Commit Graph

131947 Commits

Author SHA1 Message Date
Robert Watson
78007886c9 Apply variable name normalization to MAC policies: adopt global conventions
for the naming of variables associated with specific data structures.

Obtained from:	TrustedBSD Project
2007-04-23 13:15:23 +00:00
Pawel Jakub Dawidek
8c804c7c98 Correct typo. 2007-04-23 12:53:00 +00:00
Poul-Henning Kamp
ea60845d09 Make it possible to specify an initial state for the LED.
Requested by:	Henrik Brix Andersen <henrik@brixandersen.dk>
PR:	112008
2007-04-23 12:42:15 +00:00
Poul-Henning Kamp
98b2967900 Add VLAN capability.
Submitted by:	Slawa Olhovchenkov <slw@zxy.spb.ru>
2007-04-23 12:19:02 +00:00
Poul-Henning Kamp
601c3cc018 Improve reporting in recoverdisk a good deal.
Submitted by:	Ulrich Spoerlein <uspoerlein@gmail.com>
PR:	111630
2007-04-23 12:17:27 +00:00
Yaroslav Tykhiy
f3aad16b88 Insert explicit space between the output fields to prevent them
from running together when a field overflows.

MFC after:	1 week
2007-04-23 11:43:22 +00:00
George V. Neville-Neil
6486cbd7bb Turn off route header processing for now due to issues pointed out
by Philippe Biondi and Arnaud Ebalard.  This is a temporary fix
until more discussion can be had on the exact risks involved in
allowing source routing in IPv6

Submitted by:	itojun
Reviewed by:	jinmei
MFC after:	1 day
2007-04-23 09:32:04 +00:00
Matteo Riondato
55987d865b 1)Make it possible for rpcbind(8) to bind TCP listening socket to an IP
other than INADDR_ANY.

2) Add the -6 option to specify "IPv6 only".

Glanced at by: bms
Requested by: bms [2]
PR: bin/84494 [1]
Approved by:	silence from maintainer (~2 weeks) [1]
MFC after:	2 weeks
2007-04-23 07:09:25 +00:00
Alan Cox
cf75c506db Add synchronization. Eliminate the acquisition and release of Giant.
Reviewed by: tegge
2007-04-23 06:12:24 +00:00
Sam Leffler
b298baf298 make dev.ath.N.ledpin have an immediate effect
PR:		kern/111810
Submitted by:	Henrik Brix Andersen <henrik@brixandersen.dk>
MFC after:	1 week
2007-04-23 05:57:06 +00:00
Sam Leffler
6e3a3700de o fix a buffer overflow in save_key() that occurs with 104-bit wep
o make some variables parameters (frequency of crack, and maximum channel)
o try to spoof mac if association fails

Submitted by:	Andrea Bittau <a.bittau@cs.ucl.ac.uk>
2007-04-23 05:51:18 +00:00
Daniel Eischen
96c57267f5 Add a reference and lock the target thread when setting its name.
Submitted by:	davidxu (via libthr)
2007-04-23 03:36:14 +00:00
Daniel Eischen
6f91e7a3af When generating the version map file, order versions oldest
first to make it easier for rtld to choose the oldest version
of a symbol.

Sumbitted by:	kan
2007-04-23 03:24:33 +00:00
Pawel Jakub Dawidek
cc7cd831b2 MFp4: Reduce diff against vendor code:
- Move FreeBSD-specific code to zfs_freebsd_*() functions in zfs_vnops.c
  and keep original functions as similar to vendor's code as possible.
- Add various includes back, now that we have them.
2007-04-23 00:52:07 +00:00
Randall Stewart
ee7f985774 Fixes cut and paste bug using wrong pointer reference. 2007-04-23 00:51:49 +00:00
Nate Lawson
f5e97105d3 Add back the original behavior of changing the entire directory path at
once (CWD a/b/c vs. 3 CWDs).  If an error occurs, we fall back to the default
method of a single CWD per directory element.  Since this is technically
a violation of the basic FTP RFC, this behavior is under a compile-time
option FTP_COMBINE_CWDS and is off by default.  It should work with most
Unix-based FTP daemons and can save latency.

