Commit Graph

79167 Commits

Author SHA1 Message Date
ache
a2d28129a1 Move just committed version of wcswidth.c here (from "locale"),
a bit optimized now.
2002-08-20 02:06:28 +00:00
ache
87f08c9cbb Remove wcswidth.c from here (and move it to "string") 2002-08-20 01:59:26 +00:00
ache
178f85ae98 Remove space at the end of continuation line in prev. commit 2002-08-20 01:16:06 +00:00
peter
abba96da99 Untangle this warning a bit:
COMPAT_SVR4 is broken and usage is, until fixed, not recommended
BTW; does anybody remember why this is here?
2002-08-20 00:29:16 +00:00
marcel
1e66a9327a Add support for the R_IA64_IPLTLSB relocation in non-PLT context.
This relocation creates a function descriptor at the specified
address and is commonly used for C++ to create virtual function
tables.
2002-08-20 00:24:33 +00:00
gordon
a9dd424f2f Print out a carriage return to make the screen output make more sense
Submitted by:	mike@
2002-08-20 00:14:11 +00:00
peter
238c22491c remove unit counts from atkbdc, pckbd, sc 2002-08-20 00:10:22 +00:00
peter
cd1f63b357 de-count pcbkd 2002-08-20 00:09:16 +00:00
peter
6c52efa2a1 de-count pckbd for pc98. This file is only compiled if NPCKBD was 1,
so the conditional compile should never have been used.
2002-08-20 00:05:41 +00:00
peter
20c193346e de-count atkbdc and sc. Folks, remove the '1' from 'device sc 1' and
'device atkbdc 1'.
2002-08-19 23:59:21 +00:00
peter
30017e8ef8 de-count atkbdc. I have more extensive patches to make properly dynamic,
but since pc hardware only allows one AT-style keyboard controller, this
doesn't seem particularly urgent.  (I do not know what the old sunriver
remote keyboard/mouse/vga cards do, that might be an exception).
2002-08-19 23:58:37 +00:00
peter
1b3d460b31 de-count schistory.c. The handling of NSC was rather bogus here and was
little more than a place holder, because nothing actually counted the
number of 'sc' units to compare it against NSC.  A bit more work here
is needed so that the scaling of SC_MAX_HISTORY_SIZE and extra_history_size
goes up when more sc units are added.  But, it does not appear that we can
have more than one console yet, so it does not seem particularly urgent.
2002-08-19 23:56:01 +00:00
bde
f8ad2e529c xdr.3 is added to MAN in ../xdr/Makefile.inc where it belongs, so don't
add it here.
2002-08-19 23:06:00 +00:00
mux
e1cb7effba Typo fix.
Reviewed by:	tmm
2002-08-19 22:57:32 +00:00
mux
5b798e0db4 style(9) nit. 2002-08-19 22:51:23 +00:00
mux
52d3101888 Use the __BUS_ACCESSOR macro for PCIB_ACCESSOR instead of
reimplementing it.

Reviewed by:	tmm
2002-08-19 22:50:08 +00:00
ache
86ecb5818b Sort unsorted prototypes 2002-08-19 21:00:13 +00:00
imp
dcbe7e6b18 When login tries to do the chmod/chflags on a read only file system,
it complains that it can't do it because the filesystem is readonly.
Assume that when the user has a readonly /dev that they don't care if
login can't change the permissions/flags.  While this does break a few
things like msgs, we'll assume that the user setting up the read only
system knows what they are doing.

All this change does is to stop the complaint when the file system is
read only.  It also adds comments as to why EROFS and EOPNOTSUPP are
ignored.

This allows one to have a read-only / w/o a /dev MFS and have a
relatively warning-free existence.  /etc/rc still complains when it
can't chown/chflags/chmod things, but that's easy to ignore/tweak.

Reviewed by: roberto, phk
Sponsored by: Timing Solutions
2002-08-19 20:54:00 +00:00
ache
426d833605 Activate (uncomment) wcwidth() and wcswidth() now implemented 2002-08-19 20:48:18 +00:00
ache
d3fa9cb263 Implement wcswidth() 2002-08-19 20:46:10 +00:00
semenu
efc586eed3 Stop trying to align malloc()ed memory. Rely on malloc() instead, just like
others.
2002-08-19 20:36:08 +00:00
ache
0923ef5388 Use modern-style arguments declaration 2002-08-19 20:32:27 +00:00
rwatson
83ecac75d4 Close a race in process label changing opened due to dropping the
proc locking when revoking access to mmaps.  Instead, perform this
later once we've changed the process label (hold onto a reference
to the new cred so that we don't lose it when we release the
process lock if another thread changes the credential).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 20:26:32 +00:00
semenu
00ceeee606 Do not reset card in epic_freebsd_attach() as reset is done in
epic_common_attach().
2002-08-19 20:24:13 +00:00
ache
53166ba7d8 Write null wide-character as L'\0' like in other places 2002-08-19 20:12:38 +00:00
rwatson
355d213f69 Regen. 2002-08-19 20:02:29 +00:00
rwatson
ffdb230263 mac_syscall is now implemented, switch to MSTD.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 20:01:31 +00:00
jmallett
af73db292e Enclose IPv6 addresses in brackets when they are displayed printable with a
TCP/UDP port seperated by a colon.  This is for the log_in_vain facility.

