Commit Graph

12526 Commits

Author SHA1 Message Date
John Dyson
3eb77c8302 Fix a problem with tracking the modified bit. Eliminate the
ugly inline-asm code, and speed up the page-table-page tracking.
1996-02-25 03:02:53 +00:00
Bill Paul
51f7eb2d4b update suggested flags for rpc.yppasswdd (-t now does what -m used to do) 1996-02-24 22:13:06 +00:00
Bill Paul
589b8bfc35 Add securenets support (uses same access control mechanism as ypserv,
also controlled by /var/yp/securenets).

Add -u flag to turn off the privileged port check done by yp_access();
some commercial systems (IRIX, Solaris 2.x, HP-UX, and probably others)
don't use a reserved port for submitting yppasswd updates. If we always
enforce the check, these client systems will be unable to submit updates
to us.

Document securenets support and -u flag in man page.

Like ypserv, you can compile rpc.yppasswdd to use the tcpwrapper package
instead of securenets if you want to.
1996-02-24 22:10:42 +00:00
Bill Paul
f7f470a811 Add real securenets support. By default, ypserv now uses /var/yp/securenets
in the same was as the SunOS ypserv (same format, described in ypserv man
page). If the user wants tcpwrapper style access control, they can
recompile ypserv to use that instead. This way we get securenets without
having to ship libwrap.a and tcpd.h with core FreeBSD distribution.

If /var/yp/securenets doesn't exist, ypserv allows all connections.
1996-02-24 22:01:48 +00:00
Bruce Evans
9c03f905b9 Added support for Cyclades and Digiboard devices.
Submitted by:	Daniel O'Callaghan <danny@lynx.its.unimelb.edu.au>
                + mods by bde
1996-02-24 19:51:25 +00:00
Joerg Wunsch
1b989d7a36 Now that we install the `flex' alias for our lex, we should also
install the `libfl' alias for libl.  Some third-party software will
expect it this way.

Submitted by:	Holm tiffe (holm@geophysik.tu-freiberg.de)
1996-02-24 16:31:31 +00:00
Peter Wemm
9c8e90ad85 Add minherit.2 to Makefile.. (oops, forgot it before) 1996-02-24 15:32:12 +00:00
Peter Wemm
7350dd84a0 If the two recently added sysctl variables exist, use those rather than
the statically compiled PS_STRINGS and USRSTACK variables.  This prevents
programs using setproctitle from coredumping if the kernel VM is increased,
and stops libkvm users (w, ps, etc) from needing to be recompiled if only
the VM layout changes.
1996-02-24 14:37:30 +00:00
Peter Wemm
99ac3bc8da Add two sysctl variables that can be read by libutil and libkvm so that
they can adapt to simple kernel VM layout changes.
1996-02-24 14:32:53 +00:00
Poul-Henning Kamp
d2165a8da6 Make the ipfw LKM work again.
This concludes this round of updates to ipfw, have at it!
1996-02-24 13:41:57 +00:00
Poul-Henning Kamp
72ee2a8b10 Update to match kernel code. 1996-02-24 13:39:46 +00:00
Poul-Henning Kamp
09bb5f7589 Make getsockopt() capable of handling more than one mbuf worth of data.
Use this to read rules out of ipfw.
Add the lkm code to ipfw.c
1996-02-24 13:38:28 +00:00
Poul-Henning Kamp
5b0c234e20 A new ipfw program that can set and control the new features.
An almost correct usage is printed.
1996-02-24 00:20:56 +00:00
Poul-Henning Kamp
b83e431483 The new firewall functionality:
Filter on the direction (in/out).
	Filter on fragment/not fragment.
1996-02-24 00:17:35 +00:00
Peter Wemm
7ee32b9fba Attempt to document the recent in_pcb local port address changes.. 1996-02-23 21:01:35 +00:00
Poul-Henning Kamp
a2ebc3ee0f I overlooked this one. 1996-02-23 20:11:37 +00:00
Peter Wemm
781006180d rfork/minherit glue in libc
man pages adapted from OpenBSD's versions.
1996-02-23 19:56:55 +00:00
Peter Wemm
34cc74ea41 Add prototype for rfork(). 1996-02-23 19:45:46 +00:00
Peter Wemm
dedb7b623c Garrett pointed out that the correct place for unix system call args
is <sys/unistd.h>, with the prototype in <unistd.h>.  sys/unistd.h
is visible to the kernel compile, and is #included by unistd.h.

