- Use MAP_FAILED instead of the constant -1 to indicate
failure (required by POSIX).
- Removed flag arguments of '0' (required by POSIX).
- Fixed code which expected an error return of 0.
- Fixed code which thought any address with the high bit set
was an error.
- Check for failure where no checks were present.
Discussed with: bde
going into SLIP mode, useful for scripts that can automatically
grok IP addresses ala Trumpet Winsock.
Closes PR#2293
Submitted-By: andrew@fortress.org
bogus path and FTP I/O errors much earlier, offer retry possibilities
at steps along the way so you don't have to resume from the very beginning
again on a hard error.
1. Bus mouse selection didn't show up properly in mouse menu.
2. U&G management screen didn't respect cancel properly.
3. Novice not prompted to add users or set root password during installation.
4. Username length changes screw up user management form.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
terminate(). This makes doubly sure we don't trip the SIGTERM handler
in a child process. Suggested by: phk.
- It's int main(argc, argv), not void main(argc, argv), gosh darn it.
- If a child receives a SIGTERM, it will call the terminate() function
and end up doing the shutdown procedurs that should really only be
done by the parent. Set the SIGTERM behavior back to SIG_DLT in the
child after fork()ing.
- If the parent fails to read data back from the child because the
child has exited, it will call rpc_received() with bogus tdata that
can cause the parent to SEGV. Make handle_children() detect this
condition correctly and handle it sanely.
*sigh* Another 2.2 candidate.
This has the effect of making every link a "passthrough" which means the
TCP or UDP port won't be freed after link deletion -- so there could be
eventual port exhaustion if the program were allowed to operate long
enough.
Submitted by: Charles Mott <cmott@srv.net>
to be used to expand things beyond the size of the buffer passed in. Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety. Also expand some buffers to allow for the largest possible data
that might be used.
This is a 2.2 candidate. However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.
Reviewed by: Jordan Hubbard, Peter Wemm, Guido van Rooij
- Fail YPPROC_ALL requests when we hit the child process limit. This
is a little harsh, but it helps prevent the parent from blocking
and causing other requests to time out.
yp_dnslookup.c:
- Check for duplicate RPC transaction IDs that indicate duplicate
requests sent due to RPC retransmissions. We don't want to send
a second DNS request for the same data while an existing request
is in progress.
- Fix small formatting bogon in snprintf() in yp_async_lookup_addr().
Use consistent spelling throughout.
Remove unmount in fixit_common() since that's bogus in the CDROM case and
properly "shut down" the media device instead.
- Try to have all output go through the routines in util.c [logerr(),
log_1s(), die()]
- Add *some* code in util.c to allow pccardd to run out of sysinstall.
Submitted by: Mostly me, but some by Tatsumi Hosokawa <hosokawa@jp.FreeBSD.org>
Disable saving of SCSI device parameters in userconfig saving in hopes
of working around a reported problem in the no-device case; there's no
point in saving this information here anyway.
2nd patch submitted-by: "Eric L. Hernes" <erich@lodgenet.com>
bug in syslogd which causes it to die after random amounts of time (widely
reported), this at least allows the administrator to easily restart it
without wondering why it simply exits again each time.
if wrong version.
2. Make sure network device is initialized in ftpInit
3. Eliminate bogus size values in the menus. For now, we'll have to admit
that nobody's added it up yet. In the future, these menus should be
build dynamically anyway, not declared static.
4. Add more debugging to networking code to chase the mystery ppp device
problem.
assume that the timeval will be preserved. As the man page says:
".. it is unwise to assume that the timeout value will be unmodified
by the select() call." This happens on Linux and on my system at least.
useradd -m or useradd -D -b are used.
2) Hyphen allowed in username if not first character. Fix trivial
bug in error fmt string.
3) /etc/skeykeys updating changed to do 'inplace' update, commenting
out a username rather than removing it completely.
into /etc during the sendmail build. Not for the feint hearted.
(I have been using something like this for some time since I only ever
edit my system's .mc file)
able to be exploited, or might not. However, it is better to be safe
than sorry.
Definitely a 2.2 fix, and a -stable if there is someone to commit it.
