Yaroslav Tykhiy [Fri, 15 Jun 2007 11:33:13 +0000 (11:33 +0000)]
Locked out and expired accounts shouldn't be accessible via remote
mailbox protocols. Add pam_unix to the `account' function class, too,
for imap and pop3 to actually implement this policy.
Yaroslav Tykhiy [Fri, 15 Jun 2007 11:22:10 +0000 (11:22 +0000)]
Split the FILES list across multiple lines as in rc.d/Makefile
so that the change history stays easily readable as the number
of PAM-aware services grows.
Yaroslav Tykhiy [Fri, 15 Jun 2007 10:10:40 +0000 (10:10 +0000)]
Make perr() variadic and add perrx() to use in cases where
errno is irrelevant. Some code duplication can be reduced
if perr() is variadic and perrx() is available.
Document the SENDMAIL_ALIASES, SENDMAIL_MAP_SRC, SENDMAIL_MAP_TYPE, and
SENDMAIL_START_SCRIPT
.Xr make.conf 5
variables.
These are used in
.Pa /etc/mail/Makefile .
- Conditionally pickup Giant around the network interface
ioctl routines if we are running with !mpsafenet
- Change un-conditional Giant acquisition around ifpromisc
to occur only if we are running with !mpsafenet
With these locking bits in place, we can now remove the Giant
requirement from BPF, so drop the D_NEEDGIANT device flag.
This change removes Giant acquisitions around BPF device
handlers (read, write, ioctl etc).
Robert Watson [Thu, 14 Jun 2007 23:31:52 +0000 (23:31 +0000)]
Remove the restriction that rtprio(2) cannot be used to set the realtime
or idle priority of another process owned by the same user. This means
that privilege in rtprio(2) (and rtprio_thread(2)) is required indirectly
via p_cansched(9) or directly to set realtime/idle privilege, rather than
directly affecting target process authorization.
Randall Stewart [Thu, 14 Jun 2007 22:59:04 +0000 (22:59 +0000)]
- Fix so ifn's are properly deleted when the ref count goes to 0.
- Fix so VRF's will clean themselves up when no references are around.
- Allow sctp_ifa to be passed into inpcb_bind, addr_mgmt_ep_sa to bypass
normal validation checks.
- turn auto-asconf off for subset bound sockets
- Moves all logging to use KTR. This gets rid of most
of the logging #ifdef's with a few exceptions reducing
the number of config options for SCTP.
Yaroslav Tykhiy [Thu, 14 Jun 2007 22:16:21 +0000 (22:16 +0000)]
Use a single setusercontext(3) instead of a bunch of basic syscalls.
Besides aesthetic benefits, that makes at(1) jobs subject to such
login.conf(5) settings as resource limits.
Hartmut Brandt [Thu, 14 Jun 2007 20:07:35 +0000 (20:07 +0000)]
Use an array of size NGROUP_MAX for the getgroups() call instead of NGRP.
When NGROUP_MAX is larger than NGRP the call used to fail. Now the call
succeedes, but only the first NGRP groups are actually used for authentication.
Hartmut Brandt [Thu, 14 Jun 2007 19:58:24 +0000 (19:58 +0000)]
According to the documentation mech_type for gss_init_sec_context() may
be passed as GSS_C_NO_OID in which case a default mech should be used.
This case was not handled and leads to core dumps when using nss_ldap.
Now use the first mech in this case. When there is no mechanism available
return an error (this part is taken from the PR).
Xin LI [Thu, 14 Jun 2007 17:14:27 +0000 (17:14 +0000)]
Enable SCTP by default for GENERIC kernels in order to give it
more exposure. The current state of SCTP implementation is
considered to be ready for 32-bit platforms, but still need some
work/testing on 64-bit platforms.
Warner Losh [Thu, 14 Jun 2007 15:09:21 +0000 (15:09 +0000)]
Move malloc definitions to usb.h.
Also, remove usb_malloc_type: it was unused.
Remove METHODS_NONE: it was unused.
Move include of opt_usb.h from usb_port.h to usb.h, since usb_port.h is
going away (there will be a usb_compat.h for out-of-tree drivers that want it).
- Suppress compiler optimization so that orb[1] must be written first.
We may need an explicit memory barrier for other architectures other than i386/amd64.
Xin LI [Thu, 14 Jun 2007 03:16:16 +0000 (03:16 +0000)]
In the previous changeset a cast of myminor to u_int were
removed, which will cause problems on architectures where
longs are longer than ints, for instance,
"mknod foo c 0 0xffff00ff"
would fail in such cases.
John Baldwin [Wed, 13 Jun 2007 20:01:42 +0000 (20:01 +0000)]
Improve the ktrace locking somewhat to reduce overhead:
- Depessimize userret() in kernels where KTRACE is enabled by doing an
unlocked check of the per-process queue of pending events before
acquiring any locks. Previously ktr_userret() unconditionally acquired
the global ktrace_sx lock on every return to userland for every thread,
even if ktrace wasn't enabled for the thread.
