Date: Fri, 19 Oct 2007 14:35:08 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 127778 for review Message-ID: <200710191435.l9JEZ8R2043964@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=127778 Change 127778 by rwatson@rwatson_zoo on 2007/10/19 14:34:32 Integrate TrustedBSD audit3 branch from TrustedBSD base branch through @127777. Affected files ... .. //depot/projects/trustedbsd/audit3/etc/rc.d/kerberos#5 integrate .. //depot/projects/trustedbsd/audit3/lib/libbsm/Makefile#24 integrate .. //depot/projects/trustedbsd/audit3/lib/libc/stdlib/atoi.3#3 integrate .. //depot/projects/trustedbsd/audit3/sbin/ipfw/ipfw2.c#19 integrate .. //depot/projects/trustedbsd/audit3/sbin/mount/mount.8#12 integrate .. //depot/projects/trustedbsd/audit3/share/man/man5/nsswitch.conf.5#6 integrate .. //depot/projects/trustedbsd/audit3/share/man/man5/src.conf.5#10 integrate .. //depot/projects/trustedbsd/audit3/sys/amd64/conf/GENERIC#19 integrate .. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_denode.c#10 integrate .. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_lookup.c#6 integrate .. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vfsops.c#16 integrate .. //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vnops.c#12 integrate .. //depot/projects/trustedbsd/audit3/sys/i386/conf/GENERIC#20 integrate .. //depot/projects/trustedbsd/audit3/sys/netinet/ip.h#5 integrate .. //depot/projects/trustedbsd/audit3/sys/netinet/tcp_syncache.c#22 integrate .. //depot/projects/trustedbsd/audit3/sys/netinet/tcp_usrreq.c#18 integrate .. //depot/projects/trustedbsd/audit3/sys/vm/vm_object.c#19 integrate .. //depot/projects/trustedbsd/audit3/usr.sbin/adduser/rmuser.sh#3 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/etc/rc.d/kerberos#5 (text+ko) ==== @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: src/etc/rc.d/kerberos,v 1.6 2007/05/17 11:33:08 mtm Exp $ +# $FreeBSD: src/etc/rc.d/kerberos,v 1.7 2007/10/19 08:59:59 mtm Exp $ # # PROVIDE: kerberos @@ -14,4 +14,5 @@ load_rc_config $name command="${kerberos5_server}" +kerberos5_flags="${kerberos5_server_flags}" run_rc_command "$1" ==== //depot/projects/trustedbsd/audit3/lib/libbsm/Makefile#24 (text+ko) ==== @@ -1,5 +1,5 @@ # -# $FreeBSD: src/lib/libbsm/Makefile,v 1.7 2007/05/21 02:49:03 deischen Exp $ +# $FreeBSD: src/lib/libbsm/Makefile,v 1.8 2007/10/19 10:37:34 rwatson Exp $ # OPENBSMDIR= ${.CURDIR}/../../contrib/openbsm ==== //depot/projects/trustedbsd/audit3/lib/libc/stdlib/atoi.3#3 (text+ko) ==== @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)atoi.3 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/lib/libc/stdlib/atoi.3,v 1.13 2007/01/09 00:28:09 imp Exp $ +.\" $FreeBSD: src/lib/libc/stdlib/atoi.3,v 1.14 2007/10/19 06:23:39 davidxu Exp $ .\" .Dd June 4, 1993 .Dt ATOI 3 @@ -59,10 +59,6 @@ .Bd -literal -offset indent (int)strtol(nptr, (char **)NULL, 10); .Ed -.Sh IMPLEMENTATION NOTES -The -.Fn atoi -function is not thread-safe and also not async-cancel safe. .Pp The .Fn atoi ==== //depot/projects/trustedbsd/audit3/sbin/ipfw/ipfw2.c#19 (text+ko) ==== @@ -17,7 +17,7 @@ * * NEW command line interface for IP firewall facility * - * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.108 2007/09/23 16:29:22 maxim Exp $ + * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.109 2007/10/19 12:48:02 rpaulo Exp $ */ #include <sys/param.h> @@ -179,8 +179,8 @@ { "throughput", IPTOS_THROUGHPUT}, { "reliability", IPTOS_RELIABILITY}, { "mincost", IPTOS_MINCOST}, - { "congestion", IPTOS_CE}, - { "ecntransport", IPTOS_ECT}, + { "congestion", IPTOS_ECN_CE}, + { "ecntransport", IPTOS_ECN_ECT0}, { "ip tos option", 0}, { NULL, 0 } }; ==== //depot/projects/trustedbsd/audit3/sbin/mount/mount.8#12 (text+ko) ==== @@ -26,7 +26,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)mount.8 8.8 (Berkeley) 6/16/94 -.