xref: /illumos-gate/usr/src/cmd/svc/milestone/net-loc (revision b1d7ec75953cd517f5b7c3d9cb427ff8ec5d7d07)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26. /lib/svc/share/smf_include.sh
27. /lib/svc/share/net_include.sh
28
29# FMRI consts
30AUTOFS_FMRI="svc:/system/filesystem/autofs"
31DNS_CLIENT_FMRI="svc:/network/dns/client"
32IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
33IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
34IPFILTER_FMRI="svc:/network/ipfilter:default"
35LDAP_CLIENT_FMRI="svc:/network/ldap/client"
36LOCATION_FMRI="svc:/network/location:default"
37MAPID_FMRI="svc:/network/nfs/mapid:default"
38NIS_CLIENT_FMRI="svc:/network/nis/client"
39NWAM_FMRI="svc:/network/physical:nwam"
40
41# commands
42CP=/usr/bin/cp
43DHCPINFO=/sbin/dhcpinfo
44DOMAINNAME=/usr/bin/domainname
45GREP=/usr/bin/grep
46LDAPCLIENT=/usr/sbin/ldapclient
47MKDIR=/usr/bin/mkdir
48MV=/usr/bin/mv
49NAWK=/usr/bin/nawk
50NWAMADM=/usr/sbin/nwamadm
51NWAMCFG=/usr/sbin/nwamcfg
52RM=/usr/bin/rm
53SED=/usr/bin/sed
54SVCADM=/usr/sbin/svcadm
55SVCCFG=/usr/sbin/svccfg
56SVCPROP=/usr/bin/svcprop
57TOUCH=/usr/bin/touch
58
59# Path to directories
60ETC_DEFAULT_DOMAIN=/etc/defaultdomain
61NIS_BIND_PATH=/var/yp/binding
62LEGACY_LOC_PATH=/etc/nwam/loc/Legacy
63USER_LOC_PATH=/etc/nwam/loc/User
64SCRIPT_PATH=/etc/svc/volatile/nwam
65
66#
67# echoes DHCP controlled interfaces separated by commas
68#
69# Don't parse the output of ifconfig(1M) because interfaces that haven't
70# acquired a DHCP lease also have the DHCP flag set.
71#
72get_dhcp_interfaces () {
73	#
74	# 1. parse netstat(1M) output for v4 interfaces in BOUND
75	#    or INFORMATION state
76	# 2. make a space-separated list of interface names
77	#
78	netstat -D -f inet | $NAWK '
79	    $2 ~ /BOUND/ { printf "%s ", $1 }
80	    $2 ~ /INFORMATION/ { printf "%s ", $1 }'
81}
82
83#
84# get_dhcpinfo <code/identifier>
85#
86# echoes the value received through each interface controlled by DHCP
87# returns:
88#	0 => property is set
89#	1 => property is not set
90#
91get_dhcpinfo () {
92	code=$1
93
94	# Get all interfaces with DHCP control, IFS is " "
95	interfaces=`get_dhcp_interfaces`
96
97	info=""
98 	for intf in $interfaces; do
99		val=`$DHCPINFO -i $intf $code`
100		if [ $? -eq 0 ]; then
101			if [ "$info" = "" ]; then
102				info="$val"
103			else
104				info="$info,$val"
105			fi
106		fi
107 	done
108	echo $info
109}
110
111#
112# set_smf_prop <fmri> <property name> <property value>
113#
114set_smf_prop () {
115	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
116}
117
118#
119# refresh_svc <fmri>
120#
121# Refreshes the service.
122#
123refresh_svc () {
124	$SVCADM refresh $1
125}
126
127#
128# restart_svc <fmri>
129#
130# Restarts the service.
131#
132restart_svc () {
133	$SVCADM restart $1
134}
135
136#
137# start_svc <fmri>
138#
139# Starts the service.  If the service is already enabled, restarts it.  If
140# it is not enabled, temporarily enables it.
141#
142start_svc () {
143	if service_is_enabled $1; then
144		$SVCADM restart $1
145	else
146		$SVCADM enable -t $1
147	fi
148}
149
150#
151# stop_svc <fmri>
152#
153# Temporarily disables the service.
