with a back off. This was discovered when Luigi sent me code to
handle this for Etherboot. The Etherboot patch worked okay but
FreeBSD's tftpd had trouble handling it and would fail to transfer
the file since it would abort on send and not retry.
Submitted by: luigi
MFC after: 1 week
objects were not being correctly set to zero. Instead, the function
descriptor pointer was set to the load address of the .so object. This
caused gcc generated binaries to segfault on exit when crtbegin.asm's
_fini code tested the __cxa_finalize() function pointer for zero.
This is a bit of a hack because of a problem nearby workaround for
find_symdef and its quirks (failures) for local symbols. This still
needs to be fixed.
returns off_t in yylval.u.o. REST is the only user of yylval.u.o at the
moment.
NB: seems lukemftpd has the same bug.
PR: misc/28629
Reviewed by: ru
Approved by: ru
MFC after: 1 month
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
produced by ld(8) (ie: that _DYNAMIC immediately follows the _GOT).
The new binutils import changed that, and the intial GOT relocation
broke. Use a custom linker script to provide a real end-of-GOT symbol.
Update ld.so to deal with the new (faster) PLT format that gcc-3.1 and
binutils can produce.
This is probably incomplete, but appears to be working again.
Obtained from: NetBSD
(And a fix to a silly mistake that I made by: gallatin)
o Use new-style prototypes and function definitions.
o Fix timeout and justquit to have proper signatures for signal
handlers. Mark the args as __unused.
o remove register
o Use new-style prototypes exclusively rather than the old foo() style.
o Use new-style function definitions.
o remove register
o make functions passed to signal have the right signature.
o do minor const poisoning.
signal handlers. In this case, use _exit(2) instead, following
the call to shutdown(2).
This fixes rare telnetd hangs.
PR: misc/33672
Submitted by: Umesh Krishnaswamy <umesh@juniper.net>
MFC after: 1 month
handlers to set flags only (with exception for sigquit(),
which still seems to call some non-reentrant functions on
its way to _exit(2).) That must eliminate the possibility
of catching SIGSEGV from following non-reentrant paths from
signal handlers.
PR: bin/32740 bin/33846
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
Obtained from: OpenBSD
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).
This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.
Also remove local declarations of sbrk and unnecessary casting.
PR: 32296
Tested by: Harti Brandt <brandt@fokus.gmd.de>
MFC after: 1 month
is implemented in pam_opie module
For non-PAM variant rewrite empty password checking code to do the right thing
and not disallow empty passwords in all cases.
Hiroyuki YAMAMORI gave a patch for the EPRT command in the
PR below. Problems with the rest of the patch are my fault.
PR: 33268
Reviewed by: iedowse, sheldonh
handed a integer, not void).
- No need to set flags to zero when they already will be.
- It was also noted the manner in which the signal handling has changed
might possibly generate some problems (hangs possibly) -- these, while
remaining in the code, will be fixed shortly (within a day).
Submitted by: bde
negotiation rather than rejecting the request.
Apple OpenFirmware 3.0f3 (the version in my iMac) adds trailing garbage to the
end of an otherwise valid request. Without this change, the requests were
rejected which prevented me from booting.
Reviewed by: obrien
DoS bug that the select(2)/accept(2) pair is called on
a socket that is in the blocking I/O mode. The bug is
triggered if a selected connection dies before the accept(2)
leading to the accept(2) blocking virtually forever.
MFC after: 1 week
DT_INIT and DT_FINI tags pointed to fptr records. In 2.11.2, it points
to the actuall address of the function. On IA64 you cannot just take
an address of a function, store it in a function pointer variable and
call it.. the function pointers point to a fptr data block that has the
target gp and address in it. This is absolutely necessary for using
the in-tree binutils toolchain, but (unfortunately) will not work with
old shared libraries. Save your old ld-elf.so.1 if you want to use
old ones still. Do not mix-and-match.
This is a no-op change for i386 and alpha.
Reviewed by: dfr
for negotiation of timeout and file size to the tftp protocol. This
is required by some firmware like EFI boot managers (at least on
HP i2000 Itanium servers) in order to boot an image using tftp. The
attached patch implements the RFC, and in doing so also implements
RFC2347; a generic tftp option extension.
PR: 30710
Submitted by: Espen Skoglund <esk@ira.uka.de>
refers to the size of the whole ethernet packet, just the DHCP
message within the UDP payload, or something else. bootpd interpreted
it as a maximum UDP payload size, so it could end up sending
fragmented packets to clients (such as some versions of Etherboot)
that used different interpretations of the maximum message size.
