1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24# 25 26. /lib/svc/share/smf_include.sh 27. /lib/svc/share/net_include.sh 28 29# FMRI constants 30IPSEC_IKE_FMRI="svc:/network/ipsec/ike" 31IPSEC_POLICY_FMRI="svc:/network/ipsec/policy" 32IPFILTER_FMRI="svc:/network/ipfilter:default" 33NIS_CLIENT_FMRI="svc:/network/nis/client:default" 34NET_PHYS_FMRI="svc:/network/physical:default" 35NET_NWAM_FMRI="svc:/network/physical:nwam" 36NET_LOC_FMRI="svc:/network/location:default" 37 38# 39# Default *.conf files 40# Set appropriate config SMF property to these files when NWAM is stopped 41# and corresponding config properties in the Legacy location are emtpy 42# 43IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf 44IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf 45IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf 46IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config 47IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf 48 49# commands 50BASENAME=/usr/bin/basename 51CAT=/usr/bin/cat 52CP=/usr/bin/cp 53DOMAINNAME=/usr/bin/domainname 54GREP=/usr/bin/grep 55LDAPCLIENT=/usr/sbin/ldapclient 56MKDIR=/usr/bin/mkdir 57MKFIFO=/usr/bin/mkfifo 58NAWK=/usr/bin/nawk 59NWAMCFG=/usr/sbin/nwamcfg 60RM=/usr/bin/rm 61SVCADM=/usr/sbin/svcadm 62SVCCFG=/usr/sbin/svccfg 63SVCPROP=/usr/bin/svcprop 64 65# Path to directories 66# We don't have a writable file system so we write to /etc/svc/volatile and 67# then later copy anything interesting to /etc/nwam. 68LEGACY_PATH=/etc/svc/volatile/nwam/Legacy 69NIS_BIND_PATH=/var/yp/binding 70 71# 72# copy_to_legacy_loc <file> 73# 74# Copies the file to the Legacy location directory 75# 76copy_to_legacy_loc() { 77 $MKDIR -p $LEGACY_PATH 78 if [ -f "$1" ]; then 79 $CP -p $1 $LEGACY_PATH 80 fi 81} 82 83# 84# copy_from_legacy_loc <destination file> 85# 86# Copies file with the same name from Legacy location to the given 87# destination file 88# 89copy_from_legacy_loc () { 90 DEST_DIR=`/usr/bin/dirname $1` 91 SRC_FILE="$LEGACY_PATH/`$BASENAME $1`" 92 93 # Make destination directory if needed 94 if [ ! -d "$DEST_DIR" ]; then 95 $MKDIR -p $DEST_DIR 96 fi 97 98 if [ -f "$SRC_FILE" ]; then 99 $CP -p $SRC_FILE $DEST_DIR 100 fi 101} 102 103# 104# write_loc_prop <property> <value> <file> 105# 106# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty 107# 108write_loc_prop () { 109 prop=$1 110 val=$2 111 file=$3 112 113 if [ -n "$val" -a -n "$file" ]; then 114 echo "set $prop=$val" >> $file 115 fi 116} 117 118# 119# set_smf_prop <fmri> <property name> <property value> 120# 121set_smf_prop () { 122 $SVCCFG -s $1 setprop $2 = astring: "$3" && return 123} 124 125# 126# get_smf_prop <fmri> <property name> 127# 128get_smf_prop () { 129 $SVCPROP -p $2 $1 130} 131 132# 133# Creates Legacy location from the current configuration 134# 135create_legacy_loc () { 136 CREATE_LOC_LEGACY_FILE=/etc/svc/volatile/nwam/create_loc_legacy 137 138 # 139 # Write nwamcfg commands to create Legacy location to 140 # $CREATE_LOC_LEGACY_FILE as values for properties are determined 141 # Note that some of the *_CONFIG_FILE variables point at copies of 142 # files we've made and others indicate where those copies should be 143 # if we are enabling the location. 144 # 145 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE 146 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE 147 148 NAMESERVICES="" 149 NAMESERVICES_CONFIG_FILE="" 150 DNS_NAMESERVICE_CONFIGSRC="" 151 DNS_NAMESERVICE_DOMAIN="" 152 DNS_NAMESERVICE_SERVERS="" 153 DNS_NAMESERVICE_SEARCH="" 154 NIS_NAMESERVICE_CONFIGSRC="" 155 NIS_NAMESERVICE_SERVERS="" 156 LDAP_NAMESERVICE_CONFIGSRC="" 157 LDAP_NAMESERVICE_SERVERS="" 158 DEFAULT_DOMAIN="" 159 160 # Copy /etc/nsswitch.conf file 161 copy_to_legacy_loc /etc/nsswitch.conf 162 NAMESERVICES_CONFIG_FILE="$LEGACY_PATH/nsswitch.conf" 163 164 # Gather DNS info from resolv.conf if present. 