6455139 Change default permissions for /etc/inet config files from 444 to 644

6688759 dladm set-linkprop results in 2 setprop ioctls being sent to the driver.
6703160 bizarre dladm output for removed physical device

11 files changed, 67 insertions, 45 deletions

diff --git a/usr/src/cmd/cmd-inet/etc/Makefile b/usr/src/cmd/cmd-inet/etc/Makefile
index b1e1f55e84..b58d664eb5 100644
--- a/usr/src/cmd/cmd-inet/etc/Makefile
+++ b/usr/src/cmd/cmd-inet/etc/Makefile
@@ -18,20 +18,16 @@
 #
 # CDDL HEADER END
 #
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
-#
 
 SYMPROG= hosts inetd.conf networks protocols services netmasks sock2path
 
 # New /etc/inet files shouldn't have /etc entries.
-PROG= datemsk.ndpd ipaddrsel.conf ipsecalgs ipsecinit.sample \
-    ipqosconf.1.sample ipqosconf.2.sample ipqosconf.3.sample \
-    wanboot.conf.sample
-ETCPROG= $(SYMPROG) $(PROG)
+EDITPROG= ipaddrsel.conf ipsecalgs
+PROG= datemsk.ndpd ipsecinit.sample ipqosconf.1.sample ipqosconf.2.sample \
+    ipqosconf.3.sample wanboot.conf.sample
+ETCPROG= $(SYMPROG) $(EDITPROG) $(PROG)
 SUBDIRS= default dhcp init.d ike nca ppp secret
 
 include ../../Makefile.cmd
@@ -45,6 +41,7 @@ INETVARDIR=	$(ROOTVAR)/inet
 DIRS= 		$(INETETCDIR) $(INETVARDIR)
 SYMDIR= 	inet
 ETCINETPROG=	$(ETCPROG:%=$(INETETCDIR)/%)
+EDITFILES=	$(SYMPROG:%=$(INETETCDIR)/%) $(EDITPROG:%=$(INETETCDIR)/%)
 # Only old /etc/inet files get symlinks in /etc.
 SYMETCPROG=	$(SYMPROG:%=sym_%)
 SYMIPNODES=	$(INETETCDIR)/ipnodes
@@ -55,6 +52,8 @@ GROUP= sys
 
 .KEEP_STATE:
 
+$(EDITFILES) := FILEMODE= 0644
+
 all: $(ETCPROG) $(SUBDIRS)
 
 install: all $(DIRS) $(ETCINETPROG) $(SYMETCPROG) $(SYMIPNODES) $(SUBDIRS)
diff --git a/usr/src/cmd/dladm/dladm.c b/usr/src/cmd/dladm/dladm.c
index 739e40eeed..c024910df2 100644
--- a/usr/src/cmd/dladm/dladm.c
+++ b/usr/src/cmd/dladm/dladm.c
@@ -6342,8 +6342,7 @@ do_show_ether(int argc, char **argv, const char *use)
 
 	if (state.es_link == NULL) {
 		(void) dladm_walk_datalink_id(show_etherprop, handle, &state,
-		    DATALINK_CLASS_PHYS, DL_ETHER,
-		    DLADM_OPT_ACTIVE | DLADM_OPT_PERSIST);
+		    DATALINK_CLASS_PHYS, DL_ETHER, DLADM_OPT_ACTIVE);
 	} else {
 		if (!link_is_ether(state.es_link, &linkid))
 			die("invalid link specified");
diff --git a/usr/src/lib/libdladm/common/linkprop.c b/usr/src/lib/libdladm/common/linkprop.c
index ef56bbbad8..301672225e 100644
--- a/usr/src/lib/libdladm/common/linkprop.c
+++ b/usr/src/lib/libdladm/common/linkprop.c
@@ -118,7 +118,7 @@ static dld_ioc_macprop_t *i_dladm_buf_alloc_by_id(size_t, datalink_id_t,
 static dld_ioc_macprop_t *i_dladm_get_public_prop(dladm_handle_t, datalink_id_t,
 			    char *, uint_t, dladm_status_t *, uint_t *);
 
-static dladm_status_t i_dladm_set_prop(dladm_handle_t, datalink_id_t,
+static dladm_status_t i_dladm_set_private_prop(dladm_handle_t, datalink_id_t,
 			    const char *, char **, uint_t, uint_t);
 static dladm_status_t i_dladm_get_priv_prop(dladm_handle_t, datalink_id_t,
 			    const char *, char **, uint_t *, dladm_prop_type_t,
@@ -710,8 +710,8 @@ i_dladm_set_linkprop(dladm_handle_t handle, datalink_id_t linkid,
 	if (!found) {
 		if (prop_name[0] == '_') {
 			/* other private properties */
-			status = i_dladm_set_prop(handle, linkid, prop_name,
-			    prop_val, val_cnt, flags);
+			status = i_dladm_set_private_prop(handle, linkid,
+			    prop_name, prop_val, val_cnt, flags);
 		} else  {
 			status = DLADM_STATUS_NOTFOUND;
 		}
@@ -736,6 +736,10 @@ dladm_set_linkprop(dladm_handle_t handle, datalink_id_t linkid,
 		return (DLADM_STATUS_BADARG);
 	}
 
