Print this page
4337 eliminate /etc/TIMEZONE
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/tsol/misc/txzonemgr.sh
+++ new/usr/src/cmd/tsol/misc/txzonemgr.sh
1 1 #!/bin/ksh
2 2 #
3 3 # CDDL HEADER START
4 4 #
5 5 # The contents of this file are subject to the terms of the
6 6 # Common Development and Distribution License (the "License").
7 7 # You may not use this file except in compliance with the License.
8 8 #
9 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 # or http://www.opensolaris.org/os/licensing.
11 11 # See the License for the specific language governing permissions
12 12 # and limitations under the License.
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
13 13 #
14 14 # When distributing Covered Code, include this CDDL HEADER in each
15 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 # If applicable, add the following below this CDDL HEADER, with the
17 17 # fields enclosed by brackets "[]" replaced with your own identifying
18 18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 19 #
20 20 # CDDL HEADER END
21 21 #
22 22 # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
23 +# Copyright 2014 Garrett D'Amore
23 24 #
24 25 #
25 26
26 27 # This script provides a simple GUI for managing labeled zones.
27 28 # It provides contextual menus which provide appropriate choices.
28 29 # It must be run in the global zone as root.
29 30
30 31 # These arguments are accepted, and will result in non-interactive
31 32 # (text-only) mode:
32 33 #
33 34 # txzonemgr [-c | -d[f]]
34 35 #
35 36 # -c create default zones
36 37 # -d destroy all zones; prompts for confirmation unless
37 38 # the -f flag is also specified
38 39 # -f force
39 40 #
40 41
41 42 # DISP - use GUI (otherwise use non-interactive mode)
42 43 DISP=1
43 44 # CREATEDEF - make default zones (non-interactive)
44 45 CREATEDEF=0
45 46 # DESTROYZONES - tear down all zones (non-interactive)
46 47 DESTROYZONES=0
47 48 # FORCE - force
48 49 FORCE=0
49 50
50 51 NSCD_PER_LABEL=0
51 52 NSCD_INDICATOR=/var/tsol/doors/nscd_per_label
52 53 if [ -f $NSCD_INDICATOR ] ; then
53 54 NSCD_PER_LABEL=1
54 55 fi
55 56
56 57 myname=$(basename $0)
57 58
58 59 TXTMP=/tmp/txzonemgr
59 60 TNRHTP=/etc/security/tsol/tnrhtp
60 61 TNRHDB=/etc/security/tsol/tnrhdb
61 62 TNZONECFG=/etc/security/tsol/tnzonecfg
62 63 PUBZONE=public
63 64 INTZONE=internal
64 65
65 66 PATH=/usr/bin:/usr/sbin:/usr/lib export PATH
66 67 title="Labeled Zone Manager 2.1"
67 68
68 69 msg_defzones=$(gettext "Create default zones using default settings?")
69 70 msg_confirmkill=$(gettext "OK to destroy all zones?")
70 71 msg_continue=$(gettext "(exit to resume $(basename $0) when ready)")
71 72 msg_getlabel=$(gettext "Select a label for the")
72 73 msg_getremote=$(gettext "Select a remote host or network from the list below:")
73 74 msg_getnet=$(gettext "Select a network configuration for the")
74 75 msg_getzone=$(gettext "Select a zone from the list below:
75 76 (select global for zone creation and shared settings)")
76 77 msg_getcmd=$(gettext "Select a command from the list below:")
77 78 msg_inuse=$(gettext "That label is already assigned\nto the")
78 79 msg_getmin=$(gettext "Select the minimum network label for the")
79 80 msg_getmax=$(gettext "Select the maximum network label for the")
80 81 msg_badip=$(gettext " is not a valid IP address")
81 82
82 83
83 84 process_options()
84 85 {
85 86 typeset opt optlist
86 87
87 88 optlist='cdf'
88 89
89 90 while getopts ":$optlist" opt
90 91 do
91 92 case $opt in
92 93 c) CREATEDEF=1
93 94 DISP=0
94 95 ;;
95 96 d) DESTROYZONES=1
96 97 DISP=0
97 98 ;;
98 99 f) FORCE=1
99 100 ;;
100 101 *) gettext "invalid option -$OPTARG\n"
101 102 usage
102 103 return 2
103 104 ;;
104 105 esac
105 106 done
106 107
107 108 if [ $CREATEDEF -eq 1 -a $DESTROYZONES -eq 1 ] ; then
108 109 gettext "cannot combine options -c and -d\n"
109 110 usage
110 111 return 2
111 112 fi
112 113 if [ $CREATEDEF -eq 1 -a $FORCE -eq 1 ] ; then
113 114 gettext "option -f not allowed with -c\n"
114 115 usage
115 116 return 2
116 117 fi
117 118 if [ $FORCE -eq 1 -a $CREATEDEF -eq 0 -a $DESTROYZONES -eq 0 ] ; then
118 119 gettext "option -f specified without any other options\n"
119 120 usage
120 121 return 2
121 122 fi
122 123
123 124 shift $((OPTIND - 1))
124 125 if [ "x$1" != "x" ] ; then
125 126 usage
126 127 return 2
127 128 fi
128 129
129 130 return 0
130 131 }
131 132
132 133 usage() {
133 134 gettext "usage: $myname [-c | -d[f]]\n"
134 135 }
135 136
136 137 consoleCheck() {
137 138 if [ $zonename != global ] ; then
138 139 zconsole=$(pgrep -f "zlogin -C $zonename")
139 140 if [ $? != 0 ] ; then
140 141 console="Zone Console...\n"
141 142 fi
142 143 fi
143 144 }
144 145
145 146 labelCheck() {
146 147 hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2);
147 148 if [[ $hexlabel ]] ; then
148 149 label=
149 150 if [ $zonename = global ] ; then
150 151 template="admin_low"
151 152 addcipsohost="Add Multilevel Access to Remote Host...\n"
152 153 removecipsohost="Remove Multilevel Access to Remote Host...\n"
153 154 setmlps="Configure Multilevel Ports...\n"
154 155 else
155 156 template=${zonename}_unlab
156 157 addcipsohost=
157 158 removecipsohost=
158 159 setmlps=
159 160
160 161 net=$(zonecfg -z $zonename info net)
161 162 if [[ -n $net ]] ; then
162 163 setmlps="Configure Multilevel Ports...\n"
163 164 elif [ $zonestate = configured ] ; then
164 165 addnet="Configure Network Interfaces...\n"
165 166 fi
166 167 fi
167 168 addremotehost="Add Single-level Access to Remote Host...\n"
168 169 remotes=$(grep -v "^#" $TNRHDB|grep $template)
169 170 if [ $? = 0 ] ; then
170 171 removeremotehost="Remove Single-level Access to Remote Host...\n"
171 172 else
172 173 removeremotehost=
173 174 fi
174 175 else
175 176 label="Select Label...\n"
176 177 addremotehost=
177 178 removeremotehost=
178 179 addcipsohost=
179 180 removecipsohost=
180 181 setmlps=
181 182 fi
182 183 }
183 184
184 185 cloneCheck() {
185 186 set -A zonelist
186 187 integer clone_cnt=0
187 188 for p in $(zoneadm list -ip) ; do
188 189 z=$(echo "$p"|cut -d : -f2)
189 190 s=$(echo "$p"|cut -d : -f3)
190 191 if [ $z = $zonename ] ; then
191 192 continue
192 193 elif [ $s = "installed" ] ; then
193 194 zonelist[clone_cnt]=$z
194 195 clone_cnt+=1
195 196 fi
196 197 done
197 198 if [ $clone_cnt -gt 0 ] ; then
198 199 clone="Clone...\n"; \
199 200 fi
200 201 }
201 202
202 203 relabelCheck() {
203 204 macstate=$(zonecfg -z $zonename info|grep win_mac_write)
204 205 if [[ -n $macstate ]] ; then
205 206 permitrelabel="Deny Relabeling\n"
206 207 else
207 208 permitrelabel="Permit Relabeling\n"
208 209 fi
209 210 }
210 211
211 212 autobootCheck() {
212 213 bootmode=$(zonecfg -z $zonename info autoboot)
213 214 if [[ $bootmode == 'autoboot: true' ]] ; then
214 215 autoboot="Set Manual Booting\n"
215 216 else
216 217 autoboot="Set Automatic Booting\n"
217 218 fi
218 219 }
219 220
220 221 newZone() {
221 222 if [[ ! -n $zonename ]] ; then
222 223 zonename=$(zenity --entry \
223 224 --title="$title" \
224 225 --width=330 \
225 226 --entry-text="" \
226 227 --text="Enter Zone Name: ")
227 228
228 229 if [[ ! -n $zonename ]] ; then
229 230 zonename=global
230 231 return
231 232 fi
232 233 fi
233 234 zonecfg -z $zonename "create -t SUNWtsoldef;\
234 235 set zonepath=/zone/$zonename"
235 236 }
236 237
237 238 removeZoneBEs() {
238 239 delopt=$*
239 240
240 241 zfs list -H $ZDSET/$zonename 1>/dev/null 2>&1
241 242 if [ $? = 0 ] ; then
242 243 for zbe in $(zfs list -rHo name $ZDSET/$zonename|grep ROOT/zbe) ; do
243 244 zfs destroy $delopt $zbe
244 245 done
245 246 fi
246 247 }
247 248
248 249 updateTemplate () {
249 250 if [ $hostType = cipso ] ; then
250 251 template=${zonename}_cipso
251 252 deflabel=
252 253 else
253 254 template=${zonename}_unlab
254 255 deflabel="def_label=${hexlabel};"
255 256 fi
256 257
257 258 tnzone=$(grep "^${template}:" $TNRHTP 2>/dev/null)
258 259 if [ $? -eq 0 ] ; then
259 260 sed -e "/^${template}/d" $TNRHTP > $TXTMP/tnrhtp.$$ 2>/dev/null
260 261 mv $TXTMP/tnrhtp.$$ $TNRHTP
261 262 fi
262 263 print "${template}:host_type=${hostType};doi=1;min_sl=${minlabel};max_sl=${maxlabel};$deflabel" >> $TNRHTP
263 264 tnctl -t $template
264 265 }
265 266
266 267 setTNdata () {
267 268 tnzline="$zonename:${hexlabel}:0::"
268 269 grep "^$tnzline" $TNZONECFG 1>/dev/null 2>&1
269 270 if [ $? -eq 1 ] ; then
270 271 print "$tnzline" >> $TNZONECFG
271 272 fi
272 273
273 274 #
274 275 # Add matching entries in tnrhtp if necessary
275 276 #
276 277 minlabel=admin_low
277 278 maxlabel=admin_high
278 279 hostType=cipso
279 280 updateTemplate
280 281
281 282 hostType=unlabeled
282 283 updateTemplate
283 284 }
284 285
285 286 selectLabel() {
286 287 hexlabel=$(tgnome-selectlabel \
287 288 --title="$title" \
288 289 --text="$msg_getlabel $zonename zone:" \
289 290 --min="${DEFAULTLABEL}" \
290 291 --default="${DEFAULTLABEL}" \
291 292 --max=$(chk_encodings -X) \
292 293 --accredcheck=yes \
293 294 --mode=sensitivity \
294 295 --format=internal)
295 296 if [ $? = 0 ] ; then
296 297 x=$(grep -i :{$hexlabel}: $TNZONECFG)
297 298 if [ $? = 0 ] ; then
298 299 z=$(print $x|cut -d : -f1)
299 300 x=$(zenity --error \
300 301 --title="$title" \
301 302 --text="$msg_inuse $z zone.")
