the device is successfully opened. If we fail to open it,
mention the fact.
Also go back into command mode as soon as the device is closed
rather than waiting for the user to type something before noticing.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
snprintf function itself is still #ifdef'd out by conf.h. This allows this
program to link when compiled without optimization. With optimization,
the call to quad_to_string gets removed by the compiler. Unfortunately
the linker still links in the quad_to_string function even though it
isn't called. 8-(
consider it a exit failure if it doesn't work. This means that root
processes can safely get the lock, but normal processes can still use
the 'pw' utility to get information (which may change out from under
them.)
from PR/6787, but allow non-root users to use pw to get password
information. However, this should be safe since the fixes for
disallowing multiple instances from modifying the DB are still intact.
Bug noted by: dima@best.net (Dima Ruban)
do TLD *before* processing the config request as
TLD initialises the peers LCP values.
It's strange that an IRC isn't required here - but
I'll bow to the wisdom of the rfc.
``add .... HISADDR''. The network will never be
reachable at this point unless we're in -auto or reading
the command from ppp.linkup.
We can now run the following lines and get the expected
results:
set ifaddr 1.2.3.4/0 5.6.7.8/0
add default HISADDR
where a route is added immediately in auto mode and the
whole thing is delayed 'till the IP numbers have been
agreed in other modes.
Essentially, ppp.linkup is no longer required.
diagnostics (which are on by default).
o Deal correctly with both sides wanting CHAP.
o Output a warning if we're using an empty ``authname''. This is
*not* what we want to do.
-current (Thanks Harald). However, on my attempt to try this on -STABLE,
I found that when forwarding to another host the actual messages gets lost.
This is due to a wrong index because when the -v option was added, the
indexes shifted one place.
PR: 7407
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
(a.k.a. /var/yp/Makefile.dist) refers to an obsoleted usage of the
-m option of rpc.yppasswdd. It is currently taken over by the -t
option. -m is used for a different purpose now.
PR: 7279
Reviewed by: phk
Submitted by: Amakawa Shuhei <amakawa@nebula.sf.t.u-tokyo.ac.jp>
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.
Twelve years ago, code was added to inetd to detect "failing
servers". The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing"). These
compile-time constants vary depending on vendor.
The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).
Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.
PR: 7286
Reviewed by: phk
Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
run at the same time.
Notes:
The fileupdate function is still somewhat broken. Instead of
returning a failure code if it can't modify the original file it
renames the .new file and continues as though nothing is wrong.
This will cause the lock on the original file to be lost and could
lead to a similar race condition. I left that portion of the code
alone since I feel that the maintainer of the code would have a
better concept of how he wants to handle errors in that function
than I do.
PR: bin/6787
Submitted by: Craig Spannring <cts@internetcds.com>
them as ints. Among other bugs, doing so at best caused benign
overflow followed by fatal sign extension on machines with 32-bit
ints and 64-bit longs.
define MAXUSERS in opt_param.h as directed in /sys/conf/options;
if it's not mentioned there, then define it in IDENT; never define
it in PARAM). MAXUSERS probably should be a completely normal option.
Don't define PARAM now that it is empty.
Cleaned up similar conversion of cpu directives to XXX_CPU options.
was used as if it is 1-based. This happened to give the correct result
for options without values because of a compensating error in newline
lexing. Didn't fix the latter, so line numbers in yyerror() may still
be 1 too high in some cases.
exceeds DATALINK_READY. When we go back to READY or less
(eg. ``close lcp''), switch the carrier-checking-timer off again.
This fixes the callback example in ppp.conf.sample.
Noted as broken by: Damian Kuczynski <damian@best.pw.edu.pl>
they may not be logins. The code for determining whether it is a pty
entry is broken.
PR: 7137
Reviewed by: phk
Submitted by: Tom Rush <tarush@mindspring.com>
o If we've denied and disabled all compression protocols, stay
in ST_INITIAL and do an LCP protocol reject if we receive any
CCP packets.
o If we've disabled all compression protocols, go to ST_STOPPED
and wait for the other side to ask for something.
o If we've got anything enabled, start REQing as soon as the auth
layer is up.
o If we're in multilink mode, than the link level CCP goes
straight to ST_STOPPED irrespective of what's configured so that
we never try to compress compressed stuff by default.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.
open capable of re-negotiatiating the various layers.
It is now possible to change various link options and then
re-open the relevant layer, making the changes effective -
for example, switching off VJ compression or starting ECHO
LQRs on-the-fly.
with export lines where the same hostname was specified more than once
(this happens a lot with netgroups sometimes). Recently I discovered
that it needs to be hacked to deal with multiple instances of the
same IP address too.
I've been using this modification locally for several months with no
hassles.
This allows one to specify additional sockets in the unix domain
that syslogd listens to. Its primary use is to create log sockets in
chroot environments.
Obtained from:OpenBSD (with a bug fixed d
end up writing zero bytes, sleep for 1/10 of a second so that
we don't end up using up too much cpu.
This should only ever happen on systems that wrongly report a
descriptor as writable despite the tty buffer being full.
Discussed with: Jeff Evarts
o Do an initial run-time check to see if select() alters the passed
timeval. This knowledge isn't yet used, but will be soon.
Don't generate declarations for isa interrupt handlers at all.
Isa interrupt handlers are now declared in <i386/isa/isa_device.h>
but should be converted take a `void *' arg and staticized as
soon as possible.
Updated CONFIGVERS. New configs are very incompatible with
previous versions.
o Always put a '\r' before a '\n' at the end of a line
in prompt_vPrintf() in term mode, and make prompt_Printf()
use prompt_vPrintf().
o Fix ~? message.
o Bring the static ``ttystate'' into struct prompt so that
the tilde context is per prompt and not global.
o Comment the remaining static variables so that it's
clear why they're static.
o Add some XXX comments suggesting that our interface list
and our hostname should be re-generated after a signal
(say SIGUSR1) so that a machine with PCCARDs has a chance.
Submitted by: Randall Hopper <rhh@ct.picker.com>
The patch supports using the X10 Mouse Remote in both stand-alone and
pass-through configurations, so you can plug your mouse and remote into the
same serial port, use the mouse for X, and use the remote for other apps
like Fxtv. For instance, we can now control fxtv via the remote control
just like a TV : change channels, mute, increase volume, zoom video,
freeze frame 8)
The mouse events are channeled through the syscons/sysmouse I/F like
normal, and the remote buttons are "syphoned off" to a UNIX-domain stream
socket (defined as _PATH_MOUSEREMOTE in <machine/mouse.h>) for a
remote-aware app to grab and use.
For further info on the X10 Mouse Remote see:
http://www.x10.com/products/x10_mk19a.htm
Submitted by: Mark Tinguely <tinguely@plains.NoDak.edu>
This change will allow a PPP host enabled with the "-alias" option to
run mrouted. This does not intend to forward the IGMP nor tunneled packets
to another host on the far side if the tun0 interface.
sl_uncompress_tcp() and drop packets with
slot numbers that are out of range.
o Drop packets that want to use a slot that still
has an IP header length of 0 (ie, the requested
slot number is bogus again).
Without this code, if the other side mis-behaves (and
sends us garbage slot numbers), we happily ``adjust''
a memset(..., '\0', ...) TCP/IP header and promptly
cr*p all over the stack before returning.... quickly
followed by a SIGBUS.
Dodgy ISP used by, and help locating the problem from: jmz
Problem also seen by: Mourad de Riche <omnibus@image.dk>
There's still a link lockup after this happens, but my
bets are on the other side (who has already started sending
rubbish) being to blame.