1*e3320f40Smarkfen<?xml version="1.0"?> 2*e3320f40Smarkfen<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3*e3320f40Smarkfen<!-- 4*e3320f40Smarkfen Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5*e3320f40Smarkfen Use is subject to license terms. 6*e3320f40Smarkfen 7*e3320f40Smarkfen CDDL HEADER START 8*e3320f40Smarkfen 9*e3320f40Smarkfen The contents of this file are subject to the terms of the 10*e3320f40Smarkfen Common Development and Distribution License (the "License"). 11*e3320f40Smarkfen You may not use this file except in compliance with the License. 12*e3320f40Smarkfen 13*e3320f40Smarkfen You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14*e3320f40Smarkfen or http://www.opensolaris.org/os/licensing. 15*e3320f40Smarkfen See the License for the specific language governing permissions 16*e3320f40Smarkfen and limitations under the License. 17*e3320f40Smarkfen 18*e3320f40Smarkfen When distributing Covered Code, include this CDDL HEADER in each 19*e3320f40Smarkfen file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20*e3320f40Smarkfen If applicable, add the following below this CDDL HEADER, with the 21*e3320f40Smarkfen fields enclosed by brackets "[]" replaced with your own identifying 22*e3320f40Smarkfen information: Portions Copyright [yyyy] [name of copyright owner] 23*e3320f40Smarkfen 24*e3320f40Smarkfen CDDL HEADER END 25*e3320f40Smarkfen 26*e3320f40Smarkfen ident "%Z%%M% %I% %E% SMI" 27*e3320f40Smarkfen 28*e3320f40Smarkfen NOTE: This service manifest is not editable; its contents will 29*e3320f40Smarkfen be overwritten by package or patch operations, including 30*e3320f40Smarkfen operating system upgrade. Make customizations in a different 31*e3320f40Smarkfen file. 32*e3320f40Smarkfen--> 33*e3320f40Smarkfen<service_bundle type='manifest' name='SUNWcsr:manual-key'> 34*e3320f40Smarkfen 35*e3320f40Smarkfen<service 36*e3320f40Smarkfen name='network/ipsec/manual-key' 37*e3320f40Smarkfen type='service' 38*e3320f40Smarkfen version='1'> 39*e3320f40Smarkfen 40*e3320f40Smarkfen <!-- The 'manual-key' service is delivered disabled 41*e3320f40Smarkfen because there is not a default configuration file. 42*e3320f40Smarkfen See note below on changing the default configuration file. --> 43*e3320f40Smarkfen 44*e3320f40Smarkfen <create_default_instance enabled='false' /> 45*e3320f40Smarkfen 46*e3320f40Smarkfen <single_instance /> 47*e3320f40Smarkfen 48*e3320f40Smarkfen <!-- Read/Write access to /var/run required for lock files --> 49*e3320f40Smarkfen <dependency 50*e3320f40Smarkfen name='filesystem' 51*e3320f40Smarkfen grouping='require_all' 52*e3320f40Smarkfen restart_on='none' 53*e3320f40Smarkfen type='service'> 54*e3320f40Smarkfen <service_fmri 55*e3320f40Smarkfen value='svc:/system/filesystem/minimal' 56*e3320f40Smarkfen /> 57*e3320f40Smarkfen </dependency> 58*e3320f40Smarkfen <!-- Kernel needs to know IPsec supported algorithms --> 59*e3320f40Smarkfen <dependency 60*e3320f40Smarkfen name='algorithms' 61*e3320f40Smarkfen grouping='require_all' 62*e3320f40Smarkfen restart_on='none' 63*e3320f40Smarkfen type='service'> 64*e3320f40Smarkfen <service_fmri 65*e3320f40Smarkfen value='svc:/network/ipsec/ipsecalgs' 66*e3320f40Smarkfen /> 67*e3320f40Smarkfen </dependency> 68*e3320f40Smarkfen 69*e3320f40Smarkfen <!-- If we are enabled, we should be running fairly early --> 70*e3320f40Smarkfen 71*e3320f40Smarkfen <dependent 72*e3320f40Smarkfen name='ipseckey-network' 73*e3320f40Smarkfen grouping='optional_all' 74*e3320f40Smarkfen restart_on='none'> 75*e3320f40Smarkfen <service_fmri 76*e3320f40Smarkfen value='svc:/milestone/network' 77*e3320f40Smarkfen /> 78*e3320f40Smarkfen </dependent> 79*e3320f40Smarkfen 80*e3320f40Smarkfen <exec_method 81*e3320f40Smarkfen type='method' 82*e3320f40Smarkfen name='start' 83*e3320f40Smarkfen exec='/usr/sbin/ipseckey -f %{config/config_file}' 84*e3320f40Smarkfen timeout_seconds='60' 85*e3320f40Smarkfen /> 86*e3320f40Smarkfen 87*e3320f40Smarkfen <!