summaryrefslogtreecommitdiffstats
path: root/sbin
Commit message (Collapse)AuthorAgeFilesLines
* o Replace Xr to gpt(8) which is gone by gpart(8).maxim2008-11-051-1/+1
|
* Implement support for RPCSEC_GSS authentication to both the NFS clientdfr2008-11-031-1/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and server. This replaces the RPC implementation of the NFS client and server with the newer RPC implementation originally developed (actually ported from the userland sunrpc code) to support the NFS Lock Manager. I have tested this code extensively and I believe it is stable and that performance is at least equal to the legacy RPC implementation. The NFS code currently contains support for both the new RPC implementation and the older legacy implementation inherited from the original NFS codebase. The default is to use the new implementation - add the NFS_LEGACYRPC option to fall back to the old code. When I merge this support back to RELENG_7, I will probably change this so that users have to 'opt in' to get the new code. To use RPCSEC_GSS on either client or server, you must build a kernel which includes the KGSSAPI option and the crypto device. On the userland side, you must build at least a new libc, mountd, mount_nfs and gssd. You must install new versions of /etc/rc.d/gssd and /etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf. As long as gssd is running, you should be able to mount an NFS filesystem from a server that requires RPCSEC_GSS authentication. The mount itself can happen without any kerberos credentials but all access to the filesystem will be denied unless the accessing user has a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There is currently no support for situations where the ticket file is in a different place, such as when the user logged in via SSH and has delegated credentials from that login. This restriction is also present in Solaris and Linux. In theory, we could improve this in future, possibly using Brooks Davis' implementation of variant symlinks. Supporting RPCSEC_GSS on a server is nearly as simple. You must create service creds for the server in the form 'nfs/<fqdn>@<REALM>' and install them in /etc/krb5.keytab. The standard heimdal utility ktutil makes this fairly easy. After the service creds have been created, you can add a '-sec=krb5' option to /etc/exports and restart both mountd and nfsd. The only other difference an administrator should notice is that nfsd doesn't fork to create service threads any more. In normal operation, there will be two nfsd processes, one in userland waiting for TCP connections and one in the kernel handling requests. The latter process will create as many kthreads as required - these should be visible via 'top -H'. The code has some support for varying the number of service threads according to load but initially at least, nfsd uses a fixed number of threads according to the value supplied to its '-n' option. Sponsored by: Isilon Systems MFC after: 1 month
* Add support for multiple attributes. This is required for themarcel2008-10-201-6/+13
| | | | PC98 scheme.
* Tiny wording nits.keramida2008-10-191-4/+5
| | | | MFC after: 1 week
* Support the remaining options listed in dhcp-options(5) and RFC 2132.brooks2008-10-173-5/+31
| | | | | | PR: bin/127076 Submitted by: jkim MFC after: 1 week
* o Remove a debug code and restore an accidentally deleted codemaxim2008-10-141-1/+8
| | | | in a previous commit.
