tnctl.c revision f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * CDDL HEADER START
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * The contents of this file are subject to the terms of the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * Common Development and Distribution License (the "License").
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * You may not use this file except in compliance with the License.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * See the License for the specific language governing permissions
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * and limitations under the License.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * When distributing Covered Code, include this CDDL HEADER in each
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * If applicable, add the following below this CDDL HEADER, with the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * fields enclosed by brackets "[]" replaced with your own identifying
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * information: Portions Copyright [yyyy] [name of copyright owner]
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * CDDL HEADER END
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * Use is subject to license terms.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#pragma ident "%Z%%M% %I% %E% SMI"
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * Trusted Network control utility
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void process_rh(const char *);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void process_rhl(const char *);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void process_mlp(const char *);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void process_tp(const char *);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void process_tpl(const char *);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void process_tnzone(const char *);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void usage(void);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica extern char *optarg;
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* Don't do anything if labeling is not active. */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica return (0);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* set the locale for only the messages system (all else is clean) */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica while ((chr = getopt(argc, argv, "dfh:H:m:t:T:vz:")) != EOF) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica switch (chr) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica return (0);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) fprintf(stderr, gettext("line %1$d: %2$s:\n"), linenum,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) fprintf(stderr, gettext("tnctl: parsing error: %s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * Load remote host entries from the designated file.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* First time through the loop, flush it all */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "%1$s into kernel cache failed: %2$s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica gettext("tnctl: No valid tnrhdb entries found in %s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * The argument can be either a host name, an address
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * in tnrhdb address format, or a complete tnrhdb entry.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* abuf holds: <numeric-ip-addr>'/'<prefix-length>'\0' */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica const char *cp;
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* was a template name provided on the command line? */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if ((cp = strrchr(hostname, ':')) != NULL && cp != hostname &&
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* use common tnrhdb line conversion function */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) str_to_rhstr(hostname, strlen(hostname), &rhstr, buf,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica sizeof (buf));
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* Check for a subnet prefix length */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if (*cp2 != '\0' || errno != 0 || rhent.rh_prefix < 0) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* Strip any backslashes from numeric address */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* Convert address or hostname to binary af_inet6 format */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* if ipv4 address, convert to af_inet format */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* produce ascii format of address and prefix length */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) inet_ntop(rhentp->rh_address.ta_family, aptr, abuf,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica sizeof (abuf));
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) inet_ntop(rhentp->rh_address.ta_family, aptr, abuf,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica sizeof (abuf));
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * look up the entry from ldap or tnrhdb if this is a load
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * request and a template name was not provided.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) printf("%s rh entry %s\n", delete_mode ? "deleting" :
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* update the tnrhdb entry in the kernel */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if (tnrh(delete_mode ? TNDB_DELETE : TNDB_LOAD, rhentp) != 0) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "entry %2$s failed: no such entry\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "entry %2$s failed: %3$s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricahandle_mlps(zoneid_t zoneid, tsol_mlp_t *mlp, int flags, int cmd)
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * Usage of ?: here is ugly, but helps with
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * localization.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "shared MLP on %1$d-%2$d/%3$d: %4$s\n") :
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "zone-specific MLP on %1$d-%2$d/%3$d: %4$s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * This reads the configuration for the global zone out of tnzonecfg
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * and sets it in the kernel. The non-global zones are configured
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica * by zoneadmd.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if ((zc = tsol_sgetzcent(line, &err, &errstr)) == NULL) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if (errors == 0) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica gettext("tnctl: cannot find global zone in %s\n"), file);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica handle_mlps(GLOBAL_ZONEID, zc->zc_private_mlp, 0, TNDB_LOAD);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica handle_mlps(GLOBAL_ZONEID, zc->zc_shared_mlp, TSOL_MEF_SHARED,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* First time through the loop, flush it all */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "of remote-host template %1$s into kernel "
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica gettext("tnctl: No valid tnrhtp entries found in %s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) str_to_tpstr(template, strlen(template), &tpstr, buf,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica sizeof (buf));
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica } else if (delete_mode) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) strlcpy(tpentp->name, template, sizeof (tpentp->name));
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica } else if ((tpentp = tsol_gettpbyname(template)) == NULL) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) printf("%s rhtp entry ...\n", delete_mode ? "deleting" :
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "loading");
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if (tnrhtp(delete_mode ? TNDB_DELETE : TNDB_LOAD, tpentp) != 0) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "kernel cache entry %2$s failed: no such "
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "entry\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "kernel cache entry %2$s failed: %3$s\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica const char *cp;
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) fprintf(stderr, gettext("tnctl: illegal zone name\n"));
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) fprintf(stderr, gettext("tninfo: zone '%s' unknown\n"),
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica sbuf = malloc(strlen(zonename) + sizeof (":ADMIN_LOW:0:") +
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica /* LINTED: sprintf is known not to be unbounded here */
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica (void) sprintf(sbuf, "%s:ADMIN_LOW:0:%s", zonename, str);
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica if ((zc = tsol_sgetzcent(sbuf, &err, &errstr)) == NULL) {
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica handle_mlps(zoneid, zc->zc_shared_mlp, TSOL_MEF_SHARED,
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricastatic void
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "[-h host[/prefix][:tmpl]] [-m zone:priv:share]\n\t"
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica "[-t tmpl[:key=val[;key=val]]] [-[HTz] file]\n"));