1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24# Copyright 2012 Milan Jurik. All rights reserved. 25# Copyright 2020 OmniOS Community Edition (OmniOSce) Association. 26# 27 28. /lib/svc/share/smf_include.sh 29. /lib/svc/share/net_include.sh 30 31# FMRI constants 32IPSEC_IKE_FMRI="svc:/network/ipsec/ike" 33IPSEC_POLICY_FMRI="svc:/network/ipsec/policy" 34IPFILTER_FMRI="svc:/network/ipfilter:default" 35NIS_CLIENT_FMRI="svc:/network/nis/client:default" 36NET_PHYS_FMRI="svc:/network/physical:default" 37NET_NWAM_FMRI="svc:/network/physical:nwam" 38NET_LOC_FMRI="svc:/network/location:default" 39NFS_MAPID_FMRI="svc:/network/nfs/mapid:default" 40 41# 42# Default *.conf files 43# Set appropriate config SMF property to these files when NWAM is stopped 44# and corresponding config properties in the Legacy location are emtpy 45# 46IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf 47IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf 48IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf 49IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config 50IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf 51 52# commands 53BASENAME=/usr/bin/basename 54CAT=/usr/bin/cat 55CP=/usr/bin/cp 56DOMAINNAME=/usr/bin/domainname 57GREP=/usr/bin/grep 58LDAPCLIENT=/usr/sbin/ldapclient 59MKDIR=/usr/bin/mkdir 60MKFIFO=/usr/bin/mkfifo 61NAWK=/usr/bin/nawk 62NWAMCFG=/usr/sbin/nwamcfg 63RM=/usr/bin/rm 64SVCADM=/usr/sbin/svcadm 65SVCCFG=/usr/sbin/svccfg 66SVCPROP=/usr/bin/svcprop 67 68# Path to directories 69# We don't have a writable file system so we write to /etc/svc/volatile and 70# then later copy anything interesting to /etc/nwam. 71VOL_NWAM_PATH=/etc/svc/volatile/nwam 72VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy 73PERM_LEGACY_PATH=/etc/nwam/loc/Legacy 74NIS_BIND_PATH=/var/yp/binding 75 76# 77# copy_to_legacy_loc <file> 78# 79# Copies the file to the Legacy location directory 80# (in /etc/svc/volatile/nwam/Legacy) 81# 82copy_to_legacy_loc() { 83 $MKDIR -p $VOL_LEGACY_PATH 84 if [ -f "$1" ]; then 85 $CP -p $1 $VOL_LEGACY_PATH 86 fi 87} 88 89# 90# copy_from_legacy_loc <destination file> 91# 92# Copies file with the same name from Legacy location 93# (in /etc/nwam/loc/Legacy) to the given destination file 94# 95copy_from_legacy_loc () { 96 DEST_DIR=`/usr/bin/dirname $1` 97 SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`" 98 99 # Make destination directory if needed 100 if [ ! -d "$DEST_DIR" ]; then 101 $MKDIR -p $DEST_DIR 102 fi 103 104 if [ -f "$SRC_FILE" ]; then 105 $CP -p $SRC_FILE $DEST_DIR 106 fi 107} 108 109# 110# write_loc_prop <property> <value> <file> 111# 112# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty 113# 114write_loc_prop () { 115 prop=$1 116 val=$2 117 file=$3 118 119 if [ -n "$val" -a -n "$file" ]; then 120 echo "set $prop=$val" >> $file 121 fi 122} 123 124# 125# set_smf_prop <fmri> <property name> <property value> 126# 127set_smf_prop () { 128 $SVCCFG -s $1 setprop $2 = astring: "$3" && return 129} 130 131# 132# get_smf_prop <fmri> <property name> 133# 134get_smf_prop () { 135 $SVCPROP -p $2 $1 136} 137 138# 139# Creates Legacy location from the current configuration 140# 141create_legacy_loc () { 142 CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy 143 144 # 145 # Write nwamcfg commands to create Legacy location to 146 # $CREATE_LOC_LEGACY_FILE as values for properties are determined 147 # Note that some of the *_CONFIG_FILE variables point at copies of 148 # files we've made and others indicate where those copies should be 149 # if we are enabling the location. 150 # 151 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE 152 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE 153 154 NAMESERVICES="" 155 NAMESERVICES_CONFIG_FILE="" 156 DNS_NAMESERVICE_CONFIGSRC="" 157 DNS_NAMESERVICE_DOMAIN="" 158 DNS_NAMESERVICE_SERVERS="" 159 DNS_NAMESERVICE_SEARCH="" 160 NIS_NAMESERVICE_CONFIGSRC="" 161 NIS_NAMESERVICE_SERVERS="" 162 LDAP_NAMESERVICE_CONFIGSRC="" 163 LDAP_NAMESERVICE_SERVERS="" 164 DEFAULT_DOMAIN="" 165 166 # Copy /etc/nsswitch.conf file 167 copy_to_legacy_loc /etc/nsswitch.conf 168 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf" 169 170 # Gather DNS info from resolv.conf if present. 