xref: /illumos-gate/usr/src/cmd/svc/milestone/net-nwam (revision 8226594fdd4479be135127f43632f1f995074654)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24# Copyright 2012 Milan Jurik. All rights reserved.
25# Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
26#
27
28. /lib/svc/share/smf_include.sh
29. /lib/svc/share/net_include.sh
30
31# FMRI constants
32IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
33IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
34IPFILTER_FMRI="svc:/network/ipfilter:default"
35NIS_CLIENT_FMRI="svc:/network/nis/client:default"
36NET_PHYS_FMRI="svc:/network/physical:default"
37NET_NWAM_FMRI="svc:/network/physical:nwam"
38NET_LOC_FMRI="svc:/network/location:default"
39NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
40
41#
42# Default *.conf files
43# Set appropriate config SMF property to these files when NWAM is stopped
44# and corresponding config properties in the Legacy location are emtpy
45#
46IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
47IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
48IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
49IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
50IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
51
52# commands
53BASENAME=/usr/bin/basename
54CAT=/usr/bin/cat
55CP=/usr/bin/cp
56DOMAINNAME=/usr/bin/domainname
57GREP=/usr/bin/grep
58LDAPCLIENT=/usr/sbin/ldapclient
59MKDIR=/usr/bin/mkdir
60MKFIFO=/usr/bin/mkfifo
61NAWK=/usr/bin/nawk
62NWAMCFG=/usr/sbin/nwamcfg
63RM=/usr/bin/rm
64SVCADM=/usr/sbin/svcadm
65SVCCFG=/usr/sbin/svccfg
66SVCPROP=/usr/bin/svcprop
67
68# Path to directories
69# We don't have a writable file system so we write to /etc/svc/volatile and
70# then later copy anything interesting to /etc/nwam.
71VOL_NWAM_PATH=/etc/svc/volatile/nwam
72VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
73PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
74NIS_BIND_PATH=/var/yp/binding
75
76#
77# copy_to_legacy_loc <file>
78#
79# Copies the file to the Legacy location directory
80# (in /etc/svc/volatile/nwam/Legacy)
81#
82copy_to_legacy_loc() {
83	$MKDIR -p $VOL_LEGACY_PATH
84	if [ -f "$1" ]; then
85		$CP -p $1 $VOL_LEGACY_PATH
86	fi
87}
88
89#
90# copy_from_legacy_loc <destination file>
91#
92# Copies file with the same name from Legacy location
93# (in /etc/nwam/loc/Legacy) to the given destination file
94#
95copy_from_legacy_loc () {
96	DEST_DIR=`/usr/bin/dirname $1`
97	SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`"
98
99	# Make destination directory if needed
100	if [ ! -d "$DEST_DIR" ]; then
101		$MKDIR -p $DEST_DIR
102	fi
103
104	if [ -f "$SRC_FILE" ]; then
105		$CP -p $SRC_FILE $DEST_DIR
106	fi
107}
108
109#
110# write_loc_prop <property> <value> <file>
111#
112# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
113#
114write_loc_prop () {
115	prop=$1
116	val=$2
117	file=$3
118
119	if [ -n "$val" -a -n "$file" ]; then
120		echo "set $prop=$val" >> $file
121	fi
122}
123
124#
125# set_smf_prop <fmri> <property name> <property value>
126#
127set_smf_prop () {
128	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
129}
130
131#
132# get_smf_prop <fmri> <property name>
133#
134get_smf_prop () {
135	$SVCPROP -p $2 $1
136}
137
138#
139# Creates Legacy location from the current configuration
140#
141create_legacy_loc () {
142	CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy
143
144	#
145	# Write nwamcfg commands to create Legacy location to
146	# $CREATE_LOC_LEGACY_FILE as values for properties are determined
147	# Note that some of the *_CONFIG_FILE variables point at copies of
148	# files we've made and others indicate where those copies should be
149	# if we are enabling the location.
