xref: /illumos-gate/usr/src/cmd/svc/milestone/net-nwam (revision e2c5185af3c50d9510e5df68aa37abdc6c0d3aac)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26. /lib/svc/share/smf_include.sh
27. /lib/svc/share/net_include.sh
28
29# FMRI constants
30IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
31IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
32IPFILTER_FMRI="svc:/network/ipfilter:default"
33NIS_CLIENT_FMRI="svc:/network/nis/client:default"
34NET_PHYS_FMRI="svc:/network/physical:default"
35NET_NWAM_FMRI="svc:/network/physical:nwam"
36NET_LOC_FMRI="svc:/network/location:default"
37NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
38
39#
40# Default *.conf files
41# Set appropriate config SMF property to these files when NWAM is stopped
42# and corresponding config properties in the Legacy location are emtpy
43#
44IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
45IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
46IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
47IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
48IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
49
50# commands
51BASENAME=/usr/bin/basename
52CAT=/usr/bin/cat
53CP=/usr/bin/cp
54DOMAINNAME=/usr/bin/domainname
55GREP=/usr/bin/grep
56LDAPCLIENT=/usr/sbin/ldapclient
57MKDIR=/usr/bin/mkdir
58MKFIFO=/usr/bin/mkfifo
59NAWK=/usr/bin/nawk
60NWAMCFG=/usr/sbin/nwamcfg
61RM=/usr/bin/rm
62SVCADM=/usr/sbin/svcadm
63SVCCFG=/usr/sbin/svccfg
64SVCPROP=/usr/bin/svcprop
65
66# Path to directories
67# We don't have a writable file system so we write to /etc/svc/volatile and
68# then later copy anything interesting to /etc/nwam.
69VOL_NWAM_PATH=/etc/svc/volatile/nwam
70VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
71PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
72NIS_BIND_PATH=/var/yp/binding
73
74#
75# copy_to_legacy_loc <file>
76#
77# Copies the file to the Legacy location directory
78# (in /etc/svc/volatile/nwam/Legacy)
79#
80copy_to_legacy_loc() {
81	$MKDIR -p $VOL_LEGACY_PATH
82	if [ -f "$1" ]; then
83		$CP -p $1 $VOL_LEGACY_PATH
84	fi
85}
86
87#
88# copy_from_legacy_loc <destination file>
89#
90# Copies file with the same name from Legacy location
91# (in /etc/nwam/loc/Legacy) to the given destination file
92#
93copy_from_legacy_loc () {
94	DEST_DIR=`/usr/bin/dirname $1`
95	SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`"
96
97	# Make destination directory if needed
98	if [ ! -d "$DEST_DIR" ]; then
99		$MKDIR -p $DEST_DIR
100	fi
101
102	if [ -f "$SRC_FILE" ]; then
103		$CP -p $SRC_FILE $DEST_DIR
104	fi
105}
106
107#
108# write_loc_prop <property> <value> <file>
109#
110# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
111#
112write_loc_prop () {
113	prop=$1
114	val=$2
115	file=$3
116
117	if [ -n "$val" -a -n "$file" ]; then
118		echo "set $prop=$val" >> $file
119	fi
120}
121
122#
123# set_smf_prop <fmri> <property name> <property value>
124#
125set_smf_prop () {
126	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
127}
128
129#
130# get_smf_prop <fmri> <property name>
131#
132get_smf_prop () {
133	$SVCPROP -p $2 $1
134}
135
136#
137# Creates Legacy location from the current configuration
138#
139create_legacy_loc () {
140	CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy
141
142	#
143	# Write nwamcfg commands to create Legacy location to
144	# $CREATE_LOC_LEGACY_FILE as values for properties are determined
145	# Note that some of the *_CONFIG_FILE variables point at copies of
146	# files we've made and others indicate where those copies should be
147	# if we are enabling the location.
