Objected to by: Andre Oppermann <oppermann@pipeline.ch>
After Andre's objection, I've re-examined rfc 2759 and noted that it
says that the domain name shouldn't be used when generating the
NT-Response field. So it looks like the bug is in freeradius rather
than in ppp.
This removes a bad latency problem during initial setup where we
end up waiting for too long before reading the connected message
and time the connection out.
Problem figured out by: Andre Albsmeier <andre@albsmeier.net>
In -STABLE, this is default, in -CURRENT it is not, which leads to many a
headache for a user coming to -CURRENT without remembering this fact. It
is one of the POLA violations we have not avoided by preparing the users
for it appopriately. Therefore, a warnx(3) is added here, explicitly to
be MFC'd shortly to start the re-education process rolling.
Reviewed by: General murmurs of approval in that IRC channel.
MFC after: 3 days
mainly so the compiler can correctly do printf-style parameter checking.
Some minor improvements to a few of the error messages, but the main
goal here is to get rid of a few more compile-time warning messages.
MFC after: 5 days
Change -l -> -L to match OpenBSD (since we haven't MFC'd it yet).
-l will now list stations that are associated with a hostap (preliminary)
MFC After: 2 weeks
is appropriate to avoid using typeof/__typeof__. It is worth noting that
SWAP() is only ever used to swap pointer values so 'void *' assumptions would
have been acceptable, but I'd gladly pay you tuesday for a cheeseburger^W
cleaner interface today.
Poked into submission by: bde
have native extended attributes rather than stacked extended attributes.
While I'm at it, make sure UFS_EXTATTR is not spelt FFS_EXTATTR.
Sponsored by: DARPA, NAI Labs
Obtained from: TrustedBSD Project
filesystem expands the inode to 256 bytes to make space for 64-bit
block pointers. It also adds a file-creation time field, an ability
to use jumbo blocks per inode to allow extent like pointer density,
and space for extended attributes (up to twice the filesystem block
size worth of attributes, e.g., on a 16K filesystem, there is space
for 32K of attributes). UFS2 fully supports and runs existing UFS1
filesystems. New filesystems built using newfs can be built in either
UFS1 or UFS2 format using the -O option. In this commit UFS1 is
the default format, so if you want to build UFS2 format filesystems,
you must specify -O 2. This default will be changed to UFS2 when
UFS2 proves itself to be stable. In this commit the boot code for
reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c)
as there is insufficient space in the boot block. Once the size of the
boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE.
The header file <ufs/ufs/dinode.h> must be included before
<ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and
ufs_lbn_t.
Still TODO:
Verify that the first level bootstraps work for all the architectures.
Convert the utility ffsinfo to understand UFS2 and test growfs.
Add support for the extended attribute storage. Update soft updates
to ensure integrity of extended attribute storage. Switch the
current extended attribute interfaces to use the extended attribute
storage. Add the extent like functionality (framework is there,
but is currently never used).
Sponsored by: DARPA & NAI Labs.
Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.
Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.
While we're here, don't bother passing the peer challenge into
radius_Authenticate(). It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).
This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
visible change should be that more than one queue can now be specified,
if one uses the '-msg' parameter to separate the list of queues from the
status message to set.
The previous implementation of 'down' remains available as the command
'xdown', available for instant fallback if there seems to be anything
wrong with the new one. If no one reports a problem after a few weeks,
then a later update will remove 'xdown'.
Reviewed by: freebsd-print@bostonradio.org
MFC after: 10 days
change the status message of a print queue. This includes some minor
changes to the upstat() routine, so that error messages are not printed
while seteuid(priv-user).
Reviewed by: freebsd-audit and freebsd-print@bostonradio.org
MFC after: 10 days
was removed from the kernel;
Advertise the prefix with zero lifetimes rather than to remove the prefix
from the prefix list to be advertised.
This will help renumber a receiving host by deprecating the address
derived from the old prefix.
Obtained from: KAME
MFC after: 2 weeks
'restart', 'start', 'stop' and 'up'. These are commands which mainly
just alter the access bits on the lock-file of a queue, and they all
now use a central routine to do that. This reduces the amount of code
that is run as the priv userid, and eliminates a number of cases where
error messages were written while that priv uid was in effect.
As far as users are concerned, there should be no noticable difference
in the new versions. In case there *is*, the previous implementations
are still there as 'xabort', 'xenable', etc, so they are available for
instant fallback. If no one reports a problem after a few weeks, then
a later update will remove those x-commands.
Reviewed by: freebsd-audit and freebsd-print@bostonradio.org
MFC after: 10 days
RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS
messages, and remove the hack in chap.c to ignore that ident field
on the client side.
This anomoly was hacked around during development, and I forgot to
go back and fix it properly.
Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
RAD_MICROSOFT_MS_MPPE_RECV_KEY
RAD_MICROSOFT_MS_MPPE_SEND_KEY
These attributes may be supplied by a RADIUS server when MSCHAPv2 is
used to authenticate.
It *should* now be possible to build ppp with -DNODES and still support
CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet
smart enough to do that (building with -DNODES just looses these
facilities).
Sponsored by: Monzoon
hatching the idea of using dc, and Giorgos (keramida) for incubating it.
