Commit Graph

6052 Commits

Author SHA1 Message Date
Stanislav Sedov
aa79fe245d - Fix strncmp on arm. Return 0 as result without performing the
main cycle only if the len passed is equal to 0. If end address
  overflows use last possible address as the end address.

Based on:	discussion on arm@
MFC after:	1 month
2009-06-21 12:58:56 +00:00
Brooks Davis
838d985825 Rework the credential code to support larger values of NGROUPS and
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively.  (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)

The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer.  Do the equivalent in
kinfo_proc.

Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively.  Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary.  In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.

Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups.  When feasible, truncate
the group list rather than generating an error.

Minor changes:
  - Reduce the number of hand rolled versions of groupmember().
  - Do not assign to both cr_gid and cr_groups[0].
  - Modify ipfw to cache ucreds instead of part of their contents since
    they are immutable once referenced by more than one entity.

Submitted by:	Isilon Systems (initial implementation)
X-MFC after:	never
PR:		bin/113398 kern/133867
2009-06-19 17:10:35 +00:00
Brooks Davis
54404cfb13 In preparation for raising NGROUPS and NGROUPS_MAX, change base
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically.  Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).

This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.

In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups().  In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.

Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages.  We do not yet support a dynamic NGROUPS, but we
may in the future.

MFC after:	2 weeks
2009-06-19 15:58:24 +00:00
Alexander Kabaev
e7733ffa39 Re-do r192913 in less intrusive way. Only do IP_RECVDSTADDR/IP_SENDSRCADDR
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.

Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.

Reported by:	lstewart
Tested by:	lstewart
2009-06-18 17:10:43 +00:00
John Baldwin
8ee45544b2 Retire the unused stub for the nfsclnt() system call. 2009-06-17 18:52:42 +00:00
Ed Schouten
7c7cef7278 Add revoke(1).
While hacking on TTY code, I often miss a small utility to revoke my own
(pseudo-)terminals. This small utility is just a small wrapper around
the revoke(2) call, so you can destroy your very own login sessions.

Approved by:	re
2009-06-15 21:52:27 +00:00
John Baldwin
c4f16b69e1 Add a new 'void closefrom(int lowfd)' system call. When called, it closes
any open file descriptors >= 'lowfd'.  It is largely identical to the same
function on other operating systems such as Solaris, DFly, NetBSD, and
OpenBSD.  One difference from other *BSD is that this closefrom() does not
fail with any errors.  In practice, while the manpages for NetBSD and
OpenBSD claim that they return EINTR, they ignore internal errors from
close() and never return EINTR.  DFly does return EINTR, but for the common
use case (closing fd's prior to execve()), the caller really wants all
fd's closed and returning EINTR just forces callers to call closefrom() in
a loop until it stops failing.

Note that this implementation of closefrom(2) does not make any effort to
resolve userland races with open(2) in other threads.  As such, it is not
multithread safe.

Submitted by:	rwatson (initial version)
Reviewed by:	rwatson
MFC after:	2 weeks
2009-06-15 20:38:55 +00:00
Xin LI
dbfbdd0474 Spacing fixes. No actual change. 2009-06-09 09:02:58 +00:00
Alexander Kabaev
8a784b73d3 Do not attempt to set source address on outgoing messages
on UDP socket if we do not have a valid IP address.
2009-06-08 03:39:15 +00:00
Pawel Jakub Dawidek
2430d82448 Document EINVAL for bind(2).
Reviewed by:	rwatson
Obtained from:	SuSv3
2009-06-01 09:32:12 +00:00
Marcel Moolenaar
b6d434fc28 Use GCC's __SOFTFP__ to test whether we're being compiled
with softfloat or not. Now -msoft-float can be overridden
more easily.
2009-05-31 02:03:40 +00:00
Xin LI
5512745e3a Document how to enable strict RFC 1034 enforcements.
PR:		kern/129477
2009-05-29 07:55:44 +00:00
Xin LI
a28076c8f7 Add an option to enforce strict RFC 1034 compliance.
PR:		kern/129477
2009-05-29 07:34:54 +00:00
Zachary Loafman
fcd3177f90 Match type for socket option (in practice, unnecessary, but stylistically it's a little nicer).
Suggested by:       jilles
Approved by:        dfr (mentor)
2009-05-28 15:02:44 +00:00
Zachary Loafman
7014ae09f9 Revert unnecessary memset after calloc.
Suggested by:       jhb
Approved by:        dfr (mentor)
2009-05-28 15:02:21 +00:00
Edward Tomasz Napierala
60a8b6022d Fix off by one error in acl_create_entry(3).
Reviewed by:	rwatson@
MFC after:	2 weeks
2009-05-28 07:20:52 +00:00
Ed Schouten
3d98b75bac Rename the queue macros I introduced last year.
Last year I added SLIST_REMOVE_NEXT and STAILQ_REMOVE_NEXT, to remove
entries behind an element in the list, using O(1) time. I recently
discovered NetBSD also has a similar macro, called SLIST_REMOVE_AFTER.
In my opinion this approach is a lot better:

- It doesn't have the unused first argument of the list pointer. I added
  this, mainly because OpenBSD also had it.

