f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# CDDL HEADER START
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# The contents of this file are subject to the terms of the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# Common Development and Distribution License (the "License").
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# You may not use this file except in compliance with the License.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# See the License for the specific language governing permissions
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# and limitations under the License.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# When distributing Covered Code, include this CDDL HEADER in each
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# If applicable, add the following below this CDDL HEADER, with the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# fields enclosed by brackets "[]" replaced with your own identifying
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# information: Portions Copyright [yyyy] [name of copyright owner]
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# CDDL HEADER END
770915ebe81263e14c9bdd49d7d24aac978ef725Ric Aleshire# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
052519c2d30736afb1861979b73d5a889cf7fba8Garrett D'Amore# Copyright 2014 Garrett D'Amore
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# This script provides a simple GUI for managing labeled zones.
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# It provides contextual menus which provide appropriate choices.
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# It must be run in the global zone as root.
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# These arguments are accepted, and will result in non-interactive
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# (text-only) mode:
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# txzonemgr [-c | -d[f]]
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# -c create default zones
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# -d destroy all zones; prompts for confirmation unless
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# the -f flag is also specified
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# DISP - use GUI (otherwise use non-interactive mode)
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# CREATEDEF - make default zones (non-interactive)
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# DESTROYZONES - tear down all zones (non-interactive)
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire# FORCE - force
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcelif [ -f $NSCD_INDICATOR ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_defzones=$(gettext "Create default zones using default settings?")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_confirmkill=$(gettext "OK to destroy all zones?")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_continue=$(gettext "(exit to resume $(basename $0) when ready)")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_getremote=$(gettext "Select a remote host or network from the list below:")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_getnet=$(gettext "Select a network configuration for the")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_getzone=$(gettext "Select a zone from the list below:
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza(select global for zone creation and shared settings)")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_getcmd=$(gettext "Select a command from the list below:")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_inuse=$(gettext "That label is already assigned\nto the")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_getmin=$(gettext "Select the minimum network label for the")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_getmax=$(gettext "Select the maximum network label for the")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazamsg_badip=$(gettext " is not a valid IP address")
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $CREATEDEF -eq 1 -a $DESTROYZONES -eq 1 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $CREATEDEF -eq 1 -a $FORCE -eq 1 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $FORCE -eq 1 -a $CREATEDEF -eq 0 -a $DESTROYZONES -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire gettext "option -f specified without any other options\n"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename != global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? != 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2);
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ $hexlabel ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename = global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza addcipsohost="Add Multilevel Access to Remote Host...\n"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza removecipsohost="Remove Multilevel Access to Remote Host...\n"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $net ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza elif [ $zonestate = configured ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza addremotehost="Add Single-level Access to Remote Host...\n"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza removeremotehost="Remove Single-level Access to Remote Host...\n"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $z = $zonename ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $clone_cnt -gt 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza macstate=$(zonecfg -z $zonename info|grep win_mac_write)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $macstate ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ ! -n $zonename ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ ! -n $zonename ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set zonepath=/zone/$zonename"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for zbe in $(zfs list -rHo name $ZDSET/$zonename|grep ROOT/zbe) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $hostType = cipso ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza tnzone=$(grep "^${template}:" $TNRHTP 2>/dev/null)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza sed -e "/^${template}/d" $TNRHTP > $TXTMP/tnrhtp.$$ 2>/dev/null
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza echo $(zfs get 2>&1 | grep encryption | sed -e s/^.*YES// -e s/\|//g)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza pass1=$(zenity --entry --title="$title" --text="Enter passphrase:" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza pass2=$(zenity --entry --title="$title" --text="Re-enter passphrase:" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza # First check if ZFS encrytption support is available
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza cversion=$(zpool upgrade -v | grep Crypto | awk '{ print $1 }')
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if (( cversion == 0 || pversion < cversion )); then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza encryption=$(zenity --list --title="$title" --height=320 \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="Select cipher for encryption of all labels:" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && exit
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza elif [[ $format == "Generate Key in file" ]]; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && exit
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza options="$options -o encryption=$encryption -o keysource=$keysource"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ -f /var/ldap/ldap_client_file ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza print "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG}
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza print "profile_server=$ldapaddress }" >> ${SYSIDCFG}
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $locale ]] ; then
052519c2d30736afb1861979b73d5a889cf7fba8Garrett D'Amore timezone=$(grep "^TZ" /etc/default/init|cut -d "=" -f2)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza rootpwd=$(grep "^root:" /etc/shadow|cut -d : -f2)
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden# There are two problems with setting the root password:
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden# The zone's shadow file may be read-only
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden# The password contains unparsable characters
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden# so the following line is commented out until this is resolved.
