xref: /titanic_50/usr/src/cmd/svc/milestone/net-nwam (revision 80c94ecd7a524eb933a4bb221a9618b9dc490e76)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
24# Copyright 2012 Milan Jurik. All rights reserved.
25#
26
27. /lib/svc/share/smf_include.sh
28. /lib/svc/share/net_include.sh
29
30# FMRI constants
31IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
32IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
33IPFILTER_FMRI="svc:/network/ipfilter:default"
34NIS_CLIENT_FMRI="svc:/network/nis/client:default"
35NET_PHYS_FMRI="svc:/network/physical:default"
36NET_NWAM_FMRI="svc:/network/physical:nwam"
37NET_LOC_FMRI="svc:/network/location:default"
38NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
39
40#
41# Default *.conf files
42# Set appropriate config SMF property to these files when NWAM is stopped
43# and corresponding config properties in the Legacy location are emtpy
44#
45IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
46IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
47IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
48IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
49IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
50
51# commands
52BASENAME=/usr/bin/basename
53CAT=/usr/bin/cat
54CP=/usr/bin/cp
55DOMAINNAME=/usr/bin/domainname
56GREP=/usr/bin/grep
57LDAPCLIENT=/usr/sbin/ldapclient
58MKDIR=/usr/bin/mkdir
59MKFIFO=/usr/bin/mkfifo
60NAWK=/usr/bin/nawk
61NWAMCFG=/usr/sbin/nwamcfg
62RM=/usr/bin/rm
63SVCADM=/usr/sbin/svcadm
64SVCCFG=/usr/sbin/svccfg
65SVCPROP=/usr/bin/svcprop
66
67# Path to directories
68# We don't have a writable file system so we write to /etc/svc/volatile and
69# then later copy anything interesting to /etc/nwam.
70VOL_NWAM_PATH=/etc/svc/volatile/nwam
71VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
72PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
73NIS_BIND_PATH=/var/yp/binding
74
75#
76# copy_to_legacy_loc <file>
77#
78# Copies the file to the Legacy location directory
79# (in /etc/svc/volatile/nwam/Legacy)
80#
81copy_to_legacy_loc() {
82	$MKDIR -p $VOL_LEGACY_PATH
83	if [ -f "$1" ]; then
84		$CP -p $1 $VOL_LEGACY_PATH
85	fi
86}
87
88#
89# copy_from_legacy_loc <destination file>
90#
91# Copies file with the same name from Legacy location
92# (in /etc/nwam/loc/Legacy) to the given destination file
93#
94copy_from_legacy_loc () {
95	DEST_DIR=`/usr/bin/dirname $1`
96	SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`"
97
98	# Make destination directory if needed
99	if [ ! -d "$DEST_DIR" ]; then
100		$MKDIR -p $DEST_DIR
101	fi
102
103	if [ -f "$SRC_FILE" ]; then
104		$CP -p $SRC_FILE $DEST_DIR
105	fi
106}
107
108#
109# write_loc_prop <property> <value> <file>
110#
111# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
112#
113write_loc_prop () {
114	prop=$1
115	val=$2
116	file=$3
117
118	if [ -n "$val" -a -n "$file" ]; then
119		echo "set $prop=$val" >> $file
120	fi
121}
122
123#
124# set_smf_prop <fmri> <property name> <property value>
125#
126set_smf_prop () {
127	$SVCCFG -s $1 setprop $2 = astring: "$3" && return
128}
129
130#
131# get_smf_prop <fmri> <property name>
132#
133get_smf_prop () {
134	$SVCPROP -p $2 $1
135}
136
137#
138# Creates Legacy location from the current configuration
139#
140create_legacy_loc () {
141	CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy
142
143	#
144	# Write nwamcfg commands to create Legacy location to
145	# $CREATE_LOC_LEGACY_FILE as values for properties are determined
146	# Note that some of the *_CONFIG_FILE variables point at copies of
147	# files we've made and others indicate where those copies should be
148	# if we are enabling the location.
