58364 Commits

Author SHA1 Message Date
ache
8a3f432b98 Use SSIZE_MAX instead of INT_MAX, as kernel does ssize_t check
Better explanation comment of FIXME section
2001-03-27 01:16:44 +00:00
obrien
f14a467f59 Add ttyd0 which is needed on the Alpha when using the fix-it CDROM
over a serial console.
2001-03-27 01:06:58 +00:00
rwatson
00f5ebabee o Update copyright date
o Revise description in light of commits over last month including:
  - ACL editing library is now implemented
  - ACLs are now implemented

Obtained from:	TrustedBSD Project
2001-03-26 19:55:35 +00:00
sos
47e63f32ef Added burncd to the SEE ALSO section.
Idea by: "Akinori MUSHA" <knu@iDaemons.org>
2001-03-26 19:49:39 +00:00
ache
5b94e50e9a Treat mmap() error as fatal too, i.e. do exit(1) instead of return 2001-03-26 19:36:27 +00:00
wosch
36ca6097d1 Adjust FreeBSD 4.3 release date.
Approved by: jkh
2001-03-26 19:35:14 +00:00
ache
f087b10f53 rlines() checks:
1) really check for size overflow by checking negative value.
2) since mmap() not support files over INT_MAX size, add check for it
until either mmap() will be fixed or tail will be rewritted to handle
large files alternatively.
3) replace fseek(... file_size, SEEK_SET) with fseek(... 0L, SEEK_END)
to avoid off_t -> long cast
4) Use exit() if file is too big instead of warning and wrong logic
afterwards.
2001-03-26 19:29:49 +00:00
bmah
91cc89dd77 New release notes: netstat -W, sockstat -c and -l, FFS/EXT2FS security
fixes (FreeBSD-SA-01:30).

Reorder netstat(1) notes to be adjacent.
2001-03-26 18:04:53 +00:00
rwatson
737ae0941e Introduce support for POSIX.1e ACLs on UFS-based file systems. This
implementation is still experimental, and while fairly broadly tested,
is not yet intended for production use.  Support for POSIX.1e ACLs on
UFS will not be MFC'd to RELENG_4.

This implementation works by providing implementations of VOP_[GS]ETACL()
for FFS, as well as modifying the appropriate access control and file
creation routines.  In this implementation, ACLs are backed into extended
attributes; the base ACL (owner, group, other) permissions remain in the
inode for performance and compatibility reasons, so only the extended and
default ACLs are placed in extended attributes.  The logic for ACL
evaluation is provided by the fs-independent kern/kern_acl.c.

o Introduce UFS_ACL, a compile-time configuration option that enables
  support for ACLs on FFS (and potentially other UFS-based file systems).
o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which
  respectively get, set, and check the ACLs on the passed vnode.
o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to
  maintain access control information between inode permissions and
  extended attribute data.
o Modify ufs_access() to load a file access ACL and invoke
  vaccess_acl_posix1e() if ACLs are available on the file system
o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly
  created directories and files, inheriting from the parent directory's
  default ACL.
o Enable these new vnode operations and conditionally compiled code
  paths if UFS_ACL is defined.

A few notes:

o This implementation is fairly widely tested, but still should be
  considered experimental.
o Currently, ACLs are not exported via NFS, instead, the summarizing
  file mode/etc from the inode is.  This results in conservative
  protection behavior, similar to the behavior of ACL-nonaware programs
  acting locally.
o It is possible that underlying binary data formats associated with
  this implementation may change.  Consumers of the implementation
  should expect to find their local configuration obsoleted in the
  next few months, resulting in possible loss of ACL data during an
  upgrade.
o The extended attributes interface and implementation is still
  undergoing modification to address portable interface concerns, as
  well as performance.
o Many applications do not yet correctly handle ACLs.  In general,
  due to the POSIX.1e ACL model, behavior of ACL-unaware applications
  will be conservative with respects to file protection; some caution
  is recommended.
o Instructions for configuring and maintaining ACLs on UFS will be
  committed in the near future; in the mean time it is possible to
  reference the README included in the last UFS ACL distribution
  placed in the TrustedBSD web site:

      http://www.TrustedBSD.org/downloads/

Substantial debugging, hardware, travel, or connectivity support for this
project was provided by: BSDi, Safeport Network Services, and NAI Labs.
Significant coding contributions were made by Chris Faulhaber.  Additional
support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.