Switch to the most conservative interpretation: ensure that the
ethernet packet containing the response is no larger than the
specified maximum message size. This matches the behaviour of
the ISC dhcpd.
MFC after: 1 week
in the SYNOPSIS and DESCRIPTION.
Note that -l remains an ugly exception, to which no known rules apply,
since the specification of a single option multiple times isn't normal
standards-compliant CLI behaviour.
While here, mark AF_INET* and LOG_* defined values up with Dv.
atoi -> strtoll
fseek -> fseeko
NOTE: that fseek not works for >long offsets per POSIX:
[EOVERFLOW] For fseek( ), the resulting file offset would be a value which
cannot be represented correctly in an object of type long.
Fix minor cast too.
-O, which limits the impact of the write-only restriction to guest
users.
*) The existing manual page's SYNOPSIS and option listing in the
DESCRIPTION are already horribly disordered. No attempt has been
made to fix this.
*) The existing source's getopt() optstring and option handling switch
are already horribly disordered. No attempt has been made to fix
this.
Discussed with: nik, -audit
long -> time_t
%ld -> %qd
fseek -> fseeko
NOTE: that fseek not works for >long offsets per POSIX:
[EOVERFLOW] For fseek( ), the resulting file offset would be a value which
cannot be represented correctly in an object of type long.
preventing anyone from downloading files. In conjunction with -A, and some
appropriate file permissions, this lets you create an anonymous FTP drop
box for people to upload files to.
The more obvious "-w" flag is already taken by NetBSD's ftpd. "-o" was
available as an option letter in all three BSDs.
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
Prevents simultaneous calls to updatestat() as function is not reentrant.
PR: bin/24857
Submitted by: Martin Butkus <mb@bagheera.thgwf.de>
MFC after: 1 month
with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with
errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc'
patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to
maintain backwards compatibility.
Reviewed by: sheldonh, assar
Obtained from: NetBSD/OpenBSD
with the conversation function and challenges which needs to be
revisited, so in the interim a hack is introduced to provide
an OPIE challenge (which is random if OPIE does not apply)
at all non-anonymnous logins.
as the current time. It's nice to know whether the talk request you
see was sent just a few minutes ago (assuming you didn't hear the
bell), or if it's been decaying for days (weeks?).
particularly help programs which load many shared libraries with
a lot of relocations. Large C++ programs such as are found in KDE
are a prime example.
While relocating a shared object, maintain a vector of symbols
which have already been looked up, directly indexed by symbol
number. Typically, symbols which are referenced by a relocation
entry are referenced by many of them. This is the same optimization
I made to the a.out dynamic linker in 1995 (rtld.c revision 1.30).
Also, compare the first character of a sought-after symbol with its
symbol table entry before calling strcmp().
On a PII/400 these changes reduce the start-up time of a typical
KDE program from 833 msec (elapsed) to 370 msec.
MFC after: 5 days
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.
This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.
There are protocol issues to deal with.
Bring back this routine (renamed to avoid a library conflict in libssh)
and overhaul it for more 21st Century style coding.
Pointed out by: bde
Limit the "pathname" glob to one item, as that is what all users of it
are expecting, except for LIST.
Always glob, instead of when the first character is a ~. For example,
if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but
"cwd ~/x[1]" would work since it was globbed due to the ~ character.
Also, "cwd ~/x[12]" used to arbitarily work as it used the first
expansion (ie: x1) without an error. Make it return '550 ambiguous'
instead of '550 not found' so that the user can see the difference.
For LIST, just use the user supplied string as the popen does the glob.
Problem noticed by: Ajay Mittal <amittal@iprg.nokia.com>
This allows you to determine if the file on the other side is the same
as the one you have without transferring the entire file to compare.
Needless to say, if the server end lies to you this check doesn't work,
but on the other hand, if it lies to you about the files checksum,
what can you trust from it ?
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c
Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
The PR also included documentation for other options, but upon
inspection of the source these options aren't used.
PR: docs/24149
Submitted by: Jesse Monroy, Jr. <opentrax@email.com>
it at boot time closer to the way we want it to be in the final version.
* Move the default directory to /var/db/entropy
* Run the entropy saving cron job every 11 minutes. This seems
to be a better default, although still bikeshed material.
* Feed /dev/random some cheesy "entropy" from various commands
and files before the disks are mounted. This gives /dev/random
a better chance of running without blocking early.
* Move the reseeding with previously stored entropy to the point
immediately after the disks are mounted.
* Make the harvesting script a little safer in regards to the
possibility of accidentally overwriting something other
than a regular file.
it can be used to reseed at boot time. This will greatly increase
the chances that there will be sufficient entropy available at
boot time to prevent long delays.