- The _AFTER suffix makes a lot more sense, because it is related to
  SLIST_INSERT_AFTER. _NEXT is only used to iterate through the list.

The reason why I want to rename this now, is to make sure we don't
release a major version with the badly named macros.
2009-05-27 19:28:04 +00:00
Zachary Loafman
35941cc841 Handle UDP RPC replies correctly on a multi-homed system, in userland RPC. Corrects an issue with mountd replies to OS X.
Approved by:        dfr (mentor)
2009-05-27 17:02:15 +00:00
Zachary Loafman
6d72217368 Fix an issue when nss fallback routines are used in a multithreaded application.
Reviewed by:        bushman
Approved by:        dfr (mentor)
2009-05-27 17:01:59 +00:00
Jamie Gritton
0304c73163 Add hierarchical jails. A jail may further virtualize its environment
by creating a child jail, which is visible to that jail and to any
parent jails.  Child jails may be restricted more than their parents,
but never less.  Jail names reflect this hierarchy, being MIB-style
dot-separated strings.

Every thread now points to a jail, the default being prison0, which
contains information about the physical system.  Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().

Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings.  The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.

Approved by:	bz (mentor)
2009-05-27 14:11:23 +00:00
Edwin Groothuis
84b2ce0d42 MFV of tzcode2009h revision r192887
- Clarify the license for the tzcode: public domain

MFC after:	1 month
2009-05-27 12:18:39 +00:00
Edward Tomasz Napierala
b7014134a7 Change license to more bori^Wadul^Wcanonical.
Submitted by:	rwatson@
2009-05-26 11:42:06 +00:00
Edward Tomasz Napierala
f24f1c51d3 Improve API documentation.
Reviewed by:	rwatson (earlier version)
2009-05-23 13:51:05 +00:00
Edwin Groothuis
dfc79e892f MFV of tzcode2009e:
Upgrade of the tzcode from 2004a to 2009e.

Changes are numerous, but include...

- New format of the output of zic, which supports both 32 and 64
  bit time_t formats.

- zdump on 64 bit platforms will actually produce some output instead
  of doing nothing for a looooooooong time.

- linux_base-fX, with X >= at least 8, will work without problems related
  to the local time again.

The original patch, based on the 2008e, has been running for a long
time on both my laptop and desktop machine and have been tested by
other people.

After the installation of this code and the running of zic(8), you
need to run tzsetup(8) again to install the new datafile.

Approved by:	wollman@ for usr.sbin/zic
MFC after:	1 month
2009-05-23 06:31:50 +00:00
Edward Tomasz Napierala
ae1add4e55 Make 'struct acl' larger, as required to support NFSv4 ACLs. Provide
compatibility interfaces in both kernel and libc.

Reviewed by:	rwatson
2009-05-22 15:56:43 +00:00
Christian Brueffer
a9ffff74c5 Since audit(4) isn't based on posix1e, remove the commented out audit.h header,
xref libbsm(3).

Submitted by:	rwatson
MFC after:	3 days
2009-05-19 22:28:33 +00:00
Xin LI
718d3b2852 As the comment says, close() frees the variable, record. So we obtain
the length by evaluating the value from the copy, cbuf instead.  This
fixes a crash caused by previous commit (use-after-free)

Submitted by:	Dimitry Andric <dimitry andric com>
Pointy hat to:	delphij
2009-05-14 23:09:33 +00:00
Ed Schouten
ba521305e8 TTYs don't necessarily use /dev/ttyxx.
Submitted by:	csjp
2009-05-09 16:42:57 +00:00
Ed Schouten
46b303e83d Add tcsetsid(3).
The entire world seems to use the non-standard TIOCSCTTY ioctl to make a
TTY a controlling terminal of a session. Even though tcsetsid(3) is also
non-standard, I think it's a lot better to use in our own source code,
mainly because it's similar to tcsetpgrp(), tcgetpgrp() and tcgetsid().

I stole the idea from QNX. They do it the other way around; their
TIOCSCTTY is just a wrapper around tcsetsid(). tcsetsid() then calls
into an IPC framework.
2009-05-07 13:49:48 +00:00
Sam Leffler
f4f8f02054 revert r191633; this breaks at91 & xscale (likely all arm) 2009-05-06 01:50:04 +00:00
Ed Schouten
98669c791d Our grantpt(3) and unlockpt(3) don't comply with POSIX. 2009-05-04 18:14:45 +00:00
Ed Schouten
ab52b803a0 Fix whitespace and sorting in Symbol.map. 2009-05-04 08:06:52 +00:00
Jamie Gritton
b38ff370e4 Introduce the extensible jail framework, using the same "name=value"
interface as nmount(2).  Three new system calls are added:
* jail_set, to create jails and change the parameters of existing jails.
  This replaces jail(2).
* jail_get, to read the parameters of existing jails.  This replaces the
  security.jail.list sysctl.
* jail_remove to kill off a jail's processes and remove the jail.
Most jail parameters may now be changed after creation, and jails may be
set to exist without any attached processes.  The current jail(2) system
call still exists, though it is now a stub to jail_set(2).

