Commit Graph

4709 Commits

Author SHA1 Message Date
Eric Melville
2de2196026 Add warnings about trusting user-supplied data.
Reviewed by:	ru
Approved by:	murray
Obtained from:	OpenBSD
2001-05-25 20:42:40 +00:00
Robert Watson
b1fc0ec1a7 o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
  pcred->pc_uidinfo, which was associated with the real uid, only rename
  it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
  corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
  original macro that pointed.
  p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
  p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
  cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
  cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
  we figure out locking and optimizations; generally speaking, this
  means moving to a structure like this:
        newcred = crdup(oldcred);
        ...
        p->p_ucred = newcred;
        crfree(oldcred);
  It's not race-free, but better than nothing.  There are also races
  in sys_process.c, all inter-process authorization, fork, exec, and
  exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
  remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
  use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
  pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
  allocation.
o Clean up ktrcanset() to take into account changes, and move to using
  suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
  calls to better document current behavior.  In a couple of places,
  current behavior is a little questionable and we need to check
  POSIX.1 to make sure it's "right".  More commenting work still
  remains to be done.
o Update credential management calls, such as crfree(), to take into
  account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
      change_euid()
      change_egid()
      change_ruid()
      change_rgid()
      change_svuid()
      change_svgid()
  In each case, the call now acts on a credential not a process, and as
  such no longer requires more complicated process locking/etc.  They
  now assume the caller will do any necessary allocation of an
  exclusive credential reference.  Each is commented to document its
  reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
  and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
  questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
  processes and pcreds.  Note that this authorization, as well as
  CANSIGIO(), needs to be updated to use the p_cansignal() and
  p_cansched() centralized authorization routines, as they currently
  do not take into account some desirable restrictions that are handled
  by the centralized routines, as well as being inconsistent with other
  similar authorization instances.
o Update libkvm to take these changes into account.

Obtained from:	TrustedBSD Project
Reviewed by:	green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 16:59:11 +00:00
Mark Murray
4448b21cc6 Add the "auth_as_self" option to the pam_unix module (there is no
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
2001-05-24 18:35:52 +00:00
David E. O'Brien
5864b79cd2 Make the rcsid and FreeBSD IDs more sane in the wcs* and wmem* files.
Do the same for the non-wcs*/wmem* files while I'm here.
2001-05-24 08:47:42 +00:00
Matthew Dillon
ac8f990bde This patch implements O_DIRECT about 80% of the way. It takes a patchset
Tor created a while ago, removes the raw I/O piece (that has cache coherency
problems), and adds a buffer cache / VM freeing piece.

Essentially this patch causes O_DIRECT I/O to not be left in the cache, but
does not prevent it from going through the cache, hence the 80%.  For
the last 20% we need a method by which the I/O can be issued directly to
buffer supplied by the user process and bypass the buffer cache entirely,
but still maintain cache coherency.

I also have the code working under -stable but the changes made to sys/file.h
may not be MFCable, so an MFC is not on the table yet.

Submitted by:	tegge, dillon
2001-05-24 07:22:27 +00:00
Dag-Erling Smørgrav
ea63a39cef Add some error codes that were added in RFC2616. 2001-05-23 18:52:02 +00:00
Jim Pirzyk
d825ca42c9 Changed the clnt_perror string in yp_all because it was saying the
error came from yp_next

