xref: /illumos-gate/usr/src/cmd/svc/milestone/net-loc (revision 6148443adeb5d3f493cee0d19110b32a0189bd41)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26. /lib/svc/share/smf_include.sh
27. /lib/svc/share/net_include.sh
28
29# FMRI consts
30AUTOFS_FMRI="svc:/system/filesystem/autofs"
31DNS_CLIENT_FMRI="svc:/network/dns/client"
32IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
33IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
34IPFILTER_FMRI="svc:/network/ipfilter:default"
35LDAP_CLIENT_FMRI="svc:/network/ldap/client"
36LOCATION_FMRI="svc:/network/location:default"
37MAPID_FMRI="svc:/network/nfs/mapid:default"
38NIS_CLIENT_FMRI="svc:/network/nis/client"
39NWAM_FMRI="svc:/network/physical:nwam"
40
41# commands
42CP=/usr/bin/cp
43DHCPINFO=/sbin/dhcpinfo
44DOMAINNAME=/usr/bin/domainname
45GREP=/usr/bin/grep
46LDAPCLIENT=/usr/sbin/ldapclient
47MKDIR=/usr/bin/mkdir
48MV=/usr/bin/mv
49NAWK=/usr/bin/nawk
50NWAMADM=/usr/sbin/nwamadm
51NWAMCFG=/usr/sbin/nwamcfg
52RM=/usr/bin/rm
53SED=/usr/bin/sed
54SVCADM=/usr/sbin/svcadm
55SVCCFG=/usr/sbin/svccfg
56SVCPROP=/usr/bin/svcprop
57TOUCH=/usr/bin/touch
58
59# Path to directories
60ETC_DEFAULT_DOMAIN=/etc/defaultdomain
61NIS_BIND_PATH=/var/yp/binding
62LEGACY_LOC_PATH=/etc/nwam/loc/Legacy
63USER_LOC_PATH=/etc/nwam/loc/User
64SCRIPT_PATH=/etc/svc/volatile/nwam
65
66#
67# echoes DHCP controlled interfaces separated by commas
68#
69# Don't parse the output of ifconfig(1M) because interfaces that haven't
70# acquired a DHCP lease also have the DHCP flag set.
71#
72get_dhcp_interfaces () {
73	#
74	# 1. parse netstat(1M) output for v4 interfaces in BOUND
75	#    or INFORMATION state
76	# 2. make a space-separated list of interface names
77	#
78	netstat -D -f inet | $NAWK '
79	    $2 ~ /BOUND/ { printf "%s ", $1 }
80	    $2 ~ /INFORMATION/ { printf "%s ", $1 }'
81}
82
83#
84# get_dhcpinfo <code/identifier>
85#
86# echoes the value received through each interface controlled by DHCP;
87# multiple values are echoed as a space-separated list
88#
89# returns:
90#	0 => property is set
91#	1 => property is not set
92#
93get_dhcpinfo () {
94	code=$1
95
96	# Get all interfaces with DHCP control, IFS is " "
97	interfaces=`get_dhcp_interfaces`
98
99	info=""
100 	for intf in $interfaces; do
101		val=`$DHCPINFO -i $intf $code`
102		if [ $? -eq 0 ]; then
103			if [ "$info" = "" ]; then
104				info="$val"
105			else
106				info="$info $val"
107			fi
108		fi
109 	done
110	echo $info
111}
112
113#
114# set_smf_prop <fmri> <property name> <property value>
115#
116set_smf_prop () {
117	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
118}
119
120#
121# refresh_svc <fmri>
122#
123# Refreshes the service.
124#
125refresh_svc () {
126	$SVCADM refresh $1
127}
128
129#
130# restart_svc <fmri>
131#
132# Restarts the service.
133#
134restart_svc () {
135	$SVCADM restart $1
136}
137
138#
139# start_svc <fmri>
140#
141# Starts the service.  If the service is already enabled, restarts it.  If
142# it is not enabled, temporarily enables it.
