xref: /titanic_52/usr/src/cmd/tsol/misc/txzonemgr.sh (revision 8f514e743bde41fe7e0ca48510a6d4c40ca51c23)
1#!/bin/ksh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23#
24#
25
26# This script provides a simple GUI for managing labeled zones.
27# It takes no arguments, but provides contextual menus which
28# provide appropriate choices. It must be run in the global
29# zone as root.
30
31NSCD_PER_LABEL=0
32NSCD_INDICATOR=/var/tsol/doors/nscd_per_label
33if [ -f $NSCD_INDICATOR ] ; then
34	NSCD_PER_LABEL=1
35fi
36
37TXTMP=/tmp/txzonemgr
38TNRHTP=/etc/security/tsol/tnrhtp
39TNRHDB=/etc/security/tsol/tnrhdb
40TNZONECFG=/etc/security/tsol/tnzonecfg
41PUBZONE=public
42INTZONE=internal
43
44PATH=/usr/bin:/usr/sbin:/usr/lib export PATH
45title="Labeled Zone Manager 2.1"
46
47msg_defzones=$(gettext "Create default zones using default settings?")
48msg_confirmkill=$(gettext "OK to destroy all zones?")
49msg_continue=$(gettext "(exit to resume $(basename $0) when ready)")
50msg_getlabel=$(gettext "Select a label for the")
51msg_getremote=$(gettext "Select a remote host or network from the list below:")
52msg_getnet=$(gettext "Select a network configuration for the")
53msg_getzone=$(gettext "Select a zone from the list below:
54(select global for zone creation and shared settings)")
55msg_getcmd=$(gettext "Select a command from the list below:")
56msg_inuse=$(gettext "That label is already assigned\nto the")
57msg_getmin=$(gettext "Select the minimum network label for the")
58msg_getmax=$(gettext "Select the maximum network label for the")
59msg_badip=$(gettext " is not a valid IP address")
60
61
62consoleCheck() {
63	if [ $zonename != global ] ; then
64		zconsole=$(pgrep -f "zlogin -C $zonename")
65		if [ $? != 0 ] ; then
66			console="Zone Console...\n"
67		fi
68	fi
69}
70
71labelCheck() {
72	hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2);
73	if [[ $hexlabel ]] ; then
74		label=
75		if [ $zonename = global ] ; then
76			template="admin_low"
77			addcipsohost="Add Multilevel Access to Remote Host...\n"
78			removecipsohost="Remove Multilevel Access to Remote Host...\n"
79			setmlps="Configure Multilevel Ports...\n"
80		else
81			template=${zonename}_unlab
82			addcipsohost=
83			removecipsohost=
84			setmlps=
85
86			net=$(zonecfg -z $zonename info net)
87			if [[ -n $net ]] ; then
88				setmlps="Configure Multilevel Ports...\n"
89			elif [ $zonestate = configured ] ; then
90				addnet="Configure Network Interfaces...\n"
91			fi
92		fi
93		addremotehost="Add Single-level Access to Remote Host...\n"
94		remotes=$(grep -v "^#" $TNRHDB|grep $template)
95		if [ $? = 0 ] ; then
96			removeremotehost="Remove Single-level Access to Remote Host...\n"
97		else
98			removeremotehost=
99		fi
100	else
101		label="Select Label...\n"
102		addremotehost=
103		removeremotehost=
104		addcipsohost=
105		removecipsohost=
106		setmlps=
107	fi
108}
109
110cloneCheck() {
111	set -A zonelist
112	integer clone_cnt=0
113	for p in $(zoneadm list -ip) ; do
114		z=$(echo "$p"|cut -d : -f2)
115		s=$(echo "$p"|cut -d : -f3)
116		if [ $z = $zonename ] ; then
117			continue
118		elif [ $s = "installed" ] ; then
119			zonelist[clone_cnt]=$z
120			clone_cnt+=1
121		fi
122	done
123	if [ $clone_cnt -gt 0 ] ; then
124		clone="Clone...\n"; \
125	fi
126}
127
128relabelCheck() {
129	macstate=$(zonecfg -z $zonename info|grep win_mac_write)
130	if [[ -n $macstate ]] ; then
131		permitrelabel="Deny Relabeling\n"
132	else
133		permitrelabel="Permit Relabeling\n"
134	fi
135}
136
137autobootCheck() {
138	bootmode=$(zonecfg -z $zonename info autoboot)
139	if [[ $bootmode == 'autoboot: true' ]] ; then
140		autoboot="Set Manual Booting\n"
141	else
142		autoboot="Set Automatic Booting\n"
143	fi
144}
145
146newZone() {
147		if [[ ! -n $zonename ]] ; then
148			zonename=$(zenity --entry \
149			    --title="$title" \
150			    --width=330 \
151			    --entry-text="" \
152			    --text="Enter Zone Name: ")
153
154			if [[ ! -n $zonename ]] ; then
155				zonename=global
156				return
157			fi
158		fi
159		zonecfg -z $zonename "create -t SUNWtsoldef;\
160		     set zonepath=/zone/$zonename"
161}
162
163removeZoneBEs() {
164	delopt=$*
165
166	zfs list -H $ZDSET/$zonename 1>/dev/null 2>&1
167	if [ $? = 0 ] ; then
168		for zbe in $(zfs list -rHo name $ZDSET/$zonename|grep ROOT/zbe) ; do
169			zfs destroy $delopt $zbe
170		done
171	fi
172}
173
174updateTemplate () {
175	if [ $hostType = cipso ] ; then
176		template=${zonename}_cipso
177		deflabel=
178	else
179		template=${zonename}_unlab
180		deflabel="def_label=${hexlabel};"
181	fi
182
183	tnzone=$(grep "^${template}:" $TNRHTP 2>/dev/null)
184	if [ $? -eq 0 ] ; then
185		sed -e "/^${template}/d" $TNRHTP > $TXTMP/tnrhtp.$$ 2>/dev/null
186		mv $TXTMP/tnrhtp.$$ $TNRHTP
187	fi
188	print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP
189	tnctl -t $template
190}
191
192setTNdata () {
193	tnzline="$zonename:${hexlabel}:0::"
194	grep "^$tnzline" $TNZONECFG 1>/dev/null 2>&1
195	if [ $? -eq 1 ] ; then
196		print "$tnzline" >> $TNZONECFG
197	fi
198
199	#
200	# Add matching entries in tnrhtp if necessary
201	#
202	minlabel=admin_low
203	maxlabel=admin_high
204	hostType=cipso
205	updateTemplate
206
207	hostType=unlabeled
208	updateTemplate
209}
210
211selectLabel() {
212	hexlabel=$(tgnome-selectlabel \
213		--title="$title" \
214		--text="$msg_getlabel $zonename zone:" \
215		--min="${DEFAULTLABEL}"  \
216		--default="${DEFAULTLABEL}"  \
217		--max=$(chk_encodings -X) \
218		--accredcheck=yes \
219		--mode=sensitivity \
220		--format=internal)
221	if [ $? = 0 ] ; then
222		x=$(grep -i :{$hexlabel}: $TNZONECFG)
223		if [ $? = 0 ] ; then
224			z=$(print $x|cut -d : -f1)
225			x=$(zenity --error \
226			    --title="$title" \
227			    --text="$msg_inuse $z zone.")
