xref: /titanic_44/usr/src/cmd/svc/milestone/net-loc (revision 6b5e5868e7ebf1aff3a5abd7d0c4ef0e5fbf3648)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24#
25
26. /lib/svc/share/smf_include.sh
27. /lib/svc/share/net_include.sh
28
29# FMRI consts
30AUTOFS_FMRI="svc:/system/filesystem/autofs"
31DNS_CLIENT_FMRI="svc:/network/dns/client"
32IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
33IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
34IPFILTER_FMRI="svc:/network/ipfilter:default"
35LDAP_CLIENT_FMRI="svc:/network/ldap/client"
36LOCATION_FMRI="svc:/network/location:default"
37MAPID_FMRI="svc:/network/nfs/mapid:default"
38NIS_CLIENT_FMRI="svc:/network/nis/client"
39NWAM_FMRI="svc:/network/physical:nwam"
40
41# commands
42CP=/usr/bin/cp
43DHCPINFO=/sbin/dhcpinfo
44DOMAINNAME=/usr/bin/domainname
45GREP=/usr/bin/grep
46LDAPCLIENT=/usr/sbin/ldapclient
47MKDIR=/usr/bin/mkdir
48MV=/usr/bin/mv
49NAWK=/usr/bin/nawk
50NWAMADM=/usr/sbin/nwamadm
51NWAMCFG=/usr/sbin/nwamcfg
52RM=/usr/bin/rm
53SED=/usr/bin/sed
54SVCADM=/usr/sbin/svcadm
55SVCCFG=/usr/sbin/svccfg
56SVCPROP=/usr/bin/svcprop
57TOUCH=/usr/bin/touch
58
59# Path to directories
60ETC_DEFAULT_DOMAIN=/etc/defaultdomain
61NIS_BIND_PATH=/var/yp/binding
62LEGACY_LOC_PATH=/etc/nwam/loc/Legacy
63USER_LOC_PATH=/etc/nwam/loc/User
64SCRIPT_PATH=/etc/svc/volatile/nwam
65
66#
67# echoes DHCP controlled interfaces separated by commas
68#
69# Don't parse the output of ifconfig(1M) because interfaces that haven't
70# acquired a DHCP lease also have the DHCP flag set.
71#
72get_dhcp_interfaces () {
73	#
74	# 1. parse netstat(1M) output for v4 interfaces in BOUND
75	#    or INFORMATION state
76	# 2. make a space-separated list of interface names
77	#
78	netstat -D -f inet | $NAWK '
79	    $2 ~ /BOUND/ { printf "%s ", $1 }
80	    $2 ~ /INFORMATION/ { printf "%s ", $1 }'
81}
82
83#
84# get_dhcpinfo <code/identifier>
85#
86# echoes the value received through each interface controlled by DHCP;
87# multiple values are echoed as a space-separated list
88#
89# returns:
90#	0 => property is set
91#	1 => property is not set
92#
93get_dhcpinfo () {
94	code=$1
95
96	# Get all interfaces with DHCP control, IFS is " "
97	interfaces=`get_dhcp_interfaces`
98
99	info=""
100 	for intf in $interfaces; do
101		val=`$DHCPINFO -i $intf $code`
102		if [ $? -eq 0 ]; then
103			if [ "$info" = "" ]; then
104				info="$val"
105			else
106				info="$info $val"
107			fi
108		fi
109 	done
110	echo $info
111}
112
113#
114# set_smf_prop <fmri> <property name> <property value>
115#
116set_smf_prop () {
117	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
118}
119
120#
121# refresh_svc <fmri>
122#
123# Refreshes the service.
124#
125refresh_svc () {
126	$SVCADM refresh $1
127}
128
129#
130# restart_svc <fmri>
131#
132# Restarts the service.
133#
134restart_svc () {
135	$SVCADM restart $1
136}
137
138#
139# start_svc <fmri>
140#
141# Starts the service.  If the service is already enabled, restarts it.  If
142# it is not enabled, temporarily enables it.
143#
144start_svc () {
145	if service_is_enabled $1; then
146		$SVCADM restart $1
147	else
148		$SVCADM enable -t $1
149	fi
150}
151
152#
153# stop_svc <fmri>
154#
155# Temporarily disables the service.
