Now that _pam_init_handlers() works as intended, it seems clear that we
do not actually want to define PAM_READ_BOTH_CONFS, so back out previous
commit.
Although the previous went some way towards fixing the pam.conf / pam.d
problem, it still didn't DTRT for services that did not have a service-
specific policy if /etc/pam.d existed but did not contain an "other"
policy. This fixes the problems some people have experienced with sudo.
And I almost didn't have to use goto.
The current configuration sequence is:
1) Look for /etc/pam.d/foo
2) If PAM_READ_BOTH_CONFS is defined, or step 1) failed, look for
foo in /etc/pam.conf
3) Look for /etc/pam.d/other (to fill in the gaps)
4) If PAM_READ_BOTH_CONFS is defined, or step 3) failed, look for
other in /etc/pam.conf
I believe this is the intended behaviour of the original code. The least
surprising behaviour seems to be when PAM_READ_BOTH_CONFS is not defined -
/etc/pam.d/foo will be preferred over /etc/pam.conf, but the latter will
serve as a backup if the former does not exist.
Robert Watson [Thu, 6 Dec 2001 20:24:38 +0000 (20:24 +0000)]
o Reflect changed default such that keepalives are always enabled by
default now. Discuss why that's good. Note that there are still
some situations where turning it off may be advantageous, including
situations where there are network outages and it's desirable to
have TCP sessions last beyond the outage.
Robert Watson [Thu, 6 Dec 2001 19:57:34 +0000 (19:57 +0000)]
Moderate the recommendation that TCP keepalives always be turned on;
in some environments, this may result in the early termination of
legitimate TCP sessions during temporary network outages. However,
maintain a strong recommendation that this be used when many network
clients are dialup.
Robert Watson [Thu, 6 Dec 2001 19:50:35 +0000 (19:50 +0000)]
o Add an additional .Pp between the send/recvbuffer comments and
the ones on ipfw. Note to self: why does ipfw/dummynet count as
a sysctl in tuning(7)?
Robert Watson [Thu, 6 Dec 2001 19:39:33 +0000 (19:39 +0000)]
vmiodirenable is now on by default; reflect that change in default,
and talk more about the reasons to turn it off (restricted memory
environments), and less about why to turn it on.
Robert Watson [Thu, 6 Dec 2001 19:36:21 +0000 (19:36 +0000)]
Reword parts of tuning(7) regarding loader tunables, which are refered
to in the document as "boot-time sysctls". Instead, refer to them as
loader tunables.
Assert that compilation takes place in a freestanding environment. This
implies `-fno-builtin'. A freestanding environment is one in which the
standard library may not exist, and program startup may not necessarily be
at main. The most obvious example is an OS kernel. This is equivalent to
`-fno-hosted'.
Fixed two problems:
1. Changed incorrect conditional in fxhw.c which would never
evaluate to true. Thanks to John Polstra for pointing that out.
2. Write to PCI config space by default, enabling memory access and
bus master enable.
Introduce the variable USE_PAM_D, which, if set, will cause pam.d to be
installed instead of pam.conf. This is for testing; the conditionals will
be removed once we are confident that pam.d works as intended.
John Baldwin [Thu, 6 Dec 2001 07:44:47 +0000 (07:44 +0000)]
Just to be pedantic and more aesthetically pleasing, move the secure/
top-level subdirectory prior to share/ so that the top-level directories
are processed in alphabetical order.
Warner Losh [Thu, 6 Dec 2001 06:40:18 +0000 (06:40 +0000)]
The pccard/cardbus power interface should depend on having pccard or
cardbus in the kernel, not on all the bridges that implement it.
Note: this is NEWCARD only, so we don't want it for the 'card' case,
unlike card_if.m, which is both NEWCARD and OLDCARD.
John Baldwin [Wed, 5 Dec 2001 22:09:39 +0000 (22:09 +0000)]
Remove an incorrect duplicate Douglas Adam quote and properly format and
the correct duplicate. Both versions also attributed the quote to the
wrong book.
Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
Files in subdirectories of directories that have the nodump flag set
are sometimes incorrectly being dumped.
The problem arises because the subdirectory only gets its entry
cleared from usedinomap if it is also present in dumpinomap, and it is
the absence of a directory in usedinomap that internally indicates
that the directory is under the effects of UF_NODUMP (either directly
or inherited).
PR: 32414
Submitted by: David C Lawrence <tale@dd.org>
Ruslan Ermilov [Wed, 5 Dec 2001 18:13:34 +0000 (18:13 +0000)]
Fixed remotely exploitable DoS in arpresolve().
Easily exploitable by flood pinging the target
host over an interface with the IFF_NOARP flag
set (all you need to know is the target host's
MAC address).
Clean up namespace pollution by prepending underscores to argument names in
function prototypes (or, in a few cases, removing argument names altogether).
Add dummy functions for all module types. These dummies return PAM_IGNORE
rather than PAM_SUCCESS, so you'll get a failure if you list dummies but
no real modules for a particular module chain.
Warner Losh [Wed, 5 Dec 2001 08:57:36 +0000 (08:57 +0000)]
Implement prism2 detection from NetBSD. This mostly obsoletes the
prism2 flag in pccard.conf, but I'm leaving it place for the moment in
case the small sample of PrismII cards that I've tried is not
representative.
Move the checks for '/' a little sooner in the code which receives files
for a remote print job. This change comes from OpenBSD (who got it from
Sebastian Krahmer of SuSE). In OpenBSD this avoids a tiny theoretical
security issue, but that security issue does not exist in FreeBSD's lpr
due to the changes which added 'ctl_renametf()' just before 4.4-release.
This change is still worth doing in our version, but it isn't fixing a
security issue.
Søren Schmidt [Tue, 4 Dec 2001 21:48:56 +0000 (21:48 +0000)]
Add the ability to write VCD/SVCD disc's.
It is still nessesary to supply the tracks as individual files, burncd
can't read .cue files yet, but now the infrastructure to do it is
present we just need a .cue file parser (hint hint)...
Ian Dowse [Tue, 4 Dec 2001 16:53:42 +0000 (16:53 +0000)]
When VOP_SYMLINK fails, the value of *vpp is junk, so we must NULL
out nd.ni_vp to prevent the resource cleanup code at the end of
nfsrv_symlink from trying to vrele it. This fixes a "vrele: negative
ref cnt" panic that can occur when a symlink is attempted on an NFS
filesystem with no free space. Found locally, but the symptoms
correspond to those in the PR referenced below.
Ruslan Ermilov [Tue, 4 Dec 2001 16:17:35 +0000 (16:17 +0000)]
mdoc(7) police: section 1 and 8 manpages document their exit
codes under the DIAGNOSTICS section, not RETURN VALUES, which
is for section 2, 3, and 9 manpages.
Warner Losh [Tue, 4 Dec 2001 13:48:16 +0000 (13:48 +0000)]
implement MFC links properly (and I think long links too). This make
the sprint wireless card try to attach. Sadly, the pci code at the
bridge keeps this from happening.
Add a missing error check. This fixes a bug that would cause pwd_mkdb to
dump core if invoked with an input file that looks like a password file
but isn't (e.g. /etc/group).