xref: /onnv-gate/usr/src/cmd/tsol/labeld/svc-labeld (revision 13059:07ea2c89e2a2) 
14746Srica#!/sbin/sh
24746Srica#
34746Srica# CDDL HEADER START
44746Srica#
54746Srica# The contents of this file are subject to the terms of the
64746Srica# Common Development and Distribution License (the "License").
74746Srica# You may not use this file except in compliance with the License.
84746Srica#
94746Srica# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
104746Srica# or http://www.opensolaris.org/os/licensing.
114746Srica# See the License for the specific language governing permissions
124746Srica# and limitations under the License.
134746Srica#
144746Srica# When distributing Covered Code, include this CDDL HEADER in each
154746Srica# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
164746Srica# If applicable, add the following below this CDDL HEADER, with the
174746Srica# fields enclosed by brackets "[]" replaced with your own identifying
184746Srica# information: Portions Copyright [yyyy] [name of copyright owner]
194746Srica#
204746Srica# CDDL HEADER END
214746Srica#
22*13059SThuy.Fettig@oracle.COM# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
234746Srica#
244746Srica
254746Srica. /lib/svc/share/smf_include.sh
264746Srica
274746SricaROOT_PATH=""
284746Sricaif [ $# -gt 1 ]; then
294746Srica	if [ $# -ne 3 -o "$2" != "-R" ]; then
304746Srica		echo "$0: invalid syntax"
314746Srica		exit $SMF_EXIT_ERR_CONFIG
324746Srica	fi
334746Srica	if [ "$3" != "/" ]; then
344746Srica		ROOT_PATH=$3
354746Srica	fi
364746Sricafi
374746Sricaif [ -n "$ROOT_PATH" -a "$1" != "start" ]; then
384746Srica	echo "$0: invalid syntax: -R allowed for start method only"
394746Srica	exit $SMF_EXIT_ERR_CONFIG
404746Sricafi
414746Sricaif [ -n "$ROOT_PATH" -a ! -d "$ROOT_PATH" ]; then
424746Srica	echo "$0: invalid -R rootpath dir specified"
434746Srica	exit $SMF_EXIT_ERR_CONFIG
444746Sricafi
454746Srica
464746Sricaif smf_is_nonglobalzone; then
474746Srica	echo "$0: not supported in a local zone"
484746Srica	exit $SMF_EXIT_ERR_CONFIG
494746Sricafi
504746Srica
515743Sajrewrite_logindev()
525743Saj{
535743Saj	from="$1"
545743Saj	to="$2"
555743Saj	# Comment out audio, usb, removable-media, and hotpluggable device
565743Saj	# entries in /etc/logindevperm.
575743Saj	LOGINDEVPERM=$ROOT_PATH/etc/logindevperm
585743Saj	if [ ! -f $LOGINDEVPERM ]; then
595743Saj		return
605743Saj	fi
615743Saj	for line in \
6210941Snathan.bush@sun.com		"/dev/sound/" \
6310941Snathan.bush@sun.com		"/dev/removable-media/" \
6410941Snathan.bush@sun.com		"/dev/hotpluggable/" \
6510941Snathan.bush@sun.com		"/dev/usb/\[0-9a-f\]" \
665743Saj			; do
6710941Snathan.bush@sun.com		sed -e "s!^$from\([^# 	]\{1,\}[ 	}\{1,\}[0-9]\{1,\}[ 	]\{1,\}\)$line!$to\1$line!" \
6810941Snathan.bush@sun.com		    $LOGINDEVPERM > /tmp/tmp.$$
695743Saj		cp /tmp/tmp.$$ $LOGINDEVPERM
705743Saj	done
715743Saj	rm -f /tmp/tmp.$$
725743Saj}
735743Saj
744746Sricado_logindev()
754746Srica{
765743Saj	rewrite_logindev "" "#"
774746Srica}
784746Srica
794746Sricado_otherservices()
804746Srica{
814746Srica	# Setup dependent services
824746Srica	cat >> $ROOT_PATH/var/svc/profile/upgrade <<\__ENABLE_OTHERS
834746Srica		/usr/sbin/svcadm enable -s svc:/network/tnd:default
844746Srica		/usr/sbin/svcadm enable -s svc:/system/tsol-zones:default
854746Srica		/usr/sbin/svcadm enable svc:/network/rpc/rstat:default
864746Srica__ENABLE_OTHERS
874746Srica
884746Srica}
894746Srica
90*13059SThuy.Fettig@oracle.COMdo_audit_devalloc()
914746Srica{
92*13059SThuy.Fettig@oracle.COM	# Ensure auditing and device allocation are enabled by
934746Srica	# default with Trusted Extensions.
