Commit Graph

208 Commits

Author SHA1 Message Date
ad
b07ec3fc38 Merge newlock2 to head. 2007-02-09 21:55:00 +00:00
elad
1e70d64818 Consistent usage of KAUTH_GENERIC_ISSUSER. 2007-01-04 16:55:29 +00:00
yamt
1a7bc55dcc remove some __unused from function parameters. 2006-11-01 10:17:58 +00:00
christos
4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
chs
33c1fd1917 add support for O_DIRECT (I/O directly to application memory,
bypassing any kernel caching for file data).
2006-10-05 14:48:32 +00:00
manu
8a1037a46b Add a -t+S flag to ktrace for tracing activity related to sysctl. MIB
names will be displayed, with data readen and written as well.
2006-09-23 22:01:04 +00:00
elad
5f7169ccb1 First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)
2006-09-08 20:58:56 +00:00
christos
72c936995b delete unreachable code 2006-09-02 06:33:11 +00:00
christos
35ca6c8b5b Fix all the -D*DEBUG* code that it was rotting away and did not even compile.
Mostly from Arnaud Lacombe, many thanks!
2006-08-17 17:11:27 +00:00
elad
5446ee0ef6 ugh.. more stuff that's overdue and should not be in 4.0: remove the
sysctl(9) flags CTLFLAG_READONLY[12]. luckily they're not documented
so it's only half regression.

only two knobs used them; proc.curproc.corename (check added in the
existing handler; its CTLFLAG_ANYWRITE, yay) and net.inet.ip.forwsrcrt,
that got its own handler now too.
2006-07-30 17:38:19 +00:00
ad
f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
christos
67894004ec Don't allocate > 2K on the stack. 2006-06-12 01:25:05 +00:00
elad
215bd95ba4 integrate kauth. 2006-05-14 21:15:11 +00:00
elad
7ee081e4bd Move securelevel-specific stuff to its own file. 2006-04-17 03:39:39 +00:00
dsl
c89fb86a25 Bail out of sysctl_create() if we fail to malloc() own.
free(own) when we bail out if any later malloc() calls fail.
Fixes coverty CID 2310
2006-04-02 09:07:57 +00:00
dsl
49b6576d34 Predicate all the tests against existing children with a single 'if (node)'.
Simplify the test that ensures a CTLFLAG_ANYNUMBER child is an only child.
Will stop the coverty CID 1082 report.
2006-04-02 08:04:05 +00:00
chris
caebf8211b Move check for rnode being NULL to before it's first use.
Fixes Coverity CID 2434
2006-03-17 01:52:08 +00:00
drochner
94c70b92a9 Check the "oldlen" argument to sysctl(2) before passing it
to vslock(9). This prevents a local DOS.
(The checks against system and user limits for wired
memory should be centralized in UVM; for now prefer a less
invasive fix which can be pulled pulled up into releases.)
2006-03-15 16:12:07 +00:00
yamt
e6844c675a sysctl_lookup: use "d" rather than "rnode->sysctl_data" after
"d = rnode->sysctl_data".
2006-03-05 00:32:43 +00:00
drochner
b18cf5c358 update comments for const sysctl args 2006-02-24 19:26:50 +00:00
yamt
467e5f4980 KNF. convert
if () {
        }
        /*
         * some
         * comments
         */
        else {
        }

