1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-27 08:00:11 +00:00
Commit Graph

79063 Commits

Author SHA1 Message Date
Robert Watson
9ca435893b In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
Nate Lawson
e2a5fdf911 Remove usage of cam_extend.c, replace with dev->si_drv1
PR:		kern/39809
Approved by:	gibbs
2002-08-15 20:54:03 +00:00
Robert Drehmel
7cfcd02787 Put each function argument on its own line to keep lines shorter
than 80 columns.
2002-08-15 20:33:44 +00:00
Robert Watson
909610a5c1 Move mac.h include to match the MAC tree location. Both locations
are about equally as alphabetized.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 19:02:17 +00:00
Robert Watson
a7320549ac Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.
Label link layer mbufs as they are created for transmission, check
mbufs before delivering them to sockets, label mbufs as they are created
from sockets, and preserve mbuf labels if mbufs are copied.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:58:44 +00:00
Robert Drehmel
2caa6a5afe Use one line for each function argument to keep the line
width smaller than 80 columns.

Thanks to Ruslan for an explanation of multiple ways to
achieve this.
2002-08-15 18:57:57 +00:00
Robert Watson
fb95b5d3c3 Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks.  Rename related constants, policy implementations, etc.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:51:27 +00:00
Robert Watson
d61198e422 Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks.  Rename related constants, policy implementations, etc.

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
MFC after:
2002-08-15 18:51:26 +00:00
Juli Mallett
c9776a935f Oops, add -false to the operators list in the manual page for find(1), as added
in revision 1.17 of option.c.

MFC after:	1 week
2002-08-15 18:30:13 +00:00
Juli Mallett
65acff377a Add support for -false instead of '!' cause it can be hard to use that in
some shells, etc., and also for GNU compatability (lack of this broke the
Mono CVS build for me).

MFC after:	1 week
2002-08-15 18:24:55 +00:00
Robert Watson
4b9c2fa1fb Fix return case for negative namelen by jumping to normal exit processing
rather than immediately returning, or we may not unlock necessary locks.

Noticed by:	Mike Heffner <mheffner@acm.vt.edu>
2002-08-15 17:34:03 +00:00
Jeffrey Hsu
b5addd8564 Reset dupack count in header prediction.
Follow-on to rev 1.39.

Reviewed by: jayanth, Thomas R Henderson <thomas.r.henderson@boeing.com>, silby, dillon
2002-08-15 17:13:18 +00:00
Luigi Rizzo
4bbf3b8b3a Kernel support for a dummynet option:
When a pipe or queue has the "noerror" attribute, do not report
drops to the caller (ip_output() and friends).
(2 lines to implement it, 2 lines to document it.)

This will let you simulate losses on the sender side as if they
happened in the middle of the network, i.e. with no explicit feedback
to the sender.

manpage and ipfw2.c changes to follow shortly, together with other
ipfw2 changes.

Requested by: silby
MFC after: 3 days
2002-08-15 16:53:43 +00:00
Robert Watson
6835e7427c On MAC check failure for readdir, use 'goto out' to use the common exit
handling, rather than returning directly to prevent leaking of vnode
reference/lock.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 15:46:10 +00:00
Maxim Konovalov
6c62b0477e o Backout rev. 1.40 and rev. 1.49.
o Add argv[] boudary check.

PR:		bin/40117
Reviewed by:	silence on -audit
MFC after:	2 months
2002-08-15 14:53:20 +00:00
Robert Watson
ecd3e8ff5a It's now sufficient to rely on a nested include of _label.h to make sure
all structures in ip_var.h are defined, so remove include of mac.h.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 14:34:45 +00:00
Robert Watson
9daf40feaa Perform a nested include of _label.h if #ifdef _KERNEL. This will
satisfy consumers of ip_var.h that need a complete definition of
struct ipq and don't include mac.h.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 14:34:02 +00:00
Robert Watson
3b6aad64bf Add mac.h -- raw_ip.c was depending on nested inclusion of mac.h which
is no longer present.

Pointed out by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 14:27:46 +00:00
Bosko Milekic
5fee904c3c Make m_flags an int instead of a short, this is consistent with the
type of the 'flags' argument m_getcl() was using anyway; m_extadd()
needed to be changed to accept an int instead of a short for 'flags.'
This makes things more consistent and also gives us more bits to
use for m_flags in the future (we have almost run out).

Requested by: sam (Sam Leffler)
2002-08-15 14:09:16 +00:00
Maxime Henrion
9ca5db2fe1 Fix typo. 2002-08-15 13:11:35 +00:00
Bruce Evans
ea1df4b7bb Removed duplicated MLINKS which make(1) recently started warning about. 2002-08-15 12:31:01 +00:00
Robert Drehmel
b78411b153 Include <stdlib.h> to have abort() and exit() declared. 2002-08-15 11:58:24 +00:00
Robert Drehmel
f8418db73e - For compliance with IEEE Std 1003.1-2001, add the 'restrict'
qualifier to function prototypes and definitions where
   appropriate using the '__restrict' macro.
 - Update the manual page.
2002-08-15 10:28:52 +00:00
Robert Drehmel
71a00a449f - Introduce the 'restrict' qualifier to function prototypes and
definitions to comply with IEEE Std 1003.1-2001.
 - Update the manual pages.
2002-08-15 09:47:10 +00:00
Robert Drehmel
5618f72405 - Add the 'restrict' qualifier to the function prototypes and
definitions of the functions that convert strings to numbers
   and are defined by IEEE Std 1003-1.2001.
 - Use ANSI-C function definitions for all of the functions
   mentioned above plus strtouq and strtoq.
 - Update the prototypes in the manual pages.
2002-08-15 09:25:04 +00:00
Ruslan Ermilov
0d533e437d Document the effect of contrib/gcc/c-lex.c,v 1.2 commit. 2002-08-15 08:51:24 +00:00
Ruslan Ermilov
26e1070b8b Merge gcc.295/cccp.c,v 1.9: don't let gcc(1) hide warnings in system headers.
Reviewed by:	bde

