Commit Graph

69184 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
b0aa095ad0 On second thought, getpwnam() failure should be treated just as if the user
existed, but had no OPIE key, i.e. PAM_IGNORE.

Pointed out by:	ache
Sponsored by:	DARPA, NAI Labs
2002-01-21 19:05:45 +00:00
Dag-Erling Smørgrav
b4b56d051a Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as
PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the
user does not exist.

Sponsored by:	DARPA, NAI Labs
2002-01-21 18:53:03 +00:00
Dag-Erling Smørgrav
ae739ec469 Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it.  If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:51:24 +00:00
Dag-Erling Smørgrav
03adba96a0 Further changes to allow enabling pam_opie(8) by default:
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
   challenging the user.  These options are meaningless for pam_opie(8)
   since the user can't possibly know the right response before she sees
   the challenge.

 - Introduce the no_fake_prompts option.  If this option is set, pam_opie(8)
   will fail - rather than present a bogus challenge - if the target user
   does not have an OPIE key.  With this option, users who haven't set up
   OPIE won't have to wonder what that "weird otp-md5 s**t" means :)

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:46:25 +00:00
Dag-Erling Smørgrav
f2c44ccec8 When running on a local terminal, set PAM_RHOST to the local hostname.
Sponsored by:	DARPA, NAI Labs
2002-01-21 16:19:38 +00:00
Ruslan Ermilov
8c3f5566ae RFC1122 requires that addresses of the form { 127, <any> } MUST NOT
appear outside a host.

PR:		30792, 33996
Obtained from:	ip_input.c
MFC after:	1 week
2002-01-21 13:59:42 +00:00
Dag-Erling Smørgrav
f460490260 Add a new module, pam_opieaccess(8), which is responsible for checking
/etc/opieaccess and ~/.opiealways so we can decide what to do after
pam_opie(8) fails.

Sponsored by:	DARPA, NAI Labs
Reviewed by:	ache, markm
2002-01-21 13:43:53 +00:00
Mike Pritchard
5ecd6127b9 Ispell sweep of share/man/man4/man4.i386. 2002-01-21 12:36:12 +00:00
Mike Pritchard
f87717fa8b Ispell sweep of share/man/man4. 2002-01-21 12:09:13 +00:00
Mike Pritchard
51d31ec2d8 Fix a typo in a comment field. 2002-01-21 11:10:32 +00:00
Mike Pritchard
8edd27f18f Fix spelling errors. 2002-01-21 10:28:18 +00:00
Josef Karthauser
c3da78970e Merge from NetBSD:
ohci.c:	-r1.69 to 1.71
    ohcireg.h:	-r1.14

Some of these deltas are based upon patches that we submitted back to
NetBSD.  They got manifested slightly differently though, so I've brought
back those differences to bring our code bases closer together.

The logs from the NetBSD version of ohci.c:

	revision 1.71
	date: 2000/02/01 05:42:52;  author: augustss;  state: Exp;  lines: +13 -2
	Put some #ifdefs around power and shutdown hooks.
	----------------------------
	revision 1.70
	date: 2000/01/31 22:35:13;  author: augustss;  state: Exp;  lines: +7 -7
	Rename TAILMASK to HEADMASK, since it really masks the head pointer.
	From FreeBSD.
	----------------------------
	revision 1.69
	date: 2000/01/31 22:09:13;  author: augustss;  state: Exp;  lines: +18 -14
	Change where the has table for physical-to-virtual address translation
	is handled.  Partly from FreeBSD.
2002-01-21 05:02:21 +00:00
Josef Karthauser
851522be27 Merge from NetBSD:
ohci.c:	-r1.68
    ohcireg.h:	-r1.13

	date: 2000/01/31 20:17:25;  author: augustss;  state: Exp;
	Fiddle with over-current protect when turning on port power to make
	things work for some OHCI controllers.
2002-01-21 04:24:33 +00:00
Josef Karthauser
3bedcae34f Merge from NetBSD:
revision 1.65
	date: 2000/01/25 12:06:21;  author: augustss;  state: Exp;  lines: +10 -2
	Add done method for root control transfers.
2002-01-21 04:15:39 +00:00
Josef Karthauser
4cd5d8f292 Merge from NetBSD:
revision 1.84
	date: 2000/01/28 00:44:27;  author: augustss;  state: Exp;  lines: +9 -2
	Add uhci_root_ctrl_done() method.
2002-01-21 03:44:00 +00:00
Josef Karthauser
ed98caba5f Merge from NetBSD:
uhci.c:	-r1.82
    uhcivar.h:	-r1.22

	date: 2000/01/26 10:04:39;  author: augustss;  state: Exp;
	Try to avoid accessing the HC if it is dead.  Suggested by mycroft.
2002-01-21 03:35:55 +00:00
Maxim Sobolev
dcd7d9b7b7 Allow dump device be configured as early as possible using loader(8) tunable.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.

