Print this page
XXX Remove nawk(1)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/svc/milestone/net-nwam
+++ new/usr/src/cmd/svc/milestone/net-nwam
1 1 #!/sbin/sh
2 2 #
3 3 # CDDL HEADER START
4 4 #
5 5 # The contents of this file are subject to the terms of the
6 6 # Common Development and Distribution License (the "License").
7 7 # You may not use this file except in compliance with the License.
8 8 #
9 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 # or http://www.opensolaris.org/os/licensing.
11 11 # See the License for the specific language governing permissions
12 12 # and limitations under the License.
13 13 #
14 14 # When distributing Covered Code, include this CDDL HEADER in each
15 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 # If applicable, add the following below this CDDL HEADER, with the
17 17 # fields enclosed by brackets "[]" replaced with your own identifying
18 18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 19 #
20 20 # CDDL HEADER END
21 21 #
22 22 #
23 23 # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 # Copyright 2012 Milan Jurik. All rights reserved.
25 25 #
26 26
27 27 . /lib/svc/share/smf_include.sh
28 28 . /lib/svc/share/net_include.sh
29 29
30 30 # FMRI constants
31 31 IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
32 32 IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
33 33 IPFILTER_FMRI="svc:/network/ipfilter:default"
34 34 NIS_CLIENT_FMRI="svc:/network/nis/client:default"
35 35 NET_PHYS_FMRI="svc:/network/physical:default"
36 36 NET_NWAM_FMRI="svc:/network/physical:nwam"
37 37 NET_LOC_FMRI="svc:/network/location:default"
38 38 NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
39 39
40 40 #
41 41 # Default *.conf files
42 42 # Set appropriate config SMF property to these files when NWAM is stopped
43 43 # and corresponding config properties in the Legacy location are emtpy
44 44 #
45 45 IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
46 46 IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
47 47 IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
48 48 IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
49 49 IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
|
↓ open down ↓ |
49 lines elided |
↑ open up ↑ |
50 50
51 51 # commands
52 52 BASENAME=/usr/bin/basename
53 53 CAT=/usr/bin/cat
54 54 CP=/usr/bin/cp
55 55 DOMAINNAME=/usr/bin/domainname
56 56 GREP=/usr/bin/grep
57 57 LDAPCLIENT=/usr/sbin/ldapclient
58 58 MKDIR=/usr/bin/mkdir
59 59 MKFIFO=/usr/bin/mkfifo
60 -NAWK=/usr/bin/nawk
60 +AWK=/usr/xpg4/bin/awk
61 61 NWAMCFG=/usr/sbin/nwamcfg
62 62 RM=/usr/bin/rm
63 63 SVCADM=/usr/sbin/svcadm
64 64 SVCCFG=/usr/sbin/svccfg
65 65 SVCPROP=/usr/bin/svcprop
66 66
67 67 # Path to directories
68 68 # We don't have a writable file system so we write to /etc/svc/volatile and
69 69 # then later copy anything interesting to /etc/nwam.
70 70 VOL_NWAM_PATH=/etc/svc/volatile/nwam
71 71 VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
72 72 PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
73 73 NIS_BIND_PATH=/var/yp/binding
74 74
75 75 #
76 76 # copy_to_legacy_loc <file>
77 77 #
78 78 # Copies the file to the Legacy location directory
79 79 # (in /etc/svc/volatile/nwam/Legacy)
80 80 #
81 81 copy_to_legacy_loc() {
82 82 $MKDIR -p $VOL_LEGACY_PATH
83 83 if [ -f "$1" ]; then
84 84 $CP -p $1 $VOL_LEGACY_PATH
85 85 fi
86 86 }
87 87
88 88 #
89 89 # copy_from_legacy_loc <destination file>
90 90 #
91 91 # Copies file with the same name from Legacy location
92 92 # (in /etc/nwam/loc/Legacy) to the given destination file
93 93 #
94 94 copy_from_legacy_loc () {
95 95 DEST_DIR=`/usr/bin/dirname $1`
96 96 SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`"
97 97
98 98 # Make destination directory if needed
