cvs diff: Diffing . cvs diff: Diffing bin cvs diff: Diffing bin/cat cvs diff: Diffing bin/chio cvs diff: Diffing bin/chmod cvs diff: Diffing bin/cp cvs diff: Diffing bin/csh cvs diff: Diffing bin/csh/USD.doc cvs diff: Diffing bin/csh/nls cvs diff: Diffing bin/csh/nls/et cvs diff: Diffing bin/csh/nls/finnish cvs diff: Diffing bin/csh/nls/french cvs diff: Diffing bin/csh/nls/german cvs diff: Diffing bin/csh/nls/greek cvs diff: Diffing bin/csh/nls/italian cvs diff: Diffing bin/csh/nls/ja cvs diff: Diffing bin/csh/nls/russian cvs diff: Diffing bin/csh/nls/spanish cvs diff: Diffing bin/csh/nls/ukrainian cvs diff: Diffing bin/date cvs diff: Diffing bin/dd cvs diff: Diffing bin/df cvs diff: Diffing bin/domainname cvs diff: Diffing bin/echo cvs diff: Diffing bin/ed cvs diff: Diffing bin/ed/test cvs diff: Diffing bin/expr cvs diff: Diffing bin/getfacl cvs diff: Diffing bin/hostname cvs diff: Diffing bin/kill cvs diff: Diffing bin/ln cvs diff: Diffing bin/ls cvs diff: Diffing bin/mkdir cvs diff: Diffing bin/mv cvs diff: Diffing bin/pax cvs diff: Diffing bin/ps cvs diff: Diffing bin/pwd cvs diff: Diffing bin/rcp cvs diff: Diffing bin/rm cvs diff: Diffing bin/rmail cvs diff: Diffing bin/rmdir cvs diff: Diffing bin/setfacl cvs diff: Diffing bin/sh cvs diff: Diffing bin/sh/bltin cvs diff: Diffing bin/sh/funcs cvs diff: Diffing bin/sleep cvs diff: Diffing bin/stty cvs diff: Diffing bin/sync cvs diff: Diffing bin/test cvs diff: Diffing contrib cvs diff: Diffing contrib/amd cvs diff: Diffing contrib/amd/amd cvs diff: Diffing contrib/amd/amq cvs diff: Diffing contrib/amd/conf cvs diff: Diffing contrib/amd/conf/checkmount cvs diff: Diffing contrib/amd/conf/fh_dref cvs diff: Diffing contrib/amd/conf/hn_dref cvs diff: Diffing contrib/amd/conf/mtab cvs diff: Diffing contrib/amd/conf/nfs_prot cvs diff: Diffing contrib/amd/conf/sa_dref cvs diff: Diffing contrib/amd/conf/transp cvs diff: Diffing contrib/amd/conf/trap cvs diff: Diffing contrib/amd/conf/umount cvs diff: Diffing contrib/amd/doc cvs diff: Diffing contrib/amd/fixmount cvs diff: Diffing contrib/amd/fsinfo cvs diff: Diffing contrib/amd/hlfsd cvs diff: Diffing contrib/amd/include Index: contrib/amd/include/am_defs.h =================================================================== RCS file: /home/ncvs/src/contrib/amd/include/am_defs.h,v retrieving revision 1.12 diff -u -r1.12 am_defs.h --- contrib/amd/include/am_defs.h 2001/09/02 20:37:36 1.12 +++ contrib/amd/include/am_defs.h 2001/09/08 21:18:09 @@ -446,6 +446,8 @@ * Actions to take if exists. */ #ifdef HAVE_SYS_UCRED_H +/* XXX: need something more here */ +#include # include #endif /* HAVE_SYS_UCRED_H */ cvs diff: Diffing contrib/amd/libamu cvs diff: Diffing contrib/amd/mk-amd-map cvs diff: Diffing contrib/amd/scripts cvs diff: Diffing contrib/amd/wire-test cvs diff: Diffing contrib/awk cvs diff: Diffing contrib/awk/README_d cvs diff: Diffing contrib/awk/awklib cvs diff: Diffing contrib/awk/awklib/eg cvs diff: Diffing contrib/awk/awklib/eg/data cvs diff: Diffing contrib/awk/awklib/eg/lib cvs diff: Diffing contrib/awk/awklib/eg/misc cvs diff: Diffing contrib/awk/awklib/eg/prog cvs diff: Diffing contrib/awk/doc cvs diff: Diffing contrib/awk/posix cvs diff: Diffing contrib/awk/test cvs diff: Diffing contrib/awk/test/reg cvs diff: Diffing contrib/awk/test/reg/Obsolete cvs diff: Diffing contrib/bc cvs diff: Diffing contrib/bc/Examples cvs diff: Diffing contrib/bc/Test cvs diff: Diffing contrib/bc/bc cvs diff: Diffing contrib/bc/dc cvs diff: Diffing contrib/bc/doc cvs diff: Diffing contrib/bc/h cvs diff: Diffing contrib/bc/lib cvs diff: Diffing contrib/bind cvs diff: Diffing contrib/bind/bin cvs diff: Diffing contrib/bind/bin/addr cvs diff: Diffing contrib/bind/bin/dig cvs diff: Diffing contrib/bind/bin/dnskeygen cvs diff: Diffing contrib/bind/bin/dnsquery cvs diff: Diffing contrib/bind/bin/host cvs diff: Diffing contrib/bind/bin/irpd cvs diff: Diffing contrib/bind/bin/mkservdb cvs diff: Diffing contrib/bind/bin/named cvs diff: Diffing contrib/bind/bin/named/test cvs diff: Diffing contrib/bind/bin/named-bootconf cvs diff: Diffing contrib/bind/bin/named-bootconf/Grot cvs diff: Diffing contrib/bind/bin/named-xfer cvs diff: Diffing contrib/bind/bin/ndc cvs diff: Diffing contrib/bind/bin/nslookup cvs diff: Diffing contrib/bind/bin/nsupdate cvs diff: Diffing contrib/bind/doc cvs diff: Diffing contrib/bind/doc/bog cvs diff: Diffing contrib/bind/doc/html cvs diff: Diffing contrib/bind/doc/man cvs diff: Diffing contrib/bind/doc/misc cvs diff: Diffing contrib/bind/doc/notes cvs diff: Diffing contrib/bind/include cvs diff: Diffing contrib/bind/include/arpa cvs diff: Diffing contrib/bind/include/isc cvs diff: Diffing contrib/bind/lib cvs diff: Diffing contrib/bind/lib/dst cvs diff: Diffing contrib/bind/lib/inet cvs diff: Diffing contrib/bind/lib/irs cvs diff: Diffing contrib/bind/lib/isc cvs diff: Diffing contrib/bind/lib/nameser cvs diff: Diffing contrib/bind/lib/resolv cvs diff: Diffing contrib/bind/port cvs diff: Diffing contrib/bind/port/freebsd cvs diff: Diffing contrib/bind/port/freebsd/bin cvs diff: Diffing contrib/bind/port/freebsd/include cvs diff: Diffing contrib/bind/port/freebsd/include/sys cvs diff: Diffing contrib/bind/port/prand_conf cvs diff: Diffing contrib/bind/tests cvs diff: Diffing contrib/binutils cvs diff: Diffing contrib/binutils/bfd cvs diff: Diffing contrib/binutils/bfd/doc cvs diff: Diffing contrib/binutils/bfd/hosts cvs diff: Diffing contrib/binutils/bfd/po cvs diff: Diffing contrib/binutils/binutils cvs diff: Diffing contrib/binutils/binutils/po cvs diff: Diffing contrib/binutils/config cvs diff: Diffing contrib/binutils/gas cvs diff: Diffing contrib/binutils/gas/config cvs diff: Diffing contrib/binutils/gas/doc cvs diff: Diffing contrib/binutils/gas/po cvs diff: Diffing contrib/binutils/include cvs diff: Diffing contrib/binutils/include/aout cvs diff: Diffing contrib/binutils/include/coff cvs diff: Diffing contrib/binutils/include/elf cvs diff: Diffing contrib/binutils/include/opcode cvs diff: Diffing contrib/binutils/include/regs cvs diff: Diffing contrib/binutils/ld cvs diff: Diffing contrib/binutils/ld/emulparams cvs diff: Diffing contrib/binutils/ld/emultempl cvs diff: Diffing contrib/binutils/ld/po cvs diff: Diffing contrib/binutils/ld/scripttempl cvs diff: Diffing contrib/binutils/libiberty cvs diff: Diffing contrib/binutils/libiberty/config cvs diff: Diffing contrib/binutils/opcodes cvs diff: Diffing contrib/binutils/opcodes/po cvs diff: Diffing contrib/bzip2 cvs diff: Diffing contrib/com_err cvs diff: Diffing contrib/cpio cvs diff: Diffing contrib/cvs cvs diff: Diffing contrib/cvs/contrib cvs diff: Diffing contrib/cvs/diff cvs diff: Diffing contrib/cvs/doc cvs diff: Diffing contrib/cvs/lib cvs diff: Diffing contrib/cvs/man cvs diff: Diffing contrib/cvs/src cvs diff: Diffing contrib/cvs/tools cvs diff: Diffing contrib/diff cvs diff: Diffing contrib/file cvs diff: Diffing contrib/file/Magdir cvs diff: Diffing contrib/gcc cvs diff: Diffing contrib/gcc/config cvs diff: Diffing contrib/gcc/config/alpha cvs diff: Diffing contrib/gcc/config/i386 cvs diff: Diffing contrib/gcc/config/sparc cvs diff: Diffing contrib/gcc/cp cvs diff: Diffing contrib/gcc/cp/inc cvs diff: Diffing contrib/gcc/f cvs diff: Diffing contrib/gcc/ginclude cvs diff: Diffing contrib/gcc/objc cvs diff: Diffing contrib/gcc.295 cvs diff: Diffing contrib/gcc.295/config cvs diff: Diffing contrib/gcc.295/config/alpha cvs diff: Diffing contrib/gcc.295/config/i386 cvs diff: Diffing contrib/gcc.295/config/mips cvs diff: Diffing contrib/gcc.295/config/sparc cvs diff: Diffing contrib/gcc.295/cp cvs diff: Diffing contrib/gcc.295/cp/inc cvs diff: Diffing contrib/gcc.295/f cvs diff: Diffing contrib/gcc.295/ginclude cvs diff: Diffing contrib/gcc.295/objc cvs diff: Diffing contrib/gdb cvs diff: Diffing contrib/gdb/gdb cvs diff: Diffing contrib/gdb/gdb/config cvs diff: Diffing contrib/gdb/gdb/config/alpha cvs diff: Diffing contrib/gdb/gdb/config/arm cvs diff: Diffing contrib/gdb/gdb/config/i386 cvs diff: Diffing contrib/gdb/gdb/config/ia64 cvs diff: Diffing contrib/gdb/gdb/config/mips cvs diff: Diffing contrib/gdb/gdb/config/powerpc cvs diff: Diffing contrib/gdb/gdb/config/sparc cvs diff: Diffing contrib/gdb/gdb/doc cvs diff: Diffing contrib/gdb/gdb/gdbserver cvs diff: Diffing contrib/gdb/gdb/nlm cvs diff: Diffing contrib/gdb/gdb/tui cvs diff: Diffing contrib/gdb.291 cvs diff: Diffing contrib/gdb.291/gdb cvs diff: Diffing contrib/gdb.291/gdb/29k-share cvs diff: Diffing contrib/gdb.291/gdb/29k-share/udi cvs diff: Diffing contrib/gdb.291/gdb/config cvs diff: Diffing contrib/gdb.291/gdb/config/alpha cvs diff: Diffing contrib/gdb.291/gdb/config/arm cvs diff: Diffing contrib/gdb.291/gdb/config/i386 cvs diff: Diffing contrib/gdb.291/gdb/config/mips cvs diff: Diffing contrib/gdb.291/gdb/config/powerpc cvs diff: Diffing contrib/gdb.291/gdb/config/sparc cvs diff: Diffing contrib/gdb.291/gdb/doc cvs diff: Diffing contrib/gdb.291/gdb/gdbserver cvs diff: Diffing contrib/gdb.291/gdb/nlm cvs diff: Diffing contrib/gdb.291/gdb/tui cvs diff: Diffing contrib/gperf cvs diff: Diffing contrib/gperf/doc cvs diff: Diffing contrib/gperf/lib cvs diff: Diffing contrib/gperf/src cvs diff: Diffing contrib/gperf/tests cvs diff: Diffing contrib/groff cvs diff: Diffing contrib/groff/contrib cvs diff: Diffing contrib/groff/contrib/mm cvs diff: Diffing contrib/groff/contrib/mm/examples cvs diff: Diffing contrib/groff/contrib/mm/mm cvs diff: Diffing contrib/groff/doc cvs diff: Diffing contrib/groff/font cvs diff: Diffing contrib/groff/font/devX100 cvs diff: Diffing contrib/groff/font/devX100-12 cvs diff: Diffing contrib/groff/font/devX75 cvs diff: Diffing contrib/groff/font/devX75-12 cvs diff: Diffing contrib/groff/font/devascii cvs diff: Diffing contrib/groff/font/devcp1047 cvs diff: Diffing contrib/groff/font/devdvi cvs diff: Diffing contrib/groff/font/devdvi/generate cvs diff: Diffing contrib/groff/font/devhtml cvs diff: Diffing contrib/groff/font/devlatin1 cvs diff: Diffing contrib/groff/font/devlbp cvs diff: Diffing contrib/groff/font/devlj4 cvs diff: Diffing contrib/groff/font/devlj4/generate cvs diff: Diffing contrib/groff/font/devps cvs diff: Diffing contrib/groff/font/devps/generate cvs diff: Diffing contrib/groff/font/devutf8 cvs diff: Diffing contrib/groff/man cvs diff: Diffing contrib/groff/src cvs diff: Diffing contrib/groff/src/devices cvs diff: Diffing contrib/groff/src/devices/grodvi cvs diff: Diffing contrib/groff/src/devices/grohtml cvs diff: Diffing contrib/groff/src/devices/grolbp cvs diff: Diffing contrib/groff/src/devices/grolj4 cvs diff: Diffing contrib/groff/src/devices/grops cvs diff: Diffing contrib/groff/src/devices/grotty cvs diff: Diffing contrib/groff/src/include cvs diff: Diffing contrib/groff/src/libs cvs diff: Diffing contrib/groff/src/libs/libbib cvs diff: Diffing contrib/groff/src/libs/libdriver cvs diff: Diffing contrib/groff/src/libs/libgroff cvs diff: Diffing contrib/groff/src/preproc cvs diff: Diffing contrib/groff/src/preproc/eqn cvs diff: Diffing contrib/groff/src/preproc/grn cvs diff: Diffing contrib/groff/src/preproc/html cvs diff: Diffing contrib/groff/src/preproc/pic cvs diff: Diffing contrib/groff/src/preproc/refer cvs diff: Diffing contrib/groff/src/preproc/soelim cvs diff: Diffing contrib/groff/src/preproc/tbl cvs diff: Diffing contrib/groff/src/roff cvs diff: Diffing contrib/groff/src/roff/groff cvs diff: Diffing contrib/groff/src/roff/grog cvs diff: Diffing contrib/groff/src/roff/nroff cvs diff: Diffing contrib/groff/src/roff/troff cvs diff: Diffing contrib/groff/src/utils cvs diff: Diffing contrib/groff/src/utils/addftinfo cvs diff: Diffing contrib/groff/src/utils/afmtodit cvs diff: Diffing contrib/groff/src/utils/hpftodit cvs diff: Diffing contrib/groff/src/utils/indxbib cvs diff: Diffing contrib/groff/src/utils/lkbib cvs diff: Diffing contrib/groff/src/utils/lookbib cvs diff: Diffing contrib/groff/src/utils/pfbtops cvs diff: Diffing contrib/groff/src/utils/tfmtodit cvs diff: Diffing contrib/groff/src/xditview cvs diff: Diffing contrib/groff/tmac cvs diff: Diffing contrib/ipfilter cvs diff: Diffing contrib/ipfilter/BSD cvs diff: Diffing contrib/ipfilter/FWTK cvs diff: Diffing contrib/ipfilter/FreeBSD cvs diff: Diffing contrib/ipfilter/FreeBSD-2.2 cvs diff: Diffing contrib/ipfilter/FreeBSD-3 cvs diff: Diffing contrib/ipfilter/FreeBSD-4.0 cvs diff: Diffing contrib/ipfilter/etc cvs diff: Diffing contrib/ipfilter/iplang cvs diff: Diffing contrib/ipfilter/ipsd cvs diff: Diffing contrib/ipfilter/ipsd/Celler cvs diff: Diffing contrib/ipfilter/ipsend cvs diff: Diffing contrib/ipfilter/ipsend/.OLD cvs diff: Diffing contrib/ipfilter/l4check cvs diff: Diffing contrib/ipfilter/man cvs diff: Diffing contrib/ipfilter/perl cvs diff: Diffing contrib/ipfilter/rules cvs diff: Diffing contrib/ipfilter/samples cvs diff: Diffing contrib/ipfilter/test cvs diff: Diffing contrib/ipfilter/test/expected cvs diff: Diffing contrib/ipfilter/test/input cvs diff: Diffing contrib/ipfilter/test/regress cvs diff: Diffing contrib/isc-dhcp cvs diff: Diffing contrib/isc-dhcp/client cvs diff: Diffing contrib/isc-dhcp/client/scripts cvs diff: Diffing contrib/isc-dhcp/common cvs diff: Diffing contrib/isc-dhcp/includes cvs diff: Diffing contrib/isc-dhcp/includes/arpa cvs diff: Diffing contrib/isc-dhcp/includes/cf cvs diff: Diffing contrib/isc-dhcp/includes/netinet cvs diff: Diffing contrib/less cvs diff: Diffing contrib/libf2c cvs diff: Diffing contrib/libf2c/libF77 cvs diff: Diffing contrib/libf2c/libI77 cvs diff: Diffing contrib/libf2c/libU77 cvs diff: Diffing contrib/libio cvs diff: Diffing contrib/libio/config cvs diff: Diffing contrib/libio/dbz cvs diff: Diffing contrib/libio/include cvs diff: Diffing contrib/libio/stdio cvs diff: Diffing contrib/libio/tests cvs diff: Diffing contrib/libio/testsuite cvs diff: Diffing contrib/libio/testsuite/config cvs diff: Diffing contrib/libio/testsuite/lib cvs diff: Diffing contrib/libio/testsuite/libio.tests cvs diff: Diffing contrib/libio.295 cvs diff: Diffing contrib/libio.295/config cvs diff: Diffing contrib/libio.295/dbz cvs diff: Diffing contrib/libio.295/include cvs diff: Diffing contrib/libio.295/stdio cvs diff: Diffing contrib/libio.295/tests cvs diff: Diffing contrib/libio.295/testsuite cvs diff: Diffing contrib/libio.295/testsuite/config cvs diff: Diffing contrib/libio.295/testsuite/lib cvs diff: Diffing contrib/libio.295/testsuite/libio.tests cvs diff: Diffing contrib/libobjc cvs diff: Diffing contrib/libobjc/objc cvs diff: Diffing contrib/libobjc.295 cvs diff: Diffing contrib/libobjc.295/objc cvs diff: Diffing contrib/libpam cvs diff: Diffing contrib/libpam/defs cvs diff: Diffing contrib/libpam/doc cvs diff: Diffing contrib/libpam/doc/figs cvs diff: Diffing contrib/libpam/doc/html cvs diff: Diffing contrib/libpam/doc/man cvs diff: Diffing contrib/libpam/doc/modules cvs diff: Diffing contrib/libpam/doc/specs cvs diff: Diffing contrib/libpam/libpam cvs diff: Diffing contrib/libpam/libpam/include cvs diff: Diffing contrib/libpam/libpam/include/security cvs diff: Diffing contrib/libpam/libpam_misc cvs diff: Diffing contrib/libpam/libpam_misc/include cvs diff: Diffing contrib/libpam/libpam_misc/include/security cvs diff: Diffing contrib/libpam/libpamc cvs diff: Diffing contrib/libpam/libpamc/include cvs diff: Diffing contrib/libpam/libpamc/include/security cvs diff: Diffing contrib/libpam/libpamc/test cvs diff: Diffing contrib/libpam/libpamc/test/agents cvs diff: Diffing contrib/libpam/libpamc/test/modules cvs diff: Diffing contrib/libpam/libpamc/test/regress cvs diff: Diffing contrib/libpam/modules cvs diff: Diffing contrib/libpam/modules/pam_deny cvs diff: Diffing contrib/libpam/modules/pam_ftp cvs diff: Diffing contrib/libpam/modules/pam_issue cvs diff: Diffing contrib/libpam/modules/pam_mail cvs diff: Diffing contrib/libpam/modules/pam_mkhomedir cvs diff: Diffing contrib/libpam/modules/pam_motd cvs diff: Diffing contrib/libpam/modules/pam_nologin cvs diff: Diffing contrib/libpam/modules/pam_permit cvs diff: Diffing contrib/libpam/modules/pam_rhosts cvs diff: Diffing contrib/libpam/modules/pam_rootok cvs diff: Diffing contrib/libpam/modules/pam_securetty cvs diff: Diffing contrib/libpam/modules/pam_shells cvs diff: Diffing contrib/libpam/modules/pam_tally cvs diff: Diffing contrib/libpam/modules/pam_unix cvs diff: Diffing contrib/libpam/modules/pam_userdb cvs diff: Diffing contrib/libpam/modules/pam_warn cvs diff: Diffing contrib/libpam/modules/pam_wheel cvs diff: Diffing contrib/libpcap cvs diff: Diffing contrib/libpcap/bpf cvs diff: Diffing contrib/libpcap/bpf/net cvs diff: Diffing contrib/libpcap/lbl cvs diff: Diffing contrib/libreadline cvs diff: Diffing contrib/libreadline/doc cvs diff: Diffing contrib/libreadline/examples cvs diff: Diffing contrib/libreadline/shlib cvs diff: Diffing contrib/libreadline/support cvs diff: Diffing contrib/libstdc++ cvs diff: Diffing contrib/libstdc++/config cvs diff: Diffing contrib/libstdc++/std cvs diff: Diffing contrib/libstdc++/stl cvs diff: Diffing contrib/libstdc++/tests cvs diff: Diffing contrib/libstdc++/testsuite cvs diff: Diffing contrib/libstdc++/testsuite/config cvs diff: Diffing contrib/libstdc++/testsuite/lib cvs diff: Diffing contrib/libstdc++/testsuite/libstdc++.tests cvs diff: Diffing contrib/libstdc++.295 cvs diff: Diffing contrib/libstdc++.295/config cvs diff: Diffing contrib/libstdc++.295/std cvs diff: Diffing contrib/libstdc++.295/stl cvs diff: Diffing contrib/libstdc++.295/tests cvs diff: Diffing contrib/libstdc++.295/testsuite cvs diff: Diffing contrib/libstdc++.295/testsuite/config cvs diff: Diffing contrib/libstdc++.295/testsuite/lib cvs diff: Diffing contrib/libstdc++.295/testsuite/libstdc++.tests cvs diff: Diffing contrib/lukemftp cvs diff: Diffing contrib/lukemftp/src cvs diff: Diffing contrib/lukemftpd cvs diff: Diffing contrib/lukemftpd/src cvs diff: Diffing contrib/ncurses cvs diff: Diffing contrib/ncurses/c++ cvs diff: Diffing contrib/ncurses/doc cvs diff: Diffing contrib/ncurses/doc/html cvs diff: Diffing contrib/ncurses/form cvs diff: Diffing contrib/ncurses/include cvs diff: Diffing contrib/ncurses/man cvs diff: Diffing contrib/ncurses/menu cvs diff: Diffing contrib/ncurses/misc cvs diff: Diffing contrib/ncurses/misc/tabset cvs diff: Diffing contrib/ncurses/ncurses cvs diff: Diffing contrib/ncurses/ncurses/base cvs diff: Diffing contrib/ncurses/ncurses/tinfo cvs diff: Diffing contrib/ncurses/ncurses/trace cvs diff: Diffing contrib/ncurses/ncurses/tty cvs diff: Diffing contrib/ncurses/panel cvs diff: Diffing contrib/ncurses/progs cvs diff: Diffing contrib/ncurses/tack cvs diff: Diffing contrib/ncurses/test cvs diff: Diffing contrib/ntp cvs diff: Diffing contrib/ntp/adjtimed cvs diff: Diffing contrib/ntp/clockstuff cvs diff: Diffing contrib/ntp/conf cvs diff: Diffing contrib/ntp/html cvs diff: Diffing contrib/ntp/html/hints cvs diff: Diffing contrib/ntp/include cvs diff: Diffing contrib/ntp/kernel cvs diff: Diffing contrib/ntp/kernel/sys cvs diff: Diffing contrib/ntp/libntp cvs diff: Diffing contrib/ntp/libparse cvs diff: Diffing contrib/ntp/librsaref cvs diff: Diffing contrib/ntp/ntpd cvs diff: Diffing contrib/ntp/ntpdate cvs diff: Diffing contrib/ntp/ntpdc cvs diff: Diffing contrib/ntp/ntpq cvs diff: Diffing contrib/ntp/ntptrace cvs diff: Diffing contrib/ntp/parseutil cvs diff: Diffing contrib/ntp/scripts cvs diff: Diffing contrib/ntp/scripts/monitoring cvs diff: Diffing contrib/ntp/scripts/rc1 cvs diff: Diffing contrib/ntp/scripts/rc2 cvs diff: Diffing contrib/ntp/scripts/stats cvs diff: Diffing contrib/ntp/scripts/support cvs diff: Diffing contrib/ntp/scripts/support/bin cvs diff: Diffing contrib/ntp/scripts/support/conf cvs diff: Diffing contrib/ntp/scripts/support/etc cvs diff: Diffing contrib/ntp/util cvs diff: Diffing contrib/nvi cvs diff: Diffing contrib/nvi/build cvs diff: Diffing contrib/nvi/build/ExtUtils cvs diff: Diffing contrib/nvi/catalog cvs diff: Diffing contrib/nvi/cl cvs diff: Diffing contrib/nvi/clib cvs diff: Diffing contrib/nvi/common cvs diff: Diffing contrib/nvi/docs cvs diff: Diffing contrib/nvi/docs/USD.doc cvs diff: Diffing contrib/nvi/docs/USD.doc/edit cvs diff: Diffing contrib/nvi/docs/USD.doc/exref cvs diff: Diffing contrib/nvi/docs/USD.doc/vi.man cvs diff: Diffing contrib/nvi/docs/USD.doc/vi.ref cvs diff: Diffing contrib/nvi/docs/USD.doc/vitut cvs diff: Diffing contrib/nvi/docs/internals cvs diff: Diffing contrib/nvi/docs/interp cvs diff: Diffing contrib/nvi/docs/tutorial cvs diff: Diffing contrib/nvi/ex cvs diff: Diffing contrib/nvi/include cvs diff: Diffing contrib/nvi/include/sys cvs diff: Diffing contrib/nvi/ip cvs diff: Diffing contrib/nvi/ip_cl cvs diff: Diffing contrib/nvi/perl_api cvs diff: Diffing contrib/nvi/perl_scripts cvs diff: Diffing contrib/nvi/tcl_api cvs diff: Diffing contrib/nvi/tcl_scripts cvs diff: Diffing contrib/nvi/tk cvs diff: Diffing contrib/nvi/vi cvs diff: Diffing contrib/opie cvs diff: Diffing contrib/opie/libmissing cvs diff: Diffing contrib/opie/libopie cvs diff: Diffing contrib/patch cvs diff: Diffing contrib/perl5 cvs diff: Diffing contrib/perl5/Porting cvs diff: Diffing contrib/perl5/eg cvs diff: Diffing contrib/perl5/eg/cgi cvs diff: Diffing contrib/perl5/eg/g cvs diff: Diffing contrib/perl5/eg/scan cvs diff: Diffing contrib/perl5/eg/sysvipc cvs diff: Diffing contrib/perl5/eg/van cvs diff: Diffing contrib/perl5/ext cvs diff: Diffing contrib/perl5/ext/B cvs diff: Diffing contrib/perl5/ext/B/B cvs diff: Diffing contrib/perl5/ext/B/ramblings cvs diff: Diffing contrib/perl5/ext/ByteLoader cvs diff: Diffing contrib/perl5/ext/ByteLoader/hints cvs diff: Diffing contrib/perl5/ext/DB_File cvs diff: Diffing contrib/perl5/ext/DB_File/hints cvs diff: Diffing contrib/perl5/ext/Data cvs diff: Diffing contrib/perl5/ext/Data/Dumper cvs diff: Diffing contrib/perl5/ext/Devel cvs diff: Diffing contrib/perl5/ext/Devel/DProf cvs diff: Diffing contrib/perl5/ext/Devel/Peek cvs diff: Diffing contrib/perl5/ext/DynaLoader cvs diff: Diffing contrib/perl5/ext/DynaLoader/hints cvs diff: Diffing contrib/perl5/ext/Errno cvs diff: Diffing contrib/perl5/ext/Fcntl cvs diff: Diffing contrib/perl5/ext/File cvs diff: Diffing contrib/perl5/ext/File/Glob cvs diff: Diffing contrib/perl5/ext/GDBM_File cvs diff: Diffing contrib/perl5/ext/GDBM_File/hints cvs diff: Diffing contrib/perl5/ext/IO cvs diff: Diffing contrib/perl5/ext/IO/lib cvs diff: Diffing contrib/perl5/ext/IO/lib/IO cvs diff: Diffing contrib/perl5/ext/IO/lib/IO/Socket cvs diff: Diffing contrib/perl5/ext/IPC cvs diff: Diffing contrib/perl5/ext/IPC/SysV cvs diff: Diffing contrib/perl5/ext/IPC/SysV/hints cvs diff: Diffing contrib/perl5/ext/IPC/SysV/t cvs diff: Diffing contrib/perl5/ext/NDBM_File cvs diff: Diffing contrib/perl5/ext/NDBM_File/hints cvs diff: Diffing contrib/perl5/ext/ODBM_File cvs diff: Diffing contrib/perl5/ext/ODBM_File/hints cvs diff: Diffing contrib/perl5/ext/Opcode cvs diff: Diffing contrib/perl5/ext/POSIX cvs diff: Diffing contrib/perl5/ext/POSIX/hints cvs diff: Diffing contrib/perl5/ext/SDBM_File cvs diff: Diffing contrib/perl5/ext/SDBM_File/sdbm cvs diff: Diffing contrib/perl5/ext/Socket cvs diff: Diffing contrib/perl5/ext/Sys cvs diff: Diffing contrib/perl5/ext/Sys/Hostname cvs diff: Diffing contrib/perl5/ext/Sys/Syslog cvs diff: Diffing contrib/perl5/ext/Thread cvs diff: Diffing contrib/perl5/ext/Thread/Thread cvs diff: Diffing contrib/perl5/ext/attrs cvs diff: Diffing contrib/perl5/ext/re cvs diff: Diffing contrib/perl5/ext/re/hints cvs diff: Diffing contrib/perl5/ext/util cvs diff: Diffing contrib/perl5/h2pl cvs diff: Diffing contrib/perl5/h2pl/eg cvs diff: Diffing contrib/perl5/h2pl/eg/sys cvs diff: Diffing contrib/perl5/hints cvs diff: Diffing contrib/perl5/lib cvs diff: Diffing contrib/perl5/lib/CGI cvs diff: Diffing contrib/perl5/lib/CPAN cvs diff: Diffing contrib/perl5/lib/Carp cvs diff: Diffing contrib/perl5/lib/Class cvs diff: Diffing contrib/perl5/lib/Devel cvs diff: Diffing contrib/perl5/lib/Exporter cvs diff: Diffing contrib/perl5/lib/ExtUtils cvs diff: Diffing contrib/perl5/lib/File cvs diff: Diffing contrib/perl5/lib/File/Spec cvs diff: Diffing contrib/perl5/lib/Getopt cvs diff: Diffing contrib/perl5/lib/I18N cvs diff: Diffing contrib/perl5/lib/IPC cvs diff: Diffing contrib/perl5/lib/Math cvs diff: Diffing contrib/perl5/lib/Net cvs diff: Diffing contrib/perl5/lib/Pod cvs diff: Diffing contrib/perl5/lib/Pod/Text cvs diff: Diffing contrib/perl5/lib/Search cvs diff: Diffing contrib/perl5/lib/Sys cvs diff: Diffing contrib/perl5/lib/Term cvs diff: Diffing contrib/perl5/lib/Test cvs diff: Diffing contrib/perl5/lib/Text cvs diff: Diffing contrib/perl5/lib/Tie cvs diff: Diffing contrib/perl5/lib/Time cvs diff: Diffing contrib/perl5/lib/User cvs diff: Diffing contrib/perl5/lib/unicode cvs diff: Diffing contrib/perl5/lib/unicode/In cvs diff: Diffing contrib/perl5/lib/unicode/Is cvs diff: Diffing contrib/perl5/lib/unicode/To cvs diff: Diffing contrib/perl5/lib/warnings cvs diff: Diffing contrib/perl5/pod cvs diff: Diffing contrib/perl5/t cvs diff: Diffing contrib/perl5/t/base cvs diff: Diffing