| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
| |
of format-specific options.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024
and 1023 respectively. (Previously they were equal, but under a close
reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it
is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member
cr_groups from a static array to a pointer. Do the equivalent in
kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating
a process credential before modifying it and for setting group lists
respectively. Both interfaces take care for the details of allocating
groups array. crsetgroups() takes care of truncating the group list
to the current maximum (NGROUPS) if necessary. In the future,
crsetgroups() may be responsible for insuring invariants such as sorting
the supplemental groups to allow groupmember() to be implemented as a
binary search.
Because we can not change struct xucred without breaking application
ABIs, we leave it alone and introduce a new XU_NGROUPS value which is
always 16 and is to be used or NGRPS as appropriate for things such as
NFS which need to use no more than 16 groups. When feasible, truncate
the group list rather than generating an error.
Minor changes:
- Reduce the number of hand rolled versions of groupmember().
- Do not assign to both cr_gid and cr_groups[0].
- Modify ipfw to cache ucreds instead of part of their contents since
they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation)
X-MFC after: never
PR: bin/113398 kern/133867
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.
MFC after: 2 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dace for UPDv4 sockets bound to INADDR_ANY. Move the code to set
IP_RECVDSTADDR/IP_SENDSRCADDR into svc_dg.c, so that both TLI and non-TLI
users will be using it.
Back out my previous commit to mountd. Turns out the problem was affecting
more than one binary so it needs to me addressed in generic rpc code in
libc in order to fix them all.
Reported by: lstewart
Tested by: lstewart
|
| |
|
|
|
|
| |
a few bad systems to run than to be completely strict about it.
|
|
|
|
|
|
|
|
| |
While hacking on TTY code, I often miss a small utility to revoke my own
(pseudo-)terminals. This small utility is just a small wrapper around
the revoke(2) call, so you can destroy your very own login sessions.
Approved by: re
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
any open file descriptors >= 'lowfd'. It is largely identical to the same
function on other operating systems such as Solaris, DFly, NetBSD, and
OpenBSD. One difference from other *BSD is that this closefrom() does not
fail with any errors. In practice, while the manpages for NetBSD and
OpenBSD claim that they return EINTR, they ignore internal errors from
close() and never return EINTR. DFly does return EINTR, but for the common
use case (closing fd's prior to execve()), the caller really wants all
fd's closed and returning EINTR just forces callers to call closefrom() in
a loop until it stops failing.
Note that this implementation of closefrom(2) does not make any effort to
resolve userland races with open(2) in other threads. As such, it is not
multithread safe.
Submitted by: rwatson (initial version)
Reviewed by: rwatson
MFC after: 2 weeks
|
|
|
|
| |
Pointed out by: marcel
|
|
|
|
| |
Submitted by: randi
|
|
|
|
|
|
|
|
| |
sanitization broke sysinstall on some disks. This was due to the disks
reporting a geometry that was incorrectly sanitized by sysinstall. This makes
the sanitization consistent with fdisk.
Tested by: randi
|
|
|
|
|
|
| |
language from stat(2)) rather than in the synopsis.
Requested by: bde
|
|
|
|
| |
Submitted by: Pawel Worach
|
|
|
|
| |
Submitted by: Pawel Worach
|
|
|
|
|
|
|
| |
definitions.
- Note that these functions return NULL on failure.
MFC after: 3 days
|
|
|
|
|
|
| |
claim and release interface support from libusb v2.0, because it is not useful.
Submitted by: Hans Petter Selasky
|
|
|
|
|
|
|
|
|
| |
possible to
use almost anything that uses libufs(3) against a file as an unprivileged user, e.g.
tunefs(8) and dumpfs(8) against a makefs(8)-created image.
Prodded by: kensmith
|
|
|
|
|
|
|
|
| |
The amd64-specific bits of msun use an undocumented constraint, which is
less likely to be supported by other compilers (such as Clang). Change
the code to use a more common machine constraint.
Obtained from: /projects/clangbsd/
|
|
|
|
| |
Suggested by: attilio
|
| |
|
| |
|
|
|
|
| |
Submitted by: Nikola K <laladelausanne at gmail dot com>
|
|
|
|
| |
on UDP socket if we do not have a valid IP address.
|
|
|
|
|
|
| |
The problem with fcntl(2) locks is that they are not inherited by child
processes. This breaks pidfile(3), where the common idiom is to open
and lock the PID file before daemonizing.
|
| |
|
|
|
|
|
| |
Because we use ISO C99 nowadays, we can just get rid of enforcing
GNU89-style inlining.
|
|
|
|
| |
Submitted by: Hans Petter Selasky
|
|
|
|
|
|
|
| |
WITH_BIND_IDN
WITH_BIND_LARGE_FILE
WITH_BIND_SIGCHASE
WITH_BIND_XML
|
|
|
|
|
| |
Reviewed by: rwatson
Obtained from: SuSv3
|
|
|
|
|
|
|
| |
- Don't call tftp_makereq() with too many arguments.
- Don't forget to close one of the comments.
Submitted by: Pawel Worach
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
lots of new features compared to 9.4.x, including:
Full NSEC3 support
Automatic zone re-signing
New update-policy methods tcp-self and 6to4-self
DHCID support.
More detailed statistics counters including those supported in BIND 8.
Faster ACL processing.
Efficient LRU cache-cleaning mechanism.
NSID support.
|
| | |
|
| |
| |
| |
| |
| | |
The libbind library is no longer distributed as part of the main
BIND package, and we never built it in any case.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
that BIND 9.4.1 could compile and run on the ARM platform, but is not
part of the vendor source. It will remain in src/contrib/bind9 since
it is a local modification.
|
| | |
|
| |
| |
| |
| | |
are no longer updated.
|
| |
| |
| |
| |
| |
| | |
being properly tested for, so it would not report the error in some cases.
This fix (or similar) will be in version 9.4.3.
|
| | |
|
| |
|
|
|
|
|
| |
with softfloat or not. Now -msoft-float can be overridden
more easily.
|
|
|
|
| |
This improves debugging.
|
| |
|
|
|
|
| |
Thanks to Ed Schouten for the clue.
|
|
|
|
| |
PR: kern/129477
|