165 if [ -f /etc/resolv.conf ]; then 166 NAMESERVICES="dns," 167 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null 168 if [ $? -eq 0 ]; then 169 DNS_NAMESERVICE_CONFIGSRC="dhcp" 170 else 171 DNS_NAMESERVICE_CONFIGSRC="manual" 172 DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\ 173 print $2 }' < /etc/resolv.conf` 174 DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \ 175 { printf "%s,", $2 }' < /etc/resolv.conf` 176 DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \ 177 { printf "%s,", $2 }' < /etc/resolv.conf` 178 copy_to_legacy_loc /etc/resolv.conf 179 fi 180 fi 181 182 # Gather NIS info from appropriate file if present. 183 if service_is_enabled $NIS_CLIENT_FMRI; then 184 NAMESERVICES="${NAMESERVICES}nis," 185 NIS_NAMESERVICE_CONFIGSRC="manual" 186 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 187 188 yp_servers=`$NAWK '{ printf "%s ", $1 }' \ 189 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers` 190 for serv in $yp_servers; do 191 if is_valid_addr $serv; then 192 addr="$serv," 193 else 194 addr=`$GREP -iw $serv /etc/inet/hosts | \ 195 $NAWK '{ printf "%s,", $1 }'` 196 fi 197 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr" 198 done 199 fi 200 201 # Gather LDAP info via ldapclient(1M). 202 if [ -f /var/ldap/ldap_client_file ]; then 203 copy_to_legacy /var/ldap/ldap_client_file 204 NAMESERVICES="${NAMESERVICES}ldap," 205 LDAP_NAMESERVICE_CONFIGSRC="manual" 206 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \ 207 $NAWK '$1 == "preferredServerList:" { print $2 }'` 208 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 209 fi 210 211 # Now, write nwamcfg commands for nameservices 212 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE 213 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \ 214 $CREATE_LOC_LEGACY_FILE 215 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \ 216 $CREATE_LOC_LEGACY_FILE 217 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \ 218 $CREATE_LOC_LEGACY_FILE 219 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \ 220 $CREATE_LOC_LEGACY_FILE 221 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \ 222 $CREATE_LOC_LEGACY_FILE 223 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \ 224 $CREATE_LOC_LEGACY_FILE 225 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \ 226 $CREATE_LOC_LEGACY_FILE 227 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\ 228 $CREATE_LOC_LEGACY_FILE 229 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \ 230 $CREATE_LOC_LEGACY_FILE 231 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE 232 233 # Retrieve NFSv4 domain. 234 if [ -f /etc/default/nfs ]; then 235 copy_to_legacy_loc /etc/default/nfs 236 NFS_DOMAIN=`$NAWK '/^NFSMAPID_DOMAIN.*/ { FS="=" ; print $2 }' \ 237 < /etc/default/nfs` 238 write_loc_prop "nfsv4-domain" \ 239 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE 240 fi 241 242 IPF_CONFIG_FILE="" 243 IPF6_CONFIG_FILE="" 244 IPNAT_CONFIG_FILE="" 245 IPPOOL_CONFIG_FILE="" 246 IKE_CONFIG_FILE="" 247 IPSEC_POLICY_CONFIG_FILE="" 248 249 # 250 # IPFilter 251 # 252 # If the firewall policy is "custom", simply copy the 253 # custom_policy_file. If the firewall policy is "none", "allow" or 254 # "deny", save the value as "/<value>". When reverting back to the 255 # Legacy location, these values will have to be treated as special. 256 # 257 # For all configuration files, copy them to the Legacy directory. 258 # Use the respective properties to remember the original locations 259 # of the files so that they can be copied back there when NWAM is 260 # stopped. 