each time rather than making up a new one.
Increase the authname/authkey max sizes to 100 characters.
Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.
This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.
Examples will follow.
incorrect; returning NULL here means that the dispatcher won't send any
response back to the caller, which means the caller will sit there waiting
until it times out. I don't know how this ever worked before. The effect
is that using 'ypset foo' to get the local ypbind to change servers would
work, but would sit there hanging for a long time for no reason.
Under certain conditions (possibly associated with heavy load), ypserv will
fork() child processes that don't exit like they're supposed to. I think
this is because of some suspect logic in the ypproc_all procedure. I updated
it to use what I hope is a more bulletproof approach.
Also tweaked yp_svc_run() a little so that the 'are we a child?' test happens
at every pass through the for(;;) loop, not just immediately after returning
from svc_getreqset2().
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel. It should also make the future addition
of PAM support trivial.
While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.
NOTE: This involved integrating the generation of chap
challenges and the validation of chap responses
(and commenting what's going on in those routines).
I currently have no way of testing ppps ability
to respond to M$Chap CHALLENGEs correctly, so if
someone could do the honours, it'd be much
appreciated (it *looks* ok!).
Sponsored by: Internet Business Solutions Ltd., Switzerland
Now we know which variables are internal and which need to be
backed to /etc/rc.conf.site. rc.conf is not touched now.
Also kget kernel change information back properly and set up a loader.rc
file to use it.
Previously the foolowing lines would have broken:
controller fdc0 at isa? disable port ? bio
controller fdc0 at isa? disable port 0x100 bio
While this would work:
controller fdc0 at isa? disable port "IO_FD1" bio
The first of the three lines is useful for making placeholder devices
for PCMCIA-floppies, and the second is useful for non-standard hardware.
The failure is a "(null)" string in ioconf.c that the compiler pukes on.
Thanks to: Bruce Evans (bde@freebsd.org)
configured. This isn't strictly necessary according to the
rfc, but it's suggested there....
o Don't forget to include our authname when sending a
CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
length to radius_Authenticate() - libradius does this
for us.
o When we successfully authenticate via radius_Authenticate(),
continue with datalink_AuthOk() as expected.
Sponsored by: Internet Business Solutions Ltd., Switzerland
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
wcarchive. This needs to be updated when:
(a) The directory structure changes on wcarchive
(b) getosreldate() has a new significance
(ie. get ELF packages/get a.out packages)
(c) Branches are changed around
As we stand right now, 3.0-postELFday and 4.0-x all point to the same
directory, but when 4.0 starts to have its own packages, this file will
need to be changed.
Add the much-needed and long-desired ability to force the log rotation
to take place on a specific day or time, and document same. This works
by extending the syntax of the `when' field to allow a restricted
ISO 8601 time specification, and performing the log rotation if newsyslog
is run during the same hour as is specified.
changes:
- Finish migrating zic to its own private.h.
- Fix zic.8 so that it really is written in -mdoc.
- Add four new flags to zic (&document):
-D don't create directories
-u change ownership of newly-created files to user
-g change ownership of newly-created files to group
-m change mode of newly-created files to modespec
These, once proven, can be used to clean up the installation.
Obtained from: ftp://elsie.nci.nih.gov/pub/tzcode1999a.tar.gz (partially)
with minor changes to work around a bug in Cisco's IOS version 12.0 .
3.9-beta3 is much improved over 3.8, and is only labelled "beta" because
of missing features, as opposed to instability or known bugs.
otherwise windows clients will keep resending the
response :-/
It'd be nice if M$ would document this sort of thing !
Problem reported by: Andrzej Tobola <san@tmp.iem.pw.edu.pl>
The previous commit broke mtree(8) when file names using certain 8-bit
characters ended up being encoded with '/', '*', and other shell
metacharacters.
PR: bin/9538
Submitted by: "Eugene M. Kim" <astralblue@usa.net>
Reviewed by: jkoshy
Bug-missed-last-time-by: jkoshy
The remote option allows for automatic package fetching and installation
using the package repository found on wcarchive. Naturally, this site
can be overridden with a enviornment variable.
This code uses getobjformat() and getosreldate(). This means when some event
causes the package to be fetched to change (such as e-day) the logic also
needs to be changed.
Sorta reviewed by: jkh
Code suggestions: peter, jkh, eivind, msmith
Make two digit years specified on the command line represent
the century that the computer currently resides. So 99 means
1999 this year, but 2099 next year.
Pointed out by: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
CALLBACK protocol and end up agreeing CBCP, DTRT and go
into CBCP phase rather than mistakenly terminating as
if CBCP wasn't agreed.
