1 #!/sbin/sh
2 #
3 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
4 # Use is subject to license terms.
5 #
6 # Copyright 2017 RackTop Systems.
7 #
8 # CDDL HEADER START
9 #
10 # The contents of this file are subject to the terms of the
11 # Common Development and Distribution License (the "License").
12 # You may not use this file except in compliance with the License.
13 #
14 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
15 # or http://www.opensolaris.org/os/licensing.
16 # See the License for the specific language governing permissions
17 # and limitations under the License.
18 #
19 # When distributing Covered Code, include this CDDL HEADER in each
20 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
21 # If applicable, add the following below this CDDL HEADER, with the
22 # fields enclosed by brackets "[]" replaced with your own identifying
23 # information: Portions Copyright [yyyy] [name of copyright owner]
24 #
25 # CDDL HEADER END
26 #
27 # Start script for vntsd
28 #
29 # For modifying parameters passed to vntsd, do not edit
30 # this script. Instead use svccfg(1m) to modify the SMF
31 # repository. For example:
32 #
33 # svccfg
34 # svc:> select ldoms/vntsd
35 # svc:/ldoms/vntsd> setprop vntsd/vcc_device = "virtual-console-concentrator@1"
36 # svc:/ldoms/vntsd> setprop vntsd/listen_addr = "192.168.1.1"
37 # svc:/ldoms/vntsd> setprop vntsd/authorization="true"
38 # svc:/ldoms/vntsd> exit
39
40 . /lib/svc/share/smf_include.sh
41
42 AUTH_ATTR=/etc/security/auth_attr
43 USER_ATTR=/etc/user_attr
44 GREP=/usr/bin/grep
45 CAT=/usr/bin/cat
46 ED=/usr/bin/ed
47 SVCCFG=/usr/sbin/svccfg
48 SVCPROP=/bin/svcprop
49
50 #
51 # Add LDoms vntsd authorization entries to etc/security/auth_attr if not
52 # present. These define authorizations used by LDoms vntsd daemon.
53 #
54 add_auth_entries()
55 {
56 # Add entries to auth_attr file, if needed
57 $GREP '^solaris.vntsd.:' ${AUTH_ATTR} >/dev/null 2>&1
58 if [ $? -ne 0 ] ; then
59 $CAT >>${AUTH_ATTR} << EOF
60 # Added by svc-vntsd
61 solaris.vntsd.:::LDoms vntsd Administration::
62 solaris.vntsd.grant:::Delegate LDoms vntsd Administration::
63 solaris.vntsd.consoles:::Access All LDoms Guest Consoles::
64 # End of svc-vntsd
65 EOF
66 fi
67 }
68
69 #
70 # Add a LDoms user/role entry to etc/user_attr if not present.
71 # This defines user/role used by useradd or roleadd.
72 #
73 add_user_entries()
74 {
75 #
76 # Add entries to user_attr file, if needed.
77 #
78 $GREP 'solaris.vntsd.grant' ${USER_ATTR} >/dev/null 2>&1
79
80 if [ $? -ne 0 ] ; then
81
82 $GREP '^root' ${USER_ATTR} | $GREP 'auths=' >/dev/null 2>&1
83 if [ $? -eq 0 ] ; then
84 #
85 # Add vntsd attribute to an existing root entry.
86 #
87 $ED -s ${USER_ATTR} <<- EOF > /dev/null 2>&1
88 g/^root.*auths\=/s/^roo.*auths\=/&solaris.vntsd.grant,/
89 w
90 q
91 EOF
92 else
93 #
94 # Add a root entry with vntsd attribute.
95 #
96 $CAT >>${USER_ATTR} << EOF
97 # Added by svc-vntsd
98 root::::type=normal;auths=solaris.vntsd.grant;lock_after_retries=0
99 # End of svc-vntsd
100 EOF
101 fi
102 fi
103 }
104
105 #
106 # Update 'vntsd' authorizations in the relevant files. Note that adding these
107 # entries from this smf script rather than from the pkg install scripts,
108 # ensures that they are added only if the vntsd service is being enabled; and
109 # hence avoids adding these entries unnecessarily into client guest domains.
110 # The functions check before adding, that the entries are not already present.
111 #
112 add_auth_entries
113 add_user_entries
114
115 vcc_device=`$SVCPROP -p vntsd/vcc_device $SMF_FMRI 2>/dev/null`
116 if [ -z "$vcc_device" ]; then
117 vcc_device="virtual-console-concentrator@0"
118 fi
119 args="-i $vcc_device"
120
121 listen_addr=`$SVCPROP -p vntsd/listen_addr $SMF_FMRI 2>/dev/null`
122 if [ -n "$listen_addr" ]; then
123 args="$args -p $listen_addr"
124 fi
125
126 timeout=`$SVCPROP -p vntsd/timeout_minutes $SMF_FMRI 2>/dev/null`
127 if [ -n "$timeout" ]; then
128 args="$args -t $timeout"
129 fi
130
131 auth=`$SVCPROP -p vntsd/authorization $SMF_FMRI 2>/dev/null`
132 if [ "$auth" = "true" ]; then
133 args="$args -A"
134 fi
135
136 #
137 # If we don't have a vcc device we don't want to try to start vntsd. By default
138 # newer versions of the factory settings will try to start vntsd by default.
139 # Since we may be installed on a machine with an older firmware we need to make
140 # sure that we don't try to start if the virtual console concentrator is not
141 # present.
142 #
143 VNTSD_DEV='/devices/virtual-devices@100/channel-devices@200/virtual-console-concentrator@0:ctl'
144 if [ ! -c "$VNTSD_DEV" ]; then
145 echo "The Virtual Network Terminal Server service has been disabled" \
146 "because the system has no virtual console concentrator (vcc)" \
147 "device."
148 /usr/sbin/svcadm disable -t "$SMF_FMRI"
149 exit $SMF_EXIT_TEMP_TRANSIENT
150 fi
151
152 if [ -x /usr/lib/ldoms/vntsd ]; then
153 /usr/lib/ldoms/vntsd $args
154 rc=$?
155 if [ $rc -ne 0 ]; then
156 # if vntsd exited in error with status 1, let SMF restart it
157 # otherwise we want it to go into maintenance.
158 if [ $rc -eq 1 ]; then
159 exit $SMF_ERR_OTHER
160 else
161 exit $SMF_ERR_FATAL
162 fi
163 fi
164 else
165 echo "WARNING: /usr/lib/ldoms/vntsd is missing or not executable" >& 2
166 exit $SMF_EXIT_ERR_CONFIG
167 fi
168
169 exit $SMF_EXIT_OK