150	#
151	echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
152	write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
153
154	NAMESERVICES=""
155	NAMESERVICES_CONFIG_FILE=""
156	DNS_NAMESERVICE_CONFIGSRC=""
157	DNS_NAMESERVICE_DOMAIN=""
158	DNS_NAMESERVICE_SERVERS=""
159	DNS_NAMESERVICE_SEARCH=""
160	NIS_NAMESERVICE_CONFIGSRC=""
161	NIS_NAMESERVICE_SERVERS=""
162	LDAP_NAMESERVICE_CONFIGSRC=""
163	LDAP_NAMESERVICE_SERVERS=""
164	DEFAULT_DOMAIN=""
165
166	# Copy /etc/nsswitch.conf file
167	copy_to_legacy_loc /etc/nsswitch.conf
168	NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
169
170	# Gather DNS info from resolv.conf if present.
171	if [ -f /etc/resolv.conf ]; then
172		NAMESERVICES="dns,"
173		$GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
174		if [ $? -eq 0 ]; then
175			DNS_NAMESERVICE_CONFIGSRC="dhcp"
176		else
177			DNS_NAMESERVICE_CONFIGSRC="manual"
178			DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
179			    print $2 }' < /etc/resolv.conf`
180			DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
181			    { printf "%s,", $2 }' < /etc/resolv.conf`
182			DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
183			    { printf "%s,", $2 }' < /etc/resolv.conf`
184			copy_to_legacy_loc /etc/resolv.conf
185		fi
186	fi
187
188	# Gather NIS info from appropriate file if present.
189	if service_is_enabled $NIS_CLIENT_FMRI; then
190		NAMESERVICES="${NAMESERVICES}nis,"
191		NIS_NAMESERVICE_CONFIGSRC="manual"
192		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
193
194		yp_servers=`$NAWK '{ printf "%s ", $1 }' \
195		    < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
196		for serv in $yp_servers; do
197			if is_valid_addr $serv; then
198				addr="$serv,"
199			else
200				addr=`$GREP -iw $serv /etc/inet/hosts | \
201				    $NAWK '{ printf "%s,", $1 }'`
202			fi
203			NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
204		done
205	fi
206
207	# Gather LDAP info via ldapclient(8).
208	if [ -f /var/ldap/ldap_client_file ]; then
209		copy_to_legacy /var/ldap/ldap_client_file
210		NAMESERVICES="${NAMESERVICES}ldap,"
211		LDAP_NAMESERVICE_CONFIGSRC="manual"
212		LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
213		    $NAWK '$1 == "preferredServerList:" { print $2 }'`
214		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
215	fi
216
217	# Now, write nwamcfg commands for nameservices
218	write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
219	write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
220	    $CREATE_LOC_LEGACY_FILE
221	write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
222	    $CREATE_LOC_LEGACY_FILE
223	write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
224	    $CREATE_LOC_LEGACY_FILE
225	write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
226	    $CREATE_LOC_LEGACY_FILE
227	write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
228	    $CREATE_LOC_LEGACY_FILE
229	write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
230	    $CREATE_LOC_LEGACY_FILE
231	write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
232	    $CREATE_LOC_LEGACY_FILE
233	write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
234	    $CREATE_LOC_LEGACY_FILE
235	write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
236	    $CREATE_LOC_LEGACY_FILE
237	write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
238
239	# Retrieve NFSv4 domain from SMF.
240	if service_is_enabled $NFS_MAPID_FMRI; then
241		NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \
242		    nfs-props/nfsmapid_domain`
243		write_loc_prop "nfsv4-domain" \
244		    $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
245	fi
246
247	IPF_CONFIG_FILE=""
248	IPF6_CONFIG_FILE=""
249	IPNAT_CONFIG_FILE=""
250	IPPOOL_CONFIG_FILE=""
251	IKE_CONFIG_FILE=""
252	IPSEC_POLICY_CONFIG_FILE=""
253
254	#
255	# IPFilter
256	#
257	# If the firewall policy is "custom", simply copy the
258	# custom_policy_file.  If the firewall policy is "none", "allow" or
259	# "deny", save the value as "/<value>".  When reverting back to the
260	# Legacy location, these values will have to be treated as special.
261	#
262	# For all configuration files, copy them to the Legacy directory.
263	# Use the respective properties to remember the original locations
264	# of the files so that they can be copied back there when NWAM is
265	# stopped.
