PSARC 2008/482 NWAM Phase 0.5 (picea)

6648862 nwam is annoying when no network is available
6642066 NWAM Phase 0 needs better observability
6604418 weak interfaces turn nwam into a bouncing dog that misses its master
6745880 starting or restarting nwam always costs a link reinit

6 files changed, 81 insertions, 5 deletions

diff --git a/usr/src/lib/libsecdb/auth_attr.txt b/usr/src/lib/libsecdb/auth_attr.txt
index f24cb88ed2..093e7a3b38 100644
--- a/usr/src/lib/libsecdb/auth_attr.txt
+++ b/usr/src/lib/libsecdb/auth_attr.txt
@@ -82,6 +82,7 @@ solaris.mms.io.read:::Read Permission for MMS Volumes::help=AuthMMSIORead.html
 solaris.mms.io.write:::Read and Write Permission for MMS Volumes::help=AuthMMSIOWrite.html
 #
 solaris.network.:::Network::help=NetworkHeader.html
+solaris.network.autoconf:::Network Auto-Magic Configuration::help=NetworkAutoconf.html
 solaris.network.link.security:::Link Security::help=LinkSecurity.html
 solaris.network.wifi.config:::Wifi Config::help=WifiConfig.html
 solaris.network.wifi.wep:::Wifi Wep::help=WifiWep.html
diff --git a/usr/src/lib/libsecdb/help/auths/Makefile b/usr/src/lib/libsecdb/help/auths/Makefile
index ab610e0cc8..e2779afef0 100644
--- a/usr/src/lib/libsecdb/help/auths/Makefile
+++ b/usr/src/lib/libsecdb/help/auths/Makefile
@@ -108,6 +108,7 @@ HTMLENTS = \
 	SmfValueVscan.html \
 	SmfVscanStates.html \
 	SmfWpaStates.html \
+	NetworkAutoconf.html \
 	NetworkHeader.html \
 	WifiConfig.html \
 	WifiWep.html \
diff --git a/usr/src/lib/libsecdb/help/auths/NetworkAutoconf.html b/usr/src/lib/libsecdb/help/auths/NetworkAutoconf.html
new file mode 100644
index 0000000000..afdd492da9
--- /dev/null
+++ b/usr/src/lib/libsecdb/help/auths/NetworkAutoconf.html
@@ -0,0 +1,38 @@
+<html>
+
+<!--
+    Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+    Use is subject to license terms.
+
+    CDDL HEADER START
+
+    The contents of this file are subject to the terms of the
+    Common Development and Distribution License (the "License").
+    You may not use this file except in compliance with the License.
+
+    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+    or http://www.opensolaris.org/os/licensing.
+    See the License for the specific language governing permissions
+    and limitations under the License.
+
+    When distributing Covered Code, include this CDDL HEADER in each
+    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+    If applicable, add the following below this CDDL HEADER, with the
+    fields enclosed by brackets "[]" replaced with your own identifying
+    information: Portions Copyright [yyyy] [name of copyright owner]
+
+    CDDL HEADER END
+-->
+
+<head>
+<!--
+meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
+-->
+</head>
+<body>
+When Network Auto-Magic Configuration is in the Authorizations
+Included column, it grants permission to direct the activity of the
+nwamd(1M) daemon through the GUI interface, allowing the user to set
+link preferences and control Wireless Access Point selection.
+</body>
+</html>
diff --git a/usr/src/lib/libsecdb/help/profiles/Makefile b/usr/src/lib/libsecdb/help/profiles/Makefile
index aa6f9b2011..5b4a584789 100644
--- a/usr/src/lib/libsecdb/help/profiles/Makefile
+++ b/usr/src/lib/libsecdb/help/profiles/Makefile
@@ -21,8 +21,6 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-#ident	"%Z%%M%	%I%	%E% SMI"
-#
 # lib/libsecdb/help/profiles/Makefile
 #
 