Reviewed by: Jordan Hubbard <jkh@freebsd.org>
Submitted by: Marc Slemko
- yp_main.c: Always add the resolver socket to the set of fds
monitored by select(). It can happen that pending == 0 but we
still have some data in the socket buffer from an old query.
This way, the data will be flushed in a timely manner.
- yp_extern.h: remove proto for yp_dns_pending() since we don't need
it anynmore.
- yp_server.c: call yp_async_lookup_name()/yp_async_lookup_addr()
functions with the svc_req pointer as an arg instead of the xprt.
(The svc_req struct includes a pointer to the transport handle,
and it also has the service version number which the async DNS
code will need. (see below))
- yp_dnslookup.c:
o Nuke yp_dns_pending() since we don't need it anymore.
o In yp_run_dnsq(), swallow up and ignore replies if no requests
are pending or the ID doesn't match any of the IDs in the queue.
o In yp_send_dns_reply(), we assume that we will always be
replying to an NIS v2 client. While this will probably always
be the case, we do support the v1 'match' procedure, and it
has a different result struct than v2. For completeness,
support replying to both NIS v1 and v2 clients.
o Update the queue entry structure to include a member to
keep track of the NIS version number.
o Have yp_async_lookup_name/addr() extract the version number
from the svc_req structure and save it with the queue entry
for yp_send_dns_reply() to inspect later.
o Add some comments.
- Don't dereference a NULL hostent pointer (if T_PTR lookup fails).
- Today I asked myself: "Self, you wrote this nifty async resolver
that does a great job handling delayed replies to clients using
the UDP transport, and the yplib code in libc always uses UDP
(except for yp_all()). But what if some dork makes a DNS lookup using
TCP?" Being the only dork on hand at the time, I tried it and was
enlightened. As I suspected, my transaction ID frobbing hacks cause
fireworks if called on a TCP transport handle (duh: the structures
are different). Fix: check the type of socket in xprt->xp_sock using
getsockopt() and don't use svcudp_get_xid() and svcudp_set_xid() for
anything except SOCK_DGRAM sockets. (Since accept() gives you a
new socket for each connection, the transaction ID munging isn't
needed for TCP anyway.)
- yp_dblookup.c: Create non-DB specific database access functions.
Using these allows access to the underlying database functions without
needing explicit knowledge of Berkeley DB. (These are used only
when DB_CACHE is #defined. Other programs that use the non-caching
functions (yp_mkdb, ypxfr, yppush, rpc.yppasswdd) shouldn't notice
the difference.)
- yp_dnslookup: Implement async DNS lookups. We send our own DNS
requests using UDP and put the request in a queue. When the response
arrives, we use the ID in the header to find the corresponsing queue
entry and then send the response to the client. We can go about our
business and handle other YP requests in the meantime. This way, we
can deal with time consuming DNS requests without blocking and without
forking.
- yp_server.c: Convert to using new non-DB-specific database access
functions. This simplifies the code a bit and removes the need for
this module to know anything about Berkeley DB. Also convert the
ypproc_match_2_svc() function to use the async DNS lookup routines.
- yp_main.c: tweak yp_svc_run() to add the resolver socket to the
set of descriptors monitored in the select() loop. Also add a
timeout to select(); we may get stale DNS requests stuck in the
queue which we want to invalidate after a while. If the timeout
hits, we decrement the ttl on all pending DNS requests and nuke
those requests that aren't handled before ttl hits zero.
- yp_extern.h: Add prototypes for new stuff.
- yp_svc_udp.c (new file): The async resolver code needs to be able
to rummage around inside the RPC UDP transport handle in order to
work correcty. There's basically one transport handle, and each time
a request comes in, the transaction ID in the handle is changed.
This means that if we queue a DNS request, then we handle some other
unrelated requests, we will be unable to send the DNS response because
the transaction ID and remote address of the client that made the DNS
request will have been lost. What we need to do is save the client
address and transaction ID in the queue entry for the DNS request,
then put the transaction ID and address back in the transport handle
when we're ready to reply. (And then we have to undo the change so
as not to confuse any other part of the server.) The trouble is that
the transaction ID is hidden in an opaque part of the transport handle,
and only the code in the svc_udp module in the RPC library knows how
to handle it. This file contains a couple of functions that let us
read and set the transaction ID in spite of this. This is really a
dirty trick and I should be taken out and shot for even thinking about
it, but there's no other way to get this stuff to work.