156#
157stop_svc () {
158	$SVCADM disable -t $1
159}
160
161#
162# copy_default <dir> <file>
163#
164# Copies <dir>/<file>.dfl to <dir>/<file>
165#
166copy_default () {
167	$CP -p $1/$2.dfl $1/$2
168}
169
170#
171# do_dns <location>
172#
173# Installs DNS information on /etc/resolv.conf for location
174#
175# Returns 0 on success, 1 on failure
176#
177do_dns () {
178	loc=$1
179	file=/etc/resolv.conf
180
181	# Write out to temporary file first
182	$TOUCH $file.$$
183
184	DNS_CONFIGSRC=`nwam_get_loc_list_prop $loc dns-nameservice-configsrc`
185	if [ -z "$DNS_CONFIGSRC" ]; then
186		echo "missing 'dns-nameservice-configsrc' property for '$loc'"
187		return 1
188	fi
189
190	for configsrc in $DNS_CONFIGSRC; do
191		case "$configsrc" in
192		'manual')
193			DNS_SERVERS=`nwam_get_loc_list_prop $loc \
194			    dns-nameservice-servers`
195			if [ -z "$DNS_SERVERS" ]; then
196				echo "DNS nameserver not set for '$loc'"
197				return 1
198			fi
199			DNS_DOMAIN=`nwam_get_loc_prop $loc \
200			    dns-nameservice-domain`
201			DNS_SEARCH=`nwam_get_loc_list_prop $loc \
202			    dns-nameservice-search`
203			;;
204		'dhcp')
205			DNS_DOMAIN=`get_dhcpinfo DNSdmain`
206			DNS_SERVERS=`get_dhcpinfo DNSserv`
207			# No DNS search info for IPv4
208			;;
209		'*')
210			echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
211			;;
212		esac
213
214		# Write DNS settings
215		if [ -n "$DNS_DOMAIN" ]; then
216			echo "$DNS_DOMAIN" | $NAWK \
217			    '{ for (i = 1; i <= NF; i++) \
218			    print "domain ", $i }' >> $file.$$
219		fi
220		if [ -n "$DNS_SEARCH" ]; then
221			echo "$DNS_SEARCH" | $NAWK \
222                            '{ printf("search"); \
223			    for (i = 1; i <= NF; i++) printf(" %s", $i); \
224			    printf("\n") }' >> $file.$$
225		fi
226		if [ -n "$DNS_SERVERS" ]; then
227			echo "$DNS_SERVERS" | $NAWK \
228			    '{ for (i = 1; i <= NF; i++) \
229			    print "nameserver ", $i }' >> $file.$$
230		fi
231	done
232
233	# Finally, copy our working version to the real thing
234	$MV -f $file.$$ $file
235	start_svc $DNS_CLIENT_FMRI
236
237	return 0
238}
239
240#
241# do_nis <location>
242#
243# Installs NIS information on /var/yp/binding/ for location
244#
245# Returns 0 on success, 1 on failure
246#
247do_nis () {
248	loc=$1
249
250	NIS_CONFIGSRC=`nwam_get_loc_list_prop $loc nis-nameservice-configsrc`
251	if [ -z "$NIS_CONFIGSRC" ]; then
252		echo "missing 'nis-nameservice-configsrc' property for '$loc'"
253		return 1
254	fi
255
256	for configsrc in $NIS_CONFIGSRC; do
257		case "$configsrc" in
258		'manual')
259			NIS_SERVERS=`nwam_get_loc_list_prop $loc \
260			    nis-nameservice-servers`
261			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
262			# user-specified default-domain always wins
263			if [ -n "$DEFAULT_DOMAIN" ]; then
264				$DOMAINNAME $DEFAULT_DOMAIN
265				$DOMAINNAME > $ETC_DEFAULT_DOMAIN
266			else
267				echo "'domainname' not set for '$loc'"
268				return 1
269			fi
270			;;
271		'dhcp')
272			# Use only the first name
273			DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
274			    $NAWK '{ print $1 }'`
275			NIS_SERVERS=`get_dhcpinfo NISservs`
276			$DOMAINNAME $DEFAULT_DOMAIN
277			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
278			;;
279		'*')
280			echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
281			;;
282		esac
283
284		# Place NIS settings in appropriate directory/file.
