Commit Graph

6405 Commits

Author SHA1 Message Date
Andrey A. Chernov
27ebcacbb0 Nonexistent SIZE_MAX -> SIZE_T_MAX 2002-08-04 04:11:48 +00:00
Tim J. Robbins
d4ba1c2249 Signal an error instead of giving the caller less memory than they asked
for when num * size would cause integer overflow.

MFC after:	1 week
2002-08-04 02:52:11 +00:00
Andrey A. Chernov
9bb322433e Add ERRORS section according to POSIX (no errors) 2002-08-03 17:20:45 +00:00
Andrey A. Chernov
2f6754febb Catch empty encoding name too 2002-08-03 17:09:21 +00:00
Andrey A. Chernov
40b97dcb2a Fix return codes to match what setrunelocale() returns 2002-08-03 16:26:47 +00:00
Andrey A. Chernov
5740f28044 Preserve errno in fallback code 2002-08-03 15:56:25 +00:00
Tim J. Robbins
e9fb70115f Add ISO C90 Amd. 1 btowc(3) and wctob(3) functions. 2002-08-03 13:49:55 +00:00
Tim J. Robbins
196099d661 Correct use of Nm macro in NAME section and a broken cross reference. 2002-08-03 12:39:41 +00:00
Andrey A. Chernov
710d708144 Return errno provided by fopen, not always ENOENT.
Return EFTYPE instead of EINVAL for wrong locale file format.
Whitespaces.
2002-08-03 11:55:19 +00:00
Andrey A. Chernov
256ddd5999 Check encoding for ".", ".." and / inside 2002-08-03 10:23:06 +00:00
Andrey A. Chernov
5568219d15 Return EINVAL for NULL or too long encoding, not EFAULT 2002-08-03 09:10:31 +00:00
Andrey A. Chernov
83c9580dbb Return ENAMETOOLONG for long PATH_LOCALE, not EFAULT 2002-08-03 09:07:27 +00:00
Andrey A. Chernov
a17eafe2a8 1) Use errno to indicate faulure reason.
2) Move incomplete check for / in locale name from env section to
loadlocale(), add check for "." and ".." too.
It allows to check any argument, not env only.
3) Redesing LOAD_CATEGORY macro to eliminate code duplication.
4) Try harder in fallback code: if old locale can't be restored,
load "C" locale
5) White space formatting, long lines, etc.
2002-08-03 09:04:44 +00:00
Tim J. Robbins
5b32667c57 Add ISO C90 Amd. 1 wctype(3) and iswctype(3) functions. 2002-08-03 04:18:40 +00:00
Robert Watson
d97fcfce27 Introduce support for Mandatory Access Control and extensible
kernel access control.

Extensions to libc to provide basic MAC label manipulation facilities
for userland.  These interface will be replaced in the next month
or two with more flexible interfaces, but provide sufficient support
to allow use of the Biba and MLS policies for user applications.

libc_r wrappers to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 21:14:42 +00:00
Andrey A. Chernov
4e7b46d8e2 Sligtly modify previous out-of-bounds fix: just break instead of
return(NULL) for upward compatibility with more LC_* categories may be
implemented in future.
2002-08-02 13:36:54 +00:00
Robert Watson
5fc5c0cd3b De-gccize CFLAGS by removing it.
NOMAN is no longer required when a man page is not yet present.

Submitted by:	ru
2002-08-02 13:33:17 +00:00
Maxime Henrion
9e69d6b629 Remove an #include <syslog.h>. It's already included conditionally
above, as it should be.

Submitted by:	Olivier Houchard <cognet@ci0.org>
2002-08-02 11:58:48 +00:00
Robert Watson
ed5740842e Hook up libugidfw to the build.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:09:53 +00:00
Robert Watson
46d1a925c2 Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide a library to manage user file system firewall-like rules
supported by the mac_bsdextended.ko security model.  The kernel
module exports the current rule set using sysctl, and this
library provides a front end that includes support for retrieving
and setting rules, as well as printing and parsing them.

Note: as with other userland components, this is a WIP.  However,
when used in combination with the soon-to-be-committed ugidfw,
it can actually be quite useful in multi-user environments to
allow the administrator to limit inter-user file operations without
resorting to heavier weight labeled security policies.

Obtained form:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:07:35 +00:00
Andrey A. Chernov
ef1e7a2656 Prevent out of bounds writting for too many slashes case.
Replace strnpy + ='\0' with strlcpy

MFC after:	1 day
2002-08-02 01:04:49 +00:00
Jacques Vidrine
8f3e3652e4 The fix applied to the XDR decoder in revision 1.11 was incorrect. 2002-08-01 12:23:04 +00:00
Mark Murray
c13373b7d7 Fix an easy warning in a local addition. 2002-08-01 11:29:05 +00:00
Jake Burkholder
f739b33f57 Stash various networking paramters in the environment for the kernel
to pick up, ala pxe.
2002-07-31 20:17:06 +00:00
Jacques Vidrine
b113cd8006 Sort headers to reduce diffs between branches. 2002-07-31 15:11:59 +00:00
Darren Reed
cc0178a73e some dolt forgot to add in an include for <limits.h> 2002-07-31 14:47:02 +00:00
Darren Reed
7fc37b7c09 Patch to fix bounds checking/overflow.
Obtained from:	OpenBSD
2002-07-31 12:50:28 +00:00
Chris Costello
0b50f33046 Grammar (was' -> were') 2002-07-31 06:40:34 +00:00
Dag-Erling Smørgrav
68e6e4bd40 Since pam_get_authtok(3) doesn't know about our options structure, setting
the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the
old pam_get_pass(3) code).  Instead, call pam_prompt(3) directly.  This
actually simplifies the code a bit.

