Index: contrib/amd/include/am_defs.h =================================================================== RCS file: /home/ncvs/src/contrib/amd/include/am_defs.h,v retrieving revision 1.12 diff -u -r1.12 am_defs.h --- contrib/amd/include/am_defs.h 2001/09/02 20:37:36 1.12 +++ contrib/amd/include/am_defs.h 2001/09/24 03:45:56 @@ -360,6 +360,7 @@ * Actions to take if exists. */ #ifdef HAVE_SYS_MBUF_H +# include # include /* * OSF4 (DU-4.0) defines m_next and m_data also in so I must @@ -446,6 +447,8 @@ * Actions to take if exists. */ #ifdef HAVE_SYS_UCRED_H +/* XXX: need something more here */ +#include # include #endif /* HAVE_SYS_UCRED_H */ Index: contrib/bind/bin/named/ns_main.c =================================================================== RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_main.c,v retrieving revision 1.1.1.7 diff -u -r1.1.1.7 ns_main.c --- contrib/bind/bin/named/ns_main.c 2001/07/30 16:51:26 1.1.1.7 +++ contrib/bind/bin/named/ns_main.c 2001/09/24 15:08:33 @@ -98,8 +98,6 @@ #include #ifdef SVR4 /* XXX */ # include -#else -# include #endif #include Index: contrib/bind/bin/named/ns_signal.c =================================================================== RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_signal.c,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 ns_signal.c --- contrib/bind/bin/named/ns_signal.c 2000/10/31 12:35:29 1.1.1.3 +++ contrib/bind/bin/named/ns_signal.c 2001/09/24 15:03:32 @@ -86,8 +86,6 @@ #include #ifdef SVR4 /* XXX */ # include -#else -# include #endif #include Index: contrib/ipfilter/ipsend/sbpf.c =================================================================== RCS file: /home/ncvs/src/contrib/ipfilter/ipsend/sbpf.c,v retrieving revision 1.4 diff -u -r1.4 sbpf.c --- contrib/ipfilter/ipsend/sbpf.c 2001/07/28 12:08:15 1.4 +++ contrib/ipfilter/ipsend/sbpf.c 2001/09/24 12:24:40 @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include Index: contrib/sendmail/src/deliver.c =================================================================== RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v retrieving revision 1.1.1.9 diff -u -r1.1.1.9 deliver.c --- contrib/sendmail/src/deliver.c 2001/08/01 01:33:23 1.1.1.9 +++ contrib/sendmail/src/deliver.c 2001/08/05 16:51:40 @@ -1967,7 +1967,7 @@ if (pwd != NULL) (void) setusercontext(NULL, pwd, pwd->pw_uid, - LOGIN_SETRESOURCES|LOGIN_SETPRIORITY); + LOGIN_SETRESOURCES|LOGIN_SETPRIORITY|LOGIN_SETLABEL); } # endif /* HASSETUSERCONTEXT */ Index: etc/login.conf =================================================================== RCS file: /home/ncvs/src/etc/login.conf,v retrieving revision 1.43 diff -u -r1.43 login.conf --- etc/login.conf 2001/09/11 07:01:47 1.43 +++ etc/login.conf 2001/09/19 02:15:28 @@ -36,7 +36,8 @@ :sbsize=unlimited:\ :priority=0:\ :ignoretime@:\ - :umask=022: + :umask=022:\ + :label=biba/low,mls/low,partition/none: # @@ -64,6 +65,7 @@ # in preference to 'default'. root:\ :ignorenologin:\ + :label=biba/high,mls/low,partition/none:\ :tc=default: # Index: lib/libc/gen/getmntinfo.c =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/getmntinfo.c,v retrieving revision 1.3 diff -u -r1.3 getmntinfo.c --- lib/libc/gen/getmntinfo.c 2001/10/10 17:48:42 1.3 +++ lib/libc/gen/getmntinfo.c 2001/10/16 01:11:03 @@ -38,6 +38,7 @@ #endif /* LIBC_SCCS and not lint */ #include +#include #include #include #include Index: lib/libc/gen/getpeereid.c =================================================================== RCS file: /home/ncvs/src/lib/libc/gen/getpeereid.c,v retrieving revision 1.1 diff -u -r1.1 getpeereid.c --- lib/libc/gen/getpeereid.c 2001/08/17 22:09:15 1.1 +++ lib/libc/gen/getpeereid.c 2001/09/23 15:11:20 @@ -31,6 +31,7 @@ #include #include +#include #include #include Index: lib/libc/posix1e/Makefile.inc =================================================================== RCS file: /home/ncvs/src/lib/libc/posix1e/Makefile.inc,v retrieving revision 1.7 diff -u -r1.7 Makefile.inc --- lib/libc/posix1e/Makefile.inc 2001/11/16 05:09:45 1.7 +++ lib/libc/posix1e/Makefile.inc 2001/11/17 15:27:16 @@ -33,7 +33,12 @@ cap_set_flag.c \ cap_set_proc.c \ cap_text.c \ - extattr.c + extattr.c \ + mac_constant.c \ + mac_free.c \ + mac_get.c \ + mac_set.c \ + mac_text.c .if ${LIB} == "c" Index: lib/libc/posix1e/mac_constant.c =================================================================== RCS file: mac_constant.c diff -N mac_constant.c --- /dev/null Sat Nov 17 13:00:00 2001 +++ mac_constant.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,21 @@ +#include +#include + +/* + * The following label defines "system high", used by the TrustedBSD + * userland Trusted Code Base (TCB). It is assigned during the install + * process to TCB files, and used by privileged processes when setting + * rights on files that are part of the TCB (/etc/passwd and so on). + * Changing this label has serious consequences both in terms of + * propagation (recompile everything, make sure the kernel default + * label matches, etc), as well as security (changing this may break + * assumptions throughout the system). Don't change it unless you + * know what you're doing. Seriously. + */ + +const struct mac mac_userland_system_high_label = { + {MAC_BIBA_TYPE_HIGH, 0}, + {MAC_MLS_TYPE_LOW, 0}, + {MAC_PARTITION_TYPE_NONE, 0} +}; + Index: lib/libc/posix1e/mac_free.c =================================================================== RCS file: mac_free.c diff -N mac_free.c --- /dev/null Sat Nov 17 13:00:00 2001 +++ mac_free.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,12 @@ +#include +#include + +#include + +int +mac_free(void *buf_p) +{ + + free(buf_p); + return (0); +} Index: lib/libc/posix1e/mac_get.c =================================================================== RCS file: mac_get.c diff -N mac_get.c --- /dev/null Sat Nov 17 13:00:00 2001 +++ mac_get.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,68 @@ +#include +#include + +#include +#include + +mac_t +mac_get_file(const char *path_p) +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_file(path_p, label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} + +mac_t +mac_get_fd(int fd) +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_fd(fd, label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} + +mac_t +mac_get_proc() +{ + struct mac *label; + int error; + + label = (mac_t) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + return (NULL); + } + + error = __mac_get_proc(label); + if (error) { + mac_free(label); + return (NULL); + } + + return (label); +} Index: lib/libc/posix1e/mac_set.c =================================================================== RCS file: mac_set.c diff -N mac_set.c --- /dev/null Sat Nov 17 13:00:00 2001 +++ mac_set.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,23 @@ +#include +#include + +int +mac_set_file(const char *path_p, mac_t label) +{ + + return (__mac_set_file(path_p, label)); +} + +int +mac_set_fd(int fd, mac_t label) +{ + + return (__mac_set_fd(fd, label)); +} + +int +mac_set_proc(mac_t label) +{ + + return (__mac_set_proc(label)); +} Index: lib/libc/posix1e/mac_text.c =================================================================== RCS file: mac_text.c diff -N mac_text.c --- /dev/null Sat Nov 17 13:00:00 2001 +++ mac_text.c Sun Jun 3 10:07:26 2001 @@ -0,0 +1,391 @@ +#include +#include + +#include +#include +#include + +/* + * POSIX.1e does not define a text format for MAC label string conversions. + * We use the following format: + * "policy/qualifier,..." + * Where: + * policy can be one of "biba", "mls", "partition + * type for "biba" can be "high", "low", "equal", or a numeric grade + * type for "mls" can be "high", "low", "equal", of a numeric level + * type for "partition" can be "none", "all", or a numeric partition + * All policies must be present, but may be in any order. + * + * Sample labels: + * biba/high,mls/low,partition/none + * biba/low,mls/low,partition/none + * biba/low,mls/low,partition/3 + * biba/low,mls/3,partition/none + */ + +/* + * XXX: Parsing code below assumes these next two constants will be + * character strings containing a single character. + */ +#define STRING_SEP "," +#define STRING_ASSIGN "/" + +#define STRING_BIBA "biba" +#define STRING_MLS "mls" +#define STRING_PARTITION "partition" +static char *STRING_UNKNOWN = "unknown"; + +static char *STRING_BIBA_HIGH = "high"; +static char *STRING_BIBA_LOW = "low"; +static char *STRING_BIBA_EQUAL = "equal"; + +static char *STRING_MLS_HIGH = "high"; +static char *STRING_MLS_LOW = "low"; +static char *STRING_MLS_EQUAL = "equal"; + +static char *STRING_PARTITION_NONE = "none"; +static char *STRING_PARTITION_ALL = "all"; + +static int +biba_string_to_label(char *string, struct mac_biba *label) +{ + char *local_string, *token, *next_token, *tmp; + int error = 0; + + local_string = strdup(string); + if (local_string == NULL) + return (ENOMEM); + + next_token = local_string; + token = strsep(&next_token, STRING_ASSIGN); + + if (strcmp(token, STRING_BIBA) != 0) { + error = EINVAL; + goto exit1; + } + + token = strsep(&next_token, STRING_ASSIGN); + if (token == NULL) { + error = EINVAL; + goto exit1; + } + + label->mb_grade = 0; + if (strcmp(token, STRING_BIBA_HIGH) == 0) + label->mb_type = MAC_BIBA_TYPE_HIGH; + else if (strcmp(token, STRING_BIBA_LOW) == 0) + label->mb_type = MAC_BIBA_TYPE_LOW; + else if (strcmp(token, STRING_BIBA_EQUAL) == 0) + label->mb_type = MAC_BIBA_TYPE_EQUAL; + else { + /* Should be a numeric grade. */ + /* XXX: Check range for strtoul. */ + label->mb_type = MAC_BIBA_TYPE_GRADE; + label->mb_grade = strtoul(token, &tmp, 10); + if (*tmp != '\0') + error = EINVAL; + } + + if (next_token != NULL) + error = EINVAL; + +exit1: + free(local_string); + return (error); +} + +static char * +biba_label_to_string(struct mac_biba label) +{ + char *buf; + + switch (label.mb_type) { + case MAC_BIBA_TYPE_GRADE: + asprintf(&buf, "%s%s%hu", STRING_BIBA, STRING_ASSIGN, + label.mb_grade); + break; + case MAC_BIBA_TYPE_LOW: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_BIBA_LOW); + break; + case MAC_BIBA_TYPE_HIGH: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_BIBA_HIGH); + break; + case MAC_BIBA_TYPE_EQUAL: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_BIBA_EQUAL); + break; + default: + asprintf(&buf, "%s%s%s", STRING_BIBA, STRING_ASSIGN, + STRING_UNKNOWN); + } + + return (buf); +} + +static int +mls_string_to_label(char *string, struct mac_mls *label) +{ + char *local_string, *token, *next_token, *tmp; + int error = 0; + + local_string = strdup(string); + if (local_string == NULL) + return (ENOMEM); + + next_token = local_string; + token = strsep(&next_token, STRING_ASSIGN); + + if (strcmp(token, STRING_MLS) != 0) { + error = EINVAL; + goto exit1; + } + + token = strsep(&next_token, STRING_ASSIGN); + if (token == NULL) { + error = EINVAL; + goto exit1; + } + + label->mm_level = 0; + if (strcmp(token, STRING_MLS_HIGH) == 0) + label->mm_type = MAC_MLS_TYPE_HIGH; + else if (strcmp(token, STRING_MLS_LOW) == 0) + label->mm_type = MAC_MLS_TYPE_LOW; + else if (strcmp(token, STRING_MLS_EQUAL) == 0) + label->mm_type = MAC_MLS_TYPE_EQUAL; + else { + /* Should be a numeric level. */ + /* XXX: Check range for strtoul. */ + label->mm_type = MAC_MLS_TYPE_LEVEL; + label->mm_level = strtoul(token, &tmp, 10); + if (*tmp != '\0') + error = EINVAL; + } + + if (next_token != NULL) + error = EINVAL; + +exit1: + free(local_string); + return (error); +} + +static char * +mls_label_to_string(struct mac_mls label) +{ + char *buf; + + switch (label.mm_type) { + case MAC_MLS_TYPE_LEVEL: + asprintf(&buf, "%s%s%hu", STRING_MLS, STRING_ASSIGN, + label.mm_level); + break; + case MAC_MLS_TYPE_LOW: + asprintf(&buf, "%s%s%s", STRING_MLS, STRING_ASSIGN, + STRING_MLS_LOW); + break; + case MAC_MLS_TYPE_HIGH: + asprintf(&buf, "%s%s%s", STRING_MLS, STRING_ASSIGN, + STRING_MLS_HIGH); + break; + case MAC_MLS_TYPE_EQUAL: + asprintf(&buf, "%s%s%s", STRING_MLS, STRING_ASSIGN, + STRING_MLS_EQUAL); + break; + default: + asprintf(&buf, "%s:%s", STRING_MLS, STRING_ASSIGN, + STRING_UNKNOWN); + } + + return (buf); +} + +static int +partition_string_to_label(char *string, struct mac_partition *label) +{ + char *local_string, *token, *next_token, *tmp; + int error = 0; + + local_string = strdup(string); + if (local_string == NULL) + return (ENOMEM); + + next_token = local_string; + token = strsep(&next_token, STRING_ASSIGN); + + if (strcmp(token, STRING_PARTITION) != 0) { + error = EINVAL; + goto exit1; + } + + token = strsep(&next_token, STRING_ASSIGN); + if (token == NULL) { + error = EINVAL; + goto exit1; + } + + label->mp_partition = 0; + if (strcmp(token, STRING_PARTITION_NONE) == 0) + label->mp_type = MAC_PARTITION_TYPE_NONE; + else if (strcmp(token, STRING_PARTITION_ALL) == 0) + label->mp_type = MAC_PARTITION_TYPE_ALL; + else { + /* Should be a numeric partition identifier. */ + /* XXX: Should check range for strtoul. */ + label->mp_type = MAC_PARTITION_TYPE_PARTITION; + label->mp_partition = strtoul(token, &tmp, 10); + if (*tmp != '\0') + error = EINVAL; + } + + if (next_token != NULL) + error = EINVAL; + +exit1: + free(local_string); + return (error); +} + +static char * +partition_label_to_string(struct mac_partition label) +{ + char *buf; + + switch (label.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + asprintf(&buf, "%s%s%hu", STRING_PARTITION, STRING_ASSIGN, + label.mp_partition); + break; + case MAC_PARTITION_TYPE_ALL: + asprintf(&buf, "%s%s%s", STRING_PARTITION, STRING_ASSIGN, + STRING_PARTITION_ALL); + break; + case MAC_PARTITION_TYPE_NONE: + asprintf(&buf, "%s%s%s", STRING_PARTITION, STRING_ASSIGN, + STRING_PARTITION_NONE); + break; + default: + asprintf(&buf, "%s%s%s", STRING_PARTITION, STRING_ASSIGN, + STRING_UNKNOWN); + } + + return (buf); +} + +char * +mac_to_text(struct mac *mac_p, size_t *len_p) +{ + char *biba, *mls, *partition; + char *buf; + int len; + + biba = biba_label_to_string(mac_p->m_biba); + if (biba == NULL) { + errno = ENOMEM; + return (NULL); + } + mls = mls_label_to_string(mac_p->m_mls); + if (mls == NULL) { + errno = ENOMEM; + free(biba); + return (NULL); + } + partition = partition_label_to_string(mac_p->m_partition); + if (partition == NULL) { + errno = ENOMEM; + free(biba); + free(mls); + return (NULL); + } + + len = asprintf(&buf, "%s%s%s%s%s", biba, STRING_SEP, mls, STRING_SEP, + partition); + + free(biba); + free(mls); + free(partition); + + if (len != -1 && len_p != NULL) + *len_p = len; + + return (buf); +} + +struct mac * +mac_from_text(const char *text_p) +{ + struct mac *label; + char *local_string, *next_token, *token, *tmp; + int biba_seen = 0, mls_seen = 0, partition_seen = 0; + int error; + + /* + * Parse into three assignments, determine which assignments + * they are and recurse appropriately, and reject if there are + * not the right assignments (or duplicates). + */ + + label = (struct mac *) malloc(sizeof(*label)); + if (label == NULL) { + errno = ENOMEM; + goto exit1; + } + + local_string = strdup(text_p); + if (local_string == NULL) { + errno = ENOMEM; + goto exit2; + } + + next_token = local_string; + while ((token = strsep(&next_token, STRING_SEP)) != NULL) { + + if (strncmp(token, STRING_BIBA STRING_ASSIGN, strlen( + STRING_BIBA STRING_ASSIGN)) == 0) { + error = biba_string_to_label(token, &label->m_biba); + if (error) { + errno = error; + goto exit2; + } + biba_seen++; + } else if (strncmp(token, STRING_MLS STRING_ASSIGN, strlen( + STRING_MLS STRING_ASSIGN)) == 0) { + error = mls_string_to_label(token, &label->m_mls); + if (error) { + errno = error; + goto exit2; + } + mls_seen++; + } else if (strncmp(token, STRING_PARTITION STRING_ASSIGN, + strlen(STRING_PARTITION STRING_ASSIGN)) == 0) { + error = partition_string_to_label(token, + &label->m_partition); + if (error) { + errno = error; + goto exit2; + } + partition_seen++; + } else { + /* Unrecognized label type name. */ + errno = EINVAL; + goto exit2; + } + } + + if (biba_seen != 1 || mls_seen != 1 || partition_seen != 1) { + errno = EINVAL; + goto exit2; + } + + /* Success. */ + goto exit1; + +exit2: + free(label); + label = NULL; +exit1: + free(local_string); + return (label); +} Index: lib/libcom_err/Makefile =================================================================== RCS file: /home/ncvs/src/lib/libcom_err/Makefile,v retrieving revision 1.12 diff -u -r1.12 Makefile --- lib/libcom_err/Makefile 2001/03/27 17:26:58 1.12 +++ lib/libcom_err/Makefile 2001/06/11 23:23:00 @@ -3,7 +3,7 @@ LIB= com_err SRCS= com_err.c error.c INCS= ${COM_ERRDIR}/com_err.h ${COM_ERRDIR}/com_right.h -MAN= com_err.3 +#MAN= com_err.3 COM_ERRDIR= ${.CURDIR}/../../contrib/com_err CFLAGS+= -I${COM_ERRDIR} Index: lib/libutil/login_cap.h =================================================================== RCS file: /home/ncvs/src/lib/libutil/login_cap.h,v retrieving revision 1.4 diff -u -r1.4 login_cap.h --- lib/libutil/login_cap.h 2000/08/22 02:15:52 1.4 +++ lib/libutil/login_cap.h 2000/11/19 22:56:25 @@ -47,7 +47,8 @@ #define LOGIN_SETUMASK 0x0020 /* set umask, obviously */ #define LOGIN_SETUSER 0x0040 /* set user (via setuid) */ #define LOGIN_SETENV 0x0080 /* set user environment */ -#define LOGIN_SETALL 0x00ff /* set everything */ +#define LOGIN_SETLABEL 0x0100 /* set user MAC label */ +#define LOGIN_SETALL 0x01ff /* set everything */ #define BI_AUTH "authorize" /* accepted authentication */ #define BI_REJECT "reject" /* rejected authentication */ Index: lib/libutil/login_class.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/login_class.c,v retrieving revision 1.16 diff -u -r1.16 login_class.c --- lib/libutil/login_class.c 2001/09/30 22:35:07 1.16 +++ lib/libutil/login_class.c 2001/10/01 17:13:02 @@ -40,6 +40,7 @@ #include #include #include +#include static struct login_res { @@ -317,6 +318,7 @@ #ifndef __NETBSD_SYSCALLS struct rtprio rtp; #endif + int error; if (lc == NULL) { if (pwd != NULL && (lc = login_getpwclass(pwd)) != NULL) @@ -371,6 +373,44 @@ (u_long)pwd->pw_gid); login_close(llc); return -1; + } + } + + /* Setup the user's MAC label. */ + if (flags & LOGIN_SETLABEL) { + char *label_string; + mac_t label; + + /* + * XXX: In the following code, there are a number of "fail open" + * cases in which the process label will not be set. The following + * cases need to be addressed better: + * - The login.conf file does not contain a label for the user. + * but the kernel supports labeling (how to test this case?) + * - The login.conf file contains a syntactically semantically + * invalid label. + * - The kernel does not have support for labels compiled in, but + * a label is defined. + */ + label_string = login_getcapstr(lc, "label", NULL, NULL); + if (label_string == NULL) { + /* Leave label as is, warning, dangerous */ + } else { + label = mac_from_text(label_string); + if (label == NULL) { + syslog(LOG_ERR, "mac_from_text(%s): %m", + label_string); + return -1; + } + error = mac_set_proc(label); + mac_free(label); + if (error != 0 && errno == ENOSYS) { + syslog(LOG_WARNING, "mac_set_proc(%s): warning: %m", + label_string); + } else if (error != 0) { + syslog(LOG_ERR, "mac_set_proc(%s): error: %m", label_string); + return -1; + } } } Index: libexec/ftpd/ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.86 diff -u -r1.86 ftpd.c --- libexec/ftpd/ftpd.c 2001/10/12 13:16:34 1.86 +++ libexec/ftpd/ftpd.c 2001/10/14 15:21:47 @@ -1058,7 +1058,8 @@ pw = NULL; #ifdef LOGIN_CAP setusercontext(NULL, getpwuid(0), (uid_t)0, - LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK| + LOGIN_SETLABEL); #endif #ifdef USE_PAM if ((e = pam_setcred(pamh, PAM_DELETE_CRED)) != PAM_SUCCESS) @@ -1308,7 +1309,7 @@ } setusercontext(lc, pw, (uid_t)0, LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| - LOGIN_SETRESOURCES|LOGIN_SETUMASK); + LOGIN_SETRESOURCES|LOGIN_SETUMASK|LOGIN_SETLABEL); #else setlogin(pw->pw_name); (void) initgroups(pw->pw_name, pw->pw_gid); Index: sbin/ipfw/ipfw.c =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw.c,v retrieving revision 1.118 diff -u -r1.118 ipfw.c --- sbin/ipfw/ipfw.c 2001/11/04 23:19:46 1.118 +++ sbin/ipfw/ipfw.c 2001/11/17 15:29:34 @@ -25,6 +25,7 @@ #include +#include #include #include #include Index: sys/coda/coda_fbsd.c =================================================================== RCS file: /home/ncvs/src/sys/coda/coda_fbsd.c,v retrieving revision 1.24 diff -u -r1.24 coda_fbsd.c --- sys/coda/coda_fbsd.c 2001/06/15 00:02:27 1.24 +++ sys/coda/coda_fbsd.c 2001/08/05 17:01:30 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include Index: sys/coda/coda_namecache.c =================================================================== RCS file: /home/ncvs/src/sys/coda/coda_namecache.c,v retrieving revision 1.14 diff -u -r1.14 coda_namecache.c --- sys/coda/coda_namecache.c 2001/10/11 23:38:13 1.14 +++ sys/coda/coda_namecache.c 2001/10/14 15:24:28 @@ -82,6 +82,7 @@ #include #include #include +#include #include #include Index: sys/conf/files =================================================================== RCS file: /home/ncvs/src/sys/conf/files,v retrieving revision 1.582 diff -u -r1.582 files --- sys/conf/files 2001/11/15 06:18:58 1.582 +++ sys/conf/files 2001/11/17 15:31:46 @@ -777,6 +777,10 @@ kern/kern_linker.c standard kern/kern_lock.c standard kern/kern_lockf.c standard +kern/kern_mac.c standard +kern/kern_mac_biba.c standard +kern/kern_mac_mls.c standard +kern/kern_mac_partition.c standard kern/kern_malloc.c standard kern/kern_mib.c standard kern/kern_module.c standard Index: sys/conf/newvers.sh =================================================================== RCS file: /home/ncvs/src/sys/conf/newvers.sh,v retrieving revision 1.47 diff -u -r1.47 newvers.sh --- sys/conf/newvers.sh 2001/03/02 16:52:13 1.47 +++ sys/conf/newvers.sh 2001/05/31 14:41:23 @@ -34,7 +34,7 @@ # @(#)newvers.sh 8.1 (Berkeley) 4/20/94 # $FreeBSD: src/sys/conf/newvers.sh,v 1.47 2001/03/02 16:52:13 ru Exp $ -TYPE="FreeBSD" +TYPE="TrustedBSD" REVISION="5.0" BRANCH="CURRENT" RELEASE="${REVISION}-${BRANCH}" Index: sys/conf/options =================================================================== RCS file: /home/ncvs/src/sys/conf/options,v retrieving revision 1.297 diff -u -r1.297 options --- sys/conf/options 2001/11/15 16:03:24 1.297 +++ sys/conf/options 2001/11/17 15:31:47 @@ -107,6 +107,7 @@ # TrustedBSD and POSIX.1e Kernel Options CAPABILITIES opt_cap.h +MAC opt_mac.h # Do we want the config file compiled into the kernel? INCLUDE_CONFIG_FILE opt_config.h Index: sys/contrib/dev/oltr/if_oltr.