This effectively changes the non-DES password algoritm.
If you have the "securedist" installed you will have no problems with this.
(Though you might want to consider using this password-encryption instead
of the DES-based if your system is likely to be hacked)
If you are running a -current system without the "securedist" installed:
YOU WILL NEED TO CHANGE ALL PASSWORDS !! There is no backwards mode.
Suggested procedure is:
Update your sources
cd /usr/src/lib/libcrypt
make clean
make all
make install
passwd root
<set roots new password>
change password for any other users on the system.
This algorithm is expected to be much better than the traditional DES-
based algorithm. It uses the MD5 algorithm at what it is best at, as
opposed to the DES algorithm at something it isn't good at at all. The
algorithm is designed such that it should very hard to shortcut the
calculations needed to build a dictionary, and to make partial knowledge
(Hmm, his password starts with a 'P'...) useless. Of course if somebody
breaks the MD5 algorithm this looses too.
The salt is 48 bits (8 char @ base64).
The encrypted password is 128 bits.
And I am positively delighted to say that it takes 34 msec to crypt() a
password on a Pentium/60Mhz, so building a dictionary is not really an
option for hackers at the moment.
Given the right circumstances, a call to kvm_open can result in a core
dump.
The diff belows fixes this (note that this change is already in the
NetBSD code). Could somebody apply this?
Gary J.
Submitted by: gj
From: Chris Torek <torek@bsdi.com>
Here is a semi-official patch (apply to /usr/src/lib/libc/stdio/fseek.c,
rebuild libc, install). The current code fails when the seek:
- is optimized, and
- is to just past the end of the block currently in the buffer, and
- is followed by another seek with no intervening read operation, and
- the destination of subsequent seek is within the block left in the
buffer (seeking to the beginning of a block does not force a read,
so the buffer still contains the previous block)
so it is indeed rather obscure.
I may have a different `final' fix, as this one `loses' the buffer
contents on a seek that goes just past the end of the current block.
[Footnote: seeks are optimized only on read-only opens of regular
files that are buffered by the file's optimal I/O size. This is
what you get with fopen(path, "r") and no call to setvbuf().]
Obtained from: [ BSDI mailing list ]
I know that many of these entries are bogus and need to be revisited,
but let's get the tree working again for now and then do a pass through
looking at all the __FreeBSD__ entries, shall we?
While trying to figure out why rlogind wasn't working right for root,
I noticed that man wouldn't come back with a man page for iruserok, but
it would for ruserok. Checking the lib/net directory's Makefile.inc
file shows that the link to the rcmd man page just isn't getting
created.
>How-To-Repeat:
Do a 'man iruserok' and notihing will come back, where a 'man ruserok'
will.
Submitted by: Brian Moore <ziff@houdini.eecs.umich.edu>
Obtained from: NetBSD-bugs mailing list
on terminals with no pad char (cons25) and quote from tputs.c says so too:
! * Too bad there are no user program accessible programmed delays.
! * Transmitting pad characters slows many
! * terminals down and also loads the system.
and don't return error, if non-terminals. This fix allows curses
to work into full duplex pipes under control of main program,
like good old curses does.
getnet* configuration. (It's highly unlikely that you'd want to do
something different, and network lookups aren't common enough to justify
their own configuration file.)
DANGER WILL ROBINSON!
_PATH_UNIX is currently defined as the literal string "don't use this".
I am of two minds about this myself, but wanted to get something into the
tree as quickly as possible.
!!!!!!!!
NB
!!!!!!!!
You MUST pwd_mkdb /etc/master.passwd before attempting to use the new
libc, or things may go wrong. (I doubt anything actually /will/ go
wrong, but the actual behavior is undefined. YOU HAVE BEEN WARNED.)
The database format is, however, backwards-compatible, so old executables
will still work.
