and enforce this in the code. Apparently a lot of users mistakenly
combine -a with these flags and are then mystified that no changes
were made.
While I'm here, fix a trailing space in mergemaster.8
pmc_flush_logfile is now non-blocking and just ask the kernel
to shutdown the file. From that point, no more data is
accepted by the log thread and when the last buffer is flushed
the file is closed.
This will remove a deadlock between pmcstat asking for
flush while it cannot flush the pipe itself.
MFC after: 3 days
- no display on serial terminal in top mode.
- display alignment for continuation string.
- correct invalid value used for display limit.
MFC after: 3 days
uid_t and gid_t are unsigned. While initializing them to -1 and later
checking against -1 to see if they are still at their default usually
works, introduce two new flags and stop the inband signalling.
Approved by: ed (co-mentor)
The Makefiles are leftovers from the copies and should live in usr.sbin/zic/*
From usr.sbin/zic:
The sources are from a vendor contributed source, therefore should
live in contrib/tzcode/zic.
du(1), cp(1) etc, to prevent the crossing of mountpoints whilst using the
commands recursively.
PR: bin/130855
Submitted by: keramida
MFC after: 1 month
mpt(4) controller. Previously, the code assumed that multiple match
patterns provided to an XPT_DEV_MATCH request were ANDed together.
Instead, they are ORed. Instead, to match peripherals for a specific bus,
one query needs to be performed to lookup the path ID of the bus. A second
query can then be performed matching peripherals attached to that path.
This approach also makes the code a bit cleaner as the returned match
results do not mix bus and perphierals.
Reported by: several folks
MFC after: 1 week
present. mpt(4) controllers that do not support RAID do not have an IOC6
page, for example.
- Correct a check for a missing page error in a debug function.
MFC after: 1 week
- Kcachegrind (calltree) support with assembly/source
code mapping and call count estimator (-F).
- Top mode for calltree and callgraph plugin (-T).
MFC after: 1 month
interfaces (such as when you are part of a carp pool), and you run
rpcbind -h to restrict which interfaces have rpc services, rpcbind can
none-the-less return addresses that aren't in the -h list. This patch
enforces the rule that when you specify -h on the command line, then
services returned from rpcbind must be to one of the addresses listed
in -h, or be a loopback address (since localhost is implicit when
running -h).
The root cause of this is the assumption in addrmerge that there can
be only one interface that matches a given network IP address. This
turns out not to be the case. To retain historical behavior, I didn't
try to fix the routine to prefer the address that the request came
into, since I didn't know the side effects that might cause in the
normal case. My quick analysis suggests that it wouldn't be a
problem, but since this code is tricky I opted for the more
conservative patch of only restricting the reply when -h is in effect.
Hence, this change will have no effect when you are running rpcbind
without -h.
Reviewed by: alfred@
Sponsored by: iX Systems
MFC after: 2 weeks
due to careful design. We've not yet figured out how to properly
annotate the sockaddr structs to communicate this to the compiler and
there's a number of constructs in the tree that make this annotation
challenging.
As such, reduce warns to 3 here because this code really isn't warns 6
safe, even if it kinda sorta appears to be on intel (which has no such
alignment restrictions). Warns 4 adds the -Wcast-align warning.
# fixes the mips tinderbox build
interface specifier on the command line can be ommited.
Besides of this, the bpf is being reused for each machine
that has to be woken up.
Submitted by: Marc Balmer <marc@msys.ch>
Some Exchange systems wrap lines over 75 characters long while converting
messages to quoted-printable, preventing ctm_rmail from reassembling
emailed deltas. For a negligible loss of encoding efficiency, this change
allows ctm deltas to once more pass through Exchange undamaged.
longer than the length of the current attribute if the buffer were reused
and previously longer, so bits of the previous, longer attribute would be
written. Fix this by using the actual attribute length.
which stops to proceed further, as it is possible that processes which
fails to create PID file get screwed by rotation.
Requested by: stas
MFC after: 2 weeks
X-MFC with: r200806
whether to use source address selection (default) or the primary
jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP
jails to multi-IP jails but not having to change firewall rules,
application ACLs, ... but to force their connections (unless
otherwise changed) to the primry jail IP they had been used for
years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to
scope violations, which single-IPv6 jails could as well, as by the
design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part)
Pointed out by: hrs [1]
MFC After: 2 weeks
Asked for by: Jase Thew (bazerka beardz.net)
While there, fix a bug I introduced previously. We must reopen the
database for each username passed on the command line. We must rewind
the database and search from the beginning.