99 99 if [ ! -d "$DEST_DIR" ]; then
100 100 $MKDIR -p $DEST_DIR
101 101 fi
102 102
103 103 if [ -f "$SRC_FILE" ]; then
104 104 $CP -p $SRC_FILE $DEST_DIR
105 105 fi
106 106 }
107 107
108 108 #
109 109 # write_loc_prop <property> <value> <file>
110 110 #
111 111 # Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
112 112 #
113 113 write_loc_prop () {
114 114 prop=$1
115 115 val=$2
116 116 file=$3
117 117
118 118 if [ -n "$val" -a -n "$file" ]; then
119 119 echo "set $prop=$val" >> $file
120 120 fi
121 121 }
122 122
123 123 #
124 124 # set_smf_prop <fmri> <property name> <property value>
125 125 #
126 126 set_smf_prop () {
127 127 $SVCCFG -s $1 setprop $2 = astring: "$3" && return
128 128 }
129 129
130 130 #
131 131 # get_smf_prop <fmri> <property name>
132 132 #
133 133 get_smf_prop () {
134 134 $SVCPROP -p $2 $1
135 135 }
136 136
137 137 #
138 138 # Creates Legacy location from the current configuration
139 139 #
140 140 create_legacy_loc () {
141 141 CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy
142 142
143 143 #
144 144 # Write nwamcfg commands to create Legacy location to
145 145 # $CREATE_LOC_LEGACY_FILE as values for properties are determined
146 146 # Note that some of the *_CONFIG_FILE variables point at copies of
147 147 # files we've made and others indicate where those copies should be
148 148 # if we are enabling the location.
149 149 #
150 150 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
151 151 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
152 152
153 153 NAMESERVICES=""
154 154 NAMESERVICES_CONFIG_FILE=""
155 155 DNS_NAMESERVICE_CONFIGSRC=""
156 156 DNS_NAMESERVICE_DOMAIN=""
157 157 DNS_NAMESERVICE_SERVERS=""
158 158 DNS_NAMESERVICE_SEARCH=""
159 159 NIS_NAMESERVICE_CONFIGSRC=""
160 160 NIS_NAMESERVICE_SERVERS=""
161 161 LDAP_NAMESERVICE_CONFIGSRC=""
162 162 LDAP_NAMESERVICE_SERVERS=""
163 163 DEFAULT_DOMAIN=""
164 164
165 165 # Copy /etc/nsswitch.conf file
166 166 copy_to_legacy_loc /etc/nsswitch.conf
|
↓ open down ↓ |
96 lines elided |
↑ open up ↑ |
167 167 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
168 168
169 169 # Gather DNS info from resolv.conf if present.
170 170 if [ -f /etc/resolv.conf ]; then
171 171 NAMESERVICES="dns,"
172 172 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
173 173 if [ $? -eq 0 ]; then
174 174 DNS_NAMESERVICE_CONFIGSRC="dhcp"
175 175 else
176 176 DNS_NAMESERVICE_CONFIGSRC="manual"
177 - DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
177 + DNS_NAMESERVICE_DOMAIN=`$AWK '$1 == "domain" {\
178 178 print $2 }' < /etc/resolv.conf`
179 - DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
179 + DNS_NAMESERVICE_SERVERS=`$AWK '$1 == "nameserver" \
180 180 { printf "%s,", $2 }' < /etc/resolv.conf`
181 - DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
181 + DNS_NAMESERVICE_SEARCH=`$AWK '$1 == "search" \
182 182 { printf "%s,", $2 }' < /etc/resolv.conf`
183 183 copy_to_legacy_loc /etc/resolv.conf
184 184 fi
185 185 fi
186 186
187 187 # Gather NIS info from appropriate file if present.
188 188 if service_is_enabled $NIS_CLIENT_FMRI; then
189 189 NAMESERVICES="${NAMESERVICES}nis,"
190 190 NIS_NAMESERVICE_CONFIGSRC="manual"
191 191 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
192 192
193 - yp_servers=`$NAWK '{ printf "%s ", $1 }' \
193 + yp_servers=`$AWK '{ printf "%s ", $1 }' \
194 194 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
195 195 for serv in $yp_servers; do
196 196 if is_valid_addr $serv; then
197 197 addr="$serv,"
198 198 else
199 199 addr=`$GREP -iw $serv /etc/inet/hosts | \
200 - $NAWK '{ printf "%s,", $1 }'`
200 + $AWK '{ printf "%s,", $1 }'`
201 201 fi
202 202 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
203 203 done
204 204 fi
205 205
206 206 # Gather LDAP info via ldapclient(1M).
