Commit Graph

128282 Commits

Author SHA1 Message Date
jhb
f1be25c7ac Various whitespace cleanups. 2006-11-07 18:55:51 +00:00
jhb
df902a85d9 Add a new 'union l_sigval' to use in place of 'union sigval' in the
linux siginfo structure.  l_sigval uses a l_uintptr_t for sival_ptr so
that sival_ptr is the right size for linux32 on amd64.  Since no code
currently uses 'lsi_ptr' this is just a cosmetic nit rather than a bug
fix.
2006-11-07 18:53:49 +00:00
jhb
bfa0cb7ef2 Remove old XXX comment about possibly adding a print_Intel_info() function
to dump CPUID level=2 stuff.  A print_INTEL_info() function that does just
that was added a while ago.
2006-11-07 18:48:18 +00:00
jhb
2a9e42c005 Remove duplicate IDTVEC macro definition, it's already defined in
<machine/intr_machdep.h>.
2006-11-07 18:46:33 +00:00
sam
2619dbffd2 honor nolockd flag in root mount options
MFC after:	2 weeks
2006-11-07 18:02:45 +00:00
laszlof
b71f6de416 Add my birthdate to the calendar.
Approved by:	flz (mentor)
2006-11-07 14:35:34 +00:00
cognet
d9c8d94a60 Add atomic_cmpset_acq_32. 2006-11-07 11:53:44 +00:00
bde
95c27ab845 Second stage of unbreaking thr formatting of the NICE field: decode the
priority class and use this to:

- print "-" instead of a garbage value for ithreads.  Print "-" instead
  of the unused nice value for kthreads which are (mis)classified as
  PRI_TIMESHARE.  For such threads, the nice value can be set to nonzero
  by root, but it is never used (at least by the 4bsd scheduler).  For
  ithreads, we didn't even print the unused value.

- print "i<priority>" and "r<priority>" instead of a biased "<priority>"
  for idletime and realtime threads,  Here <priority> is the priority
  parameter to idprio/rtprio(1).  Just add the prefix and remove the
  bias for now.  <priority> has been stored indirectly in the kernel
  since 2001/02/12, and even the kernel cannot recover the original
  value in all cases.  Here we need to handle more cases than pri_to_rtp(),
  but actually handle fewer cases, and end up printing garbage after
  a thread changes its current priority while in the kernel.

- for idletime and realtime threads, if they are kthreads then add a prefix
  of "k" to the previous string.

- for idletime and realtime threads, if they in the FIFO scheduling class
  then add a suffix of "F" to the previous string (if it fits; the other
  parts of the string are sure to fit unless <priority> is garbage).
2006-11-07 10:03:10 +00:00
cperciva
b9e58fd6df Add support for the HTTP_TIMEOUT environment variable (integer number
of seconds, just like in fetch(1)).

Submitted by:	rdivacky
2006-11-07 09:18:09 +00:00
rwatson
f52cf260f1 Add priv.h include required to build FAST_IPSEC, which is not present in
LINT due to a conflict with KAME IPSEC.

Submitted by:	Pawel Worach <pawel dot worach at gmail dot com>
2006-11-07 08:58:06 +00:00
mjacob
357415eaa6 Fix the hanging chad if the NEW_TRAN_CODE change and change the
qualifier to force async from cur_spi to spi.
2006-11-07 05:51:40 +00:00
tegge
4fdb31ed24 Don't drop reference to tty in tty_close() if TS_ISOPEN is already cleared.
Reviewed by:	bde
2006-11-06 22:12:43 +00:00
cognet
367bc6b8e0 Instead of re-implementing hton[ls] and friends for each arch, add a new MI
file, net/ntoh.c, which just implement them using the inline functions from
<sys/endian.h>.

Suggested by:	bde
2006-11-06 22:07:47 +00:00
andre
98af8dbef9 Handle early errors in kern_sendfile() by introducing a new goto 'out'
label after the sbunlock() part.