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza print "network_interface=PRIMARY {" >> ${SYSIDCFG}
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $ipType = exclusive ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="${zonename}0: Enter Hostname or dhcp: ")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $hostname = dhcp ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? != 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $ipaddr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza elif [[ -n $net ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for i in ${aznics[*]} ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $image ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza msg_clone=$(gettext "Clone the $zonename zone using a
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $image ]] ; then
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden if [ $NSCD_PER_LABEL = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $ipType = exclusive ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4)
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire # sleep is needed here to avoid occasional timing
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $zonestate != installed ] ; then
3492b16344977c5f5655da823a2b4d6bddf55970Ric Aleshire if [ $NSCD_PER_LABEL = 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $zonestate != ready ] ; then
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica # if there is an entry for this zone in tnzonecfg, remove it
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for tnzone in $(grep ":${zonename}_unlab" $TNRHDB 2>/dev/null) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for tnzone in $(grep "^${zonename}_unlab:" $TNRHTP 2>/dev/null) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for tnzone in $(grep ":${zonename}_cipso" $TNRHDB 2>/dev/null) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for tnzone in $(grep "^${zonename}_cipso:" $TNRHTP 2>/dev/null) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for snap in $(zfs list -Ho name -t snapshot|grep "\@${zonename}_snap") ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $dummy = ${octets[octet_cnt]} ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? -eq 1 ] && continue
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica --entry-text 255.255.255.0)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return;
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza cidr=$(perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $ipaddr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $cidr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set address=${ipaddr}/${cidr}; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set physical=$nic; \
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica inet) type=$j;;
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica zone) type=$j;;
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica *) continue ;;
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza vnic=$(dladm show-vnic -po link $nic 2>/dev/null)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $vnic ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $ipaddr != 0.0.0.0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza sed -e "/^${remote}/d" $TNRHDB > /tmp/tnrhdb.$$ 2>/dev/null
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $cidr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $ipaddr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $ipaddr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename != global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ ! -n $vnicname ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ ! -n $x ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename = global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set physical=$vnicname; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza sed q | sed -e "s/$/ all-zones/" < $if_file >$TXTMP/txnetmgr.$$
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden sed q | sed -e "s/all-zones/ /" < $if_file >$TXTMP/txnetmgr.$$
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="Zone:$zonename. Enter IP address of remote host or network: " \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $ipaddr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ ${octets[3]} = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $cidr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza print "${ipaddr}/$cidr:$template" > $TXTMP/tnrhdb_new.$$
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza x=$(tnchkdb -h $TXTMP/tnrhdb_new.$$ 2>$TXTMP/syntax_error.$$)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza remotes=$(grep "^[^#][0-9.]" $TNRHDB|grep ":$template"|cut -d : -f1-2|tr : " ")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $template = cipso ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $remotes ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $ipaddr ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza attrs="Private Interfaces$zoneMLPs\nShared Interfaces$sharedMLPs"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="Zone: $zonename\nClick once to select, twice to edit.\nShift-click to select both rows." \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --column="Multilevel Ports (example: 80-81/tcp;111/udp;)" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $ports ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza # getopts needs another a blank and another dash
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza ports=--$(print "$ports"|sed 's/ //g'|sed 's/|/ --/g'|sed 's/Interfaces:/ :/g')
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza while getopts "z:(Private)s:(Shared)" opt $ports ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza sed -e "/^$zonename:*/d" $TNZONECFG > $TXTMP/tnzonecfg.$$ 2>/dev/null
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza echo "${tnzone}${zoneMLPs}${sharedMLPs}" >> $TXTMP/tnzonecfg.$$
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza x=$(tnchkdb -z $TXTMP/tnzonecfg.$$ 2>$TXTMP/syntax_error.$$)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="Multilevel ports for the $zonename zone\nwill be interpreted on next reboot."
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename != global ] ; then
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden # If the zone's shadow file was previously read-only
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden # there may be no root password entry for this zone.
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden # If so, replace the root password entry with the global zone's.
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden if [ $? -eq 0 ] ; then
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden # Add the user who assumed the root role to each installed zone
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden if [ $? -ne 0 ] ; then
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden if [ $? -eq 0 ] ; then
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden zonecfg -z $1 remove fs dir=/etc/passwd >/dev/null 2>&1 | grep -v such
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden zonecfg -z $1 remove fs dir=/etc/shadow >/dev/null 2>&1 | grep -v such
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden if [ $? -eq 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set special=/etc/passwd; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set type=lofs; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza add options ro; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set special=/etc/shadow; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set type=lofs; \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza add options ro; \
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel# This routine is a toggle -- if we find it configured for global nscd,
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel# change to nscd-per-label and vice-versa.
