Robert Watson [Mon, 23 Apr 2007 13:36:54 +0000 (13:36 +0000)]
Rename mac*devfsdirent*() to mac*devfs*() to synchronize with SEDarwin,
where similar data structures exist to support devfs and the MAC
Framework, but are named differently.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, Inc.
Turn off route header processing for now due to issues pointed out
by Philippe Biondi and Arnaud Ebalard. This is a temporary fix
until more discussion can be had on the exact risks involved in
allowing source routing in IPv6
Submitted by: itojun
Reviewed by: jinmei
MFC after: 1 day
Sam Leffler [Mon, 23 Apr 2007 05:51:18 +0000 (05:51 +0000)]
o fix a buffer overflow in save_key() that occurs with 104-bit wep
o make some variables parameters (frequency of crack, and maximum channel)
o try to spoof mac if association fails
Submitted by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
MFp4: Reduce diff against vendor code:
- Move FreeBSD-specific code to zfs_freebsd_*() functions in zfs_vnops.c
and keep original functions as similar to vendor's code as possible.
- Add various includes back, now that we have them.
Add back the original behavior of changing the entire directory path at
once (CWD a/b/c vs. 3 CWDs). If an error occurs, we fall back to the default
method of a single CWD per directory element. Since this is technically
a violation of the basic FTP RFC, this behavior is under a compile-time
option FTP_COMBINE_CWDS and is off by default. It should work with most
Unix-based FTP daemons and can save latency.
Fix 'zpool status -v'. To get object number we should use ZFS_DIRENT_OBJ()
macro, as za_first_integer field also contains type. This should be fixed in
ZFS itself, but this bug is not visible on Solaris, because there, type is
not stored in za_first_integer. On the other hand it will be visible on
MacOS X.
When zfs dataset has jailed=on property, it won't be mounted with
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
Robert Watson [Sun, 22 Apr 2007 19:55:56 +0000 (19:55 +0000)]
Normalize variable naming in the MAC Framework by adopting the normal
variable name conventions for arguments passed into the framework --
for example, name network interfaces 'ifp', sockets 'so', mounts 'mp',
mbufs 'm', processes 'p', etc, wherever possible. Previously there
was significant variation in this regard.
Normalize copyright lists to ranges where sensible.
Robert Watson [Sun, 22 Apr 2007 16:18:10 +0000 (16:18 +0000)]
In the MAC Framework implementation, file systems have two per-mountpoint
labels: the mount label (label of the mountpoint) and the fs label (label
of the file system). In practice, policies appear to only ever use one,
and the distinction is not helpful.
Combine mnt_mntlabel and mnt_fslabel into a single mnt_label, and
eliminate extra machinery required to maintain the additional label.
Update policies to reflect removal of extra entry points and label.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, Inc.
Robert Watson [Sun, 22 Apr 2007 15:31:22 +0000 (15:31 +0000)]
Remove MAC Framework access control check entry points made redundant with
the introduction of priv(9) and MAC Framework entry points for privilege
checking/granting. These entry points exactly aligned with privileges and
provided no additional security context:
Add mpo_priv_check() implementations to Biba and LOMAC policies, which,
for each privilege, determine if they can be granted to processes
considered unprivileged by those two policies. These mostly, but not
entirely, align with the set of privileges granted in jails.
Joseph Koshy [Sun, 22 Apr 2007 15:00:39 +0000 (15:00 +0000)]
MFP4: Enhancements and bug-fixes to pmcstat(8):
- The '-c' option now takes a comma-separated list of CPU
numbers, or a literal '*' denoting all CPUs in the system.
Subsequent system PMCs are allocated on the CPUs so specified.
Change the default behaviour to allocate system PMCs on all CPUs,
not just CPU 0.
Update the manual page and add an example of how to use the new
functionality.
- Attach PMCs to a (commandline) child process more reliably. This
fixes a long standing bug in counting events incurred by short-lived
processes.
Robert Watson [Sun, 22 Apr 2007 11:35:15 +0000 (11:35 +0000)]
Perform overdue clean up mac_test policy:
- Add a more detailed comment describing the mac_test policy.
- Add COUNTER_DECL() and COUNTER_INC() macros to declare and manage
various test counters, reducing the verbosity of the test policy
quite a bit.
- Add LABEL_CHECK() macro to abbreviate normal validation of labels.