For /etc/rc, remove the vmstat and iostat runs from the attempt
to provide some cheesy randomness if the files fail, since
those programs are dynamically linked, and ldd seems to want
some randomness to do its magic.
Guidance and parameters for this project were provided by
Mark Murray, based on the requirements of the Yarrow
algorithm. Some helpful suggestions for implementation
(including the tip about iostat and vmstat) were provided
by Sheldon Hearn. All blame for problems or mistakes is
mine of course.
PADI packet contains a NULL service. This is apparently the desired
behaviour in this case, though we only allow advertising one
service. You could run multiple pppoeds to advertise multiple services.
files. Mostly -I${.CURDIR} was needed -- especially for YACC generated
files as the new cpp does not look in the ultimate source file
(ie, the .y file)'s directory as told by the "#line" directive. Some were
misspellings of "-I${.CURDIR}" as "-I.".
The function's callers generate the error message when appropriate.
This eliminates the message ``Undefined symbol "__register_frame_info"''
which was bogusly returned by dlerror() in some cases.
with telnetd. This should really be done with a positive filter - i.e.
only allow through a configured list of variables.
Also do some buffer-safety cleanups while I'm here - I don't think these
are exploitable.
not allocate a pty(4) so it is not suitable at all for interactive
PAM modules. rlogind calls login(1) which is already PAM enabled.
Approved by: markm
used not to be necessary).
o Allow ``-n ngdebug'' to specify something to pass to NgSetDebug()
and redirect NgSetDebug() output to syslog(8) in daemon() mode.
o Xref ng_ether(8) and NgSetDebug(4).
o Correct the type of the response passed to NgRecvData.
Update documentation to reflect new option. Also fix documentation
style and add missing references.
PR: 21268
Submitted by: "Aleksandr A. Babaylov" <babolo@links.ru>
Reviewed by: imp
function, thus allowing a debugger or other trace tool
to easily grab the addresses of the needed structures
off the stack.
This change is transparent to gdb, which locates the
link_map list and transfers it to debugger memory
for comparison purposes.
A sample program will be committed showing how this can
be used.
Reviewed by: John Polstra <jdp@FreeBSD.org>
Beyond changes to the build system, this includes fixing up the sample
freebsd.mc configuration for changes in defaults and syntax, removing
outdated documentation, and updating the release notes.
has set pwok to a non-zero value.
Previously, the fact that skey.access(5) allowed UNIX passwords for
this connection attempt was ignored, even in the NOPAM case.
This only addresses the NOPAM case; when libpam is used, the problem
will persist.
PR: 20333
Formerly the init functions were called in the opposite of the
order in which libraries were loaded, and libraries were loaded
according to a breadth-first traversal of the dependency graph.
That ordering came from SVR4.0, and it was easy to implement but
not always sensible.
Now we do a depth-first walk over the dependency graph and call
the init functions in an order such that each shared object's needed
objects are initialized before the shared object itself. At the
same time we build a list of finalization (fini) functions in the
opposite order, to guarantee correct C++ destructor ordering whenever
possible. (It may not be possible if dlopen and dlclose are used
in strange ways, but we come as close as one can come.)
The need for this renovation has become apparent as more programs
have started using multithreading. The multithreaded C library
libc_r requires initialization, whereas the standard libc does not.
Since virtually every other object depends on the C library, it is
important that it get initialized first.
lock against themselves, causing infinite spinning. Brian Feldman
found this problem when testing with Mozilla and supplied the fix,
which I have revised slightly.
Here is the failure scenario. A thread calls dlopen() and acquires
the writer lock. While the thread still holds the lock, a signal
is delivered and caught. The signal handler tries to call a function
which hasn't been bound yet. It thus enters the dynamic linker
and tries to acquire the reader lock. Since the writer lock is
already held, it will spin forever in the signal handler. The
thread holding the lock won't be able to progress and release the
lock.
The solution is to block almost all signals while holding the
exclusive lock.
A similar problem could conceivably occur in the opposite order.
Namely, a thread is holding the reader lock and then a signal
handler calls dlopen() or dlclose() and spins waiting for the writer
lock. We deal with this administratively by proclaiming that signal
handlers aren't allowed to call dlopen() or dlclose(). Actually
we don't have to proclaim a thing, since signal handlers aren't
allowed to call any system functions except those which are explicitly
permitted.
Submitted by: Brian Fundakowski Feldman <green>
and for all (I hope). Packages such as wine, JDK, and linuxthreads
should no longer have any problems with re-entering the dynamic
linker.