171 if [ -f /etc/resolv.conf ]; then 172 NAMESERVICES="dns," 173 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null 174 if [ $? -eq 0 ]; then 175 DNS_NAMESERVICE_CONFIGSRC="dhcp" 176 else 177 DNS_NAMESERVICE_CONFIGSRC="manual" 178 DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\ 179 print $2 }' < /etc/resolv.conf` 180 DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \ 181 { printf "%s,", $2 }' < /etc/resolv.conf` 182 DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \ 183 { printf "%s,", $2 }' < /etc/resolv.conf` 184 copy_to_legacy_loc /etc/resolv.conf 185 fi 186 fi 187 188 # Gather NIS info from appropriate file if present. 189 if service_is_enabled $NIS_CLIENT_FMRI; then 190 NAMESERVICES="${NAMESERVICES}nis," 191 NIS_NAMESERVICE_CONFIGSRC="manual" 192 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 193 194 yp_servers=`$NAWK '{ printf "%s ", $1 }' \ 195 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers` 196 for serv in $yp_servers; do 197 if is_valid_addr $serv; then 198 addr="$serv," 199 else 200 addr=`$GREP -iw $serv /etc/inet/hosts | \ 201 $NAWK '{ printf "%s,", $1 }'` 202 fi 203 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr" 204 done 205 fi 206 207 # Gather LDAP info via ldapclient(8). 208 if [ -f /var/ldap/ldap_client_file ]; then 209 copy_to_legacy /var/ldap/ldap_client_file 210 NAMESERVICES="${NAMESERVICES}ldap," 211 LDAP_NAMESERVICE_CONFIGSRC="manual" 212 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \ 213 $NAWK '$1 == "preferredServerList:" { print $2 }'` 214 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 215 fi 216 217 # Now, write nwamcfg commands for nameservices 218 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE 219 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \ 220 $CREATE_LOC_LEGACY_FILE 221 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \ 222 $CREATE_LOC_LEGACY_FILE 223 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \ 224 $CREATE_LOC_LEGACY_FILE 225 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \ 226 $CREATE_LOC_LEGACY_FILE 227 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \ 228 $CREATE_LOC_LEGACY_FILE 229 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \ 230 $CREATE_LOC_LEGACY_FILE 231 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \ 232 $CREATE_LOC_LEGACY_FILE 233 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\ 234 $CREATE_LOC_LEGACY_FILE 235 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \ 236 $CREATE_LOC_LEGACY_FILE 237 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE 238 239 # Retrieve NFSv4 domain from SMF. 240 if service_is_enabled $NFS_MAPID_FMRI; then 241 NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \ 242 nfs-props/nfsmapid_domain` 243 write_loc_prop "nfsv4-domain" \ 244 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE 245 fi 246 247 IPF_CONFIG_FILE="" 248 IPF6_CONFIG_FILE="" 249 IPNAT_CONFIG_FILE="" 250 IPPOOL_CONFIG_FILE="" 251 IKE_CONFIG_FILE="" 252 IPSEC_POLICY_CONFIG_FILE="" 253 254 # 255 # IPFilter 256 # 257 # If the firewall policy is "custom", simply copy the 258 # custom_policy_file. If the firewall policy is "none", "allow" or 259 # "deny", save the value as "/<value>". When reverting back to the 260 # Legacy location, these values will have to be treated as special. 261 # 262 # For all configuration files, copy them to the Legacy directory. 263 # Use the respective properties to remember the original locations 264 # of the files so that they can be copied back there when NWAM is 265 # stopped. 