149	#
150	echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
151	write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
152
153	NAMESERVICES=""
154	NAMESERVICES_CONFIG_FILE=""
155	DNS_NAMESERVICE_CONFIGSRC=""
156	DNS_NAMESERVICE_DOMAIN=""
157	DNS_NAMESERVICE_SERVERS=""
158	DNS_NAMESERVICE_SEARCH=""
159	NIS_NAMESERVICE_CONFIGSRC=""
160	NIS_NAMESERVICE_SERVERS=""
161	LDAP_NAMESERVICE_CONFIGSRC=""
162	LDAP_NAMESERVICE_SERVERS=""
163	DEFAULT_DOMAIN=""
164
165	# Copy /etc/nsswitch.conf file
166	copy_to_legacy_loc /etc/nsswitch.conf
167	NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
168
169	# Gather DNS info from resolv.conf if present.
170	if [ -f /etc/resolv.conf ]; then
171		NAMESERVICES="dns,"
172		$GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
173		if [ $? -eq 0 ]; then
174			DNS_NAMESERVICE_CONFIGSRC="dhcp"
175		else
176			DNS_NAMESERVICE_CONFIGSRC="manual"
177			DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
178			    print $2 }' < /etc/resolv.conf`
179			DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
180			    { printf "%s,", $2 }' < /etc/resolv.conf`
181			DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
182			    { printf "%s,", $2 }' < /etc/resolv.conf`
183			copy_to_legacy_loc /etc/resolv.conf
184		fi
185	fi
186
187	# Gather NIS info from appropriate file if present.
188	if service_is_enabled $NIS_CLIENT_FMRI; then
189		NAMESERVICES="${NAMESERVICES}nis,"
190		NIS_NAMESERVICE_CONFIGSRC="manual"
191		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
192
193		yp_servers=`$NAWK '{ printf "%s ", $1 }' \
194		    < $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
195		for serv in $yp_servers; do
196			if is_valid_addr $serv; then
197				addr="$serv,"
198			else
199				addr=`$GREP -iw $serv /etc/inet/hosts | \
200				    $NAWK '{ printf "%s,", $1 }'`
201			fi
202			NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
203		done
204	fi
205
206	# Gather LDAP info via ldapclient(1M).
207	if [ -f /var/ldap/ldap_client_file ]; then
208		copy_to_legacy /var/ldap/ldap_client_file
209		NAMESERVICES="${NAMESERVICES}ldap,"
210		LDAP_NAMESERVICE_CONFIGSRC="manual"
211		LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
212		    $NAWK '$1 == "preferredServerList:" { print $2 }'`
213		DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
214	fi
215
216	# Now, write nwamcfg commands for nameservices
217	write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
218 	write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
219 	    $CREATE_LOC_LEGACY_FILE
220	write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
221	    $CREATE_LOC_LEGACY_FILE
222	write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
223 	    $CREATE_LOC_LEGACY_FILE
224	write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
225	    $CREATE_LOC_LEGACY_FILE
226	write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
227	    $CREATE_LOC_LEGACY_FILE
228	write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
229	    $CREATE_LOC_LEGACY_FILE
230	write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
231	    $CREATE_LOC_LEGACY_FILE
232	write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
233	    $CREATE_LOC_LEGACY_FILE
234	write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
235	    $CREATE_LOC_LEGACY_FILE
236	write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
237
238	# Retrieve NFSv4 domain from SMF.
239	if service_is_enabled $NFS_MAPID_FMRI; then
240		NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \
241		    nfs-props/nfsmapid_domain`
242		write_loc_prop "nfsv4-domain" \
243		    $NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
244	fi
245
246	IPF_CONFIG_FILE=""
247	IPF6_CONFIG_FILE=""
248	IPNAT_CONFIG_FILE=""
249	IPPOOL_CONFIG_FILE=""
250	IKE_CONFIG_FILE=""
251	IPSEC_POLICY_CONFIG_FILE=""
252
253	#
254	# IPFilter
255	#
256	# If the firewall policy is "custom", simply copy the
257	# custom_policy_file.  If the firewall policy is "none", "allow" or
258	# "deny", save the value as "/<value>".  When reverting back to the
259	# Legacy location, these values will have to be treated as special.
260	#
261	# For all configuration files, copy them to the Legacy directory.
262	# Use the respective properties to remember the original locations
263	# of the files so that they can be copied back there when NWAM is
264	# stopped.
