1 #!/sbin/sh
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22 #
23 # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 # Copyright 2012 Milan Jurik. All rights reserved.
25 #
26
27 . /lib/svc/share/smf_include.sh
28 . /lib/svc/share/net_include.sh
29
30 # FMRI constants
31 IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
32 IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
33 IPFILTER_FMRI="svc:/network/ipfilter:default"
34 NIS_CLIENT_FMRI="svc:/network/nis/client:default"
35 NET_PHYS_FMRI="svc:/network/physical:default"
36 NET_NWAM_FMRI="svc:/network/physical:nwam"
37 NET_LOC_FMRI="svc:/network/location:default"
38 NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
39
40 #
41 # Default *.conf files
42 # Set appropriate config SMF property to these files when NWAM is stopped
43 # and corresponding config properties in the Legacy location are emtpy
44 #
45 IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
46 IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
47 IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
48 IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
49 IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
50
51 # commands
52 BASENAME=/usr/bin/basename
53 CAT=/usr/bin/cat
54 CP=/usr/bin/cp
55 DOMAINNAME=/usr/bin/domainname
56 GREP=/usr/bin/grep
57 LDAPCLIENT=/usr/sbin/ldapclient
58 MKDIR=/usr/bin/mkdir
59 MKFIFO=/usr/bin/mkfifo
60 AWK=/usr/xpg4/bin/awk
61 NWAMCFG=/usr/sbin/nwamcfg
62 RM=/usr/bin/rm
63 SVCADM=/usr/sbin/svcadm
64 SVCCFG=/usr/sbin/svccfg
65 SVCPROP=/usr/bin/svcprop
66
67 # Path to directories
68 # We don't have a writable file system so we write to /etc/svc/volatile and
69 # then later copy anything interesting to /etc/nwam.
70 VOL_NWAM_PATH=/etc/svc/volatile/nwam
71 VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
72 PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
73 NIS_BIND_PATH=/var/yp/binding
74
75 #
76 # copy_to_legacy_loc <file>
77 #
78 # Copies the file to the Legacy location directory
79 # (in /etc/svc/volatile/nwam/Legacy)
80 #
81 copy_to_legacy_loc() {
82 $MKDIR -p $VOL_LEGACY_PATH
83 if [ -f "$1" ]; then
84 $CP -p $1 $VOL_LEGACY_PATH
85 fi
86 }
87
88 #
89 # copy_from_legacy_loc <destination file>
90 #
91 # Copies file with the same name from Legacy location
92 # (in /etc/nwam/loc/Legacy) to the given destination file
93 #
94 copy_from_legacy_loc () {
95 DEST_DIR=`/usr/bin/dirname $1`
96 SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`"
97
98 # Make destination directory if needed
99 if [ ! -d "$DEST_DIR" ]; then
100 $MKDIR -p $DEST_DIR
101 fi
102
103 if [ -f "$SRC_FILE" ]; then
104 $CP -p $SRC_FILE $DEST_DIR
105 fi
106 }
107
108 #
109 # write_loc_prop <property> <value> <file>
110 #
111 # Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
112 #
113 write_loc_prop () {
114 prop=$1
115 val=$2
116 file=$3
117
118 if [ -n "$val" -a -n "$file" ]; then
119 echo "set $prop=$val" >> $file
120 fi
121 }
122
123 #
124 # set_smf_prop <fmri> <property name> <property value>
125 #
126 set_smf_prop () {
127 $SVCCFG -s $1 setprop $2 = astring: "$3" && return
128 }
129
130 #
131 # get_smf_prop <fmri> <property name>
132 #
133 get_smf_prop () {
134 $SVCPROP -p $2 $1
135 }
136
137 #
138 # Creates Legacy location from the current configuration
139 #
140 create_legacy_loc () {
141 CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy
142
143 #
144 # Write nwamcfg commands to create Legacy location to
145 # $CREATE_LOC_LEGACY_FILE as values for properties are determined
146 # Note that some of the *_CONFIG_FILE variables point at copies of
147 # files we've made and others indicate where those copies should be
148 # if we are enabling the location.
