1 #!/sbin/sh
   2 #
   3 # CDDL HEADER START
   4 #
   5 # The contents of this file are subject to the terms of the
   6 # Common Development and Distribution License (the "License").
   7 # You may not use this file except in compliance with the License.
   8 #
   9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10 # or http://www.opensolaris.org/os/licensing.
  11 # See the License for the specific language governing permissions
  12 # and limitations under the License.
  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 #
  23 # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
  24 #
  25 
  26 . /lib/svc/share/smf_include.sh
  27 . /lib/svc/share/net_include.sh
  28 
  29 # FMRI consts
  30 AUTOFS_FMRI="svc:/system/filesystem/autofs"
  31 DNS_CLIENT_FMRI="svc:/network/dns/client"
  32 IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
  33 IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
  34 IPFILTER_FMRI="svc:/network/ipfilter:default"
  35 LDAP_CLIENT_FMRI="svc:/network/ldap/client"
  36 LOCATION_FMRI="svc:/network/location:default"
  37 MAPID_FMRI="svc:/network/nfs/mapid:default"
  38 NIS_CLIENT_FMRI="svc:/network/nis/client"
  39 NWAM_FMRI="svc:/network/physical:nwam"
  40 
  41 # commands
  42 CP=/usr/bin/cp
  43 DHCPINFO=/sbin/dhcpinfo
  44 DOMAINNAME=/usr/bin/domainname
  45 GREP=/usr/bin/grep
  46 LDAPCLIENT=/usr/sbin/ldapclient
  47 MKDIR=/usr/bin/mkdir
  48 MV=/usr/bin/mv
  49 NAWK=/usr/bin/nawk
  50 NWAMADM=/usr/sbin/nwamadm
  51 NWAMCFG=/usr/sbin/nwamcfg
  52 RM=/usr/bin/rm
  53 SED=/usr/bin/sed
  54 SVCADM=/usr/sbin/svcadm
  55 SVCCFG=/usr/sbin/svccfg
  56 SVCPROP=/usr/bin/svcprop
  57 TOUCH=/usr/bin/touch
  58 
  59 # Path to directories
  60 ETC_DEFAULT_DOMAIN=/etc/defaultdomain
  61 NIS_BIND_PATH=/var/yp/binding
  62 LEGACY_LOC_PATH=/etc/nwam/loc/Legacy
  63 USER_LOC_PATH=/etc/nwam/loc/User
  64 SCRIPT_PATH=/etc/svc/volatile/nwam
  65 
  66 #
  67 # echoes DHCP controlled interfaces separated by commas
  68 #
  69 # Don't parse the output of ifconfig(1M) because interfaces that haven't
  70 # acquired a DHCP lease also have the DHCP flag set.
  71 #
  72 get_dhcp_interfaces () {
  73         #
  74         # 1. parse netstat(1M) output for v4 interfaces in BOUND
  75         #    or INFORMATION state
  76         # 2. make a space-separated list of interface names
  77         #
  78         netstat -D -f inet | $NAWK '
  79             $2 ~ /BOUND/ { printf "%s ", $1 }
  80             $2 ~ /INFORMATION/ { printf "%s ", $1 }'
  81 }
  82 
  83 #
  84 # get_dhcpinfo <code/identifier>
  85 #
  86 # echoes the value received through each interface controlled by DHCP;
  87 # multiple values are echoed as a space-separated list
  88 #
  89 # returns:
  90 #       0 => property is set
  91 #       1 => property is not set
  92 #
  93 get_dhcpinfo () {
  94         code=$1
  95 
  96         # Get all interfaces with DHCP control, IFS is " "
  97         interfaces=`get_dhcp_interfaces`
  98 
  99         info=""
 100         for intf in $interfaces; do
 101                 val=`$DHCPINFO -i $intf $code`
 102                 if [ $? -eq 0 ]; then
 103                         if [ "$info" = "" ]; then
 104                                 info="$val"
 105                         else
 106                                 info="$info $val"
 107                         fi
 108                 fi
 109         done
 110         echo $info
 111 }
 112 
 113 #
 114 # set_smf_prop <fmri> <property name> <property value>
 115 #
 116 set_smf_prop () {
 117         $SVCCFG -s $1 setprop $2 = astring: "$3" && return
 118 }
 119 
 120 #
 121 # refresh_svc <fmri>
 122 #
 123 # Refreshes the service.
