40 #
41 # Default *.conf files
42 # Set appropriate config SMF property to these files when NWAM is stopped
43 # and corresponding config properties in the Legacy location are emtpy
44 #
45 IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
46 IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
47 IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
48 IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
49 IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
50
51 # commands
52 BASENAME=/usr/bin/basename
53 CAT=/usr/bin/cat
54 CP=/usr/bin/cp
55 DOMAINNAME=/usr/bin/domainname
56 GREP=/usr/bin/grep
57 LDAPCLIENT=/usr/sbin/ldapclient
58 MKDIR=/usr/bin/mkdir
59 MKFIFO=/usr/bin/mkfifo
60 NAWK=/usr/bin/nawk
61 NWAMCFG=/usr/sbin/nwamcfg
62 RM=/usr/bin/rm
63 SVCADM=/usr/sbin/svcadm
64 SVCCFG=/usr/sbin/svccfg
65 SVCPROP=/usr/bin/svcprop
66
67 # Path to directories
68 # We don't have a writable file system so we write to /etc/svc/volatile and
69 # then later copy anything interesting to /etc/nwam.
70 VOL_NWAM_PATH=/etc/svc/volatile/nwam
71 VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
72 PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
73 NIS_BIND_PATH=/var/yp/binding
74
75 #
76 # copy_to_legacy_loc <file>
77 #
78 # Copies the file to the Legacy location directory
79 # (in /etc/svc/volatile/nwam/Legacy)
80 #
157 DNS_NAMESERVICE_SERVERS=""
158 DNS_NAMESERVICE_SEARCH=""
159 NIS_NAMESERVICE_CONFIGSRC=""
160 NIS_NAMESERVICE_SERVERS=""
161 LDAP_NAMESERVICE_CONFIGSRC=""
162 LDAP_NAMESERVICE_SERVERS=""
163 DEFAULT_DOMAIN=""
164
165 # Copy /etc/nsswitch.conf file
166 copy_to_legacy_loc /etc/nsswitch.conf
167 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
168
169 # Gather DNS info from resolv.conf if present.
170 if [ -f /etc/resolv.conf ]; then
171 NAMESERVICES="dns,"
172 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
173 if [ $? -eq 0 ]; then
174 DNS_NAMESERVICE_CONFIGSRC="dhcp"
175 else
176 DNS_NAMESERVICE_CONFIGSRC="manual"
177 DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
178 print $2 }' < /etc/resolv.conf`
179 DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
180 { printf "%s,", $2 }' < /etc/resolv.conf`
181 DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
182 { printf "%s,", $2 }' < /etc/resolv.conf`
183 copy_to_legacy_loc /etc/resolv.conf
184 fi
185 fi
186
187 # Gather NIS info from appropriate file if present.
188 if service_is_enabled $NIS_CLIENT_FMRI; then
189 NAMESERVICES="${NAMESERVICES}nis,"
190 NIS_NAMESERVICE_CONFIGSRC="manual"
191 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
192
193 yp_servers=`$NAWK '{ printf "%s ", $1 }' \
194 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
195 for serv in $yp_servers; do
196 if is_valid_addr $serv; then
197 addr="$serv,"
198 else
199 addr=`$GREP -iw $serv /etc/inet/hosts | \
200 $NAWK '{ printf "%s,", $1 }'`
201 fi
202 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
203 done
204 fi
205
206 # Gather LDAP info via ldapclient(1M).
207 if [ -f /var/ldap/ldap_client_file ]; then
208 copy_to_legacy /var/ldap/ldap_client_file
209 NAMESERVICES="${NAMESERVICES}ldap,"
210 LDAP_NAMESERVICE_CONFIGSRC="manual"
211 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
212 $NAWK '$1 == "preferredServerList:" { print $2 }'`
213 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
214 fi
215
216 # Now, write nwamcfg commands for nameservices
217 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
218 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
219 $CREATE_LOC_LEGACY_FILE
220 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
221 $CREATE_LOC_LEGACY_FILE
222 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
223 $CREATE_LOC_LEGACY_FILE
224 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
225 $CREATE_LOC_LEGACY_FILE
226 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
227 $CREATE_LOC_LEGACY_FILE
228 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
229 $CREATE_LOC_LEGACY_FILE
230 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
231 $CREATE_LOC_LEGACY_FILE
232 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
348 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
349 copy_from_legacy_loc /etc/resolv.conf
350 $SVCADM enable dns/client
351 fi
352
353 # set /etc/defaultdomain and domainname(1M)
354 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
355 if [ -n "$DEFAULT_DOMAIN" ]; then
356 $DOMAINNAME $DEFAULT_DOMAIN
357 $DOMAINNAME > /etc/defaultdomain
358 fi
359
360 # NIS - directory and ypserver in /var/yp/binding/
361 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
362 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
