Commit Graph

78257 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
217b2a0b61 Initialize v_cachedid to -1 in getnewvnode().
Reintroduce the kern.vnode sysctl and make it export xvnodes rather than
vnodes.

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:24:35 +00:00
Dag-Erling Smørgrav
4eee8de77c Introduce struct xvnode, which will be used instead of struct vnode for
sysctl purposes.  Also add two fields to struct vnode, v_cachedfs and
v_cachedid, which hold the vnode's device and file id and are filled in
by vn_open_cred() and vn_stat().

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:19:49 +00:00
Dag-Erling Smørgrav
84baf7a20f Add struct xfile, which will be used instead of struct file for sysctl
purposes.

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:16:51 +00:00
Maxime Henrion
84fc0d7e7f Fix a bunch of format string warnings which broke
the sparc64 build.

Tested on:	sparc64, i386
2002-07-31 12:01:14 +00:00
Yaroslav Tykhiy
781cfb9348 Deny the SIZE command on large files when in ASCII mode.
This eliminates an opportunity for DoS attack.

Pointed out by:	maxim
Inspired by:	lukemftpd, OpenBSD
MFC after:	2 weeks
2002-07-31 10:55:31 +00:00
Josef Karthauser
5e33115f05 It should be "ucom", not "usio". 2002-07-31 10:52:46 +00:00
Josef Karthauser
39db6f7ae0 Regen 2002-07-31 10:05:58 +00:00
Marc Fonvieille
5fddf8bfc1 Correct URL to the Handbook
MFC after:	1 week
2002-07-31 10:05:37 +00:00
Josef Karthauser
0919ca4bc4 MFNetBSD: uvisor.c (1.14, 1.15)
Add support for Palm (M500, M505, M125) and Sony devices (Clie 4.0 and 4.1).
2002-07-31 10:05:26 +00:00
Marc Fonvieille
9a091256a9 Correct URL to the FAQ
MFC after:	1 week
2002-07-31 10:05:00 +00:00
Jens Schweikhardt
80e2ef88e9 Correct a few grammar bogons.
MFC after:	3 days
2002-07-31 09:32:22 +00:00
Josef Karthauser
34b549fdf3 Remove trailing white spaces
Obtained from: NetBSD (1.16)
2002-07-31 09:24:41 +00:00
Josef Karthauser
f8d314e7c6 Regen 2002-07-31 09:09:50 +00:00
Josef Karthauser
1dc3ed04a2 Add the HP ScanJet 2200C. 2002-07-31 09:07:56 +00:00
Josef Karthauser
7ab45e978a Enable the HP 2200C and Visioneer Scanport 3000 scanners, and remove
some trailing spaces whilst I'm here.