MFC after:	2 weeks
2002-01-21 01:16:11 +00:00
Brooks Davis
01b8b9e983 Add support for Linksys WDT11 PCI adaptors.
Submitted by:	Eric Liedtke <eliedtke@apogeetelecom.com>
2002-01-21 00:59:59 +00:00
Josef Karthauser
a87935da55 Remove some unused code, in line with NetBSD's version. 2002-01-20 23:56:46 +00:00
Josef Karthauser
aeab0647e8 Merge from NetBSD:
revision 1.125
	date: 2000/09/23 21:00:10;  author: augustss;  state: Exp;  lines: +19 -3
	Avoid "bandwidth reclamation" for control transfers.  The kue device chokes
	on it.
2002-01-20 23:48:43 +00:00
Josef Karthauser
519461f843 Merge from NetBSD:
uhci.c:	-r1.124
    uhcireg.h:	-r1.13

	date: 2000/08/13 18:20:14;  author: augustss;  state: Exp;
	Fix race condition when unlinking xfers.  Thanks to IWAMOTO Toshihiro
	<iwamoto@sat.t.u-tokyo.ac.jp> for analyzing the problem and suggesting a fix.
	Fixes PR 10662.
2002-01-20 23:38:33 +00:00
Makoto Matsushita
4b60693c3c MFS 1.536.2.52 (partial) and 1.536.2.70: kgzip loader if i386 (only).
5.0-CURRENT-20020121-JPSNAP was failed to build since kern.flp has no
space.  There is already a hack to kgzip loader, and it makes:

-r-xr-xr-x  1 root  wheel  163840 Jan 21 07:40 loader*
-r-xr-xr-x  1 root  wheel   90121 Jan 21 08:06 loader.kgz*

73719 bytes of free spaces to us.
2002-01-20 23:17:52 +00:00
Alfred Perlstein
767567d3c2 use mutex pools for "struct file" locking.
fix indentation of FILE_LOCK/UNLOCK macros while I'm here.
2002-01-20 22:58:08 +00:00
Alfred Perlstein
547ce823ef use mutex pool mutexes for uidinfo locking.
replace mutex_lock calls on uidinfo with macro calls:
  mtx_lock(&uidp->ui_mtx) -> UIDINFO_LOCK(uidp)

Terry Lambert <tlambert2@mindspring.com> helped with this.
2002-01-20 22:48:49 +00:00
Andrey A. Chernov
186caeedcb snprintf bloat -> strlcpy
Add getpwnam return check

Approved by:	des, markm
2002-01-20 20:56:47 +00:00
Josef Karthauser
8e65c31988 Merge from NetBSD:
uhci.c:	-r1.123 (and a tiny bit of -r1.92)
    uhcivar.h:	-r1.32

	date: 2000/08/13 16:18:09;  author: augustss;  state: Exp;
	Implement what in Intel-speech is known as "bandwidth
	reclamation".  It means that we continously poll USB devices
	that have a pending transfer instead of polling just once
	every ms.  This speeds up some transfers at the expense of
	using more PCI bandwidth.
2002-01-20 20:12:25 +00:00
Dag-Erling Smørgrav
e6f0a33e68 Check the return value from read() when reading the CR/LF at the end of a
chunk.

PR:		bin/33608
MFC after:	2 weeks
2002-01-20 19:53:12 +00:00
Dag-Erling Smørgrav
e0583e0c23 Mark uploads as O_WRONLY, not O_RDONLY.
PR:		misc/34043
MFC after:	2 weeks
2002-01-20 19:52:25 +00:00
Alan Cox
c3869e4bf1 o Remove the unused vestiges of JOBST_JOBQPROC and
the per-thread jobtorun queue.
 o Use TAILQ_EMPTY() instead of TAILQ_FIRST(...) == NULL.
2002-01-20 18:59:58 +00:00
Mark Murray
73d7223603 WARNS=4 fixes.
OK'ed by:	des
2002-01-20 17:54:33 +00:00
Ian Dowse
dd24e86e74 Add `-h' to the chown command so that symbolic links copied from
the skeleton directory are chown'd to the new user.

