xref: /titanic_44/usr/src/cmd/svc/milestone/net-loc (revision a31148363f598def767ac48c5d82e1572e44b935)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26
27. /lib/svc/share/smf_include.sh
28. /lib/svc/share/net_include.sh
29
30# FMRI consts
31AUTOFS_FMRI="svc:/system/filesystem/autofs"
32DNS_CLIENT_FMRI="svc:/network/dns/client"
33IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
34IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
35IPFILTER_FMRI="svc:/network/ipfilter:default"
36LDAP_CLIENT_FMRI="svc:/network/ldap/client"
37LOCATION_FMRI="svc:/network/location:default"
38MAPID_FMRI="svc:/network/nfs/mapid:default"
39NIS_CLIENT_FMRI="svc:/network/nis/client"
40NWAM_FMRI="svc:/network/physical:nwam"
41
42# commands
43CP=/usr/bin/cp
44DHCPINFO=/sbin/dhcpinfo
45DOMAINNAME=/usr/bin/domainname
46GREP=/usr/bin/grep
47LDAPCLIENT=/usr/sbin/ldapclient
48MKDIR=/usr/bin/mkdir
49MV=/usr/bin/mv
50NAWK=/usr/bin/nawk
51NWAMADM=/usr/sbin/nwamadm
52NWAMCFG=/usr/sbin/nwamcfg
53RM=/usr/bin/rm
54SED=/usr/bin/sed
55SVCADM=/usr/sbin/svcadm
56SVCCFG=/usr/sbin/svccfg
57SVCPROP=/usr/bin/svcprop
58TOUCH=/usr/bin/touch
59
60# Path to directories
61ETC_DEFAULT_DOMAIN=/etc/defaultdomain
62NIS_BIND_PATH=/var/yp/binding
63LEGACY_LOC_PATH=/etc/nwam/loc/Legacy
64USER_LOC_PATH=/etc/nwam/loc/User
65SCRIPT_PATH=/etc/svc/volatile/nwam
66
67#
68# echoes DHCP controlled interfaces separated by commas
69#
70# Don't parse the output of ifconfig(1M) because interfaces that haven't
71# acquired a DHCP lease also have the DHCP flag set.
72#
73get_dhcp_interfaces () {
74	#
75	# 1. parse netstat(1M) output for v4 interfaces in BOUND
76	#    or INFORMATION state
77	# 2. make a space-separated list of interface names
78	#
79	netstat -D -f inet | $NAWK '
80	    $2 ~ /BOUND/ { printf "%s ", $1 }
81	    $2 ~ /INFORMATION/ { printf "%s ", $1 }'
82}
83
84#
85# get_dhcpinfo <code/identifier>
86#
87# echoes the value received through each interface controlled by DHCP
88# returns:
89#	0 => property is set
90#	1 => property is not set
91#
92get_dhcpinfo () {
93	code=$1
94
95	# Get all interfaces with DHCP control, IFS is " "
96	interfaces=`get_dhcp_interfaces`
97
98	info=""
99 	for intf in $interfaces; do
100		val=`$DHCPINFO -i $intf $code`
101		if [ $? -eq 0 ]; then
102			if [ "$info" = "" ]; then
103				info="$val"
104			else
105				info="$info,$val"
106			fi
107		fi
108 	done
109	echo $info
110}
111
112#
113# set_smf_prop <fmri> <property name> <property value>
114#
115set_smf_prop () {
116	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
117}
118
119#
120# refresh_svc <fmri>
121#
122# Refreshes the service.
123#
124refresh_svc () {
125	$SVCADM refresh $1
126}
127
128#
129# restart_svc <fmri>
130#
131# Restarts the service.
132#
133restart_svc () {
134	$SVCADM restart $1
135}
136
137#
138# start_svc <fmri>
139#
140# Starts the service.  If the service is already enabled, restarts it.  If
141# it is not enabled, temporarily enables it.
142#
143start_svc () {
144	if service_is_enabled $1; then
145		$SVCADM restart $1
146	else
147		$SVCADM enable -t $1
148	fi
149}
150
151#
152# stop_svc <fmri>
153#
154# Temporarily disables the service.
