133480 Commits

Author SHA1 Message Date
Gregory Neil Shapiro
f3cb22fc6a You can never have enough documentation.
Document the SENDMAIL_ALIASES, SENDMAIL_MAP_SRC, SENDMAIL_MAP_TYPE, and
SENDMAIL_START_SCRIPT
.Xr make.conf 5
variables.
These are used in
.Pa /etc/mail/Makefile .

PR:		conf/40548
MFC after:	3 days
2007-06-15 03:21:20 +00:00
Randall Stewart
22a6719709 - Add VRF id to sctp_ifa structure, needed mainly in panda but useful
during deletes of ifa's in diff VRF's when applicable.
2007-06-15 03:16:48 +00:00
Christian S.J. Peron
5632c9822a - Conditionally pickup Giant around the network interface
ioctl routines if we are running with !mpsafenet
- Change un-conditional Giant acquisition around ifpromisc
  to occur only if we are running with !mpsafenet

With these locking bits in place, we can now remove the Giant
requirement from BPF, so drop the D_NEEDGIANT device flag.
This change removes Giant acquisitions around BPF device
handlers (read, write, ioctl etc).

MFC after:	1 month
Discussed with:	rwatson
2007-06-15 02:53:51 +00:00
Randall Stewart
629b8f3e0f KTR_GEN -> KTR_SUBSYS (for Kris). 2007-06-15 02:34:36 +00:00
Randall Stewart
cb7a497672 - Oppps, forgot to update out the notes file for LINT builds- purge
old logging options that are no longer needed.
2007-06-15 02:29:19 +00:00
Robert Watson
7e273744a6 Remove the restriction that rtprio(2) cannot be used to set the realtime
or idle priority of another process owned by the same user.  This means
that privilege in rtprio(2) (and rtprio_thread(2)) is required indirectly
via p_cansched(9) or directly to set realtime/idle privilege, rather than
directly affecting target process authorization.
2007-06-14 23:31:52 +00:00
Randall Stewart
80fefe0a08 - Fix so ifn's are properly deleted when the ref count goes to 0.
- Fix so VRF's will clean themselves up when no references are around.
- Allow sctp_ifa to be passed into inpcb_bind, addr_mgmt_ep_sa to bypass
  normal validation checks.
- turn auto-asconf off for subset bound sockets
- Moves all logging to use KTR. This gets rid of most
  of the logging #ifdef's with a few exceptions reducing
  the number of config options for SCTP.
2007-06-14 22:59:04 +00:00
Nate Lawson
dcb5531bb2 The struct selinfo pointed to by *sip MUST be zeroed before calling
selrecord() or selwake*().  Otherwise, a panic may occur.

MFC after:	1 day
2007-06-14 22:38:50 +00:00
Yaroslav Tykhiy
1add474291 Use a single setusercontext(3) instead of a bunch of basic syscalls.
Besides aesthetic benefits, that makes at(1) jobs subject to such
login.conf(5) settings as resource limits.
2007-06-14 22:16:21 +00:00
Yaroslav Tykhiy
b53756d2fe Spotted another copy of the loony error message. 2007-06-14 21:24:05 +00:00
Hartmut Brandt
3c9b26f049 Make the order of tests the same for user and kernel. Use the natural
layer order from bottom to top.
2007-06-14 20:11:48 +00:00
Hartmut Brandt
e62e610b7d Use an array of size NGROUP_MAX for the getgroups() call instead of NGRP.
When NGROUP_MAX is larger than NGRP the call used to fail. Now the call
succeedes, but only the first NGRP groups are actually used for authentication.
2007-06-14 20:07:35 +00:00
Hartmut Brandt
513edbb8b0 According to the documentation mech_type for gss_init_sec_context() may
be passed as GSS_C_NO_OID in which case a default mech should be used.
This case was not handled and leads to core dumps when using nss_ldap.
Now use the first mech in this case. When there is no mechanism available
return an error (this part is taken from the PR).

PR:		113266
Submitted by:	Eirik Nygaard <eirikald@pvv.ntnu.no> (partly)
2007-06-14 19:58:24 +00:00
Andrew Gallatin
f616ebc73f correct some limits on interrupt proccessing so that
fast forwarding back out the same mxge interface works nicely.
2007-06-14 19:35:03 +00:00
Robert Watson
b4be6ef22f Only require privilege to set the current time adjustment, not in order to
query it.
2007-06-14 18:37:58 +00:00
Xin LI
a2346f7c3c Enable SCTP by default for GENERIC kernels in order to give it
more exposure.  The current state of SCTP implementation is
considered to be ready for 32-bit platforms, but still need some
work/testing on 64-bit platforms.

