xref: /illumos-gate/usr/src/cmd/svc/milestone/net-loc (revision 4491554a16671d144d7bd5b16c8c9b9a26c974e2) 
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26. /lib/svc/share/smf_include.sh
27. /lib/svc/share/net_include.sh
28
29# FMRI consts
30AUTOFS_FMRI="svc:/system/filesystem/autofs"
31DNS_CLIENT_FMRI="svc:/network/dns/client"
32IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
33IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
34IPFILTER_FMRI="svc:/network/ipfilter:default"
35LDAP_CLIENT_FMRI="svc:/network/ldap/client"
36LOCATION_FMRI="svc:/network/location:default"
37MAPID_FMRI="svc:/network/nfs/mapid:default"
38NIS_CLIENT_FMRI="svc:/network/nis/client"
39NWAM_FMRI="svc:/network/physical:nwam"
40
41# commands
42CP=/usr/bin/cp
43DHCPINFO=/sbin/dhcpinfo
44DOMAINNAME=/usr/bin/domainname
45GREP=/usr/bin/grep
46LDAPCLIENT=/usr/sbin/ldapclient
47MKDIR=/usr/bin/mkdir
48MV=/usr/bin/mv
49NAWK=/usr/bin/nawk
50NWAMADM=/usr/sbin/nwamadm
51NWAMCFG=/usr/sbin/nwamcfg
52RM=/usr/bin/rm
53SED=/usr/bin/sed
54SVCADM=/usr/sbin/svcadm
55SVCCFG=/usr/sbin/svccfg
56SVCPROP=/usr/bin/svcprop
57TOUCH=/usr/bin/touch
58
59# Path to directories
60ETC_DEFAULT_DOMAIN=/etc/defaultdomain
61NIS_BIND_PATH=/var/yp/binding
62LEGACY_LOC_PATH=/etc/nwam/loc/Legacy
63USER_LOC_PATH=/etc/nwam/loc/User
64SCRIPT_PATH=/etc/svc/volatile/nwam
65
66#
67# echoes DHCP controlled interfaces separated by commas
68#
69# Don't parse the output of ifconfig(1M) because interfaces that haven't
70# acquired a DHCP lease also have the DHCP flag set.
71#
72get_dhcp_interfaces () {
73	#
74	# 1. parse netstat(1M) output for v4 interfaces in BOUND
75	#    or INFORMATION state
76	# 2. make a space-separated list of interface names
77	#
78	netstat -D -f inet | $NAWK '
79	    $2 ~ /BOUND/ { printf "%s ", $1 }
80	    $2 ~ /INFORMATION/ { printf "%s ", $1 }'
81}
82
83#
84# get_dhcpinfo <code/identifier>
85#
86# echoes the value received through each interface controlled by DHCP;
87# multiple values are echoed as a space-separated list
88#
89# returns:
90#	0 => property is set
91#	1 => property is not set
92#
93get_dhcpinfo () {
94	code=$1
95
96	# Get all interfaces with DHCP control, IFS is " "
97	interfaces=`get_dhcp_interfaces`
98
99	info=""
100 	for intf in $interfaces; do
101		val=`$DHCPINFO -i $intf $code`
102		if [ $? -eq 0 ]; then
103			if [ "$info" = "" ]; then
104				info="$val"
105			else
106				info="$info $val"
107			fi
108		fi
109 	done
110	echo $info
111}
112
113#
114# set_smf_prop <fmri> <property name> <property value>
115#
116set_smf_prop () {
117	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
118}
119
120#
121# refresh_svc <fmri>
122#
123# Refreshes the service.
124#
125refresh_svc () {
126	$SVCADM refresh $1
127}
128
129#
130# restart_svc <fmri>
131#
132# Restarts the service.
133#
134restart_svc () {
135	$SVCADM restart $1
136}
137
138#
139# start_svc <fmri>
140#
141# Starts the service.  If the service is already enabled, restarts it.  If
142# it is not enabled, temporarily enables it.