228		else
229			setTNdata
230		fi
231	fi
232}
233
234getLabelRange() {
235	deflabel=$(hextoalabel $hexlabel)
236	minlabel=$(tgnome-selectlabel \
237		--title="$title" \
238		--text="$msg_getmin $zonename zone:" \
239		--min="${DEFAULTLABEL}"  \
240		--max="$deflabel" \
241		--default="$hexlabel" \
242		--accredcheck=no \
243		--mode=sensitivity \
244		--format=internal)
245	[ $? != 0 ] && return
246
247	maxlabel=$(tgnome-selectlabel \
248		--title="$title" \
249		--text="$msg_getmax $zonename zone:" \
250		--min="$deflabel"  \
251		--max=$(chk_encodings -X) \
252		--default="$hexlabel" \
253		--accredcheck=no \
254		--mode=sensitivity \
255		--format=internal)
256	[ $? != 0 ] && return
257
258	hostType=cipso
259	updateTemplate
260}
261
262
263encryptionValues() {
264	echo $(zfs get 2>&1 | grep encryption | sed -e s/^.*YES// -e s/\|//g)
265}
266
267getPassphrase() {
268	pass1=$(zenity --entry --title="$title" --text="Enter passphrase:" \
269	    --width=330 --hide-text)
270	pass2=$(zenity --entry --title="$title" --text="Re-enter passphrase:" \
271	    --width=330 --hide-text)
272	if [[ "$pass1" != "$pass2" ]]; then
273		zenity --error --title="$title" \
274			--text="Passphrases do not match"
275		return ""
276	fi
277	file=$(mktemp)
278	echo "$pass1" > $file
279	echo "$file"
280}
281
282createZDSET() {
283	options=$1
284	pool=${2%%/*}
285
286	# First check if ZFS encrytption support is available
287	pversion=$(zpool list -H -o version $pool)
288	cversion=$(zpool upgrade -v | grep Crypto | awk '{ print $1 }')
289
290	if [[ $cversion == "" || $pversion -lt $cversion ]]; then
291		zfs create $options $ZDSET
292		return
293	fi
294
295	encryption=$(zenity --list --title="$title" --height=320 \
296		--text="Select cipher for encryption of all labels:" \
297		--column="encryption" $(encryptionValues))
298
299	if [[ $? != 0 || $encryption == "off" ]]; then
300		zfs create $options $ZDSET
301		return
302	fi
303
304	format=$(zenity --list --title="$title" \
305		--text "Select encryption key source:" \
306		--column="Key format and location" \
307		"Passphrase" "Generate Key in file")
308	[ $? != 0 ] && exit
309
310	if [[ $format == "Passphrase" ]]; then
311		file=$(getPassphrase)
312		if [[ $file == "" ]]; then
313			exit
314		fi
315		keysource="passphrase,file://$file"
316		removefile=1;
317	elif [[ $format == "Generate Key in file" ]]; then
318		file=$(zenity --file-selection \
319			--title="$title: Location of key file" \
320			--save --confirm-overwrite)
321		[ $? != 0 ] && exit
322		if [[ $encryption == "on" ]]; then
323			keylen=128
324		else
325			t=${encryption#aes-} && keylen=${t%%-*}
326		fi
327		pktool genkey keystore=file keytype=aes \
328		    keylen=$keylen outkey=$file
329		keysource="raw,file:///$file"
330	fi
331
332	options="$options -o encryption=$encryption -o keysource=$keysource"
333	zfs create $options $ZDSET
334	if [[ $removefile -eq 1 ]]; then
335		zfs set keysource=passphrase,prompt $ZDSET
336		rm $file
337	fi
338}
339
340
341initialize() {
342	zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4)
343	ZONE_ETC_DIR=$zonepath/root/etc
344	SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg
345
346	if [ -f /var/ldap/ldap_client_file ] ; then
347		ldapaddress=$(ldapclient list | \
348		    grep "^NS_LDAP_SERVERS" | cut -d " " -f2)
349		print "name_service=LDAP {" > ${SYSIDCFG}
350		domain=$(domainname)
351		print "domain_name=$domain" >> ${SYSIDCFG}
352		profName=$(ldapclient list | \
353		    grep "^NS_LDAP_PROFILE" | cut -d " " -f2)
354		proxyPwd=$(ldapclient list | \
355		    grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2)
356		proxyDN=$(ldapclient list | \
357		    grep "^NS_LDAP_BINDDN" | cut -d " " -f 2)
358		if [ "$proxyDN" ] ; then
359			print "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG}
360			print "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG}
361		fi
362		print "profile=$profName" >> ${SYSIDCFG}
363		print "profile_server=$ldapaddress }" >> ${SYSIDCFG}
364		cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap
365	else
366		print "name_service=NONE" > ${SYSIDCFG}
367		if [ $NSCD_PER_LABEL = 0 ] ; then
368			sharePasswd
369		else
370			unsharePasswd
371		fi
372	fi
373
374	print "security_policy=NONE" >> ${SYSIDCFG}
375	locale=$(locale|grep LANG | cut -d "=" -f2)
376	if [[ -z $locale ]] ; then
377		locale="C"
378	fi
379	print "system_locale=$locale" >> ${SYSIDCFG}
