Commit Graph

7904 Commits

Author SHA1 Message Date
ngie
224e90af33 Replace N #defines with nitems to simplify ifconfig code slightly
MFC after: 1 week
2015-09-27 07:51:18 +00:00
bdrewery
54ea4abf6e Add SUBDIR_PARALLEL.
MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-09-26 01:28:50 +00:00
bdrewery
e29e60475b Remove disconnected directories.
These were added disconnected in 2005 in r145524.

Sponsored by:	EMC / Isilon Storage Division
2015-09-26 01:24:35 +00:00
bdrewery
459799dc3d META_MODE: Remove DEP_MACHINE from Makefile.depend files.
This has not been needed since r246865 in projects/bmake.

Sponsored by:	EMC / Isilon Storage Division
2015-09-25 19:44:01 +00:00
bdrewery
f37faa57f7 META_MODE: Remove DEP_RELDIR from Makefile.depend files.
This has not been needed since r284171 in projects/bmake.

Sponsored by:	EMC / Isilon Storage Division
2015-09-25 19:26:08 +00:00
phk
97cc39b53e Fix two cases where "const" were washed off pointers with strchr(3) 2015-09-25 07:37:00 +00:00
rstone
24d3763284 Fix /sbin/route to never look up (invalid) interface names through DNS
/sbin/route has a bug where if it is passed an interface name that does
not exist, it falls through and winds up interpreting it as a hostname.
It fails out eventually, but on a system where DNS lookup is broken you
can end up waiting for up to 60 seconds waiting for the DNS lookup to
timeout.  I'm not quite sure what happens if the DNS lookup somehow
succeeds but I doubt that can end well.

Reviewed by:	markj, cem
MFC after:	2 weeks
Sponsored by:	EMC/Isilon Storage Division
2015-09-17 16:56:49 +00:00
bdrewery
bdebc05d94 Update META_MODE dependencies. 2015-09-17 05:06:34 +00:00
allanjude
6093eb3b9f Make ifconfig always exit with an error code if an important ioctl fails
PR:		203062
Arm Twisting by:	Kristof Provost
Reviewed by:	kp
Approved by:	bapt (mentor)
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Sponsored by:	vBSDCon
Differential Revision:	https://reviews.freebsd.org/D3644
2015-09-16 03:03:19 +00:00
trasz
58cf716bce Add a way to specify stripesize and stripeoffset to gnop(8). This makes
it possible to "simulate" 4K media, to eg test alignment handling.

Reviewed by:	mav@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3664
2015-09-15 18:01:59 +00:00
hrs
f39d1c8c53 - Remove #ifdef HAVE_POLL_H.
- Use nitems().

MFC after:	3 days
2015-09-10 06:40:28 +00:00
hrs
099cf5ebd0 - Remove GIF_{SEND,ACCEPT}_REVETHIP.
- Simplify EADDRNOTAVAIL and EAFNOSUPPORT conditions.

MFC after:	3 days
2015-09-10 05:59:39 +00:00
trasz
38650361d8 The dumpfs(8) utility doesn't actually use disktab(5); remove it
from "SEE ALSO".

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-09-03 11:40:47 +00:00
trasz
d120f27870 Fix markup.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-09-02 14:10:09 +00:00
trasz
c05bbe4d23 It's 2015, and some people are still trying to use fdisk and then
go asking what debug flags to set for GEOM to make it work.  Advice
them to use gpart(8) instead.

Something similar should probably done with disklabel,
but I need to rewrite the disklabel examples first.

Reviewed by:	wblock@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3315
2015-09-02 14:08:43 +00:00
kp
2a1a59d8e1 pf: Remove support for 'scrub fragment crop|drop-ovl'
The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse
users into making poor choices.
It's also a fairly large amount of complex code, so just remove the support
altogether.

Users who have 'scrub fragment crop|drop-ovl' in their pf configuration will be
implicitly converted to 'scrub fragment reassemble'.