302 303 else
303 304 setTNdata
304 305 fi
305 306 fi
306 307 }
307 308
308 309 getLabelRange() {
309 310 deflabel=$(hextoalabel $hexlabel)
310 311 minlabel=$(tgnome-selectlabel \
311 312 --title="$title" \
312 313 --text="$msg_getmin $zonename zone:" \
313 314 --min="${DEFAULTLABEL}" \
314 315 --max="$deflabel" \
315 316 --default="$hexlabel" \
316 317 --accredcheck=no \
317 318 --mode=sensitivity \
318 319 --format=internal)
319 320 [ $? != 0 ] && return
320 321
321 322 maxlabel=$(tgnome-selectlabel \
322 323 --title="$title" \
323 324 --text="$msg_getmax $zonename zone:" \
324 325 --min="$deflabel" \
325 326 --max=$(chk_encodings -X) \
326 327 --default="$hexlabel" \
327 328 --accredcheck=no \
328 329 --mode=sensitivity \
329 330 --format=internal)
330 331 [ $? != 0 ] && return
331 332
332 333 hostType=cipso
333 334 updateTemplate
334 335 }
335 336
336 337
337 338 encryptionValues() {
338 339 echo $(zfs get 2>&1 | grep encryption | sed -e s/^.*YES// -e s/\|//g)
339 340 }
340 341
341 342 getPassphrase() {
342 343 pass1=$(zenity --entry --title="$title" --text="Enter passphrase:" \
343 344 --width=330 --hide-text)
344 345 pass2=$(zenity --entry --title="$title" --text="Re-enter passphrase:" \
345 346 --width=330 --hide-text)
346 347 if [[ "$pass1" != "$pass2" ]]; then
347 348 zenity --error --title="$title" \
348 349 --text="Passphrases do not match"
349 350 return ""
350 351 fi
351 352 file=$(mktemp)
352 353 echo "$pass1" > $file
353 354 echo "$file"
354 355 }
355 356
356 357 createZDSET() {
357 358 options=$1
358 359 pool=${2%%/*}
359 360
360 361 # First check if ZFS encrytption support is available
361 362 pversion=$(zpool list -H -o version $pool)
362 363 cversion=$(zpool upgrade -v | grep Crypto | awk '{ print $1 }')
363 364 if (( cversion == 0 || pversion < cversion )); then
364 365 zfs create $options $ZDSET
365 366 return
366 367 fi
367 368
368 369 encryption=$(zenity --list --title="$title" --height=320 \
369 370 --text="Select cipher for encryption of all labels:" \
370 371 --column="encryption" $(encryptionValues))
371 372
372 373 if [[ $? != 0 || $encryption == "off" ]]; then
373 374 zfs create $options $ZDSET
374 375 return
375 376 fi
376 377
377 378 format=$(zenity --list --title="$title" \
378 379 --text "Select encryption key source:" \
379 380 --column="Key format and location" \
380 381 "Passphrase" "Generate Key in file")
381 382 [ $? != 0 ] && exit
382 383
383 384 if [[ $format == "Passphrase" ]]; then
384 385 file=$(getPassphrase)
385 386 if [[ $file == "" ]]; then
386 387 exit
387 388 fi
388 389 keysource="passphrase,file://$file"
389 390 removefile=1;
390 391 elif [[ $format == "Generate Key in file" ]]; then
391 392 file=$(zenity --file-selection \
392 393 --title="$title: Location of key file" \
393 394 --save --confirm-overwrite)
394 395 [ $? != 0 ] && exit
395 396 if [[ $encryption == "on" ]]; then
396 397 keylen=128
397 398 else
398 399 t=${encryption#aes-} && keylen=${t%%-*}
399 400 fi
400 401 pktool genkey keystore=file keytype=aes \
401 402 keylen=$keylen outkey=$file
402 403 keysource="raw,file:///$file"
403 404 fi
404 405
405 406 options="$options -o encryption=$encryption -o keysource=$keysource"
406 407 zfs create $options $ZDSET
407 408 if (( removefile == 1 )); then
408 409 zfs set keysource=passphrase,prompt $ZDSET
409 410 rm $file
410 411 fi
411 412 }
412 413
413 414
414 415 initialize() {
415 416 zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4)
416 417 ZONE_ETC_DIR=$zonepath/root/etc
417 418 SYSIDCFG=${ZONE_ETC_DIR}/sysidcfg
418 419
419 420 if [ -f /var/ldap/ldap_client_file ] ; then
420 421 ldapaddress=$(ldapclient list | \
421 422 grep "^NS_LDAP_SERVERS" | cut -d " " -f2)
422 423 print "name_service=LDAP {" > ${SYSIDCFG}
423 424 domain=$(domainname)
424 425 print "domain_name=$domain" >> ${SYSIDCFG}
425 426 profName=$(ldapclient list | \
426 427 grep "^NS_LDAP_PROFILE" | cut -d " " -f2)
427 428 proxyPwd=$(ldapclient list | \
428 429 grep "^NS_LDAP_BINDPASSWD" | cut -d " " -f2)
429 430 proxyDN=$(ldapclient list | \
430 431 grep "^NS_LDAP_BINDDN" | cut -d " " -f 2)
431 432 if [ "$proxyDN" ] ; then
432 433 print "proxy_dn=\"$proxyDN\"" >> ${SYSIDCFG}
433 434 print "proxy_password=\"$proxyPwd\"" >> ${SYSIDCFG}
434 435 fi
435 436 print "profile=$profName" >> ${SYSIDCFG}
436 437 print "profile_server=$ldapaddress }" >> ${SYSIDCFG}
|
↓ open down ↓ |
404 lines elided |
↑ open up ↑ |
437 438 cp /etc/nsswitch.conf $ZONE_ETC_DIR/nsswitch.ldap
438 439 else
439 440 print "name_service=NONE" > ${SYSIDCFG}
440 441 fi
441 442 print "security_policy=NONE" >> ${SYSIDCFG}
442 443 locale=$(locale|grep LANG | cut -d "=" -f2)
443 444 if [[ -z $locale ]] ; then
444 445 locale="C"
445 446 fi
446 447 print "system_locale=$locale" >> ${SYSIDCFG}
447 - timezone=$(grep "^TZ" /etc/TIMEZONE|cut -d "=" -f2)
448 + timezone=$(grep "^TZ" /etc/default/init|cut -d "=" -f2)
448 449 print "timezone=$timezone" >> ${SYSIDCFG}
449 450 print "terminal=vt100" >> ${SYSIDCFG}
450 451 rootpwd=$(grep "^root:" /etc/shadow|cut -d : -f2)
451 452
452 453 # There are two problems with setting the root password:
453 454 # The zone's shadow file may be read-only
454 455 # The password contains unparsable characters
455 456 # so the following line is commented out until this is resolved.