Problem reported by: Alexander Dubinin <alex@nstl.nnov.ru>
+ ECP parallel port chipset FIFO detection
+ DMA+FIFO parallel I/O handled as chipset specific
+ nlpt updated in order to use the above enhanced parallel I/O.
Use 'lptcontrol -e' to use enhanced I/O
+ Various options documented in LINT
+ Full IEEE1284 NIBBLE and BYTE modes support. See ppbus(4) for
an overview of the IEEE1284 standard
+ Detection of PnP parallel devices at boot
+ Read capability added to nlpt driver to get IEEE1284 compliant
printer status with a simple 'cat /dev/lpt0'
+ IEEE1284 peripheral emulation added to BYTE mode. Two computers
may dialog according to IEEE1284 signaling method.
See PERIPH_1284 option and /sys/dev/ppbus/ppi.c
All this code is supposed to provide basic functions for IEEE1284 programming.
ppi.c and nlpt.c may act as examples.
the answer.
If we later get a descriptor exception from select(), we know
that it's a tty (isatty() returns 0 after the exception on a
tty) and remember to call modem_LogicalClose().
The upshot of it all is that descriptor exceptions dont leave
the tty locked any more.
on the ASIX AX88140A chip. Update /sys/conf/files, RELNOTES.TXT,
/sys/i388/i386/userconfig.c, sysinstall/devices.c, GENERIC and LINT
accordingly.
For now, the only board that I know of that uses this chip is the
Alfa Inc. GFC2204. (Its predecessor, the GFC2202, was a DEC tulip card.)
Thanks again to Ulf for obtaining the board for me. If anyone runs
across another, please feel free to update the man page and/or the
release notes. (The same applies for the other drivers.)
FreeBSD should now have support for all of the DEC tulip workalike
chipsets currently on the market (Macronix, Lite-On, Winbond, ASIX).
And unless I'm mistaken, it should also have support for all PCI fast
ethernet chipsets in general (except maybe the SMC FEAST chip, which
nobody seems to ever use, including SMC). Now if only we could convince
3Com, Intel or whoever to cough up some documentation for gigabit
ethernet hardware.
Also updated RELNOTEX.TXT to mention that the SVEC PN102TX is supported
by the Macronix driver (assuming you actually have an SVEC PN102TX with
a Macronix chip on it; I tried to order a PN102TX once and got a box
labeled 'Hawking Technology PN102TX' that had a VIA Rhine board inside
it).
arguments to be numbers. Also use '0' base to allow hex, octal or
decimal numbers.
This was done by me based on ideas in pr 3556, submitted by Uwe
Laubenstein and commented upon by j@uriah.heep.sax.de (J Wunsch).
PR: 3556
The char that the random letters and numbers are being pulled from is
ended with a '\0'. Using sizeof() includes this '\0' in the 'pool' of
possible characters. This patch decrements by one the size so we don't
accidently end the new password prematurly.
and terminate it. This patch ensures passwords will be the correct length of 8,
which is what is implied in the source (but not reflected in the man page).
PR: bin/7817
Reviewed by: Alfred Perlstein <bright@hotjobs.com>
Submitted by: Hiroshi Nishikawa <nis@pluto.dti.ne.jp>
in getopt(). The code was there, the means to use it wasn't.
Also update the usage() statment to reflect reality.
PR: bin/9248
Submitted by: Jos Backus <jbackus@plex.nl>
Forgotten By: dillon
to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.
PR: bin/9091
Submitted By: Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list
arithmetic instead of the special macros in PR 8163 or the magic
2's in PR 381. (Rev.1.3 unfortunately fixed only half of the
problems reported in PR 381.)
PR: 381, 8163
Fixed missing DPADD.
Fixed placement of the include of bsd.prog.mk. It annulled
`make checkdpadd', which should have been run to find the broken DPADD.
It just replace u_long with u_int32_t and shouldn't affect on i386.
Without this patch,
- unaligned accesses occur
- permission denied randomly
Submitted by: Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
ISDN4BSD is the work of our brand-new comitter: Hellmuth Michaelis,
who has done a tremendous amount of work to bring us this far.
There are still some outstanding issues and files to bring into
the tree, and for now it will be needed to pick up all the extra
docs from the isdn4bsd release.
It is probably also a very good idea to subscribe to the isdn@freebsd.org
mailing list before you try this out.
These files correspond to release "beta Version 0.70.00 / December
1998" from Hellmuth.
to see if there's anything to do, schedule the next alarm
based on the next required timeout.
This decreases the load when there are lots of relatively
idle ppp processes.
While I'm in there, handle the possibility that a timeout
makes the timer element go out of scope by grabbing the
enext pointer before executing the timer function.
