1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26 27. /lib/svc/share/smf_include.sh 28. /lib/svc/share/net_include.sh 29 30# FMRI constants 31IPSEC_IKE_FMRI="svc:/network/ipsec/ike" 32IPSEC_POLICY_FMRI="svc:/network/ipsec/policy" 33IPFILTER_FMRI="svc:/network/ipfilter:default" 34NIS_CLIENT_FMRI="svc:/network/nis/client:default" 35NET_PHYS_FMRI="svc:/network/physical:default" 36NET_NWAM_FMRI="svc:/network/physical:nwam" 37NET_LOC_FMRI="svc:/network/location:default" 38 39# 40# Default *.conf files 41# Set appropriate config SMF property to these files when NWAM is stopped 42# and corresponding config properties in the Legacy location are emtpy 43# 44IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf 45IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf 46IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf 47IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config 48IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf 49 50# commands 51BASENAME=/usr/bin/basename 52CAT=/usr/bin/cat 53CP=/usr/bin/cp 54DOMAINNAME=/usr/bin/domainname 55GREP=/usr/bin/grep 56LDAPCLIENT=/usr/sbin/ldapclient 57MKDIR=/usr/bin/mkdir 58MKFIFO=/usr/bin/mkfifo 59NAWK=/usr/bin/nawk 60NWAMCFG=/usr/sbin/nwamcfg 61RM=/usr/bin/rm 62SVCADM=/usr/sbin/svcadm 63SVCCFG=/usr/sbin/svccfg 64SVCPROP=/usr/bin/svcprop 65 66# Path to directories 67# We don't have a writable file system so we write to /etc/svc/volatile and 68# then later copy anything interesting to /etc/nwam. 69LEGACY_PATH=/etc/svc/volatile/nwam/Legacy 70NIS_BIND_PATH=/var/yp/binding 71 72# 73# copy_to_legacy_loc <file> 74# 75# Copies the file to the Legacy location directory 76# 77copy_to_legacy_loc() { 78 $MKDIR -p $LEGACY_PATH 79 if [ -f "$1" ]; then 80 $CP -p $1 $LEGACY_PATH 81 fi 82} 83 84# 85# copy_from_legacy_loc <destination file> 86# 87# Copies file with the same name from Legacy location to the given 88# destination file 89# 90copy_from_legacy_loc () { 91 DEST_DIR=`/usr/bin/dirname $1` 92 SRC_FILE="$LEGACY_PATH/`$BASENAME $1`" 93 94 # Make destination directory if needed 95 if [ ! -d "$DEST_DIR" ]; then 96 $MKDIR -p $DEST_DIR 97 fi 98 99 if [ -f "$SRC_FILE" ]; then 100 $CP -p $SRC_FILE $DEST_DIR 101 fi 102} 103 104# 105# write_loc_prop <property> <value> <file> 106# 107# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty 108# 109write_loc_prop () { 110 prop=$1 111 val=$2 112 file=$3 113 114 if [ -n "$val" -a -n "$file" ]; then 115 echo "set $prop=$val" >> $file 116 fi 117} 118 119# 120# set_smf_prop <fmri> <property name> <property value> 121# 122set_smf_prop () { 123 $SVCCFG -s $1 setprop $2 = astring: "$3" && return 124} 125 126# 127# get_smf_prop <fmri> <property name> 128# 129get_smf_prop () { 130 $SVCPROP -p $2 $1 131} 132 133# 134# Creates Legacy location from the current configuration 135# 136create_legacy_loc () { 137 CREATE_LOC_LEGACY_FILE=/etc/svc/volatile/nwam/create_loc_legacy 138 139 # 140 # Write nwamcfg commands to create Legacy location to 141 # $CREATE_LOC_LEGACY_FILE as values for properties are determined 142 # Note that some of the *_CONFIG_FILE variables point at copies of 143 # files we've made and others indicate where those copies should be 144 # if we are enabling the location. 145 # 146 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE 147 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE 148 149 NAMESERVICES="" 150 NAMESERVICES_CONFIG_FILE="" 151 DNS_NAMESERVICE_CONFIGSRC="" 152 DNS_NAMESERVICE_DOMAIN="" 153 DNS_NAMESERVICE_SERVERS="" 154 DNS_NAMESERVICE_SEARCH="" 155 NIS_NAMESERVICE_CONFIGSRC="" 156 NIS_NAMESERVICE_SERVERS="" 157 LDAP_NAMESERVICE_CONFIGSRC="" 158 LDAP_NAMESERVICE_SERVERS="" 159 DEFAULT_DOMAIN="" 160 161 # Copy /etc/nsswitch.conf file 162 copy_to_legacy_loc /etc/nsswitch.conf 163 NAMESERVICES_CONFIG_FILE="$LEGACY_PATH/nsswitch.conf" 164 165 # Gather DNS info from resolv.conf if present. 