Commit Graph

67636 Commits

Author SHA1 Message Date
Andrew R. Reiter
1ed4b9feff - malloc should be passed M_WAITOK, not M_WAIT (a mbuf flag)
- make use of M_ZERO to remove a call to bzero()
2001-12-07 01:32:40 +00:00
Peter Wemm
341538b884 MFS (merge from stable): rev 1.13.4.13, fix ordering of IFF_RUNNING mods.
The reason we are required to commit to -current first is so that later
MFC's do not risk the loss of existing bug fixes.  Even if this was not
strictly required in -current, it should still be fixed there too.
2001-12-07 00:58:37 +00:00
Peter Wemm
3b3ec2004a MFS (merge from stable): rev 1.9.2.28, fix ordering of IFF_RUNNING mods.
The reason we are required to commit to -current first is so that later
MFC's do not risk the loss of existing bug fixes.  Even if this was not
strictly required in -current, it should still be fixed there too.
2001-12-07 00:57:57 +00:00
Dag-Erling Smørgrav
47c8f6faec Now that _pam_init_handlers() works as intended, it seems clear that we
do not actually want to define PAM_READ_BOTH_CONFS, so back out previous
commit.

Sponsored by:	DARPA, NAI Labs
2001-12-07 00:38:37 +00:00
Dag-Erling Smørgrav
cab8cba36f Although the previous went some way towards fixing the pam.conf / pam.d
problem, it still didn't DTRT for services that did not have a service-
specific policy if /etc/pam.d existed but did not contain an "other"
policy.  This fixes the problems some people have experienced with sudo.
And I almost didn't have to use goto.

The current configuration sequence is:

  1) Look for /etc/pam.d/foo

  2) If PAM_READ_BOTH_CONFS is defined, or step 1) failed, look for
     foo in /etc/pam.conf

  3) Look for /etc/pam.d/other (to fill in the gaps)

  4) If PAM_READ_BOTH_CONFS is defined, or step 3) failed, look for
     other in /etc/pam.conf

I believe this is the intended behaviour of the original code.  The least
surprising behaviour seems to be when PAM_READ_BOTH_CONFS is not defined -
/etc/pam.d/foo will be preferred over /etc/pam.conf, but the latter will
serve as a backup if the former does not exist.

Sponsored by:	DARPA, NAI Labs
2001-12-07 00:37:10 +00:00
Dag-Erling Smørgrav
9446518a9a Install pam.d files with mode 0644, not 0755. 2001-12-06 23:28:12 +00:00
Peter Wemm
f65f2ffdd7 Part 2 of previous commit. Add joy_isa.c and joy_pccard.c.
Submitted by:	jhb
2001-12-06 23:10:24 +00:00
Robert Watson
5a92ee3c00 o A few more minor whitespace and other style fixes.
Submitted by:	bde
2001-12-06 21:58:47 +00:00
Robert Watson
9147519a91 o Remove unnecessary inclusion of opt_global.h.
Submitted by:	bde
2001-12-06 21:55:41 +00:00
Nick Sayer
284d8fda4d Add a commented-out defaultrouter entry for 6to4 users. See RFC-3068 2001-12-06 20:44:14 +00:00
Robert Watson
0fbfd3c17d o Fix spelling of allocations as allocates.
Submitted by:	silby
2001-12-06 20:27:44 +00:00
Robert Watson
98181c4975 o Reflect changed default such that keepalives are always enabled by
default now.  Discuss why that's good.  Note that there are still
  some situations where turning it off may be advantageous, including
  situations where there are network outages and it's desirable to
  have TCP sessions last beyond the outage.

Reviewed by:	fenner
Suggested by:	silby
2001-12-06 20:24:38 +00:00
Robert Watson
9aa92d5586 Moderate the recommendation that TCP keepalives always be turned on;
in some environments, this may result in the early termination of
legitimate TCP sessions during temporary network outages.  However,
maintain a strong recommendation that this be used when many network
clients are dialup.

