VBLK vnodes isn't adequate since all NFS nodes aren't locked, either. The
result is a race condition that would lead to duplicate buffers at the
same block offset.
Submitted by: John Dyson
-S domainname,server1,server2,server3,...
The -S flag allows the system administrator to lock ypbind to a
particular domain and group of NIS servers. Up to ten servers can
be specified. There must not be any spaces between the commas in
the domain/server specification. This option is used to insure that
that the system binds only to one domain and only to one of the
specified servers, which is useful for systems that are both NIS
servers and NIS clients: it provides a way to restrict what ma-
chines the system can bind to without the need for specifying the
-ypset or -ypsetme options, which are often considered to be secu-
rity holes. The specified servers must have valid entries in the
local /etc/hosts file. IP addresses may be specified in place of
hostnames. If ypbind can't make sense ouf of the arguments, it will
ignore the -S flag and continue running normally.
Note that ypbind will consider the domainname specified with the -S
flag to be the system default domain.
(According to what Garrett showed me, OSF/1 actually only allows 4 servers
to be specified. Ten seemed to be a bit more reasonable to me.)
Suggested by: G. Wollman
Idea lifted from: OSF/1
Add nis_ypsetflags sysconfig entry and appropriate code in rc to call
ypset if needed. Should probably automatically add `-ypsetme' to ypbind
flags if this is set.
not specified (default case).
Use _PATH_* for utmp/wtmp.
Support for >32 PTYs.
>Submitted by: Heikki Suonsivu <hsu@cs.hut.fi>
Plug already known security hole. (Brought over from 1.1.5):
Fixed security problem with telnetd, which allowed
telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.
>Reviewed by: karl, guido
>Submitted by: mrgreen@mame.mu.oz.au
Obtained from: FreeBSD insecure telnetd
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.
Submitted by: Charles Henrich
Obtained from: FreeBSD insecure telnetd
In ypserv:
yp_svc.c:
- small signal handler tweak (hopefully the last): just use sigemptyset()
to clear sa_mask.
Makefile.yp:
- Let the user specify the location of master.passwd when updating
maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing
the file to change the location of master.passwd still works. This
is mostly to let yppassswdd specify the name of the master.passwd
file itself.
In yppasswdd:
yppasswdd.c:
- Roll in some minor changes (mostly casts) from Olaf Kirch's latest
yppasswd package release (version 0.7).
- Use daemon() instead of doing all the deamonizing gruntwork ourselves.
- Call pw_init() after daemonizing ourselves. pw_init() sets up some
resource limits and blocks some signals for us. We used to do this before
every password change, but there's really no point in calling it more
than once during the life of the program.
- Change install_reaper() so that we can use it to de-install the SIGCHLD
handler if we need to (and we do in pw_mkdb() -- this is what I get for
splicing code from two different programs together).
- Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is
decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an
array of longs, not an int.)
update.c:
- Roll in change from new version (check that we're not modifying an NIS
entry in validate_args()).
- Get rid of call to pw_init() (moved to yppasswdd.c).
- Check return values from pw_util routines and return error status to
yppasswd clients if there's a problem.
- Straighten out password file copying mechanism a little. Keep a grip
on the original password file rather than summarily overwriting it so
that we can restore everything if we fail to fork() a process to update
the NIS maps.
- Pass the name of the password template file (specified with -m or
/etc/master.passwd by default) to the yppwupdate script, which in
turn should now pass it to /var/yp/Makefile.
pw_util.c:
- Nuke the pw_edit() and pw_prompt() functions -- we don't need them.
- Change all warn()s, warnx()s and err()s to syslog()s.
- Make sure we return error status to caller rather than bailing out
in pw_lock() and pw_tmp().
- Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent
yppasswdd from being shut down cleanly).
- Don't let pw_error() exit. (This stuff was stolen from chpass and vipw
which are interactive programs; it's okay to let pw_error() bail out
for these programs, but not in a daemon like yppasswdd).
- Fix signal handling in pw_mkdb (we need to temporarily de-install the
SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves).
pw_copy.c:
- Change all warn()s, warnx()s and err()s to syslog()s.
- Add a bunch of returns() and make pw_copy() return and int ( 0 on success,
-1 on failure) so that update.c can flag errors properly.
- Return -1 after calling pw_error() to signal failures rather than
relying on pw_error() to bail out.
- Abort copying if we discover that we've been asked to change an entry
for a user that exists in the NIS passwd maps but not in the master.passwd
template file. This can happen if the passwd maps and the template file
fall out of sync with each other (or if somebody tries to spoof
us). The old behavior was to create add the entry to the password file,
which yppasswdd should not do under any circumstances.
Makefile:
- update VERSION to 0.7
yppasswdd.8:
- fix typo (forgot a carriage return somewhere)
- remove bogus reference to pwunconv(8) which FreeBSD doesn't have.
- bump version from 0.5 to 0.7
- Reflect changes in password file handling.
yppwupdate:
- Log map rebuilds to /var/yp/ypupdate.log.
- Pass the name of the template password file to /var/yp/Makefile as
$MASTER_PASSWD.
a gethostbyname() on it. That can take a long time... (especially
if the reason the IP address is in there in the first place is because
login/rlogind/telnetd couldn't find it either....)
This patch reduces the gethostbyaddr lookup time to 2 seconds, the idea being
that if the local nameserver knows the answer, it'll answer within that time,
otherwise we dont care... :-)
This change doesn't do anything about whether or not w should do this in the
first place, but at least it will make the current behavior less painful.
Reviewed by: David Greenman
This is performed by using a line similar to:
controller scbus0 at ahc0 bus 1
to wire scbus0 to the second bus on an adaptec 2742T controller.
Reviewed by: Peter Dufault(dufault@hda.com), Rod Grimes(rgrimes@FreeBSD.org)
buses on multi-bus controllers. Currently only affects the 274xT controllers.
Reviewed by: Peter Dufault(dufault@hda.com), Rod Grimes(rgrimes@FreeBSD.org)
is writeable (by the real uid). if it is, lpr assumes that the file
can be unlinked. lpr does not check for directories with S_ISVTX set
Reviewed by: dima
the comment before checking for long lines, so there was a possibility
that the wrap-around might be used as an exploitable hostname.
Reviewed by:
Submitted by:
Obtained from:
emul code when compiling with "options KTRACE".
ktrsyscall() was expecting an array of integers, this was passing the
address of a structure containing an array of integers..
The cosmetic problem was that it was calling the "enter syscall"
trace hook twice - this looks like a cut/paste error/typo.
Submitted by: Andrew McRae <andrew@mega.com.au>
Some initial commits from the pcmcia stuff, to make life easier for the
testers.
We will use the name "pccard" since that is really the buzzword at present.
notebooks where a powerfail condition (external power drop; battery
state low) is signalled by an NMI. Makes it beep instead of panicing.
Reviewed by: davidg