\" $FreeBSD: src/sbin/mount/mount.8,v 1.82 2007/06/25 05:06:54 rafan Exp $ +.\" $FreeBSD: src/sbin/mount/mount.8,v 1.83 2007/10/19 05:29:18 rodrigc Exp $ .\" .Dd July 12, 2006 .Dt MOUNT 8 @@ -510,7 +510,6 @@ .Xr mount_nwfs 8 , .Xr mount_portalfs 8 , .Xr mount_smbfs 8 , -.Xr mount_std 8 , .Xr mount_udf 8 , .Xr mount_unionfs 8 , .Xr umount 8 ==== //depot/projects/trustedbsd/audit3/share/man/man5/nsswitch.conf.5#6 (text+ko) ==== @@ -31,7 +31,7 @@ .\" TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE .\" USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $FreeBSD: src/share/man/man5/nsswitch.conf.5,v 1.17 2007/01/22 11:45:25 bms Exp $ +.\" $FreeBSD: src/share/man/man5/nsswitch.conf.5,v 1.18 2007/10/19 00:16:29 bushman Exp $ .\" .Dd January 22, 2007 .Dt NSSWITCH.CONF 5 @@ -95,7 +95,7 @@ If this is present, it must be the only source for that entry. .It cache makes use of the -.Xr cached 8 +.Xr nscd 8 daemon. .El .Ss Databases @@ -218,7 +218,7 @@ .Xr nsswitch.conf 5 file. You should also enable caching for this database in -.Xr cached.conf 5 . +.Xr nscd.conf 5 . If for the particular query .Dq cache source returns success, no further sources are queried. @@ -228,7 +228,7 @@ Note, that .Dq cache requires -.Xr cached 8 +.Xr nscd 8 daemon to be running. .Ss Compat mode: +/- syntax In historical multi-source implementations, the @@ -353,9 +353,9 @@ databases. .Sh SEE ALSO .Xr nsdispatch 3 , -.Xr cached.conf 5 , +.Xr nscd.conf 5 , .Xr resolv.conf 5 , -.Xr cached 8 , +.Xr nscd 8 , .Xr named 8 , .Xr ypbind 8 .Sh HISTORY ==== //depot/projects/trustedbsd/audit3/share/man/man5/src.conf.5#10 (text) ==== @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is automatically generated. .\" from FreeBSD: src/tools/build/options/makeman,v 1.6 2006/09/11 13:39:44 ru Exp -.\" $FreeBSD: src/share/man/man5/src.conf.5,v 1.18 2007/10/10 06:04:43 ru Exp $ +.\" $FreeBSD: src/share/man/man5/src.conf.5,v 1.19 2007/10/19 00:16:29 bushman Exp $ .Dd October 10, 2007 .Dt SRC.CONF 5 .Os @@ -457,7 +457,7 @@ .Pa nsswitch subsystem. The generic caching daemon, -.Xr cached 8 , +.Xr nscd 8 , will not be built either if this option is set. .It Va WITHOUT_OBJC .\" from FreeBSD: src/tools/build/options/WITHOUT_OBJC,v 1.1 2006/03/21 07:50:50 ru Exp ==== //depot/projects/trustedbsd/audit3/sys/amd64/conf/GENERIC#19 (text+ko) ==== @@ -16,7 +16,7 @@ # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # -# $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.484 2007/09/26 20:05:06 brueffer Exp $ +# $FreeBSD: src/sys/amd64/conf/GENERIC,v 1.485 2007/10/19 12:30:33 kensmith Exp $ cpu HAMMER ident GENERIC @@ -26,7 +26,7 @@ makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols -options SCHED_4BSD # 4BSD scheduler +options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols ==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_denode.c#10 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_denode.c,v 1.97 2007/08/07 03:59:49 bde Exp $ */ +/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_denode.c,v 1.98 2007/10/19 12:23:25 bde Exp $ */ /* $NetBSD: msdosfs_denode.c,v 1.28 1998/02/10 14:10:00 mrg Exp $ */ /*- @@ -429,7 +429,7 @@ if (allerror) printf("detrunc(): vtruncbuf error %d\n", allerror); #endif - error = deupdat(dep, 1); + error = deupdat(dep, !(DETOV(dep)->v_mount->mnt_flag & MNT_ASYNC)); if (error != 0 && allerror == 0) allerror = error; #ifdef MSDOSFS_DEBUG @@ -508,7 +508,7 @@ } dep->de_FileSize = length; dep->de_flag |= DE_UPDATE | DE_MODIFIED; - return (deupdat(dep, 1)); + return (deupdat(dep, !