since that is what we use now and this insulates us from any time_t
tweaks here. We can define a record format that uses 64 bit times if/when
we need to.
socket option for the Unix domain. It's weaker than the
socket option (this only returns the uid and gid, while the
socket opt. can return the entire group list), and is
implemented mostly for compatibility with OpenBSD.
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with
errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc'
patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to
maintain backwards compatibility.
Reviewed by: sheldonh, assar
Obtained from: NetBSD/OpenBSD
already found in the sigaction(2) manual.
As discussed with the committer of that delta, cross-reference the list
in sigaction(2) instead of duplicating the list of functions that are
safe for use within signal handlers.
and its associated constants. Implement _SC_IOV_MAX in the usual way.
Be a bit sloppy about the namespace question; this should get cleared up
in time for 5.0.
MFC after: 1 month
of calling sigprocmask(). This matches the behaviour of thr_sigsetmask()
on Solaris; _pthread_sigmask_stub was added purely for compatibility
with Solaris (for TI-RPC), so it might as well do the same thing.
This fixes the problem where client RPC calls ignored all signals
for the complete duration of the RPC. This behaviour is currently
necessary in the threaded case due to locking issues, but was never
intended to occur in non-threaded programs.
Reviewed by: deischen
there and compare the inode and device numbers to the values we remember,
to guard against the directory having been moved around in the meantime.
Reported by: Nick Cleaton <nick@cleaton.net>
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.
This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.
arguments where the format string is obtained from user data, or
otherwise difficult to verify statically.
Example usage:
printf(fmtcheck(user_format, standard_format), arg1, arg2);
checks the format string user_format for consistency (same number/order/
type of format operators) with standard_format. If they differ,
standard_format is used instead to avoid potential crashes or security
violations.
Obtained from: NetBSD
Reviewed by: -arch
instead of #pragma weak to create weak definitions. This macro is
improperly named, though, since a weak definition is not the same
thing as a weak reference.
Suggested by: bde
I've left out a couple of unused args between internal functions.
Use MAXPATHLEN, not MAXPATHLEN + 1 in a couple of places.
Pass a pointer to the end of the target filename space.
exactly the right size. Do it differently - pass a length rather than an
end-of-string+1 pointer as this is more convenient anyway. Get rid of
the bogus +1's.
because libc/rpc/key_call.c references uname(), and ps/print.c also
defines uname(), and ps is linked statically. This leads to a symbol
clash. The userland uname(3) kinda sucked anyway as the hostname
etc was too short. And since the libc rpc interface now uses
the utsname.nodename which gets truncated, I was tempted into doing
something about it. Create a new userland uname function, called
__xuname() which takes an extra argument that allows you to change
the size of the fields. uname() becomes a static inline function
in sys/utsname.h that passes the extra argument in. struct utsname
has its field members expanded by default now in userland.
We still provide a 'uname' externally linkable function for things
that either think that they ``know'' the utsname format and assume
32 character strings and bypass the include file, or objects that
are linked against old libcs. ie: just about every plausible
case that I can think of is covered. Should we ever change the
default lengths again, a libc major bump should not be required
as the size is now passed to the function.
XXX the uname(2) in the kernel is for FreeBSD 1.1 binary compatability!
All the uname(3) functions that are exported to userland are actually
implemented in libc with sysctl. uname(1) uses sysctl directly and
does not call uname(3).
PR: bin/4688
number of paths which glob(3) will return. Remove the hardcoded limit
from the last commit, which restores the previous unbounded behavior.
Document the new flag in the manual page.
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
is currently set to 10000. This is intended to prevent glob from running
amok when a highly recursive path is provided (such as "../*/../*/../*/...")
Reviewed by: Diane Bruce <db@db.net>, jhb
Add a lock to FILE. flockfile and friends are now implemented
(for the most part) in libc. flockfile_debug is implemented in
libc_r; I suppose it's about time to kill it but will do it in
a future commit.
Fix a potential deadlock in _fwalk in a threaded environment.
A file flag (__SIGN) was added to stdio.h that, when set, tells
_fwalk to ignore it in its walk. This seemed to be needed in
refill.c because each file needs to be locked when flushing.
Add a stub for pthread_self in libc. This is needed by flockfile
which is allowed by POSIX to be recursive.
Make fgetpos() error return value (-1) match man page.
Remove recursive calls to locked functions (stdio); I think I've
got them all, but I may have missed a couple.
A few K&R -> ANSI conversions along with removal of a few instances
of "register".
$Id$ -> $FreeBSD$ in libc/stdio/rget.c
Not objected to: -arch, a few months ago
to be the same as -ragged in the current implementation) to
-ragged. With mdocNG, -filled displays produce the correct
output, formatted and justified to both margins.
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.
Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo
Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.
Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.
Remove uneeded includes of <errno.h> from a few files.
Add $FreeBSD$ to a few files in order to pass commitprep.