MFC after:	2 weeks
2007-04-22 22:33:29 +00:00
Pawel Jakub Dawidek
3698384259 Fix 'zpool status -v'. To get object number we should use ZFS_DIRENT_OBJ()
macro, as za_first_integer field also contains type. This should be fixed in
ZFS itself, but this bug is not visible on Solaris, because there, type is
not stored in za_first_integer. On the other hand it will be visible on
MacOS X.

Reported by:	Barry Pederson <bp@barryp.org>
2007-04-22 21:18:40 +00:00
Pawel Jakub Dawidek
77128a226d Fix st_rdev handling (implement it, actually).
Reported by:	gj
2007-04-22 21:16:15 +00:00
Erwin Lansing
1b4a4386aa Clement has stepped down from portmgr.
Thanks for all your work!

Reminded by:	brueffer
2007-04-22 21:11:46 +00:00
Pawel Jakub Dawidek
4d739c23fd When zfs dataset has jailed=on property, it won't be mounted with
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
2007-04-22 20:55:08 +00:00
Robert Watson
26ae2b86b6 Normalize variable naming in the MAC Framework by adopting the normal
variable name conventions for arguments passed into the framework --
for example, name network interfaces 'ifp', sockets 'so', mounts 'mp',
mbufs 'm', processes 'p', etc, wherever possible.  Previously there
was significant variation in this regard.

Normalize copyright lists to ranges where sensible.
2007-04-22 19:55:56 +00:00
Robert Watson
eb542415c0 In the MAC Framework implementation, file systems have two per-mountpoint
labels: the mount label (label of the mountpoint) and the fs label (label
of the file system).  In practice, policies appear to only ever use one,
and the distinction is not helpful.

Combine mnt_mntlabel and mnt_fslabel into a single mnt_label, and
eliminate extra machinery required to maintain the additional label.
Update policies to reflect removal of extra entry points and label.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, Inc.
2007-04-22 16:18:10 +00:00
Poul-Henning Kamp
2efc0f7f47 Remove the old software bit-banging MII interface, we started using
the Rhines shiftregisters in four years ago (1.60).
2007-04-22 15:58:56 +00:00
Poul-Henning Kamp
28a811cd5b Remove further cobwebs: Two layers of pointless substructures. 2007-04-22 15:48:29 +00:00
Robert Watson
c14d15ae3e Remove MAC Framework access control check entry points made redundant with
the introduction of priv(9) and MAC Framework entry points for privilege
checking/granting.  These entry points exactly aligned with privileges and
provided no additional security context:

- mac_check_sysarch_ioperm()
- mac_check_kld_unload()
- mac_check_settime()
- mac_check_system_nfsd()

Add mpo_priv_check() implementations to Biba and LOMAC policies, which,
for each privilege, determine if they can be granted to processes
considered unprivileged by those two policies.  These mostly, but not
entirely, align with the set of privileges granted in jails.

Obtained from:	TrustedBSD Project
2007-04-22 15:31:22 +00:00
Poul-Henning Kamp
5d83ecf965 Initialize the physical next pointer in the tx descriptors when we
initialize instead of in the start routine.
2007-04-22 15:09:03 +00:00
Joseph Koshy
ee4910b119 MFP4: Enhancements and bug-fixes to pmcstat(8):
- The '-c' option now takes a comma-separated list of CPU
   numbers, or a literal '*' denoting all CPUs in the system.
   Subsequent system PMCs are allocated on the CPUs so specified.

   Change the default behaviour to allocate system PMCs on all CPUs,
   not just CPU 0.

   Update the manual page and add an example of how to use the new
   functionality.

