net-loc revision 276043a4e62a0ac7b426b4582f040075d6cb6509
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#
# FMRI consts
AUTOFS_FMRI="svc:/system/filesystem/autofs"
DNS_CLIENT_FMRI="svc:/network/dns/client"
IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
IPFILTER_FMRI="svc:/network/ipfilter:default"
LDAP_CLIENT_FMRI="svc:/network/ldap/client"
LOCATION_FMRI="svc:/network/location:default"
MAPID_FMRI="svc:/network/nfs/mapid:default"
NIS_CLIENT_FMRI="svc:/network/nis/client"
# commands
# Path to directories
#
# echoes DHCP controlled interfaces separated by commas
#
# Don't parse the output of ifconfig(1M) because interfaces that haven't
# acquired a DHCP lease also have the DHCP flag set.
#
#
# 1. parse netstat(1M) output for v4 interfaces in BOUND
# or INFORMATION state
# 2. make a space-separated list of interface names
#
$2 ~ /BOUND/ { printf "%s ", $1 }
$2 ~ /INFORMATION/ { printf "%s ", $1 }'
}
#
# get_dhcpinfo <code/identifier>
#
# echoes the value received through each interface controlled by DHCP;
# multiple values are echoed as a space-separated list
#
# returns:
# 0 => property is set
# 1 => property is not set
#
code=$1
# Get all interfaces with DHCP control, IFS is " "
info=""
for intf in $interfaces; do
if [ $? -eq 0 ]; then
else
fi
fi
done
echo $info
}
#
# set_smf_prop <fmri> <property name> <property value>
#
}
#
# refresh_svc <fmri>
#
# Refreshes the service.
#
}
#
# restart_svc <fmri>
#
# Restarts the service.
#
}
#
# start_svc <fmri>
#
# Starts the service. If the service is already enabled, restarts it. If
# it is not enabled, temporarily enables it.
#
if service_is_enabled $1; then
else
fi
}
#
# stop_svc <fmri>
#
# Temporarily disables the service.
#
}
#
# copy_default <dir> <file>
#
# Copies <dir>/<file>.dfl to <dir>/<file>
#
}
#
# do_dns <location>
#
# Installs DNS information on /etc/resolv.conf for location
#
# Returns 0 on success, 1 on failure
#
loc=$1
# Write out to temporary file first
echo "missing 'dns-nameservice-configsrc' property for '$loc'"
return 1
fi
for configsrc in $DNS_CONFIGSRC; do
'manual')
echo "DNS nameserver not set for '$loc'"
return 1
fi
;;
'dhcp')
# Use first search list entry as default domain
set -- $DNS_SEARCH
DNS_DOMAIN=$1
;;
'*')
echo "Unrecognized DNS configsrc ${configsrc}; ignoring"
;;
esac
# Write DNS settings
'{ for (i = 1; i <= NF; i++) \
print "domain ", $i }' >> $file.$$
fi
'{ printf("search"); \
for (i = 1; i <= NF; i++) printf(" %s", $i); \
printf("\n") }' >> $file.$$
fi
'{ for (i = 1; i <= NF; i++) \
print "nameserver ", $i }' >> $file.$$
fi
done
# Finally, copy our working version to the real thing
return 0
}
#
# do_nis <location>
#
#
# Returns 0 on success, 1 on failure
#
loc=$1
echo "missing 'nis-nameservice-configsrc' property for '$loc'"
return 1
fi
for configsrc in $NIS_CONFIGSRC; do
'manual')
# user-specified default-domain always wins
else
echo "'domainname' not set for '$loc'"
return 1
fi
;;
'dhcp')
# Use only the first name
;;
'*')
echo "Unrecognized NIS configsrc ${configsrc}; ignoring"
;;
esac
fi
'{ for (i = 1; i <= NF; i++) print $i }' \
fi
done
return 0
}
#
# do_ldap <location>
#
# Installs LDAP information using ldapclient(1M) for location
#
# Returns 0 on success, 1 on failure
#
loc=$1
echo "missing 'ldap-nameservice-configsrc' property for '$loc'"
return 1
fi
for configsrc in $LDAP_CONFIGSRC; do
'manual')
if [ -z $LDAP_SERVERS -o -z $DEFAULT_DOMAIN ]; then
echo "LDAP configuration could not be set "\
"for '$loc'"
return 1
fi
;;
'*')
echo "Invalid LDAP configsrc ${configsrc}; ignoring"
;;
