anything for two mintues (see ``set choked'' and ``show
bundle''), nuke the ip, mp and link level buffer queues.
This should fix problems where ``ppp -auto'' seems to stop
responding after failing to connect to the peer a few times.
for 11520-byte buffers for 115200 bps are displayed properly.
Fixed my recent printf format error fixes. %p is almost unusable
in tables, since its width and format are unknown/machine-dependent.
Use %8lx and cast pointers to (u_long)(void*). This is still quite
broken, e.g., for machines with 64-bit pointers.
an *interactive* command for newbies. The pw(8) does now a much better
job for adding users from command line. Also, the -batch option is
not well tested, buggy and unsupported.
predictable /tmp files (static prefix + process number) which are
overwritten blindly, and follow links.
These workarounds change it from a process number to a very random
(9999 with tons of decimal places) number.
PR: 7565
Submitted by: Thomas Stromberg <tstrombe@rtci.com>
the `-literal' after the closing .Ed.
Where this happens, use ``.Bd -unfilled'' with ``.It Li'' to dodge
the problem - it looks better too.
Problem reported by: Dom Mitchell <dom@phmit.demon.co.uk>
to be clever by avoiding the 'check all domains in the search list'
cycle in certain cases, but this would lose if handed a name like
"foo.ctr" which refers to an FQDN of "foo.ctr.columbia.edu". If
"columbia.edu" is in the search list in /etc/resolv.conf then the
DNS lookup code should resolve it, but it didn't.
the device is successfully opened. If we fail to open it,
mention the fact.
Also go back into command mode as soon as the device is closed
rather than waiting for the user to type something before noticing.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
snprintf function itself is still #ifdef'd out by conf.h. This allows this
program to link when compiled without optimization. With optimization,
the call to quad_to_string gets removed by the compiler. Unfortunately
the linker still links in the quad_to_string function even though it
isn't called. 8-(
consider it a exit failure if it doesn't work. This means that root
processes can safely get the lock, but normal processes can still use
the 'pw' utility to get information (which may change out from under
them.)
from PR/6787, but allow non-root users to use pw to get password
information. However, this should be safe since the fixes for
disallowing multiple instances from modifying the DB are still intact.
Bug noted by: dima@best.net (Dima Ruban)
do TLD *before* processing the config request as
TLD initialises the peers LCP values.
It's strange that an IRC isn't required here - but
I'll bow to the wisdom of the rfc.
``add .... HISADDR''. The network will never be
reachable at this point unless we're in -auto or reading
the command from ppp.linkup.
We can now run the following lines and get the expected
results:
set ifaddr 1.2.3.4/0 5.6.7.8/0
add default HISADDR
where a route is added immediately in auto mode and the
whole thing is delayed 'till the IP numbers have been
agreed in other modes.
Essentially, ppp.linkup is no longer required.
diagnostics (which are on by default).
o Deal correctly with both sides wanting CHAP.
o Output a warning if we're using an empty ``authname''. This is
*not* what we want to do.
-current (Thanks Harald). However, on my attempt to try this on -STABLE,
I found that when forwarding to another host the actual messages gets lost.
This is due to a wrong index because when the -v option was added, the
indexes shifted one place.
PR: 7407
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
(a.k.a. /var/yp/Makefile.dist) refers to an obsoleted usage of the
-m option of rpc.yppasswdd. It is currently taken over by the -t
option. -m is used for a different purpose now.
PR: 7279
Reviewed by: phk
Submitted by: Amakawa Shuhei <amakawa@nebula.sf.t.u-tokyo.ac.jp>
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.
Twelve years ago, code was added to inetd to detect "failing
servers". The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing"). These
compile-time constants vary depending on vendor.
The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).
Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.
PR: 7286
Reviewed by: phk
Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
run at the same time.
Notes:
The fileupdate function is still somewhat broken. Instead of
returning a failure code if it can't modify the original file it
renames the .new file and continues as though nothing is wrong.
This will cause the lock on the original file to be lost and could
lead to a similar race condition. I left that portion of the code
alone since I feel that the maintainer of the code would have a
better concept of how he wants to handle errors in that function
than I do.
PR: bin/6787
Submitted by: Craig Spannring <cts@internetcds.com>
them as ints. Among other bugs, doing so at best caused benign
overflow followed by fatal sign extension on machines with 32-bit
ints and 64-bit longs.
define MAXUSERS in opt_param.h as directed in /sys/conf/options;
if it's not mentioned there, then define it in IDENT; never define
it in PARAM). MAXUSERS probably should be a completely normal option.
Don't define PARAM now that it is empty.
Cleaned up similar conversion of cpu directives to XXX_CPU options.
was used as if it is 1-based. This happened to give the correct result
for options without values because of a compensating error in newline
lexing. Didn't fix the latter, so line numbers in yyerror() may still
be 1 too high in some cases.
exceeds DATALINK_READY. When we go back to READY or less
(eg. ``close lcp''), switch the carrier-checking-timer off again.
This fixes the callback example in ppp.conf.sample.
Noted as broken by: Damian Kuczynski <damian@best.pw.edu.pl>
they may not be logins. The code for determining whether it is a pty
entry is broken.
PR: 7137
Reviewed by: phk
Submitted by: Tom Rush <tarush@mindspring.com>
o If we've denied and disabled all compression protocols, stay
in ST_INITIAL and do an LCP protocol reject if we receive any
CCP packets.
o If we've disabled all compression protocols, go to ST_STOPPED
and wait for the other side to ask for something.
o If we've got anything enabled, start REQing as soon as the auth
layer is up.
o If we're in multilink mode, than the link level CCP goes
straight to ST_STOPPED irrespective of what's configured so that
we never try to compress compressed stuff by default.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.
open capable of re-negotiatiating the various layers.
It is now possible to change various link options and then
re-open the relevant layer, making the changes effective -
for example, switching off VJ compression or starting ECHO
LQRs on-the-fly.
with export lines where the same hostname was specified more than once
(this happens a lot with netgroups sometimes). Recently I discovered
that it needs to be hacked to deal with multiple instances of the
same IP address too.
I've been using this modification locally for several months with no
hassles.
This allows one to specify additional sockets in the unix domain
that syslogd listens to. Its primary use is to create log sockets in
chroot environments.
Obtained from:OpenBSD (with a bug fixed d
end up writing zero bytes, sleep for 1/10 of a second so that
we don't end up using up too much cpu.
This should only ever happen on systems that wrongly report a
descriptor as writable despite the tty buffer being full.
Discussed with: Jeff Evarts
o Do an initial run-time check to see if select() alters the passed
timeval. This knowledge isn't yet used, but will be soon.
