svc-vntsd revision 28b1e50e4eed7be353f9778497714aab53ef2a0d
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#!/sbin/sh
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# Use is subject to license terms.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# CDDL HEADER START
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# The contents of this file are subject to the terms of the
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# Common Development and Distribution License (the "License").
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# You may not use this file except in compliance with the License.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# or http://www.opensolaris.org/os/licensing.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# See the License for the specific language governing permissions
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# and limitations under the License.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# When distributing Covered Code, include this CDDL HEADER in each
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# If applicable, add the following below this CDDL HEADER, with the
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# fields enclosed by brackets "[]" replaced with your own identifying
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# information: Portions Copyright [yyyy] [name of copyright owner]
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# CDDL HEADER END
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# Start script for vntsd
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# For modifying parameters passed to vntsd, do not edit
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# this script. Instead use svccfg(1m) to modify the SMF
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# repository. For example:
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi#
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi# svccfg
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# svc:> select ldoms/vntsd
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# svc:/ldoms/vntsd> setprop vntsd/vcc_device = "virtual-console-concentrator@1"
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# svc:/ldoms/vntsd> setprop vntsd/listen_addr = "192.168.1.1"
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi# svc:/ldoms/vntsd> setprop vntsd/authorization="true"
b599bd937c305a895426e8c412ca920ce7824850Robert Mustacchi# svc:/ldoms/vntsd> exit
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore. /lib/svc/share/smf_include.sh
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'AmoreAUTH_ATTR=/etc/security/auth_attr
fc2512cfb727d49529d8ed99164db871f4829b73Robert MustacchiUSER_ATTR=/etc/user_attr
fc2512cfb727d49529d8ed99164db871f4829b73Robert MustacchiGREP=/usr/bin/grep
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'AmoreCAT=/usr/bin/cat
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'AmoreED=/usr/bin/ed
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'AmoreSVCCFG=/usr/sbin/svccfg
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'AmoreSVCPROP=/bin/svcprop
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# Add LDoms vntsd authorization entries to etc/security/auth_attr if not
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# present. These define authorizations used by LDoms vntsd daemon.
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore#
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchiadd_auth_entries()
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi{
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi # Add entries to auth_attr file, if needed
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi $GREP '^solaris.vntsd.:' ${AUTH_ATTR} >/dev/null 2>&1
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi if [ $? -ne 0 ] ; then
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi $CAT >>${AUTH_ATTR} << EOF
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchi# Added by svc-vntsd
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchisolaris.vntsd.:::LDoms vntsd Administration::
fc2512cfb727d49529d8ed99164db871f4829b73Robert Mustacchisolaris.vntsd.grant:::Delegate LDoms vntsd Administration::
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amoresolaris.vntsd.consoles:::Access All LDoms Guest Consoles::
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'Amore# End of svc-vntsd
de572d98af8238405c5d1292a788b1a85b0c68ebGarrett D'AmoreEOF
fi
}
#
# Add a LDoms user/role entry to etc/user_attr if not present.
# This defines user/role used by useradd or roleadd.
#
add_user_entries()
{
#
# Add entries to user_attr file, if needed.
#
$GREP 'solaris.vntsd.grant' ${USER_ATTR} >/dev/null 2>&1
if [ $? -ne 0 ] ; then
$GREP '^root' ${USER_ATTR} | $GREP 'auths=' >/dev/null 2>&1
if [ $? -eq 0 ] ; then
#
# Add vntsd attribute to an existing root entry.
#
$ED -s ${USER_ATTR} <<- EOF > /dev/null 2>&1
g/^root.*auths\=/s/^roo.*auths\=/&solaris.vntsd.grant,/
w
q
EOF
else
#
# Add a root entry with vntsd attribute.
#
$CAT >>${USER_ATTR} << EOF
# Added by svc-vntsd
root::::type=normal;auths=solaris.vntsd.grant;lock_after_retries=0
# End of svc-vntsd
EOF
fi
fi
}
#
# Update 'vntsd' authorizations in the relevant files. Note that adding these
# entries from this smf script rather than from the pkg install scripts,
# ensures that they are added only if the vntsd service is being enabled; and
# hence avoids adding these entries unnecessarily into client guest domains.
# The functions check before adding, that the entries are not already present.
#
add_auth_entries
add_user_entries
vcc_device=`$SVCPROP -p vntsd/vcc_device $SMF_FMRI 2>/dev/null`
if [ -z "$vcc_device" ]; then
vcc_device="virtual-console-concentrator@0"
fi
args="-i $vcc_device"
listen_addr=`$SVCPROP -p vntsd/listen_addr $SMF_FMRI 2>/dev/null`
if [ -n "$listen_addr" ]; then
args="$args -p $listen_addr"
fi
timeout=`$SVCPROP -p vntsd/timeout_minutes $SMF_FMRI 2>/dev/null`
if [ -n "$timeout" ]; then
args="$args -t $timeout"
fi
auth=`$SVCPROP -p vntsd/authorization $SMF_FMRI 2>/dev/null`
if [ "$auth" = "true" ]; then
args="$args -A"
fi
if [ -x /usr/lib/ldoms/vntsd ]; then
/usr/lib/ldoms/vntsd $args
rc=$?
if [ $rc -ne 0 ]; then
# if vntsd exited in error with status 1, let SMF restart it
# otherwise we want it to go into maintenance.
if [ $rc -eq 1 ]; then
exit $SMF_ERR_OTHER
else
exit $SMF_ERR_FATAL
fi
fi
else
echo "WARNING: /usr/lib/ldoms/vntsd is missing or not executable" >& 2
exit $SMF_EXIT_ERR_CONFIG
fi
exit $SMF_EXIT_OK