149 #
150 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
151 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
152
153 NAMESERVICES=""
154 NAMESERVICES_CONFIG_FILE=""
155 DNS_NAMESERVICE_CONFIGSRC=""
156 DNS_NAMESERVICE_DOMAIN=""
157 DNS_NAMESERVICE_SERVERS=""
158 DNS_NAMESERVICE_SEARCH=""
159 NIS_NAMESERVICE_CONFIGSRC=""
160 NIS_NAMESERVICE_SERVERS=""
161 LDAP_NAMESERVICE_CONFIGSRC=""
162 LDAP_NAMESERVICE_SERVERS=""
163 DEFAULT_DOMAIN=""
164
165 # Copy /etc/nsswitch.conf file
166 copy_to_legacy_loc /etc/nsswitch.conf
167 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
168
169 # Gather DNS info from resolv.conf if present.
170 if [ -f /etc/resolv.conf ]; then
171 NAMESERVICES="dns,"
172 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
173 if [ $? -eq 0 ]; then
174 DNS_NAMESERVICE_CONFIGSRC="dhcp"
175 else
176 DNS_NAMESERVICE_CONFIGSRC="manual"
177 DNS_NAMESERVICE_DOMAIN=`$AWK '$1 == "domain" {\
178 print $2 }' < /etc/resolv.conf`
179 DNS_NAMESERVICE_SERVERS=`$AWK '$1 == "nameserver" \
180 { printf "%s,", $2 }' < /etc/resolv.conf`
181 DNS_NAMESERVICE_SEARCH=`$AWK '$1 == "search" \
182 { printf "%s,", $2 }' < /etc/resolv.conf`
183 copy_to_legacy_loc /etc/resolv.conf
184 fi
185 fi
186
187 # Gather NIS info from appropriate file if present.
188 if service_is_enabled $NIS_CLIENT_FMRI; then
189 NAMESERVICES="${NAMESERVICES}nis,"
190 NIS_NAMESERVICE_CONFIGSRC="manual"
191 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
192
193 yp_servers=`$AWK '{ printf "%s ", $1 }' \
194 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
195 for serv in $yp_servers; do
196 if is_valid_addr $serv; then
197 addr="$serv,"
198 else
199 addr=`$GREP -iw $serv /etc/inet/hosts | \
200 $AWK '{ printf "%s,", $1 }'`
201 fi
202 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
203 done
204 fi
205
206 # Gather LDAP info via ldapclient(1M).
207 if [ -f /var/ldap/ldap_client_file ]; then
208 copy_to_legacy /var/ldap/ldap_client_file
209 NAMESERVICES="${NAMESERVICES}ldap,"
210 LDAP_NAMESERVICE_CONFIGSRC="manual"
211 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
212 $AWK '$1 == "preferredServerList:" { print $2 }'`
213 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
214 fi
215
216 # Now, write nwamcfg commands for nameservices
217 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
218 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
219 $CREATE_LOC_LEGACY_FILE
220 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
221 $CREATE_LOC_LEGACY_FILE
222 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
223 $CREATE_LOC_LEGACY_FILE
224 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
225 $CREATE_LOC_LEGACY_FILE
226 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
227 $CREATE_LOC_LEGACY_FILE
228 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
229 $CREATE_LOC_LEGACY_FILE
230 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
231 $CREATE_LOC_LEGACY_FILE
232 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
233 $CREATE_LOC_LEGACY_FILE
234 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
235 $CREATE_LOC_LEGACY_FILE
236 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
237
238 # Retrieve NFSv4 domain from SMF.
239 if service_is_enabled $NFS_MAPID_FMRI; then
240 NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \
241 nfs-props/nfsmapid_domain`
242 write_loc_prop "nfsv4-domain" \
243 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
244 fi
245
246 IPF_CONFIG_FILE=""
247 IPF6_CONFIG_FILE=""
248 IPNAT_CONFIG_FILE=""
249 IPPOOL_CONFIG_FILE=""
250 IKE_CONFIG_FILE=""
251 IPSEC_POLICY_CONFIG_FILE=""
252
253 #
254 # IPFilter
255 #
256 # If the firewall policy is "custom", simply copy the
257 # custom_policy_file. If the firewall policy is "none", "allow" or
258 # "deny", save the value as "/<value>". When reverting back to the
259 # Legacy location, these values will have to be treated as special.