Unlike the previous check macros, this checks for a NULL label and
doesn't test NULL labels. This means that optionally passed labels
will now be handled automatically, although in the case of optional
credentials, NULL-checks are still required.
- Add LABEL_DESTROY() macro to abbreviate the handling of label
validation and tear-down.
- Add LABEL_NOTFREE() macro to abbreviate check for non-free labels.
Randall Stewart [Sun, 22 Apr 2007 11:06:27 +0000 (11:06 +0000)]
- Somehow the disable fragment option got lost. We could
set/clear it but would not do it. Now we will.
- Moved to latest socket api for extended sndrcv info struct.
- Moved to support all new levels of fragment interleave.
Tom McLaughlin [Sun, 22 Apr 2007 02:36:08 +0000 (02:36 +0000)]
Trace my mentor lineage as far back as I can determine.
Not really sure how to handle committers who no longer have a ports
commit bit but are still active in other repos. Maybe a new node
definition? *shrug*
Warner Losh [Sat, 21 Apr 2007 22:47:35 +0000 (22:47 +0000)]
Because there are so many more partitions on pc98 than on wintel (16
vs 4), supress all unused partition output unless -v is specified.
This makes operating on a 'typical' disk with one partition less
painful. The 30 lines needed for the empty partitions no longer
scroll the useful information off the screen. When the user requests
a specific partition, the unused information is not suppressed.
Also add the partition name to the -s output.
Initialize the partition name to 'FreeBSD' when -I is specified.
Robert Watson [Sat, 21 Apr 2007 22:08:48 +0000 (22:08 +0000)]
Allow MAC policy modules to control access to audit configuration system
calls. Add MAC Framework entry points and MAC policy entry points for
audit(), auditctl(), auditon(), setaudit(), aud setauid().
MAC Framework entry points are only added for audit system calls where
additional argument context may be useful for policy decision-making; other
audit system calls without arguments may be controlled via the priv(9)
entry points.
Update various policy modules to implement audit-related checks, and in
some cases, other missing system-related checks.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA, Inc.
Robert Watson [Sat, 21 Apr 2007 18:11:19 +0000 (18:11 +0000)]
Attempt to rationalize NFS privileges:
- Replace PRIV_NFSD with PRIV_NFS_DAEMON, add PRIV_NFS_LOCKD.
- Use PRIV_NFS_DAEMON in the NFS server.
- In the NFS client, move the privilege check from nfslockdans(), which
occurs every time a write is performed on /dev/nfslock, and instead do it
in nfslock_open() just once. This allows us to avoid checking the saved
uid for root, and just use the effective on open. Use PRIV_NFS_LOCKD.
@118504 Fix sendfile(2). I had two ways of fixing it:
1. Fixing sendfile(2) itself to use VOP_GETPAGES() instead of
hacking around with vn_rdwr(UIO_NOCOPY), which was suggested
by ups.
2. Modify ZFS behaviour to handle this special case.
Although 1 is more correct, I've choosen 2, because hack from 1
have a side-effect of beeing faster - it reads ahead MAXBSIZE
bytes instead of reading page by page. This is not easy to implement
with VOP_GETPAGES(), at least not for me in this very moment.
Reported by: Andrey V. Elsukov <bu7cher@yandex.ru>
@118525 Reorganize the code to reduce diff.
@118526 This code path is expected. It is simply when file is opened with
O_FSYNC flag.
Reported by: kris
Reported by: Michal Suszko <dry@dry.pl>
Change the semantics of -i (in-place editing) so that it treats
each file independently from other files. The new semantics are
desired in the most of practical cases, e.g.: delete lines 5-9
from each file.
Keep the previous semantics of -i under a new option, -I, which
uses a single continuous address space covering all files to edit
in-place -- they are too cool to just drop them.
Add regression tests for -i and -I.
Approved by: dds
Compared with: GNU sed
Discussed on: -hackers
MFC after: 2 weeks
Add support for specifying a minimal size for vm.kmem_size in the loader via
vm.kmem_size_min. Useful when using ZFS to make sure that vm.kmem size will
be at least 256mb (for example) without forcing a particular value via vm.kmem_size.
New release notes:
- IPLware 3.33 support for pc98
- CAM MPSAFE
- ahc(4) and ahd(4) MPSAFE
- pseudofs(9) and consumers MPSAFE
- OpenBSM 1.0 alpha 14
- lastcomm -X flag
- ftpd(8) RFC2389 and RFC2640 support
Modified release notes:
- ncurses was updated from version 5.2-20020615
While here, moved the lagg(4) and XFS entries to the correct places.