Approved by:	re (kensmith)
Discussed with:	rrs
2007-06-14 17:14:27 +00:00
Warner Losh
200d9c860d Expand callout compatibility macros in the main usb bridges. 2007-06-14 16:23:31 +00:00
Warner Losh
a73530728e Move PWR_* from usb_port.h to usb.h 2007-06-14 16:12:04 +00:00
Yaroslav Tykhiy
ff86050785 Fix an error message that was beside the point. 2007-06-14 15:18:44 +00:00
Warner Losh
058cc61a3e Move malloc definitions to usb.h.
Also, remove usb_malloc_type: it was unused.
Remove METHODS_NONE: it was unused.
Move include of opt_usb.h from usb_port.h to usb.h, since usb_port.h is
going away (there will be a usb_compat.h for out-of-tree drivers that want it).
2007-06-14 15:09:21 +00:00
Yaroslav Tykhiy
7a855803b9 Fix a typical off-by-one error that can result in an unterminated string:
strncpy(dst, src, sizeof(dst));

by substituting the safer strlcpy() for strncpy().

X-Security:	none (the source string isn't user-supplied)
2007-06-14 14:44:04 +00:00
Yaroslav Tykhiy
58d6bdcbe0 Use the current user's login class for the decisions about where
the nologin(5) file is located and whether the user may bypass its
restriction.

Add some error checks.

Approved by:	des
PR:		bin/107612
2007-06-14 13:07:06 +00:00
Hidetoshi Shimokawa
9b33b1ab38 - Suppress compiler optimization so that orb[1] must be written first.
We may need an explicit memory barrier for other architectures other than i386/amd64.

MFC after: 3 days
2007-06-14 12:52:13 +00:00
Ariff Abdullah
504e00af6b Buffer optimization and locking cleanup. Don't resize/malloc
unless it is really necessary to ease down unlock/lock sequence.
2007-06-14 11:15:51 +00:00
Ariff Abdullah
5d75db4f00 Drain all callout handlers during driver detach appropriately. 2007-06-14 11:13:38 +00:00
Ariff Abdullah
79b783c721 Don't push too hard waiting/looping for codec detection interrupt.
Let the interrupt do the job waking us up.
2007-06-14 11:11:06 +00:00
Ariff Abdullah
553dc5c78c - Add option to allow sleeping malloc(9).
- Cleanup locking assertions that aren't needed anymore.
2007-06-14 11:10:21 +00:00
Yaroslav Tykhiy
be89d8067c Document the quirks of ~/.login_conf and LOGIN_MECLASS. 2007-06-14 09:33:37 +00:00
Yaroslav Tykhiy
2e376efd52 Improve mdoc(7) markup. 2007-06-14 07:31:59 +00:00
Xin LI
0bb263df82 Require users to provide a length information for inet_ntoa_r,
this is common on other platforms.

Reported by:	pointyhat via kris
2007-06-14 07:13:28 +00:00
Yaroslav Tykhiy
a742982378 Update some comments, mostly regarding LOGIN_MECLASS and ~/.login_conf. 2007-06-14 06:42:49 +00:00
Bruce Evans
b5e547df33 Oops, back out previous commit since it was backwards to a wrong branch. 2007-06-14 05:57:13 +00:00
Bruce Evans
d382c5ebb4 MFC: 1.11: fix the threshold for (not) using the simple Taylor approximation. 2007-06-14 05:51:00 +00:00
Christian Brueffer
9624afb72c Add a missing Va option. 2007-06-14 05:32:23 +00:00
Xin LI
98397198e7 In the previous changeset a cast of myminor to u_int were
removed, which will cause problems on architectures where
longs are longer than ints, for instance,
	"mknod foo c 0 0xffff00ff"
would fail in such cases.

Use a proper cast instead.

Prompted by:	bde
2007-06-14 03:16:16 +00:00
Robert Watson
3805385e3d Spell statistics more correctly in comments. 2007-06-14 03:02:33 +00:00
Robert Watson
c2259ba44f Include priv.h to pick up suser(9) definitions, missed in an earlier
commit.