to
        if () {
        } else {
                /*
                 * some
                 * comments
                 */
        }
2005-11-27 12:07:24 +00:00
yamt
c14bdacc17 MALLOC/FREE -> malloc/free where appropriate. 2005-10-29 12:26:37 +00:00
yamt
ebfab35576 old_sysctl: fix null dereference when oldlenp == NULL. 2005-08-21 13:14:54 +00:00
yamt
f37bf52fce sysctl_create: remove an unused variable. 2005-08-07 04:54:07 +00:00
peter
cea97248d3 Fix an off-by-one in checking the return value of strlcpy(9).
Reviewed by atatat.
2005-07-23 23:34:52 +00:00
atatat
df13e3579e Change the rest of the sysctl subsystem to use const consistently.
The __UNCONST macro is now used only where necessary and the RW macros
are gone.  Most of the changes here are consumers of the
sysctl_createv(9) interface that now takes a pair of const pointers
which used not to be.
2005-06-20 02:49:18 +00:00
atatat
420d91208b Properly fix the constipated lossage wrt -Wcast-qual and the sysctl
code.  I know it's not the prettiest code, but it seems to work rather
well in spite of itself.
2005-06-09 02:19:59 +00:00
scw
50d7457a5f Thou shalt not allocate PAGE_SIZE automatic variables on the kernel stack. 2005-06-08 07:25:12 +00:00
christos
efb6943313 - add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
2005-05-29 22:24:14 +00:00
perry
da8abec863 nuke trailing whitespace 2005-02-26 21:34:55 +00:00
heas
57cef74601 Expose sysctl_root node to kernel sources. It will be used by FreeBSD sysctl
emulation.
2005-02-20 19:43:46 +00:00
elric
e6e79dacef The API for ksyms_getval_from_kernel changed. 2005-02-16 00:30:28 +00:00
cube
8a0e3b4be1 In sysctl_destroyv, the newly created dnode structure must have its
version set to the correct value to prevent later failure of
sysctl_cvt_in.
2004-05-12 12:21:39 +00:00
atatat
778eadaf46 Add a printf() to the other case in sysctl_createv() where a node did
not get attached for what should be an extremely unusual case.
2004-05-06 07:06:46 +00:00
matt
d1fcd75db0 Define link_sets start/stop as ptype * const [] since they are in a
readonly section.
2004-05-01 07:16:55 +00:00
atatat
3f800573aa Be consistent about using sysc_init_field() 2004-04-25 05:54:38 +00:00
atatat
990f278f7a Remove dynamic sysctl node version 0 from the tree. It seemed okay at
first, but quickly showed its shortcomings.  The version 1 node we're
now using should be good for a while.
2004-04-25 05:47:52 +00:00
atatat
275e2ae7f3 First caller to set a description on a node sets it. This allows one
setup function to set the description, even if the node has been
instantiated elsewhere.  Or not, depending on the other that the setup
functions are called.
2004-04-06 18:52:35 +00:00
atatat
f06d00c1a8 Add the standard "is this tree writeable" check to sysctl_describe()
and a comment to sysctl_destroy() about why the check is slightly
different there.
2004-04-01 04:50:06 +00:00
atatat
d97889de23 Fix sysctl_createv() so that rnode and cnode can refer to the same
pointer.  Fix sysctl_create() so that nodes cannot be added to an
alias node.
2004-03-27 04:26:23 +00:00
atatat
76f167c40b Set version in node destroy request 2004-03-25 22:16:04 +00:00
atatat
44afe14cb6 Unwind the nested designators for fields within structs within structs
(or unions).  This should really be put back once we're all using gcc3
for everything, since that makes it look a *lot* cleaner.
2004-03-25 18:36:49 +00:00
atatat
38c4183b04 Implement sysctl descriptions. Now all that remains is actually to
write them.
2004-03-24 18:11:09 +00:00
atatat
5aab77f087 Framework for sysctl descriptions. Implementation to follow shortly. 2004-03-24 17:40:02 +00:00
atatat
c6abd47f96 New node version and layout. This should take care of the netbsd32
emulation problem, formalizes the versioning (should it ever be needed
again), and provides a slot for descriptions.
2004-03-24 17:21:02 +00:00
atatat
289b641ef9 Implement sysctllog and sysctl_teardown(), which unwinds the log. 2004-03-24 16:55:49 +00:00
atatat
d42aae36c0 The new sysctl query interface returns the same information as the old
one, but you must pass in an empty node that indicates the version
you're using.
2004-03-24 16:34:34 +00:00
atatat
19af35fd0d Tango on sysctl_createv() and flags. The flags have all been renamed,
and sysctl_createv() now uses more arguments.
2004-03-24 15:34:46 +00:00
atatat
70057f1d4e That copystr() should be copyinstr(), and fix a couple of places where
aliasing needs to be avoided.
2004-03-24 15:25:43 +00:00
atatat
73c41a46cc Some optimization for sysctl_locate() 2004-03-08 03:31:26 +00:00