Also, I missed a reference to a static int in the midst of my other diffs.
1996-02-23 19:44:10 +00:00
Peter Wemm
dabee6fecc kern_descrip.c: add fdshare()/fdcopy()
kern_fork.c: add the tiny bit of code for rfork operation.
kern/sysv_*: shmfork() takes one less arg, it was never used.
sys/shm.h: drop "isvfork" arg from shmfork() prototype
sys/param.h: declare rfork args.. (this is where OpenBSD put it..)
sys/filedesc.h: protos for fdshare/fdcopy.
vm/vm_mmap.c: add minherit code, add rounding to mmap() type args where
it makes sense.
vm/*: drop unused isvfork arg.

Note: this rfork() implementation copies the address space mappings,
it does not connect the mappings together.  ie: once the two processes
have split, the pages may be shared, but the address space is not. If one
does a mmap() etc, it does not appear in the other.  This makes it not
useful for pthreads, but it is useful in it's own right for having
light-weight threads in a static shared address space.

Obtained from: Original by Ron Minnich, extended by OpenBSD
1996-02-23 18:49:25 +00:00
Peter Wemm
e89de7b5c3 Run makesyscalls to regen the tables. 1996-02-23 18:31:34 +00:00
Peter Wemm
96ac07ef3a Add hooks for rfork/minherit pair, and reset args of vfork in preperation
for adding the syscalls.
1996-02-23 18:20:44 +00:00
Peter Wemm
4f9a71f6a0 Note the syscall numbers used in BSD/OS 2.x. We dont want to
accidently use one of these ourselves as it'd make it harder to run
their binaries.
Also, remove the now-defunct #include "opt_sysvipc.h".
1996-02-23 18:03:08 +00:00
Paul Traina
f0113fc0f7 If a .db file is 0 length, initialize it as if it did not exist.
Reviewed by:	wollman
1996-02-23 17:57:32 +00:00
Bill Paul
c2dfe9fe01 Merge in changes to support the new rpc.yppasswdd(8) and fix a few bugs.
In passwd(1):

- Gut most of yp_passwd.c and leave only a few things that aren't common
  to pw_yp.c.

- Add support for -d and -h flags to select domains and NIS server hosts
  to use when updating NIS passwords. This allows passwd(1) to be used
  for changing NIS passwords from machines that aren't configured as
  NIS clients. (This is mostly to allow passwd(1) to work on NIS master
  servers that aren't configured as clients -- an NIS server need not
  necessarily be configured as a client itself.)

  NOTE: Realize that having the ability to specify a domain and hostname
  lets you use passwd(1) (and chpass(1) too) to submit update requests
  to yppasswd daemons running on remote servers in remote domains which
  you may not even be bound to. For example, my machine at home is not
  an NIS client of the servers on the network that I manage, yet I can
  easily change my password at work using my FreeBSD box at home by doing:
  'passwd -d work.net.domain -h any.nis.server.on.my.net wpaul'. (Yes,
  I do use securenets at work; temporarily modified my securenets file
  to give my home system access.) Some people may not be too thrilled
  with this idea. Those who don't like this feature can recompile passwd(1)
  and chpass(1) with -DPARANOID to restrict the use of these flags to
  the superuser.

  (Oh, I should be adding proper securenets support to ypserv(8) and
  rpc.yppasswdd(8) over the weekend.)

- Merge in changes to allow root on the NIS master server to bypass
  authentication and change any user's NIS password. (The super-user
  on the NIS master already has privileges to do this, but doing it
  through passwd(1) is much easier than updating the maps by hand.)
  Note that passwd(1) communicates with rpc.yppasswdd(8) via a UNIX
  domain socket instead of via standard RPC/IP in this case.

- Update man page.

In chpass(1):

- Fix pw_yp.c to work properly in environments where NIS client
  services aren't available.

