upstream/illumos/illumos-gate: usr/src/cmd/bsmunconv/bsmunconv.sh@2c158140ef85 (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	#! /bin/sh
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	# CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	5	# The contents of this file are subject to the terms of the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	6	# Common Development and Distribution License, Version 1.0 only
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	# (the "License"). You may not use this file except in compliance
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	# with the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	# or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	# See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	# and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	# When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	# If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	# fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	# information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	# CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	22	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	23	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	# Copyright 2005 Sun Microsystems, Inc. All rights reserved.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	# Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27	# ident "%Z%%M% %I% %E% SMI"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30	PROG=bsmunconv
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	TEXTDOMAIN="SUNW_OST_OSCMD"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	export TEXTDOMAIN
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	permission()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36	cd /usr/lib
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	ZONE=`/sbin/zonename`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	if [ ! "$ZONE" = "global" ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40	form=`gettext "%s: ERROR: you must be in the global zone to run this script."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	41	printf "${form}\n" $PROG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	42	exit 1
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	43	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	WHO=`id \| cut -f1 -d" "`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	if [ ! "$WHO" = "uid=0(root)" ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	47	then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	48	form=`gettext "%s: ERROR: you must be super-user to run this script."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49	printf "${form}\n" $PROG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50	exit 1
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53	set -- `/usr/bin/who -r`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	RUNLEVEL="$3"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	if [ "$RUNLEVEL" -ne "S" ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57	form=`gettext "%s: ERROR: this script should be run at run level S."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58	printf "${form}\n" $PROG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	form=`gettext "Are you sure you want to continue? [y/n]"`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	echo "$form \c"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	read RESP
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	case $RESP in
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63	`gettext "n"`\|`gettext "N"` ) exit 1 ;;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64	esac
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67	RESP="x"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	gettext "This script is used to disable the Basic Security Module (BSM).\n"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71	form=`gettext "Shall we continue the reversion to a non-BSM system now? [y/n]"`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	echo "$form \c"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	read RESP
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	done
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	if [ "$RESP" = `gettext "n"` ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	form=`gettext "%s: INFO: aborted, due to user request."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	printf "${form}\n" $PROG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	exit 2
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	bsmunconvert()
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	# deallocate user allocatable devices and turn off device allocation
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	/usr/sbin/deallocate -Is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	/usr/sbin/devfsadm -d
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90
196 2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	91	# disable auditd service
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	92	/usr/sbin/svcadm disable system/auditd
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93
196 2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	94	# restore volume manager startup on next boot using the
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	95	# previous state saved by bsmconv.sh
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	96	state="enable"
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	97	if [ -f ${ROOT}/etc/security/spool/vold.state ]; then
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	98	prev_state=`cat ${ROOT}/etc/security/spool/vold.state`
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	99	if [ ${prev_state} != "online" ]; then
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	100	state="disable"
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	fi
196 2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	103	touch ${ROOT}/var/svc/profile/upgrade
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	104	cat >> ${ROOT}/var/svc/profile/upgrade <<SVC_UPGRADE
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	105	svcadm ${state} svc:/system/filesystem/volfs:default
2c158140ef85 PSARC/2005/402 volfs(7FS) service frits parents: 0 diff changeset	106	SVC_UPGRADE
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	# Turn off auditing in the loadable module
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	if [ -f ${ROOT}/etc/system ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111	then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	form=`gettext "%s: INFO: removing c2audit:audit_load from %s/etc/system."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	printf "${form}\n" $PROG $ROOT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114	grep -v "c2audit:audit_load" ${ROOT}/etc/system > /tmp/etc.system.$$
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115	mv /tmp/etc.system.$$ ${ROOT}/etc/system
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	form=`gettext "%s: ERROR: can't find %s/etc/system."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	printf "${form}\n" $PROG $ROOT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	form=`gettext "%s: ERROR: audit module may not be disabled."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	printf "${form}\n" $PROG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	# Even though cron should not be running at run-level 1, it may have
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124	# been started by hand.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126	/usr/bin/pgrep -u root -f /usr/sbin/cron > /dev/null
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	if [ $? -eq 0 ]; then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	form=`gettext "%s: INFO: stopping the cron daemon."`
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	printf "${form}\n" $PROG
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	/usr/sbin/svcadm disable -t system/cron
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	rm -f /var/spool/cron/atjobs/*.au
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135	rm -f /var/spool/cron/crontabs/*.au
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	# main
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	permission
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143	if [ $# -eq 0 ]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145	ROOT=
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146	bsmunconvert
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	147	echo
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	148	gettext "The Basic Security Module has been disabled.\n"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	149	gettext "Reboot this system now to come up without BSM.\n"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	150	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	151	for ROOT in $@
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	152	do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	153	bsmunconvert $ROOT
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	154	done
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	echo
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	156	gettext "The Basic Security Module has been disabled.\n"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157	gettext "Reboot each system that was disabled to come up without BSM.\n"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	158	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160	exit 0
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161

author	frits
	Wed, 20 Jul 2005 16:58:17 -0700
changeset 196	2c158140ef85
parent 0	68f95e015346
child 1676	37f4a3e2bd99
permissions	-rw-r--r--