285		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
286			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
287		fi
288		if [ -n "$NIS_SERVERS" ]; then
289			echo "$NIS_SERVERS" | $NAWK \
290			    '{ for (i = 1; i <= NF; i++) print $i }' \
291			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
292		fi
293	done
294
295	start_svc $NIS_CLIENT_FMRI
296
297	return 0
298}
299
300#
301# do_ldap <location>
302#
303# Installs LDAP information using ldapclient(1M) for location
304#
305# Returns 0 on success, 1 on failure
306#
307do_ldap () {
308	loc=$1
309
310	LDAP_CONFIGSRC=`nwam_get_loc_list_prop $loc ldap-nameservice-configsrc`
311	if [ -z "$LDAP_CONFIGSRC" ]; then
312		echo "missing 'ldap-nameservice-configsrc' property for '$loc'"
313		return 1
314	fi
315
316	for configsrc in $LDAP_CONFIGSRC; do
317		case "$configsrc" in
318		'manual')
319			LDAP_SERVERS=`nwam_get_loc_list_prop $loc \
320			    ldap-nameservice-servers`
321			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
322			if [ -z $LDAP_SERVERS -o -z $DEFAULT_DOMAIN ]; then
323				echo "LDAP configuration could not be set "\
324				    "for '$loc'"
325				return 1
326			fi
327			$DOMAINNAME $DEFAULT_DOMAIN
328			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
329			;;
330		'*')
331			echo "Invalid LDAP configsrc ${configsrc}; ignoring"
332			;;
333		esac
334
335		# Use ldapclient(1M) to initialize LDAP client settings.
336		if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
337			$LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
338			    $LDAP_SERVERS
339		fi
340	done
341
342	start_svc $LDAP_CLIENT_FMRI
343
344	return 0
345}
346
347#
348# do_ns <location>
349#
350# Installs different nameservices for location
351#
352# Returns 0 on success, 1 on failure
353#
354do_ns () {
355	loc=$1
356
357	#
358	# Disable nameservices temporarily while we reconfigure.  Copy
359	# /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
360	# are used.
361	#
362	$CP -p /etc/nsswitch.files /etc/nsswitch.conf
363	stop_svc $DNS_CLIENT_FMRI
364	stop_svc $NIS_CLIENT_FMRI
365	stop_svc $LDAP_CLIENT_FMRI
366
367	#
368	# Remove /etc/defaultdomain and unset domainname(1M).  If NIS
369	# and/or LDAP is configured, they will create /etc/defaultdomain
370	# and set the domainname(1M).
371	#
372	$RM -f $ETC_DEFAULT_DOMAIN
373	$DOMAINNAME " "
374
375	NAMESERVICES=`nwam_get_loc_list_prop $loc nameservices`
376	if [ -z "$NAMESERVICES" ]; then
377		echo "missing 'nameservices' property for location '$loc'"
378		return 1
379	fi
380
381	NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
382	    $loc nameservices-config-file`
383	if [ -z "$NAMESERVICES_CONFIG_FILE" ]; then
384		echo "missing 'nameservices-config-file' property for '$loc'"
385		return 1
386	fi
387	$CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
388
389	for ns in $NAMESERVICES; do
390		case "$ns" in
391		'files')
392			# no additional setup needed for files nameservice
393			;;
394		'dns')
395			do_dns $loc || return 1
396			;;
397		'nis')
398			do_nis $loc || return 1
399			;;
400		'ldap')
401			do_ldap $loc || return 1
402			;;
403		'*')
404			echo "Unrecognized nameservices value ${ns}; ignoring"
405			;;
406		esac
407	done
408
409	#
410	# Restart other related services
411	#
412	# We explicitly restart here, as restart will only have an
413	# effect if the service is already enabled.  We don't want
414	# to enable the service if it's currently disabled.
415	#
416	restart_svc $AUTOFS_FMRI
417
418	return 0
419}
420
421#
422# do_sec <location>
423#
424# If config properties are set, update the SMF property and refresh the
425# service.  If config properties are not set, delete the SMF property and
426# stop the service.
