cognet [Mon, 6 Nov 2006 22:07:47 +0000 (22:07 +0000)]
Instead of re-implementing hton[ls] and friends for each arch, add a new MI
file, net/ntoh.c, which just implement them using the inline functions from
<sys/endian.h>.
Sometimes the vty switching has to be delayed; the vty
to be switched to is saved in sc->delayed_next_scr and
the actual switch is performed later. It was possible
to get into the endless loop when attempting to switch
to a closed vty (which is not allowed and beep-alerted
when attempted) and when the visual beep was in effect.
This caused sc->delayed_next_scr to never be reset and
endless attempts to switch to a closed vty and endless
visual beeping. How to repeat:
- boot into single-user
- run "kbdcontrol -b visual"
- quickly press Alt+F2 two times
dds [Mon, 6 Nov 2006 15:58:35 +0000 (15:58 +0000)]
Style facelift.
- Reduce the number of global variables
- Make global objects static
- Use bool consistently
- Sort getopt arguments and their processing
- Add function comments
- Change notlast != 0 into !last
rwatson [Mon, 6 Nov 2006 15:11:24 +0000 (15:11 +0000)]
Add auditd_program variable to defaults, in order to make it more clear
how to change the auditd instance. When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.
rwatson [Mon, 6 Nov 2006 14:54:06 +0000 (14:54 +0000)]
Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls. Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.
rrs [Mon, 6 Nov 2006 14:34:21 +0000 (14:34 +0000)]
This changes tracks down the EEOR->NonEEOR mode failure
to wakeup on close of the sender. It basically moves
the return (when the asoc has a reader/writer) further
down and gets the wakeup and assoc appending (of the
PD-API event) moved up before the return. It also
moves the flag set right before the return so we can
assure only once adding the PD-API events.
dds [Mon, 6 Nov 2006 13:55:11 +0000 (13:55 +0000)]
Do What I Mean when the user asks for random integers or characters.
Up to now jot would fail to generate the last character in the range
or skew the integer distribution in a way that would generate the numbers
in the range's limits with half the probability of the rest.
This modification fixes the program, rather than documenting the
strange behavior, as suggested in docs/54879.
rwatson [Mon, 6 Nov 2006 13:42:10 +0000 (13:42 +0000)]
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
rwatson [Mon, 6 Nov 2006 13:37:19 +0000 (13:37 +0000)]
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
rink [Mon, 6 Nov 2006 12:19:43 +0000 (12:19 +0000)]
Added PCI ID's for:
- 0x1065: Intel 82562ET/EZ/GT/GZ PRO/100 VE Ethernet [1], as found on
Tyan GS14 barebones.
- 0x1094: Intel Pro/100 946GZ (ICH7) Network Connection [2], as found on
Intel 946GZis motherboards.
dds [Mon, 6 Nov 2006 10:30:29 +0000 (10:30 +0000)]
Restore jot's ability to use a seed for producing a deterministic
sequence of random numbers.
This functionality was lost in revision 1.9 when the random number
generator was switched to arc4random.
kientzle [Mon, 6 Nov 2006 00:24:57 +0000 (00:24 +0000)]
Computing SHLIB_MAJOR is not a good idea. It's really a FreeBSD
system value that has no real relation to the libarchive version.
(Except, of course, that any ABI breakage will force both to be
incremented.)
csjp [Mon, 6 Nov 2006 00:15:44 +0000 (00:15 +0000)]
Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage. This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.
We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.
marcel [Sun, 5 Nov 2006 22:03:04 +0000 (22:03 +0000)]
Major rework of the ia64 loaders. The two primary objectives are:
1. Make libefi portable by removing ia64 specific code and build
it on i386 and amd64 by default to prevent regressions. These
changes include fixes and improvements over previous code to
establish or improve APIs where none existed or when the amount
of kluging was unacceptably high.
2. Increase the amount of sharing between the efi and ski loaders
to improve maintainability of the loaders and simplify making
changes to the loader-kernel handshaking in the future.
The version of the efi and ski loaders are now both changed to 1.2
as user visible improvements and changes have been made.
stefanf [Sun, 5 Nov 2006 18:36:05 +0000 (18:36 +0000)]
When parsing an invalid parameter expansion (eg. ${} or ${foo@bar}) do not
issue a syntax error immediately but save the information that it is erroneous
for later when the parameter expansion is actually done. This means eg. "false
&& ${}" will not generate an error which seems to be required by POSIX.
Include the invalid parameter expansion in the error message (sometimes
abbreviated with ... because recovering it would require a lot of code).
csjp [Sun, 5 Nov 2006 17:56:25 +0000 (17:56 +0000)]
Fix possible leak when bridge is in monitor mode. Use m_freem() which will
free the entire chain, instead of using m_free() which will free just the
mbuf that was passed.
rrs [Sun, 5 Nov 2006 13:25:18 +0000 (13:25 +0000)]
Tons of fixes to get all the 64bit issues removed.
This also moves two 16 bit int's to become 32 bit
values so we do not have to use atomic_add_16.
Most of the changes are %p, casts and other various
nasty's that were in the orignal code base. With this
commit my machine will now do a build universe.. however
I as yet have not tested on a 64bit machine .. it may not work :-(
pjd [Sat, 4 Nov 2006 23:59:51 +0000 (23:59 +0000)]
When the source and destination objects for VOP_RENAME() are the same,
POSIX advice to just ignore the operation and return 0.
