that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
- Added missing NOCRYPT and NO_OPENSSL checks for Kerberos.
- Don't depend on -lcrypto and -lcrypt in pam_ssh to resolve
dependencies in pam_krb5 and pam_ksu -- the former may not
be compiled at all if NO_OPENSSH knob is enabled.
- Added missing -lcrypt to pam_ssh dependencies.
- Moved librpcsvc after libypclnt.
(The last two aren't strictly speaking necessary to resolve
the dependencies of static versions of pam_ssh and pam_unix,
respectively, but they correspond to dynamic dependencies
of libssh and libypclnt, and are put here for consistency.)
In collaboration with: bde
Reviewed by: des
that Asus provides on its CDs has both a MiniportSend() routine
and a MiniportSendPackets() function. The Microsoft NDIS docs say
that if a driver has both, only the MiniportSendPackets() routine
will be used. Although I think I implemented the support correctly,
calling the MiniportSend() routine seems to result in no packets going
out on the air, even though no error status is returned. The
MiniportSendPackets() function does work though, so at least in
this case it doesn't matter.
In if_ndis.c:ndis_getstate_80211(), if ndis_get_assoc() returns
an error, don't bother trying to obtain any other state since the
calls may fail, or worse cause the underlying driver to crash.
(The above two changes make the Asus-supplied Centrino work.)
Also, when calling the OID_802_11_CONFIGURATION OID, remember
to initialize the structure lengths correctly.
In subr_ndis.c:ndis_open_file(), set the current working directory
to rootvnode if we're in a thread that doesn't have a current
working directory set.
machdep.c fixed the missing early initialization of curpcb, so curpcb
is now always set together with curthread and it cannot be NULL except
before the IDT has been set up (so trap() is unreachable) or after a
memory error. In any case, it was often used without checking.
curcpb shouldn't exist anyway. It doesn't exist for most non-i386 arches.
It just caches curthread->td_pcb in a global. This was a better idea
before it was per-cpu. trap() and some other places can get at it more
efficiently using td->td_pcb instead of PCPU_GET(curpcb). The main
exception is support.s which mostly wants only curpcb->pcb_onfault.
overridden by the threads library to provide a userland version
of non-pshared semaphores and cancellation points. Also add
a sem_timedwait().
The libc version of semaphores always uses kernel semaphores
regardless of whether pshared is set or not. When threads are
not present, it is difficult to get sem_wait() or sem_timedwait()
to do the right thing (since pthread_cond_timedwait() and
pthread_cond_wait() are stubs in libc and just return immediately).
instead, just dec/inc in the ctor/dtor. For now, increment/decrement
in two's, since we're now performing the operation once per pair,
not once per pipe. Not really any measurable performance change
in my micro-benchmarks, but doing less work is good, especially when
it comes to atomic operations.
Suggested by: alc
it is still above the critical temperature on the next poll cycle. This
is a 10 second advance notice by default. Document the private
(non-standard) notify we will be using with devd(8).
changes to jointly allocated pipe pairs. Replace these checks
with pipe_present checks. This avoids a NULL pointer dereference
when a pipe is half-closed.
Submitted by: Peter Edwards <peter.edwards@openet-telecom.com>
individules from asking a question which may result in the following answer:
"Hi, please do not run a newfs utility on a file system if there
is still data on it you would like to keep."
PR: 56894
Submitted by: Marc Silver <marcs@draenor.org> (original version)
used for the ICMP reply source in reponse to packets which are not
directly addressed to us. By default continue with with normal
source selection.
Reviewed by: bms
- Removed libopie and libmd; libopie used to serve auth-skey.c
which is compiled now only to ease maintenance, as well as
a few other auth-*.c sources.
Reviewed by: des
1. Root from inside a jail was able to unmount any file system
(except /).
2. Unprivileged root was able to unmount file systems mounted by
privileged root (execpt /).
3. User from inside a jail was able to mount file system when
sysctl vfs.usermount was set to 1.
4. User was able to mount file system when vfs.usermount was set to 1
(that's ok) and unmount it even if vfs.usermount was equal to 0
(that's not correct).
Possibility from point 1 was reported by: Dariusz Kowalski <darek@76.pl>
Only a part of this fix will be MFC'ed (if approved).
PR: kern/60149
Reviewed by: rwatson
Approved by: scottl (mentor)
MFC after: 3 days
in those cases:
1. File system was mounted by an unprivileged user.
2. File system was mounted by an unprivileged root user.
3. File system was mounted by a privileged non-root user.
Point 1 is when file system was mounted by unprivileged user
(sysctl vfs.usermount was equal to 1 then).
Point 2 is when file system was mounted by root, while sysctl
security.bsd.suser_enabled is set to 0 and sysctl vfs.usermount
is set to 1.
Point 3 is because we want to be ready for capabilities.
Reviewed by: rwatson
Approved by: scottl (mentor)
the system. Also, decrease the poll interval to 10 seconds from 30
seconds. This is needed because some systems will report an invalid high
temperature for one poll cycle. It is suspected this is due to the
embedded controller timing out. A typical value is 138C for one cycle on a
system that is otherwise 65C. This prevents the system from prematurely
shutting down after one invalid reading. It will still shut down after 30
seconds of high temperature, which is the same as previous default
behavior.
Tested by: Scott Lambert <lambert AT lambertfam.org>