \ 1686f875b4ebSrica $start \ 1687f875b4ebSrica $reboot \ 1688f875b4ebSrica $stop \ 1689f875b4ebSrica $clone \ 1690f875b4ebSrica $install \ 1691f875b4ebSrica $ready \ 1692f875b4ebSrica $uninstall \ 1693f875b4ebSrica $delete \ 1694f875b4ebSrica $addnet \ 1695f875b4ebSrica $deletenet \ 1696ead1f93eSLiane Praza $addremotehost \ 1697ead1f93eSLiane Praza $addcipsohost \ 1698ead1f93eSLiane Praza $removeremotehost \ 1699ead1f93eSLiane Praza $removecipsohost \ 1700ead1f93eSLiane Praza $setmlps \ 1701f875b4ebSrica $permitrelabel \ 1702ead1f93eSLiane Praza $autoboot \ 1703ead1f93eSLiane Praza $ldapClient \ 1704ead1f93eSLiane Praza $nscdOpt \ 1705ead1f93eSLiane Praza $killZones \ 1706ead1f93eSLiane Praza $xit \ 1707f875b4ebSrica | zenity --list \ 1708f875b4ebSrica --title="$title" \ 1709ead1f93eSLiane Praza --text="$msg_getcmd" \ 1710ead1f93eSLiane Praza --height=400 \ 1711ead1f93eSLiane Praza --width=330 \ 1712ead1f93eSLiane Praza --column "Zone: $zonename Status: $zonestate" ) 1713f875b4ebSrica 1714f875b4ebSrica case $command in 1715ead1f93eSLiane Praza " Create a new zone...") 1716ead1f93eSLiane Praza zonename= 1717ead1f93eSLiane Praza newZone ;; 1718ead1f93eSLiane Praza 1719f875b4ebSrica " Zone Console...") 1720ead1f93eSLiane Praza delay=2 1721ead1f93eSLiane Praza gnome-terminal \ 1722ead1f93eSLiane Praza --title="Zone Console: $zonename" \ 1723ead1f93eSLiane Praza --command "zlogin -C $zonename" & ;; 1724f875b4ebSrica 1725f875b4ebSrica " Select Label...") 1726f875b4ebSrica selectLabel;; 1727f875b4ebSrica 1728f875b4ebSrica " Ready") 1729f875b4ebSrica zoneadm -z $zonename ready ;; 1730f875b4ebSrica 1731f875b4ebSrica " Boot") 1732f875b4ebSrica zoneadm -z $zonename boot ;; 1733f875b4ebSrica 1734f875b4ebSrica " Halt") 1735f875b4ebSrica zoneadm -z $zonename halt ;; 1736f875b4ebSrica 1737f875b4ebSrica " Reboot") 1738f875b4ebSrica zoneadm -z $zonename reboot ;; 1739f875b4ebSrica 1740f875b4ebSrica " Install...") 1741f875b4ebSrica install;; 1742f875b4ebSrica 1743ead1f93eSLiane Praza " Clone...") 1744f875b4ebSrica clone ;; 1745f875b4ebSrica 1746f875b4ebSrica " Uninstall") 1747f875b4ebSrica zoneadm -z $zonename uninstall -F;; 1748f875b4ebSrica 1749f875b4ebSrica " Delete") 175056dd2b45Sjparcel delete 175156dd2b45Sjparcel return ;; 1752f875b4ebSrica 1753ead1f93eSLiane Praza " Configure Network Interfaces...") 