is an internal Linux-PAM header which shouldn't be used outside Linux-PAM
itself, and has absolutely zero effect on pam_ftp.
Sponsored by: DARPA, NAI Labs
MFC after: 1 week
in conditional code that happens not to be compiled, and because gcc
doesn't complain garbage after #endif by default.
Fixed some style bugs in previous commit, 1.8 and 1.1.
commit.
Fixed related style bugs:
basename.c: misplaced '#if 0'
dirname.c: misplaced '#if 0'
getgrent.c: missing '#if 0', and tab lossage in vendor id (the previous
commit fixed the complete corruption of the vendor id but
lost a tab)
getpwent.c: missing '#if 0'
it a little and try to make it more resilient to various possible failure
conditions. Change the man page accordingly, and take advantage of this
opportunity to simplify its language.
Sponsored by: DARPA, NAI Labs
doesn't really make any difference, except it matches wtmp(5) better.
Don't do anything in pam_sm_close_session(); init(8) will take care of
utmp and wtmp when the tty is released. Clearing them here would make it
possible to create a ghost session by logging in, running 'login -f $USER'
and exiting the subshell.
Sponsored by: DARPA, NAI Labs (but the bugs are all mine)
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).
This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.
Also remove local declarations of sbrk and unnecessary casting.
PR: 32296
Tested by: Harti Brandt <brandt@fokus.gmd.de>
MFC after: 1 month
either PAM_RHOST or PAM_TTY against /etc/login.access.o
This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'. This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.
Sponsored by: DARPA, NAI Labs
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
dynamic linkage with -lssh.
Reviewed by: des, markm
Approved by: markm
argument to kvm_open() and kvm_openfiles() as unused.
BSD didn't read swap since kvm.c CSRG revision 5.21 (u-area is pageable
under new VM. no need to read from swap.)
The old !NEWVM code was removed in CSRG revision 5.23 (~ten years ago).
- Ignore the {try,use}_first_pass options by clearing PAM_AUTHTOK before
challenging the user. These options are meaningless for pam_opie(8)
since the user can't possibly know the right response before she sees
the challenge.
- Introduce the no_fake_prompts option. If this option is set, pam_opie(8)
will fail - rather than present a bogus challenge - if the target user
does not have an OPIE key. With this option, users who haven't set up
OPIE won't have to wonder what that "weird otp-md5 s**t" means :)
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
is correct but less than useful. There is some uncertainty about whether
isblank() is in C99, but it is certainly not in C90. It just conforms
to C89 because it is a conforming extension.
functions are defined in SUSv2 and the latest POSIX spec.
Thanks to Bernd Walter <ticso@cicely8.cicely.de> for helping debug my
alpha assembly.
Approved by: -arch
1. ctype.h defines digittoint(), isnumber() and ishexnmber(), yet
they are not documented in any of the manpages.
2. The ctype manpage references a non-existent manpage for
digittoint().
3. The isascii() manpage claims it is standards compliant, when
it isn't.
4. isblank() claims it is _not_ standards compliant, when it
is.
Fix by including the appropriate .Nm entries, and with a new digittoint.3
page.
PR: docs/26451
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>
alpha these bugs didn't cause any problems because it was little endian,
but on sparc64, we ended up with garbage for the IP address when we tried
to contact the server. (Usually 3.253.0.0)
Not objected to by: wpaul
argument. Leave a compatibility shim for Delete_Chunk().
Implement DELCHUNK_RECOVER flag so sysinstall can ask libdisk
to recover space when deleting a chunk.
data without confirming the connection by issuing a recvmsg(2) [...]".
There's no such code in the kernel.
PR: 26861
Submitted by: Richard A Steenbergen <ras@e-gerbil.net>,
Tom Rhodes <darklogik@pittgoth.com>
the first revision of strcpy(3)'s section is included, but should be
removed as the Security Architecture document is committed and
completed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
at first and try to set an accept_filter(9) on it only after that.
Also document errno value that will be set if installing the
filter on a non-listening socket.
This will be trimmed as the FreeBSD Security Architecture document
is fleshed out and committed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Add support for handling floating point disabled traps mostly in userland
for the simple single threaded case. Not yet enabled by default.
Implement __sparc_utrap_install as specified by the sparc abi.
- Don't connect datagram socket if RES_INSECURE1.
- Needed to implement IPv6 anycast UDP DNS queries as documented in
<draft-ietf-ipngwg-dns-discovery-03.txt>.
Obtained from: KAME
According to C99:
"The functions atof, atoi, atol, and atoll need not
affect the value of the integer expression errno on an
error. If the value of the result cannot be represented,
the behavior is undefined."
o Document the following capabilities: CAP_NET_ADMIN, CAP_SYS_RAWIO,
CAP_SYS_ADMIN, and CAP_SYS_TTY_CONFIG.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
return address when modifying a jmp_buf to create a new thread context.
Also set t12 with the return address.
This should fix libc_r on alpha.
With much detective work by: Bernd Walter <ticso@cicely.de>
calls.
This change allows libc_r to create thread contexts with a different
stack and return address.
With much detective work by: Bernd Walter <ticso@cicely.de>
LC_MESSAGES related data was installed to <locale>/LC_MESSAGES file.
Now it go to <locale>/LC_MESSAGES/SYS_LC_MESSAGES file. LC_MESSAGES
directory is supposed to be storage of message catalogs of userland tools.
This should allow us to avoid many potential problems with future
libintl related functionality introduction.