 124 #
 125 refresh_svc () {
 126         $SVCADM refresh $1
 127 }
 128 
 129 #
 130 # restart_svc <fmri>
 131 #
 132 # Restarts the service.
 133 #
 134 restart_svc () {
 135         $SVCADM restart $1
 136 }
 137 
 138 #
 139 # start_svc <fmri>
 140 #
 141 # Starts the service.  If the service is already enabled, restarts it.  If
 142 # it is not enabled, temporarily enables it.
 143 #
 144 start_svc () {
 145         if service_is_enabled $1; then
 146                 $SVCADM restart $1
 147         else
 148                 $SVCADM enable -t $1
 149         fi
 150 }
 151 
 152 #
 153 # stop_svc <fmri>
 154 #
 155 # Temporarily disables the service.
 156 #
 157 stop_svc () {
 158         $SVCADM disable -t $1
 159 }
 160 
 161 #
 162 # copy_default <dir> <file>
 163 #
 164 # Copies <dir>/<file>.dfl to <dir>/<file>
 165 #
 166 copy_default () {
 167         $CP -p $1/$2.dfl $1/$2
 168 }
 169 
 170 #
 171 # do_dns <location>
 172 #
 173 # Installs DNS information on /etc/resolv.conf for location
 174 #
 175 # Returns 0 on success, 1 on failure
 176 #
 177 do_dns () {
 178         loc=$1
 179         file=/etc/resolv.conf
 180 
 181         # Write out to temporary file first
 182         $TOUCH $file.$$
 183 
 184         DNS_CONFIGSRC=`nwam_get_loc_list_prop $loc dns-nameservice-configsrc`
 185         if [ -z "$DNS_CONFIGSRC" ]; then
 186                 echo "missing 'dns-nameservice-configsrc' property for '$loc'"
 187                 return 1
 188         fi
 189 
 190         for configsrc in $DNS_CONFIGSRC; do
 191                 case "$configsrc" in
 192                 'manual')
 193                         DNS_SERVERS=`nwam_get_loc_list_prop $loc \
 194                             dns-nameservice-servers`
 195                         if [ -z "$DNS_SERVERS" ]; then
 196                                 echo "DNS nameserver not set for '$loc'"
 197                                 return 1
 198                         fi
 199                         DNS_DOMAIN=`nwam_get_loc_prop $loc \
 200                             dns-nameservice-domain`
 201                         DNS_SEARCH=`nwam_get_loc_list_prop $loc \
 202                             dns-nameservice-search`
 203                         ;;
 204                 'dhcp')
 205                         DNS_SEARCH=`get_dhcpinfo DNSdmain`
 206                         DNS_SERVERS=`get_dhcpinfo DNSserv`
 207                         # Use first search list entry as default domain
 208                         set -- $DNS_SEARCH
 209                         DNS_DOMAIN=$1
 210                         ;;
 211                 '*')
 212                         echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
 213                         ;;
 214                 esac
 215 
 216                 # Write DNS settings
 217                 if [ -n "$DNS_DOMAIN" ]; then
 218                         echo "$DNS_DOMAIN" | $NAWK \
 219                             '{ for (i = 1; i <= NF; i++) \
 220                             print "domain ", $i }' >> $file.$$
 221                 fi
 222                 if [ -n "$DNS_SEARCH" ]; then
 223                         echo "$DNS_SEARCH" | $NAWK \
 224                             '{ printf("search"); \
 225                             for (i = 1; i <= NF; i++) printf(" %s", $i); \
 226                             printf("\n") }' >> $file.$$
 227                 fi
 228                 if [ -n "$DNS_SERVERS" ]; then
 229                         echo "$DNS_SERVERS" | $NAWK \
 230                             '{ for (i = 1; i <= NF; i++) \
 231                             print "nameserver ", $i }' >> $file.$$
 232                 fi
 233         done    
 234 
 235         # Finally, copy our working version to the real thing
 236         $MV -f $file.$$ $file
 237         start_svc $DNS_CLIENT_FMRI
 238 
 239         return 0
 240 }
 241 
 242 #
 243 # do_nis <location>
 244 #
 245 # Installs NIS information on /var/yp/binding/ for location
 246 #
 247 # Returns 0 on success, 1 on failure
 248 #
 249 do_nis () {
 250         loc=$1
 251 
 252         NIS_CONFIGSRC=`nwam_get_loc_list_prop $loc nis-nameservice-configsrc`
 253         if [ -z "$NIS_CONFIGSRC" ]; then
 254                 echo "missing 'nis-nameservice-configsrc' property for '$loc'"
 255                 return 1
 256         fi
 257 
 258         for configsrc in $NIS_CONFIGSRC; do
 259                 case "$configsrc" in
 260                 'manual')
 261                         NIS_SERVERS=`nwam_get_loc_list_prop $loc \