261 # 262 if service_is_enabled $IPFILTER_FMRI; then 263 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \ 264 firewall_config_default/policy` 265 if [ "$FIREWALL_POLICY" = "custom" ]; then 266 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 267 firewall_config_default/custom_policy_file` 268 copy_to_legacy_loc $IPF_CONFIG_FILE 269 else 270 # save value as /none, /allow, or /deny 271 IPF_CONFIG_FILE="/$FIREWALL_POLICY" 272 fi 273 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 274 config/ipf6_config_file` 275 copy_to_legacy_loc $IPF6_CONFIG_FILE 276 277 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 278 config/ipnat_config_file` 279 copy_to_legacy_loc $IPNAT_CONFIG_FILE 280 281 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 282 config/ippool_config_file` 283 copy_to_legacy_loc $IPPOOL_CONFIG_FILE 284 fi 285 286 # IKE 287 if service_is_enabled $IPSEC_IKE_FMRI:default; then 288 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file` 289 copy_to_legacy_loc $IKE_CONFIG_FILE 290 fi 291 292 # IPsec 293 if service_is_enabled $IPSEC_POLICY_FMRI:default; then 294 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \ 295 config/config_file` 296 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE 297 fi 298 299 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \ 300 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \ 301 -o -f "$IPF_CONFIG_FILE" \) ]; then 302 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \ 303 $CREATE_LOC_LEGACY_FILE 304 fi 305 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then 306 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \ 307 $CREATE_LOC_LEGACY_FILE 308 fi 309 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then 310 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \ 311 $CREATE_LOC_LEGACY_FILE 312 fi 313 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then 314 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \ 315 $CREATE_LOC_LEGACY_FILE 316 fi 317 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then 318 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \ 319 $CREATE_LOC_LEGACY_FILE 320 fi 321 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ] 322 then 323 write_loc_prop "ipsecpolicy-config-file" \ 324 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE 325 fi 326 327 # End 328 echo "end" >> $CREATE_LOC_LEGACY_FILE 329 # network/location will create the Legacy location with these commands. 330} 331 332# 333# Undoes the effects of the Legacy location creation 334# 335revert_to_legacy_loc () { 336 $SVCADM disable dns/client 337 $SVCADM disable nis/client 338 $SVCADM disable ldap/client 339 340 # copy nsswitch.conf to /etc/nsswitch.conf 341 copy_from_legacy_loc /etc/nsswitch.conf 342 343 # DNS - copy resolv.conf to /etc/resolv.conf 344 if [ -f "$LEGACY_PATH/resolv.conf" ]; then 345 copy_from_legacy_loc /etc/resolv.conf 346 $SVCADM enable dns/client 347 fi 348 349 # set /etc/defaultdomain and domainname(1M) 350 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain` 351 if [ -n "$DEFAULT_DOMAIN" ]; then 352 $DOMAINNAME $DEFAULT_DOMAIN 353 $DOMAINNAME > /etc/defaultdomain 354 fi 355 356 # NIS - directory and ypserver in /var/yp/binding/ 357 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc` 358 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers` 359 if [ -n "$NIS_CONFIGSRC" ]; then 360 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then 361 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN 362 fi 363 if [ -n "$NIS_SERVERS" ]; then 364 echo "$NIS_SERVERS" | $NAWK \ 365 'FS="," { for (i = 1; i <= NF; i++) print $i }' \ 366 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers 367 fi 368 $SVCADM enable nis/client 369 fi 370 371 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file 372 if [ -f "$LEGACY_PATH/ldap_client_file" ]; then 373 copy_from_legacy_loc /var/ldap/ldap_client_file 374 $SVCADM enable ldap/client 375 fi 376 377 # Copy back nfs file 378 copy_from_legacy_loc /etc/default/nfs 