128209 Commits

Author SHA1 Message Date
dds
5f9d5575d3 Updated results for bin/68981
PR:		bin/68981
2006-11-06 15:00:37 +00:00
rwatson
572da55a43 Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls.  Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.

Obtained from:	TrustedBSD Project
2006-11-06 14:54:06 +00:00
rrs
9da66947c4 This changes tracks down the EEOR->NonEEOR mode failure
to wakeup on close of the sender. It basically moves
the return (when the asoc has a reader/writer) further
down and gets the wakeup and assoc appending (of the
PD-API event) moved up before the return.  It also
moves the flag set right before the return so we can
assure only once adding the PD-API events.

Approved by:	gnn
2006-11-06 14:34:21 +00:00
ru
abbf63751a Fix markup. 2006-11-06 14:28:09 +00:00
ru
044b6ca4cf Bump document date. 2006-11-06 14:26:43 +00:00
dds
c15edb9d96 Do What I Mean when the user asks for random integers or characters.
Up to now jot would fail to generate the last character in the range
or skew the integer distribution in a way that would generate the numbers
in the range's limits with half the probability of the rest.

This modification fixes the program, rather than documenting the
strange behavior, as suggested in docs/54879.

Also, correctly specify the range of random(3).

PR:		docs/54879
MFC after:	2 weeks
2006-11-06 13:55:11 +00:00
rwatson
13dc4f1b11 Add stub entry point implementations of mpo_priv_check and mpo_priv_grant to
the mac_stub policy.

Obtained from:	TrustedBSD Project
2006-11-06 13:45:45 +00:00
rwatson
10d0d9cf47 Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
rwatson
7288104e20 Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials.  Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed.  Two interfaces are provided, replacing the
existing suser(9) interface:

suser(td)                 ->   priv_check(td, priv)
suser_cred(cred, flags)   ->   priv_check_cred(cred, priv, flags)

A comprehensive list of currently available kernel privileges may be
found in priv.h.  New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.

The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag.  For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail.  As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.

The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.

The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated.  The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.

This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.

Sponsored by:		nCircle Network Security, Inc.
Obtained from:		TrustedBSD Project
Discussed on:		arch@
Reviewed (at least in part) by:	mlaier, jmg, pjd, bde, ceri,
			Alex Lyashkov <umka at sevcity dot net>,
			Skip Ford <skip dot ford at verizon dot net>,
			Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
rink
0d72a08039 Added PCI ID's for:
- 0x1065: Intel 82562ET/EZ/GT/GZ PRO/100 VE Ethernet [1], as found on
  Tyan GS14 barebones.
- 0x1094: Intel Pro/100 946GZ (ICH7) Network Connection [2], as found on
  Intel 946GZis motherboards.

[1] Submitted by:	myself
[2] Submitted by:	Mike Tancsa <mike@sentex.net>
Reviewed by:		imp (mentor), jfv
Approved by:		imp (mentor)
MFC after:		3 days
2006-11-06 12:19:43 +00:00
takawata
becbd1176a Prevent freeing wild pointer when bailing out. 2006-11-06 12:14:27 +00:00
kib
d5b214bf2a Set up the context for the dbbe_trace callback in the ddb. Otherwise,
trap caused by backtracing would lead to panic.

Noted and reviewed by:	bde
2006-11-06 11:10:57 +00:00
dds
571eb96dc6 Avoid negative array indices: an empty string can also be used
to specify a default value.
2006-11-06 11:03:43 +00:00
dds
dc4421d112 See also arc4random
PR:		docs/54879
MFC after:	2 weeks
2006-11-06 10:39:49 +00:00
dds
f4df3d376b Restore jot's ability to use a seed for producing a deterministic
sequence of random numbers.
This functionality was lost in revision 1.9 when the random number
generator was switched to arc4random.

PR:		docs/54879
MFC after:	2 weeks
2006-11-06 10:30:29 +00:00
dds
e9549fc276 Replace obscure aliases through pointers with plain variables.
MFC after:	2 weeks
2006-11-06 09:15:21 +00:00
dds
162bf8c18e Regress.out is now regress.x.out. 2006-11-06 08:49:43 +00:00
dds
4b2e1ee229 Merge code in common cases.
Verified by:	New regression tests in tools/regression/usr.bin/jot
MFC after:	2 weeks
2006-11-06 08:47:41 +00:00
dds
785f45c300 Test the handling of supplied and default parameters. 2006-11-06 08:39:52 +00:00
dds
d2eb59a85e Replace opaque numeric bit flag values with #defined identifiers.
While there, add some missing FALLTHROUGH comments.