-- To prevent ipseckey generating warnings about duplicate 88*e3320f40Smarkfen SAs when the service is refreshed, ipseckey will flush the 89*e3320f40Smarkfen existing SAs when its called from smf(5). --> 90*e3320f40Smarkfen 91*e3320f40Smarkfen <exec_method 92*e3320f40Smarkfen type='method' 93*e3320f40Smarkfen name='refresh' 94*e3320f40Smarkfen exec='/usr/sbin/ipseckey -f %{config/config_file}' 95*e3320f40Smarkfen timeout_seconds='60' 96*e3320f40Smarkfen /> 97*e3320f40Smarkfen 98*e3320f40Smarkfen <exec_method 99*e3320f40Smarkfen type='method' 100*e3320f40Smarkfen name='stop' 101*e3320f40Smarkfen exec='/usr/sbin/ipseckey flush' 102*e3320f40Smarkfen timeout_seconds='60' 103*e3320f40Smarkfen /> 104*e3320f40Smarkfen 105*e3320f40Smarkfen <property_group name='general' type='framework'> 106*e3320f40Smarkfen <!-- A user with this authorization can: 107*e3320f40Smarkfen 108*e3320f40Smarkfen svcadm restart manual-key 109*e3320f40Smarkfen svcadm refresh manual-key 110*e3320f40Smarkfen svcadm mark <state> manual-key 111*e3320f40Smarkfen svcadm clear manual-key 112*e3320f40Smarkfen 113*e3320f40Smarkfen see auths(1) and user_attr(4)--> 114*e3320f40Smarkfen 115*e3320f40Smarkfen <propval 116*e3320f40Smarkfen name='action_authorization' 117*e3320f40Smarkfen type='astring' 118*e3320f40Smarkfen value='solaris.smf.manage.ipsec' 119*e3320f40Smarkfen /> 120*e3320f40Smarkfen <!-- A user with this authorization can: 121*e3320f40Smarkfen 122*e3320f40Smarkfen svcadm disable manual-key 123*e3320f40Smarkfen svcadm enable manual-key 124*e3320f40Smarkfen 125*e3320f40Smarkfen see auths(1) and user_attr(4)--> 126*e3320f40Smarkfen 127*e3320f40Smarkfen <propval 128*e3320f40Smarkfen name='value_authorization' 129*e3320f40Smarkfen type='astring' 130*e3320f40Smarkfen value='solaris.smf.manage.ipsec' 131*e3320f40Smarkfen /> 132*e3320f40Smarkfen </property_group> 133*e3320f40Smarkfen 134*e3320f40Smarkfen <!-- The properties defined below can be changed by a user 135*e3320f40Smarkfen with 'solaris.smf.value.ipsec' authorization using the 136*e3320f40Smarkfen svccfg(1M) command. 137*e3320f40Smarkfen 138*e3320f40Smarkfen EG: 139*e3320f40Smarkfen 140*e3320f40Smarkfen svccfg -s manual-key setprop config/config_file = /new/config_file 141*e3320f40Smarkfen 142*e3320f40Smarkfen The new configurations will be read on service refresh: 143*e3320f40Smarkfen 144*e3320f40Smarkfen svcadm refresh ipsec/manual-key 145*e3320f40Smarkfen 146*e3320f40Smarkfen Note: svcadm disable/enable does not use the new property 147*e3320f40Smarkfen until after the service has been refreshed. 148*e3320f40Smarkfen 149*e3320f40Smarkfen ***Do not edit this manifest to change these properties! --> 150*e3320f40Smarkfen 151*e3320f40Smarkfen <property_group name='config' type='application'> 152*e3320f40Smarkfen <propval 153*e3320f40Smarkfen name='config_file' 154*e3320f40Smarkfen type='astring' 155*e3320f40Smarkfen value='/etc/inet/secret/ipseckeys' 156*e3320f40Smarkfen /> 157*e3320f40Smarkfen <propval 158*e3320f40Smarkfen name='value_authorization' 159*e3320f40Smarkfen type='astring' 160*e3320f40Smarkfen value='solaris.smf.value.ipsec' 161*e3320f40Smarkfen /> 162*e3320f40Smarkfen </property_group> 163*e3320f40Smarkfen 164*e3320f40Smarkfen <property_group name='startd' type='framework'> 165*e3320f40Smarkfen <propval 166*e3320f40Smarkfen name='duration' 167*e3320f40Smarkfen type='astring' 168*e3320f40Smarkfen value='transient' 169*e3320f40Smarkfen /> 170*e3320f40Smarkfen </property_group> 171*e3320f40Smarkfen 172*e3320f40Smarkfen <stability value='Unstable' /> 173*e3320f40Smarkfen 174*e3320f40Smarkfen <template> 175*e3320f40Smarkfen <common_name> 176*e3320f40Smarkfen <loctext xml:lang='C'> 177*e3320f40Smarkfen manually keyed IPsec startup 178*e3320f40Smarkfen </loctext> 179*e3320f40Smarkfen </common_name> 180*e3320f40Smarkfen <description> 181*e3320f40Smarkfen <loctext xml:lang='C'> 182*e3320f40Smarkfen Loads static security associations 183*e3320f40Smarkfen </loctext> 184*e3320f40Smarkfen </description> 185*e3320f40Smarkfen <documentation> 186*e3320f40Smarkfen <manpage title='ipseckey' section='1M' 187*e3320f40Smarkfen manpath='/usr/share/man' /> 188*e3320f40Smarkfen </documentation> 189*e3320f40Smarkfen </template> 190*e3320f40Smarkfen</service> 191*e3320f40Smarkfen</service_bundle> 192*e3320f40Smarkfen 193