- Makefile: add yp_svc_udp.c to SRCS.
connecting to a host immediately in the foreground.
I would like to be able to run ppp from a script so that my script can be
sure that it is connected to the 'net before it continues running:
# Dial up the internet.
ppp -background myprovider || exit 1
do-some-net-command
# Hang up the modem.
kill -HUP `cat /var/run/ppp.tun0.pid`
Another problem is that the current ppp calls its process id file
`/var/run/PPP.server', which may conflict if you have more than one IP
tunnel interface available.
Closes PR#1469
Submitted by: Gord Matzigkeit <gord@enci.ucalgary.ca>
new 'aliased' packets. Note, if the original packet has a bogus cksum,
we will *NOT* re-compute the cksum, therefore the new packet will also
be wrong (but passed on).
Found by: MartinRenters@awfulhak.demon.co.uk
Reviewed by: Brian Somers <brian@awfulhak.demon.co.uk>
Submitted by: Charles Mott <cmott@srv.net>
will handle lines of any length in /etc/group.
2) Fixed bug with usermod -d not updating user's home
directory.
3) Minor formatting display changes/fixes with *show -P.
(/dev/urandom used by default under FreeBSD), and implemented a
"portable" but less secure generator for other systems.
Add display of expiry/password change dates in -P user display.
used by OpenBSD. (Quite frankly, I think it's perfectly reasonable to
use snprintf to copy strings, given that the semantics for strncpy()
are utterly idiotic and there is no POSIX sstrncpy().)
While I'm at it, incorporate some of OpenBSD's bugfixes to cron.
NOT for 2.2
version of strdup() by a macro, killed many calls to strdup(), thus
potentially wasting less malloc'ed space (their args were never be
free()ed desptie despite of being malloc'ed). Probably still a huge
memory leak at all... Also killed two totally useless variables.
I've tested it as i could, but wouldn't be surprised if unexpected
problems showed up. So watch out this space!
conservative part of the tidyup, like fixing potential buffer overflow
conditions. It is believed to be safe to go into 2.2.
Pointed out by: lozenko@cc.acnit.ac.ru (Evgeny A. Lozenko)
I went over the code.
Add shortcuts for addUser and addGroup, documenting same.
Add a password field for adduser and use no-echo string field for it.
This requires my latest libdialog changes (in RELENG_2_2 or -current) to work.
the profiling level in config and decide what to do in makefiles.
Makefile.i386:
Align functions to 16-byte boundaries if profiling is enabled. This
will allow a fourfold reduction in the size of the profiling buffers.
(otherwise ppp's behavior remains unchanged) and documented by myself,
Steve Sims, Nate Williams, Martin Renters and god-only-knows who else. :-)
Submitted by: nate
Obtained from: Charles Mott <cmott@srv.net>
1. Don't use the MSDOSFS code for accessing FreeBSD distribution data.
Use Robert Nordier's stand-alone DOS I/O library for the purpose.
It this works as well as Robert says it does, it should drastically reduce
(or even eliminate) our "I can't install from my DOS partition!" calls.
2. As a result of the above, go to stdio file descriptors for all
media types.
3. Taking advantage of #2, start using libftpio for FTP transfers instead
of maintaining our own parallel version of the FTP transfer code.
Yay! I ripped something out for a change!
#1 Submitted-By: Robert Nordier <rnordier@iafrica.com>
has always held an open file descriptor. This allowed logging to
spare virtual consoles and being able to switch to them.
My previous change removed this since all writes were done with ttymsg()
which opens it's own fd, and hence syslogd didn't need it's own fd to
send messages on... but this caused an unexpected behavior change.
