Commit Graph

79047 Commits

Author SHA1 Message Date
rwatson
ac33de7562 Correct white space nits that crept in during my recent merges of
trustedbsd_mac material.
2002-08-16 14:12:40 +00:00
keichii
c7575e1fcc Add swidth definitions and lex code to mklocale
After adding swidth support in iswctype.c and ctype.h

Submitted by:	clkao@clkao.org
Reviewed by:	keichii,ache
Obtained from:	NetBSD
MFC after:	1 month
2002-08-16 13:46:43 +00:00
keichii
99fd6cbd41 Add iswctype wcwidth function code
Submitted by:	clkao@clkao.org
Reviewed by:	keichii
Obtained from:	NetBSD
MFC after:	1 month
2002-08-16 13:45:23 +00:00
keichii
74943c8903 Add swidth definition for wchar stuff
Submitted by:	clkao@clkao.org
Reviewed by:	keichii
Obtained from:	NetBSD
MFC after:	1 month
2002-08-16 13:42:59 +00:00
rwatson
2b82cd24f1 Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential.  Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential.  Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument.  This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.

Trickle this change down into fo_stat/poll() implementations:

- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
  MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
  than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
  to vn_stat().  Pass active_cred to MAC and fp->f_cred to VOP_POLL()
  to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
  and consumers so that this distinction is maintained at the VFS
  as well as 'struct file' layer.  Pass active_cred instead of
  td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.

- fifofs: modify the creation of a "filetemp" so that the file
  credential is properly initialized and can be used in the socket
  code if desired.  Pass ap->a_td->td_ucred as the active
  credential to soo_poll().  If we teach the vnop interface about
  the distinction between file and active credentials, we would use
  the active credential here.

Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained.  It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 12:52:03 +00:00
joe
6742ffa0ae MFNetBSD: 1.51
Move a quirk tests so the message printed about directionality is
right.
2002-08-16 12:16:07 +00:00
joe
fd516aa2a4 MFNetBSD: (1.50) Get rid of trailing white space. 2002-08-16 12:13:26 +00:00
luigi
6d2f675ff7 sys/netinet/ip_fw2.c:
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
    for firewall-generated packets (the constant has to go in sys/mbuf.h).

    Better comments on keepalive generation, and enforce dyn_rst_lifetime
    and dyn_fin_lifetime to be less than dyn_keepalive_period.

    Enforce limits (up to 64k) on the number of dynamic buckets, and
    retry allocation with smaller sizes.

    Raise default number of dynamic rules to 4096.

    Improved handling of set of rules -- now you can atomically
    enable/disable multiple sets, move rules from one set to another,
    and swap sets.

sbin/ipfw/ipfw2.c:

    userland support for "noerror" pipe attribute.

    userland support for sets of rules.

    minor improvements on rule parsing and printing.

sbin/ipfw/ipfw.8:

    more documentation on ipfw2 extensions, differences from ipfw1
    (so we can use the same manpage for both), stateful rules,
    and some additional examples.
    Feedback and more examples needed here.
2002-08-16 10:31:47 +00:00
seanc
03d830a6c2 Forgot to change branches for my src tree. MFS my birthdate.
Pointed out by:	maxim
Reviewed by:	knu (mentor)
Approved by:	knu (mentor)
2002-08-16 09:41:07 +00:00
joe
e8b4bb966f MFNetBSD:
revision 1.127
	date: 2002/08/07 20:03:19;  author: augustss;  lines: +4 -8
	Fix some braindead calls to free memory (only encountered
	under low memory conditions).  From OpenBSD.
2002-08-16 09:10:43 +00:00
alfred
30a4b05c04 make the strings for tcptimers, tanames and prurequests const to silence
warnings.
2002-08-16 09:07:59 +00:00
alfred
ae8fed6b90 forgot to actually commit the DK/FS TYPES split, do it now. 2002-08-16 09:07:15 +00:00
alfred
3f9956f30f No need to include sys/time.h, this unbreaks a c89 warning about long long
constants as well.
2002-08-16 08:19:15 +00:00
alfred
fb72bc78f1 fix comment typo: naem -> name 2002-08-16 07:42:18 +00:00
alfred
0190ed913a Don't '#define DKTYPENAMES', we don't use the variable it exposes from
the header file.
2002-08-16 07:34:19 +00:00
alfred
9c6aa2dcd8 add a check for GNUC < 3 to typedef bool because gcc 3 always seems to
define it.

Suggested by: tjr
2002-08-16 07:33:14 +00:00
alfred
997e76e7c0 Hide 'struct ucred' behind '#ifdef _KERNEL', this should stop userland
from attempting to use it for good.  There is a catch, kvm_proc.c needs
to '#define _KERNEL' to get at the ucred.

Requested by: rwatson
2002-08-16 07:01:43 +00:00
trhodes
abb7e5b790 When a cluster entry for ``.'' is set to 0, msdosfs fails to handle it
correctly.

PR:		24393
Submitted by:	semenu
Approved by:	rwatson (mentor)
MFC after:	1 week
2002-08-16 05:13:42 +00:00
dg
fc04ab53c9 Rewrote the space check algorithm in sbreserve() so that the extremely
expensive (!) 64bit multiply, divide, and comparison aren't necessary
(this came in originally from rev 1.19 to fix an overflow with large
sb_max or MCLBYTES).
The 64bit math in this function was measured in some kernel profiles as
being as much as 5-8% of the total overhead of the TCP/IP stack and
is eliminated with this commit. There is a harmless rounding error (of
about .4% with the standard values) introduced with this change,
however this is in the conservative direction (downward toward a
slightly smaller maximum socket buffer size).

