net-nwam revision 12c67a5977f9e556df6c649fafe45fe905265710
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2012 Milan Jurik. All rights reserved.
#
# FMRI constants
IPSEC_IKE_FMRI="svc:/network/ipsec/ike"
IPSEC_POLICY_FMRI="svc:/network/ipsec/policy"
IPFILTER_FMRI="svc:/network/ipfilter:default"
NIS_CLIENT_FMRI="svc:/network/nis/client:default"
NET_PHYS_FMRI="svc:/network/physical:default"
NET_NWAM_FMRI="svc:/network/physical:nwam"
NET_LOC_FMRI="svc:/network/location:default"
NFS_MAPID_FMRI="svc:/network/nfs/mapid:default"
#
# Default *.conf files
# Set appropriate config SMF property to these files when NWAM is stopped
# and corresponding config properties in the Legacy location are emtpy
#
# commands
# Path to directories
#
# copy_to_legacy_loc <file>
#
# Copies the file to the Legacy location directory
#
if [ -f "$1" ]; then
$CP -p $1 $VOL_LEGACY_PATH
fi
}
#
# copy_from_legacy_loc <destination file>
#
# Copies file with the same name from Legacy location
#
# Make destination directory if needed
fi
fi
}
#
# write_loc_prop <property> <value> <file>
#
# Appends to <file> a nwamcfg command to set <property> to <value> if non-empty
#
prop=$1
val=$2
file=$3
fi
}
#
# set_smf_prop <fmri> <property name> <property value>
#
}
#
# get_smf_prop <fmri> <property name>
#
$SVCPROP -p $2 $1
}
#
# Creates Legacy location from the current configuration
#
#
# Write nwamcfg commands to create Legacy location to
# $CREATE_LOC_LEGACY_FILE as values for properties are determined
# Note that some of the *_CONFIG_FILE variables point at copies of
# files we've made and others indicate where those copies should be
# if we are enabling the location.
#
NAMESERVICES=""
# Copy /etc/nsswitch.conf file
# Gather DNS info from resolv.conf if present.
if [ -f /etc/resolv.conf ]; then
NAMESERVICES="dns,"
if [ $? -eq 0 ]; then
DNS_NAMESERVICE_CONFIGSRC="dhcp"
else
DNS_NAMESERVICE_CONFIGSRC="manual"
print $2 }' < /etc/resolv.conf`
{ printf "%s,", $2 }' < /etc/resolv.conf`
{ printf "%s,", $2 }' < /etc/resolv.conf`
fi
fi
# Gather NIS info from appropriate file if present.
if service_is_enabled $NIS_CLIENT_FMRI; then
NAMESERVICES="${NAMESERVICES}nis,"
NIS_NAMESERVICE_CONFIGSRC="manual"
for serv in $yp_servers; do
if is_valid_addr $serv; then
else
fi
NIS_NAMESERVICE_SERVERS="${NIS_NAMESERVICE_SERVERS}$addr"
done
fi
# Gather LDAP info via ldapclient(1M).
if [ -f /var/ldap/ldap_client_file ]; then
NAMESERVICES="${NAMESERVICES}ldap,"
LDAP_NAMESERVICE_CONFIGSRC="manual"
