Index: head/release/doc/en_US.ISO8859-1/relnotes/article.sgml =================================================================== --- head/release/doc/en_US.ISO8859-1/relnotes/article.sgml (revision 229778) +++ head/release/doc/en_US.ISO8859-1/relnotes/article.sgml (revision 229779) @@ -1,563 +1,563 @@ %articles.ent; %release; ]>
&os; &release.current; Release Notes The &os; Project $FreeBSD$ 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 The &os; Documentation Project &tm-attrib.freebsd; &tm-attrib.ibm; &tm-attrib.ieee; &tm-attrib.intel; &tm-attrib.sparc; &tm-attrib.general; The release notes for &os; &release.current; contain a summary of the changes made to the &os; base system on the &release.branch; development line. This document lists applicable security advisories that were issued since the last release, as well as significant changes to the &os; kernel and userland. Some brief remarks on upgrading are also presented. Introduction This document contains the release notes for &os; &release.current;. It describes recently added, changed, or deleted features of &os;. It also provides some notes on upgrading from previous versions of &os;. The &release.type; distribution to which these release notes apply represents the latest point along the &release.branch; development branch since &release.branch; was created. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> The &release.type; distribution to which these release notes apply represents a point along the &release.branch; development branch between &release.prev; and the future &release.next;. Information regarding pre-built, binary &release.type; distributions along this branch can be found at . ]]> This distribution of &os; &release.current; is a &release.type; distribution. It can be found at or any of its mirrors. More information on obtaining this (or other) &release.type; distributions of &os; can be found in the Obtaining &os; appendix to the &os; Handbook. ]]> All users are encouraged to consult the release errata before installing &os;. The errata document is updated with late-breaking information discovered late in the release cycle or after the release. Typically, it contains information on known bugs, security advisories, and corrections to documentation. An up-to-date copy of the errata for &os; &release.current; can be found on the &os; Web site. What's New This section describes the most user-visible new or changed features in &os; since &release.prev;. In general, changes described here are unique to the &release.branch; branch unless specifically marked as &merged; features. Typical release note items document recent security advisories issued after &release.prev;, new drivers or hardware support, new commands or options, major bug fixes, or contributed software upgrades. They may also list changes to major ports/packages or release engineering practices. Clearly the release notes cannot list every single change made to &os; between releases; this document focuses primarily on security advisories, user-visible changes, and major architectural improvements. Security Advisories Kernel Changes A new &man.cpuset.2; API has been added for thread to CPU binding and CPU resource grouping and assignment. The &man.cpuset.1; userland utility has been added to allow manipulation of processor sets. The &man.ddb.4; kernel debugger now has an output capture facility. Input and output from &man.ddb.4; can now be captured to a memory buffer for later inspection using &man.sysctl.8; or a textdump. The new capture command controls this feature. The &man.ddb.4; debugger now supports a simple scripting facility, which supports a set of named scripts consisting of a set of &man.ddb.4; commands. These commands can be managed from within &man.ddb.4; or with the use of the new &man.ddb.8; utility. More details can be found in the &man.ddb.4; manual page. The kernel now supports a new textdump format of kernel dumps. A textdump provides higher-level information via mechanically generated/extracted debugging output, rather than a simple memory dump. This facility can be used to generate brief kernel bug reports that are rich in debugging information, but are not dependent on kernel symbol tables or precisely synchronized source code. More information can be found in the &man.textdump.4; manual page. Kernel support for M:N threading has been removed. While the KSE (Kernel Scheduled Entities) project was quite successful in bringing threading to FreeBSD, the M:N approach taken by the KSE library was never developed to its full potential. Backwards compatibility for applications using KSE threading will be provided via &man.libmap.conf.5; for dynamically linked binaries. The &os; Project greatly appreciates the work of &a.julian;, &a.deischen;, and &a.davidxu; on KSE support. The &os; kernel