266 # 267 if service_is_enabled $IPFILTER_FMRI; then 268 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \ 269 firewall_config_default/policy` 270 if [ "$FIREWALL_POLICY" = "custom" ]; then 271 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 272 firewall_config_default/custom_policy_file` 273 copy_to_legacy_loc $IPF_CONFIG_FILE 274 else 275 # save value as /none, /allow, or /deny 276 IPF_CONFIG_FILE="/$FIREWALL_POLICY" 277 fi 278 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 279 config/ipf6_config_file` 280 copy_to_legacy_loc $IPF6_CONFIG_FILE 281 282 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 283 config/ipnat_config_file` 284 copy_to_legacy_loc $IPNAT_CONFIG_FILE 285 286 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 287 config/ippool_config_file` 288 copy_to_legacy_loc $IPPOOL_CONFIG_FILE 289 fi 290 291 # IKE 292 if service_is_enabled $IPSEC_IKE_FMRI:default; then 293 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file` 294 copy_to_legacy_loc $IKE_CONFIG_FILE 295 fi 296 297 # IPsec 298 if service_is_enabled $IPSEC_POLICY_FMRI:default; then 299 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \ 300 config/config_file` 301 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE 302 fi 303 304 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \ 305 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \ 306 -o -f "$IPF_CONFIG_FILE" \) ]; then 307 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \ 308 $CREATE_LOC_LEGACY_FILE 309 fi 310 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then 311 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \ 312 $CREATE_LOC_LEGACY_FILE 313 fi 314 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then 315 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \ 316 $CREATE_LOC_LEGACY_FILE 317 fi 318 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then 319 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \ 320 $CREATE_LOC_LEGACY_FILE 321 fi 322 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then 323 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \ 324 $CREATE_LOC_LEGACY_FILE 325 fi 326 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ] 327 then 328 write_loc_prop "ipsecpolicy-config-file" \ 329 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE 330 fi 331 332 # End 333 echo "end" >> $CREATE_LOC_LEGACY_FILE 334 # network/location will create the Legacy location with these commands. 335} 336 337# 338# Undoes the effects of the Legacy location creation 339# 340revert_to_legacy_loc () { 341 $SVCADM disable dns/client 342 $SVCADM disable nis/client 343 $SVCADM disable ldap/client 344 345 # copy nsswitch.conf to /etc/nsswitch.conf 346 copy_from_legacy_loc /etc/nsswitch.conf 347 348 # DNS - copy resolv.conf to /etc/resolv.conf 349 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then 350 copy_from_legacy_loc /etc/resolv.conf 351 $SVCADM enable dns/client 352 fi 353 354 # set /etc/defaultdomain and domainname(8) 355 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain` 356 if [ -n "$DEFAULT_DOMAIN" ]; then 357 $DOMAINNAME $DEFAULT_DOMAIN 358 $DOMAINNAME > /etc/defaultdomain 359 fi 360 361 # NIS - directory and ypserver in /var/yp/binding/ 362 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc` 363 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers` 364 if [ -n "$NIS_CONFIGSRC" ]; then 365 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then 366 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN 367 fi 368 if [ -n "$NIS_SERVERS" ]; then 369 echo "$NIS_SERVERS" | $NAWK \ 370 'FS="," { for (i = 1; i <= NF; i++) print $i }' \ 371 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers 372 fi 373 $SVCADM enable nis/client 374 fi 375 376 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file 377 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then 378 copy_from_legacy_loc /var/ldap/ldap_client_file 379 $SVCADM enable ldap/client 380 fi 381 382 # Copy back nfs NFSMAPID_DOMAIN 383 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain` 384 if [ -n "$NFSMAPID_DOMAIN" ]; then 