456 457
457 458 #print "root_password=$rootpwd" >> ${SYSIDCFG}
458 459 print "nfs4_domain=dynamic" >> ${SYSIDCFG}
459 460 print "network_interface=PRIMARY {" >> ${SYSIDCFG}
460 461
461 462 net=$(zonecfg -z $zonename info net)
462 463 ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2)
463 464 if [ $ipType = exclusive ] ; then
464 465 hostname=$(zenity --entry \
465 466 --title="$title" \
466 467 --width=330 \
467 468 --text="${zonename}0: Enter Hostname or dhcp: ")
468 469 [ $? != 0 ] && return
469 470
470 471 if [ $hostname = dhcp ] ; then
471 472 print "dhcp" >> ${SYSIDCFG}
472 473 else
473 474 print "hostname=$hostname" >> ${SYSIDCFG}
474 475 ipaddr=$(getent hosts $hostname|cut -f1)
475 476 if [ $? != 0 ] ; then
476 477 ipaddr=$(zenity --entry \
477 478 --title="$title" \
478 479 --text="$nic: Enter IP address: " \
479 480 --entry-text a.b.c.d)
480 481 [ $? != 0 ] && return
481 482
482 483 validateIPaddr
483 484 if [[ -z $ipaddr ]] ; then
484 485 return
485 486 fi
486 487 fi
487 488 print "ip_address=$ipaddr" >> ${SYSIDCFG}
488 489 getNetmask
489 490 print "netmask=$nm" >> ${SYSIDCFG}
490 491 print "default_route=none" >> ${SYSIDCFG}
491 492 template=${zonename}_cipso
492 493 cidr=32
493 494 updateTnrhdb
494 495 fi
495 496 elif [[ -n $net ]] ; then
496 497 hostname=$(hostname)
497 498 hostname=$(zenity --entry \
498 499 --title="$title" \
499 500 --width=330 \
500 501 --text="Enter Hostname: " \
501 502 --entry-text $hostname)
502 503 [ $? != 0 ] && return
503 504
504 505 print "hostname=$hostname" >> ${SYSIDCFG}
505 506 ipaddr=$(getent hosts $hostname|cut -f1)
506 507 if [ $? = 0 ] ; then
507 508 print "ip_address=$ipaddr" >> ${SYSIDCFG}
508 509 fi
509 510 else
510 511 getAllZoneNICs
511 512 for i in ${aznics[*]} ; do
512 513 ipaddr=$(ifconfig $i|grep inet|cut -d " " -f2)
513 514 done
514 515 print "hostname=$(hostname)" >> ${SYSIDCFG}
515 516 print "ip_address=$ipaddr" >> ${SYSIDCFG}
516 517 fi
517 518
518 519 print "protocol_ipv6=no }" >> ${SYSIDCFG}
519 520 cp /etc/default/nfs ${ZONE_ETC_DIR}/default/nfs
520 521 touch ${ZONE_ETC_DIR}/.NFS4inst_state.domain
521 522 }
522 523
523 524 clone() {
524 525 image=$1
525 526 if [[ -z $image ]] ; then
526 527 msg_clone=$(gettext "Clone the $zonename zone using a
527 528 snapshot of one of the following halted zones:")
528 529 image=$(zenity --list \
529 530 --title="$title" \
530 531 --text="$msg_clone" \
531 532 --height=300 \
532 533 --width=330 \
533 534 --column="Installed Zones" ${zonelist[*]})
534 535 fi
535 536
536 537 if [[ -n $image ]] ; then
537 538 removeZoneBEs
538 539 zoneadm -z $zonename clone $image
539 540
540 541 if [ $NSCD_PER_LABEL = 0 ] ; then
541 542 sharePasswd $zonename
542 543 else
543 544 unsharePasswd $zonename
544 545 fi
545 546
546 547 ipType=$(zonecfg -z $zonename info ip-type|cut -d" " -f2)
547 548 if [ $ipType = exclusive ] ; then
548 549 zoneadm -z $zonename ready
549 550 zonepath=$(zoneadm -z $zonename list -p|cut -d : -f4)
550 551 sys-unconfig -R $zonepath/root 2>/dev/null
551 552 initialize
552 553 zoneadm -z $zonename halt
553 554 fi
554 555 fi
555 556 }
556 557
557 558 install() {
558 559 removeZoneBEs
559 560 if [ $DISP -eq 0 ] ; then
560 561 gettext "installing zone $zonename ...\n"
561 562 zoneadm -z $zonename install
562 563 else
563 564 # sleep is needed here to avoid occasional timing
564 565 # problem with gnome-terminal display...
565 566 sleep 2
566 567 gnome-terminal \
567 568 --title="$title: Installing $zonename zone" \
568 569 --command "zoneadm -z $zonename install" \
569 570 --disable-factory \
570 571 --hide-menubar
571 572 fi
572 573
573 574 zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
574 575 if [ $zonestate != installed ] ; then
575 576 gettext "error installing zone $zonename.\n"
576 577 return 1
577 578 fi
578 579
579 580 if [ $NSCD_PER_LABEL = 0 ] ; then
580 581 sharePasswd $zonename
581 582 else
582 583 unsharePasswd $zonename
583 584 fi
584 585
585 586 zoneadm -z $zonename ready
586 587 zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
587 588 if [ $zonestate != ready ] ; then
588 589 gettext "error making zone $zonename ready.\n"
589 590 return 1
590 591 fi
591 592
592 593 initialize
593 594 zoneadm -z $zonename halt
594 595 }
595 596
596 597 delete() {
597 598 delopt=$*
598 599
599 600 # if there is an entry for this zone in tnzonecfg, remove it
600 601 # before deleting the zone.
601 602
602 603 tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null)
603 604 if [ -n "${tnzone}" ] ; then
604 605 sed -e "/^$zonename:/d" $TNZONECFG > \
605 606 $TXTMP/tnzonefg.$$ 2>/dev/null
606 607 mv $TXTMP/tnzonefg.$$ $TNZONECFG
607 608 fi
608 609
609 610 for tnzone in $(grep ":${zonename}_unlab" $TNRHDB 2>/dev/null) ; do
610 611 tnctl -dh "$tnzone"
611 612 sed -e "/:${zonename}_unlab/d" $TNRHDB > \
612 613 $TXTMP/tnrhdb.$$ 2>/dev/null
613 614 mv $TXTMP/tnrhdb.$$ $TNRHDB
614 615 done
615 616
616 617 for tnzone in $(grep "^${zonename}_unlab:" $TNRHTP 2>/dev/null) ; do
617 618 tnctl -dt ${zonename}_unlab
618 619 sed -e "/^${zonename}_unlab:/d" $TNRHTP > \
619 620 $TXTMP/tnrhtp.$$ 2>/dev/null
620 621 mv $TXTMP/tnrhtp.$$ $TNRHTP
621 622 done
622 623
623 624 for tnzone in $(grep ":${zonename}_cipso" $TNRHDB 2>/dev/null) ; do
624 625 tnctl -dh "$tnzone"
625 626 sed -e "/:${zonename}_cipso/d" $TNRHDB > \
626 627 $TXTMP/tnrhdb.$$ 2>/dev/null
627 628 mv $TXTMP/tnrhdb.$$ $TNRHDB
628 629 done
629 630
630 631 for tnzone in $(grep "^${zonename}_cipso:" $TNRHTP 2>/dev/null) ; do
631 632 tnctl -dt ${zonename}_cipso
632 633 sed -e "/^${zonename}_cipso:/d" $TNRHTP > \
633 634 $TXTMP/tnrhtp.$$ 2>/dev/null
634 635 mv $TXTMP/tnrhtp.$$ $TNRHTP
635 636 done
636 637
637 638 zonecfg -z $zonename delete -F
638 639
639 640 removeZoneBEs $delopt
640 641 for snap in $(zfs list -Ho name -t snapshot|grep "\@${zonename}_snap") ; do
641 642 zfs destroy -R $snap
642 643 done
643 644 }
644 645
645 646 validateIPaddr () {
646 647 OLDIFS=$IFS
647 648 IFS=.