Approved by: -arch
interface was based on a draft version of POSIX whereas the final
(1996) version of POSIX specified that the error is returned.
While I'm here, fix getlogin_r so that it works for more than just
the first time it's called.
Reviewed by: wes, wollman (man page)
telldir positions. This will allow (future) locking on a
per-DIR basis (for MT-safety). For now, this change does
the following:
o Remove the hash table from telldir.c. Recode to use queue
macros.
o Remove 'const' from 'telldir(const DIR *)'.
o Remove 'register' variables as suggested in a recent
thread.
No response from: -current
a NULL argument. Some programs change the contents of the argv
array, typically to remove some special arguments. They shorten
argv by storing a NULL where an argument pointer used to be. Such
programs core dumped if they called setproctitle(), because it
would try to apply strlen() to a NULL pointer.
instead of immediately after the fclose. The previous logic did work
on freebsd, but is somewhat risky practice (and causes trouble when
porting to other OS's).
PR: bin/22965
Reviewed by: Garrett Wollman
were not present when dev_mkdb(8) was run.
First the dev_mkdb(8) database is searched, this caters for non-DEVFS
cases where people have renamed a device.
If that fails we ask the kernel using sysctl kern.devname if the device
driver has put a name in the dev_t. This covers DEVFS cloned devices.
If that also fails we format a string which isn't entirely useless.
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
It was kinda silly since the sigaction() syscall that it used to setup
the handler is more recent than __getcwd(), therefore it was useless
as the wrapper would have died before even getting as far as __getcwd(2).
Reminded by: bde
and bump __FreeBSD_version to 500012 to mark the occasion.
setproctitle() is prototyped in unistd.h as opposed to stdlib.h
where OpenBSD and NetBSD have it.
Reviewed by: peter
VIS_HTTPSTYLE is a new encoding style for use in vis(), strvis() and
strvisx() that escapes characters according to RFC 1808 (URI encoding).
Since decoding of these require different detection of start-points of
escaped characters, VIS_HTTPSTYLE can be given as flag to unvis().
unvis() will then properly decode URIs.
A new function appeared, strunvisx(): strunvisx() behaves similar as
strunvis(), with one exception: It has an additional flag parameter,
which is passed to unvis() to archive the effect I described above.
renamed to {s|g}etflagsbyname, which received objections. They're
now called strtofflags (string to file flags) and fflagstostr (file
flags to string).
Suggested by: bde
and gids bigger than 16 bits. Added checks for uids and gids that are
bigger than 32 bits.
Approved by: jkh (partly, this fix is bigger than I first intended)
interface, and statically link them to the programs using them.
These functions, upon reflection and discussion, are too generically
named for a library interface with such specific functionality.
Also the api that they use, whilst ok for private use, isn't good
enough for a libc function.
Additionally there were complications with the build/install-world
process. It depends heavily upon xinstall, which got broken by
the change in api, and caused bootstrap problems and general mayhem.
There is work in progress to address future problems that may be
caused by changes in install-chain tools, and better names for
{g|s}etflags can be derived when some future program requires them.
For now the code has been left in src/lib/libc/gen (it started off
in src/bin/ls).
It's important to provide library functions for manipulating file
flag strings if we ever want this interface to be adopted outside
of the source tree, but now isn't necessarily the right moment
with 4.0-release just around the corner.
Approved: jkh
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().
Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().
Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().
Make thread cancellation fully POSIX-compliant.
Suggested by: deischen
string to u_long and back using two functions, flags_to_string and
string_to_flags, which co-existed with 'ls'. As time has progressed
more and more other tools have used these private functions to
manipulate the file flags.
Recently I moved these functions from /usr/src/bin/ls to libutil,
but after some discussion with bde it's been decided that they
really ought to go in libc.
There are two already existing libc functions for manipulating file
modes: setmode and getmode. In keeping with these flags_to_string
has been renamed getflags and string_to_flags to setflags.
The manual page could probably be improved upon ;)
points. For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep(). The arrows represent weak aliases. For
system calls, the pattern is _read() <-- _libc_read() <-- read().
locking functions. If an application loads a shared object with
dlopen() and the shared object has an init function which requires
lazy binding, then _rtld_bind is called when the thread is already
inside the dynamic linker. This leads to a recursive acquisition
of the lock, which I was not expecting -- hence the assert failure.
This work-around makes the default locking functions handle recursive
locking. It is NOT the correct fix -- that should be implemented
at the generic locking level rather than in the default locking
functions. I will implement the correct fix in a future commit.
Since the dllockinit() interface will likely need to change, warn
about that in both the man page and the header file.
functions to be used by the dynamic linker. This can be called by
threads packages at start-up time. I will add the call to libc_r
soon.
Also add a default locking method that is used up until dllockinit()
is called. The default method works by blocking SIGVTALRM, SIGPROF,
and SIGALRM in critical sections. It is based on the observation
that most user-space threads packages implement thread preemption
with one of these signals (usually SIGVTALRM).
