1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
|
#!/sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
# Copyright 2012 Milan Jurik. All rights reserved.
# Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
#
. /lib/svc/share/smf_include.sh
. /lib/svc/share/net_include.sh
# FMRI constants
IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
IPFILTER_FMRI="svc:/network/ipfilter:default"
NIS_CLIENT_FMRI="svc:/network/nis/client:default"
NET_PHYS_FMRI="svc:/network/physical:default"
NET_NWAM_FMRI="svc:/network/physical:nwam"
NET_LOC_FMRI="svc:/network/location:default"
NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
#
# Default *.conf files
# Set appropriate config SMF property to these files when NWAM is stopped
# and corresponding config properties in the Legacy location are emtpy
#
IPF6_DEFAULT_CONFIG_FILE=/etc/ipf/ipf6.conf
IPNAT_DEFAULT_CONFIG_FILE=/etc/ipf/ipnat.conf
IPPOOL_DEFAULT_CONFIG_FILE=/etc/ipf/ippool.conf
IPSEC_IKE_DEFAULT_CONFIG_FILE=/etc/inet/ike/config
IPSEC_POLICY_DEFAULT_CONFIG_FILE=/etc/inet/ipsecinit.conf
# commands
BASENAME=/usr/bin/basename
CAT=/usr/bin/cat
CP=/usr/bin/cp
DOMAINNAME=/usr/bin/domainname
GREP=/usr/bin/grep
LDAPCLIENT=/usr/sbin/ldapclient
MKDIR=/usr/bin/mkdir
MKFIFO=/usr/bin/mkfifo
NAWK=/usr/bin/nawk
NWAMCFG=/usr/sbin/nwamcfg
RM=/usr/bin/rm
SVCADM=/usr/sbin/svcadm
SVCCFG=/usr/sbin/svccfg
SVCPROP=/usr/bin/svcprop
# Path to directories
# We don't have a writable file system so we write to /etc/svc/volatile and
# then later copy anything interesting to /etc/nwam.
VOL_NWAM_PATH=/etc/svc/volatile/nwam
VOL_LEGACY_PATH=$VOL_NWAM_PATH/Legacy
PERM_LEGACY_PATH=/etc/nwam/loc/Legacy
NIS_BIND_PATH=/var/yp/binding
#
# copy_to_legacy_loc <file>
#
# Copies the file to the Legacy location directory
# (in /etc/svc/volatile/nwam/Legacy)
#
copy_to_legacy_loc() {
$MKDIR -p $VOL_LEGACY_PATH
if [ -f "$1" ]; then
$CP -p $1 $VOL_LEGACY_PATH
fi
}
#
# copy_from_legacy_loc <destination file>
#
# Copies file with the same name from Legacy location
# (in /etc/nwam/loc/Legacy) to the given destination file
#
copy_from_legacy_loc () {
DEST_DIR=`/usr/bin/dirname $1`
SRC_FILE="$PERM_LEGACY_PATH/`$BASENAME $1`"