Reviewed by:	gnn, eri
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D3466
2015-08-27 21:27:47 +00:00
araujo
f03e7b319b Code cleanup unused-but-set-variable spotted by gcc.
Approved by:	bapt (mentor)
Differential Revision:	D3475
2015-08-25 15:33:09 +00:00
araujo
9ff051aa1c Code cleanup unused-but-set-variable spotted by gcc.
Reviewed by:	melifaro
Approved by:	bapt (mentor)
Differential Revision:	D3473
2015-08-25 15:32:08 +00:00
marcel
02ffac2cca Upgrade libxo to 0.4.5.
Local changes incorporated by 0.4.5: r284340
Local changes retained: r276260, r282117

Obtained from:	https://github.com/Juniper/libxo
2015-08-24 16:26:20 +00:00
loos
498601242d Add ALTQ(9) support for the CoDel algorithm.
CoDel is a parameterless queue discipline that handles variable bandwidth
and RTT.

It can be used as the single queue discipline on an interface or as a sub
discipline of existing queue disciplines such as PRIQ, CBQ, HFSC, FAIRQ.

Differential Revision:	https://reviews.freebsd.org/D3272
Reviewd by:	rpaulo, gnn (previous version)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
2015-08-21 22:02:22 +00:00
ken
44638d924c Revamp camcontrol(8) fwdownload support and add the opcodes subcommand.
The significant changes and bugs fixed here are:

1. Fixed a bug in the progress display code:

   When the user's filename is too big, or his terminal width is too
   small, the progress code could wind up using a negative number for
   the length of the "stars" that it uses to indicate progress.

   This negative value was assigned to an unsigned variable, resulting
   in a very large positive value.

   The result is that we wound up writing garbage from memory to the
   user's terminal.

   With an 80 column terminal, a file name length of more than 35
   characters would generate this problem.

   To address this, we now set a minimum progress bar length, and
   truncate the user's file name as needed.

   This has been tested with large filenames and small terminals, and
   at least produces reasonable results.  If the terminal is too
   narrow, the progress display takes up an additional line with each
   update, but this is more user friendly than writing garbage to the
   tty.

2. SATA drives connected via a SATA controller didn't have SCSI Inquiry
   data populated in struct cam_device.  This meant that the code in
   fw_get_vendor() in fwdownload.c would try to match a zero-length
   vendor ID, and so return the first entry in the vendor table.  (Which
   used to be HITACHI.)  Fixed by grabbing identify data, passing the
   identify buffer into fw_get_vendor(), and matching against the model
   name.

3. SATA drives connected via a SAS controller do have Inquiry data
   populated.  The table included a couple of entries -- "ATA ST" and
   "ATA HDS", intended to handle Seagate and Hitachi SATA drives attached
   via a SAS controller.  SCSI to ATA translation layers use a vendor
   ID of "ATA" (which is standard), and then the model name from the ATA
   identify data as the SCSI product name when they are returning data on
   SATA disks.  The cam_strmatch code will match the first part of the
   string (because the length it is given is the length of the vendor,
   "ATA"), and return 0 (i.e. a match).  So all SATA drives attached to
   a SAS controller would be programmed using the Seagate method
   (WRITE BUFFER mode 7) of SCSI firmware downloading.

4. Issue #2 above covered up a bug in fw_download_img() -- if the
   maximum packet size in the vendor table was 0, it tried to default
   to a packet size of 32K.  But then it didn't actually succeed in
   doing that, because it set the packet size to the value that was
   in the vendor table (0).  Now that we actually have ATA attached
   drives fall use the VENDOR_ATA case, we need a reasonable default
   packet size.  So this is fixed to properly set the default packet size.

5. Add support for downloading firmware to IBM LTO drives, and add a
   firmware file validation method to make sure that the firmware
   file matches the drive type.  IBM tape drives include a Load ID and
   RU name in their vendor-specific VPD page 0x3.  Those should match
   the IDs in the header of the firmware file to insure that the
   proper firmware file is loaded.

6. This also adds a new -q option to the camcontrol fwdownload
   subcommand to suppress informational output.  When -q is used in
   combination with -y, the firmware upgrade will happen without
   prompting and without output except if an error condition occurs.