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/dev/oltr/if_oltr.c,v retrieving revision 1.20 diff -u -r1.20 if_oltr.c --- sys/contrib/dev/oltr/if_oltr.c 2001/06/14 15:08:40 1.20 +++ sys/contrib/dev/oltr/if_oltr.c 2001/09/25 12:34:08 @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include Index: sys/contrib/ipfilter/netinet/fil.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/fil.c,v retrieving revision 1.25 diff -u -r1.25 fil.c --- sys/contrib/ipfilter/netinet/fil.c 2001/09/12 22:06:36 1.25 +++ sys/contrib/ipfilter/netinet/fil.c 2001/09/24 11:58:57 @@ -37,6 +37,7 @@ #include #if !defined(__SVR4) && !defined(__svr4__) # ifndef linux +# include # include # endif #else Index: sys/contrib/ipfilter/netinet/ip_auth.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_auth.c,v retrieving revision 1.22 diff -u -r1.22 ip_auth.c --- sys/contrib/ipfilter/netinet/ip_auth.c 2001/07/28 11:58:25 1.22 +++ sys/contrib/ipfilter/netinet/ip_auth.c 2001/09/24 11:58:01 @@ -29,6 +29,7 @@ #endif #if !defined(__SVR4) && !defined(__svr4__) # ifndef linux +# include # include # endif #else Index: sys/contrib/ipfilter/netinet/ip_fil.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_fil.c,v retrieving revision 1.27 diff -u -r1.27 ip_fil.c --- sys/contrib/ipfilter/netinet/ip_fil.c 2001/09/12 08:37:00 1.27 +++ sys/contrib/ipfilter/netinet/ip_fil.c 2001/09/24 11:58:07 @@ -52,6 +52,7 @@ # else # include # endif +# include # include #else # include Index: sys/contrib/ipfilter/netinet/ip_frag.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_frag.c,v retrieving revision 1.17 diff -u -r1.17 ip_frag.c --- sys/contrib/ipfilter/netinet/ip_frag.c 2001/07/30 10:53:23 1.17 +++ sys/contrib/ipfilter/netinet/ip_frag.c 2001/09/24 11:58:14 @@ -36,6 +36,7 @@ # include # endif # ifndef linux +# include # include # endif #else Index: sys/contrib/ipfilter/netinet/ip_log.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_log.c,v retrieving revision 1.18 diff -u -r1.18 ip_log.c --- sys/contrib/ipfilter/netinet/ip_log.c 2001/07/28 11:58:26 1.18 +++ sys/contrib/ipfilter/netinet/ip_log.c 2001/09/24 11:58:23 @@ -65,6 +65,7 @@ # else # include # endif +# include # include # else # include Index: sys/contrib/ipfilter/netinet/ip_nat.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_nat.c,v retrieving revision 1.23 diff -u -r1.23 ip_nat.c --- sys/contrib/ipfilter/netinet/ip_nat.c 2001/07/28 11:58:26 1.23 +++ sys/contrib/ipfilter/netinet/ip_nat.c 2001/09/24 11:58:29 @@ -41,6 +41,7 @@ #endif #if !defined(__SVR4) && !defined(__svr4__) # ifndef linux +# include # include # endif #else Index: sys/contrib/ipfilter/netinet/ip_proxy.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_proxy.c,v retrieving revision 1.12 diff -u -r1.12 ip_proxy.c --- sys/contrib/ipfilter/netinet/ip_proxy.c 2001/07/28 11:58:26 1.12 +++ sys/contrib/ipfilter/netinet/ip_proxy.c 2001/09/24 11:58:35 @@ -36,6 +36,7 @@ #endif #if !defined(__SVR4) && !defined(__svr4__) # ifndef linux +# include # include # endif #else Index: sys/contrib/ipfilter/netinet/ip_state.c =================================================================== RCS file: /home/ncvs/src/sys/contrib/ipfilter/netinet/ip_state.c,v retrieving revision 1.22 diff -u -r1.22 ip_state.c --- sys/contrib/ipfilter/netinet/ip_state.c 2001/07/28 11:58:26 1.22 +++ sys/contrib/ipfilter/netinet/ip_state.c 2001/09/24 11:58:44 @@ -46,6 +46,7 @@ #endif #if !defined(__SVR4) && !defined(__svr4__) # ifndef linux +# include # include # endif #else Index: sys/dev/an/if_an.c =================================================================== RCS file: /home/ncvs/src/sys/dev/an/if_an.c,v retrieving revision 1.26 diff -u -r1.26 if_an.c --- sys/dev/an/if_an.c 2001/11/15 06:17:05 1.26 +++ sys/dev/an/if_an.c 2001/11/17 15:32:08 @@ -90,6 +90,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/an/if_an_isa.c =================================================================== RCS file: /home/ncvs/src/sys/dev/an/if_an_isa.c,v retrieving revision 1.6 diff -u -r1.6 if_an_isa.c --- sys/dev/an/if_an_isa.c 2001/09/10 02:36:18 1.6 +++ sys/dev/an/if_an_isa.c 2001/09/24 17:58:02 @@ -41,6 +41,7 @@ */ #include "opt_inet.h" + #ifdef INET #define ANCACHE #endif @@ -48,6 +49,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/an/if_an_pci.c =================================================================== RCS file: /home/ncvs/src/sys/dev/an/if_an_pci.c,v retrieving revision 1.12 diff -u -r1.12 if_an_pci.c --- sys/dev/an/if_an_pci.c 2001/10/11 17:52:19 1.12 +++ sys/dev/an/if_an_pci.c 2001/10/14 15:24:48 @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/ar/if_ar.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ar/if_ar.c,v retrieving revision 1.50 diff -u -r1.50 if_ar.c --- sys/dev/ar/if_ar.c 2001/04/16 13:20:21 1.50 +++ sys/dev/ar/if_ar.c 2001/09/25 11:38:33 @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/awi/awi.c =================================================================== RCS file: /home/ncvs/src/sys/dev/awi/awi.c,v retrieving revision 1.16 diff -u -r1.16 awi.c --- sys/dev/awi/awi.c 2001/09/12 08:37:02 1.16 +++ sys/dev/awi/awi.c 2001/09/24 17:58:11 @@ -98,6 +98,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/awi/awi_wep.c =================================================================== RCS file: /home/ncvs/src/sys/dev/awi/awi_wep.c,v retrieving revision 1.5 diff -u -r1.5 awi_wep.c --- sys/dev/awi/awi_wep.c 2001/09/12 08:37:02 1.5 +++ sys/dev/awi/awi_wep.c 2001/09/24 17:55:16 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/awi/awi_wicfg.c =================================================================== RCS file: /home/ncvs/src/sys/dev/awi/awi_wicfg.c,v retrieving revision 1.5 diff -u -r1.5 awi_wicfg.c --- sys/dev/awi/awi_wicfg.c 2001/09/12 08:37:02 1.5 +++ sys/dev/awi/awi_wicfg.c 2001/09/24 17:58:50 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/bge/if_bge.c =================================================================== RCS file: /home/ncvs/src/sys/dev/bge/if_bge.c,v retrieving revision 1.3 diff -u -r1.3 if_bge.c --- sys/dev/bge/if_bge.c 2001/09/29 19:31:29 1.3 +++ sys/dev/bge/if_bge.c 2001/10/03 03:16:34 @@ -73,6 +73,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/cnw/if_cnw.c =================================================================== RCS file: /home/ncvs/src/sys/dev/cnw/if_cnw.c,v retrieving revision 1.3 diff -u -r1.3 if_cnw.c --- sys/dev/cnw/if_cnw.c 2001/05/08 23:57:32 1.3 +++ sys/dev/cnw/if_cnw.c 2001/09/25 11:43:10 @@ -231,6 +231,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/cs/if_cs.c =================================================================== RCS file: /home/ncvs/src/sys/dev/cs/if_cs.c,v retrieving revision 1.20 diff -u -r1.20 if_cs.c --- sys/dev/cs/if_cs.c 2001/02/23 08:08:21 1.20 +++ sys/dev/cs/if_cs.c 2001/09/24 17:59:13 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/ed/if_ed.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ed/if_ed.c,v retrieving revision 1.206 diff -u -r1.206 if_ed.c --- sys/dev/ed/if_ed.c 2001/11/04 22:56:20 1.206 +++ sys/dev/ed/if_ed.c 2001/11/17 15:32:18 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/ep/if_ep.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ep/if_ep.c,v retrieving revision 1.107 diff -u -r1.107 if_ep.c --- sys/dev/ep/if_ep.c 2001/06/05 22:29:16 1.107 +++ sys/dev/ep/if_ep.c 2001/09/24 18:01:35 @@ -63,6 +63,7 @@ #include #include +#include #include #include #include Index: sys/dev/ex/if_ex.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ex/if_ex.c,v retrieving revision 1.37 diff -u -r1.37 if_ex.c --- sys/dev/ex/if_ex.c 2001/02/04 13:11:49 1.37 +++ sys/dev/ex/if_ex.c 2001/09/24 18:01:51 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include Index: sys/dev/fe/if_fe.c =================================================================== RCS file: /home/ncvs/src/sys/dev/fe/if_fe.c,v retrieving revision 1.71 diff -u -r1.71 if_fe.c --- sys/dev/fe/if_fe.c 2001/09/02 13:05:00 1.71 +++ sys/dev/fe/if_fe.c 2001/09/24 18:02:47 @@ -72,6 +72,7 @@ #include #include #include +#include #include #include Index: sys/dev/fxp/if_fxp.c =================================================================== RCS file: /home/ncvs/src/sys/dev/fxp/if_fxp.c,v retrieving revision 1.121 diff -u -r1.121 if_fxp.c --- sys/dev/fxp/if_fxp.c 2001/11/02 05:10:40 1.121 +++ sys/dev/fxp/if_fxp.c 2001/11/17 15:32:22 @@ -34,6 +34,7 @@ #include #include +#include #include #include /* #include */ Index: sys/dev/ie/if_ie.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ie/if_ie.c,v retrieving revision 1.83 diff -u -r1.83 if_ie.c --- sys/dev/ie/if_ie.c 2001/07/02 05:29:58 1.83 +++ sys/dev/ie/if_ie.c 2001/09/25 11:43:46 @@ -116,6 +116,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/iicbus/if_ic.c =================================================================== RCS file: /home/ncvs/src/sys/dev/iicbus/if_ic.c,v retrieving revision 1.10 diff -u -r1.10 if_ic.c --- sys/dev/iicbus/if_ic.c 2000/11/25 07:35:22 1.10 +++ sys/dev/iicbus/if_ic.c 2001/09/25 11:44:35 @@ -33,6 +33,7 @@ #ifdef _KERNEL #include #include +#include #include #include #include @@ -48,6 +49,7 @@ #include #endif +#include #include #include #include Index: sys/dev/lge/if_lge.c =================================================================== RCS file: /home/ncvs/src/sys/dev/lge/if_lge.c,v retrieving revision 1.9 diff -u -r1.9 if_lge.c --- sys/dev/lge/if_lge.c 2001/09/29 19:31:29 1.9 +++ sys/dev/lge/if_lge.c 2001/10/01 16:30:49 @@ -76,6 +76,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/lmc/if_lmc.c =================================================================== RCS file: /home/ncvs/src/sys/dev/lmc/if_lmc.c,v retrieving revision 1.13 diff -u -r1.13 if_lmc.c --- sys/dev/lmc/if_lmc.c 2001/01/17 01:08:50 1.13 +++ sys/dev/lmc/if_lmc.c 2001/09/25 11:46:04 @@ -37,6 +37,7 @@ #include "opt_netgraph.h" #include #include +#include #include #include #include Index: sys/dev/lnc/if_lnc.c =================================================================== RCS file: /home/ncvs/src/sys/dev/lnc/if_lnc.c,v retrieving revision 1.89 diff -u -r1.89 if_lnc.c --- sys/dev/lnc/if_lnc.c 2001/07/04 13:00:19 1.89 +++ sys/dev/lnc/if_lnc.c 2001/09/24 18:04:05 @@ -65,6 +65,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/nge/if_nge.c =================================================================== RCS file: /home/ncvs/src/sys/dev/nge/if_nge.c,v retrieving revision 1.23 diff -u -r1.23 if_nge.c --- sys/dev/nge/if_nge.c 2001/09/29 19:31:29 1.23 +++ sys/dev/nge/if_nge.c 2001/10/01 16:30:54 @@ -90,6 +90,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/ppbus/if_plip.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ppbus/if_plip.c,v retrieving revision 1.22 diff -u -r1.22 if_plip.c --- sys/dev/ppbus/if_plip.c 2000/11/25 07:35:23 1.22 +++ sys/dev/ppbus/if_plip.c 2001/09/24 18:05:10 @@ -84,6 +84,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/ray/if_ray.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ray/if_ray.c,v retrieving revision 1.56 diff -u -r1.56 if_ray.c --- sys/dev/ray/if_ray.c 2001/05/17 22:23:49 1.56 +++ sys/dev/ray/if_ray.c 2001/09/25 11:46:30 @@ -251,6 +251,7 @@ #include #include +#include #include #include #include Index: sys/dev/sn/if_sn.c =================================================================== RCS file: /home/ncvs/src/sys/dev/sn/if_sn.c,v retrieving revision 1.19 diff -u -r1.19 if_sn.c --- sys/dev/sn/if_sn.c 2001/08/04 05:27:52 1.19 +++ sys/dev/sn/if_sn.c 2001/09/24 18:06:02 @@ -83,6 +83,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/sr/if_sr.c =================================================================== RCS file: /home/ncvs/src/sys/dev/sr/if_sr.c,v retrieving revision 1.47 diff -u -r1.47 if_sr.c --- sys/dev/sr/if_sr.c 2001/02/26 16:30:02 1.47 +++ sys/dev/sr/if_sr.c 2001/09/25 11:46:44 @@ -55,6 +55,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/txp/if_txp.c =================================================================== RCS file: /home/ncvs/src/sys/dev/txp/if_txp.c,v retrieving revision 1.7 diff -u -r1.7 if_txp.c --- sys/dev/txp/if_txp.c 2001/09/18 18:41:39 1.7 +++ sys/dev/txp/if_txp.c 2001/09/24 18:07:11 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/usb/if_aue.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/if_aue.c,v retrieving revision 1.43 diff -u -r1.43 if_aue.c --- sys/dev/usb/if_aue.c 2001/09/29 19:31:29 1.43 +++ sys/dev/usb/if_aue.c 2001/10/01 16:31:09 @@ -64,6 +64,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/usb/if_cue.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/if_cue.c,v retrieving revision 1.19 diff -u -r1.19 if_cue.c --- sys/dev/usb/if_cue.c 2001/08/22 05:33:57 1.19 +++ sys/dev/usb/if_cue.c 2001/09/24 18:07:53 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/usb/if_kue.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/if_kue.c,v retrieving revision 1.32 diff -u -r1.32 if_kue.c --- sys/dev/usb/if_kue.c 2001/08/22 05:33:57 1.32 +++ sys/dev/usb/if_kue.c 2001/09/24 18:08:04 @@ -67,6 +67,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/usb/udbp.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/udbp.c,v retrieving revision 1.13 diff -u -r1.13 udbp.c --- sys/dev/usb/udbp.c 2001/01/09 04:33:17 1.13 +++ sys/dev/usb/udbp.c 2001/09/25 02:56:52 @@ -83,6 +83,7 @@ #include #endif #include +#include #include #include #include Index: sys/dev/usb/usb_ethersubr.c =================================================================== RCS file: /home/ncvs/src/sys/dev/usb/usb_ethersubr.c,v retrieving revision 1.9 diff -u -r1.9 usb_ethersubr.c --- sys/dev/usb/usb_ethersubr.c 2000/11/25 07:35:24 1.9 +++ sys/dev/usb/usb_ethersubr.c 2001/09/24 18:08:51 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/vx/if_vx.c =================================================================== RCS file: /home/ncvs/src/sys/dev/vx/if_vx.c,v retrieving revision 1.34 diff -u -r1.34 if_vx.c --- sys/dev/vx/if_vx.c 2001/07/19 02:16:01 1.34 +++ sys/dev/vx/if_vx.c 2001/09/24 18:09:11 @@ -59,6 +59,7 @@ #include #include #include +#include #include #include Index: sys/dev/wi/if_wi.c =================================================================== RCS file: /home/ncvs/src/sys/dev/wi/if_wi.c,v retrieving revision 1.64 diff -u -r1.64 if_wi.c --- sys/dev/wi/if_wi.c 2001/11/15 06:37:13 1.64 +++ sys/dev/wi/if_wi.c 2001/11/17 15:32:58 @@ -71,6 +71,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/wl/if_wl.c =================================================================== RCS file: /home/ncvs/src/sys/dev/wl/if_wl.c,v retrieving revision 1.39 diff -u -r1.39 if_wl.c --- sys/dev/wl/if_wl.c 2001/09/12 08:37:16 1.39 +++ sys/dev/wl/if_wl.c 2001/09/25 11:47:03 @@ -196,6 +196,7 @@ #include #include #include +#include #include #include #include Index: sys/dev/xe/if_xe.c =================================================================== RCS file: /home/ncvs/src/sys/dev/xe/if_xe.c,v retrieving revision 1.28 diff -u -r1.28 if_xe.c --- sys/dev/xe/if_xe.c 2001/08/29 05:11:44 1.28 +++ sys/dev/xe/if_xe.c 2001/09/24 18:09:48 @@ -112,6 +112,7 @@ #include #include #include +#include #include #include #include Index: sys/fs/procfs/procfs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/fs/procfs/procfs_vnops.c,v retrieving revision 1.105 diff -u -r1.105 procfs_vnops.c --- sys/fs/procfs/procfs_vnops.c 2001/11/06 17:00:40 1.105 +++ sys/fs/procfs/procfs_vnops.c 2001/11/17 15:33:06 @@ -43,12 +43,15 @@ * procfs vnode interface */ +#include "opt_mac.h" + #include #include #include #include #include #include +#include #include #include #include @@ -72,6 +75,9 @@ static int procfs_badop __P((void)); static int procfs_close __P((struct vop_close_args *)); static int procfs_getattr __P((struct vop_getattr_args *)); +#ifdef MAC +static int procfs_getlabel __P((struct vop_getlabel_args *)); +#endif static int procfs_ioctl __P((struct vop_ioctl_args *)); static int procfs_lookup __P((struct vop_lookup_args *)); static int procfs_open __P((struct vop_open_args *)); @@ -563,7 +569,61 @@ return (error); } +#ifdef MAC static int +procfs_getlabel(ap) + struct vop_getlabel_args /* { + struct vnode *a_vp; + struct mac *a_label; + struct ucred *a_cred; + struct proc *a_p; + }; */ *ap; +{ + struct pfsnode *pfs = VTOPFS(ap->a_vp); + struct proc *procp; + + switch (pfs->pfs_type) { + case Proot: + case Pcurproc: + procp = NULL; + break; + + default: + procp = PFIND(pfs->pfs_pid); + if (procp == NULL) + return (ENOENT); + + if (procp->p_ucred == NULL) { + PROC_UNLOCK(procp); + return (ENOENT); + } + + if (p_cansee(ap->a_td->td_proc, procp)) { + PROC_UNLOCK(procp); + return (ENOENT); + } + } + + if (procp == NULL) { + /* + * Return the default object label for non-process + * entries. Might be better to replicate the label + * of proc 0, or do the default subject label. + */ + mac_init_object(ap->a_label); + } else { + /* + * Copy the process label. + */ + *ap->a_label = procp->p_ucred->cr_label; + PROC_UNLOCK(procp); + } + + return (0); +} +#endif /* !MAC */ + +static int procfs_setattr(ap) struct vop_setattr_args /* { struct vnode *a_vp; @@ -997,6 +1057,9 @@ { &vop_close_desc, (vop_t *) procfs_close }, { &vop_create_desc, (vop_t *) procfs_badop }, { &vop_getattr_desc, (vop_t *) procfs_getattr }, +#if MAC + { &vop_getlabel_desc, (vop_t *) procfs_getlabel }, +#endif { &vop_link_desc, (vop_t *) procfs_badop }, { &vop_lookup_desc, (vop_t *) procfs_lookup }, { &vop_mkdir_desc, (vop_t *) procfs_badop }, Index: sys/i386/i386/in_cksum.c =================================================================== RCS file: /home/ncvs/src/sys/i386/i386/in_cksum.c,v retrieving revision 1.23 diff -u -r1.23 in_cksum.c --- sys/i386/i386/in_cksum.c 2001/11/13 19:55:20 1.23 +++ sys/i386/i386/in_cksum.c 2001/11/17 15:33:16 @@ -40,6 +40,7 @@ */ #include #include +#include #include #include Index: sys/i386/isa/if_cx.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/if_cx.c,v retrieving revision 1.34 diff -u -r1.34 if_cx.c --- sys/i386/isa/if_cx.c 2000/06/13 22:28:47 1.34 +++ sys/i386/isa/if_cx.c 2001/09/25 11:53:37 @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include Index: sys/i386/isa/if_el.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/if_el.c,v retrieving revision 1.54 diff -u -r1.54 if_el.c --- sys/i386/isa/if_el.c 2001/02/09 06:09:28 1.54 +++ sys/i386/isa/if_el.c 2001/09/25 11:53:39 @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include Index: sys/i386/isa/if_le.