command:
AUTHNAME: The local authname
ENDDISC: The local endpoint discriminator
LABEL: The configuration label in use
PEER_ENDDISC: The peers endpoint discriminator
USER: The peers authname
anything for two mintues (see ``set choked'' and ``show
bundle''), nuke the ip, mp and link level buffer queues.
This should fix problems where ``ppp -auto'' seems to stop
responding after failing to connect to the peer a few times.
for 11520-byte buffers for 115200 bps are displayed properly.
Fixed my recent printf format error fixes. %p is almost unusable
in tables, since its width and format are unknown/machine-dependent.
Use %8lx and cast pointers to (u_long)(void*). This is still quite
broken, e.g., for machines with 64-bit pointers.
an *interactive* command for newbies. The pw(8) does now a much better
job for adding users from command line. Also, the -batch option is
not well tested, buggy and unsupported.
predictable /tmp files (static prefix + process number) which are
overwritten blindly, and follow links.
These workarounds change it from a process number to a very random
(9999 with tons of decimal places) number.
PR: 7565
Submitted by: Thomas Stromberg <tstrombe@rtci.com>
the `-literal' after the closing .Ed.
Where this happens, use ``.Bd -unfilled'' with ``.It Li'' to dodge
the problem - it looks better too.
Problem reported by: Dom Mitchell <dom@phmit.demon.co.uk>
to be clever by avoiding the 'check all domains in the search list'
cycle in certain cases, but this would lose if handed a name like
"foo.ctr" which refers to an FQDN of "foo.ctr.columbia.edu". If
"columbia.edu" is in the search list in /etc/resolv.conf then the
DNS lookup code should resolve it, but it didn't.
the device is successfully opened. If we fail to open it,
mention the fact.
Also go back into command mode as soon as the device is closed
rather than waiting for the user to type something before noticing.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
snprintf function itself is still #ifdef'd out by conf.h. This allows this
program to link when compiled without optimization. With optimization,
the call to quad_to_string gets removed by the compiler. Unfortunately
the linker still links in the quad_to_string function even though it
isn't called. 8-(
consider it a exit failure if it doesn't work. This means that root
processes can safely get the lock, but normal processes can still use
the 'pw' utility to get information (which may change out from under
them.)
from PR/6787, but allow non-root users to use pw to get password
information. However, this should be safe since the fixes for
disallowing multiple instances from modifying the DB are still intact.
Bug noted by: dima@best.net (Dima Ruban)
do TLD *before* processing the config request as
TLD initialises the peers LCP values.
It's strange that an IRC isn't required here - but
I'll bow to the wisdom of the rfc.
``add .... HISADDR''. The network will never be
reachable at this point unless we're in -auto or reading
the command from ppp.linkup.
We can now run the following lines and get the expected
results:
set ifaddr 1.2.3.4/0 5.6.7.8/0
add default HISADDR
where a route is added immediately in auto mode and the
whole thing is delayed 'till the IP numbers have been
agreed in other modes.
Essentially, ppp.linkup is no longer required.
diagnostics (which are on by default).
o Deal correctly with both sides wanting CHAP.
o Output a warning if we're using an empty ``authname''. This is
*not* what we want to do.
-current (Thanks Harald). However, on my attempt to try this on -STABLE,
I found that when forwarding to another host the actual messages gets lost.
This is due to a wrong index because when the -v option was added, the
indexes shifted one place.
PR: 7407
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
(a.k.a. /var/yp/Makefile.dist) refers to an obsoleted usage of the
-m option of rpc.yppasswdd. It is currently taken over by the -t
option. -m is used for a different purpose now.
PR: 7279
Reviewed by: phk
Submitted by: Amakawa Shuhei <amakawa@nebula.sf.t.u-tokyo.ac.jp>
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.
Twelve years ago, code was added to inetd to detect "failing
servers". The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing"). These
compile-time constants vary depending on vendor.
The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).
Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.
PR: 7286
Reviewed by: phk
Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
run at the same time.
Notes:
The fileupdate function is still somewhat broken. Instead of
returning a failure code if it can't modify the original file it
renames the .new file and continues as though nothing is wrong.
This will cause the lock on the original file to be lost and could
lead to a similar race condition. I left that portion of the code
alone since I feel that the maintainer of the code would have a
better concept of how he wants to handle errors in that function
than I do.
PR: bin/6787
Submitted by: Craig Spannring <cts@internetcds.com>
them as ints. Among other bugs, doing so at best caused benign
overflow followed by fatal sign extension on machines with 32-bit
ints and 64-bit longs.
define MAXUSERS in opt_param.h as directed in /sys/conf/options;
if it's not mentioned there, then define it in IDENT; never define
it in PARAM). MAXUSERS probably should be a completely normal option.
Don't define PARAM now that it is empty.
Cleaned up similar conversion of cpu directives to XXX_CPU options.
was used as if it is 1-based. This happened to give the correct result
for options without values because of a compensating error in newline
lexing. Didn't fix the latter, so line numbers in yyerror() may still
be 1 too high in some cases.
exceeds DATALINK_READY. When we go back to READY or less
(eg. ``close lcp''), switch the carrier-checking-timer off again.
This fixes the callback example in ppp.conf.sample.
Noted as broken by: Damian Kuczynski <damian@best.pw.edu.pl>
they may not be logins. The code for determining whether it is a pty
entry is broken.
PR: 7137
Reviewed by: phk
Submitted by: Tom Rush <tarush@mindspring.com>
o If we've denied and disabled all compression protocols, stay
in ST_INITIAL and do an LCP protocol reject if we receive any
CCP packets.
o If we've disabled all compression protocols, go to ST_STOPPED
and wait for the other side to ask for something.
o If we've got anything enabled, start REQing as soon as the auth
layer is up.
o If we're in multilink mode, than the link level CCP goes
straight to ST_STOPPED irrespective of what's configured so that
we never try to compress compressed stuff by default.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.
open capable of re-negotiatiating the various layers.
It is now possible to change various link options and then
re-open the relevant layer, making the changes effective -
for example, switching off VJ compression or starting ECHO
LQRs on-the-fly.
with export lines where the same hostname was specified more than once
(this happens a lot with netgroups sometimes). Recently I discovered
that it needs to be hacked to deal with multiple instances of the
same IP address too.
I've been using this modification locally for several months with no
hassles.
This allows one to specify additional sockets in the unix domain
that syslogd listens to. Its primary use is to create log sockets in
chroot environments.
Obtained from:OpenBSD (with a bug fixed d
end up writing zero bytes, sleep for 1/10 of a second so that
we don't end up using up too much cpu.
This should only ever happen on systems that wrongly report a
descriptor as writable despite the tty buffer being full.
Discussed with: Jeff Evarts
o Do an initial run-time check to see if select() alters the passed
timeval. This knowledge isn't yet used, but will be soon.
Don't generate declarations for isa interrupt handlers at all.
Isa interrupt handlers are now declared in <i386/isa/isa_device.h>
but should be converted take a `void *' arg and staticized as
soon as possible.
Updated CONFIGVERS. New configs are very incompatible with
previous versions.
o Always put a '\r' before a '\n' at the end of a line
in prompt_vPrintf() in term mode, and make prompt_Printf()
use prompt_vPrintf().
o Fix ~? message.
o Bring the static ``ttystate'' into struct prompt so that
the tilde context is per prompt and not global.
o Comment the remaining static variables so that it's
clear why they're static.
o Add some XXX comments suggesting that our interface list
and our hostname should be re-generated after a signal
(say SIGUSR1) so that a machine with PCCARDs has a chance.
Submitted by: Randall Hopper <rhh@ct.picker.com>
The patch supports using the X10 Mouse Remote in both stand-alone and
pass-through configurations, so you can plug your mouse and remote into the
same serial port, use the mouse for X, and use the remote for other apps
like Fxtv. For instance, we can now control fxtv via the remote control
just like a TV : change channels, mute, increase volume, zoom video,
freeze frame 8)
The mouse events are channeled through the syscons/sysmouse I/F like
normal, and the remote buttons are "syphoned off" to a UNIX-domain stream
socket (defined as _PATH_MOUSEREMOTE in <machine/mouse.h>) for a
remote-aware app to grab and use.
For further info on the X10 Mouse Remote see:
http://www.x10.com/products/x10_mk19a.htm
Submitted by: Mark Tinguely <tinguely@plains.NoDak.edu>
This change will allow a PPP host enabled with the "-alias" option to
run mrouted. This does not intend to forward the IGMP nor tunneled packets
to another host on the far side if the tun0 interface.
sl_uncompress_tcp() and drop packets with
slot numbers that are out of range.
o Drop packets that want to use a slot that still
has an IP header length of 0 (ie, the requested
slot number is bogus again).
Without this code, if the other side mis-behaves (and
sends us garbage slot numbers), we happily ``adjust''
a memset(..., '\0', ...) TCP/IP header and promptly
cr*p all over the stack before returning.... quickly
followed by a SIGBUS.
Dodgy ISP used by, and help locating the problem from: jmz
Problem also seen by: Mourad de Riche <omnibus@image.dk>
There's still a link lockup after this happens, but my
bets are on the other side (who has already started sending
rubbish) being to blame.
for all datalinks in a bundle. Ppp now deals correctly
with link types that are changed while open
o When changing the type of the last AUTO link, only clear
the interface if we're not in PHASE_NETWORK. This allows
us to switch to -ddial mode while we have a connection
without suddenly unexpectedly throttling ourselves by
clearing the interface configuration.
Problem area noted by: Aaron Jeremias Luz <aaron@csh.rit.edu>
category.
e.g. separate out ipfw entries to a separate file.
Reviewed by: (briefly) phk
Submitted by: archie@whistle.com
Obtained from: Whistle source tree
a buffer overflow, but might negatively impact those hosts who have
enough aliases to fill MAXHOSTNAMELEN * 2 characters in them.
Good candidate for merging back into -stable. Lightly tested by me, but
it came from OpenBSD a while ago.
Obtained from: OpenBSD
use strncat correctly
check buffer size in graph_name
Change paths from /tmp to /var/run for server sockets
This has been building in my tree for ages, but has remained lightly
tested.
Reviewed by: jkh ages ago
*after* shuffling fragments from the IP queue into the
individual link queues.
This fixes a latency problem pointed out by: Bruce Evans <bde@zeta.org.au>
to be created if it's missing, otherwise completely ignore it's modes and
owners. Primary intended targets: /usr/src and /usr/obj.
Adjust the 'not created: File exists' message to mention that it's a
directory that's the problem, otherwise it doesn't make sense.
I had created chown-style -L and -P flag to control logical/physical mode
(ie: whether symlinks were followed), but the nochange flag is enough to
get the blasted thing out of my hair so I took them back out.
-current branch. I mistakenly checked out the 2.2.x rpc.ypxfrd into my
-current working directory. No harm done, but I got really confused
when I went to check out rpc.ypxfrd again and found the changes I
wanted to make were already there. (I'm going to fix the other 2.2.x
versions of the other programs in a minute.)
Anyway: protect errno in the signal handler, in the -current version
of rpc.ypxfrd this time.
that we're now closing, manually HUP that session leader
so that the tty is fully released.
o Always restart our carrier detect timer in the receiving
process if it was running in the sending process (as we
now *always* pass the descriptor).
o Tweak argv when we go into pause() mode to keep our session
so that ps can see what's going on (without checking for a
`pause' state in `ps -l').
in `set mode', `allow modes', on the command line and when
outputting mode names. The strings are matched so that only
enough characters to uniquely identify the string are required,
so you can now
ppp -a mylabel (for auto mode)
ppp -b mylabel (for background mode)
ppp -dd mylabel (for direct dial mode)
etc.
o Make -ddial dial when specified on the command line (oops).
Pointed out by: Alex <garbanzo@hooked.net>
of supporting architectures with different device names.
o Close /dev/tunX when destroying the bundle.
o Don't forget to close the parent end of the pipe in the child
process when exec'ing a program from a chat script.
o If we close our controlling terminal, ditch the current session
with it, allowing getty(8) (or whatever) to regain control.
o After transferring our controlling terminal descriptor to another
ppp instance, we now fork a new ppp to continue where we left off,
transferring ownership of all uucp locks and the /var/run/tunX.pid
file. Meanwhile the parent closes all file descriptors, defaults
all signals and does a pause() to wait for a HUP after the
transferred descriptor is finally closed.
We don't run /bin/cat any more (again!).
Suggested by: bde
TODO: It seems clocal devices need their pause()d session leader
to be given a manual HUP, as closing the last open descriptor
doesn't do the job.
generate the data to transfer.
o Transfer uucp lock ownership for the transferred device.
o Don't assume we know the correct values of dev_is_modem and
mbits after the transfer.
This is obviously not a terribly used function as it's apparently been
broken forever.
It IS possible that this fix is wrong and that the KERNEL is wrong
(in which case you should fix if_ethersubr.c) either way it certainly has more hope of
working now than before. I'd take it to 2.2 except that obviously no-one cares :-)