166 if [ -f /etc/resolv.conf ]; then 167 NAMESERVICES="dns," 168 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null 169 if [ $? -eq 0 ]; then 170 DNS_NAMESERVICE_CONFIGSRC="dhcp" 171 else 172 DNS_NAMESERVICE_CONFIGSRC="manual" 173 DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\ 174 print $2 }' < /etc/resolv.conf` 175 DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \ 176 { printf "%s,", $2 }' < /etc/resolv.conf` 177 DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \ 178 { printf "%s,", $2 }' < /etc/resolv.conf` 179 copy_to_legacy_loc /etc/resolv.conf 180 fi 181 fi 182 183 # Gather NIS info from appropriate file if present. 184 if service_is_enabled $NIS_CLIENT_FMRI; then 185 NAMESERVICES="${NAMESERVICES}nis," 186 NIS_NAMESERVICE_CONFIGSRC="manual" 187 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 188 189 yp_servers=`$NAWK '{ printf "%s ", $1 }' \ 190 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers` 191 for serv in $yp_servers; do 192 if is_valid_addr $serv; then 193 addr="$serv," 194 else 195 addr=`$GREP -iw $serv /etc/inet/hosts | \ 196 $NAWK '{ printf "%s,", $1 }'` 197 fi 198 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr" 199 done 200 fi 201 202 # Gather LDAP info via ldapclient(1M). 203 if [ -f /var/ldap/ldap_client_file ]; then 204 copy_to_legacy /var/ldap/ldap_client_file 205 NAMESERVICES="${NAMESERVICES}ldap," 206 LDAP_NAMESERVICE_CONFIGSRC="manual" 207 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \ 208 $NAWK '$1 == "preferredServerList:" { print $2 }'` 209 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 210 fi 211 212 # Now, write nwamcfg commands for nameservices 213 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE 214 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \ 215 $CREATE_LOC_LEGACY_FILE 216 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \ 217 $CREATE_LOC_LEGACY_FILE 218 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \ 219 $CREATE_LOC_LEGACY_FILE 220 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \ 221 $CREATE_LOC_LEGACY_FILE 222 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \ 223 $CREATE_LOC_LEGACY_FILE 224 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \ 225 $CREATE_LOC_LEGACY_FILE 226 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \ 227 $CREATE_LOC_LEGACY_FILE 228 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\ 229 $CREATE_LOC_LEGACY_FILE 230 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \ 231 $CREATE_LOC_LEGACY_FILE 232 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE 233 234 # Retrieve NFSv4 domain. 235 if [ -f /etc/default/nfs ]; then 236 copy_to_legacy_loc /etc/default/nfs 237 NFS_DOMAIN=`$NAWK '/^NFSMAPID_DOMAIN.*/ { FS="=" ; print $2 }' \ 238 < /etc/default/nfs` 239 write_loc_prop "nfsv4-domain" \ 240 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE 241 fi 242 243 IPF_CONFIG_FILE="" 244 IPF6_CONFIG_FILE="" 245 IPNAT_CONFIG_FILE="" 246 IPPOOL_CONFIG_FILE="" 247 IKE_CONFIG_FILE="" 248 IPSEC_POLICY_CONFIG_FILE="" 249 250 # 251 # IPFilter 252 # 253 # If the firewall policy is "custom", simply copy the 254 # custom_policy_file. If the firewall policy is "none", "allow" or 255 # "deny", save the value as "/<value>". When reverting back to the 256 # Legacy location, these values will have to be treated as special. 257 # 258 # For all configuration files, copy them to the Legacy directory. 259 # Use the respective properties to remember the original locations 260 # of the files so that they can be copied back there when NWAM is 261 # stopped. 