155#
156stop_svc () {
157	$SVCADM disable -t $1
158}
159
160#
161# copy_default <dir> <file>
162#
163# Copies <dir>/<file>.dfl to <dir>/<file>
164#
165copy_default () {
166	$CP -p $1/$2.dfl $1/$2
167}
168
169#
170# do_dns <location>
171#
172# Installs DNS information on /etc/resolv.conf for location
173#
174do_dns () {
175	loc=$1
176	file=/etc/resolv.conf
177
178	# Write out to temporary file first
179	$TOUCH $file.$$
180
181	DNS_CONFIGSRC=`nwam_get_loc_prop $loc dns-nameservice-configsrc`
182	(IFS=" ";
183	for configsrc in $DNS_CONFIGSRC; do
184		case "$configsrc" in
185		'manual')
186			DNS_DOMAIN=`nwam_get_loc_prop $loc \
187			    dns-nameservice-domain`
188			DNS_SERVERS=`nwam_get_loc_prop $loc \
189			    dns-nameservice-servers`
190			DNS_SEARCH=`nwam_get_loc_prop $loc \
191			    dns-nameservice-search`
192			;;
193		'dhcp')
194			DNS_DOMAIN=`get_dhcpinfo DNSdmain`
195			DNS_SERVERS=`get_dhcpinfo DNSserv`
196			# No DNS search info for IPv4
197			;;
198		'*')
199			echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
200			;;
201		esac
202
203		# Write DNS settings
204		if [ -n "$DNS_DOMAIN" ]; then
205			echo "$DNS_DOMAIN" | $NAWK \
206			    'FS="," { for (i = 1; i <= NF; i++) \
207			    print "domain ", $i }' >> $file.$$
208		fi
209		if [ -n "$DNS_SEARCH" ]; then
210			echo "$DNS_SEARCH" | $NAWK \
211                            'FS="," { printf("search"); \
212			    for (i = 1; i <= NF; i++) printf(" %s", $i); \
213			    printf("\n") }' >> $file.$$
214		fi
215		if [ -n "$DNS_SERVERS" ]; then
216			echo "$DNS_SERVERS" | $NAWK \
217			    'FS="," { for (i = 1; i <= NF; i++) \
218			    print "nameserver ", $i }' >> $file.$$
219		fi
220	done
221	)
222	# Finally, copy our working version to the real thing
223	$MV -f $file.$$ $file
224	start_svc $DNS_CLIENT_FMRI
225}
226
227#
228# do_nis <location>
229#
230# Installs NIS information on /var/yp/binding/ for location
231#
232do_nis () {
233	loc=$1
234
235	NIS_CONFIGSRC=`nwam_get_loc_prop $loc nis-nameservice-configsrc`
236	(IFS=" ";
237	domainname_set=false
238	for configsrc in $NIS_CONFIGSRC; do
239		case "$configsrc" in
240		'manual')
241			NIS_SERVERS=`nwam_get_loc_prop $loc \
242			    nis-nameservice-servers`
243			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
244			# user-specified default-domain always wins
245			$DOMAINNAME $DEFAULT_DOMAIN
246			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
247			domainname_set=true
248			;;
249		'dhcp')
250			# Use only the first name
251			DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
252			    $NAWK 'FS="," { print $1 }'`
253			NIS_SERVERS=`get_dhcpinfo NISservs`
254			if [ "$domainname_set" = "false" ]; then
255				$DOMAINNAME $DEFAULT_DOMAIN
256				$DOMAINNAME > $ETC_DEFAULT_DOMAIN
257				domainname_set=true
258			fi
259			;;
260		'*')
261			echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
262			;;
263		esac
264
265		# Place NIS settings in appropriate directory/file.
266		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
267			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
268		fi
269		if [ -n "$NIS_SERVERS" ]; then
270			echo "$NIS_SERVERS" | $NAWK \
271			    'FS="," { for (i = 1; i <= NF; i++) print $i }' \
272			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
273		fi
274	done
275	)
276	start_svc $NIS_CLIENT_FMRI
277}
278
279#
280# do_ldap <location>
281#
282# Installs LDAP information using ldapclient(1M) for location
283#
284do_ldap () {
285	loc=$1
286
287	LDAP_CONFIGSRC=`nwam_get_loc_prop $loc ldap-nameservice-configsrc`
288	(IFS=" ";
289	for configsrc in $LDAP_CONFIGSRC; do
290		case "$configsrc" in
291		'manual')
292			LDAP_SERVERS=`nwam_get_loc_prop $loc \
293			    ldap-nameservice-servers`
294			DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
295			$DOMAINNAME $DEFAULT_DOMAIN
296			$DOMAINNAME > $ETC_DEFAULT_DOMAIN
297			;;
298		'*')
299			echo "Unrecognized LDAP configsrc ${configsrc}; ignoring"
300			;;
301		esac
302
303		# Use ldapclient(1M) to initialize LDAP client settings.