This correctly handles calls to sendfile(2) without valid parameters
that was broken in rev. 1.240.

Coverity error:	272162
2006-11-06 21:53:19 +00:00
cognet
55a9fb22cc Provide definitions suitable for arm big-endian. 2006-11-06 20:49:23 +00:00
ru
34b745c784 Sometimes the vty switching has to be delayed; the vty
to be switched to is saved in sc->delayed_next_scr and
the actual switch is performed later.  It was possible
to get into the endless loop when attempting to switch
to a closed vty (which is not allowed and beep-alerted
when attempted) and when the visual beep was in effect.
This caused sc->delayed_next_scr to never be reset and
endless attempts to switch to a closed vty and endless
visual beeping.  How to repeat:

- boot into single-user
- run "kbdcontrol -b visual"
- quickly press Alt+F2 two times

PR:		kern/68016
X-MFC after:	6.2-RELEASE
2006-11-06 19:06:07 +00:00
rwatson
2e2a6d6a66 Add missing includes of priv.h. 2006-11-06 17:43:10 +00:00
dds
771f010d42 Style facelift.
- Reduce the number of global variables
- Make global objects static
- Use bool consistently
- Sort getopt arguments and their processing
- Add function comments
- Change notlast != 0 into !last
2006-11-06 15:58:35 +00:00
trhodes
34663c9485 Add needed hyphens, note the KTRACE kernel option, bump doc date.
PR:		85186
Submitted by:	garys
2006-11-06 15:17:50 +00:00
rwatson
ef1d02698e Remove sys/uio.h include -- this is no longer required by the extattr
system call API.

MFC after:	3 weeks
2006-11-06 15:12:43 +00:00
dds
41f3c2053f Use a more sensible default of 1 or -1 when only the start and
end values are specified.

PR:		bin/68981
Submitted by:	Stefan `Sec` Zehl
MFC after:	2 weeks
2006-11-06 15:11:50 +00:00
rwatson
9463ede042 Add auditd_program variable to defaults, in order to make it more clear
how to change the auditd instance.  When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.

Obtained from:	TrustedBSD Project
MFC after:	3 weeks
2006-11-06 15:11:24 +00:00
dds
c1bff9358c Add the examples from the manual page. 2006-11-06 15:05:03 +00:00
dds
5f9d5575d3 Updated results for bin/68981
PR:		bin/68981
2006-11-06 15:00:37 +00:00
rwatson
572da55a43 Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls.  Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.

Obtained from:	TrustedBSD Project
2006-11-06 14:54:06 +00:00
rrs
9da66947c4 This changes tracks down the EEOR->NonEEOR mode failure
to wakeup on close of the sender. It basically moves
the return (when the asoc has a reader/writer) further
down and gets the wakeup and assoc appending (of the
PD-API event) moved up before the return.  It also
moves the flag set right before the return so we can
assure only once adding the PD-API events.

Approved by:	gnn
2006-11-06 14:34:21 +00:00
ru
abbf63751a Fix markup. 2006-11-06 14:28:09 +00:00
ru
044b6ca4cf Bump document date. 2006-11-06 14:26:43 +00:00
dds
c15edb9d96 Do What I Mean when the user asks for random integers or characters.
Up to now jot would fail to generate the last character in the range
or skew the integer distribution in a way that would generate the numbers
in the range's limits with half the probability of the rest.

This modification fixes the program, rather than documenting the
strange behavior, as suggested in docs/54879.

Also, correctly specify the range of random(3).

PR:		docs/54879
MFC after:	2 weeks
2006-11-06 13:55:11 +00:00
rwatson
13dc4f1b11 Add stub entry point implementations of mpo_priv_check and mpo_priv_grant to
the mac_stub policy.

Obtained from:	TrustedBSD Project
2006-11-06 13:45:45 +00:00
rwatson
10d0d9cf47 Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
rwatson
7288104e20 Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials.  Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed.  Two interfaces are provided, replacing the
existing suser(9) interface:

suser(td)                 ->   priv_check(td, priv)
suser_cred(cred, flags)   ->   priv_check_cred(cred, priv, flags)

A comprehensive list of currently available kernel privileges may be
found in priv.h.  New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.