380	timezone=$(grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2)
381	print "timezone=$timezone" >> ${SYSIDCFG}
382	print "terminal=vt100" >> ${SYSIDCFG}
383	rootpwd=$(grep "^root:" /etc/shadow|cut -d : -f2)
384	#print "root_password=$rootpwd" >> ${SYSIDCFG}
385	print "nfs4_domain=dynamic" >> ${SYSIDCFG}
386	print "network_interface=PRIMARY {" >> ${SYSIDCFG}
387
388	net=$(zonecfg -z $zonename info net)
389	ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2)
390	if [ $ipType = exclusive ] ; then
391		hostname=$(zenity --entry \
392		    --title="$title" \
393		    --width=330 \
394		    --text="${zonename}0: Enter Hostname or dhcp: ")
395		[ $? != 0 ] && return
396
397		if [ $hostname = dhcp ] ; then
398			print "dhcp" >> ${SYSIDCFG}
399		else
400			print "hostname=$hostname" >> ${SYSIDCFG}
401			ipaddr=$(getent hosts $hostname|cut -f1)
402			if [ $? != 0 ] ; then
403				ipaddr=$(zenity --entry \
404				    --title="$title" \
405				    --text="$nic: Enter IP address: " \
406				    --entry-text a.b.c.d)
407				[ $? != 0 ] && return
408
409				validateIPaddr
410				if [[ -z $ipaddr ]] ; then
411					return
412				fi
413			fi
414			print "ip_address=$ipaddr" >> ${SYSIDCFG}
415			getNetmask
416			print "netmask=$nm" >> ${SYSIDCFG}
417			print "default_route=none" >> ${SYSIDCFG}
418			template=${zonename}_cipso
419			cidr=32
420			updateTnrhdb
421		fi
422	elif [[ -n $net ]] ; then
423		hostname=$(hostname)
424		hostname=$(zenity --entry \
425		    --title="$title" \
426		    --width=330 \
427		    --text="Enter Hostname: " \
428		    --entry-text $hostname)
429		[ $? != 0 ] && return
430
431		print "hostname=$hostname" >> ${SYSIDCFG}
432		ipaddr=$(getent hosts $hostname|cut -f1)
433		if [ $? = 0 ] ; then
434			print "ip_address=$ipaddr" >> ${SYSIDCFG}
435		fi
436	else
437		getAllZoneNICs
438		for i in ${aznics[*]} ; do
439			ipaddr=$(ifconfig $i|grep inet|cut -d " " -f2)
440		done
441		print "hostname=$(hostname)" >> ${SYSIDCFG}
442		print "ip_address=$ipaddr" >> ${SYSIDCFG}
443	fi
444
445	print "protocol_ipv6=no }" >> ${SYSIDCFG}
446	cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs
447	touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain
448}
449
450clone() {
451	image=$1
452	if [[ -z $image ]] ; then
453		msg_clone=$(gettext "Clone the $zonename zone using a
454snapshot of one of the following halted zones:")
455		image=$(zenity --list \
456		    --title="$title" \
457		    --text="$msg_clone" \
458		    --height=300 \
459		    --width=330 \
460		    --column="Installed Zones" ${zonelist[*]})
461	fi
462
463	if [[ -n $image ]] ; then
464		removeZoneBEs
465		zoneadm -z $zonename clone $image
466
467		if [ ! -f /var/ldap/ldap_client_file ] ; then
468			if [ $NSCD_PER_LABEL = 0 ] ; then
469				sharePasswd
470			else
471				unsharePasswd
472			fi
473		fi
474		ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2)
475		if [ $ipType = exclusive ] ; then
476			zoneadm -z $zonename ready
477			zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4)
478			sys-unconfig -R $zonepath/root 2>/dev/null
479			initialize
480			zoneadm -z $zonename halt
481		fi
482	fi
483}
484
485install() {
486	removeZoneBEs
487	gnome-terminal \
488	    --title="$title: Installing $zonename zone" \
489	    --command "zoneadm -z $zonename install" \
490	    --disable-factory \
491	    --hide-menubar
492
493	zoneadm -z $zonename ready
494	initialize
495	zoneadm -z $zonename halt
496}
497
498delete() {
499	delopt=$*
500
501	# if there is an entry for this zone in tnzonecfg, remove it
502	# before deleting the zone.
503
504	tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null)
505	if [ -n "${tnzone}" ] ; then
506		sed -e "/^$zonename:/d" $TNZONECFG > \
507		    $TXTMP/tnzonefg.$$ 2>/dev/null
508		mv $TXTMP/tnzonefg.$$ $TNZONECFG
509	fi
510
511	for tnzone in $(grep ":${zonename}_unlab" $TNRHDB 2>/dev/null) ; do
512		tnctl -dh "$tnzone"
513		sed -e "/:${zonename}_unlab/d" $TNRHDB > \
514		    $TXTMP/tnrhdb.$$ 2>/dev/null
515		mv $TXTMP/tnrhdb.$$ $TNRHDB
516	done
517
518	for tnzone in $(grep "^${zonename}_unlab:" $TNRHTP 2>/dev/null) ; do
519		tnctl -dt ${zonename}_unlab
520		sed -e "/^${zonename}_unlab:/d" $TNRHTP > \
521		    $TXTMP/tnrhtp.$$ 2>/dev/null
522		mv $TXTMP/tnrhtp.$$ $TNRHTP
523	done
524
525	for tnzone in $(grep ":${zonename}_cipso" $TNRHDB 2>/dev/null) ; do
526		tnctl -dh "$tnzone"
