Commit Graph

78254 Commits

Author SHA1 Message Date
Robert Watson
c488362e1a Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the TCP socket code for packet generation and delivery:
label outgoing mbufs with the label of the socket, and check socket and
mbuf labels before permitting delivery to a socket.  Assign labels
to newly accepted connections when the syncache/cookie code has done
its business.  Also set peer labels as convenient.  Currently,
MAC policies cannot influence the PCB matching algorithm, so cannot
implement polyinstantiation.  Note that there is at least one case
where a PCB is not available due to the TCP packet not being associated
with any socket, so we don't label in that case, but need to handle
it in a special manner.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 19:06:49 +00:00
Alan Cox
239b5b9707 o Setting PG_MAPPED and PG_WRITEABLE on pages that are mapped and unmapped
by pmap_qenter() and pmap_qremove() is pointless.  In fact, it probably
   leads to unnecessary pmap_page_protect() calls if one of these pages is
   paged out after unwiring.

Note: setting PG_MAPPED asserts that the page's pv list may be
non-empty.  Since checking the status of the page's pv list isn't any
harder than checking this flag, the flag should probably be eliminated.
Alternatively, PG_MAPPED could be set by pmap_enter() exclusively
rather than various places throughout the kernel.
2002-07-31 18:46:47 +00:00
Søren Schmidt
cc6666dc21 Also print the serial # on atacontrol cap .... 2002-07-31 18:30:38 +00:00
Robert Watson
4ea889c666 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the raw IP socket code for packet generation and delivery:
label outgoing mbufs with the label of the socket, and check the
socket and mbuf labels before permitting delivery to a socket,
permitting MAC policies to selectively allow delivery of raw IP mbufs
to various raw IP sockets that may be open.  Restructure the policy
checking code to compose IPsec and MAC results in a more readable
manner.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 18:30:34 +00:00
Søren Schmidt
c4d86885af Byteswap the serial # 2002-07-31 18:29:34 +00:00
Søren Schmidt
1d6213f9cc Finally first shot at a driver for the Promise SuperTrak SX6000 ATA RAID
controller. Some testing has already been done, but its still greenish.
RAID's has to be setup via the BIOS on the SuperTrak, but all RAID
types are supported by the driver. The SuperTrak rebuilds failed arrays
on the fly and supports spare disks etc etc...

Add "device     pst" to your config file to use.

As usual bugsreports, suggestions etc are welcome...

Development sponsored by:       Advanis
Hardware donated by:            Promise Inc.
2002-07-31 18:27:30 +00:00
Søren Schmidt
27da7e6f24 Finally first shot at a driver for the Promise SuperTrak SX6000 ATA RAID
controller. Some testing has already been done, but its still greenish.
RAID's has to be setup via the BIOS on the SuperTrak, but all RAID
types are supported by the driver. The SuperTrak rebuilds failed arrays
on the fly and supports spare disks etc etc...

Add "device	pst" to your config file to use.

As usual bugsreports, suggestions etc are welcome...

Development sponsored by:	Advanis
Hardware donated by:		Promise Inc.
2002-07-31 18:26:30 +00:00
Robert Watson
d8a7b7a3cd Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide implementations of some sample operating system security
policy extensions.  These are not yet hooked up to the build as
other infrastructure is still being committed.  Most of these
work fairly well and are in daily use in our development and (limited)
production environments.  Some are not yet in their final form,
and a number of the labeled policies waste a lot of kernel memory
and will be fixed over the next month or so to be more conservative.
They do give good examples of the flexibility of the MAC framework
for implementing a variety of security policies.

mac_biba:	Implementation of fixed-label Biba integrity policy,
		similar to those found in a number of commercial
		trusted operating systems.  All subjects and objects
		are assigned integrity levels, and information flow
		is controlled based on a read-up, write-down
		policy.  Currently, purely hierarchal.

mac_bsdextended:	Implementation of a "file system firewall",
		which allows the administrator to specify a series
		of rules limiting access by users and groups to
		objects owned by other users and groups.  This
		policy is unlabeled, relying on existing system
		security labeling (file permissions/ownership,
		process credentials).

mac_ifoff:	Secure interface silencing.  Special-purpose module
		to limit inappropriate out-going network traffic
		for silent monitoring scenarios.  Prevents the
		various network stacks from generating any output
		despite an interface being live for reception.

mac_mls:	Implementation of fixed-label Multi-Level Security
		confidentiality policy, similar to those found in
		a number of commercial trusted operating systems.
		All subjects and objects are assigned confidentiality
		levels, and information flow is controlled based on
		a write-up, read-down policy.  Currently, purely
		hiearchal, although non-hierarchal support is in the
		works.

mac_none:	Policy module implementing all MAC policy entry
		points with empty stubs.  A good place to start if
		you want all the prototypes types in for you, and
		don't mind a bit of pruning.  Can be loaded, but
		has no access control impact.  Useful also for
		performance measurements.

mac_seeotheruids:	Policy module implementing a security service
		similar to security.bsd.seeotheruids, only a slightly
		more detailed policy involving exceptions for members
		of specific groups, etc.  This policy is unlabeled,
		relying on existing system security labeling
		(process credentials).

mac_test:	Policy module implementing basic sanity tests for
		label handling.  Attempts to ensure that labels are
		not freed multiple times, etc, etc.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 18:07:45 +00:00
Robert Watson
4ed84624a2 Introduce support for Mandatory Access Control and extensible
kernel access control.

