preremove revision 25cf1a301a396c38e8adf52c15f537b80d2483f7
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# CDDL HEADER START
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# The contents of this file are subject to the terms of the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Common Development and Distribution License (the "License").
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov# You may not use this file except in compliance with the License.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# See the License for the specific language governing permissions
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# and limitations under the License.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# When distributing Covered Code, include this CDDL HEADER in each
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# If applicable, add the following below this CDDL HEADER, with the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# fields enclosed by brackets "[]" replaced with your own identifying
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# information: Portions Copyright [yyyy] [name of copyright owner]
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# CDDL HEADER END
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe#pragma ident "%Z%%M% %I% %E% SMI"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Use is subject to license terms.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Update IPsec policy configuration file only if installed
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# on a Sun Fire 15000.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Function to update ipsecinit.conf if necessary.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# remove_ipsecinit_entry sport|dport service apply|permit \
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# auth_algs [sa_state]
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Note: If an entry exists that uses the same (sport|dport)/service
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# combination, the default entry is not removed. This is to prevent
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# the removal of any custom policies that might have been established.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe default="{ $1 $2 ulp tcp } $3 { auth_algs $4 }"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe default="{ $1 $2 ulp tcp } $3 { auth_algs $4 sa $5 }"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if [ $? -eq 0 ]; then
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe sed "/$default/d" $IPSECINIT > /tmp/ipsec.$$ && \
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe /$1.*$2/ { exit 1 }
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if [ $? -eq 1 ]; then
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe echo "Found a policy for $1 $2 that does not match the" \
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe# Remove all of our default policies
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Loweremove_ipsecinit_entry sport sun-dr apply md5 unique
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Loweremove_ipsecinit_entry dport cvc_hostd permit md5
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Loweremove_ipsecinit_entry sport cvc_hostd apply md5 unique
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe echo "NOTICE: One or more of the default IPsec policies for the"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe echo "Sun Fire 15000 services has been modified. As a result, the"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe echo "modified policy for those services was not removed. Please"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe echo "verify that the /etc/inet/ipsecinit.conf file is correct."
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe echo "For more information, refer to sckmd(1M) and ipsecconf(1M)."