260 #
261 # For all configuration files, copy them to the Legacy directory.
262 # Use the respective properties to remember the original locations
263 # of the files so that they can be copied back there when NWAM is
264 # stopped.
265 #
266 if service_is_enabled $IPFILTER_FMRI; then
267 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
268 firewall_config_default/policy`
269 if [ "$FIREWALL_POLICY" = "custom" ]; then
270 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
271 firewall_config_default/custom_policy_file`
272 copy_to_legacy_loc $IPF_CONFIG_FILE
273 else
274 # save value as /none, /allow, or /deny
275 IPF_CONFIG_FILE="/$FIREWALL_POLICY"
276 fi
277 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
278 config/ipf6_config_file`
279 copy_to_legacy_loc $IPF6_CONFIG_FILE
280
281 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
282 config/ipnat_config_file`
283 copy_to_legacy_loc $IPNAT_CONFIG_FILE
284
285 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
286 config/ippool_config_file`
287 copy_to_legacy_loc $IPPOOL_CONFIG_FILE
288 fi
289
290 # IKE
291 if service_is_enabled $IPSEC_IKE_FMRI:default; then
292 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
293 copy_to_legacy_loc $IKE_CONFIG_FILE
294 fi
295
296 # IPsec
297 if service_is_enabled $IPSEC_POLICY_FMRI:default; then
298 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
299 config/config_file`
300 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
301 fi
302
303 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
304 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
305 -o -f "$IPF_CONFIG_FILE" \) ]; then
306 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
307 $CREATE_LOC_LEGACY_FILE
308 fi
309 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
310 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
311 $CREATE_LOC_LEGACY_FILE
312 fi
313 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
314 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
315 $CREATE_LOC_LEGACY_FILE
316 fi
317 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
318 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
319 $CREATE_LOC_LEGACY_FILE
320 fi
321 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
322 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
323 $CREATE_LOC_LEGACY_FILE
324 fi
325 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
326 then
327 write_loc_prop "ipsecpolicy-config-file" \
328 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
329 fi
330
331 # End
332 echo "end" >> $CREATE_LOC_LEGACY_FILE
333 # network/location will create the Legacy location with these commands.
334 }
335
336 #
337 # Undoes the effects of the Legacy location creation
338 #
339 revert_to_legacy_loc () {
340 $SVCADM disable dns/client
341 $SVCADM disable nis/client
342 $SVCADM disable ldap/client
343
344 # copy nsswitch.conf to /etc/nsswitch.conf
345 copy_from_legacy_loc /etc/nsswitch.conf
346
347 # DNS - copy resolv.conf to /etc/resolv.conf
348 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
349 copy_from_legacy_loc /etc/resolv.conf
350 $SVCADM enable dns/client
351 fi
352
353 # set /etc/defaultdomain and domainname(1M)
354 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
355 if [ -n "$DEFAULT_DOMAIN" ]; then
356 $DOMAINNAME $DEFAULT_DOMAIN
357 $DOMAINNAME > /etc/defaultdomain
358 fi
359
360 # NIS - directory and ypserver in /var/yp/binding/
361 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
362 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
363 if [ -n "$NIS_CONFIGSRC" ]; then
364 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
365 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
366 fi
367 if [ -n "$NIS_SERVERS" ]; then
368 echo "$NIS_SERVERS" | $AWK \
369 'FS="," { for (i = 1; i <= NF; i++) print $i }' \
370 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
371 fi
372 $SVCADM enable nis/client
373 fi
374
375 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
376 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
377 copy_from_legacy_loc /var/ldap/ldap_client_file
378 $SVCADM enable ldap/client
379 fi
380
381 # Copy back nfs NFSMAPID_DOMAIN
