Commit Graph

121961 Commits

Author SHA1 Message Date
Robert Watson
23bf6e2091 Vendor branch import of OpenBSM 1.0 alpha 3:
- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
  defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.

Many thanks to:	brueffer, cognet
Obtained from:	TrustedBSD Project
2006-02-06 00:06:04 +00:00
Robert Watson
41efe1543c Correct typo in sample CVS import line: must specify full path to the
CVS repository on repoman.
2006-02-06 00:03:39 +00:00
Wayne Salamon
a750d0b2a2 Add auditing of arguments to the close() and fstat() system calls. Much more
argument auditing yet to come, for remaining system calls in this file.

Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
2006-02-05 23:57:32 +00:00
Robert Watson
570d840b52 Regenerate. 2006-02-05 23:28:46 +00:00
Robert Watson
b11c14d6e9 Assign audit event identfiers to Xenix system calls. Note: AUE_EACCESS
is assigned to xenix_eaccess() instead of AUE_ACCESS, as that is the
intended meaning of the system call.  xenix_eaccess() should be
reimplemented using our native eaccess() implementation so that it
works as intended.

Obtained from:	TrustedBSD Project
2006-02-05 23:28:01 +00:00
Robert Watson
ad3a6a7d36 Correct help line: list targets, not names of files generated by targets
when no argument is provided to make.

MFC after:	1 week
2006-02-05 23:25:19 +00:00
Robert Watson
4334cc4f81 Regenerate (accidentally also committed in commit that updated
syscalls.isc).
2006-02-05 23:16:20 +00:00
Robert Watson
60be92dd8d Assign audit event identifiers to ibcs2 ISC system calls.
Obtained from:	TrustedBSD Project
2006-02-05 23:15:22 +00:00
Max Laier
d662ee1c20 pflog is a separate module now.
Submitted by:	Antoine Brodin
PR:		kern/88271
MFC after:	1 week
2006-02-05 22:38:08 +00:00
Olivier Houchard
697e7cb715 Backout rev 1.12. It would have been a good thing, if gcc was smart enough
not to generate bad code.
2006-02-05 22:06:12 +00:00
Robert Watson
00c28d9678 On process exit, audit the return value of the process, and commit the
record immediately, as this system call never returns.

Obtained from:	TrustedBSD Project
2006-02-05 21:08:25 +00:00
Robert Watson
6e8525ce84 When GC'ing a thread, assert that it has no active audit record.
This should not happen, but with this assert, brueffer and I would
not have spent 45 minutes trying to figure out why he wasn't
seeing audit records with the audit version in CVS.

Obtained from:	TrustedBSD Project
2006-02-05 21:06:09 +00:00
Bruce A. Mah
2ca173bc23 Add some new release notes for 2006 security advisories:
SA-06:{01,02,03,04,05,06,07}.

(SA-06:08 does not appear to apply to CURRENT.)

Bump copyright date while here.
2006-02-05 20:54:53 +00:00
Robert Watson
cd573a850c Assign gid 77 to audit instead of gid 73. The ports group list did not
include '73', which was assigned in a ports passwd entry to ircservices.

Pointed out by:	ceri
2006-02-05 19:34:09 +00:00
Ceri Davies
f944e9be98 The rpc.pcnfsd server was in the base for a little over seven minutes
back in 1994.  Change the example entry to point at the port, as per
the entries for uucpd et al.
2006-02-05 19:23:05 +00:00
Ceri Davies
759d68677f Correct a user-visible typo. 2006-02-05 18:57:01 +00:00
Ceri Davies
a8d7f86323 Gratuitous "typo in comment" fix. 2006-02-05 18:49:52 +00:00
Ceri Davies
9ca95cfad3 Bring these files somewhat into the present.
Perform some rewording while here.

Remove register.hlp, since the code that deals with it was removed
nearly 7 years ago.
2006-02-05 18:46:46 +00:00
Robert Watson
5ba29bf644 Change group for /var/audit to audit, so that audit review can be
delegated to non-administrators.

Obtained from:	TrustedBSD Project
2006-02-05 18:22:56 +00:00
Robert Watson
bbcf7c3697 Allocate an 'audit' group, membership in which will grant the audit
review right by virtue of read file permission on /var/audit and its
contents.

Obtained from:	TrustedBSD Project
2006-02-05 18:04:39 +00:00
Alexander Leidinger
9d978cc757 Convert NULL checks into KASSERT (and move them before the first
dereferencing) since a NULL value would be a bug here.

