1*4235Smarkfen<?xml version="1.0"?> 2*4235Smarkfen<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> 3*4235Smarkfen<!-- 4*4235Smarkfen Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5*4235Smarkfen Use is subject to license terms. 6*4235Smarkfen 7*4235Smarkfen CDDL HEADER START 8*4235Smarkfen 9*4235Smarkfen The contents of this file are subject to the terms of the 10*4235Smarkfen Common Development and Distribution License (the "License"). 11*4235Smarkfen You may not use this file except in compliance with the License. 12*4235Smarkfen 13*4235Smarkfen You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 14*4235Smarkfen or http://www.opensolaris.org/os/licensing. 15*4235Smarkfen See the License for the specific language governing permissions 16*4235Smarkfen and limitations under the License. 17*4235Smarkfen 18*4235Smarkfen When distributing Covered Code, include this CDDL HEADER in each 19*4235Smarkfen file and include the License file at usr/src/OPENSOLARIS.LICENSE. 20*4235Smarkfen If applicable, add the following below this CDDL HEADER, with the 21*4235Smarkfen fields enclosed by brackets "[]" replaced with your own identifying 22*4235Smarkfen information: Portions Copyright [yyyy] [name of copyright owner] 23*4235Smarkfen 24*4235Smarkfen CDDL HEADER END 25*4235Smarkfen 26*4235Smarkfen ident "%Z%%M% %I% %E% SMI" 27*4235Smarkfen 28*4235Smarkfen NOTE: This service manifest is not editable; its contents will 29*4235Smarkfen be overwritten by package or patch operations, including 30*4235Smarkfen operating system upgrade. Make customizations in a different 31*4235Smarkfen file. 32*4235Smarkfen--> 33*4235Smarkfen<service_bundle type='manifest' name='SUNWcsr:manual-key'> 34*4235Smarkfen 35*4235Smarkfen<service 36*4235Smarkfen name='network/ipsec/manual-key' 37*4235Smarkfen type='service' 38*4235Smarkfen version='1'> 39*4235Smarkfen 40*4235Smarkfen <!-- The 'manual-key' service is delivered disabled 41*4235Smarkfen because there is not a default configuration file. 42*4235Smarkfen See note below on changing the default configuration file. --> 43*4235Smarkfen 44*4235Smarkfen <create_default_instance enabled='false' /> 45*4235Smarkfen 46*4235Smarkfen <single_instance /> 47*4235Smarkfen 48*4235Smarkfen <!-- Read/Write access to /var/run required for lock files --> 49*4235Smarkfen <dependency 50*4235Smarkfen name='filesystem' 51*4235Smarkfen grouping='require_all' 52*4235Smarkfen restart_on='none' 53*4235Smarkfen type='service'> 54*4235Smarkfen <service_fmri 55*4235Smarkfen value='svc:/system/filesystem/minimal' 56*4235Smarkfen /> 57*4235Smarkfen </dependency> 58*4235Smarkfen <!-- Kernel needs to know IPsec supported algorithms --> 59*4235Smarkfen <dependency 60*4235Smarkfen name='algorithms' 61*4235Smarkfen grouping='require_all' 62*4235Smarkfen restart_on='none' 63*4235Smarkfen type='service'> 64*4235Smarkfen <service_fmri 65*4235Smarkfen value='svc:/network/ipsec/ipsecalgs' 66*4235Smarkfen /> 67*4235Smarkfen </dependency> 68*4235Smarkfen 69*4235Smarkfen <!-- If we are enabled, we should be running fairly early --> 70*4235Smarkfen 71*4235Smarkfen <dependent 72*4235Smarkfen name='ipseckey-network' 73*4235Smarkfen grouping='optional_all' 74*4235Smarkfen restart_on='none'> 75*4235Smarkfen <service_fmri 76*4235Smarkfen value='svc:/milestone/network' 77*4235Smarkfen /> 78*4235Smarkfen </dependent> 79*4235Smarkfen 80*4235Smarkfen <exec_method 81*4235Smarkfen type='method' 82*4235Smarkfen name='start' 83*4235Smarkfen exec='/usr/sbin/ipseckey -f %{config/config_file}' 84*4235Smarkfen timeout_seconds='60' 85*4235Smarkfen /> 86*4235Smarkfen 87*4235Smarkfen <!