154#
155stop_svc () {
156	$SVCADM disable -t $1
157}
158
159#
160# copy_default <dir> <file>
161#
162# Copies <dir>/<file>.dfl to <dir>/<file>
163#
164copy_default () {
165	$CP -p $1/$2.dfl $1/$2
166}
167
168#
169# do_dns <location>
170#
171# Installs DNS information on /etc/resolv.conf for location
172#
173do_dns () {
174	loc=$1
175	file=/etc/resolv.conf
176
177	# Write out to temporary file first
178	$TOUCH $file.$$
179
180	DNS_CONFIGSRC=`nwam_get_loc_prop $loc dns-nameservice-configsrc`
181	(IFS=" ";
182	for configsrc in $DNS_CONFIGSRC; do
183		case "$configsrc" in
184		'manual')
185			DNS_DOMAIN=`nwam_get_loc_prop $loc \
186			    dns-nameservice-domain`
187			DNS_SERVERS=`nwam_get_loc_prop $loc \
188			    dns-nameservice-servers`
189			DNS_SEARCH=`nwam_get_loc_prop $loc \
190			    dns-nameservice-search`
191			;;
192		'dhcp')
193			DNS_DOMAIN=`get_dhcpinfo DNSdmain`
194			DNS_SERVERS=`get_dhcpinfo DNSserv`
195			# No DNS search info for IPv4
196			;;
197		'*')
198			echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
199			;;
200		esac
201
202		# Write DNS settings
203		if [ -n "$DNS_DOMAIN" ]; then
204			echo "$DNS_DOMAIN" | $NAWK \
205			    'FS="," { for (i = 1; i <= NF; i++) \
206			    print "domain ", $i }' >> $file.$$
207		fi
208		if [ -n "$DNS_SEARCH" ]; then
209			echo "$DNS_SEARCH" | $NAWK \
210                            'FS="," { printf("search"); \
211			    for (i = 1; i <= NF; i++) printf(" %s", $i); \
212			    printf("\n") }' >> $file.$$
213		fi
214		if [ -n "$DNS_SERVERS" ]; then
215			echo "$DNS_SERVERS" | $NAWK \
216			    'FS="," { for (i = 1; i <= NF; i++) \
217			    print "nameserver ", $i }' >> $file.$$
218		fi
219	done
220	)
221	# Finally, copy our working version to the real thing
222	$MV -f $file.$$ $file
223	start_svc $DNS_CLIENT_FMRI
224}
225
226#
227# do_nis <location>
228#
229# Installs NIS information on /var/yp/binding/ for location
230#
231do_nis () {
232	loc=$1
233
234	NIS_CONFIGSRC=`nwam_get_loc_prop $loc nis-nameservice-configsrc`
235	(IFS=" ";
236	domainname_set=false
237	for configsrc in $NIS_CONFIGSRC; do
238		case "$configsrc" in
239		'manual')
240			NIS_SERVERS=`nwam_get_loc_prop $loc \
241			    nis-nameservice-servers`
242			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
243			# user-specified default-domain always wins
244			$DOMAINNAME $DEFAULT_DOMAIN
245			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
246			domainname_set=true
247			;;
248		'dhcp')
249			# Use only the first name
250			DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
251			    $NAWK 'FS="," { print $1 }'`
252			NIS_SERVERS=`get_dhcpinfo NISservs`
253			if [ "$domainname_set" = "false" ]; then
254				$DOMAINNAME $DEFAULT_DOMAIN
255				$DOMAINNAME > $ETC_DEFAULT_DOMAIN
256				domainname_set=true
257			fi
258			;;
259		'*')
260			echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
261			;;
262		esac
263
264		# Place NIS settings in appropriate directory/file.
265		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
266			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
267		fi
268		if [ -n "$NIS_SERVERS" ]; then
269			echo "$NIS_SERVERS" | $NAWK \
270			    'FS="," { for (i = 1; i <= NF; i++) print $i }' \
271			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
272		fi
273	done
274	)
275	start_svc $NIS_CLIENT_FMRI
276}
277
278#
279# do_ldap <location>
280#
281# Installs LDAP information using ldapclient(1M) for location
282#
283do_ldap () {
284	loc=$1
285
286	LDAP_CONFIGSRC=`nwam_get_loc_prop $loc ldap-nameservice-configsrc`
287	(IFS=" ";
288	for configsrc in $LDAP_CONFIGSRC; do
289		case "$configsrc" in
290		'manual')
291			LDAP_SERVERS=`nwam_get_loc_prop $loc \
292			    ldap-nameservice-servers`
293			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
294			$DOMAINNAME $DEFAULT_DOMAIN
295			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
296			;;
297		'*')
298			echo "Unrecognized LDAP configsrc ${configsrc}; ignoring"
299			;;
300		esac
301
302		# Use ldapclient(1M) to initialize LDAP client settings.
303		if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
304			# XXX need to check how to specify multiple LDAP servers.
305			$LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
306			    $LDAP_SERVERS
307		fi
308	done
309	)
310	start_svc $LDAP_CLIENT_FMRI
311}
312
313#
314# do_ns <location>
315#
316# Installs different nameservices for location
317#
318do_ns () {
319	loc=$1
320
321	#
322	# Disable nameservices temporarily while we reconfigure.  Copy
323	# /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
324	# are used.
325	#
326	$CP -p /etc/nsswitch.files /etc/nsswitch.conf
327	stop_svc $DNS_CLIENT_FMRI
328	stop_svc $NIS_CLIENT_FMRI
329	stop_svc $LDAP_CLIENT_FMRI
330
331	#
332	# Remove /etc/defaultdomain and unset domainname(1M).  If NIS
333	# and/or LDAP is configured, they will create /etc/defaultdomain
334	# and set the domainname(1M).
335	#
336	$RM -f $ETC_DEFAULT_DOMAIN
337	$DOMAINNAME " "
338
339	NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
340	    $loc nameservices-config-file`
341	NAMESERVICES=`nwam_get_loc_prop $loc nameservices`
342
343	if [ -f "$NAMESERVICES_CONFIG_FILE" ]; then
344		$CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
345	else
346		echo "Failed to activate location ${loc}:\
347		    missing nameservices-config-file property"
348		exit $SMF_EXIT_ERR_CONFIG
349	fi
350
351	(IFS=,;
352	for ns in $NAMESERVICES; do
353		case "$ns" in
354		'files')
355			# no additional setup needed for files nameservice
356			;;
357		'dns')
358			do_dns $loc
359			;;
360		'nis')
361			do_nis $loc
362			;;
363		'ldap')
364			do_ldap $loc
365			;;
366		'*')
367			echo "Unrecognized nameservices value ${ns}; ignoring"
368			;;
369		esac
370	done
371	)
372
373	#
374	# Restart other related services
375	#
376	# We explicitly restart here, as restart will only have an
377	# effect if the service is already enabled.  We don't want
378	# to enable the service if it's currently disabled.
379	#
380	restart_svc $AUTOFS_FMRI
381}
382
383#
384# do_sec <location>
385#
386# If config properties are set, update the SMF property and refresh the
387# service.  If config properties are not set, delete the SMF property and
388# stop the service.
389#
390do_sec () {
391	loc=$1
392
393	ike_file=`nwam_get_loc_prop $loc ike-config-file`
394	pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
395	ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
396	ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
397	ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
398	ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
399
400	# IKE
401	if [ -n "$ike_file" ]; then
402		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
403		refresh_svc $IPSEC_IKE_FMRI
404		start_svc $IPSEC_IKE_FMRI
405	else
406		stop_svc $IPSEC_IKE_FMRI
407	fi
408
409	# IPsec
410	if [ -n "$pol_file" ]; then
411		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
412		refresh_svc $IPSEC_POLICY_FMRI
413		start_svc $IPSEC_POLICY_FMRI
414	else
415		stop_svc $IPSEC_POLICY_FMRI
416	fi
417
418	# IPFilter
419	refresh_ipf=false
420	if [ -n "$ipf_file" ]; then
421		if [ "$ipf_file" = "/none" ]; then
422			set_smf_prop $IPFILTER_FMRI \
423			    firewall_config_default/policy "none"
424		elif [ "$ipf_file" = "/deny" ]; then
425			set_smf_prop $IPFILTER_FMRI \
426			    firewall_config_default/policy "deny"
427		elif [ "$ipf_file" = "/allow" ]; then
428			set_smf_prop $IPFILTER_FMRI \
429			    firewall_config_default/policy "allow"
430		else
431			# custom policy with policy file
432			set_smf_prop $IPFILTER_FMRI \
433			    firewall_config_default/policy "custom"
434			set_smf_prop $IPFILTER_FMRI \
435			    firewall_config_default/custom_policy_file $ipf_file
436		fi
437		refresh_ipf=true
438	else
439		# change policy to "none", no need to clear custom_policy_file
440		set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
441		    "none"
442		# IPFilter has to be refreshed to make the changes effective.
443		# Don't set $refresh_ipf as it keeps IPFilter online rather
444		# than disabled.  Refresh after IPFilter is disabled below.
445	fi
446	if [ -n "$ipf6_file" ]; then
447		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
448		refresh_ipf=true
449	fi
450	if [ -n "$ipnat_file" ]; then
451		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
452		refresh_ipf=true
453	fi
454	if [ -n "$ippool_file" ]; then
455		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
456		    $ippool_file
457		refresh_ipf=true
458	fi
459
460	if [ "$refresh_ipf" = "true" ]; then
461		refresh_svc $IPFILTER_FMRI
462		start_svc $IPFILTER_FMRI
463	else
464		stop_svc $IPFILTER_FMRI
465		refresh_svc $IPFILTER_FMRI
466	fi
467}
468
469#
470# update_nfs_file <new nfsv4 domain>
471#
472update_nfs_file () {
473	domain=$1
474	file=/etc/default/nfs
475
476	#
477	# For non-commented-out lines that set NFSMAPID_DOMAIN:
478	#	if not previously added by nwam, comment out with a note
479	#	if previously added by nwam, remove
480	# For commented-out lines that set NFSMAPID_DOMAIN:
481	#	if not commented out by NWAM, leave as-is
482	#	if commented out by NWAM, remove
483	# All other lines: leave as-is
484	#
485	$NAWK ' \
486		$0 ~ /^NFSMAPID_DOMAIN=/ {
487			if (index($0, "# Added by NWAM") == 0)
488				printf("#%s # Commented out by NWAM\n", $0);
489		}
490		$0 ~ /^#NFSMAPID_DOMAIN=/ {
491			if ($0 !~ /"# Commented out by NWAM"/)
492				printf("%s\n", $0);
493		}
494		$1 !~ /NFSMAPID_DOMAIN=/ {
495			printf("%s\n", $0);
496		}' $file >$file.$$
497
498	# Now add the desired value
499	echo "NFSMAPID_DOMAIN=$domain # Added by NWAM" >> $file.$$
500
501	# Finally, copy our working version to the real thing
502	$MV -f $file.$$ $file
503}
504
505#
506# do_nfsv4 <location>
507#
508# Updates NFSv4 domain for location
509#
510do_nfsv4 () {
511	loc=$1
512
513	nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
514	if [ $? -eq 0 ]; then
515		update_nfs_file $nfsv4domain
516		start_svc $MAPID_FMRI
517	else
518		stop_svc $MAPID_FMRI
519	fi
520}
521
522#
523# activate_loc <location>
524#
525# Activates the given location
526#
527activate_loc () {
528	loc=$1
529
530	echo activating $loc location
531
532	do_sec $loc
533	do_ns $loc
534	do_nfsv4 $loc
535}
536
537#
538# Script entry point
539#
540# Arguments to net-loc are
541#	method ('start' or 'refresh')
542
543#
544# If nwam is not enabled, do nothing and return OK.
545#
546service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
547
548#
549# In a shared-IP zone we need this service to be up, but all of the work
550# it tries to do is irrelevant (and will actually lead to the service
551# failing if we try to do it), so just bail out.
552# In the global zone and exclusive-IP zones we proceed.
553#
554smf_configure_ip || exit $SMF_EXIT_OK
555
556case "$1" in
557
558'start')
559	#
560	# We need to create the default (NoNet and Automatic)
561	# locations, if they don't already exist.  So: first check
562	# for the existence of each, and then run the appropriate
563	# nwamcfg script(s) as needed. Restart nwamd if a location is
564	# created, as it needs to read it in.
565	#
566	LOC_CREATED="false"
567	$NWAMCFG list loc Automatic >/dev/null 2>&1
568	if [ $? -eq 1 ]; then
569		$NWAMCFG -f /etc/nwam/loc/create_loc_auto
570		LOC_CREATED="true"
571	fi
572
573	$NWAMCFG list loc NoNet >/dev/null 2>&1
574	if [ $? -eq 1 ]; then
575		NONETPATH=/etc/nwam/loc/NoNet
576		NONETFILES="ipf.conf ipf6.conf"
577		for file in $NONETFILES; do
578			copy_default $NONETPATH $file
579		done
580		$NWAMCFG -f /etc/nwam/loc/create_loc_nonet
581		LOC_CREATED="true"
582	fi
583
584	if [ "$LOC_CREATED" = "true" ]; then
585		refresh_svc $NWAM_FMRI
586	fi
587
588	# location selection/activation happens below
589	;;
590
591'refresh')
592
593	# location selection/activation happens below
594	;;
595
596*)
597	echo "Usage: $0 start|refresh"
598	exit 1
599	;;
600
601esac
602
603#
604# If the Legacy location doesn't exist and the file to create the Legacy
605# location exists, create the Legacy location.  Make a copy of it as the user's
606# intentions before upgrade.  Then activate the User location if nis is
607# involved.  Because NIS affects more parts of the system (e.g. automounts) we
608# are not willing to make NIS part of the Automatic location (i.e. enable it
609# automatically based on external input) as we do with DHCP-driven DNS.
610#
611activate_user_loc=0
612$NWAMCFG list loc Legacy >/dev/null 2>&1
613if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
614	#
615	# We built the script in and pointing to /etc/svc/volatile because we
616	# may not have a writable filesystem in net-nwam.  So here we move the
617	# components and rewrite the script to point at the writable filesystem.
618	#
619	$CP -r $SCRIPT_PATH/Legacy $LEGACY_LOC_PATH
620	$MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
621	$SED -e's,/etc/svc/volatile/nwam/Legacy,/etc/nwam/loc/Legacy,' \
622	    $SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
623	$NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
624	loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
625	    2>/dev/null`
626	if [ $? -eq 1 ]; then
627		#
628		# We are rewriting configuration variables from the Legacy
629		# location to the User location.  Use variable ULP to keep REs
630		# within a line.
631		#
632		ULP=$USER_LOC_PATH
633		$SED -e's,Legacy,User,' \
634		    -e's,activation-mode=system,activation-mode=manual,' \
635		    -e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
636		    -e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
637		    -e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
638		    -e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
639		    -e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
640		    -e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
641		    $SCRIPT_PATH/create_loc_legacy | \
642			$SED -e's,/etc/nwam/loc/User/none,/none,' \
643			-e's,/etc/nwam/loc/User/allow,/allow,' \
644			-e's,/etc/nwam/loc/User/deny,/deny,' \
645			>$SCRIPT_PATH/create_loc_user
646		#
647		# We are creating the User location here.  The User location
648		# is an appromixation of the machine configuration when the
649		# user change or upgraded to this version of NWAM.  First
650		# we make sure there isn't an existing User location or any
651		# existing User location data.  We then copy all the data
652		# from the Legacy location and create a location pointing at
653		# that data.  Lastly we create a version property to note
654		# that we have done this.
655		#
656		$NWAMCFG destroy loc User 2>/dev/null
657		$RM -rf $USER_LOC_PATH
658		$CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
659		$RM -f $USER_LOC_PATH/resolv.conf
660		$NWAMCFG -f $SCRIPT_PATH/create_loc_user
661		# The User location is activated if 'nis' is in a non comment
662		# line of nsswitch.conf.
663		$GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
664		    $SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
665		if [ $? -eq 0 ]; then
666			activate_user_loc=1
667		fi
668		$SVCCFG -s $SMF_FMRI addpg location_upgrade application \
669		    2>/dev/null
670		$SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
671		    astring: "1"
672	fi
673fi
674
675#
676# Activate a location.  If we've just finished upgrading, and
677# the User location should be activated, do that (and use nwamadm
678# to do so, so the enabled property gets set and nwamd knows this
679# selection has been made).  Otherwise, if our location/selected
680# property has a value, we activate that location; else we activate
681# the NoNet location as a default value.
682#
683if [ $activate_user_loc -eq 1 ]; then
684	$NWAMADM enable -p loc User
685else
686	sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
687	if [ $? -eq 1 ]; then
688		# location hasn't been selected; default to NoNet
689		activate_loc NoNet
690	else
691		# check if the selected location exists
692		$NWAMCFG list loc $sel_loc >/dev/null 2>&1
693		if [ $? -eq 1 ]; then
694			echo "location $sel_loc doesn't exist, revert to NoNet"
695			set_smf_prop $SMF_FMRI location/selected NoNet
696			refresh_svc $SMF_FMRI
697		else
698			# activate selected location
699			activate_loc $sel_loc
700		fi
701	fi
702fi
703
704exit $SMF_EXIT_OK
705