 262                             nis-nameservice-servers`
 263                         DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
 264                         # user-specified default-domain always wins
 265                         if [ -n "$DEFAULT_DOMAIN" ]; then
 266                                 $DOMAINNAME $DEFAULT_DOMAIN
 267                                 $DOMAINNAME > $ETC_DEFAULT_DOMAIN
 268                         else
 269                                 echo "'domainname' not set for '$loc'"
 270                                 return 1
 271                         fi
 272                         ;;
 273                 'dhcp')
 274                         # Use only the first name
 275                         DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
 276                             $NAWK '{ print $1 }'`
 277                         NIS_SERVERS=`get_dhcpinfo NISservs`
 278                         $DOMAINNAME $DEFAULT_DOMAIN
 279                         $DOMAINNAME > $ETC_DEFAULT_DOMAIN
 280                         ;;
 281                 '*')
 282                         echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
 283                         ;;
 284                 esac
 285 
 286                 # Place NIS settings in appropriate directory/file.
 287                 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
 288                         $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
 289                 fi
 290                 if [ -n "$NIS_SERVERS" ]; then
 291                         echo "$NIS_SERVERS" | $NAWK \
 292                             '{ for (i = 1; i <= NF; i++) print $i }' \
 293                             > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
 294                 fi
 295         done
 296 
 297         start_svc $NIS_CLIENT_FMRI
 298 
 299         return 0
 300 }
 301 
 302 #
 303 # do_ldap <location>
 304 #
 305 # Installs LDAP information using ldapclient(1M) for location
 306 #
 307 # Returns 0 on success, 1 on failure
 308 #
 309 do_ldap () {
 310         loc=$1
 311 
 312         LDAP_CONFIGSRC=`nwam_get_loc_list_prop $loc ldap-nameservice-configsrc`
 313         if [ -z "$LDAP_CONFIGSRC" ]; then
 314                 echo "missing 'ldap-nameservice-configsrc' property for '$loc'"
 315                 return 1
 316         fi
 317 
 318         for configsrc in $LDAP_CONFIGSRC; do
 319                 case "$configsrc" in
 320                 'manual')
 321                         LDAP_SERVERS=`nwam_get_loc_list_prop $loc \
 322                             ldap-nameservice-servers`
 323                         DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
 324                         if [ -z $LDAP_SERVERS -o -z $DEFAULT_DOMAIN ]; then
 325                                 echo "LDAP configuration could not be set "\
 326                                     "for '$loc'"
 327                                 return 1
 328                         fi
 329                         $DOMAINNAME $DEFAULT_DOMAIN
 330                         $DOMAINNAME > $ETC_DEFAULT_DOMAIN
 331                         ;;
 332                 '*')
 333                         echo "Invalid LDAP configsrc ${configsrc}; ignoring"
 334                         ;;
 335                 esac
 336 
 337                 # Use ldapclient(1M) to initialize LDAP client settings.
 338                 if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
 339                         $LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
 340                             $LDAP_SERVERS
 341                 fi
 342         done
 343 
 344         start_svc $LDAP_CLIENT_FMRI
 345 
 346         return 0
 347 }
 348 
 349 #
 350 # do_ns <location>
 351 #
 352 # Installs different nameservices for location 
 353 #
 354 # Returns 0 on success, 1 on failure
 355 #
 356 do_ns () {
 357         loc=$1
 358 
 359         #
 360         # Disable nameservices temporarily while we reconfigure.  Copy
 361         # /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
 362         # are used.
 363         #
 364         $CP -p /etc/nsswitch.files /etc/nsswitch.conf
 365         stop_svc $DNS_CLIENT_FMRI
 366         stop_svc $NIS_CLIENT_FMRI
 367         stop_svc $LDAP_CLIENT_FMRI
 368 
 369         #
 370         # Remove /etc/defaultdomain and unset domainname(1M).  If NIS
 371         # and/or LDAP is configured, they will create /etc/defaultdomain
 372         # and set the domainname(1M).