- Use realloc() instead of malloc() in copy_yp_pass() and copy_local_pass().

- Fix silly bug in copy_yp_pass(); some of the members of the passwd
  structure weren't being filled in correctly. (This went unnoticed
  for a while since the old yppasswdd didn't allow changes to the
  fields that were being botched.)

- chpass(1) now also allows the superuser on the NIS master server to
  make unrestricted changes to any user's NIS password information.

- Use UNIX domain comm channel to rpc.yppasswdd(8) when run by the
  superuser on the NIS master. This allows several new things:

   o superuser can update an entire master.passwd.{byname,byuid} entry
   o superuser can update records in arbitrary domains using -d flag to
     select a domain (before you could only change the default domain)
   o superuser can _add_ records to the NIS master.passwd maps, provided
     rpc.yppasswdd(8) has been started with the -a flag (to do this,
     the superuser must force NIS operation by specifying the -y flag
     to chpass(1) along with -a, i.e. 'chpass -y -a 'foo:::::::::')

- Back out the 'chpass -a <new password entry> breaks with NIS' fix
  from the last revision and fix it properly this time. The previous
  revision fixed the immediate problem but broke NIS operation in
  some cases.

- In edit.c, be a little more reasonable about deciding when to
  prevent the shell field from being changed.

  Submitted by Charles Owens <owensc@enc.edu>, who said:

  "I made a minor (one-line) modification to chpass, with regards
   to whether or not it allows the changing of shells.  In the 2.0.5 code,
   field changing follows the settings specified in the "list" structure
   defined in table.c .  For the shell, though, this is ignored.  A quick
   look in edit.c showed me why, but I don't understand why it was written as
   such.  The logic was

        if shell is standard shell, allow changing

   I changed it to

        if shell changing is allowed (per table.c) and it is a standard shell
             OR if uid=0, then allow changing."

   Makes sense to me.

- Update man page.
1996-02-23 16:08:59 +00:00
Poul-Henning Kamp
41955e9114 Update -current ipfw program as well.
I hope it all compiles...
1996-02-23 15:52:28 +00:00
Poul-Henning Kamp
e7319bab6b Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.

Code in -current & -stable is now the same.
1996-02-23 15:47:58 +00:00
Adam David
b69a06147a rpc.yppasswdd instead of yppasswdd 1996-02-23 10:44:49 +00:00
Peter Wemm
574317c8f1 Add a dire warning about misusing the setlogin() system call. Be very
explicit that it is global to the entire "session", and that setsid() or
daemon() are need to have been called at some point.

The most notable offender of setlogin() misuse is XFree86's xdm.
1996-02-23 10:28:01 +00:00
Andrey A. Chernov
e7f2f8f46c Kill gets() found 1996-02-23 03:01:53 +00:00
Joerg Wunsch
92871d692a Add a note about the RFC-1535 compliant behaviour of the recent BIND
version that's now shipping with FreeBSD.

Pointed-out by: Holm Tiffe <holm@geophysik.tu-freiberg.de>
1996-02-22 23:34:13 +00:00
Peter Wemm
33b3ac0633 Make the default behavior of local port assignment match traditional
systems (my last change did not mix well with some firewall
configurations).  As much as I dislike firewalls, this is one thing I
I was not prepared to break by default.. :-)

Allow the user to nominate one of three ranges of port numbers as
candidates for selecting a local address to replace a zero port number.
The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg)
call.  The three ranges are: default, high (to bypass firewalls) and
low (to get a port below 1024).

The default and high port ranges are sysctl settable under sysctl
net.inet.ip.portrange.*

This code also fixes a potential deadlock if the system accidently ran out
of local port addresses. It'd drop into an infinite while loop.

The secure port selection (for root) should reduce overheads and increase
reliability of rlogin/rlogind/rsh/rshd if they are modified to take
advantage of it.

Partly suggested by: pst
Reviewed by: wollman
1996-02-22 21:32:23 +00:00
Peter Wemm
e7f6729d6c Remove useless (for us) Makefiles. There were already other "Makefile.dist"
files missing, so these shouldn't hurt.  If somebody wanted to use sendmail
8.7 on their machine, they should use a clean dist anyway, not this one.