+	/*
+	 * Check for valid link property against the flags passed
+	 * and set the link property when active flag is passed.
+	 */
 	status = i_dladm_set_linkprop(handle, linkid, prop_name, prop_val,
 	    val_cnt, flags);
 	if (status != DLADM_STATUS_OK)
@@ -2688,7 +2692,7 @@ i_dladm_flowctl_get(dladm_handle_t handle, prop_desc_t *pdp,
 
 /* ARGSUSED */
 static dladm_status_t
-i_dladm_set_prop(dladm_handle_t handle, datalink_id_t linkid,
+i_dladm_set_private_prop(dladm_handle_t handle, datalink_id_t linkid,
     const char *prop_name, char **prop_val, uint_t val_cnt, uint_t flags)
 
 {
@@ -2706,6 +2710,9 @@ i_dladm_set_prop(dladm_handle_t handle, datalink_id_t linkid,
 	if (p->pp_id != MAC_PROP_PRIVATE)
 		return (DLADM_STATUS_BADARG);
 
+	if (!(flags & DLADM_OPT_ACTIVE))
+		return (DLADM_STATUS_OK);
+
 	/*
 	 * private properties: all parsing is done in the kernel.
 	 * allocate a enough space for each property + its separator (',').
diff --git a/usr/src/pkgdefs/SUNWcnetr/prototype_com b/usr/src/pkgdefs/SUNWcnetr/prototype_com
index 7091ec4bc5..0243a81304 100644
--- a/usr/src/pkgdefs/SUNWcnetr/prototype_com
+++ b/usr/src/pkgdefs/SUNWcnetr/prototype_com
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #
@@ -65,13 +65,13 @@ d none etc/inet/ike 755 root sys
 f none etc/inet/ike/config.sample 444 root sys
 d none etc/inet/ike/crls 755 root sys
 d none etc/inet/ike/publickeys 755 root sys
-e ipsecalgsbase etc/inet/ipsecalgs 444 root sys
+e ipsecalgsbase etc/inet/ipsecalgs 644 root sys
 f none etc/inet/ipsecinit.sample 444 root sys
 d none etc/inet/secret 700 root sys
 e preserve etc/inet/secret/ike.preshared 600 root sys
 d none etc/inet/secret/ike.privatekeys 700 root sys
 f none etc/inet/secret/ipseckeys.sample 600 root sys
-e sock2path etc/inet/sock2path 444 root sys
+e sock2path etc/inet/sock2path 644 root sys
 s none etc/sock2path=./inet/sock2path
 d none sbin 755 root sys
 f none sbin/dladm 555 root bin
diff --git a/usr/src/pkgdefs/SUNWcsr/prototype_com b/usr/src/pkgdefs/SUNWcsr/prototype_com
index 1d3ca9cf52..bb9ce2b28e 100644
--- a/usr/src/pkgdefs/SUNWcsr/prototype_com
+++ b/usr/src/pkgdefs/SUNWcsr/prototype_com
@@ -162,14 +162,14 @@ s none etc/grpck=../usr/sbin/grpck
 s none etc/halt=../usr/sbin/halt
 s none etc/hosts=./inet/hosts
 d none etc/inet 755 root sys
-e hosts etc/inet/hosts 444 root sys
+e hosts etc/inet/hosts 644 root sys
 s none etc/inet/ipnodes=./hosts
-e inetdconf etc/inet/inetd.conf 444 root sys
-e preserve etc/inet/ipaddrsel.conf 444 root sys
-e preserve etc/inet/netmasks 444 root sys
-e preserve etc/inet/networks 444 root sys
-e services etc/inet/protocols 444 root sys
-e services etc/inet/services 444 root sys
+e inetdconf etc/inet/inetd.conf 644 root sys
+e preserve etc/inet/ipaddrsel.conf 644 root sys
+e preserve etc/inet/netmasks 644 root sys
+e preserve etc/inet/networks 644 root sys
+e services etc/inet/protocols 644 root sys
+e services etc/inet/services 644 root sys
 f none etc/inet/wanboot.conf.sample 444 root sys
 s none etc/inetd.conf=./inet/inetd.conf
 s none etc/init=../sbin/init
diff --git a/usr/src/pkgdefs/common_files/i.hosts b/usr/src/pkgdefs/common_files/i.hosts
index e6902398ac..9f746d8100 100755..100644
--- a/usr/src/pkgdefs/common_files/i.hosts
+++ b/usr/src/pkgdefs/common_files/i.hosts
@@ -20,10 +20,9 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
 #
 
 merge_ipnodes() {
@@ -467,6 +466,9 @@ deliver_hosts() {
 			continue
 		fi
 	fi
+
+	# Set correct permissions on hosts file
+	chmod 0644 $dest
 }
 	