Reviewed by:	jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs
Obtained from:	TrustedBSD Project
2001-03-26 17:53:19 +00:00
fenner
50542906d3 Fix error reporting of delayed send errors. 2001-03-26 16:18:01 +00:00
ru
ffbd5f978d secure/ build fixes:
- TELNETOBJDIR is gone.  `buildworld' already installs libtelnet.a
  in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
  New LIBSSH is introduced for libssh.a (an internal static lib).
  Previously, build without prior `obj' was broken; SSH modules
  always looked for libssh.a in ${.OBJDIR}.  Also, the dependancies
  on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
  /usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by:	markm

- MAN[1-9] -> MAN.
2001-03-26 14:53:33 +00:00
ru
0c5874752b Backout botched attempt to introduce MANSECT feature; it
doesn't work in "developer" mode (single module checkout).
2001-03-26 14:47:21 +00:00
ru
afd506414e - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:42:20 +00:00
ru
86642a4ab4 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
ru
45d92a4319 - Backout botched attempt to intoduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:22:12 +00:00
ru
543d496983 Do not build (and install) both secure/ and standard versions
of libtelnet, telnetd, and telnet.  This only worked because
secure/ was listed late in SUBDIR in Makefile.inc1.

Reviewed by:	markm
2001-03-26 12:49:05 +00:00
ru
f2a28122a4 Add missing NOSECURE check for `includes' target.
Reviewed by:	markm
2001-03-26 12:46:17 +00:00
bp
d38c3464d1 Previous commit broke interlock locking for !LK_RETRY case. 2001-03-26 12:45:35 +00:00
phk
c47745e977 Send the remains (such as I have located) of "block major numbers" to
the bit-bucket.
2001-03-26 12:41:29 +00:00
sobomax
a95c2d8529 Decapitalise first letter of warning message. 2001-03-26 09:57:26 +00:00
sobomax
3f3b8eccfc In which(1) mode resolve "/../", "/./" in arguments and PLIST contents. This
is done without realpath() to avoid symlinks resolving.

Submitted by:	sobomax, Garrett Rooney <rooneg@electricjellyfish.net>
2001-03-26 09:31:41 +00:00
imp
f828dc3f2f First step towards plugging the "pccard is trying to map into a BIOS
region for CIS reading" problem:

Use bus_alloc_resource to get the memory that we'll be using.  Also
has the benefit of doing usage checking as well.  This gets rid of the
ugly kludge that we had before for mapping pmem to vmem.

Second, move PIOCSRESOURCE to its own routine and make it conform more
to style(9) in the process.
2001-03-26 08:05:20 +00:00
ru
67e856d53e Removed _MANPAGES, MANDEPEND and MANSRC.
Added MAN which will eventually replace MAN[0-9] and MAN1aout.
For now, the old syntax is still supported.

Reviewed by:	bde
2001-03-26 08:04:11 +00:00
ru
a7ce644c9b Do not depend on ``all-man'' if -DNOMAN. 2001-03-26 07:46:57 +00:00
ru
06e5712a05 Don't use MANDEPEND and MANSRC. 2001-03-26 07:28:26 +00:00
bp
9aefd18cc8 Prevent race condition by using msleep() instead of mtx_unlock()/tsleep().
Reviewed by:	alfred
2001-03-26 03:10:07 +00:00
jkh
a9337488a5 Stop claiming to support the DEC EtherWorks II/III cards.
PR:             misc/18641
2001-03-26 01:32:29 +00:00
alfred
2393aaf764 fix: text following `#else' violates ANSI standard
Pointed out by: ${BDECFLAGS}
2001-03-26 00:35:23 +00:00
alfred
c5d3e9426c Don't call daemon() and setup our signal handlers until after we check
and do the unregister/reregister work.

Don't call syslog in the unregister/reregister code as we haven't called
openlog() yet.