143#
144start_svc () {
145	if service_is_enabled $1; then
146		$SVCADM restart $1
147	else
148		$SVCADM enable -t $1
149	fi
150}
151
152#
153# stop_svc <fmri>
154#
155# Temporarily disables the service.
156#
157stop_svc () {
158	$SVCADM disable -t $1
159}
160
161#
162# copy_default <dir> <file>
163#
164# Copies <dir>/<file>.dfl to <dir>/<file>
165#
166copy_default () {
167	$CP -p $1/$2.dfl $1/$2
168}
169
170#
171# do_dns <location>
172#
173# Installs DNS information on /etc/resolv.conf for location
174#
175# Returns 0 on success, 1 on failure
176#
177do_dns () {
178	loc=$1
179	file=/etc/resolv.conf
180
181	# Write out to temporary file first
182	$TOUCH $file.$$
183
184	DNS_CONFIGSRC=`nwam_get_loc_list_prop $loc dns-nameservice-configsrc`
185	if [ -z "$DNS_CONFIGSRC" ]; then
186		echo "missing 'dns-nameservice-configsrc' property for '$loc'"
187		return 1
188	fi
189
190	for configsrc in $DNS_CONFIGSRC; do
191		case "$configsrc" in
192		'manual')
193			DNS_SERVERS=`nwam_get_loc_list_prop $loc \
194			    dns-nameservice-servers`
195			if [ -z "$DNS_SERVERS" ]; then
196				echo "DNS nameserver not set for '$loc'"
197				return 1
198			fi
199			DNS_DOMAIN=`nwam_get_loc_prop $loc \
200			    dns-nameservice-domain`
201			DNS_SEARCH=`nwam_get_loc_list_prop $loc \
202			    dns-nameservice-search`
203			;;
204		'dhcp')
205			DNS_DOMAIN=`get_dhcpinfo DNSdmain`
206			DNS_SERVERS=`get_dhcpinfo DNSserv`
207			# No DNS search info for IPv4
208			;;
209		'*')
210			echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
211			;;
212		esac
213
214		# Write DNS settings
215		if [ -n "$DNS_DOMAIN" ]; then
216			echo "$DNS_DOMAIN" | $NAWK \
217			    '{ for (i = 1; i <= NF; i++) \
218			    print "domain ", $i }' >> $file.$$
219		fi
220		if [ -n "$DNS_SEARCH" ]; then
221			echo "$DNS_SEARCH" | $NAWK \
222                            '{ printf("search"); \
223			    for (i = 1; i <= NF; i++) printf(" %s", $i); \
224			    printf("\n") }' >> $file.$$
225		fi
226		if [ -n "$DNS_SERVERS" ]; then
227			echo "$DNS_SERVERS" | $NAWK \
228			    '{ for (i = 1; i <= NF; i++) \
229			    print "nameserver ", $i }' >> $file.$$
230		fi
231	done
232
233	# Finally, copy our working version to the real thing
234	$MV -f $file.$$ $file
235	start_svc $DNS_CLIENT_FMRI
236
237	return 0
238}
239
240#
241# do_nis <location>
242#
243# Installs NIS information on /var/yp/binding/ for location
244#
245# Returns 0 on success, 1 on failure
246#
247do_nis () {
248	loc=$1
249
250	NIS_CONFIGSRC=`nwam_get_loc_list_prop $loc nis-nameservice-configsrc`
251	if [ -z "$NIS_CONFIGSRC" ]; then
252		echo "missing 'nis-nameservice-configsrc' property for '$loc'"
253		return 1
254	fi
255
256	for configsrc in $NIS_CONFIGSRC; do
257		case "$configsrc" in
258		'manual')
259			NIS_SERVERS=`nwam_get_loc_list_prop $loc \
260			    nis-nameservice-servers`
261			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
262			# user-specified default-domain always wins
263			if [ -n "$DEFAULT_DOMAIN" ]; then
264				$DOMAINNAME $DEFAULT_DOMAIN
265				$DOMAINNAME > $ETC_DEFAULT_DOMAIN
266			else
267				echo "'domainname' not set for '$loc'"
268				return 1
269			fi
270			;;
271		'dhcp')
272			# Use only the first name
273			DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
274			    $NAWK '{ print $1 }'`
275			NIS_SERVERS=`get_dhcpinfo NISservs`
276			if [ "$domainname_set" = "false" ]; then
277				$DOMAINNAME $DEFAULT_DOMAIN
278				$DOMAINNAME > $ETC_DEFAULT_DOMAIN
279			fi
280			;;
281		'*')
282			echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
283			;;
284		esac
285
286		# Place NIS settings in appropriate directory/file.
