4780 Commits

Author SHA1 Message Date
Mark Murray
397fa72521 Add some new utility authenticators.
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.

pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
2001-06-04 18:44:47 +00:00
Brian Somers
f987e1bd0f Add BSD-style copyright headers
Approved by: Charles Mott <cmott@scientech.com>
2001-06-04 15:09:51 +00:00
Brian Somers
888b1a7aa5 Change to a standard BSD-style copyright
Approved by:	Atsushi Murai <amurai@spec.co.jp>
2001-06-04 14:52:17 +00:00
Daniel Eischen
fcd70a7565 Properly initialize a temporary FILE that is allocated off the stack.
The change to reuse _up from FILE (to allow FILE to grow without changing
size) overlooked FILE being allocated off the stack.

Approved by:	sobomax
2001-06-04 12:36:07 +00:00
Thomas Moestl
e04a7c4ae5 Change this to support the new way swap device information is exported
via sysctl, and clean up some style and (size_t != int) issues.
2001-06-01 22:57:07 +00:00
Kris Kennaway
93a8551831 Fix another unprotected instance of chdir() by extending the
fts_safe_changedir() function and using that instead for both of the
chdir()s.

Partially submitted by:	Todd Miller <millert@OpenBSD.org>, bde
2001-06-01 21:53:50 +00:00
Ian Dowse
a8634a0009 Copy the sockaddr from the netbuf data area, not from the netbuf
data pointer. This bug has been here since the ti-rpc import; it
apparently broke the clnt_control CLGET_SVC_ADDR options.

PR:		misc/27813
Submitted by:	Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
2001-06-01 15:20:45 +00:00
Ruslan Ermilov
0b381bf1fd Remove vestiges of MFS. 2001-06-01 10:07:28 +00:00
Gregory Neil Shapiro
1259dd85eb Correct the documentation for snprintf() and vsprintf() which actually
return the number of characters that would have been in the new string.

Obtained from:	OpenBSD
MFC after:	3 days
2001-05-30 23:47:14 +00:00
Kris Kennaway
fdeb0156dd When doing the chdir("..") in the !FTS_NOCHDIR case, stat() after we get
there and compare the inode and device numbers to the values we remember,
to guard against the directory having been moved around in the meantime.

Reported by:	Nick Cleaton <nick@cleaton.net>
2001-05-30 20:35:44 +00:00
Ruslan Ermilov
79ec1c507a Add an integer field to keep protocol-specific flags with links.
For FTP control connection, keep the CRLF end-of-line termination
status in there.

Fixed the bug when the first FTP command in a session was ignored.

PR:		24048
MFC after:	1 week
2001-05-30 14:24:35 +00:00
Søren Schmidt
e4f333695d Dont free a hard code array.
PR 20569
2001-05-30 07:51:56 +00:00
Mike Smith
a5af32a054 Correct the returned UDP datagram length. See the PR for a more comprehensive
description of the fix.