* o Do nothing in show_nat() for a test mode (-n). This preventsmaxim2008-10-141-8/+4
| | | | | | | | show_nat() from endless loop and makes work ipfw -n nat <...>. PR: bin/128064 Submitted by: sem MFC after: 1 month
* Background fsck applies twice some summary totals changes. The nextkib2008-10-131-4/+11
| | | | | | | | | | | background fsck on the same file system might then print negative numbers for reclaimed directories/files/fragments. Address the issue in a limited degree, by using old summary data for cg when bgfsck is performed. Submitted by: tegge MFC after: 1 week
* check_maps() in /usr/src/sbin/fsck_ffs/pass5.c seems to be limited to filekib2008-10-131-15/+27
| | | | | | | | | | | systems less than 1 TB, due to using 32-bits integers for file system block numbers. This also causes incorrect error reporting for foreground fsck. Convert it to use ufs2_daddr_t for block numbers. PR: kern/127951 Submitted by: tegge MFC after: 1 week
* Add some examples to demostrate gpart(8).delphij2008-10-091-1/+36
| | | | | | | | | | | | | | | --此行及以下内容将会被忽略-- > Description of fields to fill in above: 76 columns --| > PR: If a GNATS PR is affected by the change. > Submitted by: If someone else sent in the change. > Reviewed by: If someone else reviewed your modification. > Approved by: If you needed approval for this commit. > Obtained from: If the change is from a third party. > MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email. > Security: Vulnerability reference (one per line) or description. > Empty fields above will be automatically removed. M gpart.8
* o Typo fixes.maxim2008-10-051-2/+2
| | | | | PR: docs/127866 Submitted by: Marius Korsmo
* add duplicate cmd entries for vlan and vlandev that are marked !clonesam2008-10-021-0/+3
| | | | | | so they can be used when not doing a create operation Reviewed by: ed
* - A call to close(2) might overwrite errno and thus give a wrong error messagelulf2008-09-301-1/+2
| | | | | | | on g_providername failure. Suggested by: pjd Approved by: pjd (mentor)
* - Improve error message given on g_providername call failure.lulf2008-09-302-2/+2
| | | | | | - While there, make error messages consistent with the rest. Approved by: kib (mentor)
* Distinguish between cmd/parameters used for clone operations andsam2008-09-291-33/+43
| | | | | | | | | | | all others. Use this to disambiguate cmd line arguments that can be either clone params or regular parameters so, in particular, "bssid" again works as a regular parameter. While here leverage the above to improve the logic for flushing clone operations on the first !clone cmd line parameter. Reviewed by: jhay
* o Add missed dot.maxim2008-09-291-1/+1
|
* Fix the build.rik2008-09-271-1/+1
| | | | Noted by: ganbold@
* * add all keyword for table list & flush actions.rik2008-09-271-3/+14
| | | | | | | * add tables_max sysctl. * add default_rule sysctl. PR: 127058 (partially)
* Add keyword all in addtion to the table number for the 'list' and therik2008-09-271-8/+29
| | | | | | | 'flush' actions on tables. Part of PR: 127058. PR: 127058 (based on) MFC after: 1 month
* Static-ify procedures in init(8).delphij2008-09-271-80/+80
|
* Add missing library dependencies.ru2008-09-232-4/+4
| | | | | PR: bin/127573 Submitted by: Eygene Ryabinkin
* Unbreak the build.keramida2008-09-221-1/+1
|
* MIMO power save and RIFS; while here also update per-node state/flags for ampdusam2008-09-222-1/+72
|
* "ampdudensity -" is too subtle; use "NA" for any and accept it as a parametersam2008-09-221-2/+2
|
* check for undefined identifierssam2008-09-211-12/+59
|
* add new build knobs and jigger some existing controls to improvesam2008-09-211-5/+22
| | | | | | | | control over the result of buildworld and installworld; this especially helps packaging systems such as nanobsd Reviewed by: various (posted to arch) MFC after: 1 month
* Add the check of the table number.rik2008-09-211-0/+17
|
* Move table list to a separate function.rik2008-09-211-35/+44
|
* Free allocated memory.rik2008-09-201-0/+1
|
* Remove some unused variables.rik2008-09-201-4/+3
|
* Style(9) the show_nat() function.rik2008-09-201-1/+2
|
* Do not do the useless job for an empty table.rik2008-09-201-0/+5
| | | | MFC after: 1 month
