1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 24# 25 26. /lib/svc/share/smf_include.sh 27. /lib/svc/share/net_include.sh 28 29# FMRI constants 30IPSEC_IKE_FMRI="svc:/network/ipsec/ike" 31IPSEC_POLICY_FMRI="svc:/network/ipsec/policy" 32IPFILTER_FMRI="svc:/network/ipfilter:default" 33NIS_CLIENT_FMRI="svc:/network/nis/client:default" 34NET_PHYS_FMRI="svc:/network/physical:default" 35NET_NWAM_FMRI="svc:/network/physical:nwam" 36NET_LOC_FMRI="svc:/network/location:default" 37NFS_MAPID_FMRI="svc:/network/nfs/mapid:default" 38 39# 40# Default *.conf files 41# Set appropriate config SMF property to these files when NWAM is stopped 42# and corresponding config properties in the Legacy location are emtpy 43# 44IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf 45IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf 46IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf 47IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config 48IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf 49 50# commands 51BASENAME=/usr/bin/basename 52CAT=/usr/bin/cat 53CP=/usr/bin/cp 54DOMAINNAME=/usr/bin/domainname 55GREP=/usr/bin/grep 56LDAPCLIENT=/usr/sbin/ldapclient 57MKDIR=/usr/bin/mkdir 58MKFIFO=/usr/bin/mkfifo 59NAWK=/usr/bin/nawk 60NWAMCFG=/usr/sbin/nwamcfg 61RM=/usr/bin/rm 62SVCADM=/usr/sbin/svcadm 63SVCCFG=/usr/sbin/svccfg 64SVCPROP=/usr/bin/svcprop 65 66# Path to directories 67# We don't have a writable file system so we write to /etc/svc/volatile and 68# then later copy anything interesting to /etc/nwam. 69VOL_NWAM_PATH=/etc/svc/volatile/nwam 70VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy 71PERM_LEGACY_PATH=/etc/nwam/loc/Legacy 72NIS_BIND_PATH=/var/yp/binding 73 74# 75# copy_to_legacy_loc <file> 76# 77# Copies the file to the Legacy location directory 78# (in /etc/svc/volatile/nwam/Legacy) 79# 80copy_to_legacy_loc() { 81 $MKDIR -p $VOL_LEGACY_PATH 82 if [ -f "$1" ]; then 83 $CP -p $1 $VOL_LEGACY_PATH 84 fi 85} 86 87# 88# copy_from_legacy_loc <destination file> 89# 90# Copies file with the same name from Legacy location 91# (in /etc/nwam/loc/Legacy) to the given destination file 92# 93copy_from_legacy_loc () { 94 DEST_DIR=`/usr/bin/dirname $1` 95 SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`" 96 97 # Make destination directory if needed 98 if [ ! -d "$DEST_DIR" ]; then 99 $MKDIR -p $DEST_DIR 100 fi 101 102 if [ -f "$SRC_FILE" ]; then 103 $CP -p $SRC_FILE $DEST_DIR 104 fi 105} 106 107# 108# write_loc_prop <property> <value> <file> 109# 110# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty 111# 112write_loc_prop () { 113 prop=$1 114 val=$2 115 file=$3 116 117 if [ -n "$val" -a -n "$file" ]; then 118 echo "set $prop=$val" >> $file 119 fi 120} 121 122# 123# set_smf_prop <fmri> <property name> <property value> 124# 125set_smf_prop () { 126 $SVCCFG -s $1 setprop $2 = astring: "$3" && return 127} 128 129# 130# get_smf_prop <fmri> <property name> 131# 132get_smf_prop () { 133 $SVCPROP -p $2 $1 134} 135 136# 137# Creates Legacy location from the current configuration 138# 139create_legacy_loc () { 140 CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy 141 142 # 143 # Write nwamcfg commands to create Legacy location to 144 # $CREATE_LOC_LEGACY_FILE as values for properties are determined 145 # Note that some of the *_CONFIG_FILE variables point at copies of 146 # files we've made and others indicate where those copies should be 147 # if we are enabling the location. 148 # 149 echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE 150 write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE 151 152 NAMESERVICES="" 153 NAMESERVICES_CONFIG_FILE="" 154 DNS_NAMESERVICE_CONFIGSRC="" 155 DNS_NAMESERVICE_DOMAIN="" 156 DNS_NAMESERVICE_SERVERS="" 157 DNS_NAMESERVICE_SEARCH="" 158 NIS_NAMESERVICE_CONFIGSRC="" 159 NIS_NAMESERVICE_SERVERS="" 160 LDAP_NAMESERVICE_CONFIGSRC="" 161 LDAP_NAMESERVICE_SERVERS="" 162 DEFAULT_DOMAIN="" 163 164 # Copy /etc/nsswitch.conf file 165 copy_to_legacy_loc /etc/nsswitch.conf 166 NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf" 167 168 # Gather DNS info from resolv.conf if present. 