contrib/perl5/t/cmd cvs diff: Diffing contrib/perl5/t/comp cvs diff: Diffing contrib/perl5/t/io cvs diff: Diffing contrib/perl5/t/lib cvs diff: Diffing contrib/perl5/t/lib/dprof cvs diff: Diffing contrib/perl5/t/op cvs diff: Diffing contrib/perl5/t/pod cvs diff: Diffing contrib/perl5/t/pragma cvs diff: Diffing contrib/perl5/t/pragma/locale cvs diff: Diffing contrib/perl5/t/pragma/warn cvs diff: Diffing contrib/perl5/utils cvs diff: Diffing contrib/perl5/x2p cvs diff: Diffing contrib/pnpinfo cvs diff: Diffing contrib/sendmail cvs diff: Diffing contrib/sendmail/cf cvs diff: Diffing contrib/sendmail/cf/cf cvs diff: Diffing contrib/sendmail/cf/domain cvs diff: Diffing contrib/sendmail/cf/feature cvs diff: Diffing contrib/sendmail/cf/hack cvs diff: Diffing contrib/sendmail/cf/m4 cvs diff: Diffing contrib/sendmail/cf/mailer cvs diff: Diffing contrib/sendmail/cf/ostype cvs diff: Diffing contrib/sendmail/cf/sh cvs diff: Diffing contrib/sendmail/cf/siteconfig cvs diff: Diffing contrib/sendmail/contrib cvs diff: Diffing contrib/sendmail/doc cvs diff: Diffing contrib/sendmail/doc/op cvs diff: Diffing contrib/sendmail/include cvs diff: Diffing contrib/sendmail/include/libmilter cvs diff: Diffing contrib/sendmail/include/libsmdb cvs diff: Diffing contrib/sendmail/include/sendmail cvs diff: Diffing contrib/sendmail/libmilter cvs diff: Diffing contrib/sendmail/libsmdb cvs diff: Diffing contrib/sendmail/libsmutil cvs diff: Diffing contrib/sendmail/mail.local cvs diff: Diffing contrib/sendmail/mailstats cvs diff: Diffing contrib/sendmail/makemap cvs diff: Diffing contrib/sendmail/praliases cvs diff: Diffing contrib/sendmail/rmail cvs diff: Diffing contrib/sendmail/smrsh cvs diff: Diffing contrib/sendmail/src Index: contrib/sendmail/src/deliver.c =================================================================== RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v retrieving revision 1.1.1.9 diff -u -r1.1.1.9 deliver.c --- contrib/sendmail/src/deliver.c 2001/08/01 01:33:23 1.1.1.9 +++ contrib/sendmail/src/deliver.c 2001/08/05 16:51:40 @@ -1967,7 +1967,7 @@ if (pwd != NULL) (void) setusercontext(NULL, pwd, pwd->pw_uid, - LOGIN_SETRESOURCES|LOGIN_SETPRIORITY); + LOGIN_SETRESOURCES|LOGIN_SETPRIORITY|LOGIN_SETLABEL); } # endif /* HASSETUSERCONTEXT */ cvs diff: Diffing contrib/sendmail/test cvs diff: Diffing contrib/sendmail/vacation cvs diff: Diffing contrib/tcp_wrappers cvs diff: Diffing contrib/tcpdump cvs diff: Diffing contrib/tcpdump/lbl cvs diff: Diffing contrib/tcpdump/missing cvs diff: Diffing contrib/tcsh cvs diff: Diffing contrib/tcsh/config cvs diff: Diffing contrib/tcsh/nls cvs diff: Diffing contrib/tcsh/nls/C cvs diff: Diffing contrib/tcsh/nls/et cvs diff: Diffing contrib/tcsh/nls/finnish cvs diff: Diffing contrib/tcsh/nls/french cvs diff: Diffing contrib/tcsh/nls/german cvs diff: Diffing contrib/tcsh/nls/greek cvs diff: Diffing contrib/tcsh/nls/italian cvs diff: Diffing contrib/tcsh/nls/ja cvs diff: Diffing contrib/tcsh/nls/pl cvs diff: Diffing contrib/tcsh/nls/russian cvs diff: Diffing contrib/tcsh/nls/spanish cvs diff: Diffing contrib/tcsh/nls/ukrainian cvs diff: Diffing contrib/texinfo cvs diff: Diffing contrib/texinfo/doc cvs diff: Diffing contrib/texinfo/info cvs diff: Diffing contrib/texinfo/lib cvs diff: Diffing contrib/texinfo/makeinfo cvs diff: Diffing contrib/texinfo/util cvs diff: Diffing contrib/top cvs diff: Diffing contrib/traceroute cvs diff: Diffing contrib/traceroute/lbl cvs diff: Diffing crypto cvs diff: Diffing crypto/heimdal cvs diff: Diffing crypto/heimdal/admin cvs diff: Diffing crypto/heimdal/appl cvs diff: Diffing crypto/heimdal/appl/afsutil cvs diff: Diffing crypto/heimdal/appl/dceutils cvs diff: Diffing crypto/heimdal/appl/ftp cvs diff: Diffing crypto/heimdal/appl/ftp/common cvs diff: Diffing crypto/heimdal/appl/ftp/ftp cvs diff: Diffing crypto/heimdal/appl/ftp/ftpd cvs diff: Diffing crypto/heimdal/appl/kauth cvs diff: Diffing crypto/heimdal/appl/kf cvs diff: Diffing crypto/heimdal/appl/kx cvs diff: Diffing crypto/heimdal/appl/login cvs diff: Diffing crypto/heimdal/appl/otp cvs diff: Diffing crypto/heimdal/appl/popper cvs diff: Diffing crypto/heimdal/appl/push cvs diff: Diffing crypto/heimdal/appl/rcp cvs diff: Diffing crypto/heimdal/appl/rsh cvs diff: Diffing crypto/heimdal/appl/su cvs diff: Diffing crypto/heimdal/appl/telnet cvs diff: Diffing crypto/heimdal/appl/telnet/arpa cvs diff: Diffing crypto/heimdal/appl/telnet/libtelnet cvs diff: Diffing crypto/heimdal/appl/telnet/telnet cvs diff: Diffing crypto/heimdal/appl/telnet/telnetd cvs diff: Diffing crypto/heimdal/appl/test cvs diff: Diffing crypto/heimdal/appl/xnlock cvs diff: Diffing crypto/heimdal/cf cvs diff: Diffing crypto/heimdal/doc cvs diff: Diffing crypto/heimdal/doc/standardisation cvs diff: Diffing crypto/heimdal/etc cvs diff: Diffing crypto/heimdal/include cvs diff: Diffing crypto/heimdal/include/kadm5 cvs diff: Diffing crypto/heimdal/kadmin cvs diff: Diffing crypto/heimdal/kdc cvs diff: Diffing crypto/heimdal/kpasswd cvs diff: Diffing crypto/heimdal/kuser cvs diff: Diffing crypto/heimdal/lib cvs diff: Diffing crypto/heimdal/lib/45 cvs diff: Diffing crypto/heimdal/lib/asn1 cvs diff: Diffing crypto/heimdal/lib/auth cvs diff: Diffing crypto/heimdal/lib/auth/afskauthlib cvs diff: Diffing crypto/heimdal/lib/auth/pam cvs diff: Diffing crypto/heimdal/lib/auth/sia cvs diff: Diffing crypto/heimdal/lib/com_err cvs diff: Diffing crypto/heimdal/lib/des cvs diff: Diffing crypto/heimdal/lib/des/asm cvs diff: Diffing crypto/heimdal/lib/des/t cvs diff: Diffing crypto/heimdal/lib/editline cvs diff: Diffing crypto/heimdal/lib/gssapi cvs diff: Diffing crypto/heimdal/lib/hdb cvs diff: Diffing crypto/heimdal/lib/kadm5 cvs diff: Diffing crypto/heimdal/lib/kafs cvs diff: Diffing crypto/heimdal/lib/krb5 cvs diff: Diffing crypto/heimdal/lib/otp cvs diff: Diffing crypto/heimdal/lib/roken cvs diff: Diffing crypto/heimdal/lib/sl cvs diff: Diffing crypto/heimdal/lib/vers cvs diff: Diffing crypto/heimdal/tools cvs diff: Diffing crypto/kerberosIV cvs diff: Diffing crypto/kerberosIV/admin cvs diff: Diffing crypto/kerberosIV/appl cvs diff: Diffing crypto/kerberosIV/appl/afsutil cvs diff: Diffing crypto/kerberosIV/appl/bsd cvs diff: Diffing crypto/kerberosIV/appl/ftp cvs diff: Diffing crypto/kerberosIV/appl/ftp/common cvs diff: Diffing crypto/kerberosIV/appl/ftp/ftp cvs diff: Diffing crypto/kerberosIV/appl/ftp/ftpd cvs diff: Diffing crypto/kerberosIV/appl/kauth cvs diff: Diffing crypto/kerberosIV/appl/kip cvs diff: Diffing crypto/kerberosIV/appl/sample cvs diff: Diffing crypto/kerberosIV/appl/telnet cvs diff: Diffing crypto/kerberosIV/appl/telnet/arpa cvs diff: Diffing crypto/kerberosIV/appl/telnet/libtelnet cvs diff: Diffing crypto/kerberosIV/appl/telnet/telnet cvs diff: Diffing crypto/kerberosIV/appl/telnet/telnetd cvs diff: Diffing crypto/kerberosIV/cf cvs diff: Diffing crypto/kerberosIV/doc cvs diff: Diffing crypto/kerberosIV/etc cvs diff: Diffing crypto/kerberosIV/include cvs diff: Diffing crypto/kerberosIV/include/sys cvs diff: Diffing crypto/kerberosIV/include/win32 cvs diff: Diffing crypto/kerberosIV/kadmin cvs diff: Diffing crypto/kerberosIV/kuser cvs diff: Diffing crypto/kerberosIV/lib cvs diff: Diffing crypto/kerberosIV/lib/acl cvs diff: Diffing crypto/kerberosIV/lib/auth cvs diff: Diffing crypto/kerberosIV/lib/auth/afskauthlib cvs diff: Diffing crypto/kerberosIV/lib/auth/pam cvs diff: Diffing crypto/kerberosIV/lib/auth/sia cvs diff: Diffing crypto/kerberosIV/lib/com_err cvs diff: Diffing crypto/kerberosIV/lib/kadm cvs diff: Diffing crypto/kerberosIV/lib/kafs cvs diff: Diffing crypto/kerberosIV/lib/kclient cvs diff: Diffing crypto/kerberosIV/lib/kdb cvs diff: Diffing crypto/kerberosIV/lib/krb cvs diff: Diffing crypto/kerberosIV/lib/roken cvs diff: Diffing crypto/kerberosIV/lib/sl cvs diff: Diffing crypto/kerberosIV/man cvs diff: Diffing crypto/kerberosIV/server cvs diff: Diffing crypto/kerberosIV/slave cvs diff: Diffing crypto/openssh cvs diff: Diffing crypto/openssh/lib cvs diff: Diffing crypto/openssh/pam_ssh cvs diff: Diffing crypto/openssh/scp cvs diff: Diffing crypto/openssh/sftp cvs diff: Diffing crypto/openssh/sftp-server cvs diff: Diffing crypto/openssh/ssh cvs diff: Diffing crypto/openssh/ssh-add cvs diff: Diffing crypto/openssh/ssh-agent cvs diff: Diffing crypto/openssh/ssh-keygen cvs diff: Diffing crypto/openssh/ssh-keyscan cvs diff: Diffing crypto/openssh/sshd cvs diff: Diffing crypto/openssl cvs diff: Diffing crypto/openssl/apps cvs diff: Diffing crypto/openssl/apps/demoCA cvs diff: Diffing crypto/openssl/apps/demoCA/private cvs diff: Diffing crypto/openssl/apps/rsa cvs diff: Diffing crypto/openssl/apps/set cvs diff: Diffing crypto/openssl/bugs cvs diff: Diffing crypto/openssl/certs cvs diff: Diffing crypto/openssl/certs/expired cvs diff: Diffing crypto/openssl/crypto cvs diff: Diffing crypto/openssl/crypto/asn1 cvs diff: Diffing crypto/openssl/crypto/bf cvs diff: Diffing crypto/openssl/crypto/bf/asm cvs diff: Diffing crypto/openssl/crypto/bio cvs diff: Diffing crypto/openssl/crypto/bn cvs diff: Diffing crypto/openssl/crypto/bn/asm cvs diff: Diffing crypto/openssl/crypto/bn/asm/alpha cvs diff: Diffing crypto/openssl/crypto/bn/asm/alpha.works cvs diff: Diffing crypto/openssl/crypto/bn/asm/x86 cvs diff: Diffing crypto/openssl/crypto/bn/old cvs diff: Diffing crypto/openssl/crypto/buffer cvs diff: Diffing crypto/openssl/crypto/cast cvs diff: Diffing crypto/openssl/crypto/cast/asm cvs diff: Diffing crypto/openssl/crypto/comp cvs diff: Diffing crypto/openssl/crypto/conf cvs diff: Diffing crypto/openssl/crypto/des cvs diff: Diffing crypto/openssl/crypto/des/asm cvs diff: Diffing crypto/openssl/crypto/des/t cvs diff: Diffing crypto/openssl/crypto/des/times cvs diff: Diffing crypto/openssl/crypto/dh cvs diff: Diffing crypto/openssl/crypto/dsa cvs diff: Diffing crypto/openssl/crypto/dso cvs diff: Diffing crypto/openssl/crypto/err cvs diff: Diffing crypto/openssl/crypto/evp cvs diff: Diffing crypto/openssl/crypto/hmac cvs diff: Diffing crypto/openssl/crypto/idea cvs diff: Diffing crypto/openssl/crypto/lhash cvs diff: Diffing crypto/openssl/crypto/md2 cvs diff: Diffing crypto/openssl/crypto/md4 cvs diff: Diffing crypto/openssl/crypto/md5 cvs diff: Diffing crypto/openssl/crypto/md5/asm cvs diff: Diffing crypto/openssl/crypto/mdc2 cvs diff: Diffing crypto/openssl/crypto/objects cvs diff: Diffing crypto/openssl/crypto/pem cvs diff: Diffing crypto/openssl/crypto/perlasm cvs diff: Diffing crypto/openssl/crypto/pkcs12 cvs diff: Diffing crypto/openssl/crypto/pkcs7 cvs diff: Diffing crypto/openssl/crypto/pkcs7/p7 cvs diff: Diffing crypto/openssl/crypto/pkcs7/t cvs diff: Diffing crypto/openssl/crypto/rand cvs diff: Diffing crypto/openssl/crypto/rc2 cvs diff: Diffing crypto/openssl/crypto/rc4 cvs diff: Diffing crypto/openssl/crypto/rc4/asm cvs diff: Diffing crypto/openssl/crypto/rc5 cvs diff: Diffing crypto/openssl/crypto/rc5/asm cvs diff: Diffing crypto/openssl/crypto/ripemd cvs diff: Diffing crypto/openssl/crypto/ripemd/asm cvs diff: Diffing crypto/openssl/crypto/rsa cvs diff: Diffing crypto/openssl/crypto/sha cvs diff: Diffing crypto/openssl/crypto/sha/asm cvs diff: Diffing crypto/openssl/crypto/stack cvs diff: Diffing crypto/openssl/crypto/threads cvs diff: Diffing crypto/openssl/crypto/txt_db cvs diff: Diffing crypto/openssl/crypto/x509 cvs diff: Diffing crypto/openssl/crypto/x509v3 cvs diff: Diffing crypto/openssl/demos cvs diff: Diffing crypto/openssl/demos/bio cvs diff: Diffing crypto/openssl/demos/eay cvs diff: Diffing crypto/openssl/demos/maurice cvs diff: Diffing crypto/openssl/demos/pkcs12 cvs diff: Diffing crypto/openssl/demos/prime cvs diff: Diffing crypto/openssl/demos/sign cvs diff: Diffing crypto/openssl/demos/ssl cvs diff: Diffing crypto/openssl/demos/state_machine cvs diff: Diffing crypto/openssl/dep cvs diff: Diffing crypto/openssl/doc cvs diff: Diffing crypto/openssl/doc/apps cvs diff: Diffing crypto/openssl/doc/crypto cvs diff: Diffing crypto/openssl/doc/ssl cvs diff: Diffing crypto/openssl/mt cvs diff: Diffing crypto/openssl/perl cvs diff: Diffing crypto/openssl/perl/t cvs diff: Diffing crypto/openssl/shlib cvs diff: Diffing crypto/openssl/ssl cvs diff: Diffing crypto/openssl/test cvs diff: Diffing crypto/openssl/times cvs diff: Diffing crypto/openssl/times/090 cvs diff: Diffing crypto/openssl/times/091 cvs diff: Diffing crypto/openssl/times/x86 cvs diff: Diffing crypto/openssl/tools cvs diff: Diffing crypto/openssl/util cvs diff: Diffing crypto/openssl/util/pl cvs diff: Diffing crypto/telnet cvs diff: Diffing crypto/telnet/arpa cvs diff: Diffing crypto/telnet/libtelnet cvs diff: Diffing crypto/telnet/telnet cvs diff: Diffing crypto/telnet/telnetd cvs diff: Diffing etc Index: etc/login.conf =================================================================== RCS file: /home/ncvs/src/etc/login.conf,v retrieving revision 1.43 diff -u -r1.43 login.conf --- etc/login.conf 2001/09/11 07:01:47 1.43 +++ etc/login.conf 2001/09/19 02:15:28 @@ -36,7 +36,8 @@ :sbsize=unlimited:\ :priority=0:\ :ignoretime@:\ - :umask=022: + :umask=022:\ + :label=biba/low,mls/low,partition/none: # @@ -64,6 +65,7 @@ # in preference to 'default'. root:\ :ignorenologin:\ + :label=biba/high,mls/low,partition/none:\ :tc=default: # cvs diff: Diffing etc/defaults cvs diff: Diffing etc/etc.alpha cvs diff: Diffing etc/etc.i386 cvs diff: Diffing etc/isdn cvs diff: Diffing etc/kerberosIV cvs diff: Diffing etc/mail cvs diff: Diffing etc/mtree cvs diff: Diffing etc/namedb cvs diff: Diffing etc/periodic cvs diff: Diffing etc/periodic/daily cvs diff: Diffing etc/periodic/monthly cvs diff: Diffing etc/periodic/weekly cvs diff: Diffing etc/ppp cvs diff: Diffing etc/rc.d cvs diff: Diffing etc/root cvs diff: Diffing etc/sendmail cvs diff: Diffing games cvs diff: Diffing games/adventure cvs diff: Diffing games/arithmetic cvs diff: Diffing games/atc cvs diff: Diffing games/atc/games cvs diff: Diffing games/backgammon cvs diff: Diffing games/backgammon/backgammon cvs diff: Diffing games/backgammon/common_source cvs diff: Diffing games/backgammon/teachgammon cvs diff: Diffing games/battlestar cvs diff: Diffing games/bcd cvs diff: Diffing games/bs cvs diff: Diffing games/caesar cvs diff: Diffing games/canfield cvs diff: Diffing games/canfield/canfield cvs diff: Diffing games/canfield/cfscores cvs diff: Diffing games/cribbage cvs diff: Diffing games/dm cvs diff: Diffing games/factor cvs diff: Diffing games/fish cvs diff: Diffing games/fortune cvs diff: Diffing games/fortune/datfiles cvs diff: Diffing games/fortune/fortune cvs diff: Diffing games/fortune/strfile cvs diff: Diffing games/fortune/tools cvs diff: Diffing games/fortune/unstr cvs diff: Diffing games/grdc cvs diff: Diffing games/hack cvs diff: Diffing games/hangman cvs diff: Diffing games/larn cvs diff: Diffing games/larn/datfiles cvs diff: Diffing games/mille cvs diff: Diffing games/morse cvs diff: Diffing games/number cvs diff: Diffing games/phantasia cvs diff: Diffing games/piano cvs diff: Diffing games/pig cvs diff: Diffing games/pom cvs diff: Diffing games/ppt cvs diff: Diffing games/primes cvs diff: Diffing games/quiz cvs diff: Diffing games/quiz/datfiles cvs diff: Diffing games/rain cvs diff: Diffing games/random cvs diff: Diffing games/robots cvs diff: Diffing games/rogue cvs diff: Diffing games/rogue/USD.doc cvs diff: Diffing games/sail cvs diff: Diffing games/snake cvs diff: Diffing games/snake/snake cvs diff: Diffing games/snake/snscore cvs diff: Diffing games/trek cvs diff: Diffing games/trek/DOC cvs diff: Diffing games/trek/USD.doc cvs diff: Diffing games/wargames cvs diff: Diffing games/worm cvs diff: Diffing games/worms cvs diff: Diffing games/wump cvs diff: Diffing gnu cvs diff: Diffing gnu/include cvs diff: Diffing gnu/lib cvs diff: Diffing gnu/lib/csu cvs diff: Diffing gnu/lib/libdialog cvs diff: Diffing gnu/lib/libdialog/TESTS cvs diff: Diffing gnu/lib/libg2c cvs diff: Diffing gnu/lib/libgcc cvs diff: Diffing gnu/lib/libgcc_r cvs diff: Diffing gnu/lib/libiberty cvs diff: Diffing gnu/lib/libobjc cvs diff: Diffing gnu/lib/libreadline cvs diff: Diffing gnu/lib/libreadline/history cvs diff: Diffing gnu/lib/libreadline/history/doc cvs diff: Diffing gnu/lib/libreadline/readline cvs diff: Diffing gnu/lib/libreadline/readline/doc cvs diff: Diffing gnu/lib/libregex cvs diff: Diffing gnu/lib/libregex/doc cvs diff: Diffing gnu/lib/libregex/test cvs diff: Diffing gnu/lib/libstdc++ cvs diff: Diffing gnu/lib/libstdc++/doc cvs diff: Diffing gnu/libexec cvs diff: Diffing gnu/libexec/uucp cvs diff: Diffing gnu/libexec/uucp/common_sources cvs diff: Diffing gnu/libexec/uucp/contrib cvs diff: Diffing gnu/libexec/uucp/cu cvs diff: Diffing gnu/libexec/uucp/doc cvs diff: Diffing gnu/libexec/uucp/libunix cvs diff: Diffing gnu/libexec/uucp/libuuconf cvs diff: Diffing gnu/libexec/uucp/libuucp cvs diff: Diffing gnu/libexec/uucp/sample cvs diff: Diffing gnu/libexec/uucp/uuchk cvs diff: Diffing gnu/libexec/uucp/uucico cvs diff: Diffing gnu/libexec/uucp/uuconv cvs diff: Diffing gnu/libexec/uucp/uucp cvs diff: Diffing gnu/libexec/uucp/uulog cvs diff: Diffing gnu/libexec/uucp/uuname cvs diff: Diffing gnu/libexec/uucp/uupick cvs diff: Diffing gnu/libexec/uucp/uusched cvs diff: Diffing gnu/libexec/uucp/uustat cvs diff: Diffing gnu/libexec/uucp/uuto cvs diff: Diffing gnu/libexec/uucp/uux cvs diff: Diffing gnu/libexec/uucp/uuxqt cvs diff: Diffing gnu/usr.bin cvs diff: Diffing gnu/usr.bin/as cvs diff: Diffing gnu/usr.bin/as/config cvs diff: Diffing gnu/usr.bin/as/opcode cvs diff: Diffing gnu/usr.bin/as/testscripts cvs diff: Diffing gnu/usr.bin/awk cvs diff: Diffing gnu/usr.bin/awk/doc cvs diff: Diffing gnu/usr.bin/bc cvs diff: Diffing gnu/usr.bin/binutils cvs diff: Diffing gnu/usr.bin/binutils/addr2line cvs diff: Diffing gnu/usr.bin/binutils/ar cvs diff: Diffing gnu/usr.bin/binutils/as cvs diff: Diffing gnu/usr.bin/binutils/as/alpha-freebsd cvs diff: Diffing gnu/usr.bin/binutils/as/i386-freebsd cvs diff: Diffing gnu/usr.bin/binutils/as/i386-winnt cvs diff: Diffing gnu/usr.bin/binutils/as/m68k-freebsd cvs diff: Diffing gnu/usr.bin/binutils/as/m68k-netbsdaout cvs diff: Diffing gnu/usr.bin/binutils/as/powerpc-freebsd cvs diff: Diffing gnu/usr.bin/binutils/as/sparc-freebsd cvs diff: Diffing gnu/usr.bin/binutils/as/sparc64-freebsd cvs diff: Diffing gnu/usr.bin/binutils/doc cvs diff: Diffing gnu/usr.bin/binutils/gasp cvs diff: Diffing gnu/usr.bin/binutils/gdb cvs diff: Diffing gnu/usr.bin/binutils/gdb/alpha cvs diff: Diffing gnu/usr.bin/binutils/gdb/i386 cvs diff: Diffing gnu/usr.bin/binutils/gdb5 cvs diff: Diffing gnu/usr.bin/binutils/gdb5/alpha cvs diff: Diffing gnu/usr.bin/binutils/gdb5/i386 cvs diff: Diffing gnu/usr.bin/binutils/gdbreplay cvs diff: Diffing gnu/usr.bin/binutils/gdbreplay5 cvs diff: Diffing gnu/usr.bin/binutils/gdbserver cvs diff: Diffing gnu/usr.bin/binutils/gdbserver5 cvs diff: Diffing gnu/usr.bin/binutils/ld cvs diff: Diffing gnu/usr.bin/binutils/libbfd cvs diff: Diffing gnu/usr.bin/binutils/libbfd/alpha cvs diff: Diffing gnu/usr.bin/binutils/libbfd/i386 cvs diff: Diffing gnu/usr.bin/binutils/libbfd/m68k cvs diff: Diffing gnu/usr.bin/binutils/libbfd/powerpc cvs diff: Diffing gnu/usr.bin/binutils/libbfd/rs6000 cvs diff: Diffing gnu/usr.bin/binutils/libbfd/sparc cvs diff: Diffing gnu/usr.bin/binutils/libbfd/sparc64 cvs diff: Diffing gnu/usr.bin/binutils/libbinutils cvs diff: Diffing gnu/usr.bin/binutils/libiberty cvs diff: Diffing gnu/usr.bin/binutils/libopcodes cvs diff: Diffing gnu/usr.bin/binutils/nm cvs diff: Diffing gnu/usr.bin/binutils/objcopy cvs diff: Diffing gnu/usr.bin/binutils/objdump cvs diff: Diffing gnu/usr.bin/binutils/ranlib cvs diff: Diffing gnu/usr.bin/binutils/readelf cvs diff: Diffing gnu/usr.bin/binutils/size cvs diff: Diffing gnu/usr.bin/binutils/strings cvs diff: Diffing gnu/usr.bin/binutils/strip cvs diff: Diffing gnu/usr.bin/cc cvs diff: Diffing gnu/usr.bin/cc/c++ cvs diff: Diffing gnu/usr.bin/cc/c++filt cvs diff: Diffing gnu/usr.bin/cc/cc cvs diff: Diffing gnu/usr.bin/cc/cc1 cvs diff: Diffing gnu/usr.bin/cc/cc1obj cvs diff: Diffing gnu/usr.bin/cc/cc1plus cvs diff: Diffing gnu/usr.bin/cc/cc_drv cvs diff: Diffing gnu/usr.bin/cc/cc_fbsd cvs diff: Diffing gnu/usr.bin/cc/cc_int cvs diff: Diffing gnu/usr.bin/cc/cc_tools cvs diff: Diffing gnu/usr.bin/cc/cccp cvs diff: Diffing gnu/usr.bin/cc/cpp cvs diff: Diffing gnu/usr.bin/cc/doc cvs diff: Diffing gnu/usr.bin/cc/f77 cvs diff: Diffing gnu/usr.bin/cc/f771 cvs diff: Diffing gnu/usr.bin/cc/f77doc cvs diff: Diffing gnu/usr.bin/cc/gcov cvs diff: Diffing gnu/usr.bin/cpio cvs diff: Diffing gnu/usr.bin/cpio/doc cvs diff: Diffing gnu/usr.bin/cvs cvs diff: Diffing gnu/usr.bin/cvs/contrib cvs diff: Diffing gnu/usr.bin/cvs/cvs cvs diff: Diffing gnu/usr.bin/cvs/cvsbug cvs diff: Diffing gnu/usr.bin/cvs/doc cvs diff: Diffing gnu/usr.bin/cvs/lib cvs diff: Diffing gnu/usr.bin/cvs/libdiff cvs diff: Diffing gnu/usr.bin/dc cvs diff: Diffing gnu/usr.bin/dc/doc cvs diff: Diffing gnu/usr.bin/dialog cvs diff: Diffing gnu/usr.bin/dialog/TESTS cvs diff: Diffing gnu/usr.bin/diff cvs diff: Diffing gnu/usr.bin/diff/doc cvs diff: Diffing gnu/usr.bin/diff3 cvs diff: Diffing gnu/usr.bin/gperf cvs diff: Diffing gnu/usr.bin/gperf/doc cvs diff: Diffing gnu/usr.bin/grep cvs diff: Diffing gnu/usr.bin/grep/doc cvs diff: Diffing gnu/usr.bin/grep/tests cvs diff: Diffing gnu/usr.bin/groff cvs diff: Diffing gnu/usr.bin/groff/contrib cvs diff: Diffing gnu/usr.bin/groff/contrib/mm cvs diff: Diffing gnu/usr.bin/groff/doc cvs diff: Diffing gnu/usr.bin/groff/font cvs diff: Diffing gnu/usr.bin/groff/font/devX100 cvs diff: Diffing gnu/usr.bin/groff/font/devX100-12 cvs diff: Diffing gnu/usr.bin/groff/font/devX75 cvs diff: Diffing gnu/usr.bin/groff/font/devX75-12 cvs diff: Diffing gnu/usr.bin/groff/font/devascii cvs diff: Diffing gnu/usr.bin/groff/font/devcp1047 cvs diff: Diffing gnu/usr.bin/groff/font/devdvi cvs diff: Diffing gnu/usr.bin/groff/font/devhtml cvs diff: Diffing gnu/usr.bin/groff/font/devkoi8-r cvs diff: Diffing gnu/usr.bin/groff/font/devlatin1 cvs diff: Diffing gnu/usr.bin/groff/font/devlbp cvs diff: Diffing gnu/usr.bin/groff/font/devlj4 cvs diff: Diffing gnu/usr.bin/groff/font/devps cvs diff: Diffing gnu/usr.bin/groff/font/devutf8 cvs diff: Diffing gnu/usr.bin/groff/man cvs diff: Diffing gnu/usr.bin/groff/src cvs diff: Diffing gnu/usr.bin/groff/src/devices cvs diff: Diffing gnu/usr.bin/groff/src/devices/grodvi cvs diff: Diffing gnu/usr.bin/groff/src/devices/grohtml cvs diff: Diffing gnu/usr.bin/groff/src/devices/grolbp cvs diff: Diffing gnu/usr.bin/groff/src/devices/grolj4 cvs diff: Diffing gnu/usr.bin/groff/src/devices/grops cvs diff: Diffing gnu/usr.bin/groff/src/devices/grotty cvs diff: Diffing gnu/usr.bin/groff/src/include cvs diff: Diffing gnu/usr.bin/groff/src/libs cvs diff: Diffing gnu/usr.bin/groff/src/libs/libbib cvs diff: Diffing gnu/usr.bin/groff/src/libs/libdriver cvs diff: Diffing gnu/usr.bin/groff/src/libs/libgroff cvs diff: Diffing gnu/usr.bin/groff/src/preproc cvs diff: Diffing gnu/usr.bin/groff/src/preproc/eqn cvs diff: Diffing gnu/usr.bin/groff/src/preproc/grn cvs diff: Diffing gnu/usr.bin/groff/src/preproc/html cvs diff: Diffing gnu/usr.bin/groff/src/preproc/pic cvs diff: Diffing gnu/usr.bin/groff/src/preproc/refer cvs diff: Diffing gnu/usr.bin/groff/src/preproc/soelim cvs diff: Diffing gnu/usr.bin/groff/src/preproc/tbl cvs diff: Diffing gnu/usr.bin/groff/src/roff cvs diff: Diffing gnu/usr.bin/groff/src/roff/groff cvs diff: Diffing gnu/usr.bin/groff/src/roff/grog cvs diff: Diffing gnu/usr.bin/groff/src/roff/nroff cvs diff: Diffing gnu/usr.bin/groff/src/roff/psroff cvs diff: Diffing gnu/usr.bin/groff/src/roff/troff cvs diff: Diffing gnu/usr.bin/groff/src/utils cvs diff: Diffing gnu/usr.bin/groff/src/utils/addftinfo cvs diff: Diffing gnu/usr.bin/groff/src/utils/afmtodit cvs diff: Diffing gnu/usr.bin/groff/src/utils/hpftodit cvs diff: Diffing gnu/usr.bin/groff/src/utils/indxbib cvs diff: Diffing gnu/usr.bin/groff/src/utils/lkbib cvs diff: Diffing gnu/usr.bin/groff/src/utils/lookbib cvs diff: Diffing gnu/usr.bin/groff/src/utils/pfbtops cvs diff: Diffing gnu/usr.bin/groff/src/utils/tfmtodit cvs diff: Diffing gnu/usr.bin/groff/tmac cvs diff: Diffing gnu/usr.bin/gzip cvs diff: Diffing gnu/usr.bin/ld cvs diff: Diffing gnu/usr.bin/ld/sparc cvs diff: Diffing gnu/usr.bin/man cvs diff: Diffing gnu/usr.bin/man/apropos cvs diff: Diffing gnu/usr.bin/man/catman cvs diff: Diffing gnu/usr.bin/man/lib cvs diff: Diffing gnu/usr.bin/man/makewhatis cvs diff: Diffing gnu/usr.bin/man/man cvs diff: Diffing gnu/usr.bin/man/manpath cvs diff: Diffing gnu/usr.bin/patch cvs diff: Diffing gnu/usr.bin/perl cvs diff: Diffing gnu/usr.bin/perl/BSDPAN cvs diff: Diffing gnu/usr.bin/perl/BSDPAN/BSDPAN cvs diff: Diffing gnu/usr.bin/perl/BSDPAN/ExtUtils cvs diff: Diffing gnu/usr.bin/perl/libperl cvs diff: Diffing gnu/usr.bin/perl/library cvs diff: Diffing gnu/usr.bin/perl/library/B cvs diff: Diffing gnu/usr.bin/perl/library/ByteLoader cvs diff: Diffing gnu/usr.bin/perl/library/DB_File cvs diff: Diffing gnu/usr.bin/perl/library/DProf cvs diff: Diffing gnu/usr.bin/perl/library/Dumper cvs