1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

5427 Commits

Author SHA1 Message Date
David E. O'Brien
b8ea11cf79 Correct style. 2012-08-22 23:44:12 +00:00
David E. O'Brien
b7aeb5b281 * Reinstate r128059's consumption of our best entropy first.
r128060 for "hardware-supplied entropy" reversed this without reason,
  seems a typo.
* Isolate "better than nothing" implementation to a function.

Submitted by:	obrien & Arthur Mesh <arthurmesh@gmail.com>
Sponsored by:	Juniper Networks
2012-08-22 23:37:24 +00:00
David E. O'Brien
2719ba5d0f The entire comment block is now spell checked this time -- I promise. 2012-08-22 22:34:55 +00:00
Xin LI
9130580bbd Allow - be used in the name of a provider. Without this change it's not
possible to specify a gptid in geli_devices.
2012-08-22 22:17:35 +00:00
David E. O'Brien
89e7132797 Fix comment misspelling.
Submitted by:	kargl
2012-08-22 20:56:53 +00:00
David E. O'Brien
a23ec70a4e Depend on the new 'postrandom' instead of random.
We need to limit the amount of time between consuming the entropy seeds
and removing it in case of a kernel panic.
2012-08-22 18:49:02 +00:00
David E. O'Brien
7e7fd6c88d Remove old entropy seeding after consumption initializing /dev/random PRNG.
Not doing so opens us up to replay attacks.

Submitted by:	Arthur Mesh <arthurmesh@gmail.com>
Sponsored by:	Juniper Networks
2012-08-22 18:43:21 +00:00
David E. O'Brien
849d3c12df Add dependencies based on security(7). 2012-08-22 18:35:17 +00:00
Xin LI
82607d1ec1 As of r232844 we no longer need the maxpoll 9 workaround.
MFC after:	3 days
2012-08-20 18:45:16 +00:00
Dimitry Andric
7ae0e2c9f0 Upgrade our copy of llvm/clang to trunk r162107. With thanks to
Benjamin Kramer and Joerg Sonnenberger for their input and fixes.
2012-08-20 18:33:03 +00:00
Jun Kuriyama
9b9bfdcc30 - Allow to pass extra parameters for each jails.
- To achieve above, convert jail(8) invocation to use new style
  command line "-c" flag.

Reviewed at:	freebsd-jail@
2012-08-19 08:15:32 +00:00
Hans Petter Selasky
f167692215 Regenerate usb.conf
MFC after:	2 weeks
2012-08-05 11:53:16 +00:00
Devin Teske
41e0047a15 Revert SVN r238628 (mistake). 2012-07-19 22:41:00 +00:00
Devin Teske
f316f2c30c Fix syntax errors (s/:=/:-/).
Reviewed by:	emaste (mentor)
Approved by:	emaste (mentor)
MFC after:	3 days
2012-07-19 22:33:13 +00:00
Maksim Yevmenkin
78cf63fc10 Allow to specify no source-address-selection policy
MFC after:	1 week
2012-07-19 15:36:36 +00:00
Joerg Wunsch
5cb470c830 Add share/examples/libusb20 to the list of directories. 2012-07-19 11:18:41 +00:00
Dag-Erling Smørgrav
d256f21a9a Move -n ${_jail} before ${_flags} so that any -n options in ${_flags}
will override ours instead of the other way around.
2012-07-18 23:01:23 +00:00
Brooks Davis
ba7f643097 MFP4 214344:
Tighten the regular expression that checks for an md /tmp such that
no /tmp mount and an md / isn't improperly matched.

Sponsored by:	DARPA/AFRL
2012-07-13 20:10:59 +00:00
Kevin Lo
1424b561e1 Whitespace nit 2012-07-13 06:46:09 +00:00
Hiroki Sato
5a6d2079d5 Fix a missing ";". 2012-07-09 20:11:32 +00:00
Hiroki Sato
ef23194991 - Add IFT_L2VLAN (vlan(4)) support.
- Add -P option to support PID file.  When -a is specified /var/run/rarpd.pid
  is used, and when an interface is specified /var/run/rarpd.<ifname>.pid is
  used by default.
2012-07-09 08:11:16 +00:00
Hiroki Sato
8efbd296e0 Make ipfw0 logging pseudo-interface clonable. It can be created automatically
by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8)
after a boot.