169 if [ -f /etc/resolv.conf ]; then 170 NAMESERVICES="dns," 171 $GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null 172 if [ $? -eq 0 ]; then 173 DNS_NAMESERVICE_CONFIGSRC="dhcp" 174 else 175 DNS_NAMESERVICE_CONFIGSRC="manual" 176 DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\ 177 print $2 }' < /etc/resolv.conf` 178 DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \ 179 { printf "%s,", $2 }' < /etc/resolv.conf` 180 DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \ 181 { printf "%s,", $2 }' < /etc/resolv.conf` 182 copy_to_legacy_loc /etc/resolv.conf 183 fi 184 fi 185 186 # Gather NIS info from appropriate file if present. 187 if service_is_enabled $NIS_CLIENT_FMRI; then 188 NAMESERVICES="${NAMESERVICES}nis," 189 NIS_NAMESERVICE_CONFIGSRC="manual" 190 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 191 192 yp_servers=`$NAWK '{ printf "%s ", $1 }' \ 193 < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers` 194 for serv in $yp_servers; do 195 if is_valid_addr $serv; then 196 addr="$serv," 197 else 198 addr=`$GREP -iw $serv /etc/inet/hosts | \ 199 $NAWK '{ printf "%s,", $1 }'` 200 fi 201 NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr" 202 done 203 fi 204 205 # Gather LDAP info via ldapclient(1M). 206 if [ -f /var/ldap/ldap_client_file ]; then 207 copy_to_legacy /var/ldap/ldap_client_file 208 NAMESERVICES="${NAMESERVICES}ldap," 209 LDAP_NAMESERVICE_CONFIGSRC="manual" 210 LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \ 211 $NAWK '$1 == "preferredServerList:" { print $2 }'` 212 DEFAULT_DOMAIN=`$CAT /etc/defaultdomain` 213 fi 214 215 # Now, write nwamcfg commands for nameservices 216 write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE 217 write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \ 218 $CREATE_LOC_LEGACY_FILE 219 write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \ 220 $CREATE_LOC_LEGACY_FILE 221 write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \ 222 $CREATE_LOC_LEGACY_FILE 223 write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \ 224 $CREATE_LOC_LEGACY_FILE 225 write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \ 226 $CREATE_LOC_LEGACY_FILE 227 write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \ 228 $CREATE_LOC_LEGACY_FILE 229 write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \ 230 $CREATE_LOC_LEGACY_FILE 231 write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\ 232 $CREATE_LOC_LEGACY_FILE 233 write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \ 234 $CREATE_LOC_LEGACY_FILE 235 write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE 236 237 # Retrieve NFSv4 domain from SMF. 238 if service_is_enabled $NFS_MAPID_FMRI; then 239 NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \ 240 nfs-props/nfsmapid_domain` 241 write_loc_prop "nfsv4-domain" \ 242 $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE 243 fi 244 245 IPF_CONFIG_FILE="" 246 IPF6_CONFIG_FILE="" 247 IPNAT_CONFIG_FILE="" 248 IPPOOL_CONFIG_FILE="" 249 IKE_CONFIG_FILE="" 250 IPSEC_POLICY_CONFIG_FILE="" 251 252 # 253 # IPFilter 254 # 255 # If the firewall policy is "custom", simply copy the 256 # custom_policy_file. If the firewall policy is "none", "allow" or 257 # "deny", save the value as "/<value>". When reverting back to the 258 # Legacy location, these values will have to be treated as special. 259 # 260 # For all configuration files, copy them to the Legacy directory. 261 # Use the respective properties to remember the original locations 262 # of the files so that they can be copied back there when NWAM is 263 # stopped. 