Similar to last(1), it must compare ut_id's instead of TTYs to determine
whether a session has been terminated. It must also use ut_type to
determine the type of the login record instead figuring it out by
itself.
A nice thing about utmpx is that it makes it very easy to log sessions
that don't use TTYs. This is because the file is not indexed by TTY
slots anymore.
Silence from: brian
from standard 3G wireless units by supplying a raw IP/IPv6 endpoint rather than
using PPP over serial. uhsoctl(1) is used to initiate and close the WAN
connection.
Obtained from: Fredrik Lindberg <fli@shapeshifter.se>
Update delete_temproot() to include the error message if it fails,
and clean up the places where it's called.
If there are no files left in temproot when the comparison is done
delete it without prompting. This should make "automated" runs of
mergemaster without -a a little easier.
Document the new behavior in the man page.
Std 1003.1-2008. Both Linux and Solaris conforms to the new definitions,
so we better follow too (older glibc used old BSDish alphasort prototype
and corresponding type of the comparision function for scandir). While
there, change the definitions of the functions to ANSI C and fix several
style issues nearby.
Remove requirement for "sys/types.h" include for functions from manpage.
POSIX also requires that alphasort(3) sorts as if strcoll(3) was used,
but leave the strcmp(3) call in the function for now.
Adapt in-tree callers of scandir(3) to new declaration. The fact that
select_sections() from catman(1) could modify supplied struct dirent is
a bug.
PR: standards/142255
MFC after: 2 weeks
Even though it builds with WARNS=2, some users link sendmail from the
base system against SASL. This doesn't build in this case.
Reported by: Andrzej Tobola <ato iem pw edu pl>
an "rc file only" option by design.
While I'm here, update the comments in the example rc file to indicate
which command line options they relate to, and correct the defaults
for a couple of options.
1. Don't prompt the user for "-U but no db" error if we're using -a
2. Add an option to delete stale rc.d files automatically if the user
has DELETE_STALE_RC_FILES in their rc file. Lack of command line option
for this is not an oversight.
3. Add []'s around the terminal $ for the $FreeBSD$ test for -F
For one bug raised by jhb I did a more thorough solution:
There were a lot of things that "snuck in" between the end of the test
for -r and the start of the comparison. One of them is the creation of
the mtree db, as pointed out by jhb. Fix this problem more thoroughly
by moving the end of the test down to where it should/used to be, right
before the comparison. As a result, indent the interloping code to match.
IFF_POINTOPOINT link types. The reason was due to the routing
entry returned from the kernel covering the remote end is of an
interface type that does not support ARP. This patch fixes this
problem by providing a hint to the kernel routing code, which
indicates the prefix route instead of the PPP host route should
be returned to the caller. Since a host route to the local end
point is also added into the routing table, and there could be
multiple such instantiations due to multiple PPP links can be
created with the same local end IP address, this patch also fixes
the loopback route installation failure problem observed prior to
this patch. The reference count of loopback route to local end would
be either incremented or decremented. The first instantiation would
create the entry and the last removal would delete the route entry.
MFC after: 5 days
I was considering committing all these patches one by one, but as
discussed with brooks@, there is no need to do this. If we ever
need/want to merge these changes back, it is still possible to do this
per application.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month
I am not planning on providing a mechanism tot stat() the database files
directly. The disadvantage of this, is that rwhod will now be a little
bit more heavy than it used to be. It normally used to fstat() the file
descriptor to see whether the file had changed, but this is now
impossible to implement, meaning we have to parse the entire utmp file
each 180 seconds.
This is probably not an issue on modern 16-way servers, but if it turns
out to be a problem, we'll think of something.
- Only set the fields in the ulog_utmpx structure that are valid for the
command in question. This means that strings like "shutdown" or "~"
are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
the `antique' filename. If we ever get rid of utmp, it makes little
sense calling it by its old name.
The utmp code in systime.c is not enabled, so including <utmp.h> has no
effect in our setup. This makes it a little easier for me to migrate to
<utmpx.h>.
Approved by: roberto
to proceed anyway as this most likely mean that the process has been
terminated.