382 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
383 if [ -n "$NFSMAPID_DOMAIN" ]; then
384 set_smf_prop $NFS_MAPID_FMRI \
385 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
386 $SVCADM refresh $NFS_MAPID_FMRI
387 $SVCADM enable $NFS_MAPID_FMRI
388 fi
389
390 # IPFilter, IPsec, and IKE
391 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
392 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
393 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
394 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
395 ike_file=`nwam_get_loc_prop Legacy ike-config-file`
396 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
397
398 if [ -n "$ike_file" ]; then
399 copy_from_legacy_loc $ike_file
400 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
401 $SVCADM refresh $IPSEC_IKE_FMRI
402 $SVCADM enable $IPSEC_IKE_FMRI
403 else
404 set_smf_prop $IPSEC_IKE_FMRI config/config_file \
405 $IPSEC_IKE_DEFAULT_CONFIG_FILE
406 $SVCADM disable $IPSEC_IKE_FMRI
407 fi
408 if [ -n "$pol_file" ]; then
409 copy_from_legacy_loc $pol_file
410 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
411 $SVCADM refresh $IPSEC_POLICY_FMRI
412 $SVCADM enable $IPSEC_POLICY_FMRI
413 else
414 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
415 $IPSEC_POLICY_DEFAULT_CONFIG_FILE
416 $SVCADM disable $IPSEC_POLICY_FMRI
417 fi
418
419 refresh_ipf=false
420 if [ -n "$ipf_file" ]; then
421 # change /none, /allow, and /deny to firewall policy
422 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
423 -o "$ipf_file" = "/deny" ]; then
424 policy=`echo "$ipf_file" | $AWK 'FS="/" { print $2 }'`
425 set_smf_prop $IPFILTER_FMRI \
426 firewall_config_default/policy $policy
427 # no need to clear custom_policy_file as it isn't "custom"
428 else
429 copy_from_legacy_loc $ipf_file
430 set_smf_prop $IPFILTER_FMRI \
431 firewall_config_default/policy "custom"
432 set_smf_prop $IPFILTER_FMRI \
433 firewall_config_default/custom_policy_file $ipf_file
434 fi
435 refresh_ipf=true
436 fi
437 if [ -n "$ipf6_file" ]; then
438 copy_from_legacy_loc $ipf6_file
439 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
440 refresh_ipf=true
441 else
442 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
443 $IPF6_DEFAULT_CONFIG_FILE
444 fi
445 if [ -n "$ipnat_file" ]; then
446 copy_from_legacy_loc $ipnat_file
447 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
448 refresh_ipf=true
449 else
450 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
451 $IPNAT_DEFAULT_CONFIG_FILE
452 fi
453 if [ -n "$ippool_file" ]; then
454 copy_from_legacy_loc $ippool_file
455 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
456 $ippool_file
457 refresh_ipf=true
458 else
459 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
460 $IPPOOL_DEFAULT_CONFIG_FILE
461 fi
462
463 $SVCADM refresh $IPFILTER_FMRI
464 if [ "$refresh_ipf" = "true" ]; then
465 $SVCADM enable $IPFILTER_FMRI
466 else
467 $SVCADM disable $IPFILTER_FMRI
468 fi
469
470 # Remove the Legacy directories, script and location
471 $RM -rf $VOL_LEGACY_PATH
472 $RM -rf $PERM_LEGACY_PATH
473 $RM -f $VOL_NWAM_PATH/create_loc_legacy
474 $NWAMCFG destroy loc Legacy
475 }
476
477 #
478 # Script entry point
479 #
480 # Arguments to net-nwam are
481 # method ( start | refresh | stop | -u | -c )
482 #
483
484 #
485 # Create nwam directory in /etc/svc/volatile
486 #
487 if [ ! -d $VOL_NWAM_PATH ]; then
488 $MKDIR -m 0755 $VOL_NWAM_PATH
489 fi
490
491 case "$1" in
492 'refresh')
493 /usr/bin/pkill -HUP -z `smf_zonename` nwamd
494 #
495 # Enable network/location. Needed on first boot post-install as
496 # network/location will not exist until after manifest-import runs.
497 #
498 if service_exists $NET_LOC_FMRI ; then
499 $SVCADM enable -t $NET_LOC_FMRI
500 fi
501 ;;
502
503 'start')
504 # The real daemon is not started in a shared stack zone. But we need to
505 # create a dummy background process to preserve contract lifetime.
506 smf_configure_ip
507 if [ $? = "1" ] ; then
508 $RM -f $VOL_NWAM_PATH/nwam_blocked
509 $MKFIFO $VOL_NWAM_PATH/nwam_blocked
510 ($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
511 exit $SMF_EXIT_OK
512 fi
513
514 #
515 # Enable network/location.