264 # 265 if service_is_enabled $IPFILTER_FMRI; then 266 FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \ 267 firewall_config_default/policy` 268 if [ "$FIREWALL_POLICY" = "custom" ]; then 269 IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 270 firewall_config_default/custom_policy_file` 271 copy_to_legacy_loc $IPF_CONFIG_FILE 272 else 273 # save value as /none, /allow, or /deny 274 IPF_CONFIG_FILE="/$FIREWALL_POLICY" 275 fi 276 IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 277 config/ipf6_config_file` 278 copy_to_legacy_loc $IPF6_CONFIG_FILE 279 280 IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 281 config/ipnat_config_file` 282 copy_to_legacy_loc $IPNAT_CONFIG_FILE 283 284 IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \ 285 config/ippool_config_file` 286 copy_to_legacy_loc $IPPOOL_CONFIG_FILE 287 fi 288 289 # IKE 290 if service_is_enabled $IPSEC_IKE_FMRI:default; then 291 IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file` 292 copy_to_legacy_loc $IKE_CONFIG_FILE 293 fi 294 295 # IPsec 296 if service_is_enabled $IPSEC_POLICY_FMRI:default; then 297 IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \ 298 config/config_file` 299 copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE 300 fi 301 302 if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \ 303 -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \ 304 -o -f "$IPF_CONFIG_FILE" \) ]; then 305 write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \ 306 $CREATE_LOC_LEGACY_FILE 307 fi 308 if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then 309 write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \ 310 $CREATE_LOC_LEGACY_FILE 311 fi 312 if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then 313 write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \ 314 $CREATE_LOC_LEGACY_FILE 315 fi 316 if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then 317 write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \ 318 $CREATE_LOC_LEGACY_FILE 319 fi 320 if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then 321 write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \ 322 $CREATE_LOC_LEGACY_FILE 323 fi 324 if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ] 325 then 326 write_loc_prop "ipsecpolicy-config-file" \ 327 $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE 328 fi 329 330 # End 331 echo "end" >> $CREATE_LOC_LEGACY_FILE 332 # network/location will create the Legacy location with these commands. 333} 334 335# 336# Undoes the effects of the Legacy location creation 337# 338revert_to_legacy_loc () { 339 $SVCADM disable dns/client 340 $SVCADM disable nis/client 341 $SVCADM disable ldap/client 342 343 # copy nsswitch.conf to /etc/nsswitch.conf 344 copy_from_legacy_loc /etc/nsswitch.conf 345 346 # DNS - copy resolv.conf to /etc/resolv.conf 347 if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then 348 copy_from_legacy_loc /etc/resolv.conf 349 $SVCADM enable dns/client 350 fi 351 352 # set /etc/defaultdomain and domainname(1M) 353 DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain` 354 if [ -n "$DEFAULT_DOMAIN" ]; then 355 $DOMAINNAME $DEFAULT_DOMAIN 356 $DOMAINNAME > /etc/defaultdomain 357 fi 358 359 # NIS - directory and ypserver in /var/yp/binding/ 360 NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc` 361 NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers` 362 if [ -n "$NIS_CONFIGSRC" ]; then 363 if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then 364 $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN 365 fi 366 if [ -n "$NIS_SERVERS" ]; then 367 echo "$NIS_SERVERS" | $NAWK \ 368 'FS="," { for (i = 1; i <= NF; i++) print $i }' \ 369 > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers 370 fi 371 $SVCADM enable nis/client 372 fi 373 374 # LDAP - copy ldap_client_file to /var/ldap/ldap_client_file 375 if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then 376 copy_from_legacy_loc /var/ldap/ldap_client_file 377 $SVCADM enable ldap/client 378 fi 379 380 # Copy back nfs NFSMAPID_DOMAIN 381 NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain` 382 