MFC after:	3 days
2002-07-30 08:32:03 +00:00
Mike Silbersack
e3682e195b Update docs to reflect change in count of procs reserved for root
from 1 to 10.

PR:		kern/40515
Submitted by:	David Schultz <dschultz@uclink.Berkeley.EDU>
MFC after:	1 day
2002-07-30 05:36:34 +00:00
Ruslan Ermilov
d2893b161b Drop support for COPY, -c has been the default mode of install(1)
for a long time now.

Approved by:	bde
2002-07-29 09:40:17 +00:00
Ian Dowse
bb1ca86f24 Revert part of revision 1.10, as it broke portmap lookups for IPv4
TCP clients. The problem was that a struct netconfig returned by
getnetconfigent() was being treated as a handle for __rpc_getconf(),
which certainly isn't right.

The tirpc-99 code uses __rpc_setconf("udp")/__rpc_getconf() to find
the IPv4 udp netconfig, but our implementation of these functions
seem happy to return IPv6 entries, so we can't use them. By reverting
to the old version, we are hard-coding the name of the udp4 netid.

Tracked down by:	Bakul Shah <bakul@bitblocks.com>
2002-07-26 07:52:21 +00:00
Hajimu UMEMOTO
2cbe834ad1 sysctl(NET_RT_IFLIST) up to several (currently 5) times.
This will make the behavior robuster if many addresses are added
after the size estimation of storage at the first sysctl.

Reviewed by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after:	1 week
2002-07-25 08:08:30 +00:00
Hajimu UMEMOTO
f6074d745f - ntohs() returns unsigned value.
- use strlcpy.
- snprintf can return negative value, so cope with it.
- tweak interface index on interface locals (ff01::/16).
- removed unused macros.
- removed a macro that uses only once (in a trivial context).
- explicitly say goodbye to ENI_xxx.
- constify struct afd.

Obtained from:	KAME
MFC after:	1 week
2002-07-24 18:58:32 +00:00
Dag-Erling Smørgrav
99260419d6 Install more man pages - I thought I'd committed this ages ago... 2002-07-23 17:59:46 +00:00
Ruslan Ermilov
61a875d706 Don't forget to recalculate the IP checksum of the original
IP datagram embedded into ICMP error message.

Spotted by:	tcpdump 3.7.1 (-vvv)
MFC after:	3 days
2002-07-23 00:16:19 +00:00
Dag-Erling Smørgrav
190c185e22 Surround prototypes with __BEGIN_DECLS / __END_DECLS.
PR:		misc/40399
MFC after:	3 days
2002-07-22 16:11:39 +00:00
Peter Wemm
7657553c76 Add an ia64 atomic lock primitive for libc_r. This is mostly for
completeness and doesn't get us a working libc_r there because libc_r
uses setjmp() and setjmp() cannot be used for context switches on ia64
as-is (or sparc64).  Rather than making setjmp/longjmp behave like
the *context() calls, it would be far better to make libc_r use *context()
directly which is what they are for.

Obtained from:  marcel
2002-07-20 19:22:10 +00:00
Peter Wemm
21a7fd75c3 Reimplement malloc/free debugging that includes the offending file:line
info.  This turned out to be rather useful on ia64 for tracking down
malloc/free problems.
Detect duplicate free()'s - otherwise these show up as a guard1 failure
and it looks like corruption instead of something simple like a second
free() where there shouldn't be.
Deal with libz using libc headers and not seeing the malloc/free stuff that
we provide in libstand.  Do similar nastiness to what is done for bzlib.

Tested on: i386, ia64 (compile, run)
2002-07-20 04:18:20 +00:00
Peter Wemm
a4e7b0c88f Add __printflike() to printf() and sprintf() prototypes. -ffreestanding
turns off gcc's builtin attributes for these functions and as a result
-Wformat does no checking. (argh)
2002-07-20 03:55:06 +00:00
Ruslan Ermilov
0b87f79976 s/${INSTALL} -c/${INSTALL} ${COPY}/ 2002-07-18 12:07:49 +00:00
Luigi Rizzo
90780c4b05 Move IPFW2 definition before including ip_fw.h
Make indentation of new parts consistent with the style used for this file.
2002-07-18 05:18:41 +00:00
Mike Heffner
4a59c3ab55 Update glob(3) to add all the POSIX required options, specifically:
- add GLOB_NOMATCH return value and use it when we don't get a match
- rename GLOB_ABEND to GLOB_ABORTED and use it instead of returning 1
  in some places
- add GLOB_NOESCAPE flag and retire GLOB_QUOTE to compatibility
  section

Suggestions/advice on correct usage of POSIX defines: wollman
2002-07-17 04:58:09 +00:00
Kirk McKusick
fb36a3d847 Change utimes to set the file creation time (for filesystems that
support creation times such as UFS2) to the value of the
modification time if the value of the modification time is older
than the current creation time. See utimes(2) for further details.

Sponsored by:	DARPA & NAI Labs.
2002-07-17 02:03:19 +00:00
Garrett Wollman
020d4fa6de Don't ask me how I consistently turned struct statvfs into struct vfsconf.... 2002-07-16 20:40:12 +00:00
Mark Murray
828191256b The main reason for this is to reduce diffs between all the crt1.c's.
Assembler macros are tidied up and made as similar as sanely possible.
The macros are translated into C (__inline static) functions for lint.

Declaration orders are made the same.
Declarations are all ISOfied and tidied up.

Comment contents have gratuitous diffs removed.