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel# The user was presented with only the choice to CHANGE the existing
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel# configuration.
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel if [ $NSCD_PER_LABEL -eq 0 ] ; then
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel # this MUST be a regular file for svc-nscd to detect
a8449b6b91b07447ea0dd49293b52ffc26e07fe8Glenn Faden for i in $(zoneadm list -i | grep -v global) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for i in $(zoneadm list -i | grep -v global) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza netOps[0]="1\n${ncmds[0]}\nShared Stack\n${aznics[*]}"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza set -A nics $(dladm show-phys|grep -v LINK|cut -f1 -d " ")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[1]}\n${stacks[0]}\n${nics[nic_cnt]}"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[2]}\n${stacks[1]}\n${nics[nic_cnt]}"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $netOp ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $netOp = 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza cmd=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 3)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza nic=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 5)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $updown = Down ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza elif [ $zone != all-zones ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="Select a command from the list below:" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for i in $(ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? -eq 1 ] && continue
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ ${ip[0]} = $ipaddr ]; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for i in $(ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? -eq 1 ] && continue
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza attrs="$nic $linktype $zone $ipaddr $template $updown $attrs"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza --text="Select an interface from the list below:" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $nic ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $ldapdomain ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $ldapserver ]] ; then
392f053c1d9e38866aab93443364b46df7dd67e2jpk --text="Enter IP adddress of LDAP Server $ldapserver: ")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]] ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza "Password" "$(print "$ldappassword" | sed 's/./*/g')" \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza [ $? != 0 ] && return
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza print "$ldapserveraddr $ldapserver" >> /etc/hosts
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $FORCE -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $? -ne 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [[ $? != 0 ]]; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for p in $(zoneadm list -cp|grep -v global:) ; do
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zoneadm -z $zonename uninstall -F 1>/dev/null 2>&1
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $? -ne 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza defboth=$(gettext "$PUBZONE and $INTZONE zones")
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $? -ne 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire gettext "creating default $zonename zone ...\n"
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $? -ne 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire --title="Zone Console: $zonename $msg_continue" \
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire gettext "creating default $zonename zone ...\n"
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $? = 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DISP -eq 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for p in $(zoneadm list -cp|grep -v global:) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zone_cnt == 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zone_cnt == 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza for p in $(zoneadm list -cp|grep -v global:) ; do
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ $hexlabel ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zonelist[zone_cnt]="\n$zonename\n$state\n$curlabel"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zonename=$(print "${zonelist[*]}"|zenity --list \
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza # if the menu choice was a zonename, pop up zone menu
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -n $zonename ]] ; then
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel# Loop for single-zone menu
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zone_cnt -gt 1 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename = global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename != global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [[ -z $label ]] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zonename = global ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza " Remove Single-level Access to Remote Host...")
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazawin_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,\
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazafile_downgrade_sl,file_upgrade_sl,sys_trans_label ;;
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza zonecfg -z $zonename set autoboot=false ;;
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $zone_cnt == 1 ] ; then
56dd2b4519ecc7832e0656be6ddafdd86c164b25jparcel# Main loop for top-level window
770915ebe81263e14c9bdd49d7d24aac978ef725Ric Aleshireif [ $? != 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire gettext "$0 : Trusted Extensions must be enabled.\n"
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire gettext "$0 : must be in global zone to run.\n"
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazadeflabel=$(chk_encodings -a|grep "Default User Sensitivity"|\
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshireintlabel=$(chk_encodings -a|grep "Default User Clearance"|\
1e393761c0527947c40647656227befe35d1e91bjpk# are there any zfs pools?
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Prazaif [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 0 ] ; then
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza ZDSET=$(zfs list -Ho name / | cut -d/ -f 1)/zones
ead1f93ee620d7580f7e53350fe5a884fc4f158aLiane Praza if [ $? = 1 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshireif [ $DISP -eq 0 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $DESTROYZONES -eq 1 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire if [ $CREATEDEF -eq 1 ] ; then
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshire gettext "cannot create default zones because there are existing zones.\n"
e27732d8ead160782f0326b20fe46c0e9126df9bRic Aleshireif [ $NSCD_PER_LABEL -eq 0 ] ; then