net-loc revision dd51520e127b452179a2ce4ea3bd8dee949f9afe
2N/A#!/sbin/sh
2N/A#
2N/A# CDDL HEADER START
2N/A#
2N/A# The contents of this file are subject to the terms of the
2N/A# Common Development and Distribution License (the "License").
2N/A# You may not use this file except in compliance with the License.
2N/A#
2N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2N/A# or http://www.opensolaris.org/os/licensing.
2N/A# See the License for the specific language governing permissions
2N/A# and limitations under the License.
2N/A#
2N/A# When distributing Covered Code, include this CDDL HEADER in each
2N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2N/A# If applicable, add the following below this CDDL HEADER, with the
2N/A# fields enclosed by brackets "[]" replaced with your own identifying
2N/A# information: Portions Copyright [yyyy] [name of copyright owner]
2N/A#
2N/A# CDDL HEADER END
2N/A#
2N/A#
2N/A# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
2N/A#
2N/A
2N/A. /lib/svc/share/smf_include.sh
2N/A. /lib/svc/share/net_include.sh
2N/A
2N/A# FMRI consts
2N/AAUTOFS_FMRI="svc:/system/filesystem/autofs"
2N/ADNS_CLIENT_FMRI="svc:/network/dns/client"
2N/AIPSEC_IKE_FMRI="svc:/network/ipsec/ike"
2N/AIPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
2N/AIPFILTER_FMRI="svc:/network/ipfilter:default"
2N/ALDAP_CLIENT_FMRI="svc:/network/ldap/client"
2N/ALOCATION_FMRI="svc:/network/location:default"
2N/AMAPID_FMRI="svc:/network/nfs/mapid:default"
2N/ANIS_CLIENT_FMRI="svc:/network/nis/client"
2N/ANWAM_FMRI="svc:/network/physical:nwam"
2N/A
2N/A# commands
2N/ACP=/usr/bin/cp
2N/ADHCPINFO=/sbin/dhcpinfo
2N/ADOMAINNAME=/usr/bin/domainname
2N/AGREP=/usr/bin/grep
2N/ALDAPCLIENT=/usr/sbin/ldapclient
2N/AMKDIR=/usr/bin/mkdir
2N/AMV=/usr/bin/mv
2N/ANAWK=/usr/bin/nawk
2N/ANWAMADM=/usr/sbin/nwamadm
2N/ANWAMCFG=/usr/sbin/nwamcfg
2N/ARM=/usr/bin/rm
2N/ASED=/usr/bin/sed
2N/ASVCADM=/usr/sbin/svcadm
2N/ASVCCFG=/usr/sbin/svccfg
2N/ASVCPROP=/usr/bin/svcprop
2N/ATOUCH=/usr/bin/touch
2N/A
2N/A# Path to directories
2N/AETC_DEFAULT_DOMAIN=/etc/defaultdomain
2N/ANIS_BIND_PATH=/var/yp/binding
2N/ALEGACY_LOC_PATH=/etc/nwam/loc/Legacy
2N/AUSER_LOC_PATH=/etc/nwam/loc/User
2N/ASCRIPT_PATH=/etc/svc/volatile/nwam
2N/A
2N/A#
2N/A# echoes DHCP controlled interfaces separated by commas
2N/A#
2N/A# Don't parse the output of ifconfig(1M) because interfaces that haven't
2N/A# acquired a DHCP lease also have the DHCP flag set.
2N/A#
2N/Aget_dhcp_interfaces () {
2N/A #
2N/A # 1. parse netstat(1M) output for v4 interfaces in BOUND
2N/A # or INFORMATION state
2N/A # 2. make a space-separated list of interface names
2N/A #
2N/A netstat -D -f inet | $NAWK '
2N/A $2 ~ /BOUND/ { printf "%s ", $1 }
2N/A $2 ~ /INFORMATION/ { printf "%s ", $1 }'
2N/A}
2N/A
2N/A#
2N/A# get_dhcpinfo <code/identifier>
2N/A#
2N/A# echoes the value received through each interface controlled by DHCP;
2N/A# multiple values are echoed as a space-separated list
2N/A#
2N/A# returns:
2N/A# 0 => property is set
2N/A# 1 => property is not set
2N/A#
2N/Aget_dhcpinfo () {
2N/A code=$1
2N/A
2N/A # Get all interfaces with DHCP control, IFS is " "
2N/A interfaces=`get_dhcp_interfaces`
2N/A
2N/A info=""
2N/A for intf in $interfaces; do
2N/A val=`$DHCPINFO -i $intf $code`
2N/A if [ $? -eq 0 ]; then
2N/A if [ "$info" = "" ]; then
2N/A info="$val"
2N/A else
2N/A info="$info $val"
2N/A fi
2N/A fi
2N/A done
2N/A echo $info
2N/A}
2N/A
2N/A#
2N/A# set_smf_prop <fmri> <property name> <property value>
2N/A#
2N/Aset_smf_prop () {
2N/A $SVCCFG -s $1 setprop $2 = astring: "$3" && return
2N/A}
2N/A
2N/A#
2N/A# refresh_svc <fmri>
2N/A#
2N/A# Refreshes the service.
