I've noticed many applications do a bad job at timekeeping, for several
reasons:
- Applications like screen(1) don't update time records when restoring
the old user login record.
- Many applications only set ut_tv.tv_sec, not ut_tv.tv_usec.
This causes many problems for tools such as ac(8), which require the
timestamps to be properly ordered. This is why I've decided to let the
utmpx code obtain valid timestamps itself.
Instead of trying to reference-count them and free them as soon
as they are no longer needed, we now just keep them around and free
them all when we release the archive object. This fixes a number
of minor memory leaks, especially when reading damaged archives.
I've discussed this issue with the Austin Group and it will be fixed in
future revisions of the specification. The issue was that ut_line fields
weren't supposed to be valid for LOGIN_PROCESS entries, while
getutxline() would try to match these records anyway.
They also agreed on our way of implementing pututxline() without
getutxid() (which other operating systems also do), but unfortunately
they disagreed with our way of replacing DEAD_PROCESS entries, which is
a pity. The current specification allows the utmpx database to become
infinitely big over time.
See also: http://austingroupbugs.net/view.php?id=213#c378
libulog now only provides functions that are used by various packages
from the ports tree, namely the libutempter ones. There is no reason to
link it into the crunch/fixit binaries anymore.
It makes hardly any sense to expose a symbol which should only be
provided for binary compatibility, but it seems we don't have a lot of
choice here. There are many autoconf scripts out there that try to
create a binary that links against the old symbol to see whether
uname(3) is present. These scripts fail to detect uname(3) now.
It should be noted that the behaviour we implement is not against the
standards:
| The following shall be declared as a function and may also be defined
| as a macro:
|
| int uname(struct utsname *);
POSIX 2008 and XSI 7require strcoll() for opendir() is not true.
I can't find such requirement in POSIX 2008 and XSI 7.
So, back out that part of my commit, returning old strcmp(), and remove
this misleading comment.
By using random values for ut_id, not based on the TTY name, it is
possible to run for example login(1) multiple times on the same TTY,
without overwriting any previous records.
The output of w(1) will then be as follows:
| 12:26PM up 2 days, 2:31, 5 users, load averages: 0.01, 0.03, 0.03
| USER TTY FROM LOGIN@ IDLE WHAT
| ed pts/2 mekker.80386.nl 12:26PM - w
| root pts/2 - 12:26PM - w
| root pts/2 - 12:26PM - w
| root pts/2 - 12:26PM - w
Approved by: des
It also matches now how our 'ls' works for years.
b) Remove comment expressed 2 fears:
1) One just simple describe how strcoll() works in _any_ context,
not for directories only. Are we plan to remove strcoll() from everything
just because it is little more complex than strcmp()? I doubt, and
directories give nothing different here. Moreover, strcoll() used
in 'ls' for years and nobody complaints yet.
2) Plain wrong statement about undefined strcoll() behaviour. strcoll()
always gives predictable results, falling back to strcmp() on any
trouble, see strcoll(3).
No objections from -current list discussion.
- Massively reduce BSS usage. Let futx_to_utx() dynamically allocate the
structure. There is only a very small amount of applications out there
that needs to use the utmpx database. Wasting 1 KB on unused
structures makes little sense.
- Just let getutxid() search for matching ut_id's for any *PROCESS-type.
This makes the code a bit more future-proof.
- Fix a POSIX-mistake: when reading POSIX and the OpenSolaris
implementation, getutxline() must return USER_PROCESS and
LOGIN_PROCESS records whose ut_lines match. When reading POSIX, it
seems LOGIN_PROCESS should not use ut_line at the first place. I have
reported this issue.
I changed login_tty() to only work when the application is not a session
leader yet. This works fine for applications in the base system, but it
turns out various applications call this function after daemonizing,
which means they already use their own session.
If setsid() fails, just call tcsetsid() on the current session.
tcsetsid() will already perform proper security checks.
Reported by: Oliver Lehmann
MFC after: 1 week
After comparing how other systems deal with utmp/utmpx, I noticed many
systems don't even care about ttyslot(3) anymore, since utmpx doesn't
use TTY slots anyway. We don't provide any tools to access old utmp
files anymore, so there is no use in letting applications write to a
proper offset within the utmp file.
