e3320f40ba20e6851e73a3237eedf089700bf001markfen<?xml version="1.0"?>
e3320f40ba20e6851e73a3237eedf089700bf001markfen<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
e3320f40ba20e6851e73a3237eedf089700bf001markfen<!--
e3320f40ba20e6851e73a3237eedf089700bf001markfen Copyright 2007 Sun Microsystems, Inc. All rights reserved.
e3320f40ba20e6851e73a3237eedf089700bf001markfen Use is subject to license terms.
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen CDDL HEADER START
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen The contents of this file are subject to the terms of the
e3320f40ba20e6851e73a3237eedf089700bf001markfen Common Development and Distribution License (the "License").
e3320f40ba20e6851e73a3237eedf089700bf001markfen You may not use this file except in compliance with the License.
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
e3320f40ba20e6851e73a3237eedf089700bf001markfen or http://www.opensolaris.org/os/licensing.
e3320f40ba20e6851e73a3237eedf089700bf001markfen See the License for the specific language governing permissions
e3320f40ba20e6851e73a3237eedf089700bf001markfen and limitations under the License.
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen When distributing Covered Code, include this CDDL HEADER in each
e3320f40ba20e6851e73a3237eedf089700bf001markfen file and include the License file at usr/src/OPENSOLARIS.LICENSE.
e3320f40ba20e6851e73a3237eedf089700bf001markfen If applicable, add the following below this CDDL HEADER, with the
e3320f40ba20e6851e73a3237eedf089700bf001markfen fields enclosed by brackets "[]" replaced with your own identifying
e3320f40ba20e6851e73a3237eedf089700bf001markfen information: Portions Copyright [yyyy] [name of copyright owner]
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen CDDL HEADER END
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen ident "%Z%%M% %I% %E% SMI"
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen NOTE: This service manifest is not editable; its contents will
e3320f40ba20e6851e73a3237eedf089700bf001markfen be overwritten by package or patch operations, including
e3320f40ba20e6851e73a3237eedf089700bf001markfen operating system upgrade. Make customizations in a different
e3320f40ba20e6851e73a3237eedf089700bf001markfen file.
e3320f40ba20e6851e73a3237eedf089700bf001markfen-->
e3320f40ba20e6851e73a3237eedf089700bf001markfen<service_bundle type='manifest' name='SUNWcsr:manual-key'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen<service
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='network/ipsec/manual-key'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='service'
e3320f40ba20e6851e73a3237eedf089700bf001markfen version='1'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- The 'manual-key' service is delivered disabled
e3320f40ba20e6851e73a3237eedf089700bf001markfen because there is not a default configuration file.
e3320f40ba20e6851e73a3237eedf089700bf001markfen See note below on changing the default configuration file. -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <create_default_instance enabled='false' />
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <single_instance />
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- Read/Write access to /var/run required for lock files -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen <dependency
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='filesystem'
e3320f40ba20e6851e73a3237eedf089700bf001markfen grouping='require_all'
e3320f40ba20e6851e73a3237eedf089700bf001markfen restart_on='none'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='service'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <service_fmri
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='svc:/system/filesystem/minimal'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </dependency>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- Kernel needs to know IPsec supported algorithms -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen <dependency
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='algorithms'
e3320f40ba20e6851e73a3237eedf089700bf001markfen grouping='require_all'
e3320f40ba20e6851e73a3237eedf089700bf001markfen restart_on='none'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='service'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <service_fmri
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='svc:/network/ipsec/ipsecalgs'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </dependency>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- If we are enabled, we should be running fairly early -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <dependent
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='ipseckey-network'
e3320f40ba20e6851e73a3237eedf089700bf001markfen grouping='optional_all'
e3320f40ba20e6851e73a3237eedf089700bf001markfen restart_on='none'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <service_fmri
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='svc:/milestone/network'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </dependent>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <exec_method
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='method'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='start'
e3320f40ba20e6851e73a3237eedf089700bf001markfen exec='/usr/sbin/ipseckey -f %{config/config_file}'
e3320f40ba20e6851e73a3237eedf089700bf001markfen timeout_seconds='60'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- To prevent ipseckey generating warnings about duplicate
e3320f40ba20e6851e73a3237eedf089700bf001markfen SAs when the service is refreshed, ipseckey will flush the