 - Attach PMCs to a (commandline) child process more reliably.  This
   fixes a long standing bug in counting events incurred by short-lived
   processes.
2007-04-22 15:00:39 +00:00
Poul-Henning Kamp
27de12a9c2 Don't rename fields with #define.
Collapse two semantically identical structs.
Add missing vr_ prefix.
2007-04-22 14:57:05 +00:00
Robert Watson
269ad13024 Further MAC test policy cleanup and enhancement:
- Redistribute counter declarations to where they are used, rather than at
  the file header, so it's more clear where we do (and don't) have
  counters.

- Add many more counters, one per policy entry point, so that many
  individual access controls and object life cycle events are tracked.

- Perform counter increments for label destruction explicitly in entry
  point functions rather than in LABEL_DESTROY().

- Use LABEL_INIT() instead of SLOT_SET() directly in label init functions
  to be symmetric with destruction.

- Align counter names more carefully with entry point names.

- More constant and variable name normalization.

Obtained from:	TrustedBSD Project
2007-04-22 13:29:37 +00:00
Poul-Henning Kamp
c8ea76936e Run if_vr(4) through FlexeLint and clean some of the cobwebs found. 2007-04-22 12:55:36 +00:00
Randall Stewart
58967d8d46 Moves the PCB features and flags from sctp_pcb.h to
sctp.h so that netstat can access and display these
values.
2007-04-22 12:12:38 +00:00
Robert Watson
6827d0294e Perform overdue clean up mac_test policy:
- Add a more detailed comment describing the mac_test policy.

- Add COUNTER_DECL() and COUNTER_INC() macros to declare and manage
  various test counters, reducing the verbosity of the test policy
  quite a bit.

- Add LABEL_CHECK() macro to abbreviate normal validation of labels.
  Unlike the previous check macros, this checks for a NULL label and
  doesn't test NULL labels.  This means that optionally passed labels
  will now be handled automatically, although in the case of optional
  credentials, NULL-checks are still required.

- Add LABEL_DESTROY() macro to abbreviate the handling of label
  validation and tear-down.

- Add LABEL_NOTFREE() macro to abbreviate check for non-free labels.

- Normalize the names of counters, magic values.

- Remove unused policy "enabled" flag.

Obtained from:	TrustedBSD Project
2007-04-22 11:35:15 +00:00
Randall Stewart
9a6142d8cd - Somehow the disable fragment option got lost. We could
set/clear it but would not do it. Now we will.
-  Moved to latest socket api for extended sndrcv info struct.
-  Moved to support all new levels of fragment interleave.
2007-04-22 11:06:27 +00:00
Dag-Erling Smørgrav
7621783a55 Now that we're MPSAFE, tell namei() to acquire Giant if necessary. 2007-04-22 08:41:52 +00:00
Kris Kennaway
70015002ce Add some notes clarifying usage and a couple of known bugs 2007-04-22 06:20:12 +00:00
Tom McLaughlin
9d5659715e Trace my mentor lineage as far back as I can determine.
Not really sure how to handle committers who no longer have a ports
commit bit but are still active in other repos.  Maybe a new node
definition? *shrug*
2007-04-22 02:36:08 +00:00
Colin Percival
1e7a68238d Fix sorting in previous commit.
Pointed out by:	brueffer
Pointy hat to:	cperciva
2007-04-22 00:44:51 +00:00
Colin Percival
7492f8f8f2 Add myself. Edwin was my "mentor", even though he released me from
mentorship before approving a single commit.
2007-04-22 00:12:10 +00:00
Tom McLaughlin
d223243cd3 mezz was my co-mentor 2007-04-21 23:47:09 +00:00
Tom McLaughlin
c773ad632e Add xride who was mentored by me and co-mentored by garga 2007-04-21 23:44:36 +00:00
Warner Losh
95f75d437b Because there are so many more partitions on pc98 than on wintel (16
vs 4), supress all unused partition output unless -v is specified.
This makes operating on a 'typical' disk with one partition less
painful.  The 30 lines needed for the empty partitions no longer
scroll the useful information off the screen.  When the user requests
a specific partition, the unused information is not suppressed.

