1e3320f40Smarkfen<?xml version="1.0"?> 2e3320f40Smarkfen<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3e3320f40Smarkfen<!-- 4e3320f40Smarkfen Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5e3320f40Smarkfen Use is subject to license terms. 6e3320f40Smarkfen 7e3320f40Smarkfen CDDL HEADER START 8e3320f40Smarkfen 9e3320f40Smarkfen The contents of this file are subject to the terms of the 10e3320f40Smarkfen Common Development and Distribution License (the "License"). 11e3320f40Smarkfen You may not use this file except in compliance with the License. 12e3320f40Smarkfen 13e3320f40Smarkfen You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14e3320f40Smarkfen or http://www.opensolaris.org/os/licensing. 15e3320f40Smarkfen See the License for the specific language governing permissions 16e3320f40Smarkfen and limitations under the License. 17e3320f40Smarkfen 18e3320f40Smarkfen When distributing Covered Code, include this CDDL HEADER in each 19e3320f40Smarkfen file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20e3320f40Smarkfen If applicable, add the following below this CDDL HEADER, with the 21e3320f40Smarkfen fields enclosed by brackets "[]" replaced with your own identifying 22e3320f40Smarkfen information: Portions Copyright [yyyy] [name of copyright owner] 23e3320f40Smarkfen 24e3320f40Smarkfen CDDL HEADER END 25e3320f40Smarkfen 26e3320f40Smarkfen NOTE: This service manifest is not editable; its contents will 27e3320f40Smarkfen be overwritten by package or patch operations, including 28e3320f40Smarkfen operating system upgrade. Make customizations in a different 29e3320f40Smarkfen file. 30e3320f40Smarkfen--> 31e3320f40Smarkfen<service_bundle type='manifest' name='SUNWcsr:manual-key'> 32e3320f40Smarkfen 33e3320f40Smarkfen<service 34e3320f40Smarkfen name='network/ipsec/manual-key' 35e3320f40Smarkfen type='service' 36e3320f40Smarkfen version='1'> 37e3320f40Smarkfen 38e3320f40Smarkfen <!-- The 'manual-key' service is delivered disabled 39e3320f40Smarkfen because there is not a default configuration file. 40e3320f40Smarkfen See note below on changing the default configuration file. --> 41e3320f40Smarkfen 42e3320f40Smarkfen <create_default_instance enabled='false' /> 43e3320f40Smarkfen 44e3320f40Smarkfen <single_instance /> 45e3320f40Smarkfen 46e3320f40Smarkfen <!-- Read/Write access to /var/run required for lock files --> 47e3320f40Smarkfen <dependency 48e3320f40Smarkfen name='filesystem' 49e3320f40Smarkfen grouping='require_all' 50e3320f40Smarkfen restart_on='none' 51e3320f40Smarkfen type='service'> 52e3320f40Smarkfen <service_fmri 53e3320f40Smarkfen value='svc:/system/filesystem/minimal' 54e3320f40Smarkfen /> 55e3320f40Smarkfen </dependency> 56e3320f40Smarkfen <!-- Kernel needs to know IPsec supported algorithms --> 57e3320f40Smarkfen <dependency 58e3320f40Smarkfen name='algorithms' 59e3320f40Smarkfen grouping='require_all' 60e3320f40Smarkfen restart_on='none' 61e3320f40Smarkfen type='service'> 62e3320f40Smarkfen <service_fmri 63e3320f40Smarkfen value='svc:/network/ipsec/ipsecalgs' 64e3320f40Smarkfen /> 65e3320f40Smarkfen </dependency> 66e3320f40Smarkfen 67e3320f40Smarkfen <!-- If we are enabled, we should be running fairly early --> 68e3320f40Smarkfen 69e3320f40Smarkfen <dependent 70e3320f40Smarkfen name='ipseckey-network' 71e3320f40Smarkfen grouping='optional_all' 72e3320f40Smarkfen restart_on='none'> 73e3320f40Smarkfen <service_fmri 74e3320f40Smarkfen value='svc:/milestone/network' 75e3320f40Smarkfen /> 76e3320f40Smarkfen </dependent> 77e3320f40Smarkfen 78e3320f40Smarkfen <exec_method 79e3320f40Smarkfen type='method' 80e3320f40Smarkfen name='start' 81e3320f40Smarkfen exec='/usr/sbin/ipseckey -f %{config/config_file}' 82e3320f40Smarkfen timeout_seconds='60' 83e3320f40Smarkfen /> 84e3320f40Smarkfen 85e3320f40Smarkfen <!