Commit Graph

81273 Commits

Author SHA1 Message Date
Robert Watson
b371c939ce Integrate mac_check_socket_send() and mac_check_socket_receive()
checks from the MAC tree: allow policies to perform access control
for the ability of a process to send and receive data via a socket.
At some point, we might also pass in additional address information
if an explicit address is requested on send.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-06 14:39:15 +00:00
Maxime Henrion
1f6973c5b4 When reusing a pointer as a number, at least cast it
to uintptr_t rather than u_int to avoid warnings on
64 bits architectures.
2002-10-06 14:02:35 +00:00
Robert Watson
82c6ef299e Trim accidentally introduced trailing whitespace. 2002-10-06 13:11:01 +00:00
Maxime Henrion
5ff9562781 Fix a bunch of s/int */size_t */. 2002-10-06 12:20:09 +00:00
Peter Grehan
726a1868a6 Roll back to previous version, no need for NO_GEOM when GEOM is
standard.
2002-10-06 12:13:12 +00:00
Maxime Henrion
20c544dbdf Yet another 64 bits warning fix: s/u_int/size_t/. 2002-10-06 12:07:58 +00:00
Maxime Henrion
0b3bf442a1 Fix a warning on 64 bits platforms: copyinstr() takes
a size_t *, not an u_int *.
2002-10-06 11:45:22 +00:00
Maxime Henrion
a8f15ed745 Fix a warning on 64 bits platforms: copystr() takes a size_t *,
not an int *.
2002-10-06 11:42:14 +00:00
Tim J. Robbins
76900889fa Clean up use of <stdarg.h> macros: always call va_end after va_start,
reset with a call to va_start before each use of the va_list.

Obtained from:	NetBSD
2002-10-06 11:14:21 +00:00
Tim J. Robbins
d9e5246b17 Add a note to the Compatiblity section suggesting that these functions
only be used for byte values. Add cross-references to the wide-char
counterparts.
2002-10-06 10:15:38 +00:00
Mark Murray
f1433817e4 Be consistent WRT function argument names. Other arguments only have
types, so remove these names. This also helps by not polluting
namespace.
2002-10-06 09:56:52 +00:00
Tim J. Robbins
e79f14fad9 Ensure all va_starts have a matching va_end.
Obtained from:	NetBSD
2002-10-06 09:23:58 +00:00
Philippe Charnier
7e61a4ae7b While removing a memory leak, rev 1.32 introduced a
free-memory-and-reuse-it-after. Correct both problems and
make rcp -r work again under /etc/malloc.conf -> AJ.
2002-10-06 09:09:27 +00:00
Hajimu UMEMOTO
71918af633 Put giant locks due to make getaddrinfo(), getnameinfo()
and getipnodeby*() thread-safe.
Our res_*() is not thread-safe.  So, we share lock between
getaddrinfo() and getipnodeby*().  Still, we cannot use
getaddrinfo() and getipnodeby*() in conjunction with other
functions which call res_*().

Requested by:	many people
2002-10-06 08:43:35 +00:00
Maxime Henrion
86597d47cb Oops. Actually connect back msdosfs to the build for every platform.
Spotted by:	bde
2002-10-06 08:07:40 +00:00
Tim J. Robbins
e7ed0f64bf /dev/sa0 is the default tape device, not /dev/rst0. 2002-10-06 07:56:27 +00:00
David E. O'Brien
0bd38bab78 Allow -J to simultaneously do non-bzip2 grepping.
Don't allow -J and -Z together.