262 # 263 if service_is_enabled $IPFILTER_FMRI; then 264 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \ 265 firewall_config_default/policy` 266 if [ "$FIREWALL_POLICY" = "custom" ]; then 267 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 268 firewall_config_default/custom_policy_file` 269 copy_to_legacy_loc $IPF_CONFIG_FILE 270 else 271 # save value as /none, /allow, or /deny 272 IPF_CONFIG_FILE="/$FIREWALL_POLICY" 273 fi 274 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 275 config/ipf6_config_file` 276 copy_to_legacy_loc $IPF6_CONFIG_FILE 277 278 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 279 config/ipnat_config_file` 280 copy_to_legacy_loc $IPNAT_CONFIG_FILE 281 282 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 283 config/ippool_config_file` 284 copy_to_legacy_loc $IPPOOL_CONFIG_FILE 285 fi 286 287 # IKE 288 if service_is_enabled $IPSEC_IKE_FMRI:default; then 289 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file` 290 copy_to_legacy_loc $IKE_CONFIG_FILE 291 fi 292 293 # IPsec 294 if service_is_enabled $IPSEC_POLICY_FMRI:default; then 295 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \ 296 config/config_file` 297 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE 298 fi 299 300 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \ 301 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \ 302 -o -f "$IPF_CONFIG_FILE" \) ]; then 303 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \ 304 $CREATE_LOC_LEGACY_FILE 305 fi 306 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then 307 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \ 308 $CREATE_LOC_LEGACY_FILE 309 fi 310 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then 311 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \ 312 $CREATE_LOC_LEGACY_FILE 313 fi 314 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then 315 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \ 316 $CREATE_LOC_LEGACY_FILE 317 fi 318 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then 319 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \ 320 $CREATE_LOC_LEGACY_FILE 321 fi 322 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ] 323 then 324 write_loc_prop "ipsecpolicy-config-file" \ 325 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE 326 fi 327 328 # End 329 echo "end" >> $CREATE_LOC_LEGACY_FILE 330 # network/location will create the Legacy location with these commands. 331} 332 333# 334# Undoes the effects of the Legacy location creation 335# 336revert_to_legacy_loc () { 337 $SVCADM disable dns/client 338 $SVCADM disable nis/client 339 $SVCADM disable ldap/client 340 341 # copy nsswitch.conf to /etc/nsswitch.conf 342 copy_from_legacy_loc /etc/nsswitch.conf 343 344 # DNS - copy resolv.conf to /etc/resolv.conf 345 if [ -f "$LEGACY_PATH/resolv.conf" ]; then 346 copy_from_legacy_loc /etc/resolv.conf 347 $SVCADM enable dns/client 348 fi 349 350 # set /etc/defaultdomain and domainname(1M) 351 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain` 352 if [ -n "$DEFAULT_DOMAIN" ]; then 353 $DOMAINNAME $DEFAULT_DOMAIN 354 $DOMAINNAME > /etc/defaultdomain 355 fi 356 357 # NIS - directory and ypserver in /var/yp/binding/ 358 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc` 359 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers` 360 if [ -n "$NIS_CONFIGSRC" ]; then 361 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then 362 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN 363 fi 364 if [ -n "$NIS_SERVERS" ]; then 365 echo "$NIS_SERVERS" | $NAWK \ 366 'FS="," { for (i = 1; i <= NF; i++) print $i }' \ 367 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers 368 fi 369 $SVCADM enable nis/client 370 fi 371 372 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file 373 if [ -f "$LEGACY_PATH/ldap_client_file" ]; then 374 copy_from_legacy_loc /var/ldap/ldap_client_file 375 $SVCADM enable ldap/client 376 fi 377 378 # Copy back nfs file 379 copy_from_legacy_loc /etc/default/nfs 380 