Andre Oppermann [Fri, 20 Apr 2007 14:34:54 +0000 (14:34 +0000)]
Remove bogus check for accept queue length and associated failure handling
from the incoming SYN handling section of tcp_input().
Enforcement of the accept queue limits is done by sonewconn() after the
3WHS is completed. It is not necessary to have an earlier check before a
connection request enters the SYN cache awaiting the full handshake. It
rather limits the effectiveness of the syncache by preventing legit and
illegit connections from entering it and having them shaken out before we
hit the real limit which may have vanished by then.
Change return value of syncache_add() to void. No status communication
is required.
Andre Oppermann [Fri, 20 Apr 2007 13:51:34 +0000 (13:51 +0000)]
Simplifly syncache_expand() and clarify its semantics. Zero is returned
when the ACK is invalid and doesn't belong to any registered connection,
either in syncache or through SYN cookies. True but a NULL struct socket
is returned when the 3WHS completed but the socket could not be created
due to insufficient resources or limits reached.
For both cases an RST is sent back in tcp_input().
A logic error leading to a panic is fixed where syncache_expand() would
free the mbuf on socket allocation failure but tcp_input() later supplies
it to tcp_dropwithreset() to issue a RST to the peer.
Andre Oppermann [Fri, 20 Apr 2007 13:30:08 +0000 (13:30 +0000)]
o Plug memory leak in syncache_add() on MAC label allocation failure.
o Simplify code flow with 'done' goto label.
o Remove mbuf argument from syncache_respond(). It doesn't make use
of it.
Alexander Motin [Fri, 20 Apr 2007 08:38:18 +0000 (08:38 +0000)]
- Changed sequence numbers processing to avoid incorrect timeout waiting
when one of links is inactive and have stale sequence number. To avoid
this sequence numbers of all links are getting updated on every
successful packet reassembling.
- ng_ppp_bump_mseq function created to simplify code.
- ng_ppp_frag_drop function separated from ng_ppp_frag_process to
simplify code.
Alexander Motin [Fri, 20 Apr 2007 08:22:57 +0000 (08:22 +0000)]
- Fixed mistakes in latency and xmitBytes calculation math
which lead to ineffective multilink packet distribution plans.
- Changed bytesInQueue calculation math to have more precise information
about links utilization.
- Taken rough account of the link overhead. Better way to do it could be to
get exact overhead from user-level, but I have not done it to keep
binary compatibility.
Adrian Chadd [Fri, 20 Apr 2007 07:21:09 +0000 (07:21 +0000)]
NanoBSD modifications:
* Break out the boot0 loader selection into a variable - NANO_BOOTLOADER -
so people like me with VGA consoles can override the default (which is
to use boot0sio)
* Put the boot0 configuration options in NANO_BOOT0CFG in case you want
to override the defaults.
* Modify nanobsd.8 to reflect the changes and hint the console default is
serial.
Max Khon [Fri, 20 Apr 2007 06:33:25 +0000 (06:33 +0000)]
Improve logging when -dm is specified: if the node is considered
out-of-date print not only "modified before source" message
but also the path of youngest source.
Max Khon [Fri, 20 Apr 2007 06:25:45 +0000 (06:25 +0000)]
When remaking makefiles check that mtime has actually changed.
This fixes infinite restart in the following case:
Makefile: foo
foo: bar
do-something
Unlike GNU make, BSD make considers "Makefile" node as remade even
if "foo" is up-to-date and was not actually rebuilt.
GNU make does not consider nodes without commands as remade if child nodes
were not actually rebuilt.
Most probably, more proper fix would be to bring BSD make behaviour in-line
with GNU make but this would be more intrusive change.
Tom Rhodes [Fri, 20 Apr 2007 01:47:05 +0000 (01:47 +0000)]
In some cases, like whenever devfs file times are zero, the fix(aa) will not
be applied to dev entries. This leaves us with file times like "Jan 1 1970."
Work around this problem by replacing the tv_sec == 0 check with a
<= 3600 check. It's doubtful anyone will be booting within an hour of the
Epoch, let alone care about a few seconds worth of nonzero timestamps. It's
a hackish work around, but it does work and I have not experienced any
negatives in my testing.