When fragmenting an IP datagram, invoke an appropriate MAC entry
point so that MAC labels may be copied (...) to the individual
IP fragment mbufs by MAC policies.

When IP options are inserted into an IP datagram when leaving a
host, preserve the label if we need to reallocate the mbuf for
alignment or size reasons.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 17:21:01 +00:00
Robert Watson
36b0360b37 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the code managing IP fragment reassembly queues (struct ipq)
to invoke appropriate MAC entry points to maintain a MAC label on
each queue.  Permit MAC policies to associate information with a queue
based on the mbuf that caused it to be created, update that information
based on further mbufs accepted by the queue, influence the decision
making process by which mbufs are accepted to the queue, and set the
label of the mbuf holding the reassembled datagram following reassembly
completetion.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 17:17:51 +00:00
Mark Murray
f193e3fc68 Fix an easy WARNS. 2002-07-31 16:53:59 +00:00
Mark Murray
13fcef50d0 Fix some easy WARNS. 2002-07-31 16:52:16 +00:00
Mark Murray
9f82c1d3b1 Give lint a small bit of help. 2002-07-31 16:50:21 +00:00
Robert Watson
0ec4b12334 Introduce support for Mandatory Access Control and extensible
kernel access control.

When generating an IGMP message, invoke a MAC entry point to permit
the MAC framework to label its mbuf appropriately for the target
interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:46:56 +00:00
Robert Watson
19527d3e22 Introduce support for Mandatory Access Control and extensible
kernel access control.

When generating an ARP query, invoke a MAC entry point to permit the
MAC framework to label its mbuf appropriately for the interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:45:16 +00:00
Mark Murray
129d3a7a92 sort(1) and uniq(1). 2002-07-31 16:44:01 +00:00
Robert Watson
d3990b06e1 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the MAC framework to label mbuf created using divert sockets.
These labels may later be used for access control on delivery to
another socket, or to an interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI LAbs
2002-07-31 16:42:47 +00:00
Robert Watson
62f5f684fb Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument connect(), listen(), and bind() system calls to invoke
MAC framework entry points to permit policies to authorize these
requests.  This can be useful for policies that want to limit
the activity of processes involving particular types of IPC and
network activity.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:39:49 +00:00
Hajimu UMEMOTO
ec2409ba60 FreeBSD has setkey in different location from NetBSD.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-07-31 16:39:19 +00:00
Robert Watson
3afe533f4f Introduce support for Mandatory Access Control and extensible
kernel access control.

Label mbufs received via kernel tunnel device interfaces by invoking
appropriate MAC framework entry points.

Perform access control checks on out-going mbufs delivered via tunnel
interfaces by invoking appropriate MAC entry points:

NOTE: Currently the label for a tunnel interface is not derived from
the label of the process that opened the tunnel interface.  It
probably should be.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:23:42 +00:00
Jake Burkholder
055ca86c52 These file are no longer used (moved to userland and/or merged into
pmap.c).
2002-07-31 16:23:27 +00:00
Robert Watson
43b2936963 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label mbufs received via ethernet-based interfaces by invoking
appropriate MAC framework entry points.

Perform access control checks on out-going mbufs delivered via
ethernet-based interfaces by invoking appropriate MAC entry
points.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:22:02 +00:00
Robert Watson
e70cd26366 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the interface management code so that MAC labels are
properly maintained on network interfaces (struct ifnet).  In
particular, invoke entry points when interfaces are created and
removed.  MAC policies may initialized the label interface based
on a variety of factors, including the interface name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:16:03 +00:00
Bruce A. Mah
db9b8e5474 New release note: SA-02:32. 2002-07-31 16:13:59 +00:00
Robert Watson
36c4f2b0d8 Introduce support for Mandatory Access Control and extensible
kernel access control.