PR:		misc/25503
Submitted by:	Jim Browne <jbrowne@jbrowne.com>
MFC after:	1 week
2001-05-28 22:27:06 +00:00
Mike Smith
dc46262eaa The shortest valid TFTP packet is 4 bytes, not 8.
PR:		misc/25503
Submitted by:	Jim Browne <jbrowne@jbrowne.com>
MFC after:	1 week
2001-05-28 22:25:44 +00:00
Dag-Erling Smørgrav
6a0cf64bce Implement a HTTP_USER_AGENT environment variable.
PR:		27669
Submitted by:	Eoin Lawless <eoin@maths.tcd.ie>
2001-05-27 11:00:36 +00:00
Dag-Erling Smørgrav
06b533d32c Document the authentication callback interface.
Update RFC references (should have done that ages ago...)
2001-05-26 19:38:34 +00:00
Dag-Erling Smørgrav
7ec6a14ea8 Bump major number. 2001-05-26 19:37:26 +00:00
Dag-Erling Smørgrav
6490b215b3 Add rudimentary support for an authentication callback function. 2001-05-26 19:37:15 +00:00
Dag-Erling Smørgrav
2b26f942d3 MAXPATHLEN -> PATH_MAX 2001-05-26 19:36:49 +00:00
Dag-Erling Smørgrav
b554dea773 Plug memory leak.
PR:		27506
2001-05-26 17:23:38 +00:00
Ruslan Ermilov
8a8402d3a5 - sys/n[tw]fs moved to sys/fs/n[tw]fs
- /usr/include/n[tw]fs moved to /usr/include/fs/n[tw]fs
2001-05-26 11:57:45 +00:00
Eric Melville
2de2196026 Add warnings about trusting user-supplied data.
Reviewed by:	ru
Approved by:	murray
Obtained from:	OpenBSD
2001-05-25 20:42:40 +00:00
Robert Watson
b1fc0ec1a7 o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
  pcred->pc_uidinfo, which was associated with the real uid, only rename
  it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
  corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
  original macro that pointed.
  p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
  p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
  cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
  cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
  we figure out locking and optimizations; generally speaking, this
  means moving to a structure like this:
        newcred = crdup(oldcred);
        ...
        p->p_ucred = newcred;
        crfree(oldcred);
  It's not race-free, but better than nothing.  There are also races
  in sys_process.c, all inter-process authorization, fork, exec, and
  exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
  remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
  use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
  pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
  allocation.
o Clean up ktrcanset() to take into account changes, and move to using
  suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
  calls to better document current behavior.  In a couple of places,
  current behavior is a little questionable and we need to check
  POSIX.1 to make sure it's "right".  More commenting work still
  remains to be done.
o Update credential management calls, such as crfree(), to take into
  account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
      change_euid()
      change_egid()
      change_ruid()
      change_rgid()
      change_svuid()
      change_svgid()
  In each case, the call now acts on a credential not a process, and as
  such no longer requires more complicated process locking/etc.  They
  now assume the caller will do any necessary allocation of an
  exclusive credential reference.  Each is commented to document its
  reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
  and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
  questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
  processes and pcreds.  Note that this authorization, as well as
  CANSIGIO(), needs to be updated to use the p_cansignal() and
  p_cansched() centralized authorization routines, as they currently
  do not take into account some desirable restrictions that are handled
  by the centralized routines, as well as being inconsistent with other
  similar authorization instances.
o Update libkvm to take these changes into account.

Obtained from:	TrustedBSD Project
Reviewed by:	green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 16:59:11 +00:00
Mark Murray
4448b21cc6 Add the "auth_as_self" option to the pam_unix module (there is no
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
2001-05-24 18:35:52 +00:00
David E. O'Brien
5864b79cd2 Make the rcsid and FreeBSD IDs more sane in the wcs* and wmem* files.
Do the same for the non-wcs*/wmem* files while I'm here.
2001-05-24 08:47:42 +00:00
Matthew Dillon
ac8f990bde This patch implements O_DIRECT about 80% of the way. It takes a patchset
Tor created a while ago, removes the raw I/O piece (that has cache coherency
problems), and adds a buffer cache / VM freeing piece.

Essentially this patch causes O_DIRECT I/O to not be left in the cache, but
does not prevent it from going through the cache, hence the 80%.  For
the last 20% we need a method by which the I/O can be issued directly to
buffer supplied by the user process and bypass the buffer cache entirely,
but still maintain cache coherency.

I also have the code working under -stable but the changes made to sys/file.h
may not be MFCable, so an MFC is not on the table yet.

Submitted by:	tegge, dillon
2001-05-24 07:22:27 +00:00
Dag-Erling Smørgrav
ea63a39cef Add some error codes that were added in RFC2616. 2001-05-23 18:52:02 +00:00
Jim Pirzyk
d825ca42c9 Changed the clnt_perror string in yp_all because it was saying the
error came from yp_next