648 649 integer octet_cnt=0
649 650 integer dummy
650 651 set -A octets $ipaddr
651 652 IFS=$OLDIFS
652 653 if [ ${#octets[*]} == 4 ] ; then
653 654 while (( octet_cnt < ${#octets[*]} )); do
654 655 dummy=${octets[octet_cnt]}
655 656 if [ $dummy = ${octets[octet_cnt]} ] ; then
656 657 if (( dummy >= 0 && \
657 658 dummy < 256 )) ; then
658 659 octet_cnt+=1
659 660 continue
660 661 fi
661 662 else
662 663 x=$(zenity --error \
663 664 --title="$title" \
664 665 --text="$ipaddr $msg_badip")
665 666 ipaddr=
666 667 return
667 668 fi
668 669 done
669 670 else
670 671 x=$(zenity --error \
671 672 --title="$title" \
672 673 --text="$ipaddr $msg_badip")
673 674 ipaddr=
674 675 fi
675 676 }
676 677
677 678 getAllZoneNICs(){
678 679 integer count=0
679 680 for i in $(ifconfig -a4|grep "^[a-z].*:")
680 681 do
681 682 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1
682 683 [ $? -eq 1 ] && continue
683 684
684 685 i=${i%:} # Remove colon after interface name
685 686 for j in $(ifconfig $i)
686 687 do
687 688 case $j in
688 689 all-zones)
689 690 aznics[count]=$i
690 691 count+=1
691 692 ;;
692 693 esac
693 694 done
694 695 done
695 696 }
696 697
697 698 getNetmask() {
698 699 cidr=
699 700 nm=$(zenity --entry \
700 701 --title="$title" \
701 702 --width=330 \
702 703 --text="$ipaddr: Enter netmask: " \
703 704 --entry-text 255.255.255.0)
704 705 [ $? != 0 ] && return;
705 706
706 707 cidr=$(perl -e 'use Socket; print unpack("%32b*",inet_aton($ARGV[0])), "\n";' $nm)
707 708 }
708 709
709 710 addNet() {
710 711 getIPaddr
711 712 if [[ -z $ipaddr ]] ; then
712 713 return;
713 714 fi
714 715 getNetmask
715 716 if [[ -z $cidr ]] ; then
716 717 return;
717 718 fi
718 719 zonecfg -z $zonename "add net; \
719 720 set address=${ipaddr}/${cidr}; \
720 721 set physical=$nic; \
721 722 end"
722 723 template=${zonename}_cipso
723 724 cidr=32
724 725 updateTnrhdb
725 726 }
726 727
727 728 getAttrs() {
728 729 zone=global
729 730 type=ignore
730 731 for j in $(ifconfig $nic)
731 732 do
732 733 case $j in
733 734 inet) type=$j;;
734 735 zone) type=$j;;
735 736 all-zones) zone=all-zones;;
736 737 flags*) flags=$j;;
737 738 *) case $type in
738 739 inet) ipaddr=$j ;;
739 740 zone) zone=$j ;;
740 741 *) continue ;;
741 742 esac;
742 743 type=ignore;;
743 744 esac
744 745 done
745 746 if [[ $flags == ~(E).UP, ]] ; then
746 747 updown=Up
747 748 else
748 749 updown=Down
749 750 fi
750 751 if [[ $nic == ~(E).: ]] ; then
751 752 linktype=logical
752 753 else
753 754 vnic=$(dladm show-vnic -po link $nic 2>/dev/null)
754 755 if [[ -n $vnic ]] ; then
755 756 linktype=virtual
756 757 else
757 758 linktype=physical
758 759 fi
759 760 fi
760 761 if [ $ipaddr != 0.0.0.0 ] ; then
761 762 x=$(grep "^${ipaddr}[^0-9]" $TNRHDB)
762 763 if [ $? = 1 ] ; then
763 764 template=cipso
764 765 cidr=32
765 766 updateTnrhdb
766 767 else
767 768 template=$(print "$x"|cut -d : -f2)
768 769 fi
769 770 else
770 771 template="..."
771 772 ipaddr="..."
772 773 fi
773 774 }
774 775 deleteTnrhdbEntry() {
775 776 remote=$(grep "^${ipaddr}[^0-9]" $TNRHDB)
776 777 if [ $? = 0 ] ; then
777 778 ip=$(print $remote|cut -d "/" -f1)
778 779 if [[ $remote == ~(E)./ ]] ; then
779 780 pr=$(print $remote|cut -d "/" -f2)
780 781 remote="$ip\\/$pr"
781 782 fi
782 783 sed -e "/^${remote}/d" $TNRHDB > /tmp/tnrhdb.$$ 2>/dev/null
783 784 mv /tmp/tnrhdb.$$ $TNRHDB
784 785 fi
785 786 }
786 787
787 788 updateTnrhdb() {
788 789 deleteTnrhdbEntry
789 790 if [[ -n $cidr ]] ; then
790 791 print "${ipaddr}/$cidr:$template" >> $TNRHDB
791 792 tnctl -h ${ipaddr}/$cidr:$template
792 793 else
793 794 print "${ipaddr}:$template" >> $TNRHDB
794 795 tnctl -h ${ipaddr}:$template
795 796 fi
796 797 }
797 798
798 799 getIPaddr() {
799 800 hostname=$(zenity --entry \
800 801 --title="$title" \
801 802 --width=330 \
802 803 --text="$nic: Enter Hostname: ")
803 804
804 805 [ $? != 0 ] && return
805 806
806 807 ipaddr=$(getent hosts $hostname|cut -f1)
807 808 if [[ -z $ipaddr ]] ; then
808 809 ipaddr=$(zenity --entry \
809 810 --title="$title" \
810 811 --text="$nic: Enter IP address: " \
811 812 --entry-text a.b.c.d)
812 813 [ $? != 0 ] && return
813 814 validateIPaddr
814 815 fi
815 816
816 817 }
817 818
818 819 addHost() {
819 820 # Update hosts
820 821 if [[ -z $ipaddr ]] ; then
821 822 return;
822 823 fi
823 824 grep "^${ipaddr}[^0-9]" /etc/inet/hosts >/dev/null
824 825 if [ $? -eq 1 ] ; then
825 826 print "$ipaddr\t$hostname" >> /etc/inet/hosts
826 827 fi
827 828
828 829 template=cipso
829 830 cidr=32
830 831 updateTnrhdb
831 832
832 833 ifconfig $nic $ipaddr netmask + broadcast +
833 834 #
834 835 # TODO: better integration with nwam
835 836 # TODO: get/set netmask for IP address
836 837 #
837 838 print $hostname > /etc/hostname.$nic
838 839 }
839 840
840 841 createInterface() {
841 842 msg=$(ifconfig $nic addif 0.0.0.0)
842 843 $(zenity --info \
843 844 --title="$title" \
844 845 --text="$msg" )
845 846 nic=$(print "$msg"|cut -d" " -f5)
846 847
847 848 }
848 849
849 850 createVNIC() {
850 851 if [ $zonename != global ] ; then
851 852 vnicname=${zonename}0
852 853 else
853 854 vnicname=$(zenity --entry \
854 855 --title="$title" \
855 856 --width=330 \
856 857 --entry-text="" \
857 858 --text="Enter VNIC Name: ")
858 859
859 860 if [[ ! -n $vnicname ]] ; then
860 861 return
861 862 fi
862 863 fi
863 864 x=$(dladm show-vnic|grep "^$vnicname " )
864 865 if [[ ! -n $x ]] ; then
865 866 dladm create-vnic -l $nic $vnicname
866 867 fi
867 868 if [ $zonename = global ] ; then
868 869 ifconfig $vnicname plumb
869 870 else
870 871 zonecfg -z $zonename "add net; \
871 872 set physical=$vnicname; \
872 873 end"
873 874 fi
874 875 nic=$vnicname
875 876 }
876 877
877 878 shareInterface() {
878 879 #
879 880 # TODO: better integration with nwam
880 881 #
881 882 ifconfig $nic all-zones;\
882 883 if_file=/etc/hostname.$nic
883 884 sed q | sed -e "s/$/ all-zones/" < $if_file >$TXTMP/txnetmgr.$$
884 885 mv $TXTMP/txnetmgr.$$ $if_file
885 886 }
886 887
887 888 unshareInterface() {
888 889 #
889 890 # TODO: better integration with nwam
890 891 #
891 892 ifconfig $nic -zone;\
892 893 if_file=/etc/hostname.$nic
893 894 sed q | sed -e "s/all-zones/ /" < $if_file >$TXTMP/txnetmgr.$$
894 895 mv $TXTMP/txnetmgr.$$ $if_file
895 896 }
896 897
897 898 addTnrhdb() {
898 899 ipaddr=$(zenity --entry \
899 900 --title="$title" \
900 901 --width=330 \
901 902 --text="Zone:$zonename. Enter IP address of remote host or network: " \
902 903 --entry-text a.b.c.d)
903 904 [ $? != 0 ] && return
904 905 validateIPaddr
905 906 if [[ -z $ipaddr ]] ; then
906 907 return;
907 908 fi
908 909 if [ ${octets[3]} = 0 ] ; then
909 910 nic="$ipaddr"
910 911 getNetmask
911 912 if [[ -z $cidr ]] ; then
912 913 return;
913 914 fi
914 915 else
915 916 cidr=32
916 917 fi
917 918 print "${ipaddr}/$cidr:$template" > $TXTMP/tnrhdb_new.$$
918 919 x=$(tnchkdb -h $TXTMP/tnrhdb_new.$$ 2>$TXTMP/syntax_error.$$)
919 920 if [ $? = 0 ] ; then
920 921 updateTnrhdb
921 922 else
922 923 syntax=$(cat $TXTMP/syntax_error.$$)
923 924 x=$(zenity --error \
924 925 --title="$title" \
925 926 --text="$syntax")
926 927 fi
927 928 rm $TXTMP/tnrhdb_new.$$
928 929 rm $TXTMP/syntax_error.$$
929 930 }
930 931
931 932 removeTnrhdb() {
932 933 while (( 1 )) do
933 934 remotes=$(grep "^[^#][0-9.]" $TNRHDB|grep ":$template"|cut -d : -f1-2|tr : " ")
934 935 if [ $template = cipso ] ; then
935 936 templateHeading="from All Zones":
936 937 else
937 938 templateHeading="from this Zone":
938 939 fi
939 940 if [[ -n $remotes ]] ; then
940 941 ipaddr=$(zenity --list \
941 942 --title="$title" \
942 943 --text="$msg_getremote" \
943 944 --height=250 \
944 945 --width=300 \
945 946 --column="Remove Access to:" \
946 947 --column="$templateHeading" \
947 948 $remotes)
948 949
949 950 if [[ -n $ipaddr ]] ; then
950 951 deleteTnrhdbEntry
951 952 tnctl -dh ${ip}:$template
952 953 else
953 954 return
954 955 fi
955 956 else
956 957 return
957 958 fi
958 959 done
959 960 }
960 961
961 962 setMLPs() {
962 963 tnzone=$(grep "^$zonename:" $TNZONECFG 2>/dev/null)
963 964 zoneMLPs=:$(print "$tnzone"|cut -d : -f4)
964 965 sharedMLPs=:$(print "$tnzone"|cut -d : -f5)
965 966 attrs="Private Interfaces$zoneMLPs\nShared Interfaces$sharedMLPs"
966 967 ports=$(print "$attrs"|zenity --list \
967 968 --title="$title" \
968 969 --height=200 \
969 970 --width=450 \
970 971 --text="Zone: $zonename\nClick once to select, twice to edit.\nShift-click to select both rows." \
971 972 --column="Multilevel Ports (example: 80-81/tcp;111/udp;)" \
972 973 --editable \
973 974 --multiple
974 975 )
975 976
976 977 if [[ -z $ports ]] ; then
977 978 return
978 979 fi
979 980
980 981 # getopts needs another a blank and another dash
981 982 ports=--$(print "$ports"|sed 's/ //g'|sed 's/|/ --/g'|sed 's/Interfaces:/ :/g')
982 983
983 984 OPTIND=1
984 985 while getopts "z:(Private)s:(Shared)" opt $ports ; do
985 986 case $opt in
986 987 z) zoneMLPs=$OPTARG ;;
987 988 s) sharedMLPs=$OPTARG ;;
988 989 esac
989 990 done
990 991
991 992 sed -e "/^$zonename:*/d" $TNZONECFG > $TXTMP/tnzonecfg.$$ 2>/dev/null
992 993 tnzone=$(print "$tnzone"|cut -d : -f1-3)
993 994 echo "${tnzone}${zoneMLPs}${sharedMLPs}" >> $TXTMP/tnzonecfg.$$
994 995
995 996 x=$(tnchkdb -z $TXTMP/tnzonecfg.$$ 2>$TXTMP/syntax_error.$$)
996 997
997 998 if [ $? = 0 ] ; then
998 999 mv $TXTMP/tnzonecfg.$$ $TNZONECFG
999 1000 zenity --info \
1000 1001 --title="$title" \
1001 1002 --text="Multilevel ports for the $zonename zone\nwill be interpreted on next reboot."