148	#
149	echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
150	write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
151
152	NAMESERVICES=""
153	NAMESERVICES_CONFIG_FILE=""
154	DNS_NAMESERVICE_CONFIGSRC=""
155	DNS_NAMESERVICE_DOMAIN=""
156	DNS_NAMESERVICE_SERVERS=""
157	DNS_NAMESERVICE_SEARCH=""
158	NIS_NAMESERVICE_CONFIGSRC=""
159	NIS_NAMESERVICE_SERVERS=""
160	LDAP_NAMESERVICE_CONFIGSRC=""
161	LDAP_NAMESERVICE_SERVERS=""
162	DEFAULT_DOMAIN=""
163
164	# Copy /etc/nsswitch.conf file
165	copy_to_legacy_loc /etc/nsswitch.conf
166	NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
167
168	# Gather DNS info from resolv.conf if present.
169	if [ -f /etc/resolv.conf ]; then
170		NAMESERVICES="dns,"
171		$GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
172		if [ $? -eq 0 ]; then
173			DNS_NAMESERVICE_CONFIGSRC="dhcp"
174		else
175			DNS_NAMESERVICE_CONFIGSRC="manual"
176			DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
177			    print $2 }' < /etc/resolv.conf`
178			DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
179			    { printf "%s,", $2 }' < /etc/resolv.conf`
180			DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
181			    { printf "%s,", $2 }' < /etc/resolv.conf`
182			copy_to_legacy_loc /etc/resolv.conf
183		fi
184	fi
185
186	# Gather NIS info from appropriate file if present.
187	if service_is_enabled $NIS_CLIENT_FMRI; then
188		NAMESERVICES="${NAMESERVICES}nis,"
189		NIS_NAMESERVICE_CONFIGSRC="manual"
190		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
191
192		yp_servers=`$NAWK '{ printf "%s ", $1 }' \
193		    < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
194		for serv in $yp_servers; do
195			if is_valid_addr $serv; then
196				addr="$serv,"
197			else
198				addr=`$GREP -iw $serv /etc/inet/hosts | \
199				    $NAWK '{ printf "%s,", $1 }'`
200			fi
201			NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
202		done
203	fi
204
205	# Gather LDAP info via ldapclient(1M).
206	if [ -f /var/ldap/ldap_client_file ]; then
207		copy_to_legacy /var/ldap/ldap_client_file
208		NAMESERVICES="${NAMESERVICES}ldap,"
209		LDAP_NAMESERVICE_CONFIGSRC="manual"
210		LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
211		    $NAWK '$1 == "preferredServerList:" { print $2 }'`
212		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
213	fi
214
215	# Now, write nwamcfg commands for nameservices
216	write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
217 	write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
218 	    $CREATE_LOC_LEGACY_FILE
219	write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
220	    $CREATE_LOC_LEGACY_FILE
221	write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
222 	    $CREATE_LOC_LEGACY_FILE
223	write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
224	    $CREATE_LOC_LEGACY_FILE
225	write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
226	    $CREATE_LOC_LEGACY_FILE
227	write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
228	    $CREATE_LOC_LEGACY_FILE
229	write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
230	    $CREATE_LOC_LEGACY_FILE
231	write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
232	    $CREATE_LOC_LEGACY_FILE
233	write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
234	    $CREATE_LOC_LEGACY_FILE
235	write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
236
237	# Retrieve NFSv4 domain from SMF.
238	if service_is_enabled $NFS_MAPID_FMRI; then
239		NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \
240		    nfs-props/nfsmapid_domain`
241		write_loc_prop "nfsv4-domain" \
242		    $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
243	fi
244
245	IPF_CONFIG_FILE=""
246	IPF6_CONFIG_FILE=""
247	IPNAT_CONFIG_FILE=""
248	IPPOOL_CONFIG_FILE=""
249	IKE_CONFIG_FILE=""
250	IPSEC_POLICY_CONFIG_FILE=""
251
252	#
253	# IPFilter
254	#
255	# If the firewall policy is "custom", simply copy the
256	# custom_policy_file.  If the firewall policy is "none", "allow" or
257	# "deny", save the value as "/<value>".  When reverting back to the
258	# Legacy location, these values will have to be treated as special.
259	#
260	# For all configuration files, copy them to the Legacy directory.
261	# Use the respective properties to remember the original locations
262	# of the files so that they can be copied back there when NWAM is
263	# stopped.