304		if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
305			# XXX need to check how to specify multiple LDAP servers.
306			$LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
307			    $LDAP_SERVERS
308		fi
309	done
310	)
311	start_svc $LDAP_CLIENT_FMRI
312}
313
314#
315# do_ns <location>
316#
317# Installs different nameservices for location
318#
319do_ns () {
320	loc=$1
321
322	#
323	# Disable nameservices temporarily while we reconfigure.  Copy
324	# /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
325	# are used.
326	#
327	$CP -p /etc/nsswitch.files /etc/nsswitch.conf
328	stop_svc $DNS_CLIENT_FMRI
329	stop_svc $NIS_CLIENT_FMRI
330	stop_svc $LDAP_CLIENT_FMRI
331
332	#
333	# Remove /etc/defaultdomain and unset domainname(1M).  If NIS
334	# and/or LDAP is configured, they will create /etc/defaultdomain
335	# and set the domainname(1M).
336	#
337	$RM -f $ETC_DEFAULT_DOMAIN
338	$DOMAINNAME " "
339
340	NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
341	    $loc nameservices-config-file`
342	NAMESERVICES=`nwam_get_loc_prop $loc nameservices`
343
344	if [ -f "$NAMESERVICES_CONFIG_FILE" ]; then
345		$CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
346	else
347		echo "Failed to activate location ${loc}:\
348		    missing nameservices-config-file property"
349		exit $SMF_EXIT_ERR_CONFIG
350	fi
351
352	(IFS=,;
353	for ns in $NAMESERVICES; do
354		case "$ns" in
355		'files')
356			# no additional setup needed for files nameservice
357			;;
358		'dns')
359			do_dns $loc
360			;;
361		'nis')
362			do_nis $loc
363			;;
364		'ldap')
365			do_ldap $loc
366			;;
367		'*')
368			echo "Unrecognized nameservices value ${ns}; ignoring"
369			;;
370		esac
371	done
372	)
373
374	#
375	# Restart other related services
376	#
377	# We explicitly restart here, as restart will only have an
378	# effect if the service is already enabled.  We don't want
379	# to enable the service if it's currently disabled.
380	#
381	restart_svc $AUTOFS_FMRI
382}
383
384#
385# do_sec <location>
386#
387# If config properties are set, update the SMF property and refresh the
388# service.  If config properties are not set, delete the SMF property and
389# stop the service.
390#
391do_sec () {
392	loc=$1
393
394	ike_file=`nwam_get_loc_prop $loc ike-config-file`
395	pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
396	ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
397	ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
398	ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
399	ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
400
401	# IKE
402	if [ -n "$ike_file" ]; then
403		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
404		refresh_svc $IPSEC_IKE_FMRI
405		start_svc $IPSEC_IKE_FMRI
406	else
407		stop_svc $IPSEC_IKE_FMRI
408	fi
409
410	# IPsec
411	if [ -n "$pol_file" ]; then
412		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
413		refresh_svc $IPSEC_POLICY_FMRI
414		start_svc $IPSEC_POLICY_FMRI
415	else
416		stop_svc $IPSEC_POLICY_FMRI
417	fi
418
419	# IPFilter
420	refresh_ipf=false
421	if [ -n "$ipf_file" ]; then
422		if [ "$ipf_file" = "/none" ]; then
423			set_smf_prop $IPFILTER_FMRI \
424			    firewall_config_default/policy "none"
425		elif [ "$ipf_file" = "/deny" ]; then
426			set_smf_prop $IPFILTER_FMRI \
427			    firewall_config_default/policy "deny"
428		elif [ "$ipf_file" = "/allow" ]; then
429			set_smf_prop $IPFILTER_FMRI \
430			    firewall_config_default/policy "allow"
431		else
432			# custom policy with policy file
433			set_smf_prop $IPFILTER_FMRI \
434			    firewall_config_default/policy "custom"
435			set_smf_prop $IPFILTER_FMRI \
436			    firewall_config_default/custom_policy_file $ipf_file
437		fi
438		refresh_ipf=true
439	else
440		# change policy to "none", no need to clear custom_policy_file
441		set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
442		    "none"
443		# IPFilter has to be refreshed to make the changes effective.