Discussed on:	freebsd-ipfw@
2012-07-09 07:16:19 +00:00
Dag-Erling Smørgrav
7f8492ba48 Name jails automatically.
MFC after:	1 week
2012-07-04 13:37:44 +00:00
Sean Bruno
55fb7f3673 Revert r238004 as more review has come in and there is now a discussion
on how to best proceed.
2012-07-02 17:55:29 +00:00
Sean Bruno
7402aad3c7 Cosmetic display change of Cx states via cx_supported sysctl entries.
Adjust power_profile script to handle the new world order as well.

Some vendors are opting out of a C2 state and only defining C1 & C3.  This
leads the acpi_cpu display to indicate that the machine supports C1 & C2
which is caused by the (mis)use of the index of the cx_state array as the
ACPI_STATE_CX value.

e.g. the code was pretending that cx_state[i] would
always convert to i by subtracting 1.

cx_state[2] == ACPI_STATE_C3
cx_state[1] == ACPI_STATE_C2
cx_state[0] == ACPI_STATE_C1

however, on certain machines this would lead to
cx_state[1] == ACPI_STATE_C3
cx_state[0] == ACPI_STATE_C1

This didn't break anything but led to a display of:
 * dev.cpu.0.cx_supported: C1/1 C2/96

Instead of
 * dev.cpu.0.cx_supported: C1/1 C3/96

MFC after:	2 weeks
2012-07-02 16:57:13 +00:00
Christian Brueffer
e19c9e1ed5 Similar to all.log, mention that /var/log/console.log has to be created and chmod'ed
to make logging work.

PR:		168889
Submitted by:	Robert Simmons <rsimmons0@gmail.com>
MFC after:	1 week
2012-07-01 12:34:19 +00:00
John Baldwin
f0e130f7b7 Only output a list of file systems that need to be dumped if the system
has a non-empty dumpdates file.

Reviewed by:	brooks
MFC after:	1 week
2012-06-20 20:01:51 +00:00
David E. O'Brien
2e0c6b7ac0 Install filemon.h into /usr/include for userland consumption. 2012-06-20 00:09:47 +00:00
Dag-Erling Smørgrav
3acb6d160f Passive mode is the default, and has been for a while.
MFC after:	1 week
2012-06-19 14:47:07 +00:00
Dag-Erling Smørgrav
b4f560356a Switch the default password hash from md5 to sha512.
MFC after:	1 week
2012-06-19 14:46:18 +00:00
Dag-Erling Smørgrav
7c5a921699 Finally nuke auth.conf, nine years after it was deprecated. The only
thing it was still used for was to set the "global default" password
hash.  Since the stock auth.conf contained nothing but comments, the
global default was actually the first algorithm in crypt(3)'s list,
which happens to be DES; I take the fact that nobody noticed as proof
that it was not used outside of crypt(3).

The only other use in our tree was in the Kerberos support code in
in tinyware's passwd(1).  I removed that code in an earlier commit;
it would not have compiled anyway, as it only supported Kerberos IV.

The auth_getval() function is now a stub that always returns NULL,
which has the same effect as a functional auth_getval() with an
empty auth.conf.

MFC after:	3 weeks
2012-06-12 17:02:53 +00:00
Eitan Adler
d81a84a9bc Don't attempt to delete .sujournal in /tmp
PR:		conf/163828
Submitted by:	Tatsuki Makino <tatsuki_makino@hotmail.com>
Approved by:	cperciva
MFC after:	1 week
2012-05-30 03:51:46 +00:00
Martin Wilke
57eef2a0b2 - FreeBSD ships a KDE PAM module in base, but it's missing support for passwordless login (kde-np),
and it doesn't really belong in base system.

PR:		misc/167261
Submitted by:	avilla@
Approved by:	rwatson (mentor)
MFC after:	3 days
2012-05-30 03:10:22 +00:00
Hans Petter Selasky
9d569918e6 Regenerate usb.conf
MFC after:	3 days
2012-05-21 15:01:35 +00:00
George V. Neville-Neil
4d37a12307 Add support for our own DTrace scripts and those from the DTraceToolkit
to the build system.  FreeBSD written scripts are stored in
src/share and the toolkit scripts are brought from the cddl directory
into a working tree via install.