Approved by:	bz (mentor)
2009-04-29 21:14:15 +00:00
Jamie Gritton
7074cfa223 With the permission of phk@ change the license on remaining jail code
to a 2 clause BSD license.

Approved by:	phk
Approved by:	bz (mentor)
2009-04-29 16:02:52 +00:00
Bruce M Simpson
6de9a4eb6b Fix an obvious bug in getsourcefilter()'s use of struct __msfilterreq;
the kernel will return in msfr_nsrcs the number of source filters
in-mode for a given multicast group.
However, the filters themselves were never copied out, as the libc
function clobbers this field with zero, causing the kernel to assume
the provided vector of struct sockaddr_storage has zero length.
This bug would only affect users of SSM multicast, which is shimmed
in 7.x.
Picked up during mtest(8) refactoring.

MFC after:	1 day
2009-04-29 09:58:31 +00:00
Olivier Houchard
8957464be7 Change the test at the beginning of strncmp(), from being if (len - 1) < 0
to if (len == 0).
The length is supposed to be unsigned, so len - 1 < 0 won't happen except
if len == 0 anyway, and it would return 0 when it shouldn't, if len was
> INT_MAX.

Spotted out by:	Channa <channa kad gmail com>
2009-04-28 19:20:13 +00:00
Edward Tomasz Napierala
5d8532a1b1 Fix typo. 2009-04-26 10:12:20 +00:00
Christian Brueffer
2a72feb42b Correct the information about when the respective functionality first
appeared in FreeBSD.

PR:		133785
Submitted by:	Ulrich Spoerlein <uqs@spoerlein.net>
MFC after:	3 days
2009-04-23 08:37:56 +00:00
Edward Tomasz Napierala
bab43bab0c There is no way for strmode(3) to append '+' if the file has ACL,
because there is no way to figure that out based on the file mode
itself.  Make the manual page match reality.
2009-04-14 11:39:56 +00:00
Robert Watson
a14e812168 Sort man page cross references by section, no need for a comma after the
last cross reference.

MFC after:	3 days
2009-04-13 18:32:26 +00:00
Ed Maste
14846f9b49 Include a space between "send" and "broadcast". 2009-04-09 20:57:35 +00:00
Edward Tomasz Napierala
5174a6a262 Add wide character variants of string manipulations routines to 'SEE ALSO'.
Approved by:	rwatson (mentor)
2009-04-07 13:42:53 +00:00
David Schultz
6685ac34d9 Return -1 instead of 0 upon reaching EOF. This is somewhat ill-advised
because it means getdelim() returns -1 for both error and EOF, and
never returns 0. However, this is what the original GNU	implementation
does, and POSIX inherited the bug.

Reported by:	marcus@
2009-04-06 13:50:04 +00:00
Konstantin Belousov
c8da4f07d7 Allow the NULL, RTLD_SELF and RTLD_NEXT handles to work with dlfunc(3).
dlfunc() called dlsym() to do the work, and dlsym() determines the dso
that originating the call by the return address. Due to this, dlfunc()
operated as if the caller is always the libc.

To fix this, move the dlfunc() to rtld, where it can call the internal
implementation of dlsym, and still correctly fetch return address.
Provide usual weak stub for the symbol from libc for static binaries.
dlfunc is put to FBSD_1.0 symver namespace in the ld.so export to
override dlfunc@FBSD_1.0 weak symbol, exported by libc.

Reported, analyzed and tested by:	Tijl Coosemans <tijl ulyssis org>
PR: standards/133339
Reviewed by:	kan
2009-04-03 19:17:23 +00:00
Xin LI
9b4dadd3e0 Properly handle malloc() failures.
PR:		bin/83338
2009-04-02 22:17:02 +00:00
Xin LI
985a73f6d3 Remove a warning which is supposed to have been removed on 20030301. 2009-04-02 21:51:54 +00:00
John Baldwin
1c52c37eae Properly update the shm_open/shm_unlink symbol versioning metadata after
these functions were moved into the kernel:
- Move the version entries from gen/ to sys/.  Since the ABI of the actual
  routines did not change, I'm still exporting them as FBSD 1.0 on purpose.
- Add FBSD-private versions for the _ and __sys_ variants.
2009-04-02 15:53:29 +00:00
Konstantin Belousov
8b61c10e48 Unconditionally build wrappers for i386_get_ioperm(), i386_set_ioperm(),
i386_get_ldt() and i386_set_ldt().

In collaboration with:	pho
Reviewed by:	jhb
2009-04-01 19:23:46 +00:00
Konstantin Belousov
b2e4ce45d9 Document RTLD_NODELETE, -z nodelete and -z origin support. 2009-04-01 14:38:20 +00:00
Hajimu UMEMOTO
bc42149220 Query DNS only once per an address family.
Obtained from:	KAME
MFC after:	2 weeks
2009-03-29 17:55:11 +00:00