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/if_le.c,v retrieving revision 1.65 diff -u -r1.65 if_le.c --- sys/i386/isa/if_le.c 2001/10/19 15:47:41 1.65 +++ sys/i386/isa/if_le.c 2001/11/17 15:33:23 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include Index: sys/i386/isa/if_rdp.c =================================================================== RCS file: /home/ncvs/src/sys/i386/isa/if_rdp.c,v retrieving revision 1.11 diff -u -r1.11 if_rdp.c --- sys/i386/isa/if_rdp.c 2000/10/15 14:18:38 1.11 +++ sys/i386/isa/if_rdp.c 2001/09/25 11:53:44 @@ -67,6 +67,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/init_main.c =================================================================== RCS file: /home/ncvs/src/sys/kern/init_main.c,v retrieving revision 1.178 diff -u -r1.178 init_main.c --- sys/kern/init_main.c 2001/10/26 08:12:53 1.178 +++ sys/kern/init_main.c 2001/11/17 15:33:44 @@ -43,6 +43,7 @@ */ #include "opt_init_path.h" +#include "opt_mac.h" #include #include @@ -54,6 +55,7 @@ #include #include #include +#include #include #include #include @@ -345,6 +347,9 @@ p->p_ucred = crget(); p->p_ucred->cr_ngroups = 1; /* group 0 */ p->p_ucred->cr_uidinfo = uifind(0); +#ifdef MAC + mac_init_subject(p->p_ucred); +#endif p->p_ucred->cr_ruidinfo = uifind(0); p->p_ucred->cr_prison = NULL; /* Don't jail it. */ td->td_ucred = crhold(p->p_ucred); Index: sys/kern/init_sysent.c =================================================================== RCS file: /home/ncvs/src/sys/kern/init_sysent.c,v retrieving revision 1.111 diff -u -r1.111 init_sysent.c --- sys/kern/init_sysent.c 2001/11/02 17:59:23 1.111 +++ sys/kern/init_sysent.c 2001/11/17 16:23:46 @@ -2,7 +2,7 @@ * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/kern/init_sysent.c,v 1.111 2001/11/02 17:59:23 phk Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.100 2001/11/02 17:58:26 phk Exp */ @@ -401,4 +401,10 @@ { AS(eaccess_args), (sy_call_t *)eaccess }, /* 376 = eaccess */ { 0, (sy_call_t *)nosys }, /* 377 = afs_syscall */ { AS(nmount_args), (sy_call_t *)nmount }, /* 378 = nmount */ + { AS(__mac_get_proc_args), (sy_call_t *)__mac_get_proc }, /* 379 = __mac_get_proc */ + { AS(__mac_set_proc_args), (sy_call_t *)__mac_set_proc }, /* 380 = __mac_set_proc */ + { AS(__mac_get_fd_args), (sy_call_t *)__mac_get_fd }, /* 381 = __mac_get_fd */ + { AS(__mac_get_file_args), (sy_call_t *)__mac_get_file }, /* 382 = __mac_get_file */ + { AS(__mac_set_fd_args), (sy_call_t *)__mac_set_fd }, /* 383 = __mac_set_fd */ + { AS(__mac_set_file_args), (sy_call_t *)__mac_set_file }, /* 384 = __mac_set_file */ }; Index: sys/kern/kern_exec.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v retrieving revision 1.145 diff -u -r1.145 kern_exec.c --- sys/kern/kern_exec.c 2001/11/08 00:24:48 1.145 +++ sys/kern/kern_exec.c 2001/11/17 15:33:45 @@ -26,6 +26,8 @@ * $FreeBSD: src/sys/kern/kern_exec.c,v 1.145 2001/11/08 00:24:48 peter Exp $ */ +#include "opt_mac.h" + #include #include #include @@ -847,6 +849,22 @@ error = VOP_ACCESS(vp, VEXEC, p->p_ucred, curthread); /* XXXKSE */ if (error) return (error); + +#ifdef MAC +#if 0 + { + struct mac label; + + error = VOP_GETLABEL(vp, &label, curthread->td_proc->p_ucred, + curthread); + if (error) + return (error); + error = mac_p_canexec(curthread->td_proc, &label); + if (error) + return (error); + } +#endif /* !0 */ +#endif /* !MAC */ /* * Check number of open-for-writes on the file and deny execution Index: sys/kern/kern_mac.c =================================================================== RCS file: kern_mac.c diff -N kern_mac.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ kern_mac.c Fri Oct 5 09:31:47 2001 @@ -0,0 +1,510 @@ +/*- + * Copyright (c) 1999-2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Userland/kernel interface, policy merging for various access models. + */ + +#include "opt_mac.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef MAC + +static int error_select __P((int error1, int error2)); + +/* + * error_select() defines an error value precedence, and given two + * arguments, selects the value with the higher precedence. + */ +static int +error_select(int error1, int error2) +{ + + /* Certain decision-making errors take top priority. */ + if (error1 == EDEADLK || error2 == EDEADLK) + return (EDEADLK); + + /* Precedence goes to "visibility", with both process and file. */ + if (error1 == ESRCH || error2 == ESRCH) + return (ESRCH); + + if (error1 == ENOENT || error2 == ENOENT) + return (ENOENT); + + /* Precedence goes to DAC/MAC protections. */ + if (error1 == EACCES || error2 == EACCES) + return (EACCES); + + /* Precedence goes to privilege. */ + if (error1 == EPERM || error2 == EPERM) + return (EPERM); + + /* Oh well. */ + return (error1); + +} + +int +mac_cr_cansee(const struct ucred *u1, const struct ucred *u2) +{ + int error_biba, error_mls, error; + + error_biba = mac_biba_cr_cansee(u1, u2); + error_mls = mac_mls_cr_cansee(u1, u2); + + error = error_select(error_biba, error_mls); + + return (error); +} + +int +mac_p_cansignal(const struct proc *p1, const struct proc *p2, int signum) +{ + int error_biba, error_mls, error; + + error_biba = mac_biba_p_cansignal(p1, p2, signum); + error_mls = mac_mls_p_cansignal(p1, p2, signum); + + error = error_select(error_biba, error_mls); + + return (error); +} + +int +mac_p_cansched(const struct proc *p1, const struct proc *p2) +{ + int error_biba, error_mls, error; + + error_biba = mac_biba_p_cansched(p1, p2); + error_mls = mac_mls_p_cansched(p1, p2); + + error = error_select(error_biba, error_mls); + + return (error); +} + +int +mac_p_candebug(const struct proc *p1, const struct proc *p2) +{ + int error_biba, error_mls, error; + + error_biba = mac_biba_p_candebug(p1, p2); + error_mls = mac_mls_p_candebug(p1, p2); + + error = error_select(error_biba, error_mls); + + return (error); +} + +int +mac_p_canexec(const struct proc *p1, const struct mac *label) +{ + + return (0); +} + +#if 0 +/* + * POSIX.1e calls for a dominate function to be exported or available + * to userland processes. However, not all policies support a concept + * of "dominate" and so it may be inappropriate in more general policy + * environments (such as type enforcement). Disabled for the time + * being in the hopes that it doesn't prove necessary. + */ +/* + * Return (1) if MAC labela dominates MAC labelb, otherwise, (0). + */ +int +mac_dominate(const struct mac *labela, const struct mac *labelb) +{ + + /* + * A MAC label only dominates another if all of the component + * labels from it dominate the other. + */ + return (mac_biba_dominate(&labela->m_biba, &labelb->m_biba) && + mac_mls_dominate(&labela->m_mls, &labelb->m_mls) && + mac_partition_dominate(&labela->m_partition, + &labelb->m_partition)); +} +#endif + +/* + * Return (1) if the two MAC labels are equal, otherwise, (0). + */ +int +mac_equal(const struct mac *labela, const struct mac *labelb) +{ + + /* + * Two MAC labels are only equal of they are equal according to + * all of the individual policies. + */ + return (mac_biba_equal(labela, labelb) && + mac_mls_equal(labela, labelb) && + mac_partition_equal(labela, labelb)); +} + +/* + * At system start-up time, the credential of the first-born process + * is passed in for label initialization. What actually occurs will + * be policy-specific, but the results should allow the system to + * boot. + */ +void +mac_init_subject(struct ucred *cred) +{ + + mac_biba_init_subject(cred); + mac_mls_init_subject(cred); + mac_partition_init_subject(cred); +} + +/* + * When a new process is created, its label must be initialized. Generally, + * this involves inheritence from the parent process, modulo possible + * deltas. This function allows that processing to take place. + */ +void +mac_create_subject(const struct ucred *parent_cred, + struct ucred *child_cred) +{ + + mac_biba_create_subject(parent_cred, child_cred); + mac_mls_create_subject(parent_cred, child_cred); + mac_partition_create_subject(parent_cred, child_cred); +} + +/* + * Processes may need to modify their current subject label if they + * perform multi-level activities, or proxy data between levels. + * This function is a check to determine if a particular label change + * is permitted; the old and new credentials are provided. 0 is + * returned for success, otherwise an errno. + */ +int +mac_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + /* + * Because a composition occurs here, we must select one + * error to return to the user. A precedence rule should + * probably be present, but instead we return the first + * failure to be discovered. Any failure by any policy + * vetoes the whole operation. + */ + + error = mac_biba_can_setlabel_subject(cred_old, cred_new); + if (error) + return (error); + + error = mac_mls_can_setlabel_subject(cred_old, cred_new); + if (error) + return (error); + + error = mac_partition_can_setlabel_subject(cred_old, cred_new); + if (error) + return (error); + + return (0); +} + +/* + * Generally speaking, object providers will maintain persistent or + * inherited labels for most system objects. However, until this + * is done, mac_init_object() will be used to label unlabeled objects. + * For safety purposes, this should protect the object from unnecessary + * writes, and possibly reads. + */ +void +mac_init_object(struct mac *label) +{ + + mac_biba_init_object(label); + mac_mls_init_object(label); + mac_partition_init_object(label); +} + +/* + * When a new object is created, its label must be initialized. Generally, + * this involves inheritence from the subject creating the object, + * modulo possible deltas. This function allows that processing to take + * place. + */ +void +mac_create_object(const struct ucred *cred, struct mac *label) +{ + + if (cred != NULL) { + mac_biba_create_object(cred, label); + mac_mls_create_object(cred, label); + mac_partition_create_object(cred, label); + } else + mac_init_object(label); +} + +/* + * Processes may need to modify the current object label on objects in + * the system, for reasons identified above. This function is a check to + * determine if a particular label change is permitted; the requesting + * credential is provided, as well as the old and new object labels. 0 is + * returned for success, otherwise an errno. + */ +int +mac_can_setlabel_object(const struct ucred *cred, const struct mac *label_old, + const struct mac *label_new) +{ + int error; + + /* + * Because a composition occurs here, we must select one + * error to return to the user. A precedence rule should + * probably be present, but instead we return the first + * failure to be discovered. Any failure by any policy + * vetoes the whole operation. + */ + + error = mac_biba_can_setlabel_object(cred, label_old, label_new); + if (error) + return (error); + + error = mac_mls_can_setlabel_object(cred, label_old, label_new); + if (error) + return (error); + + error = mac_partition_can_setlabel_object(cred, label_old, label_new); + if (error) + return (error); + + return (0); +} + +/* +int +mac_ether_output_check(struct ifnet *ifp, struct mbuf *mbp) +{ + + return (0); +} +*/ + +void +mac_print_label(const struct mac *label) +{ + + printf("MAC label:\n"); + mac_biba_print_label(label); + mac_mls_print_label(label); + mac_partition_print_label(label); +} + +/* + * Function to intersect with vaccess() providing mandatory access + * checks for file system objects. Accepts object type, object label, + * access request, requesting credential, and an optional privused + * field to return privilege information (currently unused). + */ +int +vaccess_mac(enum vtype type, const struct mac *filelabel, mode_t acc_mode, + struct ucred *cred) +{ + int error_biba, error_mls, error; + + /* Detect and reject unknown access modes. */ + if ((acc_mode & (VWRITE | VADMIN | VREAD | VEXEC)) != acc_mode) { + printf("vaccess_mac: unknown access mode in %d\n", acc_mode); + return (EPERM); + } + + error_biba = mac_biba_vaccess(type, filelabel, acc_mode, cred); + error_mls = mac_mls_vaccess(type, filelabel, acc_mode, cred); + + error = error_select(error_biba, error_mls); + + return (error); +} + +int +__mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap) +{ + int error; + + error = copyout(&td->td_proc->p_ucred->cr_label, SCARG(uap, mac_p), + sizeof(td->td_proc->p_ucred->cr_label)); + + return (0); +} + +int +__mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) +{ + struct ucred *new_cred, *old_cred; + int error; + + old_cred = td->td_proc->p_ucred; + new_cred = crdup(td->td_proc->p_ucred); + if (new_cred == NULL) + return (ENOMEM); + + error = copyin(SCARG(uap, mac_p), &new_cred->cr_label, + sizeof(new_cred->cr_label)); + if (error) { + crfree(new_cred); + return (error); + } + + error = mac_can_setlabel_subject(td->td_proc->p_ucred, new_cred); + if (error) { + crfree(new_cred); + return (error); + } + + td->td_proc->p_ucred = new_cred; + crfree(old_cred); + return (0); +} + +int +__mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_get_file(struct thread *td, struct __mac_get_file_args *uap) +{ + struct nameidata nd; + struct mac label; + int error; + + NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, + SCARG(uap, path_p), td); + error = namei(&nd); + if (error) + return (error); + + error = VOP_GETLABEL(nd.ni_vp, &label, td->td_proc->p_ucred, td); + NDFREE(&nd, 0); + if (error) + return (error); + + error = copyout(&label, SCARG(uap, mac_p), sizeof(label)); + + return (error); +} + +int +__mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_file(struct thread *td, struct __mac_set_file_args *uap) +{ + struct nameidata nd; + struct mac label; + int error; + + error = copyin(SCARG(uap, mac_p), &label, sizeof(label)); + if (error) + return (error); + + NDINIT(&nd, LOOKUP, LOCKLEAF | FOLLOW, UIO_USERSPACE, + SCARG(uap, path_p), td); + error = namei(&nd); + if (error) + return (error); + + error = VOP_SETLABEL(nd.ni_vp, &label, td->td_proc->p_ucred, td); + NDFREE(&nd, 0); + + return (error); +} + +#else /* !MAC */ + +int +__mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_get_file(struct thread *td, struct __mac_get_file_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) +{ + + return (ENOSYS); +} + +int +__mac_set_file(struct thread *td, struct __mac_set_file_args *uap) +{ + + return (ENOSYS); +} + +#endif /* !MAC */ Index: sys/kern/kern_mac_biba.c =================================================================== RCS file: kern_mac_biba.c diff -N kern_mac_biba.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ kern_mac_biba.c Fri Oct 5 09:31:54 2001 @@ -0,0 +1,247 @@ +/*- + * Copyright (c) 1999-2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Biba Integrity Policy. + */ + +#include "opt_mac.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef MAC + +/* + * Syntactic check of label: 0 for success, else an errno. + */ +static int +mac_biba_label_valid(const struct mac *label) +{ + + switch(label->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + break; + case MAC_BIBA_TYPE_HIGH: + case MAC_BIBA_TYPE_LOW: + case MAC_BIBA_TYPE_EQUAL: + if (label->m_biba.mb_grade != 0) + return (EINVAL); + break; + default: + return (EINVAL); + } + + return (0); +} + +int +mac_biba_dominate(const struct mac *labela, const struct mac *labelb) +{ + + switch (labela->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + switch (labelb->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + return (labela->m_biba.mb_grade >= + labelb->m_biba.mb_grade); + + case MAC_BIBA_TYPE_LOW: + return (1); + + case MAC_BIBA_TYPE_HIGH: + return (0); + + case MAC_BIBA_TYPE_EQUAL: + return (1); + + default: + panic("mac_biba_dominate(): unknown mb_type\n"); + } + + case MAC_BIBA_TYPE_LOW: + switch (labelb->m_biba.mb_type) { + case MAC_BIBA_TYPE_GRADE: + return (0); + + case MAC_BIBA_TYPE_LOW: + return (1); + + case MAC_BIBA_TYPE_HIGH: + return (0); + + case MAC_BIBA_TYPE_EQUAL: + return (1); + + default: + panic("mac_biba_dominate(): unknown mb_type\n"); + } + + case MAC_BIBA_TYPE_HIGH: + return (1); + + case MAC_BIBA_TYPE_EQUAL: + return (1); + default: + panic("mac_biba_dominate(): unknown mb_type\n"); + } +} + +int +mac_biba_equal(const struct mac *labela, const struct mac *labelb) +{ + + return (mac_biba_dominate(labela, labelb) && + mac_biba_dominate(labelb, labela)); +} + +void +mac_biba_init_subject(struct ucred *cred) +{ + + /* + * Early system processes run with high integrity. + */ + cred->cr_label.m_biba.mb_type = MAC_BIBA_TYPE_HIGH; + cred->cr_label.m_biba.mb_grade = 0; +} + +void +mac_biba_create_subject(const struct ucred *cred_parent, + struct ucred *cred_child) +{ + + cred_child->cr_label = cred_parent->cr_label; +} + +int +mac_biba_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + error = mac_biba_label_valid(&cred_new->cr_label); + if (error) + return (error); + + error = suser_xxx(cred_old, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_biba_init_object(struct mac *label) +{ + + /* + * XXX: + * Eventually, objects without explicit labeling will be at + * low integrity. For development purposes, set them to high + * integrity to allow the system to boot. + */ + label->m_biba.mb_type = MAC_BIBA_TYPE_HIGH; + label->m_biba.mb_grade = 0; +} + +void +mac_biba_create_object(const struct ucred *cred, struct mac *label) +{ + + label->m_biba.mb_type = cred->cr_label.m_biba.mb_type; + label->m_biba.mb_grade = cred->cr_label.m_biba.mb_grade; +} + +int +mac_biba_can_setlabel_object(const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new) +{ + int error; + + error = mac_biba_label_valid(label_new); + if (error) + return (error); + + error = suser_xxx(cred, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_biba_print_label(const struct mac *label) +{ + + printf("Biba: type==%u, grade==%u\n", label->m_biba.mb_type, + label->m_biba.mb_grade); +} + +int +mac_biba_vaccess(enum vtype type, const struct mac *filelabel, mode_t acc_mode, + struct ucred *cred) +{ + + if (operation & ~(MAC_WRITE | MAC_ADMIN | MAC_CREATE | MAC_READ | + MAC_EXEC | MAC_STAT)) { + printf("mac_biba_vaccess: unknown acc_mode %d\n", acc_mode); + return (EINVAL); + } + + if (operation & (MAC_WRITE | MAC_ADMIN)) { + if (!mac_biba_dominate(&cred->cr_label, filelabel) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + } + + if (operation & (MAC_READ | MAC_EXEC | MAC_STAT)) { + if (!mac_biba_dominate(filelabel, &cred->cr_label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + } + + if (operation & (MAC_CREATE)) { + if (!mac_biba_equal(&cred->cr_label, filelabel) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + } + + return (0); +} + +#endif /* !MAC */ Index: sys/kern/kern_mac_mls.c =================================================================== RCS file: kern_mac_mls.c diff -N kern_mac_mls.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ kern_mac_mls.c Fri Oct 5 09:32:02 2001 @@ -0,0 +1,250 @@ +/*- + * Copyright (c) 1999-2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Multi-Level Security Policy. + */ + +#include "opt_mac.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef MAC + +/* + * Syntactic check of label: 0 for success, else an errno. + */ +static int +mac_mls_label_valid(const struct mac *label) +{ + + switch(label->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + break; + case MAC_MLS_TYPE_HIGH: + case MAC_MLS_TYPE_LOW: + case MAC_MLS_TYPE_EQUAL: + if (label->m_mls.mm_level != 0) + return (EINVAL); + break; + default: + return (EINVAL); + } + + return (0); +} + +int +mac_mls_dominate(const struct mac *labela, const struct mac *labelb) +{ + + switch (labela->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + switch (labelb->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + return (labela->m_mls.mm_level >= + labelb->m_mls.mm_level); + + case MAC_MLS_TYPE_LOW: + return (1); + + case MAC_MLS_TYPE_HIGH: + return (0); + + case MAC_MLS_TYPE_EQUAL: + return (1); + + default: + panic("mac_mls_dominate(): Unknown mm_type\n"); + } + + case MAC_MLS_TYPE_LOW: + switch (labelb->m_mls.mm_type) { + case MAC_MLS_TYPE_LEVEL: + return (0); + + case MAC_MLS_TYPE_LOW: + return (1); + + case MAC_MLS_TYPE_HIGH: + return (0); + + case MAC_MLS_TYPE_EQUAL: + return (1); + + default: + panic("mac_mls_dominate(): Unknown mm_type\n"); + } + + case MAC_MLS_TYPE_HIGH: + return (1); + + case MAC_MLS_TYPE_EQUAL: + return (1); + + default: + panic("mac_mls_dominate(): Unknown mm_type\n"); + } + return (0); +} + +int +mac_mls_equal(const struct mac *labela, const struct mac *labelb) +{ + + return (mac_mls_dominate(labela, labelb) && + mac_mls_dominate(labelb, labela)); +} + +void +mac_mls_init_subject(struct ucred *cred) +{ + + /* + * Early system processes run with low secrecy, and must + * use privilege to access high secrecy objects. + */ + cred->cr_label.m_mls.mm_type = MAC_MLS_TYPE_LOW; + cred->cr_label.m_mls.mm_level = 0; +} + +void +mac_mls_create_subject(const struct ucred *cred_parent, + struct ucred *cred_child) +{ + + cred_child->cr_label = cred_parent->cr_label; +} + +int +mac_mls_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + error = mac_mls_label_valid(&cred_new->cr_label); + if (error) + return (error); + + error = suser_xxx(cred_old, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_mls_init_object(struct mac *label) +{ + + /* + * XXX: + * Eventually, might be desirable to label unlabeled objects + * as high secrecy, but for initial booting purposes, label + * them as low secrecy. + */ + label->m_mls.mm_type = MAC_MLS_TYPE_LOW; + label->m_mls.mm_level = 0; +} + +void +mac_mls_create_object(const struct ucred *cred, struct mac *label) +{ + + label->m_mls.mm_type = cred->cr_label.m_mls.mm_type; + label->m_mls.mm_level = cred->cr_label.m_mls.mm_level; +} + +int +mac_mls_can_setlabel_object(const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new) +{ + int error; + + error = mac_mls_label_valid(label_new); + if (error) + return (error); + + error = suser_xxx(cred, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_mls_print_label(const struct mac *label) +{ + + printf("MLS: type==%u, level==%u\n", label->m_mls.mm_type, + label->m_mls.mm_level); +} + +int +mac_mls_vaccess(enum vtype type, constr struct mac *filelabel, mode_t acc_mode, + struct ucred *cred) +{ + + if (operation & ~(MAC_WRITE | MAC_ADMIN | MAC_CREATE | MAC_READ | + MAC_EXEC | MAC_STAT)) { + printf("mac_mls_vaccess: unknown acc_mode %d\n", acc_mode); + return (EINVAL); + } + + if (operation & (MAC_WRITE | MAC_ADMIN)) { + if (!mac_mls_dominate(filelabel, &cred->cr_label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + } + + if (operation & (MAC_READ | MAC_EXEC | MAC_STAT)) { + if (!mac_mls_dominate(&cred->cr_label, filelabel) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + } + + if (operation & (MAC_CREATE)) { + if (!mac_mls_equal(&cred->cr_label, filelabel) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + } + + return (0); +} + +#endif /* !MAC */ Index: sys/kern/kern_mac_partition.c =================================================================== RCS file: kern_mac_partition.c diff -N kern_mac_partition.