diff: Diffing gnu/usr.bin/perl/library/Errno cvs diff: Diffing gnu/usr.bin/perl/library/Fcntl cvs diff: Diffing gnu/usr.bin/perl/library/Glob cvs diff: Diffing gnu/usr.bin/perl/library/Hostname cvs diff: Diffing gnu/usr.bin/perl/library/IO cvs diff: Diffing gnu/usr.bin/perl/library/NDBM_File cvs diff: Diffing gnu/usr.bin/perl/library/Opcode cvs diff: Diffing gnu/usr.bin/perl/library/POSIX cvs diff: Diffing gnu/usr.bin/perl/library/Peek cvs diff: Diffing gnu/usr.bin/perl/library/SDBM_File cvs diff: Diffing gnu/usr.bin/perl/library/Socket cvs diff: Diffing gnu/usr.bin/perl/library/SysV cvs diff: Diffing gnu/usr.bin/perl/library/Syslog cvs diff: Diffing gnu/usr.bin/perl/library/attrs cvs diff: Diffing gnu/usr.bin/perl/library/re cvs diff: Diffing gnu/usr.bin/perl/miniperl cvs diff: Diffing gnu/usr.bin/perl/perl cvs diff: Diffing gnu/usr.bin/perl/pod cvs diff: Diffing gnu/usr.bin/perl/pod/pod cvs diff: Diffing gnu/usr.bin/perl/pod/pod2html cvs diff: Diffing gnu/usr.bin/perl/pod/pod2latex cvs diff: Diffing gnu/usr.bin/perl/pod/pod2man cvs diff: Diffing gnu/usr.bin/perl/pod/pod2text cvs diff: Diffing gnu/usr.bin/perl/suidperl cvs diff: Diffing gnu/usr.bin/perl/utils cvs diff: Diffing gnu/usr.bin/perl/utils/c2ph cvs diff: Diffing gnu/usr.bin/perl/utils/dprofpp cvs diff: Diffing gnu/usr.bin/perl/utils/h2ph cvs diff: Diffing gnu/usr.bin/perl/utils/h2xs cvs diff: Diffing gnu/usr.bin/perl/utils/perlbc cvs diff: Diffing gnu/usr.bin/perl/utils/perlbug cvs diff: Diffing gnu/usr.bin/perl/utils/perlcc cvs diff: Diffing gnu/usr.bin/perl/utils/perldoc cvs diff: Diffing gnu/usr.bin/perl/utils/pl2pm cvs diff: Diffing gnu/usr.bin/perl/utils/splain cvs diff: Diffing gnu/usr.bin/perl/x2p cvs diff: Diffing gnu/usr.bin/perl/x2p/a2pl cvs diff: Diffing gnu/usr.bin/perl/x2p/find2pl cvs diff: Diffing gnu/usr.bin/perl/x2p/s2pl cvs diff: Diffing gnu/usr.bin/ptx cvs diff: Diffing gnu/usr.bin/ptx/doc cvs diff: Diffing gnu/usr.bin/ptx/examples cvs diff: Diffing gnu/usr.bin/ptx/examples/ajay cvs diff: Diffing gnu/usr.bin/ptx/examples/ignore cvs diff: Diffing gnu/usr.bin/ptx/examples/latex cvs diff: Diffing gnu/usr.bin/ptx/examples/luke cvs diff: Diffing gnu/usr.bin/rcs cvs diff: Diffing gnu/usr.bin/rcs/ci cvs diff: Diffing gnu/usr.bin/rcs/co cvs diff: Diffing gnu/usr.bin/rcs/doc cvs diff: Diffing gnu/usr.bin/rcs/ident cvs diff: Diffing gnu/usr.bin/rcs/lib cvs diff: Diffing gnu/usr.bin/rcs/merge cvs diff: Diffing gnu/usr.bin/rcs/rcs cvs diff: Diffing gnu/usr.bin/rcs/rcsclean cvs diff: Diffing gnu/usr.bin/rcs/rcsdiff cvs diff: Diffing gnu/usr.bin/rcs/rcsfreeze cvs diff: Diffing gnu/usr.bin/rcs/rcsmerge cvs diff: Diffing gnu/usr.bin/rcs/rlog cvs diff: Diffing gnu/usr.bin/sdiff cvs diff: Diffing gnu/usr.bin/send-pr cvs diff: Diffing gnu/usr.bin/send-pr/doc cvs diff: Diffing gnu/usr.bin/sort cvs diff: Diffing gnu/usr.bin/tar cvs diff: Diffing gnu/usr.bin/texinfo cvs diff: Diffing gnu/usr.bin/texinfo/doc cvs diff: Diffing gnu/usr.bin/texinfo/info cvs diff: Diffing gnu/usr.bin/texinfo/install-info cvs diff: Diffing gnu/usr.bin/texinfo/libtxi cvs diff: Diffing gnu/usr.bin/texinfo/makeinfo cvs diff: Diffing gnu/usr.bin/texinfo/texindex cvs diff: Diffing gnu/usr.sbin cvs diff: Diffing include cvs diff: Diffing include/arpa cvs diff: Diffing include/protocols cvs diff: Diffing include/rpc cvs diff: Diffing include/rpcsvc cvs diff: Diffing kerberos5 cvs diff: Diffing kerberos5/include cvs diff: Diffing kerberos5/lib cvs diff: Diffing kerberos5/lib/libasn1 cvs diff: Diffing kerberos5/lib/libgssapi cvs diff: Diffing kerberos5/lib/libhdb cvs diff: Diffing kerberos5/lib/libkadm5clnt cvs diff: Diffing kerberos5/lib/libkadm5srv cvs diff: Diffing kerberos5/lib/libkafs5 cvs diff: Diffing kerberos5/lib/libkrb5 cvs diff: Diffing kerberos5/lib/libroken cvs diff: Diffing kerberos5/lib/libsl cvs diff: Diffing kerberos5/lib/libtelnet cvs diff: Diffing kerberos5/lib/libvers cvs diff: Diffing kerberos5/libexec cvs diff: Diffing kerberos5/libexec/hprop cvs diff: Diffing kerberos5/libexec/hpropd cvs diff: Diffing kerberos5/libexec/ipropd-master cvs diff: Diffing kerberos5/libexec/ipropd-slave cvs diff: Diffing kerberos5/libexec/k5admind cvs diff: Diffing kerberos5/libexec/k5passwdd cvs diff: Diffing kerberos5/libexec/kdc cvs diff: Diffing kerberos5/libexec/telnetd cvs diff: Diffing kerberos5/usr.bin cvs diff: Diffing kerberos5/usr.bin/k5admin cvs diff: Diffing kerberos5/usr.bin/k5destroy cvs diff: Diffing kerberos5/usr.bin/k5init cvs diff: Diffing kerberos5/usr.bin/k5list cvs diff: Diffing kerberos5/usr.bin/k5passwd cvs diff: Diffing kerberos5/usr.bin/k5su cvs diff: Diffing kerberos5/usr.bin/krb5-config cvs diff: Diffing kerberos5/usr.bin/telnet cvs diff: Diffing kerberos5/usr.sbin cvs diff: Diffing kerberos5/usr.sbin/k5stash cvs diff: Diffing kerberos5/usr.sbin/ktutil cvs diff: Diffing kerberosIV cvs diff: Diffing kerberosIV/include cvs diff: Diffing kerberosIV/lib cvs diff: Diffing kerberosIV/lib/libacl cvs diff: Diffing kerberosIV/lib/libkadm cvs diff: Diffing kerberosIV/lib/libkafs cvs diff: Diffing kerberosIV/lib/libkdb cvs diff: Diffing kerberosIV/lib/libkrb cvs diff: Diffing kerberosIV/lib/libroken cvs diff: Diffing kerberosIV/lib/libsl cvs diff: Diffing kerberosIV/lib/libtelnet cvs diff: Diffing kerberosIV/libexec cvs diff: Diffing kerberosIV/libexec/kauthd cvs diff: Diffing kerberosIV/libexec/kipd cvs diff: Diffing kerberosIV/libexec/kpropd cvs diff: Diffing kerberosIV/libexec/telnetd cvs diff: Diffing kerberosIV/share cvs diff: Diffing kerberosIV/share/info cvs diff: Diffing kerberosIV/usr.bin cvs diff: Diffing kerberosIV/usr.bin/kadmin cvs diff: Diffing kerberosIV/usr.bin/kauth cvs diff: Diffing kerberosIV/usr.bin/kdestroy cvs diff: Diffing kerberosIV/usr.bin/kinit cvs diff: Diffing kerberosIV/usr.bin/klist cvs diff: Diffing kerberosIV/usr.bin/ksrvtgt cvs diff: Diffing kerberosIV/usr.bin/telnet cvs diff: Diffing kerberosIV/usr.sbin cvs diff: Diffing kerberosIV/usr.sbin/ext_srvtab cvs diff: Diffing kerberosIV/usr.sbin/kadmind cvs diff: Diffing kerberosIV/usr.sbin/kdb_destroy cvs diff: Diffing kerberosIV/usr.sbin/kdb_edit cvs diff: Diffing kerberosIV/usr.sbin/kdb_init cvs diff: Diffing kerberosIV/usr.sbin/kdb_util cvs diff: Diffing kerberosIV/usr.sbin/kerberos cvs diff: Diffing kerberosIV/usr.sbin/kip cvs diff: Diffing kerberosIV/usr.sbin/kprop cvs diff: Diffing kerberosIV/usr.sbin/ksrvutil cvs diff: Diffing kerberosIV/usr.sbin/kstash cvs diff: Diffing lib cvs diff: Diffing lib/compat cvs diff: Diffing lib/compat/compat1x cvs diff: Diffing lib/compat/compat20 cvs diff: Diffing lib/compat/compat21 cvs diff: Diffing lib/compat/compat22 cvs diff: Diffing lib/compat/compat3x.i386 cvs diff: Diffing lib/compat/compat4x.alpha cvs diff: Diffing lib/compat/compat4x.i386 cvs diff: Diffing lib/csu cvs diff: Diffing lib/csu/alpha cvs diff: Diffing lib/csu/common cvs diff: Diffing lib/csu/i386 cvs diff: Diffing lib/csu/i386-elf cvs diff: Diffing lib/csu/ia64 cvs diff: Diffing lib/csu/powerpc cvs diff: Diffing lib/csu/sparc cvs diff: Diffing lib/libalias cvs diff: Diffing lib/libatm cvs diff: Diffing lib/libbind cvs diff: Diffing lib/libbz2 cvs diff: Diffing lib/libc cvs diff: Diffing lib/libc/alpha cvs diff: Diffing lib/libc/alpha/gen cvs diff: Diffing lib/libc/alpha/net cvs diff: Diffing lib/libc/alpha/stdlib cvs diff: Diffing lib/libc/alpha/string cvs diff: Diffing lib/libc/alpha/sys cvs diff: Diffing lib/libc/compat-43 cvs diff: Diffing lib/libc/db cvs diff: Diffing lib/libc/db/btree cvs diff: Diffing lib/libc/db/db cvs diff: Diffing lib/libc/db/docs cvs diff: Diffing lib/libc/db/hash cvs diff: Diffing lib/libc/db/man cvs diff: Diffing lib/libc/db/mpool cvs diff: Diffing lib/libc/db/recno cvs diff: Diffing lib/libc/db/test cvs diff: Diffing lib/libc/db/test/btree.tests cvs diff: Diffing lib/libc/db/test/hash.tests cvs diff: Diffing lib/libc/gen Index: lib/libc/gen/getmntinfo.c =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/getmntinfo.c,v retrieving revision 1.2 diff -u -r1.2 getmntinfo.c --- lib/libc/gen/getmntinfo.c 2001/05/01 09:30:02 1.2 +++ lib/libc/gen/getmntinfo.c 2001/06/03 13:56:21 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include cvs diff: Diffing lib/libc/gmon cvs diff: Diffing lib/libc/i386 cvs diff: Diffing lib/libc/i386/gen cvs diff: Diffing lib/libc/i386/net cvs diff: Diffing lib/libc/i386/stdlib cvs diff: Diffing lib/libc/i386/string cvs diff: Diffing lib/libc/i386/sys cvs diff: Diffing lib/libc/ia64 cvs diff: Diffing lib/libc/ia64/gen cvs diff: Diffing lib/libc/ia64/net cvs diff: Diffing lib/libc/ia64/stdlib cvs diff: Diffing lib/libc/ia64/string cvs diff: Diffing lib/libc/ia64/sys cvs diff: Diffing lib/libc/include cvs diff: Diffing lib/libc/locale cvs diff: Diffing lib/libc/mips cvs diff: Diffing lib/libc/mips/gen cvs diff: Diffing lib/libc/mips/net cvs diff: Diffing lib/libc/mips/stdlib cvs diff: Diffing lib/libc/mips/string cvs diff: Diffing lib/libc/mips/sys cvs diff: Diffing lib/libc/mipseb cvs diff: Diffing lib/libc/mipseb/gen cvs diff: Diffing lib/libc/mipseb/net cvs diff: Diffing lib/libc/mipseb/stdlib cvs diff: Diffing lib/libc/mipseb/string cvs diff: Diffing lib/libc/mipseb/sys cvs diff: Diffing lib/libc/mipsel cvs diff: Diffing lib/libc/mipsel/gen cvs diff: Diffing lib/libc/mipsel/net cvs diff: Diffing lib/libc/mipsel/stdlib cvs diff: Diffing lib/libc/mipsel/string cvs diff: Diffing lib/libc/mipsel/sys cvs diff: Diffing lib/libc/net cvs diff: Diffing lib/libc/nls cvs diff: Diffing lib/libc/posix1e Index: lib/libc/posix1e/Makefile.inc =================================================================== RCS file: /home/ncvs/src/lib/libc/posix1e/Makefile.inc,v retrieving revision 1.6 diff -u -r1.6 Makefile.inc --- lib/libc/posix1e/Makefile.inc 2001/09/01 00:00:50 1.6 +++ lib/libc/posix1e/Makefile.inc 2001/09/09 02:17:41 @@ -32,7 +32,12 @@ cap_set_file.c \ cap_set_flag.c \ cap_set_proc.c \ - cap_text.c + cap_text.c \ + mac_constant.c \ + mac_free.c \ + mac_get.c \ + mac_set.c \ + mac_text.c .if ${LIB} == "c" Index: lib/libc/posix1e/mac_constant.c =================================================================== RCS file: mac_constant.c diff -N mac_constant.c --- /dev/null Fri Sep 21 08:55:01 2001 +++ mac_constant.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,21 @@ +#include +#include + +/* + * The following label defines "system high", used by the TrustedBSD + * userland Trusted Code Base (TCB). It is assigned during the install + * process to TCB files, and used by privileged processes when setting + * rights on files that are part of the TCB (/etc/passwd and so on). + * Changing this label has serious consequences both in terms of + * propagation (recompile everything, make sure the kernel default + * label matches, etc), as well as security (changing this may break + * assumptions throughout the system). Don't change it unless you + * know what you're doing. Seriously. + */ + +const struct mac mac_userland_system_high_label = { + {MAC_BIBA_TYPE_HIGH, 0}, + {MAC_MLS_TYPE_LOW, 0}, + {MAC_PARTITION_TYPE_NONE, 0} +}; + Index: lib/libc/posix1e/mac_free.c =================================================================== RCS file: mac_free.c diff -N mac_free.c --- /dev/null Fri Sep 21 08:55:01 2001 +++ mac_free.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,12 @@ +#include +#include + +#include + +int +mac_free(void *buf_p) +{ + + free(buf_p); + return (0); +} Index: lib/libc/posix1e/mac_get.c =================================================================== RCS file: mac_get.c diff -N mac_get.c --- /dev/null Fri Sep 21 08:55:01 2001 +++ mac_get.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,68 @@ +#include +#include + +#include +#include + +mac_t +mac_get_file(const char *path_p) +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_file(path_p, label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} + +mac_t +mac_get_fd(int fd) +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_fd(fd, label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} + +mac_t +mac_get_proc() +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_proc(label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} Index: lib/libc/posix1e/mac_set.c =================================================================== RCS file: mac_set.c diff -N mac_set.c --- /dev/null Fri Sep 21 08:55:01 2001 +++ mac_set.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,23 @@ +#include +#include + +int +mac_set_file(const char *path_p, mac_t label) +{ + + return (__mac_set_file(path_p, label)); +} + +int +mac_set_fd(int fd, mac_t label) +{ + + return (__mac_set_fd(fd, label)); +} + +int +mac_set_proc(mac_t label) +{ + + return (__mac_set_proc(label)); +} Index: lib/libc/posix1e/mac_text.c =================================================================== RCS file: mac_text.c diff -N mac_text.c --- /dev/null Fri Sep 21 08:55:01 2001 +++ mac_text.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,391 @@ +#include +#include + +#include +#include +#include + +/* + * POSIX.1e does not define a text format for MAC label string conversions. + * We use the following format: + * "policy/qualifier,..." + * Where: + * policy can be one of "biba", "mls", "partition + * type for "biba" can be "high", "low", "equal", or a numeric grade + * type for "mls" can be "high", "low", "equal", of a numeric level + * type for "partition" can be "none", "all", or a numeric partition + * All policies must be present, but may be in any order. + * + * Sample labels: + * biba/high,mls/low,partition/none + * biba/low,mls/low,partition/none + * biba/low,mls/low,partition/3 + * biba/low,mls/3,partition/none + */ + +/* + * XXX: Parsing code below assumes these next two constants will be + * character strings containing a single character. + */ +#define STRING_SEP "," +#define STRING_ASSIGN "/" + +#define STRING_BIBA "biba" +#define STRING_MLS "mls" +#define STRING_PARTITION "partition" +static char *STRING_UNKNOWN = "unknown"; + +static char *STRING_BIBA_HIGH = "high"; +static char *STRING_BIBA_LOW = "low"; +static char *STRING_BIBA_EQUAL = "equal"; + +static char *STRING_MLS_HIGH = "high"; +static char *STRING_MLS_LOW = "low"; +static char *STRING_MLS_EQUAL = "equal"; + +static char *STRING_PARTITION_NONE = "none"; +static char *STRING_PARTITION_ALL = "all"; + +static int +biba_string_to_label(char *string, struct mac_biba *label) +{ + char *local_string, *token, *next_token, *tmp; + int error = 0; + + local_string = strdup(string); + if (local_string == NULL) + return (ENOMEM); + + next_token = local_string; + token = strsep(&next_token, STRING_ASSIGN); + + if (strcmp(token, STRING_BIBA) != 0) { + error = EINVAL; + goto exit1; + } + + token = strsep(&next_token, STRING_ASSIGN); + if (token == NULL) { + error = EINVAL; + goto exit1; + } + + label->mb_grade = 0; + if (strcmp(token, STRING_BIBA_HIGH) == 0) + label->mb_type = MAC_BIBA_TYPE_HIGH; + else if (strcmp(token, STRING_BIBA_LOW) == 0) + label->mb_type = MAC_BIBA_TYPE_LOW; + else if (strcmp(token, STRING_BIBA_EQUAL) == 0) + label->mb_type = MAC_BIBA_TYPE_EQUAL; + else { + /* Should be a numeric grade. */ + /* XXX: Check range for strtoul. */ + label->mb_type = MAC_BIBA_TYPE_GRADE; + label->mb_grade = strtoul(token, &tmp, 10); + if (*tmp != '\0') + error = EINVAL; + } + + if (next_token != NULL) + error = EINVAL; + +exit1: + free(local_string); + return (error); +} + +static char * +biba_label_to_string(struct mac_biba label) +{ + char *buf; + + switch (label.mb_type) { + case MAC_BIBA_TYPE_GRADE: + asprintf(&buf, "%s%s%hu", STRING_BIBA, STRING_ASSIGN, + label.mb_grade); + break; + case MAC_BIBA_TYPE_LOW: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_BIBA_LOW); + break; + case MAC_BIBA_TYPE_HIGH: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_BIBA_HIGH); + break; + case MAC_BIBA_TYPE_EQUAL: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_BIBA_EQUAL); + break; + default: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_UNKNOWN); + } + + return (buf); +} + +static int +mls_string_to_label(char *string, struct mac_mls *label) +{ + char *local_string, *token, *next_token, *tmp; + int error = 0; + + local_string = strdup(string); + if (local_string == NULL) + return (ENOMEM); + + next_token = local_string; + token = strsep(&next_token, STRING_ASSIGN); + + if (strcmp(token, STRING_MLS) != 0) { + error = EINVAL; + goto exit1; + } + + token = strsep(&next_token, STRING_ASSIGN); + if (token == NULL) { + error = EINVAL; + goto exit1; + } + + label->mm_level = 0; + if (strcmp(token, STRING_MLS_HIGH) == 0) + label->mm_type = MAC_MLS_TYPE_HIGH; + else if (strcmp(token, STRING_MLS_LOW) == 0) + label->mm_type = MAC_MLS_TYPE_LOW; + else if (strcmp(token, STRING_MLS_EQUAL) == 0) + label->mm_type = MAC_MLS_TYPE_EQUAL; + else { + /* Should be a numeric level. */ + /* XXX: Check range for strtoul. */ + label->mm_type = MAC_MLS_TYPE_LEVEL; + label->mm_level = strtoul(token, &tmp, 10); + if (*tmp != '\0') + error = EINVAL; + } + + if (next_token != NULL) + error = EINVAL; + +exit1: + free(local_string); + return (error); +} + +static char * +mls_label_to_string(struct mac_mls label) +{ + char *buf; + + switch (label.mm_type) { + case MAC_MLS_TYPE_LEVEL: + asprintf(&buf, "%s%s%hu", STRING_MLS, STRING_ASSIGN, + label.mm_level); + break; + case MAC_MLS_TYPE_LOW: + asprintf(&buf, "%s%s%s", STRING_MLS, STRING_ASSIGN, + STRING_MLS_LOW); + break; + case MAC_MLS_TYPE_HIGH: + asprintf(&buf, "%s%s%s", STRING_MLS, STRING_ASSIGN, + STRING_MLS_HIGH); + break; + case MAC_MLS_TYPE_EQUAL: + asprintf(&buf, "%s%s%s", STRING_MLS, STRING_ASSIGN, + STRING_MLS_EQUAL); + break; + default: + asprintf(&buf, "%s:%s", STRING_MLS, STRING_ASSIGN, + STRING_UNKNOWN); + } + + return (buf); +} + +static int +partition_string_to_label(char *string, struct mac_partition *label) +{ + char *local_string, *token, *next_token, *tmp; + int error = 0; + + local_string = strdup(string); + if (local_string == NULL) + return (ENOMEM); + + next_token = local_string; + token = strsep(&next_token, STRING_ASSIGN); + + if (strcmp(token, STRING_PARTITION) != 0) { + error = EINVAL; + goto exit1; + } + + token = strsep(&next_token, STRING_ASSIGN); + if (token == NULL) { + error = EINVAL; + goto exit1; + } + + label->mp_partition = 0; + if (strcmp(token, STRING_PARTITION_NONE) == 0) + label->mp_type = MAC_PARTITION_TYPE_NONE; + else if (strcmp(token, STRING_PARTITION_ALL) == 0) + label->mp_type = MAC_PARTITION_TYPE_ALL; + else { + /* Should be a numeric partition identifier. */ + /* XXX: Should check range for strtoul. */ + label->mp_type = MAC_PARTITION_TYPE_PARTITION; + label->mp_partition = strtoul(token, &tmp, 10); + if (*tmp != '\0') + error = EINVAL; + } + + if (next_token != NULL) + error = EINVAL; + +exit1: + free(local_string); + return (error); +} + +static char * +partition_label_to_string(struct mac_partition label) +{ + char *buf; + + switch (label.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + asprintf(&buf, "%s%s%hu", STRING_PARTITION, STRING_ASSIGN, + label.mp_partition); + break; + case MAC_PARTITION_TYPE_ALL: + asprintf(&buf, "%s%s%s", STRING_PARTITION, STRING_ASSIGN, + STRING_PARTITION_ALL); + break; + case MAC_PARTITION_TYPE_NONE: + asprintf(&buf, "%s%s%s", STRING_PARTITION, STRING_ASSIGN, + STRING_PARTITION_NONE); + break; + default: + asprintf(&buf, "%s%s%s", STRING_PARTITION, STRING_ASSIGN, + STRING_UNKNOWN); + } + + return (buf); +} + +char * +mac_to_text(struct mac *mac_p, size_t *len_p) +{ + char *biba, *mls, *partition; + char *buf; + int len; + + biba = biba_label_to_string(mac_p->m_biba); + if (biba == NULL) { + errno = ENOMEM; + return (NULL); + } + mls = mls_label_to_string(mac_p->m_mls); + if (mls == NULL) { + errno = ENOMEM; + free(biba); + return (NULL); + } + partition = partition_label_to_string(mac_p->m_partition); + if (partition == NULL) { + errno = ENOMEM; + free(biba); + free(mls); + return (NULL); + } + + len = asprintf(&buf, "%s%s%s%s%s", biba, STRING_SEP, mls, STRING_SEP, + partition); + + free(biba); + free(mls); + free(partition); + + if (len != -1 && len_p != NULL) + *len_p = len; + + return (buf); +} + +struct mac * +mac_from_text(const char *text_p) +{ + struct mac *label; + char *local_string, *next_token, *token, *tmp; + int biba_seen = 0, mls_seen = 0, partition_seen = 0; + int error; + + /* + * Parse into three assignments, determine which assignments + * they are and recurse appropriately, and reject if there are + * not the right assignments (or duplicates). + */ + + label = (struct mac *) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + goto exit1; + } + + local_string = strdup(text_p); + if (local_string == NULL) { + errno = ENOMEM; + goto exit2; + } + + next_token = local_string; + while ((token = strsep(&next_token, STRING_SEP)) != NULL) { + + if (strncmp(token, STRING_BIBA STRING_ASSIGN, strlen( + STRING_BIBA STRING_ASSIGN)) == 0) { + error = biba_string_to_label(token, &label->m_biba); + if (error) { + errno = error; + goto exit2; + } + biba_seen++; + } else if (strncmp(token, STRING_MLS STRING_ASSIGN, strlen( + STRING_MLS STRING_ASSIGN)) == 0) { + error = mls_string_to_label(token, &label->m_mls); + if (error) { + errno = error; + goto exit2; + } + mls_seen++; + } else if (strncmp(token, STRING_PARTITION STRING_ASSIGN, + strlen(STRING_PARTITION STRING_ASSIGN)) == 0) { + error = partition_string_to_label(token, + &label->m_partition); + if (error) { + errno = error; + goto exit2; + } + partition_seen++; + } else { + /* Unrecognized label type name. */ + errno = EINVAL; + goto exit2; + } + } + + if (biba_seen != 1 || mls_seen != 1 || partition_seen != 1) { + errno = EINVAL; + goto exit2; + } + + /* Success. */ + goto exit1; + +exit2: + free(label); + label = NULL; +exit1: + free(local_string); + return (label); +} cvs diff: Diffing lib/libc/quad cvs diff: Diffing lib/libc/quad/TESTS cvs diff: Diffing lib/libc/regex cvs diff: Diffing lib/libc/regex/grot cvs diff: Diffing lib/libc/rpc cvs diff: Diffing lib/libc/rpc/PSD.doc cvs diff: Diffing lib/libc/stdio cvs diff: Diffing lib/libc/stdlib cvs diff: Diffing lib/libc/stdtime cvs diff: Diffing lib/libc/string cvs diff: Diffing lib/libc/sys cvs diff: Diffing lib/libc/xdr cvs diff: Diffing lib/libc/yp cvs diff: Diffing lib/libc_r cvs diff: Diffing lib/libc_r/arch cvs diff: Diffing lib/libc_r/arch/alpha cvs diff: Diffing lib/libc_r/arch/i386 cvs diff: Diffing lib/libc_r/man cvs diff: Diffing lib/libc_r/sys cvs diff: Diffing lib/libc_r/test cvs diff: Diffing lib/libc_r/uthread cvs diff: Diffing lib/libcalendar cvs diff: Diffing lib/libcam cvs diff: Diffing lib/libcom_err Index: lib/libcom_err/Makefile =================================================================== RCS file: /home/ncvs/src/lib/libcom_err/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- lib/libcom_err/Makefile 2001/03/27 17:26:58 1.12 +++ lib/libcom_err/Makefile 2001/06/11 23:23:00 @@ -3,7 +3,7 @@ LIB= com_err SRCS= com_err.c error.c INCS= ${COM_ERRDIR}/com_err.h ${COM_ERRDIR}/com_right.h -MAN= com_err.3 +#MAN= com_err.3 COM_ERRDIR= ${.CURDIR}/../../contrib/com_err CFLAGS+= -I${COM_ERRDIR} cvs diff: Diffing lib/libcom_err/doc cvs diff: Diffing lib/libcompat cvs diff: Diffing lib/libcompat/4.1 cvs diff: Diffing lib/libcompat/4.3 cvs diff: Diffing lib/libcompat/4.4 cvs diff: Diffing lib/libcompat/regexp cvs diff: Diffing lib/libcrypt cvs diff: Diffing lib/libdevinfo cvs diff: Diffing lib/libdevstat cvs diff: Diffing lib/libdisk cvs diff: Diffing lib/libedit cvs diff: Diffing lib/libedit/TEST cvs diff: Diffing lib/libfetch cvs diff: Diffing lib/libform cvs diff: Diffing lib/libftpio cvs diff: Diffing lib/libgnumalloc cvs diff: Diffing lib/libio cvs diff: Diffing lib/libipsec cvs diff: Diffing lib/libipx cvs diff: Diffing lib/libisc cvs diff: Diffing lib/libkvm cvs diff: Diffing lib/libm cvs diff: Diffing lib/libm/common cvs diff: Diffing lib/libm/common_source cvs diff: Diffing lib/libm/ieee cvs diff: Diffing lib/libmd cvs diff: Diffing lib/libmd/i386 cvs diff: Diffing lib/libmenu cvs diff: Diffing lib/libmp cvs diff: Diffing lib/libncp cvs diff: Diffing lib/libncurses cvs diff: Diffing lib/libnetgraph cvs diff: Diffing lib/libopie cvs diff: Diffing lib/libpam cvs diff: Diffing lib/libpam/libpam cvs diff: Diffing lib/libpam/libpam/security cvs diff: Diffing lib/libpam/modules cvs diff: Diffing lib/libpam/modules/pam_deny cvs diff: Diffing lib/libpam/modules/pam_ftp cvs diff: Diffing lib/libpam/modules/pam_kerberosIV cvs diff: Diffing lib/libpam/modules/pam_krb5 cvs diff: Diffing lib/libpam/modules/pam_nologin cvs diff: Diffing lib/libpam/modules/pam_opie cvs diff: Diffing lib/libpam/modules/pam_permit cvs diff: Diffing lib/libpam/modules/pam_radius cvs diff: Diffing lib/libpam/modules/pam_rootok cvs diff: Diffing lib/libpam/modules/pam_securetty cvs diff: Diffing lib/libpam/modules/pam_ssh cvs diff: Diffing lib/libpam/modules/pam_tacplus cvs diff: Diffing lib/libpam/modules/pam_unix cvs diff: Diffing lib/libpam/modules/pam_wheel cvs diff: Diffing lib/libpanel cvs diff: Diffing lib/libpcap cvs diff: Diffing lib/libradius cvs diff: Diffing lib/libresolv cvs diff: Diffing lib/librpcsvc cvs diff: Diffing lib/libsbuf cvs diff: Diffing lib/libsmdb cvs diff: Diffing lib/libsmutil cvs diff: Diffing lib/libstand cvs diff: Diffing lib/libstand/alpha cvs diff: Diffing lib/libstand/i386 cvs diff: Diffing lib/libstand/powerpc cvs diff: Diffing lib/libtacplus cvs diff: Diffing lib/libtelnet cvs diff: Diffing lib/libusb cvs diff: Diffing lib/libutil Index: lib/libutil/login_cap.h =================================================================== RCS file: /home/ncvs/src/lib/libutil/login_cap.h,v retrieving revision 1.4 diff -u -r1.4 login_cap.h --- lib/libutil/login_cap.h 2000/08/22 02:15:52 1.4 +++ lib/libutil/login_cap.h 2000/11/19 22:56:25 @@ -47,7 +47,8 @@ #define LOGIN_SETUMASK 0x0020 /* set umask, obviously */ #define LOGIN_SETUSER 0x0040 /* set user (via setuid) */ #define LOGIN_SETENV 0x0080 /* set user environment */ -#define LOGIN_SETALL 0x00ff /* set everything */ +#define LOGIN_SETLABEL 0x0100 /* set user MAC label */ +#define LOGIN_SETALL 0x01ff /* set everything */ #define BI_AUTH "authorize" /* accepted authentication */ #define BI_REJECT "reject" /* rejected authentication */ Index: lib/libutil/login_class.