527		sed -e "/:${zonename}_cipso/d" $TNRHDB > \
528		    $TXTMP/tnrhdb.$$ 2>/dev/null
529		mv $TXTMP/tnrhdb.$$ $TNRHDB
530	done
531
532	for tnzone in $(grep "^${zonename}_cipso:" $TNRHTP 2>/dev/null) ; do
533		tnctl -dt ${zonename}_cipso
534		sed -e "/^${zonename}_cipso:/d" $TNRHTP > \
535		    $TXTMP/tnrhtp.$$ 2>/dev/null
536		mv $TXTMP/tnrhtp.$$ $TNRHTP
537	done
538
539	zonecfg -z $zonename delete -F
540
541	removeZoneBEs $delopt
542	for snap in $(zfs list -Ho name -t snapshot|grep "\@${zonename}_snap") ; do
543		zfs destroy -R $snap
544	done
545}
546
547validateIPaddr () {
548	OLDIFS=$IFS
549	IFS=.
550	integer octet_cnt=0
551	integer dummy
552	set -A octets $ipaddr
553	IFS=$OLDIFS
554	if [ ${#octets[*]} == 4 ] ; then
555		while (( octet_cnt < ${#octets[*]} )); do
556			dummy=${octets[octet_cnt]}
557			if [ $dummy = ${octets[octet_cnt]} ] ; then
558				if (( $dummy >= 0 && \
559				    $dummy < 256 )) ; then
560					octet_cnt+=1
561					continue
562				fi
563			else
564				x=$(zenity --error \
565				    --title="$title" \
566				    --text="$ipaddr $msg_badip")
567				ipaddr=
568				return
569			fi
570		done
571	else
572		x=$(zenity --error \
573		    --title="$title" \
574		    --text="$ipaddr $msg_badip")
575		ipaddr=
576	fi
577}
578
579getAllZoneNICs(){
580	integer count=0
581	for i in $(ifconfig -a4|grep  "^[a-z].*:")
582	do
583		print "$i" |grep "^[a-z].*:" >/dev/null 2>&1
584		[ $? -eq 1 ] && continue
585
586		i=${i%:} # Remove colon after interface name
587		for j in $(ifconfig $i)
588		do
589			case $j in
590				all-zones)
591					aznics[count]=$i
592					count+=1
593					;;
594			esac
595		done
596        done
597}
598
599getNetmask() {
600	cidr=
601	nm=$(zenity --entry \
602	    --title="$title" \
603	    --width=330 \
604	    --text="$ipaddr: Enter netmask: " \
605	    --entry-text 255.255.255.0)
606	[ $? != 0 ] && return;
607
608	cidr=$(perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm)
609}
610
611addNet() {
612	getIPaddr
613	if [[ -z $ipaddr ]] ; then
614		return;
615	fi
616	getNetmask
617	if [[ -z $cidr ]] ; then
618		return;
619	fi
620	zonecfg -z $zonename "add net; \
621	    set address=${ipaddr}/${cidr}; \
622	    set physical=$nic; \
623	    end"
624	template=${zonename}_cipso
625	cidr=32
626	updateTnrhdb
627}
628
629getAttrs() {
630	zone=global
631	type=ignore
632	for j in $(ifconfig $nic)
633	do
634		case $j in
635			inet) type=$j;;
636			zone) type=$j;;
637			all-zones) zone=all-zones;;
638			flags*) flags=$j;;
639			*) case $type in
640				inet) ipaddr=$j ;;
641				zone) zone=$j ;;
642				*) continue ;;
643			   esac;
644			   type=ignore;;
645		esac
646	done
647	if [[ $flags == ~(E).UP, ]] ; then
648		updown=Up
649	else
650		updown=Down
651	fi
652	if [[ $nic == ~(E).: ]] ; then
653		linktype=logical
654	else
655		vnic=$(dladm show-vnic -po link $nic 2>/dev/null)
656		if [[ -n $vnic ]] ; then
657			linktype=virtual
658		else
659			linktype=physical
660		fi
661	fi
662	if [ $ipaddr != 0.0.0.0 ] ; then
663		x=$(grep "^${ipaddr}[^0-9]" $TNRHDB)
664		if [ $? = 1 ] ; then
665			template=cipso
666			cidr=32
667			updateTnrhdb
668		else
669			template=$(print "$x"|cut -d : -f2)
670		fi
671	else
672		template="..."
673		ipaddr="..."
674	fi
675}
676deleteTnrhdbEntry() {
677	remote=$(grep "^${ipaddr}[^0-9]" $TNRHDB)
678	if [ $? = 0 ] ; then
679		ip=$(print $remote|cut -d "/" -f1)
680			if [[ $remote == ~(E)./ ]] ; then
681				pr=$(print $remote|cut -d "/" -f2)
682				remote="$ip\\/$pr"
683			fi
684		sed -e "/^${remote}/d" $TNRHDB > /tmp/tnrhdb.$$ 2>/dev/null
685		mv /tmp/tnrhdb.$$ $TNRHDB
686	fi
687}
688
689updateTnrhdb() {
690	deleteTnrhdbEntry
691	if [[ -n $cidr ]] ; then
692		print "${ipaddr}/$cidr:$template" >> $TNRHDB
693		tnctl -h ${ipaddr}/$cidr:$template
694	else
695		print "${ipaddr}:$template" >> $TNRHDB
696		tnctl -h ${ipaddr}:$template
697	fi
698}
699
700getIPaddr() {
701        hostname=$(zenity --entry \
702            --title="$title" \
703	    --width=330 \
704            --text="$nic: Enter Hostname: ")
705
706        [ $? != 0 ] && return
707
708	ipaddr=$(getent hosts $hostname|cut -f1)
709        if [[ -z $ipaddr ]] ; then
710		ipaddr=$(zenity --entry \
711		    --title="$title" \
712		    --text="$nic: Enter IP address: " \
713		    --entry-text a.b.c.d)
714		[ $? != 0 ] && return
715		validateIPaddr
716	fi
717
718}
719
720addHost() {
721	# Update hosts
722        if [[ -z $ipaddr ]] ; then
723               return;
724	fi
725	grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null
726	if [ $? -eq 1 ] ; then
727		print "$ipaddr\t$hostname" >> /etc/inet/hosts
728	fi
729
730	template=cipso
731	cidr=32
732	updateTnrhdb
733
734	ifconfig $nic $ipaddr netmask + broadcast +
735	#
736	# TODO: better integration with nwam
737	# TODO: get/set netmask for IP address
738	#
739	print $hostname > /etc/hostname.$nic
740}
741
742createInterface() {
743	msg=$(ifconfig $nic addif 0.0.0.0)
744	$(zenity --info \
745	    --title="$title" \
746	    --text="$msg" )
747	nic=$(print "$msg"|cut -d" " -f5)
748
749}
750
751createVNIC() {