-- To prevent ipseckey generating warnings about duplicate 88*4235Smarkfen SAs when the service is refreshed, ipseckey will flush the 89*4235Smarkfen existing SAs when its called from smf(5). --> 90*4235Smarkfen 91*4235Smarkfen <exec_method 92*4235Smarkfen type='method' 93*4235Smarkfen name='refresh' 94*4235Smarkfen exec='/usr/sbin/ipseckey -f %{config/config_file}' 95*4235Smarkfen timeout_seconds='60' 96*4235Smarkfen /> 97*4235Smarkfen 98*4235Smarkfen <exec_method 99*4235Smarkfen type='method' 100*4235Smarkfen name='stop' 101*4235Smarkfen exec='/usr/sbin/ipseckey flush' 102*4235Smarkfen timeout_seconds='60' 103*4235Smarkfen /> 104*4235Smarkfen 105*4235Smarkfen <property_group name='general' type='framework'> 106*4235Smarkfen <!-- A user with this authorization can: 107*4235Smarkfen 108*4235Smarkfen svcadm restart manual-key 109*4235Smarkfen svcadm refresh manual-key 110*4235Smarkfen svcadm mark <state> manual-key 111*4235Smarkfen svcadm clear manual-key 112*4235Smarkfen 113*4235Smarkfen see auths(1) and user_attr(4)--> 114*4235Smarkfen 115*4235Smarkfen <propval 116*4235Smarkfen name='action_authorization' 117*4235Smarkfen type='astring' 118*4235Smarkfen value='solaris.smf.manage.ipsec' 119*4235Smarkfen /> 120*4235Smarkfen <!-- A user with this authorization can: 121*4235Smarkfen 122*4235Smarkfen svcadm disable manual-key 123*4235Smarkfen svcadm enable manual-key 124*4235Smarkfen 125*4235Smarkfen see auths(1) and user_attr(4)--> 126*4235Smarkfen 127*4235Smarkfen <propval 128*4235Smarkfen name='value_authorization' 129*4235Smarkfen type='astring' 130*4235Smarkfen value='solaris.smf.manage.ipsec' 131*4235Smarkfen /> 132*4235Smarkfen </property_group> 133*4235Smarkfen 134*4235Smarkfen <!-- The properties defined below can be changed by a user 135*4235Smarkfen with 'solaris.smf.value.ipsec' authorization using the 136*4235Smarkfen svccfg(1M) command. 137*4235Smarkfen 138*4235Smarkfen EG: 139*4235Smarkfen 140*4235Smarkfen svccfg -s manual-key setprop config/config_file = /new/config_file 141*4235Smarkfen 142*4235Smarkfen The new configurations will be read on service refresh: 143*4235Smarkfen 144*4235Smarkfen svcadm refresh ipsec/manual-key 145*4235Smarkfen 146*4235Smarkfen Note: svcadm disable/enable does not use the new property 147*4235Smarkfen until after the service has been refreshed. 148*4235Smarkfen 149*4235Smarkfen ***Do not edit this manifest to change these properties! --> 150*4235Smarkfen 151*4235Smarkfen <property_group name='config' type='application'> 152*4235Smarkfen <propval 153*4235Smarkfen name='config_file' 154*4235Smarkfen type='astring' 155*4235Smarkfen value='/etc/inet/secret/ipseckeys' 156*4235Smarkfen /> 157*4235Smarkfen <propval 158*4235Smarkfen name='value_authorization' 159*4235Smarkfen type='astring' 160*4235Smarkfen value='solaris.smf.value.ipsec' 161*4235Smarkfen /> 162*4235Smarkfen </property_group> 163*4235Smarkfen 164*4235Smarkfen <property_group name='startd' type='framework'> 165*4235Smarkfen <propval 166*4235Smarkfen name='duration' 167*4235Smarkfen type='astring' 168*4235Smarkfen value='transient' 169*4235Smarkfen /> 170*4235Smarkfen </property_group> 171*4235Smarkfen 172*4235Smarkfen <stability value='Unstable' /> 173*4235Smarkfen 174*4235Smarkfen <template> 175*4235Smarkfen <common_name> 176*4235Smarkfen <loctext xml:lang='C'> 177*4235Smarkfen manually keyed IPsec startup 178*4235Smarkfen </loctext> 179*4235Smarkfen </common_name> 180*4235Smarkfen <description> 181*4235Smarkfen <loctext xml:lang='C'> 182*4235Smarkfen Loads static security associations 183*4235Smarkfen </loctext> 184*4235Smarkfen </description> 185*4235Smarkfen <documentation> 186*4235Smarkfen <manpage title='ipseckey' section='1M' 187*4235Smarkfen manpath='/usr/share/man' /> 188*4235Smarkfen </documentation> 189*4235Smarkfen </template> 190*4235Smarkfen</service> 191*4235Smarkfen</service_bundle> 192*4235Smarkfen 193