 373         #
 374         $RM -f $ETC_DEFAULT_DOMAIN
 375         $DOMAINNAME " "
 376 
 377         NAMESERVICES=`nwam_get_loc_list_prop $loc nameservices`
 378         if [ -z "$NAMESERVICES" ]; then
 379                 echo "missing 'nameservices' property for location '$loc'"
 380                 return 1
 381         fi
 382 
 383         NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
 384             $loc nameservices-config-file`
 385         if [ -z "$NAMESERVICES_CONFIG_FILE" ]; then
 386                 echo "missing 'nameservices-config-file' property for '$loc'"
 387                 return 1
 388         fi
 389         $CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
 390 
 391         for ns in $NAMESERVICES; do
 392                 case "$ns" in
 393                 'files')
 394                         # no additional setup needed for files nameservice
 395                         ;;
 396                 'dns')
 397                         do_dns $loc || return 1
 398                         ;;
 399                 'nis')
 400                         do_nis $loc || return 1
 401                         ;;
 402                 'ldap')
 403                         do_ldap $loc || return 1
 404                         ;;
 405                 '*')
 406                         echo "Unrecognized nameservices value ${ns}; ignoring"
 407                         ;;
 408                 esac
 409         done
 410 
 411         #
 412         # Restart other related services
 413         #
 414         # We explicitly restart here, as restart will only have an
 415         # effect if the service is already enabled.  We don't want
 416         # to enable the service if it's currently disabled.
 417         #
 418         restart_svc $AUTOFS_FMRI
 419 
 420         return 0
 421 }
 422 
 423 #
 424 # do_sec <location>
 425 #
 426 # If config properties are set, update the SMF property and refresh the
 427 # service.  If config properties are not set, delete the SMF property and
 428 # stop the service.
 429 #
 430 # Returns 0 on success, 1 on failure
 431 #
 432 do_sec () {
 433         loc=$1
 434 
 435         ike_file=`nwam_get_loc_prop $loc ike-config-file`
 436         pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
 437         ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
 438         ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
 439         ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
 440         ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
 441 
 442         # IKE
 443         if [ -n "$ike_file" ]; then
 444                 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
 445                 refresh_svc $IPSEC_IKE_FMRI
 446                 start_svc $IPSEC_IKE_FMRI
 447         else
 448                 stop_svc $IPSEC_IKE_FMRI
 449         fi
 450 
 451         # IPsec
 452         if [ -n "$pol_file" ]; then
 453                 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
 454                 refresh_svc $IPSEC_POLICY_FMRI
 455                 start_svc $IPSEC_POLICY_FMRI
 456         else
 457                 stop_svc $IPSEC_POLICY_FMRI
 458         fi
 459 
 460         # IPFilter
 461         refresh_ipf=false
 462         if [ -n "$ipf_file" ]; then
 463                 if [ "$ipf_file" = "/none" ]; then
 464                         set_smf_prop $IPFILTER_FMRI \
 465                             firewall_config_default/policy "none"
 466                 elif [ "$ipf_file" = "/deny" ]; then
 467                         set_smf_prop $IPFILTER_FMRI \
 468                             firewall_config_default/policy "deny"
 469                 elif [ "$ipf_file" = "/allow" ]; then
 470                         set_smf_prop $IPFILTER_FMRI \
 471                             firewall_config_default/policy "allow"
 472                 else
 473                         # custom policy with policy file
 474                         set_smf_prop $IPFILTER_FMRI \
 475                             firewall_config_default/policy "custom"
 476                         set_smf_prop $IPFILTER_FMRI \
 477                             firewall_config_default/custom_policy_file $ipf_file
 478                 fi
 479                 refresh_ipf=true
 480         else
 481                 # change policy to "none", no need to clear custom_policy_file
 482                 set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
 483                     "none"
 484                 # IPFilter has to be refreshed to make the changes effective.
 485                 # Don't set $refresh_ipf as it keeps IPFilter online rather
 486                 # than disabled.  Refresh after IPFilter is disabled below.