PR:	bin/13254
Submitted by:	Jim Pirzyk
Reviewed by:	jkh
MFC after: 1 week
2001-05-23 15:37:10 +00:00
Ruslan Ermilov
6ad10804f7 Rename (after a repo-copy) some mount(8) programs:
mount_fdesc -> mount_fdescfs
mount_null -> mount_nullfs
mount_portal -> mount_portalfs
mount_umap -> mount_umapfs
mount_union -> mount_unionfs
2001-05-23 14:58:19 +00:00
Ruslan Ermilov
d4aac95ca2 Fix the range of the returned value.
PR:		docs/27446
Submitted by:	Tadayuki OKADA <tadayuki@mediaone.net>
2001-05-23 12:37:50 +00:00
Hajimu UMEMOTO
1022dd3dcc Correct error message of an example.
Obtained from:	KAME
2001-05-21 10:05:36 +00:00
Jason Evans
c024882f08 Add a test for PR 24345. 2001-05-20 23:12:13 +00:00
Jason Evans
b39e7e33f1 Update the verify script. 2001-05-20 23:11:54 +00:00
Jason Evans
745b431dc6 Don't define _REENTRANT, since the Makefile does so. 2001-05-20 23:11:09 +00:00
Jason Evans
dd2d9a766b Fix a typo. 2001-05-20 23:10:30 +00:00
Jason Evans
6699b0c6fe Instead of using a join queue for each thread, use a single pointer to
keep track of a joiner.  POSIX only supports a single joiner, so this
simplification is acceptable.

At the same time, make sure to mark a joined thread as detached so that
its resources can be freed.

Reviewed by:	deischen
PR:		24345
2001-05-20 23:08:33 +00:00
Ruslan Ermilov
5ead33c50f Removed -I${.CURDIR}/../../sys from CFLAGS. 2001-05-20 12:45:53 +00:00
Archie Cobbs
88c1867f5c Document ECONNREFUSED.
Submitted by:	Richard Hodges <rh@matriplex.com>
2001-05-20 00:12:06 +00:00
Maxim Sobolev
a8e00009c5 Use CONS_GETINFO ioctl to get geometry of the current text mode instead of
TIOCGWINSZ. The former is more correct in this context.
2001-05-19 17:05:52 +00:00
David E. O'Brien
05f0d9ffd6 Remove these libs that are the same .so version as the ones in
5-CURRENT.  These libs will not be used [sitting in /usr/lib/compat] as
the -current ones in /usr/lib will be found first by ld-elf.so.1.
2001-05-19 05:54:11 +00:00
David E. O'Brien
f24457ab3d Remove these libs that are the samed .so version as the ones in
5-CURRENT.  These libs will not be used [sitting in /usr/lib/compat] as
the -current ones in /usr/lib will be found first by ld-elf.so.1.
2001-05-19 05:53:50 +00:00
David E. O'Brien
48a6cb0316 Update the AXP compat4x dist to the 4.3-FreeBSD libs.
There were some security issues fixed between 4.2 -> 4.3.
2001-05-19 01:32:36 +00:00
David E. O'Brien
3620eb66f3 Update the i386 compat4x dist to the FreeBSD 4.3 libs.
There were some security issues fixed between 4.2 -> 4.3.
2001-05-19 01:20:02 +00:00
Ian Dowse
a9d09e93db The function clnt_dg_call(), which is used for UDP RPC calls, could
accidentally clobber the server address if a stray packet arrived
at the client port. This would result in any further retransmits
going to the wrong address.

For now, fix this by not saving the source address of the reply; this
matches the pre-tirpc behaviour.
2001-05-18 19:43:18 +00:00
Ruslan Ermilov
3ab9a9d0e0 Removed -I${.CURDIR}/.../sys from CFLAGS. 2001-05-18 13:41:42 +00:00
Ruslan Ermilov
108b08b24e Fixed typo in the description.
PR:		docs/27411
Submitted by:	David Wimsey <dwimsey@rtci.com>
2001-05-18 06:56:03 +00:00
David E. O'Brien
708b042526 Sort. 2001-05-18 05:05:50 +00:00
David E. O'Brien
078ae588ab Add the "prompt" and "passwd_prompt" fields to /etc/login.conf,
which makes lgoin more like getty in its ability to be configured.