265	#
266	if service_is_enabled $IPFILTER_FMRI; then
267		FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
268		    firewall_config_default/policy`
269		if [ "$FIREWALL_POLICY" = "custom" ]; then
270			IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
271			    firewall_config_default/custom_policy_file`
272			copy_to_legacy_loc $IPF_CONFIG_FILE
273		else
274			# save value as /none, /allow, or /deny
275			IPF_CONFIG_FILE="/$FIREWALL_POLICY"
276		fi
277		IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
278		    config/ipf6_config_file`
279		copy_to_legacy_loc $IPF6_CONFIG_FILE
280
281		IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
282		    config/ipnat_config_file`
283		copy_to_legacy_loc $IPNAT_CONFIG_FILE
284
285		IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
286		    config/ippool_config_file`
287		copy_to_legacy_loc $IPPOOL_CONFIG_FILE
288	fi
289
290	# IKE
291	if service_is_enabled $IPSEC_IKE_FMRI:default; then
292		IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
293		copy_to_legacy_loc $IKE_CONFIG_FILE
294	fi
295
296	# IPsec
297	if service_is_enabled $IPSEC_POLICY_FMRI:default; then
298		IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
299		    config/config_file`
300		copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
301	fi
302
303	if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
304	    -o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
305	    -o -f "$IPF_CONFIG_FILE" \) ]; then
306		write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
307		    $CREATE_LOC_LEGACY_FILE
308	fi
309	if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
310		write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
311		    $CREATE_LOC_LEGACY_FILE
312	fi
313	if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
314		write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
315		    $CREATE_LOC_LEGACY_FILE
316	fi
317	if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
318		write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
319		    $CREATE_LOC_LEGACY_FILE
320	fi
321	if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
322		write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
323		    $CREATE_LOC_LEGACY_FILE
324	fi
325	if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
326	then
327		write_loc_prop "ipsecpolicy-config-file" \
328		    $IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
329	fi
330
331	# End
332	echo "end" >> $CREATE_LOC_LEGACY_FILE
333	# network/location will create the Legacy location with these commands.
334}
335
336#
337# Undoes the effects of the Legacy location creation
338#
339revert_to_legacy_loc () {
340	$SVCADM disable dns/client
341	$SVCADM disable nis/client
342	$SVCADM disable ldap/client
343
344	# copy nsswitch.conf to /etc/nsswitch.conf
345	copy_from_legacy_loc /etc/nsswitch.conf
346
347	# DNS - copy resolv.conf to /etc/resolv.conf
348	if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
349		copy_from_legacy_loc /etc/resolv.conf
350	        $SVCADM enable dns/client
351	fi
352
353	# set /etc/defaultdomain and domainname(1M)
354	DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
355	if [ -n "$DEFAULT_DOMAIN" ]; then
356		$DOMAINNAME $DEFAULT_DOMAIN
357		$DOMAINNAME > /etc/defaultdomain
358	fi
359
360	# NIS - directory and ypserver in /var/yp/binding/
361	NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
362	NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
363	if [ -n "$NIS_CONFIGSRC" ]; then
364		if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
365			$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
366		fi
367		if [ -n "$NIS_SERVERS" ]; then
368			echo "$NIS_SERVERS" | $NAWK \
369			    'FS="," { for (i = 1; i <= NF; i++) print $i }' \
370			    > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
371		fi
372		$SVCADM enable nis/client
373	fi
374
375	# LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
376	if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
377		copy_from_legacy_loc /var/ldap/ldap_client_file
378		$SVCADM enable ldap/client
379	fi
380
381	# Copy back nfs NFSMAPID_DOMAIN
382	NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
383	if [ -n "$NFSMAPID_DOMAIN" ]; then