287		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
288			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
289		fi
290		if [ -n "$NIS_SERVERS" ]; then
291			echo "$NIS_SERVERS" | $NAWK \
292			    '{ for (i = 1; i <= NF; i++) print $i }' \
293			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
294		fi
295	done
296
297	start_svc $NIS_CLIENT_FMRI
298
299	return 0
300}
301
302#
303# do_ldap <location>
304#
305# Installs LDAP information using ldapclient(1M) for location
306#
307# Returns 0 on success, 1 on failure
308#
309do_ldap () {
310	loc=$1
311
312	LDAP_CONFIGSRC=`nwam_get_loc_list_prop $loc ldap-nameservice-configsrc`
313	if [ -z "$LDAP_CONFIGSRC" ]; then
314		echo "missing 'ldap-nameservice-configsrc' property for '$loc'"
315		return 1
316	fi
317
318	for configsrc in $LDAP_CONFIGSRC; do
319		case "$configsrc" in
320		'manual')
321			LDAP_SERVERS=`nwam_get_loc_list_prop $loc \
322			    ldap-nameservice-servers`
323			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
324			if [ -z $LDAP_SERVERS -o -z $DEFAULT_DOMAIN ]; then
325				echo "LDAP configuration could not be set "\
326				    "for '$loc'"
327				return 1
328			fi
329			$DOMAINNAME $DEFAULT_DOMAIN
330			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
331			;;
332		'*')
333			echo "Invalid LDAP configsrc ${configsrc}; ignoring"
334			;;
335		esac
336
337		# Use ldapclient(1M) to initialize LDAP client settings.
338		if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
339			$LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
340			    $LDAP_SERVERS
341		fi
342	done
343
344	start_svc $LDAP_CLIENT_FMRI
345
346	return 0
347}
348
349#
350# do_ns <location>
351#
352# Installs different nameservices for location
353#
354# Returns 0 on success, 1 on failure
355#
356do_ns () {
357	loc=$1
358
359	#
360	# Disable nameservices temporarily while we reconfigure.  Copy
361	# /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
362	# are used.
363	#
364	$CP -p /etc/nsswitch.files /etc/nsswitch.conf
365	stop_svc $DNS_CLIENT_FMRI
366	stop_svc $NIS_CLIENT_FMRI
367	stop_svc $LDAP_CLIENT_FMRI
368
369	#
370	# Remove /etc/defaultdomain and unset domainname(1M).  If NIS
371	# and/or LDAP is configured, they will create /etc/defaultdomain
372	# and set the domainname(1M).
373	#
374	$RM -f $ETC_DEFAULT_DOMAIN
375	$DOMAINNAME " "
376
377	NAMESERVICES=`nwam_get_loc_list_prop $loc nameservices`
378	if [ -z "$NAMESERVICES" ]; then
379		echo "missing 'nameservices' property for location '$loc'"
380		return 1
381	fi
382
383	NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
384	    $loc nameservices-config-file`
385	if [ -z "$NAMESERVICES_CONFIG_FILE" ]; then
386		echo "missing 'nameservices-config-file' property for '$loc'"
387		return 1
388	fi
389	$CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
390
391	for ns in $NAMESERVICES; do
392		case "$ns" in
393		'files')
394			# no additional setup needed for files nameservice
395			;;
396		'dns')
397			do_dns $loc || return 1
398			;;
399		'nis')
400			do_nis $loc || return 1
401			;;
402		'ldap')
403			do_ldap $loc || return 1
404			;;
405		'*')
406			echo "Unrecognized nameservices value ${ns}; ignoring"
407			;;
408		esac
409	done
410
411	#
412	# Restart other related services
413	#
414	# We explicitly restart here, as restart will only have an
415	# effect if the service is already enabled.  We don't want
416	# to enable the service if it's currently disabled.