379 380 # IPFilter, IPsec, and IKE 381 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file` 382 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file` 383 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file` 384 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file` 385 ike_file=`nwam_get_loc_prop Legacy ike-config-file` 386 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file` 387 388 if [ -n "$ike_file" ]; then 389 copy_from_legacy_loc $ike_file 390 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file 391 $SVCADM refresh $IPSEC_IKE_FMRI 392 $SVCADM enable $IPSEC_IKE_FMRI 393 else 394 set_smf_prop $IPSEC_IKE_FMRI config/config_file \ 395 $IPSEC_IKE_DEFAULT_CONFIG_FILE 396 $SVCADM disable $IPSEC_IKE_FMRI 397 fi 398 if [ -n "$pol_file" ]; then 399 copy_from_legacy_loc $pol_file 400 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file 401 $SVCADM refresh $IPSEC_POLICY_FMRI 402 $SVCADM enable $IPSEC_POLICY_FMRI 403 else 404 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \ 405 $IPSEC_POLICY_DEFAULT_CONFIG_FILE 406 $SVCADM disable $IPSEC_POLICY_FMRI 407 fi 408 409 refresh_ipf=false 410 if [ -n "$ipf_file" ]; then 411 # change /none, /allow, and /deny to firewall policy 412 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \ 413 -o "$ipf_file" = "/deny" ]; then 414 policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'` 415 set_smf_prop $IPFILTER_FMRI \ 416 firewall_config_default/policy $policy 417 # no need to clear custom_policy_file as it isn't "custom" 418 else 419 copy_from_legacy_loc $ipf_file 420 set_smf_prop $IPFILTER_FMRI \ 421 firewall_config_default/policy "custom" 422 set_smf_prop $IPFILTER_FMRI \ 423 firewall_config_default/custom_policy_file $ipf_file 424 fi 425 refresh_ipf=true 426 fi 427 if [ -n "$ipf6_file" ]; then 428 copy_from_legacy_loc $ipf6_file 429 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file 430 refresh_ipf=true 431 else 432 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \ 433 $IPF6_DEFAULT_CONFIG_FILE 434 fi 435 if [ -n "$ipnat_file" ]; then 436 copy_from_legacy_loc $ipnat_file 437 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file 438 refresh_ipf=true 439 else 440 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \ 441 $IPNAT_DEFAULT_CONFIG_FILE 442 fi 443 if [ -n "$ippool_file" ]; then 444 copy_from_legacy_loc $ippool_file 445 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 446 $ippool_file 447 refresh_ipf=true 448 else 449 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 450 $IPPOOL_DEFAULT_CONFIG_FILE 451 fi 452 453 $SVCADM refresh $IPFILTER_FMRI 454 if [ "$refresh_ipf" = "true" ]; then 455 $SVCADM enable $IPFILTER_FMRI 456 else 457 $SVCADM disable $IPFILTER_FMRI 458 fi 459 460 # Remove the Legacy directory and location 461 $RM -rf $LEGACY_PATH 462 $NWAMCFG destroy loc Legacy 463} 464 465# 466# Script entry point 467# 468# Arguments to net-nwam are 469# method ( start | refresh | stop | -u | -c ) 470# 471 472# 473# Create nwam directory in /etc/svc/volatile 474# 475if [ ! -d /etc/svc/volatile/nwam ]; then 476 $MKDIR -m 0755 /etc/svc/volatile/nwam 477fi 478 479case "$1" in 480'refresh') 481 /usr/bin/pkill -HUP -z `smf_zonename` nwamd 482 # 483 # Enable network/location. Needed on first boot post-install as 484 # network/location will not exist until after manifest-import runs. 485 # 486 if service_exists $NET_LOC_FMRI ; then 487 $SVCADM enable -t $NET_LOC_FMRI 488 fi 489 ;; 490 491'start') 492 # The real daemon is not started in a shared stack zone. But we need to 493 # create a dummy background process to preserve contract lifetime. 494 smf_configure_ip 495 if [ $? = "1" ] ; then 496 $RM -f /etc/svc/volatile/nwam/nwam_blocked 497 $MKFIFO /etc/svc/volatile/nwam/nwam_blocked 498 ($CAT </etc/svc/volatile/nwam/nwam_blocked >/dev/null) & 499 exit $SMF_EXIT_OK 500 fi 501 502 # 503 # Enable network/location. 