able to be exploited, or might not. However, it is better to be safe
than sorry.
Definitely a 2.2 fix, and a -stable if there is someone to commit it.
Reviewed by: Jordan Hubbard <jkh@freebsd.org>
Submitted by: Marc Slemko
- yp_main.c: Always add the resolver socket to the set of fds
monitored by select(). It can happen that pending == 0 but we
still have some data in the socket buffer from an old query.
This way, the data will be flushed in a timely manner.
- yp_extern.h: remove proto for yp_dns_pending() since we don't need
it anynmore.
- yp_server.c: call yp_async_lookup_name()/yp_async_lookup_addr()
functions with the svc_req pointer as an arg instead of the xprt.
(The svc_req struct includes a pointer to the transport handle,
and it also has the service version number which the async DNS
code will need. (see below))
- yp_dnslookup.c:
o Nuke yp_dns_pending() since we don't need it anymore.
o In yp_run_dnsq(), swallow up and ignore replies if no requests
are pending or the ID doesn't match any of the IDs in the queue.
o In yp_send_dns_reply(), we assume that we will always be
replying to an NIS v2 client. While this will probably always
be the case, we do support the v1 'match' procedure, and it
has a different result struct than v2. For completeness,
support replying to both NIS v1 and v2 clients.
o Update the queue entry structure to include a member to
keep track of the NIS version number.
o Have yp_async_lookup_name/addr() extract the version number
from the svc_req structure and save it with the queue entry
for yp_send_dns_reply() to inspect later.
o Add some comments.
- Don't dereference a NULL hostent pointer (if T_PTR lookup fails).
- Today I asked myself: "Self, you wrote this nifty async resolver
that does a great job handling delayed replies to clients using
the UDP transport, and the yplib code in libc always uses UDP
(except for yp_all()). But what if some dork makes a DNS lookup using
TCP?" Being the only dork on hand at the time, I tried it and was
enlightened. As I suspected, my transaction ID frobbing hacks cause
fireworks if called on a TCP transport handle (duh: the structures
are different). Fix: check the type of socket in xprt->xp_sock using
getsockopt() and don't use svcudp_get_xid() and svcudp_set_xid() for
anything except SOCK_DGRAM sockets. (Since accept() gives you a
new socket for each connection, the transaction ID munging isn't
needed for TCP anyway.)
- yp_dblookup.c: Create non-DB specific database access functions.
Using these allows access to the underlying database functions without
needing explicit knowledge of Berkeley DB. (These are used only
when DB_CACHE is #defined. Other programs that use the non-caching
functions (yp_mkdb, ypxfr, yppush, rpc.yppasswdd) shouldn't notice
the difference.)
- yp_dnslookup: Implement async DNS lookups. We send our own DNS
requests using UDP and put the request in a queue. When the response
arrives, we use the ID in the header to find the corresponsing queue
entry and then send the response to the client. We can go about our
business and handle other YP requests in the meantime. This way, we
can deal with time consuming DNS requests without blocking and without
forking.
- yp_server.c: Convert to using new non-DB-specific database access
functions. This simplifies the code a bit and removes the need for
this module to know anything about Berkeley DB. Also convert the
ypproc_match_2_svc() function to use the async DNS lookup routines.
- yp_main.c: tweak yp_svc_run() to add the resolver socket to the
set of descriptors monitored in the select() loop. Also add a
timeout to select(); we may get stale DNS requests stuck in the
queue which we want to invalidate after a while. If the timeout
hits, we decrement the ttl on all pending DNS requests and nuke
those requests that aren't handled before ttl hits zero.
- yp_extern.h: Add prototypes for new stuff.
- yp_svc_udp.c (new file): The async resolver code needs to be able
to rummage around inside the RPC UDP transport handle in order to
work correcty. There's basically one transport handle, and each time
a request comes in, the transaction ID in the handle is changed.
This means that if we queue a DNS request, then we handle some other
unrelated requests, we will be unable to send the DNS response because
the transaction ID and remote address of the client that made the DNS
request will have been lost. What we need to do is save the client
address and transaction ID in the queue entry for the DNS request,
then put the transaction ID and address back in the transport handle
when we're ready to reply. (And then we have to undo the change so
as not to confuse any other part of the server.) The trouble is that
the transaction ID is hidden in an opaque part of the transport handle,
and only the code in the svc_udp module in the RPC library knows how
to handle it. This file contains a couple of functions that let us
read and set the transaction ID in spite of this. This is really a
dirty trick and I should be taken out and shot for even thinking about
it, but there's no other way to get this stuff to work.
- Makefile: add yp_svc_udp.c to SRCS.
connecting to a host immediately in the foreground.