* Use the version of the kernel returned by getosreldate()rodrigc2008-09-191-6/+16
| | | | | | | to determine whether to call the fallback_mount() backwards compatibility function or not. Reviewed by: dfr
* - Make bsdlabel use libgeom to determine provider name, device path, the medialulf2008-09-181-22/+40
| | | | | | | | | size and the sector size. - Fix a bug where bsdlabel would try to read a regular file using the geom_bsd class. Quick review by: phk Approved by: pjd (mentor)
* Document the -F 's return statement.remko2008-09-171-0/+6
| | | | | | | | | | If the application returns succesfully the return code is 7 (which means the filesystem is clean). PR: 127432 Submitted by: edwin MFC after: 3 days
* Instead of building up a "struct nfs_args" to pass to the kernelrodrigc2008-09-132-473/+622
| | | | | | | | | | | | | | | via nmount(), build up an iovec where each iovec member is an NFS mount option, and pass the iovec down to the kernel via nmount(). These options are then parsed in the kernel. This should make it easier to add new NFS mount options in future. Many, many thanks to Doug Rabson for taking my initial patches, and cleaning them up. In addition, Doug added a fallback_mount() function so that the newer mount_nfs program will work against older kernels, to facilitate upgrading/downgrading scenarios. Doug also re-wrote the mount_nfs.8 man page. Reviewed by: dfr
* Bring a paragraph in this manual page a bit closer to the present date.trhodes2008-09-071-2/+2
| | | | Discussed with: des
* - Make use of the new and g_device_path utility function in libgeom to avoidlulf2008-09-071-49/+30
| | | | | | | | | duplication of code in fdisk and boot0cfg. Also make use of g_providername to fix an issue with fdisk and boot0cfg not using the correct provider when writing the MBR. Reviewed by: phk Approved by: pjd (mentor)
* Check rule numbers against maximum value to avoid rules cleanup duerik2008-09-061-0/+24
| | | | | | to overflow. MFC after: 5 days.
* Use IPFW_DEFAULT_RULE instead of hardcoded value since now it isrik2008-09-061-8/+9
| | | | | | available. MFC after: 5 days.
* Use RUSAGE_SELF for the current process instead of hardcoded valuekevlo2008-09-021-2/+2
|
* Don't return always 0. Return what we get from exec_mountprog ormatteo2008-08-311-1/+1
| | | | | | | mount_fs. PR: bin/125154 MFC after: 1 day
* By default backup geli metadata to a file. It is quite critical 512 bytes,pjd2008-08-292-17/+110
| | | | | | | | | | | | | | | | | | | | | | | once it is lost, all data is gone. Option '-B none' can by used to prevent backup. Option '-B path' can be used to backup metadata to a different file than the default, which is /var/backups/<prov>.eli. The 'geli init' command also prints backup file location and gives short procedure how to restore metadata. The 'geli setkey' command now warns that even after passphrase change or keys update there could be version of the master key encrypted with old keys/passphrase in the backup file. Add regression tests to verify that new functionality works as expected. Update other regression tests so they don't create backup files. Reviewed by: keramida, rink Dedicated to: a friend who lost 400GB of his live by accidentally overwritting geli metadata MFC after: 2 weeks
* - Give algorithms recommendation.pjd2008-08-291-13/+15
| | | | - Keep options in alphabetical order.
* Add support in ifconfig to control the vlan hardware filter feature.jfv2008-08-283-5/+10
| | | | | Reviewed by: EvilSam and moi MFC after:1 week
* Trivial typo fix.ivoras2008-08-271-1/+1
| | | | Approved by: gnn (mentor)
* Implement -R support, similar to ping(8)'s -A.matteo2008-08-272-14/+34
| | | | | | | | | | ping(8)'s -a was mapped to -e, but -E was already taken in ping6 (old option) so rename -e to -r. Now: ping -a => ping6 -r ping -A => ping6 -R MFC after: 2 days
* Add -e to usage()matteo2008-08-271-1/+1
| | | | MFC after: 2 days
* Fix typo.rpaulo2008-08-271-2/+2
|
* Implement audible support similar to ping(8) -a option. Since -a was already ↵matteo2008-08-262-3/+16
| | | | | | | taken, I chose -e (no real argument for this) but I'm willing to change to a different character if needed/desired. PR: bin/123752 (inspired by) MFC after: 2 days
OpenPOWER on IntegriCloud