Commit Graph

71954 Commits

Author SHA1 Message Date
Alfred Perlstein
7bb4bf8526 Const fix. 2002-03-22 20:00:10 +00:00
Robert Watson
29dc1288b0 Merge from TrustedBSD MAC branch:
Move the network code from using cr_cansee() to check whether a
    socket is visible to a requesting credential to using a new
    function, cr_canseesocket(), which accepts a subject credential
    and object socket.  Implement cr_canseesocket() so that it does a
    prison check, a uid check, and add a comment where shortly a MAC
    hook will go.  This will allow MAC policies to seperately
    instrument the visibility of sockets from the visibility of
    processes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-03-22 19:57:41 +00:00
Alfred Perlstein
0d28a40a57 Remove cast that's not needed. 2002-03-22 19:57:09 +00:00
David E. O'Brien
0302f42b51 Update SCM ID. 2002-03-22 19:52:59 +00:00
David E. O'Brien
12767b8463 Note that -n is non-standard. 2002-03-22 19:52:48 +00:00
Alfred Perlstein
3af9aed6c5 WARNS from 3 to 4. still some warnings about assigning const char * to
char *, but we'll fix those later.
2002-03-22 19:50:58 +00:00
David E. O'Brien
4b74b09895 Back out last commit (rev 1.2). I thought I caught this file in time
when deP'ing.  But I guess not.
2002-03-22 19:45:43 +00:00
Alfred Perlstein
bc0381304d rename 'enum res' and 'struct status' to 'enum sm_res' and 'struct sm_status'
to avoid -Wshadow warnings in consumers of its generated header files.
2002-03-22 19:43:21 +00:00
Alfred Perlstein
efddf1388d constify log_from_addr() parameter. 2002-03-22 19:20:35 +00:00
Alfred Perlstein
b275d8fe48 Constify the first arg to callrpc(3). 2002-03-22 19:19:32 +00:00
Udo Erdelhoff
0581c2c187 MFen 1.4 2002-03-22 18:44:57 +00:00
Ruslan Ermilov
0c77ef0f08 DESTDIR does not anymore does the -I${DESTDIR}/usr/include magic
in <bsd.prog.mk> and <bsd.lib.mk>.

Reviewed by:	luigi
2002-03-22 18:36:41 +00:00
Ruslan Ermilov
d848d77ad7 This library uses its own versions of some of the system headers.
Protect against CFLAGS having -I/usr/include listed explicitly.
The real solution would be to fix the library.  XXX
2002-03-22 18:34:52 +00:00
Ruslan Ermilov
e3f406b3c1 Prevent icmp_reflect() from calling ip_output() with a NULL route
pointer which will then result in the allocated route's reference
count never being decremented.  Just flood ping the localhost and
watch refcnt of the 127.0.0.1 route with netstat(1).

Submitted by:	jayanth

Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed
ip_output() to be called with a NULL route pointer.  The previous
paragraph shows why this was a bad idea in the first place.

MFC after:	0 days
2002-03-22 16:45:54 +00:00
Alfred Perlstein
db51256707 When "cloning" a pipe's buffer bcopy the data after dropping the pipe's
lock as the data may be paged out and cause a fault.
2002-03-22 16:09:22 +00:00
Bruce A. Mah
75ce89ce82 Add [MERGED] tag things to some items in the kernel section that should
have had them, but didn't.

While I'm here, do some general cleanup, including typo fixes, some
rewrites, and consolidation of some related entries.
2002-03-22 16:06:53 +00:00
Andrew Gallatin
60c406ad95 only read from the possibly bad address if we did not get a machine
check.  I don't know how this went unnoticed for so long.

obtained from: NetBSD
MFC after: 7 days
2002-03-22 15:55:56 +00:00
Mark Murray
d080dfa558 No need to cast; ().gr_gid is already the correct type. 2002-03-22 15:54:44 +00:00
Andrew Gallatin
496ffc90e4 Allow SMP kernels (like GENERIC..) to boot on UP kernels on the alpha.
Pointy hat to: jeff
2002-03-22 15:54:31 +00:00
Ceri Davies
23186fc1dd Add myself to the calendar. 2002-03-22 15:44:20 +00:00
Robert Watson
7906271f25 In sysctl, req->td is believed always to be non-NULL, so there's no need
to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks.  Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL.  Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
Discussed with:	bde
2002-03-22 14:58:27 +00:00
Mark Murray
363a07cc69 Null one-line entry to resurrect this from the Attic. The real commit
will follow.
2002-03-22 14:51:51 +00:00
Robert Watson
4584bb3945 Since cred never appears to be passed into the securelevel calls as
NULL, turn warning printf's into panic's, since this call has been
restructured such that a NULL cred would result in a page fault anyway.

There appears to be one case where NULL is explicitly passed in in the
sysctl code, and this is believed to be in error, so will be modified.
Securelevels now always require a credential context so that per-jail
securelevels are properly implemented.