When decompressing data from one mbuf into another mbuf, preserve the
mbuf label by copying it to the new mbuf.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:13:13 +00:00
Robert Watson
ec272d8708 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke a MAC framework entry point to authorize reception of an
incoming mbuf by the BPF descriptor, permitting MAC policies to
limit the visibility of packets delivered to particular BPF
descriptors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:11:32 +00:00
Robert Watson
82f4445d4c Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument BPF so that MAC labels are properly maintained on BPF
descriptors.  MAC framework entry points are invoked at BPF
instantiation and allocation, permitting the MAC framework to
derive the BPF descriptor label from the credential authorizing
the device open.  Also enter the MAC framework to label mbufs
created using the BPF device.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:09:38 +00:00
Robert Watson
af05e056ec Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument UFS to support per-inode MAC labels.  In particular,
invoke MAC framework entry points for generically supporting the
backing of MAC labels into extended attributes.  This ends up
introducing new vnode operation vector entries point at the MAC
framework entry points, as well as some explicit entry point
invocations for file and directory creation events so that the
MAC framework can push labels to disk before the directory names
become persistent (this will work better once EAs in UFS2 are
hooked into soft updates).  The generic EA MAC entry points
support executing with the file system in either single label
or multilabel operation, and will fall back to the mount label
if multilabel is not specified at mount-time.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:05:30 +00:00
Jake Burkholder
da1416c80c These were repo-copied to have a .S extension. 2002-07-31 15:56:15 +00:00
Robert Watson
5c153c5bb0 Add pathconf/fpathconf entries from POSIX.1e indicating support for
ACLs, Capabilities, Information Labels, and MAC Labels on the
queried file system.
2002-07-31 15:54:03 +00:00
Jake Burkholder
7c467eb823 *.s -> *.S. 2002-07-31 15:52:04 +00:00
Robert Watson
6742f32809 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument devfs to support per-dirent MAC labels.  In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries.  Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store.  This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 15:45:16 +00:00
Jacques Vidrine
b113cd8006 Sort headers to reduce diffs between branches. 2002-07-31 15:11:59 +00:00
Hajimu UMEMOTO
68966e0453 include file of SASLv1 was changed to /usr/local/include/sasl1. 2002-07-31 15:06:09 +00:00
Jake Burkholder
ba37958b34 Moved the rule for locore.o from kern.post.mk to Makefile.$ARCH. 2002-07-31 14:59:05 +00:00
Darren Reed
cc0178a73e some dolt forgot to add in an include for <limits.h> 2002-07-31 14:47:02 +00:00
Josef Karthauser
528d1a7fbc Replace the FOO_DEBUG definitions with USB_DEBUG, and switch the
debugging levels to off by default.  Now that debug levels can be
tweaked by sysctl we don't need to go through hoops to get the
different usb parts to produce debug data.
2002-07-31 14:34:36 +00:00
Josef Karthauser
6ada40b009 Make this compile with the debugging options switched on. 2002-07-31 14:27:40 +00:00
Josef Karthauser
163ddd953b Wake up Joe! It would help if I included sys/sysctl.h. 2002-07-31 14:20:07 +00:00
Josef Karthauser
140d7e756f Add a sysctl (debug.usb.uhub) for tweaking the uhub debug levels. 2002-07-31 13:58:15 +00:00
Poul-Henning Kamp
ab4db9b74f The Elan SC520 MMCR is actually 16bit wide, so u_char is inconvenient. 2002-07-31 13:45:44 +00:00
Josef Karthauser
0e6b196686 Get bored with hard coded debug level variables and introduce a debug.usb
sysctl tree for tweaking them real-time.

Reviewed by:	iedowse
2002-07-31 13:33:55 +00:00
Darren Reed
7fc37b7c09 Patch to fix bounds checking/overflow.
Obtained from:	OpenBSD
2002-07-31 12:50:28 +00:00
Dag-Erling Smørgrav
eeebf53e24 Use struct xfile, not struct file. 2002-07-31 12:43:17 +00:00
Dag-Erling Smørgrav
ca007d9172 Rewrite sockstat(1) in C.
Sponsored by:	DARPA, NAI Labs
2002-07-31 12:32:03 +00:00
Dag-Erling Smørgrav
aefe27a25c Have the kern.file sysctl export xfiles rather than files. The truth is
out there!

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:26:52 +00:00
Dag-Erling Smørgrav
3072197229 Nit in previous commit: the correct sysctl type is "S,xvnode" 2002-07-31 12:25:28 +00:00
Dag-Erling Smørgrav
217b2a0b61 Initialize v_cachedid to -1 in getnewvnode().
Reintroduce the kern.vnode sysctl and make it export xvnodes rather than
vnodes.

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:24:35 +00:00
Dag-Erling Smørgrav
4eee8de77c Introduce struct xvnode, which will be used instead of struct vnode for
sysctl purposes.  Also add two fields to struct vnode, v_cachedfs and
v_cachedid, which hold the vnode's device and file id and are filled in
by vn_open_cred() and vn_stat().

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:19:49 +00:00
Dag-Erling Smørgrav
84baf7a20f Add struct xfile, which will be used instead of struct file for sysctl
purposes.

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:16:51 +00:00