944746Srica	if [ "$ROOT_PATH" = "/" -o "$ROOT_PATH" = "" ]; then
95*13059SThuy.Fettig@oracle.COM		/usr/sbin/svcadm enable -s svc:/system/device/allocate:default
9611861SMarek.Pospisil@Sun.COM		echo "Starting auditd ..."
9711861SMarek.Pospisil@Sun.COM		/usr/sbin/audit -s
9811861SMarek.Pospisil@Sun.COM	else
9911861SMarek.Pospisil@Sun.COM		cat >> $ROOT_PATH/var/svc/profile/upgrade <<\_ENABLE_AUDITD
10011861SMarek.Pospisil@Sun.COM			/usr/sbin/audit -s
101*13059SThuy.Fettig@oracle.COM			/usr/sbin/svcadm enable -s svc:/system/device/allocate:default
10211861SMarek.Pospisil@Sun.COM_ENABLE_AUDITD
10311861SMarek.Pospisil@Sun.COM	fi
1044746Srica}
1054746Srica
1064746Sricado_nscd()
1074746Srica{
1084746Srica# For Trusted Extensions, make nscd service transient in local zones.
1094746Sricacat >> $ROOT_PATH/var/svc/profile/upgrade <<\_DEL_LOCAL_NSCD
1104746Srica	if [ `/sbin/zonename` != "global" ]; then
1114746Srica		nscd="svc:/system/name-service-cache"
1124746Srica		duration=""
1134746Srica		if /bin/svcprop -q -c -p startd/duration $nscd ; then
1144746Srica			duration=`/bin/svcprop -c -p startd/duration $nscd`
1154746Srica		fi
1164746Srica		if [ "$duration" != "transient" ]; then
1174746Srica			/usr/sbin/svccfg -s $nscd addpg startd framework
1184746Srica			/usr/sbin/svccfg -s $nscd setprop \
1194746Srica			    startd/duration = astring: transient
1204746Srica			/usr/sbin/svccfg -s $nscd setprop stop/exec = :true
1214746Srica			/usr/sbin/svcadm refresh $nscd
1224746Srica		fi
1234746Srica	fi
1244746Srica_DEL_LOCAL_NSCD
1254746Srica}
1264746Srica
1274746Sricado_bootupd()
1284746Srica{
1294746Srica	if [ -f $ROOT_PATH/platform/`/sbin/uname -m`/boot_archive ]; then
1304746Srica		if [ -z "$ROOT_PATH" -o "$ROOT_PATH" = "/" ]; then
1314746Srica			/sbin/bootadm update-archive
1324746Srica		else
1334746Srica			/sbin/bootadm update-archive -R $ROOT_PATH
1344746Srica		fi
1354746Srica	fi
1364746Srica}
1374746Srica
1385679Sricasetup_tx_changes(){
1395679Srica#
1405679Srica# No comments or blanks lines allowed in entries below
1415679Srica#
1425679Sricacat > ${TX_ENTRIES} << EOF
1435679Sricadtlogin		account		requisite	pam_roles.so.1
1445679Sricadtlogin		account		required	pam_unix_account.so.1
1455679Sricadtsession	account		requisite	pam_roles.so.1
1465679Sricadtsession	account		required	pam_unix_account.so.1
1475679Sricagdm		account		requisite	pam_roles.so.1
1485679Sricagdm		account		required	pam_unix_account.so.1
1495679Sricaxscreensaver	account		requisite	pam_roles.so.1
1505679Sricaxscreensaver	account		required	pam_unix_account.so.1
1515679Sricapasswd		account		requisite	pam_roles.so.1
1525679Sricapasswd		account		required	pam_unix_account.so.1
1535679Sricadtpasswd	account		requisite	pam_roles.so.1
1545679Sricadtpasswd	account		required	pam_unix_account.so.1
1555865Sricatsoljds-tstripe	account		requisite	pam_roles.so.1
1565865Sricatsoljds-tstripe	account		required	pam_unix_account.so.1
1575679Sricaother		account		required	pam_tsol_account.so.1
1585679SricaEOF
1595679Srica}
1605679Srica
1615679Sricado_addpam()
1625679Srica{
1635679Srica	PAM_TMP=/tmp/pam_conf.$$
1645679Srica	TX_ENTRIES=$PAM_TMP/sct.$$
1655679Srica	PAM_DEST=$ROOT_PATH/etc/pam.conf
1665679Srica
1675679Srica	mkdir $PAM_TMP  || exit $SMF_EXIT_ERR_FATAL
1685679Srica	setup_tx_changes
1695679Srica
1705679Srica	# verify that pam.conf file exists...