-- To prevent ipseckey generating warnings about duplicate 86e3320f40Smarkfen SAs when the service is refreshed, ipseckey will flush the 87*bbf21555SRichard Lowe existing SAs when its called from smf(7). --> 88e3320f40Smarkfen 89e3320f40Smarkfen <exec_method 90e3320f40Smarkfen type='method' 91e3320f40Smarkfen name='refresh' 92e3320f40Smarkfen exec='/usr/sbin/ipseckey -f %{config/config_file}' 93e3320f40Smarkfen timeout_seconds='60' 94e3320f40Smarkfen /> 95e3320f40Smarkfen 96e3320f40Smarkfen <exec_method 97e3320f40Smarkfen type='method' 98e3320f40Smarkfen name='stop' 99e3320f40Smarkfen exec='/usr/sbin/ipseckey flush' 100e3320f40Smarkfen timeout_seconds='60' 101e3320f40Smarkfen /> 102e3320f40Smarkfen 103e3320f40Smarkfen <property_group name='general' type='framework'> 104e3320f40Smarkfen <!-- A user with this authorization can: 105e3320f40Smarkfen 106e3320f40Smarkfen svcadm restart manual-key 107e3320f40Smarkfen svcadm refresh manual-key 108e3320f40Smarkfen svcadm mark <state> manual-key 109e3320f40Smarkfen svcadm clear manual-key 110e3320f40Smarkfen 111*bbf21555SRichard Lowe see auths(1) and user_attr(5)--> 112e3320f40Smarkfen 113e3320f40Smarkfen <propval 114e3320f40Smarkfen name='action_authorization' 115e3320f40Smarkfen type='astring' 116e3320f40Smarkfen value='solaris.smf.manage.ipsec' 117e3320f40Smarkfen /> 118e3320f40Smarkfen <!-- A user with this authorization can: 119e3320f40Smarkfen 120e3320f40Smarkfen svcadm disable manual-key 121e3320f40Smarkfen svcadm enable manual-key 122e3320f40Smarkfen 123*bbf21555SRichard Lowe see auths(1) and user_attr(5)--> 124e3320f40Smarkfen 125e3320f40Smarkfen <propval 126e3320f40Smarkfen name='value_authorization' 127e3320f40Smarkfen type='astring' 128e3320f40Smarkfen value='solaris.smf.manage.ipsec' 129e3320f40Smarkfen /> 130e3320f40Smarkfen </property_group> 131e3320f40Smarkfen 132e3320f40Smarkfen <!-- The properties defined below can be changed by a user 133*bbf21555SRichard Lowe with 'solaris.smf.value.ipsec' authorization using the 134*bbf21555SRichard Lowe svccfg(8) command. 135e3320f40Smarkfen 136e3320f40Smarkfen EG: 137e3320f40Smarkfen 138e3320f40Smarkfen svccfg -s manual-key setprop config/config_file = /new/config_file 139e3320f40Smarkfen 140e3320f40Smarkfen The new configurations will be read on service refresh: 141e3320f40Smarkfen 142e3320f40Smarkfen svcadm refresh ipsec/manual-key 143e3320f40Smarkfen 144e3320f40Smarkfen Note: svcadm disable/enable does not use the new property 145e3320f40Smarkfen until after the service has been refreshed. 146e3320f40Smarkfen 147e3320f40Smarkfen ***Do not edit this manifest to change these properties! --> 148e3320f40Smarkfen 149e3320f40Smarkfen <property_group name='config' type='application'> 150e3320f40Smarkfen <propval 151e3320f40Smarkfen name='config_file' 152e3320f40Smarkfen type='astring' 153e3320f40Smarkfen value='/etc/inet/secret/ipseckeys' 154e3320f40Smarkfen /> 155e3320f40Smarkfen <propval 156e3320f40Smarkfen name='value_authorization' 157e3320f40Smarkfen type='astring' 158e3320f40Smarkfen value='solaris.smf.value.ipsec' 159e3320f40Smarkfen /> 160e3320f40Smarkfen </property_group> 161e3320f40Smarkfen 162e3320f40Smarkfen <property_group name='startd' type='framework'> 163e3320f40Smarkfen <propval 164e3320f40Smarkfen name='duration' 165e3320f40Smarkfen type='astring' 166e3320f40Smarkfen value='transient' 167e3320f40Smarkfen /> 168e3320f40Smarkfen </property_group> 169e3320f40Smarkfen 170e3320f40Smarkfen <stability value='Unstable' /> 171e3320f40Smarkfen 172e3320f40Smarkfen <template> 173e3320f40Smarkfen <common_name> 174e3320f40Smarkfen <loctext xml:lang='C'> 175e3320f40Smarkfen manually keyed IPsec startup 176e3320f40Smarkfen </loctext> 177e3320f40Smarkfen </common_name> 178e3320f40Smarkfen <description> 179e3320f40Smarkfen <loctext xml:lang='C'> 180e3320f40Smarkfen Loads static security associations 181e3320f40Smarkfen </loctext> 182e3320f40Smarkfen </description> 183e3320f40Smarkfen <documentation> 184*bbf21555SRichard Lowe <manpage title='ipseckey' section='8' 185e3320f40Smarkfen manpath='/usr/share/man' /> 186e3320f40Smarkfen </documentation> 187e3320f40Smarkfen </template> 188e3320f40Smarkfen</service> 189e3320f40Smarkfen</service_bundle> 190e3320f40Smarkfen 191