264	#
265	if service_is_enabled $IPFILTER_FMRI; then
266		FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
267		    firewall_config_default/policy`
268		if [ "$FIREWALL_POLICY" = "custom" ]; then
269			IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
270			    firewall_config_default/custom_policy_file`
271			copy_to_legacy_loc $IPF_CONFIG_FILE
272		else
273			# save value as /none, /allow, or /deny
274			IPF_CONFIG_FILE="/$FIREWALL_POLICY"
275		fi
276		IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
277		    config/ipf6_config_file`
278		copy_to_legacy_loc $IPF6_CONFIG_FILE
279
280		IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
281		    config/ipnat_config_file`
282		copy_to_legacy_loc $IPNAT_CONFIG_FILE
283
284		IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
285		    config/ippool_config_file`
286		copy_to_legacy_loc $IPPOOL_CONFIG_FILE
287	fi
288
289	# IKE
290	if service_is_enabled $IPSEC_IKE_FMRI:default; then
291		IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
292		copy_to_legacy_loc $IKE_CONFIG_FILE
293	fi
294
295	# IPsec
296	if service_is_enabled $IPSEC_POLICY_FMRI:default; then
297		IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
298		    config/config_file`
299		copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
300	fi
301
302	if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
303	    -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
304	    -o -f "$IPF_CONFIG_FILE" \) ]; then
305		write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
306		    $CREATE_LOC_LEGACY_FILE
307	fi
308	if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
309		write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
310		    $CREATE_LOC_LEGACY_FILE
311	fi
312	if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
313		write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
314		    $CREATE_LOC_LEGACY_FILE
315	fi
316	if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
317		write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
318		    $CREATE_LOC_LEGACY_FILE
319	fi
320	if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
321		write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
322		    $CREATE_LOC_LEGACY_FILE
323	fi
324	if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
325	then
326		write_loc_prop "ipsecpolicy-config-file" \
327		    $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
328	fi
329
330	# End
331	echo "end" >> $CREATE_LOC_LEGACY_FILE
332	# network/location will create the Legacy location with these commands.
333}
334
335#
336# Undoes the effects of the Legacy location creation
337#
338revert_to_legacy_loc () {
339	$SVCADM disable dns/client
340	$SVCADM disable nis/client
341	$SVCADM disable ldap/client
342
343	# copy nsswitch.conf to /etc/nsswitch.conf
344	copy_from_legacy_loc /etc/nsswitch.conf
345
346	# DNS - copy resolv.conf to /etc/resolv.conf
347	if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
348		copy_from_legacy_loc /etc/resolv.conf
349	        $SVCADM enable dns/client
350	fi
351
352	# set /etc/defaultdomain and domainname(1M)
353	DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
354	if [ -n "$DEFAULT_DOMAIN" ]; then
355		$DOMAINNAME $DEFAULT_DOMAIN
356		$DOMAINNAME > /etc/defaultdomain
357	fi
358
359	# NIS - directory and ypserver in /var/yp/binding/
360	NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
361	NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
362	if [ -n "$NIS_CONFIGSRC" ]; then
363		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
364			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
365		fi
366		if [ -n "$NIS_SERVERS" ]; then
367			echo "$NIS_SERVERS" | $NAWK \
368			    'FS="," { for (i = 1; i <= NF; i++) print $i }' \
369			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
370		fi
371		$SVCADM enable nis/client
372	fi
373
374	# LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
375	if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
376		copy_from_legacy_loc /var/ldap/ldap_client_file
377		$SVCADM enable ldap/client
378	fi
379
380	# Copy back nfs NFSMAPID_DOMAIN
381	NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
382	if [ -n "$NFSMAPID_DOMAIN" ]; then