143#
144start_svc () {
145	if service_is_enabled $1; then
146		$SVCADM restart $1
147	else
148		$SVCADM enable -t $1
149	fi
150}
151
152#
153# stop_svc <fmri>
154#
155# Temporarily disables the service.
156#
157stop_svc () {
158	$SVCADM disable -t $1
159}
160
161#
162# copy_default <dir> <file>
163#
164# Copies <dir>/<file>.dfl to <dir>/<file>
165#
166copy_default () {
167	$CP -p $1/$2.dfl $1/$2
168}
169
170#
171# do_dns <location>
172#
173# Installs DNS information on /etc/resolv.conf for location
174#
175# Returns 0 on success, 1 on failure
176#
177do_dns () {
178	loc=$1
179	file=/etc/resolv.conf
180
181	# Write out to temporary file first
182	$TOUCH $file.$$
183
184	DNS_CONFIGSRC=`nwam_get_loc_list_prop $loc dns-nameservice-configsrc`
185	if [ -z "$DNS_CONFIGSRC" ]; then
186		echo "missing 'dns-nameservice-configsrc' property for '$loc'"
187		return 1
188	fi
189
190	for configsrc in $DNS_CONFIGSRC; do
191		case "$configsrc" in
192		'manual')
193			DNS_SERVERS=`nwam_get_loc_list_prop $loc \
194			    dns-nameservice-servers`
195			if [ -z "$DNS_SERVERS" ]; then
196				echo "DNS nameserver not set for '$loc'"
197				return 1
198			fi
199			DNS_DOMAIN=`nwam_get_loc_prop $loc \
200			    dns-nameservice-domain`
201			DNS_SEARCH=`nwam_get_loc_list_prop $loc \
202			    dns-nameservice-search`
203			;;
204		'dhcp')
205			DNS_DOMAIN=`get_dhcpinfo DNSdmain`
206			DNS_SERVERS=`get_dhcpinfo DNSserv`
207			# No DNS search info for IPv4
208			;;
209		'*')
210			echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
211			;;
212		esac
213
214		# Write DNS settings
215		if [ -n "$DNS_DOMAIN" ]; then
216			echo "$DNS_DOMAIN" | $NAWK \
217			    '{ for (i = 1; i <= NF; i++) \
218			    print "domain ", $i }' >> $file.$$
219		fi
220		if [ -n "$DNS_SEARCH" ]; then
221			echo "$DNS_SEARCH" | $NAWK \
222                            '{ printf("search"); \
223			    for (i = 1; i <= NF; i++) printf(" %s", $i); \
224			    printf("\n") }' >> $file.$$
225		fi
226		if [ -n "$DNS_SERVERS" ]; then
227			echo "$DNS_SERVERS" | $NAWK \
228			    '{ for (i = 1; i <= NF; i++) \
229			    print "nameserver ", $i }' >> $file.$$
230		fi
231	done
232
233	# Finally, copy our working version to the real thing
234	$MV -f $file.$$ $file
235	start_svc $DNS_CLIENT_FMRI
236
237	return 0
238}
239
240#
241# do_nis <location>
242#
243# Installs NIS information on /var/yp/binding/ for location
244#
245# Returns 0 on success, 1 on failure
246#
247do_nis () {
248	loc=$1
249
250	NIS_CONFIGSRC=`nwam_get_loc_list_prop $loc nis-nameservice-configsrc`
251	if [ -z "$NIS_CONFIGSRC" ]; then
252		echo "missing 'nis-nameservice-configsrc' property for '$loc'"
253		return 1
254	fi
255
256	for configsrc in $NIS_CONFIGSRC; do
257		case "$configsrc" in
258		'manual')
259			NIS_SERVERS=`nwam_get_loc_list_prop $loc \
260			    nis-nameservice-servers`
261			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
262			# user-specified default-domain always wins
263			if [ -n "$DEFAULT_DOMAIN" ]; then
264				$DOMAINNAME $DEFAULT_DOMAIN
265				$DOMAINNAME > $ETC_DEFAULT_DOMAIN
266			else
267				echo "'domainname' not set for '$loc'"
268				return 1
269			fi
270			;;
271		'dhcp')
272			# Use only the first name
273			DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
274			    $NAWK '{ print $1 }'`
275			NIS_SERVERS=`get_dhcpinfo NISservs`
276			$DOMAINNAME $DEFAULT_DOMAIN
277			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
278			;;
279		'*')
280			echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
281			;;
282		esac
283
284		# Place NIS settings in appropriate directory/file.