363 if [ -n "$NIS_CONFIGSRC" ]; then
364 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
365 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
366 fi
367 if [ -n "$NIS_SERVERS" ]; then
368 echo "$NIS_SERVERS" | $NAWK \
369 'FS="," { for (i = 1; i <= NF; i++) print $i }' \
370 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
371 fi
372 $SVCADM enable nis/client
373 fi
374
375 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
376 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
377 copy_from_legacy_loc /var/ldap/ldap_client_file
378 $SVCADM enable ldap/client
379 fi
380
381 # Copy back nfs NFSMAPID_DOMAIN
382 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
383 if [ -n "$NFSMAPID_DOMAIN" ]; then
384 set_smf_prop $NFS_MAPID_FMRI \
385 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
386 $SVCADM refresh $NFS_MAPID_FMRI
387 $SVCADM enable $NFS_MAPID_FMRI
388 fi
404 set_smf_prop $IPSEC_IKE_FMRI config/config_file \
405 $IPSEC_IKE_DEFAULT_CONFIG_FILE
406 $SVCADM disable $IPSEC_IKE_FMRI
407 fi
408 if [ -n "$pol_file" ]; then
409 copy_from_legacy_loc $pol_file
410 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
411 $SVCADM refresh $IPSEC_POLICY_FMRI
412 $SVCADM enable $IPSEC_POLICY_FMRI
413 else
414 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
415 $IPSEC_POLICY_DEFAULT_CONFIG_FILE
416 $SVCADM disable $IPSEC_POLICY_FMRI
417 fi
418
419 refresh_ipf=false
420 if [ -n "$ipf_file" ]; then
421 # change /none, /allow, and /deny to firewall policy
422 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
423 -o "$ipf_file" = "/deny" ]; then
424 policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
425 set_smf_prop $IPFILTER_FMRI \
426 firewall_config_default/policy $policy
427 # no need to clear custom_policy_file as it isn't "custom"
428 else
429 copy_from_legacy_loc $ipf_file
430 set_smf_prop $IPFILTER_FMRI \
431 firewall_config_default/policy "custom"
432 set_smf_prop $IPFILTER_FMRI \
433 firewall_config_default/custom_policy_file $ipf_file
434 fi
435 refresh_ipf=true
436 fi
437 if [ -n "$ipf6_file" ]; then
438 copy_from_legacy_loc $ipf6_file
439 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
440 refresh_ipf=true
441 else
442 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
443 $IPF6_DEFAULT_CONFIG_FILE
444 fi
|
40 #
41 # Default *.conf files
42 # Set appropriate config SMF property to these files when NWAM is stopped
43 # and corresponding config properties in the Legacy location are emtpy
44 #
45 IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
46 IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
47 IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
48 IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
49 IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
50
51 # commands
52 BASENAME=/usr/bin/basename
53 CAT=/usr/bin/cat
54 CP=/usr/bin/cp
55 DOMAINNAME=/usr/bin/domainname
56 GREP=/usr/bin/grep
57 LDAPCLIENT=/usr/sbin/ldapclient
58 MKDIR=/usr/bin/mkdir
59 MKFIFO=/usr/bin/mkfifo
60 AWK=/usr/xpg4/bin/awk
61 NWAMCFG=/usr/sbin/nwamcfg
62 RM=/usr/bin/rm
63 SVCADM=/usr/sbin/svcadm
64 SVCCFG=/usr/sbin/svccfg
65 SVCPROP=/usr/bin/svcprop
66
67 # Path to directories
68 # We don't have a writable file system so we write to /etc/svc/volatile and
69 # then later copy anything interesting to /etc/nwam.
70 VOL_NWAM_PATH=/etc/svc/volatile/nwam
71 VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
72 PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
73 NIS_BIND_PATH=/var/yp/binding
74
75 #
76 # copy_to_legacy_loc <file>
77 #
78 # Copies the file to the Legacy location directory
79 # (in /etc/svc/volatile/nwam/Legacy)
80 #
157 DNS_NAMESERVICE_SERVERS=""
158 DNS_NAMESERVICE_SEARCH=""
159 NIS_NAMESERVICE_CONFIGSRC=""
160 NIS_NAMESERVICE_SERVERS=""
161 LDAP_NAMESERVICE_CONFIGSRC=""
162 LDAP_NAMESERVICE_SERVERS=""
163 DEFAULT_DOMAIN=""
164
165 # Copy /etc/nsswitch.conf file
166 copy_to_legacy_loc /etc/nsswitch.conf
167 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
168
169 # Gather DNS info from resolv.conf if present.
170 if [ -f /etc/resolv.conf ]; then
171 NAMESERVICES="dns,"
172 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
173 if [ $? -eq 0 ]; then
174 DNS_NAMESERVICE_CONFIGSRC="dhcp"
175 else
176 DNS_NAMESERVICE_CONFIGSRC="manual"
177 DNS_NAMESERVICE_DOMAIN=`$AWK '$1 == "domain" {\
178 print $2 }' < /etc/resolv.conf`
179 DNS_NAMESERVICE_SERVERS=`$AWK '$1 == "nameserver" \
180 { printf "%s,", $2 }' < /etc/resolv.conf`
181 DNS_NAMESERVICE_SEARCH=`$AWK '$1 == "search" \
182 { printf "%s,", $2 }' < /etc/resolv.conf`
183 copy_to_legacy_loc /etc/resolv.conf
184 fi
185 fi
186
187 # Gather NIS info from appropriate file if present.