The net result is a bunch of crt1.c's that are 90% the same.
It may be possible to now encapsulate the differences in one
MD header, and have only one MI crt1.c file (although the macros
to do this may be ugly).

Helpful comments by:	obrien, bde
Alpha tested by:	des
i386-elf tested by:	markm
2002-07-16 12:28:50 +00:00
Garrett Wollman
252724764d Assume that my bug report against 1003.1-2001 will be resolved my way,
and make 64-bit architectures use the LP64_OFF64 environment instead
of the LPBIG_OFFBIG one.
2002-07-15 22:43:03 +00:00
Garrett Wollman
603a6e79d8 Support POSIX/SUS ``programming environment'' mistake in confstr(). 2002-07-15 22:21:33 +00:00
Garrett Wollman
97ec79a175 All of the things that confstr() returns are compile-time constants.
It's silly to call sysctl() to get the value of _PATH_STDPATH from
<paths.h> when we can just use it directly.  This greatly simplifies
the implementation.  (This is also part of my grand scheme to get
rid of sysctl's `user' category, which should never have been created.)

Use strlcpy() instead of strncpy() as it has the exact semantics we want.
2002-07-15 21:51:19 +00:00
Giorgos Keramidas
1f2cec106f The .Fn function. 2002-07-15 20:59:12 +00:00
Giorgos Keramidas
ab7e1a5712 The .Fn function 2002-07-15 20:50:16 +00:00
Garrett Wollman
45d2fcfaae Don't bother asking the kernel about _SC_FSYNC; it's not optional. 2002-07-15 20:42:05 +00:00
Giorgos Keramidas
68a8e8a9f3 Add a missing 'function' word.
Use .Vt to mark up `struct stat' when it is a variable type.
2002-07-15 20:07:09 +00:00
Hajimu UMEMOTO
8071d8d70d Use BSDi derived if_nametoindex(), if_indextoname(), if_nameindex()
and if_freenameindex().

Obtained from:	KAME
MFC after:	2 weeks
2002-07-15 19:58:56 +00:00
Giorgos Keramidas
e812f24f6d The .Fn function 2002-07-15 19:56:24 +00:00
Garrett Wollman
c98a4bf3fb Don't claim to fully implement C99 in the STANDARDS section and then disclaim
compliance in the BUGS section immediately below.
2002-07-15 19:46:06 +00:00
Garrett Wollman
647e4efd97 Note that fseeko() and ftello() are standard in 1003.1-2001.
(Prefer the more-encompassing POSIX standard to SUSv2.)
2002-07-15 19:42:25 +00:00
Giorgos Keramidas
ce9fa5fcb2 Fix whitespace in .Bd -literal display of S_IXXX constants.
Noticed by:     jmallett
2002-07-15 08:58:16 +00:00
Alfred Perlstein
988553e96a Fix "rpcinfo -m" when talking to other implementations of rpcbind.
Submitted by: mbr (NetBSD PR#15802)
2002-07-14 23:38:37 +00:00
Alfred Perlstein
886ee6f6a5 clnt_vc_create() has const scalar arguments that wind up being modified,
fix it (make them non-const) and update the associated documentation.

Submitted by: mbr
2002-07-14 23:35:04 +00:00
Alfred Perlstein
c549fd466b Cast function args to silence warning.
Submitted by: mbr
2002-07-14 23:20:08 +00:00
Alfred Perlstein
261e68702a Add a prototype for __rpcb_findaddr_timed to silence a warning. 2002-07-14 23:14:08 +00:00
Alfred Perlstein
cffc0b5784 Silence several warnings due to functions that needed to take a void *
having a char * as an argument instead. clnt_dg_control(), clnt_raw_control(),
clnt_vc_control().
2002-07-14 23:14:02 +00:00
Garrett Wollman
d04f03fc63 Fix a few bugs in the ERRORS section. 2002-07-13 19:38:59 +00:00
Garrett Wollman
6e97e157e8 Add statvfs(3) to the build.
Tested by:	Steve Kargl
2002-07-13 19:33:20 +00:00
Garrett Wollman
b3928a066a Well, it's not quite strxfrm(3) but at least it's honest. 2002-07-13 19:29:44 +00:00
Giorgos Keramidas
079167d6d7 Various typo fixes.
PR:		docs/39395
Submitted by:	Rich Neswold <rneswold@ameritech.net>
2002-07-12 01:30:18 +00:00
Garrett Wollman
4f6799e61e A simple implementation of statvfs(3) (one step above the trivial one).
Not yet connected to the build (awaiting documentation).
2002-07-11 22:54:11 +00:00
Alfred Perlstein
62947a57cc Update manpages to reference 'timed' rpc functions 2002-07-11 22:25:16 +00:00
Juli Mallett
cf6c0643ee Fill out (zero) and fill in (when doing getino()) the minimum and maximum
inodes in our inoblock (disk->d_ino{min,max}) appropriately.
2002-07-11 21:27:26 +00:00
David E. O'Brien
3cc44e2238 RELENG_4_6 PL 1 libc bits with non-vulnerable resolver.
Security Advisory:	FreeBSD-SA-02:28.resolv
2002-07-11 20:40:24 +00:00
Alfred Perlstein
4e37855e01 Add functions allowing for the user to specify a timeout for rpc functions.
Update copyrights to reflect where this code was lifted from. (tirpc '99)

Submitted by: mbr
2002-07-11 16:23:04 +00:00
Thomas Moestl
58d646cdd3 Add missing ret instruction to the ptrace() syscall wrapper. 2002-07-11 15:48:02 +00:00
Garrett Wollman
f646fac5e0 Fix some comments. 2002-07-10 16:35:02 +00:00
Maxim Konovalov
25a6539985 Fix a typo.
MFC after:	3 days
2002-07-10 09:06:42 +00:00
Daniel Eischen
582dfa2dd4 Oops, forgot to set the suspended flag for threads that are created
initially suspended.  This was preventing such threads from getting
resumed.