752	if [ $zonename != global ] ; then
753		vnicname=${zonename}0
754	else
755		vnicname=$(zenity --entry \
756		    --title="$title" \
757		    --width=330 \
758		    --entry-text="" \
759		    --text="Enter VNIC Name: ")
760
761		if [[ ! -n $vnicname ]] ; then
762			return
763		fi
764	fi
765	x=$(dladm show-vnic|grep "^$vnicname " )
766	if [[ ! -n $x ]] ; then
767		dladm create-vnic -l $nic $vnicname
768	fi
769	if [ $zonename = global ] ; then
770		ifconfig $vnicname plumb
771	else
772		zonecfg -z $zonename "add net; \
773		    set physical=$vnicname; \
774		    end"
775	fi
776	nic=$vnicname
777}
778
779shareInterface() {
780	#
781	# TODO: better integration with nwam
782	#
783	ifconfig $nic all-zones;\
784	if_file=/etc/hostname.$nic
785	sed q | sed -e "s/$/ all-zones/" < $if_file >$TXTMP/txnetmgr.$$
786	mv $TXTMP/txnetmgr.$$ $if_file
787}
788
789addTnrhdb() {
790	ipaddr=$(zenity --entry \
791	    --title="$title" \
792	    --width=330 \
793	    --text="Zone:$zonename. Enter IP address of remote host or network: " \
794	    --entry-text a.b.c.d)
795	[ $? != 0 ] && return
796	validateIPaddr
797	if [[ -z $ipaddr ]] ; then
798		return;
799	fi
800	if [ ${octets[3]} = 0 ] ; then
801		nic="$ipaddr"
802		getNetmask
803		if [[ -z $cidr ]] ; then
804			return;
805		fi
806	else
807		cidr=32
808	fi
809	print "${ipaddr}/$cidr:$template" > $TXTMP/tnrhdb_new.$$
810	x=$(tnchkdb -h $TXTMP/tnrhdb_new.$$ 2>$TXTMP/syntax_error.$$)
811	if [ $? = 0 ] ; then
812		updateTnrhdb
813	else
814		syntax=$(cat $TXTMP/syntax_error.$$)
815		x=$(zenity --error \
816		    --title="$title" \
817		    --text="$syntax")
818	fi
819	rm $TXTMP/tnrhdb_new.$$
820	rm $TXTMP/syntax_error.$$
821}
822
823removeTnrhdb() {
824	while (( 1 )) do
825		remotes=$(grep "^[^#][0-9.]" $TNRHDB|grep ":$template"|cut -d : -f1-2|tr : " ")
826		if [ $template = cipso ] ; then
827			templateHeading="from All Zones":
828		else
829			templateHeading="from this Zone":
830		fi
831		if [[ -n $remotes ]] ; then
832			ipaddr=$(zenity --list \
833			    --title="$title" \
834			    --text="$msg_getremote" \
835			    --height=250 \
836			    --width=300 \
837			    --column="Remove Access to:" \
838			    --column="$templateHeading" \
839			    $remotes)
840
841			if [[ -n $ipaddr ]] ; then
842				deleteTnrhdbEntry
843				tnctl -dh ${ip}:$template
844			else
845				return
846			fi
847		else
848			return
849		fi
850	done
851}
852
853setMLPs() {
854	tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null)
855	zoneMLPs=:$(print "$tnzone"|cut -d : -f4)
856	sharedMLPs=:$(print "$tnzone"|cut -d : -f5)
857	attrs="Private Interfaces$zoneMLPs\nShared Interfaces$sharedMLPs"
858	ports=$(print "$attrs"|zenity --list \
859	    --title="$title" \
860	    --height=200 \
861	    --width=450 \
862	    --text="Zone: $zonename\nClick once to select, twice to edit.\nShift-click to select both rows." \
863	    --column="Multilevel Ports (example: 80-81/tcp;111/udp;)" \
864	    --editable \
865	    --multiple
866	    )
867
868	if [[ -z $ports ]] ; then
869		return
870	fi
871
872	# getopts needs another a blank and another dash
873	ports=--$(print "$ports"|sed 's/ //g'|sed 's/|/ --/g'|sed 's/Interfaces:/ :/g')
874
875	OPTIND=1
876	while getopts "z:(Private)s:(Shared)" opt $ports ; do
877		case $opt in
878			z) zoneMLPs=$OPTARG ;;
879			s) sharedMLPs=$OPTARG ;;
880		esac
881	done
882
883	sed -e "/^$zonename:*/d" $TNZONECFG > $TXTMP/tnzonecfg.$$ 2>/dev/null
884	tnzone=$(print "$tnzone"|cut -d : -f1-3)
885	echo "${tnzone}${zoneMLPs}${sharedMLPs}" >> $TXTMP/tnzonecfg.$$
886
887	x=$(tnchkdb -z $TXTMP/tnzonecfg.$$ 2>$TXTMP/syntax_error.$$)
888
889	if [ $? = 0 ] ; then
890		mv $TXTMP/tnzonecfg.$$ $TNZONECFG
891		zenity --info \
892		    --title="$title" \
893		    --text="Multilevel ports for the $zonename zone\nwill be interpreted on next reboot."
894		if [ $zonename != global ] ; then
895			getLabelRange
896		fi
897	else
898		syntax=$(cat $TXTMP/syntax_error.$$)
899		x=$(zenity --error \
900		    --title="$title" \
901		    --text="$syntax")
902		rm $TXTMP/tnzonecfg.$$
903	fi
904	rm $TXTMP/syntax_error.$$
905}
906
907unsharePasswd() {
908	for i in $(zoneadm list -i | grep -v global) ; do
909		zonecfg -z $i remove fs dir=/etc/passwd 2>&1 | grep -v such
910		zonecfg -z $i remove fs dir=/etc/shadow 2>&1 | grep -v such
911	done
912}
913
914sharePasswd() {
915	if [ $NSCD_PER_LABEL -ne 0 ] ; then
916		return
917	fi
918	passwd=$(zonecfg -z $zonename info|grep /etc/passwd)
919	if [ $? -eq 1 ] ; then
920		zonecfg -z $zonename "add fs; \
921		    set special=/etc/passwd; \
922		    set dir=/etc/passwd; \
923		    set type=lofs; \
924		    add options ro; \
925		    end; \
926		    add fs; \
927		    set special=/etc/shadow; \
928		    set dir=/etc/shadow; \
929		    set type=lofs; \
930		    add options ro; \
931		    end"
932	fi
933}
934
935# This routine is a toggle -- if we find it configured for global nscd,
936# change to nscd-per-label and vice-versa.
937#
938# The user was presented with only the choice to CHANGE the existing
939# configuration.