(void) setlocale(LC_ALL, "");
It will be easiest way now to make national chars available
for all ctype-oriented programs at once by simple:
setenv LANG Your_National_Charset
Default case (without "LANG" environment
variable) will be fully ANSI compatible (got "C" locale).
If "LANG" variable present, extention becomes active.
Effect of this extention is great: in one time all ctype
oriented programs can accept/print national characters
without any touching source/binary code, it is big win, IMHO.
This method is fully compatible with ISO8859-* and russian koi8-r
too (in general -- with all 8-bit character sets). I think
it is very useful.
I got this idea from Xenix locale implementation.
This extention is even never compiled in, unless you set
setenv STARTUP_LOCALE
before rebuilding crt0.c or corresponding variable in /etc/make.conf
>From: jtk@atria.com (John T. Kohl)
in rcmd:
It calls select() with a hardcoded "number of file descriptors" argument
of 32, rather than computing it based on the sockets about which it
cares.
- Now we work out the nfds arg, and do some error checking
Submitted by: Geoff.
and tiny*tiny at compile time. The evaluations are supposed to be done
at run time to set the IEEE exception flags. Many other source files
in libm and msun are missing this fix. Fixing them is not urgent since
the default IEEE exception masks don't allow use of the overflow
exception flag.
Don't add to POBJS or SOBJS. bsd.lib.mk does it. Some objects were
duplicated.
Don't add to CLEANFILES. bsd.lib.mk does it. Some objects were
quadruplicated.
Define variables that are only used once close to where they are
used.
The ifdefs for avoiding building of profiled/shared objects when
NOPROFILE/NOPIC are set were not actually committed. The ifdefs
belong in bsd.lib.mk anyway.
o __FULLINE added for AL/DL/CS optimization with __noqch.
refresh.c
o Attributes does not turned off before clearing screen, cause
highlighted screen.
o Proper usage of 'affcnt' tputs parameter, affects terminals with
padding.
o make AL/DL/CS optimize not only for __FULLWIN but for __FULLLINE.
ATTENTION: original code works _only_for_ FULLWIN, i.e. if you
use two FULLLINE windows like in 'talk', you have full slow repaint with
original code, I enhance this thing. All other fixes marked
with phrase 'wrong for non-full windows' or WFNFW is continue of this fix.
I rewrite scroll code too for proper working (see below and tty.c
changes).
o DEBUG code always use 'i' index from 0 to curscr->maxy instead of
'i - win->begy', fixed
o check added into DEBUG to be shure that index inside current window.
o ->hash assigment code is WFNFW (forget win->begy).
o when CE usage required, and last spaces number counted, code don't check
attributes, so last standouted space will be incorrectly cleared.
o cep (start pointer) forget to add win->begy/win->begx, code WFNFW.
o clsp (last space) wrong in two places at once: forget to add win->begy
(WFNFW) and incorrectly use 'win->begx * __LDATASIZE' in pointer
arithmetics.
o clsp check incorrect: was 'clsp < win->maxx * __LDATASIZE', need to
be 'clsp < win->maxx
o Attributes does not turned off before clearing end of line, cause
highlighted end of line.
o When find how many lines from the top/bottom of the screen are unchanged,
code always forget '- win->begy', WFNFW.
o NO_JERKINESS code forgets to add win->begy, WFNFW.
o Curw & Curs changed in comment description
o In search for the largest block of text not changed forget to add
'- win->begy' (several places), WFNFW.
o Forget to add '- win->begy' for non-dirty lines, WFNFW.
o touchline forget to add '- win->begy', WFNFW.
o rewrite scrolln():
* remove win parameter, we deal with whole screen (curscr) now;
* use NL or '\n' instead of sf, it is faster in any case;
(imagine: cat written on curses now use '\n' for scroll
like standard cat, no ugly escapes)
* use dl (if present) instead of DL, if abs(n) == 1, the same
about al/sr, it is faster;
* change win->maxy to 'curscr->maxy - 1', we deal with whole screen
here, WFNFW.