PR:		bin/10601
Submitted by:	Adrian Filipi-Martin <adrian2ubergeeks.com@gosub.cstone.net>
MFC after:	1 month
2002-01-20 17:05:07 +00:00
Yaroslav Tykhiy
b454be098e Minor typo fix: uquad_t -> u_quad_t. 2002-01-20 16:50:29 +00:00
Scott Long
4496239cd9 Remove very outdated comment from the Bugs section that states that
the driver cannot do U160.

Submitted by:	ladisalv.kostal@fem.uniag.sk
MFC after:	1 day
2002-01-20 16:09:18 +00:00
Bill Fumerola
955052cf21 from select(2):
Any of readfds, writefds, and exceptfds may be given as nil
	pointers if no descriptors are of interest.

neither wfds nor efds were of interest so now they are nil.

also, do a little better then making an educated guess for nfds.
2002-01-20 12:13:28 +00:00
Josef Karthauser
a353e14e75 Merge from NetBSD:
uchireg.h:	-r1.12
    uchi.c:	-r1.121

    date: 2000/07/23 19:43:38;  author: augustss;  state: Exp;
    Be a little more explicit and careful about setting links in TDs and QHs.
2002-01-20 12:08:09 +00:00
Mike Smith
d57a4b130a Correct the majors entry for 'iir'. 163 is vacated now. 2002-01-20 09:01:07 +00:00
Mike Smith
a245737c51 Add the 'iir' driver, for the Intel Integrated RAID controllers and
prior ICP Vortex models.  This driver was developed by Achim Leubner
of Intel (previously with ICP Vortex) and Boji Kannanthanam of Intel.

Submitted by:	"Kannanthanam, Boji T" <boji.t.kannanthanam@intel.com>
MFC after:	2 weeks
2002-01-20 08:51:08 +00:00
Mike Smith
e103ec2fc4 ICP have been acquired by Intel, and their driver is now the Intel
Integrated RAID driver, supported by <boji.t.kannanthanam@intel.com> and
<achim.leubner@intel.com>.

Submitted by:	"Kannanthanam, Boji T" <boji.t.kannanthanam@intel.com>
2002-01-20 06:21:33 +00:00
Warner Losh
a8c18609ec The Libretto L series has no $PIR table, but does have a _PIR table.
This typo keeps us from properly routing an interrupt for CardBus
bridges on this machine.  So, now we look for $PIR and then _PIR to
cope.  With these changes, the Libretto L1 now works properly.
Evidentally, the idea comes from patch that the Japanese version of
RedHat (or against a Japanese version of Red Hat), but my Japanese
isn't good enough to to know for sure.

Reported by: Hiroyuki Aizu-san <eyes@navi.org>

# This may be an MFC candidate, but I'm not yet sure.
2002-01-20 03:28:29 +00:00
Mike Heffner
6b8a6a6e6c Prevent overflowing the buffer that stores the command arguments.
PR:		bin/19422
Not objected to by: -audit
MFC after:	3 weeks
2002-01-20 01:30:40 +00:00
Alan Cox
12f63f1741 o Revision 1.99 ("KSE Milestone 2") left the aio daemons
sleeping on a process object but changed the corresponding
   wakeup()s to the thread object.  The result was that non-raw
   aio ops waited for an aio daemon to timeout before action
   was taken.  Now, we sleep on the thread object.

PR:		kern/34016
2002-01-20 00:52:44 +00:00
Mike Heffner
94ef258fee Link mail(1) to mailx per POSIX. Mail(1) isn't 100% POSIX compliant,
but it is pretty close.

Not objected to by: -standards
2002-01-19 23:47:21 +00:00
Matthew Dillon
170ac683f2 I've been meaning to do this for a while. Add an underscore to the
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
2002-01-19 23:20:02 +00:00
Dag-Erling Smørgrav
819a142080 Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
2002-01-19 18:29:50 +00:00
Andrey A. Chernov
07977587ab Back out PAM_CRED_ERR addition 2002-01-19 18:06:05 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Jun Kuriyama
cc51a2e8b1 MFen (1.261 --> 1.263). 2002-01-19 15:53:23 +00:00
Jun Kuriyama
2e950b9a72 Remove bogus entry. 2002-01-19 15:12:40 +00:00
Jun Kuriyama
094e81f83b MFen (1.260 --> 1.261; order changes only). 2002-01-19 15:12:05 +00:00
Bruce A. Mah
16ade34a93 New release notes: ARCNET support, cm driver. 2002-01-19 13:38:48 +00:00