now exports information about certain kernel features via the kern.features sysctl tree. The &man.feature.present.3; library call provides a convenient interface for user applications to test the presence of features. The &os; kernel now has support for large memory page mappings (superpages). The ULE scheduler is now the default process scheduler in GENERIC kernels. Boot Loader Changes The BTX kernel used by the boot loader has been changed to invoke BIOS routines from real mode. This change makes it possible to boot &os; from USB devices. A new gptboot boot loader has been added to support booting from a GPT labeled disk. A new boot command has been added to &man.gpt.8;, which makes a GPT disk bootable by writing the required bits of the boot loader, creating a new boot partition if required. Hardware Support The &man.cmx.4; driver, a driver for Omnikey CardMan 4040 PCMCIA smartcard readers, has been added. The &man.syscons.4; driver now supports Colemak keyboard layout. The &man.uslcom.4; driver, a driver for Silicon Laboratories CP2101/CP2102-based USB serial adapters, has been imported from OpenBSD. Multimedia Support Network Interface Support The &man.ale.4; driver has been added to provide support for Atheros AR8121/AR8113/AR8114 Gigabit/Fast Ethernet controllers. The &man.em.4; driver has been split into two drivers with some common parts. The &man.em.4; driver will continue to support adapters up to the 82575, as well as new client/desktop adapters. A new &man.igb.4; driver will support new server adapters. The &man.jme.4; driver has been added to provide support for PCIe network adapters based on JMicron JMC250 Gigabit Ethernet and JMC260 Fast Ethernet controllers. The &man.malo.4; driver has been added to provide support for Marvell Libertas 88W8335 based PCI network adapters. The firmware for the &man.mxge.4; driver has been updated from 1.4.25 to 1.4.29. The &man.sf.4; driver has been overhauled to improve its performance and to add support for checksum offloading. It should also work on all architectures. The &man.re.4; driver has been overhauled to fix a number of issues. This driver now has Wake On LAN (WOL) support. The &man.vr.4; driver has been overhauled to fix a number of outstanding issues. It also now works on all architectures. The &man.wpi.4; driver has been updated to include a number of stability fixes. Network Protocols The &man.bpf.4; packet filter and capture facility now supports a zero-copy mode of operation, in which buffers are loaned from a user process to the kernel. This feature can be enabled by setting the net.bpf.zerocopy_enable sysctl variable to 1. ISDN4BSD(I4B), netatm, and all related subsystems have been removed due to lack of multi-processor support. A bug in TCP options padding, where the wrong padding bytes were used, has been fixed. Disks and Storage The &man.aac.4; driver now supports volumes larger than 2TB in size. The &man.ata.4; driver now supports a spindown command for disks; after a configurable amount of time, if no requests have been received for a disk, the disk will be spun down until the next request. The &man.atacontrol.8; utility now supports a spindown command to configure this feature. The &man.hptrr.4; driver has been updated to version 1.2 from Highpoint. File Systems A problem with using &man.mmap.2; on ZFS filesystems has been fixed. A new kernel-mode NFS lock manager has been added, improving performance and behavior of NFS locking. A new &man.clear.locks.8; command has been added to clear locks held on behalf of an NFS client. The ZFS file system has been upgraded to version 28. Changes include Data Deduplication, Triple parity RAIDZ, and zfs diff. Userland Changes The &man.adduser.8; utility now supports a option to set the mode of a new user's home directory. BSD-licensed versions of &man.ar.1; and &man.ranlib.1;, based on libarchive, have replaced the GNU Binutils versions of these utilities. BSD-licensed versions of &man.bc.1; and &man.dc.1; have replaced their GNU counterparts. &man.chflags.1; now supports a flag for verbose output and a flag to ignore errors with the same semantics as (for example) &man.chmod.1;. - For compatiblity with other implementations, &man.cp.1; now + For compatibility with other implementations, &man.cp.1; now supports a flag, which is equivalent to specifying the flags. BSD-licensed version of &man.cpio.1; based on libarchive, has replaced the GNU cpio. Note that the GNU cpio is still installed as gcpio. The &man.env.1; program now supports which will completely unset the given variable name by removing it from the environment, instead of just setting it to a null value. The &man.fdopendir.3; library function has been added. The &man.fetch.3; library now support HTTP 1.1 If-Modified-Since behavior. The &man.fetch.1; program now supports