383		set_smf_prop $NFS_MAPID_FMRI \
384		    nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
385		$SVCADM refresh $NFS_MAPID_FMRI
386		$SVCADM enable $NFS_MAPID_FMRI
387	fi
388
389	# IPFilter, IPsec, and IKE
390	ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
391	ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
392	ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
393	ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
394	ike_file=`nwam_get_loc_prop Legacy ike-config-file`
395	pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
396
397	if [ -n "$ike_file" ]; then
398		copy_from_legacy_loc $ike_file
399		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
400		$SVCADM refresh $IPSEC_IKE_FMRI
401		$SVCADM enable $IPSEC_IKE_FMRI
402	else
403		set_smf_prop $IPSEC_IKE_FMRI config/config_file \
404		    $IPSEC_IKE_DEFAULT_CONFIG_FILE
405		$SVCADM disable $IPSEC_IKE_FMRI
406	fi
407	if [ -n "$pol_file" ]; then
408		copy_from_legacy_loc $pol_file
409		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
410		$SVCADM refresh $IPSEC_POLICY_FMRI
411		$SVCADM enable $IPSEC_POLICY_FMRI
412	else
413		set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
414		    $IPSEC_POLICY_DEFAULT_CONFIG_FILE
415		$SVCADM disable $IPSEC_POLICY_FMRI
416	fi
417
418	refresh_ipf=false
419	if [ -n "$ipf_file" ]; then
420		# change /none, /allow, and /deny to firewall policy
421		if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
422		    -o "$ipf_file" = "/deny" ]; then
423			policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
424			set_smf_prop $IPFILTER_FMRI \
425			    firewall_config_default/policy $policy
426			# no need to clear custom_policy_file as it isn't "custom"
427		else
428			copy_from_legacy_loc $ipf_file
429			set_smf_prop $IPFILTER_FMRI \
430			    firewall_config_default/policy "custom"
431			set_smf_prop $IPFILTER_FMRI \
432			    firewall_config_default/custom_policy_file $ipf_file
433		fi
434		refresh_ipf=true
435	fi
436	if [ -n "$ipf6_file" ]; then
437		copy_from_legacy_loc $ipf6_file
438		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
439		refresh_ipf=true
440	else
441		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
442		    $IPF6_DEFAULT_CONFIG_FILE
443	fi
444	if [ -n "$ipnat_file" ]; then
445		copy_from_legacy_loc $ipnat_file
446		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
447		refresh_ipf=true
448	else
449		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
450		    $IPNAT_DEFAULT_CONFIG_FILE
451	fi
452	if [ -n "$ippool_file" ]; then
453		copy_from_legacy_loc $ippool_file
454		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
455		    $ippool_file
456		refresh_ipf=true
457	else
458		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
459		    $IPPOOL_DEFAULT_CONFIG_FILE
460	fi
461
462	$SVCADM refresh $IPFILTER_FMRI
463	if [ "$refresh_ipf" = "true" ]; then
464		$SVCADM enable $IPFILTER_FMRI
465	else
466		$SVCADM disable $IPFILTER_FMRI
467	fi
468
469	# Remove the Legacy directories, script and location
470	$RM -rf $VOL_LEGACY_PATH
471	$RM -rf $PERM_LEGACY_PATH
472	$RM -f $VOL_NWAM_PATH/create_loc_legacy
473	$NWAMCFG destroy loc Legacy
474}
475
476#
477# Script entry point
478#
479# Arguments to net-nwam are
480#       method ( start | refresh | stop | -u | -c )
481#
482
483#
484# Create nwam directory in /etc/svc/volatile
485#
486if [ ! -d $VOL_NWAM_PATH ]; then
487	$MKDIR -m 0755 $VOL_NWAM_PATH
488fi
489
490case "$1" in
491'refresh')
492	/usr/bin/pkill -HUP -z `smf_zonename` nwamd
493	#
494	# Enable network/location.  Needed on first boot post-install as
495	# network/location will not exist until after manifest-import runs.
496	#
497	if service_exists $NET_LOC_FMRI ; then
498		$SVCADM enable -t $NET_LOC_FMRI
499	fi
500	;;
501
502'start')
503	# The real daemon is not started in a shared stack zone. But we need to
504	# create a dummy background process to preserve contract lifetime.
505	smf_configure_ip
506	if [ $? = "1" ] ; then
507		$RM -f $VOL_NWAM_PATH/nwam_blocked
508		$MKFIFO $VOL_NWAM_PATH/nwam_blocked
509		($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
510		exit $SMF_EXIT_OK
511	fi
512
513	#
514	# Enable network/location.