esac
# Use ldapclient(1M) to initialize LDAP client settings.
fi
done
return 0
}
#
# do_ns <location>
#
# Installs different nameservices for location
#
# Returns 0 on success, 1 on failure
#
loc=$1
#
# Disable nameservices temporarily while we reconfigure. Copy
# /etc/nsswitch.files to /etc/nsswitch.conf first so that only "files"
# are used.
#
$CP -p /etc/nsswitch.files /etc/nsswitch.conf
#
# Remove /etc/defaultdomain and unset domainname(1M). If NIS
# and/or LDAP is configured, they will create /etc/defaultdomain
# and set the domainname(1M).
#
$DOMAINNAME " "
echo "missing 'nameservices' property for location '$loc'"
return 1
fi
echo "missing 'nameservices-config-file' property for '$loc'"
return 1
fi
for ns in $NAMESERVICES; do
'files')
# no additional setup needed for files nameservice
;;
'dns')
;;
'nis')
;;
'ldap')
;;
'*')
echo "Unrecognized nameservices value ${ns}; ignoring"
;;
esac
done
#
# Restart other related services
#
# We explicitly restart here, as restart will only have an
# effect if the service is already enabled. We don't want
# to enable the service if it's currently disabled.
#
return 0
}
#
# do_sec <location>
#
# If config properties are set, update the SMF property and refresh the
# service. If config properties are not set, delete the SMF property and
# stop the service.
#
# Returns 0 on success, 1 on failure
#
loc=$1
# IKE
else
fi
# IPsec
else
fi
# IPFilter
refresh_ipf=false
firewall_config_default/policy "none"
firewall_config_default/policy "deny"
firewall_config_default/policy "allow"
else
# custom policy with policy file
firewall_config_default/policy "custom"
fi
refresh_ipf=true
else
# change policy to "none", no need to clear custom_policy_file
"none"
# IPFilter has to be refreshed to make the changes effective.
# Don't set $refresh_ipf as it keeps IPFilter online rather
# than disabled. Refresh after IPFilter is disabled below.
fi
refresh_ipf=true
fi
refresh_ipf=true
fi
refresh_ipf=true
fi
else
fi
return 0
}
#
# do_nfsv4 <location>
#
# Updates NFSv4 domain for location in SMF
#
# Returns 0 on success, 1 on failure
#
loc=$1
if [ $? -eq 0 ]; then
else
fi
return 0
}
#
# activate_loc <location>
#
# Activates the given location
#
# Returns 0 on success, 1 on failure
#
loc=$1
echo activating $loc location
#
# if we fail to complete any part of the config,
# stop activation work and report failure.
#
return 1
}
#
# Script entry point
#
# Arguments to net-loc are
# method ('start' or 'refresh')
#
# If nwam is not enabled, do nothing and return OK.
#
#
# In a shared-IP zone we need this service to be up, but all of the work
# it tries to do is irrelevant (and will actually lead to the service
# failing if we try to do it), so just bail out.
# In the global zone and exclusive-IP zones we proceed.
#
smf_configure_ip || exit $SMF_EXIT_OK
case "$1" in
'start')
#
# We need to create the default (NoNet and Automatic)
# locations, if they don't already exist. So: first check
# for the existence of each, and then run the appropriate
# nwamcfg script(s) as needed. Restart nwamd if a location is
# created, as it needs to read it in.
#
LOC_CREATED="false"
if [ $? -eq 1 ]; then
LOC_CREATED="true"
fi
if [ $? -eq 1 ]; then
done
LOC_CREATED="true"
fi
if [ "$LOC_CREATED" = "true" ]; then
fi
# location selection/activation happens below
;;
'refresh')
# location selection/activation happens below
;;
*)
echo "Usage: $0 start|refresh"
exit 1
;;
esac
#
# If the Legacy location doesn't exist and the file to create the Legacy
# location exists, create the Legacy location. Make a copy of it as the user's
# intentions before upgrade. Then activate the User location if nis is
# involved. Because NIS affects more parts of the system (e.g. automounts) we
# are not willing to make NIS part of the Automatic location (i.e. enable it
# automatically based on external input) as we do with DHCP-driven DNS.
#
#
# may not have a writable filesystem in net-nwam. So here we move the
# components and rewrite the script to point at the writable filesystem.
#
$SED -e's,$SCRIPT_PATH/Legacy,$LEGACY_LOC_PATH,' \
loc_ver=`$SVCPROP -c -p location_upgrade/version $LOCATION_FMRI \
if [ $? -eq 1 ]; then
#
# We are rewriting configuration variables from the Legacy
# location to the User location. Use variable ULP to keep REs
# within a line.
#
$SED -e's,Legacy,User,' \
-e's,activation-mode=system,activation-mode=manual,' \
-e"s,\(ipfilter-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ipfilter-v6-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ipnat-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ippool-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ike-config-file=\).*/\(.*\),\1$ULP/\2," \
-e"s,\(ipsecpolicy-config-file=\).*/\(.*\),\1$ULP/\2," \
#
# We are creating the User location here. The User location
# is an appromixation of the machine configuration when the
# user change or upgraded to this version of NWAM. First
# we make sure there isn't an existing User location or any
# existing User location data. We then copy all the data
# from the Legacy location and create a location pointing at
# that data. Lastly we create a version property to note
# that we have done this.
#
# The User location is activated if 'nis' is in a non comment
# line of nsswitch.conf.
if [ $? -eq 0 ]; then
fi
astring: "1"
fi
fi
#
# Activate a location. If we've just finished upgrading, and
# the User location should be activated, do that (and use nwamadm
# to do so, so the enabled property gets set and nwamd knows this
# property has a value, we activate that location; else we activate
# the NoNet location as a default value.
#
else
if [ $? -eq 1 ]; then
# location hasn't been selected; default to NoNet
else
#
# If the selected location does not exist, or if we fail
# to activate it completely, we fall back to the NoNet
# location. Also poke nwamd, so it will check conditions
# for a better choice.
#
if [ $? -eq 1 ]; then
echo "location '$sel_loc' doesn't exist"
else
# activate selected location
if ! activate_loc $sel_loc; then
echo "failed to activate '$sel_loc'"
fi
fi
fi
fi
exit $SMF_EXIT_OK