The dynamic linker has never been reentrant, but it became less
reentrant in revision 1.34 of "src/libexec/rtld-elf/rtld.c".
Starting with that revision, multiple threads each doing lazy
binding could interfere with each other. The usual symptom was
that a symbol was falsely reported as undefined at start-up time.
It was rare but not unseen. This commit fixes it.
takes an int arg and is prototyped in <string.h>. It has the opposite
interface botches to psignal(3) which takes a bogus unsigned arg but is
prototyped in the right place.
This is not the last of the interface problems for strsignal(). We
obtained it from NetBSD, but NetBSD has moved its prototype to
<unistd.h>. strsignal() should return const char *, but it returns
char * for historical reasons. NetBSD declares it as returning
__aconst char, where __aconst is normally empty but can be set to
`const' to give better error checking. glibc-2.1.1 prototypes
strsignal() in <string.h>.
the environment. This allows big ID warnings to be suppressed for
vipw and chpass as well.
Since the environment variable test is only performed for callers
of pw_scan() that do not set pw_big_ids_warning, the test can still
be overriden. Currently, chpass and pwd_mkdb are the only users
of pw_scan() and neither of them overrides the environment variable
test.
readdir_r is not POSIX according to POSIX_SOURCE, bruce says:
> readdir_r() is in the _POSIX_SOURCE section, but is not a POSIX.1-1990
> function. It's POSIX.1-1996 so it should be under a different feature
> test which we don't support yet.
make sure errno is saved so that its contents are cleared unless
necessary.
Submitted by: bde
eischen (Daniel Eischen) added wrappers to protect against cancled
threads orphaning internal resources.
the cancelability code is still a bit fuzzy but works for test
programs of my own, OpenBSD's and some examples from ORA's books.
add readdir_r to both libc and libc_r
add some 'const' attributes to function parameters
Reviewed by: eischen, jasone
happy with how this end up and will re-visit the entire empty field
problem, but this patch solves the NIS problem for now.
Submitted by: Dan Nelson <dan@emsphone.com>
PR: 14865,14984
This fixes some nasty procfs problems for SMP, makes ps(1) run much faster,
and makes ps(1) even less dependent on /proc which will aid chroot and
jails alike.
To disable this facility and revert to previous behaviour:
sysctl -w kern.ps_arg_cache_limit=0
For full details see the current@FreeBSD.org mail-archives.
next try over chroot (descriptor closed). getgrnam() used already handles
endgrent() properly and honors _gr_stayopen. Automatically call
setgroupent(1) when _pw_stayopen is set (for YP/NIS code).
-----------------------------
Most of the userland changes are in libc. For both the alpha
and the i386 setjmp has been changed to accomodate for the
new sigset_t. Internally, libc is mostly rewritten to use the
new syscalls. The exception is in compat-43/sigcompat.c
The POSIX thread library has also been rewritten to use the
new sigset_t. Except, that it currently only handles NSIG
signals instead of the maximum _SIG_MAXSIG. This should not
be a problem because current applications don't use any
signals higher than NSIG.
There are version bumps for the following libraries:
libdialog
libreadline
libc
libc_r
libedit
libftpio
libss
These libraries either a) have one of the modified structures
visible in the interface, or b) use sigset_t internally and
may cause breakage if new binaries are used against libraries
that don't have the sigset_t change. This not an immediate
issue, but will be as soon as applications start using the
new range to its fullest.
NOTE: libncurses already had an version bump and has not been
given one now.
NOTE: doscmd is a real casualty and has been disconnected for
the moment. Reconnection will eventually happen after
doscmd has been fixed. I'm aware that being the last one
to touch it, I'm automaticly promoted to being maintainer.
According to good taste this means that I will receive a
badge which either will be glued or mechanically stapled,
drilled or otherwise violently forced onto me :-)
NOTE: pcvt/vttest cannot be compiled with -traditional. The
change cause sys/types to be included along the way which
contains the const and volatile modifiers. I don't consider
this a solution, but more a workaround.
patch to stop the core dumps while others come up with a better
reviewed patch which may also fix other problems. We do illegal
pointer arithmetic, but it should be OK since FreeBSD only supports
machines with flat address spaces.
Submitted by: bde
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
- Sort xrefs
- FreeBSD.ORG -> FreeBSD.org
- Be consistent with section names as outlines in mdoc(7)
- Other misc mdoc cleanup.
PR: doc/13144
Submitted by: Alexy M. Zelkin <phantom@cris.net>
When fts_open is used with option FTS_NOCHDIR the full
path entry of type FTS_DP is returned with a trailing
'/' if the final directory is empty.
This fix coresponds to netbsd's __fts13.c v. 1.16
Note: you need to install the current groff tmac macros for these
man pages to format correctly. Specifically, rev 1.21 of
contrib_groff/tmac/doc-syms in -current, or rev 1.17.24 for 3.2-stable
(devname() returned "??" when the lookup failed, but callers expected it
to return NULL). This was fixed in Lite2, but until recently the changes
were only merged into devname.3. A day or two after devname.c was fixed,
devname.3 was made inconsistent again by backing out most of the Lite2
changes.
track.