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/login_class.c,v retrieving revision 1.15 diff -u -r1.15 login_class.c --- lib/libutil/login_class.c 2000/07/14 13:56:07 1.15 +++ lib/libutil/login_class.c 2000/12/18 05:08:37 @@ -39,6 +39,7 @@ #include #include #include +#include static struct login_res { @@ -316,6 +317,7 @@ #ifndef __NETBSD_SYSCALLS struct rtprio rtp; #endif + int error; if (lc == NULL) { if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) @@ -370,6 +372,44 @@ (u_long)pwd->pw_gid); login_close(llc); return -1; + } + } + + /* Setup the user's MAC label. */ + if (flags & LOGIN_SETLABEL) { + char *label_string; + mac_t label; + + /* + * XXX: In the following code, there are a number of "fail open" + * cases in which the process label will not be set. The following + * cases need to be addressed better: + * - The login.conf file does not contain a label for the user. + * but the kernel supports labeling (how to test this case?) + * - The login.conf file contains a syntactically semantically + * invalid label. + * - The kernel does not have support for labels compiled in, but + * a label is defined. + */ + label_string = login_getcapstr(lc, "label", NULL, NULL); + if (label_string == NULL) { + /* Leave label as is, warning, dangerous */ + } else { + label = mac_from_text(label_string); + if (label == NULL) { + syslog(LOG_ERR, "mac_from_text(%s): %m", + label_string); + return -1; + } + error = mac_set_proc(label); + mac_free(label); + if (error != 0 && errno == ENOSYS) { + syslog(LOG_WARNING, "mac_set_proc(%s): warning: %m", + label_string); + } else if (error != 0) { + syslog(LOG_ERR, "mac_set_proc(%s): error: %m", label_string); + return -1; + } } } cvs diff: Diffing lib/libvgl cvs diff: Diffing lib/libwrap cvs diff: Diffing lib/libxpg4 cvs diff: Diffing lib/liby cvs diff: Diffing lib/libz cvs diff: Diffing lib/msun cvs diff: Diffing lib/msun/alpha cvs diff: Diffing lib/msun/i387 cvs diff: Diffing lib/msun/man cvs diff: Diffing lib/msun/src cvs diff: Diffing libexec cvs diff: Diffing libexec/atrun cvs diff: Diffing libexec/bootpd cvs diff: Diffing libexec/bootpd/bootpgw cvs diff: Diffing libexec/bootpd/tools cvs diff: Diffing libexec/bootpd/tools/bootpef cvs diff: Diffing libexec/bootpd/tools/bootptest cvs diff: Diffing libexec/comsat cvs diff: Diffing libexec/fingerd cvs diff: Diffing libexec/ftpd Index: libexec/ftpd/ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.83 diff -u -r1.83 ftpd.c --- libexec/ftpd/ftpd.c 2001/09/10 18:46:07 1.83 +++ libexec/ftpd/ftpd.c 2001/09/19 02:25:04 @@ -1055,7 +1055,8 @@ pw = NULL; #ifdef LOGIN_CAP setusercontext(NULL, getpwuid(0), (uid_t)0, - LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK| + LOGIN_SETLABEL); #endif #ifdef USE_PAM if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) @@ -1305,7 +1306,7 @@ } setusercontext(lc, pw, (uid_t)0, LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| - LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETLABEL); #else setlogin(pw->pw_name); (void) initgroups(pw->pw_name, pw->pw_gid); cvs diff: Diffing libexec/getNAME cvs diff: Diffing libexec/getty cvs diff: Diffing libexec/mail.local cvs diff: Diffing libexec/makekey cvs diff: Diffing libexec/mknetid cvs diff: Diffing libexec/named-xfer cvs diff: Diffing libexec/pppoed cvs diff: Diffing libexec/rbootd cvs diff: Diffing libexec/revnetgroup cvs diff: Diffing libexec/rexecd cvs diff: Diffing libexec/rlogind cvs diff: Diffing libexec/rpc.rquotad cvs diff: Diffing libexec/rpc.rstatd cvs diff: Diffing libexec/rpc.rusersd cvs diff: Diffing libexec/rpc.rwalld cvs diff: Diffing libexec/rpc.sprayd cvs diff: Diffing libexec/rshd cvs diff: Diffing libexec/rtld-aout cvs diff: Diffing libexec/rtld-aout/i386 cvs diff: Diffing libexec/rtld-elf cvs diff: Diffing libexec/rtld-elf/alpha cvs diff: Diffing libexec/rtld-elf/i386 cvs diff: Diffing libexec/save-entropy cvs diff: Diffing libexec/smrsh cvs diff: Diffing libexec/talkd cvs diff: Diffing libexec/telnetd cvs diff: Diffing libexec/tftpd cvs diff: Diffing libexec/uucpd cvs diff: Diffing libexec/xtend cvs diff: Diffing libexec/ypxfr cvs diff: Diffing release cvs diff: Diffing release/alpha cvs diff: Diffing release/doc cvs diff: Diffing release/doc/en_US.ISO8859-1 cvs diff: Diffing release/doc/en_US.ISO8859-1/errata cvs diff: Diffing release/doc/en_US.ISO8859-1/hardware cvs diff: Diffing release/doc/en_US.ISO8859-1/hardware/alpha cvs diff: Diffing release/doc/en_US.ISO8859-1/hardware/common cvs diff: Diffing release/doc/en_US.ISO8859-1/hardware/i386 cvs diff: Diffing release/doc/en_US.ISO8859-1/installation cvs diff: Diffing release/doc/en_US.ISO8859-1/installation/alpha cvs diff: Diffing release/doc/en_US.ISO8859-1/installation/common cvs diff: Diffing release/doc/en_US.ISO8859-1/installation/i386 cvs diff: Diffing release/doc/en_US.ISO8859-1/readme cvs diff: Diffing release/doc/en_US.ISO8859-1/relnotes cvs diff: Diffing release/doc/en_US.ISO8859-1/relnotes/alpha cvs diff: Diffing release/doc/en_US.ISO8859-1/relnotes/common cvs diff: Diffing release/doc/en_US.ISO8859-1/relnotes/i386 cvs diff: Diffing release/doc/en_US.ISO8859-1/share cvs diff: Diffing release/doc/en_US.ISO8859-1/share/sgml cvs diff: Diffing release/doc/ja_JP.eucJP cvs diff: Diffing release/doc/ja_JP.eucJP/errata cvs diff: Diffing release/doc/ja_JP.eucJP/relnotes cvs diff: Diffing release/doc/ja_JP.eucJP/relnotes/alpha cvs diff: Diffing release/doc/ja_JP.eucJP/relnotes/common cvs diff: Diffing release/doc/ja_JP.eucJP/relnotes/i386 cvs diff: Diffing release/doc/ja_JP.eucJP/share cvs diff: Diffing release/doc/ja_JP.eucJP/share/sgml cvs diff: Diffing release/doc/share cvs diff: Diffing release/doc/share/examples cvs diff: Diffing release/doc/share/mk cvs diff: Diffing release/doc/share/sgml cvs diff: Diffing release/i386 cvs diff: Diffing release/pc98 cvs diff: Diffing release/picobsd cvs diff: Diffing release/picobsd/bridge cvs diff: Diffing release/picobsd/build cvs diff: Diffing release/picobsd/custom cvs diff: Diffing release/picobsd/custom/crunch1 cvs diff: Diffing release/picobsd/custom/crunch2 cvs diff: Diffing release/picobsd/custom/floppy.etc cvs diff: Diffing release/picobsd/custom/floppy.etc/ppp cvs diff: Diffing release/picobsd/custom/floppy.tree cvs diff: Diffing release/picobsd/custom/floppy.tree/boot cvs diff: Diffing release/picobsd/custom/lang cvs diff: Diffing release/picobsd/custom/mfs cvs diff: Diffing release/picobsd/custom/mfs/etc cvs diff: Diffing release/picobsd/dial cvs diff: Diffing release/picobsd/dial/floppy.tree cvs diff: Diffing release/picobsd/dial/floppy.tree/etc cvs diff: Diffing release/picobsd/dial/floppy.tree/etc/ppp cvs diff: Diffing release/picobsd/dial/lang cvs diff: Diffing release/picobsd/doc cvs diff: Diffing release/picobsd/doc/src cvs diff: Diffing release/picobsd/floppy.tree cvs diff: Diffing release/picobsd/floppy.tree/etc cvs diff: Diffing release/picobsd/floppy.tree/etc/ppp cvs diff: Diffing release/picobsd/help cvs diff: Diffing release/picobsd/install cvs diff: Diffing release/picobsd/install/crunch1 cvs diff: Diffing release/picobsd/install/floppy.tree cvs diff: Diffing release/picobsd/install/floppy.tree/etc cvs diff: Diffing release/picobsd/install/lang cvs diff: Diffing release/picobsd/isp cvs diff: Diffing release/picobsd/isp/lang cvs diff: Diffing release/picobsd/mfs_tree cvs diff: Diffing release/picobsd/mfs_tree/etc cvs diff: Diffing release/picobsd/mfs_tree/stand cvs diff: Diffing release/picobsd/net cvs diff: Diffing release/picobsd/net/floppy.tree cvs diff: Diffing release/picobsd/net/floppy.tree/etc cvs diff: Diffing release/picobsd/net/floppy.tree/etc/ppp cvs diff: Diffing release/picobsd/net/lang cvs diff: Diffing release/picobsd/router cvs diff: Diffing release/picobsd/router/floppy.tree cvs diff: Diffing release/picobsd/router/floppy.tree/etc cvs diff: Diffing release/picobsd/router/lang cvs diff: Diffing release/picobsd/tinyware cvs diff: Diffing release/picobsd/tinyware/aps cvs diff: Diffing release/picobsd/tinyware/help cvs diff: Diffing release/picobsd/tinyware/msg cvs diff: Diffing release/picobsd/tinyware/msh cvs diff: Diffing release/picobsd/tinyware/ns cvs diff: Diffing release/picobsd/tinyware/oinit cvs diff: Diffing release/picobsd/tinyware/simple_httpd cvs diff: Diffing release/picobsd/tinyware/sps cvs diff: Diffing release/picobsd/tinyware/view cvs diff: Diffing release/picobsd/tinyware/vm cvs diff: Diffing release/scripts cvs diff: Diffing release/scripts/X11 cvs diff: Diffing release/texts cvs diff: Diffing sbin cvs diff: Diffing sbin/adjkerntz cvs diff: Diffing sbin/atacontrol cvs diff: Diffing sbin/atm cvs diff: Diffing sbin/atm/atm cvs diff: Diffing sbin/atm/fore_dnld cvs diff: Diffing sbin/atm/ilmid cvs diff: Diffing sbin/badsect cvs diff: Diffing sbin/camcontrol cvs diff: Diffing sbin/ccdconfig cvs diff: Diffing sbin/clri cvs diff: Diffing sbin/comcontrol cvs diff: Diffing sbin/dhclient cvs diff: Diffing sbin/disklabel cvs diff: Diffing sbin/dmesg cvs diff: Diffing sbin/dump cvs diff: Diffing sbin/dumpfs cvs diff: Diffing sbin/dumpon cvs diff: Diffing sbin/ffsinfo cvs diff: Diffing sbin/fsck cvs diff: Diffing sbin/fsck_ffs cvs diff: Diffing sbin/fsck_ffs/SMM.doc cvs diff: Diffing sbin/fsck_ifs cvs diff: Diffing sbin/fsck_msdosfs cvs diff: Diffing sbin/fsdb cvs diff: Diffing sbin/fsirand cvs diff: Diffing sbin/growfs cvs diff: Diffing sbin/i386 cvs diff: Diffing sbin/i386/cxconfig cvs diff: Diffing sbin/i386/fdisk cvs diff: Diffing sbin/i386/nextboot cvs diff: Diffing sbin/ifconfig Index: sbin/ifconfig/ifvlan.c =================================================================== RCS file: /home/ncvs/src/sbin/ifconfig/ifvlan.c,v retrieving revision 1.3 diff -u -r1.3 ifvlan.c --- sbin/ifconfig/ifvlan.c 2001/08/13 14:06:30 1.3 +++ sbin/ifconfig/ifvlan.c 2001/09/09 02:38:32 @@ -32,6 +32,7 @@ #include #include +#include #include #include #include cvs diff: Diffing sbin/init cvs diff: Diffing sbin/ip6fw cvs diff: Diffing sbin/ipf cvs diff: Diffing sbin/ipfstat cvs diff: Diffing sbin/ipfw cvs diff: Diffing sbin/ipmon cvs diff: Diffing sbin/ipnat cvs diff: Diffing sbin/kget cvs diff: Diffing sbin/kldconfig cvs diff: Diffing sbin/kldload cvs diff: Diffing sbin/kldstat cvs diff: Diffing sbin/kldunload cvs diff: Diffing sbin/ldconfig cvs diff: Diffing sbin/md5 cvs diff: Diffing sbin/mdconfig cvs diff: Diffing sbin/mdmfs cvs diff: Diffing sbin/mknod cvs diff: Diffing sbin/mount cvs diff: Diffing sbin/mount_cd9660 cvs diff: Diffing sbin/mount_ext2fs cvs diff: Diffing sbin/mount_hpfs cvs diff: Diffing sbin/mount_ifs cvs diff: Diffing sbin/mount_msdosfs cvs diff: Diffing sbin/mount_nfs cvs diff: Diffing sbin/mount_ntfs cvs diff: Diffing sbin/mount_nullfs cvs diff: Diffing sbin/mount_nwfs cvs diff: Diffing sbin/mount_portalfs cvs diff: Diffing sbin/mount_std cvs diff: Diffing sbin/mount_umapfs cvs diff: Diffing sbin/mount_unionfs cvs diff: Diffing sbin/mountd cvs diff: Diffing sbin/natd cvs diff: Diffing sbin/natd/samples cvs diff: Diffing sbin/newfs cvs diff: Diffing sbin/newfs_msdos cvs diff: Diffing sbin/nfsd cvs diff: Diffing sbin/nfsiod cvs diff: Diffing sbin/nologin cvs diff: Diffing sbin/nos-tun cvs diff: Diffing sbin/pc98 cvs diff: Diffing sbin/pc98/fdisk cvs diff: Diffing sbin/ping cvs diff: Diffing sbin/ping6 cvs diff: Diffing sbin/quotacheck cvs diff: Diffing sbin/rcorder cvs diff: Diffing sbin/reboot cvs diff: Diffing sbin/restore cvs diff: Diffing sbin/route cvs diff: Diffing sbin/routed cvs diff: Diffing sbin/routed/rtquery cvs diff: Diffing sbin/rtsol cvs diff: Diffing sbin/savecore cvs diff: Diffing sbin/shutdown cvs diff: Diffing sbin/slattach cvs diff: Diffing sbin/spppcontrol cvs diff: Diffing sbin/startslip cvs diff: Diffing sbin/swapon cvs diff: Diffing sbin/sysctl cvs diff: Diffing sbin/tunefs cvs diff: Diffing sbin/umount cvs diff: Diffing sbin/vinum cvs diff: Diffing secure cvs diff: Diffing secure/lib cvs diff: Diffing secure/lib/libcipher cvs diff: Diffing secure/lib/libcipher/test cvs diff: Diffing secure/lib/libcrypt cvs diff: Diffing secure/lib/libcrypto cvs diff: Diffing secure/lib/libssh cvs diff: Diffing secure/lib/libssl cvs diff: Diffing secure/lib/libtelnet cvs diff: Diffing secure/libexec cvs diff: Diffing secure/libexec/sftp-server cvs diff: Diffing secure/libexec/telnetd cvs diff: Diffing secure/usr.bin cvs diff: Diffing secure/usr.bin/bdes cvs diff: Diffing secure/usr.bin/openssl cvs diff: Diffing secure/usr.bin/scp cvs diff: Diffing secure/usr.bin/sftp cvs diff: Diffing secure/usr.bin/ssh cvs diff: Diffing secure/usr.bin/ssh-add cvs diff: Diffing secure/usr.bin/ssh-agent cvs diff: Diffing secure/usr.bin/ssh-keygen cvs diff: Diffing secure/usr.bin/ssh-keyscan cvs diff: Diffing secure/usr.bin/telnet cvs diff: Diffing secure/usr.sbin cvs diff: Diffing secure/usr.sbin/sshd cvs diff: Diffing share cvs diff: Diffing share/colldef cvs diff: Diffing share/dict cvs diff: Diffing share/doc cvs diff: Diffing share/doc/IPv6 cvs diff: Diffing share/doc/papers cvs diff: Diffing share/doc/papers/beyond4.3 cvs diff: Diffing share/doc/papers/bufbio cvs diff: Diffing share/doc/papers/contents cvs diff: Diffing share/doc/papers/diskperf cvs diff: Diffing share/doc/papers/fsinterface cvs diff: Diffing share/doc/papers/jail cvs diff: Diffing share/doc/papers/kernmalloc cvs diff: Diffing share/doc/papers/kerntune cvs diff: Diffing share/doc/papers/malloc cvs diff: Diffing share/doc/papers/newvm cvs diff: Diffing share/doc/papers/nqnfs cvs diff: Diffing share/doc/papers/px cvs diff: Diffing share/doc/papers/relengr cvs diff: Diffing share/doc/papers/sysperf cvs diff: Diffing share/doc/psd cvs diff: Diffing share/doc/psd/05.sysman cvs diff: Diffing share/doc/psd/12.make cvs diff: Diffing share/doc/psd/13.rcs cvs diff: Diffing share/doc/psd/13.rcs/rcs cvs diff: Diffing share/doc/psd/13.rcs/rcs_func cvs diff: Diffing share/doc/psd/18.gprof cvs diff: Diffing share/doc/psd/20.ipctut cvs diff: Diffing share/doc/psd/21.ipc cvs diff: Diffing share/doc/psd/22.rpcgen cvs diff: Diffing share/doc/psd/23.rpc cvs diff: Diffing share/doc/psd/24.xdr cvs diff: Diffing share/doc/psd/25.xdrrfc cvs diff: Diffing share/doc/psd/26.rpcrfc cvs diff: Diffing share/doc/psd/27.nfsrpc cvs diff: Diffing share/doc/psd/28.cvs cvs diff: Diffing share/doc/psd/contents cvs diff: Diffing share/doc/psd/title cvs diff: Diffing share/doc/smm cvs diff: Diffing share/doc/smm/01.setup cvs diff: Diffing share/doc/smm/02.config cvs diff: Diffing share/doc/smm/03.fsck cvs diff: Diffing share/doc/smm/04.quotas cvs diff: Diffing share/doc/smm/05.fastfs cvs diff: Diffing share/doc/smm/06.nfs cvs diff: Diffing share/doc/smm/08.sendmailop cvs diff: Diffing share/doc/smm/10.named cvs diff: Diffing share/doc/smm/11.timedop cvs diff: Diffing share/doc/smm/12.timed cvs diff: Diffing share/doc/smm/18.net cvs diff: Diffing share/doc/smm/contents cvs diff: Diffing share/doc/smm/title cvs diff: Diffing share/doc/usd cvs diff: Diffing share/doc/usd/04.csh cvs diff: Diffing share/doc/usd/07.mail cvs diff: Diffing share/doc/usd/10.exref cvs diff: Diffing share/doc/usd/10.exref/exref cvs diff: Diffing share/doc/usd/10.exref/summary cvs diff: Diffing share/doc/usd/11.vitut cvs diff: Diffing share/doc/usd/12.vi cvs diff: Diffing share/doc/usd/12.vi/summary cvs diff: Diffing share/doc/usd/12.vi/vi cvs diff: Diffing share/doc/usd/12.vi/viapwh cvs diff: Diffing share/doc/usd/13.viref cvs diff: Diffing share/doc/usd/18.msdiffs cvs diff: Diffing share/doc/usd/19.memacros cvs diff: Diffing share/doc/usd/20.meref cvs diff: Diffing share/doc/usd/30.rogue cvs diff: Diffing share/doc/usd/31.trek cvs diff: Diffing share/doc/usd/contents cvs diff: Diffing share/doc/usd/title cvs diff: Diffing share/examples cvs diff: Diffing share/examples/BSD_daemon cvs diff: Diffing share/examples/FreeBSD_version cvs diff: Diffing share/examples/IPv6 cvs diff: Diffing share/examples/atm cvs diff: Diffing share/examples/bootforth cvs diff: Diffing share/examples/cvsup cvs diff: Diffing share/examples/diskless cvs diff: Diffing share/examples/diskless/209.157.86.12 cvs diff: Diffing share/examples/diskless/HT.DISKLESS cvs diff: Diffing share/examples/diskless/HT.STD cvs diff: Diffing share/examples/diskless/archive.backplane.com cvs diff: Diffing share/examples/drivers cvs diff: Diffing share/examples/etc cvs diff: Diffing share/examples/find_interface cvs diff: Diffing share/examples/ibcs2 cvs diff: Diffing share/examples/ipfw cvs diff: Diffing share/examples/isdn cvs diff: Diffing share/examples/isdn/contrib cvs diff: Diffing share/examples/isdn/i4brunppp cvs diff: Diffing share/examples/isdn/v21 cvs diff: Diffing share/examples/kld cvs diff: Diffing share/examples/kld/cdev cvs diff: Diffing share/examples/kld/cdev/module cvs diff: Diffing share/examples/kld/cdev/test cvs diff: Diffing share/examples/kld/dyn_sysctl cvs diff: Diffing share/examples/kld/syscall cvs diff: Diffing share/examples/kld/syscall/module cvs diff: Diffing share/examples/kld/syscall/test cvs diff: Diffing share/examples/libvgl cvs diff: Diffing share/examples/mdoc cvs diff: Diffing share/examples/meteor cvs diff: Diffing share/examples/netgraph cvs diff: Diffing share/examples/nwclient cvs diff: Diffing share/examples/perfmon cvs diff: Diffing share/examples/portal cvs diff: Diffing share/examples/ppi cvs diff: Diffing share/examples/ppp cvs diff: Diffing share/examples/printing cvs diff: Diffing share/examples/scsi_target cvs diff: Diffing share/examples/ses cvs diff: Diffing share/examples/ses/getencstat cvs diff: Diffing share/examples/ses/sesd cvs diff: Diffing share/examples/ses/setencstat cvs diff: Diffing share/examples/ses/setobjstat cvs diff: Diffing share/examples/ses/srcs cvs diff: Diffing share/examples/slattach cvs diff: Diffing share/examples/sliplogin cvs diff: Diffing share/examples/startslip cvs diff: Diffing share/examples/sunrpc cvs diff: Diffing share/examples/sunrpc/dir cvs diff: Diffing share/examples/sunrpc/msg cvs diff: Diffing share/examples/sunrpc/sort cvs diff: Diffing share/examples/worm cvs diff: Diffing share/info cvs diff: Diffing share/isdn cvs diff: Diffing share/man cvs diff: Diffing share/man/man0 cvs diff: Diffing share/man/man1 cvs diff: Diffing share/man/man3 cvs diff: Diffing share/man/man4 cvs diff: Diffing share/man/man4/man4.alpha cvs diff: Diffing share/man/man4/man4.i386 cvs diff: Diffing share/man/man5 cvs diff: Diffing share/man/man6 cvs diff: Diffing share/man/man7 cvs diff: Diffing share/man/man8 cvs diff: Diffing share/man/man8/man8.alpha cvs diff: Diffing share/man/man8/man8.i386 cvs diff: Diffing share/man/man9 cvs diff: Diffing share/man/tools cvs diff: Diffing share/me cvs diff: Diffing share/me/test cvs diff: Diffing share/misc cvs diff: Diffing share/mk cvs diff: Diffing share/mklocale cvs diff: Diffing share/monetdef cvs diff: Diffing share/msgdef cvs diff: Diffing share/numericdef cvs diff: Diffing share/sendmail cvs diff: Diffing share/skel cvs diff: Diffing share/syscons cvs diff: Diffing share/syscons/fonts cvs diff: Diffing share/syscons/keymaps cvs diff: Diffing share/syscons/scrnmaps cvs diff: Diffing share/tabset cvs diff: Diffing share/termcap cvs diff: Diffing share/timedef cvs diff: Diffing share/zoneinfo cvs diff: Diffing sys cvs diff: Diffing sys/alpha cvs diff: Diffing sys/alpha/alpha cvs diff: Diffing sys/alpha/compile cvs diff: Diffing sys/alpha/conf cvs diff: Diffing sys/alpha/include cvs diff: Diffing sys/alpha/include/pc cvs diff: Diffing sys/alpha/isa cvs diff: Diffing sys/alpha/linux cvs diff: Diffing sys/alpha/mcbus cvs diff: Diffing sys/alpha/osf1 cvs diff: Diffing sys/alpha/pci cvs diff: Diffing sys/alpha/tc cvs diff: Diffing sys/alpha/tlsb cvs diff: Diffing sys/arm cvs diff: Diffing sys/arm/compile cvs diff: Diffing sys/arm/include cvs diff: Diffing sys/boot cvs diff: Diffing sys/boot/alpha cvs diff: Diffing sys/boot/alpha/boot1 cvs diff: Diffing sys/boot/alpha/cdboot cvs diff: Diffing sys/boot/alpha/common cvs diff: Diffing sys/boot/alpha/libalpha cvs diff: Diffing sys/boot/alpha/loader cvs diff: Diffing sys/boot/alpha/netboot cvs diff: Diffing sys/boot/arc cvs diff: Diffing sys/boot/arc/include cvs diff: Diffing sys/boot/arc/lib cvs diff: Diffing sys/boot/arc/lib/arch cvs diff: Diffing sys/boot/arc/lib/arch/alpha cvs diff: Diffing sys/boot/arc/loader cvs diff: Diffing sys/boot/common cvs diff: Diffing sys/boot/efi cvs diff: Diffing sys/boot/efi/include cvs diff: Diffing sys/boot/efi/include/i386 cvs diff: Diffing sys/boot/efi/include/ia64 cvs diff: Diffing sys/boot/efi/libefi cvs diff: Diffing sys/boot/efi/libefi/arch cvs diff: Diffing sys/boot/efi/libefi/arch/ia64 cvs diff: Diffing sys/boot/efi/loader cvs diff: Diffing sys/boot/ficl cvs diff: Diffing sys/boot/ficl/alpha cvs diff: Diffing sys/boot/ficl/i386 cvs diff: Diffing sys/boot/ficl/ia64 cvs diff: Diffing sys/boot/ficl/softwords cvs diff: Diffing sys/boot/forth cvs diff: Diffing sys/boot/i386 cvs diff: Diffing sys/boot/i386/boot0 cvs diff: Diffing sys/boot/i386/boot2 cvs diff: Diffing sys/boot/i386/btx cvs diff: Diffing sys/boot/i386/btx/btx cvs diff: Diffing sys/boot/i386/btx/btxldr cvs diff: Diffing sys/boot/i386/btx/lib cvs diff: Diffing sys/boot/i386/cdldr cvs diff: Diffing sys/boot/i386/kgzldr cvs diff: Diffing sys/boot/i386/libi386 cvs diff: Diffing sys/boot/i386/liloldr cvs diff: Diffing sys/boot/i386/loader cvs diff: Diffing sys/boot/i386/mbr cvs diff: Diffing sys/boot/i386/pxeldr cvs diff: Diffing sys/boot/ia64 cvs diff: Diffing sys/boot/ia64/libski cvs diff: Diffing sys/boot/ia64/skiload cvs diff: Diffing sys/boot/ofw cvs diff: Diffing sys/boot/ofw/common cvs diff: Diffing sys/boot/ofw/libofw cvs diff: Diffing sys/boot/pc98 cvs diff: Diffing sys/boot/pc98/boot0 cvs diff: Diffing sys/boot/pc98/boot0.5 cvs diff: Diffing sys/boot/pc98/boot2 cvs diff: Diffing sys/boot/pc98/btx cvs diff: Diffing sys/boot/pc98/btx/btx cvs diff: Diffing sys/boot/pc98/btx/btxldr cvs diff: Diffing sys/boot/pc98/btx/lib cvs diff: Diffing sys/boot/pc98/libpc98 cvs diff: Diffing sys/boot/pc98/loader cvs diff: Diffing sys/boot/powerpc cvs diff: Diffing sys/boot/powerpc/loader cvs diff: Diffing sys/cam cvs diff: Diffing sys/cam/scsi cvs diff: Diffing sys/coda Index: sys/coda/coda_fbsd.c =================================================================== RCS file: /home/ncvs/src/sys/coda/coda_fbsd.c,v retrieving revision 1.24 diff -u -r1.24 coda_fbsd.c --- sys/coda/coda_fbsd.c 2001/06/15 00:02:27 1.24 +++ sys/coda/coda_fbsd.c 2001/08/05 17:01:30 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include Index: sys/coda/coda_namecache.c =================================================================== RCS file: /home/ncvs/src/sys/coda/coda_namecache.c,v retrieving revision 1.13 diff -u -r1.13 coda_namecache.c --- sys/coda/coda_namecache.c 2001/05/19 01:27:59 1.13 +++ sys/coda/coda_namecache.c 2001/06/03 14:43:36 @@ -82,6 +82,7 @@ #include #include #include +#include #include #include cvs diff: Diffing sys/compat cvs diff: Diffing sys/compat/linprocfs cvs diff: Diffing sys/compat/linux cvs diff: Diffing sys/compat/pecoff cvs diff: Diffing sys/compat/svr4 cvs diff: Diffing sys/conf Index: sys/conf/files =================================================================== RCS file: /home/ncvs/src/sys/conf/files,v retrieving revision 1.566 diff -u -r1.566 files --- sys/conf/files 2001/09/18 23:31:27 1.566 +++ sys/conf/files 2001/09/19 02:33:02 @@ -772,6 +772,10 @@ kern/kern_linker.c standard kern/kern_lock.c standard kern/kern_lockf.c standard +kern/kern_mac.c standard +kern/kern_mac_biba.c standard +kern/kern_mac_mls.c standard +kern/kern_mac_partition.c standard kern/kern_malloc.c standard kern/kern_mib.c standard kern/kern_module.c standard Index: sys/conf/newvers.sh =================================================================== RCS file: /home/ncvs/src/sys/conf/newvers.sh,v retrieving revision 1.47 diff -u -r1.47 newvers.sh --- sys/conf/newvers.sh 