Obtained from:	NetBSD.
2002-07-31 09:05:52 +00:00
Josef Karthauser
b2dd67bba5 Add the Primax (Visioneer) 6200 scanner.
Obtained from:	OpenBSD (via NetBSD)
2002-07-31 08:51:32 +00:00
Alan Cox
67c1fae92e o Lock page accesses by vm_page_io_start() with the page queues lock.
o Assert that the page queues lock is held in vm_page_io_start().
2002-07-31 07:27:08 +00:00
Poul-Henning Kamp
c3a0d1d4e1 I forgot this bit of uglyness in the fsck_ffs cleanup. 2002-07-31 07:01:18 +00:00
Chris Costello
0b50f33046 Grammar (was' -> were') 2002-07-31 06:40:34 +00:00
Bruce A. Mah
a8848f7a94 New release notes: uaudio, uvisor, gpt, mca. 2002-07-31 04:01:12 +00:00
John Baldwin
22e256fded - Define NO_CPU_CFLAGS during BMAKE and TMAKE (and thus XMAKE) so that
bsd.cpu.mk doesn't have to worry about compilers other than the current
  version.
- Allow TARGET_CPUTYPE to override CPUTYPE in bsd.cpu.mk.
- Treat an empty CPUTYPE the same as an undefined CPUTYPE.
- For buildworld, buildkernel, etc., define TARGET_CPUTYPE to CPUTYPE for
  native builds and define it to be empty for cross-builds.
  TARGET_CPUTYPE is only defined if it is not already defined via the
  commandline or environment.
2002-07-31 03:56:03 +00:00
Bruce A. Mah
f568e52ec8 Fix markup nits and a (not related) typo. 2002-07-31 03:25:25 +00:00
Robert Watson
335654d73e Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on sockets.
In particular, invoke entry points during socket allocation and
destruction, as well as creation by a process or during an
accept-scenario (sonewconn).  For UNIX domain sockets, also assign
a peer label.  As the socket code isn't locked down yet, locking
interactions are not yet clear.  Various protocol stack socket
operations (such as peer label assignment for IPv4) will follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 03:03:22 +00:00
Bruce A. Mah
bcdff313cf Updated release notes: ACPI CA 20020725, OpenSSL 0.9.6e (+MFC). 2002-07-31 02:48:20 +00:00
Robert Watson
07bdba7e2d Note that the privilege indicating flag to vaccess() originally used
by the process accounting system is now deprecated.
2002-07-31 02:05:12 +00:00
Robert Watson
a0ee6ed1c0 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on vnodes.
In particular, initialize the label when the vnode is allocated or
reused, and destroy the label when the vnode is going to be released,
or reused.  Wow, an object where there really is exactly one place
where it's allocated, and one other where it's freed.  Amazing.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 02:03:46 +00:00
Robert Watson
e32a5b94d8 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke additional MAC entry points when an mbuf packet header is
copied to another mbuf: release the old label if any, reinitialize
the new header, and ask the MAC framework to copy the header label
data.  Note that this requires a potential allocation operation,
but m_copy_pkthdr() is not permitted to fail, so we must block.
Since we now use interrupt threads, this is possible, but not
desirable.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:51:34 +00:00
Robert Watson
a3abeda755 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on header
mbufs.  In particular, invoke entry points during the two mbuf
header allocation cases, and the mbuf freeing case.  Pass the "how"
argument at allocation time to the MAC framework so that it can
determine if it is permitted to block (as with policy modules),
and permit the initialization entry point to fail if it needs to
allocate memory but is not permitted to, failing the mbuf
allocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:42:19 +00:00
Robert Watson
2712d0ee89 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement MAC framework access control entry points relating to
operations on mountpoints.  Currently, this consists only of
access control on mountpoint listing using the various statfs()
variations.  In the future, it might also be desirable to
implement checks on mount() and unmount().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:27:33 +00:00
Robert Watson
a87cdf8335 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
mount structures.  In particular, invoke entry points for
intialization and destruction in various scenarios (root,
non-root).  Also introduce an entry point in the boot procedure
following the mount of the root file system, but prior to the
start of the userland init process to permit policies to
perform further initialization.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:11:29 +00:00
Robert Watson
8a1d977d66 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement inter-process access control entry points for the MAC
framework.  This permits policy modules to augment the decision
making process for process and socket visibility, process debugging,
re-scheduling, and signaling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:48:24 +00:00
Semen Ustimenko
b0c1faefdd Fix a problem with sendfile() syscall by always doing I/O via bread() in
ntfs_read(). This guarantee that requested cache pages will be valid if
UIO_NOCOPY specifed.

PR:		bin/34072, bin/36189
MFC after:	1 week
2002-07-31 00:42:57 +00:00
Robert Watson
4024496496 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
process credentials.  In particular, invoke entry points for
the initialization and destruction of struct ucred, the copying
of struct ucred, and permit the initial labels to be set for
both process 0 (parent of all kernel processes) and process 1
(parent of all user processes).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:39:19 +00:00
Robert Watson
47ac133d33 Regen. 2002-07-31 00:16:58 +00:00
Robert Watson
9453a033ff Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.

(Having run a quick errand, time to start on phase 2 of the MAC
integration)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:03:26 +00:00
Josef Karthauser
7ebe6f9e2f Regen 2002-07-30 23:30:56 +00:00
Josef Karthauser
3fc6710b56 Add support for a couple of network adapters; the 3Com 3C460B and
the Belkin USB2LAN.

Obtained from:	NetBSD
2002-07-30 23:30:15 +00:00
Ian Dowse
b4dc6ff9bc Remove some strange code that allocates memory and then immediately
frees it again. The idea was to perform M_WAITOK allocations in a
process context to reduce the risk of later interrupt-context
M_NOWAIT allocations failing, but in fact this code can be called
from contexts where it is not desirable to sleep (e.g. if_start
routines), so it causes lots of witness "could sleep" warnings.
2002-07-30 23:26:22 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Robert Watson
549e4c9e4e Introduce support for Mandatory Access Control and extensible
kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:09:20 +00:00
Robert Watson
19930ae546 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:06:07 +00:00
Robert Watson
39bd868cc3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:03:29 +00:00
Robert Watson
55fb783052 Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
2002-07-30 22:43:20 +00:00
Robert Watson
781caa8157 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:39:28 +00:00
Robert Watson
87acada933 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:33:28 +00:00
Warner Losh
abf24f80a6 Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day
2002-07-30 22:28:43 +00:00
Robert Watson
fae89e29b1 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:28:28 +00:00
Robert Watson
3b2e600940 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:22:35 +00:00
Robert Watson
f8ef020e2e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
Robert Watson
f3cfa6072e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:08:12 +00:00