417	#
418	restart_svc $AUTOFS_FMRI
419
420	return 0
421}
422
423#
424# do_sec <location>
425#
426# If config properties are set, update the SMF property and refresh the
427# service.  If config properties are not set, delete the SMF property and
428# stop the service.
429#
430# Returns 0 on success, 1 on failure
431#
432do_sec () {
433	loc=$1
434
435	ike_file=`nwam_get_loc_prop $loc ike-config-file`
436	pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
437	ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
438	ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
439	ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
440	ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
441
442	# IKE
443	if [ -n "$ike_file" ]; then
444		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
445		refresh_svc $IPSEC_IKE_FMRI
446		start_svc $IPSEC_IKE_FMRI
447	else
448		stop_svc $IPSEC_IKE_FMRI
449	fi
450
451	# IPsec
452	if [ -n "$pol_file" ]; then
453		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
454		refresh_svc $IPSEC_POLICY_FMRI
455		start_svc $IPSEC_POLICY_FMRI
456	else
457		stop_svc $IPSEC_POLICY_FMRI
458	fi
459
460	# IPFilter
461	refresh_ipf=false
462	if [ -n "$ipf_file" ]; then
463		if [ "$ipf_file" = "/none" ]; then
464			set_smf_prop $IPFILTER_FMRI \
465			    firewall_config_default/policy "none"
466		elif [ "$ipf_file" = "/deny" ]; then
467			set_smf_prop $IPFILTER_FMRI \
468			    firewall_config_default/policy "deny"
469		elif [ "$ipf_file" = "/allow" ]; then
470			set_smf_prop $IPFILTER_FMRI \
471			    firewall_config_default/policy "allow"
472		else
473			# custom policy with policy file
474			set_smf_prop $IPFILTER_FMRI \
475			    firewall_config_default/policy "custom"
476			set_smf_prop $IPFILTER_FMRI \
477			    firewall_config_default/custom_policy_file $ipf_file
478		fi
479		refresh_ipf=true
480	else
481		# change policy to "none", no need to clear custom_policy_file
482		set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
483		    "none"
484		# IPFilter has to be refreshed to make the changes effective.
485		# Don't set $refresh_ipf as it keeps IPFilter online rather
486		# than disabled.  Refresh after IPFilter is disabled below.