Reported by:	Bill Huey <billh@gnuppy.monkey.org>
2002-07-09 13:24:52 +00:00
Luigi Rizzo
b3063f064c Fix a bug caused by dereferencing an invalid pointer when
no punch_fw was used.
Fix another couple of bugs which prevented rules from being
installed properly.

On passing, use IPFW2 instead of NEW_IPFW to compile the new code,
and slightly simplify the instruction generation code.
2002-07-08 22:57:35 +00:00
Maxime Henrion
193d036860 Typo fix: Setlogin() -> setlogin().
Submitted by:	Olivier Houchard <cognet@ci0.org>
2002-07-08 20:16:15 +00:00
Mike Barcroft
f71e6a5243 Bring poll.h up to conformance with POSIX.1-2001 by adding some
visibility conditionals, adding the nfds_t type, and changing the
poll() prototype a little.  Update the manual to match.
2002-07-08 16:37:35 +00:00
Jake Burkholder
f9751ec2cd Add a hack (kludge?) to avoid trying to access files backed by disk
devices as though they were backed by network devices.
2002-07-07 23:01:36 +00:00
Daniel Harris
883d00eb92 s/unavilable/unavailable/
PR:		39446
Submitted by:	Stefan Farfeleder <e0026813@stud3.tuwien.ac.at>
MFC after:	1 day
2002-07-07 18:08:51 +00:00
Jake Burkholder
439be3f790 Ficl wants _setjmp and _longjmp. No need for weak symbols either. 2002-07-07 18:04:45 +00:00
Robert Drehmel
897ad22f04 Fix syntax error which occurred when LIBC_SCCS was defined. 2002-07-07 11:28:28 +00:00
Chris Costello
05ddd41b23 Move appropriate information out of DESCRIPTION' and into SECURITY
CONSIDERATIONS'.

Sponsored by:	DARPA, NAI Labs
2002-07-03 15:31:47 +00:00
Mark Murray
ccece3d626 Whitespace diffs only; this brings this file into the same whitespace
convention as src/lib/csu/*/crt1.c.

This will make the follow up diffs easier to see and extract.
2002-07-03 14:42:39 +00:00
Chris Costello
00c3b17e1e Correct a call to fcntl(F_SETFD) to use FD_CLOEXEC' instead of 1'. 2002-07-03 08:15:55 +00:00
Chris Costello
32f9f49908 Add a SECURITY CONSIDERATIONS example: make note that access to open
file descriptors does not change upon dropping privilege, and include
a likely case of `setuid(non_superuser); exec(...);'.

Sponsored by:	DARPA, NAI Labs
Obtained from:	TrustedBSD Project
2002-07-03 08:13:25 +00:00
Jonathan Mini
16f33a4885 Fix off-by-one error.
PR:		misc/40104
Submitted by:	Neal Fachan <neal@isilon.com>
MFC after:	3 days
2002-07-03 06:28:04 +00:00
Ruslan Ermilov
93c163325e No need to explicitly set NOMAN here.
Reviewed by:	jmallett
2002-07-03 06:25:28 +00:00
Mark Peek
3aaa96958d Fix typo (SIGEV_EVENT -> SIGEV_KEVENT). 2002-07-02 21:05:08 +00:00
Hajimu UMEMOTO
b0f06def52 Cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).

MFC after:	3 weeks
2002-07-02 11:11:17 +00:00
Hajimu UMEMOTO
f8fa093e82 Cope with 2292bis-01 getaddrinfo (no NI_WITHSCOPEID, always attach
scope identifier).

Approved by:	des
MFC after:	3 weeks
2002-07-02 11:09:02 +00:00
Hajimu UMEMOTO
15e4dafc91 Make NI_WITHSCOPEID a default (always on), to synchronize
with recent 2553bis.

Obtained from:	KAME
MFC after:	3 weeks
2002-07-02 11:05:31 +00:00
Daniel Eischen
c3d580c9a1 Fix a couple of minor nits that prevented this from compiling.
Pointed out by:	julian
2002-07-02 01:26:16 +00:00
Juli Mallett
a7a88ab828 DEBUG is a knob that means something else in FreeBSD, use LIBUFS_DEBUG to
turn on tracing.
2002-07-01 18:20:48 +00:00
Juli Mallett
585e540203 In getino, have our DEBUG message in the unhandled case mention that it
does not know what sort of UFS filesystem this is.

Add some DEBUG(NULL)'s to function entry points.
2002-07-01 18:19:20 +00:00
Chris Costello
de19436f24 Rename CAVEAT' to SECURITY CONSIDERATIONS' and move it up to
the correct location--this section consists solely of security
considerations information.