285		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
286			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
287		fi
288		if [ -n "$NIS_SERVERS" ]; then
289			echo "$NIS_SERVERS" | $NAWK \
290			    '{ for (i = 1; i <= NF; i++) print $i }' \
291			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
292		fi
293	done
294
295	start_svc $NIS_CLIENT_FMRI
296
297	return 0
298}
299
300#
301# do_ldap <location>
302#
303# Installs LDAP information using ldapclient(1M) for location
304#
305# Returns 0 on success, 1 on failure
306#
307do_ldap () {
308	loc=$1
309
310	LDAP_CONFIGSRC=`nwam_get_loc_list_prop $loc ldap-nameservice-configsrc`
311	if [ -z "$LDAP_CONFIGSRC" ]; then
312		echo "missing 'ldap-nameservice-configsrc' property for '$loc'"
313		return 1
314	fi
315
316	for configsrc in $LDAP_CONFIGSRC; do
317		case "$configsrc" in
318		'manual')
319			LDAP_SERVERS=`nwam_get_loc_list_prop $loc \
320			    ldap-nameservice-servers`
321			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
322			if [ -z $LDAP_SERVERS -o -z $DEFAULT_DOMAIN ]; then
323				echo "LDAP configuration could not be set "\
324				    "for '$loc'"
325				return 1
326			fi
327			$DOMAINNAME $DEFAULT_DOMAIN
328			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
329			;;
330		'*')
331			echo "Invalid LDAP configsrc ${configsrc}; ignoring"
332			;;
333		esac
334
335		# Use ldapclient(1M) to initialize LDAP client settings.
336		if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
337			$LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
338			    $LDAP_SERVERS
339		fi
340	done
341
342	start_svc $LDAP_CLIENT_FMRI
343
344	return 0
345}
346
347#
348# do_ns <location>
349#
350# Installs different nameservices for location
351#
352# Returns 0 on success, 1 on failure
353#
354do_ns () {
355	loc=$1
356
357	#
358	# Disable nameservices temporarily while we reconfigure.  Copy
359	# /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
360	# are used.
361	#
362	$CP -p /etc/nsswitch.files /etc/nsswitch.conf
363	stop_svc $DNS_CLIENT_FMRI
364	stop_svc $NIS_CLIENT_FMRI
365	stop_svc $LDAP_CLIENT_FMRI
366
367	#
368	# Remove /etc/defaultdomain and unset domainname(1M).  If NIS
369	# and/or LDAP is configured, they will create /etc/defaultdomain
370	# and set the domainname(1M).
371	#
372	$RM -f $ETC_DEFAULT_DOMAIN
373	$DOMAINNAME " "
374
375	NAMESERVICES=`nwam_get_loc_list_prop $loc nameservices`
376	if [ -z "$NAMESERVICES" ]; then
377		echo "missing 'nameservices' property for location '$loc'"
378		return 1
379	fi
380
381	NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
382	    $loc nameservices-config-file`
383	if [ -z "$NAMESERVICES_CONFIG_FILE" ]; then
384		echo "missing 'nameservices-config-file' property for '$loc'"
385		return 1
386	fi
387	$CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
388
389	for ns in $NAMESERVICES; do
390		case "$ns" in
391		'files')
392			# no additional setup needed for files nameservice
393			;;
394		'dns')
395			do_dns $loc || return 1
396			;;
397		'nis')
398			do_nis $loc || return 1
399			;;
400		'ldap')
401			do_ldap $loc || return 1
402			;;
403		'*')
404			echo "Unrecognized nameservices value ${ns}; ignoring"
405			;;
406		esac
407	done
408
409	#
410	# Restart other related services
411	#
412	# We explicitly restart here, as restart will only have an
413	# effect if the service is already enabled.  We don't want
414	# to enable the service if it's currently disabled.
