Date: Wed, 16 May 2018 23:44:46 +1000 (EST) From: Bruce Evans <brde@optusnet.com.au> To: Bruce Evans <brde@optusnet.com.au> Cc: =?UTF-8?Q?Jean-S=c3=a9bastien_P=c3=a9dron?= <dumbbell@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r333669 - in head/sys: dev/vt kern sys teken Message-ID: <20180516231304.Y6071@besplex.bde.org> In-Reply-To: <20180516191245.T5082@besplex.bde.org> References: <201805160901.w4G912FD056132@repo.freebsd.org> <20180516191245.T5082@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 May 2018, Bruce Evans wrote: > On Wed, 16 May 2018, [UTF-8] Jean-S=C3=A9bastien P=C3=A9dron wrote: > >> Author: dumbbell >> Date: Wed May 16 09:01:02 2018 >> New Revision: 333669 >> URL: https://svnweb.freebsd.org/changeset/base/333669 >>=20 >> Log: >> teken, vt(4): New callbacks to lock the terminal once >>=20 >> ... to process input, instead of inside each smaller operations such as >> appending a character or moving the cursor forward. >> .... >> The goal is to improve input processing speed of vt(4). As a benchmark, >> here is the time taken to write a text file of 360 000 lines (26 MiB) o= n >> `ttyv0`: >>=20 >> * vt(4), unmodified: 1500 ms >> * vt(4), with this patch: 1200 ms >> * syscons(4): 700 ms > > Syscons was pessimized by a factor of about 12 using related methods > (excessive layering, aktough not so much locking). So the correct > comparison is with unpessimized syscons taking about 60 ms. Unrelated to my previous reply: this commit breaks syscons (especially when vt is not configured) by calling pointers that are only initialized to non-null for vt (subr_terminal.c), so the pointers are null for syscons. The following quick fix seems to work. XX Index: teken.c XX =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D XX --- teken.c=09(revision 333672) XX +++ teken.c=09(working copy) XX @@ -136,8 +136,8 @@ XX teken_funcs_pre_input(const teken_t *t) XX { XX=20 XX -=09teken_assert(t->t_funcs->tf_pre_input !=3D NULL); XX -=09t->t_funcs->tf_pre_input(t->t_softc); XX +=09if (t->t_funcs->tf_pre_input !=3D NULL) XX +=09=09t->t_funcs->tf_pre_input(t->t_softc); XX } XX=20 XX static inline void XX @@ -144,8 +144,8 @@ XX teken_funcs_post_input(const teken_t *t) XX { XX=20 XX -=09teken_assert(t->t_funcs->tf_post_input !=3D NULL); XX -=09t->t_funcs->tf_post_input(t->t_softc); XX +=09if (t->t_funcs->tf_post_input !=3D NULL) XX +=09=09t->t_funcs->tf_post_input(t->t_softc); XX } XX=20 XX static inline void Bruce From owner-svn-src-head@freebsd.org Wed May 16 13:47:31 2018 Return-Path: <owner-svn-src-head@freebsd.org> Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE6A9EE37F7; Wed, 16 May 2018 13:47:31 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D819697EF; Wed, 16 May 2018 13:47:31 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 572EA1AF69; Wed, 16 May 2018 13:47:31 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w4GDlVr9002080; Wed, 16 May 2018 13:47:31 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w4GDlUUo002078; Wed, 16 May 2018 13:47:30 GMT (envelope-from des@FreeBSD.org) Message-Id: <201805161347.w4GDlUUo002078@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org> Date: Wed, 16 May 2018 13:47:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r333674 - head/lib/libpam/modules/pam_radius X-SVN-Group: head X-SVN-Commit-Author: des X-SVN-Commit-Paths: head/lib/libpam/modules/pam_radius X-SVN-Commit-Revision: 333674 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the src tree for head/-current <svn-src-head.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>, <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>; List-Post: <mailto:svn-src-head@freebsd.org> List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>, <mailto:svn-src-head-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 16 May 2018 13:47:32 -0000 Author: des Date: Wed May 16 13:47:30 2018 New Revision: 333674 URL: https://svnweb.freebsd.org/changeset/base/333674 Log: Forward Reply-Message attributes to the user, unless suppressed by the new no_reply_message option. MFC after: 1 week Sponsored by: The University of Oslo Modified: head/lib/libpam/modules/pam_radius/pam_radius.8 head/lib/libpam/modules/pam_radius/pam_radius.c Modified: head/lib/libpam/modules/pam_radius/pam_radius.8 ============================================================================== --- head/lib/libpam/modules/pam_radius/pam_radius.8 Wed May 16 13:18:37 2018 (r333673) +++ head/lib/libpam/modules/pam_radius/pam_radius.8 Wed May 16 13:47:30 2018 (r333674) @@ -1,9 +1,10 @@ -.\" Copyright (c) 1999 -.\" Andrzej Bialecki <abial@FreeBSD.org>. All rights reserved. -.\" +.\"- .\" Copyright (c) 1992, 1993, 1994 .\" The Regents of the University of California. All rights reserved. +.\" Copyright (c) 1999 Andrzej Bialecki <abial@FreeBSD.org> .