This should close PR#2176
do it themselves. (Some of these programs actually depended on this
beyond compiling the definition of struct ifinfo!) Also fix up some
other #include messes while we're at it.
obvious effects are that most of the automagically chosen defaults
will now be displayed while going through the menu, and an improved
error handling thanks to the more detailed error status reporting.
2.2 fodder, but i'll leave it to Jordan's review.
sysinstall's new User&group menu will use it, hence it's a 2.2
candidate despite of providing new functionality.
Submitted by: David L. Nugent, <davidn@blaze.net.au>
bogus or overly complex and really needed to be done more consistently
and sanely throughout - no question about it. Done.
Suggested-By: Paul Traina <pst@Shockwave.COM>
which will also need to be brought in before this screen will work.
Add some commentary about how the slip startup code is bogus.
Steal Joerg's loop for more properly closing all files and graft it into
the EHS startup. My loop was functional but more bogus.
o Incorporate some of Tatsumi's bug fixes.
o Remove the xperimnt and commerce distribution items; they haven't
been actual distributions for awhile.
o Try to sanitize the device checking code a little more.
o Cosmetic work on the network code.
to keep the link up, so it re-dials whenever it detects the link go
down. This is useful for 'dedicated' links who use PPP.
It's been used for over a year w/out problems at different sites.
when I came up with this idea weren't strong enough to help me see it
through. If this was a self-contained application and I had complete
control over what data got sent through what socket and when, I might
be able to get everything to work right without blocking, but instead
I have RPC/XDR in between me and the socket layer, and they have their
own ideas about what to do.
Maybe one day I'll go totally mad and figure out the right way to do
this; in the meantime this mess goes on the back burner.
disables the ability to interactively select a new tty. I have also
removed a check for uid == 0 because it gets in the way of using suid
mode based access control. Watch (8)is only runnable by root, so this
does not really change things much.
Closes PR#2131
Submitted-By: adrian@virginia.edu
_without_ using fork().
The problem with YPPROC_ALL is that it transmits an entire map through
a TCP pipe as the result of a single RPC call. First of all, this requires
certain hackery in the XDR filter. Second, if the map being sent is
large, the server can end up spending lots of time in the XDR filter
sending to just the one client, while requests for other clients will
go unanswered.
My original solution for this was to fork() the request into a child
process which terminates after the map has been transmitted (or the
transfer is interrupted due to an error). This leaves the parent free
to handle other requests. But this solution is kind of lame: fork()
is relatively expensive, and we have to keep a cap on the number of
child processes to keep from swamping the system.
What we do now is grab control of the service transport handle and XDR
handle from the RPC library and send the records one at a time ourselves
instead of letting the RPC library do it. We send a record, then go
back to the svc_run() loop and select() on the socket. If select() says
we can still write data, we send the next record. Then we call
svc_getreqset() and handle other RPCs and loop around again. This way,
we can handle other RPCs between records.
We manage multiple YPPROC_ALL requests using a circular queue. When a
request is done, we dequeue it and destroy the handle. We also tag
each request with a ttl which is decremented whevever we run the queue
and a handle isn't serviced. This lets us nuke requests that have sat
idle for too long (if we didn't do this, we might run out of socket
descriptors.)
Now all I have to do is come up with an async resolver, and ypserv
won't need to fork() at all. :)
Note: these changes should not go into 2.2 unless they get a very
throrough shakedown before the final cutoff date.
number of mail messages sent per run was lowered from 2 to 1. Why? Well,
some numbers just give you the warm fuzzies, like zero and one. Zero isn't
much use here, so I picked my all time favourite, one.
ttymsg() insists on them not being there.
Also, since ttymsg() opens the tty "on demand", don't keep an fd open
ourselves. This would interfere with HUPCL etc.
This should close PR#2103 from <xaa@stack.nl>
Fenner was kind enough to point out the error of my ways. This incorporates
diffs from him which:
- Keep everything in network order.
- Log the booted ether & ip address, instead of my address on that net
- change several exit()'s to return()'s, so that rarpd continues running
even if it thinks it's in a weird state.
One small tweak by me: in rarp_bootable(), we have to make sure to
construct 'ipname' in host byte order (if we don't, we have to
specify /tftpboot/<remote IP in hex> with <remote IP in hex> in
network byte order, which is confusing).
