1 #!/sbin/sh 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 # 23 # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24 # Copyright 2012 Milan Jurik. All rights reserved. 25 # 26 27 . /lib/svc/share/smf_include.sh 28 . /lib/svc/share/net_include.sh 29 30 # FMRI constants 31 IPSEC_IKE_FMRI="svc:/network/ipsec/ike" 32 IPSEC_POLICY_FMRI="svc:/network/ipsec/policy" 33 IPFILTER_FMRI="svc:/network/ipfilter:default" 34 NIS_CLIENT_FMRI="svc:/network/nis/client:default" 35 NET_PHYS_FMRI="svc:/network/physical:default" 36 NET_NWAM_FMRI="svc:/network/physical:nwam" 37 NET_LOC_FMRI="svc:/network/location:default" 38 NFS_MAPID_FMRI="svc:/network/nfs/mapid:default" 39 40 # 41 # Default *.conf files 42 # Set appropriate config SMF property to these files when NWAM is stopped 43 # and corresponding config properties in the Legacy location are emtpy 44 # 45 IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf 46 IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf 47 IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf 48 IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config 49 IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf 50 51 # commands 52 BASENAME=/usr/bin/basename 53 CAT=/usr/bin/cat 54 CP=/usr/bin/cp 55 DOMAINNAME=/usr/bin/domainname 56 GREP=/usr/bin/grep 57 LDAPCLIENT=/usr/sbin/ldapclient 58 MKDIR=/usr/bin/mkdir 59 MKFIFO=/usr/bin/mkfifo 60 NAWK=/usr/bin/nawk 61 NWAMCFG=/usr/sbin/nwamcfg 62 RM=/usr/bin/rm 63 SVCADM=/usr/sbin/svcadm 64 SVCCFG=/usr/sbin/svccfg 65 SVCPROP=/usr/bin/svcprop 66 67 # Path to directories 68 # We don't have a writable file system so we write to /etc/svc/volatile and 69 # then later copy anything interesting to /etc/nwam. 70 VOL_NWAM_PATH=/etc/svc/volatile/nwam 71 VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy 72 PERM_LEGACY_PATH=/etc/nwam/loc/Legacy 73 NIS_BIND_PATH=/var/yp/binding 74 75 # 76 # copy_to_legacy_loc <file> 77 # 78 # Copies the file to the Legacy location directory 79 # (in /etc/svc/volatile/nwam/Legacy) 80 # 81 copy_to_legacy_loc() { 82 $MKDIR -p $VOL_LEGACY_PATH 83 if [ -f "$1" ]; then 84 $CP -p $1 $VOL_LEGACY_PATH 85 fi 86 } 87 88 # 89 # copy_from_legacy_loc <destination file> 90 # 91 # Copies file with the same name from Legacy location 92 # (in /etc/nwam/loc/Legacy) to the given destination file 93 # 94 copy_from_legacy_loc () { 95 DEST_DIR=`/usr/bin/dirname $1` 96 SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`" 97 98 # Make destination directory if needed 99 if [ ! -d "$DEST_DIR" ]; then 100 $MKDIR -p $DEST_DIR 101 fi 102 103 if [ -f "$SRC_FILE" ]; then 104 $CP -p $SRC_FILE $DEST_DIR 105 fi 106 } 107 108 # 109 # write_loc_prop <property> <value> <file> 110 # 111 # Appends to <file> a nwamcfg command to set <property> to <value> if non-empty 112 # 113 write_loc_prop () { 114 prop=$1 115 val=$2 116 file=$3 117 118 if [ -n "$val" -a -n "$file" ]; then 119 echo "set $prop=$val" >> $file 120 fi 121 } 122 123 # 124 # set_smf_prop <fmri> <property name> <property value> 125 # 126 set_smf_prop () { 127 $SVCCFG -s $1 setprop $2 = astring: "$3" && return 128 } 129 130 # 131 # get_smf_prop <fmri> <property name> 132 # 133 get_smf_prop () { 134 $SVCPROP -p $2 $1 135 } 136 137 # 138 # Creates Legacy location from the current configuration 139 # 140 create_legacy_loc () { 141 CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy 142 143 # 144 # Write nwamcfg commands to create Legacy location to 145 # $CREATE_LOC_LEGACY_FILE as values for properties are determined 146 # Note that some of the *_CONFIG_FILE variables point at copies of 147 # files we've made and others indicate where those copies should be 148 # if we are enabling the location. 