#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2015 Nexenta Systems, Inc. All rights reserved.
# Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
#
#
# Handling a corner case here. If we were in offline state due to an
# unsatisfied dependency, the ipf_method process wouldn't have generated
# the ipfilter configuration. When we transition to online because the
# dependency is satisfied, the start method will have to generate the
# ipfilter configuration. To avoid all possible deadlock scenarios,
# we restart ipfilter which will regenerate the ipfilter configuration
# for the entire system.
#
# The ipf_method process signals that it didn't generate ipf rules by
# when the file is missing.
#
{
#
# Nothing to do if:
# - ipfilter isn't online
# - global policy is 'custom'
# - service's policy is 'use_global'
#
service_check_state $IPF_FMRI $SMF_ONLINE || return 0
}
case "$1" in
'start')
# The NFS server is not supported in a local zone
if smf_is_nonglobalzone; then
echo "The NFS server is not supported in a local zone"
sleep 5 &
exit $SMF_EXIT_OK
fi
# Share all file systems enabled for sharing. sharemgr understands
# regular shares and ZFS shares and will handle both. Technically,
# the shares would have been started long before getting here since
# nfsd has a dependency on them.
# restart stopped shares from the repository
# Options for nfsd are now set in SMF
rc=$?
if [ $rc != 0 ]; then
echo "$0: mountd failed with $rc"
sleep 5 &
exit $SMF_EXIT_ERR_FATAL
fi
rc=$?
if [ $rc != 0 ]; then
echo "$0: nfsd failed with $rc"
sleep 5 &
exit $SMF_EXIT_ERR_FATAL
fi
;;
'refresh')
;;
'stop')
# Unshare all shared file systems using NFS
# Kill any processes left in service contract
;;
'ipfilter')
#
# well-defined port number but mountd is an RPC daemon.
#
# Essentially, we generate rules for the following "services"
#
# The following services are enabled for both nfs client and
# services and simply allow incoming traffic.
#
NFSCLI_FMRI="svc:/network/nfs/client:default"
RQUOTA_FMRI="svc:/network/nfs/rquota:default"
FMRI=$2
#
#
if [ $? -ne 0 ]; then
exit $SMF_EXIT_OK
fi
if [ -n "$tport" ]; then
fi
if [ -n "$tport6" ]; then
fi
if [ -n "$uport" ]; then
fi
if [ -n "$uport6" ]; then
fi
# mountd IPv6 ports are also reachable through IPv4, so include
# them when generating IPv4 rules.
done
fi
if [ -n "$tports6" ]; then
done
fi
done
fi
if [ -n "$uports6" ]; then
done
fi
elif [ "$FMRI" = "$RQUOTA_FMRI" ]; then
# rquota IPv6 ports are also reachable through IPv4, so include
# them when generating IPv4 rules.
tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
done
fi
if [ -n "$tports6" ]; then
done
fi
uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
done
fi
if [ -n "$uports6" ]; then
done
fi
else
#
# Handle the client services here
#
fi
if [ "$restarter" = "$INETDFMRI" ]; then
else
isrpc=`svcprop -p $FW_CONTEXT_PG/isrpc $FMRI`
fi
if [ "$isrpc" = "true" ]; then
tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
else
tports=`$SERVINFO -p -t -s $iana_name 2>/dev/null`
uports=`$SERVINFO -p -u -s $iana_name 2>/dev/null`
fi
# IPv6 ports are also reachable through IPv4, so include
# them when generating IPv4 rules.
done
fi
if [ -n "$tports6" ]; then
done
fi
done
fi
if [ -n "$uports6" ]; then
done
fi
fi
;;
*)
echo "Usage: $0 { start | stop | refresh }"
exit 1
;;
esac
exit $SMF_EXIT_OK