PR:	bin/13254
Submitted by:	Jim Pirzyk
Reviewed by:	jkh
MFC after: 1 week
2001-05-23 15:37:10 +00:00
Ruslan Ermilov
6ad10804f7 Rename (after a repo-copy) some mount(8) programs:
mount_fdesc -> mount_fdescfs
mount_null -> mount_nullfs
mount_portal -> mount_portalfs
mount_umap -> mount_umapfs
mount_union -> mount_unionfs
2001-05-23 14:58:19 +00:00
Ruslan Ermilov
d4aac95ca2 Fix the range of the returned value.
PR:		docs/27446
Submitted by:	Tadayuki OKADA <tadayuki@mediaone.net>
2001-05-23 12:37:50 +00:00
Hajimu UMEMOTO
1022dd3dcc Correct error message of an example.
Obtained from:	KAME
2001-05-21 10:05:36 +00:00
Jason Evans
c024882f08 Add a test for PR 24345. 2001-05-20 23:12:13 +00:00
Jason Evans
b39e7e33f1 Update the verify script. 2001-05-20 23:11:54 +00:00
Jason Evans
745b431dc6 Don't define _REENTRANT, since the Makefile does so. 2001-05-20 23:11:09 +00:00
Jason Evans
dd2d9a766b Fix a typo. 2001-05-20 23:10:30 +00:00
Jason Evans
6699b0c6fe Instead of using a join queue for each thread, use a single pointer to
keep track of a joiner.  POSIX only supports a single joiner, so this
simplification is acceptable.

At the same time, make sure to mark a joined thread as detached so that
its resources can be freed.

Reviewed by:	deischen
PR:		24345
2001-05-20 23:08:33 +00:00
Ruslan Ermilov
5ead33c50f Removed -I${.CURDIR}/../../sys from CFLAGS. 2001-05-20 12:45:53 +00:00
Archie Cobbs
88c1867f5c Document ECONNREFUSED.
Submitted by:	Richard Hodges <rh@matriplex.com>
2001-05-20 00:12:06 +00:00
Maxim Sobolev
a8e00009c5 Use CONS_GETINFO ioctl to get geometry of the current text mode instead of
TIOCGWINSZ. The former is more correct in this context.
2001-05-19 17:05:52 +00:00
David E. O'Brien
05f0d9ffd6 Remove these libs that are the same .so version as the ones in
5-CURRENT.  These libs will not be used [sitting in /usr/lib/compat] as
the -current ones in /usr/lib will be found first by ld-elf.so.1.
2001-05-19 05:54:11 +00:00
David E. O'Brien
f24457ab3d Remove these libs that are the samed .so version as the ones in
5-CURRENT.  These libs will not be used [sitting in /usr/lib/compat] as
the -current ones in /usr/lib will be found first by ld-elf.so.1.
2001-05-19 05:53:50 +00:00
David E. O'Brien
48a6cb0316 Update the AXP compat4x dist to the 4.3-FreeBSD libs.
There were some security issues fixed between 4.2 -> 4.3.
2001-05-19 01:32:36 +00:00
David E. O'Brien
3620eb66f3 Update the i386 compat4x dist to the FreeBSD 4.3 libs.
There were some security issues fixed between 4.2 -> 4.3.
2001-05-19 01:20:02 +00:00
Ian Dowse
a9d09e93db The function clnt_dg_call(), which is used for UDP RPC calls, could
accidentally clobber the server address if a stray packet arrived
at the client port. This would result in any further retransmits
going to the wrong address.

For now, fix this by not saving the source address of the reply; this
matches the pre-tirpc behaviour.
2001-05-18 19:43:18 +00:00
Ruslan Ermilov
3ab9a9d0e0 Removed -I${.CURDIR}/.../sys from CFLAGS. 2001-05-18 13:41:42 +00:00
Ruslan Ermilov
108b08b24e Fixed typo in the description.
PR:		docs/27411
Submitted by:	David Wimsey <dwimsey@rtci.com>
2001-05-18 06:56:03 +00:00
David E. O'Brien
708b042526 Sort. 2001-05-18 05:05:50 +00:00
David E. O'Brien
078ae588ab Add the "prompt" and "passwd_prompt" fields to /etc/login.conf,
which makes lgoin more like getty in its ability to be configured.

Submitted by:	tlambert (code only)
2001-05-18 04:55:16 +00:00
David E. O'Brien
4402efc314 Use the correct FreeBSD definitions for wint_t and wchar_t. 2001-05-18 00:41:27 +00:00
Jason Evans
ffc19644c0 Condition variable waiters are queued in descending priority order, so
there is no need to wake all waiters to assure that the highest priority
thread is run.  As the semaphore code is written, there was no correctness
problem, but the change improves sem_post() performance.

Pointed out by:	deischen
2001-05-18 00:36:05 +00:00