149 # 150 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE 151 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE 152 153 NAMESERVICES="" 154 NAMESERVICES_CONFIG_FILE="" 155 DNS_NAMESERVICE_CONFIGSRC="" 156 DNS_NAMESERVICE_DOMAIN="" 157 DNS_NAMESERVICE_SERVERS="" 158 DNS_NAMESERVICE_SEARCH="" 159 NIS_NAMESERVICE_CONFIGSRC="" 160 NIS_NAMESERVICE_SERVERS="" 161 LDAP_NAMESERVICE_CONFIGSRC="" 162 LDAP_NAMESERVICE_SERVERS="" 163 DEFAULT_DOMAIN="" 164 165 # Copy /etc/nsswitch.conf file 166 copy_to_legacy_loc /etc/nsswitch.conf 167 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf" 168 169 # Gather DNS info from resolv.conf if present. 170 if [ -f /etc/resolv.conf ]; then 171 NAMESERVICES="dns," 172 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null 173 if [ $? -eq 0 ]; then 174 DNS_NAMESERVICE_CONFIGSRC="dhcp" 175 else 176 DNS_NAMESERVICE_CONFIGSRC="manual" 177 DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\ 178 print $2 }' < /etc/resolv.conf` 179 DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \ 180 { printf "%s,", $2 }' < /etc/resolv.conf` 181 DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \ 182 { printf "%s,", $2 }' < /etc/resolv.conf` 183 copy_to_legacy_loc /etc/resolv.conf 184 fi 185 fi 186 187 # Gather NIS info from appropriate file if present. 188 if service_is_enabled $NIS_CLIENT_FMRI; then 189 NAMESERVICES="${NAMESERVICES}nis," 190 NIS_NAMESERVICE_CONFIGSRC="manual" 191 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 192 193 yp_servers=`$NAWK '{ printf "%s ", $1 }' \ 194 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers` 195 for serv in $yp_servers; do 196 if is_valid_addr $serv; then 197 addr="$serv," 198 else 199 addr=`$GREP -iw $serv /etc/inet/hosts | \ 200 $NAWK '{ printf "%s,", $1 }'` 201 fi 202 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr" 203 done 204 fi 205 206 # Gather LDAP info via ldapclient(1M). 207 if [ -f /var/ldap/ldap_client_file ]; then 208 copy_to_legacy /var/ldap/ldap_client_file 209 NAMESERVICES="${NAMESERVICES}ldap," 210 LDAP_NAMESERVICE_CONFIGSRC="manual" 211 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \ 212 $NAWK '$1 == "preferredServerList:" { print $2 }'` 213 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 214 fi 215 216 # Now, write nwamcfg commands for nameservices 217 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE 218 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \ 219 $CREATE_LOC_LEGACY_FILE 220 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \ 221 $CREATE_LOC_LEGACY_FILE 222 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \ 223 $CREATE_LOC_LEGACY_FILE 224 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \ 225 $CREATE_LOC_LEGACY_FILE 226 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \ 227 $CREATE_LOC_LEGACY_FILE 228 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \ 229 $CREATE_LOC_LEGACY_FILE 230 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \ 231 $CREATE_LOC_LEGACY_FILE 232 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\ 233 $CREATE_LOC_LEGACY_FILE 234 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \ 235 $CREATE_LOC_LEGACY_FILE 236 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE 237 238 # Retrieve NFSv4 domain from SMF. 239 if service_is_enabled $NFS_MAPID_FMRI; then 240 NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \ 241 nfs-props/nfsmapid_domain` 242 write_loc_prop "nfsv4-domain" \ 243 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE 244 fi 245 246 IPF_CONFIG_FILE="" 247 IPF6_CONFIG_FILE="" 248 IPNAT_CONFIG_FILE="" 249 IPPOOL_CONFIG_FILE="" 250 IKE_CONFIG_FILE="" 251 IPSEC_POLICY_CONFIG_FILE="" 252 253 # 254 # IPFilter 255 # 256 # If the firewall policy is "custom", simply copy the 257 # custom_policy_file. If the firewall policy is "none", "allow" or 258 # "deny", save the value as "/<value>". When reverting back to the 259 # Legacy location, these values will have to be treated as special. 260 # 261 # For all configuration files, copy them to the Legacy directory. 262 # Use the respective properties to remember the original locations 263 # of the files so that they can be copied back there when NWAM is 264 # stopped. 