940
941manageNscd() {
942	if [ $NSCD_PER_LABEL -eq 0 ] ; then
943		# this MUST be a regular file for svc-nscd to detect
944		touch $NSCD_INDICATOR
945		NSCD_OPT="Unconfigure per-zone name service"
946		NSCD_PER_LABEL=1
947		unsharePasswd
948	else
949		rm -f $NSCD_INDICATOR
950		NSCD_OPT="Configure per-zone name service"
951		NSCD_PER_LABEL=0
952		for i in $(zoneadm list -i | grep -v global) ; do
953			zonename=$i
954			sharePasswd
955		done
956		zonename=global
957	fi
958}
959
960manageZoneNets () {
961	ncmds[0]="Only use all-zones interfaces"
962	ncmds[1]="Add a logical interface"
963	ncmds[2]="Add a virtual interface (VNIC)"
964
965	stacks[0]="Shared Stack"
966	stacks[1]="Exclusive Stack"
967
968	getAllZoneNICs
969	netOps[0]="1\n${ncmds[0]}\nShared Stack\n${aznics[*]}"
970
971	integer nic_cnt=0
972	integer netOp_cnt=2
973
974	set -A nics $(dladm show-phys|grep -v LINK|cut -f1 -d " ")
975
976	while (( nic_cnt < ${#nics[*]} )); do
977		netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[1]}\n${stacks[0]}\n${nics[nic_cnt]}"
978		netOp_cnt+=1
979		netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[2]}\n${stacks[1]}\n${nics[nic_cnt]}"
980		netOp_cnt+=1
981		nic_cnt+=1
982	done
983
984	netOp=$(print "${netOps[*]}"|zenity --list \
985	    --title="$title" \
986	    --text="$msg_getnet $zonename zone:" \
987	    --height=300 \
988	    --width=500 \
989	    --column="#" \
990	    --column="Network Configuration " \
991	    --column="IP Type" \
992	    --column="Available Interfaces" \
993	    --hide-column=1
994	)
995
996	# User picked cancel or no selection
997	if [[ -z $netOp ]] ; then
998		return
999	fi
1000
1001	# All-zones is the default, so just return
1002	if [ $netOp = 1 ] ; then
1003		return
1004	fi
1005
1006	cmd=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 3)
1007	nic=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 5)
1008	case $cmd in
1009	    ${ncmds[1]} )
1010		addNet;
1011		;;
1012	    ${ncmds[2]} )
1013		zonecfg -z $zonename set ip-type=exclusive
1014		createVNIC
1015		;;
1016	esac
1017}
1018
1019manageInterface () {
1020	while (( 1 )) do
1021		getAttrs
1022
1023		# Clear list of commands
1024
1025		share=
1026		setipaddr=
1027		newlogical=
1028		newvnic=
1029		unplumb=
1030		bringup=
1031		bringdown=
1032
1033		if [ $updown = Down ] ; then
1034			bringup="Bring Up\n"
1035		else
1036			bringdown="Bring Down\n"
1037		fi
1038
1039		case $linktype in
1040		physical )
1041			newlogical="Create Logical Interface...\n";
1042			newvnic="Create Virtual Interface (VNIC)...\n";
1043			;;
1044		logical )
1045			unplumb="Remove Logical Interface\n"
1046			;;
1047		virtual )
1048			newlogical="Create Logical Interface...\n";
1049			unplumb="Remove Virtual Interface\n" ;
1050			;;
1051		esac
1052
1053		if [ $ipaddr = "..." ] ; then
1054			setipaddr="Set IP address...\n"
1055		elif [ $zone != all-zones ] ; then
1056			share="Share with Shared-IP Zones\n"
1057		fi
1058
1059		command=$(print ""\
1060		    $share \
1061		    $setipaddr \
1062		    $newlogical \
1063		    $newvnic \
1064		    $unplumb \
1065		    $bringup \
1066		    $bringdown \
1067		    | zenity --list \
1068		    --title="$title" \
1069		    --text="Select a command from the list below:" \
1070		    --height=300 \
1071		    --column "Interface: $nic" )
1072
1073		case $command in
1074		    " Create Logical Interface...")
1075			createInterface;;
1076		    " Create Virtual Interface (VNIC)...")
1077			createVNIC ;;
1078		    " Set IP address...")
1079			getIPaddr
1080			addHost;;
1081		    " Share with Shared-IP Zones")
1082			shareInterface;;
1083		    " Remove Logical Interface")
1084			ifconfig $nic unplumb
1085			rm -f /etc/hostname.$nic
1086			return;;
1087		    " Remove Virtual Interface")
1088			ifconfig $nic unplumb
1089			dladm delete-vnic $nic
1090			rm -f /etc/hostname.$nic
1091			return;;
1092		    " Bring Up")
1093			ifconfig $nic up;;
1094		    " Bring Down")
1095			ifconfig $nic down;;
1096		    *) return;;
1097		esac
1098	done
1099}
1100
1101sharePrimaryNic() {
1102	set -A ip $(getent hosts $(cat /etc/nodename))
1103	for i in $(ifconfig -au4|grep  "^[a-z].*:" |grep -v LOOPBACK)
1104	do
1105		print "$i" |grep "^[a-z].*:" >/dev/null 2>&1
1106		[ $? -eq 1 ] && continue
1107
1108		nic=${i%:} # Remove colon after interface name
1109		getAttrs
1110		if [ ${ip[0]} = $ipaddr ]; then
1111			shareInterface
1112			break
1113		fi
1114	done
1115}
1116
1117manageNets() {
1118	while (( 1 )) do
1119		attrs=
1120		for i in $(ifconfig -a4|grep  "^[a-z].*:" |grep -v LOOPBACK)
1121		do
1122			print "$i" |grep "^[a-z].*:" >/dev/null 2>&1
1123			[ $? -eq 1 ] && continue
1124
1125			nic=${i%:} # Remove colon after interface name
1126			getAttrs
1127			attrs="$nic $linktype $zone $ipaddr $template $updown $attrs"
1128		done
1129
1130		nic=$(zenity --list \
1131		    --title="$title" \
1132		    --text="Select an interface from the list below:" \
1133		    --height=300 \
1134		    --width=500 \
1135		    --column="Interface" \
1136		    --column="Type" \
1137		    --column="Zone Name" \
1138		    --column="IP Address" \
1139		    --column="Template" \
1140		    --column="State" \
1141		    $attrs)
1142
1143		if [[ -z $nic ]] ; then
1144			return
1145		fi
1146		manageInterface
1147	done
1148}
1149
1150createLDAPclient() {
1151	ldaptitle="$title: Create LDAP Client"
1152	ldapdomain=$(zenity --entry \
1153	    --width=400 \
1154	    --title="$ldaptitle" \
1155	    --text="Enter Domain Name: ")
1156	if [[ -n $ldapdomain ]] ; then
1157	ldapserver=$(zenity --entry \
1158	    --width=400 \
1159	    --title="$ldaptitle" \
1160	    --text="Enter Hostname of LDAP Server: ")
1161	else
1162		return
1163	fi
1164	if [[ -n $ldapserver ]] ; then
1165	ldapserveraddr=$(zenity --entry \
1166	    --width=400 \
1167	    --title="$ldaptitle" \
1168	    --text="Enter IP adddress of LDAP Server $ldapserver: ")
1169	else
