1 #!/sbin/sh
2 #
3 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
4 # Use is subject to license terms.
5 #
6 # CDDL HEADER START
7 #
8 # The contents of this file are subject to the terms of the
9 # Common Development and Distribution License (the "License").
10 # You may not use this file except in compliance with the License.
11 #
12 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
13 # or http://www.opensolaris.org/os/licensing.
14 # See the License for the specific language governing permissions
15 # and limitations under the License.
16 #
17 # When distributing Covered Code, include this CDDL HEADER in each
18 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
19 # If applicable, add the following below this CDDL HEADER, with the
20 # fields enclosed by brackets "[]" replaced with your own identifying
21 # information: Portions Copyright [yyyy] [name of copyright owner]
22 #
23 # CDDL HEADER END
24 #
25 # Start script for vntsd
26 #
27 # For modifying parameters passed to vntsd, do not edit
28 # this script. Instead use svccfg(1m) to modify the SMF
29 # repository. For example:
30 #
31 # svccfg
32 # svc:> select ldoms/vntsd
33 # svc:/ldoms/vntsd> setprop vntsd/vcc_device = "virtual-console-concentrator@1"
34 # svc:/ldoms/vntsd> setprop vntsd/listen_addr = "192.168.1.1"
35 # svc:/ldoms/vntsd> setprop vntsd/authorization="true"
36 # svc:/ldoms/vntsd> exit
37
38 . /lib/svc/share/smf_include.sh
39
40 AUTH_ATTR=/etc/security/auth_attr
41 USER_ATTR=/etc/user_attr
42 GREP=/usr/bin/grep
43 CAT=/usr/bin/cat
44 ED=/usr/bin/ed
45 SVCCFG=/usr/sbin/svccfg
46 SVCPROP=/bin/svcprop
47
48 #
49 # Add LDoms vntsd authorization entries to etc/security/auth_attr if not
50 # present. These define authorizations used by LDoms vntsd daemon.
51 #
52 add_auth_entries()
53 {
54 # Add entries to auth_attr file, if needed
55 $GREP '^solaris.vntsd.:' ${AUTH_ATTR} >/dev/null 2>&1
56 if [ $? -ne 0 ] ; then
57 $CAT >>${AUTH_ATTR} << EOF
58 # Added by svc-vntsd
59 solaris.vntsd.:::LDoms vntsd Administration::
60 solaris.vntsd.grant:::Delegate LDoms vntsd Administration::
61 solaris.vntsd.consoles:::Access All LDoms Guest Consoles::
62 # End of svc-vntsd
63 EOF
64 fi
65 }
66
67 #
68 # Add a LDoms user/role entry to etc/user_attr if not present.
69 # This defines user/role used by useradd or roleadd.
70 #
71 add_user_entries()
72 {
73 #
74 # Add entries to user_attr file, if needed.
75 #
76 $GREP 'solaris.vntsd.grant' ${USER_ATTR} >/dev/null 2>&1
77
78 if [ $? -ne 0 ] ; then
79
80 $GREP '^root' ${USER_ATTR} | $GREP 'auths=' >/dev/null 2>&1
81 if [ $? -eq 0 ] ; then
82 #
83 # Add vntsd attribute to an existing root entry.
84 #
85 $ED -s ${USER_ATTR} <<- EOF > /dev/null 2>&1
86 g/^root.*auths\=/s/^roo.*auths\=/&solaris.vntsd.grant,/
87 w
88 q
89 EOF
90 else
91 #
92 # Add a root entry with vntsd attribute.
93 #
94 $CAT >>${USER_ATTR} << EOF
95 # Added by svc-vntsd
96 root::::type=normal;auths=solaris.vntsd.grant;lock_after_retries=0
97 # End of svc-vntsd
98 EOF
99 fi
100 fi
101 }
102
103 #
104 # Update 'vntsd' authorizations in the relevant files. Note that adding these
105 # entries from this smf script rather than from the pkg install scripts,
106 # ensures that they are added only if the vntsd service is being enabled; and
107 # hence avoids adding these entries unnecessarily into client guest domains.
108 # The functions check before adding, that the entries are not already present.
109 #
110 add_auth_entries
111 add_user_entries
112
113 vcc_device=`$SVCPROP -p vntsd/vcc_device $SMF_FMRI 2>/dev/null`
114 if [ -z "$vcc_device" ]; then
115 vcc_device="virtual-console-concentrator@0"
116 fi
117 args="-i $vcc_device"
118
119 listen_addr=`$SVCPROP -p vntsd/listen_addr $SMF_FMRI 2>/dev/null`
120 if [ -n "$listen_addr" ]; then
121 args="$args -p $listen_addr"
122 fi
123
124 timeout=`$SVCPROP -p vntsd/timeout_minutes $SMF_FMRI 2>/dev/null`
125 if [ -n "$timeout" ]; then
126 args="$args -t $timeout"
127 fi
128
129 auth=`$SVCPROP -p vntsd/authorization $SMF_FMRI 2>/dev/null`
130 if [ "$auth" = "true" ]; then
131 args="$args -A"
132 fi
133
134 #
135 # If we don't have a vcc device we don't want to try to start vntsd. By default
136 # newer versions of the factory settings will try to start vntsd by default.
137 # Since we may be installed on a machine with an older firmware we need to make
138 # sure that we don't try to start if the virtual console concentrator is not
139 # present.
140 #
141 VNTSD_DEV='/devices/virtual-devices@100/channel-devices@200/virtual-console-concentrator@0:ctl'
142 if [ ! -c "$VNTSD_DEV" ]; then
143 echo "The Virtual Network Terminal Server service has been disabled" \
144 "because the system has no virtual console concentrator (vcc)" \
145 "device."
146 /usr/sbin/svcadm disable -t "$SMF_FMRI"
147 sleep 5 &
148 exit $SMF_EXIT_OK
149 fi
150
151 if [ -x /usr/lib/ldoms/vntsd ]; then
152 /usr/lib/ldoms/vntsd $args
153 rc=$?
154 if [ $rc -ne 0 ]; then
155 # if vntsd exited in error with status 1, let SMF restart it
156 # otherwise we want it to go into maintenance.
157 if [ $rc -eq 1 ]; then
158 exit $SMF_ERR_OTHER
159 else
160 exit $SMF_ERR_FATAL
161 fi
162 fi
163 else
164 echo "WARNING: /usr/lib/ldoms/vntsd is missing or not executable" >& 2
165 exit $SMF_EXIT_ERR_CONFIG
166 fi
167
168 exit $SMF_EXIT_OK