427#
428# Returns 0 on success, 1 on failure
429#
430do_sec () {
431	loc=$1
432
433	ike_file=`nwam_get_loc_prop $loc ike-config-file`
434	pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
435	ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
436	ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
437	ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
438	ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
439
440	# IKE
441	if [ -n "$ike_file" ]; then
442		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
443		refresh_svc $IPSEC_IKE_FMRI
444		start_svc $IPSEC_IKE_FMRI
445	else
446		stop_svc $IPSEC_IKE_FMRI
447	fi
448
449	# IPsec
450	if [ -n "$pol_file" ]; then
451		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
452		refresh_svc $IPSEC_POLICY_FMRI
453		start_svc $IPSEC_POLICY_FMRI
454	else
455		stop_svc $IPSEC_POLICY_FMRI
456	fi
457
458	# IPFilter
459	refresh_ipf=false
460	if [ -n "$ipf_file" ]; then
461		if [ "$ipf_file" = "/none" ]; then
462			set_smf_prop $IPFILTER_FMRI \
463			    firewall_config_default/policy "none"
464		elif [ "$ipf_file" = "/deny" ]; then
465			set_smf_prop $IPFILTER_FMRI \
466			    firewall_config_default/policy "deny"
467		elif [ "$ipf_file" = "/allow" ]; then
468			set_smf_prop $IPFILTER_FMRI \
469			    firewall_config_default/policy "allow"
470		else
471			# custom policy with policy file
472			set_smf_prop $IPFILTER_FMRI \
473			    firewall_config_default/policy "custom"
474			set_smf_prop $IPFILTER_FMRI \
475			    firewall_config_default/custom_policy_file $ipf_file
476		fi
477		refresh_ipf=true
478	else
479		# change policy to "none", no need to clear custom_policy_file
480		set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
481		    "none"
482		# IPFilter has to be refreshed to make the changes effective.
483		# Don't set $refresh_ipf as it keeps IPFilter online rather
484		# than disabled.  Refresh after IPFilter is disabled below.
485	fi
486	if [ -n "$ipf6_file" ]; then
487		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
488		refresh_ipf=true
489	fi
490	if [ -n "$ipnat_file" ]; then
491		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
492		refresh_ipf=true
493	fi
494	if [ -n "$ippool_file" ]; then
495		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
496		    $ippool_file
497		refresh_ipf=true
498	fi
499
500	if [ "$refresh_ipf" = "true" ]; then
501		refresh_svc $IPFILTER_FMRI
502		start_svc $IPFILTER_FMRI
503	else
504		stop_svc $IPFILTER_FMRI
505		refresh_svc $IPFILTER_FMRI
506	fi
507
508	return 0
509}
510
511#
512# do_nfsv4 <location>
513#
514# Updates NFSv4 domain for location in SMF
515#
516# Returns 0 on success, 1 on failure
517#
518do_nfsv4 () {
519	loc=$1
520
521	nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
522	if [ $? -eq 0 ]; then
523		set_smf_prop $MAPID_FMRI \
524		    nfs-props/nfsmapid_domain $nfsv4domain
525		start_svc $MAPID_FMRI
526	else
527		stop_svc $MAPID_FMRI
528	fi
529
530	return 0
531}
532
533#
534# activate_loc <location>
535#
536# Activates the given location
537#
538# Returns 0 on success, 1 on failure
539#
540activate_loc () {
541	loc=$1
542
543	echo activating $loc location
544
545	#
546	# if we fail to complete any part of the config,
547	# stop activation work and report failure.
548	#
549	do_sec $loc && do_ns $loc && do_nfsv4 $loc && return 0
550	return 1
551}
552
553#
554# Script entry point
555#
556# Arguments to net-loc are
557#	method ('start' or 'refresh')
558
559#
560# If nwam is not enabled, do nothing and return OK.
561#
562service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
563
564#
565# In a shared-IP zone we need this service to be up, but all of the work
566# it tries to do is irrelevant (and will actually lead to the service
567# failing if we try to do it), so just bail out.
568# In the global zone and exclusive-IP zones we proceed.
569#
570smf_configure_ip || exit $SMF_EXIT_OK
571
572case "$1" in
573
574'start')
575	#
576	# We need to create the default (NoNet and Automatic)
577	# locations, if they don't already exist.  So: first check
578	# for the existence of each, and then run the appropriate
579	# nwamcfg script(s) as needed. Restart nwamd if a location is
580	# created, as it needs to read it in.
581	#
582	LOC_CREATED="false"
583	$NWAMCFG list loc Automatic >/dev/null 2>&1
584	if [ $? -eq 1 ]; then
585		$NWAMCFG -f /etc/nwam/loc/create_loc_auto
586		LOC_CREATED="true"
587	fi
588
589	$NWAMCFG list loc NoNet >/dev/null 2>&1
590	if [ $? -eq 1 ]; then
591		NONETPATH=/etc/nwam/loc/NoNet
592		NONETFILES="ipf.conf ipf6.conf"
593		for file in $NONETFILES; do
594			copy_default $NONETPATH $file
595		done
596		$NWAMCFG -f /etc/nwam/loc/create_loc_nonet
597		LOC_CREATED="true"
598	fi
599
600	if [ "$LOC_CREATED" = "true" ]; then
601		refresh_svc $NWAM_FMRI
602	fi
603
604	# location selection/activation happens below
605	;;
606
607'refresh')
608
609	# location selection/activation happens below
610	;;
611
612*)
613	echo "Usage: $0 start|refresh"
614	exit 1
615	;;
616
617esac
618
619#
620# If the Legacy location doesn't exist and the file to create the Legacy
621# location exists, create the Legacy location.  Make a copy of it as the user's
622# intentions before upgrade.  Then activate the User location if nis is
623# involved.  Because NIS affects more parts of the system (e.g. automounts) we
624# are not willing to make NIS part of the Automatic location (i.e. enable it
625# automatically based on external input) as we do with DHCP-driven DNS.