 # main
diff --git a/usr/src/pkgdefs/common_files/i.inetdconf b/usr/src/pkgdefs/common_files/i.inetdconf
index 8fe041803f..22e3e09c71 100644
--- a/usr/src/pkgdefs/common_files/i.inetdconf
+++ b/usr/src/pkgdefs/common_files/i.inetdconf
@@ -20,10 +20,9 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
 #
 
 PATH="/usr/bin:/usr/sbin:${PATH}"
@@ -420,6 +419,9 @@ do
 			exit 1
 			;;
 		esac
+
+		# Set correct permisisons
+		chmod 0644 $dest
 	fi
 
 	# Add cachefsd if not there
diff --git a/usr/src/pkgdefs/common_files/i.ipsecalgsbase b/usr/src/pkgdefs/common_files/i.ipsecalgsbase
index 68e4743f55..f6a28f445a 100644
--- a/usr/src/pkgdefs/common_files/i.ipsecalgsbase
+++ b/usr/src/pkgdefs/common_files/i.ipsecalgsbase
@@ -20,10 +20,9 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2008 Sun Microsystems, Inc.	 All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-# ident	"%Z%%M%	%I%	%E% SMI"
  
 while read src dest
 do
@@ -68,6 +67,9 @@ do
 		    $dest.$$ > $dest.2.$$
 		mv $dest.2.$$ $dest
 		rm $dest.$$
+
+		# Set correct permissions
+		chmod 0644 $dest
 	fi
 done
 exit 0
diff --git a/usr/src/pkgdefs/common_files/i.services b/usr/src/pkgdefs/common_files/i.services
index 5a7b04dcab..f5da8ce02b 100644
--- a/usr/src/pkgdefs/common_files/i.services
+++ b/usr/src/pkgdefs/common_files/i.services
@@ -3,9 +3,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -20,10 +19,7 @@
 #
 # CDDL HEADER END
 #
-#
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
-# Copyright 1999-2003 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 
@@ -92,6 +88,9 @@ do
 		fi
 		cp /tmp/d.$$ $dest
 		rm -f /tmp/d.$$
+
+		# Set correct permissions on services file
+		chmod 0644 $dest
 	fi
 done
 
diff --git a/usr/src/pkgdefs/common_files/i.sock2path b/usr/src/pkgdefs/common_files/i.sock2path
index 31fcde8e06..87e585cb0d 100644
--- a/usr/src/pkgdefs/common_files/i.sock2path
+++ b/usr/src/pkgdefs/common_files/i.sock2path
@@ -19,7 +19,7 @@
 #
 # CDDL HEADER END
 #
-# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 
@@ -95,6 +95,9 @@ do
 			} else {print $0}}' >> /tmp/i.$$
 		cp /tmp/i.$$ $dest
 		rm -f /tmp/i.$$
+
+		# Set correct permissions
+		chmod 0644 $dest
 	fi
 done
 
diff --git a/usr/src/tools/scripts/bfu.sh b/usr/src/tools/scripts/bfu.sh
index d38c36acc9..4bab879f5d 100644
--- a/usr/src/tools/scripts/bfu.sh
+++ b/usr/src/tools/scripts/bfu.sh
@@ -4108,13 +4108,22 @@ cleanup_kerberos_mechanisms()
 mpxiodisableno='^[ 	]*mpxio-disable[ 	]*=[ 	]*"no"[ 	]*;'
 mpxiodisableyes='^[ 	]*mpxio-disable[ 	]*=[ 	]*"yes"[ 	]*;'
 
-#
-# fix up audit permissions
-#
-fix_up_audit()
+fix_up_perms()
 {
+	#
+	# fix up audit permissions
+	#
 	chmod 644 $root/etc/security/audit_control
 	chmod 644 $root/etc/security/audit_user
+
+	#
+	# fix up /etc/inet config file permissions
+	#
+	INETFILES="hosts networks netmasks protocols services \
+	    inetd.conf ipaddrsel.conf sock2path ipsecalgs"
+	for file in ${INETFILES}; do
+		chmod 644 $root/etc/inet/$file
+	done
 }
 
 #
@@ -8254,8 +8263,8 @@ mondo_loop() {
 		fi
 	fi
 
-	# Fix up audit permissions
-	fix_up_audit
+	# Fix up audit & /etc/inet config file permissions
+	fix_up_perms
 
 	# Remove bsmrecord.  Renamed to auditrecord.
 	rm -f $root/usr/sbin/bsmrecord