Objected to by: Andre Oppermann <oppermann@pipeline.ch>
After Andre's objection, I've re-examined rfc 2759 and noted that it
says that the domain name shouldn't be used when generating the
NT-Response field. So it looks like the bug is in freeradius rather
than in ppp.
This removes a bad latency problem during initial setup where we
end up waiting for too long before reading the connected message
and time the connection out.
Problem figured out by: Andre Albsmeier <andre@albsmeier.net>
In -STABLE, this is default, in -CURRENT it is not, which leads to many a
headache for a user coming to -CURRENT without remembering this fact. It
is one of the POLA violations we have not avoided by preparing the users
for it appopriately. Therefore, a warnx(3) is added here, explicitly to
be MFC'd shortly to start the re-education process rolling.
Reviewed by: General murmurs of approval in that IRC channel.
MFC after: 3 days
mainly so the compiler can correctly do printf-style parameter checking.
Some minor improvements to a few of the error messages, but the main
goal here is to get rid of a few more compile-time warning messages.
MFC after: 5 days
Change -l -> -L to match OpenBSD (since we haven't MFC'd it yet).
-l will now list stations that are associated with a hostap (preliminary)
MFC After: 2 weeks
is appropriate to avoid using typeof/__typeof__. It is worth noting that
SWAP() is only ever used to swap pointer values so 'void *' assumptions would
have been acceptable, but I'd gladly pay you tuesday for a cheeseburger^W
cleaner interface today.
Poked into submission by: bde
have native extended attributes rather than stacked extended attributes.
While I'm at it, make sure UFS_EXTATTR is not spelt FFS_EXTATTR.
Sponsored by: DARPA, NAI Labs
Obtained from: TrustedBSD Project
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.
Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.
While we're here, don't bother passing the peer challenge into
radius_Authenticate(). It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).
This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
visible change should be that more than one queue can now be specified,
if one uses the '-msg' parameter to separate the list of queues from the
status message to set.
The previous implementation of 'down' remains available as the command
'xdown', available for instant fallback if there seems to be anything
wrong with the new one. If no one reports a problem after a few weeks,
then a later update will remove 'xdown'.
Reviewed by: freebsd-print@bostonradio.org
MFC after: 10 days
change the status message of a print queue. This includes some minor
changes to the upstat() routine, so that error messages are not printed
while seteuid(priv-user).
Reviewed by: freebsd-audit and freebsd-print@bostonradio.org
MFC after: 10 days
was removed from the kernel;
Advertise the prefix with zero lifetimes rather than to remove the prefix
from the prefix list to be advertised.
This will help renumber a receiving host by deprecating the address
derived from the old prefix.
Obtained from: KAME
MFC after: 2 weeks
'restart', 'start', 'stop' and 'up'. These are commands which mainly
just alter the access bits on the lock-file of a queue, and they all
now use a central routine to do that. This reduces the amount of code
that is run as the priv userid, and eliminates a number of cases where
error messages were written while that priv uid was in effect.
As far as users are concerned, there should be no noticable difference
in the new versions. In case there *is*, the previous implementations
are still there as 'xabort', 'xenable', etc, so they are available for
instant fallback. If no one reports a problem after a few weeks, then
a later update will remove those x-commands.
Reviewed by: freebsd-audit and freebsd-print@bostonradio.org
MFC after: 10 days
RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS
messages, and remove the hack in chap.c to ignore that ident field
on the client side.
This anomoly was hacked around during development, and I forgot to
go back and fix it properly.
Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
RAD_MICROSOFT_MS_MPPE_RECV_KEY
RAD_MICROSOFT_MS_MPPE_SEND_KEY
These attributes may be supplied by a RADIUS server when MSCHAPv2 is
used to authenticate.
It *should* now be possible to build ppp with -DNODES and still support
CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet
smart enough to do that (building with -DNODES just looses these
facilities).
Sponsored by: Monzoon
hatching the idea of using dc, and Giorgos (keramida) for incubating it.
This also reverses most of the previous commit which took out or
modified the text about umask stuff.
are installing.
* Since this means that for now we can't accomodate non-standard
umask's, warn the user accordingly.
* Convert the "press enter to continue" prompt into a function.
of them to keep better track of which-is-which (multiple variables were
named 'pid'). Moved a global pid-variable into the only routine that
used it. Net result: fixes two compile-time warnings...
MFC after: 2 weeks
actually does work. Ignore errors from kldload(2) if the errno value is
EEXIST. It would help if this return value were documented in the
kldload(2) manual page.
one can set the 'noError' variable to ignore any errors that occur for the
next command. However, the code was only unsetting 'noError' when an error
actually occurred, so if you set 'noError', the next command completed ok,
and the command after that failed, the second command's failure would be
ignored. This fixes this by performing the 'noError' check earlier and
then unsetting 'noError' after every command that is run.
Sponsored by: The Weather Channel
sufficient.
In fact, using both breaks the radiator RADIUS daemon when used with
a db as it maps both attributes to the same field value and then
fails the insert.
I decided to remove RAD_NAS_IP_ADDRESS on the basis that rfc2138 says:
An Access-Request MUST contain a User-Name attribute. It SHOULD
contain either a NAS-IP-Address attribute or NAS-Identifier
attribute (or both, although that is not recommended). It MUST
despite the fact that this not recommended bit was removed from the
updated rfc.