# Make destination directory if needed
if [ ! -d "$DEST_DIR" ]; then
$MKDIR -p $DEST_DIR
fi
if [ -f "$SRC_FILE" ]; then
$CP -p $SRC_FILE $DEST_DIR
fi
}
#
# write_loc_prop <property> <value> <file>
#
# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
#
write_loc_prop () {
prop=$1
val=$2
file=$3
if [ -n "$val" -a -n "$file" ]; then
echo "set $prop=$val" >> $file
fi
}
#
# set_smf_prop <fmri> <property name> <property value>
#
set_smf_prop () {
$SVCCFG -s $1 setprop $2 = astring: "$3" && return
}
#
# get_smf_prop <fmri> <property name>
#
get_smf_prop () {
$SVCPROP -p $2 $1
}
#
# Creates Legacy location from the current configuration
#
create_legacy_loc () {
CREATE_LOC_LEGACY_FILE=$VOL_NWAM_PATH/create_loc_legacy
#
# Write nwamcfg commands to create Legacy location to
# $CREATE_LOC_LEGACY_FILE as values for properties are determined
# Note that some of the *_CONFIG_FILE variables point at copies of
# files we've made and others indicate where those copies should be
# if we are enabling the location.
#
echo "create loc Legacy" > $CREATE_LOC_LEGACY_FILE
write_loc_prop "activation-mode" "system" $CREATE_LOC_LEGACY_FILE
NAMESERVICES=""
NAMESERVICES_CONFIG_FILE=""
DNS_NAMESERVICE_CONFIGSRC=""
DNS_NAMESERVICE_DOMAIN=""
DNS_NAMESERVICE_SERVERS=""
DNS_NAMESERVICE_SEARCH=""
NIS_NAMESERVICE_CONFIGSRC=""
NIS_NAMESERVICE_SERVERS=""
LDAP_NAMESERVICE_CONFIGSRC=""
LDAP_NAMESERVICE_SERVERS=""
DEFAULT_DOMAIN=""
# Copy /etc/nsswitch.conf file
copy_to_legacy_loc /etc/nsswitch.conf
NAMESERVICES_CONFIG_FILE="$VOL_LEGACY_PATH/nsswitch.conf"
# Gather DNS info from resolv.conf if present.
if [ -f /etc/resolv.conf ]; then
NAMESERVICES="dns,"
$GREP -i "added by dhcp" /etc/nsswitch.conf >/dev/null
if [ $? -eq 0 ]; then
DNS_NAMESERVICE_CONFIGSRC="dhcp"
else
DNS_NAMESERVICE_CONFIGSRC="manual"
DNS_NAMESERVICE_DOMAIN=`$NAWK '$1 == "domain" {\
print $2 }' < /etc/resolv.conf`
DNS_NAMESERVICE_SERVERS=`$NAWK '$1 == "nameserver" \
{ printf "%s,", $2 }' < /etc/resolv.conf`
DNS_NAMESERVICE_SEARCH=`$NAWK '$1 == "search" \
{ printf "%s,", $2 }' < /etc/resolv.conf`
copy_to_legacy_loc /etc/resolv.conf
fi
fi
# Gather NIS info from appropriate file if present.
if service_is_enabled $NIS_CLIENT_FMRI; then
NAMESERVICES="${NAMESERVICES}nis,"
NIS_NAMESERVICE_CONFIGSRC="manual"
DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
yp_servers=`$NAWK '{ printf "%s ", $1 }' \
< $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers`
for serv in $yp_servers; do
if is_valid_addr $serv; then
addr="$serv,"
else
addr=`$GREP -iw $serv /etc/inet/hosts | \
$NAWK '{ printf "%s,", $1 }'`
fi
NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
done
fi
# Gather LDAP info via ldapclient(8).
if [ -f /var/ldap/ldap_client_file ]; then
copy_to_legacy /var/ldap/ldap_client_file
NAMESERVICES="${NAMESERVICES}ldap,"
LDAP_NAMESERVICE_CONFIGSRC="manual"
LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
$NAWK '$1 == "preferredServerList:" { print $2 }'`
DEFAULT_DOMAIN=`$CAT /etc/defaultdomain`
fi
# Now, write nwamcfg commands for nameservices
write_loc_prop "nameservices" $NAMESERVICES $CREATE_LOC_LEGACY_FILE
write_loc_prop "nameservices-config-file" $NAMESERVICES_CONFIG_FILE \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "dns-nameservice-configsrc" $DNS_NAMESERVICE_CONFIGSRC \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "dns-nameservice-domain" $DNS_NAMESERVICE_DOMAIN \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "dns-nameservice-servers" $DNS_NAMESERVICE_SERVERS \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "dns-nameservice-search" $DNS_NAMESERVICE_SEARCH \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "nis-nameservice-configsrc" $NIS_NAMESERVICE_CONFIGSRC \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "nis-nameservice-servers" $NIS_NAMESERVICE_SERVERS \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "ldap-nameservice-configsrc" $LDAP_NAMESERVICE_CONFIGSRC\
$CREATE_LOC_LEGACY_FILE
write_loc_prop "ldap-nameservice-servers" $LDAP_NAMESERVICE_SERVERS \
$CREATE_LOC_LEGACY_FILE
write_loc_prop "default-domain" $DEFAULT_DOMAIN $CREATE_LOC_LEGACY_FILE
# Retrieve NFSv4 domain from SMF.
if service_is_enabled $NFS_MAPID_FMRI; then
NFS_DOMAIN=`get_smf_prop NFS_MAPID_FMRI \
nfs-props/nfsmapid_domain`
write_loc_prop "nfsv4-domain" \
$NFS_DOMAIN $CREATE_LOC_LEGACY_FILE
fi
IPF_CONFIG_FILE=""
IPF6_CONFIG_FILE=""
IPNAT_CONFIG_FILE=""
IPPOOL_CONFIG_FILE=""
IKE_CONFIG_FILE=""
IPSEC_POLICY_CONFIG_FILE=""