384		set_smf_prop $NFS_MAPID_FMRI \
385		    nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
386		$SVCADM refresh $NFS_MAPID_FMRI
387		$SVCADM enable $NFS_MAPID_FMRI
388	fi
389
390	# IPFilter, IPsec, and IKE
391	ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
392	ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
393	ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
394	ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
395	ike_file=`nwam_get_loc_prop Legacy ike-config-file`
396	pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
397
398	if [ -n "$ike_file" ]; then
399		copy_from_legacy_loc $ike_file
400		set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
401		$SVCADM refresh $IPSEC_IKE_FMRI
402		$SVCADM enable $IPSEC_IKE_FMRI
403	else
404		set_smf_prop $IPSEC_IKE_FMRI config/config_file \
405		    $IPSEC_IKE_DEFAULT_CONFIG_FILE
406		$SVCADM disable $IPSEC_IKE_FMRI
407	fi
408	if [ -n "$pol_file" ]; then
409		copy_from_legacy_loc $pol_file
410		set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
411		$SVCADM refresh $IPSEC_POLICY_FMRI
412		$SVCADM enable $IPSEC_POLICY_FMRI
413	else
414		set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
415		    $IPSEC_POLICY_DEFAULT_CONFIG_FILE
416		$SVCADM disable $IPSEC_POLICY_FMRI
417	fi
418
419	refresh_ipf=false
420	if [ -n "$ipf_file" ]; then
421		# change /none, /allow, and /deny to firewall policy
422		if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
423		    -o "$ipf_file" = "/deny" ]; then
424			policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
425			set_smf_prop $IPFILTER_FMRI \
426			    firewall_config_default/policy $policy
427			# no need to clear custom_policy_file as it isn't "custom"
428		else
429			copy_from_legacy_loc $ipf_file
430			set_smf_prop $IPFILTER_FMRI \
431			    firewall_config_default/policy "custom"
432			set_smf_prop $IPFILTER_FMRI \
433			    firewall_config_default/custom_policy_file $ipf_file
434		fi
435		refresh_ipf=true
436	fi
437	if [ -n "$ipf6_file" ]; then
438		copy_from_legacy_loc $ipf6_file
439		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
440		refresh_ipf=true
441	else
442		set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
443		    $IPF6_DEFAULT_CONFIG_FILE
444	fi
445	if [ -n "$ipnat_file" ]; then
446		copy_from_legacy_loc $ipnat_file
447		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
448		refresh_ipf=true
449	else
450		set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
451		    $IPNAT_DEFAULT_CONFIG_FILE
452	fi
453	if [ -n "$ippool_file" ]; then
454		copy_from_legacy_loc $ippool_file
455		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
456		    $ippool_file
457		refresh_ipf=true
458	else
459		set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
460		    $IPPOOL_DEFAULT_CONFIG_FILE
461	fi
462
463	$SVCADM refresh $IPFILTER_FMRI
464	if [ "$refresh_ipf" = "true" ]; then
465		$SVCADM enable $IPFILTER_FMRI
466	else
467		$SVCADM disable $IPFILTER_FMRI
468	fi
469
470	# Remove the Legacy directories, script and location
471	$RM -rf $VOL_LEGACY_PATH
472	$RM -rf $PERM_LEGACY_PATH
473	$RM -f $VOL_NWAM_PATH/create_loc_legacy
474	$NWAMCFG destroy loc Legacy
475}
476
477#
478# Script entry point
479#
480# Arguments to net-nwam are
481#       method ( start | refresh | stop | -u | -c )
482#
483
484#
485# Create nwam directory in /etc/svc/volatile
486#
487if [ ! -d $VOL_NWAM_PATH ]; then
488	$MKDIR -m 0755 $VOL_NWAM_PATH
489fi
490
491case "$1" in
492'refresh')
493	/usr/bin/pkill -HUP -z `smf_zonename` nwamd
494	#
495	# Enable network/location.  Needed on first boot post-install as
496	# network/location will not exist until after manifest-import runs.
497	#
498	if service_exists $NET_LOC_FMRI ; then
499		$SVCADM enable -t $NET_LOC_FMRI
500	fi
501	;;
502
503'start')
504	# The real daemon is not started in a shared stack zone. But we need to
505	# create a dummy background process to preserve contract lifetime.
506	smf_configure_ip
507	if [ $? = "1" ] ; then
508		$RM -f $VOL_NWAM_PATH/nwam_blocked
509		$MKFIFO $VOL_NWAM_PATH/nwam_blocked
510		($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
511		exit $SMF_EXIT_OK
512	fi
513
514	#
515	# Enable network/location.
