Date: Mon, 30 Oct 2006 09:46:30 GMT From: Michael Bushkov <bushman@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 108719 for review Message-ID: <200610300946.k9U9kUi2083760@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108719 Change 108719 by bushman@bushman_nss_ldap_cached on 2006/10/30 09:45:51 IFC Affected files ... .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/defaults/rc.conf#3 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/network.subr#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/pf.os#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/rc.d/ppp#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/rc.firewall#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/gmon/Makefile.inc#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/net/inet.3#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/resolv/res_send.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/stdio/xprintf.c#3 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/hashtable.h#1 branch .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_group.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_group.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_passwd.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_passwd.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_serv.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_serv.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldapconf.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldapconf.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldapconn.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldapsearch.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldapsearch.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldaputil.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldaputil.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/nss_ldap.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/nss_ldap.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/share/mk/bsd.lib.mk#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/config/config.5#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/config/config.h#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/config/config.y#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/config/main.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/config/mkmakefile.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fdcontrol/fdcontrol.8#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fwcontrol/Makefile#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fwcontrol/fwcontrol.8#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fwcontrol/fwcontrol.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fwcontrol/fwdv.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fwcontrol/fwmethods.h#1 branch .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/fwcontrol/fwmpegts.c#1 branch .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/smbmsg/smbmsg.8#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/sysinstall/dist.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/sysinstall/install.c#2 integrate .. //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/usr.sbin/sysinstall/sysinstall.h#2 integrate Differences ... ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/defaults/rc.conf#3 (text+ko) ==== @@ -15,7 +15,7 @@ # For a more detailed explanation of all the rc.conf variables, please # refer to the rc.conf(5) manual page. # -# $FreeBSD: src/etc/defaults/rc.conf,v 1.300 2006/10/15 15:55:00 ceri Exp $ +# $FreeBSD: src/etc/defaults/rc.conf,v 1.301 2006/10/28 20:08:12 phk Exp $ ############################################################## ### Important initial Boot-time options #################### @@ -104,6 +104,16 @@ firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file +firewall_myservices="" # List of TCP ports on which this host + # offers services +firewall_allowservices="" # List of IPs which has access to + # $firewall_myservices +firewall_trusted="" # List of IPs which has full access to this host +firewall_logdeny="NO" # Set to YES to log default denied incoming + # packets. +firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports + # for which denied incoming packets are not + # logged. ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/network.subr#2 (text+ko) ==== @@ -22,7 +22,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/network.subr,v 1.175 2006/10/07 15:45:56 ume Exp $ +# $FreeBSD: src/etc/network.subr,v 1.176 2006/10/29 13:29:49 mlaier Exp $ # # @@ -690,7 +690,7 @@ if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] then case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) + lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*) ;; *) rtsol_interfaces="${rtsol_interfaces} ${i}" ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/pf.os#2 (text+ko) ==== @@ -1,5 +1,5 @@ -# $FreeBSD: src/etc/pf.os,v 1.3 2004/09/14 00:30:14 mlaier Exp $ -# $OpenBSD: pf.os,v 1.17 2004/04/28 01:01:27 deraadt Exp $ +# $FreeBSD: src/etc/pf.os,v 1.4 2006/10/23 05:09:44 delphij Exp $ +# $OpenBSD: pf.os,v 1.21 2006/07/28 21:51:12 david Exp $ # passive OS fingerprinting # ------------------------- # @@ -223,9 +223,10 @@ S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot) S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy) -S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer -S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 -S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6 +S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer +S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7 +S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7 +S4:64:1:60:M*,S,T,N,W7: Linux:2.6:8:Linux 2.6.8 and newer (?) S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4) S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 @@ -260,27 +261,28 @@ # ----------------- FreeBSD ----------------- -16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1 -16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1 -16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1 +16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2 +16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2 +16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2 16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4 57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323) -57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8 +57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9 -32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) +32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X) 32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) -65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X) -65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X) -65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1 -65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1 +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X) +65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X) +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2 +65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2 # XXX need quirks support -# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-current (1) -# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-current (2) -# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-current (3) +# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1) +# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2) +# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3) +# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323) # 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps) @@ -297,12 +299,12 @@ # ----------------- OpenBSD ----------------- 16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) -16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.5::OpenBSD 3.0-3.5 -16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.5:no-df:OpenBSD 3.0-3.5 (scrub no-df) -57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.5::OpenBSD 3.3-3.5 -57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.5:no-df:OpenBSD 3.3-3.5 (scrub no-df) +16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0::OpenBSD 3.0-4.0 +16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df) +57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 +57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) -65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.5:opera:OpenBSD 3.0-3.5 (Opera) +65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) # ----------------- Solaris ----------------- @@ -317,7 +319,8 @@ 4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x -S34:64:1:52:M*,N,W0,N,N,S: Solaris:10::Solaris 10 (beta) +S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta) +32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203 # ----------------- IRIX -------------------- @@ -329,6 +332,9 @@ 61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21 49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21 +49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27 + + # ----------------- Tru64 ------------------- 32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4) @@ -428,6 +434,11 @@ 16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm? 2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server +44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?) +S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2 +32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS + + # No need to be more specific, it passes: # *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk # there is an equiv similar generic sig w/o the quirk @@ -442,7 +453,6 @@ # Whoa. Hardcore WSS. 0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323) - # ----------------- RiscOS ------------------ # We don't yet support the ?12 TCP option @@ -453,6 +463,7 @@ # 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00 + # ----------------- BSD/OS ------------------ # Once again, power of two WSS is also shared by MacOS X with DF set @@ -466,6 +477,7 @@ # ---------------- NeXTSTEP ----------------- +S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3 S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3 # ------------------ BeOS ------------------- @@ -501,15 +513,18 @@ # ----------------- SCO ------------------ S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1 +S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3 S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0 # ------------------- DOS ------------------- 2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05 +T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro) # ------------------ OS/2 ------------------- S56:64:0:44:M512: OS/2:4::OS/2 4 +28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0 # ----------------- TOPS-20 ----------------- @@ -517,6 +532,10 @@ # XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7 0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7 +# ----------------- FreeMiNT ---------------- + +S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari) + # ------------------ AMIGA ------------------ # XXX TCP option 12 @@ -539,7 +558,6 @@ S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1) S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2) 4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x -60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x # XXX TCP option 12 # S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3 @@ -549,6 +567,9 @@ 8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway +S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router + + # ------- Switches and other stuff ---------- @@ -581,6 +602,10 @@ 16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?) +65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200 + +32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine + # ----------- Embedded systems -------------- S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C @@ -589,10 +614,15 @@ S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5 2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera) S29:255:0:44:M536: PalmOS:5::PalmOS 5.0 +16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie) +S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo) S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7 -8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?) -8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?) + +8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?) +8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?) +S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?) +S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?) # Perhaps S4? @@ -608,8 +638,8 @@ S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64 +3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0 - #################### # Fancy signatures # #################### @@ -619,11 +649,23 @@ 3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3) 4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4) +# Requires quirks support +# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1) +# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2) +# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3) +# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4) + 1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1) 2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2) 3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3) 4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4) +32767:64:0:40:.: *NAST:::NASTsyn scan + +# Requires quirks support +# 12345:255:0:40:.:A:-p0f:sendsyn utility + + ##################################### # Generic signatures - just in case # ##################################### @@ -633,6 +675,8 @@ *:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) *:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp) +*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp) *:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323) *:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323) *:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+) ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/rc.d/ppp#2 (text+ko) ==== @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: src/etc/rc.d/ppp,v 1.11 2005/10/29 05:00:25 yar Exp $ +# $FreeBSD: src/etc/rc.d/ppp,v 1.12 2006/10/26 00:29:43 avatar Exp $ # # PROVIDE: ppp @@ -40,9 +40,10 @@ ppp_postcmd() { - # Re-Sync ipfilter so it picks up any new network interfaces + # Re-Sync ipfilter and pf so they pick up any new network interfaces # /etc/rc.d/ipfilter resync + /etc/rc.d/pf resync } load_rc_config $name ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/etc/rc.firewall#2 (text+ko) ==== @@ -23,7 +23,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: src/etc/rc.firewall,v 1.48 2005/11/18 02:23:59 ume Exp $ +# $FreeBSD: src/etc/rc.firewall,v 1.49 2006/10/28 20:08:12 phk Exp $ # # @@ -42,12 +42,14 @@ ############ # Define the firewall type in /etc/rc.conf. Valid values are: -# open - will allow anyone in -# client - will try to protect just this machine -# simple - will try to protect a whole network -# closed - totally disables IP services except via lo0 interface -# UNKNOWN - disables the loading of firewall rules. -# filename - will load the rules in the given filename (full path required) +# open - will allow anyone in +# client - will try to protect just this machine +# simple - will try to protect a whole network +# closed - totally disables IP services except via lo0 interface +# workstation - will try to protect just this machine using statefull +# firewalling. See below for rc.conf variables used +# UNKNOWN - disables the loading of firewall rules. +# filename - will load the rules in the given filename (full path required) # # For ``client'' and ``simple'' the entries below should be customized # appropriately. @@ -107,6 +109,8 @@ # ${fwcmd} -f flush +setup_loopback + ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules @@ -140,7 +144,6 @@ # case ${firewall_type} in [Oo][Pp][Ee][Nn]) - setup_loopback ${fwcmd} add 65000 pass all from any to any ;; @@ -155,8 +158,6 @@ mask="255.255.255.0" ip="192.0.2.1" - setup_loopback - # Allow any traffic to or from my own net. ${fwcmd} add pass all from ${ip} to ${net}:${mask} ${fwcmd} add pass all from ${net}:${mask} to ${ip} @@ -168,19 +169,19 @@ ${fwcmd} add pass all from any to any frag # Allow setup of incoming email - ${fwcmd} add pass tcp from any to ${ip} 25 setup + ${fwcmd} add pass tcp from any to me 25 setup # Allow setup of outgoing TCP connections only - ${fwcmd} add pass tcp from ${ip} to any setup + ${fwcmd} add pass tcp from me to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world - ${fwcmd} add pass udp from ${ip} to any 53 keep-state + ${fwcmd} add pass udp from me to any 53 keep-state # Allow NTP queries out in the world - ${fwcmd} add pass udp from ${ip} to any 123 keep-state + ${fwcmd} add pass udp from me to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel @@ -206,8 +207,6 @@ imask="255.255.255.240" iip="192.0.2.17" - setup_loopback - # Stop spoofing ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif} ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} @@ -289,8 +288,100 @@ # config file. ;; +[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) + # Configuration: + # firewall_myservices: List of TCP ports on which this host + # offers services. + # firewall_allowservices: List of IPs which has access to + # $firewall_myservices. + # firewall_trusted: List of IPs which has full access + # to this host. Be very carefull + # when setting this. This option can + # seriously degrade the level of + # protection provided by the firewall. + # firewall_logdeny: Boolean (YES/NO) specifying if the + # default denied packets should be + # logged (in /var/log/security). + # firewall_nologports: List of TCP/UDP ports for which + # denied incomming packets are not + # logged. + + # Allow packets for which a state has been built. + ${fwcmd} add check-state + + # For services permitted below. + ${fwcmd} add pass tcp from me to any established + + # Allow any connection out, adding state for each. + ${fwcmd} add pass tcp from me to any setup keep-state + ${fwcmd} add pass udp from me to any keep-state + ${fwcmd} add pass