Be a more conservative about accepting errno values from socket(2),
only EPROTONOSUPPORT means that the kernel isn't supporting it
something like INET6.  The other possible errnos would be returned
if there was a mistake in the socket(2) call so remove them from the
list of "acceptable" return values.
2001-03-25 23:32:55 +00:00
alfred
20ed2193f0 Disable ipv6 when getnetconfigent("udp6"/"tcp6") fails.
Submitted by: Martin Blapp <mb@imp.ch>
2001-03-25 23:28:03 +00:00
obrien
c7987ad371 Turn off building the ARC loader. I don't know of anyone currently working
on advancing this WIP.
2001-03-25 23:07:44 +00:00
cg
da985f2067 fix whitespace bogons 2001-03-25 21:43:24 +00:00
brian
56ef9e4cd8 Issue a ``quit'' after other ppp commands given on the command line and
then wait for the connection to be closed by the peer.

This means that commands such as ``pppctl ... show links'' will
display the correct output again (rather than truncating it depending
on how much data arrived in the last packet).
2001-03-25 20:06:08 +00:00
alfred
2009fd4382 Replace pmap_unset() with rpcb_unset() which fixes the unregistering.
Submitted by: Martin Blapp <mb@imp.ch>
2001-03-25 19:59:07 +00:00
alfred
57d69411fc Deal with lack of IPv6 support gracefully.
Submitted by: Martin Blapp <mb@imp.ch>
2001-03-25 19:57:58 +00:00
alfred
f6ff30b00b fix -o port=xxx 2001-03-25 19:18:43 +00:00
cg
6f7cfa9511 release resources if one of the speculative probes in opti_detect() fails,
otherwise resource_list_alloc panics when opti_detect tries its next probe.
2001-03-25 19:09:06 +00:00
cg
631f456c95 the softc is not a mutex, don't try to lock it.
Submitted by:		George Reid <greid@ukug.uk.freebsd.org>
2001-03-25 18:56:48 +00:00
obrien
6b0b960db5 Update for file 3.34. 2001-03-25 18:38:47 +00:00
obrien
a9b672f4fd This commit was generated by cvs2svn to compensate for changes in r74784,
which included commits to RCS files with non-trunk default branches.
2001-03-25 18:37:04 +00:00
obrien
fd87285c4e Virgin import of Christos Zoulas's FILE 3.34. 2001-03-25 18:37:04 +00:00
scottl
1ce565e86b Bah. 'ln -sf' -> 'ln -fs'. I need to read my email more closely in the
mornings.

Pointy hat again Obtained from:	roam@orbitel.org
2001-03-25 15:51:43 +00:00
scottl
912034d72b 'ln -s' -> 'ln -sf' for the afa link.
Pointy hat Obtained from:	roam@orbitel.bg
2001-03-25 14:11:55 +00:00
brian
8636c82fbe Make header files conform to style(9).
Reviewed by (*): bde

(*) alias_local.h only got a cursory glance.
2001-03-25 12:05:10 +00:00
dirk
9fbad51d2a Fix .Xr sd -> da. 2001-03-25 11:57:25 +00:00
brian
92b5e926cb Identify obsolete ports 2001-03-25 11:35:22 +00:00
joerg
8b1bec9066 (MFC candidate since this is already a merge from /sys/net only.)
Merge rev's 1.65 and 1.66 from sys/net/if_spppsubr.c (implement the
`restart' option, and fix a blatant bug with PAP authentication).

The i4b implementation of this file should be merged back, but for now,
we need this here as well.

Reviewed by:	gj
2001-03-25 09:59:23 +00:00
joerg
28ec9af948 This is another MFC candidate.
Fix a serious bug in sppp where anyone could obtain a successful PAP
authentication by supplying a null password.  I've only stumpled across
the PR while browsing for all sppp-related PRs.

Should we also file a security advisory for this?

PR:		21592
Submitted by:	<dli@3bc.de> Dirk Liebke
2001-03-25 09:53:07 +00:00
peter
d8e320c72c Remove some unused stuff 2001-03-25 07:21:04 +00:00
markm
31c0e6340c I need to add to the previous commit:
Tested by:	dougb
2001-03-25 07:02:11 +00:00