1170		return
1171	fi
1172	ldappassword=""
1173	while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]] ; do
1174	    ldappassword=$(zenity --entry \
1175		--width=400 \
1176		--title="$ldaptitle" \
1177		--hide-text \
1178		--text="Enter LDAP Proxy Password:")
1179	    ldappasswordconfirm=$(zenity --entry \
1180		--width=400 \
1181		--title="$ldaptitle" \
1182		--hide-text \
1183		--text="Confirm LDAP Proxy Password:")
1184	done
1185	ldapprofile=$(zenity --entry \
1186	    --width=400 \
1187	    --title="$ldaptitle" \
1188	    --text="Enter LDAP Profile Name: ")
1189	whatnext=$(zenity --list \
1190	    --width=400 \
1191	    --height=250 \
1192	    --title="$ldaptitle" \
1193	    --text="Proceed to create LDAP Client?" \
1194	    --column=Parameter --column=Value \
1195	    "Domain Name" "$ldapdomain" \
1196	    "Hostname" "$ldapserver" \
1197	    "IP Address" "$ldapserveraddr" \
1198	    "Password" "$(print "$ldappassword" | sed 's/./*/g')" \
1199	    "Profile" "$ldapprofile")
1200	[ $? != 0 ] && return
1201
1202	grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null
1203	if [ $? -eq 1 ] ; then
1204		print "$ldapserveraddr $ldapserver" >> /etc/hosts
1205	fi
1206
1207	grep "${ldapserver}:" $TNRHDB > /dev/null
1208	if [ $? -eq 1 ] ; then
1209		print "# ${ldapserver} - ldap server" \
1210		    >> $TNRHDB
1211		print "${ldapserveraddr}:cipso" \
1212		    >> $TNRHDB
1213		tnctl -h "${ldapserveraddr}:cipso"
1214	fi
1215
1216	proxyDN=$(print $ldapdomain|awk -F"." \
1217	    "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }")
1218
1219	zenity --info \
1220	    --title="$ldaptitle" \
1221	    --width=500 \
1222	    --text="global zone will be LDAP client of $ldapserver"
1223
1224	ldapout=$TXTMP/ldapclient.$$
1225
1226	ldapclient init -a profileName="$ldapprofile" \
1227	    -a domainName="$ldapdomain" \
1228	    -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \
1229	    -a proxyPassword="$ldappassword" \
1230	    "$ldapserveraddr" >$ldapout 2>&1
1231
1232	if [ $? -eq 0 ] ; then
1233	    ldapstatus=Success
1234	else
1235	    ldapstatus=Error
1236	fi
1237
1238	zenity --text-info \
1239	    --width=700 \
1240	    --height=300 \
1241	    --title="$ldaptitle: $ldapstatus" \
1242	    --filename=$ldapout
1243
1244	rm -f $ldapout
1245
1246
1247}
1248
1249tearDownZones() {
1250	killall=$(zenity --question \
1251	    --title="$title" \
1252	    --width=330 \
1253	    --text="$msg_confirmkill")
1254	if [[ $? != 0 ]]; then
1255		return
1256	fi
1257
1258	for p in $(zoneadm list -cp|grep -v global:) ; do
1259		zonename=$(echo "$p"|cut -d : -f2)
1260		zoneadm -z $zonename halt 1>/dev/null 2>&1
1261		zoneadm -z $zonename uninstall -F 1>/dev/null 2>&1
1262		delete -rRf
1263	done
1264	zonename=global
1265}
1266
1267createDefaultZones() {
1268	msg_choose1=$(gettext "Choose one:")
1269	defpub=$(gettext "$PUBZONE zone only")
1270	defboth=$(gettext "$PUBZONE and $INTZONE zones")
1271	defskip=$(gettext "Main Menu...")
1272	command=$(echo ""\
1273	    "$defpub\n" \
1274	    "$defboth\n" \
1275	    "$defskip\n" \
1276	    | zenity --list \
1277	    --title="$title" \
1278	    --text="$msg_defzones" \
1279	    --column="$msg_choose1" \
1280	    --height=400 \
1281	    --width=330 )
1282
1283	case $command in
1284	    " $defpub")
1285		createDefaultPublic ;;
1286
1287	    " $defboth")
1288		createDefaultPublic
1289		createDefaultInternal ;;
1290
1291	    *)
1292		return;;
1293	esac
1294}
1295
1296createDefaultPublic() {
1297	zonename=$PUBZONE
1298	newZone
1299	zone_cnt+=1
1300	hexlabel=$DEFAULTLABEL
1301	setTNdata
1302	sharePrimaryNic
1303	install
1304	zoneadm -z $zonename boot &
1305	gnome-terminal \
1306	    --disable-factory \
1307	    --title="Zone Console: $zonename $msg_continue" \
1308	    --command "zlogin -C $zonename"
1309}
1310
1311createDefaultInternal() {
1312	zoneadm -z $PUBZONE halt
1313
1314	zonename=snapshot
1315	newZone
1316	zone_cnt+=1
1317	zonecfg -z $zonename set autoboot=false
1318
1319	clone $PUBZONE
1320	zoneadm -z $PUBZONE boot &
1321
1322	zonename=$INTZONE
1323	newZone
1324	zone_cnt+=1
1325	selectLabel
1326
1327	clone snapshot
1328	gnome-terminal \
1329	    --title="Zone Console: $zonename" \
1330	    --command "zlogin -C $zonename" &
1331	zoneadm -z $zonename boot &
1332}
1333
1334selectZone() {
1335	set -A zonelist "global\nrunning\nADMIN_HIGH"
1336	integer zone_cnt=1
1337
1338	for p in $(zoneadm list -cp|grep -v global:) ; do
1339		zone_cnt+=1
1340	done
1341	if [ $zone_cnt == 1 ] ; then
1342		createDefaultZones
1343	fi
1344	if [ $zone_cnt == 1 ] ; then
1345		zonename=global
1346		singleZone
1347		return
1348	fi
1349
1350	zone_cnt=1
1351	for p in $(zoneadm list -cp|grep -v global:) ; do
1352		zonename=$(echo "$p"|cut -d : -f2)
1353		state=$(echo "$p"|cut -d : -f3)
1354		hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2)
1355		if [[ $hexlabel ]] ; then
1356			curlabel=$(hextoalabel $hexlabel)
1357		else
1358			curlabel=...
1359		fi
1360		zonelist[zone_cnt]="\n$zonename\n$state\n$curlabel"
1361		zone_cnt+=1
1362	done
1363	zonename=$(print "${zonelist[*]}"|zenity --list \
1364	    --title="$title" \
1365	    --text="$msg_getzone" \
1366	    --height=300 \
1367	    --width=500 \
1368	    --column="Zone Name" \
1369	    --column="Status" \
1370	    --column="Sensitivity Label" \
1371	)
1372
1373	# if the menu choice was a zonename, pop up zone menu
1374	if [[ -n $zonename ]] ; then
1375		singleZone
1376	else
1377		exit
1378	fi
1379}
1380
1381# Loop for single-zone menu
1382singleZone() {
1383
1384	while (( 1 )) do
1385		# Clear list of commands
1386
1387		console=
1388		label=
1389		start=
1390		reboot=
1391		stop=
1392		clone=
1393		install=
1394		ready=
1395		uninstall=
1396		autoboot=
1397		delete=
1398		deletenet=
1399		permitrelabel=
1400
1401		if [ $zone_cnt -gt 1 ] ; then
1402			killZones="Destroy all zones...\n"
1403			xit="Select another zone..."