Just let ttyslot(3) always return 0, which seems to be the default
behaviour on operating systems like Linux as well.
Nowadays uname(3) is an inline function around __xuname(3). Prevent
linkage of new binaries against this compatibility function, similar to
what I did with ttyslot(3).
This utility allows users to convert their wtmp databases to the new
format. It makes no sense for users to keep their wtmp log files if they
are unable to view them.
It basically copies ut_line into ut_id as well. This makes it possible
for last(1) and ac(8) to match login records with their corresponding
logout record.
I forgot to cast the size_t's back to off_t before negating them,
causing all sorts of artifacts where the log files would grow to 2^32 -
197 bytes.
Reported by: ume
Even though we use __sym_compat(), we should list the symbol in
Symbol.map.
ttyslot() is now listed as follows, which seems to do the right thing:
| Symbol table '.dynsym' contains 2755 entries:
| Num: Value Size Type Bind Vis Ndx Name
| 613: 00000000000477b0 121 FUNC GLOBAL DEFAULT 10 ttyslot@FBSD_1.0
Reported by: kib
Phase out ttyslot(3).
The ttyslot() function was originally part for SUSv1, marked LEGACY in
SUSv2 and removed later on. This function only makes sense when using
utmp(5), because it was used to determine the offset of the record for
the controlling TTY. It makes little sense to keep it here, because the
new utmpx file format doesn't index based on TTY slots.
The ttyslot() function was originally part for SUSv1, marked LEGACY in
SUSv2 and removed later on. This function only makes sense when using
utmp(5), because it was used to determine the offset of the record for
the controlling TTY. It makes little sense to keep it here, because the
new utmpx file format doesn't index based on TTY slots.
These functions only apply to utmp(5). They cannot be kept intact when
moving towards utmpx. The login(3) function would break, because its
argument is an utmp structure. The logout(3) and logwtmp(3) functions
cannot be used, since they provide a functionality which partially
overlaps.
Increment SHLIB_MAJOR to 9 to indicate the removal.
I'm not increasing the shlib major version for this, because not a
single application outside the base system should have used these
functions in such a short timespan.
Rewrite ulog_login(3) and ulog_logout(3) to build on top of the utmpx
implementation in libc.
The utmpx interface is the standardized interface of the user accounting
database. The standard only defines a subset of the functions that were
present in System V-like systems.
I'd like to highlight some of the traits my implementation has:
- The standard allows the on-disk format to be different than the
in-memory representation (struct utmpx). Most operating systems don't
do this, but we do. This allows us to keep our ABI more stable, while
giving us the opportunity to modify the on-disk format. It also allows
us to use a common file format across different architectures (i.e.
byte ordering).
- Our implementation of pututxline() also updates wtmp and lastlog (now
called utx.log and utx.lastlogin). This means the databases are more
likely to be in sync.
- Care must be taken that our implementation discard any fields that are
not applicable. For example, our DEAD_PROCESS records do not hold a
TTY name. Just a time stamp, a record identifier and a process
identifier. It also guarantees that strings (ut_host, ut_line and
ut_user) are null terminated. ut_id is obviously not null terminated,
because it's not a string.
- The API and its behaviour should be conformant to POSIX, but there may
be things that slightly deviate from the standard. This implementation
uses separate file descriptors when writing to the log files. It also
doesn't use getutxid() to search for a field to overwrite. It uses an
allocation strategy similar to getutxid(), but prevents DEAD_PROCESS
records from accumulating.
Make sure libulog doesn't overwrite the manpages shipped with our C
library. Also keep the symbol list in Symbol.map sorted.
I'll bump __FreeBSD_version later this evening. I first want to convert
everything to <utmpx.h> and get rid of <utmp.h>.
Prior to this commit, fread/fwrite calls with size * nmemb > SIZE_MAX
were handled by reading or writing (size_t)(size * nmemb) bytes; for
example, on 32-bit platforms, fread(ptr, 641, 6700417, f) would read 1
byte and indicate that the requested 6700417 blocks had been read.
This commit adds a check for such integer overflows, and treats them as
if an overly large request was passed to read/write; i.e., it sets errno
to EINVAL, sets the error indicator on the file, and returns a short
object count (0, to be specific).