Submitted by:	tlambert (code only)
2001-05-18 04:55:16 +00:00
David E. O'Brien
4402efc314 Use the correct FreeBSD definitions for wint_t and wchar_t. 2001-05-18 00:41:27 +00:00
Jason Evans
ffc19644c0 Condition variable waiters are queued in descending priority order, so
there is no need to wake all waiters to assure that the highest priority
thread is run.  As the semaphore code is written, there was no correctness
problem, but the change improves sem_post() performance.

Pointed out by:	deischen
2001-05-18 00:36:05 +00:00
Ruslan Ermilov
58ceb60878 Suppress compiler warning by adding a type cast. 2001-05-17 12:51:43 +00:00
Peter Wemm
c1323a523a Argh. Fix a long-standing man page filter botch. See terminfo(5) for
the effect.
2001-05-17 08:48:26 +00:00
Peter Wemm
2493e89366 Update for ncurses 5.2-20010512 import 2001-05-17 08:30:09 +00:00
Ruslan Ermilov
45993e3bd4 ... but we do provide .St -isoC-99, and it is not required to have the
history info as:

: .Sh STANDARDS   If the command, library function or file adheres to a
:                 specific implementation such as IEEE Std 1003.2
:                 (``POSIX.2'') or ANSI X3.159-1989 (``ANSI C'') this
:                 should be noted here.  If the command does not adhere
:                 to any standard, its history should be noted in the
:                 HISTORY section.
2001-05-17 08:22:43 +00:00
Jason Evans
1317e200a8 Mark a thread that is suspended while sleeping as interrupted. 2001-05-16 21:58:45 +00:00
Ruslan Ermilov
9d3618b999 Unbreak world; _DIAGASSERT macro is not available in FreeBSD. 2001-05-16 14:34:47 +00:00
Ruslan Ermilov
9af42d27b1 mdoc(7) police: fix markup. 2001-05-16 09:50:12 +00:00
Dima Dorfman
cd18ccdc30 Introduce getprogname(3) and setprogname(3) library calls. These get
and set __progname, respectively.

Discussed on:	-arch (Feb 2001), -audit
Reviewed by:	-audit
Approved by:	kris
Obtained from:	(mostly) NetBSD
2001-05-15 23:41:01 +00:00
Takuya SHIOZAKI
01e281bd12 adapt to FreeBSD.
- enable locale-insensitive functions of wchar.h:
	wcscat.c wcschr.c wcscmp.c wcscpy.c wcscspn.c wcslcat.c wcslcpy.c
        wcslen.c wcsncat.c wcsncmp.c wcsncpy.c wcspbrk.c wcsrchr.c wcsspn.c
	wcsstr.c wmemchr.c wmemcmp.c wmemcpy.c wmemmove.c wmemset.c
	XXX: wcswidth.c is not enabled yet.
- enable wmemchr(3) man page.
	XXX: FreeBSD lacks .St -isoC99 and .St -isoC-amd1.
2001-05-15 20:34:20 +00:00
Ruslan Ermilov
a289e937e3 mdoc(7) police: sort xrefs. 2001-05-15 15:57:05 +00:00
Ruslan Ermilov
ec7d12549c Add new, from scratch implementation of hsearch() et al that actually works.
Obtained from:	NetBSD
MFC after:	1 month
2001-05-15 07:08:20 +00:00
Takuya SHIOZAKI
9829d36a86 initial import of locale insensitive wcs* and wmem* functions.
Obtained from:	NetBSD and Citrus.
2001-05-15 06:01:19 +00:00
Ruslan Ermilov
86315d60a0 mdoc(7) police: add RETURN VALUES section.
PR:		docs/27161
Submitted by:	Kazuhiro KONDOU <k-fuji@za2.so-net.ne.jp>
2001-05-14 18:38:05 +00:00
Daniel C. Sobral
1d7d62d1e0 Replace functional bugs of ctypish functions in libstand with style
bugs.

reviewed by:	bde
MFC after:	1 week
2001-05-14 16:49:20 +00:00
Mark Murray
84d6cd8ea1 Bring in a few useful PAM modules.
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.

pam_nologin checks for /etc/nologin and does the "usual stuff"
	if it is found, otherwise it silently succeeds.

pam_rootok silently succeeds if the user is root, otherwise
	it fails.

pam_wheel silently succeeds if the user is a member of group
	"wheel" (or another nominated group), and fails
	otherwise.