Note: Both affected functions look very similar. A refactoring may
be beneficial.

CID:		483, 485
Found with:	Coverity Prevent(tm)
Discussed with:	ariff
MFC after:	5 days
2006-02-05 17:47:26 +00:00
Warner Losh
d87076c835 an driver not endian clean, so don't enable on sparc64 2006-02-05 17:38:28 +00:00
Alexander Leidinger
693b471cc5 forced commit: previous commit was CID 429 2006-02-05 17:35:13 +00:00
Alexander Leidinger
9ce3ef3dc8 forced commit: previous commit was CID 483 2006-02-05 17:34:13 +00:00
Alexander Leidinger
cd9de7ee61 A pointer was checked for NULL after dereferencing it. The check is not
needed here, except there's a bug which results in detaching the device
twice.

Move the NULL pointer check to the beginning of the function and convert
it into a KASSERT.

CID:		420
Found with:	Coverity Prevent(tm)
Discussed with:	ariff
MFC after:	5 days
2006-02-05 17:33:18 +00:00
Max Laier
5bba2114d0 Make pflog a seperate module. As a result pflog_packet() becomes a function
pointer that is declared in pf_ioctl.c

Requested by:	yar (as part of the module build reorg)
MFC after:	1 week
X-MFC with:	yar's module reorg
2006-02-05 17:17:32 +00:00
Alexander Leidinger
f31eef8b22 Fix memory leak in some failure cases.
CID:		420
Found with:	Coverity Prevent(tm)
2006-02-05 17:10:52 +00:00
Robert Watson
95fea57c65 Add AUDITVNODE[12] flags to namei(), which cause namei() to audit path
and vnode attribute information for looked up vnodes during the lookup
operation.  This will allow consumers of namei() to specify that this
information be added to the in-process audit record.

Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2006-02-05 15:42:01 +00:00
Hajimu UMEMOTO
8c76311215 shut up strict-aliasing rules warning. 2006-02-05 09:52:40 +00:00
Ken Smith
4d286e9426 Move asr driver from global NOTES to i386-specific NOTES. Requestor
reports it is neither endian-clean or 64-bit clean.  :-)

Requested by:	scottl
2006-02-05 05:06:04 +00:00
Scott Long
5d9299772e Squash a couple more invalid long casts. 2006-02-05 05:05:27 +00:00
David Xu
8956297a57 Now, thread name is stored in kernel, userland no longer has to keep it. 2006-02-05 03:04:54 +00:00
David Xu
3f7dda33b7 use syscall thr_set_name to implement pthread_set_name_np. 2006-02-05 02:26:17 +00:00
David Xu
25c926f1b0 Regenerate. 2006-02-05 02:23:41 +00:00
David Xu
9e7d72246f Implement thr_set_name to set a name for thread.
Reviewed by: julian
2006-02-05 02:18:46 +00:00
Warner Losh
1248f2322b Import support for the Atmel AT91RM9200 CPU/Microcontroller. This SoC
is a ARM920T based CPU with a bunch of built-in peripherals.  The
inital import supports the SPI bus, the TWI bus (although iicbus
integration is not complete), the uarts, the system timer and the
onboard ethernet.  Support for the Kwikbyte KB9202
(http://www.kwikbyte.com) board is also included, although there's no
reason why the 9200 and the 9201 wouldn't also work.  Primitive
support for running under the skyeye emulator is also provided
(although skyeye's support for the AT91RM9200 is a little weak).

The code has been structured so that other members of Atmel's arm family can
be supported in the future.  The AT91SAM9260 is not presently supported
due to lack of hardware.  The arm7tdmi families are also not supported
becasue they lack an MMU.

Many thanks to cognet@ for his help and assistance in bringing up this
board.  He did much of the vm work and wrote parts of the uart and
system timer code as well as the bus space implementation.

The system boots to single user w/o problem, although the serial
console is a little slow and the ethernet driver is still in flux.

This work was sponsored by Timing Solutions, Corporation.  I am
grateful to their support of the FreeBSD project in this manner.
2006-02-04 23:32:13 +00:00
Marius Strobl
2e47800d98 Enable getty(8) on ttyu2 by default in order to get machines that use a
RSC (Remote System Control) connected via uart2 as console working out
of the box. On machines that use uart2 to connect a keyboard and thus
the ttyu2 node doesn't exist this will trigger a warning from getty(8)
but cause no real harm.