385 set_smf_prop $NFS_MAPID_FMRI \ 386 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN 387 $SVCADM refresh $NFS_MAPID_FMRI 388 $SVCADM enable $NFS_MAPID_FMRI 389 fi 390 391 # IPFilter, IPsec, and IKE 392 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file` 393 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file` 394 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file` 395 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file` 396 ike_file=`nwam_get_loc_prop Legacy ike-config-file` 397 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file` 398 399 if [ -n "$ike_file" ]; then 400 copy_from_legacy_loc $ike_file 401 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file 402 $SVCADM refresh $IPSEC_IKE_FMRI 403 $SVCADM enable $IPSEC_IKE_FMRI 404 else 405 set_smf_prop $IPSEC_IKE_FMRI config/config_file \ 406 $IPSEC_IKE_DEFAULT_CONFIG_FILE 407 $SVCADM disable $IPSEC_IKE_FMRI 408 fi 409 if [ -n "$pol_file" ]; then 410 copy_from_legacy_loc $pol_file 411 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file 412 $SVCADM refresh $IPSEC_POLICY_FMRI 413 $SVCADM enable $IPSEC_POLICY_FMRI 414 else 415 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \ 416 $IPSEC_POLICY_DEFAULT_CONFIG_FILE 417 $SVCADM disable $IPSEC_POLICY_FMRI 418 fi 419 420 refresh_ipf=false 421 if [ -n "$ipf_file" ]; then 422 # change /none, /allow, and /deny to firewall policy 423 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \ 424 -o "$ipf_file" = "/deny" ]; then 425 policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'` 426 set_smf_prop $IPFILTER_FMRI \ 427 firewall_config_default/policy $policy 428 # no need to clear custom_policy_file as it isn't "custom" 429 else 430 copy_from_legacy_loc $ipf_file 431 set_smf_prop $IPFILTER_FMRI \ 432 firewall_config_default/policy "custom" 433 set_smf_prop $IPFILTER_FMRI \ 434 firewall_config_default/custom_policy_file $ipf_file 435 fi 436 refresh_ipf=true 437 fi 438 if [ -n "$ipf6_file" ]; then 439 copy_from_legacy_loc $ipf6_file 440 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file 441 refresh_ipf=true 442 else 443 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \ 444 $IPF6_DEFAULT_CONFIG_FILE 445 fi 446 if [ -n "$ipnat_file" ]; then 447 copy_from_legacy_loc $ipnat_file 448 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file 449 refresh_ipf=true 450 else 451 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \ 452 $IPNAT_DEFAULT_CONFIG_FILE 453 fi 454 if [ -n "$ippool_file" ]; then 455 copy_from_legacy_loc $ippool_file 456 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 457 $ippool_file 458 refresh_ipf=true 459 else 460 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 461 $IPPOOL_DEFAULT_CONFIG_FILE 462 fi 463 464 $SVCADM refresh $IPFILTER_FMRI 465 if [ "$refresh_ipf" = "true" ]; then 466 $SVCADM enable $IPFILTER_FMRI 467 else 468 $SVCADM disable $IPFILTER_FMRI 469 fi 470 471 # Remove the Legacy directories, script and location 472 $RM -rf $VOL_LEGACY_PATH 473 $RM -rf $PERM_LEGACY_PATH 474 $RM -f $VOL_NWAM_PATH/create_loc_legacy 475 $NWAMCFG destroy loc Legacy 476} 477 478# 479# Script entry point 480# 481# Arguments to net-nwam are 482# method ( start | refresh | stop | -u | -c ) 483# 484 485# 486# Create nwam directory in /etc/svc/volatile 487# 488if [ ! -d $VOL_NWAM_PATH ]; then 489 $MKDIR -m 0755 $VOL_NWAM_PATH 490fi 491 492case "$1" in 493'refresh') 494 /usr/bin/pkill -HUP -z `smf_zonename` nwamd 495 # 496 # Enable network/location. Needed on first boot post-install as 497 # network/location will not exist until after manifest-import runs. 498 # 499 if service_exists $NET_LOC_FMRI ; then 500 $SVCADM enable -t $NET_LOC_FMRI 501 fi 502 ;; 503 504'start') 505 # The real daemon is not started in a shared stack zone. But we need to 506 # create a dummy background process to preserve contract lifetime. 