The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;
.\" $Id$
.\"
If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.
Approved by: bde
function. It was an ill-considered feature. It didn't solve the
problem I wanted it to solve. And it added Yet Another Version
Number that would have to be maintained at every release point.
I'm nuking it now before anybody grows too fond of it.
that counted the number of elements in argv. The counter is incremented
in the next-iteration section of the loop, not the body, so at termination
it's already "counted" the element that failed the continuation test - in
this case the NULL argv terminator.
Noted by: bde
call them. All the execX() libc functions should be vfork() safe now.
Specifically:
- execlp() does the argument count-and-build into a vector from alloca
(like the others) - buildargv() is no longer used (and gone).
- execvp() uses alloca/strcpy rather than strdup().
- the ENOEXEC handler uses alloca rather than malloc.
- a couple of free() calls removed - alloca works on the local stack and
the allocations are freed on function exit (which is why buildargv
wasn't useful - it's alloca() context would disappear on return).
Along the way:
- If alloca() fails (can it?), set errno = ENOMEM explicitly.
- The ENOEXEC recovery routine that trys again with /bin/sh appeared to
not be terminating the new argv[] array for /bin/sh, allowing it to
walk off the end of the list.
I dithered a bit about using alloca() even more as it's most commonly
associated with gcc. However, standalone portable (using malloc) and
machine-specific assembler alloca implementations appear to be available
on just about all the architectures we're likely to want to port to.
alloca will be the least of our problems if ever going to another compiler.
which ones cause us to fail. Now all open errors on the databse file
will cause the next file in the list to be tried.
Submitted by: Arne Henrik Juul <arnej@math.ntnu.no>
PR: 4585
- document that sysctl() and sysctlbyname() return 0 on success
- if the provided buffer is too small, set errno to ENOMEM and return -1
instead of returning ENOMEM.
is actually mounted on "/" can be determined using statfs() and is
in /dev. This fixes fsck operating on the wrong device when the
fs_spec entry is only an alias. The aliased case became more
dangerous when the ROOTSLICE_HUNT hack was committed in mount(8).
ROOTSLICE_HUNT may be unnecessary now.
an unimprovement here. I thought it would be an improvement, as in libkvm,
but here we can access the strings directly.
Use sysctlbyname() instead of sysctl() and trust it to give a nonzero
address if it succeeds.
they cannot mount a filesystem that they cannot see in getvfsbyname().
Part 1 of this is a hack, make vfsisloadable() always return true - the
ultimate decider of whether it's loadable or not is kldload() or mount().
Part 2 of this is to have vfsload() call kldload(2) and return success if
it works. This means that we will use a viable kld module in preference
to an LKM!
Ultimately, the thing to do is remove the hacks to do a vfsload in all the
mount_* commands and let the kernel do it by itself in mount(2).
vfork() can't be used. We could use alloca() in execl() so that
it can be called between vfork() and execve(), but a "portable"
popen() shouldn't depend on this. Calling execle() instead of
execl() should be fairly safe, since execle() is supposed to be
callable from signal handlers and signal handlers can't call
malloc(). However, execle() is broken.
PR: 7923
Submitted by: Archie Cobbs <archie@whistle.com>
The scandir() function returns -1 if it fails.
In many cases when this happens, it does not free
the memory that it allocated, resulting in a memory
leak, or close the directory opened with opendir().
BAD DOG, BAD!
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x). Per ANSI-C, this is
guaranteed to be the same thing.
I've been running these on my system here w/o ill effects for some
time. However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes. Shouldn't impact anything, but...
addresses by default.
Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".
Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).
Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
- Fix some style errors I made back in 1995.
- Add a new flavor of the err(3) family, which takes an explicit
errno argument rather than implicitly examining errno. This
will make it easier to use these functions in conjunction with
modern library interfaces that return an errno value explicitly.
standard places ("/etc/objformat", ${OBJFORMAT}, argv) for an
indication of the user's preferred object file format. This
consolidates some code that was starting to be duplicated in more
and more places.
Use the new function in ldconfig.
Note: I don't think that gcc should use getobjformat(), even though
it could. The compiler should limit itself to functions that are
widespread, to ease porting and cross-compilation.
revisions to match the confusing spelling in getttyent.c (1 to
break it to match the man page and 1 in each of 2 branches to fix
it). This function seems to be orphaned and unused.
copy to bring these files into libc from libcompat. I will enable
them and kill off the libcompat versions on the main branch soon.
PR: step one toward closing misc/6763
available and the kernel MIB setting is zero.
Return the result from getpagesize() if the p1003_1b.pagesize MIB
value is zero.