- Optimize the locking in exit() to first perform an unlocked read of
p_traceflag to see if ktrace is enabled and only acquire locks and
teardown ktrace if the test succeeds. Also, explicitly disable tracing
before draining any pending events so the pending events actually get
written out. The unlocked read is safe because proc lock is acquired
earlier after single-threading so p_traceflag can't change between then
and this check (well, it can currently due to a bug in ktrace I will fix
next, but that race existed prior to this change as well).
John Baldwin [Wed, 13 Jun 2007 19:41:47 +0000 (19:41 +0000)]
Conditionally acquire Giant when dropping a reference on the ktrace vnode
during execve() when turning off tracing due to executing a setuid binary
as non-root. Previously this could fail to acquire Giant and fail an
assertion if the ktrace file was on a non-MPSAFE filesystem and the
executable was on an MPSAFE filesystem.
Andrew Thompson [Wed, 13 Jun 2007 18:58:04 +0000 (18:58 +0000)]
Add the vlan tag to the bridge route table. This allows a vlan trunk to be
bridged, previously legitimate traffic was not passed as the bridge could not
tell that it was on a different Ethernet segment.
All non-tagged traffic is treated as vlan1 as per IEEE 802.1Q-2003
Robert Watson [Wed, 13 Jun 2007 18:07:59 +0000 (18:07 +0000)]
Remove IPX over IP tunneling pieces from ifconfig(8), omitted portion of
previous commit:
Remove IPX over IP tunneling support, which allows IPX routing over IP
tunnels, and was not MPSAFE. The code can be easily restored in the
event that someone with an IPX over IP tunnel configuration can work
with me to test patches.
This removes one of five remaining consumers of NET_NEEDS_GIANT.
Approved by: re (kensmith)
Spotted by: Artem Naluzhny <tutat nhamon dot com dot ua>
Bruce M Simpson [Wed, 13 Jun 2007 17:44:49 +0000 (17:44 +0000)]
Do not attempt to enable AHCI mode on ALi SATA controllers other
than the 5288.
It is not correctly implemented in earlier silicon, and the BIOS often
lies about AHCI capability on platforms where these chips are deployed.
With this change I am able to boot FreeBSD on the ASUS Vintage AH-1
barebones system.
Robert Watson [Wed, 13 Jun 2007 14:01:43 +0000 (14:01 +0000)]
Remove IPX over IP tunneling support, which allows IPX routing over IP
tunnels, and was not MPSAFE. The code can be easily restored in the
event that someone with an IPX over IP tunnel configuration can work
with me to test patches.
This removes one of five remaining consumers of NET_NEEDS_GIANT.
Bruce Evans [Wed, 13 Jun 2007 06:17:48 +0000 (06:17 +0000)]
Unbreak high resolution profiling a little: use dummy asms to prevent
timing loops being optimized away.
Once apon a time, gcc promised not to optimize away timing loops, but
gcc started optimizing away the call to a null function in the timing
loop here some time between gcc-3.3.3 and gcc-3.4.6, and it started
optimizing away the timing loop itself some time between gcc-3.4.6
and gcc-4.2.
Kip Macy [Wed, 13 Jun 2007 05:36:00 +0000 (05:36 +0000)]
- import new common code for the T304
- update to firmware version 4.1.0
- switch over to standard method for initializing cdevs (contributed by scottl@)
- break out timer_reclaim_task to be per-port
- move msix teardown into separate function
- fix bus_setup_intr for msi-x for the multi-port case so that msi-x resources
are not corrupted on unload
- handle 10/100/1000 base-T media and auto negotiation
- bind qset to cpu even for singleq case
- white space cleanups
- remove recursive PORT_LOCK
- move mtu setting to separate function
- stop and re-init port when changing mtu
- replace all direct references to m_data with calls to mtod
- handle attach failure better by not trying to de-initialize
taskqueues when they have not been allocated
- no longer default to jumbo frames
Options spring cleanup:
- Add and document the KVM and KVM_SUPPORT options that
are needed for the ifmcstats(3) makefile
- Garbage collect unused variables
- Add missing inclusion of bsd.own.mk where needed
Randall Stewart [Wed, 13 Jun 2007 01:31:53 +0000 (01:31 +0000)]
- Fixed cookie handling to calc an RTO when
its an INIT collision case.
- Fixed RTO calc to maintain a seperate variable to track
if a RTO calc as been done, this allows the RTO var to be
doubled during initial timeouts.
- Reduces the amount of stack used by process control.
- Use a constant for the peer chunk overhead.
- Name change to spell candidate correctly.
Jeff Roberson [Tue, 12 Jun 2007 19:49:39 +0000 (19:49 +0000)]
- Garbage collect unused concurrency functions.
- Remove unused kse fields from struct proc.
- Group remaining fields and #ifdef KSE them.
- Move some kern_kse.c only prototypes out of proc and into kern_kse.