7. Re-add support for printing out SCSI inquiry information when
   asking the user to confirm that they want to download firmware, and
   add printing of ATA Identify data if it is a SATA disk.  This was
   removed in r237281 when support for flashing ATA disks was added.

8. Add a new camcontrol(8) "opcodes" subcommand, and use the
   underlying code to get recommended timeout values for drive
   firmware downloads.

   Many SCSI devices support the REPORT SUPPORTED OPERATION CODES
   command, and some support the optional timeout descriptor that
   specifies nominal and recommended timeouts for the commands
   supported by the device.

   The new camcontrol opcodes subcommand allows displaying all
   opcodes supported by a drive, information about which fields
   in a SCSI CDB are actually used by a given SCSI device, and the
   nominal and recommended timeout values for each command.

   Since firmware downloads can take a long time in some devices, and
   the time varies greatly between different types of devices, take
   advantage of the infrastructure used by the camcontrol opcodes
   subcommand to determine the best timeout to use for the WRITE
   BUFFER command in SCSI device firmware downloads.

   If the device recommends a timeout, it is likely to be more
   accurate than the default 50 second timeout used by the firmware
   download code.  If the user specifies a timeout, it will override
   the default or device recommended timeout.  If the device doesn't
   support timeout descriptors, we fall back to the default.

9. Instead of downloading firmware to SATA drives behind a SAS controller
   using WRITE BUFFER, use the SCSI ATA PASS-THROUGH command to compose
   an ATA DOWNLOAD MICROCODE command and it to the drive.  The previous
   version of this code attempted to send a SCSI WRITE BUFFER command to
   SATA drives behind a SAS controller.  Although that is part of the
   SAT-3 spec, it doesn't work with the parameters used with LSI
   controllers at least.

10.Add a new mechanism for making common ATA passthrough and
   ATA-behind-SCSI passthrough commands.

   The existing camcontrol(8) ATA command mechanism checks the device
   type on every command executed.  That works fine for individual
   commands, but is cumbersome for things like a firmware download
   that send a number of commands.

   The fwdownload code detects the device type up front, and then
   sends the appropriate commands.

11.In simulation mode (-s), if the user specifies the -v flag, print out
   the SCSI CDB or ATA registers that would be sent to the drive.  This will
   aid in debugging any firmware download issues.

sbin/camcontrol/fwdownload.c:
	Add a device type to the fw_vendor structure, so that we can
	specify different download methods for different devices from the
	same vendor.  In this case, IBM hard drives (from when they
	still made hard drives) and tape drives.

	Add a tur_status field to the fw_vendor structure so that we can
	specify whether the drive to be upgraded should be ready, not
	ready, or whether it doesn't matter.  Add the corresponding
	capability in fw_download_img().

	Add comments describing each of the vendor table fields.

	Add HGST and SmrtStor to the supported SCSI vendors list.

	In fw_get_vendor(), look at ATA identify data if we have a SATA
	device to try to identify what the drive vendor is.

	Add IBM firmware file validation.  This gets VPD page 0x3, and
	compares the Load ID and RU name in the page to the values
	included in the header.  The validation code will refuse to load
	a firmware file if the values don't match.  This does allow the
	user to attempt a downgrade; whether or not it succeeds will
	likely depend on the drive settings.

	Add a -q option, and disable all informative output
	(progress bars, etc.) when this is enabled.

	Re-add the inquiry in the confirmation dialog so the user has
	a better idea of which device he is talking to.  Add support for
	displaying ATA identify data.

	Don't automatically disable confirmation in simulation (-s) mode.
	This allows the user to see the inquiry or identify data in the
	dialog, and see exactly what they would see when the command
	actually runs.  Also, in simulation mode, if the user specifies
	the -v flag, print out the SCSI CDB or ATA registers that would
	be sent to the drive.  This will aid in debugging any firmware
	download issues.

	Add a timeout field and timeout type to the firmware download
	vendor table.  This allows specifying a default timeout and allows
	specifying whether we should attempt to probe for a recommended
	timeout from the drive.