444		# Don't set $refresh_ipf as it keeps IPFilter online rather
445		# than disabled.  Refresh after IPFilter is disabled below.
446	fi
447	if [ -n "$ipf6_file" ]; then
448		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
449		refresh_ipf=true
450	fi
451	if [ -n "$ipnat_file" ]; then
452		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
453		refresh_ipf=true
454	fi
455	if [ -n "$ippool_file" ]; then
456		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
457		    $ippool_file
458		refresh_ipf=true
459	fi
460
461	if [ "$refresh_ipf" = "true" ]; then
462		refresh_svc $IPFILTER_FMRI
463		start_svc $IPFILTER_FMRI
464	else
465		stop_svc $IPFILTER_FMRI
466		refresh_svc $IPFILTER_FMRI
467	fi
468}
469
470#
471# update_nfs_file <new nfsv4 domain>
472#
473update_nfs_file () {
474	domain=$1
475	file=/etc/default/nfs
476
477	#
478	# For non-commented-out lines that set NFSMAPID_DOMAIN:
479	#	if not previously added by nwam, comment out with a note
480	#	if previously added by nwam, remove
481	# For commented-out lines that set NFSMAPID_DOMAIN:
482	#	if not commented out by NWAM, leave as-is
483	#	if commented out by NWAM, remove
484	# All other lines: leave as-is
485	#
486	$NAWK ' \
487		$0 ~ /^NFSMAPID_DOMAIN=/ {
488			if (index($0, "# Added by NWAM") == 0)
489				printf("#%s # Commented out by NWAM\n", $0);
490		}
491		$0 ~ /^#NFSMAPID_DOMAIN=/ {
492			if ($0 !~ /"# Commented out by NWAM"/)
493				printf("%s\n", $0);
494		}
495		$1 !~ /NFSMAPID_DOMAIN=/ {
496			printf("%s\n", $0);
497		}' $file >$file.$$
498
499	# Now add the desired value
500	echo "NFSMAPID_DOMAIN=$domain # Added by NWAM" >> $file.$$
501
502	# Finally, copy our working version to the real thing
503	$MV -f $file.$$ $file
504}
505
506#
507# do_nfsv4 <location>
508#
509# Updates NFSv4 domain for location
510#
511do_nfsv4 () {
512	loc=$1
513
514	nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
515	if [ $? -eq 0 ]; then
516		update_nfs_file $nfsv4domain
517		start_svc $MAPID_FMRI
518	else
519		stop_svc $MAPID_FMRI
520	fi
521}
522
523#
524# activate_loc <location>
525#
526# Activates the given location
527#
528activate_loc () {
529	loc=$1
530
531	echo activating $loc location
532
533	do_sec $loc
534	do_ns $loc
535	do_nfsv4 $loc
536}
537
538#
539# Script entry point
540#
541# Arguments to net-loc are
542#	method ('start' or 'refresh')
543
544#
545# If nwam is not enabled, do nothing and return OK.
546#
547service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
548
549#
550# In a shared-IP zone we need this service to be up, but all of the work
551# it tries to do is irrelevant (and will actually lead to the service
552# failing if we try to do it), so just bail out.
553# In the global zone and exclusive-IP zones we proceed.
554#
555smf_configure_ip || exit $SMF_EXIT_OK
556
557case "$1" in
558
559'start')
560	#
561	# We need to create the default (NoNet and Automatic)
562	# locations, if they don't already exist.  So: first check
563	# for the existence of each, and then run the appropriate
564	# nwamcfg script(s) as needed. Restart nwamd if a location is
565	# created, as it needs to read it in.