1715679Srica	if [ ! -f ${PAM_DEST} ]; then
1725679Srica		echo "$0: ${PAM_DEST} not found; aborting"
1735679Srica		exit $SMF_EXIT_ERR_FATAL
1745679Srica	fi
1755679Srica
1765679Srica	#
1775679Srica	# Update pam.conf to append Trusted Extensions entries if not
1785679Srica	# already present.
1795679Srica	#
1805679Srica	rm -f /tmp/pamconf.$$
1815679Srica	while read e1 e2 e3 e4 e5
1825679Srica	do
1835679Srica		# If this is the 'other' entry, add it unless it already
1845679Srica		# exists.
1855679Srica		if [ $e1 = "other" ]; then
1865679Srica			grep \
1875679Srica"^[# 	]*$e1[ 	][ 	]*$e2[ 	][ 	]*$e3[ 	][ 	]*$e4" \
1885679Srica			    $PAM_DEST >/dev/null 2>&1
1895679Srica			if [ $? = 1 ] ; then
1905679Srica				# Doesn't exist, enter into pam.conf
1915679Srica				echo "$e1\t$e2 $e3\t\t$e4 $e5" \
1925679Srica				    >> /tmp/pamconf.$$
1935679Srica			fi
1945679Srica		else
1955679Srica			# Add other entries unless they already have a
1965679Srica			# stack of their own.
1975679Srica			grep "^[# 	]*$e1[ 	][ 	]*$e2[ 	]" \
1985679Srica			    $PAM_DEST >/dev/null 2>&1
1995679Srica			if [ $? = 1 ] ; then
2005679Srica				echo "$e1\t$e2 $e3\t\t$e4 $e5" \
2015679Srica				    >> /tmp/pamconf.$$
2025679Srica			fi
2035679Srica		fi
2045679Srica	done < ${TX_ENTRIES}
2055679Srica	# Append TX lines if any were not present already.
2065679Srica	if [ -f /tmp/pamconf.$$ ] ; then
2075679Srica		echo "# Entries for Trusted Extensions" >> $PAM_DEST
2085679Srica		cat /tmp/pamconf.$$ >> $PAM_DEST
2095679Srica		echo "$0: updating $PAM_DEST entries for Trusted Extensions;"
2105679Srica		echo "$0: please examine/update any new entries"
2115679Srica    		rm -f /tmp/pamconf.$$
2125679Srica    	fi
2135679Srica
2145679Srica	rm -rf $PAM_TMP
2155679Srica}
2165679Srica
2175679Sricado_pamremove()
2185679Srica{
2195679Srica	PAM_TMP=/tmp/pam_conf.$$
2205679Srica	TX_ENTRIES=$PAM_TMP/sct.$$
2215679Srica	PAM_DEST=$ROOT_PATH/etc/pam.conf
2225679Srica	TMPFILE=$PAM_TMP/pam.conf
2235679Srica
2245679Srica	mkdir $PAM_TMP  || exit $SMF_EXIT_ERR_FATAL
2255679Srica
2265679Srica	# verify that pam.conf file exists...
2275679Srica	if [ ! -f ${PAM_DEST} ]; then
2285679Srica		echo "$0: ${PAM_DEST} not found; aborting"
2295679Srica		exit $SMF_EXIT_ERR_FATAL
2305679Srica	fi
2315679Srica
2325679Srica
2335679Srica	grep '^[a-z].*pam_tsol_account' $PAM_DEST > /dev/null 2>&1
2345679Srica	if [ $? -ne 0 ]; then
2355679Srica		echo "$0: pam_tsol_account module not present,"
2365679Srica		echo "$0: No changes were made to $PAM_DEST."