265 # 266 if service_is_enabled $IPFILTER_FMRI; then 267 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \ 268 firewall_config_default/policy` 269 if [ "$FIREWALL_POLICY" = "custom" ]; then 270 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 271 firewall_config_default/custom_policy_file` 272 copy_to_legacy_loc $IPF_CONFIG_FILE 273 else 274 # save value as /none, /allow, or /deny 275 IPF_CONFIG_FILE="/$FIREWALL_POLICY" 276 fi 277 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 278 config/ipf6_config_file` 279 copy_to_legacy_loc $IPF6_CONFIG_FILE 280 281 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 282 config/ipnat_config_file` 283 copy_to_legacy_loc $IPNAT_CONFIG_FILE 284 285 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 286 config/ippool_config_file` 287 copy_to_legacy_loc $IPPOOL_CONFIG_FILE 288 fi 289 290 # IKE 291 if service_is_enabled $IPSEC_IKE_FMRI:default; then 292 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file` 293 copy_to_legacy_loc $IKE_CONFIG_FILE 294 fi 295 296 # IPsec 297 if service_is_enabled $IPSEC_POLICY_FMRI:default; then 298 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \ 299 config/config_file` 300 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE 301 fi 302 303 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \ 304 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \ 305 -o -f "$IPF_CONFIG_FILE" \) ]; then 306 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \ 307 $CREATE_LOC_LEGACY_FILE 308 fi 309 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then 310 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \ 311 $CREATE_LOC_LEGACY_FILE 312 fi 313 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then 314 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \ 315 $CREATE_LOC_LEGACY_FILE 316 fi 317 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then 318 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \ 319 $CREATE_LOC_LEGACY_FILE 320 fi 321 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then 322 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \ 323 $CREATE_LOC_LEGACY_FILE 324 fi 325 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ] 326 then 327 write_loc_prop "ipsecpolicy-config-file" \ 328 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE 329 fi 330 331 # End 332 echo "end" >> $CREATE_LOC_LEGACY_FILE 333 # network/location will create the Legacy location with these commands. 334 } 335 336 # 337 # Undoes the effects of the Legacy location creation 338 # 339 revert_to_legacy_loc () { 340 $SVCADM disable dns/client 341 $SVCADM disable nis/client 342 $SVCADM disable ldap/client 343 344 # copy nsswitch.conf to /etc/nsswitch.conf 345 copy_from_legacy_loc /etc/nsswitch.conf 346 347 # DNS - copy resolv.conf to /etc/resolv.conf 348 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then 349 copy_from_legacy_loc /etc/resolv.conf 350 $SVCADM enable dns/client 351 fi 352 353 # set /etc/defaultdomain and domainname(1M) 354 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain` 355 if [ -n "$DEFAULT_DOMAIN" ]; then 356 $DOMAINNAME $DEFAULT_DOMAIN 357 $DOMAINNAME > /etc/defaultdomain 358 fi 359 360 # NIS - directory and ypserver in /var/yp/binding/ 361 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc` 362 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers` 363 if [ -n "$NIS_CONFIGSRC" ]; then 364 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then 365 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN 366 fi 367 if [ -n "$NIS_SERVERS" ]; then 368 echo "$NIS_SERVERS" | $NAWK \ 369 'FS="," { for (i = 1; i <= NF; i++) print $i }' \ 370 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers 371 fi 372 $SVCADM enable nis/client 373 fi 374 375 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file 376 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then 377 copy_from_legacy_loc /var/ldap/ldap_client_file 378 $SVCADM enable ldap/client 379 fi 380 381 # Copy back nfs NFSMAPID_DOMAIN 382 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain` 