- strip out the nasty PIC_PROLOGUE/EPILOGUE stuff, since we dont have
to lose a register in PIC mode anymore (we use %rip-relative addressing).
- update for C register argument passing conventions.
- convert 32 bit to 64 bit register sizes etc.
Note that the syscall instruction clobbers %rcx, which is inconvenient
because it is the fourth syscall argument, so we use %r10 (another scratch
register) for the 4th syscall arg instead (I picked %r10 to be the same as
NetBSD). int 0x80 is still possible though, and it uses %rcx as usual.
Note that the syscall style syscall does *NOT* preserve all the registers,
unlike int 0x80. We do not preserve the scratch registers except for
%rdi and %rsi. int 0x80 does preserve everything but the return values.
technique) so that we don't wind up calling into an application's
version if the application defines them.
Inspired by: qpopper's interfering and buggy version of strlcpy
setgrent, and endgrent also. (The previous NSS implementation used to
simply twiddle the internal data of the various modules directly.)
A symptom (group list set incorrectly in sshd) was
Reported by: Glenn Johnson <gjohnson@srrc.ars.usda.gov>
Sponsored by: DARPA, Network Associates Laboratories
idea to re-initialize `struct passwd', because e.g. pw_class might
get set by one module, but not by another. Add another call to the
internal pwd_init function to accomplish this.
Sponsored by: DARPA, Network Associates Laboratories
Correct a bug that should have wreaked havoc everywhere, but for
some reason only bit unlucky people who use `-march' optimizations.
The compiler cannot assist one in distinguishing between the two
function calls below.
int nsdispatch(void *, ...);
void *discard;
nsdispatch(&discard, ...); /* correct .. no, really! */
nsdispatch(discard, ...); /* Boom */
Robin provided me with a debugging environment in which I could see
what was going on.
Badness when using CPUTYPE was
Reported by: "Robin P. Blanchard" <Robin.Blanchard@gactr.uga.edu>
Reported by: nork
Sponsored by: DARPA, Network Associates Laboratories
An incorrectly-sized allocation was being made due to an incorrect
argument to the `sizeof' operator. Obvious, because it violated the
`foo = malloc(sizeof(*foo))' idiom. Hard-to-see, because it was a
missing `*' (`*p' versus `**p').
Resulting failure was
Reported by: ache
Sponsored by: DARPA, Network Associates Laboratories
privileges. To do so may cause the NIS server to log spurious and
annoying `access denied' messages.
Reported by: Philip Paeps <philip@paeps.cx>
Sponsored by: DARPA, Network Associates Laboratories
in the mac.3 library man page. They were already cross-referenced
at the end of the man page, just not explicitly listed here.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
would result in an incorrectly terminated grouplist.
login(1) crashes
Reported by: Morten Rodal <morten@rodal.no>,
Matthias Schuendehuette <msch@snafu.de>
string was an incredibly dumb idea (of course it will be changed by an
NSS module on success!). Use a static empty string instead.
Sponsored by: DARPA, Network Associates Laboratories
may not fill in all fields, and in the case of string fields, this could
cause trouble for applications. (The only likely example is `pw_class',
because this field is not used by all modules in all cases.)
Move initialization of struct passwd from module-specific code to the
dispatch code.
The problem of a NULL pw_class was
Noticed by: Philip Paeps <philip@paeps.cx>
and the c^Htrusty ssh(1) command.
Déjà vu by: getpwent.c revision 1.56
Sponsored by: DARPA, Network Associates Laboratories
at least one consumer outside of libc and pwd_mkdb.
Adjust the versioning in libc and pwd_mkdb accordingly.
named was the application affected, and that fact was first
Reported by: Zherdev Anatoly <tolyar@mx.ru>
Sponsored by: DARPA, Network Associates Laboratories
family of functions using the new nsdispatch(3) core. Remove
arbitrary size limits when using the thread-safe versions.
= Re-implement the traditional getpwent(3)/getgrent(3) functions on
top of the thread-safe versions.
= Update the on-disk format of the hashed version of the passwd(5)
databases to allow for versioned entries. The legacy version is
`3'. (Don't ask.)
= Add support for version `4' entries in the passwd(5) database.
Entries in this format are identical to version 3 entries except
that all integers are stored as 32-bit integers in network byte
order (big endian).
= pwd_mkdb is updated to generate both version 3 and version 4
entries.
Sponsored by: DARPA, Network Associates Laboratories
may be built into libc (`static NSS modules') or dynamically loaded
via dlopen (`dynamic NSS modules'). Modules are loaded/initialized
at configuration time (i.e. when nsdispatch is called and nsswitch.conf
is read or re-read).
= Make the nsdispatch(3) core thread-safe.
= New status code for nsdispatch(3) `NS_RETURN', currently used to
signal ERANGE-type issues.
= syslog(3) problems, don't warn/err/abort.
= Try harder to avoid namespace pollution.
= Implement some shims to assist in porting NSS modules written for
the GNU C Library nsswitch interface.
Sponsored by: DARPA, Network Associates Laboratories
they resemble one another, but POSIX.1e interfaces were not sufficiently
expressive to do what we needed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
%f and sufficiently short %g specifiers where the precision was
explicitly zero, no '#' flag was specified, and the floating point
argument was > 0 and <= 0.5. While at it, add some comments to better
explain the relevant bits of code.
Noticed by: Christoph Kukulies <kuku@physik.rwth-aachen.de>
by allprison_mtx), a unique prison/jail identifier field, two path
fields (pr_path for reporting and pr_root vnode instance) to store
the chroot() point of each jail.
o Add jail_attach(2) to allow a process to bind to an existing jail.
o Add change_root() to perform the chroot operation on a specified
vnode.
o Generalize change_dir() to accept a vnode, and move namei() calls
to callers of change_dir().
o Add a new sysctl (security.jail.list) which is a group of
struct xprison instances that represent a snapshot of active jails.
Reviewed by: rwatson, tjr