2375679Srica		return
2385679Srica	fi
2395679Srica
2405679Srica	grep -v pam_tsol_account $PAM_DEST > $TMPFILE
2415679Srica	echo "$0: $PAM_DEST "tsol" entries removed"
2425679Srica	cp $TMPFILE $PAM_DEST
2435679Srica
2445679Srica	rm -rf $PAM_TMP
2455679Srica}
2465679Srica
2474746Sricado_commonstart()
2484746Srica{
2494746Srica	echo "$0: Updating $ROOT_PATH/etc/system..."
2504746Srica	if [ ! -f ${ROOT_PATH}/etc/system ]; then
2514746Srica		touch ${ROOT_PATH}/etc/system
2524746Srica	fi
2534746Srica
2544746Srica	# Set sys_labeling in etc/system
2554746Srica	grep -v "sys_labeling=" ${ROOT_PATH}/etc/system > /tmp/etc.system.$$
2564746Srica	echo "set sys_labeling=1" >> /tmp/etc.system.$$
2574746Srica	mv /tmp/etc.system.$$ ${ROOT_PATH}/etc/system
2584746Srica	grep "set sys_labeling=1" ${ROOT_PATH}/etc/system > /dev/null 2>&1
2594746Srica	if [ $? -ne 0 ]; then
2604746Srica    		echo "$0: ERROR: cannot set sys_labeling in $ROOT_PATH/etc/system"
2614746Srica		exit $SMF_EXIT_ERR_FATAL
2624746Srica	fi
2634746Srica
2644746Srica	# Setup dependent services
2654746Srica	do_otherservices
2664746Srica
2674746Srica	do_logindev
268*13059SThuy.Fettig@oracle.COM	do_audit_devalloc
2694746Srica	do_nscd
2705679Srica	do_addpam
2715679Srica
2725679Srica	do_bootupd
2734746Srica}
2744746Srica
2756167Sjpkdo_servicetag_register()
2766167Sjpk{
2776167Sjpk	ROOTDIR=$1
2786167Sjpk	SOL_ARCH=`/sbin/uname -p`
2796167Sjpk	SOL_VERS=`/sbin/uname -r`
2806167Sjpk	TX_PROD_URN="urn:uuid:fc720df3-410f-11dc-9b8e-080020a9ed93"
2816167Sjpk
2826167Sjpk	if [ ! -x /usr/bin/stclient ]; then
2836167Sjpk		return
2846167Sjpk	fi
2856167Sjpk
2866167Sjpk	# if already registered then do nothing more here
2876167Sjpk	inst=`/usr/bin/svcprop -p labeld/svctag_inst $SMF_FMRI 2>/dev/null`
2886167Sjpk	if [ -n "$inst" ]; then
2896167Sjpk		# this instance id was saved in a SMF property
2906167Sjpk		/usr/bin/stclient -g -i $inst -r $ROOTDIR >/dev/null 2>&1
2916167Sjpk		if [ $? = 0 ]; then
2926167Sjpk			# matching service tag found, so do nothing
2936167Sjpk			return
2946167Sjpk		else
2956167Sjpk			# no match for instance id saved in SMF property
2966167Sjpk			/usr/sbin/svccfg -s $SMF_FMRI delprop \
2976167Sjpk			    labeld/svctag_inst
2986167Sjpk			/usr/sbin/svcadm refresh $SMF_FMRI
2996167Sjpk		fi
3006167Sjpk	fi
3016167Sjpk
3026167Sjpk
3036167Sjpk	# fall through: no service tag, or does not match saved instance id
3046167Sjpk
3056167Sjpk	# determine the urn of the parent (Solaris)
3066167Sjpk	SOL_PROD_URN=""
3076167Sjpk	case $SOL_VERS in
3086167Sjpk	5.11)
3096167Sjpk		SOL_PROD_URN="-F urn:uuid:6df19e63-7ef5-11db-a4bd-080020a9ed93"
3106167Sjpk		;;
3116167Sjpk	5.10)
3126167Sjpk		SOL_PROD_URN="-F urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113"
3136167Sjpk		;;
3146167Sjpk	esac
3156167Sjpk