Pointed out by:	Edward J. M. Brocklesby
Reviewed by:	ume
MFC after:	2 weeks
2002-08-19 19:47:13 +00:00
brooks
a3fc793296 Fix a couple of bogus return values in previous commit.
Submitted by:	"Vladimir B. " Grebenschikov <vova@sw.ru>
Pointy hat to:	brooks
2002-08-19 19:22:41 +00:00
rwatson
a1cb1e3bed Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}().  Pass in fp->f_cred
when calling these checks with a struct file available.  Otherwise,
pass NOCRED.  All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 19:04:53 +00:00
sos
32d992cd39 Fix buffer length.
PR: 41063
2002-08-19 18:52:23 +00:00
sos
74aa80c3e4 Fix typo. 2002-08-19 18:47:51 +00:00
ache
34e5c81b71 According to SUSv2, always return 0 for null wide-character code 2002-08-19 18:06:18 +00:00
rwatson
4cb63b194b Provide an implementation of mac_syscall() so that security modules
can offer new services without reserving system call numbers, or
augmented versions of existing services.  User code requests a
target policy by name, and specifies the policy-specific API plus
target.  This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 17:59:48 +00:00
gordon
edd73c4d45 Update manpage to reflect reality:
xntpd -> ntpd
single_mountd_enable -> mountd_enable
portmap -> rpcbind
2002-08-19 17:57:38 +00:00
jmallett
a5175f2536 Clean up a comment talking about C strings, which are terminated with the
ASCII NUL character (0, or '\0' in C).
2002-08-19 17:20:03 +00:00
jmallett
209b6366d9 s/trailing NULL/trailing NUL/ 2002-08-19 17:14:58 +00:00
bmah
8d19e7758d New release note: SA-02:38. 2002-08-19 17:13:08 +00:00
rwatson
fd544421f3 Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write().  This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:59:37 +00:00
ambrisko
d0709eea67 Don't read the PCI config space during mii operations. Instead save whether
or not we have to limit the PHY detection in the softc structure.  Then
just check the flag.

Suggested by:	jdp
Reviewed by:	jdp
MFC after:	3 days
2002-08-19 16:54:26 +00:00
rwatson
1a7cd1a210 Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:43:25 +00:00
sobomax
25617b8fc0 Add a new -H' modifier, which when combined with -p' or `-P' allows to dump
full console history.
2002-08-19 16:33:23 +00:00
sobomax
fb29e33da0 1. Allow information about current history size be retrieved using ioctl(2);
2. modify screen dumpung routine, so that in addition to visible area, it
   allows to grab any portion of history buffer as well.
2002-08-19 16:32:09 +00:00
orion
e3be6c4141 Cater for ich4 quirks.
Reported by: Jacob Rhoden
Tested by: Jacob Rhoden, mp
2002-08-19 16:03:56 +00:00
rwatson
c601d7b784 Assert process locks in proces-related access control checks.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:30:30 +00:00
rwatson
8c753954cb Add a missing vnode assertion for the exec() check.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:28:39 +00:00
sobomax
021687d79b Previous deltas (promisc mode) were a subject of:
MFC after:	1 week
2002-08-19 15:18:25 +00:00
sobomax
e50e3b03ec Implement user-setable promiscuous mode (a new `promisc' flag for ifconfig(8)).
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).

Emphatically requested by:	Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by:	fenner
2002-08-19 15:16:38 +00:00
luigi
be3fb71639 One more (hopefully the last one) step in cleaning up the syntax,
following Julian's good suggestion: since you can specify any match
pattern as an option, rules now have the following format:

	[<proto> from <src> to <dst>] [options]

i.e. the first part is now entirely optional (and left there just
for compatibility with ipfw1 rulesets).

Add a "-c" flag to show/list rules in the compact form
(i.e. without the "ip from any to any" part) when possible.
The default is to include it so that scripts processing ipfw's
canonical output will still work.
Note that as part of this cleanup (and to remove ambiguity), MAC
fields now can only be specified in the options part.

Update the manpage to reflect the syntax.

Clarify the behaviour when a match is attempted on fields which
are not present in the packet, e.g. port numbers on non TCP/UDP
packets, and the "not" operator is specified. E.g.

	ipfw add allow not src-port 80

will match also ICMP packets because they do not have port numbers, so
"src-port 80" will fail and "not src-port 80" will succeed. For such
cases it is advised to insert further options to prevent undesired results
(e.g. in the case above, "ipfw add allow proto tcp not src-port 80").

We definitely need to rewrite the parser using lex and yacc!
2002-08-19 12:36:54 +00:00
maxim
3855d71e92 Forced commit to correct a PR number in the previous commit. It is bin/40177.
Pointed out by: obrien
2002-08-19 09:19:31 +00:00