PR: bin/140397
Submitted by: Dan Lukes <dan obluda cz>
MFC after: 1 month
Its primary purpose is to start and stop services provided by
the rc.d scripts, however it can also be used to list the scripts
using various criteria.
and /.profile. The problem is that install(1) will unlink the old file
before it installs the new one, which means that in the best case we
have to compare the changes for the old file twice.
So, change the logic to first test to see if the link exists, then
install the file. Then if the link was there and we're using -i, just
create the link in /root and be done with it. Otherwise display the
message to the user and give them the option.
Because we are now sorting things before doing the comparison we can
know conclusively that the files in / should be the sources, and the
files in /root will be the targets, so adjust the paths accordingly.
While I'm here, split a too-long error message into two lines and
just return at the end of handling these files instead of setting
the variable that says "do nothing" and then returning at the end
of the function anyway.
when "-P port" is specified. It invoked svc{tcp,udp}_create()
for only one of the two allocated sockets, and prevented the
TCP socket from binding to as the result.
- Use TI-RPC functions and handle sockets in a
transport-independent way. At this moment only AF_INET ("udp"
and "tcp") is supported because others need rewrites of ACL
handling and yp clients.
- Add '-h addr' to specify addresses to bind to.
- Convert _msgout() to use variable argument lists and remove
asprintf() for error strings.
- Remove register storage class specifier.
Discussed with: kuriyama
MFC after: 1 week
to something else. So add code to detect when things don't match and
give the user choices about how to fix it.
If we're using -P and something in the above check needs to be moved
we need to have the directory there for it, so create it at the
beginning and delete empty versions of it at the end.
The case where something used to be a file or link and now is supposed
to be a directory (e.g., /etc/security) is especially dangerous, so
make failure to install a necessary directory in $DESTDIR a fatal error.
MAXLOGNAME seems more applicable in this case, because UT_NAMESIZE
refers to the username field in utmp files, which is clearly unrelated
to repquota(8).
The size of the username record in utmp files should not influence the
maximum username length. Right now ut_user/ut_name is big enough, so in
this case it's dead code anyway.
protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]
Approved by: so (cperciva)
Security: FreeBSD-SA-09:15.ssl
Security: FreeBSD-SA-09:16.rtld
Security: FreeBSD-SA-09:17.freebsd-udpate
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month
Right now syscons(4) uses a cons25-style terminal emulator. The
disadvantages of that are:
- Little compatibility with embedded devices with serial interfaces.
- Bad bandwidth efficiency, mainly because of the lack of scrolling
regions.
- A very hard transition path to support for modern character sets like
UTF-8.
Our terminal emulation library, libteken, has been supporting
xterm-style terminal emulation for months, so flip the switch and make
everyone use an xterm-style console driver.
I still have to enable this on i386. Right now pc98 and i386 share the
same /etc/ttys file. I'm not going to switch pc98, because it uses its
own Kanji-capable cons25 emulator.
IMPORTANT: What to do if things go wrong (i.e. graphical artifacts):
- Run the application inside script(1), try to reduce the problem and
send me the log file.
- In the mean time, you can run `vidcontrol -T cons25' and `export
TERM=cons25' so you can run applications the same way you did before.
You can also build your kernel with `options TEKEN_CONS25' to make all
virtual terminals use the cons25 emulator by default.
Discussed on: current@
This will make it more easy for people to experiment with TERM=xterm.
Instead of echoing these strange escape sequences, I can just instruct
them to run `vidcontrol -T xterm'.
offer to install an SMP kernel. The way this worked was: on supported
platforms, code to read ACPI tables and BIOS MP tables was compiled into
sysinstall, and if an SMP kernel config was present in the source tree when
sysinstall was built, code that called it was also compiled. Since we
haven't had SMP kernel configs in years, the latter was never compiled and
the former never ran.
This only removes dead and unreachable code; it does *not* remove the NCpus
variable, nor the code that sets it to 1, nor the code that asks the user to
select a kernel from a list.
Discussed with: re@, randi@ and others
Just take keyent_t to use an u_int to store the Unicode codepoints.
Unfortunately the keymap is now too big to be loaded using an ioctl
argument, so change the ioctl to pick a pointer.
This change breaks kbdcontrol ABI. It doesn't break X11, because X11
doesn't do anything with syscons keymaps. It just switches the device
out of K_XLATE.