487	fi
488	if [ -n "$ipf6_file" ]; then
489		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
490		refresh_ipf=true
491	fi
492	if [ -n "$ipnat_file" ]; then
493		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
494		refresh_ipf=true
495	fi
496	if [ -n "$ippool_file" ]; then
497		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
498		    $ippool_file
499		refresh_ipf=true
500	fi
501
502	if [ "$refresh_ipf" = "true" ]; then
503		refresh_svc $IPFILTER_FMRI
504		start_svc $IPFILTER_FMRI
505	else
506		stop_svc $IPFILTER_FMRI
507		refresh_svc $IPFILTER_FMRI
508	fi
509
510	return 0
511}
512
513#
514# update_nfs_file <new nfsv4 domain>
515#
516update_nfs_file () {
517	domain=$1
518	file=/etc/default/nfs
519
520	#
521	# For non-commented-out lines that set NFSMAPID_DOMAIN:
522	#	if not previously added by nwam, comment out with a note
523	#	if previously added by nwam, remove
524	# For commented-out lines that set NFSMAPID_DOMAIN:
525	#	if not commented out by NWAM, leave as-is
526	#	if commented out by NWAM, remove
527	# All other lines: leave as-is
528	#
529	$NAWK ' \
530		$0 ~ /^NFSMAPID_DOMAIN=/ {
531			if (index($0, "# Added by NWAM") == 0)
532				printf("#%s # Commented out by NWAM\n", $0);
533		}
534		$0 ~ /^#NFSMAPID_DOMAIN=/ {
535			if ($0 !~ /"# Commented out by NWAM"/)
536				printf("%s\n", $0);
537		}
538		$1 !~ /NFSMAPID_DOMAIN=/ {
539			printf("%s\n", $0);
540		}' $file >$file.$$
541
542	# Now add the desired value
543	echo "NFSMAPID_DOMAIN=$domain # Added by NWAM" >> $file.$$
544
545	# Finally, copy our working version to the real thing
546	$MV -f $file.$$ $file
547}
548
549#
550# do_nfsv4 <location>
551#
552# Updates NFSv4 domain for location
553#
554# Returns 0 on success, 1 on failure
555#
556do_nfsv4 () {
557	loc=$1
558
559	nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
560	if [ $? -eq 0 ]; then
561		update_nfs_file $nfsv4domain
562		start_svc $MAPID_FMRI
563	else
564		stop_svc $MAPID_FMRI
565	fi
566
567	return 0
568}
569
570#
571# activate_loc <location>
572#
573# Activates the given location
574#
575# Returns 0 on success, 1 on failure
576#
577activate_loc () {
578	loc=$1
579
580	echo activating $loc location
581
582	#
583	# if we fail to complete any part of the config,
584	# stop activation work and report failure.
585	#
586	do_sec $loc && do_ns $loc && do_nfsv4 $loc && return 0
587	return 1
588}
589
590#
591# Script entry point
592#
593# Arguments to net-loc are
594#	method ('start' or 'refresh')
595
596#
597# If nwam is not enabled, do nothing and return OK.
598#
599service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
600
601#
602# In a shared-IP zone we need this service to be up, but all of the work
603# it tries to do is irrelevant (and will actually lead to the service
604# failing if we try to do it), so just bail out.
605# In the global zone and exclusive-IP zones we proceed.
606#
607smf_configure_ip || exit $SMF_EXIT_OK
608
609case "$1" in
610
611'start')
612	#
613	# We need to create the default (NoNet and Automatic)
614	# locations, if they don't already exist.  So: first check
615	# for the existence of each, and then run the appropriate
616	# nwamcfg script(s) as needed. Restart nwamd if a location is
617	# created, as it needs to read it in.
618	#
619	LOC_CREATED="false"
620	$NWAMCFG list loc Automatic >/dev/null 2>&1
621	if [ $? -eq 1 ]; then
622		$NWAMCFG -f /etc/nwam/loc/create_loc_auto
623		LOC_CREATED="true"
624	fi
625
626	$NWAMCFG list loc NoNet >/dev/null 2>&1
627	if [ $? -eq 1 ]; then
628		NONETPATH=/etc/nwam/loc/NoNet
629		NONETFILES="ipf.conf ipf6.conf"
630		for file in $NONETFILES; do
631			copy_default $NONETPATH $file
632		done
633		$NWAMCFG -f /etc/nwam/loc/create_loc_nonet
634		LOC_CREATED="true"
635	fi
636
637	if [ "$LOC_CREATED" = "true" ]; then
638		refresh_svc $NWAM_FMRI
639	fi
640
641	# location selection/activation happens below
642	;;
643
644'refresh')
645
646	# location selection/activation happens below
647	;;
648
649*)
650	echo "Usage: $0 start|refresh"
651	exit 1
652	;;
653
654esac
655
656#
657# If the Legacy location doesn't exist and the file to create the Legacy
658# location exists, create the Legacy location.  Make a copy of it as the user's
659# intentions before upgrade.  Then activate the User location if nis is
660# involved.  Because NIS affects more parts of the system (e.g. automounts) we
661# are not willing to make NIS part of the Automatic location (i.e. enable it
662# automatically based on external input) as we do with DHCP-driven DNS.