Original 2.95 change was subject to:

Approved by:	obrien
2002-08-15 08:45:49 +00:00
Ruslan Ermilov
43290b6363 mdoc(7) police: fixed indentation in synopsis.
Submitted by:	bde
2002-08-15 08:20:07 +00:00
Warner Losh
6319263d7b pccbb->cbb 2002-08-15 08:05:40 +00:00
Warner Losh
f5a9ae40ce No longer needed 2002-08-15 08:04:06 +00:00
Warner Losh
6c596e8d0b pccbb -> cbb 2002-08-15 08:02:23 +00:00
Warner Losh
b35cf6719f Rename the pccbb device to cbb. 2002-08-15 08:01:24 +00:00
Warner Losh
6f6efa5165 Move the symbol firmware loading routines into if_wi.
Define some basic firmware downloading commands.
2002-08-15 07:13:17 +00:00
Alfred Perlstein
ba05755c4b Add regression tests for sysvipc.
Submitted by: Hiten Pandya <hiten@uk.FreeBSD.org>
Obtained from: NetBSD
2002-08-15 06:34:37 +00:00
Jake Burkholder
e4f5294e18 Fixed 64bit big endian bugs relating to abuse of ioctl argument passing.
This makes truss work on sparc64.
2002-08-15 06:16:10 +00:00
Jake Burkholder
0db0a7019c Fix some confusion regarding traps that use mmu globals but don't really
have any reason to; force alternat globals instead, which is what we want.
2002-08-15 05:46:42 +00:00
Jake Burkholder
b5d2ed3047 Store the number of itlb and dtlb entries separately; they may be different.
Find the prom node for the boot cpu earlier and store it in the per-cpu
area, so that cache_init can be called earlier.
2002-08-15 05:24:55 +00:00
Doug Barton
782ce28781 I was too conservative with my header changes, so restore some sanity
via bde. atatat@NetBSD.org made basically the same change in their
version, so bring over their CVS Id which I neglected last time.

Obtained from:	bde, Andrew Brown <atatat@NetBSD.org>
2002-08-15 04:58:46 +00:00
Mike Silbersack
f3b2d59e18 Improve handling of TX errors. Early reports indicate that this
elimiates the driver lockup problem reported by many.

Concepts used were taken from Via's if_fet driver.  Verification
and implementation were done by Thomas Nystrom.

Submitted by:	Thomas Nystrom <thn@saeab.se>
MFC after:	3 days
2002-08-15 04:04:53 +00:00
Scott Long
4576293d3e Clean up comments that are no longer relevant. 2002-08-15 03:50:06 +00:00
Gordon Tetlow
eabdfedb1e I missed the single_mountd_enable in rc.network.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-15 03:29:19 +00:00
Gordon Tetlow
5b572aec21 Remove an accidental double chkdepend that snuck in during the last commit.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-15 03:24:47 +00:00
Robert Watson
99fa64f863 Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-write
during a label change resulting in an mmap removal.  This is "fail stop"
behavior, which is preferred, although it offers slightly less
transparency.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 02:28:32 +00:00
Alfred Perlstein
b618bb96f0 return foo -> return (foo) 2002-08-15 02:10:12 +00:00
Scott Long
1703656a17 Factor out some ugle code that's shared by udf_readdir and udf_lookup.
Significantly de-obfuscate udf_lookup

Inspired By: tes@sgi.com
2002-08-15 00:43:43 +00:00
Robert Drehmel
3248d0a517 - Add the 'restrict' qualifier to the function definitions and
public prototypes of setbuf(3) and setvbuf(3) using the
   '__restrict' macro from <sys/cdefs.h> to be compliant with
   IEEE Std 1003.1-2001.
 - Replace the K&R with ANSI-C function definitions.
 - Bring the manual page up-to-date.
2002-08-14 23:45:42 +00:00
Robert Drehmel
620035ef89 - Add the 'restrict' qualifier to the function definition of
strftime(3) for IEEE Std 1003.1-2001 compliance and remove
   excessive usage of the 'const' qualifier that was neither
   present in the prototype in the publice header, nor in the
   local prototype just above the function definition.
 - Replace the K&R function definition with a ANSI-C one.
 - Update the prototype of strftime(3) in its manual page.
2002-08-14 23:20:48 +00:00
Robert Drehmel
ad90696815 - Add the 'restrict' qualifier to the definitions of the string
concatenation and copy functions using the '__restrict' macro.
   This is to satisfy IEEE Std 1003-1.2001.
 - Use ANSI-C function definitions.
 - Add the 'restrict' keyword to the manual pages, too.
2002-08-14 22:59:22 +00:00
Robert Drehmel
d542f511a0 - Add the C99 'restrict' qualifier using the '__restrict' macro to
function prototype and definition of strptime(3).
 - Update the manual page.
2002-08-14 22:36:22 +00:00
Robert Watson
912dd12ad1 Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by:	mike
2002-08-14 22:30:07 +00:00