This also reverses most of the previous commit which took out or
modified the text about umask stuff.
are installing.
* Since this means that for now we can't accomodate non-standard
umask's, warn the user accordingly.
* Convert the "press enter to continue" prompt into a function.
of them to keep better track of which-is-which (multiple variables were
named 'pid'). Moved a global pid-variable into the only routine that
used it. Net result: fixes two compile-time warnings...
MFC after: 2 weeks
actually does work. Ignore errors from kldload(2) if the errno value is
EEXIST. It would help if this return value were documented in the
kldload(2) manual page.
one can set the 'noError' variable to ignore any errors that occur for the
next command. However, the code was only unsetting 'noError' when an error
actually occurred, so if you set 'noError', the next command completed ok,
and the command after that failed, the second command's failure would be
ignored. This fixes this by performing the 'noError' check earlier and
then unsetting 'noError' after every command that is run.
Sponsored by: The Weather Channel
sufficient.
In fact, using both breaks the radiator RADIUS daemon when used with
a db as it maps both attributes to the same field value and then
fails the insert.
I decided to remove RAD_NAS_IP_ADDRESS on the basis that rfc2138 says:
An Access-Request MUST contain a User-Name attribute. It SHOULD
contain either a NAS-IP-Address attribute or NAS-Identifier
attribute (or both, although that is not recommended). It MUST
despite the fact that this not recommended bit was removed from the
updated rfc.
we weren't properly checking for the case that the two version strings
being compared had different numbers of components. This has been
fixed.
Pointed out by: sobomax
Reviewed by: silence on -ports
temporarily turn off the nonInteractive variable around the DHCP and IPv6
Yes/No questions in a network device setup so that those questions are
asked.
use and has been broken in -CURRENT for a long time.
Clean up unneeded entries in the nlist array.
Implement kvm-backed ttymode (which we never had before). Incomplete as we
do not (yet?) print the correct device, sid or pgid.
Sponsored by: DARPA, NAI Labs
line as an environment variable assignment, is broken
and not conformant to its description in the manual page.
I think it is worthwhile to have that fix in 4.6.
PR: bin/38374
Submitted by: Thomas Quinot <thomas@cuivre.fr.eu.org>
MFC after: 2 days
`/2' with `>>1'. In the context `>>1' is more appropriate
because it looks like the division is used to restore a
shifted value.
GCC GNATS PR: c/6677
This fixes a problem where wheel-up movement is taken as wheel-down
in the sysmouse protocol.
Do not assume the plain char's are signed; use `signed char' where
char's need to be signed.
Discussed on: audit
Pointed out by: bde
configured).
Handle internal failures in radius_Authenticate() correctly.
Bump the ppp version number.
This doesn't yet work with MPPE. More will follow.
Sponsored by: Mozoon
/etc/exports. Oversized lines were unlikely due to the large 10k
limit, but any found would cause mountd to exit with an error. Also
fix one or two compiler warnings.
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.
When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
to the SESSIONID from the environment in direct mode or the
NGM_PPPOE_SESSIONID message in other modes. If no SESSIONID is found,
default to the interface index in client mode or zero in server mode.
When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
of the physical device (ie, the N in /dev/i4brbchN).
This makes it easier for the RADIUS server to identify the client
WRT accounting data etc.
Prompted by: lsz8425 <lsz8425@mail.cd.hn.cn>
just send PROTO_IP packets when we've got only one link up in multi-link
mode.
Problem noted by: Adrian Close <adrian@fernhilltec.com.au>
MFC after: 1 week
o Minor grammar fixes.
o Sort SEE ALSO references, and add iostat(8).
o Delete punctuation at end of AUTHORS' section only line
Reviewed by: rwatson, Hiten Pandya <hiten@uk.FreeBSD.org>
include all package files into resulting tarball.
PR: 34007
Submitted by: olgeni
While I here:
- Remove bogus comment;
- ensure that we return the proper exit code in the case of -b failure.
MFC after: 5 days
#include route.h before iso88025.h, and we have to dereference
the trld_route array correctly. (NOTE: I'm not altogether sure
that this is really the correct way to traverse this array. This
just eliminates the build warning/error. It may not work right at
runtime, and I have no way to test it since I lack the necessary
hardware.)
Broken by: kbyanc, who gets to wear the pointy hat
works on ATAPI drives only.
PR: kern/35512 (a part of)
Submitted by: Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
Reviewed by: -hackers
MFC after: 1 month
using new `@comment DEPORIGIN:...' directive. This would allow us to make
many neat things including:
- easier binary upgrades;
- source upgrades without using external tools by simply extending
bsd.port.mk and pkg_install tools;
- mixed-mode upgrades (source + binary);
- depreciate and deorbit silly +REQUIRED_BY files in the near future.
This feature is no-op until appropriate bsd.port.mk patch is committed, and
even when it is already committed packages generated will remain 100%
compatible with old set of pkg_install tools (module all those neat
features, of course).
MFC after: 6 days
directory, because this prevent this option from being used from the
package-depends target of bsd.port.mk since it creates such empty dir
during its normal operation.
MFC after: 6 days