Partially submitted by:	knu
2002-10-06 07:02:30 +00:00
Tim J. Robbins
427748f7df Disallow empty condition parts of "if", "while" and "until" compound
commands. Commands like "if then ... fi" and "while do ... done" are no
longer accepted. Bodies of compound commands are still allowed to be
empty, because even though POSIX does not allow them, most shells do.
2002-10-06 06:35:51 +00:00
Tim J. Robbins
82f520853b Remove rants/whines about the rune interface being superior to the
ISO C interface.
2002-10-06 06:03:23 +00:00
Tim J. Robbins
bc98899df0 Remove a completely incorrect statement from the Return Values section.
Add cross-references to the restartable mulitybte functions (mbrlen(3) etc.)
2002-10-06 05:58:24 +00:00
David E. O'Brien
39b9b6a43f It appears CPU_MAXID should be 1 more than the number of CPU_* defines. 2002-10-06 05:25:10 +00:00
David E. O'Brien
8185498ac2 CPU_MAXID should 2002-10-06 05:24:13 +00:00
Tim J. Robbins
8b9f20c622 Use %jd in format string and cast argument to intmax_t instead of using
%qd to print struct stat.st_size. Remove WARNS=0 and WFORMAT=0 from
Makefile.

Tested on:	alpha, sparc64, i386
2002-10-06 03:50:06 +00:00
Tim J. Robbins
5b94264c20 Fix format string errors relating mainly to the use of %qu to print off_t's.
Instead use %ju and cast the argument.

WFORMAT=0 is still required in the Makefile because gcc warns about
some strftime() calls (I don't think this behaviour is useful.)

Tested on:	sparc64, alpha, i386
2002-10-06 03:20:27 +00:00
Bruce Evans
c32049aa33 INclude <sys/mutex.h>'s prerequisite <sys/lock.h> instead of depending on
namespace pollution 2 layers deep in <sys/eventhandler.h>.
2002-10-06 03:18:14 +00:00
Robert Watson
e183f80e54 Sync from MAC tree: break out the single mmap entry point into
seperate entry points for each occasion:

mac_check_vnode_mmap()		Check at initial mapping
mac_check_vnode_mprotect()	Check at mapping protection change
mac_check_vnode_mmap_downgrade()	Determine if a mapping downgrade
					should take place following
					subject relabel.

Implement mmap() and mprotect() entry points for labeled vnode
policies.  These entry points are currently not hooked up to the
VM system in the base tree.  These changes improve the consistency
of the access control interface and offer more flexibility regarding
limiting access to vnode mmaping.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-06 02:46:26 +00:00
Matthew N. Dodd
e6e85c5b17 Make this work under GEOM. 2002-10-06 00:19:38 +00:00
David E. O'Brien
103f8a93cb Make stpcpy() only visiable w/in __BSD_VISIBLE. 2002-10-05 22:07:28 +00:00
Poul-Henning Kamp
0cdbe32937 Don't be noisy if DIOCWLABEL fails, it's probably because we're writing
the first label to the raw disk.

Sponsored by:	DARPA & NAI Labs.
2002-10-05 21:57:05 +00:00
Poul-Henning Kamp
1fc1a1ef2a This patch got lost in my trees: Pass setattr down to device drivers
as well.

Detected by:	scottl
Sponsored by:	DARPA & NAI Labs.
2002-10-05 21:55:31 +00:00
Robert Watson
83985c267e Modify label allocation semantics for sockets: pass in soalloc's malloc
flags so that we can call malloc with M_NOWAIT if necessary, avoiding
potential sleeps while holding mutexes in the TCP syncache code.
Similar to the existing support for mbuf label allocation: if we can't
allocate all the necessary label store in each policy, we back out
the label allocation and fail the socket creation.  Sync from MAC tree.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 21:23:47 +00:00
Maxime Henrion
ba7fd983ae The msdosfs module now builds on sparc64. No idea if it works
though.
2002-10-05 20:18:34 +00:00
Maxime Henrion
00a3bdc19a Add two extern's for adjkerntz and wall_cmos_clock, all other
archs have them there, alghough the variable are declared in
subr_clock.c.  These should probably be moved into some MI
place.

Approved by:	jake
2002-10-05 20:14:49 +00:00
Robert Watson
b497ca81d6 Make sure that the accounting credential is saved along with the vp
when accounting is suspended--otherwise when accounting is restored,
we may incorrectly assume the credential is valid.