516	#
517	if service_exists $NET_LOC_FMRI ; then
518		$SVCADM enable -t $NET_LOC_FMRI
519	fi
520
521	if smf_is_globalzone; then
522		net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
523
524		# Update PVID on interfaces configured with VLAN 1
525		update_pvid
526
527		#
528		# Upgrade handling. The upgrade file consists of a series
529		# of dladm(1M) commands. Note that after we are done, we
530		# cannot rename the upgrade script file as the file system
531		# is still read-only at this point. Defer this to the
532		# manifest-import service.
533		#
534		upgrade_script=/var/svc/profile/upgrade_datalink
535		if [ -f "${upgrade_script}" ]; then
536			. "${upgrade_script}"
537		fi
538
539		#
540		# Upgrade handling for ibd:
541		# After we are done with the upgrade handling, we can not set
542		# the ibd/ibd_upgraded property to "true" as the file system is
543		# read-only at this point. It will be done later by
544		# ibd-post-upgrade service.
545		#
546		if [ -x /sbin/ibd_upgrade ]; then
547			ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
548			    svc:/network/physical:default 2> /dev/null`
549			if [ "$ibd_upgraded" != "true" ]; then
550				/sbin/ibd_upgrade -v
551			fi
552		fi
553
554		# Bring up simnet instances
555		/sbin/dladm up-simnet
556		# Initialize security objects.
557		/sbin/dladm init-secobj
558
559		#
560		# Initialize VNICs, VLANs and flows.  Though they are brought
561		# up here, NWAM will not automatically manage VNICs and VLANs.
562		#
563		/sbin/dladm up-vnic
564		/sbin/dladm up-vlan
565		/sbin/dladm up-part
566		/sbin/dladm up-aggr
567		/sbin/flowadm init-flow
568	fi
569
570	#
571	# We also need to create the Legacy location, which is used
572	# to restore non-NWAM settings that are overwritten when
573	# NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
574	#
575	$NWAMCFG list loc Legacy >/dev/null 2>&1
576	if [ $? -eq 1 ]; then
577		create_legacy_loc
578	fi
579
580	# start nwamd in foreground; it will daemonize itself
581	if /lib/inet/nwamd ; then
582		exit $SMF_EXIT_OK
583	else
584		exit $SMF_EXIT_ERR_FATAL
585	fi
586	;;
587
588'stop')
589	# We need to make the dummy process we created above stop.
590	smf_configure_ip
591	if [ $? = "1" ] ; then
592		echo "stop" > $VOL_NWAM_PATH/nwam_blocked
593		exit $SMF_EXIT_OK
594	fi
595
596	/usr/bin/pkill -z `smf_zonename` nwamd
597
598	#
599	# Restore the non-NWAM settings.
600	#
601	$NWAMCFG list loc Legacy >/dev/null 2>&1
602	if [ $? -eq 1 ]; then
603		echo "No Legacy location to revert to!"
604		exit $SMF_EXIT_OK
605	fi
606	revert_to_legacy_loc
607	# remove the location property group
608	$SVCCFG -s $NET_LOC_FMRI delpg location
609	;;
610
611'-u')
612	# After we run this part of the script upon the next reboot
613	# network/physical:default will be enabled and
614	# network/physical:nwam will be disabled.
615	# There are various other parts of the system (nscd, nfs) that
616	# depend on continuing to have a working network.  For this
617	# reason we don't change the network configuration immediately.
618	#
619	# Disable network/physical temporarily and make sure that will
620	# be enabled on reboot.
621	$SVCADM disable -st $NET_PHYS_FMRI
622	$SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
623
624	# If nwam is online then make sure that it's temporarily enabled.
625	nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
626	if [ $? -eq 0 ]; then
627		set -- $nwam_online
628		[ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
629	fi
630
631	# Set nwam so that it won't be enabled upon reboot.
632	$SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
633	exit 0
634	;;
635
636'-c')
637	# Nothing to do for sysidtool
638	exit 0
639	;;
640
641*)
642	echo "Usage: $0 { start | stop | refresh }"
643	exit $SMF_EXIT_ERR_FATAL
644	;;
645esac
646exit $SMF_EXIT_OK
647