Obtained from: //depot/user/ed/newcons/...
automatic link-local address configuration:
- Convert a sysctl net.inet6.ip6.accept_rtadv to one for the
default value of a per-IF flag ND6_IFF_ACCEPT_RTADV, not a
global knob. The default value of the sysctl is 0.
- Add a new per-IF flag ND6_IFF_AUTO_LINKLOCAL and convert a
sysctl net.inet6.ip6.auto_linklocal to one for its default
value. The default value of the sysctl is 1.
- Make ND6_IFF_IFDISABLED more robust. It can be used to disable
IPv6 functionality of an interface now.
- Receiving RA is allowed if ip6_forwarding==0 *and*
ND6_IFF_ACCEPT_RTADV is set on that interface. The former
condition will be revisited later to support a "host + router" box
like IPv6 CPE router. The current behavior is compatible with
the older releases of FreeBSD.
- The ifconfig(8) now supports these ND6 flags as well as "nud",
"prefer_source", and "disabled" in ndp(8). The ndp(8) now
supports "auto_linklocal".
Discussed with: bz and jinmei
Reviewed by: bz
MFC after: 3 days
Rather than writing out a MID of '0', write a MID of 0x86 (aka
MID_I386) so that file gets it right.
This is a nop for boot2. It just checks the MAGIC part of the field,
ignoring the MID. boot2 is the only thing that loads this file, and
only on x86 so the MID_i386 is always the right value (the rest of the
code is already x86 specific).
Reviewed by: bde@, jhb@
MFC after: 8.0 is out the door :)
sizeof(), as introduced in r186119, for advancing the current
position into the buffer.
See comment in net/route.h for a description of the difference.
This makes ndp -s work again.
Reviewed by: qingli
X-MFC after: now
MFV of tzcode2009k
zic.c:
Do not end a binary file with a POSIX-style time zone string
for locations that end up in permanent DST (thanks to Andreas
Schwab).
for table layouts, etc. rather than homerolling our own structures and
constants in acpidump.h.
- Verify the extended checksum on the RSDP.
- Handle new ACPI 3.0 fields in MADT including X2APIC entries and
UIDs for local SAPICs.
- Add handling for new ACPI 3.0 flags in the FADT.
Reviewed by: jkim
MFC after: 1 month
create stdin and stdout, don't blindly try to use stdin as a bi-directional
channel. Instead, detect the pipe and set up a special exec handler
that indirects write() calls through stdout.
This fixes the problem where ``set device "!ssh -e none host ppp
-direct label"'' no longer works with an openssh-5.2 server side as
that version of openssh ignores the USE_PIPES config setting and
*always* uses pipes (rather than socketpair) for stdin/stdout channels.
MFC after: 3 days
In preparation for Unicode support for the keyboard layer, we'd better
get rid of all the hardcoded 0x100/0xff constants in kbdcontrol.
Instead, add a flag called SPECIAL stored in the top bit of the integer.
Adding Unicode support is very simple now; just change u_char map[] to
u_int map[] in keyent_t, change the bounds checking in kbdcontrol to
0x1FFFFF and modify the ioctls to allow loading these new keymaps.
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.
Tested by: IHANet folks.
for it's unix domain socket. Before this change wpa_cli would take
the first file in the directory that was not "." or "..".
Submitted by: Brandon Gooch <jamesbrandongooch@gmail.com>
MFC after: 3 days
using freebsd-update. This applies to using freebsd-update in "upgrade
mode" and normal freebsd-update on a security branch.
The backup kernel will be written to /boot/kernel.old, if the directory
does not exist, or the directory was created by freebsd-update in a
previous backup. Otherwise freebsd-update will generate a new directory
name for use by the backup. By default symbol files are not backed up
to save diskspace and avoid filling up the root partition.
This feature is fully configurable in the freebsd-update config file,
but defaults to enabled.
MFC after: 1 week (stable/7)
Reviewed by: cperciva
Approved by: re (kib)
device in non-interactive mode.
If there are no USB devices, sysinstall gives an error messages, and if there
is >1, it'll ask which one is to be used. This change allows a non-interactive
install from USB media to succeed without any user interaction if there is
exactly one USB disk device in the system it can use.
Submitted by: Daniel O'Connor < doconnorat gsoft dot com dot au >
Reviewed by: randi
Approved by: re (rwatson)
The columns for tty input and output may bump against each other
if the tty output needs more than 5 columns. Add a bit of space
that pushes everything 1 column to the right, but also avoids the
problem.