Requested by:	fenner
2001-12-06 19:57:34 +00:00
Robert Watson
25eecbb5a4 o Add an additional .Pp between the send/recvbuffer comments and
the ones on ipfw.  Note to self: why does ipfw/dummynet count as
  a sysctl in tuning(7)?
2001-12-06 19:50:35 +00:00
Robert Watson
fe3e42064f o When describing kern.ipc.nsfbufs, use the slightly less colloquial
"modify" rather than the slightly more colloquial "mess with".
2001-12-06 19:48:48 +00:00
Robert Watson
657c740ed6 The default values for net.inet.tcp.sendspace and net.inet.tcp.recvspace
have been changed to 32k and 64k respectively.
2001-12-06 19:44:31 +00:00
Robert Watson
48c1691ebf vmiodirenable is now on by default; reflect that change in default,
and talk more about the reasons to turn it off (restricted memory
environments), and less about why to turn it on.
2001-12-06 19:39:33 +00:00
Robert Watson
32a124764d Reword parts of tuning(7) regarding loader tunables, which are refered
to in the document as "boot-time sysctls".  Instead, refer to them as
loader tunables.
2001-12-06 19:36:21 +00:00
John Baldwin
aee9d2774f Add multiple inclusion protection. 2001-12-06 18:17:02 +00:00
Peter Wemm
a116e755dc Somebody moved joy.c from isa/ to dev/joy/ without updating conf/files.
Pointy-hat to: imp
2001-12-06 18:00:42 +00:00
David E. O'Brien
26a42e7c88 Compile all kernels with "-ffreestanding":
Assert that compilation takes place in a freestanding environment. This
	implies `-fno-builtin'. A freestanding environment is one in which the
	standard library may not exist, and program startup may not necessarily be
	at main. The most obvious example is an OS kernel. This is equivalent to
	`-fno-hosted'.
2001-12-06 17:53:32 +00:00
Prafulla Deuskar
8798701fd5 Fixed two problems:
1. Changed incorrect conditional in fxhw.c which would never
evaluate to true. Thanks to John Polstra for pointing that out.
2. Write to PCI config space by default, enabling memory access and
bus master enable.

Submitted by:Prafulla Deuskar
MFC after:3 days
2001-12-06 17:50:21 +00:00
Dag-Erling Smørgrav
c26c7886d1 Introduce the variable USE_PAM_D, which, if set, will cause pam.d to be
installed instead of pam.conf.  This is for testing; the conditionals will
be removed once we are confident that pam.d works as intended.

Sponsored by:	DARPA, NAI Labs
2001-12-06 13:18:32 +00:00
Dag-Erling Smørgrav
c5a332f021 Makefile for pam.d configuration files.
Sponsored by:	DARPA, NAI Labs
2001-12-06 13:16:47 +00:00
Dag-Erling Smørgrav
a45af0e2b0 We need pam_client.h from libpamc. This unbreaks world
Pointed out by:	jhay
Pointy hat to:	des
2001-12-06 12:35:18 +00:00
Ruslan Ermilov
aa70e98b87 -lcipher is an installable library. 2001-12-06 10:50:23 +00:00
Crist J. Clark
68f1d5a354 Protect the '*' in pppoed_provider (the default) from metacharacter
expansion in the rc-scripts.

PR:		32552
Submitted by:	Gleb Smirnoff <glebius@rinet.ru>
Approved by:	ru
Obtained from:	ru
MFC after:	1 day
2001-12-06 09:34:44 +00:00
John Baldwin
b69cb6342c Just to be pedantic and more aesthetically pleasing, move the secure/
top-level subdirectory prior to share/ so that the top-level directories
are processed in alphabetical order.
2001-12-06 07:44:47 +00:00
Warner Losh
4e152a90ee The pccard/cardbus power interface should depend on having pccard or
cardbus in the kernel, not on all the bridges that implement it.
Note: this is NEWCARD only, so we don't want it for the 'card' case,
unlike card_if.m, which is both NEWCARD and OLDCARD.
2001-12-06 06:40:18 +00:00
Wes Peters
f61a2ede84 New, improved, more Posix-compliant strerror_r implementation,
complete with documentation.