2001/03/02 16:52:13 1.47 +++ sys/conf/newvers.sh 2001/05/31 14:41:23 @@ -34,7 +34,7 @@ # @(#)newvers.sh 8.1 (Berkeley) 4/20/94 # $FreeBSD: src/sys/conf/newvers.sh,v 1.47 2001/03/02 16:52:13 ru Exp $ -TYPE="FreeBSD" +TYPE="TrustedBSD" REVISION="5.0" BRANCH="CURRENT" RELEASE="${REVISION}-${BRANCH}" Index: sys/conf/options =================================================================== RCS file: /home/ncvs/src/sys/conf/options,v retrieving revision 1.291 diff -u -r1.291 options --- sys/conf/options 2001/09/18 23:31:27 1.291 +++ sys/conf/options 2001/09/19 02:33:05 @@ -107,6 +107,7 @@ # TrustedBSD and POSIX.1e Kernel Options CAPABILITIES opt_cap.h +MAC opt_mac.h # Do we want the config file compiled into the kernel? INCLUDE_CONFIG_FILE opt_config.h cvs diff: Diffing sys/contrib cvs diff: Diffing sys/contrib/dev cvs diff: Diffing sys/contrib/dev/acpica cvs diff: Diffing sys/contrib/dev/fla cvs diff: Diffing sys/contrib/dev/fla/i386 cvs diff: Diffing sys/contrib/dev/oltr cvs diff: Diffing sys/contrib/ipfilter cvs diff: Diffing sys/contrib/ipfilter/netinet cvs diff: Diffing sys/crypto cvs diff: Diffing sys/crypto/blowfish cvs diff: Diffing sys/crypto/cast128 cvs diff: Diffing sys/crypto/des cvs diff: Diffing sys/crypto/rc4 cvs diff: Diffing sys/crypto/rijndael cvs diff: Diffing sys/crypto/sha2 cvs diff: Diffing sys/ddb cvs diff: Diffing sys/dev cvs diff: Diffing sys/dev/aac cvs diff: Diffing sys/dev/acpica cvs diff: Diffing sys/dev/acpica/Osd cvs diff: Diffing sys/dev/advansys cvs diff: Diffing sys/dev/aha cvs diff: Diffing sys/dev/ahb cvs diff: Diffing sys/dev/aic cvs diff: Diffing sys/dev/aic7xxx cvs diff: Diffing sys/dev/aic7xxx/aicasm cvs diff: Diffing sys/dev/amr cvs diff: Diffing sys/dev/an cvs diff: Diffing sys/dev/ar cvs diff: Diffing sys/dev/asr cvs diff: Diffing sys/dev/ata cvs diff: Diffing sys/dev/awi cvs diff: Diffing sys/dev/bktr cvs diff: Diffing sys/dev/buslogic cvs diff: Diffing sys/dev/cardbus cvs diff: Diffing sys/dev/ccd cvs diff: Diffing sys/dev/cnw cvs diff: Diffing sys/dev/cs cvs diff: Diffing sys/dev/ct cvs diff: Diffing sys/dev/dec cvs diff: Diffing sys/dev/dgb cvs diff: Diffing sys/dev/digi cvs diff: Diffing sys/dev/dpt cvs diff: Diffing sys/dev/ed cvs diff: Diffing sys/dev/eisa cvs diff: Diffing sys/dev/en cvs diff: Diffing sys/dev/ep cvs diff: Diffing sys/dev/ex cvs diff: Diffing sys/dev/fb cvs diff: Diffing sys/dev/fe cvs diff: Diffing sys/dev/fxp cvs diff: Diffing sys/dev/hea cvs diff: Diffing sys/dev/hfa cvs diff: Diffing sys/dev/ic cvs diff: Diffing sys/dev/ichsmb cvs diff: Diffing sys/dev/ida cvs diff: Diffing sys/dev/ie cvs diff: Diffing sys/dev/iicbus cvs diff: Diffing sys/dev/isp cvs diff: Diffing sys/dev/ispfw cvs diff: Diffing sys/dev/kbd cvs diff: Diffing sys/dev/lge cvs diff: Diffing sys/dev/lmc cvs diff: Diffing sys/dev/lnc cvs diff: Diffing sys/dev/mca cvs diff: Diffing sys/dev/md cvs diff: Diffing sys/dev/mii cvs diff: Diffing sys/dev/mlx cvs diff: Diffing sys/dev/mly cvs diff: Diffing sys/dev/musycc cvs diff: Diffing sys/dev/ncv cvs diff: Diffing sys/dev/nge cvs diff: Diffing sys/dev/nmdm cvs diff: Diffing sys/dev/nsp cvs diff: Diffing sys/dev/null cvs diff: Diffing sys/dev/ofw cvs diff: Diffing sys/dev/pccard cvs diff: Diffing sys/dev/pccbb cvs diff: Diffing sys/dev/pci cvs diff: Diffing sys/dev/pcic cvs diff: Diffing sys/dev/pdq cvs diff: Diffing sys/dev/ppbus cvs diff: Diffing sys/dev/random cvs diff: Diffing sys/dev/ray cvs diff: Diffing sys/dev/rp cvs diff: Diffing sys/dev/si cvs diff: Diffing sys/dev/smbus cvs diff: Diffing sys/dev/sn cvs diff: Diffing sys/dev/snc cvs diff: Diffing sys/dev/snp cvs diff: Diffing sys/dev/sound cvs diff: Diffing sys/dev/sound/isa cvs diff: Diffing sys/dev/sound/midi cvs diff: Diffing sys/dev/sound/pci cvs diff: Diffing sys/dev/sound/pcm cvs diff: Diffing sys/dev/sr cvs diff: Diffing sys/dev/stg cvs diff: Diffing sys/dev/streams cvs diff: Diffing sys/dev/sym cvs diff: Diffing sys/dev/syscons cvs diff: Diffing sys/dev/syscons/apm cvs diff: Diffing sys/dev/syscons/blank cvs diff: Diffing sys/dev/syscons/daemon cvs diff: Diffing sys/dev/syscons/fade cvs diff: Diffing sys/dev/syscons/fire cvs diff: Diffing sys/dev/syscons/green cvs diff: Diffing sys/dev/syscons/logo cvs diff: Diffing sys/dev/syscons/rain cvs diff: Diffing sys/dev/syscons/snake cvs diff: Diffing sys/dev/syscons/star cvs diff: Diffing sys/dev/syscons/warp cvs diff: Diffing sys/dev/tdfx cvs diff: Diffing sys/dev/twe cvs diff: Diffing sys/dev/txp cvs diff: Diffing sys/dev/usb cvs diff: Diffing sys/dev/vinum cvs diff: Diffing sys/dev/vx cvs diff: Diffing sys/dev/wds cvs diff: Diffing sys/dev/wi cvs diff: Diffing sys/dev/wl cvs diff: Diffing sys/dev/xe cvs diff: Diffing sys/fs cvs diff: Diffing sys/fs/deadfs cvs diff: Diffing sys/fs/devfs cvs diff: Diffing sys/fs/fdescfs cvs diff: Diffing sys/fs/fifofs cvs diff: Diffing sys/fs/hpfs cvs diff: Diffing sys/fs/msdosfs cvs diff: Diffing sys/fs/ntfs cvs diff: Diffing sys/fs/nullfs cvs diff: Diffing sys/fs/nwfs cvs diff: Diffing sys/fs/portalfs cvs diff: Diffing sys/fs/procfs Index: sys/fs/procfs/procfs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/fs/procfs/procfs_vnops.c,v retrieving revision 1.102 diff -u -r1.102 procfs_vnops.c --- sys/fs/procfs/procfs_vnops.c 2001/09/12 08:37:20 1.102 +++ sys/fs/procfs/procfs_vnops.c 2001/09/13 22:00:56 @@ -43,12 +43,15 @@ * procfs vnode interface */ +#include "opt_mac.h" + #include #include #include #include #include #include +#include #include #include #include @@ -72,6 +75,9 @@ static int procfs_badop __P((void)); static int procfs_close __P((struct vop_close_args *)); static int procfs_getattr __P((struct vop_getattr_args *)); +#ifdef MAC +static int procfs_getlabel __P((struct vop_getlabel_args *)); +#endif static int procfs_ioctl __P((struct vop_ioctl_args *)); static int procfs_lookup __P((struct vop_lookup_args *)); static int procfs_open __P((struct vop_open_args *)); @@ -563,6 +569,60 @@ return (error); } +#ifdef MAC +static int +procfs_getlabel(ap) + struct vop_getlabel_args /* { + struct vnode *a_vp; + struct mac *a_label; + struct ucred *a_cred; + struct proc *a_p; + }; */ *ap; +{ + struct pfsnode *pfs = VTOPFS(ap->a_vp); + struct proc *procp; + + switch (pfs->pfs_type) { + case Proot: + case Pcurproc: + procp = NULL; + break; + + default: + procp = PFIND(pfs->pfs_pid); + if (procp == NULL) + return (ENOENT); + + if (procp->p_ucred == NULL) { + PROC_UNLOCK(procp); + return (ENOENT); + } + + if (p_can(ap->a_p, procp, P_CAN_SEE, NULL)) { + PROC_UNLOCK(procp); + return (ENOENT); + } + } + + if (procp == NULL) { + /* + * Return the default object label for non-process + * entries. Might be better to replicate the label + * of proc 0, or do the default subject label. + */ + mac_init_object(ap->a_label); + } else { + /* + * Copy the process label. + */ + *ap->a_label = procp->p_ucred->cr_label; + PROC_UNLOCK(procp); + } + + return (0); +} +#endif /* !MAC */ + static int procfs_setattr(ap) struct vop_setattr_args /* { @@ -995,6 +1055,9 @@ { &vop_close_desc, (vop_t *) procfs_close }, { &vop_create_desc, (vop_t *) procfs_badop }, { &vop_getattr_desc, (vop_t *) procfs_getattr }, +#if MAC + { &vop_getlabel_desc, (vop_t *) procfs_getlabel }, +#endif { &vop_link_desc, (vop_t *) procfs_badop }, { &vop_lookup_desc, (vop_t *) procfs_lookup }, { &vop_mkdir_desc, (vop_t *) procfs_badop }, cvs diff: Diffing sys/fs/pseudofs cvs diff: Diffing sys/fs/smbfs cvs diff: Diffing sys/fs/specfs cvs diff: Diffing sys/fs/umapfs cvs diff: Diffing sys/fs/unionfs cvs diff: Diffing sys/gnu cvs diff: Diffing sys/gnu/dev cvs diff: Diffing sys/gnu/dev/sound cvs diff: Diffing sys/gnu/dev/sound/pci cvs diff: Diffing sys/gnu/ext2fs cvs diff: Diffing sys/gnu/i386 cvs diff: Diffing sys/gnu/i386/fpemul cvs diff: Diffing sys/i386 cvs diff: Diffing sys/i386/acpica cvs diff: Diffing sys/i386/apm cvs diff: Diffing sys/i386/compile cvs diff: Diffing sys/i386/conf cvs diff: Diffing sys/i386/i386 cvs diff: Diffing sys/i386/ibcs2 cvs diff: Diffing sys/i386/include cvs diff: Diffing sys/i386/include/pc cvs diff: Diffing sys/i386/isa cvs diff: Diffing sys/i386/isa/bs cvs diff: Diffing sys/i386/isa/ic cvs diff: Diffing sys/i386/isa/matcd cvs diff: Diffing sys/i386/isa/pcvt cvs diff: Diffing sys/i386/linux cvs diff: Diffing sys/i386/pci cvs diff: Diffing sys/i386/svr4 cvs diff: Diffing sys/i4b cvs diff: Diffing sys/i4b/capi cvs diff: Diffing sys/i4b/capi/iavc cvs diff: Diffing sys/i4b/driver cvs diff: Diffing sys/i4b/include cvs diff: Diffing sys/i4b/layer1 cvs diff: Diffing sys/i4b/layer1/ifpi cvs diff: Diffing sys/i4b/layer1/ifpnp cvs diff: Diffing sys/i4b/layer1/ihfc cvs diff: Diffing sys/i4b/layer1/isic cvs diff: Diffing sys/i4b/layer1/itjc cvs diff: Diffing sys/i4b/layer1/iwic cvs diff: Diffing sys/i4b/layer2 cvs diff: Diffing sys/i4b/layer3 cvs diff: Diffing sys/i4b/layer4 cvs diff: Diffing sys/ia64 cvs diff: Diffing sys/ia64/compile cvs diff: Diffing sys/ia64/conf cvs diff: Diffing sys/ia64/ia64 cvs diff: Diffing sys/ia64/include cvs diff: Diffing sys/ia64/include/pc cvs diff: Diffing sys/ia64/isa cvs diff: Diffing sys/isa cvs diff: Diffing sys/isofs cvs diff: Diffing sys/isofs/cd9660 cvs diff: Diffing sys/kern Index: sys/kern/init_main.c =================================================================== RCS file: /home/ncvs/src/sys/kern/init_main.c,v retrieving revision 1.177 diff -u -r1.177 init_main.c --- sys/kern/init_main.c 2001/09/18 22:09:47 1.177 +++ sys/kern/init_main.c 2001/09/19 02:36:48 @@ -43,6 +43,7 @@ */ #include "opt_init_path.h" +#include "opt_mac.h" #include #include @@ -54,6 +55,7 @@ #include #include #include +#include #include #include #include @@ -345,6 +347,9 @@ p->p_ucred = crget(); p->p_ucred->cr_ngroups = 1; /* group 0 */ p->p_ucred->cr_uidinfo = uifind(0); +#ifdef MAC + mac_init_subject(p->p_ucred); +#endif p->p_ucred->cr_ruidinfo = uifind(0); p->p_ucred->cr_prison = NULL; /* Don't jail it. */ Index: sys/kern/init_sysent.c =================================================================== RCS file: /home/ncvs/src/sys/kern/init_sysent.c,v retrieving revision 1.107 diff -u -r1.107 init_sysent.c --- sys/kern/init_sysent.c 2001/09/18 23:33:32 1.107 +++ sys/kern/init_sysent.c 2001/09/19 03:13:43 @@ -2,7 +2,7 @@ * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/kern/init_sysent.c,v 1.107 2001/09/18 23:33:32 peter Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.97 2001/09/18 23:31:36 peter Exp */ @@ -398,4 +398,10 @@ { AS(extattr_delete_fd_args), (sy_call_t *)extattr_delete_fd }, /* 373 = extattr_delete_fd */ { SYF_MPSAFE | AS(__setugid_args), (sy_call_t *)__setugid }, /* 374 = __setugid */ { AS(nfsclnt_args), (sy_call_t *)nosys }, /* 375 = nfsclnt */ + { AS(__mac_get_proc_args), (sy_call_t *)__mac_get_proc }, /* 376 = __mac_get_proc */ + { AS(__mac_set_proc_args), (sy_call_t *)__mac_set_proc }, /* 377 = __mac_set_proc */ + { AS(__mac_get_fd_args), (sy_call_t *)__mac_get_fd }, /* 378 = __mac_get_fd */ + { AS(__mac_get_file_args), (sy_call_t *)__mac_get_file }, /* 379 = __mac_get_file */ + { AS(__mac_set_fd_args), (sy_call_t *)__mac_set_fd }, /* 380 = __mac_set_fd */ + { AS(__mac_set_file_args), (sy_call_t *)__mac_set_file }, /* 381 = __mac_set_file */ }; Index: sys/kern/kern_mac.c =================================================================== RCS file: kern_mac.c diff -N kern_mac.c --- /dev/null Fri Sep 21 09:00:02 2001 +++ kern_mac.c Sun Jun 3 11:28:57 2001 @@ -0,0 +1,459 @@ +/*- + * Copyright (c) 1999, 2000 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Userland/kernel interface, policy merging for various access models. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "opt_mac.h" + +#ifdef MAC + +/* + * Given an operation and optional sub_operation, return 0 if it is + * permitted by the MAC labels and policies, and an errno value + * otherwise. + */ +int +mac_can(const struct ucred *cred, const struct mac *label, int operation, + int sub_operation) +{ + int error; + + /* + * Only allow the operation if all of our sub-policies also + * permits the operation. + */ + if ((error = mac_biba_can(cred, label, operation, sub_operation))) { + printf("mac_biba_can forbids action\n"); + return (error); + } + if ((error = mac_mls_can(cred, label, operation, sub_operation))) { + printf("mac_mls_can forbids action\n"); + return (error); + } + if ((error = mac_partition_can(cred, label, operation, + sub_operation))) { + printf("mac_partition_can forbids action\n"); + return (error); + } + + return (0); +} + +#if 0 +/* + * POSIX.1e calls for a dominate function to be exported or available + * to userland processes. However, not all policies support a concept + * of "dominate" and so it may be inappropriate in more general policy + * environments (such as type enforcement). Disabled for the time + * being in the hopes that it doesn't prove necessary. + */ +/* + * Return (1) if MAC labela dominates MAC labelb, otherwise, (0). + */ +int +mac_dominate(const struct mac *labela, const struct mac *labelb) +{ + + /* + * A MAC label only dominates another if all of the component + * labels from it dominate the other. + */ + return (mac_biba_dominate(&labela->m_biba, &labelb->m_biba) && + mac_mls_dominate(&labela->m_mls, &labelb->m_mls) && + mac_partition_dominate(&labela->m_partition, + &labelb->m_partition)); +} +#endif + +/* + * Return (1) if the two MAC labels are equal, otherwise, (0). + */ +int +mac_equal(const struct mac *labela, const struct mac *labelb) +{ + + /* + * Two MAC labels are only equal of they are equal according to + * all of the individual policies. + */ + return (mac_biba_equal(labela, labelb) && + mac_mls_equal(labela, labelb) && + mac_partition_equal(labela, labelb)); +} + +/* + * At system start-up time, the credential of the first-born process + * is passed in for label initialization. What actually occurs will + * be policy-specific, but the results should allow the system to + * boot. + */ +void +mac_init_subject(struct ucred *cred) +{ + + mac_biba_init_subject(cred); + mac_mls_init_subject(cred); + mac_partition_init_subject(cred); +} + +/* + * When a new process is created, its label must be initialized. Generally, + * this involves inheritence from the parent process, modulo possible + * deltas. This function allows that processing to take place. + */ +void +mac_create_subject(const struct ucred *parent_cred, + struct ucred *child_cred) +{ + + mac_biba_create_subject(parent_cred, child_cred); + mac_mls_create_subject(parent_cred, child_cred); + mac_partition_create_subject(parent_cred, child_cred); +} + +/* + * Processes may need to modify their current subject label if they + * perform multi-level activities, or proxy data between levels. + * This function is a check to determine if a particular label change + * is permitted; the old and new credentials are provided. 0 is + * returned for success, otherwise an errno. + */ +int +mac_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + /* + * Because a composition occurs here, we must select one + * error to return to the user. A precedence rule should + * probably be present, but instead we return the first + * failure to be discovered. Any failure by any policy + * vetoes the whole operation. + */ + + error = mac_biba_can_setlabel_subject(cred_old, cred_new); + if (error) + return (error); + + error = mac_mls_can_setlabel_subject(cred_old, cred_new); + if (error) + return (error); + + error = mac_partition_can_setlabel_subject(cred_old, cred_new); + if (error) + return (error); + + return (0); +} + +/* + * Generally speaking, object providers will maintain persistent or + * inherited labels for most system objects. However, until this + * is done, mac_init_object() will be used to label unlabeled objects. + * For safety purposes, this should protect the object from unnecessary + * writes, and possibly reads. + */ +void +mac_init_object(struct mac *label) +{ + + mac_biba_init_object(label); + mac_mls_init_object(label); + mac_partition_init_object(label); +} + +/* + * When a new object is created, its label must be initialized. Generally, + * this involves inheritence from the subject creating the object, + * modulo possible deltas. This function allows that processing to take + * place. + */ +void +mac_create_object(const struct ucred *cred, struct mac *label) +{ + + if (cred != NULL) { + mac_biba_create_object(cred, label); + mac_mls_create_object(cred, label); + mac_partition_create_object(cred, label); + } else + mac_init_object(label); +} + +/* + * Processes may need to modify the current object label on objects in + * the system, for reasons identified above. This function is a check to + * determine if a particular label change is permitted; the requesting + * credential is provided, as well as the old and new object labels. 0 is + * returned for success, otherwise an errno. + */ +int +mac_can_setlabel_object(const struct ucred *cred, const struct mac *label_old, + const struct mac *label_new) +{ + int error; + + /* + * Because a composition occurs here, we must select one + * error to return to the user. A precedence rule should + * probably be present, but instead we return the first + * failure to be discovered. Any failure by any policy + * vetoes the whole operation. + */ + + error = mac_biba_can_setlabel_object(cred, label_old, label_new); + if (error) + return (error); + + error = mac_mls_can_setlabel_object(cred, label_old, label_new); + if (error) + return (error); + + error = mac_partition_can_setlabel_object(cred, label_old, label_new); + if (error) + return (error); + + return (0); +} + +void +mac_print_label(const struct mac *label) +{ + + printf("MAC label:\n"); + mac_biba_print_label(label); + mac_mls_print_label(label); + mac_partition_print_label(label); +} + +/* + * Function to intersect with vaccess() providing mandatory access + * checks for file system objects. Accepts object type, object label, + * access request, requesting credential, and an optional privused + * field to return privilege information (currently unused). + */ +int +vaccess_mac(enum vtype type, const struct mac *filelabel, mode_t acc_mode, + struct ucred *cred, int *privused) +{ + int error = 0; + + /* Detect and reject unknown access modes. */ + if (acc_mode & (VWRITE | VADMIN | VREAD | VEXEC) != acc_mode) { + printf("vaccess_mac: unknown access mode in %d\n", acc_mode); + return (EPERM); + } + + if (acc_mode & VWRITE) { + error = mac_can(cred, filelabel, MAC_WRITE, 0); + if (error != 0) + return (error); + } + + if (acc_mode & VADMIN) { + error = mac_can(cred, filelabel, MAC_ADMIN, 0); + if (error != 0) + return (error); + } + + if (acc_mode & VREAD) { + error = mac_can(cred, filelabel, MAC_READ, 0); + if (error != 0) + return (error); + } + + if (acc_mode & VEXEC) { + error = mac_can(cred, filelabel, MAC_EXEC, 0); + if (error != 0) + return (error); + } + + return (0); +} + +int +__mac_get_proc(struct proc *p, struct __mac_get_proc_args *uap) +{ + int error; + + error = copyout(&p->p_ucred->cr_label, SCARG(uap, mac_p), + sizeof(p->p_ucred->cr_label)); + + return (0); +} + +int +__mac_set_proc(struct proc *p, struct __mac_set_proc_args *uap) +{ + struct ucred *new_cred, *old_cred; + int error; + + old_cred = p->p_ucred; + new_cred = crdup(p->p_ucred); + if (new_cred == NULL) + return (ENOMEM); + + error = copyin(SCARG(uap, mac_p), &new_cred->cr_label, + sizeof(new_cred->cr_label)); + if (error) { + crfree(new_cred); + return (error); + } + + error = mac_can_setlabel_subject(p->p_ucred, new_cred); + if (error) { + crfree(new_cred); + return (error); + } + + p->p_ucred = new_cred; + crfree(old_cred); + return (0); +} + +int +__mac_get_fd(struct proc *p, struct __mac_get_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_get_file(struct proc *p, struct __mac_get_file_args *uap) +{ + struct nameidata nd; + struct mac label; + int error; + + NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, + SCARG(uap, path_p), p); + error = namei(&nd); + if (error) + return (error); + + error = VOP_GETLABEL(nd.ni_vp, &label, p->p_ucred, p); + NDFREE(&nd, 0); + if (error) + return (error); + + error = copyout(&label, SCARG(uap, mac_p), sizeof(label)); + + return (error); +} + +int +__mac_set_fd(struct proc *p, struct __mac_set_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_file(struct proc *p, struct __mac_set_file_args *uap) +{ + struct nameidata nd; + struct mac label; + int error; + + error = copyin(SCARG(uap, mac_p), &label, sizeof(label)); + if (error) + return (error); + + NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, + SCARG(uap, path_p), p); + error = namei(&nd); + if (error) + return (error); + + error = VOP_SETLABEL(nd.ni_vp, &label, p->p_ucred, p); + NDFREE(&nd, 0); + + return (error); +} + +#else /* !MAC */ + +int +__mac_get_proc(struct proc *p, struct __mac_get_proc_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_proc(struct proc *p, struct __mac_set_proc_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_get_fd(struct proc *p, struct __mac_get_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_get_file(struct proc *p, struct __mac_get_file_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_fd(struct proc *p, struct __mac_set_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_file(struct proc *p, struct __mac_set_file_args *uap) +{ + + return (ENOSYS); +} + +#endif /* !MAC */ Index: sys/kern/kern_mac_biba.c =================================================================== RCS file: kern_mac_biba.c diff -N kern_mac_biba.c --- /dev/null Fri Sep 21 09:00:02 2001 +++ kern_mac_biba.c Sun Nov 19 17:56:28 2000 @@ -0,0 +1,250 @@ +/*- + * Copyright (c) 1999, 2000 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Biba Integrity Policy. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "opt_mac.h" + +#ifdef MAC + +/* + * Syntactic check of label: 0 for success, else an errno. + */ +static int +mac_biba_label_valid(const struct mac *label) +{ + + switch(label->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + break; + case MAC_BIBA_TYPE_HIGH: + case MAC_BIBA_TYPE_LOW: + case MAC_BIBA_TYPE_EQUAL: + if (label->m_biba.mb_grade != 0) + return (EINVAL); + break; + default: + return (EINVAL); + } + + return (0); +} + +int +mac_biba_can(const struct ucred *cred, const struct mac *label, int operation, + int sub_operation) +{ + /* + * Biba integrity policy dictates that for a subject to modify + * an object, the label on the subject most dominate that of the + * object. The policy dictates that for a subject to read an + * object, the label of the object must dominate that of the + * subject. For a subject to create an object on a fixed-label + * target, the label of the subject must equal the label of the + * target. Appropriate privilege can override Biba protection. + * + * MAC_WRITE, MAC_ADMIN, MAC_SIGNAL: subject dominates object + * MAC_READ, MAC_EXEC, MAC_STAT: object dominates subject + * MAC_CREATE: subject equals object + */ + if (operation & (MAC_WRITE | MAC_ADMIN | MAC_SIGNAL) && + !mac_biba_dominate(&cred->cr_label, label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + + if (operation & (MAC_READ | MAC_EXEC | MAC_STAT) && + !mac_biba_dominate(label, &cred->cr_label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + + if (operation & MAC_CREATE && + !mac_biba_equal(&cred->cr_label, label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + + return (0); +} + +int +mac_biba_dominate(const struct mac *labela, const struct mac *labelb) +{ + + switch (labela->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + switch (labelb->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + return (labela->m_biba.mb_grade >= + labelb->m_biba.mb_grade); + + case MAC_BIBA_TYPE_LOW: + return (1); + + case MAC_BIBA_TYPE_HIGH: + return (0); + + case MAC_BIBA_TYPE_EQUAL: + return (1); + + default: + panic("mac_biba_dominate(): unknown mb_type\n"); + } + + case MAC_BIBA_TYPE_LOW: + switch (labelb->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + return (0); + + case MAC_BIBA_TYPE_LOW: + return (1); + + case MAC_BIBA_TYPE_HIGH: + return (0); + + case MAC_BIBA_TYPE_EQUAL: + return (1); + + default: + panic("mac_biba_dominate(): unknown mb_type\n"); + } + + case MAC_BIBA_TYPE_HIGH: + return (1); + + case MAC_BIBA_TYPE_EQUAL: + return (1); + default: + panic("mac_biba_dominate(): unknown mb_type\n"); + } +} + +int +mac_biba_equal(const struct mac *labela, const struct mac *labelb) +{ + + return (mac_biba_dominate(labela, labelb) && + mac_biba_dominate(labelb, labela)); +} + +void +mac_biba_init_subject(struct ucred *cred) +{ + + /* + * Early system processes run with high integrity. + */ + cred->cr_label.m_biba.mb_type = MAC_BIBA_TYPE_HIGH; + cred->cr_label.m_biba.mb_grade = 0; +} + +void +mac_biba_create_subject(const struct ucred *cred_parent, + struct ucred *cred_child) +{ + + cred_child->cr_label = cred_parent->cr_label; +} + +int +mac_biba_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + error = mac_biba_label_valid(&cred_new->cr_label); + if (error) + return (error); + + error = suser_xxx(cred_old, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_biba_init_object(struct mac *label) +{ + + /* + * XXX: + * Eventually, objects without explicit labeling will be at + * low integrity. For development purposes, set them to high + * integrity to allow the system to boot. + */ + label->m_biba.mb_type = MAC_BIBA_TYPE_HIGH; + label->m_biba.mb_grade = 0; +} + +void +mac_biba_create_object(const struct ucred *cred, struct mac *label) +{ + + label->m_biba.mb_type = cred->cr_label.m_biba.mb_type; + label->m_biba.mb_grade = cred->cr_label.m_biba.mb_grade; +} + +int +mac_biba_can_setlabel_object(const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new) +{ + int error; + + error = mac_biba_label_valid(label_new); + if (error) + return (error); + + error = suser_xxx(cred, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_biba_print_label(const struct mac *label) +{ + + printf("Biba: type==%u, grade==%u\n", label->m_biba.mb_type, + label->m_biba.mb_grade); +} + +#endif /* !MAC */ Index: sys/kern/kern_mac_mls.c =================================================================== RCS file: kern_mac_mls.c diff -N kern_mac_mls.c --- /dev/null Fri Sep 21 09:00:02 2001 +++ kern_mac_mls.c Sun Nov 19 17:56:28 2000 @@ -0,0 +1,252 @@ +/*- + * Copyright (c) 1999, 2000 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Multi-Level Security Policy. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "opt_mac.h" + +#ifdef MAC + +/* + * Syntactic check of label: 0 for success, else an errno. + */ +static int +mac_mls_label_valid(const struct mac *label) +{ + + switch(label->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + break; + case MAC_MLS_TYPE_HIGH: + case MAC_MLS_TYPE_LOW: + case MAC_MLS_TYPE_EQUAL: + if (label->m_mls.mm_level != 0) + return (EINVAL); + break; + default: + return (EINVAL); + } + + return (0); +} + +int +mac_mls_can(const struct ucred *cred, const struct mac *label, int operation, + int sub_operation) +{ + /* + * POSIX.1e FP.2: The MAC label of a file shall dominate the MAC + * label of a subject for the subject to write the data or the + * attributes of a file. + * POSIX.1e FP.1: The MAC label of a file shall be dominated by the + * MAC label of the subject for the subject to read the data or + * attributes of a file. + * To create an object on a fixed-label target, the label of the + * subject must equal that of the target. + * + * MAC_WRITE, MAC_ADMIN, MAC_SIGNAL: object dominates subject + * MAC_READ, MAC_EXEC, MAC_STAT: subject dominates object + * MAC_REATE: subject equals object + */ + if (operation & (MAC_WRITE | MAC_ADMIN | MAC_SIGNAL) && + !mac_mls_dominate(label, &cred->cr_label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + if (operation & (MAC_READ | MAC_EXEC | MAC_STAT) && + !mac_mls_dominate(&cred->cr_label, label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + if (operation & MAC_CREATE && + !mac_mls_equal(&cred->cr_label, label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + + return (0); +} + +int +mac_mls_dominate(const struct mac *labela, const struct mac *labelb) +{ + + switch (labela->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + switch (labelb->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + return (labela->m_mls.mm_level >= + labelb->m_mls.mm_level); + + case MAC_MLS_TYPE_LOW: + return (1); + + case MAC_MLS_TYPE_HIGH: + return (0); + + case MAC_MLS_TYPE_EQUAL: + return (1); + + default: + panic("mac_mls_dominate(): Unknown mm_type\n"); + } + + case MAC_MLS_TYPE_LOW: + switch (labelb->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + return (0); + + case MAC_MLS_TYPE_LOW: + return (1); + + case MAC_MLS_TYPE_HIGH: + return (0); + + case MAC_MLS_TYPE_EQUAL: + return (1); + + default: + panic("mac_mls_dominate(): Unknown mm_type\n"); + } + + case MAC_MLS_TYPE_HIGH: + return (1); + + case MAC_MLS_TYPE_EQUAL: + return (1); + + default: + panic("mac_mls_dominate(): Unknown mm_type\n"); + } + return (0); +} + +int +mac_mls_equal(const struct mac *labela, const struct mac *labelb) +{ + + return (mac_mls_dominate(labela, labelb) && + mac_mls_dominate(labelb, labela)); +} + +void +mac_mls_init_subject(struct ucred *cred) +{ + + /* + * Early system processes run with low secrecy, and must + * use privilege to access high secrecy objects. + */ + cred->cr_label.m_mls.mm_type = MAC_MLS_TYPE_LOW; + cred->cr_label.m_mls.mm_level = 0; +} + +void +mac_mls_create_subject(const struct ucred *cred_parent, + struct ucred *cred_child) +{ + + cred_child->cr_label = cred_parent->cr_label; +} + +int +mac_mls_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + error = mac_mls_label_valid(&cred_new->cr_label); + if (error) + return (error); + + error = suser_xxx(cred_old, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_mls_init_object(struct mac *label) +{ + + /* + * XXX: + * Eventually, might be desirable to label unlabeled objects + * as high secrecy, but for initial booting purposes, label + * them as low secrecy. + */ + label->m_mls.mm_type = MAC_MLS_TYPE_LOW; + label->m_mls.mm_level = 0; +} + +void +mac_mls_create_object(const struct ucred *cred, struct mac *label) +{ + + label->m_mls.mm_type = cred->cr_label.m_mls.mm_type; + label->m_mls.mm_level = cred->cr_label.m_mls.mm_level; +} + +int +mac_mls_can_setlabel_object(const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new) +{ + int error; + + error = mac_mls_label_valid(label_new); + if (error) + return (error); + + error = suser_xxx(cred, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_mls_print_label(const struct mac *label) +{ + + printf("MLS: type==%u, level==%u\n", label->m_mls.mm_type, + label->m_mls.mm_level); +} + +#endif /* !MAC */ Index: sys/kern/kern_mac_partition.c =================================================================== RCS file: kern_mac_partition.c diff -N kern_mac_partition.c --- /dev/null Fri Sep 21 09:00:02 2001 +++ kern_mac_partition.c Sun Nov 19 17:56:28 2000 @@ -0,0 +1,227 @@ +/*- + * Copyright (c) 1999, 2000 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Light-Weight Partition Policy. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "opt_mac.h" + +#ifdef MAC + +/* + * Syntactic check of label: 0 for success, else an errno. + */ +static int +mac_partition_label_valid(const struct mac *label) +{ + + switch(label->m_partition.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + break; + case MAC_PARTITION_TYPE_NONE: + case MAC_PARTITION_TYPE_ALL: + if (label->m_partition.mp_partition != 0) + return (EINVAL); + break; + default: + return (EINVAL); + } + + return (0); +} + +int +mac_partition_can(const struct ucred *cred, const struct mac *label, + int operation, int sub_operation) +{ + /* + * Partitioning policy dictates that for a subject to modify + * an object, the label of the subject must dominate that of the + * object. + * For a subject to read an object, the label of the subject must + * dominate the label of the object. + * For a subject to create an object on a fixed-label target, the + * label of the subject must dominate the label of the target. + * Appropriate privilege may override the Partition policy. + * + * MAC_WRITE, MAC_ADMIN, MAC_SIGNAL: subject dominates object + * MAC_READ, MAC_EXEC, MAC_STAT: subject dominates object + * MAC_CREATE: subject dominates object + */ + if (operation & MAC_ALL && + !mac_partition_dominate(&cred->cr_label, label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + + return (0); +} + +int +mac_partition_dominate(const struct mac *labela, const struct mac *labelb) +{ + + switch(labela->m_partition.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + switch(labelb->m_partition.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + return (labela->m_partition.mp_partition == + labelb->m_partition.mp_partition); + + case MAC_PARTITION_TYPE_ALL: + /* + * Bypass of this restriction for MAC_READ + * is implemented in mac_partition_can(). + */ + return (0); + + case MAC_PARTITION_TYPE_NONE: + return (0); + + default: + panic("mac_partition_dominate(): Unknown mp_type\n"); + } + + case MAC_PARTITION_TYPE_ALL: + printf("mac_partition_dominate: warning, " + "MAC_PARTITION_TYPE_ALL used as subject."); + return (labelb->m_partition.mp_type == MAC_PARTITION_TYPE_ALL); + + case MAC_PARTITION_TYPE_NONE: + return (1); + + default: + panic("mac_partition_dominate(): Unknown mp_type\n"); + } + + return (0); +} + +int +mac_partition_equal(const struct mac *labela, const struct mac *labelb) +{ + + return (mac_partition_dominate(labela, labelb) && + mac_partition_dominate(labelb, labela)); +} + +void +mac_partition_init_subject(struct ucred *cred) +{ + + /* + * Early system processes run outside of partitions. + */ + cred->cr_label.m_partition.mp_type = MAC_PARTITION_TYPE_NONE; + cred->cr_label.m_partition.mp_partition = 0; +} + +void +mac_partition_create_subject(const struct ucred *cred_parent, + struct ucred *cred_child) +{ + + cred_child->cr_label = cred_parent->cr_label; +} + +int +mac_partition_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + error = mac_partition_label_valid(&cred_new->cr_label); + if (error) + return (error); + + error = suser_xxx(cred_old, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_partition_init_object(struct mac *label) +{ + + /* + * Unless explicitely labeled, objects are not visible from + * any partition. + */ + label->m_partition.mp_type = MAC_PARTITION_TYPE_NONE; + label->m_partition.mp_partition = 0; +} + +void +mac_partition_create_object(const struct ucred *cred, struct mac *label) +{ + + label->m_partition.mp_type = cred->cr_label.m_partition.mp_type; + label->m_partition.mp_partition = + cred->cr_label.m_partition.mp_partition; +} + +int +mac_partition_can_setlabel_object(const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new) +{ + int error; + + error = mac_partition_label_valid(label_new); + if (error) + return (error); + + error = suser_xxx(cred, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_partition_print_label(const struct mac *label) +{ + + printf("Partition: type==%u, partition==%u\n", + label->m_partition.mp_type, label->m_partition.mp_partition); +} + +#endif /* !MAC */ Index: sys/kern/kern_prot.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_prot.c,v retrieving revision 1.105 diff -u -r1.105 kern_prot.c --- sys/kern/kern_prot.c 2001/09/20 21:45:31 1.105 +++ sys/kern/kern_prot.c 2001/09/21 12:39:39 @@ -46,12 +46,14 @@ #include "opt_compat.h" #include "opt_global.h" +#include "opt_mac.h" #include #include #include #include #include +#include #include #include #include @@ -1365,6 +1367,10 @@ if ((error = prison_check(u1, u2))) return (error); +#ifdef MAC + if ((error = mac_can(p1->p_ucred, &ps->p_ucred->cr_label, MAC_READ, 0)) + return (ESRCH); +#endif if (!ps_showallprocs && u1->cr_ruid != u2->cr_ruid) { if (suser_xxx(u1, NULL, PRISON_ROOT) != 0) return (ESRCH); @@ -1411,6 +1417,13 @@ if ((error = prison_check(p1->p_ucred, p2->p_ucred))) return (error); +#ifdef MAC + if (mac_can(p1->p_ucred, &p2->p_ucred->cr_label, MAC_READ, 0)) + return (ESRCH); + if (mac_can(p1->p_ucred, &p2->p_ucred->cr_label, MAC_SIGNAL, 0)) + return (EPERM); +#endif + /* * UNIX signalling semantics require that processes in the same * session always be able to deliver SIGCONT to one another, @@ -1484,6 +1497,14 @@ return (0); if ((error = prison_check(p1->p_ucred, p2->p_ucred))) return (error); + +#ifdef MAC + if (mac_can(p1->p_ucred, &p2->p_ucred->cr_label, MAC_READ, 0)) + return (ESRCH); + if (mac_can(p1->p_ucred, &p2->p_ucred->cr_label, MAC_WRITE, 0)) + return (EPERM); +#endif + if (p1->p_ucred->cr_ruid == p2->p_ucred->cr_ruid) return (0); if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) @@ -1529,6 +1550,13 @@ if ((error = prison_check(p1->p_ucred, p2->p_ucred))) return (error); + +#ifdef MAC + if (mac_can(p1->p_ucred, &p2->p_ucred->cr_label, MAC_READ, 0)) + return (ESRCH); + if (mac_can(p1->p_ucred, &p2->p_ucred->cr_label, MAC_WRITE, 0)) + return (EPERM); +#endif /* * Not owned by you, has done setuid (unless you're root). Index: sys/kern/subr_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/subr_mbuf.c,v retrieving revision 1.8 diff -u -r1.8 subr_mbuf.c --- sys/kern/subr_mbuf.c 2001/09/12 08:37:45 1.8 +++ sys/kern/subr_mbuf.c 2001/09/13 22:01:35 @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -904,6 +905,9 @@ (m)->m_pkthdr.rcvif = NULL; \ (m)->m_pkthdr.csum_flags = 0; \ (m)->m_pkthdr.aux = NULL; \ +#if MAC + mac_init_object(&((m_set)->m_pkthdr.label)); \ +#endif /* MAC */ } \ } while (0) Index: sys/kern/sys_socket.c =================================================================== RCS file: /home/ncvs/src/sys/kern/sys_socket.c,v retrieving revision 1.35 diff -u -r1.35 sys_socket.c --- sys/kern/sys_socket.c 2001/09/12 08:37:46 1.35 +++ sys/kern/sys_socket.c 2001/09/13 22:01:36 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include Index: sys/kern/syscalls.c =================================================================== RCS file: /home/ncvs/src/sys/kern/syscalls.c,v retrieving revision 1.94 diff -u -r1.94 syscalls.c --- sys/kern/syscalls.c 2001/09/18 23:33:32 1.94 +++ sys/kern/syscalls.c 2001/09/19 03:13:43 @@ -2,7 +2,7 @@ * System call names. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/kern/syscalls.c,v 1.94 2001/09/18 23:33:32 peter Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.97 2001/09/18 23:31:36 peter Exp */ @@ -383,4 +383,10 @@ "extattr_delete_fd", /* 373 = extattr_delete_fd */ "__setugid", /* 374 = __setugid */ "nfsclnt", /* 375 = nfsclnt */ + "__mac_get_proc", /* 376 = __mac_get_proc */ + "__mac_set_proc", /* 377 = __mac_set_proc */ + "__mac_get_fd", /* 378 = __mac_get_fd */ + "__mac_get_file", /* 379 = __mac_get_file */ + "__mac_set_fd", /* 380 = __mac_set_fd */ + "__mac_set_file", /* 381 = __mac_set_file */ }; Index: sys/kern/syscalls.master =================================================================== RCS file: /home/ncvs/src/sys/kern/syscalls.master,v retrieving revision 1.97 diff -u -r1.97 syscalls.master --- sys/kern/syscalls.master 2001/09/18 23:31:36 1.97 +++ sys/kern/syscalls.master 2001/09/19 03:13:40 @@ -544,3 +544,9 @@ const char *attrname); } 374 MSTD BSD { int __setugid(int flag); } 375 NOIMPL BSD { int nfsclnt(int flag, caddr_t argp); } +376 STD BSD { int __mac_get_proc(struct mac *mac_p); } +377 STD BSD { int __mac_set_proc(struct mac *mac_p); } +378 STD BSD { int __mac_get_fd(int fd, struct mac *mac_p); } +379 STD BSD { int __mac_get_file(const char *path_p, struct mac *mac_p); } +380 STD BSD { int __mac_set_fd(int fd, struct mac *mac_p); } +381 STD BSD { int __mac_set_file(const char *path_p, struct mac *mac_p); } Index: sys/kern/vnode_if.src =================================================================== RCS file: /home/ncvs/src/sys/kern/vnode_if.src,v retrieving revision 1.43 diff -u -r1.43 vnode_if.src --- sys/kern/vnode_if.src 2001/09/12 08:37:47 1.43 +++ sys/kern/vnode_if.src 2001/09/13 22:01:38 @@ -551,3 +551,23 @@ IN struct vnode *vp; OUT struct vm_object **objpp; }; + +# +#% getlabel vp L L L +# +vop_getlabel { + IN struct vnode *vp; + OUT struct mac *label; + IN struct ucred *cred; + IN struct proc *p; +}; + +# +#% setlabel vp L L L +# +vop_setlabel { + IN struct vnode *vp; + IN struct mac *label; + IN struct ucred *cred; + IN struct proc *p; +}; cvs diff: Diffing sys/libkern cvs diff: Diffing sys/libkern/alpha cvs diff: Diffing sys/libkern/ia64 cvs diff: Diffing sys/modules cvs diff: Diffing sys/modules/3dfx cvs diff: Diffing sys/modules/aac cvs diff: Diffing sys/modules/accf_data cvs diff: Diffing sys/modules/accf_http cvs diff: Diffing sys/modules/acpi cvs diff: Diffing sys/modules/agp cvs diff: Diffing sys/modules/aha cvs diff: Diffing sys/modules/aic cvs diff: Diffing sys/modules/amr cvs diff: Diffing sys/modules/an cvs diff: Diffing sys/modules/ar cvs diff: Diffing sys/modules/asr cvs diff: Diffing sys/modules/atspeaker cvs diff: Diffing sys/modules/aue cvs diff: Diffing sys/modules/bktr cvs diff: Diffing sys/modules/bktr/bktr cvs diff: Diffing sys/modules/bktr/bktr_mem cvs diff: Diffing sys/modules/cam cvs diff: Diffing sys/modules/cardbus cvs diff: Diffing sys/modules/cbb cvs diff: Diffing sys/modules/ccd cvs diff: Diffing sys/modules/cd9660 cvs diff: Diffing sys/modules/coda cvs diff: Diffing sys/modules/coff cvs diff: Diffing sys/modules/cue cvs diff: Diffing sys/modules/dc cvs diff: Diffing sys/modules/de cvs diff: Diffing sys/modules/digi cvs diff: Diffing sys/modules/digi/digi cvs diff: Diffing sys/modules/digi/digi_CX cvs diff: Diffing sys/modules/digi/digi_CX_PCI cvs diff: Diffing sys/modules/digi/digi_EPCX cvs diff: Diffing sys/modules/digi/digi_EPCX_PCI cvs diff: Diffing sys/modules/digi/digi_Xe cvs diff: Diffing sys/modules/digi/digi_Xem cvs diff: Diffing sys/modules/digi/digi_Xr cvs diff: Diffing sys/modules/ed cvs diff: Diffing sys/modules/el cvs diff: Diffing sys/modules/ep cvs diff: Diffing sys/modules/ext2fs cvs diff: Diffing sys/modules/fdc cvs diff: Diffing sys/modules/fdescfs cvs diff: Diffing sys/modules/fe cvs diff: Diffing sys/modules/fpu cvs diff: Diffing sys/modules/fs cvs diff: Diffing sys/modules/fs/linprocfs cvs diff: Diffing sys/modules/fs/pseudofs cvs diff: Diffing sys/modules/fxp cvs diff: Diffing sys/modules/gnufpu cvs diff: Diffing sys/modules/hpfs cvs diff: Diffing sys/modules/ibcs2 cvs diff: Diffing sys/modules/if_disc cvs diff: Diffing sys/modules/if_ef cvs diff: Diffing sys/modules/if_gif cvs diff: Diffing sys/modules/if_ppp cvs diff: Diffing sys/modules/if_sl cvs diff: Diffing sys/modules/if_stf cvs diff: Diffing sys/modules/if_tap cvs diff: Diffing sys/modules/if_tun cvs diff: Diffing sys/modules/if_vlan cvs diff: Diffing sys/modules/ip6fw cvs diff: Diffing sys/modules/ip_mroute_mod cvs diff: Diffing sys/modules/ipfilter cvs diff: Diffing sys/modules/ipfw cvs diff: Diffing sys/modules/ispfw cvs diff: Diffing sys/modules/joy cvs diff: Diffing sys/modules/kue cvs diff: Diffing sys/modules/lge cvs diff: Diffing sys/modules/libiconv cvs diff: Diffing sys/modules/libmchain cvs diff: Diffing sys/modules/linux cvs diff: Diffing sys/modules/lnc cvs diff: Diffing sys/modules/md cvs diff: Diffing sys/modules/mii cvs diff: Diffing sys/modules/mlx cvs diff: Diffing sys/modules/mly cvs diff: Diffing sys/modules/msdosfs cvs diff: Diffing sys/modules/ncp cvs diff: Diffing sys/modules/netgraph cvs diff: Diffing sys/modules/netgraph/UI cvs diff: Diffing sys/modules/netgraph/async cvs diff: Diffing sys/modules/netgraph/bpf cvs diff: Diffing sys/modules/netgraph/bridge cvs diff: Diffing sys/modules/netgraph/cisco cvs diff: Diffing sys/modules/netgraph/echo cvs diff: Diffing sys/modules/netgraph/eiface cvs diff: Diffing sys/modules/netgraph/ether cvs diff: Diffing sys/modules/netgraph/frame_relay cvs diff: Diffing sys/modules/netgraph/hole cvs diff: Diffing sys/modules/netgraph/iface cvs diff: Diffing sys/modules/netgraph/ksocket cvs diff: Diffing sys/modules/netgraph/lmi cvs diff: Diffing sys/modules/netgraph/mppc cvs diff: Diffing sys/modules/netgraph/netgraph cvs diff: Diffing sys/modules/netgraph/one2many cvs diff: Diffing sys/modules/netgraph/ppp cvs diff: Diffing sys/modules/netgraph/pppoe cvs diff: Diffing sys/modules/netgraph/pptpgre cvs diff: Diffing sys/modules/netgraph/rfc1490 cvs diff: Diffing sys/modules/netgraph/sample cvs diff: Diffing sys/modules/netgraph/socket cvs diff: Diffing sys/modules/netgraph/split cvs diff: Diffing sys/modules/netgraph/sync_ar cvs diff: Diffing sys/modules/netgraph/sync_sr cvs diff: Diffing sys/modules/netgraph/tee cvs diff: Diffing sys/modules/netgraph/tty cvs diff: Diffing sys/modules/netgraph/vjc cvs diff: Diffing sys/modules/nfsclient cvs diff: Diffing sys/modules/nfsserver cvs diff: Diffing sys/modules/nge cvs diff: Diffing sys/modules/nmdm cvs diff: Diffing sys/modules/ntfs cvs diff: Diffing sys/modules/nullfs cvs diff: Diffing sys/modules/nwfs cvs diff: Diffing sys/modules/oldcard cvs diff: Diffing sys/modules/oltr cvs diff: Diffing sys/modules/osf1 cvs diff: Diffing sys/modules/pccard cvs diff: Diffing sys/modules/pccbb cvs diff: Diffing sys/modules/pcfclock cvs diff: Diffing sys/modules/pcic cvs diff: Diffing sys/modules/pcn cvs diff: Diffing sys/modules/pecoff cvs diff: Diffing sys/modules/portalfs cvs diff: Diffing sys/modules/procfs Index: sys/modules/procfs/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/procfs/Makefile,v retrieving revision 1.23 diff -u -r1.23 Makefile --- sys/modules/procfs/Makefile 2001/05/23 09:42:27 1.23 +++ sys/modules/procfs/Makefile 2001/05/31 14:45:13 @@ -16,7 +16,8 @@ procfs_subr.c \ procfs_type.c \ procfs_vfsops.c \ - procfs_vnops.c + procfs_vnops.c \ + opt_mac.h NOMAN= .include cvs diff: Diffing sys/modules/random cvs diff: Diffing sys/modules/ray cvs diff: Diffing sys/modules/rl cvs diff: Diffing sys/modules/rp cvs diff: Diffing sys/modules/s3 cvs diff: Diffing sys/modules/sf cvs diff: Diffing sys/modules/sis cvs diff: Diffing sys/modules/sk cvs diff: Diffing sys/modules/smbfs cvs diff: Diffing sys/modules/sn cvs diff: Diffing sys/modules/snc cvs diff: Diffing sys/modules/snp cvs diff: Diffing sys/modules/sound cvs diff: Diffing sys/modules/sound/driver cvs diff: Diffing sys/modules/sound/driver/ad1816 cvs diff: Diffing sys/modules/sound/driver/als4000 cvs diff: Diffing sys/modules/sound/driver/cmi cvs diff: Diffing sys/modules/sound/driver/cs4281 cvs diff: Diffing sys/modules/sound/driver/csa cvs diff: Diffing sys/modules/sound/driver/csapcm cvs diff: Diffing sys/modules/sound/driver/driver cvs diff: Diffing sys/modules/sound/driver/ds1 cvs diff: Diffing sys/modules/sound/driver/emu10k1 cvs diff: Diffing sys/modules/sound/driver/es137x cvs diff: Diffing sys/modules/sound/driver/es1888 cvs diff: Diffing sys/modules/sound/driver/ess cvs diff: Diffing sys/modules/sound/driver/fm801 cvs diff: Diffing sys/modules/sound/driver/gusc cvs diff: Diffing sys/modules/sound/driver/ich cvs diff: Diffing sys/modules/sound/driver/maestro cvs diff: Diffing sys/modules/sound/driver/maestro3 cvs diff: Diffing sys/modules/sound/driver/mss cvs diff: Diffing sys/modules/sound/driver/neomagic cvs diff: Diffing sys/modules/sound/driver/sb16 cvs diff: Diffing sys/modules/sound/driver/sb8 cvs diff: Diffing sys/modules/sound/driver/sbc cvs diff: Diffing sys/modules/sound/driver/solo cvs diff: Diffing sys/modules/sound/driver/t4dwave cvs diff: Diffing sys/modules/sound/driver/via82c686 cvs diff: Diffing sys/modules/sound/driver/vibes cvs diff: Diffing sys/modules/sound/pcm cvs diff: Diffing sys/modules/splash cvs diff: Diffing sys/modules/splash/bmp cvs diff: Diffing sys/modules/splash/pcx cvs diff: Diffing sys/modules/sppp cvs diff: Diffing sys/modules/sr cvs diff: Diffing sys/modules/ste cvs diff: Diffing sys/modules/streams cvs diff: Diffing sys/modules/svr4 cvs diff: Diffing sys/modules/sym cvs diff: Diffing sys/modules/syscons cvs diff: Diffing sys/modules/syscons/apm cvs diff: Diffing sys/modules/syscons/blank cvs diff: Diffing sys/modules/syscons/daemon cvs diff: Diffing sys/modules/syscons/fade cvs diff: Diffing sys/modules/syscons/fire cvs diff: Diffing sys/modules/syscons/green cvs diff: Diffing sys/modules/syscons/logo cvs diff: Diffing sys/modules/syscons/rain cvs diff: Diffing sys/modules/syscons/snake cvs diff: Diffing sys/modules/syscons/star cvs diff: Diffing sys/modules/syscons/warp cvs diff: Diffing sys/modules/sysvipc cvs diff: Diffing sys/modules/sysvipc/sysvmsg cvs diff: Diffing sys/modules/sysvipc/sysvsem cvs diff: Diffing sys/modules/sysvipc/sysvshm cvs diff: Diffing sys/modules/ti cvs diff: Diffing sys/modules/tl cvs diff: Diffing sys/modules/twe cvs diff: Diffing sys/modules/tx cvs diff: Diffing sys/modules/txp cvs diff: Diffing sys/modules/udbp cvs diff: Diffing sys/modules/ugen cvs diff: Diffing sys/modules/uhid cvs diff: Diffing sys/modules/ukbd cvs diff: Diffing sys/modules/ulpt cvs diff: Diffing sys/modules/umapfs cvs diff: Diffing sys/modules/umass cvs diff: Diffing sys/modules/umodem cvs diff: Diffing sys/modules/ums cvs diff: Diffing sys/modules/unionfs cvs diff: Diffing sys/modules/urio cvs diff: Diffing sys/modules/usb cvs diff: Diffing sys/modules/uscanner cvs diff: Diffing sys/modules/vesa cvs diff: Diffing sys/modules/vinum cvs diff: Diffing sys/modules/vpo cvs diff: Diffing sys/modules/vr cvs diff: Diffing sys/modules/vx cvs diff: Diffing sys/modules/wb cvs diff: Diffing sys/modules/wi cvs diff: Diffing sys/modules/wx cvs diff: Diffing sys/modules/xl cvs diff: Diffing sys/net Index: sys/net/if.c =================================================================== RCS file: /home/ncvs/src/sys/net/if.c,v retrieving revision 1.116 diff -u -r1.116 if.c --- sys/net/if.c 2001/09/18 17:41:42 1.116 +++ sys/net/if.c 2001/09/19 02:39:00 @@ -37,6 +37,7 @@ #include "opt_compat.h" #include "opt_inet6.h" #include "opt_inet.h" +#include "opt_mac.h" #include #include @@ -51,6 +52,7 @@ #include #include #include +#include #include #include @@ -190,6 +192,13 @@ TAILQ_INIT(&ifp->if_prefixhead); TAILQ_INIT(&ifp->if_multiaddrs); getmicrotime(&ifp->if_lastchange); + +#ifdef MAC + mac_init_object(&ifp->if_label_default); + mac_init_object(&ifp->if_label_lower); + mac_init_object(&ifp->if_label_upper); +#endif + if (if_index >= if_indexlim) if_grow(); Index: sys/net/if_atmsubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_atmsubr.c,v retrieving revision 1.16 diff -u -r1.16 if_atmsubr.c --- sys/net/if_atmsubr.c 2001/06/15 07:32:25 1.16 +++ sys/net/if_atmsubr.c 2001/08/05 17:04:10 @@ -40,6 +40,7 @@ #include "opt_inet.h" #include "opt_inet6.h" +#include "opt_mac.h" #include "opt_natm.h" #include @@ -233,6 +234,14 @@ return; } ifp->if_ibytes += m->m_pkthdr.len; + +#ifdef MAC + /* + * XXX: Label all ATM packets with the interface default label here. + * Can be relabeled later in the protocol stack if desired. + */ + m->m_label = ifp->if_label_default; +#endif if (rxhand) { #ifdef NATM Index: sys/net/if_ethersubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.97 diff -u -r1.97 if_ethersubr.c --- sys/net/if_ethersubr.c 2001/09/10 01:33:03 1.97 +++ sys/net/if_ethersubr.c 2001/09/13 22:02:26 @@ -39,6 +39,7 @@ #include "opt_inet6.h" #include "opt_ipx.h" #include "opt_bdg.h" +#include "opt_mac.h" #include "opt_netgraph.h" #include @@ -408,6 +409,15 @@ { #ifdef BRIDGE struct ether_header save_eh; +#endif + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_pkthdr.label = ifp->if_label_default; #endif /* Check for a BPF tap */ Index: sys/net/if_fddisubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_fddisubr.c,v retrieving revision 1.52 diff -u -r1.52 if_fddisubr.c --- sys/net/if_fddisubr.c 2001/09/06 02:40:29 1.52 +++ sys/net/if_fddisubr.c 2001/09/13 16:25:15 @@ -40,6 +40,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_mac.h" #include #include @@ -377,6 +378,16 @@ m_freem(m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif + getmicrotime(&ifp->if_lastchange); ifp->if_ibytes += m->m_pkthdr.len + sizeof (*fh); if (fh->fddi_dhost[0] & 1) { Index: sys/net/if_gif.