2N/A#
2N/Arefresh_svc () {
2N/A $SVCADM refresh $1
2N/A}
2N/A
2N/A#
2N/A# restart_svc <fmri>
2N/A#
2N/A# Restarts the service.
2N/A#
2N/Arestart_svc () {
2N/A $SVCADM restart $1
2N/A}
2N/A
2N/A#
2N/A# start_svc <fmri>
2N/A#
2N/A# Starts the service. If the service is already enabled, restarts it. If
2N/A# it is not enabled, temporarily enables it.
2N/A#
2N/Astart_svc () {
2N/A if service_is_enabled $1; then
2N/A $SVCADM restart $1
2N/A else
2N/A $SVCADM enable -t $1
2N/A fi
2N/A}
2N/A
2N/A#
2N/A# stop_svc <fmri>
2N/A#
2N/A# Temporarily disables the service.
2N/A#
2N/Astop_svc () {
2N/A $SVCADM disable -t $1
2N/A}
2N/A
2N/A#
2N/A# copy_default <dir> <file>
2N/A#
2N/A# Copies <dir>/<file>.dfl to <dir>/<file>
2N/A#
2N/Acopy_default () {
2N/A $CP -p $1/$2.dfl $1/$2
2N/A}
2N/A
2N/A#
2N/A# do_dns <location>
2N/A#
2N/A# Installs DNS information on /etc/resolv.conf for location
2N/A#
2N/A# Returns 0 on success, 1 on failure
2N/A#
2N/Ado_dns () {
2N/A loc=$1
2N/A file=/etc/resolv.conf
2N/A
2N/A # Write out to temporary file first
2N/A $TOUCH $file.$$
2N/A
2N/A DNS_CONFIGSRC=`nwam_get_loc_list_prop $loc dns-nameservice-configsrc`
2N/A if [ -z "$DNS_CONFIGSRC" ]; then
2N/A echo "missing 'dns-nameservice-configsrc' property for '$loc'"
2N/A return 1
2N/A fi
2N/A
2N/A for configsrc in $DNS_CONFIGSRC; do
2N/A case "$configsrc" in
2N/A 'manual')
2N/A DNS_SERVERS=`nwam_get_loc_list_prop $loc \
2N/A dns-nameservice-servers`
2N/A if [ -z "$DNS_SERVERS" ]; then
2N/A echo "DNS nameserver not set for '$loc'"
2N/A return 1
2N/A fi
2N/A DNS_DOMAIN=`nwam_get_loc_prop $loc \
2N/A dns-nameservice-domain`
2N/A DNS_SEARCH=`nwam_get_loc_list_prop $loc \
2N/A dns-nameservice-search`
2N/A ;;
2N/A 'dhcp')
2N/A DNS_DOMAIN=`get_dhcpinfo DNSdmain`
2N/A DNS_SERVERS=`get_dhcpinfo DNSserv`
2N/A # No DNS search info for IPv4
2N/A ;;
2N/A '*')
2N/A echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
2N/A ;;
2N/A esac
2N/A
2N/A # Write DNS settings
2N/A if [ -n "$DNS_DOMAIN" ]; then
2N/A echo "$DNS_DOMAIN" | $NAWK \
2N/A '{ for (i = 1; i <= NF; i++) \
2N/A print "domain ", $i }' >> $file.$$
2N/A fi
2N/A if [ -n "$DNS_SEARCH" ]; then
2N/A echo "$DNS_SEARCH" | $NAWK \
2N/A '{ printf("search"); \
2N/A for (i = 1; i <= NF; i++) printf(" %s", $i); \
2N/A printf("\n") }' >> $file.$$
2N/A fi
2N/A if [ -n "$DNS_SERVERS" ]; then
2N/A echo "$DNS_SERVERS" | $NAWK \
2N/A '{ for (i = 1; i <= NF; i++) \
2N/A print "nameserver ", $i }' >> $file.$$
2N/A fi
2N/A done
2N/A
2N/A # Finally, copy our working version to the real thing
2N/A $MV -f $file.$$ $file
2N/A start_svc $DNS_CLIENT_FMRI
2N/A
2N/A return 0
2N/A}
2N/A