Also add the partition name to the -s output.

Initialize the partition name to 'FreeBSD' when -I is specified.
2007-04-21 22:47:35 +00:00
Robert Watson
18717f69b1 Allow MAC policy modules to control access to audit configuration system
calls.  Add MAC Framework entry points and MAC policy entry points for
audit(), auditctl(), auditon(), setaudit(), aud setauid().

MAC Framework entry points are only added for audit system calls where
additional argument context may be useful for policy decision-making; other
audit system calls without arguments may be controlled via the priv(9)
entry points.

Update various policy modules to implement audit-related checks, and in
some cases, other missing system-related checks.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA, Inc.
2007-04-21 22:08:48 +00:00
Robert Watson
fea9ea0005 Teach netinet6 to use PRIV_NETINET_REUSEPORT. 2007-04-21 18:14:04 +00:00
Robert Watson
dc4725135d Attempt to rationalize NFS privileges:
- Replace PRIV_NFSD with PRIV_NFS_DAEMON, add PRIV_NFS_LOCKD.

- Use PRIV_NFS_DAEMON in the NFS server.

- In the NFS client, move the privilege check from nfslockdans(), which
  occurs every time a write is performed on /dev/nfslock, and instead do it
  in nfslock_open() just once.  This allows us to avoid checking the saved
  uid for root, and just use the effective on open.  Use PRIV_NFS_LOCKD.
2007-04-21 18:11:19 +00:00
Stephan Uphoff
31b4f4a916 Modify TLB invalidation handling.
Reviewed by:	alc@, peter@
MFC after:	1 week
2007-04-21 14:17:30 +00:00
Pawel Jakub Dawidek
48ac84fc56 Improve sharenfs option handling, so it is possible to give hosts list.
Before the change the command above:

	# zfs set sharenfs=freefall.freebsd.org,69.147.83.54 tank/foo

was translated to:

/tank/foo -freefall.freebsd.org -69.147.83.54

instead of:

/tank/foo freefall.freebsd.org 69.147.83.54

This commit corrects this.
2007-04-21 13:17:23 +00:00
Joseph Koshy
00a22dc5f9 Correct a sanity check. 2007-04-21 12:04:03 +00:00
Pawel Jakub Dawidek
9de81c7273 MFp4:
@118370	Correct typo.

@118371	Integrate changes from vendor.

@118491	Show backtrace on unexpected code paths.

@118494	Integrate changes from vendor.

@118504	Fix sendfile(2). I had two ways of fixing it:
	1. Fixing sendfile(2) itself to use VOP_GETPAGES() instead of
	   hacking around with vn_rdwr(UIO_NOCOPY), which was suggested
	   by ups.
	2. Modify ZFS behaviour to handle this special case.

	Although 1 is more correct, I've choosen 2, because hack from 1
	have a side-effect of beeing faster - it reads ahead MAXBSIZE
	bytes instead of reading page by page. This is not easy to implement
	with VOP_GETPAGES(), at least not for me in this very moment.

	Reported by:	Andrey V. Elsukov <bu7cher@yandex.ru>

@118525	Reorganize the code to reduce diff.

@118526	This code path is expected. It is simply when file is opened with
	O_FSYNC flag.

	Reported by:	kris
	Reported by:	Michal Suszko <dry@dry.pl>
2007-04-21 12:02:57 +00:00
Mike Makonnen
092fa28f4f Regression tests for recent changes to inet6_rth_* family of functions
regarding RFC3542 compliance.
2007-04-21 11:23:33 +00:00
Hiroki Sato
a24756d1c8 Update release notes:
- hw.pci.do_powerstate split into hw.pci.do_power_nodriver
	and hw.pci.do_power_resume.

Pointed out by: pluknet at gmail.com
2007-04-21 03:45:18 +00:00