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_gif.c,v retrieving revision 1.13 diff -u -r1.13 if_gif.c --- sys/net/if_gif.c 2001/09/03 20:03:53 1.13 +++ sys/net/if_gif.c 2001/09/13 16:25:15 @@ -442,6 +442,13 @@ } m->m_pkthdr.rcvif = gifp; + + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_pkthdr.label = gifp->if_label_default; if (gifp->if_bpf) { /* Index: sys/net/if_iso88025subr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_iso88025subr.c,v retrieving revision 1.18 diff -u -r1.18 if_iso88025subr.c --- sys/net/if_iso88025subr.c 2001/09/06 02:40:29 1.18 +++ sys/net/if_iso88025subr.c 2001/09/13 16:25:15 @@ -43,6 +43,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_mac.h" #include #include @@ -420,6 +421,15 @@ m_freem(m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif getmicrotime(&ifp->if_lastchange); ifp->if_ibytes += m->m_pkthdr.len + sizeof(*th); Index: sys/net/if_spppsubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_spppsubr.c,v retrieving revision 1.72 diff -u -r1.72 if_spppsubr.c --- sys/net/if_spppsubr.c 2001/07/31 07:27:01 1.72 +++ sys/net/if_spppsubr.c 2001/08/05 17:04:12 @@ -26,6 +26,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_mac.h" #endif #ifdef NetBSD1_3 @@ -518,6 +519,15 @@ m_freem (m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif /* Get PPP header. */ h = mtod (m, struct ppp_header*); Index: sys/net/if_stf.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_stf.c,v retrieving revision 1.12 diff -u -r1.12 if_stf.c --- sys/net/if_stf.c 2001/09/19 00:13:00 1.12 +++ sys/net/if_stf.c 2001/09/19 02:39:02 @@ -279,12 +279,6 @@ return (0); } -static moduledata_t stf_mod = { - "if_stf", - stfmodevent, - 0 -}; - DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); static int @@ -617,6 +611,13 @@ m_freem(m); return; } + + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; ip = mtod(m, struct ip *); Index: sys/net/if_var.h =================================================================== RCS file: /home/ncvs/src/sys/net/if_var.h,v retrieving revision 1.37 diff -u -r1.37 if_var.h --- sys/net/if_var.h 2001/09/18 17:41:42 1.37 +++ sys/net/if_var.h 2001/09/19 02:39:03 @@ -73,6 +73,7 @@ struct ether_header; #endif +#include /* struct mac */ #include /* get TAILQ macros */ #ifdef _KERNEL @@ -153,6 +154,9 @@ struct ifqueue if_snd; /* output queue */ struct ifqueue *if_poll_slowq; /* input queue for slow devices */ struct ifprefixhead if_prefixhead; /* list of prefixes per if */ + struct mac if_label_default; /* default label for incoming packets */ + struct mac if_label_lower; /* lower bound for send/recv */ + struct mac if_label_upper; /* upper bound for send/recv */ }; typedef void if_init_f_t __P((void *)); cvs diff: Diffing sys/netatalk cvs diff: Diffing sys/netatm cvs diff: Diffing sys/netatm/ipatm cvs diff: Diffing sys/netatm/sigpvc cvs diff: Diffing sys/netatm/spans cvs diff: Diffing sys/netatm/uni cvs diff: Diffing sys/netgraph cvs diff: Diffing sys/netinet Index: sys/netinet/ip_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.167 diff -u -r1.167 ip_fw.c --- sys/netinet/ip_fw.c 2001/09/20 13:52:49 1.167 +++ sys/netinet/ip_fw.c 2001/09/21 12:40:37 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include cvs diff: Diffing sys/netinet6 cvs diff: Diffing sys/netipx cvs diff: Diffing sys/netkey cvs diff: Diffing sys/netnatm cvs diff: Diffing sys/netncp cvs diff: Diffing sys/netns cvs diff: Diffing sys/netsmb cvs diff: Diffing sys/nfs cvs diff: Diffing sys/nfsclient cvs diff: Diffing sys/nfsserver cvs diff: Diffing sys/pc98 cvs diff: Diffing sys/pc98/apm cvs diff: Diffing sys/pc98/compile cvs diff: Diffing sys/pc98/conf cvs diff: Diffing sys/pc98/i386 cvs diff: Diffing sys/pc98/pc98 cvs diff: Diffing sys/pccard cvs diff: Diffing sys/pci cvs diff: Diffing sys/posix4 cvs diff: Diffing sys/powerpc cvs diff: Diffing sys/powerpc/compile cvs diff: Diffing sys/powerpc/conf cvs diff: Diffing sys/powerpc/include cvs diff: Diffing sys/powerpc/powerpc cvs diff: Diffing sys/sparc64 cvs diff: Diffing sys/sparc64/compile cvs diff: Diffing sys/sparc64/conf cvs diff: Diffing sys/sparc64/include cvs diff: Diffing sys/sparc64/sparc64 cvs diff: Diffing sys/sys Index: sys/sys/mac.h =================================================================== RCS file: mac.h diff -N mac.h --- /dev/null Fri Sep 21 09:00:02 2001 +++ mac.h Wed Feb 7 14:09:55 2001 @@ -0,0 +1,177 @@ +/*- + * Copyright (c) 2000 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Userland/kernel interface for Mandatory Access Control. + * + * The POSIX.1e implementation page may be reached at: + * http://www.trustedbsd.org/ + */ +#ifndef _SYS_MAC_H +#define _SYS_MAC_H + +#ifndef _POSIX_MAC +#define _POSIX_MAC +#endif + +#define FREEBSD_MAC_EXTATTR_NAME "$freebsd.mac" + +/* + * Structures and constants associated with a Biba Integrity policy. + * mac_biba represents a Biba label, with mb_type determining its properties, + * and mb_grade represents the hierarchal grade if valid for the current + * mb_type. + */ +struct mac_biba { + u_short mb_type; + u_short mb_grade; +}; +#define MAC_BIBA_TYPE_GRADE 0 /* Hierarchal grade with mb_grade. */ +#define MAC_BIBA_TYPE_LOW 1 /* Dominated by any + * MAC_BIBA_TYPE_LABEL. */ +#define MAC_BIBA_TYPE_HIGH 2 /* Dominates any + * MAC_BIBA_TYPE_LABEL. */ +#define MAC_BIBA_TYPE_EQUAL 3 /* Equivilent to any + * MAC_BIBA_TYPE_LABEL. */ + +/* + * Structures and constants associated with a Multi-Level Security policy. + * mac_mls represents an MLS label, with mm_type determining its properties, + * and mm_level represents the hierarchal sensitivity level if valid for the + * current mm_type. + */ +struct mac_mls { + u_short mm_type; + u_short mm_level; +}; +#define MAC_MLS_TYPE_LEVEL 0 /* Hierarchal level with mm_level. */ +#define MAC_MLS_TYPE_LOW 1 /* Dominated by any + * MAC_MLS_TYPE_LABEL. */ +#define MAC_MLS_TYPE_HIGH 2 /* Dominates any + * MAC_MLS_TYPE_LABEL. */ +#define MAC_MLS_TYPE_EQUAL 3 /* Equivilent to any + * MAC_MLS_TYPE_LABEL. */ + +/* + * Structures and constants for efficient, scalable non-overlapping system + * partitions. + * mac_partition represents a partitiong label, with mp_type determining + * its properties, and mp_partition representing the partition number for + * the current mp_type. + */ +struct mac_partition { + u_short mp_type; + u_int mp_partition; +}; +#define MAC_PARTITION_TYPE_PARTITION 0 /* Visible/can effect the + * partition identified by + * mp_partition. */ +#define MAC_PARTITION_TYPE_ALL 1 /* Visible from any partition, + * not modifiable from any + * partition. */ +#define MAC_PARTITION_TYPE_NONE 2 /* Visible from no partition, + * not modifiable from any + * partition. */ + +struct mac { + struct mac_biba m_biba; + struct mac_mls m_mls; + struct mac_partition m_partition; +}; +typedef struct mac *mac_t; + +const struct mac mac_userland_system_high_label; + +#ifndef _KERNEL + +/* + * POSIX.1e functions visible in the application namespace. + */ +int mac_dominate __P((const mac_t labela, const mac_t labelb)); +int mac_equal __P((const mac_t labela, const mac_t labelb)); +int mac_free __P((void *buf_p)); +mac_t mac_from_text __P((const char *text_p)); +mac_t mac_from_fd __P((int fildes)); +mac_t mac_get_file __P((const char *path_p)); +mac_t mac_get_proc __P((void)); +mac_t mac_glb __P((const mac_t labela, const mac_t labelb)); +mac_t mac_lub __P((const mac_t labela, const mac_t labelb)); +int mac_set_fd __P((int fildes, const mac_t label)); +int mac_set_file __P((const char *path_p, mac_t label)); +int mac_set_proc __P((const mac_t label)); +ssize_t mac_size __P((mac_t label)); +char * mac_to_text __P((const mac_t label, size_t *len_p)); +int mac_valid __P((const mac_t label)); + +/* + * System calls wrapped by some POSIX.1e functions. + */ +int __mac_get_fd(int fd, struct mac *mac_p); +int __mac_get_file(const char *path_p, struct mac *mac_p); +int __mac_get_proc(struct mac *mac_p); +int __mac_set_fd(int fd, struct mac *mac_p); +int __mac_set_file(const char *path_p, struct mac *mac_p); +int __mac_set_proc(struct mac *mac_p); + +#else /* _KERNEL */ + +/* + * Information flow/operation mask, used as an argument to mac_can(). + */ +#define MAC_NONE 0x00000000 +#define MAC_READ 0x00000001 /* Information flow to subject. */ +#define MAC_WRITE 0x00000002 /* Information flow to object. */ +#define MAC_EXEC 0x00000004 /* Execute the object. */ +#define MAC_ADMIN 0x00000008 /* Administer object attributes. */ +#define MAC_SIGNAL 0x00000010 /* Signal the object (process). */ +#define MAC_CREATE 0x00000020 /* Create an object with this label. */ +#define MAC_STAT 0x00000040 /* Read object attributes. */ +#define MAC_ALL (MAC_READ | MAC_WRITE | MAC_EXEC | MAC_ADMIN | MAC_SIGNAL | \ + MAC_CREATE | MAC_STAT) + +/* + * Kernel functions to manage and evaluate labels. + */ +struct ucred; +int mac_can __P((const struct ucred *cred, const struct mac *label, + int operation, int sub_operation)); +int mac_dominate __P((const struct mac *labela, const struct mac *labelb)); +int mac_equal __P((const struct mac *labela, const struct mac *labelb)); +void mac_init_subject __P((struct ucred *cred)); +void mac_create_subject __P((const struct ucred *cred_parent, + struct ucred *cred_child)); +int mac_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_init_object __P((struct mac *label)); +void mac_create_object __P((const struct ucred *cred, struct mac *label)); +int mac_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_print_label __P((const struct mac *label)); + +#endif /* _KERNEL */ + +#endif /* !_SYS_MAC_H */ Index: sys/sys/mac_private.h =================================================================== RCS file: mac_private.h diff -N mac_private.h --- /dev/null Fri Sep 21 09:00:02 2001 +++ mac_private.h Sun Nov 19 17:56:32 2000 @@ -0,0 +1,91 @@ +/*- + * Copyright (c) 2000 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Private label management functions for mandatory security policies. + */ +#ifndef _SYS_MAC_PRIVATE_H +#define _SYS_MAC_PRIVATE_H + +/* Biba Integrity Policy. */ +int mac_biba_can __P((const struct ucred *cred, + const struct mac *label, int operation, int sub_operation)); +int mac_biba_dominate __P((const struct mac *labela, + const struct mac *labelb)); +int mac_biba_equal __P((const struct mac *labela, + const struct mac *labelb)); +void mac_biba_init_subject __P((struct ucred *cred)); +void mac_biba_create_subject __P((const struct ucred *parent_cred, + struct ucred *child_cred)); +int mac_biba_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_biba_init_object __P((struct mac *label)); +void mac_biba_create_object __P((const struct ucred *cred, + struct mac *label)); +int mac_biba_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_biba_print_label __P((const struct mac *label)); + +/* Multi-Level Security Policy. */ +int mac_mls_can __P((const struct ucred *cred, const struct mac *label, + int operation, int sub_operation)); +int mac_mls_dominate __P((const struct mac *labela, + const struct mac *labelb)); +int mac_mls_equal __P((const struct mac *labela, const struct mac *labelb)); +void mac_mls_init_subject __P((struct ucred *cred)); +void mac_mls_create_subject __P((const struct ucred *parent_cred, + struct ucred *child_cred)); +int mac_mls_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_mls_init_object __P((struct mac *label)); +void mac_mls_create_object __P((const struct ucred *cred, + struct mac *label)); +int mac_mls_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_mls_print_label __P((const struct mac *label)); + +/* Light-Weight Partition Security Policy. */ +int mac_partition_can __P((const struct ucred *cred, + const struct mac *label, int operation, int sub_operation)); +int mac_partition_dominate __P((const struct mac *labela, + const struct mac *labelb)); +int mac_partition_equal __P((const struct mac *labela, + const struct mac *labelb)); +void mac_partition_init_subject __P((struct ucred *cred)); +void mac_partition_create_subject __P((const struct ucred *parent_cred, + struct ucred *child_cred)); +int mac_partition_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_partition_init_object __P((struct mac *label)); +void mac_partition_create_object __P((const struct ucred *cred, + struct mac *label)); +int mac_partition_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_partition_print_label __P((const struct mac *label)); + +#endif /* !_SYS_MAC_PRIVATE_H */ Index: sys/sys/mbuf.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.84 diff -u -r1.84 mbuf.h --- sys/sys/mbuf.h 2001/08/19 04:35:26 1.84 +++ sys/sys/mbuf.h 2001/09/13 16:43:15 @@ -85,6 +85,7 @@ int csum_flags; /* flags regarding checksum */ int csum_data; /* data field used by csum routines */ struct mbuf *aux; /* extra data buffer; ipsec/others */ + struct mac label; /* label of data in packet */ }; /* Index: sys/sys/mount.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mount.h,v retrieving revision 1.113 diff -u -r1.113 mount.h --- sys/sys/mount.h 2001/09/12 08:38:05 1.113 +++ sys/sys/mount.h 2001/09/13 22:02:59 @@ -43,6 +43,7 @@ */ #include +#include #include #include #ifdef _KERNEL Index: sys/sys/proc.h =================================================================== RCS file: /home/ncvs/src/sys/sys/proc.h,v retrieving revision 1.184 diff -u -r1.184 proc.h --- sys/sys/proc.h 2001/09/18 21:03:53 1.184 +++ sys/sys/proc.h 2001/09/19 02:40:32 @@ -53,6 +53,7 @@ #ifndef _KERNEL #include /* For structs itimerval, timeval. */ #endif +#include #include #include /* Machine-dependent proc substruct. */ Index: sys/sys/syscall-hide.h =================================================================== RCS file: /home/ncvs/src/sys/sys/syscall-hide.h,v retrieving revision 1.88 diff -u -r1.88 syscall-hide.h --- sys/sys/syscall-hide.h 2001/09/18 23:33:33 1.88 +++ sys/sys/syscall-hide.h 2001/09/19 03:13:43 @@ -2,7 +2,7 @@ * System call hiders. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/syscall-hide.h,v 1.88 2001/09/18 23:33:33 peter Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.97 2001/09/18 23:31:36 peter Exp */ @@ -289,3 +289,9 @@ HIDE_BSD(extattr_delete_fd) HIDE_BSD(__setugid) HIDE_BSD(nfsclnt) +HIDE_BSD(__mac_get_proc) +HIDE_BSD(__mac_set_proc) +HIDE_BSD(__mac_get_fd) +HIDE_BSD(__mac_get_file) +HIDE_BSD(__mac_set_fd) +HIDE_BSD(__mac_set_file) Index: sys/sys/syscall.h =================================================================== RCS file: /home/ncvs/src/sys/sys/syscall.h,v retrieving revision 1.92 diff -u -r1.92 syscall.h --- sys/sys/syscall.h 2001/09/18 23:33:33 1.92 +++ sys/sys/syscall.h 2001/09/19 03:13:43 @@ -2,7 +2,7 @@ * System call numbers. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/syscall.h,v 1.92 2001/09/18 23:33:33 peter Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.97 2001/09/18 23:31:36 peter Exp */ @@ -296,4 +296,10 @@ #define SYS_extattr_delete_fd 373 #define SYS___setugid 374 #define SYS_nfsclnt 375 -#define SYS_MAXSYSCALL 376 +#define SYS___mac_get_proc 376 +#define SYS___mac_set_proc 377 +#define SYS___mac_get_fd 378 +#define SYS___mac_get_file 379 +#define SYS___mac_set_fd 380 +#define SYS___mac_set_file 381 +#define SYS_MAXSYSCALL 382 Index: sys/sys/syscall.mk =================================================================== RCS file: /home/ncvs/src/sys/sys/syscall.mk,v retrieving revision 1.46 diff -u -r1.46 syscall.mk --- sys/sys/syscall.mk 2001/09/18 23:33:33 1.46 +++ sys/sys/syscall.mk 2001/09/19 03:13:43 @@ -1,6 +1,6 @@ # FreeBSD system call names. # DO NOT EDIT-- this file is automatically generated. -# $FreeBSD: src/sys/sys/syscall.mk,v 1.46 2001/09/18 23:33:33 peter Exp $ +# $FreeBSD$ # created from FreeBSD: src/sys/kern/syscalls.master,v 1.97 2001/09/18 23:31:36 peter Exp MIASM = \ syscall.o \ @@ -244,4 +244,10 @@ extattr_get_fd.o \ extattr_delete_fd.o \ __setugid.o \ - nfsclnt.o + nfsclnt.o \ + __mac_get_proc.o \ + __mac_set_proc.o \ + __mac_get_fd.o \ + __mac_get_file.o \ + __mac_set_fd.o \ + __mac_set_file.o Index: sys/sys/sysproto.h =================================================================== RCS file: /home/ncvs/src/sys/sys/sysproto.h,v retrieving revision 1.83 diff -u -r1.83 sysproto.h --- sys/sys/sysproto.h 2001/09/18 23:33:33 1.83 +++ sys/sys/sysproto.h 2001/09/19 03:13:43 @@ -2,7 +2,7 @@ * System call prototypes. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/sysproto.h,v 1.83 2001/09/18 23:33:33 peter Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.97 2001/09/18 23:31:36 peter Exp */ @@ -1077,6 +1077,28 @@ char flag_l_[PADL_(int)]; int flag; char flag_r_[PADR_(int)]; char argp_l_[PADL_(caddr_t)]; caddr_t argp; char argp_r_[PADR_(caddr_t)]; }; +struct __mac_get_proc_args { + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_set_proc_args { + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_get_fd_args { + char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_get_file_args { + char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_set_fd_args { + char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_set_file_args { + char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; int nosys __P((struct thread *, struct nosys_args *)); void sys_exit __P((struct thread *, struct sys_exit_args *)); int fork __P((struct thread *, struct fork_args *)); @@ -1318,6 +1340,12 @@ int extattr_delete_fd __P((struct thread *, struct extattr_delete_fd_args *)); int __setugid __P((struct thread *, struct __setugid_args *)); int nfsclnt __P((struct thread *, struct nfsclnt_args *)); +int __mac_get_proc __P((struct thread *, struct __mac_get_proc_args *)); +int __mac_set_proc __P((struct thread *, struct __mac_set_proc_args *)); +int __mac_get_fd __P((struct thread *, struct __mac_get_fd_args *)); +int __mac_get_file __P((struct thread *, struct __mac_get_file_args *)); +int __mac_set_fd __P((struct thread *, struct __mac_set_fd_args *)); +int __mac_set_file __P((struct thread *, struct __mac_set_file_args *)); #ifdef COMPAT_43 Index: sys/sys/ucred.h =================================================================== RCS file: /home/ncvs/src/sys/sys/ucred.h,v retrieving revision 1.25 diff -u -r1.25 ucred.h --- sys/sys/ucred.h 2001/09/12 08:38:06 1.25 +++ sys/sys/ucred.h 2001/09/13 22:03:02 @@ -59,6 +59,9 @@ struct uidinfo *cr_uidinfo; /* per euid resource consumption */ struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */ struct prison *cr_prison; /* jail(4) */ +#ifdef MAC + struct mac cr_label; /* mandatory access control label */ +#endif struct mtx cr_mtx; /* protect refcount */ }; #define cr_gid cr_groups[0] @@ -76,6 +79,7 @@ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS]; /* groups */ void *_cr_unused1; /* compatibility with old ucred */ + struct mac cr_label; /* mandatory access control label */ }; #ifdef _KERNEL Index: sys/sys/user.h =================================================================== RCS file: /home/ncvs/src/sys/sys/user.h,v retrieving revision 1.44 diff -u -r1.44 user.h --- sys/sys/user.h 2001/09/13 22:52:41 1.44 +++ sys/sys/user.h 2001/09/19 02:40:39 @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include Index: sys/sys/vnode.h =================================================================== RCS file: /home/ncvs/src/sys/sys/vnode.h,v retrieving revision 1.157 diff -u -r1.157 vnode.h --- sys/sys/vnode.h 2001/09/13 22:52:42 1.157 +++ sys/sys/vnode.h 2001/09/19 02:40:40 @@ -543,6 +543,7 @@ struct proc; struct stat; struct nstat; +struct mac; struct ucred; struct uio; struct vattr; @@ -574,6 +575,8 @@ int vaccess_acl_posix1e __P((enum vtype type, uid_t file_uid, gid_t file_gid, struct acl *acl, mode_t acc_mode, struct ucred *cred, int *privused)); +int vaccess_mac __P((enum vtype type, const struct mac *filelabel, + mode_t acc_mode, struct ucred *cred, int *privused)); void vattr_null __P((struct vattr *vap)); int vcount __P((struct vnode *vp)); void vdrop __P((struct vnode *)); cvs diff: Diffing sys/ufs cvs diff: Diffing sys/ufs/ffs Index: sys/ufs/ffs/ffs_vfsops.c =================================================================== RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_vfsops.c,v retrieving revision 1.160 diff -u -r1.160 ffs_vfsops.c --- sys/ufs/ffs/ffs_vfsops.c 2001/09/12 08:38:07 1.160 +++ sys/ufs/ffs/ffs_vfsops.c 2001/09/13 22:03:03 @@ -34,6 +34,7 @@ * $FreeBSD: src/sys/ufs/ffs/ffs_vfsops.c,v 1.160 2001/09/12 08:38:07 julian Exp $ */ +#include "opt_mac.h" #include "opt_quota.h" #include "opt_ufs.h" @@ -712,6 +713,18 @@ ump->um_quotas[i] = NULLVP; #ifdef UFS_EXTATTR ufs_extattr_uepm_init(&ump->um_extattr); +#endif +#ifdef MAC + /* + * The following sets a file system to use default object labels + * for system objects. + * mac_init_object(&ump->um_label); + */ + /* The following inherits a file system label from the credential + * of the caller. mac_inherit_object knows what to do if cred is + * NOCRED. + */ + mac_create_object(cred, &ump->um_label); #endif devvp->v_rdev->si_mountpoint = mp; ffs_oldfscompat(fs); cvs diff: Diffing sys/ufs/ifs cvs diff: Diffing sys/ufs/ufs Index: sys/ufs/ufs/ufs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/ufs/ufs/ufs_vnops.c,v retrieving revision 1.173 diff -u -r1.173 ufs_vnops.c --- sys/ufs/ufs/ufs_vnops.c 2001/09/12 08:38:10 1.173 +++ sys/ufs/ufs/ufs_vnops.c 2001/09/13 22:03:06 @@ -39,6 +39,7 @@ * $FreeBSD: src/sys/ufs/ufs/ufs_vnops.c,v 1.173 2001/09/12 08:38:10 julian Exp $ */ +#include "opt_mac.h" #include "opt_quota.h" #include "opt_suiddir.h" #include "opt_ufs.h" @@ -60,6 +61,7 @@ #include #include #include +#include #include @@ -88,6 +90,9 @@ static int ufs_close __P((struct vop_close_args *)); static int ufs_create __P((struct vop_create_args *)); static int ufs_getattr __P((struct vop_getattr_args *)); +#ifdef MAC +static int ufs_getlabel __P((struct vop_getlabel_args *)); +#endif static int ufs_link __P((struct vop_link_args *)); static int ufs_makeinode __P((int mode, struct vnode *, struct vnode **, struct componentname *)); static int ufs_missingop __P((struct vop_generic_args *ap)); @@ -101,6 +106,9 @@ static int ufs_rename __P((struct vop_rename_args *)); static int ufs_rmdir __P((struct vop_rmdir_args *)); static int ufs_setattr __P((struct vop_setattr_args *)); +#ifdef MAC +static int ufs_setlabel __P((struct vop_setlabel_args *)); +#endif static int ufs_strategy __P((struct vop_strategy_args *)); static int ufs_symlink __P((struct vop_symlink_args *)); static int ufs_whiteout __P((struct vop_whiteout_args *)); @@ -337,6 +345,9 @@ { struct vnode *vp = ap->a_vp; struct inode *ip = VTOI(vp); +#ifdef MAC + struct mac label; +#endif mode_t mode = ap->a_mode; int error; #ifdef UFS_ACL @@ -367,9 +378,26 @@ } /* If immutable bit set, nobody gets to write it. */ + /* XXX: This breaks chflags(), please fix. + if ((mode & (VWRITE | VADMIN)) && + (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) + return (EPERM); + */ if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) return (EPERM); +#ifdef MAC + error = VOP_GETLABEL(vp, &label, ap->a_cred, ap->a_p); + if (error) { + printf("ufs_access: couldn't get any label (%d)\n", error); + return (error); + } + error = vaccess_mac(vp->v_type, &label, ap->a_mode, ap->a_cred, NULL); + if (error) { + printf("mac_vaccess