Approved by: re (rwatson)
by introducing the new CONVERT_BLOCKS macro which operates on
sizes already converted to number of blocks. With this macro
it is not longer needed to perform needless multiplication by
blocksize just to divide on it later in CONVERT macro.
Approved by: re (kib)
MFC after: 1 week
"SATA disk device" reflects the current state of /dev/ada*; this may be
changed in the future if other drive types start appearing as /dev/ada*.
Submitted by: randi
Details about what disks can appear as /dev/ada* supplied by: scottl
Approved by: re (rwatson)
Drive and controller status can be reported, basic attributes changed,
and arrays and spares can be created and deleted.
Approved by: re
Obtained from: Yahoo! Inc.
controllers. Controller, array, and drive status can be checked, basic
attributes can be changed, and arrays and spares can be created and deleted.
Controller firmware can also be flashed.
This does not replace MegaCLI, found in ports, as that is officially sanctioned
and supported by LSI and includes vastly more functionality. However, mfiutil
is open source and guaranteed to provide basic functionality, which can be
especially useful if you have a problem and can't get MegaCLI to work.
Approved by: re
Obtained from: Yahoo! Inc.
the mkver which is used in builds is the one in usr.sbin/ntp/scripts,
not the one in contrib/ntp/scripts.
Pointy hat to: cperciva
Approved by: re (rwatson)
parameter unless a (numeric) IPv6 address is given. Even the default
binaries built with -DINET6 will work with IPv6-less kernels. With an
eye to the future, similarly handle the possibility of an IPv4-less kernel.
Approved by: re (kib), bz (mentor)
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.
Approved by: re (kib), bz (mentor)
Discussed with: rwatson
to 'Expert Mode', to make it less confusing to new users, to whom
a 'wizard' is a set of simple dialogs with the 'next >>>' button.
Approved by: re (kensmith)
both the disk partitioning screen (the 'F' key) and via install.cfg (the
VAR_DEDICATED_DISK option). This functionality is currently broken in 8.x
due to libdisk and geom generating different partition names; this commit
merely acts to help steer users away from the breakage.
Submitted by: randi
Approved by: re (kensmith)
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib
Approved by: re (rwatson)
While doing so, improve style and reword some comments.
This should not result in any functional changes, but the fixit_livefs_common
function will be used by future code.
Submitted by: randi
Approved by: re (kensmith)
adjusting the clock to UTC.
That avoids to write on /etc/wall_cmos_clock which is useful in some
cases (example: host user in a jail).
Sponsored by: Sandvine Incorporated
Initially submitted by: Matt Koivisto <mkoivisto at sandvine dot com>
Approved by: re (kib)
always started from the start of the packet.
- Fix usage string (multiple addresses can be specified).
- Make the source more style(9) compliant.
- Improve error reporting (do not silently fail if something goes
wrong).
- Make functions static.
- Use warns level 6.
Approved by: re (kib)
Discussed with: Marc Balmer <marc@msys.ch>, brian, mbr
Submitted by: Marc Balmer <marc@msys.ch>
Reviewed by: rwatson
Approved by: re
M usr.sbin/Makefile
A usr.sbin/wake
AM usr.sbin/wake/wake.c
AM usr.sbin/wake/Makefile
AM usr.sbin/wake/wake.8
via cpuctl(4) driver. Two new CPUCTL_MSRSBIT and CPUCTL_MSRCBIT ioctl(2)
calls treat the data field of the argument struct passed as a mask
and set/clear bits of the MSR register according to the mask value.
- Allow user to perform atomic bitwise AND and OR operaions on MSR registers
via cpucontrol(8) utility. Two new operations ("&=" and "|=") have been
added. The first one applies bitwise AND operaion between the current
contents of the MSR register and the mask, and the second performs bitwise
OR. The argument can be optionally prefixed with "~" inversion operator.
This allows one to mimic the "clear bit" behavior by using the command
like this:
cpucontrol -m 0x10&=~0x02 # clear the second bit of TSC MSR
Inversion operator support in all modes (assignment, OR, AND).
Approved by: re (kib)
MFC after: 1 month
FreeBSD docset during 'make release' this will speed up release
builds;
- sysinstall(8) has also been updated to use these packages with a new
menu allowing people to choose what localized doc to install;
- mention in UPDATING that docs from the FreeBSD Documentation project
are now installed in /usr/local/share/doc/freebsd instead of
/usr/share/doc.