1002 1003 if [ $zonename != global ] ; then
1003 1004 getLabelRange
1004 1005 fi
1005 1006 else
1006 1007 syntax=$(cat $TXTMP/syntax_error.$$)
1007 1008 x=$(zenity --error \
1008 1009 --title="$title" \
1009 1010 --text="$syntax")
1010 1011 rm $TXTMP/tnzonecfg.$$
1011 1012 fi
1012 1013 rm $TXTMP/syntax_error.$$
1013 1014 }
1014 1015
1015 1016 enableAuthentication() {
1016 1017 integer file_cnt=0
1017 1018
1018 1019 zonepath=$(zoneadm -z $1 list -p|cut -d : -f4)
1019 1020 ZONE_ETC_DIR=$zonepath/root/etc
1020 1021
1021 1022 # If the zone's shadow file was previously read-only
1022 1023 # there may be no root password entry for this zone.
1023 1024 # If so, replace the root password entry with the global zone's.
1024 1025
1025 1026 entry=$(grep ^root:: $ZONE_ETC_DIR/shadow)
1026 1027 if [ $? -eq 0 ] ; then
1027 1028 grep ^root: /etc/shadow > $TXTMP/shadow.$$
1028 1029 sed -e "/^root::/d" $ZONE_ETC_DIR/shadow >> \
1029 1030 $TXTMP/shadow.$$ 2>/dev/null
1030 1031 mv $TXTMP/shadow.$$ $ZONE_ETC_DIR/shadow
1031 1032 chmod 400 $ZONE_ETC_DIR/shadow
1032 1033 fi
1033 1034
1034 1035 if [ $LOGNAME = "root" ]; then
1035 1036 return
1036 1037 fi
1037 1038
1038 1039 file[0]="passwd"
1039 1040 file[1]="shadow"
1040 1041 file[2]="user_attr"
1041 1042 #
1042 1043 # Add the user who assumed the root role to each installed zone
1043 1044 #
1044 1045 while (( file_cnt < ${#file[*]} )); do
1045 1046 exists=$(grep "^${LOGNAME}:" \
1046 1047 $ZONE_ETC_DIR/${file[file_cnt]} >/dev/null)
1047 1048 if [ $? -ne 0 ] ; then
1048 1049 entry=$(grep "^${LOGNAME}:" \
1049 1050 /etc/${file[file_cnt]})
1050 1051 if [ $? -eq 0 ] ; then
1051 1052 print "$entry" >> \
1052 1053 $ZONE_ETC_DIR/${file[file_cnt]}
1053 1054 fi
1054 1055 fi
1055 1056 file_cnt+=1
1056 1057 done
1057 1058 chmod 400 $ZONE_ETC_DIR/shadow
1058 1059 }
1059 1060
1060 1061 unsharePasswd() {
1061 1062 zonecfg -z $1 remove fs dir=/etc/passwd >/dev/null 2>&1 | grep -v such
1062 1063 zonecfg -z $1 remove fs dir=/etc/shadow >/dev/null 2>&1 | grep -v such
1063 1064 zoneadm -z $1 ready >/dev/null 2>&1
1064 1065 if [ $? -eq 0 ] ; then
1065 1066 enableAuthentication $1
1066 1067 zoneadm -z $1 halt >/dev/null 2>&1
1067 1068 else
1068 1069 echo Skipping $1
1069 1070 fi
1070 1071 }
1071 1072
1072 1073 sharePasswd() {
1073 1074 passwd=$(zonecfg -z $1 info|grep /etc/passwd)
1074 1075 if [ $? -eq 1 ] ; then
1075 1076 zonecfg -z $1 "add fs; \
1076 1077 set special=/etc/passwd; \
1077 1078 set dir=/etc/passwd; \
1078 1079 set type=lofs; \
1079 1080 add options ro; \
1080 1081 end; \
1081 1082 add fs; \
1082 1083 set special=/etc/shadow; \
1083 1084 set dir=/etc/shadow; \
1084 1085 set type=lofs; \
1085 1086 add options ro; \
1086 1087 end"
1087 1088 fi
1088 1089 zoneadm -z $1 halt >/dev/null 2>&1
1089 1090 }
1090 1091
1091 1092 # This routine is a toggle -- if we find it configured for global nscd,
1092 1093 # change to nscd-per-label and vice-versa.
1093 1094 #
1094 1095 # The user was presented with only the choice to CHANGE the existing
1095 1096 # configuration.
1096 1097
1097 1098 manageNscd() {
1098 1099 if [ $NSCD_PER_LABEL -eq 0 ] ; then
1099 1100 # this MUST be a regular file for svc-nscd to detect
1100 1101 touch $NSCD_INDICATOR
1101 1102 NSCD_OPT="Unconfigure per-zone name service"
1102 1103 NSCD_PER_LABEL=1
1103 1104 for i in $(zoneadm list -i | grep -v global) ; do
1104 1105 zoneadm -z $i halt >/dev/null 2>&1
1105 1106 unsharePasswd $i
1106 1107 done
1107 1108 else
1108 1109 rm -f $NSCD_INDICATOR
1109 1110 NSCD_OPT="Configure per-zone name service"
1110 1111 NSCD_PER_LABEL=0
1111 1112 for i in $(zoneadm list -i | grep -v global) ; do
1112 1113 zoneadm -z $i halt >/dev/null 2>&1
1113 1114 sharePasswd $i
1114 1115 done
1115 1116 fi
1116 1117 }
1117 1118
1118 1119 manageZoneNets () {
1119 1120 ncmds[0]="Only use all-zones interfaces"
1120 1121 ncmds[1]="Add a logical interface"
1121 1122 ncmds[2]="Add a virtual interface (VNIC)"
1122 1123
1123 1124 stacks[0]="Shared Stack"
1124 1125 stacks[1]="Exclusive Stack"
1125 1126
1126 1127 getAllZoneNICs
1127 1128 netOps[0]="1\n${ncmds[0]}\nShared Stack\n${aznics[*]}"
1128 1129
1129 1130 integer nic_cnt=0
1130 1131 integer netOp_cnt=2
1131 1132
1132 1133 set -A nics $(dladm show-phys|grep -v LINK|cut -f1 -d " ")
1133 1134
1134 1135 while (( nic_cnt < ${#nics[*]} )); do
1135 1136 netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[1]}\n${stacks[0]}\n${nics[nic_cnt]}"
1136 1137 netOp_cnt+=1
1137 1138 netOps[netOp_cnt - 1]="\n$netOp_cnt\n${ncmds[2]}\n${stacks[1]}\n${nics[nic_cnt]}"
1138 1139 netOp_cnt+=1
1139 1140 nic_cnt+=1
1140 1141 done
1141 1142
1142 1143 netOp=$(print "${netOps[*]}"|zenity --list \
1143 1144 --title="$title" \
1144 1145 --text="$msg_getnet $zonename zone:" \
1145 1146 --height=300 \
1146 1147 --width=500 \
1147 1148 --column="#" \
1148 1149 --column="Network Configuration " \
1149 1150 --column="IP Type" \
1150 1151 --column="Available Interfaces" \
1151 1152 --hide-column=1
1152 1153 )
1153 1154
1154 1155 # User picked cancel or no selection
1155 1156 if [[ -z $netOp ]] ; then
1156 1157 return
1157 1158 fi
1158 1159
1159 1160 # All-zones is the default, so just return
1160 1161 if [ $netOp = 1 ] ; then
1161 1162 return
1162 1163 fi
1163 1164
1164 1165 cmd=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 3)
1165 1166 nic=$(print "${netOps[$netOp - 1]}"|tr '\n' ';' |cut -d';' -f 5)
1166 1167 case $cmd in
1167 1168 ${ncmds[1]} )
1168 1169 addNet;
1169 1170 ;;
1170 1171 ${ncmds[2]} )
1171 1172 zonecfg -z $zonename set ip-type=exclusive
1172 1173 createVNIC
1173 1174 ;;
1174 1175 esac
1175 1176 }
1176 1177
1177 1178 manageInterface () {
1178 1179 while (( 1 )) do
1179 1180 getAttrs
1180 1181
1181 1182 # Clear list of commands
1182 1183
1183 1184 share=
1184 1185 setipaddr=
1185 1186 newlogical=
1186 1187 newvnic=
1187 1188 unplumb=
1188 1189 bringup=
1189 1190 bringdown=
1190 1191
1191 1192 if [ $updown = Down ] ; then
1192 1193 bringup="Bring Up\n"
1193 1194 else
1194 1195 bringdown="Bring Down\n"
1195 1196 fi
1196 1197
1197 1198 case $linktype in
1198 1199 physical )
1199 1200 newlogical="Create Logical Interface...\n";
1200 1201 newvnic="Create Virtual Interface (VNIC)...\n";
1201 1202 ;;
1202 1203 logical )
1203 1204 unplumb="Remove Logical Interface\n"
1204 1205 ;;
1205 1206 virtual )
1206 1207 newlogical="Create Logical Interface...\n";
1207 1208 unplumb="Remove Virtual Interface\n" ;
1208 1209 ;;
1209 1210 esac
1210 1211
1211 1212 if [ $ipaddr = "..." ] ; then
1212 1213 setipaddr="Set IP address...\n"
1213 1214 elif [ $zone != all-zones ] ; then
1214 1215 share="Share with Shared-IP Zones\n"
1215 1216 else
1216 1217 share="Remove from Shared-IP Zones\n"
1217 1218 fi
1218 1219
1219 1220 command=$(print ""\
1220 1221 $share \
1221 1222 $setipaddr \
1222 1223 $newlogical \
1223 1224 $newvnic \
1224 1225 $unplumb \
1225 1226 $bringup \
1226 1227 $bringdown \
1227 1228 | zenity --list \
1228 1229 --title="$title" \
1229 1230 --text="Select a command from the list below:" \
1230 1231 --height=300 \
1231 1232 --column "Interface: $nic" )
1232 1233
1233 1234 case $command in
1234 1235 " Create Logical Interface...")