MFC after:	1 week
2006-02-04 23:30:09 +00:00
Marius Strobl
ea227b498b - Add support for using LOM (Lights Out Management) and RSC (Remote System
Control) devices as console. These are microcontrollers which are either
  on-board or part of an add-on card and provide terminal server, remote
  power switch and monitoring functionality. For console usage these are
  connected to the rest of the system via a SCC or an UART. This commit adds
  support for the following variants (corresponds to what 'input-device' and
  'output-device' have to be set to):
  rsc		found on-board in E250 and supposedly some Netra, connected
		via a SAB82532, com. parameters can be determined via OFW
  rsc-console	RSC card found in E280R, Fire V4x0, Fire V8x0, connected
		via a NS16550, hardwired to 115200 8N1
  lom-console	LOMlite2 card found in Netra 20/T4, connected via a NS16550,
		hardwired to 9600 8N1

- Add my copyright to uart_cpu_sparc64.c as I've rewritten about one third
  of that file over time.

Tested on:	E250, E280R
Thanks to:	dwhite@ for providing access to an E280R
OK'ed by:	marcel
MFC after:	1 week
2006-02-04 23:27:16 +00:00
Warner Losh
ccc0f2f0af Silence the strict-alias warnings. Make a trip through (void *) when
casting a structure to a uint32_t *.  Many drivers in the tree do this, but
I'll not update them until these changes can be reviewed by the pedantic
standards folks.
2006-02-04 22:51:03 +00:00
Alan Cox
3b7db47d7e Remove an unnecessary call to pmap_remove_all(). The given page is not
mapped because its contents are invalid.
2006-02-04 22:37:10 +00:00
Warner Losh
53920ff8d9 Type of overrun_buf doesn't matter to this code, but does to gcc.
Make it a void *.
2006-02-04 22:33:08 +00:00
Ceri Davies
f6ffc14649 Perform minor rewording and grammatical improvement. Add a missing Xr. 2006-02-04 22:17:38 +00:00
Warner Losh
2805b31bdf Use void * for pointer rather than u_int8_t *, since it doesn't
matter.  Well it does for type punning warnings.
2006-02-04 22:14:20 +00:00
Warner Losh
44dc92eb94 Now that TUNABLE_ULONG is in the tree, and has been for a while, use it.
This also avoids typepunning.
2006-02-04 21:56:14 +00:00
Warner Losh
ed3eb6ebe2 Don't type pun accidentally. Instead, be explicit that we're type
punning with an union so that the compiler knows.
2006-02-04 21:37:39 +00:00
Christian Brueffer
ec41774c58 Remove reference to non-existant manpage.
Confirmed by:	rwatson
2006-02-04 21:10:48 +00:00
Wayne Salamon
4f9ac41fba Call the audit syscall enter/exit functions for the amd64 architecture,
both 32-bit and 64-bit paths. System calls will now be audited.

Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
2006-02-04 20:37:20 +00:00
Wayne Salamon
a1c73d21bf Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.

Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
2006-02-04 20:20:02 +00:00
Bill Paul
55ad415824 When ndis_attach() runs, it has to very briefly initialize the card
in order to query the underlying Windows driver for the station address
and some other properties. There is a slim chance that the card may
receive a packet and indicate it up to us before ndis_attach() can call
ndis_halt_nic(). This is bad, because both the softc structure and
the ifnet structure aren't fully initialized yet: many pointers are
still NULL, so if we make it into ndis_rxeof(), we will panic.

To fix this, we need to do the following:

- Move the calls to IoAllocateWorkItem() to before the call to ndis_init_nic().
- Move the initialization of the RX DPC and status callback function pointers
  to before ndis_init_nic() as well.
- Modify ndis_rxeof() to check if the IFF_DRV_RUNNING flag is set. If it
  isn't, we return any supplied NDIS_PACKETs to the NIC without processing
  them.

This fixes a crash than can occur when activating a wireless NIC in
close proximity to a very busy wireless network, reported by Ryan
Beasley (ryan%^$!ATgoddamnbastard-****!!!DOTorg.

MFC after:	3 days
2006-02-04 19:42:49 +00:00
Robert Watson
41b0acb1ac Add a brief FREEBSD-upgrade file to provide direction on how to perform
OpenBSM upgrades.  Right now, this is very easy, but in the future it
will probably become more complicated.
2006-02-04 18:29:51 +00:00