207 207 if [ -f /var/ldap/ldap_client_file ]; then
208 208 copy_to_legacy /var/ldap/ldap_client_file
209 209 NAMESERVICES="${NAMESERVICES}ldap,"
210 210 LDAP_NAMESERVICE_CONFIGSRC="manual"
211 211 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
212 - $NAWK '$1 == "preferredServerList:" { print $2 }'`
212 + $AWK '$1 == "preferredServerList:" { print $2 }'`
213 213 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
214 214 fi
215 215
216 216 # Now, write nwamcfg commands for nameservices
217 217 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
218 218 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
219 219 $CREATE_LOC_LEGACY_FILE
220 220 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
221 221 $CREATE_LOC_LEGACY_FILE
222 222 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
223 223 $CREATE_LOC_LEGACY_FILE
224 224 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
225 225 $CREATE_LOC_LEGACY_FILE
226 226 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
227 227 $CREATE_LOC_LEGACY_FILE
228 228 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
229 229 $CREATE_LOC_LEGACY_FILE
230 230 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
231 231 $CREATE_LOC_LEGACY_FILE
232 232 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
233 233 $CREATE_LOC_LEGACY_FILE
234 234 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
235 235 $CREATE_LOC_LEGACY_FILE
236 236 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
237 237
238 238 # Retrieve NFSv4 domain from SMF.
239 239 if service_is_enabled $NFS_MAPID_FMRI; then
240 240 NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \
241 241 nfs-props/nfsmapid_domain`
242 242 write_loc_prop "nfsv4-domain" \
243 243 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
244 244 fi
245 245
246 246 IPF_CONFIG_FILE=""
247 247 IPF6_CONFIG_FILE=""
248 248 IPNAT_CONFIG_FILE=""
249 249 IPPOOL_CONFIG_FILE=""
250 250 IKE_CONFIG_FILE=""
251 251 IPSEC_POLICY_CONFIG_FILE=""
252 252
253 253 #
254 254 # IPFilter
255 255 #
256 256 # If the firewall policy is "custom", simply copy the
257 257 # custom_policy_file. If the firewall policy is "none", "allow" or
258 258 # "deny", save the value as "/<value>". When reverting back to the
259 259 # Legacy location, these values will have to be treated as special.
260 260 #
261 261 # For all configuration files, copy them to the Legacy directory.
262 262 # Use the respective properties to remember the original locations
263 263 # of the files so that they can be copied back there when NWAM is
264 264 # stopped.
265 265 #
266 266 if service_is_enabled $IPFILTER_FMRI; then
267 267 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
268 268 firewall_config_default/policy`
269 269 if [ "$FIREWALL_POLICY" = "custom" ]; then
270 270 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
271 271 firewall_config_default/custom_policy_file`
272 272 copy_to_legacy_loc $IPF_CONFIG_FILE
273 273 else
274 274 # save value as /none, /allow, or /deny
275 275 IPF_CONFIG_FILE="/$FIREWALL_POLICY"
276 276 fi
277 277 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
278 278 config/ipf6_config_file`
279 279 copy_to_legacy_loc $IPF6_CONFIG_FILE
280 280
281 281 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
282 282 config/ipnat_config_file`
283 283 copy_to_legacy_loc $IPNAT_CONFIG_FILE
284 284
285 285 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
286 286 config/ippool_config_file`
287 287 copy_to_legacy_loc $IPPOOL_CONFIG_FILE
288 288 fi
289 289
290 290 # IKE
291 291 if service_is_enabled $IPSEC_IKE_FMRI:default; then
292 292 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
293 293 copy_to_legacy_loc $IKE_CONFIG_FILE
294 294 fi
295 295
296 296 # IPsec
297 297 if service_is_enabled $IPSEC_POLICY_FMRI:default; then
298 298 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
299 299 config/config_file`
300 300 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
301 301 fi
302 302
303 303 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
304 304 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
305 305 -o -f "$IPF_CONFIG_FILE" \) ]; then
306 306 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
307 307 $CREATE_LOC_LEGACY_FILE
308 308 fi
309 309 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
310 310 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
311 311 $CREATE_LOC_LEGACY_FILE
312 312 fi
313 313 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
314 314 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
315 315 $CREATE_LOC_LEGACY_FILE
316 316 fi
317 317 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
318 318 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
319 319 $CREATE_LOC_LEGACY_FILE
320 320 fi
321 321 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
322 322 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
323 323 $CREATE_LOC_LEGACY_FILE
324 324 fi
325 325 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
326 326 then
327 327 write_loc_prop "ipsecpolicy-config-file" \
328 328 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
329 329 fi
330 330
331 331 # End
332 332 echo "end" >> $CREATE_LOC_LEGACY_FILE
333 333 # network/location will create the Legacy location with these commands.