#
# IPFilter
#
# If the firewall policy is "custom", simply copy the
# custom_policy_file. If the firewall policy is "none", "allow" or
# "deny", save the value as "/<value>". When reverting back to the
# Legacy location, these values will have to be treated as special.
#
# For all configuration files, copy them to the Legacy directory.
# Use the respective properties to remember the original locations
# of the files so that they can be copied back there when NWAM is
# stopped.
#
if service_is_enabled $IPFILTER_FMRI; then
FIREWALL_POLICY=`get_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy`
if [ "$FIREWALL_POLICY" = "custom" ]; then
IPF_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
firewall_config_default/custom_policy_file`
copy_to_legacy_loc $IPF_CONFIG_FILE
else
# save value as /none, /allow, or /deny
IPF_CONFIG_FILE="/$FIREWALL_POLICY"
fi
IPF6_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
config/ipf6_config_file`
copy_to_legacy_loc $IPF6_CONFIG_FILE
IPNAT_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
config/ipnat_config_file`
copy_to_legacy_loc $IPNAT_CONFIG_FILE
IPPOOL_CONFIG_FILE=`get_smf_prop $IPFILTER_FMRI \
config/ippool_config_file`
copy_to_legacy_loc $IPPOOL_CONFIG_FILE
fi
# IKE
if service_is_enabled $IPSEC_IKE_FMRI:default; then
IKE_CONFIG_FILE=`get_smf_prop $IPSEC_IKE_FMRI config/config_file`
copy_to_legacy_loc $IKE_CONFIG_FILE
fi
# IPsec
if service_is_enabled $IPSEC_POLICY_FMRI:default; then
IPSEC_POLICY_CONFIG_FILE=`get_smf_prop $IPSEC_POLICY_FMRI \
config/config_file`
copy_to_legacy_loc $IPSEC_POLICY_CONFIG_FILE
fi
if [ -n "$IPF_CONFIG_FILE" -a \( "$IPF_CONFIG_FILE" = "/allow" \
-o "$IPF_CONFIG_FILE" = "/deny" -o "$IPF_CONFIG_FILE" = "/none" \
-o -f "$IPF_CONFIG_FILE" \) ]; then
write_loc_prop "ipfilter-config-file" $IPF_CONFIG_FILE \
$CREATE_LOC_LEGACY_FILE
fi
if [ -n "$IPF6_CONFIG_FILE" -a -f "$IPF6_CONFIG_FILE" ]; then
write_loc_prop "ipfilter-v6-config-file" $IPF6_CONFIG_FILE \
$CREATE_LOC_LEGACY_FILE
fi
if [ -n "$IPNAT_CONFIG_FILE" -a -f "$IPNAT_CONFIG_FILE" ]; then
write_loc_prop "ipnat-config-file" $IPNAT_CONFIG_FILE \
$CREATE_LOC_LEGACY_FILE
fi
if [ -n "$IPPOOL_CONFIG_FILE" -a -f "$IPPOOL_CONFIG_FILE" ]; then
write_loc_prop "ippool-config-file" $IPPOOL_CONFIG_FILE \
$CREATE_LOC_LEGACY_FILE
fi
if [ -n "$IKE_CONFIG_FILE" -a -f "$IKE_CONFIG_FILE" ]; then
write_loc_prop "ike-config-file" $IKE_CONFIG_FILE \
$CREATE_LOC_LEGACY_FILE
fi
if [ -n "$IPSEC_POLICY_CONFIG_FILE" -a -f "$IPSEC_POLICY_CONFIG_FILE" ]