2N/A#
2N/A# do_nis <location>
2N/A#
2N/A# Installs NIS information on /var/yp/binding/ for location
2N/A#
2N/A# Returns 0 on success, 1 on failure
2N/A#
2N/Ado_nis () {
2N/A loc=$1
2N/A
2N/A NIS_CONFIGSRC=`nwam_get_loc_list_prop $loc nis-nameservice-configsrc`
2N/A if [ -z "$NIS_CONFIGSRC" ]; then
2N/A echo "missing 'nis-nameservice-configsrc' property for '$loc'"
2N/A return 1
2N/A fi
2N/A
2N/A for configsrc in $NIS_CONFIGSRC; do
2N/A case "$configsrc" in
2N/A 'manual')
2N/A NIS_SERVERS=`nwam_get_loc_list_prop $loc \
2N/A nis-nameservice-servers`
2N/A DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
2N/A # user-specified default-domain always wins
2N/A if [ -n "$DEFAULT_DOMAIN" ]; then
2N/A $DOMAINNAME $DEFAULT_DOMAIN
2N/A $DOMAINNAME > $ETC_DEFAULT_DOMAIN
2N/A else
2N/A echo "'domainname' not set for '$loc'"
2N/A return 1
2N/A fi
2N/A ;;
2N/A 'dhcp')
2N/A # Use only the first name
2N/A DEFAULT_DOMAIN=`get_dhcpinfo NISdmain | \
2N/A $NAWK '{ print $1 }'`
2N/A NIS_SERVERS=`get_dhcpinfo NISservs`
2N/A $DOMAINNAME $DEFAULT_DOMAIN
2N/A $DOMAINNAME > $ETC_DEFAULT_DOMAIN
2N/A ;;
2N/A '*')
2N/A echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
2N/A ;;
2N/A esac
2N/A
2N/A # Place NIS settings in appropriate directory/file.
2N/A if [ ! -d "$NIS_BIND_PATH/$DEFAULT_DOMAIN" ]; then
2N/A $MKDIR -p $NIS_BIND_PATH/$DEFAULT_DOMAIN
2N/A fi
2N/A if [ -n "$NIS_SERVERS" ]; then
2N/A echo "$NIS_SERVERS" | $NAWK \
2N/A '{ for (i = 1; i <= NF; i++) print $i }' \
2N/A > $NIS_BIND_PATH/$DEFAULT_DOMAIN/ypservers
2N/A fi
2N/A done
2N/A
2N/A start_svc $NIS_CLIENT_FMRI
2N/A
2N/A return 0
2N/A}
2N/A
2N/A#
2N/A# do_ldap <location>
2N/A#
2N/A# Installs LDAP information using ldapclient(1M) for location
2N/A#
2N/A# Returns 0 on success, 1 on failure
2N/A#
2N/Ado_ldap () {
2N/A loc=$1
2N/A
2N/A LDAP_CONFIGSRC=`nwam_get_loc_list_prop $loc ldap-nameservice-configsrc`
2N/A if [ -z "$LDAP_CONFIGSRC" ]; then
2N/A echo "missing 'ldap-nameservice-configsrc' property for '$loc'"
2N/A return 1
2N/A fi
2N/A
2N/A for configsrc in $LDAP_CONFIGSRC; do
2N/A case "$configsrc" in
2N/A 'manual')
2N/A LDAP_SERVERS=`nwam_get_loc_list_prop $loc \
2N/A ldap-nameservice-servers`
2N/A DEFAULT_DOMAIN=`nwam_get_loc_prop $loc default-domain`
2N/A if [ -z $LDAP_SERVERS -o -z $DEFAULT_DOMAIN ]; then
2N/A echo "LDAP configuration could not be set "\
2N/A "for '$loc'"
2N/A return 1
2N/A fi
2N/A $DOMAINNAME $DEFAULT_DOMAIN
2N/A $DOMAINNAME > $ETC_DEFAULT_DOMAIN
2N/A ;;
2N/A '*')
2N/A echo "Invalid LDAP configsrc ${configsrc}; ignoring"
2N/A ;;
2N/A esac
2N/A
2N/A # Use ldapclient(1M) to initialize LDAP client settings.