e3320f40ba20e6851e73a3237eedf089700bf001markfen existing SAs when its called from smf(5). -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <exec_method
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='method'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='refresh'
e3320f40ba20e6851e73a3237eedf089700bf001markfen exec='/usr/sbin/ipseckey -f %{config/config_file}'
e3320f40ba20e6851e73a3237eedf089700bf001markfen timeout_seconds='60'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <exec_method
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='method'
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='stop'
e3320f40ba20e6851e73a3237eedf089700bf001markfen exec='/usr/sbin/ipseckey flush'
e3320f40ba20e6851e73a3237eedf089700bf001markfen timeout_seconds='60'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <property_group name='general' type='framework'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- A user with this authorization can:
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm restart manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm refresh manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm mark <state> manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm clear manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen see auths(1) and user_attr(4)-->
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <propval
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='action_authorization'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='solaris.smf.manage.ipsec'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- A user with this authorization can:
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm disable manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm enable manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen see auths(1) and user_attr(4)-->
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <propval
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='value_authorization'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='solaris.smf.manage.ipsec'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </property_group>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <!-- The properties defined below can be changed by a user
e3320f40ba20e6851e73a3237eedf089700bf001markfen with 'solaris.smf.value.ipsec' authorization using the
e3320f40ba20e6851e73a3237eedf089700bf001markfen svccfg(1M) command.
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen EG:
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen svccfg -s manual-key setprop config/config_file = /new/config_file
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen The new configurations will be read on service refresh:
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen svcadm refresh ipsec/manual-key
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen Note: svcadm disable/enable does not use the new property
e3320f40ba20e6851e73a3237eedf089700bf001markfen until after the service has been refreshed.
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen ***Do not edit this manifest to change these properties! -->
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <property_group name='config' type='application'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <propval
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='config_file'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='/etc/inet/secret/ipseckeys'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen <propval
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='value_authorization'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='solaris.smf.value.ipsec'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </property_group>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <property_group name='startd' type='framework'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <propval
e3320f40ba20e6851e73a3237eedf089700bf001markfen name='duration'
e3320f40ba20e6851e73a3237eedf089700bf001markfen type='astring'
e3320f40ba20e6851e73a3237eedf089700bf001markfen value='transient'
e3320f40ba20e6851e73a3237eedf089700bf001markfen />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </property_group>
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <stability value='Unstable' />
e3320f40ba20e6851e73a3237eedf089700bf001markfen
e3320f40ba20e6851e73a3237eedf089700bf001markfen <template>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <common_name>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <loctext xml:lang='C'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen manually keyed IPsec startup
e3320f40ba20e6851e73a3237eedf089700bf001markfen </loctext>
e3320f40ba20e6851e73a3237eedf089700bf001markfen </common_name>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <description>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <loctext xml:lang='C'>
e3320f40ba20e6851e73a3237eedf089700bf001markfen Loads static security associations
e3320f40ba20e6851e73a3237eedf089700bf001markfen </loctext>
e3320f40ba20e6851e73a3237eedf089700bf001markfen </description>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <documentation>
e3320f40ba20e6851e73a3237eedf089700bf001markfen <manpage title='ipseckey' section='1M'
e3320f40ba20e6851e73a3237eedf089700bf001markfen manpath='/usr/share/man' />
e3320f40ba20e6851e73a3237eedf089700bf001markfen </documentation>
e3320f40ba20e6851e73a3237eedf089700bf001markfen </template>
e3320f40ba20e6851e73a3237eedf089700bf001markfen</service>
e3320f40ba20e6851e73a3237eedf089700bf001markfen</service_bundle>
e3320f40ba20e6851e73a3237eedf089700bf001markfen