MFC after:	3 days
2002-08-16 05:08:46 +00:00
trhodes
75d84b9b55 Remove usbhidaction(1) manual page under SEE ALSO section. This will be
added again if/when we port the framework.

Submitted by:	mwlucas
Approved by:	joe
2002-08-16 05:01:11 +00:00
johan
831411db5b Bump document date for the -n option.
Approved by: sheldonh (mentor)
2002-08-16 03:13:59 +00:00
johan
3fcc723a46 Bump document date for the 'beep only' change. 2002-08-16 03:08:25 +00:00
rwatson
672aa78ecb Add LOGIN_SETMAC, which will indicate to the user context management code
that it should also set the user's default MAC label, if available and
permitted.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 02:14:21 +00:00
jake
3cfd695007 Use symbolic constants instead of magic address constants. 2002-08-16 01:37:49 +00:00
jake
aaaa8f8279 Minor style. Removed unused declaration. 2002-08-16 01:35:00 +00:00
jake
d554707634 Removed unneeded pmap_initialized flag. 2002-08-16 01:33:03 +00:00
jake
37f6204036 Demark sections of code that need special fault handling with labels.
Check if the trapped pc is inside of the demarked sections to implement
fault recovery for copyin etc, instead of pcb_onfault.  Handle recovery
from data access exceptions as well as page faults.

Inspired by:	bde's sys.dif
2002-08-16 00:57:37 +00:00
marcus
2ba12a117b Bah! Use the full name for Florida. 2002-08-15 22:44:56 +00:00
marcus
858b0c53ec Add myself. 2002-08-15 22:43:01 +00:00
joe
1db3df408a UHCI_DEBUG -> USB_DEBUG. 2002-08-15 22:41:20 +00:00
dg
5a9591b4a5 Add myself. 2002-08-15 22:34:45 +00:00
rwatson
e75c68c950 For some reason, the flags and td arguments in the fo_read prototype
were reversed.  Correct this with no functional change.
2002-08-15 22:12:53 +00:00
rwatson
331fe87203 Code formatting sync to trustedbsd_mac: don't perform an assignment
in an if clause.

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
2002-08-15 22:04:31 +00:00
alfred
6d7e27aceb Remove a case of exposing 'struct ucred' to userspace. Use a struct xucred
for LOCKD_MSG instead.

Requested by: rwatson
2002-08-15 21:52:22 +00:00
alfred
0684d0ba09 Remove cam_extend.c from sources to unbreak modules.
Missed by: kern/39809,njl
2002-08-15 21:41:59 +00:00
rwatson
e45bce4bd3 Correct a minor whitespace nit that sneaked in with my previous commit. 2002-08-15 21:41:20 +00:00
blackend
8f1080b775 Fix typos: s/Ths/This, s/counties/countries
PR:		docs/39060
Submitted by:	Nicola Vitale <nivit@libero.it>
MFC after:	3 days
2002-08-15 21:25:41 +00:00
robert
fe770f50bf - Fix a bug that wrote one char behind the end of the
supplied buffer in case the size of it was equal to
   the number of characters the converted address consumed.
   The bug occurred when converting an AF_INET address.
 - Remove the SPRINTF macro and use sprintf instead.
 - Do not do string formatting using sprintf(3) and a
   temporary buffer which is copied when the supplied
   buffer provides enough space.  Instead, use snprintf(3)
   and the real destination buffer, thus avoid the copy.

Reported by:	Stefan Farfeleder <e0026813@stud3.tuwien.ac.at> (1)
PR:		misc/41289
2002-08-15 21:19:31 +00:00
njl
40c52b5913 Remove cam_extend.[ch] after all references to them were removed.
PR:		kern/39809
Approved by:	gibbs
2002-08-15 20:55:38 +00:00
rwatson
44404e4547 In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
njl
54a3d67ad2 Remove usage of cam_extend.c, replace with dev->si_drv1
PR:		kern/39809
Approved by:	gibbs
2002-08-15 20:54:03 +00:00
robert
62a0b60a38 Put each function argument on its own line to keep lines shorter
than 80 columns.
2002-08-15 20:33:44 +00:00
rwatson
12a274151f Move mac.h include to match the MAC tree location. Both locations
are about equally as alphabetized.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 19:02:17 +00:00
rwatson
60c2032dc8 Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.
Label link layer mbufs as they are created for transmission, check
mbufs before delivering them to sockets, label mbufs as they are created
from sockets, and preserve mbuf labels if mbufs are copied.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:58:44 +00:00
robert
d57d160b95 Use one line for each function argument to keep the line
width smaller than 80 columns.

Thanks to Ruslan for an explanation of multiple ways to
achieve this.
2002-08-15 18:57:57 +00:00
rwatson
aa8060c29e Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks.  Rename related constants, policy implementations, etc.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:51:27 +00:00
rwatson
9725be3a61 Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks.  Rename related constants, policy implementations, etc.

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
MFC after:
2002-08-15 18:51:26 +00:00
jmallett
2439b56e98 Oops, add -false to the operators list in the manual page for find(1), as added
in revision 1.17 of option.c.

MFC after:	1 week
2002-08-15 18:30:13 +00:00
jmallett
fd28cd5d8f Add support for -false instead of '!' cause it can be hard to use that in
some shells, etc., and also for GNU compatability (lack of this broke the
Mono CVS build for me).

MFC after:	1 week
2002-08-15 18:24:55 +00:00
rwatson
10845c31e4 Fix return case for negative namelen by jumping to normal exit processing
rather than immediately returning, or we may not unlock necessary locks.

Noticed by:	Mike Heffner <mheffner@acm.vt.edu>
2002-08-15 17:34:03 +00:00