Also restored use of <dirent.h> rather than <sys/dir.h> as pointed
out by bde.
Also updated the man page so that the -v flag is documented.
With any luck, I won't have to touch this thing again.
- It no longer attempts to fiddle wall-vs-UTC-in-RTC. The results
were just confusing most of the time.
- The program no longer contains a pre-compiled list of timezones
(compiled by groveling through the tzdata source files for comments
starting with `ZONE-DESCR'). Now it uses the new `zone.tab' file
supplied with current versions of the timezone data files, to determine
the list at run time. (It also requires the ISO 3166 table I
committed some months ago.)
AS A RESULT, this program will NOT work until the new timezone data files
are committed (should happen sometime soon).
This includes the following changes:
- Support for poking ARP entries into the local table is now built
in, so the arptab.c module I hacked together is no longer needed.
- rarp_process() and rarp_reply() now accept a len argument which is
passed down from rarp_loop() which tells rarp_reply() exactly how
long the original RARP frame was. (Usually, it's 60 bytes, which is
the minimum.) Previously, the length was calculated using the sum
of sizeof(struct ether_header) + sizeof(struct ether_arp) (plus the
ethernet frame header, I think). The result was a total packet
length of 42 bytes. Now, rarp_reply() sends out packets that are
the same size as those it recieves (60 bytes). This agrees with the
behavior of rarpd on SunOS (as observed with tcpdump). The unused
extra bytes are zeroed.
the races in my previous commits here, and fix some other problems with
syslogd as well.
- if the child process exited early (eg: could not bind to the socket),
the boot process would hang for 30 seconds. The parent was not noticing
that the child had exited. (my fault)
- when writing to tty devices, instead of treating them like files that
need \r\n instead of \n, actually use ttymsg() which has specific code
intended to write to potentially blocking ttys safely. I had a machine
lock up last night because /dev/console on a serial port got flow control
blocked. Setting comcontrol drainwait fixed everything but syslogd which
was going into a spin trying to write to the console and completely
ignoreing everything else.
- fix a couple of nonsensical bits of code while here.. eg: wait3 takes
a pointer to an int. There is no sense in declaring it as 'union wait',
then casting the pointer to (int *), then forgetting about it.
Add printing of PCI header type register. (This makes the output
80 columns wide. Ughh. I'm looking for a better way to put the
information on one line ...)
and set the B and S variables here, but I forgot to actually add them to
the master.passwd and hosts.* targets. In other words, they weren't being
passed to yp_mkdb as needed.
This needs to go into 2.2; it doesn't break things a lot, but it leaves
your master.passwd maps available to unprivileged users without you
realizing it.
clear channel. This change was originally put in for freefall, and is
completely irrelevant given that freefaill defines the generic SMTP
service to use the smtp8 mailer (which is standard mechanism.)
[The original patch violated RFC-821.]
Apply to: 2.2 (please)
endian-ness fix, Router Alert options on IGMP messages, and a
new keyword, "advert_metric", for fine-tuning tunnel metrics.
This also includes a new mtrace, which is also unreleased but
builds significantly on the experiences of users' troubles with
using and understanding mtrace in release 3.8 .
(unreleased does not, of course, mean untested!)
This is a candidate for both 2.2 and 2.1.6 .
Submitted by: Archie Cobbs (Archie@whistle.com)
Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
the main menu.
2. Conditionalized a few small things which needed it.
3. Put PC98 X servers in their own menu, there are so many of them now.
4. Rampaged on the menus.c file in general, reformatting and cleaning up.
Not all mappings are supported, most languages come only with one
encoding since this should be sufficient to get up & running in using
sysinstall, and we are already pretty tight on space. (My previous
commit has already bumped the boot MFS size by another 50 KB for
this.)
This feature requires the `kbdcontrol -L' i've just committed. Plain
text keymaps and the entire scanner are overkill for sysinstall.
Also updated the list of available keymaps while i was at it.
Reviewed by: jkh
. Don't gzip the crunched binary by now; it just fits, and execution is
a lot faster this way (it's truly demand-paged again).
