From owner-p4-projects@FreeBSD.ORG Wed Aug 14 13:20:43 2013 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1A39D261; Wed, 14 Aug 2013 13:20:43 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CF56825F for ; Wed, 14 Aug 2013 13:20:42 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BA3732A83 for ; Wed, 14 Aug 2013 13:20:42 +0000 (UTC) Received: from skunkworks.freebsd.org ([127.0.1.74]) by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r7EDKgKv000386 for ; Wed, 14 Aug 2013 13:20:42 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r7EDKbH5000100 for perforce@freebsd.org; Wed, 14 Aug 2013 13:20:37 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 14 Aug 2013 13:20:37 GMT Message-Id: <201308141320.r7EDKbH5000100@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 325625 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Aug 2013 13:20:43 -0000 http://p4web.freebsd.org/@@325625?ac=10 Change 325625 by rwatson@rwatson_cinnamon on 2013/08/14 13:19:57 Allow sendfile unit test to compile with higher warning levels; I'm using this to exercise sendfile cases for TESLA. Affected files ... .. //depot/projects/ctsrd/tesla/src/tools/regression/sockets/sendfile/sendfile.c#2 edit Differences ... ==== //depot/projects/ctsrd/tesla/src/tools/regression/sockets/sendfile/sendfile.c#2 (text) ==== @@ -76,10 +76,10 @@ uint32_t length; }; -int file_fd; -char path[PATH_MAX]; -int listen_socket; -int accept_socket; +static int file_fd; +static char path[PATH_MAX]; +static int listen_socket; +static int accept_socket; static int test_th(struct test_header *th, uint32_t *header_length, uint32_t *offset, uint32_t *length); From owner-p4-projects@FreeBSD.ORG Wed Aug 14 14:17:44 2013 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 5CADAA45; Wed, 14 Aug 2013 14:17:44 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 05D15A43 for ; Wed, 14 Aug 2013 14:17:44 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from skunkworks.freebsd.org (skunkworks.freebsd.org [8.8.178.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E355C2DF9 for ; Wed, 14 Aug 2013 14:17:43 +0000 (UTC) Received: from skunkworks.freebsd.org ([127.0.1.74]) by skunkworks.freebsd.org (8.14.7/8.14.7) with ESMTP id r7EEHh2M049445 for ; Wed, 14 Aug 2013 14:17:43 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by skunkworks.freebsd.org (8.14.7/8.14.6/Submit) id r7EEHhkr049442 for perforce@freebsd.org; Wed, 14 Aug 2013 14:17:43 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 14 Aug 2013 14:17:43 GMT Message-Id: <201308141417.r7EEHhkr049442@skunkworks.freebsd.org> X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 326099 for review To: Perforce Change Reviews Precedence: bulk X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.14 List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Aug 2013 14:17:44 -0000 http://p4web.freebsd.org/@@326099?ac=10 Change 326099 by rwatson@rwatson_cinnamon on 2013/08/14 14:17:13 Update MAC credential check TESLA assertions to allow exec() checks to authorise credential changes. Unfortunately, our current TESLA syntax is not sufficient to allow us to compare the in-hand UID and GID being changed to with the cached vnode attribute UID and GID. Hopefully a change to TESLA syntax will make it possible to make these assertions more specific. Affected files ... .. //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#7 edit Differences ... ==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#7 (text+ko) ==== @@ -2150,12 +2150,15 @@ euid = euip->ui_uid; #ifdef MAC #ifdef TESLA_MAC + /* XXXRW: In the exec() case, really want imgp->attr.uid. */ TESLA_SYSCALL( previously(mac_cred_check_setuid(ANY(ptr), euid) == 0) || previously(mac_cred_check_setreuid(ANY(ptr), ANY(int), euid) == 0) || previously(mac_cred_check_setresuid(ANY(ptr), ANY(int), euid, - ANY(int)) == 0)); + ANY(int)) == 0) || + previously(mac_vnode_check_exec(ANY(ptr), ANY(ptr), ANY(ptr)) + == 0)); #endif #endif #ifdef TESLA_PROC @@ -2181,12 +2184,15 @@ #ifdef MAC #ifdef TESLA_MAC + /* XXXRW: In the exec() case, really want imgp->attr.gid. */ TESLA_SYSCALL( - previously(mac_cred_check_setgid(ANY(ptr), egid) == 0) || + previously(mac_cred_check_setegid(ANY(ptr), egid) == 0) || previously(mac_cred_check_setregid(ANY(ptr), ANY(int), egid) - == 0) || + == 0) || previously(mac_cred_check_setresgid(ANY(ptr), ANY(int), egid, - ANY(int)) == 0)); + ANY(int)) == 0) || + previously(mac_vnode_check_exec(ANY(ptr), ANY(ptr), ANY(ptr)) + == 0)); #endif #endif #ifdef TESLA_PROC @@ -2212,12 +2218,15 @@ uid_t ruid = ruip->ui_uid; #ifdef MAC #ifdef TESLA_MAC + /* XXXRW: In the exec() case, really want imgp->attr.uid. */ TESLA_SYSCALL( previously(mac_cred_check_setuid(ANY(ptr), ruid) == 0) || previously(mac_cred_check_setreuid(ANY(ptr), ruid, ANY(int)) == 0) || previously(mac_cred_check_setresuid(ANY(ptr), ruid, ANY(int), - ANY(int)) == 0)); + ANY(int)) == 0) || + previously(mac_vnode_check_exec(ANY(ptr), ANY(ptr), ANY(ptr)) + == 0)); #endif #endif #ifdef TESLA_PROC @@ -2245,12 +2254,15 @@ #ifdef MAC #ifdef TESLA_MAC + /* XXXRW: In the exec() case, really want imgp->attr.gid. */ TESLA_SYSCALL( previously(mac_cred_check_setgid(ANY(ptr), rgid) == 0) || previously(mac_cred_check_setregid(ANY(ptr), rgid, ANY(int)) == 0) || previously(mac_cred_check_setresgid(ANY(ptr), rgid, ANY(int), - ANY(int)) == 0)); + ANY(int)) == 0) || + previously(mac_vnode_check_exec(ANY(ptr), ANY(ptr), ANY(ptr)) + == 0)); #endif #endif #ifdef TESLA_PROC @@ -2273,12 +2285,15 @@ #ifdef MAC #ifdef TESLA_MAC + /* XXXRW: In the exec() case, really want imgp->attr.uid. */ TESLA_SYSCALL( previously(mac_cred_check_setuid(ANY(ptr), ANY(int)) == 0) || previously(mac_cred_check_setreuid(ANY(ptr), ANY(int), ANY(int)) == 0) || previously(mac_cred_check_setresuid(ANY(ptr), ANY(int), - ANY(int), ANY(int)) == 0)); + ANY(int), ANY(int)) == 0) || + previously(mac_vnode_check_exec(ANY(ptr), ANY(ptr), ANY(ptr)) + == 0)); #endif #endif #ifdef TESLA_PROC @@ -2301,12 +2316,15 @@ #ifdef MAC #ifdef TESLA_MAC + /* XXXRW: In the exec() case, really want imgp->attr.gid. */ TESLA_SYSCALL( previously(mac_cred_check_setgid(ANY(ptr), ANY(int)) == 0) || previously(mac_cred_check_setregid(ANY(ptr), ANY(int), ANY(int)) == 0) || previously(mac_cred_check_setresgid(ANY(ptr), ANY(int), ANY(int), - ANY(int)) == 0)); + ANY(int)) == 0) || + previously(mac_vnode_check_exec(ANY(ptr), ANY(ptr), ANY(ptr)) + == 0)); #endif #endif #ifdef TESLA_PROC