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ kern_mac_partition.c Fri Oct 5 09:32:37 2001 @@ -0,0 +1,227 @@ +/*- + * Copyright (c) 1999-2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Light-Weight Partition Policy. + */ + +#include "opt_mac.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef MAC + +/* + * Syntactic check of label: 0 for success, else an errno. + */ +static int +mac_partition_label_valid(const struct mac *label) +{ + + switch(label->m_partition.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + break; + case MAC_PARTITION_TYPE_NONE: + case MAC_PARTITION_TYPE_ALL: + if (label->m_partition.mp_partition != 0) + return (EINVAL); + break; + default: + return (EINVAL); + } + + return (0); +} + +int +mac_partition_can(const struct ucred *cred, const struct mac *label, + int operation, int sub_operation) +{ + /* + * Partitioning policy dictates that for a subject to modify + * an object, the label of the subject must dominate that of the + * object. + * For a subject to read an object, the label of the subject must + * dominate the label of the object. + * For a subject to create an object on a fixed-label target, the + * label of the subject must dominate the label of the target. + * Appropriate privilege may override the Partition policy. + * + * MAC_WRITE, MAC_ADMIN, MAC_SIGNAL: subject dominates object + * MAC_READ, MAC_EXEC, MAC_STAT: subject dominates object + * MAC_CREATE: subject dominates object + */ + if (operation & MAC_ALL && + !mac_partition_dominate(&cred->cr_label, label) && + suser_xxx(cred, NULL, 0)) + return (EACCES); + + return (0); +} + +int +mac_partition_dominate(const struct mac *labela, const struct mac *labelb) +{ + + switch(labela->m_partition.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + switch(labelb->m_partition.mp_type) { + case MAC_PARTITION_TYPE_PARTITION: + return (labela->m_partition.mp_partition == + labelb->m_partition.mp_partition); + + case MAC_PARTITION_TYPE_ALL: + /* + * Bypass of this restriction for MAC_READ + * is implemented in mac_partition_can(). + */ + return (0); + + case MAC_PARTITION_TYPE_NONE: + return (0); + + default: + panic("mac_partition_dominate(): Unknown mp_type\n"); + } + + case MAC_PARTITION_TYPE_ALL: + printf("mac_partition_dominate: warning, " + "MAC_PARTITION_TYPE_ALL used as subject."); + return (labelb->m_partition.mp_type == MAC_PARTITION_TYPE_ALL); + + case MAC_PARTITION_TYPE_NONE: + return (1); + + default: + panic("mac_partition_dominate(): Unknown mp_type\n"); + } + + return (0); +} + +int +mac_partition_equal(const struct mac *labela, const struct mac *labelb) +{ + + return (mac_partition_dominate(labela, labelb) && + mac_partition_dominate(labelb, labela)); +} + +void +mac_partition_init_subject(struct ucred *cred) +{ + + /* + * Early system processes run outside of partitions. + */ + cred->cr_label.m_partition.mp_type = MAC_PARTITION_TYPE_NONE; + cred->cr_label.m_partition.mp_partition = 0; +} + +void +mac_partition_create_subject(const struct ucred *cred_parent, + struct ucred *cred_child) +{ + + cred_child->cr_label = cred_parent->cr_label; +} + +int +mac_partition_can_setlabel_subject(const struct ucred *cred_old, + const struct ucred *cred_new) +{ + int error; + + error = mac_partition_label_valid(&cred_new->cr_label); + if (error) + return (error); + + error = suser_xxx(cred_old, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_partition_init_object(struct mac *label) +{ + + /* + * Unless explicitely labeled, objects are not visible from + * any partition. + */ + label->m_partition.mp_type = MAC_PARTITION_TYPE_NONE; + label->m_partition.mp_partition = 0; +} + +void +mac_partition_create_object(const struct ucred *cred, struct mac *label) +{ + + label->m_partition.mp_type = cred->cr_label.m_partition.mp_type; + label->m_partition.mp_partition = + cred->cr_label.m_partition.mp_partition; +} + +int +mac_partition_can_setlabel_object(const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new) +{ + int error; + + error = mac_partition_label_valid(label_new); + if (error) + return (error); + + error = suser_xxx(cred, NULL, 0); + if (error) + return (error); + + return (0); +} + +void +mac_partition_print_label(const struct mac *label) +{ + + printf("Partition: type==%u, partition==%u\n", + label->m_partition.mp_type, label->m_partition.mp_partition); +} + +#endif /* !MAC */ Index: sys/kern/kern_malloc.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_malloc.c,v retrieving revision 1.93 diff -u -r1.93 kern_malloc.c --- sys/kern/kern_malloc.c 2001/09/12 08:37:44 1.93 +++ sys/kern/kern_malloc.c 2001/09/24 18:20:20 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/kern_prot.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_prot.c,v retrieving revision 1.121 diff -u -r1.121 kern_prot.c --- sys/kern/kern_prot.c 2001/11/12 18:56:49 1.121 +++ sys/kern/kern_prot.c 2001/11/17 16:23:26 @@ -47,12 +47,14 @@ #include "opt_compat.h" #include "opt_global.h" +#include "opt_mac.h" #include #include #include #include #include +#include #include #include #include @@ -1378,6 +1380,10 @@ if ((error = prison_check(u1, u2))) return (error); +#ifdef MAC + if ((error = mac_cr_cansee(u1, u2))) + return (ESRCH); +#endif if (!kern_security_seeotheruids_permitted && u1->cr_ruid != u2->cr_ruid) { if (suser_xxx(u1, NULL, PRISON_ROOT) != 0) @@ -1425,6 +1431,11 @@ if ((error = prison_check(p1->p_ucred, p2->p_ucred))) return (error); +#ifdef MAC + if ((error = mac_p_cansignal(p1->p_ucred, p2->p_ucred))) + return (error); +#endif + /* * UNIX signalling semantics require that processes in the same * session always be able to deliver SIGCONT to one another, @@ -1498,6 +1509,13 @@ return (0); if ((error = prison_check(p1->p_ucred, p2->p_ucred))) return (error); + +#ifdef MAC + error = mac_p_cansched(p1, p2); + if (error) + return (error); +#endif + if (p1->p_ucred->cr_ruid == p2->p_ucred->cr_ruid) return (0); if (p1->p_ucred->cr_uid == p2->p_ucred->cr_ruid) @@ -1552,6 +1570,12 @@ if ((error = prison_check(p1->p_ucred, p2->p_ucred))) return (error); + +#ifdef MAC + error = mac_p_candebug(p1, p2); + if (error) + return (error); +#endif /* * Is p2's group set a subset of p1's effective group set? This Index: sys/kern/subr_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/subr_mbuf.c,v retrieving revision 1.9 diff -u -r1.9 subr_mbuf.c --- sys/kern/subr_mbuf.c 2001/09/30 01:58:33 1.9 +++ sys/kern/subr_mbuf.c 2001/10/01 16:31:48 @@ -29,13 +29,17 @@ */ #include "opt_param.h" +#include "opt_mac.h" + #include #include +#include #include #include #include #include #include +#include #include #include #include @@ -933,6 +937,12 @@ } \ } while (0) +#ifdef MAC +#define MAC_GETHDR(m) mac_init_object(&((m)->m_pkthdr.label)) +#else +#define MAC_GETHDR(m) +#endif /* !MAC */ + #define _m_gethdr(m, how, type) do { \ (m) = (struct mbuf *)mb_alloc(&mb_list_mbuf, (how), (type)); \ if ((m) != NULL) { \ @@ -944,6 +954,7 @@ (m)->m_pkthdr.rcvif = NULL; \ (m)->m_pkthdr.csum_flags = 0; \ (m)->m_pkthdr.aux = NULL; \ + MAC_GETHDR(m); \ } \ } while (0) Index: sys/kern/subr_mchain.c =================================================================== RCS file: /home/ncvs/src/sys/kern/subr_mchain.c,v retrieving revision 1.2 diff -u -r1.2 subr_mchain.c --- sys/kern/subr_mchain.c 2001/02/25 06:33:50 1.2 +++ sys/kern/subr_mchain.c 2001/09/25 02:02:52 @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/sys_socket.c =================================================================== RCS file: /home/ncvs/src/sys/kern/sys_socket.c,v retrieving revision 1.36 diff -u -r1.36 sys_socket.c --- sys/kern/sys_socket.c 2001/11/17 03:07:07 1.36 +++ sys/kern/sys_socket.c 2001/11/17 15:33:49 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include Index: sys/kern/syscalls.c =================================================================== RCS file: /home/ncvs/src/sys/kern/syscalls.c,v retrieving revision 1.98 diff -u -r1.98 syscalls.c --- sys/kern/syscalls.c 2001/11/02 17:59:23 1.98 +++ sys/kern/syscalls.c 2001/11/17 16:23:46 @@ -2,7 +2,7 @@ * System call names. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/kern/syscalls.c,v 1.98 2001/11/02 17:59:23 phk Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.100 2001/11/02 17:58:26 phk Exp */ @@ -386,4 +386,10 @@ "eaccess", /* 376 = eaccess */ "#377", /* 377 = afs_syscall */ "nmount", /* 378 = nmount */ + "__mac_get_proc", /* 379 = __mac_get_proc */ + "__mac_set_proc", /* 380 = __mac_set_proc */ + "__mac_get_fd", /* 381 = __mac_get_fd */ + "__mac_get_file", /* 382 = __mac_get_file */ + "__mac_set_fd", /* 383 = __mac_set_fd */ + "__mac_set_file", /* 384 = __mac_set_file */ }; Index: sys/kern/syscalls.master =================================================================== RCS file: /home/ncvs/src/sys/kern/syscalls.master,v retrieving revision 1.100 diff -u -r1.100 syscalls.master --- sys/kern/syscalls.master 2001/11/02 17:58:26 1.100 +++ sys/kern/syscalls.master 2001/11/17 16:20:14 @@ -548,4 +548,9 @@ 377 UNIMPL BSD afs_syscall 378 STD BSD { int nmount(struct iovec *iovp, unsigned int iovcnt, \ int flags); } - +379 STD BSD { int __mac_get_proc(struct mac *mac_p); } +380 STD BSD { int __mac_set_proc(struct mac *mac_p); } +381 STD BSD { int __mac_get_fd(int fd, struct mac *mac_p); } +382 STD BSD { int __mac_get_file(const char *path_p, struct mac *mac_p); } +383 STD BSD { int __mac_set_fd(int fd, struct mac *mac_p); } +384 STD BSD { int __mac_set_file(const char *path_p, struct mac *mac_p); } Index: sys/kern/uipc_accf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_accf.c,v retrieving revision 1.6 diff -u -r1.6 uipc_accf.c --- sys/kern/uipc_accf.c 2001/06/01 21:47:34 1.6 +++ sys/kern/uipc_accf.c 2001/09/24 18:21:46 @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/uipc_domain.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_domain.c,v retrieving revision 1.24 diff -u -r1.24 uipc_domain.c --- sys/kern/uipc_domain.c 2001/06/11 12:38:57 1.24 +++ sys/kern/uipc_domain.c 2001/09/24 18:22:16 @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/uipc_mbuf.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_mbuf.c,v retrieving revision 1.88 diff -u -r1.88 uipc_mbuf.c --- sys/kern/uipc_mbuf.c 2001/08/19 04:35:28 1.88 +++ sys/kern/uipc_mbuf.c 2001/09/24 18:22:30 @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/uipc_mbuf2.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_mbuf2.c,v retrieving revision 1.9 diff -u -r1.9 uipc_mbuf2.c --- sys/kern/uipc_mbuf2.c 2001/06/11 21:17:59 1.9 +++ sys/kern/uipc_mbuf2.c 2001/09/24 18:23:01 @@ -71,6 +71,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/uipc_socket.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_socket.c,v retrieving revision 1.106 diff -u -r1.106 uipc_socket.c --- sys/kern/uipc_socket.c 2001/11/17 03:07:07 1.106 +++ sys/kern/uipc_socket.c 2001/11/17 15:33:51 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/uipc_socket2.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.77 diff -u -r1.77 uipc_socket2.c --- sys/kern/uipc_socket2.c 2001/11/17 03:07:07 1.77 +++ sys/kern/uipc_socket2.c 2001/11/17 15:33:52 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/uipc_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v retrieving revision 1.77 diff -u -r1.77 uipc_usrreq.c --- sys/kern/uipc_usrreq.c 2001/11/17 03:07:07 1.77 +++ sys/kern/uipc_usrreq.c 2001/11/17 15:33:52 @@ -44,6 +44,7 @@ #include /* XXX must be before */ #include #include +#include #include #include #include Index: sys/kern/vfs_export.c =================================================================== RCS file: /home/ncvs/src/sys/kern/vfs_export.c,v retrieving revision 1.312 diff -u -r1.312 vfs_export.c --- sys/kern/vfs_export.c 2001/09/10 11:28:05 1.312 +++ sys/kern/vfs_export.c 2001/09/24 18:24:57 @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include Index: sys/kern/vnode_if.src =================================================================== RCS file: /home/ncvs/src/sys/kern/vnode_if.src,v retrieving revision 1.43 diff -u -r1.43 vnode_if.src --- sys/kern/vnode_if.src 2001/09/12 08:37:47 1.43 +++ sys/kern/vnode_if.src 2001/09/24 18:17:12 @@ -551,3 +551,23 @@ IN struct vnode *vp; OUT struct vm_object **objpp; }; + +# +#% getlabel vp L L L +# +vop_getlabel { + IN struct vnode *vp; + OUT struct mac *label; + IN struct ucred *cred; + IN struct thread *td; +}; + +# +#% setlabel vp L L L +# +vop_setlabel { + IN struct vnode *vp; + IN struct mac *label; + IN struct ucred *cred; + IN struct thread *td; +}; Index: sys/modules/if_stf/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/if_stf/Makefile,v retrieving revision 1.1 diff -u -r1.1 Makefile --- sys/modules/if_stf/Makefile 2001/07/02 21:01:56 1.1 +++ sys/modules/if_stf/Makefile 2001/09/25 00:27:42 @@ -3,7 +3,7 @@ .PATH: ${.CURDIR}/../../net KMOD= if_stf -SRCS= if_stf.c opt_inet.h opt_inet6.h +SRCS= if_stf.c opt_inet.h opt_inet6.h opt_mac.h NOMAN= opt_inet.h: Index: sys/modules/oltr/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/oltr/Makefile,v retrieving revision 1.1 diff -u -r1.1 Makefile --- sys/modules/oltr/Makefile 2001/06/14 15:16:04 1.1 +++ sys/modules/oltr/Makefile 2001/09/24 23:33:40 @@ -3,7 +3,8 @@ .PATH: ${.CURDIR}/../../contrib/dev/oltr ${.CURDIR}/../../net KMOD = if_oltr SRCS = if_oltr.c trlldbm.c trlldhm.c trlldmac.c if_iso88025subr.c \ - opt_inet.h opt_inet6.h opt_ipx.h device_if.h bus_if.h pci_if.h + opt_inet.h opt_inet6.h opt_ipx.h device_if.h bus_if.h pci_if.h \ + opt_mac.h OBJS+= trlld.o NOMAN= Index: sys/modules/procfs/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/procfs/Makefile,v retrieving revision 1.23 diff -u -r1.23 Makefile --- sys/modules/procfs/Makefile 2001/05/23 09:42:27 1.23 +++ sys/modules/procfs/Makefile 2001/09/24 22:59:50 @@ -16,7 +16,8 @@ procfs_subr.c \ procfs_type.c \ procfs_vfsops.c \ - procfs_vnops.c + procfs_vnops.c \ + opt_mac.h NOMAN= .include Index: sys/modules/sppp/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/sppp/Makefile,v retrieving revision 1.2 diff -u -r1.2 Makefile --- sys/modules/sppp/Makefile 2001/01/06 14:00:22 1.2 +++ sys/modules/sppp/Makefile 2001/09/24 23:15:41 @@ -4,7 +4,7 @@ KMOD= sppp SRCS= if_spppsubr.c -SRCS+= opt_inet.h opt_inet6.h opt_ipx.h +SRCS+= opt_inet.h opt_inet6.h opt_ipx.h opt_mac.h NOMAN= opt_inet.h: Index: sys/net/bpf.c =================================================================== RCS file: /home/ncvs/src/sys/net/bpf.c,v retrieving revision 1.84 diff -u -r1.84 bpf.c --- sys/net/bpf.c 2001/10/17 10:18:42 1.84 +++ sys/net/bpf.c 2001/11/17 15:34:45 @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include Index: sys/net/bpf_filter.c =================================================================== RCS file: /home/ncvs/src/sys/net/bpf_filter.c,v retrieving revision 1.18 diff -u -r1.18 bpf_filter.c --- sys/net/bpf_filter.c 2001/10/05 19:04:23 1.18 +++ sys/net/bpf_filter.c 2001/10/08 02:05:19 @@ -66,6 +66,7 @@ #endif #ifdef _KERNEL +#include #include #endif #include Index: sys/net/bridge.c =================================================================== RCS file: /home/ncvs/src/sys/net/bridge.c,v retrieving revision 1.43 diff -u -r1.43 bridge.c --- sys/net/bridge.c 2001/11/04 22:56:21 1.43 +++ sys/net/bridge.c 2001/11/17 15:34:46 @@ -70,6 +70,7 @@ */ #include +#include #include #include #include Index: sys/net/bsd_comp.c =================================================================== RCS file: /home/ncvs/src/sys/net/bsd_comp.c,v retrieving revision 1.13 diff -u -r1.13 bsd_comp.c --- sys/net/bsd_comp.c 2001/05/01 08:13:11 1.13 +++ sys/net/bsd_comp.c 2001/09/24 19:27:09 @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if.c =================================================================== RCS file: /home/ncvs/src/sys/net/if.c,v retrieving revision 1.126 diff -u -r1.126 if.c --- sys/net/if.c 2001/10/17 19:40:44 1.126 +++ sys/net/if.c 2001/11/17 16:29:23 @@ -37,9 +37,11 @@ #include "opt_compat.h" #include "opt_inet6.h" #include "opt_inet.h" +#include "opt_mac.h" #include #include +#include #include #include #include @@ -381,6 +383,13 @@ TAILQ_INIT(&ifp->if_multiaddrs); SLIST_INIT(&ifp->if_klist); getmicrotime(&ifp->if_lastchange); + +#ifdef MAC + mac_init_object(&ifp->if_label_default); + mac_init_object(&ifp->if_label_lower); + mac_init_object(&ifp->if_label_upper); +#endif + ifp->if_index = if_findindex(ifp); if (ifp->if_index > if_index) if_index = ifp->if_index; Index: sys/net/if_atmsubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_atmsubr.c,v retrieving revision 1.16 diff -u -r1.16 if_atmsubr.c --- sys/net/if_atmsubr.c 2001/06/15 07:32:25 1.16 +++ sys/net/if_atmsubr.c 2001/09/24 19:27:25 @@ -40,10 +40,12 @@ #include "opt_inet.h" #include "opt_inet6.h" +#include "opt_mac.h" #include "opt_natm.h" #include #include +#include #include #include #include @@ -233,6 +235,14 @@ return; } ifp->if_ibytes += m->m_pkthdr.len; + +#ifdef MAC + /* + * XXX: Label all ATM packets with the interface default label here. + * Can be relabeled later in the protocol stack if desired. + */ + m->m_label = ifp->if_label_default; +#endif if (rxhand) { #ifdef NATM Index: sys/net/if_disc.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_disc.c,v retrieving revision 1.29 diff -u -r1.29 if_disc.c --- sys/net/if_disc.c 2001/10/17 18:07:04 1.29 +++ sys/net/if_disc.c 2001/11/17 15:34:46 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_ef.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_ef.c,v retrieving revision 1.15 diff -u -r1.15 if_ef.c --- sys/net/if_ef.c 2001/09/06 02:40:28 1.15 +++ sys/net/if_ef.c 2001/09/24 19:24:34 @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_ethersubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.101 diff -u -r1.101 if_ethersubr.c --- sys/net/if_ethersubr.c 2001/11/04 22:56:24 1.101 +++ sys/net/if_ethersubr.c 2001/11/17 15:34:47 @@ -39,11 +39,13 @@ #include "opt_inet6.h" #include "opt_ipx.h" #include "opt_bdg.h" +#include "opt_mac.h" #include "opt_netgraph.h" #include #include #include +#include #include #include #include @@ -147,6 +149,17 @@ int hlen; /* link layer header lenght */ struct arpcom *ac = IFP2AC(ifp); +/* + * XXX MAC output check here. + */ +#ifdef MAC +/* + error = mac_ether_output_check(ifp, m); + if (error) + senderr(error); +*/ +#endif /* !MAC */ + if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) senderr(ENETDOWN); rt = rt0; @@ -409,6 +422,15 @@ struct mbuf *m; { struct ether_header save_eh; + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_pkthdr.label = ifp->if_label_default; +#endif /* Check for a BPF tap */ if (ifp->if_bpf != NULL) { Index: sys/net/if_faith.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_faith.c,v retrieving revision 1.8 diff -u -r1.8 if_faith.c --- sys/net/if_faith.c 2001/10/17 18:07:04 1.8 +++ sys/net/if_faith.c 2001/11/17 15:34:47 @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_fddisubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_fddisubr.c,v retrieving revision 1.53 diff -u -r1.53 if_fddisubr.c --- sys/net/if_fddisubr.c 2001/10/14 20:17:52 1.53 +++ sys/net/if_fddisubr.c 2001/10/16 01:03:09 @@ -40,9 +40,11 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_mac.h" #include #include +#include #include #include #include @@ -377,6 +379,16 @@ m_freem(m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif + getmicrotime(&ifp->if_lastchange); ifp->if_ibytes += m->m_pkthdr.len + sizeof (*fh); if (fh->fddi_dhost[0] & 1) { Index: sys/net/if_gif.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_gif.c,v retrieving revision 1.16 diff -u -r1.16 if_gif.c --- sys/net/if_gif.c 2001/09/27 03:14:16 1.16 +++ sys/net/if_gif.c 2001/10/01 16:32:39 @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -452,6 +453,13 @@ } m->m_pkthdr.rcvif = gifp; + + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_pkthdr.label = gifp->if_label_default; if (gifp->if_bpf) { /* Index: sys/net/if_iso88025subr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_iso88025subr.c,v retrieving revision 1.19 diff -u -r1.19 if_iso88025subr.c --- sys/net/if_iso88025subr.c 2001/10/14 20:17:52 1.19 +++ sys/net/if_iso88025subr.c 2001/10/16 01:03:10 @@ -43,9 +43,11 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_mac.h" #include #include +#include #include #include #include @@ -421,6 +423,15 @@ m_freem(m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif getmicrotime(&ifp->if_lastchange); ifp->if_ibytes += m->m_pkthdr.len + sizeof(*th); Index: sys/net/if_loop.