Suggested by: Joerg Schilling <schilling@fokus.gmd.de>
_KPOSIX_PRIORITY_SCHEDULING options to work. Changes:
Change all "posix4" to "p1003_1b". Misnamed files are left
as "posix4" until I'm told if I can simply delete them and add
new ones;
Add _POSIX_PRIORITY_SCHEDULING system calls for FreeBSD and Linux;
Add man pages for _POSIX_PRIORITY_SCHEDULING system calls;
Add options to LINT;
Minor fixes to P1003_1B code during testing.
Changes to support building with _POSIX_SOURCE set to 199309L:
1. Add sys/_posix.h to handle those preprocessor defs that POSIX
says have effects when defined before including any header files;
2. Change POSIX4_VISIBLE back to _POSIX4_VISIBLE
3. Add _POSIX4_VISIBLE_HISTORICALLY for pre-existing BSD features now
defined in POSIX. These show up when:
_POSIX_SOURCE and _POSIX_C_SOURCE are not set or
_POSIX_C_SOURCE is set >= 199309L
and vanish when:
_POSIX_SOURCE is set or _POSIX_C_SOURCE is < 199309L.
4. Explain these in man 9 posix4;
5. Include _posix.h and conditionalize on new feature test.
fix a slight confusion about which draft of threads we are supporting.
this allows something as big and ugly as samba to be compiled with libc_r
and still work! our user-level pthreads seems amazingly robust!
one group. Thanks to Dirk Froemberg for supplying a patch for this. I will
be closing out the PR and moving this to the 2.2.5 branch later: my login
sessions to freefall from Columbia are ridiculously spotty today.
PR: 5610
Submitted by: Dirk Froemberg <ibex@physik.TU-Berlin.DE>
into libc. This reduces the size of every dynamically linked
executable by 248 bytes, and it reduces the size of static executables
by a lesser amount. It also eliminates some global namespace
pollution.
With this change in place, the source for dlfcn.h should probably
be moved to "/usr/src/include". I'll save that for another day.
Compatibility note: Programs which use dlopen, if compiled on
systems with this change, will not run on systems with a libc from
prior to this change. Very few programs use dlopen, so I think
that is OK.
and the pre-Lite2 vfsconf interfaces.
For getvfsent.c, just define _OLD_VFSCONF. This will give the
current default macro hacks in <sys/mount.h> when the default is
reversed. This is an intermediate step.
overwrites it. This actually showed up when running under an old
kernel when free() called the madvise() stub which set errno, causing
getcwd() to return EOPNOTSUPP instead of ERANGE.
that this source is compiled against. This source is referenced by
install which is needed as a build tool and must be able to compile
against NetBSD headers and libraries if we have a hope of supporting
another architecture.
With this change, that's two working programs down and 3945 (?) to go.
The other one was make, but that didn't need any changes to work under
FreeBSD/Alpha. 8-)
Note this ONLY affects the function version - the macro version is always
used unless for some reason you put #undef sigismember in your code before
calling it.
PR: 3615
Submitted by: Nanbor Wang <nw1@cs.wustl.edu> (slightly amended patch)
for the entire time that it was there, so obviously nothing needs it
anymore.
Note, unix98/single-unix spec v2 says that usleep() returns an int rather
than a void, to indicate whether the entire time period elapsed (0) or an
error (eg: signal handler) interrupted it (returns -1, errno = EINTR)
It is probably useful to make this change but I'll test it locally first
to see if this will break userland programs [much]...
Reviewed by: ache, bde
back to the original single nanosleep() implementation. This is POSIX and
Unix98 (aka single-unix spec v2) compliant behavior. If a program sets
alarm(2) or an interval timer (setitimer(2)) without a SIGALRM handler
being active, sleep(3) will no longer absorb it, and the program will get
what it asked for..... :-]
The original reason for this in the first place (apache) doesn't seem to
need it anymore, according to Andrey.
Reviewed by: ache, bde
to POSIX.2. In particular:
- don't retry for ETXTBSY. This matches what sh(1) does. The retry code
was broken anyway. It only slept for several seconds for the first few
retries. Then it retried without sleeping.
- don't abort the search for errors related to the path prefix, in
particular for ENAMETOOLONG, ENOTDIR, ELOOP. This fixes PR1487. sh(1)
gets this wrong in the opposite direction by never aborting the search.
- don't confuse EACCES for errors related to the path prefix with EACCES
for errors related to the file. sh(1) gets this wrong.
- don't return a stale errno when the search terminates normally without
finding anything. The errno for the last unsuccessful execve() was
usually returned. This gave too much precedence to pathologies in the
last component of $PATH. This bug is irrelevant for sh(1).
The implementation still uses the optimization/race-inhibitor of trying
to execve() things first. POSIX.2 seems to require looking at file
permissions using stat(). We now use stat() after execve() if execve()
fails with an ambiguous error. Trying execve() first may actually be a
pessimization, since failing execve()s are fundamentally a little slower
than stat(), and are significantly slower when a file is found but has
unsuitable permissions or points to an unsuitable interpreter.