188 if service_is_enabled $NIS_CLIENT_FMRI; then
189 NAMESERVICES="${NAMESERVICES}nis,"
190 NIS_NAMESERVICE_CONFIGSRC="manual"
191 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
192
193 yp_servers=`$AWK '{ printf "%s ", $1 }' \
194 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
195 for serv in $yp_servers; do
196 if is_valid_addr $serv; then
197 addr="$serv,"
198 else
199 addr=`$GREP -iw $serv /etc/inet/hosts | \
200 $AWK '{ printf "%s,", $1 }'`
201 fi
202 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
203 done
204 fi
205
206 # Gather LDAP info via ldapclient(1M).
207 if [ -f /var/ldap/ldap_client_file ]; then
208 copy_to_legacy /var/ldap/ldap_client_file
209 NAMESERVICES="${NAMESERVICES}ldap,"
210 LDAP_NAMESERVICE_CONFIGSRC="manual"
211 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
212 $AWK '$1 == "preferredServerList:" { print $2 }'`
213 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
214 fi
215
216 # Now, write nwamcfg commands for nameservices
217 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
218 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
219 $CREATE_LOC_LEGACY_FILE
220 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
221 $CREATE_LOC_LEGACY_FILE
222 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
223 $CREATE_LOC_LEGACY_FILE
224 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
225 $CREATE_LOC_LEGACY_FILE
226 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
227 $CREATE_LOC_LEGACY_FILE
228 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
229 $CREATE_LOC_LEGACY_FILE
230 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
231 $CREATE_LOC_LEGACY_FILE
232 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
348 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
349 copy_from_legacy_loc /etc/resolv.conf
350 $SVCADM enable dns/client
351 fi
352
353 # set /etc/defaultdomain and domainname(1M)
354 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
355 if [ -n "$DEFAULT_DOMAIN" ]; then
356 $DOMAINNAME $DEFAULT_DOMAIN
357 $DOMAINNAME > /etc/defaultdomain
358 fi
359
360 # NIS - directory and ypserver in /var/yp/binding/
361 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
362 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
363 if [ -n "$NIS_CONFIGSRC" ]; then
364 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
365 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
366 fi
367 if [ -n "$NIS_SERVERS" ]; then
368 echo "$NIS_SERVERS" | $AWK \
369 'FS="," { for (i = 1; i <= NF; i++) print $i }' \
370 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
371 fi
372 $SVCADM enable nis/client
373 fi
374
375 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
376 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
377 copy_from_legacy_loc /var/ldap/ldap_client_file
378 $SVCADM enable ldap/client
379 fi
380
381 # Copy back nfs NFSMAPID_DOMAIN
382 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
383 if [ -n "$NFSMAPID_DOMAIN" ]; then
384 set_smf_prop $NFS_MAPID_FMRI \
385 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
386 $SVCADM refresh $NFS_MAPID_FMRI
387 $SVCADM enable $NFS_MAPID_FMRI
388 fi
404 set_smf_prop $IPSEC_IKE_FMRI config/config_file \
405 $IPSEC_IKE_DEFAULT_CONFIG_FILE
406 $SVCADM disable $IPSEC_IKE_FMRI
407 fi
408 if [ -n "$pol_file" ]; then
409 copy_from_legacy_loc $pol_file
410 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
411 $SVCADM refresh $IPSEC_POLICY_FMRI
412 $SVCADM enable $IPSEC_POLICY_FMRI
413 else
414 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
415 $IPSEC_POLICY_DEFAULT_CONFIG_FILE
416 $SVCADM disable $IPSEC_POLICY_FMRI
417 fi
418
419 refresh_ipf=false
420 if [ -n "$ipf_file" ]; then
421 # change /none, /allow, and /deny to firewall policy
422 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
423 -o "$ipf_file" = "/deny" ]; then
424 policy=`echo "$ipf_file" | $AWK 'FS="/" { print $2 }'`
425 set_smf_prop $IPFILTER_FMRI \
426 firewall_config_default/policy $policy
427 # no need to clear custom_policy_file as it isn't "custom"
428 else
429 copy_from_legacy_loc $ipf_file
430 set_smf_prop $IPFILTER_FMRI \
431 firewall_config_default/policy "custom"
432 set_smf_prop $IPFILTER_FMRI \
433 firewall_config_default/custom_policy_file $ipf_file
434 fi
435 refresh_ipf=true
436 fi
437 if [ -n "$ipf6_file" ]; then
438 copy_from_legacy_loc $ipf6_file
439 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
440 refresh_ipf=true
441 else
442 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
443 $IPF6_DEFAULT_CONFIG_FILE
444 fi
|