 487         fi
 488         if [ -n "$ipf6_file" ]; then
 489                 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
 490                 refresh_ipf=true
 491         fi
 492         if [ -n "$ipnat_file" ]; then
 493                 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
 494                 refresh_ipf=true
 495         fi
 496         if [ -n "$ippool_file" ]; then
 497                 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
 498                     $ippool_file
 499                 refresh_ipf=true
 500         fi
 501 
 502         if [ "$refresh_ipf" = "true" ]; then
 503                 refresh_svc $IPFILTER_FMRI
 504                 start_svc $IPFILTER_FMRI
 505         else
 506                 stop_svc $IPFILTER_FMRI
 507                 refresh_svc $IPFILTER_FMRI
 508         fi
 509 
 510         return 0
 511 }
 512 
 513 #
 514 # do_nfsv4 <location>
 515 #
 516 # Updates NFSv4 domain for location in SMF
 517 #
 518 # Returns 0 on success, 1 on failure
 519 #
 520 do_nfsv4 () {
 521         loc=$1
 522 
 523         nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
 524         if [ $? -eq 0 ]; then
 525                 set_smf_prop $MAPID_FMRI \
 526                     nfs-props/nfsmapid_domain $nfsv4domain
 527                 start_svc $MAPID_FMRI
 528         else
 529                 stop_svc $MAPID_FMRI
 530         fi
 531 
 532         return 0
 533 }
 534 
 535 #
 536 # activate_loc <location>
 537 #
 538 # Activates the given location
 539 #
 540 # Returns 0 on success, 1 on failure
 541 #
 542 activate_loc () {
 543         loc=$1
 544 
 545         echo activating $loc location
 546 
 547         #
 548         # if we fail to complete any part of the config,
 549         # stop activation work and report failure.
 550         #
 551         do_sec $loc && do_ns $loc && do_nfsv4 $loc && return 0
 552         return 1
 553 }
 554 
 555 #
 556 # Script entry point
 557 #
 558 # Arguments to net-loc are
 559 #       method ('start' or 'refresh')
 560 
 561 #
 562 # If nwam is not enabled, do nothing and return OK.
 563 #
 564 service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
 565 
 566 #
 567 # In a shared-IP zone we need this service to be up, but all of the work
 568 # it tries to do is irrelevant (and will actually lead to the service
 569 # failing if we try to do it), so just bail out.
 570 # In the global zone and exclusive-IP zones we proceed.
 571 #
 572 smf_configure_ip || exit $SMF_EXIT_OK
 573 
 574 case "$1" in
 575 
 576 'start')
 577         #
 578         # We need to create the default (NoNet and Automatic)
 579         # locations, if they don't already exist.  So: first check
 580         # for the existence of each, and then run the appropriate
 581         # nwamcfg script(s) as needed. Restart nwamd if a location is
 582         # created, as it needs to read it in.
 583         #
 584         LOC_CREATED="false"
 585         $NWAMCFG list loc Automatic >/dev/null 2>&1
 586         if [ $? -eq 1 ]; then
 587                 $NWAMCFG -f /etc/nwam/loc/create_loc_auto
 588                 LOC_CREATED="true"
 589         fi
 590 
 591         $NWAMCFG list loc NoNet >/dev/null 2>&1
 592         if [ $? -eq 1 ]; then
 593                 NONETPATH=/etc/nwam/loc/NoNet
 594                 NONETFILES="ipf.conf ipf6.conf"
 595                 for file in $NONETFILES; do
 596                         copy_default $NONETPATH $file
 597                 done
 598                 $NWAMCFG -f /etc/nwam/loc/create_loc_nonet
 599                 LOC_CREATED="true"
 600         fi
 601 
 602         if [ "$LOC_CREATED" = "true" ]; then
 603                 refresh_svc $NWAM_FMRI
 604         fi
 605 
 606         # location selection/activation happens below
 607         ;;
 608 
 609 'refresh')
 610 
 611         # location selection/activation happens below
 612         ;;
 613 
 614 *)
 615         echo "Usage: $0 start|refresh"
 616         exit 1
 617         ;;
 618 
 619 esac
 620 
 621 #
 622 # If the Legacy location doesn't exist and the file to create the Legacy
 623 # location exists, create the Legacy location.  Make a copy of it as the user's
 624 # intentions before upgrade.  Then activate the User location if nis is
 625 # involved.  Because NIS affects more parts of the system (e.g. automounts) we
 626 # are not willing to make NIS part of the Automatic location (i.e. enable it
 627 # automatically based on external input) as we do with DHCP-driven DNS.