\" All rights reserved. +.\" Copyright (c) 2018 The University of Oslo +.\" All rights reserved. .\" .\" This code is derived from software donated to Berkeley by .\" Jan-Simon Pendry. @@ -34,7 +35,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 28, 2002 +.Dd May 16, 2018 .Dt PAM_RADIUS 8 .Os .Sh NAME @@ -80,6 +81,10 @@ specifies a non-standard location for the RADIUS clien .Pa /etc/radius.conf ) . .It Cm nas_id Ns = Ns Ar identifier specifies a NAS identifier to send instead of the hostname. +.It Cm nas_ipaddr Ns Op No = Ns Ar address +specifies a NAS IP address to be sent. +If option is present, but there is no value provided then IP address +corresponding to the current hostname will be used. .It Cm template_user Ns = Ns Ar username specifies a user whose .Xr passwd 5 @@ -97,10 +102,21 @@ If this option is omitted, and there is no username in the system databases equal to the supplied one (as determined by call to .Xr getpwnam 3 ) , the authentication will fail. -.It Cm nas_ipaddr Ns Op No = Ns Ar address -specifies a NAS IP address to be sent. -If option is present, but there is no value provided then IP address -corresponding to the current hostname will be used. +.It Cm no_reply_message +suppress printing of the contents of any +.Cm Reply-Message +attributes found in +.Cm Access-Accept +and +.Cm Access-Reject +responses. +These are normally conveyed to the user as either informational or +error messages, depending on whether the access request was accepted +or rejected. +.It Cm no_warn +suppress warning messages to the user. +These messages include reasons why the user's authentication attempt +was declined. .El .Sh FILES .Bl -tag -width /etc/radius.conf -compact Modified: head/lib/libpam/modules/pam_radius/pam_radius.c ============================================================================== --- head/lib/libpam/modules/pam_radius/pam_radius.c Wed May 16 13:18:37 2018 (r333673) +++ head/lib/libpam/modules/pam_radius/pam_radius.c Wed May 16 13:47:30 2018 (r333674) @@ -5,6 +5,8 @@ * All rights reserved. * Copyright (c) 2001-2003 Networks Associates Technology, Inc. * All rights reserved. + * Copyright (c) 2015-2018 The University of Oslo + * All rights reserved. * * Portions of this software were developed for the FreeBSD Project by * ThinkSec AS and NAI Labs, the Security Research Division of Network @@ -59,6 +61,7 @@ __FBSDID("$FreeBSD$"); #define PAM_OPT_TEMPLATE_USER "template_user" #define PAM_OPT_NAS_ID "nas_id" #define PAM_OPT_NAS_IPADDR "nas_ipaddr" +#define PAM_OPT_NO_REPLYMSG "no_reply_message" #define MAX_CHALLENGE_MSGS 10 #define PASSWORD_PROMPT "RADIUS Password:" @@ -149,15 +152,23 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh) char *s; while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) { - if (attrtype == RAD_USER_NAME) { - s = rad_cvt_string(attrval, attrlen); - if (s == NULL) { - syslog(LOG_CRIT, - "rad_cvt_string: out of memory"); - return (-1); - } + switch (attrtype) { + case RAD_USER_NAME: + if ((s = rad_cvt_string(attrval, attrlen)) == NULL) + goto enomem; pam_set_item(pamh, PAM_USER, s); free(s); + break; + case RAD_REPLY_MESSAGE: + if ((s = rad_cvt_string(attrval, attrlen)) == NULL) + goto enomem; + if (!openpam_get_option(pamh, PAM_OPT_NO_REPLYMSG)) + pam_info(pamh, "%s", s); + free(s); + break; + default: + PAM_LOG("%s(): ignoring RADIUS attribute %d", + __func__, attrtype); } } if (attrtype == -1) { @@ -165,9 +176,44 @@ do_accept(pam_handle_t *pamh, struct rad_handle *radh) return (-1); } return (0); +enomem: + syslog(LOG_CRIT, "%s(): out of memory", __func__); + return (-1); } static int +do_reject(pam_handle_t *pamh, struct rad_handle *radh) +{ + int attrtype; + const void *attrval; + size_t attrlen; + char *s; + + while ((attrtype = rad_get_attr(radh, &attrval, &attrlen)) > 0) { + switch (attrtype) { + case RAD_REPLY_MESSAGE: + if ((s = rad_cvt_string(attrval, attrlen)) == NULL) + goto enomem; + if (!openpam_get_option(pamh, PAM_OPT_NO_REPLYMSG)) + pam_error(pamh, "%s", s); + free(s); + break; + default: + PAM_LOG("%s(): ignoring RADIUS attribute %d", + __func__, attrtype); + } + } + if (attrtype < 0) { + syslog(LOG_CRIT, "rad_get_attr: %s", rad_strerror(radh)); + return (-1); + } + return (0); +enomem: + syslog(LOG_CRIT, "%s(): out of memory", __func__); + return (-1); +} + +static int do_challenge(pam_handle_t *pamh, struct rad_handle *radh, const char *user, const char *nas_id, const char *nas_ipaddr, const char *rhost) { @@ -332,6 +378,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __un return (PAM_SUCCESS); case RAD_ACCESS_REJECT: + retval = do_reject(pamh, radh); rad_close(radh); PAM_VERBOSE_ERROR("Radius rejection"); return (PAM_AUTH_ERR);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180516231304.Y6071>