Prevent cron from going crazy if the time steps. For example, if you
have a system with hundreds of users and lots of different crontabs
and your time steps back an hour, the old cron would then attempt to
run an hours worth of cron jobs in a few seconds.
Have pwd_mkdb lock the source file while rebuilding the database. When
called by programs such as vipw, the source file is a temporary file and
this does not conflict with the lock on /etc/master.passwd already held
by vipw. When run manually, however, master.passwd is typically specified
as the argument and the locking prevents other programs from messing with
master.passwd during the database rebuild.
Also pwd_mkdb uses a blocking exclusive lock as it may be called from
a script. The -N option was added to cause pwd_mkdb to get the lock
non-blocking and exit with an error if the attempt fails, again useful
for scripts.
Remove any dial timer that might be hanging around at
datalink_Destroy() time. This timer may be left running
after the link is closed (making sure it's not automatically
opened again too soon).
exits, it causes a select() exception.
Handle these select() exceptions on link descriptors in pretty
much the same way as loss of carrier rather than dropping out
in confusion.
PCI fast ethernet adapters, plus man pages.
if_pn.c: Netgear FA310TX model D1, LinkSys LNE100TX, Matrox FastNIC 10/100,
various other PNIC devices
if_mx.c: NDC Communications SOHOware SFA100 (Macronix 98713A), various
other boards based on the Macronix 98713, 98713A, 98715, 98715A
and 98725 chips
if_vr.c: D-Link DFE530-TX, other boards based on the VIA Rhine and
Rhine II chips (note: the D-Link and certain other cards
that actually use a Rhine II chip still return the PCI
device ID of the Rhine I. I don't know why, and it doesn't
really matter since the driver treats both chips the same
anyway.)
if_wb.c: Trendware TE100-PCIE and various other cards based on the
Winbond W89C840F chip (the Trendware card is identical to
the sample boards Winbond sent me, so who knows how many
clones there are running around)
All drivers include support for ifmedia, BPF and hardware multicast
filtering.
Also updated GENERIC, LINT, RELNOTES.TXT, userconfig and
sysinstall device list.
I also have a driver for the ASIX AX88140A in the works.
# `moused' is getting too over-loaded now. If we want something
# more than simple mouse emulation for tablets or remote devices,
# we should start writing a separate daemon...
Submitted by: luigi
mode' button. Mouse movement will be treated as wheel movement while
this button is held down. Useful for mice with many buttons but
without a wheel.
PR: bin/8001
Submitted by: Hideyuki Suzuki
o Move fixups into extraction routine so all consumers don't have to duplicate
the right behavior.
o Make some things more orthogonal (just for asthetics sake)
o Add option to go back and do it again if XF86Setup fails (possibly with
a different setup - this one has always annoyed me).
configured in the kernel. It gives them a device name of "none" and
monotonically incrementing unit numbers. (starting at 0) Before, pciconf
would just skip over unconfigured devices. (unconfigured devices can be
detected because they have a null string for a device name)
Update the man page to reflect the new pciconf output. Unfortunately, this
causes the sample 'pciconf -l' output lines to wrap, but I'm not sure what
to do about that really.
If anyone presents a reasonable case for printing out something other than
"none1" for unconfigured devices, I'm willing to listen.
for our interface address. We're about to call ip_Input()
anyway, and ip_Input() does the PacketAliasIn().
Stack trace provided by: Cameron Grant <gandalf@vilnya.demon.co.uk>
where "/var/db/kvm_kernel.db" exists.
Note, kvm_mkdb tries to be clever, and skips rebuilding the database
if it thinks it's already up to date. To see the effects of this
fix, you may need to manually delete "/var/db/kvm_kernel.db" and
then run "kvm_mkdb".
match - otherwise, with a delayed (\\d) ``send'', the
timeout may happen during the send and cause a failure.
Problem reported by: David L. Vondrasek <dallas.tx@airmail.net>
are done in the same way as command execution.
For example, ``set proctitle USER INTERFACE PROCESSID'' would
be useful in a -direct profile for identifying who's connected.
for every machine on every class C or smaller subnet that we
route to.
Add ``set {send,recv}pipe'' for controlling our socket buffer
sizes.
Mention the IP number with the problem in a few error messages.
All submitted by: Craig Leres <leres@ee.lbl.gov>
Modified slightly by: me
like
tun0: flags=blah
10.0.0.1 -> 10.0.0.100
10.0.0.2 -> 10.0.0.100
10.0.0.3 -> 10.0.0.100
to DTRT, despite the SIOCAIFADDR for each new alias returning
-1 & EEXIST while adding the alias anyway. In real life, once
we have the second alias with the same destination, nothing will
route any more ! Also, because I was ignoring EEXIST, the
dynamic IP assignment code was assigning duplicate addresses
('cos it was being lied to by iface_inAdd()).