1235 1236 createInterface;;
1236 1237 " Create Virtual Interface (VNIC)...")
1237 1238 createVNIC ;;
1238 1239 " Set IP address...")
1239 1240 getIPaddr
1240 1241 addHost;;
1241 1242 " Share with Shared-IP Zones")
1242 1243 shareInterface;;
1243 1244 " Remove from Shared-IP Zones")
1244 1245 unshareInterface;;
1245 1246 " Remove Logical Interface")
1246 1247 ifconfig $nic unplumb
1247 1248 rm -f /etc/hostname.$nic
1248 1249 return;;
1249 1250 " Remove Virtual Interface")
1250 1251 ifconfig $nic unplumb
1251 1252 dladm delete-vnic $nic
1252 1253 rm -f /etc/hostname.$nic
1253 1254 return;;
1254 1255 " Bring Up")
1255 1256 ifconfig $nic up;;
1256 1257 " Bring Down")
1257 1258 ifconfig $nic down;;
1258 1259 *) return;;
1259 1260 esac
1260 1261 done
1261 1262 }
1262 1263
1263 1264 sharePrimaryNic() {
1264 1265 set -A ip $(getent hosts $(cat /etc/nodename))
1265 1266 for i in $(ifconfig -au4|grep "^[a-z].*:" |grep -v LOOPBACK)
1266 1267 do
1267 1268 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1
1268 1269 [ $? -eq 1 ] && continue
1269 1270
1270 1271 nic=${i%:} # Remove colon after interface name
1271 1272 getAttrs
1272 1273 if [ ${ip[0]} = $ipaddr ]; then
1273 1274 shareInterface
1274 1275 break
1275 1276 fi
1276 1277 done
1277 1278 }
1278 1279
1279 1280 manageNets() {
1280 1281 while (( 1 )) do
1281 1282 attrs=
1282 1283 for i in $(ifconfig -a4|grep "^[a-z].*:" |grep -v LOOPBACK)
1283 1284 do
1284 1285 print "$i" |grep "^[a-z].*:" >/dev/null 2>&1
1285 1286 [ $? -eq 1 ] && continue
1286 1287
1287 1288 nic=${i%:} # Remove colon after interface name
1288 1289 getAttrs
1289 1290 attrs="$nic $linktype $zone $ipaddr $template $updown $attrs"
1290 1291 done
1291 1292
1292 1293 nic=$(zenity --list \
1293 1294 --title="$title" \
1294 1295 --text="Select an interface from the list below:" \
1295 1296 --height=300 \
1296 1297 --width=500 \
1297 1298 --column="Interface" \
1298 1299 --column="Type" \
1299 1300 --column="Zone Name" \
1300 1301 --column="IP Address" \
1301 1302 --column="Template" \
1302 1303 --column="State" \
1303 1304 $attrs)
1304 1305
1305 1306 if [[ -z $nic ]] ; then
1306 1307 return
1307 1308 fi
1308 1309 manageInterface
1309 1310 done
1310 1311 }
1311 1312
1312 1313 createLDAPclient() {
1313 1314 ldaptitle="$title: Create LDAP Client"
1314 1315 ldapdomain=$(zenity --entry \
1315 1316 --width=400 \
1316 1317 --title="$ldaptitle" \
1317 1318 --text="Enter Domain Name: ")
1318 1319 if [[ -n $ldapdomain ]] ; then
1319 1320 ldapserver=$(zenity --entry \
1320 1321 --width=400 \
1321 1322 --title="$ldaptitle" \
1322 1323 --text="Enter Hostname of LDAP Server: ")
1323 1324 else
1324 1325 return
1325 1326 fi
1326 1327 if [[ -n $ldapserver ]] ; then
1327 1328 ldapserveraddr=$(zenity --entry \
1328 1329 --width=400 \
1329 1330 --title="$ldaptitle" \
1330 1331 --text="Enter IP adddress of LDAP Server $ldapserver: ")
1331 1332 else
1332 1333 return
1333 1334 fi
1334 1335 ldappassword=""
1335 1336 while [[ -z ${ldappassword} || "x$ldappassword" != "x$ldappasswordconfirm" ]] ; do
1336 1337 ldappassword=$(zenity --entry \
1337 1338 --width=400 \
1338 1339 --title="$ldaptitle" \
1339 1340 --hide-text \
1340 1341 --text="Enter LDAP Proxy Password:")
1341 1342 ldappasswordconfirm=$(zenity --entry \
1342 1343 --width=400 \
1343 1344 --title="$ldaptitle" \
1344 1345 --hide-text \
1345 1346 --text="Confirm LDAP Proxy Password:")
1346 1347 done
1347 1348 ldapprofile=$(zenity --entry \
1348 1349 --width=400 \
1349 1350 --title="$ldaptitle" \
1350 1351 --text="Enter LDAP Profile Name: ")
1351 1352 whatnext=$(zenity --list \
1352 1353 --width=400 \
1353 1354 --height=250 \
1354 1355 --title="$ldaptitle" \
1355 1356 --text="Proceed to create LDAP Client?" \
1356 1357 --column=Parameter --column=Value \
1357 1358 "Domain Name" "$ldapdomain" \
1358 1359 "Hostname" "$ldapserver" \
1359 1360 "IP Address" "$ldapserveraddr" \
1360 1361 "Password" "$(print "$ldappassword" | sed 's/./*/g')" \
1361 1362 "Profile" "$ldapprofile")
1362 1363 [ $? != 0 ] && return
1363 1364
1364 1365 grep "^${ldapserveraddr}[^0-9]" /etc/hosts > /dev/null
1365 1366 if [ $? -eq 1 ] ; then
1366 1367 print "$ldapserveraddr $ldapserver" >> /etc/hosts
1367 1368 fi
1368 1369
1369 1370 grep "${ldapserver}:" $TNRHDB > /dev/null
1370 1371 if [ $? -eq 1 ] ; then
1371 1372 print "# ${ldapserver} - ldap server" \
1372 1373 >> $TNRHDB
1373 1374 print "${ldapserveraddr}:cipso" \
1374 1375 >> $TNRHDB
1375 1376 tnctl -h "${ldapserveraddr}:cipso"
1376 1377 fi
1377 1378
1378 1379 proxyDN=$(print $ldapdomain|awk -F"." \
1379 1380 "{ ORS = \"\" } { for (i = 1; i < NF; i++) print \"dc=\"\\\$i\",\" }{ print \"dc=\"\\\$NF }")
1380 1381
1381 1382 zenity --info \
1382 1383 --title="$ldaptitle" \
1383 1384 --width=500 \
1384 1385 --text="global zone will be LDAP client of $ldapserver"
1385 1386
1386 1387 ldapout=$TXTMP/ldapclient.$$
1387 1388
1388 1389 ldapclient init -a profileName="$ldapprofile" \
1389 1390 -a domainName="$ldapdomain" \
1390 1391 -a proxyDN"=cn=proxyagent,ou=profile,$proxyDN" \
1391 1392 -a proxyPassword="$ldappassword" \
1392 1393 "$ldapserveraddr" >$ldapout 2>&1
1393 1394
1394 1395 if [ $? -eq 0 ] ; then
1395 1396 ldapstatus=Success
1396 1397 else
1397 1398 ldapstatus=Error
1398 1399 fi
1399 1400
1400 1401 zenity --text-info \
1401 1402 --width=700 \
1402 1403 --height=300 \
1403 1404 --title="$ldaptitle: $ldapstatus" \
1404 1405 --filename=$ldapout
1405 1406
1406 1407 rm -f $ldapout
1407 1408
1408 1409
1409 1410 }
1410 1411
1411 1412 tearDownZones() {
1412 1413 if [ $DISP -eq 0 ] ; then
1413 1414 if [ $FORCE -eq 0 ] ; then
1414 1415 gettext "OK to destroy all zones [y|N]? "
1415 1416 read ans