381 # IPFilter, IPsec, and IKE 382 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file` 383 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file` 384 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file` 385 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file` 386 ike_file=`nwam_get_loc_prop Legacy ike-config-file` 387 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file` 388 389 if [ -n "$ike_file" ]; then 390 copy_from_legacy_loc $ike_file 391 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file 392 $SVCADM refresh $IPSEC_IKE_FMRI 393 $SVCADM enable $IPSEC_IKE_FMRI 394 else 395 set_smf_prop $IPSEC_IKE_FMRI config/config_file \ 396 $IPSEC_IKE_DEFAULT_CONFIG_FILE 397 $SVCADM disable $IPSEC_IKE_FMRI 398 fi 399 if [ -n "$pol_file" ]; then 400 copy_from_legacy_loc $pol_file 401 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file 402 $SVCADM refresh $IPSEC_POLICY_FMRI 403 $SVCADM enable $IPSEC_POLICY_FMRI 404 else 405 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \ 406 $IPSEC_POLICY_DEFAULT_CONFIG_FILE 407 $SVCADM disable $IPSEC_POLICY_FMRI 408 fi 409 410 refresh_ipf=false 411 if [ -n "$ipf_file" ]; then 412 # change /none, /allow, and /deny to firewall policy 413 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \ 414 -o "$ipf_file" = "/deny" ]; then 415 policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'` 416 set_smf_prop $IPFILTER_FMRI \ 417 firewall_config_default/policy $policy 418 # no need to clear custom_policy_file as it isn't "custom" 419 else 420 copy_from_legacy_loc $ipf_file 421 set_smf_prop $IPFILTER_FMRI \ 422 firewall_config_default/policy "custom" 423 set_smf_prop $IPFILTER_FMRI \ 424 firewall_config_default/custom_policy_file $ipf_file 425 fi 426 refresh_ipf=true 427 fi 428 if [ -n "$ipf6_file" ]; then 429 copy_from_legacy_loc $ipf6_file 430 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file 431 refresh_ipf=true 432 else 433 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \ 434 $IPF6_DEFAULT_CONFIG_FILE 435 fi 436 if [ -n "$ipnat_file" ]; then 437 copy_from_legacy_loc $ipnat_file 438 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file 439 refresh_ipf=true 440 else 441 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \ 442 $IPNAT_DEFAULT_CONFIG_FILE 443 fi 444 if [ -n "$ippool_file" ]; then 445 copy_from_legacy_loc $ippool_file 446 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 447 $ippool_file 448 refresh_ipf=true 449 else 450 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 451 $IPPOOL_DEFAULT_CONFIG_FILE 452 fi 453 454 $SVCADM refresh $IPFILTER_FMRI 455 if [ "$refresh_ipf" = "true" ]; then 456 $SVCADM enable $IPFILTER_FMRI 457 else 458 $SVCADM disable $IPFILTER_FMRI 459 fi 460 461 # Remove the Legacy directory and location 462 $RM -rf $LEGACY_PATH 463 $NWAMCFG destroy loc Legacy 464} 465 466# 467# Script entry point 468# 469# Arguments to net-nwam are 470# method ( start | refresh | stop | -u | -c ) 471# 472 473# 474# Create nwam directory in /etc/svc/volatile 475# 476if [ ! -d /etc/svc/volatile/nwam ]; then 477 $MKDIR -m 0755 /etc/svc/volatile/nwam 478fi 479 480case "$1" in 481'refresh') 482 /usr/bin/pkill -HUP -z `smf_zonename` nwamd 483 # 484 # Enable network/location. Needed on first boot post-install as 485 # network/location will not exist until after manifest-import runs. 486 # 487 if service_exists $NET_LOC_FMRI ; then 488 $SVCADM enable -t $NET_LOC_FMRI 489 fi 490 ;; 491 492'start') 493 # The real daemon is not started in a shared stack zone. But we need to 494 # create a dummy background process to preserve contract lifetime. 495 smf_configure_ip 496 if [ $? = "1" ] ; then 497 $RM -f /etc/svc/volatile/nwam/nwam_blocked 498 $MKFIFO /etc/svc/volatile/nwam/nwam_blocked 499 ($CAT </etc/svc/volatile/nwam/nwam_blocked >/dev/null) & 500 exit $SMF_EXIT_OK 501 fi 502 503 # 504 # Enable network/location. 