* SF can be correctly issued only if cursor at bottom of scroll
region (whole screen region included too), fix this;
* sr/SR can be correctly issued only if cursor at top of scroll
region (whole screen region included too), fix this;
* use pre-calculaded (in setterm.c) __usecs variable to determine
usage of CS or AL/DL;
* completely rewrite scroll region stuff using __set_scroll_region
from tty.c (see below);
tty.c
o Added __set_scroll_region function which set CS region and stays
back in old position. Use SC/RC (save/restore cursor) if possible,
else use HO and __mvcur.
o __startwin: added __set_scroll_region(whole screen) at program
startup, if __usecs;
o endwin: added __set_scroll_region(whole screen) at program
exit, if __usecs;
o Fix all tc{set/get}attrs to works properly, when stdin redirected,
use /dev/tty in this case (needed for some applications).
setterm.c
o Add new variable __usecs, if (!AL/al || !Dl/dl) && CS && (SC && RC || HO)
(save/restore cursor used in __set_scroll_region in tty.c).
o Set __noqch, if !__usecs && (!AL/al || !DL/dl).
o Proper ospeed initialization for tputs, i.e. if speed == B9600,
ospeed = 13
curses.c
o Add __usecs variable that indicates usage of CS (if AL/DL absent).
curses.h
o Allow translation with applications which includes <sgtty.h>,
undef BXXX manually to avoid redefinition and include termios
to define proper ones.
o Define old-style names curx/begx/maxx/etc. for old applications.
Define _tty like __baset too.
o Typedef SGTTY type for old applications (SGTTY == struct termios).
o wstandout/wstandend should be int and not char*, some old
applications relay on this fact. See standout.c too.
o __FULLINE added indicated line width == terminal width, needed
for refresh using AL/DL/CS with __noqch, see refresh.c changes.
o Add extern __usecs variable that indicates usage of CS (if AL/DL absent).
o Add __set_scroll_region() prototype, see tty.c and refresh.c changes
for details.
o Change winch() character mask from 0177 to 0377, we don't need to
strip high bit on national characters.
o Allow translate on systems with _BSD_VA_LIST_ undefined, such as
FreeBSD 1.1.5.1
o __tty_fileno added to allows work with stdin redirected, see tty.c
o Privately declare tputs (..., void) and externally tputs(..., int),
many applications require this. Maybe not nice thing, but needed.
o Remove _putchar definition and replace it to proper _putchar
prototype, some old apps declares: 'extern int _putchar()'
and don't even include curses.h in such modules. See putchar.c
cr_put.c
o __mvcur: if destline == destcol && outline == outcol do nothing,
i.e. don't issue any escapes.
o Proper usage of 'affcnt' tputs parameter, affects terminals with
padding.
cur_hash.c
o Change char->unsigned char for proper sum 8-bit national characters.
getch.c
o check for inp == EOF added, don't add EOF to window.
getstr.c
o check for EOF added, don't add EOF to str.
insertln.c
o add cast to (int) in comparation of y and win->cury, this produce
big number (cast to (unsigned)) if y < 0
tstp.c
o Fix all tc{set/get}attrs to works properly, when stdin redirected,
use /dev/tty in this case (needed for some applications).
o add tstp() function for compatibility, some applications wants it.
standout.c
o Some old applications relay in fact that wstandout/wstandend
returns int instead of char*, change return type to OK/ERR.
putchar.c
o Add _putchar function (which calls __cputchar),
some old apps declares: 'extern int _putchar()'
and don't even include curses.h in such modules.
automagically. -lfoo has to be right to work, but ${LIBFO0} is too
easy to forget or misspell; nothing checks it and it should be
different for shared libraries.
because libmd builds a test program before installation and if
you've used CLOBBER there's no crt.0 to link with. This ensures
that in a make world the csu objects will get installed before
reaching the libmd directory.