returned %d\n", error); + return (error); + } +#endif /* !MAC */ #ifdef UFS_ACL MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); len = sizeof(*acl); @@ -738,6 +766,101 @@ return (0); } +#ifdef MAC +/* + * Retrieve the MAC label on a file. + */ +static int +ufs_getlabel(ap) + struct vop_getlabel_args /* { + struct vnode *a_vp; + struct mac *a_label; + struct ucred *a_cred; + struct proc *a_p; + } */ *ap; +{ + struct ufsmount *ump; + int error, len; + + len = sizeof(*ap->a_label); + bzero(ap->a_label, sizeof(*ap->a_label)); + error = vn_extattr_get(ap->a_vp, IO_NODELOCKED, + FREEBSD_MAC_EXTATTR_NAME, &len, (char *) ap->a_label, ap->a_p); + switch (error) { + case 0: + /* + * Successfully retrieved the label from disk. + * Check the length, fail closed. + */ + if (len != sizeof(*ap->a_label)) { + printf("Corrupted label\n"); + error = EPERM; + } + break; + case ENOENT: /* XXX: Should be ENOATTR not ENOENT. */ + case EOPNOTSUPP: + /* + * If no label is available, return the mount label + * instead. + */ + ump = VFSTOUFS(ap->a_vp->v_mount); + *ap->a_label = ump->um_label; + error = 0; + break; + default: + } + + return (error); +} + +/* + * Set the MAC label on a file. + */ +static int +ufs_setlabel(ap) + struct vop_setlabel_args /* { + struct vnode *a_vp; + struct mac *a_label; + struct ucred *a_cred; + struct proc *a_p; + } */ *ap; +{ + struct mac old_label; + int error; + + /* + * First access check: does the caller have the ability to + * administer the file system object to be labeled/re-labeled. + */ + error = VOP_ACCESS(ap->a_vp, VADMIN, ap->a_cred, ap->a_p); + if (error) + return (error); + + /* + * Second check: is the label being assigned to the object + * appropriate based on the label previously assigned, and + * the label on the subject. To do this, must retrieve the + * old label. + */ + error = VOP_GETLABEL(ap->a_vp, &old_label, ap->a_cred, ap->a_p); + if (error) + return (error); + + error = mac_can_setlabel_object(ap->a_cred, &old_label, ap->a_label); + if (error) + return (error); + + error = vn_extattr_set(ap->a_vp, IO_NODELOCKED, + FREEBSD_MAC_EXTATTR_NAME, sizeof(*ap->a_label), + (char *) ap->a_label, ap->a_p); + if (error) + return (error); + + VN_KNOTE(ap->a_vp, NOTE_ATTRIB); + return (0); +} +#endif /* !MAC */ + int ufs_remove(ap) struct vop_remove_args /* { @@ -1340,6 +1463,10 @@ struct buf *bp; struct dirtemplate dirtemplate, *dtp; struct direct newdir; +#ifdef MAC + struct ufsmount *ump; + struct mac label; +#endif #ifdef UFS_ACL struct acl *acl, *dacl; #endif @@ -1493,6 +1620,30 @@ error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); if (error) goto bad; + +#ifdef MAC + mac_create_object(cnp->cn_cred, &label); + error = vn_extattr_set(tvp, IO_NODELOCKED, FREEBSD_MAC_EXTATTR_NAME, + sizeof(label), (char *) &label, cnp->cn_proc); + switch (error) { + case 0: + break; + case ENOENT: /* XXX: Should be ENOATTR. */ + case EOPNOTSUPP: + /* Authorize creation of a file with the device label. */ + ump = VFSTOUFS(tvp->v_mount); + error = mac_can(cnp->cn_cred, &ump->um_label, MAC_CREATE, 0); + if (error == 0) + break; + printf("ufs_mkdir: cannot assign MAC or use default\n"); + /* Falls through. */ + default: + printf("ufs_mkdir failed (%d)\n", error); + UFS_VFREE(tvp, ip->i_number, dmode); + vput(tvp); + return (error); + } +#endif /* !MAC */ #ifdef UFS_ACL if (acl != NULL) { /* @@ -2229,6 +2380,10 @@ register struct inode *ip, *pdir; struct direct newdir; struct vnode *tvp; +#ifdef MAC + struct ufsmount *ump; + struct mac label; +#endif #ifdef UFS_ACL struct acl *acl; #endif @@ -2365,6 +2520,34 @@ error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); if (error) goto bad; +/* + * Set the MAC label for the newly created file. Attempt to set it using + * the credential of the writer; if this is not allowed, check to see if + * the writer has the same label as the default file system label. If neither + * succeeds, then fail closed. + */ +#ifdef MAC + mac_create_object(cnp->cn_cred, &label); + error = vn_extattr_set(tvp, IO_NODELOCKED, FREEBSD_MAC_EXTATTR_NAME, + sizeof(label), (char *) &label, cnp->cn_proc); + switch (error) { + case 0: + break; + case ENOENT: /* XXX: should be ENOATTR. */ + case EOPNOTSUPP: + /* Authorize creation of a file with the device label. */ + ump = VFSTOUFS(tvp->v_mount); + error = mac_can(cnp->cn_cred, &ump->um_label, MAC_CREATE, 0); + if (error == 0) + break; + /* Falls through. */ + default: + printf("ufs_makeinode failed (%d)\n", error); + UFS_VFREE(tvp, ip->i_number, mode); + vput(tvp); + return (error); + } +#endif /* !MAC */ #ifdef UFS_ACL if (acl != NULL) { /* @@ -2540,6 +2723,9 @@ { &vop_close_desc, (vop_t *) ufs_close }, { &vop_create_desc, (vop_t *) ufs_create }, { &vop_getattr_desc, (vop_t *) ufs_getattr }, +#ifdef MAC + { &vop_getlabel_desc, (vop_t *) ufs_getlabel }, +#endif MAC { &vop_inactive_desc, (vop_t *) ufs_inactive }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_link_desc, (vop_t *) ufs_link }, @@ -2560,6 +2746,9 @@ { &vop_rename_desc, (vop_t *) ufs_rename }, { &vop_rmdir_desc, (vop_t *) ufs_rmdir }, { &vop_setattr_desc, (vop_t *) ufs_setattr }, +#ifdef MAC + { &vop_setlabel_desc, (vop_t *) ufs_setlabel }, +#endif { &vop_strategy_desc, (vop_t *) ufs_strategy }, { &vop_symlink_desc, (vop_t *) ufs_symlink }, { &vop_unlock_desc, (vop_t *) vop_stdunlock }, @@ -2581,6 +2770,9 @@ { &vop_access_desc, (vop_t *) ufs_access }, { &vop_close_desc, (vop_t *) ufsspec_close }, { &vop_getattr_desc, (vop_t *) ufs_getattr }, +#ifdef MAC + { &vop_getlabel_desc, (vop_t *) ufs_getlabel }, +#endif { &vop_inactive_desc, (vop_t *) ufs_inactive }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_lock_desc, (vop_t *) vop_stdlock }, @@ -2588,6 +2780,9 @@ { &vop_read_desc, (vop_t *) ufsspec_read }, { &vop_reclaim_desc, (vop_t *) ufs_reclaim }, { &vop_setattr_desc, (vop_t *) ufs_setattr }, +#ifdef MAC + { &vop_setlabel_desc, (vop_t *) ufs_setlabel }, +#endif { &vop_unlock_desc, (vop_t *) vop_stdunlock }, { &vop_write_desc, (vop_t *) ufsspec_write }, #ifdef UFS_ACL @@ -2607,6 +2802,9 @@ { &vop_access_desc, (vop_t *) ufs_access }, { &vop_close_desc, (vop_t *) ufsfifo_close }, { &vop_getattr_desc, (vop_t *) ufs_getattr }, +#ifdef MAC + { &vop_getlabel_desc, (vop_t *) ufs_getlabel }, +#endif { &vop_inactive_desc, (vop_t *) ufs_inactive }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_kqfilter_desc, (vop_t *) ufsfifo_kqfilter }, @@ -2615,6 +2813,9 @@ { &vop_read_desc, (vop_t *) ufsfifo_read }, { &vop_reclaim_desc, (vop_t *) ufs_reclaim }, { &vop_setattr_desc, (vop_t *) ufs_setattr }, +#ifdef MAC + { &vop_setlabel_desc, (vop_t *) ufs_setlabel }, +#endif { &vop_unlock_desc, (vop_t *) vop_stdunlock }, { &vop_write_desc, (vop_t *) ufsfifo_write }, #ifdef UFS_ACL Index: sys/ufs/ufs/ufsmount.h =================================================================== RCS file: /home/ncvs/src/sys/ufs/ufs/ufsmount.h,v retrieving revision 1.22 diff -u -r1.22 ufsmount.h --- sys/ufs/ufs/ufsmount.h 2001/09/12 08:38:11 1.22 +++ sys/ufs/ufs/ufsmount.h 2001/09/13 22:03:06 @@ -77,6 +77,7 @@ struct vnode *um_quotas[MAXQUOTAS]; /* pointer to quota files */ struct ucred *um_cred[MAXQUOTAS]; /* quota file access cred */ struct ufs_extattr_per_mount um_extattr; /* extended attrs */ + struct mac um_label; /* immutable mounter label */ u_long um_nindir; /* indirect ptrs per block */ u_long um_bptrtodb; /* indir ptr to disk block */ u_long um_seqinc; /* inc between seq blocks */ cvs diff: Diffing sys/vm cvs diff: Diffing tools cvs diff: Diffing tools/3.0-upgrade cvs diff: Diffing tools/LibraryReport cvs diff: Diffing tools/diag cvs diff: Diffing tools/diag/ac cvs diff: Diffing tools/diag/dumpvfscache cvs diff: Diffing tools/diag/httpd-error cvs diff: Diffing tools/regression cvs diff: Diffing tools/regression/nfsmmap cvs diff: Diffing tools/regression/nfsmmap/test1 cvs diff: Diffing tools/regression/nfsmmap/test2 cvs diff: Diffing tools/regression/p1003_1b cvs diff: Diffing tools/regression/security cvs diff: Diffing tools/regression/security/access cvs diff: Diffing tools/regression/security/proc_to_proc cvs diff: Diffing tools/test cvs diff: Diffing tools/test/devrandom cvs diff: Diffing tools/test/malloc cvs diff: Diffing tools/test/posixshm cvs diff: Diffing tools/tools cvs diff: Diffing tools/tools/editing cvs diff: Diffing tools/tools/epfe cvs diff: Diffing tools/tools/html-mv cvs diff: Diffing tools/tools/ifinfo cvs diff: Diffing tools/tools/kdrv cvs diff: Diffing tools/tools/kerninclude cvs diff: Diffing tools/tools/kernxref cvs diff: Diffing tools/tools/mid cvs diff: Diffing tools/tools/portsinfo cvs diff: Diffing tools/tools/scsi-defects cvs diff: Diffing tools/tools/tcl_bmake cvs diff: Diffing tools/tools/upgrade cvs diff: Diffing tools/tools/vop_table cvs diff: Diffing usr.bin cvs diff: Diffing usr.bin/apply cvs diff: Diffing usr.bin/ar cvs diff: Diffing usr.bin/at cvs diff: Diffing usr.bin/banner cvs diff: Diffing usr.bin/basename cvs diff: Diffing usr.bin/biff cvs diff: Diffing usr.bin/brandelf cvs diff: Diffing usr.bin/bzip2 cvs diff: Diffing usr.bin/bzip2/doc cvs diff: Diffing usr.bin/c89 cvs diff: Diffing usr.bin/calendar cvs diff: Diffing usr.bin/calendar/calendars cvs diff: Diffing usr.bin/calendar/calendars/de_DE.ISO8859-1 cvs diff: Diffing usr.bin/calendar/calendars/hr_HR.ISO8859-2 cvs diff: Diffing usr.bin/calendar/calendars/ru_RU.KOI8-R cvs diff: Diffing usr.bin/cap_mkdb cvs diff: Diffing usr.bin/chat cvs diff: Diffing usr.bin/checknr cvs diff: Diffing usr.bin/chflags cvs diff: Diffing usr.bin/chkey cvs diff: Diffing usr.bin/chpass cvs diff: Diffing usr.bin/cksum cvs diff: Diffing usr.bin/cmp cvs diff: Diffing usr.bin/col cvs diff: Diffing usr.bin/colcrt cvs diff: Diffing usr.bin/colldef cvs diff: Diffing usr.bin/colrm cvs diff: Diffing usr.bin/column cvs diff: Diffing usr.bin/comm cvs diff: Diffing usr.bin/compile_et cvs diff: Diffing usr.bin/compress cvs diff: Diffing usr.bin/compress/doc cvs diff: Diffing usr.bin/ctags cvs diff: Diffing usr.bin/ctags/test cvs diff: Diffing usr.bin/cut cvs diff: Diffing usr.bin/dig cvs diff: Diffing usr.bin/dirname cvs diff: Diffing usr.bin/dnskeygen cvs diff: Diffing usr.bin/dnsquery cvs diff: Diffing usr.bin/doscmd cvs diff: Diffing usr.bin/du cvs diff: Diffing usr.bin/ee cvs diff: Diffing usr.bin/ee/nls cvs diff: Diffing usr.bin/ee/nls/de_DE.ISO8859-1 cvs diff: Diffing usr.bin/ee/nls/en_US.US-ASCII cvs diff: Diffing usr.bin/ee/nls/fr_FR.ISO8859-1 cvs diff: Diffing usr.bin/ee/nls/pl_PL.ISO8859-2 cvs diff: Diffing usr.bin/ee/nls/ru_RU.KOI8-R cvs diff: Diffing usr.bin/ee/nls/uk_UA.KOI8-U cvs diff: Diffing usr.bin/enigma cvs diff: Diffing usr.bin/env cvs diff: Diffing usr.bin/expand cvs diff: Diffing usr.bin/false cvs diff: Diffing usr.bin/fetch cvs diff: Diffing usr.bin/file cvs diff: Diffing usr.bin/file2c cvs diff: Diffing usr.bin/find Index: usr.bin/find/function.c =================================================================== RCS file: /home/ncvs/src/usr.bin/find/function.c,v retrieving revision 1.35 diff -u -r1.35 function.c --- usr.bin/find/function.c 2001/09/14 13:42:26 1.35 +++ usr.bin/find/function.c 2001/09/19 02:42:08 @@ -44,6 +44,7 @@ #endif /* not lint */ #include +#include #include #include #include cvs diff: Diffing usr.bin/finger cvs diff: Diffing usr.bin/fmt cvs diff: Diffing usr.bin/fold cvs diff: Diffing usr.bin/from cvs diff: Diffing usr.bin/fstat cvs diff: Diffing usr.bin/fsync cvs diff: Diffing usr.bin/ftp cvs diff: Diffing usr.bin/gcore cvs diff: Diffing usr.bin/gencat cvs diff: Diffing usr.bin/getconf cvs diff: Diffing usr.bin/getopt cvs diff: Diffing usr.bin/gprof cvs diff: Diffing usr.bin/gprof/PSD.doc cvs diff: Diffing usr.bin/gprof4 cvs diff: Diffing usr.bin/head cvs diff: Diffing usr.bin/hesinfo cvs diff: Diffing usr.bin/hexdump cvs diff: Diffing usr.bin/host cvs diff: Diffing usr.bin/id cvs diff: Diffing usr.bin/indent cvs diff: Diffing usr.bin/ipcrm cvs diff: Diffing usr.bin/ipcs cvs diff: Diffing usr.bin/join cvs diff: Diffing usr.bin/jot cvs diff: Diffing usr.bin/kdump cvs diff: Diffing usr.bin/kenv cvs diff: Diffing usr.bin/keylogin cvs diff: Diffing usr.bin/keylogout cvs diff: Diffing usr.bin/killall cvs diff: Diffing usr.bin/ktrace cvs diff: Diffing usr.bin/lam cvs diff: Diffing usr.bin/last cvs diff: Diffing usr.bin/lastcomm cvs diff: Diffing usr.bin/ldd cvs diff: Diffing usr.bin/leave cvs diff: Diffing usr.bin/less cvs diff: Diffing usr.bin/lessecho cvs diff: Diffing usr.bin/lesskey cvs diff: Diffing usr.bin/lex cvs diff: Diffing usr.bin/lex/lib cvs diff: Diffing usr.bin/limits cvs diff: Diffing usr.bin/locate cvs diff: Diffing usr.bin/locate/bigram cvs diff: Diffing usr.bin/locate/code cvs diff: Diffing usr.bin/locate/locate cvs diff: Diffing usr.bin/lock cvs diff: Diffing usr.bin/lockf cvs diff: Diffing usr.bin/logger cvs diff: Diffing usr.bin/login Index: usr.bin/login/login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.69 diff -u -r1.69 login.c --- usr.bin/login/login.c 2001/09/15 17:09:39 1.69 +++ usr.bin/login/login.c 2001/09/19 03:14:23 @@ -394,7 +394,13 @@ lc = login_getpwclass(pwd); quietlog = login_getcapbool(lc, "hushlogin", 0); +#if 0 /* + * XXX: The sete[ug]id code here is broken in the base system + * because it doesn't do setgroups(). It's even more broken + * with MAC. This test needs to happen further down, below + * the setusercontext call. + * * Switching needed for NFS with root access disabled. * * XXX: This change fails to modify the additional groups for the @@ -414,6 +420,7 @@ } (void)seteuid(euid); (void)setegid(egid); +#endif if (!quietlog) quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; @@ -630,6 +637,22 @@ syslog(LOG_ERR, "setusercontext() failed - exiting"); exit(1); } + +#if 1 + /* + * XXX: The home directory check should really go here, after + * credentials are appropriately configured. + */ + if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) { + if (login_getcapbool(lc, "requirehome", 0)) + refused("Home directory not available", "HOMEDIR", 1); + if (chdir("/") < 0) + refused("Cannot find root directory", "ROOTDIR", 1); + if (!quietlog || *pwd->pw_dir) + printf("No home directory.\nLogging in with home = \"/\".\n"); + pwd->pw_dir = "/"; + } +#endif (void)setenv("SHELL", pwd->pw_shell, 1); (void)setenv("HOME", pwd->pw_dir, 1); cvs diff: Diffing usr.bin/logname cvs diff: Diffing usr.bin/look cvs diff: Diffing usr.bin/lorder cvs diff: Diffing usr.bin/lsvfs cvs diff: Diffing usr.bin/m4 cvs diff: Diffing usr.bin/m4/TEST cvs diff: Diffing usr.bin/mail cvs diff: Diffing usr.bin/mail/USD.doc cvs diff: Diffing usr.bin/mail/misc cvs diff: Diffing usr.bin/make cvs diff: Diffing usr.bin/make/PSD.doc cvs diff: Diffing usr.bin/make/lst.lib cvs diff: Diffing usr.bin/mesg cvs diff: Diffing usr.bin/minigzip cvs diff: Diffing usr.bin/mkdep cvs diff: Diffing usr.bin/mkfifo cvs diff: Diffing usr.bin/mklocale cvs diff: Diffing usr.bin/mkstr cvs diff: Diffing usr.bin/mktemp cvs diff: Diffing usr.bin/msgs cvs diff: Diffing usr.bin/mt cvs diff: Diffing usr.bin/ncal cvs diff: Diffing usr.bin/ncplist cvs diff: Diffing usr.bin/ncplogin cvs diff: Diffing usr.bin/netstat cvs diff: Diffing usr.bin/newkey cvs diff: Diffing usr.bin/nfsstat cvs diff: Diffing usr.bin/nice cvs diff: Diffing usr.bin/nl cvs diff: Diffing usr.bin/nm cvs diff: Diffing usr.bin/nohup cvs diff: Diffing usr.bin/objformat cvs diff: Diffing usr.bin/opieinfo cvs diff: Diffing usr.bin/opiekey cvs diff: Diffing usr.bin/opiepasswd cvs diff: Diffing usr.bin/pagesize cvs diff: Diffing usr.bin/passwd Index: usr.bin/passwd/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/passwd/Makefile,v retrieving revision 1.42 diff -u -r1.42 Makefile --- usr.bin/passwd/Makefile 2001/09/13 06:48:17 1.42 +++ usr.bin/passwd/Makefile 2001/09/19 02:43:35 @@ -32,7 +32,7 @@ CFLAGS+=-Wall DPADD= ${LIBCRYPT} ${LIBRPCSVC} ${LIBUTIL} -LDADD= -lcrypt -lrpcsvc -lutil +LDADD= -lcrypt -lrpcsvc -lutil -lposix1e .PATH: ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \ ${.CURDIR}/../rlogin ${.CURDIR}/../../libexec/ypxfr \ ${.CURDIR}/../../usr.sbin/rpc.yppasswdd @@ -44,7 +44,10 @@ -I${.CURDIR}/../../usr.sbin/rpc.yppasswdd \ -Dyp_error=warnx -DLOGGING +.if defined(MAC) +CFLAGS+=-DMAC .endif +.endif CLEANFILES= ${GENSRCS} @@ -88,7 +91,7 @@ CFLAGS+= -DKERBEROS # XXX not defined: ${LIBKADM}, ${LIBCOM_ERR} DPADD= ${LIBKADM} ${LIBKRB} ${LIBCRYPTO} ${LIBCRYPT} ${LIBRPCSVC} ${LIBCOM_ERR} ${LIBUTIL} -LDADD= -lkadm -lkrb -lcrypto -lcrypt -lrpcsvc -lcom_err -lutil +LDADD= -lkadm -lkrb -lcrypto -lcrypt -lrpcsvc -lcom_err -lutil -lposix1e DISTRIBUTION= krb4 .endif Index: usr.bin/passwd/local_passwd.c =================================================================== RCS file: /home/ncvs/src/usr.bin/passwd/local_passwd.c,v retrieving revision 1.27 diff -u -r1.27 local_passwd.c --- usr.bin/passwd/local_passwd.c 2001/03/11 16:37:30 1.27 +++ usr.bin/passwd/local_passwd.c 2001/05/31 14:50:00 @@ -39,6 +39,9 @@ #include #include +#ifdef MAC +#include +#endif #include #include @@ -70,6 +73,9 @@ #include "extern.h" static uid_t uid; +#ifdef MAC +static mac_t label; +#endif int randinit; char *tempname; @@ -208,6 +214,13 @@ uid = getuid(); if (uid && uid != pw->pw_uid) errx(1, "%s", strerror(EACCES)); +#ifdef MAC + label = mac_get_proc(); + if (label == NULL) + err(1, "mac_get_proc"); + if (mac_set_proc(&mac_userland_system_high_label) == -1) + err(1, "mac_set_proc"); +#endif pw_init(); cvs diff: Diffing usr.bin/paste cvs diff: Diffing usr.bin/pr cvs diff: Diffing usr.bin/printenv cvs diff: Diffing usr.bin/printf cvs diff: Diffing usr.bin/quota cvs diff: Diffing usr.bin/ranlib cvs diff: Diffing usr.bin/renice cvs diff: Diffing usr.bin/rev cvs diff: Diffing usr.bin/rlogin cvs diff: Diffing usr.bin/rpcgen cvs diff: Diffing usr.bin/rpcinfo cvs diff: Diffing usr.bin/rs cvs diff: Diffing usr.bin/rsh cvs diff: Diffing usr.bin/rup cvs diff: Diffing usr.bin/ruptime cvs diff: Diffing usr.bin/rusers cvs diff: Diffing usr.bin/rwall cvs diff: Diffing usr.bin/rwho cvs diff: Diffing usr.bin/sasc cvs diff: Diffing usr.bin/script Index: usr.bin/script/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/script/Makefile,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 Makefile --- usr.bin/script/Makefile 1994/05/27 12:32:38 1.1.1.1 +++ usr.bin/script/Makefile 2000/11/20 06:13:44 @@ -1,7 +1,7 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 PROG= script -LDADD= -lutil +LDADD= -lutil -lposix1e DPADD= ${LIBUTIL} .include cvs diff: Diffing usr.bin/sed cvs diff: Diffing usr.bin/sed/TEST cvs diff: Diffing usr.bin/shar cvs diff: Diffing usr.bin/showmount cvs diff: Diffing usr.bin/size cvs diff: Diffing usr.bin/sockstat cvs diff: Diffing usr.bin/soelim cvs diff: Diffing usr.bin/split cvs diff: Diffing usr.bin/strings cvs diff: Diffing usr.bin/strip cvs diff: Diffing usr.bin/su cvs diff: Diffing usr.bin/symorder cvs diff: Diffing usr.bin/systat cvs diff: Diffing usr.bin/tail cvs diff: Diffing usr.bin/talk cvs diff: Diffing usr.bin/tconv cvs diff: Diffing usr.bin/tcopy cvs diff: Diffing usr.bin/tee cvs diff: Diffing usr.bin/telnet cvs diff: Diffing usr.bin/tftp cvs diff: Diffing usr.bin/time cvs diff: Diffing usr.bin/tip cvs diff: Diffing usr.bin/tip/libacu cvs diff: Diffing usr.bin/tip/tip Index: usr.bin/tip/tip/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/tip/tip/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- usr.bin/tip/tip/Makefile 2001/09/12 10:04:42 1.13 +++ usr.bin/tip/tip/Makefile 2001/09/19 02:44:11 @@ -16,15 +16,15 @@ PROG= tip DPADD= ${LIBACU} ${LIBUTIL} -LDADD= ${LIBACU} -lutil +LDADD= ${LIBACU} -lutil -lposix1e LINKS= ${BINDIR}/tip MAN= tip.1 modems.5 SRCS= acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \ remote.c tip.c tipout.c value.c vars.c BINDIR?= /usr/bin -BINOWN= uucp -BINGRP= dialer +#BINOWN= uucp +#BINGRP= dialer #BINMODE?= 4510 INSTALLFLAGS= -fschg cvs diff: Diffing usr.bin/top cvs diff: Diffing usr.bin/touch cvs diff: Diffing usr.bin/tput cvs diff: Diffing usr.bin/tr cvs diff: Diffing usr.bin/true cvs diff: Diffing usr.bin/truncate cvs diff: Diffing usr.bin/truss cvs diff: Diffing usr.bin/tset cvs diff: Diffing usr.bin/tsort cvs diff: Diffing usr.bin/tty cvs diff: Diffing usr.bin/uac cvs diff: Diffing usr.bin/ul cvs diff: Diffing usr.bin/uname cvs diff: Diffing usr.bin/unexpand cvs diff: Diffing usr.bin/unifdef cvs diff: Diffing usr.bin/uniq cvs diff: Diffing usr.bin/units cvs diff: Diffing usr.bin/unvis cvs diff: Diffing usr.bin/usbhidctl cvs diff: Diffing usr.bin/users cvs diff: Diffing usr.bin/uudecode cvs diff: Diffing usr.bin/uuencode cvs diff: Diffing usr.bin/vacation cvs diff: Diffing usr.bin/vgrind cvs diff: Diffing usr.bin/vgrind/RETEST cvs diff: Diffing usr.bin/vi cvs diff: Diffing usr.bin/vis cvs diff: Diffing usr.bin/vmstat cvs diff: Diffing usr.bin/w cvs diff: Diffing usr.bin/wall cvs diff: Diffing usr.bin/wc cvs diff: Diffing usr.bin/what cvs diff: Diffing usr.bin/whereis cvs diff: Diffing usr.bin/which cvs diff: Diffing usr.bin/who cvs diff: Diffing usr.bin/whois cvs diff: Diffing usr.bin/window cvs diff: Diffing usr.bin/write cvs diff: Diffing usr.bin/xargs cvs diff: Diffing usr.bin/xinstall cvs diff: Diffing usr.bin/xlint cvs diff: Diffing usr.bin/xlint/lint1 cvs diff: Diffing usr.bin/xlint/lint2 cvs diff: Diffing usr.bin/xlint/llib cvs diff: Diffing usr.bin/xlint/xlint cvs diff: Diffing usr.bin/xstr cvs diff: Diffing usr.bin/yacc cvs diff: Diffing usr.bin/yacc/test cvs diff: Diffing usr.bin/yes cvs diff: Diffing usr.bin/ypcat cvs diff: Diffing usr.bin/ypmatch cvs diff: Diffing usr.bin/ypwhich cvs diff: Diffing usr.sbin Index: usr.sbin/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/Makefile,v retrieving revision 1.209 diff -u -r1.209 Makefile --- usr.sbin/Makefile 2001/09/11 01:13:15 1.209 +++ usr.sbin/Makefile 2001/09/19 02:44:58 @@ -34,6 +34,8 @@ fdread \ fdwrite \ getextattr \ + getfmac \ + getpmac \ gifconfig \ ifmcstat \ inetd \ @@ -100,7 +102,9 @@ rwhod \ sa \ setextattr \ + setfmac \ setkey \ + setpmac \ sliplogin \ slstat \ spray \ cvs diff: Diffing usr.sbin/IPXrouted cvs diff: Diffing usr.sbin/ac cvs diff: Diffing usr.sbin/accton cvs diff: Diffing usr.sbin/acpi cvs diff: Diffing usr.sbin/acpi/acpiconf cvs diff: Diffing usr.sbin/acpi/acpidump cvs diff: Diffing usr.sbin/acpi/amldb cvs diff: Diffing usr.sbin/acpi/amldb/aml cvs diff: Diffing usr.sbin/adduser cvs diff: Diffing usr.sbin/amd cvs diff: Diffing usr.sbin/amd/amd cvs diff: Diffing usr.sbin/amd/amq cvs diff: Diffing usr.sbin/amd/doc cvs diff: Diffing usr.sbin/amd/fixmount cvs diff: Diffing usr.sbin/amd/fsinfo cvs diff: Diffing usr.sbin/amd/hlfsd cvs diff: Diffing usr.sbin/amd/include cvs diff: Diffing usr.sbin/amd/libamu cvs diff: Diffing usr.sbin/amd/mk-amd-map cvs diff: Diffing usr.sbin/amd/pawd cvs diff: Diffing usr.sbin/amd/scripts cvs diff: Diffing usr.sbin/amd/wire-test cvs diff: Diffing usr.sbin/ancontrol cvs diff: Diffing usr.sbin/apm cvs diff: Diffing usr.sbin/apmd cvs diff: Diffing usr.sbin/apmd/contrib cvs diff: Diffing usr.sbin/arp cvs diff: Diffing usr.sbin/atm cvs diff: Diffing usr.sbin/atm/atmarpd cvs diff: Diffing usr.sbin/atm/scspd cvs diff: Diffing usr.sbin/boot0cfg cvs diff: Diffing usr.sbin/boot98cfg cvs diff: Diffing usr.sbin/bootparamd cvs diff: Diffing usr.sbin/bootparamd/bootparamd cvs diff: Diffing usr.sbin/bootparamd/callbootd cvs diff: Diffing usr.sbin/btxld cvs diff: Diffing usr.sbin/burncd cvs diff: Diffing usr.sbin/cdcontrol cvs diff: Diffing usr.sbin/chkgrp cvs diff: Diffing usr.sbin/chown cvs diff: Diffing usr.sbin/chroot cvs diff: Diffing usr.sbin/ckdist cvs diff: Diffing usr.sbin/config cvs diff: Diffing usr.sbin/config/SMM.doc cvs diff: Diffing usr.sbin/cron cvs diff: Diffing usr.sbin/cron/cron cvs diff: Diffing usr.sbin/cron/crontab cvs diff: Diffing usr.sbin/cron/doc cvs diff: Diffing usr.sbin/cron/lib cvs diff: Diffing usr.sbin/crunch cvs diff: Diffing usr.sbin/crunch/crunchgen cvs diff: Diffing usr.sbin/crunch/crunchide cvs diff: Diffing usr.sbin/crunch/examples cvs diff: Diffing usr.sbin/ctm cvs diff: Diffing usr.sbin/ctm/ctm cvs diff: Diffing usr.sbin/ctm/ctm_dequeue cvs diff: Diffing usr.sbin/ctm/ctm_rmail cvs diff: Diffing usr.sbin/ctm/ctm_smail cvs diff: Diffing usr.sbin/ctm/mkCTM cvs diff: Diffing usr.sbin/daemon cvs diff: Diffing usr.sbin/dev_mkdb cvs diff: Diffing usr.sbin/devinfo cvs diff: Diffing usr.sbin/digictl cvs diff: Diffing usr.sbin/diskpart cvs diff: Diffing usr.sbin/edquota cvs diff: Diffing usr.sbin/elf2exe cvs diff: Diffing usr.sbin/extattrctl cvs diff: Diffing usr.sbin/faithd cvs diff: Diffing usr.sbin/faithd/test cvs diff: Diffing usr.sbin/fdcontrol cvs diff: Diffing usr.sbin/fdformat cvs diff: Diffing usr.sbin/fdread cvs diff: Diffing usr.sbin/fdwrite cvs diff: Diffing usr.sbin/getextattr cvs diff: Diffing usr.sbin/getfmac cvs diff: failed to create lock directory for `/home/ncvs/src/usr.sbin/getfmac' (/home/ncvs/src/usr.sbin/getfmac/#cvs.lock): No such file or directory cvs diff: failed to obtain dir lock in repository `/home/ncvs/src/usr.sbin/getfmac' cvs [diff aborted]: read lock failed - giving up