Thanks for useful suggestions about correct way how to replace plain
files with directories at installworld stage to: Ruslan Ermilov <ru>
allows us to supply our own value for this, overriding the
default /usr/local/etc/nsmb.conf, which is not appropriate for
base system configuration files.
the target thread of the join operation. This allows the cancelled
thread to detach the target thread in its cancellation handler.
This bug was found by Butenhof's cancel_subcontract test.
Reviewed by: jasone
It tries to comply with the SCD 2.4.1 (and thus Sparc 64-bit psABI).
This is an amalgamation of the FreeBSD Alpha crt1.c and the BSD/OS Sparc
crt0.c (which the copyright reflects).
In original version grouping was hardcoded. It assumed that thousands
separator should be inserted to separate each 3 numbers. I.e. grouping
string "\003" was assumed for all cases. In correct case (per POSIX)
vfprintf should respect locale defined non-monetary (LC_NUMERIC
category) grouping sequence.
Also simplify thousands_sep handling.
o) Since we unwrap the sendfile syscall, check the return value of
writev(2) to see if it didn't complete all the data.
Previously if only a partial writev() succeeded, it would proceed
to sendfile(2) even though the headers weren't completely sent.
o) Properly adjust the "bytes to send" to take into account sendfile(2)'s
behaviour of counting the headers against the bytes to be transfered
from the file.
o) Correct the problem where EAGAIN was being returned from _sys_sendfile(2)
however the wrapper didn't update the 'sent bytes' parameter to take into
account for it. This is because sendfile can return EAGAIN even though
it has actually transfered data.
Special thanks to Justin Erenkrantz <jerenkrantz@apache.org> for bringing
this to my attention and giving an excellent way to reproduce the problem.
PR: kern/32684
MFC After: 1 week
driver in libstand. This specifically does not expand or truncate files
since the filesystem may be dirty or inconsistent.
PR: kern/32389
Submitted by: Jonathan Mini <mini@haikugeek.com>
Sponsored by: ClickArray, Inc.
of the recent WARNS commits. The idea is:
1) FreeBSD id tags should follow vendor tags.
2) Vendor tags should not be compiled (though copyrights probably should).
3) There should be no blank line between including cdefs and __FBSDIF.
sysinstall will automatically expand the previous partition to take up
the freed up space. So you can 'D'elete /home and /usr will get the
combined space, or you can 'D'elete /tmp and /var will get the combined space.
This gives the user, developer, or lay person a huge amount of flexibility
in constructing partitions from an 'A'uto base. It takes only 3 or 4
keystrokes to achieve virtually any combination of having or not having
a /tmp and/or /home after doing an 'A'uto create.
Change 'A'uto creation of /var/tmp to 'A'uto creation /tmp, which should
be less controversial.
MFC after: 6 days
more careful about reporting truncation with ERANGE in strerror_r.
Set errno to EINVAL for "unknown" errnum in strerror as required
by P1003.1-200x Draft June 14, 2001.
More carefully document the handling of strerrbuf when errors
(ERANGE, EINVAL) are encountered in strerror_r.
Reviewed by: bde (ongoing discussion)
dump core if invoked with an input file that looks like a password file
but isn't (e.g. /etc/group).
PR: 32378
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
MFC after: 1 week
This API is supported in SVR4.0MP, Solaris, Linux, AIX and Tru64 Unix.
PR: bin/27489
Submitted by: Arun Sharma <arun@sharma-home.net>
Reviewed by: bde (prior version)
o Hide nonstandard functions and types in <netinet/in.h> when
_POSIX_SOURCE is defined.
o Add some missing types (required by POSIX.1-200x) to <netinet/in.h>.
o Restore vendor ID from Rev 1.1 in <netinet/in.h> and make use of new
__FBSDID() macro.
o Fix some miscellaneous issues in <arpa/inet.h>.
o Correct final argument for the inet_ntop() function (POSIX.1-200x).
o Get rid of the namespace pollution from <sys/types.h> in
<arpa/inet.h>.
Reviewed by: fenner
Partially submitted by: bde
removing it from our source tree in order to have one version
of strtod() for all arches. netbsd_strtod.c still left in source
tree until alpha folks make sure that our native strtod() works
as well as NetBSD's one.
Reviewed by: peter, bde (some time ago)
- New length modifiers: hh, j, t, z.
- New flag: '. Note that %'f is not yet implemented.
- Use "inf"/"nan" for efg formats, "INF"/"NAN" for EFG formats.
- Implemented %q in terms of %ll; if "quad_t" is not "long long"
%q will break.
Still to do:
- %C, %S, %lc, %ls (wide character support)
- %'f (thousands in integer portion of %f)
- %a/%A (exact hex representation of floating-point numbers)
Garrett Wollman wrote the first version of the vfprintf.c update;
Mike Barcroft wrote the first version of the printf.3 changes.
STANDARDS section of the page. Add one remark there about inet_pton(3)
only understanding decimal values (in contrast to inet_aton(3) and
friends who are happy with 0ac.020.25 for 172.16.0.25).
Caught by: ru
MFC after: 2 days
The definition of character class digit requires that only ten characters
-the ones defining digits- can be specified; alternate digits (for
example, Hindi or Kanji) cannot be specified here. However, the encoding
may vary if an implementation supports more than one encoding.
The definition of character class xdigit requires that the characters
included in character class digit are included here also and allows for
different symbols for the hexadecimal digits 10 through 15.
the return code and errno instead. Those warnings did not do any good
for daemonized users of initgroups(3), and confused cvs clients that
communicated with non-root cvs pserver.
The committed fix differs from the one suggested in the PR, and was
submitted by ru.
PR: 15421
Approved by: markm
Discussed on: -stable, -current at various times