Panics experienced by:	juli
2002-10-05 20:05:23 +00:00
Robert Watson
eea8ea3108 Implement mac_create_devfs_symlink() for policies that interact with
vnode labels.  Sync from MAC tree.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 18:56:25 +00:00
Poul-Henning Kamp
5f79a2e33a Fix argument order mistake when decoding disklabels from on-disk format.
Detected by:	jhay
Sponsored by:	DARPA & NAI Labs.
2002-10-05 18:52:06 +00:00
Robert Watson
74e62b1b75 Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation of a vnode for the
symlink.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 18:40:10 +00:00
Scott Long
e8890ccc51 Remove matcd from MAKEDEV.
X-MFC after:	ASAP
2002-10-05 18:28:48 +00:00
Robert Watson
c27b50f5b4 Merge implementation of mpo_check_vnode_link() for various appropriate
file-system aware MAC policies.  Sync to MAC tree.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 18:25:48 +00:00
Robert Watson
0a69419678 Merge support for mac_check_vnode_link(), a MAC framework/policy entry
point that instruments the creation of hard links.  Policy implementations
to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 18:11:36 +00:00
Robert Watson
56c1541237 While the MAC API has supported the ability to handle M_NOWAIT passed
to mbuf label initialization, that functionality was never merged to
the main tree.  Go ahead and merge that functionality now.  Note that
this requires policy modules to accept the case where the label
element may be destroyed even if init has not succeeded on it (in
the event that policy failed the init).  This will shortly also
apply to sockets.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 17:44:49 +00:00
Robert Watson
87807196f8 Rearrange object and label init/destroy functions to match the
order used in mac_policy.h and elsewhere.  Sort order is basically
"by operation category", then "alphabetically by object". Sync to
MAC tree.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 17:38:45 +00:00
Bruce A. Mah
b3a2c0c074 Add hifn(4) and ubsec(4) devices for i386/pc98. 2002-10-05 17:23:18 +00:00
Bruce A. Mah
b409af0287 New release notes: crypto(4) and related info
Updated release notes:  Update KSE info and add cross-reference to
kse(2) manpage.

Fix a couple of minor typos while I'm here.
2002-10-05 17:22:22 +00:00
Robert Watson
a931e345a9 Sync to MAC tree: use 'flag' instead of 'how' for mac_init_mbuf();
remove a slightly less than useful comment.
2002-10-05 17:18:43 +00:00
Brian Feldman
dab3d85fd7 Don't allow dev_stdclone(9) to accept minors larger than the system is
able to handle (0xffffff).
2002-10-05 17:10:28 +00:00
Robert Watson
69bbb5b1c7 Another big diff, little functional change: move label internalization,
externalization, and cred label life cycle events to entirely above
devfs and vnode events.  Sync from MAC tree.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 16:57:16 +00:00
Robert Watson
08bcdc586e Move all object label init/destroy routines to the head of the
entry points to better match the entry point ordering in mac_policy.h.
Big diff, no functional change; merge from the MAC tree.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 16:54:59 +00:00
Robert Watson
ea599aa018 Synch from TrustedBSD MAC tree:
- If a policy isn't registered when a policy module unloads, silently
  succeed.

- Hold the policy list lock across more of the validity tests to avoid
  races.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 16:46:03 +00:00
Poul-Henning Kamp
3bd6561289 NB: This commit does *NOT* make GEOM the default in FreeBSD
NB: But it will enable it in all kernels not having options "NO_GEOM"

Put the GEOM related options into the intended order.

Add "options NO_GEOM" to all kernel configs apart from NOTES.

In some order of controlled fashion, the NO_GEOM options will be
removed, architecture by architecture in the coming days.

There are currently three known issues which may force people to
need the NO_GEOM option:

boot0cfg/fdisk:
        Tries to update the MBR while it is being used to control
        slices.  GEOM does not allow this as a direct operation.

SCSI floppy drives:
        Appearantly the scsi-da driver return "EBUSY" if no media
        is inserted.  This is wrong, it should return ENXIO.

PC98:
        It is unclear if GEOM correctly recognizes all variants of
        PC98 disklabels.  (Help Wanted!  I have neither docs nor HW)

These issues are all being worked.

Sponsored by:	DARPA & NAI Labs.
2002-10-05 16:35:33 +00:00