Verified with:	cmp(1) on the executable
MFC after:	2 weeks
2006-11-06 07:26:16 +00:00
obrien
6e5c698f67 Remove gratuitous white space change. 2006-11-06 02:49:19 +00:00
obrien
7edb659ec4 Allow one to force with issue with 'TARGET_BIG_ENDIAN'. 2006-11-06 02:32:29 +00:00
obrien
ea874b999e Switch default proto to TCP. 2006-11-06 01:42:11 +00:00
kientzle
109c8f1daf Eliminate documentation references to a non-existent function. 2006-11-06 00:28:46 +00:00
kientzle
dce2089396 Computing SHLIB_MAJOR is not a good idea. It's really a FreeBSD
system value that has no real relation to the libarchive version.
(Except, of course, that any ABI breakage will force both to be
incremented.)
2006-11-06 00:24:57 +00:00
kientzle
ba33e1d526 Remove an unused declaration. 2006-11-06 00:16:40 +00:00
csjp
cf1f0416d1 Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage.  This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.

We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
MFC after:	2 weeks
2006-11-06 00:15:44 +00:00
marcel
9ef7e5e3af Major rework of the ia64 loaders. The two primary objectives are:
1. Make libefi portable by removing ia64 specific code and build
   it on i386 and amd64 by default to prevent regressions. These
   changes include fixes and improvements over previous code to
   establish or improve APIs where none existed or when the amount
   of kluging was unacceptably high.
2. Increase the amount of sharing between the efi and ski loaders
   to improve maintainability of the loaders and simplify making
   changes to the loader-kernel handshaking in the future.

The version of the efi and ski loaders are now both changed to 1.2
as user visible improvements and changes have been made.
2006-11-05 22:03:04 +00:00
marcel
a74874add4 Forced commit to document that the following repo copy has been
performed:

	from:	src/sys/boot/efi/libefi/bootinfo.c
	to:	src/sys/boot/ia64/common/bootinfo.c

	from:	src/sys/boot/efi/libefi/copy.c
	to:	src/sys/boot/ia64/common/copy.c

	from:	src/sys/boot/efi/libefi/devicename.c
	to:	src/sys/boot/ia64/common/devicename.c

	from:	src/sys/boot/efi/libefi/elf_freebsd.c
	to:	src/sys/boot/ia64/common/exec.c

ncvs meister: simon (thanks!)
2006-11-05 21:27:43 +00:00
danger
41b16051b0 - I forgot to bump a date.
Approved by: keramida (mentor), trhodes (mentor) (implicit)
2006-11-05 20:12:32 +00:00
danger
a2d9936684 - capitalize the first letter of the first word in the sentence
Approved by: trhodes (mentor), keramida (mentor)
2006-11-05 20:08:58 +00:00
danger
fa84907b5e - add some files to FILES section and provide their description
- reference devfs.conf and devfs.rules in SEE ALSO section

Approved by: keramida (mentor), trhodes (mentor)
PR: docs/103347
MFC-after: 3 days
2006-11-05 19:37:27 +00:00
trhodes
444451185b Fix a typo: "the give login class" to "the given login class."
PR:		75577
Submitted by:	Nobuyuki Koganemaru
2006-11-05 19:00:08 +00:00
stefanf
5d1b410c9d Add regression tests for PR 105078. 2006-11-05 18:41:23 +00:00
stefanf
d02f26394e When parsing an invalid parameter expansion (eg. ${} or ${foo@bar}) do not
issue a syntax error immediately but save the information that it is erroneous
for later when the parameter expansion is actually done.  This means eg. "false
&& ${}" will not generate an error which seems to be required by POSIX.
Include the invalid parameter expansion in the error message (sometimes
abbreviated with ... because recovering it would require a lot of code).

PR:		105078
Submitted by:	emaste
2006-11-05 18:36:05 +00:00
csjp
db8b5b89e2 Fix possible leak when bridge is in monitor mode. Use m_freem() which will
free the entire chain, instead of using m_free() which will free just the
mbuf that was passed.