PR: 1487
'slow' lookup if we get a YPERR_MAP (no such map in server's domain) error
instead of failing over on any error. In the latter case, if the 'fast'
search fails legitimately (i.e. the user or host really isn't a member
of the specified netgroup) then we end up doing the 'slow' search and
failing all over again. The result is still correct, but cycles are
consumed for no good reason.
Also removed the #ifdef CHARITABLE since the compat kludge is no longer
optional.
that if searching through the special netgroup.byhost or netgroup.byuser
maps didn't work, we would roll over to the 'slow' method of grovelling
though the netgroup map and working out the dependencies on the fly.
But I left this option hidden inside an #ifdef CHARITABLE since I
didn't think I'd ever need it.
Well, the Sun rpc.nisd NIS+ server in YP compat mode doesn't support
the .byhost and .byuser reverse maps, so the failover is necessary
in order to be compatible. *sigh*
This closes PR #3891, and should be merged into RELENG_2_2.
plain 0 should be used. This happens to work because we #define
NULL to 0, but is stylistically wrong and can cause problems
for people trying to port bits of code to other environments.
PR: 2752
Submitted by: Arne Henrik Juul <arnej@imf.unit.no>
#defines that are compatable with ours). I made some some minor tweaks
to the leading '_' tests.
Again, this is off by default for the moment. This probably should be
split into seperate files (like some of our other libc files that could
do with some splitting).
Obtained from: OpenBSD (plus some minor tweaks)
tree. Also merge in fix to NetBSD PR #1495. These represent 1.3-1.9 in
the OpenBSD tree. Make minor KNF changes to new code (which is in the
OpenBSD as 1.10). This avoids the symlink race problems.
These patches should go into 2.2.5 before the ship if they don't
break anything in -current.
Reviewed by: Bruce Evans
Obtained from: OpenBSD
and return to previous Peter's variant.
POSIX says that this place is implementation defined and old variant allows
application block SIGALRM and sleep and not be killed by external SIGALRMs.
BTW, GNU sleep f.e. sleeps forever in blocked SIGALRM :-)
acceptable range for tv_sec to the magic number 100000000 (which at
least ought to be declared in a header file, and explained in the
non-existing man page, as well as in the existing man pages for
nanosleep(2) & Co.).
PR: bin/4259
lifetime of the call, just like the old implementation did. Previously,
we were only eating them if the application did not call sleep()/usleep()
with SIGALRM masked.
Submitted by: ache
srandomdev(), but can be used inside libraries. random() can't be used
inside libraries because it breaks its possible predictable sequence.
arc4random() is true random as designed, so its usage is library-safe.
Obtained from: OpenBSD
semantics of the old sleep for compatability with a few decades of expected
side effects. Apache breaks if we just use nanosleep() for some reason,
here we use a new signanosleep() syscall which is kinda like a hybrid of
sigsuspend and nanosleep..
Reviewed by: ache (and tested on his apache that was failing when
sleep used plain nanosleep)
These changes add the ability to specify that a UFS file/directory
cannot be unlinked. This is basically a scaled back version
of the IMMUTABLE flag. The reason is to allow an administrator
to create a directory hierarchy that a group of users
can arbitrarily add/delete files from, but that the hierarchy
itself is safe from removal by them.
If the NOUNLINK definition is set to 0
then this results in no change to what happens normally.
(and results in identical binary (in the kernel)).
It can be proven that if this bit is never set by the admin,
no new behaviour is introduced..
Several "good idea" comments from reviewers plus one grumble
about creeping featurism.
This code is in production in 2.2 based systems
-DUSE_NANOSLEEP. Also, seperate the code for _THREAD_SAFE so that it uses
the simpler threaded nanosleep() call in libc_r.. We don't go to the same
extremes for emulating traditional sleep semantics (ie: eating any SIGALRM
that might happen) which things like apache seem to depend on.
value, it appears as though the semantics of usleep are that it doesn't
return early. (only in the nanosleep code - the setitimer code does this
already)
(nanosleep) breaks Apache httpd badly: his childs died quickly after
number of requests (SIGPIPE). To reproduce this bug start
gdb /usr/local/sbin/httpd
run -X
and make some bunch of concurent requests (load the server pages
from 3 different places f.e.)
After short time httpd dies via SIGPIPE. It never dies with old sleep.c
In real life it looks like lots of broken images on the pages or missing
pages. Lynx says about Network read error, etc.
It seems something wrong in nanosleep signal handling.
so that all these makefiles can be used to build libc_r too.
Added .if ${LIB} == "c" tests to restrict man page builds to libc
to avoid needlessly building them with libc_r too.
Split libc Makefile into Makefile and Makefile.inc to allow the
libc_r Makefile to include Makefile.inc too.
and FNM_LEADING_DIR were specified and the pattern ended with "*".
Example: pattern="src/usr.sbin/w*", string="src/usr.sbin/watch/watch.8,v".
This should match, but did not.
