Commit Graph

26 Commits

Author SHA1 Message Date
hubertf
eda05c6413 Remove more duplicate headers.
Patch by Slava Semushin <slava.semushin@gmail.com>

Again, this was tested by comparing obj files from a pristine and a patched
source tree against an i386/ALL kernel, and also for src/sbin/fsck_ffs,
src/sbin/fsdb and src/usr.sbin/makefs. Only changes in assert() line numbers
were detected in 'objdump -d' output.
2007-01-29 01:52:43 +00:00
cube
74166b9a93 Let this code handle const qualifiers correctly enough to compile. 2007-01-13 18:54:43 +00:00
wiz
09cb1d6f1c s/existance/existence/, from Zafer. 2006-11-24 22:52:16 +00:00
elad
bada0c776a Don't use KAUTH_RESULT_* where it's not applicable.
Prompted by yamt@.
2006-09-13 10:07:42 +00:00
elad
5f7169ccb1 First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)
2006-09-08 20:58:56 +00:00
perry
0f0296d88a Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete. 2005-12-24 20:45:08 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
perry
477853c351 nuke trailing whitespace 2005-02-26 22:58:54 +00:00
thorpej
ebb94a12fe Don't record option-dependencies here, since none of these options
depend on each other in the sense that config(8) implements.

Provide an informative error message if IPKDBKEY is not defined.
2002-10-11 00:50:30 +00:00
thorpej
1e9e72e1ab Move IPKDB config defns to ipkdb/files.ipkdb. 2002-10-10 21:56:50 +00:00
lukem
1ac69d9cb3 add RCSIDs 2001-11-12 22:54:03 +00:00
ws
4eaea04eb7 Fix a few (essential!) tyops.
During initialization, don't buy any non-broadcast packet as being
from our debugger.
2000-03-23 20:33:37 +00:00
ws
7da71e5f9e Make IPKDB working again.
Add support for i386 debugging and pci-based ne2000 boards.
2000-03-22 20:58:25 +00:00
thorpej
f98d358a1f Rework layer 2 protocol input routines. Instead of calling e.g. ether_input()
directly, call the function pointer (*if_input)(ifp, m).  The input routine
expects the packet header to be at the head of the packet, and will adjust
as necessary.  Privatize the layer 2 input and output routines, allowing
*_ifattach() to set them up as appropriate.
1999-05-18 23:52:51 +00:00
thorpej
69e521f4be Fix void * arithmetic. 1999-05-04 23:30:21 +00:00
jonathan
9bf2ba0928 Garbage-collect ``needs-flag'' from attributes ether, fddi, arc:
NETHER, NFDDI, NARC are  not used anywhere. Remove #include "ether.h",
   which had no effect.
Removes clash with "options NATM" for native-ATM network protocol stack.
1998-07-05 22:29:51 +00:00
thorpej
1e2c4ea425 Update for changes to config. 1998-01-13 02:26:06 +00:00
ws
8d38c5e126 Don't include psl.h in MI code.
Pointed out by Jonathan Stone and Chris Demetriou.
1997-08-21 11:26:42 +00:00
thorpej
4ddaa39d4d RCS ID police. 1997-06-26 07:21:44 +00:00
thorpej
b7f4353935 Revert to using our own version of MD5, per discussion with Wolfgang
Solfrank.  Rationale: We want to minimize the debugger's dependency
on other parts of the system.

To avoid namespace clashes, prepent MD5 names with "ipkdb_" to make it
clear what the intent is.
1997-06-26 00:53:03 +00:00
thorpej
60ad2f6582 Use the md5 implementation in libkern, not our own. 1997-04-30 00:54:34 +00:00
mycroft
103c7d360d Oops; forgot to GC the last mbuf allocated when out of clusters. 1997-04-28 17:03:58 +00:00
mycroft
9da4efe896 If we fail to allocate a cluster to hold a large packet, simply
drop it rather than using a chain of tiny mbufs.
1997-04-24 08:14:04 +00:00
thorpej
ce1963c633 - Add authentication to ipkdb (From Wolfgang Solfrank)
- Update for newarp (me)
1997-04-19 01:52:15 +00:00
is
07b064e02e New ARP system, supports IPv4 over any hardware link.
Some of the stuff (e.g., rarpd, bootpd, dhcpd etc., libsa) still will
only support Ethernet. Tcpdump itself should be ok, but libpcap needs
lot of work.

For the detailed change history, look at the commit log entries for
the is-newarp branch.
1997-03-15 18:09:08 +00:00
ws
31bdb14ed5 Rename recently checked in KGDB to IPKDB to resolve conflicts with older KGDB 1996-10-16 19:32:08 +00:00