Sponsored by:	DARPA, NAI Labs
Obtained from:	TrustedBSD Project
2002-07-01 14:41:05 +00:00
Brian Somers
27cc91fbf8 Remove trailing whitespace 2002-07-01 11:19:40 +00:00
Juli Mallett
20938dbf84 Add libufs, a library for dealing with UFS filesystems from userland to
the build.  It is here to compartmentalise functionality currently duplicated
in many notable programs in the base system.  It currently handles block
reads and writes, as well as reading and writing of the filesystem superblock,
and the reading/lookup of inode data.  It supports both UFS and UFS2.  I
will be maintaining it, and porting programs to use it, however for now, it
is simply being built as part of world.
2002-07-01 01:45:03 +00:00
Christian Weisgerber
958a88fbf7 LP64 fix: don't cast pointer to int
Reviewed by:	gallatin, ticso
2002-06-30 23:36:21 +00:00
Julian Elischer
58551c0393 Don't even read in the thread if it is a zombie process. 2002-06-30 20:13:53 +00:00
Julian Elischer
bff4151c28 grow a brain and do this right. 2002-06-30 17:06:46 +00:00
Julian Elischer
6143c38376 Don't follow non existant thread pointers (e.g. for zombies) 2002-06-30 08:11:30 +00:00
David E. O'Brien
3b7de54d68 Use FBSDID 2002-06-30 05:36:49 +00:00
Julian Elischer
e602ba25fd Part 1 of KSE-III
The ability to schedule multiple threads per process
(one one cpu) by making ALL system calls optionally asynchronous.
to come: ia64 and power-pc patches, patches for gdb, test program (in tools)

Reviewed by:	Almost everyone who counts
	(at various times, peter, jhb, matt, alfred, mini, bernd,
	and a cast of thousands)

	NOTE: this is still Beta code, and contains lots of debugging stuff.
	expect slight instability in signals..
2002-06-29 17:26:22 +00:00
Peter Wemm
0c079d8c6f To avoid anybody else getting caught out, these two files are really
in /sys/boot/common and are actually used there.
2002-06-29 09:21:14 +00:00
Peter Wemm
08db6efa75 Update from NetBSD 1.3 -> 1.6. Most notable, rev 1.6:
"Make in_cksum work on little endian machines"

This would explain a few things. :-)
2002-06-29 09:00:47 +00:00
David E. O'Brien
2d39517f33 Use __FBSDID. 2002-06-29 03:23:51 +00:00
David E. O'Brien
45d767fbbe Add frexp(3).
Obtained from:	OpenBSD
2002-06-29 03:23:18 +00:00
Andrey A. Chernov
cc1b8dcb1c Add additional field 'overwrite' to login_vars. It mainly needed to handle
"term" according to manpage, i.e. not overwrite it, if already present in
environment.
2002-06-28 14:45:30 +00:00
Daniel Eischen
88127f1a62 Make sigpending and sigsuspend account for signals that are pending on
the process as well as pending on the current thread.

Reported by:	Andrew MacIntyre <andymac@bullseye.apana.org.au>
2002-06-28 13:28:41 +00:00
Daniel Eischen
b4e1c937c7 Add a wrapper for pselect() in order to make it a cancellation point.
Prompted by: wollman
2002-06-28 13:26:02 +00:00
Luigi Rizzo
9758b77ff1 The new ipfw code.
This code makes use of variable-size kernel representation of rules
(exactly the same concept of BPF instructions, as used in the BSDI's
firewall), which makes firewall operation a lot faster, and the
code more readable and easier to extend and debug.

The interface with the rest of the system is unchanged, as witnessed
by this commit. The only extra kernel files that I am touching
are if_fw.h and ip_dummynet.c, which is quite tied to ipfw. In
userland I only had to touch those programs which manipulate the
internal representation of firewall rules).

The code is almost entirely new (and I believe I have written the
vast majority of those sections which were taken from the former
ip_fw.c), so rather than modifying the old ip_fw.c I decided to
create a new file, sys/netinet/ip_fw2.c .  Same for the user
interface, which is in sbin/ipfw/ipfw2.c (it still compiles to
/sbin/ipfw).  The old files are still there, and will be removed
in due time.

I have not renamed the header file because it would have required
touching a one-line change to a number of kernel files.

In terms of user interface, the new "ipfw" is supposed to accepts
the old syntax for ipfw rules (and produce the same output with
"ipfw show". Only a couple of the old options (out of some 30 of
them) has not been implemented, but they will be soon.

On the other hand, the new code has some very powerful extensions.
First, you can put "or" connectives between match fields (and soon
also between options), and write things like

ipfw add allow ip from { 1.2.3.4/27 or 5.6.7.8/30 } 10-23,25,1024-3000 to any

This should make rulesets slightly more compact (and lines longer!),
by condensing 2 or more of the old rules into single ones.

Also, as an example of how easy the rules can be extended, I have
implemented an 'address set' match pattern, where you can specify
an IP address in a format like this:

        10.20.30.0/26{18,44,33,22,9}

which will match the set of hosts listed in braces belonging to the
subnet 10.20.30.0/26 . The match is done using a bitmap, so it is
essentially a constant time operation requiring a handful of CPU
instructions (and a very small amount of memmory -- for a full /24
subnet, the instruction only consumes 40 bytes).

Again, in this commit I have focused on functionality and tried
to minimize changes to the other parts of the system. Some performance
improvement can be achieved with minor changes to the interface of
ip_fw_chk_t. This will be done later when this code is settled.

The code is meant to compile unmodified on RELENG_4 (once the
PACKET_TAG_* changes have been merged), for this reason
you will see #ifdef __FreeBSD_version in a couple of places.
This should minimize errors when (hopefully soon) it will be time
to do the MFC.
2002-06-27 23:02:18 +00:00
David E. O'Brien
95190a2df6 Add these libs from the 4.6-RELEASE.
libstdc++ was bumped with the switch to Gcc 3.1, and libpam was bumped with
the switch to OpenPAM.
2002-06-27 18:53:50 +00:00
David E. O'Brien
d320e50003 Add these libs from the 4.6-RELEASE.
libstdc++ was bumped with the switch to Gcc 3.1, and libpam was bumped with
the switch to OpenPAM.
2002-06-27 18:44:05 +00:00
Mike Silbersack
11289efd80 Fix style bugs I added in last commit.
Spotted by:	bde
2002-06-27 14:16:21 +00:00
Daniel Eischen
eee80fbd9c Remove pselect from application namespace and instead use a weak reference
to the actual implementation.  This is to allow libc_r to override
pselect() making it a cancellation point.