(DETOV(dep)->v_mount->mnt_flag & MNT_ASYNC))); } /* ==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_lookup.c#6 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_lookup.c,v 1.51 2007/08/31 22:29:55 bde Exp $ */ +/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_lookup.c,v 1.52 2007/10/19 12:23:25 bde Exp $ */ /* $NetBSD: msdosfs_lookup.c,v 1.37 1997/11/17 15:36:54 ws Exp $ */ /*- @@ -625,7 +625,9 @@ while (--ddep->de_fndcnt >= 0) { if (!(ddep->de_fndoffset & pmp->pm_crbomask)) { - if ((error = bwrite(bp)) != 0) + if (DETOV(ddep)->v_mount->mnt_flag & MNT_ASYNC) + bdwrite(bp); + else if ((error = bwrite(bp)) != 0) return error; ddep->de_fndoffset -= sizeof(struct direntry); @@ -653,7 +655,9 @@ } } - if ((error = bwrite(bp)) != 0) + if (DETOV(ddep)->v_mount->mnt_flag & MNT_ASYNC) + bdwrite(bp); + else if ((error = bwrite(bp)) != 0) return error; /* @@ -951,7 +955,9 @@ || ep->deAttributes != ATTR_WIN95) break; } - if ((error = bwrite(bp)) != 0) + if (DETOV(pdep)->v_mount->mnt_flag & MNT_ASYNC) + bdwrite(bp); + else if ((error = bwrite(bp)) != 0) return error; } while (!(pmp->pm_flags & MSDOSFSMNT_NOWIN95) && !(offset & pmp->pm_crbomask) ==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vfsops.c#16 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vfsops.c,v 1.177 2007/10/18 16:25:47 bde Exp $ */ +/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vfsops.c,v 1.178 2007/10/19 12:23:25 bde Exp $ */ /* $NetBSD: msdosfs_vfsops.c,v 1.51 1997/11/17 15:36:58 ws Exp $ */ /*- @@ -76,7 +76,7 @@ /* Mount options that we support. */ static const char *msdosfs_opts[] = { - "noatime", "noclusterr", "noclusterw", + "async", "noatime", "noclusterr", "noclusterw", "export", "force", "from", "sync", "cs_dos", "cs_local", "cs_win", "dirmask", "gid", "kiconv", "large", "longname", ==== //depot/projects/trustedbsd/audit3/sys/fs/msdosfs/msdosfs_vnops.c#12 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vnops.c,v 1.180 2007/10/18 07:26:21 bde Exp $ */ +/* $FreeBSD: src/sys/fs/msdosfs/msdosfs_vnops.c,v 1.181 2007/10/19 12:23:25 bde Exp $ */ /* $NetBSD: msdosfs_vnops.c,v 1.68 1998/02/10 14:10:04 mrg Exp $ */ /*- @@ -1265,8 +1265,9 @@ putushort(dotdotp->deStartCluster, dp->de_StartCluster); if (FAT32(pmp)) putushort(dotdotp->deHighClust, dp->de_StartCluster >> 16); - error = bwrite(bp); - if (error) { + if (fvp->v_mount->mnt_flag & MNT_ASYNC) + bdwrite(bp); + else if ((error = bwrite(bp)) != 0) { /* XXX should downgrade to ro here, fs is corrupt */ VOP_UNLOCK(fvp, 0, td); goto bad; @@ -1390,8 +1391,9 @@ putushort(denp[1].deHighClust, pdep->de_StartCluster >> 16); } - error = bwrite(bp); - if (error) + if (ap->a_dvp->v_mount->mnt_flag & MNT_ASYNC) + bdwrite(bp); + else if ((error = bwrite(bp)) != 0) goto bad; /* ==== //depot/projects/trustedbsd/audit3/sys/i386/conf/GENERIC#20 (text+ko) ==== @@ -16,7 +16,7 @@ # If you are in doubt as to the purpose or necessity of a line, check first # in NOTES. # -# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.474 2007/09/26 20:05:07 brueffer Exp $ +# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.475 2007/10/19 12:30:33 kensmith Exp $ cpu I486_CPU cpu I586_CPU @@ -28,7 +28,7 @@ makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols -options SCHED_4BSD # 4BSD scheduler +options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols ==== //depot/projects/trustedbsd/audit3/sys/netinet/ip.h#5 (text+ko) ==== @@ -28,7 +28,7 @@ * SUCH DAMAGE. * * @(#)ip.h 8.2 (Berkeley) 6/1/94 - * $FreeBSD: src/sys/netinet/ip.h,v 1.31 2007/05/11 11:00:48 rwatson Exp $ + * $FreeBSD: src/sys/netinet/ip.h,v 1.32 2007/10/19 12:46:15 rpaulo Exp $ */ #ifndef _NETINET_IP_H_ @@ -82,11 +82,6 @@ #define IPTOS_THROUGHPUT 0x08 #define IPTOS_RELIABILITY 0x04 #define IPTOS_MINCOST 0x02 -#if 1 -/* ECN RFC3168 obsoletes RFC2481, and these will be deprecated soon. */ -#define IPTOS_CE 0x01 -#define IPTOS_ECT 0x02 -#endif /* * Definitions for IP precedence (also in ip_tos) (hopefully