@@ -58,6 +56,7 @@ HTMLENTS = \
 	RtNDMPMngmnt.html \
 	RtNameServiceAdmin.html \
 	RtNameServiceSecure.html \
+	RtNetAutoconf.html \
 	RtNetIPsec.html \
 	RtNetMngmnt.html \
 	RtNetSecure.html \
diff --git a/usr/src/lib/libsecdb/help/profiles/RtNetAutoconf.html b/usr/src/lib/libsecdb/help/profiles/RtNetAutoconf.html
new file mode 100644
index 0000000000..28f5de6ccd
--- /dev/null
+++ b/usr/src/lib/libsecdb/help/profiles/RtNetAutoconf.html
@@ -0,0 +1,37 @@
+<HTML>
+<!--
+    CDDL HEADER START
+
+    The contents of this file are subject to the terms of the
+    Common Development and Distribution License (the "License").
+    You may not use this file except in compliance with the License.
+
+    You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+    or http://www.opensolaris.org/os/licensing.
+    See the License for the specific language governing permissions
+    and limitations under the License.
+
+    When distributing Covered Code, include this CDDL HEADER in each
+    file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+    If applicable, add the following below this CDDL HEADER, with the
+    fields enclosed by brackets "[]" replaced with your own identifying
+    information: Portions Copyright [yyyy] [name of copyright owner]
+
+    CDDL HEADER END
+
+-- Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+-- Use is subject to license terms.
+-->
+<head>
+<title></title>
+</head>
+<body>
+When Network Autoconf is in the Rights Included column, it grants the
+right to manage the behavior and priorities of the nwamd(1M) network
+auto-magic daemon.
+<p>
+If Network Autoconf is grayed, then you are not entitled to Add or
+Remove this right.
+<p>
+</body>
+</html>
diff --git a/usr/src/lib/libsecdb/prof_attr.txt b/usr/src/lib/libsecdb/prof_attr.txt
index c3815f128a..4c09ff6b49 100644
--- a/usr/src/lib/libsecdb/prof_attr.txt
+++ b/usr/src/lib/libsecdb/prof_attr.txt
@@ -23,7 +23,6 @@
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
-#
 
 #
 # /etc/security/prof_attr
@@ -33,7 +32,7 @@
 All:::Execute any command as the user or role:help=RtAll.html
 Audit Control:::Configure Solaris Auditing:auths=solaris.audit.config,solaris.jobs.admin;help=RtAuditCtrl.html
 Audit Review:::Review Solaris Auditing logs:auths=solaris.audit.read;help=RtAuditReview.html
-Console User:::Manage System as the Console User:profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management;auths=solaris.system.shutdown;help=RtConsUser.html
+Console User:::Manage System as the Console User:profiles=Suspend To RAM,Suspend To Disk,Brightness,CPU Power Management,Network Autoconf;auths=solaris.system.shutdown;help=RtConsUser.html
 Contract Observer:::Reliably observe any/all contract events:help=RtContractObserver.html
 Device Management:::Control Access to Removable Media:auths=solaris.device.*;help=RtDeviceMngmnt.html
 Printer Management:::Manage printers, daemons, spooling:auths=solaris.print.*,solaris.label.print,solaris.smf.manage.discovery.printers.*,solaris.smf.value.discovery.printers.*;help=RtPrntAdmin.html
@@ -59,7 +58,8 @@ MMS Administrator:::MMS Media Manager Administrator:auths=solaris.smf.manage.mms
 MMS Operator:::MMS Media Manager Operator:auths=solaris.smf.manage.mms,solaris.mms.media.*,solaris.mms.request.*,solaris.mms.device.state.*,solaris.mms.device.log.*
 MMS User:::MMS Tape User:auths=solaris.mms.io.*
 NDMP Management:::Manage the NDMP service:auths=solaris.smf.manage.ndmp,solaris.smf.value.ndmp,solaris.smf.read.ndmp;help=RtNdmpMngmnt.html
-Network Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.tnd,solaris.smf.manage.tnctl,solaris.smf.manage.wpa,solaris.smf.value.mdns,solaris.smf.manage.mdns;profiles=Network Wifi Management,Inetd Management;help=RtNetMngmnt.html
+Network Autoconf:::Manage network auto-magic configuration via nwamd:auths=solaris.network.autoconf;help=RtNetAutoconf.html
+Network Management:::Manage the host and network configuration:auths=solaris.smf.manage.name-service-cache,solaris.smf.manage.bind,solaris.smf.value.routing,solaris.smf.manage.routing,solaris.smf.value.nwam,solaris.smf.manage.nwam,solaris.smf.manage.tnd,solaris.smf.manage.tnctl,solaris.smf.manage.wpa,solaris.smf.value.mdns,solaris.smf.manage.mdns;profiles=Network Wifi Management,Inetd Management,Network Autoconf;help=RtNetMngmnt.html
 Network Security:::Manage network and host security:auths=solaris.smf.manage.ssh,solaris.smf.value.tnd;profiles=Network Wifi Security,Network Link Security,Network IPsec Management;help=RtNetSecure.html
 Network Wifi Management:::Manage wifi network configuration:auths=solaris.network.wifi.config;help=RtNetWifiMngmnt.html
 Network Wifi Security:::Manage wifi network security:auths=solaris.network.wifi.wep;help=RtNetWifiSecure.html