if [ -n "$NFSMAPID_DOMAIN" ]; then 383 set_smf_prop $NFS_MAPID_FMRI \ 384 nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN 385 $SVCADM refresh $NFS_MAPID_FMRI 386 $SVCADM enable $NFS_MAPID_FMRI 387 fi 388 389 # IPFilter, IPsec, and IKE 390 ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file` 391 ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file` 392 ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file` 393 ippool_file=`nwam_get_loc_prop Legacy ippool-config-file` 394 ike_file=`nwam_get_loc_prop Legacy ike-config-file` 395 pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file` 396 397 if [ -n "$ike_file" ]; then 398 copy_from_legacy_loc $ike_file 399 set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file 400 $SVCADM refresh $IPSEC_IKE_FMRI 401 $SVCADM enable $IPSEC_IKE_FMRI 402 else 403 set_smf_prop $IPSEC_IKE_FMRI config/config_file \ 404 $IPSEC_IKE_DEFAULT_CONFIG_FILE 405 $SVCADM disable $IPSEC_IKE_FMRI 406 fi 407 if [ -n "$pol_file" ]; then 408 copy_from_legacy_loc $pol_file 409 set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file 410 $SVCADM refresh $IPSEC_POLICY_FMRI 411 $SVCADM enable $IPSEC_POLICY_FMRI 412 else 413 set_smf_prop $IPSEC_POLICY_FMRI config/config_file \ 414 $IPSEC_POLICY_DEFAULT_CONFIG_FILE 415 $SVCADM disable $IPSEC_POLICY_FMRI 416 fi 417 418 refresh_ipf=false 419 if [ -n "$ipf_file" ]; then 420 # change /none, /allow, and /deny to firewall policy 421 if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \ 422 -o "$ipf_file" = "/deny" ]; then 423 policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'` 424 set_smf_prop $IPFILTER_FMRI \ 425 firewall_config_default/policy $policy 426 # no need to clear custom_policy_file as it isn't "custom" 427 else 428 copy_from_legacy_loc $ipf_file 429 set_smf_prop $IPFILTER_FMRI \ 430 firewall_config_default/policy "custom" 431 set_smf_prop $IPFILTER_FMRI \ 432 firewall_config_default/custom_policy_file $ipf_file 433 fi 434 refresh_ipf=true 435 fi 436 if [ -n "$ipf6_file" ]; then 437 copy_from_legacy_loc $ipf6_file 438 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file 439 refresh_ipf=true 440 else 441 set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \ 442 $IPF6_DEFAULT_CONFIG_FILE 443 fi 444 if [ -n "$ipnat_file" ]; then 445 copy_from_legacy_loc $ipnat_file 446 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file 447 refresh_ipf=true 448 else 449 set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \ 450 $IPNAT_DEFAULT_CONFIG_FILE 451 fi 452 if [ -n "$ippool_file" ]; then 453 copy_from_legacy_loc $ippool_file 454 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 455 $ippool_file 456 refresh_ipf=true 457 else 458 set_smf_prop $IPFILTER_FMRI config/ippool_config_file \ 459 $IPPOOL_DEFAULT_CONFIG_FILE 460 fi 461 462 $SVCADM refresh $IPFILTER_FMRI 463 if [ "$refresh_ipf" = "true" ]; then 464 $SVCADM enable $IPFILTER_FMRI 465 else 466 $SVCADM disable $IPFILTER_FMRI 467 fi 468 469 # Remove the Legacy directories, script and location 470 $RM -rf $VOL_LEGACY_PATH 471 $RM -rf $PERM_LEGACY_PATH 472 $RM -f $VOL_NWAM_PATH/create_loc_legacy 473 $NWAMCFG destroy loc Legacy 474} 475 476# 477# Script entry point 478# 479# Arguments to net-nwam are 480# method ( start | refresh | stop | -u | -c ) 481# 482 483# 484# Create nwam directory in /etc/svc/volatile 485# 486if [ ! -d $VOL_NWAM_PATH ]; then 487 $MKDIR -m 0755 $VOL_NWAM_PATH 488fi 489 490case "$1" in 491'refresh') 492 /usr/bin/pkill -HUP -z `smf_zonename` nwamd 493 # 494 # Enable network/location. Needed on first boot post-install as 495 # network/location will not exist until after manifest-import runs. 496 # 497 if service_exists $NET_LOC_FMRI ; then 498 $SVCADM enable -t $NET_LOC_FMRI 499 fi 500 ;; 501 502'start') 503 # The real daemon is not started in a shared stack zone. But we need to 504 # create a dummy background process to preserve contract lifetime. 