566	#
567	LOC_CREATED="false"
568	$NWAMCFG list loc Automatic >/dev/null 2>&1
569	if [ $? -eq 1 ]; then
570		$NWAMCFG -f /etc/nwam/loc/create_loc_auto
571		LOC_CREATED="true"
572	fi
573
574	$NWAMCFG list loc NoNet >/dev/null 2>&1
575	if [ $? -eq 1 ]; then
576		NONETPATH=/etc/nwam/loc/NoNet
577		NONETFILES="ipf.conf ipf6.conf"
578		for file in $NONETFILES; do
579			copy_default $NONETPATH $file
580		done
581		$NWAMCFG -f /etc/nwam/loc/create_loc_nonet
582		LOC_CREATED="true"
583	fi
584
585	if [ "$LOC_CREATED" = "true" ]; then
586		refresh_svc $NWAM_FMRI
587	fi
588
589	# location selection/activation happens below
590	;;
591
592'refresh')
593
594	# location selection/activation happens below
595	;;
596
597*)
598	echo "Usage: $0 start|refresh"
599	exit 1
600	;;
601
602esac
603
604#
605# If the Legacy location doesn't exist and the file to create the Legacy
606# location exists, create the Legacy location.  Make a copy of it as the user's
607# intentions before upgrade.  Then activate the User location if nis is
608# involved.  Because NIS affects more parts of the system (e.g. automounts) we
609# are not willing to make NIS part of the Automatic location (i.e. enable it
610# automatically based on external input) as we do with DHCP-driven DNS.
611#
612activate_user_loc=0
613$NWAMCFG list loc Legacy >/dev/null 2>&1
614if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
615	#
616	# We built the script in and pointing to /etc/svc/volatile because we
617	# may not have a writable filesystem in net-nwam.  So here we move the
618	# components and rewrite the script to point at the writable filesystem.
619	#
620	$CP -r $SCRIPT_PATH/Legacy $LEGACY_LOC_PATH
621	$MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
622	$SED -e's,/etc/svc/volatile/nwam/Legacy,/etc/nwam/loc/Legacy,' \
623	    $SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
624	$NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
625	loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
626	    2>/dev/null`
627	if [ $? -eq 1 ]; then
628		#
629		# We are rewriting configuration variables from the Legacy
630		# location to the User location.  Use variable ULP to keep REs
631		# within a line.
632		#
633		ULP=$USER_LOC_PATH
634		$SED -e's,Legacy,User,' \
635		    -e's,activation-mode=system,activation-mode=manual,' \
636		    -e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
637		    -e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
638		    -e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
639		    -e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
640		    -e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
641		    -e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
642		    $SCRIPT_PATH/create_loc_legacy | \
643			$SED -e's,/etc/nwam/loc/User/none,/none,' \
644			-e's,/etc/nwam/loc/User/allow,/allow,' \
645			-e's,/etc/nwam/loc/User/deny,/deny,' \
646			>$SCRIPT_PATH/create_loc_user
647		#
648		# We are creating the User location here.  The User location
649		# is an appromixation of the machine configuration when the
650		# user change or upgraded to this version of NWAM.  First
651		# we make sure there isn't an existing User location or any
652		# existing User location data.  We then copy all the data
653		# from the Legacy location and create a location pointing at
654		# that data.  Lastly we create a version property to note
655		# that we have done this.
656		#
657		$NWAMCFG destroy loc User 2>/dev/null
658		$RM -rf $USER_LOC_PATH
659		$CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
660		$RM -f $USER_LOC_PATH/resolv.conf
661		$NWAMCFG -f $SCRIPT_PATH/create_loc_user
662		# The User location is activated if 'nis' is in a non comment
663		# line of nsswitch.conf.
664		$GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
665		    $SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
666		if [ $? -eq 0 ]; then
667			activate_user_loc=1
668		fi
669		$SVCCFG -s $SMF_FMRI addpg location_upgrade application \
670		    2>/dev/null
671		$SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
672		    astring: "1"
673	fi
674fi
675
676#
677# Activate a location.  If we've just finished upgrading, and
678# the User location should be activated, do that (and use nwamadm
679# to do so, so the enabled property gets set and nwamd knows this
680# selection has been made).  Otherwise, if our location/selected
681# property has a value, we activate that location; else we activate
682# the NoNet location as a default value.
683#
684if [ $activate_user_loc -eq 1 ]; then
685	$NWAMADM enable -p loc User
686else
687	sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
688	if [ $? -eq 1 ]; then
689		# location hasn't been selected; default to NoNet
690		activate_loc NoNet
691	else
692		# activate selected location
693		activate_loc $sel_loc
694	fi
695fi
696
697exit $SMF_EXIT_OK
698