This commit replaces the locking used in the dynamic linker with a
new spinlock-based reader/writer lock implementation. Brian
Fundakowski Feldman <green> argued for this from the very beginning,
but it took me a long time to come around to his point of view.
Spinlocks are the only kinds of locks that work with all thread
packages. But on uniprocessor systems they can be inefficient,
because while a contender for the lock is spinning the holder of the
lock cannot make any progress toward releasing it. To alleviate
this disadvantage I have borrowed a trick from Sleepycat's Berkeley
DB implementation. When spinning for a lock, the requester does a
nanosleep() call for 1 usec. each time around the loop. This will
generally yield the CPU to other threads, allowing the lock holder
to finish its business and release the lock. I chose 1 usec. as the
minimum sleep which would with reasonable certainty not be rounded
down to 0.
The formerly machine-independent file "lockdflt.c" has been moved
into the architecture-specific subdirectories by repository copy.
It now contains the machine-dependent spinlocking code. For the
spinlocks I used the very nifty "simple, non-scalable reader-preference
lock" which I found at
<http://www.cs.rochester.edu/u/scott/synchronization/pseudocode/rw.html>
on all CPUs except the 80386 (the specific CPU model, not the
architecture). The 80386 CPU doesn't support the necessary "cmpxchg"
instruction, so on that CPU a simple exclusive test-and-set lock
is used instead. 80386 CPUs are detected at initialization time by
trying to execute "cmpxchg" and catching the resulting SIGILL
signal.
To reduce contention for the locks, I have revamped a couple of
key data structures, permitting all common operations to be done
under non-exclusive (reader) locking. The only operations that
require exclusive locking now are the rare intrusive operations
such as dlopen() and dlclose().
The dllockinit() interface is now deprecated. It still exists,
but only as a do-nothing stub. I plan to remove it as soon as is
reasonably possible. (From the very beginning it was clearly
labeled as experimental and subject to change.) As far as I know,
only the linuxthreads port uses dllockinit(). This interface turned
out to have several problems. As one example, when the dynamic
linker called a client-supplied locking function, that function
sometimes needed lazy binding, causing re-entry into the dynamic
linker and a big looping mess. And in any case, it turned out to be
too burdensome to require threads packages to register themselves
with the dynamic linker.
"ld-elf.so.1.old". The dynamic linker is a critical component of
the system, and it is difficult to recover if it is damaged and
there isn't a working backup available. For instance, parts of
the toolchain such as the assembler are dynamically linked, making
it impossible to build a new dynamic linker if the installed one
doesn't work.
DWARF2 exception tables emitted by the compiler for C++ sources.
These tables are tightly packed, and they contain some relocated
addresses which are not well-aligned.
really used in bsd.man.mk).
Don't uselessly set MANSRC ("." is in the path by default, and there are
no ordering problems).
Fixed some other style bugs.
interface, and statically link them to the programs using them.
These functions, upon reflection and discussion, are too generically
named for a library interface with such specific functionality.
Also the api that they use, whilst ok for private use, isn't good
enough for a libc function.
Additionally there were complications with the build/install-world
process. It depends heavily upon xinstall, which got broken by
the change in api, and caused bootstrap problems and general mayhem.
There is work in progress to address future problems that may be
caused by changes in install-chain tools, and better names for
{g|s}etflags can be derived when some future program requires them.
For now the code has been left in src/lib/libc/gen (it started off
in src/bin/ls).
It's important to provide library functions for manipulating file
flag strings if we ever want this interface to be adopted outside
of the source tree, but now isn't necessarily the right moment
with 4.0-release just around the corner.
Approved: jkh
When hostname is not set, ftpd core dumps, because there is no
NULL check for freeing name resolving information for its own
hostname.
So the check is added.
Approved by: jkh
Some of rcmd related function is need to be updated to
support IPv6. Some of them are already updated as standard
document. But there is also several de-facto functions and
they are not listed in standard documents.
They are,
iruserok() (used by rlogind, rshd)
ruserok() (used by kerberos, etc)
KAME package updated those functions in original way.
iruserok_af()
ruserok_af()
But recently there was discussion on IETF IPng mailing
list about how to sync those API, and it is decided,
-Those function is not standard and not documented.
-But let BSDs sync their API as de-facto.
And after some discussion, it is announced that
-add update to iruserok() as iruserok_sa()
-no ruserok() API change(it is only updated internaly)
So I sync those API before 4.0 is released.
The changes are,
-prototype changes
-ruserok() internal update (use iruserok_sa() inside)
-removal of ruserok_af()
-change iruserok_af() as static functioin, and also prefix the name with __.