icmp from me to any keep-state + + # Allow DHCP. + ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out + ${fwcmd} add pass udp from any 67 to me 68 in + ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in + # Some servers will ping the IP while trying to decide if it's + # still in use. + ${fwcmd} add pass icmp from any to any icmptype 8 + + # Allow "mandatory" ICMP in. + ${fwcmd} add pass icmp from any to any icmptype 3,4,11 + + # Add permits for this workstations published services below + # Only IPs and nets in firewall_allowservices is allowed in. + # If you really wish to let anyone use services on your + # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf + # + # Note: We don't use keep-state as that would allow DoS of + # our statetable. + # You can add 'keep-state' to the lines for slightly + # better performance if you fell that DoS of your + # workstation won't be a problem. + # + for i in ${firewall_allowservices} ; do + for j in ${firewall_myservices} ; do + ${fwcmd} add pass tcp from $i to me $j + done + done + + # Allow all connections from trusted IPs. + # Playing with the content of firewall_trusted could seriously + # degrade the level of protection provided by the firewall. + for i in ${firewall_trusted} ; do + ${fwcmd} add pass ip from $i to me + done + + ${fwcmd} add 65000 count ip from any to any + + # Drop packets to ports where we don't want logging + for i in ${firewall_nologports} ; do + ${fwcmd} add deny { tcp or udp } from any to any $i in + done + + # Broadcasts and muticasts + ${fwcmd} add deny ip from any to 255.255.255.255 + ${fwcmd} add deny ip from any to 224.0.0.0/24 in # XXX + + # Noise from routers + ${fwcmd} add deny udp from any to any 520 in + + # Noise from webbrowsing. + # The statefull filter is a bit agressive, and will cause some + # connection teardowns to be logged. + ${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in + + # Deny and (if wanted) log the rest unconditionally. + log="" + if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then + log="log logamount 500" # The default of 100 is too low. + sysctl net.inet.ip.fw.verbose=1 >/dev/null + fi + ${fwcmd} add deny $log ip from any to any + ;; + [Cc][Ll][Oo][Ss][Ee][Dd]) - setup_loopback + ${fwcmd} add 65000 deny ip from any to any ;; [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) ;; ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/gmon/Makefile.inc#2 (text+ko) ==== @@ -1,5 +1,5 @@ # from @(#)Makefile.inc 8.1 (Berkeley) 6/4/93 -# $FreeBSD: src/lib/libc/gmon/Makefile.inc,v 1.11 2006/03/13 01:14:56 deischen Exp $ +# $FreeBSD: src/lib/libc/gmon/Makefile.inc,v 1.12 2006/10/28 13:34:35 bde Exp $ # gmon sources .PATH: ${.CURDIR}/gmon @@ -12,12 +12,6 @@ MLINKS+=moncontrol.3 monstartup.3 -.if ${MACHINE_ARCH} == amd64 -# mcount needs to be compiled with frame pointers and without profiling -mcount.po: mcount.c - ${CC} ${CFLAGS} -fno-omit-frame-pointer -c ${.IMPSRC} -o ${.TARGET} -.else # mcount cannot be compiled with profiling mcount.po: mcount.o cp mcount.o mcount.po -.endif ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/net/inet.3#2 (text+ko) ==== @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" From: @(#)inet.3 8.1 (Berkeley) 6/4/93 -.\" $FreeBSD: src/lib/libc/net/inet.3,v 1.30 2005/02/13 22:25:12 ru Exp $ +.\" $FreeBSD: src/lib/libc/net/inet.3,v 1.31 2006/10/28 13:05:10 ru Exp $ .\" .Dd June 14, 2004 .Dt INET 3 @@ -299,5 +299,7 @@ .Fn inet_ntoa resides in a static memory area. .Pp -Inet_addr should return a +The +.Fn inet_addr +function should return a .Fa struct in_addr . ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/resolv/res_send.c#2 (text) ==== @@ -70,10 +70,10 @@ #if defined(LIBC_SCCS) && !defined(lint) static const char sccsid[] = "@(#)res_send.c 8.1 (Berkeley) 6/4/93"; -static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.7 2005/08/15 02:04:41 marka Exp $"; +static const char rcsid[] = "$Id: res_send.c,v 1.5.2.2.4.8 2006/03/08 04:13:31 marka Exp $"; #endif /* LIBC_SCCS and not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/resolv/res_send.c,v 1.3 2006/08/04 12:26:07 ume Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/resolv/res_send.c,v 1.4 2006/10/24 14:41:43 ume Exp $"); /* * Send query to name server and wait for reply. @@ -145,7 +145,7 @@ int kq, #endif const u_char *, int, - u_char *, int, int *, int, + u_char *, int, int *, int, int, int *, int *); static void Aerror(const res_state, FILE *, const char *, int, const struct sockaddr *, int); @@ -490,7 +490,7 @@ kq, #endif