unused). ==== //depot/projects/trustedbsd/audit3/sys/netinet/tcp_syncache.c#22 (text+ko) ==== @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.130 2007/10/07 20:44:24 silby Exp $"); +__FBSDID("$FreeBSD: src/sys/netinet/tcp_syncache.c,v 1.131 2007/10/19 08:53:14 silby Exp $"); #include "opt_inet.h" #include "opt_inet6.h" @@ -1139,17 +1139,28 @@ int wscale = 0; /* - * Compute proper scaling value from buffer space. - * Leave enough room for the socket buffer to grow - * with auto sizing. This allows us to scale the - * receive buffer over a wide range while not losing - * any efficiency or fine granularity. + * Pick the smallest possible scaling factor that + * will still allow us to scale up to sb_max, aka + * kern.ipc.maxsockbuf. + * + * We do this because there are broken firewalls that + * will corrupt the window scale option, leading to + * the other endpoint believing that our advertised + * window is unscaled. At scale factors larger than + * 5 the unscaled window will drop below 1500 bytes, + * leading to serious problems when traversing these + * broken firewalls. + * + * With the default maxsockbuf of 256K, a scale factor + * of 3 will be chosen by this algorithm. Those who + * choose a larger maxsockbuf should watch out + * for the compatiblity problems mentioned above. * * RFC1323: The Window field in a SYN (i.e., a <SYN> * or <SYN,ACK>) segment itself is never scaled. */ while (wscale < TCP_MAX_WINSHIFT && - (0x1 << wscale) < tcp_minmss) + (TCP_MAXWIN << wscale) < sb_max) wscale++; sc->sc_requested_r_scale = wscale; sc->sc_requested_s_scale = to->to_wscale; ==== //depot/projects/trustedbsd/audit3/sys/netinet/tcp_usrreq.c#18 (text+ko) ==== @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/netinet/tcp_usrreq.c,v 1.163 2007/10/07 20:44:24 silby Exp $"); +__FBSDID("$FreeBSD: src/sys/netinet/tcp_usrreq.c,v 1.164 2007/10/19 08:53:14 silby Exp $"); #include "opt_ddb.h" #include "opt_inet.h" @@ -1110,10 +1110,9 @@ * Compute window scaling to request: * Scale to fit into sweet spot. See tcp_syncache.c. * XXX: This should move to tcp_output(). - * XXX: This should be based on the actual MSS. */ while (tp->request_r_scale < TCP_MAX_WINSHIFT && - (0x1 << tp->request_r_scale) < tcp_minmss) + (TCP_MAXWIN << tp->request_r_scale) < sb_max) tp->request_r_scale++; soisconnecting(so); ==== //depot/projects/trustedbsd/audit3/sys/vm/vm_object.c#19 (text+ko) ==== @@ -63,7 +63,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/vm/vm_object.c,v 1.385 2007/09/27 04:21:59 alc Exp $"); +__FBSDID("$FreeBSD: src/sys/vm/vm_object.c,v 1.386 2007/10/18 23:02:18 alc Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -1800,7 +1800,7 @@ VM_OBJECT_LOCK_ASSERT(object, MA_OWNED); if (object->resident_page_count == 0) - return; + goto skipmemq; /* * Since physically-backed objects do not use managed pages, we can't @@ -1849,6 +1849,7 @@ } vm_page_unlock_queues(); vm_object_pip_wakeup(object); +skipmemq: if (__predict_false(object->cache != NULL)) vm_page_cache_free(object, start, end); } ==== //depot/projects/trustedbsd/audit3/usr.sbin/adduser/rmuser.sh#3 (text+ko) ==== @@ -24,7 +24,7 @@ # # Email: Mike Makonnen <mtm@FreeBSD.Org> # -# $FreeBSD: src/usr.sbin/adduser/rmuser.sh,v 1.9 2005/05/24 04:50:07 adamw Exp $ +# $FreeBSD: src/usr.sbin/adduser/rmuser.sh,v 1.10 2007/10/19 07:18:56 mtm Exp $ # ATJOBDIR="/var/at/jobs" @@ -86,10 +86,10 @@ echo -n " mailspool" rm ${MAILSPOOL}/$login fi - if [ -f ${MAILSPOOL}/${login}.pop ]; then - verbose && echo -n " ${MAILSPOOL}/${login}.pop" || + if [ -f ${MAILSPOOL}/.${login}.pop ]; then + verbose && echo -n " ${MAILSPOOL}/.${login}.pop" || echo -n " pop3" - rm ${MAILSPOOL}/${login}.pop + rm ${MAILSPOOL}/.${login}.pop fi verbose && echo '.' }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710191435.l9JEZ8R2043964>