516 #
517 if service_exists $NET_LOC_FMRI ; then
518 $SVCADM enable -t $NET_LOC_FMRI
519 fi
520
521 if smf_is_globalzone; then
522 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
523
524 # Update PVID on interfaces configured with VLAN 1
525 update_pvid
526
527 #
528 # Upgrade handling. The upgrade file consists of a series
529 # of dladm(1M) commands. Note that after we are done, we
530 # cannot rename the upgrade script file as the file system
531 # is still read-only at this point. Defer this to the
532 # manifest-import service.
533 #
534 upgrade_script=/var/svc/profile/upgrade_datalink
535 if [ -f "${upgrade_script}" ]; then
536 . "${upgrade_script}"
537 fi
538
539 #
540 # Upgrade handling for ibd:
541 # After we are done with the upgrade handling, we can not set
542 # the ibd/ibd_upgraded property to "true" as the file system is
543 # read-only at this point. It will be done later by
544 # ibd-post-upgrade service.
545 #
546 if [ -x /sbin/ibd_upgrade ]; then
547 ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
548 svc:/network/physical:default 2> /dev/null`
549 if [ "$ibd_upgraded" != "true" ]; then
550 /sbin/ibd_upgrade -v
551 fi
552 fi
553
554 # Bring up simnet instances
555 /sbin/dladm up-simnet
556 # Initialize security objects.
557 /sbin/dladm init-secobj
558
559 #
560 # Initialize VNICs, VLANs and flows. Though they are brought
561 # up here, NWAM will not automatically manage VNICs and VLANs.
562 #
563 /sbin/dladm up-vnic
564 /sbin/dladm up-vlan
565 /sbin/dladm up-part
566 /sbin/dladm up-aggr
567 /sbin/flowadm init-flow
568 fi
569
570 #
571 # We also need to create the Legacy location, which is used
572 # to restore non-NWAM settings that are overwritten when
573 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
574 #
575 $NWAMCFG list loc Legacy >/dev/null 2>&1
576 if [ $? -eq 1 ]; then
577 create_legacy_loc
578 fi
579
580 # start nwamd in foreground; it will daemonize itself
581 if /lib/inet/nwamd ; then
582 exit $SMF_EXIT_OK
583 else
584 exit $SMF_EXIT_ERR_FATAL
585 fi
586 ;;
587
588 'stop')
589 # We need to make the dummy process we created above stop.
590 smf_configure_ip
591 if [ $? = "1" ] ; then
592 echo "stop" > $VOL_NWAM_PATH/nwam_blocked
593 exit $SMF_EXIT_OK
594 fi
595
596 /usr/bin/pkill -z `smf_zonename` nwamd
597
598 #
599 # Restore the non-NWAM settings.
600 #
601 $NWAMCFG list loc Legacy >/dev/null 2>&1
602 if [ $? -eq 1 ]; then
603 echo "No Legacy location to revert to!"
604 exit $SMF_EXIT_OK
605 fi
606 revert_to_legacy_loc
607 # remove the location property group
608 $SVCCFG -s $NET_LOC_FMRI delpg location
609 ;;
610
611 '-u')
612 # After we run this part of the script upon the next reboot
613 # network/physical:default will be enabled and
614 # network/physical:nwam will be disabled.
615 # There are various other parts of the system (nscd, nfs) that
616 # depend on continuing to have a working network. For this
617 # reason we don't change the network configuration immediately.
618 #
619 # Disable network/physical temporarily and make sure that will
620 # be enabled on reboot.
621 $SVCADM disable -st $NET_PHYS_FMRI
622 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
623
624 # If nwam is online then make sure that it's temporarily enabled.
625 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
626 if [ $? -eq 0 ]; then
627 set -- $nwam_online
628 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
629 fi
630
631 # Set nwam so that it won't be enabled upon reboot.
632 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
633 exit 0
634 ;;
635
636 '-c')
637 # Nothing to do for sysidtool
638 exit 0
639 ;;
640
641 *)
642 echo "Usage: $0 { start | stop | refresh }"
643 exit $SMF_EXIT_ERR_FATAL
644 ;;
645 esac
646 exit $SMF_EXIT_OK