1416 1417 printf "%s\n" "$ans" \
1417 1418 | /usr/xpg4/bin/grep -Eq "$(locale yesexpr)"
1418 1419 if [ $? -ne 0 ] ; then
1419 1420 gettext "canceled.\n"
1420 1421 return 1
1421 1422 fi
1422 1423 fi
1423 1424 gettext "destroying all zones ...\n"
1424 1425 else
1425 1426 killall=$(zenity --question \
1426 1427 --title="$title" \
1427 1428 --width=330 \
1428 1429 --text="$msg_confirmkill")
1429 1430 if [[ $? != 0 ]]; then
1430 1431 return
1431 1432 fi
1432 1433 fi
1433 1434
1434 1435 for p in $(zoneadm list -cp|grep -v global:) ; do
1435 1436 zonename=$(echo "$p"|cut -d : -f2)
1436 1437 if [ $DISP -eq 0 ] ; then
1437 1438 gettext "destroying zone $zonename ...\n"
1438 1439 fi
1439 1440 zoneadm -z $zonename halt 1>/dev/null 2>&1
1440 1441 zoneadm -z $zonename uninstall -F 1>/dev/null 2>&1
1441 1442 delete -rRf
1442 1443 done
1443 1444 zonename=global
1444 1445 }
1445 1446
1446 1447 createDefaultZones() {
1447 1448 # If GUI display is not used, skip the dialog
1448 1449 if [ $DISP -eq 0 ] ; then
1449 1450 createDefaultPublic
1450 1451 if [ $? -ne 0 ] ; then
1451 1452 return 1
1452 1453 fi
1453 1454 createDefaultInternal
1454 1455 return
1455 1456 fi
1456 1457
1457 1458 msg_choose1=$(gettext "Choose one:")
1458 1459 defpub=$(gettext "$PUBZONE zone only")
1459 1460 defboth=$(gettext "$PUBZONE and $INTZONE zones")
1460 1461 defskip=$(gettext "Main Menu...")
1461 1462 command=$(echo ""\
1462 1463 "$defpub\n" \
1463 1464 "$defboth\n" \
1464 1465 "$defskip\n" \
1465 1466 | zenity --list \
1466 1467 --title="$title" \
1467 1468 --text="$msg_defzones" \
1468 1469 --column="$msg_choose1" \
1469 1470 --height=400 \
1470 1471 --width=330 )
1471 1472
1472 1473 case $command in
1473 1474 " $defpub")
1474 1475 createDefaultPublic ;;
1475 1476
1476 1477 " $defboth")
1477 1478 createDefaultPublic
1478 1479 if [ $? -ne 0 ] ; then
1479 1480 return 1
1480 1481 fi
1481 1482 createDefaultInternal ;;
1482 1483
1483 1484 *)
1484 1485 return;;
1485 1486 esac
1486 1487 }
1487 1488
1488 1489 createDefaultPublic() {
1489 1490 zonename=$PUBZONE
1490 1491 if [ $DISP -eq 0 ] ; then
1491 1492 gettext "creating default $zonename zone ...\n"
1492 1493 fi
1493 1494 newZone
1494 1495 zone_cnt+=1
1495 1496 hexlabel=$DEFAULTLABEL
1496 1497 setTNdata
1497 1498 sharePrimaryNic
1498 1499
1499 1500 install
1500 1501 if [ $? -ne 0 ] ; then
1501 1502 return 1
1502 1503 fi
1503 1504
1504 1505 if [ $DISP -eq 0 ] ; then
1505 1506 gettext "booting zone $zonename ...\n"
1506 1507 zoneadm -z $zonename boot
1507 1508 else
1508 1509 zoneadm -z $zonename boot &
1509 1510 gnome-terminal \
1510 1511 --disable-factory \
1511 1512 --title="Zone Console: $zonename $msg_continue" \
1512 1513 --command "zlogin -C $zonename"
1513 1514 fi
1514 1515 }
1515 1516
1516 1517 createDefaultInternal() {
1517 1518 zoneadm -z $PUBZONE halt
1518 1519
1519 1520 zonename=snapshot
1520 1521 newZone
1521 1522 zone_cnt+=1
1522 1523 zonecfg -z $zonename set autoboot=false
1523 1524
1524 1525 clone $PUBZONE
1525 1526 zoneadm -z $PUBZONE boot &
1526 1527
1527 1528 zonename=$INTZONE
1528 1529 if [ $DISP -eq 0 ] ; then
1529 1530 gettext "creating default $zonename zone ...\n"
1530 1531 fi
1531 1532 newZone
1532 1533 zone_cnt+=1
1533 1534
1534 1535 hexlabel=$INTLABEL
1535 1536 x=$(grep -i :{$hexlabel}: $TNZONECFG)
1536 1537 if [ $? = 0 ] ; then
1537 1538 z=$(print $x|cut -d : -f1)
1538 1539 echo "$msg_inuse $z zone."
1539 1540 else
1540 1541 setTNdata
1541 1542 fi
1542 1543
1543 1544 clone snapshot
1544 1545 if [ $DISP -eq 0 ] ; then
1545 1546 gettext "booting zone $zonename ...\n"
1546 1547 else
1547 1548 gnome-terminal \
1548 1549 --title="Zone Console: $zonename" \
1549 1550 --command "zlogin -C $zonename" &
1550 1551 fi
1551 1552 zoneadm -z $zonename boot &
1552 1553 }
1553 1554
1554 1555 selectZone() {
1555 1556 set -A zonelist "global\nrunning\nADMIN_HIGH"
1556 1557 integer zone_cnt=1
1557 1558
1558 1559 for p in $(zoneadm list -cp|grep -v global:) ; do
1559 1560 zone_cnt+=1
1560 1561 done
1561 1562 if [ $zone_cnt == 1 ] ; then
1562 1563 createDefaultZones
1563 1564 fi
1564 1565 if [ $zone_cnt == 1 ] ; then
1565 1566 zonename=global
1566 1567 singleZone
1567 1568 return
1568 1569 fi
1569 1570
1570 1571 zone_cnt=1
1571 1572 for p in $(zoneadm list -cp|grep -v global:) ; do
1572 1573 zonename=$(echo "$p"|cut -d : -f2)
1573 1574 state=$(echo "$p"|cut -d : -f3)
1574 1575 hexlabel=$(grep "^$zonename:" $TNZONECFG|cut -d : -f2)
1575 1576 if [[ $hexlabel ]] ; then
1576 1577 curlabel=$(hextoalabel $hexlabel)
1577 1578 else
1578 1579 curlabel=...
1579 1580 fi
1580 1581 zonelist[zone_cnt]="\n$zonename\n$state\n$curlabel"
1581 1582 zone_cnt+=1
1582 1583 done
1583 1584 zonename=$(print "${zonelist[*]}"|zenity --list \
1584 1585 --title="$title" \
1585 1586 --text="$msg_getzone" \
1586 1587 --height=300 \
1587 1588 --width=500 \
1588 1589 --column="Zone Name" \
1589 1590 --column="Status" \
1590 1591 --column="Sensitivity Label" \
1591 1592 )
1592 1593
1593 1594 # if the menu choice was a zonename, pop up zone menu
1594 1595 if [[ -n $zonename ]] ; then
1595 1596 singleZone
1596 1597 else
1597 1598 exit
1598 1599 fi
1599 1600 }
1600 1601
1601 1602 # Loop for single-zone menu
1602 1603 singleZone() {
1603 1604
1604 1605 while (( 1 )) do
1605 1606 # Clear list of commands
1606 1607
1607 1608 console=
1608 1609 label=
1609 1610 start=
1610 1611 reboot=
1611 1612 stop=
1612 1613 clone=
1613 1614 install=
1614 1615 ready=
1615 1616 uninstall=
1616 1617 autoboot=
1617 1618 delete=
1618 1619 deletenet=
1619 1620 permitrelabel=
1620 1621
1621 1622 if [ $zone_cnt -gt 1 ] ; then
1622 1623 killZones="Destroy all zones...\n"
1623 1624 xit="Select another zone..."