I would like to be able to run ppp from a script so that my script can be
sure that it is connected to the 'net before it continues running:
# Dial up the internet.
ppp -background myprovider || exit 1
do-some-net-command
# Hang up the modem.
kill -HUP `cat /var/run/ppp.tun0.pid`
Another problem is that the current ppp calls its process id file
`/var/run/PPP.server', which may conflict if you have more than one IP
tunnel interface available.
Closes PR#1469
Submitted by: Gord Matzigkeit <gord@enci.ucalgary.ca>
new 'aliased' packets. Note, if the original packet has a bogus cksum,
we will *NOT* re-compute the cksum, therefore the new packet will also
be wrong (but passed on).
Found by: MartinRenters@awfulhak.demon.co.uk
Reviewed by: Brian Somers <brian@awfulhak.demon.co.uk>
Submitted by: Charles Mott <cmott@srv.net>
will handle lines of any length in /etc/group.
2) Fixed bug with usermod -d not updating user's home
directory.
3) Minor formatting display changes/fixes with *show -P.
(/dev/urandom used by default under FreeBSD), and implemented a
"portable" but less secure generator for other systems.
Add display of expiry/password change dates in -P user display.
used by OpenBSD. (Quite frankly, I think it's perfectly reasonable to
use snprintf to copy strings, given that the semantics for strncpy()
are utterly idiotic and there is no POSIX sstrncpy().)
While I'm at it, incorporate some of OpenBSD's bugfixes to cron.
NOT for 2.2
version of strdup() by a macro, killed many calls to strdup(), thus
potentially wasting less malloc'ed space (their args were never be
free()ed desptie despite of being malloc'ed). Probably still a huge
memory leak at all... Also killed two totally useless variables.
I've tested it as i could, but wouldn't be surprised if unexpected
problems showed up. So watch out this space!
conservative part of the tidyup, like fixing potential buffer overflow
conditions. It is believed to be safe to go into 2.2.
Pointed out by: lozenko@cc.acnit.ac.ru (Evgeny A. Lozenko)
I went over the code.
Add shortcuts for addUser and addGroup, documenting same.
Add a password field for adduser and use no-echo string field for it.
This requires my latest libdialog changes (in RELENG_2_2 or -current) to work.
the profiling level in config and decide what to do in makefiles.
Makefile.i386:
Align functions to 16-byte boundaries if profiling is enabled. This
will allow a fourfold reduction in the size of the profiling buffers.
(otherwise ppp's behavior remains unchanged) and documented by myself,
Steve Sims, Nate Williams, Martin Renters and god-only-knows who else. :-)
Submitted by: nate
Obtained from: Charles Mott <cmott@srv.net>
1. Don't use the MSDOSFS code for accessing FreeBSD distribution data.
Use Robert Nordier's stand-alone DOS I/O library for the purpose.
It this works as well as Robert says it does, it should drastically reduce
(or even eliminate) our "I can't install from my DOS partition!" calls.
2. As a result of the above, go to stdio file descriptors for all
media types.
3. Taking advantage of #2, start using libftpio for FTP transfers instead
of maintaining our own parallel version of the FTP transfer code.
Yay! I ripped something out for a change!
#1 Submitted-By: Robert Nordier <rnordier@iafrica.com>
has always held an open file descriptor. This allowed logging to
spare virtual consoles and being able to switch to them.
My previous change removed this since all writes were done with ttymsg()
which opens it's own fd, and hence syslogd didn't need it's own fd to
send messages on... but this caused an unexpected behavior change.
This should close PR#2176
do it themselves. (Some of these programs actually depended on this
beyond compiling the definition of struct ifinfo!) Also fix up some
other #include messes while we're at it.
obvious effects are that most of the automagically chosen defaults
will now be displayed while going through the menu, and an improved
error handling thanks to the more detailed error status reporting.
2.2 fodder, but i'll leave it to Jordan's review.
sysinstall's new User&group menu will use it, hence it's a 2.2
candidate despite of providing new functionality.
Submitted by: David L. Nugent, <davidn@blaze.net.au>
bogus or overly complex and really needed to be done more consistently
and sanely throughout - no question about it. Done.
Suggested-By: Paul Traina <pst@Shockwave.COM>
which will also need to be brought in before this screen will work.
Add some commentary about how the slip startup code is bogus.
Steal Joerg's loop for more properly closing all files and graft it into
the EHS startup. My loop was functional but more bogus.
o Incorporate some of Tatsumi's bug fixes.
o Remove the xperimnt and commerce distribution items; they haven't
been actual distributions for awhile.
o Try to sanitize the device checking code a little more.
o Cosmetic work on the network code.
to keep the link up, so it re-dials whenever it detects the link go
down. This is useful for 'dedicated' links who use PPP.
It's been used for over a year w/out problems at different sites.