Now we have
tun0: flags=blah
10.0.0.1 -> 255.255.255.255
10.0.0.2 -> 10.0.0.100
10.0.0.3 -> 255.255.255.255
This works - stuff bound to 10.1 & 10.3 will be considered alive
by the kernel, and when they route back to the tun device, the
packets get aliased to 10.2 and go out to 10.100 (as with the
original plan).
We still see the EEXIST in SIOCAIFADDR, but ignore it when our
destination is 255.255.255.255, assuming that the alias *was*
actually added.
Additionally, ``iface add'' may now optionally be given only
the interface address. The mask & destination default to
255.255.255.255.
shortseq, authname and authkey.
o Auth{name,key} may additionally be set in PHASE_ESTABLISH.
o The others may be set in PHASE_ESTABLISH as long as no links
have yet reached DATALINK_LCP.
Interrupt handlers are now configured in drivers.
Didn't update config/SMM.doc. It doesn't have any i386 examples (not
even `isa').
Bumped CONFIGVERS. This is not necessary for -current yet, but using
the new config with old system sources gives null pointers for all
vectors.
demand-dial links with dynamic IP numbers where the program
that causes the dial bind()s to an interface address that is
subsequently changed after ppp negotiation.
The problem is defeated by adding negotiated addresses to the
tun interface as additional alias addresses and providing a set
of ``iface'' commands for managing the interface. Libalias is
also required (and what a name clash!) - it happily IP-aliases
the address so that the source is that of the primary (negotiated)
interface and un-IP-aliases it on the way back.
An ``enable iface-alias'' is done implicitly by the -alias command
line switch. If -alias isn't given, iface-aliasing is disabled by
default and can't be enabled 'till an ``alias enable yes'' is done.
``alias enable no'' silently disables iface-alias.
So, for dynamic-IP-type-connections, running ``ppp -alias -auto blah''
will work for the first connection, although existing bindings will
not survive a disconnect/connect as the TCP peer will be trying to
send to the old IP address - the packets won't route.
It's now a lot easier to add IPXCP to ppp with minor updates to
the new iface.[ch] (if anyone ever gets 'round to it).
It's also now possible to manually add interface aliases with
something like ``iface add 1.2.3.4/24 5.6.7.8''. This allows
multi-homed ppp links :-)
RealTek 8129/8139 chipset like I've been threatening. Update kernel
configs, userconfig.c, relnotes and sysinstall. No man page yet;
comming soon.
I consider this driver stable enough that I want to give it some
exposure in -current.
Didn't bump CONFIGVERS, since ioconf.h was already unused when
CONFIGVERS was last bumped (although essentially the same (CAM)
commit batch that bumped CONFIGVERS also added bogus includes of
ioconf.h).
execvp() in the child branch of a vfork(). Changed to use fork()
instead.
Some of these (mv, find, apply, xargs) might benefit greatly from
being rewritten to use vfork() properly.
PR: Loosely related to bin/8252
Approved by: jkh and bde
- it has longer timeout as per the PnP COM Device Specificaiton 1.0,
- and it tries to obtain the PnP ID string by strictly following the
specification and if it fails, by deploying slightly simplified
steps. (moused has used the simplified method because early PnP mice
do not exactly follow the specification. But now, recent mice
do not supply the ID string unless the strict procedure is used...)
Jointly developed by luigi and yokota.
MD4Update(), but our version in libmd expects a byte count.
This code is not currently compiled or linked into pppd, so I'm
reasonably sure I didn't break anything. :-) I added the necessary
statements to the Makefile, but left them commented out because we
are in feature freeze. When the code is enabled, we must be careful
to build it only if the DES library is available.
Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:
# cd /usr/src/usr.sbin/xntpd/util
# make all install
There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.
Kinda-approved-by: phk
route. If your nameserver config is wrong, this will otherwise hang for
the default resolver timeout (75 seconds), leading people to think that
the system has hung.
various ports don't complain about it. It also requires that the pkg
registration bits be stick into the Xbin tarball so that they'll be
present in /usr/X11R6/lib/X11/pkgreg.tar.gz. The registration tarball
is removed upon first use to prevent it later spamming a genuine build
from ports if inadvertently extracted again.
- Accept generic video mode names: 80x25, 80x30, etc. Specific video
mode names, VGA_80x25, VESA_132x25, are still accpeted too.
- Update the man page accordingly.
generation was causing unaligned access faults on the Alpha.
I have incremented the devstat version number, since this is an interface
change. You'll need to recompile libdevstat, systat, iostat, vmstat and
rpc.rstatd along with your kernel.
Partially Submitted by: Andrew Gallatin <gallatin@cs.duke.edu>