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_loop.c,v retrieving revision 1.65 diff -u -r1.65 if_loop.c --- sys/net/if_loop.c 2001/10/17 18:07:04 1.65 +++ sys/net/if_loop.c 2001/11/17 15:34:47 @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_ppp.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_ppp.c,v retrieving revision 1.72 diff -u -r1.72 if_ppp.c --- sys/net/if_ppp.c 2001/09/12 08:37:51 1.72 +++ sys/net/if_ppp.c 2001/09/24 19:26:44 @@ -87,6 +87,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_sl.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_sl.c,v retrieving revision 1.96 diff -u -r1.96 if_sl.c --- sys/net/if_sl.c 2001/09/12 08:37:51 1.96 +++ sys/net/if_sl.c 2001/09/24 18:28:25 @@ -70,6 +70,7 @@ #include #include +#include #include #include #include Index: sys/net/if_spppsubr.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_spppsubr.c,v retrieving revision 1.73 diff -u -r1.73 if_spppsubr.c --- sys/net/if_spppsubr.c 2001/10/01 18:14:49 1.73 +++ sys/net/if_spppsubr.c 2001/10/02 18:22:56 @@ -26,6 +26,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipx.h" +#include "opt_mac.h" #endif #ifdef NetBSD1_3 @@ -45,6 +46,7 @@ #if defined(__FreeBSD__) && __FreeBSD__ >= 3 #include #endif +#include #include #include @@ -518,6 +520,15 @@ m_freem (m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif /* Get PPP header. */ h = mtod (m, struct ppp_header*); Index: sys/net/if_stf.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_stf.c,v retrieving revision 1.14 diff -u -r1.14 if_stf.c --- sys/net/if_stf.c 2001/10/17 18:07:04 1.14 +++ sys/net/if_stf.c 2001/11/17 15:34:48 @@ -76,11 +76,13 @@ #include "opt_inet.h" #include "opt_inet6.h" +#include "opt_mac.h" #include #include #include #include +#include #include #include #include @@ -613,6 +615,15 @@ m_freem(m); return; } + +#ifdef MAC + /* + * XXX: Label all ethernet packets with the interface default + * label here. Can be relabeled later in the protocol stack if + * desired. + */ + m->m_label = ifp->if_label_default; +#endif /* !MAC */ ip = mtod(m, struct ip *); Index: sys/net/if_tap.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_tap.c,v retrieving revision 1.11 diff -u -r1.11 if_tap.c --- sys/net/if_tap.c 2001/09/21 22:46:54 1.11 +++ sys/net/if_tap.c 2001/09/24 19:28:47 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_tun.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_tun.c,v retrieving revision 1.100 diff -u -r1.100 if_tun.c --- sys/net/if_tun.c 2001/09/21 22:46:54 1.100 +++ sys/net/if_tun.c 2001/09/24 19:29:01 @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include Index: sys/net/if_var.h =================================================================== RCS file: /home/ncvs/src/sys/net/if_var.h,v retrieving revision 1.41 diff -u -r1.41 if_var.h --- sys/net/if_var.h 2001/11/14 18:36:37 1.41 +++ sys/net/if_var.h 2001/11/17 15:34:48 @@ -74,6 +74,7 @@ struct ether_header; #endif +#include /* struct mac */ #include /* get TAILQ macros */ #ifdef _KERNEL @@ -159,6 +160,9 @@ struct ifqueue *if_poll_slowq; /* input queue for slow devices */ struct ifprefixhead if_prefixhead; /* list of prefixes per if */ u_int8_t *if_broadcastaddr; /* linklevel broadcast bytestring */ + struct mac if_label_default; /* default label for incoming packets */ + struct mac if_label_lower; /* lower bound for send/recv */ + struct mac if_label_upper; /* upper bound for send/recv */ }; typedef void if_init_f_t __P((void *)); Index: sys/net/if_vlan.c =================================================================== RCS file: /home/ncvs/src/sys/net/if_vlan.c,v retrieving revision 1.35 diff -u -r1.35 if_vlan.c --- sys/net/if_vlan.c 2001/10/15 19:21:01 1.35 +++ sys/net/if_vlan.c 2001/10/16 01:03:11 @@ -58,6 +58,7 @@ #include #include +#include #include #include #include Index: sys/net/intrq.c =================================================================== RCS file: /home/ncvs/src/sys/net/intrq.c,v retrieving revision 1.6 diff -u -r1.6 intrq.c --- sys/net/intrq.c 2001/02/18 17:54:52 1.6 +++ sys/net/intrq.c 2001/09/24 18:29:36 @@ -27,6 +27,7 @@ */ #include +#include #include #include #include Index: sys/net/net_osdep.c =================================================================== RCS file: /home/ncvs/src/sys/net/net_osdep.c,v retrieving revision 1.5 diff -u -r1.5 net_osdep.c --- sys/net/net_osdep.c 2001/07/26 19:14:52 1.5 +++ sys/net/net_osdep.c 2001/09/24 18:29:54 @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include Index: sys/net/ppp_deflate.c =================================================================== RCS file: /home/ncvs/src/sys/net/ppp_deflate.c,v retrieving revision 1.14 diff -u -r1.14 ppp_deflate.c --- sys/net/ppp_deflate.c 2001/05/01 08:13:11 1.14 +++ sys/net/ppp_deflate.c 2001/09/24 19:29:26 @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include Index: sys/net/ppp_tty.c =================================================================== RCS file: /home/ncvs/src/sys/net/ppp_tty.c,v retrieving revision 1.47 diff -u -r1.47 ppp_tty.c --- sys/net/ppp_tty.c 2001/09/12 08:37:51 1.47 +++ sys/net/ppp_tty.c 2001/09/24 19:29:33 @@ -79,6 +79,7 @@ #include #include #include +#include #include #include #include Index: sys/net/raw_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/net/raw_usrreq.c,v retrieving revision 1.21 diff -u -r1.21 raw_usrreq.c --- sys/net/raw_usrreq.c 2001/11/17 03:07:08 1.21 +++ sys/net/raw_usrreq.c 2001/11/17 15:34:49 @@ -36,6 +36,7 @@ #include #include +#include #include #include #include Index: sys/net/route.c =================================================================== RCS file: /home/ncvs/src/sys/net/route.c,v retrieving revision 1.67 diff -u -r1.67 route.c --- sys/net/route.c 2001/10/17 18:07:04 1.67 +++ sys/net/route.c 2001/11/17 15:34:49 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/net/rtsock.c =================================================================== RCS file: /home/ncvs/src/sys/net/rtsock.c,v retrieving revision 1.61 diff -u -r1.61 rtsock.c --- sys/net/rtsock.c 2001/10/17 18:07:04 1.61 +++ sys/net/rtsock.c 2001/11/17 15:34:49 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include Index: sys/net/slcompress.c =================================================================== RCS file: /home/ncvs/src/sys/net/slcompress.c,v retrieving revision 1.16 diff -u -r1.16 slcompress.c --- sys/net/slcompress.c 1999/12/29 04:38:37 1.16 +++ sys/net/slcompress.c 2001/09/24 18:33:16 @@ -44,6 +44,7 @@ */ #include +#include #include #include Index: sys/netgraph/ng_UI.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_UI.c,v retrieving revision 1.14 diff -u -r1.14 ng_UI.c --- sys/netgraph/ng_UI.c 2001/01/08 05:34:05 1.14 +++ sys/netgraph/ng_UI.c 2001/09/25 12:21:33 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_async.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_async.c,v retrieving revision 1.16 diff -u -r1.16 ng_async.c --- sys/netgraph/ng_async.c 2001/01/10 07:13:58 1.16 +++ sys/netgraph/ng_async.c 2001/09/25 12:21:35 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_base.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_base.c,v retrieving revision 1.57 diff -u -r1.57 ng_base.c --- sys/netgraph/ng_base.c 2001/08/21 13:20:02 1.57 +++ sys/netgraph/ng_base.c 2001/09/25 12:21:38 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_bpf.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_bpf.c,v retrieving revision 1.14 diff -u -r1.14 ng_bpf.c --- sys/netgraph/ng_bpf.c 2001/01/30 07:58:30 1.14 +++ sys/netgraph/ng_bpf.c 2001/09/25 12:21:40 @@ -57,6 +57,7 @@ #include #include #include +#include #include #include Index: sys/netgraph/ng_bridge.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_bridge.c,v retrieving revision 1.10 diff -u -r1.10 ng_bridge.c --- sys/netgraph/ng_bridge.c 2001/01/10 07:13:58 1.10 +++ sys/netgraph/ng_bridge.c 2001/09/25 12:21:43 @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_cisco.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_cisco.c,v retrieving revision 1.16 diff -u -r1.16 ng_cisco.c --- sys/netgraph/ng_cisco.c 2001/10/29 02:22:49 1.16 +++ sys/netgraph/ng_cisco.c 2001/11/17 15:34:54 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_echo.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_echo.c,v retrieving revision 1.10 diff -u -r1.10 ng_echo.c --- sys/netgraph/ng_echo.c 2001/01/08 05:34:06 1.10 +++ sys/netgraph/ng_echo.c 2001/09/25 12:21:49 @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_eiface.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_eiface.c,v retrieving revision 1.3 diff -u -r1.3 ng_eiface.c --- sys/netgraph/ng_eiface.c 2001/02/26 09:31:54 1.3 +++ sys/netgraph/ng_eiface.c 2001/09/25 12:21:52 @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_ether.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ether.c,v retrieving revision 1.20 diff -u -r1.20 ng_ether.c --- sys/netgraph/ng_ether.c 2001/09/12 08:37:53 1.20 +++ sys/netgraph/ng_ether.c 2001/09/25 12:21:55 @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_frame_relay.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_frame_relay.c,v retrieving revision 1.18 diff -u -r1.18 ng_frame_relay.c --- sys/netgraph/ng_frame_relay.c 2001/01/08 05:34:06 1.18 +++ sys/netgraph/ng_frame_relay.c 2001/09/25 12:21:57 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_gif.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_gif.c,v retrieving revision 1.4 diff -u -r1.4 ng_gif.c --- sys/netgraph/ng_gif.c 2001/09/28 00:02:50 1.4 +++ sys/netgraph/ng_gif.c 2001/10/03 03:29:16 @@ -70,6 +70,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_gif_demux.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_gif_demux.c,v retrieving revision 1.3 diff -u -r1.3 ng_gif_demux.c --- sys/netgraph/ng_gif_demux.c 2001/09/27 03:14:16 1.3 +++ sys/netgraph/ng_gif_demux.c 2001/10/03 03:46:30 @@ -77,6 +77,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_hole.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_hole.c,v retrieving revision 1.10 diff -u -r1.10 ng_hole.c --- sys/netgraph/ng_hole.c 2001/01/08 05:34:06 1.10 +++ sys/netgraph/ng_hole.c 2001/09/25 12:22:00 @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_iface.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_iface.c,v retrieving revision 1.18 diff -u -r1.18 ng_iface.c --- sys/netgraph/ng_iface.c 2001/01/10 07:13:58 1.18 +++ sys/netgraph/ng_iface.c 2001/09/25 12:22:02 @@ -55,6 +55,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ip_input.c,v retrieving revision 1.1 diff -u -r1.1 ng_ip_input.c --- sys/netgraph/ng_ip_input.c 2001/09/27 21:54:27 1.1 +++ sys/netgraph/ng_ip_input.c 2001/10/03 04:06:35 @@ -72,6 +72,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_ksocket.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ksocket.c,v retrieving revision 1.22 diff -u -r1.22 ng_ksocket.c --- sys/netgraph/ng_ksocket.c 2001/10/10 19:51:13 1.22 +++ sys/netgraph/ng_ksocket.c 2001/10/11 14:39:55 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_lmi.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_lmi.c,v retrieving revision 1.14 diff -u -r1.14 ng_lmi.c --- sys/netgraph/ng_lmi.c 2001/01/10 07:13:58 1.14 +++ sys/netgraph/ng_lmi.c 2001/09/25 12:22:08 @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_mppc.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_mppc.c,v retrieving revision 1.14 diff -u -r1.14 ng_mppc.c --- sys/netgraph/ng_mppc.c 2001/09/12 08:37:53 1.14 +++ sys/netgraph/ng_mppc.c 2001/09/25 12:22:10 @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_one2many.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_one2many.c,v retrieving revision 1.7 diff -u -r1.7 ng_one2many.c --- sys/netgraph/ng_one2many.c 2001/01/30 20:51:52 1.7 +++ sys/netgraph/ng_one2many.c 2001/09/25 12:22:13 @@ -52,6 +52,7 @@ #include #include #include +#include #include #include Index: sys/netgraph/ng_ppp.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_ppp.c,v retrieving revision 1.34 diff -u -r1.34 ng_ppp.c --- sys/netgraph/ng_ppp.c 2001/01/10 07:13:58 1.34 +++ sys/netgraph/ng_ppp.c 2001/09/25 12:22:20 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_pppoe.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_pppoe.c,v retrieving revision 1.47 diff -u -r1.47 ng_pppoe.c --- sys/netgraph/ng_pppoe.c 2001/09/04 06:29:35 1.47 +++ sys/netgraph/ng_pppoe.c 2001/09/25 12:22:22 @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_pptpgre.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_pptpgre.c,v retrieving revision 1.21 diff -u -r1.21 ng_pptpgre.c --- sys/netgraph/ng_pptpgre.c 2001/04/11 22:04:47 1.21 +++ sys/netgraph/ng_pptpgre.c 2001/09/25 12:22:24 @@ -57,6 +57,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_rfc1490.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_rfc1490.c,v retrieving revision 1.15 diff -u -r1.15 ng_rfc1490.c --- sys/netgraph/ng_rfc1490.c 2001/01/09 00:49:31 1.15 +++ sys/netgraph/ng_rfc1490.c 2001/09/25 12:22:27 @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_sample.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_sample.c,v retrieving revision 1.19 diff -u -r1.19 ng_sample.c --- sys/netgraph/ng_sample.c 2001/02/25 05:36:25 1.19 +++ sys/netgraph/ng_sample.c 2001/09/25 12:22:30 @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_socket.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_socket.c,v retrieving revision 1.29 diff -u -r1.29 ng_socket.c --- sys/netgraph/ng_socket.c 2001/10/10 19:58:11 1.29 +++ sys/netgraph/ng_socket.c 2001/10/11 14:39:56 @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_split.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_split.c,v retrieving revision 1.2 diff -u -r1.2 ng_split.c --- sys/netgraph/ng_split.c 2001/07/24 23:33:06 1.2 +++ sys/netgraph/ng_split.c 2001/09/25 12:22:39 @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_tee.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_tee.c,v retrieving revision 1.18 diff -u -r1.18 ng_tee.c --- sys/netgraph/ng_tee.c 2001/09/12 08:37:53 1.18 +++ sys/netgraph/ng_tee.c 2001/09/25 12:22:42 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_tty.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_tty.c,v retrieving revision 1.20 diff -u -r1.20 ng_tty.c --- sys/netgraph/ng_tty.c 2001/09/12 08:37:53 1.20 +++ sys/netgraph/ng_tty.c 2001/09/25 12:22:47 @@ -62,6 +62,7 @@ #include #include #include +#include #include #include #include Index: sys/netgraph/ng_vjc.c =================================================================== RCS file: /home/ncvs/src/sys/netgraph/ng_vjc.c,v retrieving revision 1.19 diff -u -r1.19 ng_vjc.c --- sys/netgraph/ng_vjc.c 2001/01/08 05:34:06 1.19 +++ sys/netgraph/ng_vjc.c 2001/09/25 12:22:50 @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/accf_http.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/accf_http.c,v retrieving revision 1.5 diff -u -r1.5 accf_http.c --- sys/netinet/accf_http.c 2001/01/03 19:50:23 1.5 +++ sys/netinet/accf_http.c 2001/09/24 19:06:35 @@ -33,6 +33,7 @@ #include #include #include +#include #include /* check for GET/HEAD */ Index: sys/netinet/if_ether.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v retrieving revision 1.87 diff -u -r1.87 if_ether.c --- sys/netinet/if_ether.c 2001/10/25 06:14:21 1.87 +++ sys/netinet/if_ether.c 2001/11/17 15:34:56 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/igmp.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/igmp.c,v retrieving revision 1.33 diff -u -r1.33 igmp.c --- sys/netinet/igmp.c 2001/09/03 20:40:35 1.33 +++ sys/netinet/igmp.c 2001/09/24 18:36:23 @@ -51,6 +51,7 @@ #include #include +#include #include #include #include Index: sys/netinet/in_gif.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_gif.c,v retrieving revision 1.13 diff -u -r1.13 in_gif.c --- sys/netinet/in_gif.c 2001/09/12 08:37:53 1.13 +++ sys/netinet/in_gif.c 2001/09/24 18:36:39 @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/in_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.93 diff -u -r1.93 in_pcb.c --- sys/netinet/in_pcb.c 2001/11/17 03:07:09 1.93 +++ sys/netinet/in_pcb.c 2001/11/17 15:34:57 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet/in_rmx.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_rmx.c,v retrieving revision 1.41 diff -u -r1.41 in_rmx.c --- sys/netinet/in_rmx.c 2001/09/29 03:23:44 1.41 +++ sys/netinet/in_rmx.c 2001/10/01 16:32:48 @@ -47,6 +47,7 @@ #include #include #include +#include #include #include Index: sys/netinet/ip_ecn.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_ecn.c,v retrieving revision 1.4 diff -u -r1.4 ip_ecn.c --- sys/netinet/ip_ecn.c 2001/06/11 12:39:00 1.4 +++ sys/netinet/ip_ecn.c 2001/09/24 18:43:13 @@ -40,6 +40,7 @@ #include #include +#include #include #include Index: sys/netinet/ip_encap.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_encap.c,v retrieving revision 1.10 diff -u -r1.10 ip_encap.c --- sys/netinet/ip_encap.c 2001/09/07 07:24:28 1.10 +++ sys/netinet/ip_encap.c 2001/09/24 18:43:35 @@ -64,6 +64,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/ip_flow.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_flow.c,v retrieving revision 1.13 diff -u -r1.13 ip_flow.c --- sys/netinet/ip_flow.c 2001/11/04 17:35:00 1.13 +++ sys/netinet/ip_flow.c 2001/11/17 15:34:59 @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/ip_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw.c,v retrieving revision 1.174 diff -u -r1.174 ip_fw.c --- sys/netinet/ip_fw.c 2001/11/04 22:56:25 1.174 +++ sys/netinet/ip_fw.c 2001/11/17 15:34:59 @@ -35,6 +35,7 @@ #include #include +#include #include #include #include @@ -43,6 +44,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/ip_icmp.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_icmp.c,v retrieving revision 1.62 diff -u -r1.62 ip_icmp.c --- sys/netinet/ip_icmp.c 2001/10/25 05:56:30 1.62 +++ sys/netinet/ip_icmp.c 2001/11/17 15:34:59 @@ -38,6 +38,7 @@ #include #include +#include #include #include #include Index: sys/netinet/ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.184 diff -u -r1.184 ip_input.c --- sys/netinet/ip_input.c 2001/11/04 22:56:25 1.184 +++ sys/netinet/ip_input.c 2001/11/17 15:35:00 @@ -48,6 +48,7 @@ #include #include +#include #include #include #include Index: sys/netinet/ip_mroute.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_mroute.c,v retrieving revision 1.68 diff -u -r1.68 ip_mroute.c --- sys/netinet/ip_mroute.c 2001/10/29 02:19:19 1.68 +++ sys/netinet/ip_mroute.c 2001/11/17 15:35:01 @@ -17,6 +17,7 @@ #include #include +#include #include #include #include Index: sys/netinet/ip_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v retrieving revision 1.142 diff -u -r1.142 ip_output.c --- sys/netinet/ip_output.c 2001/11/04 22:56:25 1.142 +++ sys/netinet/ip_output.c 2001/11/17 15:35:01 @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/raw_ip.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v retrieving revision 1.87 diff -u -r1.87 raw_ip.c --- sys/netinet/raw_ip.c 2001/11/08 02:13:17 1.87 +++ sys/netinet/raw_ip.c 2001/11/17 15:35:02 @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/tcp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v retrieving revision 1.141 diff -u -r1.141 tcp_input.c --- sys/netinet/tcp_input.c 2001/09/12 08:37:54 1.141 +++ sys/netinet/tcp_input.c 2001/09/24 18:45:51 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include /* for proc0 declaration */ Index: sys/netinet/tcp_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v retrieving revision 1.53 diff -u -r1.53 tcp_output.c --- sys/netinet/tcp_output.c 2001/10/05 21:33:38 1.53 +++ sys/netinet/tcp_output.c 2001/10/08 02:05:32 @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/tcp_subr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.117 diff -u -r1.117 tcp_subr.c --- sys/netinet/tcp_subr.c 2001/11/08 02:13:17 1.117 +++ sys/netinet/tcp_subr.c 2001/11/17 15:35:02 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #ifdef INET6 Index: sys/netinet/tcp_timer.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_timer.c,v retrieving revision 1.47 diff -u -r1.47 tcp_timer.c --- sys/netinet/tcp_timer.c 2001/08/22 00:58:16 1.47 +++ sys/netinet/tcp_timer.c 2001/09/24 18:46:38 @@ -41,6 +41,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet/tcp_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_usrreq.c,v retrieving revision 1.67 diff -u -r1.67 tcp_usrreq.c --- sys/netinet/tcp_usrreq.c 2001/09/12 08:37:54 1.67 +++ sys/netinet/tcp_usrreq.c 2001/09/24 18:46:52 @@ -42,6 +42,7 @@ #include #include #include +#include #include #ifdef INET6 #include Index: sys/netinet/udp_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v retrieving revision 1.100 diff -u -r1.100 udp_usrreq.c --- sys/netinet/udp_usrreq.c 2001/11/08 02:13:17 1.100 +++ sys/netinet/udp_usrreq.c 2001/11/17 15:35:03 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet6/ah_core.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ah_core.c,v retrieving revision 1.8 diff -u -r1.8 ah_core.c --- sys/netinet6/ah_core.c 2001/06/11 12:39:03 1.8 +++ sys/netinet6/ah_core.c 2001/09/24 18:47:39 @@ -42,6 +42,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ah_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ah_input.c,v retrieving revision 1.9 diff -u -r1.9 ah_input.c --- sys/netinet6/ah_input.c 2001/09/07 07:19:12 1.9 +++ sys/netinet6/ah_input.c 2001/09/24 18:47:48 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ah_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ah_output.c,v retrieving revision 1.7 diff -u -r1.7 ah_output.c --- sys/netinet6/ah_output.c 2001/06/11 12:39:04 1.7 +++ sys/netinet6/ah_output.c 2001/09/24 18:47:52 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/dest6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/dest6.c,v retrieving revision 1.6 diff -u -r1.6 dest6.c --- sys/netinet6/dest6.c 2001/06/11 12:39:04 1.6 +++ sys/netinet6/dest6.c 2001/09/24 18:47:56 @@ -35,6 +35,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/esp_core.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/esp_core.c,v retrieving revision 1.6 diff -u -r1.6 esp_core.c --- sys/netinet6/esp_core.c 2001/08/20 17:58:46 1.6 +++ sys/netinet6/esp_core.c 2001/09/24 18:48:01 @@ -35,6 +35,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/esp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/esp_input.c,v retrieving revision 1.9 diff -u -r1.9 esp_input.c --- sys/netinet6/esp_input.c 2001/09/07 07:19:12 1.9 +++ sys/netinet6/esp_input.c 2001/09/24 18:48:05 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/esp_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/esp_output.c,v retrieving revision 1.5 diff -u -r1.5 esp_output.c --- sys/netinet6/esp_output.c 2001/06/11 12:39:05 1.5 +++ sys/netinet6/esp_output.c 2001/09/24 18:48:12 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/frag6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/frag6.c,v retrieving revision 1.8 diff -u -r1.8 frag6.c --- sys/netinet6/frag6.c 2001/06/11 12:39:05 1.8 +++ sys/netinet6/frag6.c 2001/09/24 18:48:16 @@ -32,6 +32,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/icmp6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/icmp6.c,v retrieving revision 1.14 diff -u -r1.14 icmp6.c --- sys/netinet6/icmp6.c 2001/09/25 18:40:52 1.14 +++ sys/netinet6/icmp6.c 2001/09/26 15:36:51 @@ -71,6 +71,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/in6_cksum.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_cksum.c,v retrieving revision 1.4 diff -u -r1.4 in6_cksum.c --- sys/netinet6/in6_cksum.c 2001/06/11 12:39:05 1.4 +++ sys/netinet6/in6_cksum.c 2001/09/24 18:48:28 @@ -66,6 +66,7 @@ */ #include +#include #include #include #include Index: sys/netinet6/in6_gif.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_gif.c,v retrieving revision 1.5 diff -u -r1.5 in6_gif.c --- sys/netinet6/in6_gif.c 2001/06/11 12:39:05 1.5 +++ sys/netinet6/in6_gif.c 2001/09/24 18:48:34 @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet6/in6_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_pcb.c,v retrieving revision 1.22 diff -u -r1.22 in6_pcb.c --- sys/netinet6/in6_pcb.c 2001/11/17 03:07:09 1.22 +++ sys/netinet6/in6_pcb.c 2001/11/17 15:35:04 @@ -72,6 +72,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/in6_proto.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_proto.c,v retrieving revision 1.16 diff -u -r1.16 in6_proto.c --- sys/netinet6/in6_proto.c 2001/07/02 21:02:09 1.16 +++ sys/netinet6/in6_proto.c 2001/09/24 18:48:42 @@ -75,6 +75,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet6/in6_rmx.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_rmx.c,v retrieving revision 1.4 diff -u -r1.4 in6_rmx.c --- sys/netinet6/in6_rmx.c 2001/06/11 12:39:05 1.4 +++ sys/netinet6/in6_rmx.c 2001/09/24 18:52:10 @@ -80,6 +80,7 @@ #include #include #include +#include #include #include Index: sys/netinet6/in6_src.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/in6_src.c,v retrieving revision 1.6 diff -u -r1.6 in6_src.c --- sys/netinet6/in6_src.c 2001/09/12 08:37:55 1.6 +++ sys/netinet6/in6_src.c 2001/09/24 18:52:14 @@ -70,6 +70,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ip6_forward.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_forward.c,v retrieving revision 1.12 diff -u -r1.12 ip6_forward.c --- sys/netinet6/ip6_forward.c 2001/10/15 14:16:18 1.12 +++ sys/netinet6/ip6_forward.c 2001/10/16 01:03:20 @@ -37,6 +37,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ip6_fw.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_fw.c,v retrieving revision 1.14 diff -u -r1.14 ip6_fw.c --- sys/netinet6/ip6_fw.c 2001/10/29 07:55:57 1.14 +++ sys/netinet6/ip6_fw.c 2001/11/17 15:35:04 @@ -35,6 +35,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ip6_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_input.c,v retrieving revision 1.30 diff -u -r1.30 ip6_input.c --- sys/netinet6/ip6_input.c 2001/09/25 18:40:52 1.30 +++ sys/netinet6/ip6_input.c 2001/09/26 15:36:52 @@ -73,6 +73,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ip6_mroute.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_mroute.c,v retrieving revision 1.9 diff -u -r1.9 ip6_mroute.c --- sys/netinet6/ip6_mroute.c 2001/09/20 08:04:21 1.9 +++ sys/netinet6/ip6_mroute.c 2001/09/24 18:52:30 @@ -51,6 +51,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet6/ip6_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ip6_output.c,v retrieving revision 1.32 diff -u -r1.32 ip6_output.c --- sys/netinet6/ip6_output.c 2001/09/12 08:37:55 1.32 +++ sys/netinet6/ip6_output.c 2001/09/24 18:52:34 @@ -72,6 +72,7 @@ #include "opt_pfil_hooks.h" #include +#include #include #include #include Index: sys/netinet6/ipcomp_core.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ipcomp_core.c,v retrieving revision 1.2 diff -u -r1.2 ipcomp_core.c --- sys/netinet6/ipcomp_core.c 2001/06/11 12:39:06 1.2 +++ sys/netinet6/ipcomp_core.c 2001/09/24 18:52:41 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ipcomp_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ipcomp_input.c,v retrieving revision 1.4 diff -u -r1.4 ipcomp_input.c --- sys/netinet6/ipcomp_input.c 2001/09/07 07:19:12 1.4 +++ sys/netinet6/ipcomp_input.c 2001/09/24 18:52:46 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ipcomp_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ipcomp_output.c,v retrieving revision 1.2 diff -u -r1.2 ipcomp_output.c --- sys/netinet6/ipcomp_output.c 2001/06/11 12:39:06 1.2 +++ sys/netinet6/ipcomp_output.c 2001/09/24 18:52:50 @@ -39,6 +39,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/ipsec.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/ipsec.c,v retrieving revision 1.14 diff -u -r1.14 ipsec.c --- sys/netinet6/ipsec.c 2001/11/06 22:45:29 1.14 +++ sys/netinet6/ipsec.c 2001/11/17 15:35:05 @@ -40,6 +40,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/mld6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/mld6.c,v retrieving revision 1.7 diff -u -r1.7 mld6.c --- sys/netinet6/mld6.c 2001/06/11 12:39:06 1.7 +++ sys/netinet6/mld6.c 2001/09/24 18:52:57 @@ -74,6 +74,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/nd6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/nd6.c,v retrieving revision 1.14 diff -u -r1.14 nd6.c --- sys/netinet6/nd6.c 2001/10/17 18:07:05 1.14 +++ sys/netinet6/nd6.c 2001/11/17 15:35:05 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include Index: sys/netinet6/nd6_nbr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v retrieving revision 1.10 diff -u -r1.10 nd6_nbr.c --- sys/netinet6/nd6_nbr.c 2001/06/19 14:48:02 1.10 +++ sys/netinet6/nd6_nbr.c 2001/09/24 18:53:07 @@ -36,6 +36,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/nd6_rtr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/nd6_rtr.c,v retrieving revision 1.9 diff -u -r1.9 nd6_rtr.c --- sys/netinet6/nd6_rtr.c 2001/09/06 02:40:38 1.9 +++ sys/netinet6/nd6_rtr.c 2001/09/24 18:53:11 @@ -35,6 +35,7 @@ #include #include +#include #include #include #include Index: sys/netinet6/raw_ip6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/raw_ip6.c,v retrieving revision 1.15 diff -u -r1.15 raw_ip6.c --- sys/netinet6/raw_ip6.c 2001/09/25 18:40:52 1.15 +++ sys/netinet6/raw_ip6.c 2001/09/26 15:36:53 @@ -68,6 +68,7 @@ #include "opt_inet6.h" #include +#include #include #include #include Index: sys/netinet6/route6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/route6.c,v retrieving revision 1.4 diff -u -r1.4 route6.c --- sys/netinet6/route6.c 2001/06/11 12:39:06 1.4 +++ sys/netinet6/route6.c 2001/09/24 18:53:18 @@ -34,6 +34,7 @@ #include "opt_inet6.h" #include +#include #include #include #include Index: sys/netinet6/scope6.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/scope6.c,v retrieving revision 1.2 diff -u -r1.2 scope6.c --- sys/netinet6/scope6.c 2001/06/11 12:39:06 1.2 +++ sys/netinet6/scope6.c 2001/09/24 18:53:23 @@ -31,6 +31,7 @@ */ #include +#include #include #include #include Index: sys/netinet6/udp6_output.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/udp6_output.c,v retrieving revision 1.6 diff -u -r1.6 udp6_output.c --- sys/netinet6/udp6_output.c 2001/09/25 18:40:52 1.6 +++ sys/netinet6/udp6_output.c 2001/09/26 15:36:53 @@ -70,6 +70,7 @@ #include "opt_inet6.h" #include +#include #include #include #include Index: sys/netinet6/udp6_usrreq.c =================================================================== RCS file: /home/ncvs/src/sys/netinet6/udp6_usrreq.c,v retrieving revision 1.19 diff -u -r1.19 udp6_usrreq.c --- sys/netinet6/udp6_usrreq.c 2001/11/08 02:13:18 1.19 +++ sys/netinet6/udp6_usrreq.c 2001/11/17 15:35:06 @@ -71,6 +71,7 @@ #include #include +#include #include #include #include Index: sys/nfsclient/bootp_subr.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/bootp_subr.c,v retrieving revision 1.30 diff -u -r1.30 bootp_subr.c --- sys/nfsclient/bootp_subr.c 2001/09/18 23:31:49 1.30 +++ sys/nfsclient/bootp_subr.c 2001/09/24 18:54:46 @@ -49,6 +49,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsclient/krpc_subr.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/krpc_subr.c,v retrieving revision 1.17 diff -u -r1.17 krpc_subr.c --- sys/nfsclient/krpc_subr.c 2001/09/18 23:31:51 1.17 +++ sys/nfsclient/krpc_subr.c 2001/09/24 18:54:50 @@ -47,6 +47,7 @@ #include #include +#include #include #include #include Index: sys/nfsclient/nfs_lock.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/nfs_lock.c,v retrieving revision 1.18 diff -u -r1.18 nfs_lock.c --- sys/nfsclient/nfs_lock.c 2001/11/14 18:20:45 1.18 +++ sys/nfsclient/nfs_lock.c 2001/11/17 15:35:11 @@ -36,6 +36,7 @@ #include #include /* for hz */ #include +#include #include #include /* for hz */ /* Must come after sys/malloc.h */ #include Index: sys/nfsclient/nfs_nfsiod.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/nfs_nfsiod.c,v retrieving revision 1.72 diff -u -r1.72 nfs_nfsiod.c --- sys/nfsclient/nfs_nfsiod.c 2001/11/14 18:20:45 1.72 +++ sys/nfsclient/nfs_nfsiod.c 2001/11/17 15:35:11 @@ -52,6 +52,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsclient/nfs_socket.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/nfs_socket.c,v retrieving revision 1.71 diff -u -r1.71 nfs_socket.c --- sys/nfsclient/nfs_socket.c 2001/10/09 02:40:45 1.71 +++ sys/nfsclient/nfs_socket.c 2001/10/11 14:40:06 @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsclient/nfs_subs.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/nfs_subs.c,v retrieving revision 1.110 diff -u -r1.110 nfs_subs.c --- sys/nfsclient/nfs_subs.c 2001/10/23 01:21:28 1.110 +++ sys/nfsclient/nfs_subs.c 2001/11/17 15:35:12 @@ -54,6 +54,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsclient/nfs_vfsops.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/nfs_vfsops.c,v retrieving revision 1.107 diff -u -r1.107 nfs_vfsops.c --- sys/nfsclient/nfs_vfsops.c 2001/11/12 02:33:52 1.107 +++ sys/nfsclient/nfs_vfsops.c 2001/11/17 15:35:12 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsclient/nfs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/nfsclient/nfs_vnops.c,v retrieving revision 1.179 diff -u -r1.179 nfs_vnops.c --- sys/nfsclient/nfs_vnops.c 2001/11/12 02:33:52 1.179 +++ sys/nfsclient/nfs_vnops.c 2001/11/17 15:35:13 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsserver/nfs_serv.c =================================================================== RCS file: /home/ncvs/src/sys/nfsserver/nfs_serv.c,v retrieving revision 1.108 diff -u -r1.108 nfs_serv.c --- sys/nfsserver/nfs_serv.c 2001/10/25 19:07:56 1.108 +++ sys/nfsserver/nfs_serv.c 2001/11/17 15:35:14 @@ -81,6 +81,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsserver/nfs_srvcache.c =================================================================== RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvcache.c,v retrieving revision 1.31 diff -u -r1.31 nfs_srvcache.c --- sys/nfsserver/nfs_srvcache.c 2001/09/28 04:37:08 1.31 +++ sys/nfsserver/nfs_srvcache.c 2001/10/01 16:33:02 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include /* for dup_sockaddr */ Index: sys/nfsserver/nfs_srvsock.c =================================================================== RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsock.c,v retrieving revision 1.72 diff -u -r1.72 nfs_srvsock.c --- sys/nfsserver/nfs_srvsock.c 2001/11/15 23:49:02 1.72 +++ sys/nfsserver/nfs_srvsock.c 2001/11/17 15:35:15 @@ -48,6 +48,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsserver/nfs_srvsubs.c =================================================================== RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsubs.c,v retrieving revision 1.109 diff -u -r1.109 nfs_srvsubs.c --- sys/nfsserver/nfs_srvsubs.c 2001/09/28 04:37:08 1.109 +++ sys/nfsserver/nfs_srvsubs.c 2001/10/01 16:33:03 @@ -55,6 +55,7 @@ #include #include #include +#include #include #include #include Index: sys/nfsserver/nfs_syscalls.c =================================================================== RCS file: /home/ncvs/src/sys/nfsserver/nfs_syscalls.c,v retrieving revision 1.73 diff -u -r1.73 nfs_syscalls.c --- sys/nfsserver/nfs_syscalls.c 2001/11/17 03:07:11 1.73 +++ sys/nfsserver/nfs_syscalls.c 2001/11/17 15:35:15 @@ -53,6 +53,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_dc.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_dc.c,v retrieving revision 1.58 diff -u -r1.58 if_dc.c --- sys/pci/if_dc.c 2001/11/14 18:36:37 1.58 +++ sys/pci/if_dc.c 2001/11/17 15:35:22 @@ -92,6 +92,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_de.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_de.c,v retrieving revision 1.136 diff -u -r1.136 if_de.c --- sys/pci/if_de.c 2001/02/06 10:11:45 1.136 +++ sys/pci/if_de.c 2001/09/24 18:56:35 @@ -42,6 +42,7 @@ #include #include +#include #include #include #include Index: sys/pci/if_mn.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_mn.c,v retrieving revision 1.32 diff -u -r1.32 if_mn.c --- sys/pci/if_mn.c 2001/06/15 07:39:12 1.32 +++ sys/pci/if_mn.c 2001/09/24 18:56:40 @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_pcn.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_pcn.c,v retrieving revision 1.23 diff -u -r1.23 if_pcn.c --- sys/pci/if_pcn.c 2001/09/29 19:28:31 1.23 +++ sys/pci/if_pcn.c 2001/10/01 16:33:09 @@ -58,6 +58,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_rl.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_rl.c,v retrieving revision 1.61 diff -u -r1.61 if_rl.c --- sys/pci/if_rl.c 2001/08/15 17:38:43 1.61 +++ sys/pci/if_rl.c 2001/09/24 18:56:51 @@ -86,6 +86,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_sf.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_sf.c,v retrieving revision 1.40 diff -u -r1.40 if_sf.c --- sys/pci/if_sf.c 2001/09/29 19:28:31 1.40 +++ sys/pci/if_sf.c 2001/10/01 16:33:09 @@ -82,6 +82,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_sis.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_sis.c,v retrieving revision 1.36 diff -u -r1.36 if_sis.c --- sys/pci/if_sis.c 2001/09/29 19:28:31 1.36 +++ sys/pci/if_sis.c 2001/10/01 16:33:10 @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_sk.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_sk.c,v retrieving revision 1.45 diff -u -r1.45 if_sk.c --- sys/pci/if_sk.c 2001/09/29 19:28:31 1.45 +++ sys/pci/if_sk.c 2001/10/01 16:33:10 @@ -71,6 +71,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_ste.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_ste.c,v retrieving revision 1.29 diff -u -r1.29 if_ste.c --- sys/pci/if_ste.c 2001/09/29 19:28:31 1.29 +++ sys/pci/if_ste.c 2001/10/01 16:33:10 @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_ti.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_ti.c,v retrieving revision 1.53 diff -u -r1.53 if_ti.c --- sys/pci/if_ti.c 2001/09/18 18:40:22 1.53 +++ sys/pci/if_ti.c 2001/09/24 18:57:12 @@ -81,6 +81,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_tl.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_tl.c,v retrieving revision 1.66 diff -u -r1.66 if_tl.c --- sys/pci/if_tl.c 2001/07/09 17:58:37 1.66 +++ sys/pci/if_tl.c 2001/09/24 18:57:18 @@ -181,6 +181,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_tx.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_tx.c,v retrieving revision 1.49 diff -u -r1.49 if_tx.c --- sys/pci/if_tx.c 2001/09/05 23:04:53 1.49 +++ sys/pci/if_tx.c 2001/09/24 18:57:22 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_vr.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_vr.c,v retrieving revision 1.45 diff -u -r1.45 if_vr.c --- sys/pci/if_vr.c 2001/07/09 17:58:37 1.45 +++ sys/pci/if_vr.c 2001/09/24 18:57:27 @@ -62,6 +62,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_wb.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_wb.c,v retrieving revision 1.43 diff -u -r1.43 if_wb.c --- sys/pci/if_wb.c 2001/07/09 17:58:37 1.43 +++ sys/pci/if_wb.c 2001/09/24 18:57:32 @@ -88,6 +88,7 @@ #include #include #include +#include #include #include #include Index: sys/pci/if_wxvar.h =================================================================== RCS file: if_wxvar.h diff -N if_wxvar.h --- /dev/null Sat Nov 17 13:11:02 2001 +++ if_wxvar.h Sat Nov 17 10:35:24 2001 @@ -0,0 +1,281 @@ +/* $FreeBSD: src/sys/pci/if_wxvar.h,v 1.13 2001/10/20 18:48:45 mjacob dead $ */ +/* + * Principal Author: Matthew Jacob + * Copyright (c) 1999, 2001 by Traakan Software + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice unmodified, this list of conditions, and the following + * disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Additional Copyright (c) 2001 by Parag Patel + * under same licence for MII PHY code. + */ + +/* + * Softc definitions for the Intel Gigabit Ethernet driver. + * + * Guidance and inspiration from David Greenman's + * if_fxp driver gratefully acknowledged here. + */ + +/* + * Platform specific defines and inline functions go here. + * Look further below for more generic structures. + */ + +/* + * Enable for FreeBSD 5.0 SMP code + */ +#define SMPNG 1 + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef NS +#include +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define NBPFILTER 1 + +MODULE_DEPEND(wx, miibus, 1, 1, 1); +#include "miibus_if.h" + +#include "opt_bdg.h" +#ifdef BRIDGE +#include +#include +#endif + +struct wxmdvar { + /* + * arpcom must be first + */ + struct arpcom arpcom; /* per-interface network data */ + struct device * dev; /* backpointer to device */ + struct resource * mem; /* resource descriptor for registers */ + struct resource * irq; /* resource descriptor for interrupt */ + void * ih; /* interrupt handler cookie */ + u_int16_t cmdw; + struct callout_handle sch; /* handle for timeouts */ + char name[8]; + bus_space_tag_t st; /* bus space tag */ + bus_space_handle_t sh; /* bus space handle */ + struct ifmedia ifm; + device_t miibus; + struct wx_softc * next; +#ifdef SMPNG + struct mtx wxmtx; +#else + int spl; +#endif +}; +#define wx_dev w.dev +#define wx_enaddr w.arpcom.ac_enaddr +#define wx_cmdw w.cmdw +#define wx_media w.ifm +#define wx_next w.next + +#define wx_if w.arpcom.ac_if +#define wx_name w.name +#define wx_mtx w.wxmtx + +#define IOCTL_CMD_TYPE u_long +#define WXMALLOC(len) malloc(len, M_DEVBUF, M_NOWAIT) +#define WXFREE(ptr) free(ptr, M_DEVBUF) +#define SOFTC_IFP(ifp) ifp->if_softc +#define WX_BPFTAP_ARG(ifp) ifp +#define VTIMEOUT(sc, func, arg, time) (void) timeout(func, arg, time) +#define TIMEOUT(sc, func, arg, time) (sc)->w.sch = timeout(func, arg, time) +#define UNTIMEOUT(f, arg, sc) untimeout(f, arg, (sc)->w.sch) +#define INLINE __inline +#ifdef SMPNG +#define WX_LOCK(_sc) mtx_lock(&(_sc)->wx_mtx) +#define WX_UNLOCK(_sc) mtx_unlock(&(_sc)->wx_mtx) +#define WX_ILOCK(_sc) mtx_lock(&(_sc)->wx_mtx) +#define WX_IUNLK(_sc) mtx_unlock(&(_sc)->wx_mtx) +#else +#define WX_LOCK(_sc) _sc->w.spl = splimp() +#define WX_UNLOCK(_sc) splx(_sc->w.spl) +#define WX_ILOCK(_sc) +#define WX_IUNLK(_sc) +#endif +#define WX_SOFTC_FROM_MII_ARG(x) device_get_softc(x) +#define WX_MII_FROM_SOFTC(x) device_get_softc((x)->w.miibus) + + +#define READ_CSR(sc, reg) \ + bus_space_read_4((sc)->w.st, (sc)->w.sh, (reg)) +#define WRITE_CSR(sc, reg, val) \ + bus_space_write_4((sc)->w.st, (sc)->w.sh, (reg), (val)) + +/* + * Transmit soft descriptor, used to manage packets as they come in. + */ +typedef struct rxpkt { + struct mbuf *dptr; /* pointer to receive frame */ + u_int32_t dma_addr; /* dma address */ +} rxpkt_t; + + +/* + * Transmit soft descriptor, used to manage packets as they are transmitted. + */ +typedef struct txpkt { + struct txpkt *next; /* next in a chain */ + struct mbuf *dptr; /* pointer to mbuf being sent */ + u_int32_t sidx; /* start index */ + u_int32_t eidx; /* end index */ +} txpkt_t; + + +typedef struct wx_softc { + /* + * OS dependent storage... must be first... + */ + struct wxmdvar w; + + /* + * misc goodies + */ + u_int32_t : 22, + wx_needreinit : 1, + wx_mii : 1, /* non-zero if we have a PHY */ + wx_no_flow : 1, + wx_ilos : 1, + wx_no_ilos : 1, + wx_verbose : 1, + wx_debug : 1, + ane_failed : 1, + linkup : 1, + all_mcasts : 1; + u_int32_t wx_idnrev; /* chip revision && PCI ID */ + u_int16_t wx_cfg1; + u_int16_t wx_unused; + u_int32_t wx_ienable; /* current ienable to use */ + u_int32_t wx_dcr; /* dcr used */ + u_int32_t wx_icr; /* last icr */ + + /* + * Statistics, soft && hard + */ + u_int32_t wx_intr; + u_int32_t wx_linkintr; + u_int32_t wx_rxintr; + u_int32_t wx_txqe; + u_int32_t wx_xmitgc; + u_int32_t wx_xmitpullup; + u_int32_t wx_xmitcluster; + u_int32_t wx_xmitputback; + u_int32_t wx_xmitwanted; + u_int32_t wx_xmitblocked; + u_int32_t wx_xmitrunt; + u_int32_t wx_rxnobuf; + u_int32_t wx_oddpkt; + + /* + * Soft copies of multicast addresses. We're only + * using (right now) the rest of the receive address + * registers- not the hashed multicast table. + */ + u_int8_t wx_mcaddr[WX_RAL_TAB_SIZE-1][6]; + u_int8_t wx_nmca; /* # active multicast addrs */ + + + /* + * Receive Management + * We have software and shared memory rings in a buddy store format. + */ + wxrd_t *rdescriptors; /* receive descriptor ring */ + rxpkt_t *rbase; /* base of soft rdesc list */ + u_int16_t rnxt; /* next descriptor to check */ + u_int16_t _pad; + struct mbuf *rpending; /* pending partial packet */ + + /* + * Transmit Management + * We have software and shared memory rings in a buddy store format. + */ + txpkt_t *tbase; /* base of soft soft management */ + txpkt_t *tbsyf, *tbsyl; /* linked busy list */ + wxtd_t *tdescriptors; /* transmit descriptor ring */ + u_int16_t tnxtfree; /* next free index (circular) */ + u_int16_t tactive; /* # active */ +} wx_softc_t; + +/* + * We offset the the receive frame header by two bytes so that the actual + * payload is 32 bit aligned. On platforms that require strict structure + * alignment, this means that the ethernet frame header may have to be shifted + * to align it at interrupt time, but because it's such a small amount + * (fourteen bytes) and processors have gotten pretty fast, that's okay. + * It may even turn out on some platforms that this doesn't have to happen. + */ +#define WX_RX_OFFSET_VALUE 2 + +/* + * Tunable Parameters. + * + * Descriptor lengths must be in multiples of 8. + */ +#define WX_MAX_TDESC 256 /* number of transmit descriptors */ +#define T_NXT_IDX(x) ((x + 1) & (WX_MAX_TDESC - 1)) +#define T_PREV_IDX(x) ((x - 1) & (WX_MAX_TDESC - 1)) +#define WX_MAX_RDESC 256 /* number of receive descriptors */ +#ifdef PADDED_CELL +#define RXINCR 2 +#else +#define RXINCR 1 +#endif +#define R_NXT_IDX(x) ((x + RXINCR) & (WX_MAX_RDESC - 1)) +#define R_PREV_IDX(x) ((x - RXINCR) & (WX_MAX_RDESC - 1)) + +/* + * Link Up timeout, in milliseconds. + */ + +#define WX_LINK_UP_TIMEOUT 500 Index: sys/pci/if_xl.c =================================================================== RCS file: /home/ncvs/src/sys/pci/if_xl.c,v retrieving revision 1.99 diff -u -r1.99 if_xl.c --- sys/pci/if_xl.c 2001/10/22 06:45:42 1.99 +++ sys/pci/if_xl.c 2001/11/17 15:35:25 @@ -103,6 +103,7 @@ #include #include #include +#include #include #include #include Index: sys/sys/mac.h =================================================================== RCS file: mac.h diff -N mac.h --- /dev/null Sat Nov 17 13:11:02 2001 +++ mac.h Wed Oct 3 07:10:37 2001 @@ -0,0 +1,224 @@ +/*- + * Copyright (c) 1999-2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Userland/kernel interface for Mandatory Access Control. + * + * The POSIX.1e implementation page may be reached at: + * http://www.trustedbsd.org/ + */ +#ifndef _SYS_MAC_H +#define _SYS_MAC_H + +#ifndef _POSIX_MAC +#define _POSIX_MAC +#endif + +#define FREEBSD_MAC_EXTATTR_NAME "$freebsd.mac" +#define FREEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM + +/* + * Structures and constants associated with a Biba Integrity policy. + * mac_biba represents a Biba label, with mb_type determining its properties, + * and mb_grade represents the hierarchal grade if valid for the current + * mb_type. + */ +struct mac_biba { + u_short mb_type; + u_short mb_grade; +}; +#define MAC_BIBA_TYPE_GRADE 0 /* Hierarchal grade with mb_grade. */ +#define MAC_BIBA_TYPE_LOW 1 /* Dominated by any + * MAC_BIBA_TYPE_LABEL. */ +#define MAC_BIBA_TYPE_HIGH 2 /* Dominates any + * MAC_BIBA_TYPE_LABEL. */ +#define MAC_BIBA_TYPE_EQUAL 3 /* Equivilent to any + * MAC_BIBA_TYPE_LABEL. */ + +/* + * The Biba label scope is expressed as an inclusive range of label values. + */ +struct mac_biba_scope { + struct mac_biba mbs_bottom; + struct mac_biba mbs_top; +}; + +/* + * Structures and constants associated with a Multi-Level Security policy. + * mac_mls represents an MLS label, with mm_type determining its properties, + * and mm_level represents the hierarchal sensitivity level if valid for the + * current mm_type. + */ +struct mac_mls { + u_short mm_type; + u_short mm_level; +}; +#define MAC_MLS_TYPE_LEVEL 0 /* Hierarchal level with mm_level. */ +#define MAC_MLS_TYPE_LOW 1 /* Dominated by any + * MAC_MLS_TYPE_LABEL. */ +#define MAC_MLS_TYPE_HIGH 2 /* Dominates any + * MAC_MLS_TYPE_LABEL. */ +#define MAC_MLS_TYPE_EQUAL 3 /* Equivilent to any + * MAC_MLS_TYPE_LABEL. */ + +/* + * The MLS label scope is expressed as an inclusive range of label values. + */ +struct mac_mls_scope { + struct mac_mls mbs_bottom; + struct mac_mls mbs_top; +}; + +/* + * Structures and constants for efficient, scalable non-overlapping system + * partitions. + * mac_partition represents a partitiong label, with mp_type determining + * its properties, and mp_partition representing the partition number for + * the current mp_type. + */ +struct mac_partition { + u_short mp_type; + u_int mp_partition; +}; +#define MAC_PARTITION_TYPE_PARTITION 0 /* Visible/can effect the + * partition identified by + * mp_partition. */ +#define MAC_PARTITION_TYPE_ALL 1 /* Visible from any partition, + * not modifiable from any + * partition. */ +#define MAC_PARTITION_TYPE_NONE 2 /* Visible from no partition, + * not modifiable from any + * partition. */ + +/* + * The Partition scope consists of a single label. + */ +struct mac_partition_scope { + struct mac_partition mps; +}; + +struct mac { + struct mac_biba m_biba; + struct mac_mls m_mls; + struct mac_partition m_partition; +}; +typedef struct mac *mac_t; + +struct mac_scope { + struct mac_biba_scope ms_biba; + struct mac_mls_scope ms_mls; + struct mac_partition_scope ms_partition; +}; + +const struct mac mac_userland_system_high_label; + +#ifndef _KERNEL + +/* + * POSIX.1e functions visible in the application namespace. + */ +int mac_dominate __P((const mac_t labela, const mac_t labelb)); +int mac_equal __P((const mac_t labela, const mac_t labelb)); +int mac_free __P((void *buf_p)); +mac_t mac_from_text __P((const char *text_p)); +mac_t mac_from_fd __P((int fildes)); +mac_t mac_get_file __P((const char *path_p)); +mac_t mac_get_proc __P((void)); +mac_t mac_glb __P((const mac_t labela, const mac_t labelb)); +mac_t mac_lub __P((const mac_t labela, const mac_t labelb)); +int mac_set_fd __P((int fildes, const mac_t label)); +int mac_set_file __P((const char *path_p, mac_t label)); +int mac_set_proc __P((const mac_t label)); +ssize_t mac_size __P((mac_t label)); +char * mac_to_text __P((const mac_t label, size_t *len_p)); +int mac_valid __P((const mac_t label)); + +/* + * System calls wrapped by some POSIX.1e functions. + */ +int __mac_get_fd(int fd, struct mac *mac_p); +int __mac_get_file(const char *path_p, struct mac *mac_p); +int __mac_get_proc(struct mac *mac_p); +int __mac_set_fd(int fd, struct mac *mac_p); +int __mac_set_file(const char *path_p, struct mac *mac_p); +int __mac_set_proc(struct mac *mac_p); + +#else /* _KERNEL */ + +/* + * Information flow/operation mask, used as an argument to mac_can(). + */ +#define MAC_NONE 0x00000000 +#define MAC_READ 0x00000001 /* Information flow to subject. */ +#define MAC_WRITE 0x00000002 /* Information flow to object. */ +#define MAC_EXEC 0x00000004 /* Execute the object. */ +#define MAC_ADMIN 0x00000008 /* Administer object attributes. */ +#define MAC_SIGNAL 0x00000010 /* Signal the object (process). */ +#define MAC_CREATE 0x00000020 /* Create an object with this label. */ +#define MAC_STAT 0x00000040 /* Read object attributes. */ +#define MAC_ALL (MAC_READ | MAC_WRITE | MAC_EXEC | MAC_ADMIN | MAC_CREATE | \ + MAC_STAT) + +/* + * Types of objects. MAC return values frequently depend on the object + * type being accesed. + */ +#define MAC_OBJ_PROC 0x00000001 /* Process. */ +#define MAC_OBJ_VFS_REGULAR 0x00000002 /* File. */ +#define MAC_OBJ_VFS_DIRECTORY 0x00000003 /* Directory. */ +#define MAC_OBJ_VFS_DEVICE 0x00000004 /* Device node. */ +#define MAC_OBJ_VFS_PIPE 0x00000005 /* Pipe. */ + +/* + * Kernel functions to manage and evaluate labels. + */ +struct proc; +struct ucred; +int mac_can __P((const struct ucred *cred, const struct mac *label, + int operation, int sub_operation)); +int mac_cr_cansee __P((const struct ucred *u1, const struct ucred *u2)); +int mac_dominate __P((const struct mac *labela, const struct mac *labelb)); +int mac_equal __P((const struct mac *labela, const struct mac *labelb)); +void mac_init_subject __P((struct ucred *cred)); +void mac_create_subject __P((const struct ucred *cred_parent, + struct ucred *cred_child)); +int mac_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_init_object __P((struct mac *label)); +void mac_create_object __P((const struct ucred *cred, struct mac *label)); +int mac_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_print_label __P((const struct mac *label)); +int mac_p_candebug __P((const struct proc *p1, const struct proc *p2)); +int mac_p_cansched __P((const struct proc *p1, const struct proc *p2)); +int mac_p_cansignal __P((const struct proc *p1, const struct proc *p2, + int signum)); +int mac_p_canexec __P((const struct proc *p1, const struct mac *label)); + +#endif /* _KERNEL */ + +#endif /* !_SYS_MAC_H */ Index: sys/sys/mac_private.h =================================================================== RCS file: mac_private.h diff -N mac_private.h --- /dev/null Sat Nov 17 13:11:02 2001 +++ mac_private.h Fri Oct 5 10:11:56 2001 @@ -0,0 +1,103 @@ +/*- + * Copyright (c) 1999-2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: $ + */ +/* + * Developed by the TrustedBSD Project. + * Private label management functions for mandatory security policies. + */ +#ifndef _SYS_MAC_PRIVATE_H +#define _SYS_MAC_PRIVATE_H + +/* Biba Integrity Policy. */ +int mac_biba_cr_cansee __P((const struct ucred *u1, + const struct ucred *u2)); +int mac_biba_dominate __P((const struct mac *labela, + const struct mac *labelb)); +int mac_biba_equal __P((const struct mac *labela, + const struct mac *labelb)); +void mac_biba_init_subject __P((struct ucred *cred)); +void mac_biba_create_subject __P((const struct ucred *parent_cred, + struct ucred *child_cred)); +int mac_biba_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_biba_init_object __P((struct mac *label)); +void mac_biba_create_object __P((const struct ucred *cred, + struct mac *label)); +int mac_biba_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_biba_print_label __P((const struct mac *label)); +int mac_biba_p_candebug __P((const struct proc *p1, + const struct proc *p2)); +int mac_biba_p_cansched __P((const struct proc *p1, + const struct proc *p2)); +int mac_biba_p_cansignal __P((const struct proc *p1, const struct proc *p2, + int signum)); +int mac_biba_vaccess __P((enum vtype type, const struct mac *filelabel, + mode_t acc_mode, struct ucred *cred)); + +/* Multi-Level Security Policy. */ +int mac_mls_cr_cansee __P((const struct ucred *u1, + const struct ucred *u2)); +int mac_mls_dominate __P((const struct mac *labela, + const struct mac *labelb)); +int mac_mls_equal __P((const struct mac *labela, const struct mac *labelb)); +void mac_mls_init_subject __P((struct ucred *cred)); +void mac_mls_create_subject __P((const struct ucred *parent_cred, + struct ucred *child_cred)); +int mac_mls_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_mls_init_object __P((struct mac *label)); +void mac_mls_create_object __P((const struct ucred *cred, + struct mac *label)); +int mac_mls_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_mls_print_label __P((const struct mac *label)); +int mac_mls_p_candebug __P((const struct proc *p1, const struct proc *p2)); +int mac_mls_p_cansched __P((const struct proc *p1, const struct proc *p2)); +int mac_mls_p_cansignal __P((const struct proc *p1, const struct proc *p2, + int signum)); +int mac_mls_vaccess __P((enum vtype type, const struct mac *filelabel, + mode_t acc_mode, struct ucred *cred)); + +/* Light-Weight Partition Security Policy. */ +int mac_partition_dominate __P((const struct mac *labela, + const struct mac *labelb)); +int mac_partition_equal __P((const struct mac *labela, + const struct mac *labelb)); +void mac_partition_init_subject __P((struct ucred *cred)); +void mac_partition_create_subject __P((const struct ucred *parent_cred, + struct ucred *child_cred)); +int mac_partition_can_setlabel_subject __P((const struct ucred *cred_old, + const struct ucred *cred_new)); +void mac_partition_init_object __P((struct mac *label)); +void mac_partition_create_object __P((const struct ucred *cred, + struct mac *label)); +int mac_partition_can_setlabel_object __P((const struct ucred *cred, + const struct mac *label_old, const struct mac *label_new)); +void mac_partition_print_label __P((const struct mac *label)); + +#endif /* !_SYS_MAC_PRIVATE_H */ Index: sys/sys/mbuf.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mbuf.h,v retrieving revision 1.85 diff -u -r1.85 mbuf.h --- sys/sys/mbuf.h 2001/09/30 01:58:35 1.85 +++ sys/sys/mbuf.h 2001/10/01 16:33:20 @@ -85,6 +85,7 @@ int csum_flags; /* flags regarding checksum */ int csum_data; /* data field used by csum routines */ struct mbuf *aux; /* extra data buffer; ipsec/others */ + struct mac label; /* label of data in packet */ }; /* Index: sys/sys/mount.h =================================================================== RCS file: /home/ncvs/src/sys/sys/mount.h,v retrieving revision 1.116 diff -u -r1.116 mount.h --- sys/sys/mount.h 2001/11/05 10:33:42 1.116 +++ sys/sys/mount.h 2001/11/17 15:35:40 @@ -43,6 +43,7 @@ */ #include +#include #include #include #ifdef _KERNEL Index: sys/sys/proc.h =================================================================== RCS file: /home/ncvs/src/sys/sys/proc.h,v retrieving revision 1.192 diff -u -r1.192 proc.h --- sys/sys/proc.h 2001/10/30 20:43:45 1.192 +++ sys/sys/proc.h 2001/11/17 15:35:40 @@ -53,6 +53,7 @@ #ifndef _KERNEL #include /* For structs itimerval, timeval. */ #endif +#include #include #include /* Machine-dependent proc substruct. */ Index: sys/sys/syscall.h =================================================================== RCS file: /home/ncvs/src/sys/sys/syscall.h,v retrieving revision 1.96 diff -u -r1.96 syscall.h --- sys/sys/syscall.h 2001/11/02 17:59:18 1.96 +++ sys/sys/syscall.h 2001/11/17 16:23:46 @@ -2,7 +2,7 @@ * System call numbers. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/syscall.h,v 1.96 2001/11/02 17:59:18 phk Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.100 2001/11/02 17:58:26 phk Exp */ @@ -298,4 +298,10 @@ #define SYS_nfsclnt 375 #define SYS_eaccess 376 #define SYS_nmount 378 -#define SYS_MAXSYSCALL 379 +#define SYS___mac_get_proc 379 +#define SYS___mac_set_proc 380 +#define SYS___mac_get_fd 381 +#define SYS___mac_get_file 382 +#define SYS___mac_set_fd 383 +#define SYS___mac_set_file 384 +#define SYS_MAXSYSCALL 385 Index: sys/sys/syscall.mk =================================================================== RCS file: /home/ncvs/src/sys/sys/syscall.mk,v retrieving revision 1.50 diff -u -r1.50 syscall.mk --- sys/sys/syscall.mk 2001/11/02 17:59:18 1.50 +++ sys/sys/syscall.mk 2001/11/17 16:23:46 @@ -1,6 +1,6 @@ # FreeBSD system call names. # DO NOT EDIT-- this file is automatically generated. -# $FreeBSD: src/sys/sys/syscall.mk,v 1.50 2001/11/02 17:59:18 phk Exp $ +# $FreeBSD$ # created from FreeBSD: src/sys/kern/syscalls.master,v 1.100 2001/11/02 17:58:26 phk Exp MIASM = \ syscall.o \ @@ -246,4 +246,10 @@ __setugid.o \ nfsclnt.o \ eaccess.o \ - nmount.o + nmount.o \ + __mac_get_proc.o \ + __mac_set_proc.o \ + __mac_get_fd.o \ + __mac_get_file.o \ + __mac_set_fd.o \ + __mac_set_file.o Index: sys/sys/sysproto.h =================================================================== RCS file: /home/ncvs/src/sys/sys/sysproto.h,v retrieving revision 1.87 diff -u -r1.87 sysproto.h --- sys/sys/sysproto.h 2001/11/02 17:59:18 1.87 +++ sys/sys/sysproto.h 2001/11/17 16:23:46 @@ -2,7 +2,7 @@ * System call prototypes. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/sys/sysproto.h,v 1.87 2001/11/02 17:59:18 phk Exp $ + * $FreeBSD$ * created from FreeBSD: src/sys/kern/syscalls.master,v 1.100 2001/11/02 17:58:26 phk Exp */ @@ -1086,6 +1086,28 @@ char iovcnt_l_[PADL_(unsigned int)]; unsigned int iovcnt; char iovcnt_r_[PADR_(unsigned int)]; char flags_l_[PADL_(int)]; int flags; char flags_r_[PADR_(int)]; }; +struct __mac_get_proc_args { + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_set_proc_args { + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_get_fd_args { + char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_get_file_args { + char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_set_fd_args { + char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; +struct __mac_set_file_args { + char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)]; + char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; +}; int nosys __P((struct thread *, struct nosys_args *)); void sys_exit __P((struct thread *, struct sys_exit_args *)); int fork __P((struct thread *, struct fork_args *)); @@ -1329,6 +1351,12 @@ int nfsclnt __P((struct thread *, struct nfsclnt_args *)); int eaccess __P((struct thread *, struct eaccess_args *)); int nmount __P((struct thread *, struct nmount_args *)); +int __mac_get_proc __P((struct thread *, struct __mac_get_proc_args *)); +int __mac_set_proc __P((struct thread *, struct __mac_set_proc_args *)); +int __mac_get_fd __P((struct thread *, struct __mac_get_fd_args *)); +int __mac_get_file __P((struct thread *, struct __mac_get_file_args *)); +int __mac_set_fd __P((struct thread *, struct __mac_set_fd_args *)); +int __mac_set_file __P((struct thread *, struct __mac_set_file_args *)); #ifdef COMPAT_43 Index: sys/sys/ucred.h =================================================================== RCS file: /home/ncvs/src/sys/sys/ucred.h,v retrieving revision 1.26 diff -u -r1.26 ucred.h --- sys/sys/ucred.h 2001/10/11 23:38:17 1.26 +++ sys/sys/ucred.h 2001/10/16 01:23:41 @@ -60,6 +60,7 @@ struct uidinfo *cr_uidinfo; /* per euid resource consumption */ struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */ struct prison *cr_prison; /* jail(4) */ + struct mac cr_label; /* mandatory access control label */ #define cr_endcopy cr_mtx struct mtx cr_mtx; /* protect refcount */ }; @@ -78,6 +79,9 @@ short cr_ngroups; /* number of groups */ gid_t cr_groups[NGROUPS]; /* groups */ void *_cr_unused1; /* compatibility with old ucred */ +#if 0 + struct mac cr_label; /* mandatory access control label */ +#endif }; #ifdef _KERNEL Index: sys/sys/user.h =================================================================== RCS file: /home/ncvs/src/sys/sys/user.h,v retrieving revision 1.45 diff -u -r1.45 user.h --- sys/sys/user.h 2001/10/11 08:15:16 1.45 +++ sys/sys/user.h 2001/10/11 14:40:25 @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include Index: sys/sys/vnode.h =================================================================== RCS file: /home/ncvs/src/sys/sys/vnode.h,v retrieving revision 1.164 diff -u -r1.164 vnode.h --- sys/sys/vnode.h 2001/11/11 22:39:06 1.164 +++ sys/sys/vnode.h 2001/11/17 15:35:43 @@ -545,6 +545,7 @@ struct proc; struct stat; struct nstat; +struct mac; struct ucred; struct uio; struct vattr; @@ -578,6 +579,8 @@ int vaccess_acl_posix1e __P((enum vtype type, uid_t file_uid, gid_t file_gid, struct acl *acl, mode_t acc_mode, struct ucred *cred, int *privused)); +int vaccess_mac __P((enum vtype type, const struct mac *filelabel, + mode_t acc_mode, struct ucred *cred)); void vattr_null __P((struct vattr *vap)); int vcount __P((struct vnode *vp)); void vdrop __P((struct vnode *)); Index: sys/ufs/ffs/ffs_vfsops.c =================================================================== RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_vfsops.c,v retrieving revision 1.163 diff -u -r1.163 ffs_vfsops.c --- sys/ufs/ffs/ffs_vfsops.c 2001/10/26 00:08:05 1.163 +++ sys/ufs/ffs/ffs_vfsops.c 2001/11/17 15:35:44 @@ -34,6 +34,7 @@ * $FreeBSD: src/sys/ufs/ffs/ffs_vfsops.c,v 1.163 2001/10/26 00:08:05 dillon Exp $ */ +#include "opt_mac.h" #include "opt_quota.h" #include "opt_ufs.h" @@ -712,6 +713,18 @@ ump->um_quotas[i] = NULLVP; #ifdef UFS_EXTATTR ufs_extattr_uepm_init(&ump->um_extattr); +#endif +#ifdef MAC + /* + * The following sets a file system to use default object labels + * for system objects. + * mac_init_object(&ump->um_label); + */ + /* The following inherits a file system label from the credential + * of the caller. mac_inherit_object knows what to do if cred is + * NOCRED. + */ + mac_create_object(cred, &ump->um_label); #endif devvp->v_rdev->si_mountpoint = mp; ffs_oldfscompat(fs); Index: sys/ufs/ufs/ufs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/ufs/ufs/ufs_vnops.c,v retrieving revision 1.180 diff -u -r1.180 ufs_vnops.c --- sys/ufs/ufs/ufs_vnops.c 2001/10/08 00:37:54 1.180 +++ sys/ufs/ufs/ufs_vnops.c 2001/10/08 02:05:58 @@ -39,6 +39,7 @@ * $FreeBSD: src/sys/ufs/ufs/ufs_vnops.c,v 1.180 2001/10/08 00:37:54 dillon Exp $ */ +#include "opt_mac.h" #include "opt_quota.h" #include "opt_suiddir.h" #include "opt_ufs.h" @@ -60,6 +61,8 @@ #include #include #include +#include +#include #include @@ -88,6 +91,9 @@ static int ufs_close __P((struct vop_close_args *)); static int ufs_create __P((struct vop_create_args *)); static int ufs_getattr __P((struct vop_getattr_args *)); +#ifdef MAC +static int ufs_getlabel __P((struct vop_getlabel_args *)); +#endif static int ufs_link __P((struct vop_link_args *)); static int ufs_makeinode __P((int mode, struct vnode *, struct vnode **, struct componentname *)); static int ufs_missingop __P((struct vop_generic_args *ap)); @@ -101,6 +107,9 @@ static int ufs_rename __P((struct vop_rename_args *)); static int ufs_rmdir __P((struct vop_rmdir_args *)); static int ufs_setattr __P((struct vop_setattr_args *)); +#ifdef MAC +static int ufs_setlabel __P((struct vop_setlabel_args *)); +#endif static int ufs_strategy __P((struct vop_strategy_args *)); static int ufs_symlink __P((struct vop_symlink_args *)); static int ufs_whiteout __P((struct vop_whiteout_args *)); @@ -337,6 +346,9 @@ { struct vnode *vp = ap->a_vp; struct inode *ip = VTOI(vp); +#ifdef MAC + struct mac label; +#endif mode_t mode = ap->a_mode; int error; #ifdef UFS_ACL @@ -367,9 +379,27 @@ } /* If immutable bit set, nobody gets to write it. */ + /* XXX: This breaks chflags(), please fix. + if ((mode & (VWRITE | VADMIN)) && + (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) + return (EPERM); + */ if ((mode & VWRITE) && (ip->i_flags & (IMMUTABLE | SF_SNAPSHOT))) return (EPERM); +#ifdef MAC + error = VOP_GETLABEL(vp, &label, ap->a_cred, ap->a_td); + if (error) { + printf("ufs_access: couldn't get any label (%d)\n", error); + return (error); + } + error = vaccess_mac(vp->v_type, &label, ap->a_mode, ap->a_cred); + if (error) { + printf("mac_vaccess returned %d for %d (%s)\n", error, + ap->a_td->td_proc->p_pid, ap->a_td->td_proc->p_comm); + return (error); + } +#endif /* !MAC */ #ifdef UFS_ACL MALLOC(acl, struct acl *, sizeof(*acl), M_ACL, M_WAITOK); len = sizeof(*acl); @@ -741,6 +771,102 @@ return (0); } +#ifdef MAC +/* + * Retrieve the MAC label on a file. + */ +static int +ufs_getlabel(ap) + struct vop_getlabel_args /* { + struct vnode *a_vp; + struct mac *a_label; + struct ucred *a_cred; + struct thread *a_td; + } */ *ap; +{ + struct ufsmount *ump; + int error, len; + + len = sizeof(*ap->a_label); + bzero(ap->a_label, sizeof(*ap->a_label)); + error = vn_extattr_get(ap->a_vp, IO_NODELOCKED, + FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, &len, + (char *) ap->a_label, ap->a_td); + switch (error) { + case 0: + /* + * Successfully retrieved the label from disk. + * Check the length, fail closed. + */ + if (len != sizeof(*ap->a_label)) { + printf("Corrupted label\n"); + error = EPERM; + } + break; + case ENOENT: /* XXX: Should be ENOATTR not ENOENT. */ + case EOPNOTSUPP: + /* + * If no label is available, return the mount label + * instead. + */ + ump = VFSTOUFS(ap->a_vp->v_mount); + *ap->a_label = ump->um_label; + error = 0; + break; + default: + } + + return (error); +} + +/* + * Set the MAC label on a file. + */ +static int +ufs_setlabel(ap) + struct vop_setlabel_args /* { + struct vnode *a_vp; + struct mac *a_label; + struct ucred *a_cred; + struct thread *a_td; + } */ *ap; +{ + struct mac old_label; + int error; + + /* + * First access check: does the caller have the ability to + * administer the file system object to be labeled/re-labeled. + */ + error = VOP_ACCESS(ap->a_vp, VADMIN, ap->a_cred, ap->a_td); + if (error) + return (error); + + /* + * Second check: is the label being assigned to the object + * appropriate based on the label previously assigned, and + * the label on the subject. To do this, must retrieve the + * old label. + */ + error = VOP_GETLABEL(ap->a_vp, &old_label, ap->a_cred, ap->a_td); + if (error) + return (error); + + error = mac_can_setlabel_object(ap->a_cred, &old_label, ap->a_label); + if (error) + return (error); + + error = vn_extattr_set(ap->a_vp, IO_NODELOCKED, + FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, + sizeof(*ap->a_label), (char *) ap->a_label, ap->a_td); + if (error) + return (error); + + VN_KNOTE(ap->a_vp, NOTE_ATTRIB); + return (0); +} +#endif /* !MAC */ + int ufs_remove(ap) struct vop_remove_args /* { @@ -1358,6 +1484,10 @@ struct buf *bp; struct dirtemplate dirtemplate, *dtp; struct direct newdir; +#ifdef MAC + struct ufsmount *ump; + struct mac label; +#endif #ifdef UFS_ACL struct acl *acl, *dacl; #endif @@ -1511,6 +1641,31 @@ error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(dvp) | DOINGASYNC(dvp))); if (error) goto bad; + +#ifdef MAC + mac_create_object(cnp->cn_cred, &label); + error = vn_extattr_set(tvp, IO_NODELOCKED, + FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, + sizeof(label), (char *) &label, cnp->cn_thread); + switch (error) { + case 0: + break; + case ENOENT: /* XXX: Should be ENOATTR. */ + case EOPNOTSUPP: + /* Authorize creation of a file with the device label. */ + ump = VFSTOUFS(tvp->v_mount); + error = mac_can(cnp->cn_cred, &ump->um_label, MAC_CREATE, 0); + if (error == 0) + break; + printf("ufs_mkdir: cannot assign MAC or use default\n"); + /* Falls through. */ + default: + printf("ufs_mkdir failed (%d)\n", error); + UFS_VFREE(tvp, ip->i_number, dmode); + vput(tvp); + return (error); + } +#endif /* !MAC */ #ifdef UFS_ACL if (acl != NULL) { /* @@ -2247,6 +2402,10 @@ register struct inode *ip, *pdir; struct direct newdir; struct vnode *tvp; +#ifdef MAC + struct ufsmount *ump; + struct mac label; +#endif #ifdef UFS_ACL struct acl *acl; #endif @@ -2383,6 +2542,35 @@ error = UFS_UPDATE(tvp, !(DOINGSOFTDEP(tvp) | DOINGASYNC(tvp))); if (error) goto bad; +/* + * Set the MAC label for the newly created file. Attempt to set it using + * the credential of the writer; if this is not allowed, check to see if + * the writer has the same label as the default file system label. If neither + * succeeds, then fail closed. + */ +#ifdef MAC + mac_create_object(cnp->cn_cred, &label); + error = vn_extattr_set(tvp, IO_NODELOCKED, + FREEBSD_MAC_EXTATTR_NAMESPACE, FREEBSD_MAC_EXTATTR_NAME, + sizeof(label), (char *) &label, cnp->cn_thread); + switch (error) { + case 0: + break; + case ENOENT: /* XXX: should be ENOATTR. */ + case EOPNOTSUPP: + /* Authorize creation of a file with the device label. */ + ump = VFSTOUFS(tvp->v_mount); + error = mac_can(cnp->cn_cred, &ump->um_label, MAC_CREATE, 0); + if (error == 0) + break; + /* Falls through. */ + default: + printf("ufs_makeinode failed (%d)\n", error); + UFS_VFREE(tvp, ip->i_number, mode); + vput(tvp); + return (error); + } +#endif /* !MAC */ #ifdef UFS_ACL if (acl != NULL) { /* @@ -2558,6 +2746,9 @@ { &vop_close_desc, (vop_t *) ufs_close }, { &vop_create_desc, (vop_t *) ufs_create }, { &vop_getattr_desc, (vop_t *) ufs_getattr }, +#ifdef MAC + { &vop_getlabel_desc, (vop_t *) ufs_getlabel }, +#endif MAC { &vop_inactive_desc, (vop_t *) ufs_inactive }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_link_desc, (vop_t *) ufs_link }, @@ -2578,6 +2769,9 @@ { &vop_rename_desc, (vop_t *) ufs_rename }, { &vop_rmdir_desc, (vop_t *) ufs_rmdir }, { &vop_setattr_desc, (vop_t *) ufs_setattr }, +#ifdef MAC + { &vop_setlabel_desc, (vop_t *) ufs_setlabel }, +#endif { &vop_strategy_desc, (vop_t *) ufs_strategy }, { &vop_symlink_desc, (vop_t *) ufs_symlink }, { &vop_unlock_desc, (vop_t *) vop_stdunlock }, @@ -2599,6 +2793,9 @@ { &vop_access_desc, (vop_t *) ufs_access }, { &vop_close_desc, (vop_t *) ufsspec_close }, { &vop_getattr_desc, (vop_t *) ufs_getattr }, +#ifdef MAC + { &vop_getlabel_desc, (vop_t *) ufs_getlabel }, +#endif { &vop_inactive_desc, (vop_t *) ufs_inactive }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_lock_desc, (vop_t *) vop_stdlock }, @@ -2606,6 +2803,9 @@ { &vop_read_desc, (vop_t *) ufsspec_read }, { &vop_reclaim_desc, (vop_t *) ufs_reclaim }, { &vop_setattr_desc, (vop_t *) ufs_setattr }, +#ifdef MAC + { &vop_setlabel_desc, (vop_t *) ufs_setlabel }, +#endif { &vop_unlock_desc, (vop_t *) vop_stdunlock }, { &vop_write_desc, (vop_t *) ufsspec_write }, #ifdef UFS_ACL @@ -2625,6 +2825,9 @@ { &vop_access_desc, (vop_t *) ufs_access }, { &vop_close_desc, (vop_t *) ufsfifo_close }, { &vop_getattr_desc, (vop_t *) ufs_getattr }, +#ifdef MAC + { &vop_getlabel_desc, (vop_t *) ufs_getlabel }, +#endif { &vop_inactive_desc, (vop_t *) ufs_inactive }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_kqfilter_desc, (vop_t *) ufsfifo_kqfilter }, @@ -2633,6 +2836,9 @@ { &vop_read_desc, (vop_t *) ufsfifo_read }, { &vop_reclaim_desc, (vop_t *) ufs_reclaim }, { &vop_setattr_desc, (vop_t *) ufs_setattr }, +#ifdef MAC + { &vop_setlabel_desc, (vop_t *) ufs_setlabel }, +#endif { &vop_unlock_desc, (vop_t *) vop_stdunlock }, { &vop_write_desc, (vop_t *) ufsfifo_write }, #ifdef UFS_ACL Index: sys/ufs/ufs/ufsmount.h =================================================================== RCS file: /home/ncvs/src/sys/ufs/ufs/ufsmount.h,v retrieving revision 1.22 diff -u -r1.22 ufsmount.h --- sys/ufs/ufs/ufsmount.h 2001/09/12 08:38:11 1.22 +++ sys/ufs/ufs/ufsmount.h 2001/09/13 22:03:06 @@ -77,6 +77,7 @@ struct vnode *um_quotas[MAXQUOTAS]; /* pointer to quota files */ struct ucred *um_cred[MAXQUOTAS]; /* quota file access cred */ struct ufs_extattr_per_mount um_extattr; /* extended attrs */ + struct mac um_label; /* immutable mounter label */ u_long um_nindir; /* indirect ptrs per block */ u_long um_bptrtodb; /* indir ptr to disk block */ u_long um_seqinc; /* inc between seq blocks */ Index: usr.bin/login/login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.70 diff -u -r1.70 login.c --- usr.bin/login/login.c 2001/11/16 04:39:16 1.70 +++ usr.bin/login/login.c 2001/11/17 15:36:38 @@ -394,7 +394,13 @@ lc = login_getpwclass(pwd); quietlog = login_getcapbool(lc, "hushlogin", 0); +#if 0 /* + * XXX: The sete[ug]id code here is broken in the base system + * because it doesn't do setgroups(). It's even more broken + * with MAC. This test needs to happen further down, below + * the setusercontext call. + * * Switching needed for NFS with root access disabled. * * XXX: This change fails to modify the additional groups for the @@ -414,6 +420,7 @@ } (void)seteuid(euid); (void)setegid(egid); +#endif if (!quietlog) quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; @@ -630,6 +637,22 @@ syslog(LOG_ERR, "setusercontext() failed - exiting"); exit(1); } + +#if 1 + /* + * XXX: The home directory check should really go here, after + * credentials are appropriately configured. + */ + if (!*pwd->pw_dir || chdir(pwd->pw_dir) < 0) { + if (login_getcapbool(lc, "requirehome", 0)) + refused("Home directory not available", "HOMEDIR", 1); + if (chdir("/") < 0) + refused("Cannot find root directory", "ROOTDIR", 1); + if (!quietlog || *pwd->pw_dir) + printf("No home directory.\nLogging in with home = \"/\".\n"); + pwd->pw_dir = "/"; + } +#endif (void)setenv("SHELL", pwd->pw_shell, 1); (void)setenv("HOME", pwd->pw_dir, 1); Index: usr.bin/netstat/inet6.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/inet6.c,v retrieving revision 1.18 diff -u -r1.18 inet6.c --- usr.bin/netstat/inet6.c 2001/09/07 12:00:49 1.18 +++ usr.bin/netstat/inet6.c 2001/09/23 22:27:15 @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include Index: usr.bin/netstat/iso.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/iso.c,v retrieving revision 1.9 diff -u -r1.9 iso.c --- usr.bin/netstat/iso.c 2001/06/15 23:55:45 1.9 +++ usr.bin/netstat/iso.c 2001/09/23 22:51:28 @@ -66,6 +66,7 @@ */ #include +#include #include #include #include Index: usr.bin/netstat/mbuf.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/mbuf.c,v retrieving revision 1.29 diff -u -r1.29 mbuf.c --- usr.bin/netstat/mbuf.c 2001/09/30 01:58:37 1.29 +++ usr.bin/netstat/mbuf.c 2001/10/01 17:19:30 @@ -40,6 +40,7 @@ #endif /* not lint */ #include +#include #include #include #include Index: usr.bin/netstat/mroute.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/mroute.c,v retrieving revision 1.18 diff -u -r1.18 mroute.c --- usr.bin/netstat/mroute.c 2001/09/07 12:59:30 1.18 +++ usr.bin/netstat/mroute.c 2001/09/23 22:51:39 @@ -54,6 +54,7 @@ #include #include #include +#include #include #include Index: usr.bin/netstat/ns.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/ns.c,v retrieving revision 1.5 diff -u -r1.5 ns.c --- usr.bin/netstat/ns.c 2001/06/15 23:55:45 1.5 +++ usr.bin/netstat/ns.c 2001/09/23 22:51:47 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include Index: usr.bin/netstat/unix.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/unix.c,v retrieving revision 1.16 diff -u -r1.16 unix.c --- usr.bin/netstat/unix.c 2001/06/15 23:35:13 1.16 +++ usr.bin/netstat/unix.c 2001/09/23 22:51:57 @@ -47,6 +47,7 @@ #include #include #include +#include #include #include #include Index: usr.bin/passwd/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/passwd/Makefile,v retrieving revision 1.42 diff -u -r1.42 Makefile --- usr.bin/passwd/Makefile 2001/09/13 06:48:17 1.42 +++ usr.bin/passwd/Makefile 2001/09/24 02:11:54 @@ -44,6 +44,9 @@ -I${.CURDIR}/../../usr.sbin/rpc.yppasswdd \ -Dyp_error=warnx -DLOGGING +.if defined(MAC) +CFLAGS+=-DMAC +.endif .endif CLEANFILES= ${GENSRCS} Index: usr.bin/passwd/local_passwd.c =================================================================== RCS file: /home/ncvs/src/usr.bin/passwd/local_passwd.c,v retrieving revision 1.27 diff -u -r1.27 local_passwd.c --- usr.bin/passwd/local_passwd.c 2001/03/11 16:37:30 1.27 +++ usr.bin/passwd/local_passwd.c 2001/05/31 14:50:00 @@ -39,6 +39,9 @@ #include #include +#ifdef MAC +#include +#endif #include #include @@ -70,6 +73,9 @@ #include "extern.h" static uid_t uid; +#ifdef MAC +static mac_t label; +#endif int randinit; char *tempname; @@ -208,6 +214,13 @@ uid = getuid(); if (uid && uid != pw->pw_uid) errx(1, "%s", strerror(EACCES)); +#ifdef MAC + label = mac_get_proc(); + if (label == NULL) + err(1, "mac_get_proc"); + if (mac_set_proc(&mac_userland_system_high_label) == -1) + err(1, "mac_set_proc"); +#endif pw_init(); Index: usr.bin/systat/mbufs.c =================================================================== RCS file: /home/ncvs/src/usr.bin/systat/mbufs.c,v retrieving revision 1.15 diff -u -r1.15 mbufs.c --- usr.bin/systat/mbufs.c 2001/09/30 01:58:39 1.15 +++ usr.bin/systat/mbufs.c 2001/10/01 17:19:42 @@ -39,6 +39,7 @@ #include #include +#include #include #include Index: usr.sbin/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/Makefile,v retrieving revision 1.211 diff -u -r1.211 Makefile --- usr.sbin/Makefile 2001/11/04 06:15:28 1.211 +++ usr.sbin/Makefile 2001/11/17 15:37:27 @@ -34,6 +34,8 @@ fdread \ fdwrite \ getextattr \ + getfmac \ + getpmac \ gifconfig \ ifmcstat \ inetd \ @@ -98,7 +100,9 @@ rwhod \ sa \ setextattr \ + setfmac \ setkey \ + setpmac \ sliplogin \ slstat \ spray \ Index: usr.sbin/getfmac/Makefile =================================================================== RCS file: Makefile diff -N Makefile --- /dev/null Sat Nov 17 13:11:02 2001 +++ Makefile Sun Sep 23 22:12:26 2001 @@ -0,0 +1,5 @@ +PROG= getfmac +SRCS= getfmac.c +CFLAGS+=-Wall +NOMAN=yes +.include Index: usr.sbin/getfmac/getfmac.c =================================================================== RCS file: getfmac.c diff -N getfmac.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ getfmac.c Sun Nov 19 17:56:36 2000 @@ -0,0 +1,34 @@ +#include +#include + +#include + +int +main(int argc, char *argv[]) +{ + mac_t label; + char *string; + int i, had_error = 0; + + if (argc < 2) { + fprintf(stderr, "getfmac [file ...]\n"); + return (-1); + } + + for (i = 1; i < argc; i++) { + label = mac_get_file(argv[i]); + if (label == NULL) { + perror(argv[i]); + had_error = -1; + } else { + string = mac_to_text(label, NULL); + if (string == NULL) { + perror(argv[i]); + had_error = -1; + } else + printf("%s: %s\n", argv[i], string); + } + } + + return (had_error); +} Index: usr.sbin/getpmac/Makefile =================================================================== RCS file: Makefile diff -N Makefile --- /dev/null Sat Nov 17 13:11:02 2001 +++ Makefile Sun Sep 23 22:12:28 2001 @@ -0,0 +1,5 @@ +PROG= getpmac +SRCS= getpmac.c +CFLAGS+=-Wall +NOMAN=yes +.include Index: usr.sbin/getpmac/getpmac.c =================================================================== RCS file: getpmac.c diff -N getpmac.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ getpmac.c Sun Nov 19 17:56:36 2000 @@ -0,0 +1,28 @@ +#include +#include + +#include + +int +main(int argc, char *argv[]) +{ + struct mac label; + char *buf; + int error; + + error = __mac_get_proc(&label); + if (error) { + perror("mac_get_proc"); + return (-1); + } + + buf = mac_to_text(&label, NULL); + if (buf == NULL) { + perror("mac_to_text"); + return (-1); + } + + printf("%s\n", buf); + + return (0); +} Index: usr.sbin/i4b/ispppcontrol/ispppcontrol.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/i4b/ispppcontrol/ispppcontrol.c,v retrieving revision 1.1 diff -u -r1.1 ispppcontrol.c --- usr.sbin/i4b/ispppcontrol/ispppcontrol.c 2000/10/09 14:22:50 1.1 +++ usr.sbin/i4b/ispppcontrol/ispppcontrol.c 2001/09/24 15:27:58 @@ -42,7 +42,6 @@ #include #include #include -#include #include #include #include Index: usr.sbin/setfmac/Makefile =================================================================== RCS file: Makefile diff -N Makefile --- /dev/null Sat Nov 17 13:11:02 2001 +++ Makefile Sun Sep 23 22:12:46 2001 @@ -0,0 +1,5 @@ +PROG= setfmac +SRCS= setfmac.c +CFLAGS+=-Wall +NOMAN=yes +.include Index: usr.sbin/setfmac/setfmac.c =================================================================== RCS file: setfmac.c diff -N setfmac.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ setfmac.c Sun Nov 19 17:56:36 2000 @@ -0,0 +1,30 @@ +#include +#include + +#include + +int +main(int argc, char *argv[]) +{ + mac_t label; + int i, had_error = 0; + + if (argc < 3) { + fprintf(stderr, "setfmac [label] [file ...]\n"); + return (-1); + } + + label = mac_from_text(argv[1]); + if (label == NULL) { + perror("mac_from_text"); + return (-1); + } + + for (i = 2; i < argc; i++) + if (mac_set_file(argv[i], label) != 0) { + perror(argv[i]); + had_error = -1; + } + + return (had_error); +} Index: usr.sbin/setpmac/Makefile =================================================================== RCS file: Makefile diff -N Makefile --- /dev/null Sat Nov 17 13:11:02 2001 +++ Makefile Sun Sep 23 22:12:48 2001 @@ -0,0 +1,5 @@ +PROG= setpmac +SRCS= setpmac.c +CFLAGS+=-Wall +NOMAN=yes +.include Index: usr.sbin/setpmac/setpmac.c =================================================================== RCS file: setpmac.c diff -N setpmac.c --- /dev/null Sat Nov 17 13:11:02 2001 +++ setpmac.c Sun Nov 19 17:56:36 2000 @@ -0,0 +1,41 @@ +#include +#include + +#include +#include + +extern char *environ[]; + +int +main(int argc, char *argv[]) +{ + struct mac *label; + int error; + + if (argc < 3) { + fprintf(stderr, "setpmac [label] [binary] [args...]\n"); + return (-1); + } + + label = mac_from_text(argv[1]); + if (label == NULL) { + perror("mac_from_text"); + return (-1); + } + + error = __mac_set_proc(label); + if (error) { + perror("mac_set_proc"); + return (-1); + } + + mac_free(label); + + error = execve(argv[2], argv + 2, environ); + if (error) { + perror(argv[2]); + return (-1); + } + + return (0); +}