	Add a new fuction, fw_get_timeout(), that will determine
	which timeout to use for the WRITE BUFFER command.  If the
	user specifies a timeout, we always use that.  Otherwise,
	we will use the drive recommended timeout, if available,
	and fall back to the default when a drive recommended
	timeout isn't available.

	When we prompt the user, tell him what timeout we're going
	to use, and the source of the timeout.

	Revamp the way SATA devices are handled.

	In fwdownload(), use the new get_device_type() function to
	determine what kind of device we're talking to.

	Allow firmware downloads to any SATA device, but restrict
	SCSI downloads to known devices.  (The latter is not a
	change in behavior.)

	Break out the "ready" check from fw_download_img() into a
	new subfunction, fw_check_device_ready().  This sends the
	appropriate command to the device in question -- a TEST
	UNIT READY or an IDENTIFY.  The IDENTIFY for SATA devices
 	a SAT layer is done using the SCSI ATA PASS-THROUGH
	command.

	Use the new build_ata_cmd() function to build either a SCSI or
	ATA I/O CCB to issue the DOWNLOAD MICROCODE command to SATA
	devices.  build_ata_cmd() figures looks at the devtype argument
	and fills in the correct CCB type and CDB or ATA registers.

	Revamp the vendor table to remove the previous
	vendor-specific ATA entries and use a generic ATA vendor
	placeholder.  We currently use the same method for all ATA
	drives, although we may have to add vendor-specific
	behavior once we test this with more drives.

sbin/camcontrol/progress.c:
	In progress_draw(), make barlength a signed value so that
	we can easily detect a negative value.

	If barlength (the length of the progress bar) would wind up
	negative due to a small TTY width or a large filename,
	set the bar length to the new minimum (10 stars) and
	truncate the user's filename.  We will truncate it down to
	0 characters if necessary.

	Calculate a new prefix_len variable (user's filename length)
	and use it as the precision when printing the filename.

sbin/camcontrol/camcontrol.c:
	Implement a new camcontrol(8) subcommand, "opcodes".  The
	opcodes subcommand allows displaying the entire list of
	SCSI commands supported by a device, or details on an
	individual command.  In either case, it can display
	nominal and recommended timeout values.

	Add the scsiopcodes() function, which calls the new
	scsigetopcodes() function to fetch opcode data from a
	drive.

	Add two new functions, scsiprintoneopcode() and
	scsiprintopcodes(), which print information about one
	opcode or all opcodes, respectively.

	Remove the get_disk_type() function.  It is no longer used.

	Add a new function, dev_has_vpd_page(), that fetches the
	supported INQUIRY VPD list from a device and tells the
	caller whether the requested VPD page is available.

	Add a new function, get_device_type(), that returns a more
	precise device type than the old get_disk_type() function.
	The get_disk_type() function only distinguished between
	SCSI and ATA devices, and SATA devices behind a SCSI to ATA
	translation layer were considered to be "SCSI".

	get_device_type() offers a third type, CC_DT_ATA_BEHIND_SCSI.
	We need to know this to know whether to attempt to send ATA
	passthrough commands.  If the device has the ATA
	Information VPD page (0x89), then it is an ATA device
	behind a SCSI to ATA translation layer.

	Remove the type argument from the fwdownload() subcommand.

	Add a new function, build_ata_cmd(), that will take one set
	of common arguments and build either a SCSI or ATA I/O CCB,
	depending on the device type passed in.

sbin/camcontrol/camcontrol.h:
	Add a prototype for scsigetopcodes().

	Add a new enumeration, camcontrol_devtype.

	Add prototypes for dev_has_vpd_page(), get_device_type()
	and build_ata_cmd().

	Remove the type argument from the fwdownload() subcommand.

sbin/camcontrol/camcontrol.8
	Explain that the fwdownload subcommand will use the drive
	recommended timeout if available, and that the user can
	override the timeout.

	Document the new opcodes subcommand.

	Explain that we will attempt to download firmware to any
	SATA device.

	Document supported SCSI vendors, and models tested if known.

	Explain the commands used to download firmware for the
	three different drive and controller combinations.