507 smf_configure_ip 508 if [ $? = "1" ] ; then 509 $RM -f $VOL_NWAM_PATH/nwam_blocked 510 $MKFIFO $VOL_NWAM_PATH/nwam_blocked 511 ($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) & 512 exit $SMF_EXIT_OK 513 fi 514 515 # 516 # Enable network/location. 517 # 518 if service_exists $NET_LOC_FMRI ; then 519 $SVCADM enable -t $NET_LOC_FMRI 520 fi 521 522 if smf_is_globalzone; then 523 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG 524 525 # Update PVID on interfaces configured with VLAN 1 526 update_pvid 527 528 # 529 # Upgrade handling. The upgrade file consists of a series 530 # of dladm(8) commands. Note that after we are done, we 531 # cannot rename the upgrade script file as the file system 532 # is still read-only at this point. Defer this to the 533 # manifest-import service. 534 # 535 upgrade_script=/var/svc/profile/upgrade_datalink 536 if [ -f "${upgrade_script}" ]; then 537 . "${upgrade_script}" 538 fi 539 540 # 541 # Upgrade handling for ibd: 542 # After we are done with the upgrade handling, we can not set 543 # the ibd/ibd_upgraded property to "true" as the file system is 544 # read-only at this point. It will be done later by 545 # ibd-post-upgrade service. 546 # 547 if [ -x /sbin/ibd_upgrade ]; then 548 ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \ 549 svc:/network/physical:default 2> /dev/null` 550 if [ "$ibd_upgraded" != "true" ]; then 551 /sbin/ibd_upgrade -v 552 fi 553 fi 554 555 # Bring up simnet instances 556 /sbin/dladm up-simnet 557 # Initialize security objects. 558 /sbin/dladm init-secobj 559 560 # 561 # Initialize VNICs, VLANs and flows. Though they are brought 562 # up here, NWAM will not automatically manage VNICs and VLANs. 563 # 564 /sbin/dladm up-vnic 565 /sbin/dladm up-vlan 566 /sbin/dladm up-part 567 /sbin/dladm up-aggr 568 /sbin/flowadm init-flow 569 /sbin/dladm up-overlay 570 fi 571 572 # 573 # We also need to create the Legacy location, which is used 574 # to restore non-NWAM settings that are overwritten when 575 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.). 576 # 577 $NWAMCFG list loc Legacy >/dev/null 2>&1 578 if [ $? -eq 1 ]; then 579 create_legacy_loc 580 fi 581 582 # start nwamd in foreground; it will daemonize itself 583 if /lib/inet/nwamd ; then 584 exit $SMF_EXIT_OK 585 else 586 exit $SMF_EXIT_ERR_FATAL 587 fi 588 ;; 589 590'stop') 591 # We need to make the dummy process we created above stop. 592 smf_configure_ip 593 if [ $? = "1" ] ; then 594 echo "stop" > $VOL_NWAM_PATH/nwam_blocked 595 exit $SMF_EXIT_OK 596 fi 597 598 /usr/bin/pkill -z `smf_zonename` nwamd 599 600 # 601 # Restore the non-NWAM settings. 602 # 603 $NWAMCFG list loc Legacy >/dev/null 2>&1 604 if [ $? -eq 1 ]; then 605 echo "No Legacy location to revert to!" 606 exit $SMF_EXIT_OK 607 fi 608 revert_to_legacy_loc 609 # remove the location property group 610 $SVCCFG -s $NET_LOC_FMRI delpg location 611 ;; 612 613'-u') 614 # After we run this part of the script upon the next reboot 615 # network/physical:default will be enabled and 616 # network/physical:nwam will be disabled. 617 # There are various other parts of the system (nscd, nfs) that 618 # depend on continuing to have a working network. For this 619 # reason we don't change the network configuration immediately. 620 # 621 # Disable network/physical temporarily and make sure that will 622 # be enabled on reboot. 623 $SVCADM disable -st $NET_PHYS_FMRI 624 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true 625 626 # If nwam is online then make sure that it's temporarily enabled. 627 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI` 628 if [ $? -eq 0 ]; then 629 set -- $nwam_online 630 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI 631 fi 632 633 # Set nwam so that it won't be enabled upon reboot. 634 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false 635 exit 0 636 ;; 637 638'-c') 639 # Nothing to do for sysidtool 640 exit 0 641 ;; 642 643*) 644 echo "Usage: $0 { start | stop | refresh }" 645 exit $SMF_EXIT_ERR_FATAL 646 ;; 647esac 648exit $SMF_EXIT_OK 649