415	#
416	restart_svc $AUTOFS_FMRI
417
418	return 0
419}
420
421#
422# do_sec <location>
423#
424# If config properties are set, update the SMF property and refresh the
425# service.  If config properties are not set, delete the SMF property and
426# stop the service.
427#
428# Returns 0 on success, 1 on failure
429#
430do_sec () {
431	loc=$1
432
433	ike_file=`nwam_get_loc_prop $loc ike-config-file`
434	pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
435	ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
436	ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
437	ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
438	ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
439
440	# IKE
441	if [ -n "$ike_file" ]; then
442		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
443		refresh_svc $IPSEC_IKE_FMRI
444		start_svc $IPSEC_IKE_FMRI
445	else
446		stop_svc $IPSEC_IKE_FMRI
447	fi
448
449	# IPsec
450	if [ -n "$pol_file" ]; then
451		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
452		refresh_svc $IPSEC_POLICY_FMRI
453		start_svc $IPSEC_POLICY_FMRI
454	else
455		stop_svc $IPSEC_POLICY_FMRI
456	fi
457
458	# IPFilter
459	refresh_ipf=false
460	if [ -n "$ipf_file" ]; then
461		if [ "$ipf_file" = "/none" ]; then
462			set_smf_prop $IPFILTER_FMRI \
463			    firewall_config_default/policy "none"
464		elif [ "$ipf_file" = "/deny" ]; then
465			set_smf_prop $IPFILTER_FMRI \
466			    firewall_config_default/policy "deny"
467		elif [ "$ipf_file" = "/allow" ]; then
468			set_smf_prop $IPFILTER_FMRI \
469			    firewall_config_default/policy "allow"
470		else
471			# custom policy with policy file
472			set_smf_prop $IPFILTER_FMRI \
473			    firewall_config_default/policy "custom"
474			set_smf_prop $IPFILTER_FMRI \
475			    firewall_config_default/custom_policy_file $ipf_file
476		fi
477		refresh_ipf=true
478	else
479		# change policy to "none", no need to clear custom_policy_file
480		set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
481		    "none"
482		# IPFilter has to be refreshed to make the changes effective.
483		# Don't set $refresh_ipf as it keeps IPFilter online rather
484		# than disabled.  Refresh after IPFilter is disabled below.
485	fi
486	if [ -n "$ipf6_file" ]; then
487		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
488		refresh_ipf=true
489	fi
490	if [ -n "$ipnat_file" ]; then
491		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
492		refresh_ipf=true
493	fi
494	if [ -n "$ippool_file" ]; then
495		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
496		    $ippool_file
497		refresh_ipf=true
498	fi
499
500	if [ "$refresh_ipf" = "true" ]; then
501		refresh_svc $IPFILTER_FMRI
502		start_svc $IPFILTER_FMRI
503	else
504		stop_svc $IPFILTER_FMRI
505		refresh_svc $IPFILTER_FMRI
506	fi
507
508	return 0
509}
510
511#
512# update_nfs_file <new nfsv4 domain>
513#
514update_nfs_file () {
515	domain=$1
516	file=/etc/default/nfs
517
518	#
519	# For non-commented-out lines that set NFSMAPID_DOMAIN:
520	#	if not previously added by nwam, comment out with a note
521	#	if previously added by nwam, remove
522	# For commented-out lines that set NFSMAPID_DOMAIN:
523	#	if not commented out by NWAM, leave as-is
524	#	if commented out by NWAM, remove
525	# All other lines: leave as-is
526	#
527	$NAWK ' \
528		$0 ~ /^NFSMAPID_DOMAIN=/ {
529			if (index($0, "# Added by NWAM") == 0)