266	#
267	if service_is_enabled $IPFILTER_FMRI; then
268		FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
269		    firewall_config_default/policy`
270		if [ "$FIREWALL_POLICY" = "custom" ]; then
271			IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
272			    firewall_config_default/custom_policy_file`
273			copy_to_legacy_loc $IPF_CONFIG_FILE
274		else
275			# save value as /none, /allow, or /deny
276			IPF_CONFIG_FILE="/$FIREWALL_POLICY"
277		fi
278		IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
279		    config/ipf6_config_file`
280		copy_to_legacy_loc $IPF6_CONFIG_FILE
281
282		IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
283		    config/ipnat_config_file`
284		copy_to_legacy_loc $IPNAT_CONFIG_FILE
285
286		IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
287		    config/ippool_config_file`
288		copy_to_legacy_loc $IPPOOL_CONFIG_FILE
289	fi
290
291	# IKE
292	if service_is_enabled $IPSEC_IKE_FMRI:default; then
293		IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
294		copy_to_legacy_loc $IKE_CONFIG_FILE
295	fi
296
297	# IPsec
298	if service_is_enabled $IPSEC_POLICY_FMRI:default; then
299		IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
300		    config/config_file`
301		copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
302	fi
303
304	if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
305	    -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
306	    -o -f "$IPF_CONFIG_FILE" \) ]; then
307		write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
308		    $CREATE_LOC_LEGACY_FILE
309	fi
310	if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
311		write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
312		    $CREATE_LOC_LEGACY_FILE
313	fi
314	if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
315		write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
316		    $CREATE_LOC_LEGACY_FILE
317	fi
318	if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
319		write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
320		    $CREATE_LOC_LEGACY_FILE
321	fi
322	if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
323		write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
324		    $CREATE_LOC_LEGACY_FILE
325	fi
326	if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
327	then
328		write_loc_prop "ipsecpolicy-config-file" \
329		    $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
330	fi
331
332	# End
333	echo "end" >> $CREATE_LOC_LEGACY_FILE
334	# network/location will create the Legacy location with these commands.
335}
336
337#
338# Undoes the effects of the Legacy location creation
339#
340revert_to_legacy_loc () {
341	$SVCADM disable dns/client
342	$SVCADM disable nis/client
343	$SVCADM disable ldap/client
344
345	# copy nsswitch.conf to /etc/nsswitch.conf
346	copy_from_legacy_loc /etc/nsswitch.conf
347
348	# DNS - copy resolv.conf to /etc/resolv.conf
349	if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
350		copy_from_legacy_loc /etc/resolv.conf
351	        $SVCADM enable dns/client
352	fi
353
354	# set /etc/defaultdomain and domainname(8)
355	DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
356	if [ -n "$DEFAULT_DOMAIN" ]; then
357		$DOMAINNAME $DEFAULT_DOMAIN
358		$DOMAINNAME > /etc/defaultdomain
359	fi
360
361	# NIS - directory and ypserver in /var/yp/binding/
362	NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
363	NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
364	if [ -n "$NIS_CONFIGSRC" ]; then
365		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
366			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
367		fi
368		if [ -n "$NIS_SERVERS" ]; then
369			echo "$NIS_SERVERS" | $NAWK \
370			    'FS="," { for (i = 1; i <= NF; i++) print $i }' \
371			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
372		fi
373		$SVCADM enable nis/client
374	fi
375
376	# LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
377	if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
378		copy_from_legacy_loc /var/ldap/ldap_client_file
379		$SVCADM enable ldap/client
380	fi
381
382	# Copy back nfs NFSMAPID_DOMAIN
383	NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
384	if [ -n "$NFSMAPID_DOMAIN" ]; then