Discussed with:	thompsa
MFC after:	3 days
2006-11-05 17:56:25 +00:00
maxim
b9fb75ae50 o Add NetBSD 3.0.2 and NetBSD 3.1. 2006-11-05 15:56:45 +00:00
cognet
b6a2f17c26 Change one more ARM_BIG_ENDIAN to TARGET_BIG_ENDIAN. 2006-11-05 15:33:26 +00:00
trhodes
2d47ae4d92 Sync up with rhyolite routed 2.31 which fixes the handling of varargs.
Remove -p from usage, it's gone completely now.

PR:		83387
Submited by:	arved
2006-11-05 14:49:47 +00:00
ru
cd38181372 Revert previous commit, and instead make the expression in rev. 1.2
match the style of this file.

OK'ed by:	rrs
2006-11-05 14:36:59 +00:00
rrs
20dc61d3a4 Tons of fixes to get all the 64bit issues removed.
This also moves two 16 bit int's to become 32 bit
values so we do not have to use atomic_add_16.
Most of the changes are %p, casts and other various
nasty's that were in the orignal code base. With this
commit my machine will now do a build universe.. however
I as yet have not tested on a 64bit machine .. it may not work :-(
2006-11-05 13:25:18 +00:00
maxim
21ab4f8a25 o Document ServeRAID 7x support.
Submitted by:	Andrey V. Elsukov
MFC after:	3 days
2006-11-05 08:55:21 +00:00
bp
85d804ea67 Create a bidirectional mapping of the DOS 'read only' attribute
to the 'w' flag.

PR:		kern/77958
Submitted by:	ghozzy gmail com
MFC after:	1 month
2006-11-05 06:38:42 +00:00
bp
499769a943 It seems to be safe to ignore 'file not locked' error
from server.  This effectively suppresses 'Unmapped error 1:158'.

MFC after:	1 month
2006-11-05 06:31:08 +00:00
trhodes
f8cbaf97aa The rune interface was removed by tjr over two years ago. 2006-11-05 00:39:56 +00:00
pjd
b7b8ba938c When the source and destination objects for VOP_RENAME() are the same,
POSIX advice to just ignore the operation and return 0.
We already handle this case in kern_rename(), but don't give bad example -
the source is not removed.
2006-11-04 23:59:51 +00:00
pjd
560cce7495 VOP_REMOVE() doesn't unlock vnodes nor decrease reference counts. 2006-11-04 23:58:15 +00:00
pjd
c524521d2f Typo, 'from' vnode is locked here, not 'to' vnode. 2006-11-04 23:57:02 +00:00
jb
0ba5da19a5 Remove the KDTRACE option again because of the complaints about having
it as a default.

For the record, the KDTRACE option caused _no_ additional source files
to be compiled in; certainly no CDDL source files. All it did was to
allow existing BSD licensed kernel files to include one or more CDDL
header files.

By removing this from DEFAULTS, the onus is on a kernel builder to add
the option to the kernel config, possibly by including GENERIC and
customising from there. It means that DTrace won't be a feature
available in FreeBSD by default, which is the way I intended it to be.

Without this option, you can't load the dtrace module (which contains
the dtrace device and the DTrace framework). This is equivalent to
requiring an option in a kernel config before you can load the linux
emulation module, for example.

I think it is a mistake to have DTrace ported to FreeBSD, but not
to have it available to everyone, all the time. The only exception
to this is the companies which distribute systems with FreeBSD embedded.
Those companies will customise their systems anyway. The KDTRACE
option was intended for them, and only them.
2006-11-04 23:50:12 +00:00
csjp
ca30d69fda Currently, we initialize "error" to zero when it's declared, then
we never initialize it to anything else. However, in the case that
m_uiotombuf fails, we return error (effectively reporting success).

This appears to be a relic of an older revision of this file, where
"error" used to be doing something useful. (See revision 1.1, where
error is used in a loop with uiomove() instead of using m_uiotomubf).

So instead on unconditionally reporting success in the case there is
a failure in m_uiotombuf, explicitly return ENOBUFS. While we are
here, garbage collect the error variable since it's no longer required.

MFC after:	2 weeks
2006-11-04 20:54:37 +00:00