Warnings spotted by:	kris
2007-06-13 22:42:43 +00:00
John Baldwin
7dba15b72b Don't clobber tf_err with the eva from a page fault as the page fault
address is saved in ksi_addr already.

PR:		i386/101379
Submitted by:	Tijl Coosemans : tijl ulyssis org
2007-06-13 22:37:48 +00:00
Robert Watson
6a9a600b49 Close a very narrow race that might cause a trigger allocation to be
leaked if a trigger is delivered as the trigger device is closed.

Obtained from:	TrustedBSD Project
2007-06-13 21:17:23 +00:00
Warner Losh
6f93a78c1a config_detach is just used in one place, so expand it inline. 2007-06-13 20:58:57 +00:00
John Baldwin
34a9edafbc Improve the ktrace locking somewhat to reduce overhead:
- Depessimize userret() in kernels where KTRACE is enabled by doing an
  unlocked check of the per-process queue of pending events before
  acquiring any locks.  Previously ktr_userret() unconditionally acquired
  the global ktrace_sx lock on every return to userland for every thread,
  even if ktrace wasn't enabled for the thread.
- Optimize the locking in exit() to first perform an unlocked read of
  p_traceflag to see if ktrace is enabled and only acquire locks and
  teardown ktrace if the test succeeds.  Also, explicitly disable tracing
  before draining any pending events so the pending events actually get
  written out.  The unlocked read is safe because proc lock is acquired
  earlier after single-threading so p_traceflag can't change between then
  and this check (well, it can currently due to a bug in ktrace I will fix
  next, but that race existed prior to this change as well).

Reviewed by:	rwatson
2007-06-13 20:01:42 +00:00
John Baldwin
ce0be64687 Conditionally acquire Giant when dropping a reference on the ktrace vnode
during execve() when turning off tracing due to executing a setuid binary
as non-root.  Previously this could fail to acquire Giant and fail an
assertion if the ktrace file was on a non-MPSAFE filesystem and the
executable was on an MPSAFE filesystem.

MFC after:	3 days
Reported by:	kris
2007-06-13 19:41:47 +00:00
Christian Brueffer
d143a3d971 Catch up with the code.
Submitted by:	peter
2007-06-13 19:22:29 +00:00
Dmitry Morozovsky
89a630d080 Failing to set new frequency should not lead to powerd exiting.
Change err(3) to warn(3) as three other cases.

Approved by:	njl, des
2007-06-13 19:05:11 +00:00
Andrew Thompson
22dcc3c17b Add the vlan tag to the bridge route table. This allows a vlan trunk to be
bridged, previously legitimate traffic was not passed as the bridge could not
tell that it was on a different Ethernet segment.

All non-tagged traffic is treated as vlan1 as per IEEE 802.1Q-2003
2007-06-13 18:58:04 +00:00
Robert Watson
0cae11b9cc Remove IPX over IP tunneling pieces from ifconfig(8), omitted portion of
previous commit:

  Remove IPX over IP tunneling support, which allows IPX routing over IP
  tunnels, and was not MPSAFE.  The code can be easily restored in the
  event that someone with an IPX over IP tunnel configuration can work
  with me to test patches.

  This removes one of five remaining consumers of NET_NEEDS_GIANT.

  Approved by:    re (kensmith)

Spotted by:	Artem Naluzhny <tutat nhamon dot com dot ua>
2007-06-13 18:07:59 +00:00
Bruce M Simpson
d3fd8d85fc Do not attempt to enable AHCI mode on ALi SATA controllers other
than the 5288.

It is not correctly implemented in earlier silicon, and the BIOS often
lies about AHCI capability on platforms where these chips are deployed.
With this change I am able to boot FreeBSD on the ASUS Vintage AH-1
barebones system.

Approved by:	sos
2007-06-13 17:44:49 +00:00
Timur I. Bakeyev
a79e185ffa Add myself as a commiter.
Approved by:	shaun (mentor)
2007-06-13 16:37:36 +00:00
Randall Stewart
db4fd95b0e - fix bindx to check addresses against socket's protocol family 2007-06-13 14:39:41 +00:00
Robert Watson
2281b8f054 Remove IPX over IP tunneling support, which allows IPX routing over IP
tunnels, and was not MPSAFE.  The code can be easily restored in the
event that someone with an IPX over IP tunnel configuration can work
with me to test patches.

This removes one of five remaining consumers of NET_NEEDS_GIANT.

Approved by:	re (kensmith)
2007-06-13 14:01:43 +00:00