385		set_smf_prop $NFS_MAPID_FMRI \
386		    nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
387		$SVCADM refresh $NFS_MAPID_FMRI
388		$SVCADM enable $NFS_MAPID_FMRI
389	fi
390
391	# IPFilter, IPsec, and IKE
392	ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
393	ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
394	ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
395	ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
396	ike_file=`nwam_get_loc_prop Legacy ike-config-file`
397	pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
398
399	if [ -n "$ike_file" ]; then
400		copy_from_legacy_loc $ike_file
401		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
402		$SVCADM refresh $IPSEC_IKE_FMRI
403		$SVCADM enable $IPSEC_IKE_FMRI
404	else
405		set_smf_prop $IPSEC_IKE_FMRI config/config_file \
406		    $IPSEC_IKE_DEFAULT_CONFIG_FILE
407		$SVCADM disable $IPSEC_IKE_FMRI
408	fi
409	if [ -n "$pol_file" ]; then
410		copy_from_legacy_loc $pol_file
411		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
412		$SVCADM refresh $IPSEC_POLICY_FMRI
413		$SVCADM enable $IPSEC_POLICY_FMRI
414	else
415		set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
416		    $IPSEC_POLICY_DEFAULT_CONFIG_FILE
417		$SVCADM disable $IPSEC_POLICY_FMRI
418	fi
419
420	refresh_ipf=false
421	if [ -n "$ipf_file" ]; then
422		# change /none, /allow, and /deny to firewall policy
423		if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
424		    -o "$ipf_file" = "/deny" ]; then
425			policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
426			set_smf_prop $IPFILTER_FMRI \
427			    firewall_config_default/policy $policy
428			# no need to clear custom_policy_file as it isn't "custom"
429		else
430			copy_from_legacy_loc $ipf_file
431			set_smf_prop $IPFILTER_FMRI \
432			    firewall_config_default/policy "custom"
433			set_smf_prop $IPFILTER_FMRI \
434			    firewall_config_default/custom_policy_file $ipf_file
435		fi
436		refresh_ipf=true
437	fi
438	if [ -n "$ipf6_file" ]; then
439		copy_from_legacy_loc $ipf6_file
440		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
441		refresh_ipf=true
442	else
443		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
444		    $IPF6_DEFAULT_CONFIG_FILE
445	fi
446	if [ -n "$ipnat_file" ]; then
447		copy_from_legacy_loc $ipnat_file
448		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
449		refresh_ipf=true
450	else
451		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
452		    $IPNAT_DEFAULT_CONFIG_FILE
453	fi
454	if [ -n "$ippool_file" ]; then
455		copy_from_legacy_loc $ippool_file
456		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
457		    $ippool_file
458		refresh_ipf=true
459	else
460		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
461		    $IPPOOL_DEFAULT_CONFIG_FILE
462	fi
463
464	$SVCADM refresh $IPFILTER_FMRI
465	if [ "$refresh_ipf" = "true" ]; then
466		$SVCADM enable $IPFILTER_FMRI
467	else
468		$SVCADM disable $IPFILTER_FMRI
469	fi
470
471	# Remove the Legacy directories, script and location
472	$RM -rf $VOL_LEGACY_PATH
473	$RM -rf $PERM_LEGACY_PATH
474	$RM -f $VOL_NWAM_PATH/create_loc_legacy
475	$NWAMCFG destroy loc Legacy
476}
477
478#
479# Script entry point
480#
481# Arguments to net-nwam are
482#       method ( start | refresh | stop | -u | -c )
483#
484
485#
486# Create nwam directory in /etc/svc/volatile
487#
488if [ ! -d $VOL_NWAM_PATH ]; then
489	$MKDIR -m 0755 $VOL_NWAM_PATH
490fi
491
492case "$1" in
493'refresh')
494	/usr/bin/pkill -HUP -z `smf_zonename` nwamd
495	#
496	# Enable network/location.  Needed on first boot post-install as
497	# network/location will not exist until after manifest-import runs.
498	#
499	if service_exists $NET_LOC_FMRI ; then
500		$SVCADM enable -t $NET_LOC_FMRI
501	fi
502	;;
503
504'start')
505	# The real daemon is not started in a shared stack zone. But we need to
506	# create a dummy background process to preserve contract lifetime.
507	smf_configure_ip
508	if [ $? = "1" ] ; then
509		$RM -f $VOL_NWAM_PATH/nwam_blocked
510		$MKFIFO $VOL_NWAM_PATH/nwam_blocked
511		($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
512		exit $SMF_EXIT_OK
513	fi
514
515	#
516	# Enable network/location.