MFC after:	2 weeks
2012-05-18 16:40:15 +00:00
Grzegorz Bernacki
7f725bcd5c Import work done under project/nand (@235533) into head.
The NAND Flash environment consists of several distinct components:
  - NAND framework (drivers harness for NAND controllers and NAND chips)
  - NAND simulator (NANDsim)
  - NAND file system (NAND FS)
  - Companion tools and utilities
  - Documentation (manual pages)

This work is still experimental. Please use with caution.

Obtained from: Semihalf
Supported by:  FreeBSD Foundation, Juniper Networks
2012-05-17 10:11:18 +00:00
Eitan Adler
833cabc9a1 Submitted by: gavin, pjd
Approved by:	cperciva
MFC after:	3 days
2012-05-09 17:29:07 +00:00
John Baldwin
25d56d8dcc Display dropped transmit packets in the daily network interface output.
PR:		conf/165956
Submitted by:	Jeremy Chadwick
MFC after:	1 week
2012-05-07 15:41:31 +00:00
Stanislav Sedov
51506f39f4 - Change kfd rc script to be more conformant with rcNG conventions:
o change rcname to kfd;
  o move mandatory options to command_args;
  o add missing "shutdown" keyword;
  o fix require line.  Kfd doesn't really need to be started before
    daemons.

Suggested by:	dougb
2012-05-06 20:46:04 +00:00
John Baldwin
b8cb2346fc - Don't log messages saying that accounting is being disabled and enabled
if the accounting log file is atomically replaced with a new file
  (such as during log rotation).
- Simplify accounting log rotation a bit.  There is no need to re-run
  accton(8) after renaming the new log file to it's real name.

PR:		kern/167321
Tested by:	Jeremy Chadwick
2012-05-02 14:25:39 +00:00
Dimitry Andric
dff0c46c97 Upgrade our copy of llvm/clang to trunk r154661, in preparation of the
upcoming 3.1 release (expected in a few weeks).  Preliminary release
notes can be found at: <http://llvm.org/docs/ReleaseNotes.html>

MFC after:	2 weeks
2012-04-16 21:23:25 +00:00
Eitan Adler
bf98096218 - remove the length shortening on the path
- make the default prompt a bit more like scp
- make the user show as root even when using 'su' instead of 'su -'
- the key bindings didn't hurt anything but likely hide a bug
- merge history instead of overwriting it

Submitted by:	gavin, joel
Approved by:	cperciva
2012-04-11 14:13:22 +00:00
Stanislav Sedov
7e2d4dcd24 - Add rc.d script for kfd, kerberos forwarded tickets daemon. 2012-04-10 09:27:41 +00:00
Ivan Voras
1c78ab7317 Add MySQL port 3306
Obtained from:	http://www.iana.org/assignments/port-numbers
MFC after:	1 week
2012-03-26 11:48:47 +00:00
Eitan Adler
7ba657625c Fix build by adding new directory to mtree in r233429
Submitted by:	flo
Approved by:	cperciva
MFC after:	1 week
2012-03-24 21:10:19 +00:00
Eitan Adler
1233083107 - Make the default values for tcsh more user friendly
- Add an examples file with many of the not accepted suggestions from the discussion

PR:		conf/160689
Reviewed by:	many
Discussed on:	current
Approved by:	cperciva
2012-03-24 18:43:18 +00:00
Sergey Kandaurov
1554a84e91 Clean up of fs/fifofs include directory after fifo.h removal.
Glanced by:	kib
2012-03-23 10:12:35 +00:00
Stanislav Sedov
ae77177087 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
Gleb Smirnoff
004cb95bae Rotate auth.log and messages at the beginning of a year. Otherwise,
daily security checks 800.loginfail and 900.tcpwrap may produce
false positive alerts.
2012-03-19 09:30:40 +00:00
Hans Petter Selasky
d2c5981310 Regenerate usb.conf to use new -n option when doing kldload.
MFC after:	1 week
2012-03-18 09:52:54 +00:00