 628 #
 629 activate_user_loc=0
 630 $NWAMCFG list loc Legacy >/dev/null 2>&1
 631 if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
 632         #
 633         # We built the script in and pointing to /etc/svc/volatile because we
 634         # may not have a writable filesystem in net-nwam.  So here we move the
 635         # components and rewrite the script to point at the writable filesystem.
 636         #
 637         $CP -r $SCRIPT_PATH/Legacy /etc/nwam/loc
 638         $MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
 639         $SED -e's,$SCRIPT_PATH/Legacy,$LEGACY_LOC_PATH,' \
 640             $SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
 641         $RM -f $SCRIPT_PATH/vcreate_loc_legacy
 642         $NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
 643         loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
 644             2>/dev/null`
 645         if [ $? -eq 1 ]; then
 646                 #
 647                 # We are rewriting configuration variables from the Legacy
 648                 # location to the User location.  Use variable ULP to keep REs
 649                 # within a line.
 650                 #
 651                 ULP=$USER_LOC_PATH
 652                 $SED -e's,Legacy,User,' \
 653                     -e's,activation-mode=system,activation-mode=manual,' \
 654                     -e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
 655                     -e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
 656                     -e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
 657                     -e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
 658                     -e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
 659                     -e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
 660                     $SCRIPT_PATH/create_loc_legacy | \
 661                         $SED -e's,/etc/nwam/loc/User/none,/none,' \
 662                         -e's,/etc/nwam/loc/User/allow,/allow,' \
 663                         -e's,/etc/nwam/loc/User/deny,/deny,' \
 664                         >$SCRIPT_PATH/create_loc_user
 665                 #
 666                 # We are creating the User location here.  The User location
 667                 # is an appromixation of the machine configuration when the
 668                 # user change or upgraded to this version of NWAM.  First
 669                 # we make sure there isn't an existing User location or any
 670                 # existing User location data.  We then copy all the data
 671                 # from the Legacy location and create a location pointing at
 672                 # that data.  Lastly we create a version property to note
 673                 # that we have done this.
 674                 #
 675                 $NWAMCFG destroy loc User 2>/dev/null
 676                 $RM -rf $USER_LOC_PATH
 677                 $CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
 678                 $RM -f $USER_LOC_PATH/resolv.conf
 679                 $NWAMCFG -f $SCRIPT_PATH/create_loc_user
 680                 # The User location is activated if 'nis' is in a non comment
 681                 # line of nsswitch.conf.
 682                 $GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
 683                     $SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
 684                 if [ $? -eq 0 ]; then
 685                         activate_user_loc=1
 686                 fi
 687                 $SVCCFG -s $SMF_FMRI addpg location_upgrade application \
 688                     2>/dev/null
 689                 $SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
 690                     astring: "1"
 691         fi
 692 fi
 693 
 694 #
 695 # Activate a location.  If we've just finished upgrading, and
 696 # the User location should be activated, do that (and use nwamadm
 697 # to do so, so the enabled property gets set and nwamd knows this
 698 # selection has been made).  Otherwise, if our location/selected
 699 # property has a value, we activate that location; else we activate
 700 # the NoNet location as a default value.
 701 #
 702 if [ $activate_user_loc -eq 1 ]; then
 703         $NWAMADM enable -p loc User
 704 else
 705         sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
 706         if [ $? -eq 1 ]; then
 707                 # location hasn't been selected; default to NoNet
 708                 activate_loc NoNet
 709         else
 710                 #
 711                 # If the selected location does not exist, or if we fail
 712                 # to activate it completely, we fall back to the NoNet
 713                 # location.  Also poke nwamd, so it will check conditions
 714                 # for a better choice.
 715                 #
 716                 $NWAMCFG list loc $sel_loc >/dev/null 2>&1
 717                 if [ $? -eq 1 ]; then
 718                         echo "location '$sel_loc' doesn't exist"
 719                         activate_loc NoNet
 720                         refresh_svc $NWAM_FMRI
 721                 else
 722                         # activate selected location
 723                         if ! activate_loc $sel_loc; then
 724                                 echo "failed to activate '$sel_loc'"
 725                                 activate_loc NoNet
 726                                 refresh_svc $NWAM_FMRI
 727                         fi
 728                 fi
 729         fi
 730 fi
 731 
 732 exit $SMF_EXIT_OK