663#
664activate_user_loc=0
665$NWAMCFG list loc Legacy >/dev/null 2>&1
666if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
667	#
668	# We built the script in and pointing to /etc/svc/volatile because we
669	# may not have a writable filesystem in net-nwam.  So here we move the
670	# components and rewrite the script to point at the writable filesystem.
671	#
672	$CP -r $SCRIPT_PATH/Legacy $LEGACY_LOC_PATH
673	$MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
674	$SED -e's,/etc/svc/volatile/nwam/Legacy,/etc/nwam/loc/Legacy,' \
675	    $SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
676	$NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
677	loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
678	    2>/dev/null`
679	if [ $? -eq 1 ]; then
680		#
681		# We are rewriting configuration variables from the Legacy
682		# location to the User location.  Use variable ULP to keep REs
683		# within a line.
684		#
685		ULP=$USER_LOC_PATH
686		$SED -e's,Legacy,User,' \
687		    -e's,activation-mode=system,activation-mode=manual,' \
688		    -e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
689		    -e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
690		    -e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
691		    -e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
692		    -e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
693		    -e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
694		    $SCRIPT_PATH/create_loc_legacy | \
695			$SED -e's,/etc/nwam/loc/User/none,/none,' \
696			-e's,/etc/nwam/loc/User/allow,/allow,' \
697			-e's,/etc/nwam/loc/User/deny,/deny,' \
698			>$SCRIPT_PATH/create_loc_user
699		#
700		# We are creating the User location here.  The User location
701		# is an appromixation of the machine configuration when the
702		# user change or upgraded to this version of NWAM.  First
703		# we make sure there isn't an existing User location or any
704		# existing User location data.  We then copy all the data
705		# from the Legacy location and create a location pointing at
706		# that data.  Lastly we create a version property to note
707		# that we have done this.
708		#
709		$NWAMCFG destroy loc User 2>/dev/null
710		$RM -rf $USER_LOC_PATH
711		$CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
712		$RM -f $USER_LOC_PATH/resolv.conf
713		$NWAMCFG -f $SCRIPT_PATH/create_loc_user
714		# The User location is activated if 'nis' is in a non comment
715		# line of nsswitch.conf.
716		$GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
717		    $SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
718		if [ $? -eq 0 ]; then
719			activate_user_loc=1
720		fi
721		$SVCCFG -s $SMF_FMRI addpg location_upgrade application \
722		    2>/dev/null
723		$SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
724		    astring: "1"
725	fi
726fi
727
728#
729# Activate a location.  If we've just finished upgrading, and
730# the User location should be activated, do that (and use nwamadm
731# to do so, so the enabled property gets set and nwamd knows this
732# selection has been made).  Otherwise, if our location/selected
733# property has a value, we activate that location; else we activate
734# the NoNet location as a default value.
735#
736if [ $activate_user_loc -eq 1 ]; then
737	$NWAMADM enable -p loc User
738else
739	sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
740	if [ $? -eq 1 ]; then
741		# location hasn't been selected; default to NoNet
742		activate_loc NoNet
743	else
744		#
745		# If the selected location does not exist, or if we fail
746		# to activate it completely, we fall back to the NoNet
747		# location.  Also poke nwamd, so it will check conditions
748		# for a better choice.
749		#
750		$NWAMCFG list loc $sel_loc >/dev/null 2>&1
751		if [ $? -eq 1 ]; then
752			echo "location '$sel_loc' doesn't exist"
753			activate_loc NoNet
754			refresh_svc $NWAM_FMRI
755		else
756			# activate selected location
757			if ! activate_loc $sel_loc; then
758				echo "failed to activate '$sel_loc'"
759				activate_loc NoNet
760				refresh_svc $NWAM_FMRI
761			fi
762		fi
763	fi
764fi
765
766exit $SMF_EXIT_OK
767