3166167Sjpk	# add the service tag
3176167Sjpk	RC=`/usr/bin/stclient -a -p "Solaris Trusted Extensions"	\
3186167Sjpk	    -e $SOL_VERS -t $TX_PROD_URN -P Solaris $SOL_PROD_URN	\
3196167Sjpk	    -m Sun -A $SOL_ARCH -z global -S $0 -r $ROOTDIR`
3206167Sjpk	if [ $? = 0 ]; then
3216167Sjpk		# save instance id in SMF property
3226167Sjpk		inst=`echo "$RC" | grep -i urn|awk -F=  '{print $2}'`
3236167Sjpk		/usr/sbin/svccfg -s $SMF_FMRI setprop \
3246167Sjpk		    labeld/svctag_inst = astring: "$inst"
3256167Sjpk		/usr/sbin/svcadm refresh $SMF_FMRI
3266167Sjpk	fi
3276167Sjpk}
3286167Sjpk
3296167Sjpkdo_servicetag_delete()
3306167Sjpk{
3316167Sjpk	if [ ! -x /usr/bin/stclient ]; then
3326167Sjpk		return
3336167Sjpk	fi
3346167Sjpk
3356167Sjpk	inst=`/usr/bin/svcprop -p labeld/svctag_inst $SMF_FMRI 2>/dev/null`
3366167Sjpk
3376167Sjpk	if [ -n "$inst" ]; then
3386167Sjpk		# delete service tag
3396167Sjpk		/usr/bin/stclient -d -i $inst
3406167Sjpk		# delete saved instance id
3416167Sjpk		/usr/sbin/svccfg -s $SMF_FMRI delprop labeld/svctag_inst
3426167Sjpk		/usr/sbin/svcadm refresh $SMF_FMRI
3436167Sjpk	fi
3446167Sjpk}
3456167Sjpk
3464746Srica
3474746Sricadaemon_start()
3484746Srica{
3494746Srica	# If a labeld door exists, check for a labeld process and exit
3504746Srica	# if the daemon is already running.
3514746Srica	if [ -r /var/tsol/doors/labeld ]; then
3524746Srica		if /usr/bin/pgrep -x -u 0 -P 1 labeld >/dev/null 2>&1; then
3534746Srica			echo "$0: labeld is already running"
3544746Srica			exit $SMF_EXIT_ERR_FATAL
3554746Srica		fi
3564746Srica	fi
3574746Srica	/usr/bin/rm -f /var/tsol/doors/labeld
3584746Srica	/usr/lib/labeld
3594746Srica}
3604746Srica
3614746SricaPATH=/usr/sbin:/usr/bin; export PATH
3624746Srica
3634746Sricacase "$1" in
3644746Srica'start')
3654746Srica	if [ -z "$ROOT_PATH" -o "$ROOT_PATH" = "/" ]; then
3664746Srica		# native
3674746Srica
3684746Srica		if [ -z "$SMF_FMRI" ]; then
3694746Srica			echo "$0: this script can only be invoked by smf(5)"
3704746Srica			exit $SMF_EXIT_ERR_NOSMF
3714746Srica		fi
3724746Srica
3734746Srica		tx_enabled=`/usr/bin/svcprop -c -p general/enabled $SMF_FMRI`
3744746Srica		if [ "$tx_enabled" = "false" ]; then
3754746Srica			# A sign of trying temporary enablement...no-no
3764746Srica			echo "$0: Temporarily enabling Trusted Extensions is not allowed."
3774746Srica			exit $SMF_EXIT_ERR_CONFIG
3784746Srica		fi
3794746Srica
3804746Srica		if (smf_is_system_labeled); then
3816794Sjpk			do_servicetag_register /
3824746Srica			daemon_start
3834746Srica			exit $SMF_EXIT_OK
3844746Srica		fi
3854746Srica
3864746Srica		# Make changes to enable Trusted Extensions
3874746Srica		grep "^set sys_labeling=1" ${ROOT_PATH}/etc/system > /dev/null 2>&1
3884746Srica		if [ $? -eq 0 ]; then
3894746Srica			echo "$0: already enabled. Exiting."