504 # 505 if service_exists $NET_LOC_FMRI ; then 506 $SVCADM enable -t $NET_LOC_FMRI 507 fi 508 509 if smf_is_globalzone; then 510 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG 511 512 # Update PVID on interfaces configured with VLAN 1 513 update_pvid 514 515 # 516 # Upgrade handling. The upgrade file consists of a series 517 # of dladm(1M) commands. Note that after we are done, we 518 # cannot rename the upgrade script file as the file system 519 # is still read-only at this point. Defer this to the 520 # manifest-import service. 521 # 522 upgrade_script=/var/svc/profile/upgrade_datalink 523 if [ -f "${upgrade_script}" ]; then 524 . "${upgrade_script}" 525 fi 526 527 # 528 # Upgrade handling for ibd: 529 # After we are done with the upgrade handling, we can not set the 530 # ibd/ibd_upgraded property to "true" as the file system is 531 # read-only at this point. It will be done later by ibd-post-upgrade 532 # service. 533 # 534 ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \ 535 svc:/network/physical:default 2> /dev/null` 536 if [ "$ibd_upgraded" != "true" ]; then 537 /sbin/ibd_upgrade -v 538 fi 539 540 # Bring up simnet instances 541 /sbin/dladm up-simnet 542 # Initialize security objects. 543 /sbin/dladm init-secobj 544 545 # 546 # Initialize VNICs, VLANs and flows. Though they are brought 547 # up here, NWAM will not automatically manage VNICs and VLANs. 548 # 549 /sbin/dladm up-vnic 550 /sbin/dladm up-vlan 551 /sbin/dladm up-part 552 /sbin/dladm up-aggr 553 /sbin/flowadm init-flow 554 fi 555 556 # 557 # We also need to create the Legacy location, which is used 558 # to restore non-NWAM settings that are overwritten when 559 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.). 560 # 561 $NWAMCFG list loc Legacy >/dev/null 2>&1 562 if [ $? -eq 1 ]; then 563 create_legacy_loc 564 fi 565 566 # start nwamd in foreground; it will daemonize itself 567 if /lib/inet/nwamd ; then 568 exit $SMF_EXIT_OK 569 else 570 exit $SMF_EXIT_ERR_FATAL 571 fi 572 ;; 573 574'stop') 575 # We need to make the dummy process we created above stop. 576 smf_configure_ip 577 if [ $? = "1" ] ; then 578 echo "stop" > /etc/svc/volatile/nwam/nwam_blocked 579 exit $SMF_EXIT_OK 580 fi 581 582 /usr/bin/pkill -z `smf_zonename` nwamd 583 584 # 585 # Restore the non-NWAM settings. 586 # 587 $NWAMCFG list loc Legacy >/dev/null 2>&1 588 if [ $? -eq 1 ]; then 589 echo "No Legacy location to revert to!" 590 exit $SMF_EXIT_OK 591 fi 592 revert_to_legacy_loc 593 # remove the location property group 594 $SVCCFG -s $NET_LOC_FMRI delpg location 595 ;; 596 597'-u') 598 # After we run this part of the script upon the next reboot 599 # network/physical:default will be enabled and 600 # network/physical:nwam will be disabled. 601 # There are various other parts of the system (nscd, nfs) that 602 # depend on continuing to have a working network. For this 603 # reason we don't change the network configuration immediately. 604 # 605 # Disable network/physical temporarily and make sure that will 606 # be enabled on reboot. 607 $SVCADM disable -st $NET_PHYS_FMRI 608 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true 609 610 # If nwam is online then make sure that it's temporarily enabled. 611 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI` 612 if [ $? -eq 0 ]; then 613 set -- $nwam_online 614 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI 615 fi 616 617 # Set nwam so that it won't be enabled upon reboot. 618 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false 619 exit 0 620 ;; 621 622'-c') 623 # Nothing to do for sysidtool 624 exit 0 625 ;; 626 627*) 628 echo "Usage: $0 { start | stop | refresh }" 629 exit $SMF_EXIT_ERR_FATAL 630 ;; 631esac 632exit $SMF_EXIT_OK 633