530				printf("#%s # Commented out by NWAM\n", $0);
531		}
532		$0 ~ /^#NFSMAPID_DOMAIN=/ {
533			if ($0 !~ /"# Commented out by NWAM"/)
534				printf("%s\n", $0);
535		}
536		$1 !~ /NFSMAPID_DOMAIN=/ {
537			printf("%s\n", $0);
538		}' $file >$file.$$
539
540	# Now add the desired value
541	echo "NFSMAPID_DOMAIN=$domain # Added by NWAM" >> $file.$$
542
543	# Finally, copy our working version to the real thing
544	$MV -f $file.$$ $file
545}
546
547#
548# do_nfsv4 <location>
549#
550# Updates NFSv4 domain for location
551#
552# Returns 0 on success, 1 on failure
553#
554do_nfsv4 () {
555	loc=$1
556
557	nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
558	if [ $? -eq 0 ]; then
559		update_nfs_file $nfsv4domain
560		start_svc $MAPID_FMRI
561	else
562		stop_svc $MAPID_FMRI
563	fi
564
565	return 0
566}
567
568#
569# activate_loc <location>
570#
571# Activates the given location
572#
573# Returns 0 on success, 1 on failure
574#
575activate_loc () {
576	loc=$1
577
578	echo activating $loc location
579
580	#
581	# if we fail to complete any part of the config,
582	# stop activation work and report failure.
583	#
584	do_sec $loc && do_ns $loc && do_nfsv4 $loc && return 0
585	return 1
586}
587
588#
589# Script entry point
590#
591# Arguments to net-loc are
592#	method ('start' or 'refresh')
593
594#
595# If nwam is not enabled, do nothing and return OK.
596#
597service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
598
599#
600# In a shared-IP zone we need this service to be up, but all of the work
601# it tries to do is irrelevant (and will actually lead to the service
602# failing if we try to do it), so just bail out.
603# In the global zone and exclusive-IP zones we proceed.
604#
605smf_configure_ip || exit $SMF_EXIT_OK
606
607case "$1" in
608
609'start')
610	#
611	# We need to create the default (NoNet and Automatic)
612	# locations, if they don't already exist.  So: first check
613	# for the existence of each, and then run the appropriate
614	# nwamcfg script(s) as needed. Restart nwamd if a location is
615	# created, as it needs to read it in.
616	#
617	LOC_CREATED="false"
618	$NWAMCFG list loc Automatic >/dev/null 2>&1
619	if [ $? -eq 1 ]; then
620		$NWAMCFG -f /etc/nwam/loc/create_loc_auto
621		LOC_CREATED="true"
622	fi
623
624	$NWAMCFG list loc NoNet >/dev/null 2>&1
625	if [ $? -eq 1 ]; then
626		NONETPATH=/etc/nwam/loc/NoNet
627		NONETFILES="ipf.conf ipf6.conf"
628		for file in $NONETFILES; do
629			copy_default $NONETPATH $file
630		done
631		$NWAMCFG -f /etc/nwam/loc/create_loc_nonet
632		LOC_CREATED="true"
633	fi
634
635	if [ "$LOC_CREATED" = "true" ]; then
636		refresh_svc $NWAM_FMRI
637	fi
638
639	# location selection/activation happens below
640	;;
641
642'refresh')
643
644	# location selection/activation happens below
645	;;
646
647*)
648	echo "Usage: $0 start|refresh"
649	exit 1
650	;;
651
652esac
653
654#
655# If the Legacy location doesn't exist and the file to create the Legacy
656# location exists, create the Legacy location.  Make a copy of it as the user's
657# intentions before upgrade.  Then activate the User location if nis is
658# involved.  Because NIS affects more parts of the system (e.g. automounts) we
659# are not willing to make NIS part of the Automatic location (i.e. enable it
660# automatically based on external input) as we do with DHCP-driven DNS.