There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
2001-05-14 11:23:58 +00:00
Jordan K. Hubbard
96e426f43d + add u_long sector_size to struct disk (documented in libdisk.3)
+ make Open_Disk sense the sector size by trying 512, 1024 and 2048
  in this order. This makes the kernel note that
  dscheck(cd1): bio_bcount 512 is not on a sector boundary (ssize 2048)
  dscheck(cd1): bio_bcount 1024 is not on a sector boundary (ssize 2048)
  if 2048 is the sector size. If this worries anyone: the message is from
  /usr/src/sys/kern/subr_diskslice.c and shutups are to be placed there.
+ Have read_block and write_block use an additional parameter, the
  sector size.
+ replace all barfout calls with return NULL, 0, __LINE__, etc.
  Note that this does NOT emit diagnostics. More often than not,
  you don't want library functions to scribble on stderr -- it may
  not even be available. The right thing is to propagate the error
  condition to upper management. The app should take care of errors.
+ use d1->sector_size instead of 512 in various places. I've left many
  places untouched, especially those writing MBRs. I simply added
  another arg hardcoded as 512. This is because I would not know what
  I'm doing... I felt this approach would be reasonably backward
  compatible and not introduce any new bugs in critical software.
  Famous last words. Messing with MBRs might soon put me in the same
  screwup meister category as, uh, never mind.  :-)
+ bump the max no of disks from 20 to 32 (due to PR 24503).

PR:		8434 / 8436 / 24503
Submitted by:	Jens Schweikhardt <schweikh@schweikhardt.net>
2001-05-13 20:08:54 +00:00
Ian Dowse
1a154a146c Extract the path from an AF_LOCAL sockaddr_un in a way that correctly
terminates the string in all cases, based on code from netstat(1).
The path in a sockaddr_un is terminated either by a '\0', or by
the end of the sockaddr as defined by sun_len.

Previously, the code could write the "safety" '\0' beyond the end
of the sockaddr (sockaddr_un's need only be large enough to store
sun_len bytes), and writing into the the supplied sockaddr is bad
anyway.
2001-05-12 20:05:26 +00:00
Alexander Langer
bda3261e9b gethostbyname2() can't do AF_INET6 lookups over NIS.
getaddrinfo(3) must be used.

Submitted by:	ume
2001-05-08 11:21:15 +00:00
Chris D. Faulhaber
fda2d391d6 Correct prototype (entry_p -> *entry_p)
Submitted by:	Alex Zepeda <jazepeda@pacbell.net>
2001-05-07 23:16:25 +00:00
Akinori MUSHA
3b26be6ae1 Properly copy the P_ALTSTACK flag in struct proc::p_flag to the child
process on fork(2).

It is the supposed behavior stated in the manpage of sigaction(2), and
Solaris, NetBSD and FreeBSD 3-STABLE correctly do so.

The previous fix against libc_r/uthread/uthread_fork.c fixed the
problem only for the programs linked with libc_r, so back it out and
fix fork(2) itself to help those not linked with libc_r as well.

PR:		kern/26705
Submitted by:	KUROSAWA Takahiro <fwkg7679@mb.infoweb.ne.jp>
Tested by:	knu, GOTOU Yuuzou <gotoyuzo@notwork.org>,
		and some other people
Not objected by:	hackers
MFC in:		3 days
2001-05-07 18:07:29 +00:00
Brian Feldman
d67ad957e9 Finish disconnecting pam_ssh from the build. 2001-05-04 20:40:53 +00:00