334 334 }
335 335
336 336 #
337 337 # Undoes the effects of the Legacy location creation
338 338 #
339 339 revert_to_legacy_loc () {
340 340 $SVCADM disable dns/client
341 341 $SVCADM disable nis/client
342 342 $SVCADM disable ldap/client
343 343
344 344 # copy nsswitch.conf to /etc/nsswitch.conf
345 345 copy_from_legacy_loc /etc/nsswitch.conf
346 346
347 347 # DNS - copy resolv.conf to /etc/resolv.conf
348 348 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
349 349 copy_from_legacy_loc /etc/resolv.conf
350 350 $SVCADM enable dns/client
351 351 fi
352 352
353 353 # set /etc/defaultdomain and domainname(1M)
354 354 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
355 355 if [ -n "$DEFAULT_DOMAIN" ]; then
356 356 $DOMAINNAME $DEFAULT_DOMAIN
357 357 $DOMAINNAME > /etc/defaultdomain
|
↓ open down ↓ |
135 lines elided |
↑ open up ↑ |
358 358 fi
359 359
360 360 # NIS - directory and ypserver in /var/yp/binding/
361 361 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
362 362 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
363 363 if [ -n "$NIS_CONFIGSRC" ]; then
364 364 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
365 365 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
366 366 fi
367 367 if [ -n "$NIS_SERVERS" ]; then
368 - echo "$NIS_SERVERS" | $NAWK \
368 + echo "$NIS_SERVERS" | $AWK \
369 369 'FS="," { for (i = 1; i <= NF; i++) print $i }' \
370 370 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
371 371 fi
372 372 $SVCADM enable nis/client
373 373 fi
374 374
375 375 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
376 376 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
377 377 copy_from_legacy_loc /var/ldap/ldap_client_file
378 378 $SVCADM enable ldap/client
379 379 fi
380 380
381 381 # Copy back nfs NFSMAPID_DOMAIN
382 382 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
383 383 if [ -n "$NFSMAPID_DOMAIN" ]; then
384 384 set_smf_prop $NFS_MAPID_FMRI \
385 385 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
386 386 $SVCADM refresh $NFS_MAPID_FMRI
387 387 $SVCADM enable $NFS_MAPID_FMRI
388 388 fi
389 389
390 390 # IPFilter, IPsec, and IKE
391 391 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
392 392 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
393 393 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
394 394 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
395 395 ike_file=`nwam_get_loc_prop Legacy ike-config-file`
396 396 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
397 397
398 398 if [ -n "$ike_file" ]; then
399 399 copy_from_legacy_loc $ike_file
400 400 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
401 401 $SVCADM refresh $IPSEC_IKE_FMRI
402 402 $SVCADM enable $IPSEC_IKE_FMRI
403 403 else
404 404 set_smf_prop $IPSEC_IKE_FMRI config/config_file \
405 405 $IPSEC_IKE_DEFAULT_CONFIG_FILE
406 406 $SVCADM disable $IPSEC_IKE_FMRI
407 407 fi
408 408 if [ -n "$pol_file" ]; then
409 409 copy_from_legacy_loc $pol_file
410 410 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
411 411 $SVCADM refresh $IPSEC_POLICY_FMRI
412 412 $SVCADM enable $IPSEC_POLICY_FMRI
413 413 else
|
↓ open down ↓ |
35 lines elided |
↑ open up ↑ |
414 414 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
415 415 $IPSEC_POLICY_DEFAULT_CONFIG_FILE
416 416 $SVCADM disable $IPSEC_POLICY_FMRI
417 417 fi
418 418
419 419 refresh_ipf=false
420 420 if [ -n "$ipf_file" ]; then
421 421 # change /none, /allow, and /deny to firewall policy
422 422 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
423 423 -o "$ipf_file" = "/deny" ]; then
424 - policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