	Document that the -v flag in simulation mode for the fwdownload
	subcommand will print out the SCSI CDBs or ATA registers that would
	be used.

sys/cam/scsi/scsi_all.h:
	Add new bit definitions for the one opcode descriptor for
	the REPORT SUPPORTED OPCODES command.

	Add a function prototype for scsi_report_supported_opcodes().

sys/cam/scsi/scsi_all.c:
	Add a new CDB building function, scsi_report_supported_opcodes().

Sponsored by:	Spectra Logic
MFC after:	1 week
2015-08-20 16:07:51 +00:00
delphij
376f56d8e0 Use arc4random_buf(). While there, unifdef the code for HAVE_ARC4RANDOM.
MFC after:	2 weeks
2015-08-16 23:23:58 +00:00
dim
06a3ccc484 In ipfw2, avoid left-shifting negative integers, which is undefined.
While here, make some other arguments to htonl(3) unsigned too.

MFC after:	3 days
2015-08-12 21:07:57 +00:00
hiren
99dda03ed4 Make LAG LACP fast timeout tunable through IOCTL.
Differential Revision:	D3300
Submitted by:		LN Sundararajan <lakshmi.n at msystechnologies>
Reviewed by:		wblock, smh, gnn, hiren, rpokala at panasas
MFC after:		2 weeks
Sponsored by:		Panasas
2015-08-12 20:21:04 +00:00
brueffer
2dc82f9774 Fix a few mandoc warnings.
MFC after:	1 week
2015-08-12 10:34:05 +00:00
feld
c11e6697ea sbin/ipfw fix typo: info -> into
example:

DEPRECATED: inserting data into non-existent table sshguard. (auto-created)

Approved by:	bdrewery
2015-08-10 22:02:01 +00:00
pjd
f1eded629e Allow to disable BIO_DELETE passthru in fstab for swap-on-geli devices by
passing 'notrim' option.

PR:		198863
Submitted by:	Matthew D. Fuller fullermd at over-yonder dot net
2015-08-08 09:57:38 +00:00
pjd
2ae822a47d Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when
GELI is used on a SSD or inside virtual machine, so that guest can tell
host that it is no longer using some of the storage.

Enabling BIO_DELETE passthru comes with a small security consequence - an
attacker can tell how much space is being really used on encrypted device and
has less data no analyse then. This is why the -T option can be given to the
init subcommand to turn off this behaviour and -t/T options for the configure
subcommand can be used to adjust this setting later.

PR:		198863
Submitted by:	Matthew D. Fuller fullermd at over-yonder dot net

This commit also includes a fix from Fabian Keil freebsd-listen at
fabiankeil.de for 'configure' on onetime providers which is not strictly
related, but is entangled in the same code, so would cause conflicts if
separated out.
2015-08-08 09:51:38 +00:00
trasz
06d7ad38a7 Whoops, wrong flag.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-08-06 07:49:34 +00:00
trasz
041feea99f Tweak mdconfig(8) manual page, in particular revise the EXAMPLES
section.  This removes stuff that doesn't really belong there,
and simplifies examples for the basic operations.

Reviewed by:	wblock@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3198
2015-08-06 07:47:13 +00:00
delphij
247f258761 Fix a bug which could make routed(8) daemon exit by sending a special RIP
query from a remote machine, similar to SA-14:21.routed.

Submitted by:	hrs
2015-08-05 22:04:56 +00:00
melifaro
bcaee5870c Fix ipfw range deletion.
Spotted by:	ian,julian
2015-08-03 14:31:06 +00:00
gnn
526fd31fd3 Add support for keys that include 4 byte SALT values,
including GCM and ICM/CTR modes for AES.

Reviewed by:	jmg
MFC after:	1 week
Sponsored by:	Rubicon Communications (Netgate)
2015-07-31 23:40:18 +00:00
gnn
a2deec2ed0 Summary: Remove unsupported 3des-deriv encryption algorithm from documentation. 2015-07-31 17:41:53 +00:00
imp
5f3e1e3c1b Teach sysctl about the new optional suffix after IK to specify
precision. Update input as well. Add IK to the manual (it was missing
completely).