Prompted by: wollman
2002-06-27 13:23:46 +00:00
Daniel Eischen
53154da089 Remove improper use of <namespace.h>.
Remove fmtcheck from application name space (fix the weak reference).
2002-06-27 13:20:54 +00:00
Daniel Eischen
c40995b36a Remove improper use of <namespace.h> 2002-06-27 13:18:27 +00:00
Mike Silbersack
1228a1c634 Modify bcopy (and memcpy/memmove) so that the length value is not
re-read from the stack mid copy.  This may help mitigate the recent
Apache buffer overrun and future overruns of the sort.

Reviewed by:	jdp
MFC after:	2 days
2002-06-27 03:55:36 +00:00
Warner Losh
ecddb03f1e Remove two lines that were cvs merged that shouldn't have been. This
fixes the build.

Reported by: dillon.
2002-06-26 18:03:31 +00:00
Warner Losh
145ec10619 Remove two stray lines that snuck in the cvs merge 2002-06-26 14:18:36 +00:00
Maxim Sobolev
07a1fb30e3 Backout previous delta (addition of -I${.CURDIR}/../../sys).
Submitted by:	bde
2002-06-26 13:25:23 +00:00
Maxim Sobolev
af244dd67c Add -I${.CURDIR}/../../sys into CFLAGS, which should fix the world broken
by RLIMIT_VMEM addition.
2002-06-26 10:33:10 +00:00
Jacques Vidrine
9a370b24b5 Initialize a pointer that was left uninitialized with the previous
commit.
2002-06-26 08:48:34 +00:00
Warner Losh
d6af58f572 Include more robust checking of end of buffer that more completely
plugs the hole.
2002-06-26 08:18:05 +00:00
Warner Losh
4cbd2472b3 Don't allow buffer overflow here either. 2002-06-26 06:31:06 +00:00
Warner Losh
fda8311189 Fix a minor last, minute issue that came in after I committed.
Noticed by: nectar
2002-06-26 06:23:22 +00:00
Warner Losh
4cf0747073 Avoid remote buffer overflow on hostbuf[].
Submitted by: joost Pol <joost@pine.nl>
2002-06-26 06:04:46 +00:00
Matthew Dillon
b5c7be5728 Add documentation for vmemoryuse 2002-06-26 03:58:31 +00:00
Matthew Dillon
67577126f9 Make libutil aware of vmemoryuse in its login.conf cap processing (aka
sshd, /usr/bin/login, etc)
2002-06-26 03:54:18 +00:00
David E. O'Brien
c02ba8a8d2 WARNS=6'ify.
Style nits.
2002-06-25 18:05:16 +00:00
David E. O'Brien
ad275bd760 Prototype _start.
Submitted by:	markm

Mark some _start formal parameters __unused.
2002-06-25 18:01:12 +00:00
David E. O'Brien
cf99709c16 Update our compat libs to the 4.6-RELEASE level. 2002-06-25 04:59:48 +00:00
David E. O'Brien
05e3d9f7fc Add the [Linux] PAM modules that are still used in RELENG_4, but not -CURRENT.
These are at the 4.6-RELEASE level.

Requested by:	des
2002-06-25 04:55:07 +00:00
David E. O'Brien
7ca89f08b7 Fix a typo. 2002-06-25 04:51:12 +00:00
David E. O'Brien
8dcabf895e Add the [Linux] PAM modules that are still used in RELENG_4, but not -CURRENT.
These are at the 4.6-RELEASE level.

Requested by:	DES
2002-06-25 04:18:45 +00:00
David E. O'Brien
022f3e9092 Update our compat libs to the 4.6-RELEASE level. 2002-06-25 04:11:45 +00:00
Andrew R. Reiter
927c042095 - Remove UM_* memory handling macros as they just obfuscate code. 2002-06-24 22:29:01 +00:00
Maxime Henrion
f6a3055159 Add missing const's. 2002-06-24 13:52:26 +00:00
Dag-Erling Smørgrav
66ffb8a371 Reintroduce debugging code that somehow got lost in a previous revision. 2002-06-24 12:18:41 +00:00
Robert Drehmel
4b571b192a Fix a bug which prevented the duplication of the standard i/o
file descriptors in programs linked with libc_r with flags
other than the default ones.  This kept, inter alia, freopen()
from working correctly when reopening standard streams.

reviewed by:	deischen
PR:		misc/39377
2002-06-23 20:41:30 +00:00
Nick Hibma
074dccd545 Be more clear in error messages.
Distinguish between a held lock and a failed lock op.

If rpc.lockd is not running on a diskless client this makes clearer
what the problem is.
2002-06-23 19:23:46 +00:00
Poul-Henning Kamp
af03a3cbd6 Improve the handling of Encode and Decode operations in MD5.
Use memcpy for all little-endian architectures, sys/kern/md5c.c indicates
this should be safe for all currently supported LE archs.

Change the Encode and Decode functions for other archs to use le32toh()
and htole32() functions instead of explicit byte shuffling.

On sparc64 this gives md5(1) about 8% speed increase.
2002-06-22 12:54:11 +00:00
Dag-Erling Smørgrav
a7a4510fd8 Fix incorrect library ordering. I thought I'd committed this already... 2002-06-21 09:56:38 +00:00
Kirk McKusick
1c85e6a35d This commit adds basic support for the UFS2 filesystem. The UFS2
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.

Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.

Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).

Sponsored by: DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@freebsd.org>
2002-06-21 06:18:05 +00:00
Bill Fenner
87d7b72262 Update for libpcap 0.7.1 2002-06-21 01:35:37 +00:00
Dag-Erling Smørgrav
f8bd33a0ae Don't try to dereference conn when we know it's NULL. 2002-06-19 08:36:00 +00:00
Chris Costello
1b5c321d3f Fix style and wording bugs introduced in my last commit.
Sponsored by:	DARPA, NAI Labs
2002-06-18 08:55:17 +00:00
Jake Burkholder
dbf51f8db4 Remove unneeded include of machine/emul.h. 2002-06-18 02:15:11 +00:00
Bruce Evans
3e2ec6ea88 e_pow.c:
Fixed pow(x, y) when x is very close to -1.0 and y is a very large odd
integer.  E.g., pow(-1.0 - pow(2.0, -52.0), 1.0 + pow(2.0, 52.0)) was
0.0 instead of being very close to -exp(1.0).

PR:		39236
Submitted by:	Stephen L Moshier <steve@moshier.net>

e_powf.c:
Apply the same patch although it is just cosmetic because odd integers
large enough to cause the problem are too large to be precisely represented
as floats.

MFC after:	1 week
2002-06-17 15:28:59 +00:00
Garrett Wollman
50d0eead10 Actually document pselect(3) so that Bruce can mention it in the release
notes. :-)
2002-06-17 02:21:17 +00:00
Garrett Wollman
8466ae9033 Move dillon's time conversion functions to a new header <timeconv.h>.
Since they were never documented and have never appeared in a FreeBSD
release, no repo-copy of the header is done.  This removes namespace
pollution from <time.h>.
2002-06-17 01:42:33 +00:00
Matthew N. Dodd
2b13992856 Restore local bits lost in recent merge from NetBSD. 2002-06-16 08:29:35 +00:00
Garrett Wollman
7d0f66cbc3 Add pselect(3) to the build. Need to figure out the most appropriate
way to document this interface.
2002-06-15 23:42:59 +00:00
Chris Costello
5f9c048ce7 o Move more information from BUGS into SECURITY CONSIDERATIONS and
condense the redundant bits.
o Provide an example for using snprintf over sprintf.  This may be
  supplemented with an asprintf() example soon.

Sponsored by:	DARPA, NAI Labs
2002-06-15 06:00:56 +00:00
Robert Watson
4a85ccbe6d Missed in earlier commit -- I did cvs commit src/lib/libc. Oops. 2002-06-14 04:02:25 +00:00
Robert Watson
820a52632e No POSIX.1e capabilities in the main tree yet. 2002-06-13 23:40:13 +00:00
Chris Costello
7bc7869122 Include information on the dangers of passing a user-supplied string as
a format string.  This will later on be changed to a reference to the
FreeBSD Security Architecture after it has been committed.

PR:		docs/39320
Sposnored by:	DARPA, NAI Labs
2002-06-13 23:35:22 +00:00
Brian Somers
628e6cd45f Add the following functions:
rad_request_authenticator()
    Returns the Request-Authenticator relevant to the most recently received
    RADIUS response.

  rad_server_secret()
    Returns the Shared Secret relevant to the most recently received
    RADIUS response.

Neither of these functions should be necessary, however, the
MS-MPPE-Recv-Key and MS-MPPE-Send-Key Microsoft Vendor Specific
attributes are supplied in a mangled (encrypted) format, requiring
this information to demangle.

It's not clear whether these functions should be replaced with a
rad_demangle() function or whether these attributes are one-offs.

Sponsored by: Monzoon
2002-06-12 00:21:07 +00:00
Dag-Erling Smørgrav
f606d589b9 Add a reference count to struct fetchconn so we don't prematurely close and
free a cached FTP connection.
2002-06-11 11:27:28 +00:00
Hajimu UMEMOTO
82684fa6da Return HOSTNAME_INVALIDADDR when reverse lookup is fail.
Submitted by:	Sergey Zorin <sergey@cc.tpu.edu.ru>
2002-06-07 17:25:19 +00:00
Giorgos Keramidas
f2572d955f Clarify the bit about realloc() and its `ptr' argument a bit.
Hopefully, now it is more clear that the memory referenced by the
ptr argument of realloc(ptr,size) is freed and only the return value
of realloc() points to a valid memory area upon successful completion.