Reviewed by:
Submitted by:
<machine/profile.h>. The old version was writing an incomplete
header without the profrate field that is necessary to handle the
current faster profiling clock. The counters that are where the
the profrate should be are usually 0 and gprof converts a profrate
of 0 to hz so the old version gave times too large by a factor of
profhz/hz = 10.24.
The fyl2xp1 instruction has such a limited range:
-(1 - (sqrt(2) / 2)) <= x <= sqrt(2) - 1
it's not worth trying to use it.
Also, I'm not sure fyl2xp1's extra precision will
matter once the result is converted from extended
real (80 bits) back to double real (64 bits).
Reviewed by: jkh
Submitted by: jtc
-- Begin comments from J.T. Conklin:
The most significant improvement is the addition of "float" versions
of the math functions that take float arguments, return floats, and do
all operations in floating point. This doesn't help (performance)
much on the i386, but they are still nice to have.
The float versions were orginally done by Cygnus' Ian Taylor when
fdlibm was integrated into the libm we support for embedded systems.
I gave Ian a copy of my libm as a starting point since I had already
fixed a lot of bugs & problems in Sun's original code. After he was
done, I cleaned it up a bit and integrated the changes back into my
libm.
-- End comments
Reviewed by: jkh
Submitted by: jtc
distributed in keith bostic's nvi (got his permission first). Most changes
are cosmetic, but a few errors (mostly in tty..c) were cleared up.
Reviewed by: Sean Eric Fagan
long long. Done by plugging both eax and edx with -1. This will clobber
edx unnecessarily when the return value is only 32bit...though probably
always an okay thing to do, it could stand a better fix.
This was the cause of gawk being broken (boy was THAT ever a subtle
bug!!!).
Securedist can be sorted out later - getting these bits exportable
is top priority.
The libtelnet with encryption has been moved to src/secure/lib.
It will either become part of libsecure, or or be made available
under another name, once the securedist strategy has been completely
worked out.
Submitted by: Geoff Rehmet
are running under. Here's how to bootstrap (order is important):
1) Re-compile gcc (just the driver is all you need).
2) Re-compile libc.
3) Re-compile your kernel. Reboot.
4) cd /usr/src/include; make install
You can now detect the compilation environment with the following code:
#if !defined(__FreeBSD__)
#define __FreeBSD_version 199401
#elif __FreeBSD__ == 1
#define __FreeBSD_version 199405
#else
#include <osreldate.h>
#endif
You can determine the run-time environment by calling the new C library
function getosreldate(), or by examining the MIB variable kern.osreldate.
For the time being, the release date is defined as 199409, which we have
already established as our target.
1.1.5 support for YP, fixing a bug in 1.1.5 that prevented YP from ever
working reliably. (I'm amazed that there were no bug reports.)
IWBRNI someone could write a host.conf(5) manual page. Please look at
the code before doing so; this version is somewhat more flexible in the
format of its input.
1. Copyright files looked for in the wrong place
2. cmp was looking in wrong place for test data.
3. Driver for test not linked static, thus dynamic resolution of library
not working.
4. Man page installation not consistent with source.
Reviewed by:
Submitted by: jkh
Imported libmd. This library contains MD2, MD4 and MD5.
These three boggers pop up all over the place all of the time, so I
decided we needed a library with them. In general they are used for
security checks, so if you use them you want to link them static.
2 Added optional excessive login logging.
3) Added login acces control on a per host/tty base.
4) See skey(1) for skey descriptions and src/usr.bin/login/README
for the logging and access control features.
-Guido
This fixes the problems Warner's having with ctors not being called
again with the latest round of ld changes and updates the file-names to what
Paul is using now.
The name change will not affect anything as we are not (yet) using it.
program. The idea was that these are 'alignment' crap, but the image
is 16byte-aligned without these. Location 0 still doesn't have a 0,
but who cares, binaries wil be built with page zero unmapped in the
near future.