We already handle this case in kern_rename(), but don't give bad example -
the source is not removed.
Remove the KDTRACE option again because of the complaints about having
it as a default.
For the record, the KDTRACE option caused _no_ additional source files
to be compiled in; certainly no CDDL source files. All it did was to
allow existing BSD licensed kernel files to include one or more CDDL
header files.
By removing this from DEFAULTS, the onus is on a kernel builder to add
the option to the kernel config, possibly by including GENERIC and
customising from there. It means that DTrace won't be a feature
available in FreeBSD by default, which is the way I intended it to be.
Without this option, you can't load the dtrace module (which contains
the dtrace device and the DTrace framework). This is equivalent to
requiring an option in a kernel config before you can load the linux
emulation module, for example.
I think it is a mistake to have DTrace ported to FreeBSD, but not
to have it available to everyone, all the time. The only exception
to this is the companies which distribute systems with FreeBSD embedded.
Those companies will customise their systems anyway. The KDTRACE
option was intended for them, and only them.
csjp [Sat, 4 Nov 2006 20:54:37 +0000 (20:54 +0000)]
Currently, we initialize "error" to zero when it's declared, then
we never initialize it to anything else. However, in the case that
m_uiotombuf fails, we return error (effectively reporting success).
This appears to be a relic of an older revision of this file, where
"error" used to be doing something useful. (See revision 1.1, where
error is used in a loop with uiomove() instead of using m_uiotomubf).
So instead on unconditionally reporting success in the case there is
a failure in m_uiotombuf, explicitly return ENOBUFS. While we are
here, garbage collect the error variable since it's no longer required.
thompsa [Sat, 4 Nov 2006 10:40:59 +0000 (10:40 +0000)]
When the packet is for the bridge then note which interface to send the reply
to, previously it was always broadcast to all interfaces (a bug). This is
useful when the bridge is the default gateway and vlans are used to isolate
each client, the reply is now kept private to the vlan which the client
resides.
Reported by: Jon Otterholm
Tested by: Jon Otterholm
MFC after: 3 days
dougb [Sat, 4 Nov 2006 07:53:25 +0000 (07:53 +0000)]
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
Backout the previous change. It was not intended to be part of the
commit and, while something like that is probably required for sparc64,
it hadn't been tested.
Build in kernel support for loading DTrace modules by default. This
adds the hooks that DTrace modules register with, and adds a few functions
which have the dtrace_ prefix to allow the DTrace FBT (function boundary
trace) provider to avoid tracing because they are called from the DTtrace
probe context.
Unlike other forms of tracing and debug, DTrace support in the kernel
incurs negligible run-time cost.
I think the only reason why anyone wouldn't want to have kernel support
enabled for DTrace would be due to the license (CDDL) under which DTrace
is released.
kmacy [Fri, 3 Nov 2006 23:41:53 +0000 (23:41 +0000)]
- map hardware trap numbers to those used by by sparc64 for inter-compatibility
and to make user-level trap handlers work
- add new trap entry to trap table to enable fast fetching of floating point trap
context
- remove unused debug code
- map unimplemented floating point trap to SIGFPE
Approved by: scottl (standing in for mentor rwatson)
rrs [Fri, 3 Nov 2006 18:57:49 +0000 (18:57 +0000)]
This commits the remake in kern/ make sysent to get
the correct syscalls.master's $FreeBSD$ tag record and
a make sysent in sys/compat/freebsd32. Thanks Ruslan
for pointing out the steps I missed :-0
Approved by: gnn
rrs [Fri, 3 Nov 2006 15:23:16 +0000 (15:23 +0000)]
Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
****
peterlei@cisco.com
tuexen@fh-muenster.de
****
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0
So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.
I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)
There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..
If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)
Remove the -C option as it does more harm than good. To be fully
compatible, it would have to (at least):
- support the "compat-compat" -T option,
- *not* support the -l, -O, and -v options,
- default to soft updates being disabled.
Worse, the compatibility mode makes it impossible to mount_mfs(8)
a file system from fstab(5) with soft updates disabled (-S). [1]
Now, the only difference when called as "mount_mfs" or "mfs" (as
opposed to "mdmfs") is that the file mode of the mount point is
set by default to 01777. All options available to mdmfs(8) are
also available to mount_mfs(8); the -C option is still recognized
but ignored for backward compatibility.
imp [Fri, 3 Nov 2006 07:39:37 +0000 (07:39 +0000)]
MFp4:
o Fix the packet statistics
o Make sure we set the FD bit when in full duplex
o Improve TX side efficency by eliminating a data copy for
unfragmented mbufs (the hardware can't do s/g).
o Minor busdma pedantry
o better comments in some places, more XXX in others
o Minor style nits.
This solves a problem I was seeing where I'd get no ethernet when not
booting with a NFS root. Well, unless I unplugged the cable and
plugged it back in first so I'd get the same up down up messages I get
for NFS root...
Thanks to sam and scottl for suggestions on making this driver more
efficient through better use of approrpiate APIs.
Always init the console before trying to cnadd it to
avoid the case where the console name isn't set and
cnadd wants to use printf to complain about it.