Submitted by:	Martin Faxer <gmh003532@brfmasthugget.se>
2002-06-06 22:11:19 +00:00
Ruslan Ermilov
c101b5f3f3 Tidy up. 2002-06-06 13:55:01 +00:00
Ruslan Ermilov
4093807dd9 libfetch now depends on libcrypto and libssl. 2002-06-06 13:45:46 +00:00
Sheldon Hearn
68f8e47a04 Correct FreeBSD release of first appearance in the HISTORY section
(5.0 -> 4.6).
2002-06-06 10:51:25 +00:00
Dag-Erling Smørgrav
3070f6cb06 Make SSL support conditional on NOCRYPT. 2002-06-05 21:35:35 +00:00
Dag-Erling Smørgrav
d9615d7da4 During buildworld, "regular" libraries are built before crypto stuff, so
libfetch can't depend on lib{crypto,ssl}.  Move the dependency to fetch
until we can figure out how to fix this.
2002-06-05 21:25:33 +00:00
Dag-Erling Smørgrav
111e251009 Add SSL support + slight cleanup.
Submitted by:	Henry Whincup <henry@techiebod.com> (in principle)
2002-06-05 12:46:36 +00:00
Dag-Erling Smørgrav
9601e333a8 Wrap everything in struct connection, and enforce timeouts everywhere
(except for DNS operations).  Always use funopen() for HTTP, to support
both timeouts and SSL.
2002-06-05 12:19:08 +00:00
Dag-Erling Smørgrav
4dc0da3f3e Add the necessary dependencies for SSL. 2002-06-05 11:38:19 +00:00
Dag-Erling Smørgrav
ccdd94bdd9 Rename struct cookie to struct httpio to avoid confusion (it's not an HTTP
cookie) and increase symmetry with equivalent FTP code.
2002-06-05 10:31:01 +00:00
Dag-Erling Smørgrav
d3b03a9006 Add comments to struct cookie. 2002-06-05 10:27:24 +00:00
Dag-Erling Smørgrav
3f4823c55d Fix a bug I introduced in the chunk decoder in the previous commit.. 2002-06-05 10:23:19 +00:00
Dag-Erling Smørgrav
dea29ca1d5 First step towards SSL support: wrap connections in a 'struct connection'
which contains the socket descriptor, the input buffer and (yet unused)
SSL state variables.  This has the neat side effect of greatly improving
reentrance (though we're not *quite* there yet) and opening the door to
HTTP connection caching.

This commit is inspired by email conversations with and patches from
Henry Whincup <henry@techiebod.com> last fall.
2002-06-05 10:05:03 +00:00
Jake Burkholder
3671cacae1 Implement _Qp_sqrt. I've been unable to find a C program that gcc generates
a call to this for, but apparently somehing in libstdc++ does.
2002-06-04 17:02:27 +00:00
Maxim Sobolev
70225aabb7 Correct bswap64() prototype.
Submitted by:	glewis
MFC after:	1 day
		(assuming that there is re's approval)
2002-06-03 19:04:10 +00:00
Jens Schweikhardt
21dc7d4f57 Fix typo in the BSD copyright: s/withough/without/
Spotted and suggested by:	des
MFC after:	3 weeks
2002-06-02 20:05:59 +00:00
Andrey A. Chernov
c9e2508f62 Add NCURSES_OSPEED replace command to MANFILTER 2002-06-02 16:11:57 +00:00
Jens Schweikhardt
27cf01ec47 Correct a bunch of typos. Translators can ignore this commit.
MFC after:	3 weeks
2002-06-02 10:27:41 +00:00
Jens Schweikhardt
81c4f30f7f Remove a URL from the middle of the BSD copyright (a clicko? a pasto?).
Fix typos:
s/evironment/environment
s/cont/const
s/_lonjmp/_longjmp

MFC after:  3 weeks
2002-06-02 10:05:55 +00:00
Mike Barcroft
9c85a5ca25 Add mdoc bits for the new waitpid() WCONTINUED option, and
WIFCONTINUED macro.
2002-06-01 18:38:58 +00:00
Archie Cobbs
c05b5b0453 Grammar nit: treat "contents" as plural. 2002-05-31 22:26:19 +00:00
Ruslan Ermilov
8c5fbbf993 Fixed modes. 2002-05-31 13:20:01 +00:00
Archie Cobbs
6accdce98b Grammar fix: "contents" is plural.
MFC after:	1 day
2002-05-31 05:01:17 +00:00
Poul-Henning Kamp
ff84d98ac2 Const poison.
Partially submitted by:	wollman
2002-05-30 21:59:16 +00:00
Garrett Wollman
a96d3de6b3 Fix syntax errors (labels with no statement following). 2002-05-30 21:03:02 +00:00
Garrett Wollman
d7c98975c5 Use correct printf format specifier to print unsigned longs. 2002-05-30 21:00:42 +00:00
Garrett Wollman
c7c5d95d56 Avoid unintentional trigraph. 2002-05-30 20:53:45 +00:00
Garrett Wollman
42959a87a7 Add missing newline at end of file. 2002-05-30 20:51:53 +00:00
Dag-Erling Smørgrav
eb6f605e2f Missed one in previous commit.
Pointed out by:	nectar
2002-05-30 20:48:59 +00:00
Garrett Wollman
5685a7738f Add used include of <string.h>. 2002-05-30 19:38:07 +00:00
David E. O'Brien
e9217a0b8a Add libusb.so.0 from the FreeBSD services 4.5 DVD. libusb is now known as
libusbhid in RELENG_4.

Requested by:	joe
2002-05-30 18:51:03 +00:00
David E. O'Brien
686bea03e9 Add libusb.so.0 from the FreeBSD services 4.5 DVD. libusb is now known as
libusbhid in RELENG_4.

Requested by:	joe
2002-05-30 17:58:49 +00:00
Ruslan Ermilov
6a63652701 mdoc(7) police: kill whitespace at EOL. 2002-05-30 14:52:00 +00:00
Ruslan Ermilov
5617846748 mdoc(7) police: polish markup. 2002-05-30 14:49:57 +00:00
Ruslan Ermilov
9baa2c98cf mdoc(7) police: tidy up the markup. 2002-05-30 14:32:48 +00:00
Ruslan Ermilov
af41ab4c8d mdoc(7) police: Tidy up the markup. 2002-05-30 12:16:01 +00:00
Ruslan Ermilov
6c3079ad7f mdoc(7) police: kill hard sentence break. 2002-05-30 12:04:36 +00:00
Ruslan Ermilov
432e57ebfa mdoc(7) police: markup nits. 2002-05-30 09:53:47 +00:00