Approved by: re (kensmith)
insisting on privileged port access.
Include /var/yp/Makefile.local if it exists and suggest using
it to override /var/yp/Makefile behaviour.
Approved by: re (kib)
MFC after: 3 weeks
A fresh install of a current 8.0 snapshot uses 156MB with a single kernel
and having the filesystem too small prevented the system from booting.
Reviewed by: marcel
MFC after: 1 week
This covers the common case of unsliced USB drives, and makes it possible to
select them as installation source media.
PR: 61152, 115197, 135016
Submitted by: randi
MFC after: 1 month
meant primarily for _non_ interactive use. Scripts that run cxgbtool
repeatedly to perform register r/w or mdio will benefit from this.
Instead of fork/exec'ing a new cxgbtool for every regio/mdio you can
simply open a pair of pipes to/from cxgbtool and run cmds over them.
Approved by: gnn (mentor)
The kernel does not log floppy media errors anymore.
In fdcontrol, do always open the file descriptor in read-only mode so
it can operate on read-only media, as there is no longer a separate
control device to operate on.
about a queue from a remote host. That remote host may use \r, \r\n,
or \n\r as the line-ending character. In some cases the remote host
will write a single line of information without *any* EOL sequence.
Translate all the non-unix EOL's to the standard newline, and make
sure the final line includes a terminating newline. Logic is also
added to translate all unprintable characters to '?', but that is
#if-ed out for now.
PR: bin/104731
MFC after: 3 weeks
allocates data structures that are never linked into the tree or free'd.
As such, mountd would leak memory every time it parsed an nfsv4 root line.
This patch frees up those structures to plug the leak.
Approved by: kib (mentor)
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively. (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer. Do the equivalent in
kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively. Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary. In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.
Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups. When feasible, truncate
the group list rather than generating an error.
Minor changes:
- Reduce the number of hand rolled versions of groupmember().
- Do not assign to both cr_gid and cr_groups[0].
- Modify ipfw to cache ucreds instead of part of their contents since
they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation)
X-MFC after: never
PR: bin/113398 kern/133867
package rather than expecting our top level package to get all of
the dependencies correct.
Previously, the code depended on the top level package having all
of the pkgdep lines in +CONTENTS correct and in the right order,
but that doesn't always happen due to code such as this (in
security/gnutls/Makefile):
.if (defined(WITH_LZO) || exists(${LOCALBASE}/lib/liblzo2.so)) && !defined(WITHOUT_LZO)
LIB_DEPENDS+= lzo2:${PORTSDIR}/archivers/lzo2
....
With such conditional dependencies, my 'sophox-packages' package won't
install. The dependency tree looks like this:
sophox-packages
...
x11/gnome2
x11/gnome-applets
net/libgweather
devel/libsoup
security/gnutls
security/libgcrypt
security/libgpg-error
...
x11/gnome2
archivers/file-roller
archivers/gtar
archivers/lzop
archivers/lzo2
...
gnutls doesn't depend on lzo2 initially, but lzo2 is dragged into the
mix via other dependencies and is built by the initial 'make'. The
subsequent package generation for gnutls adds a pkgdep line for lzo2
to gnutls' +CONTENTS but the pkgdeps in sophox-packages' +CONTENTS
has gnutls *before* lzo2.
As a result, sophox-packages cannot install; gnutls fails because lzo2
is missing, 82 more packages fail because gnutls is missing and the
whole thing spirals into a super-confusing mess!
MFC after: 3 weeks
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.
MFC after: 2 weeks
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.
Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.
Reported by: lstewart
Tested by: lstewart
choice of variable names for rc.conf and option name for the
experimental server.
Also replace the inaccurate description of the nfsv4 root lines
in /etc/exports, mostly with a reference to exports(5).
Approved by: kib (mentor)
not exist to let the user know that it will be created for the next run.
2. Delete more stuff we're not going to use from the temproot prior to
creating the mtree database to dramatically reduce its size (162K -> 37K).
3. We've been deleting the zero-size files from temproot for a long time
now, so remove the spurious "-size +0" from the find command in the
comparison loop, and remove what is now a really stale comment.
set for RPC UDP sockets. Mountd uses internal libc fuctions
directly and bypasses generic socket initialization completely,
so we need to set IP_RECVDSTADDR here to match the libc behavior.