Differential Revision: https://reviews.freebsd.org/D3181
2015-07-29 02:34:25 +00:00
trasz
b634dbb0e0 Add missing SIGUSR1 description.
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2015-07-24 18:14:57 +00:00
cem
a5167194cf mount_nfs: Be more clear on nmount(2) error with errmsg unset
Differential Revision:	https://reviews.freebsd.org/D3147
Reviewed by:	rmacklem
Approved by:	markj (mentor)
MFC after:	2 weeks
Sponsored by:	EMC / Isilon Storage Division
2015-07-22 22:53:40 +00:00
jimharris
407398e138 nvmecontrol: read controller identify data before any log page operations
MFC after:	3 days
Sponsored by:	Intel
2015-07-22 16:10:29 +00:00
ae
d0ec2bec82 lseek() allows an offset to be set beyond the end of file. Using
it to check that partition has enough space to write bootcode doesn't
work. Use the known size of provider instead.

PR:		201504
MFC after:	1 week
2015-07-21 06:18:42 +00:00
gnn
1c64df87f0 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode.
PR:		194935
Submitted by:	Jim Thompson
MFC after:	2 weeks
2015-07-20 23:24:25 +00:00
trasz
99151ef476 Document suspend/resume notification in devd.conf(5).
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2015-07-18 12:24:54 +00:00
trasz
fd66ea2d92 Add CARP events description to devd.conf(5).
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2015-07-18 12:17:59 +00:00
araujo
fef08dc0c4 Fix contraction spotted by igor(1) and remove 2 .Ed spotted by mandoc(1).
Also, don't capitalize "module" and remove a redundant phrase introduced
in my previous commit.

Differential Revision:	D3112
Reviewed by:		wblock
Sponsored by:		gandi.net
2015-07-18 03:14:49 +00:00
araujo
e34b290dec Describe how to load gmultipath at boot time.
Differential Revision:	D3112
Reviewed by:		allanjude, bapt
Sponsored by:		gandi.net
2015-07-17 06:34:46 +00:00
jmg
9a743646f3 fix the docs, the number of frags per inode (NFPI) changed in r228794
to 2 from 4, but the man page didn't get updated...

other minor changes to make igor happy...

MFC after:	3 days
2015-07-15 21:35:09 +00:00
allanjude
44bd001082 Add a new option to gpart(8) to fix Lenovo BIOS boot issue
PR:		184910
Reviewed by:	ae, wblock
Approved by:	marcel
MFC after:	3 days
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3065
2015-07-15 02:23:55 +00:00
brueffer
b7efde0f3f Cleanup; mostly language with a little bit of mdoc style.
MFC after:	1 week
2015-07-14 14:01:33 +00:00
brueffer
5026cf8dae Unbreak ggatec and ggatel on i386 after r238119, which added two more
'struct g_gate_ctl_create' fields.

While the behaviour was technically undefined on other architectures
as well, on the reporter's amd64 systems the uninitialized bytes the
kernel cares about were always zero so everything worked as expected.

PR:		197309, 199559
Submitted by:	ota@j.email.ne.jp, Fabian Keil
Reviewed by:	pjd
MFC after:	1 week
2015-07-14 10:49:36 +00:00
brueffer
4ebfbfaa3f If ggated's exports_find() fails, the connection is removed before
(trying to) report the problem to the client.

sendfail() is called with an already closed socket and thus it
fails to inform the client about the problem.

Fix this by calling sendfail() before connection_remove().

PR:		195944
Submitted by:	Fabian Keil
Reviewed by:	pjd
MFC after:	1 week
2015-07-14 09:25:10 +00:00
rmacklem
46b57cf01f Since the case where secflavor < 0 indicates the security flavor is
to be negotiated, it could be a Kerberized mount. As such, filling
in the "principal" argument using the canonized host name makes sense.
If it is negotiated as AUTH_SYS, the "principal" argument is meaningless
but harmless.

Requested by:	masato@itc.naist.jp
Tested by:	masato@itc.naist.jp
PR:		201073
MFC after:	1 month
2015-07-07 23:41:25 +00:00