1404		else
1405			killZones=
1406			xit="Exit"
1407		fi
1408		if [ $zonename = global ] ; then
1409			ldapClient="Create LDAP Client...\n"
1410			nscdOpt="$NSCD_OPT\n"
1411			createZone="Create a new zone...\n"
1412			addnet="Configure Network Interfaces...\n"
1413		else
1414			ldapClient=
1415			nscdOpt=
1416			createZone=
1417			addnet=
1418			killZones=
1419		fi
1420
1421		zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
1422
1423		consoleCheck;
1424		labelCheck;
1425		delay=0
1426
1427		if [ $zonename != global ] ; then
1428			case $zonestate in
1429				running)
1430					ready="Ready\n"
1431					reboot="Reboot\n"
1432					stop="Halt\n"
1433					;;
1434				ready)
1435					start="Boot\n"
1436					stop="Halt\n"
1437					;;
1438				installed)
1439					if [[ -z $label ]] ; then
1440						ready="Ready\n"
1441						start="Boot\n"
1442					fi
1443					uninstall="Uninstall\n"
1444					relabelCheck
1445					autobootCheck
1446					;;
1447				configured)
1448					install="Install...\n"
1449					cloneCheck
1450					delete="Delete\n"
1451					console=
1452					;;
1453				incomplete)
1454					uninstall="Uninstall\n"
1455					;;
1456				*)
1457				;;
1458			esac
1459		fi
1460
1461		command=$(echo ""\
1462		    $createZone \
1463		    $console \
1464		    $label \
1465		    $start \
1466		    $reboot \
1467		    $stop \
1468		    $clone \
1469		    $install \
1470		    $ready \
1471		    $uninstall \
1472		    $delete \
1473		    $addnet \
1474		    $deletenet \
1475		    $addremotehost \
1476		    $addcipsohost \
1477		    $removeremotehost \
1478		    $removecipsohost \
1479		    $setmlps \
1480		    $permitrelabel \
1481		    $autoboot \
1482		    $ldapClient \
1483		    $nscdOpt \
1484		    $killZones \
1485		    $xit \
1486		    | zenity --list \
1487		    --title="$title" \
1488		    --text="$msg_getcmd" \
1489		    --height=400 \
1490		    --width=330 \
1491		    --column "Zone: $zonename   Status: $zonestate" )
1492
1493		case $command in
1494		    " Create a new zone...")
1495			zonename=
1496			newZone ;;
1497
1498		    " Zone Console...")
1499			delay=2
1500			gnome-terminal \
1501			    --title="Zone Console: $zonename" \
1502			    --command "zlogin -C $zonename" & ;;
1503
1504		    " Select Label...")
1505			selectLabel;;
1506
1507		    " Ready")
1508			zoneadm -z $zonename ready ;;
1509
1510		    " Boot")
1511			zoneadm -z $zonename boot ;;
1512
1513		    " Halt")
1514			zoneadm -z $zonename halt ;;
1515
1516		    " Reboot")
1517			zoneadm -z $zonename reboot ;;
1518
1519		    " Install...")
1520			install;;
1521
1522		    " Clone...")
1523			clone ;;
1524
1525		    " Uninstall")
1526			zoneadm -z $zonename uninstall -F;;
1527
1528		    " Delete")
1529			delete
1530			return ;;
1531
1532		    " Configure Network Interfaces...")
1533			if [ $zonename = global ] ; then
1534				manageNets
1535			else
1536				manageZoneNets
1537			fi;;
1538
1539		    " Add Single-level Access to Remote Host...")
1540			addTnrhdb ;;
1541
1542		    " Add Multilevel Access to Remote Host...")
1543			template=cipso
1544			addTnrhdb ;;
1545
1546		    " Remove Single-level Access to Remote Host...")
1547			removeTnrhdb ;;
1548
1549		    " Remove Multilevel Access to Remote Host...")
1550			template=cipso
1551			removeTnrhdb ;;
1552
1553		    " Configure Multilevel Ports...")
1554			setMLPs;;
1555
1556		    " Permit Relabeling")
1557			zonecfg -z $zonename set limitpriv=default,\
1558win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,\
1559file_downgrade_sl,file_upgrade_sl,sys_trans_label ;;
1560
1561		    " Deny Relabeling")
1562			zonecfg -z $zonename set limitpriv=default ;;
1563
1564		    " Set Automatic Booting")
1565			zonecfg -z $zonename set autoboot=true ;;
1566
1567		    " Set Manual Booting")
1568			zonecfg -z $zonename set autoboot=false ;;
1569
1570		    " Create LDAP Client...")
1571			createLDAPclient ;;
1572
1573		    " Configure per-zone name service")
1574			manageNscd ;;
1575
1576		    " Unconfigure per-zone name service")
1577			manageNscd ;;
1578
1579		    " Destroy all zones...")
1580			tearDownZones
1581			return ;;
1582
1583		    *)
1584			if [ $zone_cnt == 1 ] ; then
1585				exit
1586			else
1587				return
1588			fi;;
1589		esac
1590		sleep $delay;
1591	done
1592}
1593
1594# Main loop for top-level window
1595#
1596
1597/usr/bin/plabel $$ 1>/dev/null 2>&1
1598if [ $? != 0 ] ; then
1599	echo "$0 : Trusted Extensions must be enabled."
1600	exit 1
1601fi
1602
1603myzone=$(/sbin/zonename)
1604if [ $myzone != "global" ] ; then
1605	echo "$0 : must be in global zone to run."
1606	exit 1
1607fi
1608
1609mkdir $TXTMP 2>/dev/null
1610deflabel=$(chk_encodings -a|grep "Default User Sensitivity"|\
1611   sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2)
1612DEFAULTLABEL=$(atohexlabel ${deflabel})
1613
1614# are there any zfs pools?
1615ZDSET=none
1616zpool iostat 1>/dev/null 2>&1
1617if [ $? = 0 ] ; then
1618	# is there a zfs pool named "zone"?
1619	zpool list -H zone 1>/dev/null 2>&1
1620	if [ $? = 0 ] ; then
1621		# yes
1622		ZDSET=zone
1623	else
1624		# no, but is there a root pool?
1625		rootfs=$(df -n / | awk '{print $3}')
1626		if [ $rootfs = "zfs" ] ; then
1627			# yes, use it
1628			ZDSET=$(zfs list -Ho name / | cut -d/ -f 1)/zones
1629			zfs list -H $ZDSET 1>/dev/null 2>&1
1630			if [ $? = 1 ] ; then
1631				createZDSET "-o mountpoint=/zone" $ZDSET
1632			fi
1633		fi
1634	fi
1635fi
1636
1637if [ $NSCD_PER_LABEL -eq 0 ]  ; then
1638	NSCD_OPT="Configure per-zone name service"
1639else
1640	NSCD_OPT="Unconfigure per-zone name service"
1641fi
1642
1643
1644while (( 1 )) do
1645	selectZone
1646done
1647