TTY_NETWORK (network), TTY_DIALUP (dialup), which determine a basic
connection type. TTY_DIALUP in particular will replace the old out of
date heuristic "tty[dD]*" in login.c (and better than the current
hard-coded method).
uid/gid in question was in the cache, but did not exist
in the password file. This causes the -nouser and -nogroup
options to find(1) to only print the first file owned by
an unknown user/group in some cases.
modern FreeBSD systems will syslog properly on older systems that
still name the logging socket "/dev/log". This includes pre-2.2
versions of FreeBSD as well as BSD/OS systems. If the connect to
"/var/run/log" fails, the function now tries to connect to
"/dev/log" as a fallback.
because it's potentially dangerous (think: symlink races). Move
realpath() back to it's original location, and remove getcwd_physical()
by renaming it back to getcwd() and zapping the original getcwd wrapper.
Noticed by: bde
touch duplicate group suppression, but the merge blew away our
duplicate group suppression.
The merge also blew away the -Wall cleanup in rev.1.5, but that
was misformatted, so I didn't restore it.
My changes to preserve errno across free() and close() and to report
fstat() errors properly were blown away.
Updated the FreeBSD changes to match the Lite2 style fixes.
Document that popen() can now create bidirectional pipes and handles.
Note that this needs to be updated since we have a native bidirectional
pipe and don't use socketpair() here.
style and b) the wrong logic. Should be strstr(s, "##") != NULL. (Note
that the passwd.adjunct stuff has not been merged into 2.2 so this bug
is not in that branch.)
The character `#' introduces a comment. Leading spaces and tabs are
ignored: '^[ \t]*#.*\n$'
Count an empty line - only spaces, tabs or newline - also as a comment.
(to be compatibel with password database comments). '^[ \t]*\n$'
for now so that we don't lose library compatibility. Applications should
define _NEW_VFSCONF and use getvfsbyname() instead of new_getvfsbyname()
if they want the new vfsconf interface. Parts of the old interface
(enough to load vfs modules, I hope) are still available.
- Use MAP_FAILED instead of the constant -1 to indicate
failure (required by POSIX).
- Removed flag arguments of '0' (required by POSIX).
- Fixed code which expected an error return of 0.
- Fixed code which thought any address with the high bit set
was an error.
- Check for failure where no checks were present.
Discussed with: bde
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
more manageable and convenient referencing by login.conf (login
class database) and (e.g.) login.access.
This is the first of a group of commits which implements the login
class capabilities database.
- getpwent:
o adjunctbuf should be NUL terminated after copying
o _pw_breakout_yp() needs to know the length of the buffer returned
from YP so it can properly NUL terminate its local buffer.
- getgrent:
o YP buffers should be YPMAXRECORD + 2 bytes long and NUL terminated.
(Previously they were hardcoded to 1024 bytes.)
- getnetgrent:
o YP data should be copied with snprintf(), not sprintf()
These are 2.2 candidates. I will wait a few days to make sure these don't
break anything and then, if there are no objections, move them to the 2.2
branch.
line length limit anymore - now 500 members or 5000 members are
possible. For security group lines longer than 256K will be count as
an error. 256K should be enough for 65536 users.
Support comments (lines that begin with a #) if compiled with
option -DGROUP_IGNORE_COMMENTS.
Fortunately it seems that all system utilities which use getgrent()
functions are dynamically linked executables. So you need only
rebuild libc.so.3.0 if you want this change. Note: if you have
an old X server which depend on libc.so.2.* you should rebuild
libc.so.2.* too.
Not a 2.2 candidate.
copy of insure++, too bad the runtime only works for BSD/OS. :-(
Maybe they'll be so impressed by my initial 15 entry bug report for it
that they'll take the FreeBSD version more seriously. :-) :-)
NIS map which is present on SunOS NIS servers with the SunOS C2 security
hack^Woption installed. I'm convinced that the C2 security option restricts
access to the passwd.adjunct.byname map in the same way that I restrict
access to the master.passwd.{byname,buid} maps (checking for reserved ports),
which means that we should be able to handle passwd.adjunct.byname map
correctly.
If _havemaster() doesn't find a master.passwd.byname map, it will now
test for a passwd.adjunct.byname map before defaulting back to the
standard non-shadowed passwd.{byname,byuid} maps. If _pw_breakout_yp()
sees that the adjunct map was found and the password from the standard
maps starts with ##, it will try to grab the correct password field
from the adjunct map. As with the master.passwd maps, this only happens
if the caller is root, so the shadowing feature is preserved; non-root
users just get back ##username as the encrypted password.
Note that all we do is grab the second field from the passwd.adjunct.byname
entry, which is designated to be the real encrypted password. There are
other auditing fields in the entry but they aren't of much use to us.
Also switched back to using yp_order() to probe for the maps (instead
of yp_first()). The original problem with yp_order() was that it barfed
with NIS+ servers in YP compat mode since they don't support the
YPPROC_ORDER procedure. This condition is handled a bit more gracefully
in yplib now: we can detect the error and just punt on the probing.