2N/A if [ -n "$DEFAULT_DOMAIN" -o -n "$LDAP_SERVERS" ]; then
2N/A $LDAPCLIENT init -a domainName=$DEFAULT_DOMAIN \
2N/A $LDAP_SERVERS
2N/A fi
2N/A done
2N/A
2N/A start_svc $LDAP_CLIENT_FMRI
2N/A
2N/A return 0
2N/A}
2N/A
2N/A#
2N/A# do_ns <location>
2N/A#
2N/A# Installs different nameservices for location
2N/A#
2N/A# Returns 0 on success, 1 on failure
2N/A#
2N/Ado_ns () {
2N/A loc=$1
2N/A
2N/A #
2N/A # Disable nameservices temporarily while we reconfigure. Copy
2N/A # /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
2N/A # are used.
2N/A #
2N/A $CP -p /etc/nsswitch.files /etc/nsswitch.conf
2N/A stop_svc $DNS_CLIENT_FMRI
2N/A stop_svc $NIS_CLIENT_FMRI
2N/A stop_svc $LDAP_CLIENT_FMRI
2N/A
2N/A #
2N/A # Remove /etc/defaultdomain and unset domainname(1M). If NIS
2N/A # and/or LDAP is configured, they will create /etc/defaultdomain
2N/A # and set the domainname(1M).
2N/A #
2N/A $RM -f $ETC_DEFAULT_DOMAIN
2N/A $DOMAINNAME " "
2N/A
2N/A NAMESERVICES=`nwam_get_loc_list_prop $loc nameservices`
2N/A if [ -z "$NAMESERVICES" ]; then
2N/A echo "missing 'nameservices' property for location '$loc'"
2N/A return 1
2N/A fi
2N/A
2N/A NAMESERVICES_CONFIG_FILE=`nwam_get_loc_prop \
2N/A $loc nameservices-config-file`
2N/A if [ -z "$NAMESERVICES_CONFIG_FILE" ]; then
2N/A echo "missing 'nameservices-config-file' property for '$loc'"
2N/A return 1
2N/A fi
2N/A $CP -p $NAMESERVICES_CONFIG_FILE /etc/nsswitch.conf
2N/A
2N/A for ns in $NAMESERVICES; do
2N/A case "$ns" in
2N/A 'files')
2N/A # no additional setup needed for files nameservice
2N/A ;;
2N/A 'dns')
2N/A do_dns $loc || return 1
2N/A ;;
2N/A 'nis')
2N/A do_nis $loc || return 1
2N/A ;;
2N/A 'ldap')
2N/A do_ldap $loc || return 1
2N/A ;;
2N/A '*')
2N/A echo "Unrecognized nameservices value ${ns}; ignoring"
2N/A ;;
2N/A esac
2N/A done
2N/A
2N/A #
2N/A # Restart other related services
2N/A #
2N/A # We explicitly restart here, as restart will only have an
2N/A # effect if the service is already enabled. We don't want
2N/A # to enable the service if it's currently disabled.
2N/A #
2N/A restart_svc $AUTOFS_FMRI
2N/A
2N/A return 0
2N/A}
2N/A
2N/A#
2N/A# do_sec <location>
2N/A#
2N/A# If config properties are set, update the SMF property and refresh the
2N/A# service. If config properties are not set, delete the SMF property and
2N/A# stop the service.
2N/A#
2N/A# Returns 0 on success, 1 on failure
2N/A#
2N/Ado_sec () {
2N/A loc=$1
2N/A
2N/A ike_file=`nwam_get_loc_prop $loc ike-config-file`
2N/A pol_file=`nwam_get_loc_prop $loc ipsecpolicy-config-file`
2N/A ipf_file=`nwam_get_loc_prop $loc ipfilter-config-file`
2N/A ipf6_file=`nwam_get_loc_prop $loc ipfilter-v6-config-file`
2N/A ipnat_file=`nwam_get_loc_prop $loc ipnat-config-file`
2N/A ippool_file=`nwam_get_loc_prop $loc ippool-config-file`
2N/A
2N/A # IKE
2N/A if [ -n "$ike_file" ]; then
2N/A set_smf_prop $IPSEC_IKE_FMRI config/config_file $ike_file
2N/A refresh_svc $IPSEC_IKE_FMRI
2N/A start_svc $IPSEC_IKE_FMRI
2N/A else
2N/A stop_svc $IPSEC_IKE_FMRI
2N/A fi
2N/A
2N/A # IPsec
2N/A if [ -n "$pol_file" ]; then
2N/A set_smf_prop $IPSEC_POLICY_FMRI config/config_file $pol_file
2N/A refresh_svc $IPSEC_POLICY_FMRI
2N/A start_svc $IPSEC_POLICY_FMRI
2N/A else
stop_svc $IPSEC_POLICY_FMRI
fi
# IPFilter
refresh_ipf=false
if [ -n "$ipf_file" ]; then
if [ "$ipf_file" = "/none" ]; then
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy "none"
elif [ "$ipf_file" = "/deny" ]; then
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy "deny"
elif [ "$ipf_file" = "/allow" ]; then
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy "allow"
else
# custom policy with policy file
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/policy "custom"
set_smf_prop $IPFILTER_FMRI \
firewall_config_default/custom_policy_file $ipf_file
fi
refresh_ipf=true
else
# change policy to "none", no need to clear custom_policy_file
set_smf_prop $IPFILTER_FMRI firewall_config_default/policy \
"none"