661#
662activate_user_loc=0
663$NWAMCFG list loc Legacy >/dev/null 2>&1
664if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
665	#
666	# We built the script in and pointing to /etc/svc/volatile because we
667	# may not have a writable filesystem in net-nwam.  So here we move the
668	# components and rewrite the script to point at the writable filesystem.
669	#
670	$CP -r $SCRIPT_PATH/Legacy /etc/nwam/loc
671	$MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
672	$SED -e's,$SCRIPT_PATH/Legacy,$LEGACY_LOC_PATH,' \
673	    $SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
674	$RM -f $SCRIPT_PATH/vcreate_loc_legacy
675	$NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
676	loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
677	    2>/dev/null`
678	if [ $? -eq 1 ]; then
679		#
680		# We are rewriting configuration variables from the Legacy
681		# location to the User location.  Use variable ULP to keep REs
682		# within a line.
683		#
684		ULP=$USER_LOC_PATH
685		$SED -e's,Legacy,User,' \
686		    -e's,activation-mode=system,activation-mode=manual,' \
687		    -e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
688		    -e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
689		    -e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
690		    -e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
691		    -e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
692		    -e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
693		    $SCRIPT_PATH/create_loc_legacy | \
694			$SED -e's,/etc/nwam/loc/User/none,/none,' \
695			-e's,/etc/nwam/loc/User/allow,/allow,' \
696			-e's,/etc/nwam/loc/User/deny,/deny,' \
697			>$SCRIPT_PATH/create_loc_user
698		#
699		# We are creating the User location here.  The User location
700		# is an appromixation of the machine configuration when the
701		# user change or upgraded to this version of NWAM.  First
702		# we make sure there isn't an existing User location or any
703		# existing User location data.  We then copy all the data
704		# from the Legacy location and create a location pointing at
705		# that data.  Lastly we create a version property to note
706		# that we have done this.
707		#
708		$NWAMCFG destroy loc User 2>/dev/null
709		$RM -rf $USER_LOC_PATH
710		$CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
711		$RM -f $USER_LOC_PATH/resolv.conf
712		$NWAMCFG -f $SCRIPT_PATH/create_loc_user
713		# The User location is activated if 'nis' is in a non comment
714		# line of nsswitch.conf.
715		$GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
716		    $SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
717		if [ $? -eq 0 ]; then
718			activate_user_loc=1
719		fi
720		$SVCCFG -s $SMF_FMRI addpg location_upgrade application \
721		    2>/dev/null
722		$SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
723		    astring: "1"
724	fi
725fi
726
727#
728# Activate a location.  If we've just finished upgrading, and
729# the User location should be activated, do that (and use nwamadm
730# to do so, so the enabled property gets set and nwamd knows this
731# selection has been made).  Otherwise, if our location/selected
732# property has a value, we activate that location; else we activate
733# the NoNet location as a default value.
734#
735if [ $activate_user_loc -eq 1 ]; then
736	$NWAMADM enable -p loc User
737else
738	sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
739	if [ $? -eq 1 ]; then
740		# location hasn't been selected; default to NoNet
741		activate_loc NoNet
742	else
743		#
744		# If the selected location does not exist, or if we fail
745		# to activate it completely, we fall back to the NoNet
746		# location.  Also poke nwamd, so it will check conditions
747		# for a better choice.
748		#
749		$NWAMCFG list loc $sel_loc >/dev/null 2>&1
750		if [ $? -eq 1 ]; then
751			echo "location '$sel_loc' doesn't exist"
752			activate_loc NoNet
753			refresh_svc $NWAM_FMRI
754		else
755			# activate selected location
756			if ! activate_loc $sel_loc; then
757				echo "failed to activate '$sel_loc'"
758				activate_loc NoNet
759				refresh_svc $NWAM_FMRI
760			fi
761		fi
762	fi
763fi
764
765exit $SMF_EXIT_OK
766