626#
627activate_user_loc=0
628$NWAMCFG list loc Legacy >/dev/null 2>&1
629if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
630	#
631	# We built the script in and pointing to /etc/svc/volatile because we
632	# may not have a writable filesystem in net-nwam.  So here we move the
633	# components and rewrite the script to point at the writable filesystem.
634	#
635	$CP -r $SCRIPT_PATH/Legacy /etc/nwam/loc
636	$MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
637	$SED -e's,$SCRIPT_PATH/Legacy,$LEGACY_LOC_PATH,' \
638	    $SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
639	$RM -f $SCRIPT_PATH/vcreate_loc_legacy
640	$NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
641	loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
642	    2>/dev/null`
643	if [ $? -eq 1 ]; then
644		#
645		# We are rewriting configuration variables from the Legacy
646		# location to the User location.  Use variable ULP to keep REs
647		# within a line.
648		#
649		ULP=$USER_LOC_PATH
650		$SED -e's,Legacy,User,' \
651		    -e's,activation-mode=system,activation-mode=manual,' \
652		    -e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
653		    -e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
654		    -e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
655		    -e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
656		    -e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
657		    -e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
658		    $SCRIPT_PATH/create_loc_legacy | \
659			$SED -e's,/etc/nwam/loc/User/none,/none,' \
660			-e's,/etc/nwam/loc/User/allow,/allow,' \
661			-e's,/etc/nwam/loc/User/deny,/deny,' \
662			>$SCRIPT_PATH/create_loc_user
663		#
664		# We are creating the User location here.  The User location
665		# is an appromixation of the machine configuration when the
666		# user change or upgraded to this version of NWAM.  First
667		# we make sure there isn't an existing User location or any
668		# existing User location data.  We then copy all the data
669		# from the Legacy location and create a location pointing at
670		# that data.  Lastly we create a version property to note
671		# that we have done this.
672		#
673		$NWAMCFG destroy loc User 2>/dev/null
674		$RM -rf $USER_LOC_PATH
675		$CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
676		$RM -f $USER_LOC_PATH/resolv.conf
677		$NWAMCFG -f $SCRIPT_PATH/create_loc_user
678		# The User location is activated if 'nis' is in a non comment
679		# line of nsswitch.conf.
680		$GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
681		    $SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
682		if [ $? -eq 0 ]; then
683			activate_user_loc=1
684		fi
685		$SVCCFG -s $SMF_FMRI addpg location_upgrade application \
686		    2>/dev/null
687		$SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
688		    astring: "1"
689	fi
690fi
691
692#
693# Activate a location.  If we've just finished upgrading, and
694# the User location should be activated, do that (and use nwamadm
695# to do so, so the enabled property gets set and nwamd knows this
696# selection has been made).  Otherwise, if our location/selected
697# property has a value, we activate that location; else we activate
698# the NoNet location as a default value.
699#
700if [ $activate_user_loc -eq 1 ]; then
701	$NWAMADM enable -p loc User
702else
703	sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
704	if [ $? -eq 1 ]; then
705		# location hasn't been selected; default to NoNet
706		activate_loc NoNet
707	else
708		#
709		# If the selected location does not exist, or if we fail
710		# to activate it completely, we fall back to the NoNet
711		# location.  Also poke nwamd, so it will check conditions
712		# for a better choice.
713		#
714		$NWAMCFG list loc $sel_loc >/dev/null 2>&1
715		if [ $? -eq 1 ]; then
716			echo "location '$sel_loc' doesn't exist"
717			activate_loc NoNet
718			refresh_svc $NWAM_FMRI
719		else
720			# activate selected location
721			if ! activate_loc $sel_loc; then
722				echo "failed to activate '$sel_loc'"
723				activate_loc NoNet
724				refresh_svc $NWAM_FMRI
725			fi
726		fi
727	fi
728fi
729
730exit $SMF_EXIT_OK
731