517	#
518	if service_exists $NET_LOC_FMRI ; then
519		$SVCADM enable -t $NET_LOC_FMRI
520	fi
521
522	if smf_is_globalzone; then
523		net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
524
525		# Update PVID on interfaces configured with VLAN 1
526		update_pvid
527
528		#
529		# Upgrade handling. The upgrade file consists of a series
530		# of dladm(8) commands. Note that after we are done, we
531		# cannot rename the upgrade script file as the file system
532		# is still read-only at this point. Defer this to the
533		# manifest-import service.
534		#
535		upgrade_script=/var/svc/profile/upgrade_datalink
536		if [ -f "${upgrade_script}" ]; then
537			. "${upgrade_script}"
538		fi
539
540		#
541		# Upgrade handling for ibd:
542		# After we are done with the upgrade handling, we can not set
543		# the ibd/ibd_upgraded property to "true" as the file system is
544		# read-only at this point. It will be done later by
545		# ibd-post-upgrade service.
546		#
547		if [ -x /sbin/ibd_upgrade ]; then
548			ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
549			    svc:/network/physical:default 2> /dev/null`
550			if [ "$ibd_upgraded" != "true" ]; then
551				/sbin/ibd_upgrade -v
552			fi
553		fi
554
555		# Bring up simnet instances
556		/sbin/dladm up-simnet
557		# Initialize security objects.
558		/sbin/dladm init-secobj
559
560		#
561		# Initialize VNICs, VLANs and flows.  Though they are brought
562		# up here, NWAM will not automatically manage VNICs and VLANs.
563		#
564		/sbin/dladm up-vnic
565		/sbin/dladm up-vlan
566		/sbin/dladm up-part
567		/sbin/dladm up-aggr
568		/sbin/flowadm init-flow
569		/sbin/dladm up-overlay
570	fi
571
572	#
573	# We also need to create the Legacy location, which is used
574	# to restore non-NWAM settings that are overwritten when
575	# NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
576	#
577	$NWAMCFG list loc Legacy >/dev/null 2>&1
578	if [ $? -eq 1 ]; then
579		create_legacy_loc
580	fi
581
582	# start nwamd in foreground; it will daemonize itself
583	if /lib/inet/nwamd ; then
584		exit $SMF_EXIT_OK
585	else
586		exit $SMF_EXIT_ERR_FATAL
587	fi
588	;;
589
590'stop')
591	# We need to make the dummy process we created above stop.
592	smf_configure_ip
593	if [ $? = "1" ] ; then
594		echo "stop" > $VOL_NWAM_PATH/nwam_blocked
595		exit $SMF_EXIT_OK
596	fi
597
598	/usr/bin/pkill -z `smf_zonename` nwamd
599
600	#
601	# Restore the non-NWAM settings.
602	#
603	$NWAMCFG list loc Legacy >/dev/null 2>&1
604	if [ $? -eq 1 ]; then
605		echo "No Legacy location to revert to!"
606		exit $SMF_EXIT_OK
607	fi
608	revert_to_legacy_loc
609	# remove the location property group
610	$SVCCFG -s $NET_LOC_FMRI delpg location
611	;;
612
613'-u')
614	# After we run this part of the script upon the next reboot
615	# network/physical:default will be enabled and
616	# network/physical:nwam will be disabled.
617	# There are various other parts of the system (nscd, nfs) that
618	# depend on continuing to have a working network.  For this
619	# reason we don't change the network configuration immediately.
620	#
621	# Disable network/physical temporarily and make sure that will
622	# be enabled on reboot.
623	$SVCADM disable -st $NET_PHYS_FMRI
624	$SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
625
626	# If nwam is online then make sure that it's temporarily enabled.
627	nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
628	if [ $? -eq 0 ]; then
629		set -- $nwam_online
630		[ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
631	fi
632
633	# Set nwam so that it won't be enabled upon reboot.
634	$SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
635	exit 0
636	;;
637
638'-c')
639	# Nothing to do for sysidtool
640	exit 0
641	;;
642
643*)
644	echo "Usage: $0 { start | stop | refresh }"
645	exit $SMF_EXIT_ERR_FATAL
646	;;
647esac
648exit $SMF_EXIT_OK
649