. Add more(1), ft(8), protocols(5), a stripped down services(5).
. Improve the .profile, and make sysinstall actually use it again.
Still no go for a 4 MB configuration though. :-(
but make a second attempt using MNT_FORCE, just in case it has been
unclean from a previous crash. That's dangerous, but far better than
keeping the despaired user standing in the rain...
(Experienced admins can still fsck it then, and remount. Others will
either totally crash, or incidentally succeed, without much further
help possible...)
Btw., mount(2) misses the description of MNT_FORCE for the mount
syscall.
Some changes of my own to make screen saver configuration a little
more sane, and also make it easier to get to the keyboard/screen
setup from the options menu.
- `slstat' with no args dumped core.
- `slstat unit' always failed with a "sysctl linkspecific" error.
- the usage message was nonstandard.
Fixed old bugs:
- missing prototypes, Wformat errors, and other lint.
place (sysinstall.h) when packages change rev.
Change the way that the routing daemon is configured entirely, to
placate Joerg. Also auto-load gated if it's specified, while we're at it.
Off by one in verify allowed one to march one byte off the end of
wd.wd_hostname if wd.wd_hostname had no NUL characters in it.
strncpy of myname into mywd used the source buffer's length, rather
than the dest.
violate disk quotas, has more robust locking, is still being developed,
etc. The main changes merged in were the ability to not fsync() the
mailbox, not do biff/comsat broadcasts, man page fixes.
From NetBSD via OpenBSD to fix NetBSD PR #506
More descriptive message for printer status
(OpenBSD: 1.2)
Various warnings cleaned up (OpenBSD: 1.4)
lpc/lpc.c:
Various warnings cleaned up (OpenBSD: 1.3)
lpd/lpd.c:
Remove trailing blank lines (OpenBSD: 1.2)
Potential umask problem with creating /dev/printer
(OpenBSD: 1.4 and 1.5)
Ftp bounce attack (untested on FreeBSD)
(OpenBSD: 1.6, 1.8, 1.9)
Fencepost in strncpy
(OpenBSD: 1.6)
lpd/printjob.c:
Fix from freebsd for waiting for an exiting filter, that
appears not in the FreeBSD CVS tree.
(OpenBSD: 1.6)
lpd/recvjob.c:
Buffer overflow protection: use strncpy rather than strcpy.
(OpenBSD: 1.3)
lpr/lpr.c:
NetBSD change of return type for main()
(OpenBSD: 1.2)
Restrict time running as root
(OpenBSD: 1.7)
Use getcwd rather than getwd (from NetBSD)
Use snprintf rather than sprintf
(OpenBSD: 1.8)
Minor tweak to end of loop and buffer overflow sanity. card()
overflow already in FreeBSD
(OpenBSD: 1.9)
lptest/lptest.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.2)
pac/pac.c:
void -> int return type of main, from NetBSD via OpenBSD
(OpenBSD: 1.3)
Obtained from: OpenBSD
buffer which could be made to lead to a root shell. This patch is
OpenBSD's solution to the problem, and will silently truncate the
output rather than overflow the buffer.
Obtained from: OpenBSD
any maps that may have them. If the YP_SECURE key is present, ypserv
will only allow access to the map from clients on reserved ports.
If the YP_INTERDOMAIN key is present, the server will do DNS lookups
for hostnames that it can't find in hosts.byname or hosts.byaddr.
This is the same as the -d flag (which is retained for backwards
compatibility) but it can be set on a per-map/per-domain basis.
Also modified /var/yp/Makefile to add YP_INTERDOMAIN to the hosts.*
maps and YP_SECURE to master.passwd.* maps by default.
map databases. Also document said flags in the man page.
Adding YP_INTERDOMAIN to a map causes ypserv(8) to do a DNS lookup
when a yp_match() on the map fails. (This affects only the hosts.by*
maps; for all other maps it's ignored.) The YP_SECURE entry causes
ypserv(8) to restrict access to the map so that only clients making
requests from reserved ports can get at it.
Our ypserv doesn't currently support these features so they're silently
ignored for the moment, but this will change. :)