The overflow check involves an integer division, so as a performance
optimization we check first to see if both size and nmemb are less than
2^16; if they are, no overflow is possible and we avoid the division.
We assume here that size_t is at least 32 bits; this appears to be true
on all platforms FreeBSD supports.
Although this commit fixes an integer overflow, it is not likely to have
any security implications, since any program which would be affected by
this bug fix is quite clearly already very confused.
Reviewed by: kib
MFC after: 1 month
r195030 | gonzo | 2009-06-25 19:27:31 -0600 (Thu, 25 Jun 2009) | 4 lines
- Switch to libc softfloat from libgcc implementation. The problem
with latter is that it is not complete, fpsetXXX/fpgetXXX
functions are missing.
r197800 | gonzo | 2009-10-06 00:35:52 -0600 (Tue, 06 Oct 2009) | 3 lines
- curbrk variable for sbrk and brk should be the same
- Add correct variable names to Symbol.map
r195025 | gonzo | 2009-06-25 19:01:50 -0600 (Thu, 25 Jun 2009) | 4 lines
- Move fpgetXXX.c/fpsetXXX.c sources to hardfloat subdir/
to prevenmt them from being mixed up with lib/libc/softfloat
files with the same names
alphasort-like interface to the comparision function required by
qsort() and qsort_r().
For opendir() thunk and alphasort(), comment on why we deviated from
POSIX by using strcmp() instead of strcoll().
Requested and reviewed by: bde
MFC after: 2 weeks
now type sema_t is a structure which can be put in a shared memory area,
and multiple processes can operate it concurrently.
User can either use mmap(MAP_SHARED) + sem_init(pshared=1) or use sem_open()
to initialize a shared semaphore.
Named semaphore uses file system and is located in /tmp directory, and its
file name is prefixed with 'SEMD', so now it is chroot or jail friendly.
In simplist cases, both for named and un-named semaphore, userland code
does not have to enter kernel to reduce/increase semaphore's count.
The semaphore is designed to be crash-safe, it means even if an application
is crashed in the middle of operating semaphore, the semaphore state is
still safely recovered by later use, there is no waiter counter maintained
by userland code.
The main semaphore code is in libc and libthr only has some necessary stubs,
this makes it possible that a non-threaded application can use semaphore
without linking to thread library.
Old semaphore implementation is kept libc to maintain binary compatibility.
The kernel ksem API is no longer used in the new implemenation.
Discussed on: threads@
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
r195175. Remove all definitions, documentation, and usage.
fifo_misc.c:
Remove all kqueue tests as fifo_io.c performs all those that
would have remained.
Reviewed by: rwatson
MFC after: 3 weeks
X-MFC note: don't change vlan_link_state() function signature
from googlecode:
* Support for zisofs compressed entries
* Support for relocated deep directories
* Direct calculation of link counts for accurate nlink values
even on images that lack Rockridge extensions
* Faster handling of the internal file lists.
* Better detection of ISO variants
1<<30 bytes of memory, which is required for some streams.
Also, try to make the taster more discriminating about raw lzma streams.
The detection here is still really weak, though; please use xz instead
of lzma.
* Write xattrs last instead of first (required on platforms that use
system xattrs for security attributes)
* Better handling of chdir() failures
* Don't bother trying to shorten files via seek()/write()
* Fix build on systems that lack link()/symlink()/mknod()
* Prefer futimens()/utimensat() when they're present
* Enforce option interface can only be used before the archive is opened
* Correctly handle large skips on platforms with 32-bit off_t
* Use int64_t instead of off_t
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month
The TTY line name should always be set for DEAD_PROCESS entries right
now. When we parse a clean utmp entry, we don't want to interpret it as
a DEAD_PROCESS entry if the TTY has never been used yet.
- Only set the fields in the ulog_utmpx structure that are valid for the
command in question. This means that strings like "shutdown" or "~"
are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
the `antique' filename. If we ever get rid of utmp, it makes little
sense calling it by its old name.
An older version of the code used a structure on the stack, instead of a
pointer to the structure. It looks like I didn't adjust the parameters
of the write(2) call, causing the first four/eight bytes of the entry to
be corrupted, instead of writing the entire entry to disk.