1754ead1f93eSLiane Praza if [ $zonename = global ] ; then 1755ead1f93eSLiane Praza manageNets 1756ead1f93eSLiane Praza else 1757ead1f93eSLiane Praza manageZoneNets 1758ead1f93eSLiane Praza fi;; 1759ead1f93eSLiane Praza 1760ead1f93eSLiane Praza " Add Single-level Access to Remote Host...") 1761ead1f93eSLiane Praza addTnrhdb ;; 1762ead1f93eSLiane Praza 1763ead1f93eSLiane Praza " Add Multilevel Access to Remote Host...") 1764ead1f93eSLiane Praza template=cipso 1765ead1f93eSLiane Praza addTnrhdb ;; 1766ead1f93eSLiane Praza 1767ead1f93eSLiane Praza " Remove Single-level Access to Remote Host...") 1768ead1f93eSLiane Praza removeTnrhdb ;; 1769ead1f93eSLiane Praza 1770ead1f93eSLiane Praza " Remove Multilevel Access to Remote Host...") 1771ead1f93eSLiane Praza template=cipso 1772ead1f93eSLiane Praza removeTnrhdb ;; 1773ead1f93eSLiane Praza 1774ead1f93eSLiane Praza " Configure Multilevel Ports...") 1775ead1f93eSLiane Praza setMLPs;; 1776f875b4ebSrica 1777f875b4ebSrica " Permit Relabeling") 1778ead1f93eSLiane Praza zonecfg -z $zonename set limitpriv=default,\ 1779ead1f93eSLiane Prazawin_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,\ 1780ead1f93eSLiane Prazafile_downgrade_sl,file_upgrade_sl,sys_trans_label ;; 1781f875b4ebSrica 1782f875b4ebSrica " Deny Relabeling") 1783ead1f93eSLiane Praza zonecfg -z $zonename set limitpriv=default ;; 1784ead1f93eSLiane Praza 1785ead1f93eSLiane Praza " Set Automatic Booting") 1786ead1f93eSLiane Praza zonecfg -z $zonename set autoboot=true ;; 1787ead1f93eSLiane Praza 1788ead1f93eSLiane Praza " Set Manual Booting") 1789ead1f93eSLiane Praza zonecfg -z $zonename set autoboot=false ;; 1790ead1f93eSLiane Praza 1791ead1f93eSLiane Praza " Create LDAP Client...") 1792ead1f93eSLiane Praza createLDAPclient ;; 1793ead1f93eSLiane Praza 1794ead1f93eSLiane Praza " Configure per-zone name service") 1795ead1f93eSLiane Praza manageNscd ;; 1796ead1f93eSLiane Praza 1797ead1f93eSLiane Praza " Unconfigure per-zone name service") 1798ead1f93eSLiane Praza manageNscd ;; 1799ead1f93eSLiane Praza 1800ead1f93eSLiane Praza " Destroy all zones...") 1801ead1f93eSLiane Praza tearDownZones 1802ead1f93eSLiane Praza return ;; 1803f875b4ebSrica 1804f875b4ebSrica *) 1805ead1f93eSLiane Praza if [ $zone_cnt == 1 ] ; then 1806ead1f93eSLiane Praza exit 1807ead1f93eSLiane Praza else 1808ead1f93eSLiane Praza return 1809ead1f93eSLiane Praza fi;; 1810f875b4ebSrica esac 1811f875b4ebSrica sleep $delay; 1812f875b4ebSrica done 181356dd2b45Sjparcel} 181456dd2b45Sjparcel 181556dd2b45Sjparcel# Main loop for top-level window 181656dd2b45Sjparcel# 18171e393761Sjpk 1818770915ebSRic Aleshire/usr/bin/plabel $$ 1>/dev/null 2>&1 1819770915ebSRic Aleshireif [ $? != 0 ] ; then 1820e27732d8SRic Aleshire gettext "$0 : Trusted Extensions must be enabled.\n" 1821770915ebSRic Aleshire exit 1 1822770915ebSRic Aleshirefi 1823770915ebSRic Aleshire 1824770915ebSRic Aleshiremyzone=$(/sbin/zonename) 1825770915ebSRic Aleshireif [ $myzone != "global" ] ; then 1826e27732d8SRic Aleshire gettext "$0 : must be in global zone to run.