Garbage in `eacces' caused the wrong errno to be set for non-EACCES errors.
Garbage in `etxtbsy' caused a semi-random retry strategy for ETXTBSY errors.
Found by: NIST-PCTS. gcc -Wall reported the problem, but -Wall is not
enabled for libc.
1) Rename FNM_ICASE to FNM_CASEFOLD
2) Add FNM_LEADING_DIR
Add proper (unsigned char) casts to tolower().
Use 'char' function argument for proper sign extension
- removed references to nonexistent pathconf-related variables.
- document everything in CTL_MACHDEP(more than in sysctl.8) and
80% of the things in CTL_KERN (same as in sysctl.8).
for gcc >= 2.5 and no-ops for gcc >= 2.6. Converted to use __dead2
or __pure2 where it wasn't already done, except in math.h where use
of __pure was mostly wrong.
in a bunch of man pages.
Use the correct .Bx (BSD UNIX) or .At (AT&T UNIX) macros
instead of explicitly specifying the version in the text
in a bunch of man pages.
Here are the diffs for libc_r to get it one step closer to P1003.1c
These make most of the thread/mutex/condvar structures opaque to the
user. There are three functions which have been renamed with _np
suffixes because they are extensions to P1003.1c (I did them for JAVA,
which needs to suspend/resume threads and also start threads suspended).
I've created a new header (pthread_np.h) for the non-POSIX stuff.
The egrep tags stuff in /usr/src/lib/libc_r/Makefile that I uncommented
doesn't work. I think its best to delete it. I don't think libc_r needs
tags anyway, 'cause most of the source is in libc which does have tags.
also:
Here's the first batch of man pages for the thread functions.
The diff to /usr/src/lib/libc_r/Makefile removes some stuff that was
inherited from /usr/src/lib/libc/Makefile that should only be done with
libc.
also:
I should have sent this diff with the pthread(3) man page.
It allows people to type
make -DWANT_LIBC_R world
to get libc_r built with the rest of the world. I put this in the
pthread(3) man page. The default is still not to build libc_r.
also:
The diff attached adds a pthread(3) man page to /usr/src/share/man/man3.
The idea is that without libc_r installed, this man page will give people
enough info to know that they have to build libc_r.
bugs in your code is to put it in the -stable branch. (Corollary: the
day you discover the bug is the day the Internet decides to route your
telnet session to the repository box via Zimbabwe.)
Remove one bogus free(result) (from _havemaster()) that slipped by me.
Flagged by: phkmalloc
Pointed out to me by: Stefan Esser
In __initdb(), a failure to open the local password database is supposed
to result in a warning message being syslog()ed. This warning is only
supposed to be generated as long as the 'warned' flag hasn't been yet;
once the warning is generated, the flag should be set so that the message
is only syslog()ed once. However, while the state of the flag is checked
properly, the flag's state is never changed, so you always get multiple
warnings instead of just one.
Pointed out by: Peter Wemm
This commit covers the man pages for most of the ANSI library functions.
A few others such as strtol.3 have to mention <sys/types.h> because they
mix ANSI interfaces with less well designed extensions.
getnetgrent.c:
- Catch one bogon that snuck by: in _listmatch(), check for '\0'
rather than '\n'; strings returned from yp_match() are terminated
with a nul, not a newline.
getpwent.c:
- Rip out all of the +inclusion/-exclusion stuff from before and
replace it with something a little less grotty. The main problem
with the old mechanism was that it wasted many cycles processing
NIS entries even after it already knew they were to be exlcuded
(or not included, depending on your pointof view). The highlights
of these changes include:
o Uses an in-memory hash database table to keep track of all the
-@netgroup, -user, and -@group exclusions.
o Tries harder to duplicate the behavior normally obtained when using
NIS inclusions/exclusions on a flat /etc/passwd file (meaning things
come out in much the same order).
o Uses seperate methods for handling getpwent() and getpwnam()/getpwuid()
operations instead of trying to do everything with one general
function, which didn't work as well as I thought it would.
o Uses both getnetgrent() and innetgr() to try to save time where
possible.
o Use only one special token in the local password database
(_PW_KEYYPBYNUM) instead of seperate tokens to mark + and -
entries (and stop using the counter tokens too). If this new
token doesn't exist, the code will make due with the standard
_PW_KEYBYNUM token in order to support older databases that
won't have the new token in them.
All this is an attempt to make this stuff work better in environments
with large NIS passwd databases.
- Clear the _yp_innetgr flag immediately after calling setnetgrent() from
innetgr(). We only need the flag set to temporarily alter setnetgrent()'s
behavior. Previously, it was being cleared too late.
- When in NIS-only mode, innetgr() was wasting time doing unecessary
extra processing after it had already found a match.
- Remember to free memory allocated by the NIS functions during innetgr()
searches.
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