Obtained from:	TrustedBSD Project
Sponsored by:	NAI Labs
Discussed with:	bde
2002-03-22 14:49:12 +00:00
Mark Murray
3c3f11563a This commit was generated by cvs2svn to compensate for changes in r92948,
which included commits to RCS files with non-trunk default branches.
2002-03-22 13:54:24 +00:00
Mark Murray
7a0a395027 Vendor import NETBSD's sort(1). This will be a replacement for
our GNU sort, as discussed 6 months or more ago.
2002-03-22 13:54:24 +00:00
Ruslan Ermilov
f603efeac3 Revision 1.45 of gnu/usr.bin/man/man.c obviated the need to link
manpages in machine-specific subdirectories (like man4/i386/) to
"../".  This change didn't propagate here resulting in a loss of
whatis(1) database entries.  Fix this.

Reviewed by:	tobez
MFC after:	1 week
2002-03-22 09:59:16 +00:00
David E. O'Brien
078c6f985a SCM ID tweak. 2002-03-22 09:27:59 +00:00
David E. O'Brien
1372519b15 Remove multi-line __P() usage. 2002-03-22 09:22:15 +00:00
Peter Pentchev
10ddeb64d4 Install a sample /usr/share/examples/smbfs/dot.nsmbrc.
PR:		35649
Reported by:	Johann Frisch <jerfa@yahoo.com>
Reviewed by:	bp
Approved by:	bp, silence on -doc
MFC after:	1 week
2002-03-22 09:20:32 +00:00
Mark Murray
b51066a362 Fix for OPIE 2.4. 2002-03-22 09:20:05 +00:00
David E. O'Brien
674c351892 Remove __P() usage. 2002-03-22 09:16:59 +00:00
Sheldon Hearn
4e4d8aa678 Regen. 2002-03-22 09:08:54 +00:00
David E. O'Brien
dce742c573 Add the -n option, which automatically answers "no" to the overwrite question. 2002-03-22 07:45:36 +00:00
Bill Paul
98b28ee5b4 Teach the bge driver about the BCM5701 (specifically, the 3Com
3c996B-T, with the 5701 rev B5 ASIC). One thing that confuses me
still is that the 'link state change' bit in the status block seems
to change state an awful lot. I have a workaround for this in place
now, but it needs more investigation. For the moment though, this
is enough to get the driver to work with this card.
2002-03-22 06:45:40 +00:00
Gregory Neil Shapiro
68cbd14239 Instead of dealing with the endless requests to provide more DNS based
black lists in the default config, give a pointer to a non-static list.
I was convinced this was the right thing to do after getting a PR
asking to add ORBZ the day before ORBZ went off the air.

PR:		conf/35884
MFC after:	4 days
2002-03-22 06:40:26 +00:00
Bill Paul
6577eb9103 regenerate 2002-03-22 06:39:13 +00:00
Bill Paul
15f962ed42 Teach the brgphy driver about the BCM5701's internal copper PHY. 2002-03-22 06:38:52 +00:00
Bruce A. Mah
44372e9d50 MFCs noted: ata(4) RAID rebuild, atacontrol(8). 2002-03-22 05:38:50 +00:00
Bruce A. Mah
54440848f0 New release notes: slab allocator, new ephemeral port range, OpenSSH 3.1.
Updated release notes:  Binutils 2.12.0, gcc post-2.95.3 snapshot,
OPIE 2.4.

While I've got my hands dirty, make a couple of markup fixes as well.
2002-03-22 05:28:36 +00:00
Andrew R. Reiter
fe3240e9aa - Back out the commit to make the linker_load_file() securelevel check
made aware in jail environments.  Supposedly something is broken, so
  this should be backed out until further investigation proves otherwise,
  or a proper fix can be provided.
2002-03-22 04:56:09 +00:00
Mike Silbersack
9e5a5ed4c5 Change the ephemeral port range from 1024-5000 to 49152-65535.
This increases the number of concurrent outgoing connections from ~4000
to ~16000.  Other OSes (Solaris, OS X, NetBSD) and many other NAT
products have already made this change without ill effects, so we
should not run into any problems.

MFC after:	1 week
2002-03-22 03:28:11 +00:00
Warner Losh
80578e902c const poison just like NetBSD. 2002-03-22 02:43:01 +00:00
Warner Losh
ae10a3fcce Make user_from_uid and group_from_gid return const char *, just like
NetBSD.  Update man page to reflect this.
2002-03-22 02:35:47 +00:00
Robert Watson
1b350b4542 Break out the "see_other_uids" policy check from the various
method-based inter-process security checks.  To do this, introduce
a new cr_seeotheruids(u1, u2) function, which encapsulates the
"see_other_uids" logic.  Call out to this policy following the
jail security check for all of {debug,sched,see,signal} inter-process
checks.  This more consistently enforces the check, and makes the
check easy to modify.  Eventually, it may be that this check should
become a MAC policy, loaded via a module.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-03-22 02:28:26 +00:00
Warner Losh
3f330d7d1a remove __P 2002-03-22 01:42:45 +00:00
Warner Losh
d3cb5ded92 remove __P 2002-03-22 01:33:25 +00:00
Warner Losh
f1bb2cd2aa remove __P 2002-03-22 01:22:50 +00:00
Jun Kuriyama
9f6092398b MFen. 2002-03-22 00:19:50 +00:00
Mark Murray
0696ed0c00 Updates for OPIE 2.4. 2002-03-22 00:12:20 +00:00
David E. O'Brien
69160b1eb7 Remove __P() usage. 2002-03-21 23:54:04 +00:00