then
write_loc_prop "ipsecpolicy-config-file" \
$IPSEC_POLICY_CONFIG_FILE $CREATE_LOC_LEGACY_FILE
fi
# End
echo "end" >> $CREATE_LOC_LEGACY_FILE
# network/location will create the Legacy location with these commands.
}
#
# Undoes the effects of the Legacy location creation
#
revert_to_legacy_loc () {
$SVCADM disable dns/client
$SVCADM disable nis/client
$SVCADM disable ldap/client
# copy nsswitch.conf to /etc/nsswitch.conf
copy_from_legacy_loc /etc/nsswitch.conf
# DNS - copy resolv.conf to /etc/resolv.conf
if [ -f "$PERM_LEGACY_PATH/resolv.conf" ]; then
copy_from_legacy_loc /etc/resolv.conf
$SVCADM enable dns/client
fi
# set /etc/defaultdomain and domainname(8)
DEFAULT_DOMAIN=`nwam_get_loc_prop Legacy default-domain`
if [ -n "$DEFAULT_DOMAIN" ]; then
$DOMAINNAME $DEFAULT_DOMAIN
$DOMAINNAME > /etc/defaultdomain
fi
# NIS - directory and ypserver in /var/yp/binding/
NIS_CONFIGSRC=`nwam_get_loc_prop Legacy nis-nameservice-configsrc`
NIS_SERVERS=`nwam_get_loc_prop Legacy nis-nameservice-servers`
if [ -n "$NIS_CONFIGSRC" ]; then
if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
$MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
fi
if [ -n "$NIS_SERVERS" ]; then
echo "$NIS_SERVERS" | $NAWK \
'FS="," { for (i = 1; i <= NF; i++) print $i }' \
> $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
fi
$SVCADM enable nis/client
fi
# LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
if [ -f "$PERM_LEGACY_PATH/ldap_client_file" ]; then
copy_from_legacy_loc /var/ldap/ldap_client_file
$SVCADM enable ldap/client
fi
# Copy back nfs NFSMAPID_DOMAIN
NFSMAPID_DOMAIN=`nwam_get_loc_prop Legacy nfsv4-domain`
if [ -n "$NFSMAPID_DOMAIN" ]; then
set_smf_prop $NFS_MAPID_FMRI \
nfs-props/nfsmapid_domain $NFSMAPID_DOMAIN
$SVCADM refresh $NFS_MAPID_FMRI
$SVCADM enable $NFS_MAPID_FMRI
fi
# IPFilter, IPsec, and IKE
ipf_file=`nwam_get_loc_prop Legacy ipfilter-config-file`
ipf6_file=`nwam_get_loc_prop Legacy ipfilter-v6-config-file`
ipnat_file=`nwam_get_loc_prop Legacy ipnat-config-file`
ippool_file=`nwam_get_loc_prop Legacy ippool-config-file`
ike_file=`nwam_get_loc_prop Legacy ike-config-file`
pol_file=`nwam_get_loc_prop Legacy ipsecpolicy-config-file`
if [ -n "$ike_file" ]; then
copy_from_legacy_loc $ike_file
set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
$SVCADM refresh $IPSEC_IKE_FMRI
$SVCADM enable $IPSEC_IKE_FMRI
else
set_smf_prop $IPSEC_IKE_FMRI config/config_file \
$IPSEC_IKE_DEFAULT_CONFIG_FILE
$SVCADM disable $IPSEC_IKE_FMRI
fi
if [ -n "$pol_file" ]; then
copy_from_legacy_loc $pol_file
set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
$SVCADM refresh $IPSEC_POLICY_FMRI
$SVCADM enable $IPSEC_POLICY_FMRI
else
set_smf_prop $IPSEC_POLICY_FMRI config/config_file \
$IPSEC_POLICY_DEFAULT_CONFIG_FILE
$SVCADM disable $IPSEC_POLICY_FMRI
fi
refresh_ipf=false
if [ -n "$ipf_file" ]; then
# change /none, /allow, and /deny to firewall policy
if [ "$ipf_file" = "/none" -o "$ipf_file" = "/allow" \
-o "$ipf_file" = "/deny" ]; then
policy=`echo "$ipf_file" | $NAWK 'FS="/" { print $2 }'`
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy $policy
# no need to clear custom_policy_file as it isn't "custom"
else
copy_from_legacy_loc $ipf_file
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy "custom"
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/custom_policy_file $ipf_file
fi
refresh_ipf=true
fi
if [ -n "$ipf6_file" ]; then
copy_from_legacy_loc $ipf6_file
set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
refresh_ipf=true
else
set_smf_prop $IPFILTER_FMRI config/ipf6_config_file \
$IPF6_DEFAULT_CONFIG_FILE
fi
if [ -n "$ipnat_file" ]; then
copy_from_legacy_loc $ipnat_file
set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
refresh_ipf=true
else
set_smf_prop $IPFILTER_FMRI config/ipnat_config_file \
$IPNAT_DEFAULT_CONFIG_FILE
fi
if [ -n "$ippool_file" ]; then
copy_from_legacy_loc $ippool_file
set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
$ippool_file
refresh_ipf=true
else
set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
$IPPOOL_DEFAULT_CONFIG_FILE
fi
$SVCADM refresh $IPFILTER_FMRI
if [ "$refresh_ipf" = "true" ]; then
$SVCADM enable $IPFILTER_FMRI
else
$SVCADM disable $IPFILTER_FMRI
fi
# Remove the Legacy directories, script and location
$RM -rf $VOL_LEGACY_PATH
$RM -rf $PERM_LEGACY_PATH
$RM -f $VOL_NWAM_PATH/create_loc_legacy
$NWAMCFG destroy loc Legacy
}
#
# Script entry point
#
# Arguments to net-nwam are
# method ( start | refresh | stop | -u | -c )
#
#
# Create nwam directory in /etc/svc/volatile
#
if [ ! -d $VOL_NWAM_PATH ]; then
$MKDIR -m 0755 $VOL_NWAM_PATH
fi
case "$1" in
'refresh')