1624 1625 else
1625 1626 killZones=
1626 1627 xit="Exit"
1627 1628 fi
1628 1629 if [ $zonename = global ] ; then
1629 1630 ldapClient="Create LDAP Client...\n"
1630 1631 nscdOpt="$NSCD_OPT\n"
1631 1632 createZone="Create a new zone...\n"
1632 1633 addnet="Configure Network Interfaces...\n"
1633 1634 else
1634 1635 ldapClient=
1635 1636 nscdOpt=
1636 1637 createZone=
1637 1638 addnet=
1638 1639 killZones=
1639 1640 fi
1640 1641
1641 1642 zonestate=$(zoneadm -z $zonename list -p | cut -d : -f 3)
1642 1643
1643 1644 consoleCheck;
1644 1645 labelCheck;
1645 1646 delay=0
1646 1647
1647 1648 if [ $zonename != global ] ; then
1648 1649 case $zonestate in
1649 1650 running)
1650 1651 ready="Ready\n"
1651 1652 reboot="Reboot\n"
1652 1653 stop="Halt\n"
1653 1654 ;;
1654 1655 ready)
1655 1656 start="Boot\n"
1656 1657 stop="Halt\n"
1657 1658 ;;
1658 1659 installed)
1659 1660 if [[ -z $label ]] ; then
1660 1661 ready="Ready\n"
1661 1662 start="Boot\n"
1662 1663 fi
1663 1664 uninstall="Uninstall\n"
1664 1665 relabelCheck
1665 1666 autobootCheck
1666 1667 ;;
1667 1668 configured)
1668 1669 install="Install...\n"
1669 1670 cloneCheck
1670 1671 delete="Delete\n"
1671 1672 console=
1672 1673 ;;
1673 1674 incomplete)
1674 1675 uninstall="Uninstall\n"
1675 1676 ;;
1676 1677 *)
1677 1678 ;;
1678 1679 esac
1679 1680 fi
1680 1681
1681 1682 command=$(echo ""\
1682 1683 $createZone \
1683 1684 $console \
1684 1685 $label \
1685 1686 $start \
1686 1687 $reboot \
1687 1688 $stop \
1688 1689 $clone \
1689 1690 $install \
1690 1691 $ready \
1691 1692 $uninstall \
1692 1693 $delete \
1693 1694 $addnet \
1694 1695 $deletenet \
1695 1696 $addremotehost \
1696 1697 $addcipsohost \
1697 1698 $removeremotehost \
1698 1699 $removecipsohost \
1699 1700 $setmlps \
1700 1701 $permitrelabel \
1701 1702 $autoboot \
1702 1703 $ldapClient \
1703 1704 $nscdOpt \
1704 1705 $killZones \
1705 1706 $xit \
1706 1707 | zenity --list \
1707 1708 --title="$title" \
1708 1709 --text="$msg_getcmd" \
1709 1710 --height=400 \
1710 1711 --width=330 \
1711 1712 --column "Zone: $zonename Status: $zonestate" )
1712 1713
1713 1714 case $command in
1714 1715 " Create a new zone...")
1715 1716 zonename=
1716 1717 newZone ;;
1717 1718
1718 1719 " Zone Console...")
1719 1720 delay=2
1720 1721 gnome-terminal \
1721 1722 --title="Zone Console: $zonename" \
1722 1723 --command "zlogin -C $zonename" & ;;
1723 1724
1724 1725 " Select Label...")
1725 1726 selectLabel;;
1726 1727
1727 1728 " Ready")
1728 1729 zoneadm -z $zonename ready ;;
1729 1730
1730 1731 " Boot")
1731 1732 zoneadm -z $zonename boot ;;
1732 1733
1733 1734 " Halt")
1734 1735 zoneadm -z $zonename halt ;;
1735 1736
1736 1737 " Reboot")
1737 1738 zoneadm -z $zonename reboot ;;
1738 1739
1739 1740 " Install...")
1740 1741 install;;
1741 1742
1742 1743 " Clone...")
1743 1744 clone ;;
1744 1745
1745 1746 " Uninstall")
1746 1747 zoneadm -z $zonename uninstall -F;;
1747 1748
1748 1749 " Delete")
1749 1750 delete
1750 1751 return ;;
1751 1752
1752 1753 " Configure Network Interfaces...")
1753 1754 if [ $zonename = global ] ; then
1754 1755 manageNets
1755 1756 else
1756 1757 manageZoneNets
1757 1758 fi;;
1758 1759
1759 1760 " Add Single-level Access to Remote Host...")
1760 1761 addTnrhdb ;;
1761 1762
1762 1763 " Add Multilevel Access to Remote Host...")
1763 1764 template=cipso
1764 1765 addTnrhdb ;;
1765 1766
1766 1767 " Remove Single-level Access to Remote Host...")
1767 1768 removeTnrhdb ;;
1768 1769
1769 1770 " Remove Multilevel Access to Remote Host...")
1770 1771 template=cipso
1771 1772 removeTnrhdb ;;
1772 1773
1773 1774 " Configure Multilevel Ports...")
1774 1775 setMLPs;;
1775 1776
1776 1777 " Permit Relabeling")
1777 1778 zonecfg -z $zonename set limitpriv=default,\
1778 1779 win_mac_read,win_mac_write,win_selection,win_dac_read,win_dac_write,\
1779 1780 file_downgrade_sl,file_upgrade_sl,sys_trans_label ;;
1780 1781
1781 1782 " Deny Relabeling")
1782 1783 zonecfg -z $zonename set limitpriv=default ;;
1783 1784
1784 1785 " Set Automatic Booting")
1785 1786 zonecfg -z $zonename set autoboot=true ;;
1786 1787
1787 1788 " Set Manual Booting")
1788 1789 zonecfg -z $zonename set autoboot=false ;;
1789 1790
1790 1791 " Create LDAP Client...")
1791 1792 createLDAPclient ;;
1792 1793
1793 1794 " Configure per-zone name service")
1794 1795 manageNscd ;;
1795 1796
1796 1797 " Unconfigure per-zone name service")
1797 1798 manageNscd ;;
1798 1799
1799 1800 " Destroy all zones...")
1800 1801 tearDownZones
1801 1802 return ;;
1802 1803
1803 1804 *)
1804 1805 if [ $zone_cnt == 1 ] ; then
1805 1806 exit
1806 1807 else
1807 1808 return
1808 1809 fi;;
1809 1810 esac
1810 1811 sleep $delay;
1811 1812 done
1812 1813 }
1813 1814
1814 1815 # Main loop for top-level window
1815 1816 #
1816 1817
1817 1818 /usr/bin/plabel $$ 1>/dev/null 2>&1
1818 1819 if [ $? != 0 ] ; then
1819 1820 gettext "$0 : Trusted Extensions must be enabled.\n"
1820 1821 exit 1
1821 1822 fi
1822 1823
1823 1824 myzone=$(/sbin/zonename)
1824 1825 if [ $myzone != "global" ] ; then
1825 1826 gettext "$0 : must be in global zone to run.\n"
1826 1827 exit 1
1827 1828 fi
1828 1829
1829 1830
1830 1831 process_options "$@" || exit
1831 1832
1832 1833 mkdir $TXTMP 2>/dev/null
1833 1834 deflabel=$(chk_encodings -a|grep "Default User Sensitivity"|\
1834 1835 sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2)
1835 1836 DEFAULTLABEL=$(atohexlabel ${deflabel})
1836 1837 intlabel=$(chk_encodings -a|grep "Default User Clearance"|\
1837 1838 sed 's/= /=/'|sed 's/"/'''/g|cut -d"=" -f2)
1838 1839 INTLABEL=$(atohexlabel -c "${intlabel}")
1839 1840
1840 1841 # are there any zfs pools?
1841 1842 ZDSET=none
1842 1843 zpool iostat 1>/dev/null 2>&1
1843 1844 if [ $? = 0 ] ; then
1844 1845 # is there a zfs pool named "zone"?
1845 1846 zpool list -H zone 1>/dev/null 2>&1
1846 1847 if [ $? = 0 ] ; then
1847 1848 # yes
1848 1849 ZDSET=zone
1849 1850 else
1850 1851 # no, but is there a root pool?
1851 1852 rootfs=$(df -n / | awk '{print $3}')
1852 1853 if [ $rootfs = "zfs" ] ; then
1853 1854 # yes, use it
1854 1855 ZDSET=$(zfs list -Ho name / | cut -d/ -f 1)/zones
1855 1856 zfs list -H $ZDSET 1>/dev/null 2>&1
1856 1857 if [ $? = 1 ] ; then
1857 1858 createZDSET "-o mountpoint=/zone" $ZDSET
1858 1859 fi
1859 1860 fi
1860 1861 fi
1861 1862 fi
1862 1863
1863 1864 if [ $DISP -eq 0 ] ; then
1864 1865 gettext "non-interactive mode ...\n"
1865 1866
1866 1867 if [ $DESTROYZONES -eq 1 ] ; then
1867 1868 tearDownZones
1868 1869 fi
1869 1870
1870 1871 if [ $CREATEDEF -eq 1 ] ; then
1871 1872 if [[ $(zoneadm list -c) == global ]] ; then
1872 1873 createDefaultZones
1873 1874 else
1874 1875 gettext "cannot create default zones because there are existing zones.\n"
1875 1876 fi
1876 1877 fi
1877 1878
1878 1879 exit
1879 1880 fi
1880 1881
1881 1882 if [ $NSCD_PER_LABEL -eq 0 ] ; then
1882 1883 NSCD_OPT="Configure per-zone name service"
1883 1884 else
1884 1885 NSCD_OPT="Unconfigure per-zone name service"
1885 1886 fi
1886 1887
1887 1888
1888 1889 while (( 1 )) do
1889 1890 selectZone
1890 1891 done
|
↓ open down ↓ |
1433 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX