xref: /illumos-gate/usr/src/cmd/svc/milestone/net-nwam (revision 6e91bba0d6c6bdabbba62cefae583715a4a58e2a)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26
27. /lib/svc/share/smf_include.sh
28. /lib/svc/share/net_include.sh
29
30# FMRI constants
31IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
32IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
33IPFILTER_FMRI="svc:/network/ipfilter:default"
34NIS_CLIENT_FMRI="svc:/network/nis/client:default"
35NET_PHYS_FMRI="svc:/network/physical:default"
36NET_NWAM_FMRI="svc:/network/physical:nwam"
37NET_LOC_FMRI="svc:/network/location:default"
38
39#
40# Default *.conf files
41# Set appropriate config SMF property to these files when NWAM is stopped
42# and corresponding config properties in the Legacy location are emtpy
43#
44IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
45IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
46IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
47IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
48IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
49
50# commands
51BASENAME=/usr/bin/basename
52CAT=/usr/bin/cat
53CP=/usr/bin/cp
54DOMAINNAME=/usr/bin/domainname
55GREP=/usr/bin/grep
56LDAPCLIENT=/usr/sbin/ldapclient
57MKDIR=/usr/bin/mkdir
58MKFIFO=/usr/bin/mkfifo
59NAWK=/usr/bin/nawk
60NWAMCFG=/usr/sbin/nwamcfg
61RM=/usr/bin/rm
62SVCADM=/usr/sbin/svcadm
63SVCCFG=/usr/sbin/svccfg
64SVCPROP=/usr/bin/svcprop
65
66# Path to directories
67# We don't have a writable file system so we write to /etc/svc/volatile and
68# then later copy anything interesting to /etc/nwam.
69LEGACY_PATH=/etc/svc/volatile/nwam/Legacy
70NIS_BIND_PATH=/var/yp/binding
71
72#
73# copy_to_legacy_loc <file>
74#
75# Copies the file to the Legacy location directory
76#
77copy_to_legacy_loc() {
78	$MKDIR -p $LEGACY_PATH
79	if [ -f "$1" ]; then
80		$CP -p $1 $LEGACY_PATH
81	fi
82}
83
84#
85# copy_from_legacy_loc <destination file>
86#
87# Copies file with the same name from Legacy location to the given
88# destination file
89#
90copy_from_legacy_loc () {
91	DEST_DIR=`/usr/bin/dirname $1`
92	SRC_FILE="$LEGACY_PATH/`$BASENAME $1`"
93
94	# Make destination directory if needed
95	if [ ! -d "$DEST_DIR" ]; then
96		$MKDIR -p $DEST_DIR
97	fi
98
99	if [ -f "$SRC_FILE" ]; then
100		$CP -p $SRC_FILE $DEST_DIR
101	fi
102}
103
104#
105# write_loc_prop <property> <value> <file>
106#
107# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
108#
109write_loc_prop () {
110	prop=$1
111	val=$2
112	file=$3
113
114	if [ -n "$val" -a -n "$file" ]; then
115		echo "set $prop=$val" >> $file
116	fi
117}
118
119#
120# set_smf_prop <fmri> <property name> <property value>
121#
122set_smf_prop () {
123	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
124}
125
126#
127# get_smf_prop <fmri> <property name>
128#
129get_smf_prop () {
130	$SVCPROP -p $2 $1
131}
132
133#
134# Creates Legacy location from the current configuration
135#
136create_legacy_loc () {
137	CREATE_LOC_LEGACY_FILE=/etc/svc/volatile/nwam/create_loc_legacy
138
139	#
140	# Write nwamcfg commands to create Legacy location to
141	# $CREATE_LOC_LEGACY_FILE as values for properties are determined
142	# Note that some of the *_CONFIG_FILE variables point at copies of
143	# files we've made and others indicate where those copies should be
144	# if we are enabling the location.
145	#
146	echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
147	write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
148
149	NAMESERVICES=""
150	NAMESERVICES_CONFIG_FILE=""
151	DNS_NAMESERVICE_CONFIGSRC=""
152	DNS_NAMESERVICE_DOMAIN=""
153	DNS_NAMESERVICE_SERVERS=""
154	DNS_NAMESERVICE_SEARCH=""
155	NIS_NAMESERVICE_CONFIGSRC=""
156	NIS_NAMESERVICE_SERVERS=""
157	LDAP_NAMESERVICE_CONFIGSRC=""
158	LDAP_NAMESERVICE_SERVERS=""
159	DEFAULT_DOMAIN=""
160
161	# Copy /etc/nsswitch.conf file
162	copy_to_legacy_loc /etc/nsswitch.conf
163	NAMESERVICES_CONFIG_FILE="$LEGACY_PATH/nsswitch.conf"
164
165	# Gather DNS info from resolv.conf if present.
166	if [ -f /etc/resolv.conf ]; then
167		NAMESERVICES="dns,"
168		$GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
169		if [ $? -eq 0 ]; then
170			DNS_NAMESERVICE_CONFIGSRC="dhcp"
171		else
172			DNS_NAMESERVICE_CONFIGSRC="manual"
173			DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
174			    print $2 }' < /etc/resolv.conf`
175			DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
176			    { printf "%s,", $2 }' < /etc/resolv.conf`
177			DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
178			    { printf "%s,", $2 }' < /etc/resolv.conf`
179			copy_to_legacy_loc /etc/resolv.conf
180		fi
181	fi
182
183	# Gather NIS info from appropriate file if present.
184	if service_is_enabled $NIS_CLIENT_FMRI; then
185		NAMESERVICES="${NAMESERVICES}nis,"
186		NIS_NAMESERVICE_CONFIGSRC="manual"
187		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
188
189		yp_servers=`$NAWK '{ printf "%s ", $1 }' \
190		    < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
191		for serv in $yp_servers; do
192			if is_valid_addr $serv; then
193				addr="$serv,"
194			else
195				addr=`$GREP -iw $serv /etc/inet/hosts | \
196				    $NAWK '{ printf "%s,", $1 }'`
197			fi
198			NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
199		done
200	fi
201
202	# Gather LDAP info via ldapclient(1M).
203	if [ -f /var/ldap/ldap_client_file ]; then
204		copy_to_legacy /var/ldap/ldap_client_file
205		NAMESERVICES="${NAMESERVICES}ldap,"
206		LDAP_NAMESERVICE_CONFIGSRC="manual"
207		LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
208		    $NAWK '$1 == "preferredServerList:" { print $2 }'`
209		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
210	fi
211
212	# Now, write nwamcfg commands for nameservices
213	write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
214 	write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
215 	    $CREATE_LOC_LEGACY_FILE
216	write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
217	    $CREATE_LOC_LEGACY_FILE
218	write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
219 	    $CREATE_LOC_LEGACY_FILE
220	write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
221	    $CREATE_LOC_LEGACY_FILE
222	write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
223	    $CREATE_LOC_LEGACY_FILE
224	write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
225	    $CREATE_LOC_LEGACY_FILE
226	write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
227	    $CREATE_LOC_LEGACY_FILE
228	write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
229	    $CREATE_LOC_LEGACY_FILE
230	write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
231	    $CREATE_LOC_LEGACY_FILE
232	write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
233
234	# Retrieve NFSv4 domain.
235	if [ -f /etc/default/nfs ]; then
236		copy_to_legacy_loc /etc/default/nfs
237		NFS_DOMAIN=`$NAWK '/^NFSMAPID_DOMAIN.*/ { FS="=" ; print $2 }' \
238		    < /etc/default/nfs`
239		write_loc_prop "nfsv4-domain" \
240		    $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
241	fi
242
243	IPF_CONFIG_FILE=""
244	IPF6_CONFIG_FILE=""
245	IPNAT_CONFIG_FILE=""
246	IPPOOL_CONFIG_FILE=""
247	IKE_CONFIG_FILE=""
248	IPSEC_POLICY_CONFIG_FILE=""
249
250	#
251	# IPFilter
252	#
253	# If the firewall policy is "custom", simply copy the
254	# custom_policy_file.  If the firewall policy is "none", "allow" or
255	# "deny", save the value as "/<value>".  When reverting back to the
256	# Legacy location, these values will have to be treated as special.
257	#
258	# For all configuration files, copy them to the Legacy directory.
259	# Use the respective properties to remember the original locations
260	# of the files so that they can be copied back there when NWAM is
261	# stopped.
262	#
263	if service_is_enabled $IPFILTER_FMRI; then
264		FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
265		    firewall_config_default/policy`
266		if [ "$FIREWALL_POLICY" = "custom" ]; then
267			IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
268			    firewall_config_default/custom_policy_file`
269			copy_to_legacy_loc $IPF_CONFIG_FILE
270		else
271			# save value as /none, /allow, or /deny
272			IPF_CONFIG_FILE="/$FIREWALL_POLICY"
273		fi
274		IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
275		    config/ipf6_config_file`
276		copy_to_legacy_loc $IPF6_CONFIG_FILE
277
278		IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
279		    config/ipnat_config_file`
280		copy_to_legacy_loc $IPNAT_CONFIG_FILE
281
282		IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
283		    config/ippool_config_file`
284		copy_to_legacy_loc $IPPOOL_CONFIG_FILE
285	fi
286
287	# IKE
288	if service_is_enabled $IPSEC_IKE_FMRI:default; then
289		IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
290		copy_to_legacy_loc $IKE_CONFIG_FILE
291	fi
292
293	# IPsec
294	if service_is_enabled $IPSEC_POLICY_FMRI:default; then
295		IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
296		    config/config_file`
297		copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
298	fi
299
300	if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
301	    -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
302	    -o -f "$IPF_CONFIG_FILE" \) ]; then
303		write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
304		    $CREATE_LOC_LEGACY_FILE
305	fi
306	if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
307		write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
308		    $CREATE_LOC_LEGACY_FILE
309	fi
310	if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
311		write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
312		    $CREATE_LOC_LEGACY_FILE
313	fi
314	if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
315		write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
316		    $CREATE_LOC_LEGACY_FILE
317	fi
318	if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
319		write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
320		    $CREATE_LOC_LEGACY_FILE
321	fi
322	if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
323	then
324		write_loc_prop "ipsecpolicy-config-file" \
325		    $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
326	fi
327
328	# End
329	echo "end" >> $CREATE_LOC_LEGACY_FILE
330	# network/location will create the Legacy location with these commands.
331}
332
333#
334# Undoes the effects of the Legacy location creation
335#
336revert_to_legacy_loc () {
337	$SVCADM disable dns/client
338	$SVCADM disable nis/client
339	$SVCADM disable ldap/client
340
341	# copy nsswitch.conf to /etc/nsswitch.conf
342	copy_from_legacy_loc /etc/nsswitch.conf
343
344	# DNS - copy resolv.conf to /etc/resolv.conf
345	if [ -f "$LEGACY_PATH/resolv.conf" ]; then
346		copy_from_legacy_loc /etc/resolv.conf
347	        $SVCADM enable dns/client
348	fi
349
350	# set /etc/defaultdomain and domainname(1M)
351	DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
352	if [ -n "$DEFAULT_DOMAIN" ]; then
353		$DOMAINNAME $DEFAULT_DOMAIN
354		$DOMAINNAME > /etc/defaultdomain
355	fi
356
357	# NIS - directory and ypserver in /var/yp/binding/
358	NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
359	NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
360	if [ -n "$NIS_CONFIGSRC" ]; then
361		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
362			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
363		fi
364		if [ -n "$NIS_SERVERS" ]; then
365			echo "$NIS_SERVERS" | $NAWK \
366			    'FS="," { for (i = 1; i <= NF; i++) print $i }' \
367			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
368		fi
369		$SVCADM enable nis/client
370	fi
371
372	# LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
373	if [ -f "$LEGACY_PATH/ldap_client_file" ]; then
374		copy_from_legacy_loc /var/ldap/ldap_client_file
375		$SVCADM enable ldap/client
376	fi
377
378	# Copy back nfs file
379        copy_from_legacy_loc /etc/default/nfs
380
381	# IPFilter, IPsec, and IKE
382	ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
383	ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
384	ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
385	ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
386	ike_file=`nwam_get_loc_prop Legacy ike-config-file`
387	pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
388
389	if [ -n "$ike_file" ]; then
390		copy_from_legacy_loc $ike_file
391		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
392		$SVCADM refresh $IPSEC_IKE_FMRI
393		$SVCADM enable $IPSEC_IKE_FMRI
394	else
395		set_smf_prop $IPSEC_IKE_FMRI config/config_file \
396		    $IPSEC_IKE_DEFAULT_CONFIG_FILE
397		$SVCADM disable $IPSEC_IKE_FMRI
398	fi
399	if [ -n "$pol_file" ]; then
400		copy_from_legacy_loc $pol_file
401		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
402		$SVCADM refresh $IPSEC_POLICY_FMRI
403		$SVCADM enable $IPSEC_POLICY_FMRI
404	else
405		set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
406		    $IPSEC_POLICY_DEFAULT_CONFIG_FILE
407		$SVCADM disable $IPSEC_POLICY_FMRI
408	fi
409
410	refresh_ipf=false
411	if [ -n "$ipf_file" ]; then
412		# change /none, /allow, and /deny to firewall policy
413		if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
414		    -o "$ipf_file" = "/deny" ]; then
415			policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
416			set_smf_prop $IPFILTER_FMRI \
417			    firewall_config_default/policy $policy
418			# no need to clear custom_policy_file as it isn't "custom"
419		else
420			copy_from_legacy_loc $ipf_file
421			set_smf_prop $IPFILTER_FMRI \
422			    firewall_config_default/policy "custom"
423			set_smf_prop $IPFILTER_FMRI \
424			    firewall_config_default/custom_policy_file $ipf_file
425		fi
426		refresh_ipf=true
427	fi
428	if [ -n "$ipf6_file" ]; then
429		copy_from_legacy_loc $ipf6_file
430		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
431		refresh_ipf=true
432	else
433		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
434		    $IPF6_DEFAULT_CONFIG_FILE
435	fi
436	if [ -n "$ipnat_file" ]; then
437		copy_from_legacy_loc $ipnat_file
438		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
439		refresh_ipf=true
440	else
441		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
442		    $IPNAT_DEFAULT_CONFIG_FILE
443	fi
444	if [ -n "$ippool_file" ]; then
445		copy_from_legacy_loc $ippool_file
446		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
447		    $ippool_file
448		refresh_ipf=true
449	else
450		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
451		    $IPPOOL_DEFAULT_CONFIG_FILE
452	fi
453
454	$SVCADM refresh $IPFILTER_FMRI
455	if [ "$refresh_ipf" = "true" ]; then
456		$SVCADM enable $IPFILTER_FMRI
457	else
458		$SVCADM disable $IPFILTER_FMRI
459	fi
460
461	# Remove the Legacy directory and location
462	$RM -rf $LEGACY_PATH
463	$NWAMCFG destroy loc Legacy
464}
465
466#
467# Script entry point
468#
469# Arguments to net-nwam are
470#       method ( start | refresh | stop | -u | -c )
471#
472
473#
474# Create nwam directory in /etc/svc/volatile
475#
476if [ ! -d /etc/svc/volatile/nwam ]; then
477	$MKDIR -m 0755 /etc/svc/volatile/nwam
478fi
479
480case "$1" in
481'refresh')
482	/usr/bin/pkill -HUP -z `smf_zonename` nwamd
483	#
484	# Enable network/location.  Needed on first boot post-install as
485	# network/location will not exist until after manifest-import runs.
486	#
487	if service_exists $NET_LOC_FMRI ; then
488		$SVCADM enable -t $NET_LOC_FMRI
489	fi
490	;;
491
492'start')
493	# The real daemon is not started in a shared stack zone. But we need to
494	# create a dummy background process to preserve contract lifetime.
495	smf_configure_ip
496	if [ $? = "1" ] ; then
497		$RM -f /etc/svc/volatile/nwam/nwam_blocked
498		$MKFIFO /etc/svc/volatile/nwam/nwam_blocked
499		($CAT </etc/svc/volatile/nwam/nwam_blocked >/dev/null) &
500		exit $SMF_EXIT_OK
501	fi
502
503	#
504	# Enable network/location.
505	#
506	if service_exists $NET_LOC_FMRI ; then
507		$SVCADM enable -t $NET_LOC_FMRI
508	fi
509
510	if smf_is_globalzone; then
511		net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
512
513		# Update PVID on interfaces configured with VLAN 1
514		update_pvid
515
516		#
517		# Upgrade handling. The upgrade file consists of a series
518		# of dladm(1M) commands. Note that after we are done, we
519		# cannot rename the upgrade script file as the file system
520		# is still read-only at this point. Defer this to the
521		# manifest-import service.
522		#
523		upgrade_script=/var/svc/profile/upgrade_datalink
524		if [ -f "${upgrade_script}" ]; then
525			. "${upgrade_script}"
526		fi
527
528		# Bring up simnet instances
529		/sbin/dladm up-simnet
530		# Initialize security objects.
531		/sbin/dladm init-secobj
532
533		#
534		# Initialize VNICs, VLANs and flows.  Though they are brought
535		# up here, NWAM will not automatically manage VNICs and VLANs.
536		#
537		/sbin/dladm up-vnic
538		/sbin/dladm up-vlan
539		/sbin/dladm up-aggr
540		/sbin/flowadm init-flow
541	fi
542
543	#
544	# Ensure that the network/netcfg service is running since
545	# manifest-import has not yet run for the first boot after upgrade.
546	# We wouldn't need to do that if manifest-import ran earlier in
547	# boot, since there is an explicit dependency between
548	# network/netcfg and network/physical:nwam.  This is similar to
549	# what network/physical does with network/datalink-management in
550	# net_reconfigure().
551	#
552	$SVCADM enable -ts svc:/network/netcfg:default
553
554	#
555	# We also need to create the Legacy location, which is used
556	# to restore non-NWAM settings that are overwritten when
557	# NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
558	#
559	$NWAMCFG list loc Legacy >/dev/null 2>&1
560	if [ $? -eq 1 ]; then
561		create_legacy_loc
562	fi
563
564	# start nwamd in foreground; it will daemonize itself
565	if /lib/inet/nwamd ; then
566		exit $SMF_EXIT_OK
567	else
568		exit $SMF_EXIT_ERR_FATAL
569	fi
570	;;
571
572'stop')
573	# We need to make the dummy process we created above stop.
574	smf_configure_ip
575	if [ $? = "1" ] ; then
576		echo "stop" > /etc/svc/volatile/nwam/nwam_blocked
577		exit $SMF_EXIT_OK
578	fi
579
580	/usr/bin/pkill -z `smf_zonename` nwamd
581
582	#
583	# Restore the non-NWAM settings.
584	#
585	$NWAMCFG list loc Legacy >/dev/null 2>&1
586	if [ $? -eq 1 ]; then
587		echo "No Legacy location to revert to!"
588		exit $SMF_EXIT_OK
589	fi
590	revert_to_legacy_loc
591	# remove the location property group
592	$SVCCFG -s $NET_LOC_FMRI delpg location
593	;;
594
595'-u')
596	# After we run this part of the script upon the next reboot
597	# network/physical:default will be enabled and
598	# network/physical:nwam will be disabled.
599	# There are various other parts of the system (nscd, nfs) that
600	# depend on continuing to have a working network.  For this
601	# reason we don't change the network configuration immediately.
602	#
603	# Disable network/physical temporarily and make sure that will
604	# be enabled on reboot.
605	$SVCADM disable -st $NET_PHYS_FMRI
606	$SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
607
608	# If nwam is online then make sure that it's temporarily enabled.
609	nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
610	if [ $? -eq 0 ]; then
611		set -- $nwam_online
612		[ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
613	fi
614
615	# Set nwam so that it won't be enabled upon reboot.
616	$SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
617	exit 0
618	;;
619
620'-c')
621	# Nothing to do for sysidtool
622	exit 0
623	;;
624
625*)
626	echo "Usage: $0 { start | stop | refresh }"
627	exit $SMF_EXIT_ERR_FATAL
628	;;
629esac
630exit $SMF_EXIT_OK
631