# IPFilter has to be refreshed to make the changes effective.
# Don't set $refresh_ipf as it keeps IPFilter online rather
# than disabled. Refresh after IPFilter is disabled below.
fi
if [ -n "$ipf6_file" ]; then
set_smf_prop $IPFILTER_FMRI config/ipf6_config_file $ipf6_file
refresh_ipf=true
fi
if [ -n "$ipnat_file" ]; then
set_smf_prop $IPFILTER_FMRI config/ipnat_config_file $ipnat_file
refresh_ipf=true
fi
if [ -n "$ippool_file" ]; then
set_smf_prop $IPFILTER_FMRI config/ippool_config_file \
$ippool_file
refresh_ipf=true
fi
if [ "$refresh_ipf" = "true" ]; then
refresh_svc $IPFILTER_FMRI
start_svc $IPFILTER_FMRI
else
stop_svc $IPFILTER_FMRI
refresh_svc $IPFILTER_FMRI
fi
return 0
}
#
# do_nfsv4 <location>
#
# Updates NFSv4 domain for location in SMF
#
# Returns 0 on success, 1 on failure
#
do_nfsv4 () {
loc=$1
nfsv4domain=`nwam_get_loc_prop $loc nfsv4-domain`
if [ $? -eq 0 ]; then
set_smf_prop $MAPID_FMRI \
nfs-props/nfsmapid_domain $nfsv4domain
start_svc $MAPID_FMRI
else
stop_svc $MAPID_FMRI
fi
return 0
}
#
# activate_loc <location>
#
# Activates the given location
#
# Returns 0 on success, 1 on failure
#
activate_loc () {
loc=$1
echo activating $loc location
#
# if we fail to complete any part of the config,
# stop activation work and report failure.
#
do_sec $loc && do_ns $loc && do_nfsv4 $loc && return 0
return 1
}
#
# Script entry point
#
# Arguments to net-loc are
# method ('start' or 'refresh')
#
# If nwam is not enabled, do nothing and return OK.
#
service_is_enabled $NWAM_FMRI || exit $SMF_EXIT_OK
#
# In a shared-IP zone we need this service to be up, but all of the work
# it tries to do is irrelevant (and will actually lead to the service
# failing if we try to do it), so just bail out.
# In the global zone and exclusive-IP zones we proceed.
#
smf_configure_ip || exit $SMF_EXIT_OK
case "$1" in
'start')
#
# We need to create the default (NoNet and Automatic)
# locations, if they don't already exist. So: first check
# for the existence of each, and then run the appropriate
# nwamcfg script(s) as needed. Restart nwamd if a location is
# created, as it needs to read it in.
#
LOC_CREATED="false"
$NWAMCFG list loc Automatic >/dev/null 2>&1
if [ $? -eq 1 ]; then
$NWAMCFG -f /etc/nwam/loc/create_loc_auto
LOC_CREATED="true"
fi
$NWAMCFG list loc NoNet >/dev/null 2>&1
if [ $? -eq 1 ]; then
NONETPATH=/etc/nwam/loc/NoNet
NONETFILES="ipf.conf ipf6.conf"
for file in $NONETFILES; do
copy_default $NONETPATH $file
done
$NWAMCFG -f /etc/nwam/loc/create_loc_nonet
LOC_CREATED="true"
fi
if [ "$LOC_CREATED" = "true" ]; then
refresh_svc $NWAM_FMRI
fi
# location selection/activation happens below
;;
'refresh')
# location selection/activation happens below
;;
*)
echo "Usage: $0 start|refresh"
exit 1
;;