505 smf_configure_ip 506 if [ $? = "1" ] ; then 507 $RM -f $VOL_NWAM_PATH/nwam_blocked 508 $MKFIFO $VOL_NWAM_PATH/nwam_blocked 509 ($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) & 510 exit $SMF_EXIT_OK 511 fi 512 513 # 514 # Enable network/location. 515 # 516 if service_exists $NET_LOC_FMRI ; then 517 $SVCADM enable -t $NET_LOC_FMRI 518 fi 519 520 if smf_is_globalzone; then 521 net_reconfigure || exit $SMF_EXIT_ERR_CONFIG 522 523 # Update PVID on interfaces configured with VLAN 1 524 update_pvid 525 526 # 527 # Upgrade handling. The upgrade file consists of a series 528 # of dladm(1M) commands. Note that after we are done, we 529 # cannot rename the upgrade script file as the file system 530 # is still read-only at this point. Defer this to the 531 # manifest-import service. 532 # 533 upgrade_script=/var/svc/profile/upgrade_datalink 534 if [ -f "${upgrade_script}" ]; then 535 . "${upgrade_script}" 536 fi 537 538 # 539 # Upgrade handling for ibd: 540 # After we are done with the upgrade handling, we can not set the 541 # ibd/ibd_upgraded property to "true" as the file system is 542 # read-only at this point. It will be done later by ibd-post-upgrade 543 # service. 544 # 545 ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \ 546 svc:/network/physical:default 2> /dev/null` 547 if [ "$ibd_upgraded" != "true" ]; then 548 /sbin/ibd_upgrade -v 549 fi 550 551 # Bring up simnet instances 552 /sbin/dladm up-simnet 553 # Initialize security objects. 554 /sbin/dladm init-secobj 555 556 # 557 # Initialize VNICs, VLANs and flows. Though they are brought 558 # up here, NWAM will not automatically manage VNICs and VLANs. 559 # 560 /sbin/dladm up-vnic 561 /sbin/dladm up-vlan 562 /sbin/dladm up-part 563 /sbin/dladm up-aggr 564 /sbin/flowadm init-flow 565 fi 566 567 # 568 # We also need to create the Legacy location, which is used 569 # to restore non-NWAM settings that are overwritten when 570 # NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.). 571 # 572 $NWAMCFG list loc Legacy >/dev/null 2>&1 573 if [ $? -eq 1 ]; then 574 create_legacy_loc 575 fi 576 577 # start nwamd in foreground; it will daemonize itself 578 if /lib/inet/nwamd ; then 579 exit $SMF_EXIT_OK 580 else 581 exit $SMF_EXIT_ERR_FATAL 582 fi 583 ;; 584 585'stop') 586 # We need to make the dummy process we created above stop. 587 smf_configure_ip 588 if [ $? = "1" ] ; then 589 echo "stop" > $VOL_NWAM_PATH/nwam_blocked 590 exit $SMF_EXIT_OK 591 fi 592 593 /usr/bin/pkill -z `smf_zonename` nwamd 594 595 # 596 # Restore the non-NWAM settings. 597 # 598 $NWAMCFG list loc Legacy >/dev/null 2>&1 599 if [ $? -eq 1 ]; then 600 echo "No Legacy location to revert to!" 601 exit $SMF_EXIT_OK 602 fi 603 revert_to_legacy_loc 604 # remove the location property group 605 $SVCCFG -s $NET_LOC_FMRI delpg location 606 ;; 607 608'-u') 609 # After we run this part of the script upon the next reboot 610 # network/physical:default will be enabled and 611 # network/physical:nwam will be disabled. 612 # There are various other parts of the system (nscd, nfs) that 613 # depend on continuing to have a working network. For this 614 # reason we don't change the network configuration immediately. 615 # 616 # Disable network/physical temporarily and make sure that will 617 # be enabled on reboot. 618 $SVCADM disable -st $NET_PHYS_FMRI 619 $SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true 620 621 # If nwam is online then make sure that it's temporarily enabled. 622 nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI` 623 if [ $? -eq 0 ]; then 624 set -- $nwam_online 625 [ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI 626 fi 627 628 # Set nwam so that it won't be enabled upon reboot. 629 $SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false 630 exit 0 631 ;; 632 633'-c') 634 # Nothing to do for sysidtool 635 exit 0 636 ;; 637 638*) 639 echo "Usage: $0 { start | stop | refresh }" 640 exit $SMF_EXIT_ERR_FATAL 641 ;; 642esac 643exit $SMF_EXIT_OK 644