o Expand the explaination of the -b option WRT the resulting
group ACL entry in relation to the existing group and mask
ACL entries.
o Move the explanation of multiple ACL entries on the command
line to the ACL ENTRIES section.
Robert Watson [Sun, 2 Dec 2001 15:15:29 +0000 (15:15 +0000)]
o Remove KSE race in setuid() in which oldcred was preserved before giant
was grabbed. This was introduced in 1.101 when the giant pushdown
for kern_prot.c was originally performed.
Robert Watson [Sun, 2 Dec 2001 15:07:10 +0000 (15:07 +0000)]
o General style, formatting, etc, improvements:
- uid's -> uids
- whitespace improvements, linewrap improvements
- reorder copyright more appropriately
- remove redundant MP SAFE comments, add one "NOT MPSAFE?"
for setgroups(), which seems to be the sole un-changed system
call in the file.
- clean up securelevel_g?() functions, improve comments.
Matthew Dillon [Sun, 2 Dec 2001 08:49:29 +0000 (08:49 +0000)]
Fix a bug with transmitter restart after receiving a 0 window. The
receiver was not sending an immediate ack with delayed acks turned on
when the input buffer is drained, preventing the transmitter from
restarting immediately.
Propogate the TCP_NODELAY option to accept()ed sockets. (Helps tbench and
is a good idea anyway).
Some cleanup. Identify additonal issues in comments.
Forget to remove fsck from src/release/{alpha,pc98}/boot_crunch.conf,
which should be done with src/release/i386/boot_crunch.conf rev 1.51
and src/usr.sbin/sysinstall/install.c rev 1.311.
Sysinstall cleanups for installation:
1) Use devfs to mount filesystems. If mounting devfs is fail,
fallback to old code.
2) When fscking filesystems, use 'fsck_ffs' explicitly. As a
result, we no longer need 'fsck' the wrapper program.
Scott Long [Sun, 2 Dec 2001 03:47:33 +0000 (03:47 +0000)]
Add functionality and fix bugs so the driver will work with soon-to-be
released management apps.
1. Implement poll(). This will check for queued aif's so that a
subsequent ioctl call to retrieve the next aif will not block.
2. Don't catch signals when sleeping on a fib sent from userland. This
causes a race and panic due to the pthread context switcher waking
up the tsleep at inopportune times.
3. Fix some whitespace nits.
Bruce Evans [Sat, 1 Dec 2001 19:48:59 +0000 (19:48 +0000)]
Work around world breakage in previous commit. The bug is in
<security/pam_misc.h>. It declares a function parameter named 'send',
so nothing that includes both <unistd.h> (which declares send(2)) and
<security/pam_misc.h> be compiled with WARNS=2 unless NO_WERRROR is
set.
Remove kget() feature, which is removed from 5-current kernel.
Since userconfig feature is implemented by tweaking variables (hint.*)
with loader(8), we can put back an equivalent feature. Maybe the first
step for this is to commit yokota-san's patch (add userconfig command
for loader).
Joseph Koshy [Sat, 1 Dec 2001 12:07:42 +0000 (12:07 +0000)]
Add support for sysconf(_SC_NPROCESSORS_CONF) and sysconf(_SC_NPROCESSORS_ONLN).
This API is supported in SVR4.0MP, Solaris, Linux, AIX and Tru64 Unix.
Mike Barcroft [Sat, 1 Dec 2001 03:43:01 +0000 (03:43 +0000)]
o Stop abusing MD headers with non-MD types.
o Hide nonstandard functions and types in <netinet/in.h> when
_POSIX_SOURCE is defined.
o Add some missing types (required by POSIX.1-200x) to <netinet/in.h>.
o Restore vendor ID from Rev 1.1 in <netinet/in.h> and make use of new
__FBSDID() macro.
o Fix some miscellaneous issues in <arpa/inet.h>.
o Correct final argument for the inet_ntop() function (POSIX.1-200x).
o Get rid of the namespace pollution from <sys/types.h> in
<arpa/inet.h>.
Luigi Rizzo [Sat, 1 Dec 2001 00:21:30 +0000 (00:21 +0000)]
vm/vm_kern.c: rate limit (to once per second) diagnostic printf when
you run out of mbuf address space.
kern/subr_mbuf.c: print a warning message when mb_alloc fails, again
rate-limited to at most once per second. This covers other
cases of mbuf allocation failures. Probably it also overlaps the
one handled in vm/vm_kern.c, so maybe the latter should go away.
This warning will let us gradually remove the printf that are scattered
across most network drivers to report mbuf allocation failures.
Those are potentially dangerous, in that they are not rate-limited and
can easily cause systems to panic.
Unless there is disagreement (which does not seem to be the case
judging from the discussion on -net so far), and because this is
sort of a safety bugfix, I plan to commit a similar change to STABLE
during the weekend (it affects kern/uipc_mbuf.c there).
Robert Watson [Fri, 30 Nov 2001 21:40:52 +0000 (21:40 +0000)]
o Introduce kern.security.bsd.unprivileged_read_msgbuf, which allows
the administrator to restrict access to the kernel message buffer.
It defaults to '1', which permits access, but if set to '0', requires
that the process making the sysctl() have appropriate privilege.
o Note that for this to be effective, access to this data via system
logs derived from /dev/klog must also be limited.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Mark Murray [Fri, 30 Nov 2001 21:06:38 +0000 (21:06 +0000)]
Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
Robert Watson [Fri, 30 Nov 2001 20:58:31 +0000 (20:58 +0000)]
o Move current inhabitants of kern.security to kern.security.bsd, so
that new models can inhabit kern.security.<modelname>.
o While I'm there, shorten somewhat excessive variable names, and clean
things up a little.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Mitsuru IWASAKI [Fri, 30 Nov 2001 16:06:00 +0000 (16:06 +0000)]
Add a couple of minor changes.
- set sc->acpi_s4bios to 1 by default for hibernation until
OS-initiated S4 transition is implemented.
- change the behavior of acpi_sleep_state_sysctl() if new value is
the same as old one, do nothing instead of EINVAL.
Brian Somers [Fri, 30 Nov 2001 14:01:20 +0000 (14:01 +0000)]
Don't provide an RTA_GATEWAY sockaddr when we write RTM_CHANGE messages
to the routing socket.
The local address on a point-to-point interface is not actually a
gateway address - despite it appearing in the second column of
netstat -r's output. Providing a gateway to an RTM_CHANGE will
currently change the route's interface so that it's using the
specified gateway - not what we want.
Brian Somers [Fri, 30 Nov 2001 14:00:55 +0000 (14:00 +0000)]
During SIOCAIFADDR, if in_ifinit() fails and we've already added an
interface address, blow the address away again before returning the
error.
In in_ifinit(), if we get an error from rtinit() and we've also got
a destination address, return the error rather than masking EEXISTS.
Failing to create a host route when configuring an interface should
be treated as an error.
Alexey Zelkin [Fri, 30 Nov 2001 12:48:30 +0000 (12:48 +0000)]
Merge NetBSD's changes from netbsd_strtod.c in preparation of
removing it from our source tree in order to have one version
of strtod() for all arches. netbsd_strtod.c still left in source
tree until alpha folks make sure that our native strtod() works
as well as NetBSD's one.
Peter Wemm [Fri, 30 Nov 2001 11:57:23 +0000 (11:57 +0000)]
cpuid bit 30 is 'IA64', for when you're running in i386 mode on an ia64
cpu. (This is for either userland apps running in i386 mode on an ia64
OS, or when the cpu is in i386 legacy mode running an i386 OS).