buf, buflen, ans, anssiz, &terrno, - ns, &v_circuit, &gotsomewhere); + ns, try, &v_circuit, &gotsomewhere); if (n < 0) goto fail; if (n == 0) @@ -812,8 +812,9 @@ #ifdef USE_KQUEUE int kq, #endif - const u_char *buf, int buflen, u_char *ans, int anssiz, - int *terrno, int ns, int *v_circuit, int *gotsomewhere) + const u_char *buf, int buflen, u_char *ans, + int anssiz, int *terrno, int ns, int try, int *v_circuit, + int *gotsomewhere) { const HEADER *hp = (const HEADER *) buf; HEADER *anhp = (HEADER *) ans; @@ -914,7 +915,7 @@ /* * Wait for reply. */ - seconds = (statp->retrans << ns); + seconds = (statp->retrans << try); if (ns > 0) seconds /= statp->nscount; if (seconds <= 0) ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/libc/stdio/xprintf.c#3 (text+ko) ==== @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/lib/libc/stdio/xprintf.c,v 1.4 2006/10/21 11:49:07 kib Exp $ + * $FreeBSD: src/lib/libc/stdio/xprintf.c,v 1.5 2006/10/23 07:25:25 kib Exp $ */ #include <namespace.h> @@ -261,7 +261,7 @@ static int -__v2printf(FILE *fp, const char *fmt0, unsigned pct, const va_list ap1) +__v2printf(FILE *fp, const char *fmt0, unsigned pct, va_list ap) { struct printf_info *pi, *pil; const char *fmt; @@ -274,9 +274,7 @@ int ret = 0; int n; struct __printf_io io; - va_list ap; - va_copy(ap, ap1); __printf_init(&io); io.fp = fp; @@ -563,7 +561,6 @@ errx(1, "render[%c] = NULL", *fmt); } __printf_flush(&io); - va_end(ap); return (ret); } ==== //depot/projects/soc2006/nss_ldap_cached_no_nss_ldap/src/lib/nss_ldap/ldap_group.c#2 (text+ko) ==== @@ -28,13 +28,15 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); - + +#include <sys/param.h> #include <assert.h> #include <errno.h> #include <nsswitch.h> #include <ldap.h> #include <grp.h> #include <stringlist.h> +#include "hashtable.h" #include "ldapconn.h" #include "ldapschema.h" #include "ldapsearch.h" @@ -43,9 +45,40 @@ #include "ldapconf.h" #include "nss_ldap.h" +#define NSS_LDAP_MAP_GROUP_HASH_ENTRY_INITIAL_SIZE (8) +#define NSS_LDAP_MAP_GROUP_HASH_SIZE (127) +#define NSS_LDAP_MAP_GROUP_DN_PROCESS_NESTED_FLAG (1) +#define NSS_LDAP_MAP_GROUP_DN_USE_CACHE_FLAG (1 << 1) +#define NSS_LDAP_MAP_GROUP_DN_USE_RDN_FLAG (1 << 2) + +struct mapped_group { + char *dn; +}; + +struct __mg_he { + HASHTABLE_ENTRY_HEAD(__mg_he_item, struct mapped_group) data; +}; + +struct map_group_dn_request { + StringList *next_requests; + HASHTABLE_HEAD(__mg_ht, __mg_he) groups; + int flags; +}; + +static int __mg_ht_item_cmp_func(const void *, const void *); +static hashtable_index_t __mg_ht_item_hash_func(const void *, size_t); +HASHTABLE_PROTOTYPE(__mg_ht, __mg_he, struct mapped_group); +static int nss_ldap_map_group_dn(struct nss_ldap_search_context *, + char const *, char **, size_t *, char *, size_t, void *); +static int nss_ldap_parse_nested_group(struct nss_ldap_search_context *, + char const *, struct map_group_dn_request *, char ***, size_t *, + size_t *, char *, size_t); + static int nss_ldap_parse_group(struct nss_ldap_parse_context *); -static int ldap_getgrnam_r(const char *, struct group *, char *, size_t, +//static int ldap_getgrnam_r(const char *, struct group *, char *, size_t, +// struct group **); +int ldap_getgrnam_r(const char *, struct group *, char *, size_t, struct group **); static int ldap_getgrgid_r(gid_t, struct group *, char *, size_t, struct group **); @@ -53,96 +86,404 @@ static void ldap_setgrent(); static int -nss_ldap_parse_group(struct nss_ldap_parse_context *pctx) +__mg_ht_item_cmp_func(const void *p1, const void *p2) +{ + + return (strcmp( + ((struct mapped_group *)p1)->dn, + ((struct mapped_group *)p2)->dn)); + +} + +static hashtable_index_t +__mg_ht_item_hash_func(const void *p, size_t cache_entries_size) +{ + struct mapped_group const *mg; + size_t i, len; + hashtable_index_t retval; + + mg = p; + assert(mg->dn != NULL); + + len = strlen(mg->dn); + retval = 0; + for (i = 0; i < len; ++i) + retval = (127 * retval + (unsigned char)mg->dn[i]) % + cache_entries_size; + + return retval; +} + +HASHTABLE_GENERATE(__mg_ht, __mg_he, struct mapped_group, data, + __mg_ht_item_hash_func, __mg_ht_item_cmp_func); + +static int +nss_ldap_map_group_dn(struct nss_ldap_search_context *ctx, char const *dn, + char **res, size_t *res_size, char *buf, size_t bufsize, void *mdata) { - struct nss_ldap_schema *schema; - struct nss_ldap_search_context *sctx; - struct group *grp; - char *buf; - size_t buflen; - size_t len, memlen; + struct nss_ldap_search_request sreq; + struct mapped_group new_mg; + struct nss_ldap_search_context *newctx; + struct map_group_dn_request *req; + char **cp; + char const *uid_attr, *gid_attr; + struct mapped_group *hash_entry_data; + struct __mg_he *hash_entry; + hashtable_index_t hash; int rv; - assert(pctx != NULL); + assert(ctx != NULL); + assert(dn != NULL); + assert(res != NULL); + assert(res_size != NULL); + assert(buf != NULL); + assert(mdata != NULL); + + //printf("__ %s %d %s\n", __FILE__, __LINE__, dn); + + req = mdata; + newctx = NULL; + + + memset(&new_mg, 0, sizeof(new_mg)); + new_mg.dn = (char *)dn; + + hash = HASHTABLE_CALCULATE_HASH(__mg_ht, &req->groups, &new_mg); + assert(hash > 0); + assert(hash < HASHTABLE_ENTRIES_COUNT(&req->groups)); + + hash_entry = HASHTABLE_GET_ENTRY(&req->groups, hash); + hash_entry_data = HASHTABLE_ENTRY_FIND(__mg_ht, hash_entry, + &new_mg); + if (hash_entry_data != NULL) { + rv = NSS_LDAP_SUCCESS; + *res_size = 0; + //printf("__ %s %d\n", __FILE__, __LINE__); + goto fin; + } + + memset(&sreq, 0, sizeof(sreq)); + sreq.scope = LDAP_SCOPE_BASE; + sreq.filter = "(objectClass=*)"; + sreq.search_base = (char *)dn; + + uid_attr = _ATM(&ctx->conf->schema, PASSWD, uid); + gid_attr = _ATM(&ctx->conf->schema, GROUP, gidNumber); + sreq.attributes = sl_init(); + rv = sl_add(sreq.attributes, (char *)uid_attr); + if (rv == -1) { + rv = NSS_LDAP_MEMORY_ERROR; + goto fin; + } + + rv = sl_add(sreq.attributes, (char *)gid_attr); + if (rv == -1) { + rv = NSS_LDAP_MEMORY_ERROR; + goto fin; + } + + rv = sl_add(sreq.attributes, "objectClass"); + if (rv == -1) { + rv = NSS_LDAP_MEMORY_ERROR; + goto fin; + } + + rv = sl_add(sreq.attributes, NULL); + if (rv == -1) { + rv = NSS_LDAP_MEMORY_ERROR; + goto fin; + } + +// printf("__ %s %d\n", __FILE__, __LINE__); + newctx = __nss_ldap_start_search(&__nss_ldap_conf->search_method, + ctx->conn, ctx->conf, &sreq); +// printf("__ %s %d\n", __FILE__, __LINE__); + sl_free(sreq.attributes, 0); + sreq.attributes = NULL; /* just in case */ -/* int start, end; - int res; - printf("1\n"); - res = __nss_ldap_parse_range("member;range=1-*", &start, &end); - printf("res: %d, start: %d, end: %d\n", res, start, end); + if (newctx == NULL) { + rv = NSS_LDAP_SUCCESS; + *res_size = 0; + goto fin2; + } - printf("2\n"); - res = __nss_ldap_parse_range("member;range=134-100", &start, &end); - printf("res: %d, start: %d, end: %d\n", res, start, end); + rv = __nss_ldap_search_next(&__nss_ldap_conf->search_method, + newctx); + if (rv != NSS_LDAP_SUCCESS) { + rv = NSS_LDAP_SUCCESS; + *res_size = 0; + goto fin2; + } + + new_mg.dn = strdup(dn); + if (new_mg.dn == NULL) { + rv = NSS_LDAP_MEMORY_ERROR; + goto fin2; + } + + if (__nss_ldap_check_oc(newctx, _OC(&ctx->conf->schema, posixGroup)) == + NSS_LDAP_SUCCESS) { + + rv = sl_add(req->next_requests, new_mg.dn); + if (rv == -1) { + free(new_mg.dn); + rv = NSS_LDAP_MEMORY_ERROR; + goto fin2; + } - printf("3\n"); - res = __nss_ldap_parse_range("member;range=-*", &start, &end); - printf("res: %d, start: %d, end: %d\n", res, start, end); + rv = NSS_LDAP_SUCCESS; + *res_size = 0; + } else { + rv = __nss_ldap_assign_attr_str(newctx, uid_attr, res, + res_size, buf, bufsize); - printf("4\n"); - res = __nss_ldap_parse_range("member;range=1-", &start, &end); - printf("res: %d, start: %d, end: %d\n", res, start, end); + rv = HASHTABLE_ENTRY_STORE(__mg_ht, hash_entry, &new_mg); + if (rv == -1) { + free(new_mg.dn); + rv = NSS_LDAP_MEMORY_ERROR; + } else + rv = NSS_LDAP_SUCCESS; + } + +fin: + if (sreq.attributes != NULL) + sl_free(sreq.attributes, 0); + +fin2: + if (newctx != NULL) + __nss_ldap_end_search(&__nss_ldap_conf->search_method, newctx); + + return (rv); +} - printf("5\n"); - res = __nss_ldap_parse_range("member;range=*-*", &start, &end); - printf("res: %d, start: %d, end: %d\n", res, start, end); +static int +nss_ldap_parse_nested_group(struct nss_ldap_search_context *ctx, + char const *dn, struct map_group_dn_request *dnreq, char ***res, + size_t *res_size, size_t *len, char *buf, size_t bufsize) +{ + struct nss_ldap_search_request sreq; + struct nss_ldap_search_context *newctx; + int rv; + + //printf("__ %s %d %s\n", __FILE__, __LINE__, dn); + memset(&sreq, 0, sizeof(sreq)); + sreq.scope = LDAP_SCOPE_BASE; + sreq.filter = "(objectClass=*)"; + sreq.search_base = (char *)dn; + + //printf("__ %s %d\n", __FILE__, __LINE__); + newctx = __nss_ldap_start_search(&__nss_ldap_conf->search_method, + ctx->conn, ctx->conf, &sreq); + if (newctx == NULL) + return (NSS_LDAP_CONNECTION_ERROR); + + //printf("__ %s %d\n", __FILE__, __LINE__); + rv = __nss_ldap_search_next(&__nss_ldap_conf->search_method, + newctx); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610300946.k9U9kUi2083760>