| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Without the void * casts, the compiler complains about an alignment
requirement increase.
Reviewed by: kib, markj
Obtained from: CheriBSD
Effort: CHERI upstreaming
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D53946
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The libcasper package exists to contain libcasper, but for some reason
only the libcap_net service was in the package, with libcasper itself
and the rest of the services being in runtime. Move everything to the
libcasper package, except tests which stay in the tests package.
MFC after: 1 day
Reviewed by: emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D53576
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The implicit cast is incompatible with standard compiler options in a
C++ project, making the library difficult to use.
Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
Sponsored by: Defenso
MFC after: 3 days
Discussed with: kevans
Reviewed by: emaste, vexeduxr
Pull request: https://github.com/freebsd/freebsd-src/pull/1857
|
| |
|
|
|
|
|
|
| |
Extensively revised the manual page with clearer phrasing, better
structure, and corrected grammar throughout. Also fixed typos and
improved overall readability of the documentation.
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
|
| |
|
|
|
|
|
| |
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/1779
|
| |
|
|
|
|
|
| |
Signed-off-by: Siva Mahadevan <me@svmhdvn.name>
Reviewed by: markj
Pull Request: https://github.com/freebsd/freebsd-src/pull/1738
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The get{addr,name}info(3) API is designed to return an API-specific error
code that is independent of errno. The cap_get{addr,name}info() functions
returned either an errno or API-specific error code inconsistently.
This change fixes this mismatch.
When the API returns an errno, the return value itself is set to
EAI_SYSTEM and errno is set depending on the actual error. So, usually
this API is called in the following form:
error = getnameinfo(...);
if (error == EAI_SYSTEM)
perror("getnameinfo");
else if (error)
errx(1, "getnameinfo: %s", gai_strerror(error);
If the above getnameinfo() call is replaced with cap_getnameinfo(),
it breaks the error handling. For example, the cap_get{addr,name}info()
functions can return ENOTCAPABLE.
This change simply adds "errno", in addition to "error", to the nvlout and
cap_get{addr,name}info() restores the errno if the error code is EAI_SYSTEM.
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D45859
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cap_net.h uses "#define cap_f(chan, a) f(a)" to call the conventional
service function with the first argument of cap_f() dropped for
compatibility with the environment where the casper service is
unavailable. However, this function-like macro does not work when the
arguments contains C99 compound literals, such as f(chan, (int[]){1,2,3}).
The following is a typical example:
error = cap_getaddrinfo(capnet, "192.168.0.1", "100",
&(struct addrinfo){
.ai_family = AF_INET,
.ai_flags = AI_NUMERICHOST
}, &res);
Using cap_f(chan, ...) and __VA_ARGS__ in C99 seems a reasonable solution
for this problem. While there is a workaround using parenthesis around
the compound literal like f(chan, ((int[]){1,2,3})), it is not intuitive
and the above example works when the cap_net is available and f() is
defined as a function.
A possible moot point is that __VA_ARGS__ cannot control how many
arguments are passed at the macro level, and "chan" is not protected.
However, "chan" is less likely to be written in compound literal, and
the function prototype should check the remaining arguments.
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D45858
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were reported by `mandoc -T lint ...` as errors.
The rendered output (in ascii and html) is not affected by this commit.
Additional clarification: there was a non-breaking space in
lib/libcasper/services/cap_grp/cap_grp.3.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1449
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were reported by `mandoc -T lint` as
ERROR: skipping unknown macro
When these pages were rendered with `man`, the "unknown macro" meant
that the entire line was omitted from the output.
Obvious typos in:
lib/libsys/swapon.2
lib/libsys/procctl.2
share/man/man9/firmware.9
lib/libcasper/services/cap_net/cap_net.3: 'mode' describes a function
argument.
lib/libsys/statfs.2: there's no .Tm command ("trademark?"), and
.Tn ("tradename") is deprecated, so remove the macro entirely.
usr.sbin/mfiutil/mfiutil.8: man was interpreting '/dev/' as a macro
(which it didn't recognize).
share/man/man4/qat.4: same issue as above, but with '0'. In this case,
given the context of the previous line, rewriting as "Value '0'"
seemed more appropriate.
usr.sbin/mlx5tool/mlx5tool.8: typo in .Xr
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Sponsored by: Tarsnap Backup Inc.
Reviewed by: concussious, imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1417
|
| |
|
|
|
|
|
| |
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
Reported by: GCC 14 -Wcalloc-transposed-args
Reviewed by: rlibby, emaste
Differential Revision: https://reviews.freebsd.org/D46005
|
| |
|
|
|
|
|
| |
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
| |
Capability rights passed to cap_rights_* are not simple bitmaks and
cannot be ORed together in general (although it will work for certain
subsets of rights).
PR: 277057
Fixes: faaf43b2a750 ("fileargs: add tests")
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/954
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
And neither are most libcasper services' functions, because internally
they all use cap_xfer_nvlist. cap_xfer_nvlist sends and then receives
data over a unix domain socket and associated with the cap_channel_t
argument. So absent synchronization, two threads may not use the same
cap_channel_t argument or they risk receiving the other's reply.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D42928
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This line appears to have been copied from cap_sysctl.3. While I'm
here, reorder and reword the description of cap_net_limit a bit.
[skip ci]
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D42919
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 13 incorrectly thinks a call to free after a failed realloc is a
use after free.
lib/libcasper/services/cap_grp/cap_grp.c: In function 'group_resize':
lib/libcasper/services/cap_grp/cap_grp.c:65:17: error: pointer 'buf' may be used after 'realloc' [-Werror=use-after-free]
65 | free(buf);
| ^~~~~~~~~
lib/libcasper/services/cap_grp/cap_grp.c:63:19: note: call to 'realloc' here
63 | gbuffer = realloc(buf, gbufsize);
| ^~~~~~~~~~~~~~~~~~~~~~
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D42576
|
| |
|
|
|
| |
Some Makefile.depend* files were committed with no contents or empty
DIRDEPS list, but they should have DIRDEPS with some contents.
|
| |
|
|
|
|
|
|
| |
Previously, while checking name2addr capabilities, we mistakenly used
the addr2name set. This error could cause a process to inadvertently
reset its limitations.
Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>
|
| |
|
|
| |
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
| |
|
|
| |
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
| |
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| |
|
|
| |
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
| |
|
|
| |
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
|
| |
|
|
|
|
|
|
|
| |
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
|
| |
When testing cap_connect() and name/addr lookup functions, skip tests if
we fail and the error is not ENOTCAPABLE. This makes the tests amenable
to running in CI without Internet connectivity.
Reviewed by: oshogbo
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D39242
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a malicious casper process sent a host or service string that was
too long, cap_getnameinfo would overrun the caller's buffer by one byte.
The backends for this function needlessly allocated one extra byte
for these buffers. This was harmless, but could be confusing to readers.
Reported by: Coverity (an internal run at Dell)
Reviewed by: oshogbo, emaste
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D39347
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cap_dns tests require Internet access. Currently they fail when
that's not available, which for CI purposes is undesirable. Let's
instead skip the tests if none of the non-casper name/addr lookups
succeed.
To that end:
- Convert the tests to ATF so that skipping is easier to implement.
- Break up the tests into separate test cases.
- If one of the system (i.e., non-casper) lookup functions fails, skip
the test if all of them failed, otherwise fail the tests, since
partial failure indicates something is flaky and deserves a closer
look.
Reviewed by: oshogbo
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39241
|
| |
|
|
|
|
|
|
| |
These tests fail spuriously when run in parallel, since some of them
write a value to a global sysctl, read it back, and expect to see the
written value. These tests complete quite quickly in any case.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
These libraries are linked to directly by applications rather than
opened at runtime via dlopen().
Discussed with: oshogbo
Reviewed by: markj, emaste
Differential Revision: https://reviews.freebsd.org/D39245
|
| |
|
|
|
|
|
|
|
|
|
| |
* Correct some function prototypes which were documented with the wrong
pointer type.
* Clarify return values and requirements for freeing the limit handle.
MFC after: 1 week
Sponsored by: Axcient
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D37586
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
| |
We still want to fetch the variable just to verify that the interface
is right.
Reported by: pstef
|
| |
|
|
| |
MFC after: 5 days
|
| |
|
|
| |
MFC after: 5 days
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Summary: The manual pages need a bit of editing for language and clarity.
Reviewers: oshogbo, #manpages
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D32976
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- inserting missing end of block: Sh breaks Bl
- moving content out of list: Pp
- missing comma before name: Nm cap_*
- comma in function argument: cap_*
- skipping paragraph macro: Pp after Sh
- sections out of conventional order: Sh AUTHORS
Reviewed by: bcr
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31144
|
| |
|
|
|
|
|
|
|
|
|
| |
Create a casper service for netdb functions.
Initially only cap_getprotobyname is implemented.
This is needed for capsicumizing sockstat.
Reviewed by: oshogbo, bcr (manpages)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D24832
|
| |
|
|
|
|
|
|
| |
- Correct the type of the sysctl value.
- Initialize the oldsize parameter to cap_sysctlbyname()
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
|
| |
In situations when the current file name wasn't the first element on
the list we were cleaning the current name too early.
This might cause us to pre-cache the same file twice.
|
| |
|
|
|
|
| |
Approved by: oshogbo
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D2834
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some tests verify that the capgrp capability does not permit calls to
setgrent(3), but all tests need to ensure that they reset the
capability's group database handle, otherwise the local process and
casper process will be out of sync.
The cap_pwd tests already handle this.
Sponsored by: The FreeBSD Foundation
MFC after: 1 month
|
| | |
|
| | |
|
| |
|
|
|
| |
Expose structures and variables that may be used on systems
build without Casper support.
|
| |
|
|
|
|
|
|
| |
In libcasper, the first argument to the function is a structure that
represents a connection to Casper. On systems without Casper, macros
are used to interpose the Casper functions to standard libc ones.
This may cause errors/warnings that the variable is not used.
With the inline function, there is no such problem.
|