\n" 1827770915ebSRic Aleshire exit 1 1828770915ebSRic Aleshirefi 1829770915ebSRic Aleshire 1830e27732d8SRic Aleshire 1831e27732d8SRic Aleshireprocess_options "$@" || exit 1832e27732d8SRic Aleshire 1833ead1f93eSLiane Prazamkdir $TXTMP 2>/dev/null 1834ead1f93eSLiane Prazadeflabel=$(chk_encodings -a|grep "Default User Sensitivity"|\ 1835ead1f93eSLiane Praza sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2) 1836ead1f93eSLiane PrazaDEFAULTLABEL=$(atohexlabel ${deflabel}) 1837e27732d8SRic Aleshireintlabel=$(chk_encodings -a|grep "Default User Clearance"|\ 1838e27732d8SRic Aleshire sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2) 1839e27732d8SRic AleshireINTLABEL=$(atohexlabel -c "${intlabel}") 18401e393761Sjpk 18411e393761Sjpk# are there any zfs pools? 1842ead1f93eSLiane PrazaZDSET=none 18431e393761Sjpkzpool iostat 1>/dev/null 2>&1 18441e393761Sjpkif [ $? = 0 ] ; then 18451e393761Sjpk # is there a zfs pool named "zone"? 18461e393761Sjpk zpool list -H zone 1>/dev/null 2>&1 18471e393761Sjpk if [ $? = 0 ] ; then 18481e393761Sjpk # yes 18491e393761Sjpk ZDSET=zone 18501e393761Sjpk else 18511e393761Sjpk # no, but is there a root pool? 1852ead1f93eSLiane Praza rootfs=$(df -n / | awk '{print $3}') 18531e393761Sjpk if [ $rootfs = "zfs" ] ; then 18541e393761Sjpk # yes, use it 1855ead1f93eSLiane Praza ZDSET=$(zfs list -Ho name / | cut -d/ -f 1)/zones 18561e393761Sjpk zfs list -H $ZDSET 1>/dev/null 2>&1 18571e393761Sjpk if [ $? = 1 ] ; then 1858ead1f93eSLiane Praza createZDSET "-o mountpoint=/zone" $ZDSET 185956dd2b45Sjparcel fi 18601e393761Sjpk fi 18611e393761Sjpk fi 18621e393761Sjpkfi 18631e393761Sjpk 1864e27732d8SRic Aleshireif [ $DISP -eq 0 ] ; then 1865e27732d8SRic Aleshire gettext "non-interactive mode ...\n" 1866e27732d8SRic Aleshire 1867e27732d8SRic Aleshire if [ $DESTROYZONES -eq 1 ] ; then 1868e27732d8SRic Aleshire tearDownZones 1869e27732d8SRic Aleshire fi 1870e27732d8SRic Aleshire 1871e27732d8SRic Aleshire if [ $CREATEDEF -eq 1 ] ; then 1872e27732d8SRic Aleshire if [[ $(zoneadm list -c) == global ]] ; then 1873e27732d8SRic Aleshire createDefaultZones 1874e27732d8SRic Aleshire else 1875e27732d8SRic Aleshire gettext "cannot create default zones because there are existing zones.\n" 1876e27732d8SRic Aleshire fi 1877e27732d8SRic Aleshire fi 1878e27732d8SRic Aleshire 1879e27732d8SRic Aleshire exit 1880e27732d8SRic Aleshirefi 1881e27732d8SRic Aleshire 188256dd2b45Sjparcelif [ $NSCD_PER_LABEL -eq 0 ] ; then 188356dd2b45Sjparcel NSCD_OPT="Configure per-zone name service" 188456dd2b45Sjparcelelse 188556dd2b45Sjparcel NSCD_OPT="Unconfigure per-zone name service" 188656dd2b45Sjparcelfi 188756dd2b45Sjparcel 188856dd2b45Sjparcel 1889ead1f93eSLiane Prazawhile (( 1 )) do 1890ead1f93eSLiane Praza selectZone 189156dd2b45Sjparceldone 1892