424 + policy=`echo "$ipf_file" | $AWK 'FS="/" { print $2 }'`
425 425 set_smf_prop $IPFILTER_FMRI \
426 426 firewall_config_default/policy $policy
427 427 # no need to clear custom_policy_file as it isn't "custom"
428 428 else
429 429 copy_from_legacy_loc $ipf_file
430 430 set_smf_prop $IPFILTER_FMRI \
431 431 firewall_config_default/policy "custom"
432 432 set_smf_prop $IPFILTER_FMRI \
433 433 firewall_config_default/custom_policy_file $ipf_file
434 434 fi
435 435 refresh_ipf=true
436 436 fi
437 437 if [ -n "$ipf6_file" ]; then
438 438 copy_from_legacy_loc $ipf6_file
439 439 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
440 440 refresh_ipf=true
441 441 else
442 442 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
443 443 $IPF6_DEFAULT_CONFIG_FILE
444 444 fi
445 445 if [ -n "$ipnat_file" ]; then
446 446 copy_from_legacy_loc $ipnat_file
447 447 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
448 448 refresh_ipf=true
449 449 else
450 450 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
451 451 $IPNAT_DEFAULT_CONFIG_FILE
452 452 fi
453 453 if [ -n "$ippool_file" ]; then
454 454 copy_from_legacy_loc $ippool_file
455 455 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
456 456 $ippool_file
457 457 refresh_ipf=true
458 458 else
459 459 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
460 460 $IPPOOL_DEFAULT_CONFIG_FILE
461 461 fi
462 462
463 463 $SVCADM refresh $IPFILTER_FMRI
464 464 if [ "$refresh_ipf" = "true" ]; then
465 465 $SVCADM enable $IPFILTER_FMRI
466 466 else
467 467 $SVCADM disable $IPFILTER_FMRI
468 468 fi
469 469
470 470 # Remove the Legacy directories, script and location
471 471 $RM -rf $VOL_LEGACY_PATH
472 472 $RM -rf $PERM_LEGACY_PATH
473 473 $RM -f $VOL_NWAM_PATH/create_loc_legacy
474 474 $NWAMCFG destroy loc Legacy
475 475 }
476 476
477 477 #
478 478 # Script entry point
479 479 #
480 480 # Arguments to net-nwam are
481 481 # method ( start | refresh | stop | -u | -c )
482 482 #
483 483
484 484 #
485 485 # Create nwam directory in /etc/svc/volatile
486 486 #
487 487 if [ ! -d $VOL_NWAM_PATH ]; then
488 488 $MKDIR -m 0755 $VOL_NWAM_PATH
489 489 fi
490 490
491 491 case "$1" in
492 492 'refresh')
493 493 /usr/bin/pkill -HUP -z `smf_zonename` nwamd
494 494 #
495 495 # Enable network/location. Needed on first boot post-install as
496 496 # network/location will not exist until after manifest-import runs.
497 497 #
498 498 if service_exists $NET_LOC_FMRI ; then
499 499 $SVCADM enable -t $NET_LOC_FMRI
500 500 fi
501 501 ;;
502 502
503 503 'start')
504 504 # The real daemon is not started in a shared stack zone. But we need to
505 505 # create a dummy background process to preserve contract lifetime.
506 506 smf_configure_ip
507 507 if [ $? = "1" ] ; then
508 508 $RM -f $VOL_NWAM_PATH/nwam_blocked
509 509 $MKFIFO $VOL_NWAM_PATH/nwam_blocked
510 510 ($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
511 511 exit $SMF_EXIT_OK
512 512 fi
513 513
514 514 #
515 515 # Enable network/location.
516 516 #
517 517 if service_exists $NET_LOC_FMRI ; then
518 518 $SVCADM enable -t $NET_LOC_FMRI
519 519 fi
520 520
521 521 if smf_is_globalzone; then
522 522 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
523 523
524 524 # Update PVID on interfaces configured with VLAN 1
525 525 update_pvid
526 526
527 527 #
528 528 # Upgrade handling. The upgrade file consists of a series
529 529 # of dladm(1M) commands. Note that after we are done, we
530 530 # cannot rename the upgrade script file as the file system
531 531 # is still read-only at this point. Defer this to the
532 532 # manifest-import service.