Submitted by: wollman
1996-02-22 19:58:32 +00:00
Peter Wemm
32e3ec14af Merge 8.7.3->8.7.4 changes onto mainline. 1996-02-22 18:57:52 +00:00
Peter Wemm
916c098c5f This commit was generated by cvs2svn to compensate for changes in r14182,
which included commits to RCS files with non-trunk default branches.
1996-02-22 18:49:13 +00:00
Peter Wemm
c0d5d644aa Update to sendmail-8.7.4. This fixes a DNS related security vulnerabilty. 1996-02-22 18:49:13 +00:00
David Greenman
f9d5a964af Fixed bug in Path MTU Discovery that caused the system to have to re-
discover the Path MTU for each connection if the connecting host didn't
offer an initial MSS.

Submitted by:	davidg & olah
1996-02-22 11:46:39 +00:00
Thomas Gellekum
4715842e4d Add Bernd Rosauer to contributors. 1996-02-22 11:08:57 +00:00
David Greenman
5afce28270 Add a "NO_SWAPPING" option to disable swapping. This was originally done
to help diagnose a problem on wcarchive (where the kernel stack was
sometimes not present), but is useful in its own right since swapping
actually reduces performance on some systems (such as wcarchive).
Note: swapping in this context means making the U pages pageable and has
nothing to do with generic VM paging, which is unaffected by this option.

Reviewed by:	 <dyson>
1996-02-22 10:57:37 +00:00
John Dyson
6e20683c9d Fix a problem that select did not work with direct writes. Make
wakeup channels more consistant also.
1996-02-22 03:33:52 +00:00
Joerg Wunsch
9408e822a5 . cast the error and status registers properly to (unsigned short),
to avoid misinterpreting the 0x8000 bit as a negative sign,

. use the <machine/wtio.h> register def's to print them.
1996-02-22 00:33:35 +00:00
Joerg Wunsch
2e899e8a02 . move out the error and status register def's for wt into
<machine/wtio.h>, so mt(1) can print them,

. cosmetics: put the return type and the function name onto
  different lines.
1996-02-22 00:31:49 +00:00
Nate Williams
2b1f32c2f9 Removed un-used code. 1996-02-21 23:31:03 +00:00
Nate Williams
b2e8253ac3 Updated PC-CARD support to contain most of the code from the latest
Japanese BSD-Nomad release.

Reviewed by:    phk
Submitted by:   hosokawa@mt.cs.keio.ac.jp and the rest of the Nomads
1996-02-21 23:22:27 +00:00
Nate Williams
4765b33331 Updated PC-CARD support to contain most of the code from the latest
Japanese BSD-Nomad release.

Reviewed by:	phk
Submitted by:	hosokawa@mt.cs.keio.ac.jp and the rest of the Nomads
1996-02-21 23:20:21 +00:00
Andrey A. Chernov
9b3a4c562d Fix weak random number hole
Obtained from: CERT
1996-02-21 21:40:14 +00:00
Mike Pritchard
1ba797fb84 Print out an informative message if the verbose option is given
and an unknown uid/gid is found in the file system.  This is useful
if you wind up with a file in your file system that has a uid
that is extremely large, since quotacheck will wind up running
a very very long time due to it not handling large gaps in uids
very well (this is a problem that should be addressed some day).

Update the man page to reflect that fact the the -v flag now prints
some additional diagnostic messages.
1996-02-21 18:40:54 +00:00
Jordan K. Hubbard
1c934dae3e Add back missing crypt.3 man page. 1996-02-21 08:15:08 +00:00
Ollivier Robert
453309955b Add a few questions forwarded by Jordan and one from Jörg about
XDM.

Submitted by:	geert@sun3.iaf.nl,tedm%toybox@agora.rdrop.com,joerg
1996-02-21 00:07:39 +00:00
Wolfram Schneider
5fd463ac12 option -f and -i are exclusive (Posix)
respond `Y' is equal to `y'
update usage string
prompt only if source exist
1996-02-20 23:27:57 +00:00