LDAP_NAMESERVICE_SERVERS=`$LDAPCLIENT list 2>/dev/null | \
fi
# Now, write nwamcfg commands for nameservices
# Retrieve NFSv4 domain from SMF.
if service_is_enabled $NFS_MAPID_FMRI; then
fi
#
# IPFilter
#
# If the firewall policy is "custom", simply copy the
# custom_policy_file. If the firewall policy is "none", "allow" or
# "deny", save the value as "/<value>". When reverting back to the
# Legacy location, these values will have to be treated as special.
#
# For all configuration files, copy them to the Legacy directory.
# Use the respective properties to remember the original locations
# of the files so that they can be copied back there when NWAM is
# stopped.
#
if service_is_enabled $IPFILTER_FMRI; then
else
# save value as /none, /allow, or /deny
fi
fi
# IKE
if service_is_enabled $IPSEC_IKE_FMRI:default; then
fi
# IPsec
if service_is_enabled $IPSEC_POLICY_FMRI:default; then
fi
fi
fi
fi
fi
fi
then
fi
# End
}
#
# Undoes the effects of the Legacy location creation
#
# copy nsswitch.conf to /etc/nsswitch.conf
# DNS - copy resolv.conf to /etc/resolv.conf
fi
# set /etc/defaultdomain and domainname(1M)
fi
fi
'FS="," { for (i = 1; i <= NF; i++) print $i }' \
fi
fi
# LDAP - copy ldap_client_file to /var/ldap/ldap_client_file
fi
# Copy back nfs NFSMAPID_DOMAIN
fi
# IPFilter, IPsec, and IKE
else
fi
else
fi
refresh_ipf=false
# change /none, /allow, and /deny to firewall policy
# no need to clear custom_policy_file as it isn't "custom"
else
firewall_config_default/policy "custom"
fi
refresh_ipf=true
fi
refresh_ipf=true
else
fi
refresh_ipf=true
else
fi
refresh_ipf=true
else
fi
else
fi
# Remove the Legacy directories, script and location
}
#
# Script entry point
#
# Arguments to net-nwam are
# method ( start | refresh | stop | -u | -c )
#
#
#
if [ ! -d $VOL_NWAM_PATH ]; then
fi
case "$1" in
'refresh')
#
#
if service_exists $NET_LOC_FMRI ; then
fi
;;
'start')
# The real daemon is not started in a shared stack zone. But we need to
# create a dummy background process to preserve contract lifetime.
if [ $? = "1" ] ; then
($CAT <$VOL_NWAM_PATH/nwam_blocked >/dev/null) &
exit $SMF_EXIT_OK
fi
#
#
if service_exists $NET_LOC_FMRI ; then
fi
if smf_is_globalzone; then
net_reconfigure || exit $SMF_EXIT_ERR_CONFIG
# Update PVID on interfaces configured with VLAN 1
#
# Upgrade handling. The upgrade file consists of a series
# of dladm(1M) commands. Note that after we are done, we
# cannot rename the upgrade script file as the file system
# is still read-only at this point. Defer this to the
# manifest-import service.
#
if [ -f "${upgrade_script}" ]; then
. "${upgrade_script}"
fi
#
# Upgrade handling for ibd:
# After we are done with the upgrade handling, we can not set
# the ibd/ibd_upgraded property to "true" as the file system is
# read-only at this point. It will be done later by
# ibd-post-upgrade service.
#
if [ -x /sbin/ibd_upgrade ]; then
ibd_upgraded=`/bin/svcprop -c -p ibd/ibd_upgraded \
if [ "$ibd_upgraded" != "true" ]; then
/sbin/ibd_upgrade -v
fi
fi
# Bring up simnet instances
# Initialize security objects.
#
# Initialize VNICs, VLANs and flows. Though they are brought
# up here, NWAM will not automatically manage VNICs and VLANs.
#
fi
#
# We also need to create the Legacy location, which is used
# to restore non-NWAM settings that are overwritten when
# NWAM is enabled (e.g. resolv.conf, nsswitch.conf, etc.).
#
if [ $? -eq 1 ]; then
fi
# start nwamd in foreground; it will daemonize itself
exit $SMF_EXIT_OK
else
exit $SMF_EXIT_ERR_FATAL
fi
;;
'stop')
# We need to make the dummy process we created above stop.
if [ $? = "1" ] ; then
exit $SMF_EXIT_OK
fi
#
# Restore the non-NWAM settings.
#
if [ $? -eq 1 ]; then
echo "No Legacy location to revert to!"
exit $SMF_EXIT_OK
fi
# remove the location property group
;;
'-u')
# After we run this part of the script upon the next reboot
# There are various other parts of the system (nscd, nfs) that
# depend on continuing to have a working network. For this
# reason we don't change the network configuration immediately.
#
# be enabled on reboot.
# If nwam is online then make sure that it's temporarily enabled.
nwam_online=`$SVCPROP -t -p restarter/state $NET_NWAM_FMRI`
if [ $? -eq 0 ]; then
set -- $nwam_online
fi
# Set nwam so that it won't be enabled upon reboot.
exit 0
;;
'-c')
# Nothing to do for sysidtool
exit 0
;;
*)
echo "Usage: $0 { start | stop | refresh }"
exit $SMF_EXIT_ERR_FATAL
;;
esac
exit $SMF_EXIT_OK