NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively. (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer. Do the equivalent in
kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively. Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary. In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.
Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups. When feasible, truncate
the group list rather than generating an error.
Minor changes:
- Reduce the number of hand rolled versions of groupmember().
- Do not assign to both cr_gid and cr_groups[0].
- Modify ipfw to cache ucreds instead of part of their contents since
they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation)
X-MFC after: never
PR: bin/113398 kern/133867
package rather than expecting our top level package to get all of
the dependencies correct.
Previously, the code depended on the top level package having all
of the pkgdep lines in +CONTENTS correct and in the right order,
but that doesn't always happen due to code such as this (in
security/gnutls/Makefile):
.if (defined(WITH_LZO) || exists(${LOCALBASE}/lib/liblzo2.so)) && !defined(WITHOUT_LZO)
LIB_DEPENDS+= lzo2:${PORTSDIR}/archivers/lzo2
....
With such conditional dependencies, my 'sophox-packages' package won't
install. The dependency tree looks like this:
sophox-packages
...
x11/gnome2
x11/gnome-applets
net/libgweather
devel/libsoup
security/gnutls
security/libgcrypt
security/libgpg-error
...
x11/gnome2
archivers/file-roller
archivers/gtar
archivers/lzop
archivers/lzo2
...
gnutls doesn't depend on lzo2 initially, but lzo2 is dragged into the
mix via other dependencies and is built by the initial 'make'. The
subsequent package generation for gnutls adds a pkgdep line for lzo2
to gnutls' +CONTENTS but the pkgdeps in sophox-packages' +CONTENTS
has gnutls *before* lzo2.
As a result, sophox-packages cannot install; gnutls fails because lzo2
is missing, 82 more packages fail because gnutls is missing and the
whole thing spirals into a super-confusing mess!
MFC after: 3 weeks
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.
MFC after: 2 weeks
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.
Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.
Reported by: lstewart
Tested by: lstewart
choice of variable names for rc.conf and option name for the
experimental server.
Also replace the inaccurate description of the nfsv4 root lines
in /etc/exports, mostly with a reference to exports(5).
Approved by: kib (mentor)
not exist to let the user know that it will be created for the next run.
2. Delete more stuff we're not going to use from the temproot prior to
creating the mtree database to dramatically reduce its size (162K -> 37K).
3. We've been deleting the zero-size files from temproot for a long time
now, so remove the spurious "-size +0" from the find command in the
comparison loop, and remove what is now a really stale comment.
set for RPC UDP sockets. Mountd uses internal libc fuctions
directly and bypasses generic socket initialization completely,
so we need to set IP_RECVDSTADDR here to match the libc behavior.
could be handled w/o fragmentation but clobbers user-specified values
such as those required when the interface is bridged.
Submitted by: jim@netgate.com
Reviewed by: Jouni Malinen
MFC after: 3 days
connections. Including a flag to instead output a sequence of tcpdrop(8)
invocations that would accomplish the same thing, which is convenient for
scripting.
o) Make tcpdrop complain if the addresses given to it are entirely in different
address families, rather than failing silently.
o) When cross-referencing httpd(8), do not explicitly specify the apache2 port,
since the example in question is generic.
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
- Mark internal routines as static;
- Eliminate unused parameters where possible, mark __unused for others;
- Remove unused variables;
- Use %jd for int64_t values in printf();
- Add appropriate %d for printf to match its parameter;
- Rename a variable to resolve conflict with revoke(2);
Reviewed by: rmacklem
Tested with: make universe (bugs are mine)