The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag.  For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail.  As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.

The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.

The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated.  The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.

This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.

Sponsored by:		nCircle Network Security, Inc.
Obtained from:		TrustedBSD Project
Discussed on:		arch@
Reviewed (at least in part) by:	mlaier, jmg, pjd, bde, ceri,
			Alex Lyashkov <umka at sevcity dot net>,
			Skip Ford <skip dot ford at verizon dot net>,
			Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
rink
0d72a08039 Added PCI ID's for:
- 0x1065: Intel 82562ET/EZ/GT/GZ PRO/100 VE Ethernet [1], as found on
  Tyan GS14 barebones.
- 0x1094: Intel Pro/100 946GZ (ICH7) Network Connection [2], as found on
  Intel 946GZis motherboards.

[1] Submitted by:	myself
[2] Submitted by:	Mike Tancsa <mike@sentex.net>
Reviewed by:		imp (mentor), jfv
Approved by:		imp (mentor)
MFC after:		3 days
2006-11-06 12:19:43 +00:00
takawata
becbd1176a Prevent freeing wild pointer when bailing out. 2006-11-06 12:14:27 +00:00
kib
d5b214bf2a Set up the context for the dbbe_trace callback in the ddb. Otherwise,
trap caused by backtracing would lead to panic.

Noted and reviewed by:	bde
2006-11-06 11:10:57 +00:00
dds
571eb96dc6 Avoid negative array indices: an empty string can also be used
to specify a default value.
2006-11-06 11:03:43 +00:00
dds
dc4421d112 See also arc4random
PR:		docs/54879
MFC after:	2 weeks
2006-11-06 10:39:49 +00:00
dds
f4df3d376b Restore jot's ability to use a seed for producing a deterministic
sequence of random numbers.
This functionality was lost in revision 1.9 when the random number
generator was switched to arc4random.

PR:		docs/54879
MFC after:	2 weeks
2006-11-06 10:30:29 +00:00
dds
e9549fc276 Replace obscure aliases through pointers with plain variables.
MFC after:	2 weeks
2006-11-06 09:15:21 +00:00
dds
162bf8c18e Regress.out is now regress.x.out. 2006-11-06 08:49:43 +00:00
dds
4b2e1ee229 Merge code in common cases.
Verified by:	New regression tests in tools/regression/usr.bin/jot
MFC after:	2 weeks
2006-11-06 08:47:41 +00:00
dds
785f45c300 Test the handling of supplied and default parameters. 2006-11-06 08:39:52 +00:00
dds
d2eb59a85e Replace opaque numeric bit flag values with #defined identifiers.
While there, add some missing FALLTHROUGH comments.

Verified with:	cmp(1) on the executable
MFC after:	2 weeks
2006-11-06 07:26:16 +00:00
obrien
6e5c698f67 Remove gratuitous white space change. 2006-11-06 02:49:19 +00:00
obrien
7edb659ec4 Allow one to force with issue with 'TARGET_BIG_ENDIAN'. 2006-11-06 02:32:29 +00:00
obrien
ea874b999e Switch default proto to TCP. 2006-11-06 01:42:11 +00:00
kientzle
109c8f1daf Eliminate documentation references to a non-existent function. 2006-11-06 00:28:46 +00:00
kientzle
dce2089396 Computing SHLIB_MAJOR is not a good idea. It's really a FreeBSD
system value that has no real relation to the libarchive version.
(Except, of course, that any ABI breakage will force both to be
incremented.)
2006-11-06 00:24:57 +00:00
kientzle
ba33e1d526 Remove an unused declaration. 2006-11-06 00:16:40 +00:00
csjp
cf1f0416d1 Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage.  This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.

We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
MFC after:	2 weeks
2006-11-06 00:15:44 +00:00