esac
#
# If the Legacy location doesn't exist and the file to create the Legacy
# location exists, create the Legacy location. Make a copy of it as the user's
# intentions before upgrade. Then activate the User location if nis is
# involved. Because NIS affects more parts of the system (e.g. automounts) we
# are not willing to make NIS part of the Automatic location (i.e. enable it
# automatically based on external input) as we do with DHCP-driven DNS.
#
activate_user_loc=0
$NWAMCFG list loc Legacy >/dev/null 2>&1
if [ $? -eq 1 -a -f "$SCRIPT_PATH/create_loc_legacy" ]; then
#
# We built the script in and pointing to /etc/svc/volatile because we
# may not have a writable filesystem in net-nwam. So here we move the
# components and rewrite the script to point at the writable filesystem.
#
$CP -r $SCRIPT_PATH/Legacy /etc/nwam/loc
$MV $SCRIPT_PATH/create_loc_legacy $SCRIPT_PATH/vcreate_loc_legacy
$SED -e's,$SCRIPT_PATH/Legacy,$LEGACY_LOC_PATH,' \
$SCRIPT_PATH/vcreate_loc_legacy >$SCRIPT_PATH/create_loc_legacy
$RM -f $SCRIPT_PATH/vcreate_loc_legacy
$NWAMCFG -f $SCRIPT_PATH/create_loc_legacy
loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
2>/dev/null`
if [ $? -eq 1 ]; then
#
# We are rewriting configuration variables from the Legacy
# location to the User location. Use variable ULP to keep REs
# within a line.
#
ULP=$USER_LOC_PATH
$SED -e's,Legacy,User,' \
-e's,activation-mode=system,activation-mode=manual,' \
-e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
$SCRIPT_PATH/create_loc_legacy | \
$SED -e's,/etc/nwam/loc/User/none,/none,' \
-e's,/etc/nwam/loc/User/allow,/allow,' \
-e's,/etc/nwam/loc/User/deny,/deny,' \
>$SCRIPT_PATH/create_loc_user
#
# We are creating the User location here. The User location
# is an appromixation of the machine configuration when the
# user change or upgraded to this version of NWAM. First
# we make sure there isn't an existing User location or any
# existing User location data. We then copy all the data
# from the Legacy location and create a location pointing at
# that data. Lastly we create a version property to note
# that we have done this.
#
$NWAMCFG destroy loc User 2>/dev/null
$RM -rf $USER_LOC_PATH
$CP -r $LEGACY_LOC_PATH $USER_LOC_PATH
$RM -f $USER_LOC_PATH/resolv.conf
$NWAMCFG -f $SCRIPT_PATH/create_loc_user
# The User location is activated if 'nis' is in a non comment
# line of nsswitch.conf.
$GREP -v "^#" $USER_LOC_PATH/nsswitch.conf |\
$SED -e 's/[^:]*://' | $GREP nis >/dev/null 2>&1
if [ $? -eq 0 ]; then
activate_user_loc=1
fi
$SVCCFG -s $SMF_FMRI addpg location_upgrade application \
2>/dev/null
$SVCCFG -s $SMF_FMRI setprop location_upgrade/version = \
astring: "1"
fi
fi
#
# Activate a location. If we've just finished upgrading, and
# the User location should be activated, do that (and use nwamadm
# to do so, so the enabled property gets set and nwamd knows this
# selection has been made). Otherwise, if our location/selected
# property has a value, we activate that location; else we activate
# the NoNet location as a default value.
#
if [ $activate_user_loc -eq 1 ]; then
$NWAMADM enable -p loc User
else
sel_loc=`$SVCPROP -c -p location/selected $SMF_FMRI 2>/dev/null`
if [ $? -eq 1 ]; then
# location hasn't been selected; default to NoNet
activate_loc NoNet
else
#
# If the selected location does not exist, or if we fail
# to activate it completely, we fall back to the NoNet
# location. Also poke nwamd, so it will check conditions
# for a better choice.
#
$NWAMCFG list loc $sel_loc >/dev/null 2>&1
if [ $? -eq 1 ]; then
echo "location '$sel_loc' doesn't exist"
activate_loc NoNet
refresh_svc $NWAM_FMRI
else
# activate selected location
if ! activate_loc $sel_loc; then
echo "failed to activate '$sel_loc'"
activate_loc NoNet
refresh_svc $NWAM_FMRI
fi
fi
fi
fi
exit $SMF_EXIT_OK