3904746Srica			exit $SMF_EXIT_OK
3914746Srica		fi
3924746Srica
3934746Srica		if [ "`/usr/sbin/zoneadm list -c`" != "global" ]; then
3944746Srica			echo "$0: Must remove zones before enabling Trusted Extensions."
3954746Srica			exit $SMF_EXIT_ERR_CONFIG
3964746Srica		fi
3974746Srica
3984746Srica		do_commonstart
3994746Srica
4006167Sjpk		do_servicetag_register /
4016167Sjpk
4024746Srica		# start daemon proccess so our service doesn't go into
4034746Srica		# maintenance state
4044746Srica		daemon_start
4054746Srica
4064746Srica		echo "$0: Started.  Must reboot and configure Trusted Extensions."
4074746Srica	else
4084746Srica		# Support jumpstart etc
4094746Srica
4104746Srica		# Make changes to enable Trusted Extensions
4114746Srica		grep "^set sys_labeling=1" ${ROOT_PATH}/etc/system > /dev/null 2>&1
4124746Srica		if [ $? -eq 0 ]; then
4134746Srica			echo "$0: already enabled. Exiting."
4144746Srica			exit $SMF_EXIT_OK
4154746Srica		fi
4164746Srica
4174746Srica		# Setup dependent services
4184746Srica		cat >> $ROOT_PATH/var/svc/profile/upgrade <<\__TRUSTED_ENABLE
4194746Srica			/usr/sbin/svcadm enable -s svc:/system/labeld:default
4204746Srica__TRUSTED_ENABLE
4214746Srica
4224746Srica		do_commonstart
4236167Sjpk		do_servicetag_register $ROOT_PATH
4244746Srica		echo "$0: Started.  Must configure Trusted Extensions before booting."
4254746Srica	fi
4264746Srica	;;
4274746Srica
4284746Srica'stop')
4294746Srica	tx_enabled=`/usr/bin/svcprop -c -p general/enabled $SMF_FMRI`
4304746Srica	if [ "$tx_enabled" = "true" ]; then
4314746Srica		/usr/bin/pkill -x -u 0 -P 1 -z `smf_zonename` labeld
4324746Srica		exit $SMF_EXIT_OK
4334746Srica	fi
4344746Srica
4354746Srica	if [ "`/usr/sbin/zoneadm list -c`" != "global" ]; then
4364746Srica		echo "$0: Must remove zones before disabling Trusted Extensions."
4374746Srica		exit $SMF_EXIT_ERR_CONFIG
4384746Srica	fi
4394746Srica
4404746Srica	# Stop Trusted services.
4414746Srica	/usr/sbin/svcadm disable svc:/system/tsol-zones:default 2>/dev/null
4424746Srica	/usr/sbin/svcadm disable svc:/network/tnd:default 2>/dev/null
4434746Srica
4445743Saj	# Uncomment audio, usb, removable-media, and hotpluggable device
4455743Saj	# entries in /etc/logindevperm.
4465743Saj	rewrite_logindev "#" ""
4474746Srica
4484746Srica	# Remove sys_labeling from /etc/system
4494746Srica	grep -v "sys_labeling" ${ROOT_PATH}/etc/system > /tmp/etc.system.$$
4504746Srica	mv /tmp/etc.system.$$ ${ROOT_PATH}/etc/system
4514746Srica	grep "sys_labeling" ${ROOT_PATH}/etc/system > /dev/null 2>&1
4524746Srica	if [ $? -eq 0 ]; then
4534746Srica    		echo "$0: ERROR: cannot remove sys_labeling in $ROOT_PATH/etc/system"
4544746Srica		exit $SMF_EXIT_ERR_FATAL
4554746Srica	fi
4564746Srica
4575679Srica	do_pamremove
4586167Sjpk	do_servicetag_delete
4596167Sjpk
4604746Srica	do_bootupd
4614746Srica
4624746Srica	/usr/bin/pkill -x -u 0 -P 1 -z `smf_zonename` labeld
4634746Srica	echo "$0: Stopped.  Will take effect at next boot."
4644746Srica	;;
4654746Srica
4664746Srica*)
4674746Srica	echo "Usage: $0 { start | stop }"
4684746Srica	exit 1
4694746Srica	;;
4704746Sricaesac
4714746Srica
4724746Sricaexit $SMF_EXIT_OK
4734746Srica
4746167Sjpk
475