515	#
516	if service_exists $NET_LOC_FMRI ; then
517		$SVCADM enable -t $NET_LOC_FMRI
518	fi
519
520	if smf_is_globalzone; then
521		net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
522
523		# Update PVID on interfaces configured with VLAN 1
524		update_pvid
525
526		#
527		# Upgrade handling. The upgrade file consists of a series
528		# of dladm(1M) commands. Note that after we are done, we
529		# cannot rename the upgrade script file as the file system
530		# is still read-only at this point. Defer this to the
531		# manifest-import service.
532		#
533		upgrade_script=/var/svc/profile/upgrade_datalink
534		if [ -f "${upgrade_script}" ]; then
535			. "${upgrade_script}"
536		fi
537
538		#
539		# Upgrade handling for ibd:
540		# After we are done with the upgrade handling, we can not set the
541		# ibd/ibd_upgraded property to "true" as the file system is
542		# read-only at this point. It will be done later by ibd-post-upgrade
543		# service.
544		#
545		ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
546		    svc:/network/physical:default 2> /dev/null`
547		if [ "$ibd_upgraded" != "true" ]; then
548			/sbin/ibd_upgrade -v
549		fi
550
551		# Bring up simnet instances
552		/sbin/dladm up-simnet
553		# Initialize security objects.
554		/sbin/dladm init-secobj
555
556		#
557		# Initialize VNICs, VLANs and flows.  Though they are brought
558		# up here, NWAM will not automatically manage VNICs and VLANs.
559		#
560		/sbin/dladm up-vnic
561		/sbin/dladm up-vlan
562		/sbin/dladm up-part
563		/sbin/dladm up-aggr
564		/sbin/flowadm init-flow
565	fi
566
567	#
568	# We also need to create the Legacy location, which is used
569	# to restore non-NWAM settings that are overwritten when
570	# NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
571	#
572	$NWAMCFG list loc Legacy >/dev/null 2>&1
573	if [ $? -eq 1 ]; then
574		create_legacy_loc
575	fi
576
577	# start nwamd in foreground; it will daemonize itself
578	if /lib/inet/nwamd ; then
579		exit $SMF_EXIT_OK
580	else
581		exit $SMF_EXIT_ERR_FATAL
582	fi
583	;;
584
585'stop')
586	# We need to make the dummy process we created above stop.
587	smf_configure_ip
588	if [ $? = "1" ] ; then
589		echo "stop" > $VOL_NWAM_PATH/nwam_blocked
590		exit $SMF_EXIT_OK
591	fi
592
593	/usr/bin/pkill -z `smf_zonename` nwamd
594
595	#
596	# Restore the non-NWAM settings.
597	#
598	$NWAMCFG list loc Legacy >/dev/null 2>&1
599	if [ $? -eq 1 ]; then
600		echo "No Legacy location to revert to!"
601		exit $SMF_EXIT_OK
602	fi
603	revert_to_legacy_loc
604	# remove the location property group
605	$SVCCFG -s $NET_LOC_FMRI delpg location
606	;;
607
608'-u')
609	# After we run this part of the script upon the next reboot
610	# network/physical:default will be enabled and
611	# network/physical:nwam will be disabled.
612	# There are various other parts of the system (nscd, nfs) that
613	# depend on continuing to have a working network.  For this
614	# reason we don't change the network configuration immediately.
615	#
616	# Disable network/physical temporarily and make sure that will
617	# be enabled on reboot.
618	$SVCADM disable -st $NET_PHYS_FMRI
619	$SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
620
621	# If nwam is online then make sure that it's temporarily enabled.
622	nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
623	if [ $? -eq 0 ]; then
624		set -- $nwam_online
625		[ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
626	fi
627
628	# Set nwam so that it won't be enabled upon reboot.
629	$SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
630	exit 0
631	;;
632
633'-c')
634	# Nothing to do for sysidtool
635	exit 0
636	;;
637
638*)
639	echo "Usage: $0 { start | stop | refresh }"
640	exit $SMF_EXIT_ERR_FATAL
641	;;
642esac
643exit $SMF_EXIT_OK
644