533 533 #
534 534 upgrade_script=/var/svc/profile/upgrade_datalink
535 535 if [ -f "${upgrade_script}" ]; then
536 536 . "${upgrade_script}"
537 537 fi
538 538
539 539 #
540 540 # Upgrade handling for ibd:
541 541 # After we are done with the upgrade handling, we can not set
542 542 # the ibd/ibd_upgraded property to "true" as the file system is
543 543 # read-only at this point. It will be done later by
544 544 # ibd-post-upgrade service.
545 545 #
546 546 if [ -x /sbin/ibd_upgrade ]; then
547 547 ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
548 548 svc:/network/physical:default 2> /dev/null`
549 549 if [ "$ibd_upgraded" != "true" ]; then
550 550 /sbin/ibd_upgrade -v
551 551 fi
552 552 fi
553 553
554 554 # Bring up simnet instances
555 555 /sbin/dladm up-simnet
556 556 # Initialize security objects.
557 557 /sbin/dladm init-secobj
558 558
559 559 #
560 560 # Initialize VNICs, VLANs and flows. Though they are brought
561 561 # up here, NWAM will not automatically manage VNICs and VLANs.
562 562 #
563 563 /sbin/dladm up-vnic
564 564 /sbin/dladm up-vlan
565 565 /sbin/dladm up-part
566 566 /sbin/dladm up-aggr
567 567 /sbin/flowadm init-flow
568 568 fi
569 569
570 570 #
571 571 # We also need to create the Legacy location, which is used
572 572 # to restore non-NWAM settings that are overwritten when
573 573 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
574 574 #
575 575 $NWAMCFG list loc Legacy >/dev/null 2>&1
576 576 if [ $? -eq 1 ]; then
577 577 create_legacy_loc
578 578 fi
579 579
580 580 # start nwamd in foreground; it will daemonize itself
581 581 if /lib/inet/nwamd ; then
582 582 exit $SMF_EXIT_OK
583 583 else
584 584 exit $SMF_EXIT_ERR_FATAL
585 585 fi
586 586 ;;
587 587
588 588 'stop')
589 589 # We need to make the dummy process we created above stop.
590 590 smf_configure_ip
591 591 if [ $? = "1" ] ; then
592 592 echo "stop" > $VOL_NWAM_PATH/nwam_blocked
593 593 exit $SMF_EXIT_OK
594 594 fi
595 595
596 596 /usr/bin/pkill -z `smf_zonename` nwamd
597 597
598 598 #
599 599 # Restore the non-NWAM settings.
600 600 #
601 601 $NWAMCFG list loc Legacy >/dev/null 2>&1
602 602 if [ $? -eq 1 ]; then
603 603 echo "No Legacy location to revert to!"
604 604 exit $SMF_EXIT_OK
605 605 fi
606 606 revert_to_legacy_loc
607 607 # remove the location property group
608 608 $SVCCFG -s $NET_LOC_FMRI delpg location
609 609 ;;
610 610
611 611 '-u')
612 612 # After we run this part of the script upon the next reboot
613 613 # network/physical:default will be enabled and
614 614 # network/physical:nwam will be disabled.
615 615 # There are various other parts of the system (nscd, nfs) that
616 616 # depend on continuing to have a working network. For this
617 617 # reason we don't change the network configuration immediately.
618 618 #
619 619 # Disable network/physical temporarily and make sure that will
620 620 # be enabled on reboot.
621 621 $SVCADM disable -st $NET_PHYS_FMRI
622 622 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
623 623
624 624 # If nwam is online then make sure that it's temporarily enabled.
625 625 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
626 626 if [ $? -eq 0 ]; then
627 627 set -- $nwam_online
628 628 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
629 629 fi
630 630
631 631 # Set nwam so that it won't be enabled upon reboot.
632 632 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
633 633 exit 0
634 634 ;;
635 635
636 636 '-c')
637 637 # Nothing to do for sysidtool
638 638 exit 0
639 639 ;;
640 640
641 641 *)
642 642 echo "Usage: $0 { start | stop | refresh }"
643 643 exit $SMF_EXIT_ERR_FATAL
644 644 ;;
645 645 esac
646 646 exit $SMF_EXIT_OK
|
↓ open down ↓ |
212 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX