Commit Graph

12768 Commits

Author SHA1 Message Date
bde
51955e087e Depend on libdisk.a. 1996-02-25 20:41:07 +00:00
bde
17cf778d70 Don't trash %ebp.
Obtained from: NetBSD
1996-02-25 20:29:46 +00:00
bde
dbf7db4c11 Use ${ECHO} instead of echo' so that make -s' is fairly quiet. 1996-02-25 20:25:05 +00:00
bde
b382388bb4 Removed vestigial support for the obsolete FIFO option. In ext2fs
it caused null pointer panics for all fifo operations unless FIFO
was defined.
1996-02-25 20:12:36 +00:00
wpaul
6c0d523235 Duh: remember to #include <stdlib.h> to pick up declarations for
malloc() and free().
1996-02-25 19:25:23 +00:00
dyson
afa8a25972 Re-insert a missing pmap_remove operation. 1996-02-25 05:08:57 +00:00
pst
71f6ede684 move stat behind open to cover corner case 1996-02-25 04:50:21 +00:00
dyson
87280e7d99 Fix a problem with tracking the modified bit. Eliminate the
ugly inline-asm code, and speed up the page-table-page tracking.
1996-02-25 03:02:53 +00:00
wpaul
a47d11508a update suggested flags for rpc.yppasswdd (-t now does what -m used to do) 1996-02-24 22:13:06 +00:00
wpaul
cbe46e1393 Add securenets support (uses same access control mechanism as ypserv,
also controlled by /var/yp/securenets).

Add -u flag to turn off the privileged port check done by yp_access();
some commercial systems (IRIX, Solaris 2.x, HP-UX, and probably others)
don't use a reserved port for submitting yppasswd updates. If we always
enforce the check, these client systems will be unable to submit updates
to us.

Document securenets support and -u flag in man page.

Like ypserv, you can compile rpc.yppasswdd to use the tcpwrapper package
instead of securenets if you want to.
1996-02-24 22:10:42 +00:00
wpaul
3555952bd7 Add real securenets support. By default, ypserv now uses /var/yp/securenets
in the same was as the SunOS ypserv (same format, described in ypserv man
page). If the user wants tcpwrapper style access control, they can
recompile ypserv to use that instead. This way we get securenets without
having to ship libwrap.a and tcpd.h with core FreeBSD distribution.

If /var/yp/securenets doesn't exist, ypserv allows all connections.
1996-02-24 22:01:48 +00:00
bde
55ec01c609 Added support for Cyclades and Digiboard devices.
Submitted by:	Daniel O'Callaghan <danny@lynx.its.unimelb.edu.au>
                + mods by bde
1996-02-24 19:51:25 +00:00
joerg
f3d11e63ba Now that we install the `flex' alias for our lex, we should also
install the `libfl' alias for libl.  Some third-party software will
expect it this way.

Submitted by:	Holm tiffe (holm@geophysik.tu-freiberg.de)
1996-02-24 16:31:31 +00:00
peter
e835fb9a44 Add minherit.2 to Makefile.. (oops, forgot it before) 1996-02-24 15:32:12 +00:00
peter
a87630bdaf If the two recently added sysctl variables exist, use those rather than
the statically compiled PS_STRINGS and USRSTACK variables.  This prevents
programs using setproctitle from coredumping if the kernel VM is increased,
and stops libkvm users (w, ps, etc) from needing to be recompiled if only
the VM layout changes.
1996-02-24 14:37:30 +00:00
peter
20cf976fb8 Add two sysctl variables that can be read by libutil and libkvm so that
they can adapt to simple kernel VM layout changes.
1996-02-24 14:32:53 +00:00
phk
08c9f63769 Make the ipfw LKM work again.
This concludes this round of updates to ipfw, have at it!
1996-02-24 13:41:57 +00:00
phk
17191b3aa0 Update to match kernel code. 1996-02-24 13:39:46 +00:00
phk
076edba777 Make getsockopt() capable of handling more than one mbuf worth of data.
Use this to read rules out of ipfw.
Add the lkm code to ipfw.c
1996-02-24 13:38:28 +00:00
phk
dde0a4d2ee A new ipfw program that can set and control the new features.
An almost correct usage is printed.
1996-02-24 00:20:56 +00:00
phk
f0e4b4efd9 The new firewall functionality:
Filter on the direction (in/out).
	Filter on fragment/not fragment.
1996-02-24 00:17:35 +00:00
peter
d3ec20fe05 Attempt to document the recent in_pcb local port address changes.. 1996-02-23 21:01:35 +00:00
phk
dc6272bde5 I overlooked this one. 1996-02-23 20:11:37 +00:00
peter
e1a4158815 rfork/minherit glue in libc
man pages adapted from OpenBSD's versions.
1996-02-23 19:56:55 +00:00
peter
3ce8274a11 Add prototype for rfork(). 1996-02-23 19:45:46 +00:00
peter
bc70ae9f93 Garrett pointed out that the correct place for unix system call args
is <sys/unistd.h>, with the prototype in <unistd.h>.  sys/unistd.h
is visible to the kernel compile, and is #included by unistd.h.

Also, I missed a reference to a static int in the midst of my other diffs.
1996-02-23 19:44:10 +00:00
peter
a205051d2b kern_descrip.c: add fdshare()/fdcopy()
kern_fork.c: add the tiny bit of code for rfork operation.
kern/sysv_*: shmfork() takes one less arg, it was never used.
sys/shm.h: drop "isvfork" arg from shmfork() prototype
sys/param.h: declare rfork args.. (this is where OpenBSD put it..)
sys/filedesc.h: protos for fdshare/fdcopy.
vm/vm_mmap.c: add minherit code, add rounding to mmap() type args where
it makes sense.
vm/*: drop unused isvfork arg.

Note: this rfork() implementation copies the address space mappings,
it does not connect the mappings together.  ie: once the two processes
have split, the pages may be shared, but the address space is not. If one
does a mmap() etc, it does not appear in the other.  This makes it not
useful for pthreads, but it is useful in it's own right for having
light-weight threads in a static shared address space.

Obtained from: Original by Ron Minnich, extended by OpenBSD
1996-02-23 18:49:25 +00:00
peter
418a349982 Run makesyscalls to regen the tables. 1996-02-23 18:31:34 +00:00
peter
0816c385e2 Add hooks for rfork/minherit pair, and reset args of vfork in preperation
for adding the syscalls.
1996-02-23 18:20:44 +00:00
peter
10c8f049a5 Note the syscall numbers used in BSD/OS 2.x. We dont want to
accidently use one of these ourselves as it'd make it harder to run
their binaries.
Also, remove the now-defunct #include "opt_sysvipc.h".
1996-02-23 18:03:08 +00:00
pst
3ace97abfa If a .db file is 0 length, initialize it as if it did not exist.
Reviewed by:	wollman
1996-02-23 17:57:32 +00:00
wpaul
38b65f3138 Merge in changes to support the new rpc.yppasswdd(8) and fix a few bugs.
In passwd(1):

- Gut most of yp_passwd.c and leave only a few things that aren't common
  to pw_yp.c.

- Add support for -d and -h flags to select domains and NIS server hosts
  to use when updating NIS passwords. This allows passwd(1) to be used
  for changing NIS passwords from machines that aren't configured as
  NIS clients. (This is mostly to allow passwd(1) to work on NIS master
  servers that aren't configured as clients -- an NIS server need not
  necessarily be configured as a client itself.)

  NOTE: Realize that having the ability to specify a domain and hostname
  lets you use passwd(1) (and chpass(1) too) to submit update requests
  to yppasswd daemons running on remote servers in remote domains which
  you may not even be bound to. For example, my machine at home is not
  an NIS client of the servers on the network that I manage, yet I can
  easily change my password at work using my FreeBSD box at home by doing:
  'passwd -d work.net.domain -h any.nis.server.on.my.net wpaul'. (Yes,
  I do use securenets at work; temporarily modified my securenets file
  to give my home system access.) Some people may not be too thrilled
  with this idea. Those who don't like this feature can recompile passwd(1)
  and chpass(1) with -DPARANOID to restrict the use of these flags to
  the superuser.

  (Oh, I should be adding proper securenets support to ypserv(8) and
  rpc.yppasswdd(8) over the weekend.)

- Merge in changes to allow root on the NIS master server to bypass
  authentication and change any user's NIS password. (The super-user
  on the NIS master already has privileges to do this, but doing it
  through passwd(1) is much easier than updating the maps by hand.)
  Note that passwd(1) communicates with rpc.yppasswdd(8) via a UNIX
  domain socket instead of via standard RPC/IP in this case.

- Update man page.

In chpass(1):

- Fix pw_yp.c to work properly in environments where NIS client
  services aren't available.

- Use realloc() instead of malloc() in copy_yp_pass() and copy_local_pass().

- Fix silly bug in copy_yp_pass(); some of the members of the passwd
  structure weren't being filled in correctly. (This went unnoticed
  for a while since the old yppasswdd didn't allow changes to the
  fields that were being botched.)

- chpass(1) now also allows the superuser on the NIS master server to
  make unrestricted changes to any user's NIS password information.

- Use UNIX domain comm channel to rpc.yppasswdd(8) when run by the
  superuser on the NIS master. This allows several new things:

   o superuser can update an entire master.passwd.{byname,byuid} entry
   o superuser can update records in arbitrary domains using -d flag to
     select a domain (before you could only change the default domain)
   o superuser can _add_ records to the NIS master.passwd maps, provided
     rpc.yppasswdd(8) has been started with the -a flag (to do this,
     the superuser must force NIS operation by specifying the -y flag
     to chpass(1) along with -a, i.e. 'chpass -y -a 'foo:::::::::')

- Back out the 'chpass -a <new password entry> breaks with NIS' fix
  from the last revision and fix it properly this time. The previous
  revision fixed the immediate problem but broke NIS operation in
  some cases.

- In edit.c, be a little more reasonable about deciding when to
  prevent the shell field from being changed.

  Submitted by Charles Owens <owensc@enc.edu>, who said:

  "I made a minor (one-line) modification to chpass, with regards
   to whether or not it allows the changing of shells.  In the 2.0.5 code,
   field changing follows the settings specified in the "list" structure
   defined in table.c .  For the shell, though, this is ignored.  A quick
   look in edit.c showed me why, but I don't understand why it was written as
   such.  The logic was

        if shell is standard shell, allow changing

   I changed it to

        if shell changing is allowed (per table.c) and it is a standard shell
             OR if uid=0, then allow changing."

   Makes sense to me.

- Update man page.
1996-02-23 16:08:59 +00:00
phk
a67505fd2b Update -current ipfw program as well.
I hope it all compiles...
1996-02-23 15:52:28 +00:00
phk
0c1232dc1b Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.

Code in -current & -stable is now the same.
1996-02-23 15:47:58 +00:00
adam
934b5043d3 rpc.yppasswdd instead of yppasswdd 1996-02-23 10:44:49 +00:00
peter
b1026a54d4 Add a dire warning about misusing the setlogin() system call. Be very
explicit that it is global to the entire "session", and that setsid() or
daemon() are need to have been called at some point.

The most notable offender of setlogin() misuse is XFree86's xdm.
1996-02-23 10:28:01 +00:00
ache
da851f1e00 Kill gets() found 1996-02-23 03:01:53 +00:00
joerg
4f4b27b750 Add a note about the RFC-1535 compliant behaviour of the recent BIND
version that's now shipping with FreeBSD.

Pointed-out by: Holm Tiffe <holm@geophysik.tu-freiberg.de>
1996-02-22 23:34:13 +00:00
peter
8f46c5005a Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations).  As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)

Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call.  The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).

The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*

This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.

The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.

Partly suggested by: pst
Reviewed by: wollman
1996-02-22 21:32:23 +00:00
peter
cf1a2c7963 Remove useless (for us) Makefiles. There were already other "Makefile.dist"
files missing, so these shouldn't hurt.  If somebody wanted to use sendmail
8.7 on their machine, they should use a clean dist anyway, not this one.

Submitted by: wollman
1996-02-22 19:58:32 +00:00
peter
48be24a336 Merge 8.7.3->8.7.4 changes onto mainline. 1996-02-22 18:57:52 +00:00
peter
1f60161713 This commit was generated by cvs2svn to compensate for changes in r14182,
which included commits to RCS files with non-trunk default branches.
1996-02-22 18:49:13 +00:00
peter
550e941668 Update to sendmail-8.7.4. This fixes a DNS related security vulnerabilty. 1996-02-22 18:49:13 +00:00
dg
2d80acc1d2 Fixed bug in Path MTU Discovery that caused the system to have to re-
discover the Path MTU for each connection if the connecting host didn't
offer an initial MSS.

Submitted by:	davidg & olah
1996-02-22 11:46:39 +00:00
tg
e223ba5856 Add Bernd Rosauer to contributors. 1996-02-22 11:08:57 +00:00
dg
99156a82c6 Add a "NO_SWAPPING" option to disable swapping. This was originally done
to help diagnose a problem on wcarchive (where the kernel stack was
sometimes not present), but is useful in its own right since swapping
actually reduces performance on some systems (such as wcarchive).
Note: swapping in this context means making the U pages pageable and has
nothing to do with generic VM paging, which is unaffected by this option.

Reviewed by:	 <dyson>
1996-02-22 10:57:37 +00:00
dyson
eb81377deb Fix a problem that select did not work with direct writes. Make
wakeup channels more consistant also.
1996-02-22 03:33:52 +00:00
joerg
256ff62c19 . cast the error and status registers properly to (unsigned short),
to avoid misinterpreting the 0x8000 bit as a negative sign,

. use the <machine/wtio.h> register def's to print them.
1996-02-22 00:33:35 +00:00
joerg
fedb0b2200 . move out the error and status register def's for wt into
<machine/wtio.h>, so mt(1) can print them,

. cosmetics: put the return type and the function name onto
  different lines.
1996-02-22 00:31:49 +00:00
nate
a1e40f4eda Removed un-used code. 1996-02-21 23:31:03 +00:00