383 if [ -n "$NFSMAPID_DOMAIN" ]; then 384 set_smf_prop $NFS_MAPID_FMRI \ 385 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN 386 $SVCADM refresh $NFS_MAPID_FMRI 387 $SVCADM enable $NFS_MAPID_FMRI 388 fi 389 390 # IPFilter, IPsec, and IKE 391 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file` 392 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file` 393 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file` 394 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file` 395 ike_file=`nwam_get_loc_prop Legacy ike-config-file` 396 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file` 397 398 if [ -n "$ike_file" ]; then 399 copy_from_legacy_loc $ike_file 400 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file 401 $SVCADM refresh $IPSEC_IKE_FMRI 402 $SVCADM enable $IPSEC_IKE_FMRI 403 else 404 set_smf_prop $IPSEC_IKE_FMRI config/config_file \ 405 $IPSEC_IKE_DEFAULT_CONFIG_FILE 406 $SVCADM disable $IPSEC_IKE_FMRI 407 fi 408 if [ -n "$pol_file" ]; then 409 copy_from_legacy_loc $pol_file 410 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file 411 $SVCADM refresh $IPSEC_POLICY_FMRI 412 $SVCADM enable $IPSEC_POLICY_FMRI 413 else 414 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \ 415 $IPSEC_POLICY_DEFAULT_CONFIG_FILE 416 $SVCADM disable $IPSEC_POLICY_FMRI 417 fi 418 419 refresh_ipf=false 420 if [ -n "$ipf_file" ]; then 421 # change /none, /allow, and /deny to firewall policy 422 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \ 423 -o "$ipf_file" = "/deny" ]; then 424 policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'` 425 set_smf_prop $IPFILTER_FMRI \ 426 firewall_config_default/policy $policy 427 # no need to clear custom_policy_file as it isn't "custom" 428 else 429 copy_from_legacy_loc $ipf_file 430 set_smf_prop $IPFILTER_FMRI \ 431 firewall_config_default/policy "custom" 432 set_smf_prop $IPFILTER_FMRI \ 433 firewall_config_default/custom_policy_file $ipf_file 434 fi 435 refresh_ipf=true 436 fi 437 if [ -n "$ipf6_file" ]; then 438 copy_from_legacy_loc $ipf6_file 439 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file 440 refresh_ipf=true 441 else 442 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \ 443 $IPF6_DEFAULT_CONFIG_FILE 444 fi 445 if [ -n "$ipnat_file" ]; then 446 copy_from_legacy_loc $ipnat_file 447 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file 448 refresh_ipf=true 449 else 450 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \ 451 $IPNAT_DEFAULT_CONFIG_FILE 452 fi 453 if [ -n "$ippool_file" ]; then 454 copy_from_legacy_loc $ippool_file 455 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 456 $ippool_file 457 refresh_ipf=true 458 else 459 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 460 $IPPOOL_DEFAULT_CONFIG_FILE 461 fi 462 463 $SVCADM refresh $IPFILTER_FMRI 464 if [ "$refresh_ipf" = "true" ]; then 465 $SVCADM enable $IPFILTER_FMRI 466 else 467 $SVCADM disable $IPFILTER_FMRI 468 fi 469 470 # Remove the Legacy directories, script and location 471 $RM -rf $VOL_LEGACY_PATH 472 $RM -rf $PERM_LEGACY_PATH 473 $RM -f $VOL_NWAM_PATH/create_loc_legacy 474 $NWAMCFG destroy loc Legacy 475 } 476 477 # 478 # Script entry point 479 # 480 # Arguments to net-nwam are 481 # method ( start | refresh | stop | -u | -c ) 482 # 483 484 # 485 # Create nwam directory in /etc/svc/volatile 486 # 487 if [ ! -d $VOL_NWAM_PATH ]; then 488 $MKDIR -m 0755 $VOL_NWAM_PATH 489 fi 490 491 case "$1" in 492 'refresh') 493 /usr/bin/pkill -HUP -z `smf_zonename` nwamd 494 # 495 # Enable network/location. Needed on first boot post-install as 496 # network/location will not exist until after manifest-import runs. 497 # 498 if service_exists $NET_LOC_FMRI ; then 499 $SVCADM enable -t $NET_LOC_FMRI 500 fi 501 ;; 502 503 'start') 504 # The real daemon is not started in a shared stack zone. But we need to 505 # create a dummy background process to preserve contract lifetime. 