/usr/bin/pkill -HUP -z `smf_zonename` nwamd
#
# Enable network/location. Needed on first boot post-install as
# network/location will not exist until after manifest-import runs.
#
if service_exists $NET_LOC_FMRI ; then
$SVCADM enable -t $NET_LOC_FMRI
fi
;;
'start')
# The real daemon is not started in a shared stack zone. But we need to
# create a dummy background process to preserve contract lifetime.
smf_configure_ip
if [ $? = "1" ] ; then
$RM -f $VOL_NWAM_PATH/nwam_blocked
$MKFIFO $VOL_NWAM_PATH/nwam_blocked
($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
exit $SMF_EXIT_OK
fi
#
# Enable network/location.
#
if service_exists $NET_LOC_FMRI ; then
$SVCADM enable -t $NET_LOC_FMRI
fi
if smf_is_globalzone; then
net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
# Update PVID on interfaces configured with VLAN 1
update_pvid
#
# Upgrade handling. The upgrade file consists of a series
# of dladm(8) commands. Note that after we are done, we
# cannot rename the upgrade script file as the file system
# is still read-only at this point. Defer this to the
# manifest-import service.
#
upgrade_script=/var/svc/profile/upgrade_datalink
if [ -f "${upgrade_script}" ]; then
. "${upgrade_script}"
fi
#
# Upgrade handling for ibd:
# After we are done with the upgrade handling, we can not set
# the ibd/ibd_upgraded property to "true" as the file system is
# read-only at this point. It will be done later by
# ibd-post-upgrade service.
#
if [ -x /sbin/ibd_upgrade ]; then
ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
svc:/network/physical:default 2> /dev/null`
if [ "$ibd_upgraded" != "true" ]; then
/sbin/ibd_upgrade -v
fi
fi
# Bring up simnet instances
/sbin/dladm up-simnet
# Initialize security objects.
/sbin/dladm init-secobj
#
# Initialize VNICs, VLANs and flows. Though they are brought
# up here, NWAM will not automatically manage VNICs and VLANs.
#
/sbin/dladm up-vnic
/sbin/dladm up-vlan
/sbin/dladm up-part
/sbin/dladm up-aggr
/sbin/flowadm init-flow
/sbin/dladm up-overlay
fi
#
# We also need to create the Legacy location, which is used
# to restore non-NWAM settings that are overwritten when
# NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
#
$NWAMCFG list loc Legacy >/dev/null 2>&1
if [ $? -eq 1 ]; then
create_legacy_loc
fi
# start nwamd in foreground; it will daemonize itself
if /lib/inet/nwamd ; then
exit $SMF_EXIT_OK
else
exit $SMF_EXIT_ERR_FATAL
fi
;;
'stop')
# We need to make the dummy process we created above stop.
smf_configure_ip
if [ $? = "1" ] ; then
echo "stop" > $VOL_NWAM_PATH/nwam_blocked
exit $SMF_EXIT_OK
fi
/usr/bin/pkill -z `smf_zonename` nwamd
#
# Restore the non-NWAM settings.
#
$NWAMCFG list loc Legacy >/dev/null 2>&1
if [ $? -eq 1 ]; then
echo "No Legacy location to revert to!"
exit $SMF_EXIT_OK
fi
revert_to_legacy_loc
# remove the location property group
$SVCCFG -s $NET_LOC_FMRI delpg location
;;
'-u')
# After we run this part of the script upon the next reboot
# network/physical:default will be enabled and
# network/physical:nwam will be disabled.
# There are various other parts of the system (nscd, nfs) that
# depend on continuing to have a working network. For this
# reason we don't change the network configuration immediately.
#
# Disable network/physical temporarily and make sure that will
# be enabled on reboot.
$SVCADM disable -st $NET_PHYS_FMRI
$SVCCFG -s $NET_PHYS_FMRI setprop general/enabled=true
# If nwam is online then make sure that it's temporarily enabled.
nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
if [ $? -eq 0 ]; then
set -- $nwam_online
[ $3 = "online" ] && $SVCADM enable -st $NET_NWAM_FMRI
fi
# Set nwam so that it won't be enabled upon reboot.
$SVCCFG -s $NET_NWAM_FMRI setprop general/enabled=false
exit 0
;;
'-c')
# Nothing to do for sysidtool
exit 0
;;
*)
echo "Usage: $0 { start | stop | refresh }"
exit $SMF_EXIT_ERR_FATAL
;;
esac
exit $SMF_EXIT_OK
|