505 # 506 if service_exists $NET_LOC_FMRI ; then 507 $SVCADM enable -t $NET_LOC_FMRI 508 fi 509 510 if smf_is_globalzone; then 511 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG 512 513 # Update PVID on interfaces configured with VLAN 1 514 update_pvid 515 516 # 517 # Upgrade handling. The upgrade file consists of a series 518 # of dladm(1M) commands. Note that after we are done, we 519 # cannot rename the upgrade script file as the file system 520 # is still read-only at this point. Defer this to the 521 # manifest-import service. 522 # 523 upgrade_script=/var/svc/profile/upgrade_datalink 524 if [ -f "${upgrade_script}" ]; then 525 . "${upgrade_script}" 526 fi 527 528 # Bring up simnet instances 529 /sbin/dladm up-simnet 530 # Initialize security objects. 531 /sbin/dladm init-secobj 532 533 # 534 # Initialize VNICs, VLANs and flows. Though they are brought 535 # up here, NWAM will not automatically manage VNICs and VLANs. 536 # 537 /sbin/dladm up-vnic 538 /sbin/dladm up-vlan 539 /sbin/dladm up-aggr 540 /sbin/flowadm init-flow 541 fi 542 543 # 544 # Ensure that the network/netcfg service is running since 545 # manifest-import has not yet run for the first boot after upgrade. 546 # We wouldn't need to do that if manifest-import ran earlier in 547 # boot, since there is an explicit dependency between 548 # network/netcfg and network/physical:nwam. This is similar to 549 # what network/physical does with network/datalink-management in 550 # net_reconfigure(). 551 # 552 $SVCADM enable -ts svc:/network/netcfg:default 553 554 # 555 # We also need to create the Legacy location, which is used 556 # to restore non-NWAM settings that are overwritten when 557 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.). 558 # 559 $NWAMCFG list loc Legacy >/dev/null 2>&1 560 if [ $? -eq 1 ]; then 561 create_legacy_loc 562 fi 563 564 # start nwamd in foreground; it will daemonize itself 565 if /lib/inet/nwamd ; then 566 exit $SMF_EXIT_OK 567 else 568 exit $SMF_EXIT_ERR_FATAL 569 fi 570 ;; 571 572'stop') 573 # We need to make the dummy process we created above stop. 574 smf_configure_ip 575 if [ $? = "1" ] ; then 576 echo "stop" > /etc/svc/volatile/nwam/nwam_blocked 577 exit $SMF_EXIT_OK 578 fi 579 580 /usr/bin/pkill -z `smf_zonename` nwamd 581 582 # 583 # Restore the non-NWAM settings. 584 # 585 $NWAMCFG list loc Legacy >/dev/null 2>&1 586 if [ $? -eq 1 ]; then 587 echo "No Legacy location to revert to!" 588 exit $SMF_EXIT_OK 589 fi 590 revert_to_legacy_loc 591 # remove the location property group 592 $SVCCFG -s $NET_LOC_FMRI delpg location 593 ;; 594 595'-u') 596 # After we run this part of the script upon the next reboot 597 # network/physical:default will be enabled and 598 # network/physical:nwam will be disabled. 599 # There are various other parts of the system (nscd, nfs) that 600 # depend on continuing to have a working network. For this 601 # reason we don't change the network configuration immediately. 602 # 603 # Disable network/physical temporarily and make sure that will 604 # be enabled on reboot. 605 $SVCADM disable -st $NET_PHYS_FMRI 606 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true 607 608 # If nwam is online then make sure that it's temporarily enabled. 609 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI` 610 if [ $? -eq 0 ]; then 611 set -- $nwam_online 612 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI 613 fi 614 615 # Set nwam so that it won't be enabled upon reboot. 616 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false 617 exit 0 618 ;; 619 620'-c') 621 # Nothing to do for sysidtool 622 exit 0 623 ;; 624 625*) 626 echo "Usage: $0 { start | stop | refresh }" 627 exit $SMF_EXIT_ERR_FATAL 628 ;; 629esac 630exit $SMF_EXIT_OK 631