506 smf_configure_ip 507 if [ $? = "1" ] ; then 508 $RM -f $VOL_NWAM_PATH/nwam_blocked 509 $MKFIFO $VOL_NWAM_PATH/nwam_blocked 510 ($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) & 511 exit $SMF_EXIT_OK 512 fi 513 514 # 515 # Enable network/location. 516 # 517 if service_exists $NET_LOC_FMRI ; then 518 $SVCADM enable -t $NET_LOC_FMRI 519 fi 520 521 if smf_is_globalzone; then 522 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG 523 524 # Update PVID on interfaces configured with VLAN 1 525 update_pvid 526 527 # 528 # Upgrade handling. The upgrade file consists of a series 529 # of dladm(1M) commands. Note that after we are done, we 530 # cannot rename the upgrade script file as the file system 531 # is still read-only at this point. Defer this to the 532 # manifest-import service. 533 # 534 upgrade_script=/var/svc/profile/upgrade_datalink 535 if [ -f "${upgrade_script}" ]; then 536 . "${upgrade_script}" 537 fi 538 539 # 540 # Upgrade handling for ibd: 541 # After we are done with the upgrade handling, we can not set 542 # the ibd/ibd_upgraded property to "true" as the file system is 543 # read-only at this point. It will be done later by 544 # ibd-post-upgrade service. 545 # 546 if [ -x /sbin/ibd_upgrade ]; then 547 ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \ 548 svc:/network/physical:default 2> /dev/null` 549 if [ "$ibd_upgraded" != "true" ]; then 550 /sbin/ibd_upgrade -v 551 fi 552 fi 553 554 # Bring up simnet instances 555 /sbin/dladm up-simnet 556 # Initialize security objects. 557 /sbin/dladm init-secobj 558 559 # 560 # Initialize VNICs, VLANs and flows. Though they are brought 561 # up here, NWAM will not automatically manage VNICs and VLANs. 562 # 563 /sbin/dladm up-vnic 564 /sbin/dladm up-vlan 565 /sbin/dladm up-part 566 /sbin/dladm up-aggr 567 /sbin/flowadm init-flow 568 fi 569 570 # 571 # We also need to create the Legacy location, which is used 572 # to restore non-NWAM settings that are overwritten when 573 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.). 574 # 575 $NWAMCFG list loc Legacy >/dev/null 2>&1 576 if [ $? -eq 1 ]; then 577 create_legacy_loc 578 fi 579 580 # start nwamd in foreground; it will daemonize itself 581 if /lib/inet/nwamd ; then 582 exit $SMF_EXIT_OK 583 else 584 exit $SMF_EXIT_ERR_FATAL 585 fi 586 ;; 587 588 'stop') 589 # We need to make the dummy process we created above stop. 590 smf_configure_ip 591 if [ $? = "1" ] ; then 592 echo "stop" > $VOL_NWAM_PATH/nwam_blocked 593 exit $SMF_EXIT_OK 594 fi 595 596 /usr/bin/pkill -z `smf_zonename` nwamd 597 598 # 599 # Restore the non-NWAM settings. 600 # 601 $NWAMCFG list loc Legacy >/dev/null 2>&1 602 if [ $? -eq 1 ]; then 603 echo "No Legacy location to revert to!" 604 exit $SMF_EXIT_OK 605 fi 606 revert_to_legacy_loc 607 # remove the location property group 608 $SVCCFG -s $NET_LOC_FMRI delpg location 609 ;; 610 611 '-u') 612 # After we run this part of the script upon the next reboot 613 # network/physical:default will be enabled and 614 # network/physical:nwam will be disabled. 615 # There are various other parts of the system (nscd, nfs) that 616 # depend on continuing to have a working network. For this 617 # reason we don't change the network configuration immediately. 618 # 619 # Disable network/physical temporarily and make sure that will 620 # be enabled on reboot. 621 $SVCADM disable -st $NET_PHYS_FMRI 622 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true 623 624 # If nwam is online then make sure that it's temporarily enabled. 625 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI` 626 if [ $? -eq 0 ]; then 627 set -- $nwam_online 628 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI 629 fi 630 631 # Set nwam so that it won't be enabled upon reboot. 632 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false 633 exit 0 634 ;; 635 636 '-c') 637 # Nothing to do for sysidtool 638 exit 0 639 ;; 640 641 *) 642 echo "Usage: $0 { start | stop | refresh }" 643 exit $SMF_EXIT_ERR_FATAL 644 ;; 645 esac 646 exit $SMF_EXIT_OK