Reviewed by:	mike@ gad@
MFC after:	1 week
2001-12-06 04:53:31 +00:00
David E. O'Brien
5a31fd21e9 Upgrade to Binutils 2.11.2. 2001-12-06 03:10:42 +00:00
Giorgos Keramidas
c602ea21d7 Make a bit more clear the types of characters that -B option will
print in octal.

Reviewed by:	roam, silence on -doc
2001-12-06 00:30:53 +00:00
John Baldwin
d860ec7a2b Trim yet another duplicate fortune. 2001-12-05 22:40:44 +00:00
John Baldwin
ae4385c3b1 Properly sort the last two fortunes alphabetically. 2001-12-05 22:39:00 +00:00
John Baldwin
6d8773a960 Add a short commentary on libdialog by jkh. 2001-12-05 22:13:53 +00:00
John Baldwin
01ad25b722 Remove an incorrect duplicate Douglas Adam quote and properly format and
the correct duplicate.  Both versions also attributed the quote to the
wrong book.
2001-12-05 22:09:39 +00:00
John Baldwin
b2b286f559 Fix a typo and add a missing period. 2001-12-05 21:36:14 +00:00
Dag-Erling Smørgrav
426ae370f4 Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
2001-12-05 21:26:00 +00:00
Dag-Erling Smørgrav
722b228aba Oops! Previous commit used tabs instead of spaces. 2001-12-05 21:11:24 +00:00
Dag-Erling Smørgrav
e878ebd0ce Add /etc/pam.d.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:10:01 +00:00
John Baldwin
bc584bd7b6 Remove some duplicate fortunes. 2001-12-05 21:06:30 +00:00
Dag-Erling Smørgrav
23c103b894 pam.d-style configuration, auto-generated from pam.conf.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:06:21 +00:00
Dag-Erling Smørgrav
378eca6a16 Forced commit to note that previous commit was
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:04:34 +00:00
Dag-Erling Smørgrav
2191f95faf Short README for /etc/pam.d, mostly extracted from the comments in pam.conf. 2001-12-05 20:59:38 +00:00
Dag-Erling Smørgrav
179281f9bf Perl script that splits pam.conf into separate files suitable for pam.d.
Sponsored by:	DARPA, NAI Labs
2001-12-05 20:58:39 +00:00
David E. O'Brien
016298551c Files in subdirectories of directories that have the nodump flag set
are sometimes incorrectly being dumped.

The problem arises because the subdirectory only gets its entry
cleared from usedinomap if it is also present in dumpinomap, and it is
the absence of a directory in usedinomap that internally indicates
that the directory is under the effects of UF_NODUMP (either directly
or inherited).

PR:		32414
Submitted by:	David C Lawrence <tale@dd.org>
2001-12-05 20:42:52 +00:00
Robert Watson
65bbadfbbc o Make kern.security.bsd.suser_enabled TUNABLE.
Requested by:	green
2001-12-05 18:49:20 +00:00
Ruslan Ermilov
47891de1a5 Fixed remotely exploitable DoS in arpresolve().
Easily exploitable by flood pinging the target
host over an interface with the IFF_NOARP flag
set (all you need to know is the target host's
MAC address).

MFC after:	0 days
2001-12-05 18:13:34 +00:00
Robert Watson
959f4950f5 o Whitespace sync to GENERIC 2001-12-05 18:08:23 +00:00
Dag-Erling Smørgrav
87316434d1 Define PAM_READ_BOTH_CONFS. We can now have both /etc/pam.d and
/etc/pam.conf.

Sponsored by:	DARPA, NAI Labs
2001-12-05 17:06:16 +00:00