-add iruserok_sa() (Just call __iruserok_af() inside)
-adding flag AI_ALL to getipnodebyaddr() called from __icheckhost().
This is necessary to support IPv4 communication via AF_INET6 socket
could be correctly authenticated via iruserok_sa()
-irusreok_af() call is replaced to iruserok_sa() call
in rlogind, and rshd.
Approved by: jkh
figure out which shared object(s) contain the the locking methods
and fully bind those objects as if they had been loaded with
LD_BIND_NOW=1. The goal is to keep the locking methods from
requiring any lazy binding. Otherwise infinite recursion occurs
in _rtld_bind.
This fixes the infinite recursion problem in the linuxthreads port.
just a few of them. This looks like it solves the recent
ld-elf.so.1: assert failed: /usr/src/libexec/rtld-elf/lockdflt.c:55
failures seen by some applications such as JDK.
init and fini functions. Now the code is very careful to hold no
locks when calling these functions. Thus the dynamic linker cannot
be re-entered with a lock already held.
Remove the tolerance for recursive locking that I added in revision
1.2 of dllockinit.c. Recursive locking shouldn't happen any more.
Mozilla and JDK users: I'd appreciate confirmation that things still
work right (or at least the same) with these changes.
. add Xrs to hosts.equiv(5), auth.conf(5), services(5) to some pages
. sort Xrs in SEE ALSO sections
Patches based on PR: docs/15680
Submitted by: Christian Weisgerber <naddy@mips.rhein-neckar.de>
locking functions. If an application loads a shared object with
dlopen() and the shared object has an init function which requires
lazy binding, then _rtld_bind is called when the thread is already
inside the dynamic linker. This leads to a recursive acquisition
of the lock, which I was not expecting -- hence the assert failure.
This work-around makes the default locking functions handle recursive
locking. It is NOT the correct fix -- that should be implemented
at the generic locking level rather than in the default locking
functions. I will implement the correct fix in a future commit.
Since the dllockinit() interface will likely need to change, warn
about that in both the man page and the header file.
functions to be used by the dynamic linker. This can be called by
threads packages at start-up time. I will add the call to libc_r
soon.
Also add a default locking method that is used up until dllockinit()
is called. The default method works by blocking SIGVTALRM, SIGPROF,
and SIGALRM in critical sections. It is based on the observation
that most user-space threads packages implement thread preemption
with one of these signals (usually SIGVTALRM).
The dynamic linker has never been reentrant, but it became less
reentrant in revision 1.34 of "src/libexec/rtld-elf/rtld.c".
Starting with that revision, multiple threads each doing lazy
binding could interfere with each other. The usual symptom was
that a symbol was falsely reported as undefined at start-up time.
It was rare but not unseen. This commit fixes it.
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design). libcrypt has
been adjusted to not need the runtime -lmd. It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.
assumption that only getty processes can be managed. Describe the
SysV-like ability to keep arbitrary long-running processes alive
using a non-device first field in /etc/ttys.
PR: 12767
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
bptypes.h originally defined int32 to be of type long. This obviously
doesn't work on the Alpha. By defining int32 (and u_int32) in terms of
int32_t (and u_int32_t) it now is what it says it should be.
Two occurrences of 'unsigned int32' have been changed to 'u_int32' for
consistency.
Submitted by: Wilko Bulte <wilko@yedi.iaf.nl>
libjava peeks into the dynamic linker's private Obj_Entry structures.
My recent changes introduced some new members near the front of
the structures, causing libjava to get the wrong fields. This commit
moves the new members toward the end of the structure so that the
layout of the portion that is relevant to JDK remains the same as
before.
I will work with the JDK porting team to see if we can come up with
a less fragile way for them to do what they need to do. I understand
the current approach was necessary in order to work around some
limitations of the dynamic linker. Maybe it's not necessary any
more.
PT_INTERP program header entry, to ensure that gdb always finds
the right dynamic linker.
Use obj->relocbase to simplify a few calculations where appropriate.
loaded separately by dlopen that have global symbols with identical
names. Viewing each dlopened object as a DAG which is linked by its
DT_NEEDED entries in the dynamic table, the search order is as
follows:
* If the referencing object was linked with -Bsymbolic, search it
internally.
* Search all dlopened DAGs containing the referencing object.
* Search all objects loaded at program start up.
* Search all objects which were dlopened() using the RTLD_GLOBAL
flag (which is now supported too).
The search terminates as soon as a strong definition is found.
Lacking that, the first weak definition is used.
These rules match those of Solaris, as best I could determine them
from its vague manual pages and the results of experiments I performed.
PR: misc/12438