which will only download the specified HTTP URL if the content is newer than filename. &man.find.1; has been enhanced by the addition of a number of primaries that were present in GNU find but not &os; &man.find.1;. &man.kgdb.1; now supports a new add-kld command to make it easier to debug crash dumps with kernel modules. The &man.ls.1; program now supports a option to specify a date format string to be used with the long format () output. &man.nc.1; now supports a switch to disable the use of TCP options. &man.nc.1;'s switch has been deprecated. It will be removed in a future release. The &man.ping6.8; utility now returns 2 when the packet transmission was successful but no responses were received (this is the same behavior as &man.ping.8;). It returned a non-zero value before this change. The &man.procstat.1; utility has been added to display detailed information about processes. The &man.realpath.1; utility now supports a flag to suppress warnings; it now also accepts multiple paths on its command line. &man.sh.1; has many bug fixes, some new features, and will now refuse to parse some invalid scripts. Additionally, it now has filename completion and defaults to the "emacs" editing mode. The &man.split.1; utility now supports a flag to split a file into a certain number of chunks. The &man.tar.1; utility now supports a flag to enable &man.compress.1;-style compression/decompression. The &man.tar.1; utility now supports a flag to ignore user/group names on create and extract. The &man.tar.1; utility now supports an flag to sparsify files on extraction. The &man.tar.1; utility now supports a flag to substitute filenames based on the specified regular expression. The &man.tcgetsid.3; library function has been added to return the process group ID for the session leader for the controlling terminal. It is defined in IEEE Std 1003.1-2001 (POSIX). &man.top.1; now supports a flag to provide per-CPU usage statistics. &man.zdump.8; is now working properly on 64 bit architectures. &man.traceroute.8; now has the ability to print the AS number for each hop with the new switch; a new option allows selecting a particular WHOIS server. &man.traceroute6.8; now supports a flag to send probe packets with no upper-layer protocol, rather than the usual UDP probe packets. <filename>/etc/rc.d</filename> Scripts Contributed Software AMD has been updated from 6.0.10 to 6.1.5. awk has been updated from 1 May 2007 release to the 23 October 2007 release. bzip2 has been updated from 1.0.4 to 1.0.5. CVS has been updated from 1.11.17 to a post-1.11.22 snapshot from 10 March 2008. FILE has been updated from 4.23 to 5.03. hostapd has been updated from 0.5.8 to 0.5.10. IPFilter has been updated from 4.1.23 to 4.1.28. less has been updated from v408 to v429. ncurses has been updated from 5.6-20061217 to 5.6-20080503. OpenSSH has been updated from 4.5p1 to 5.1p1. OpenPAM has been updated from the Figwort release to the Hydrangea release. sendmail has been updated from 8.14.1 to 8.14.5. The timezone database has been updated from the tzdata2008h release to the tzdata2009m release. The stdtime part of libc, &man.zdump.8 and &man.zic.8 have been updated from the tzcode2004a release to the tzcode2009h release. If you have upgraded from source or via the &man.freebsd-update.8, then please run &man.tzsetup.8 to install a new /etc/localtime. WPA Supplicant has been updated from 0.5.8 to 0.5.10. xz has been updated from snapshot as of 12 April 2010 to 5.0.0. Ports/Packages Collection Infrastructure The &man.pkg.create.1; utility now supports . When this option is specified and a package tarball exists, it will not be overwritten. This is useful when multiple packages are saved with several consecutive runs of &man.pkg.create.1; with the options. The pkg_sign and pkg_check utilities for cryptographically signing &os; packages have been removed. They were only useful for packages compressed using &man.gzip.1;; however &man.bzip2.1; compression has been the norm for some time now. Release Engineering and Integration The supported version of the GNOME desktop environment (x11/gnome2) has been updated from 2.20.1 to 2.22. Documentation Upgrading from previous releases of &os; Beginning with &os; 6.2-RELEASE, binary upgrades between RELEASE versions (and snapshots of the various security branches) are supported using the &man.freebsd-update.8; utility. The binary upgrade procedure will update unmodified userland utilities, as well as unmodified GENERIC or SMP kernels distributed as a part of an official &os; release. The &man.freebsd-update.8; utility requires that the host being upgraded have Internet connectivity. Source-based upgrades (those based on recompiling the &os; base system from source code) from previous versions are supported, according to the instructions in /usr/src/UPDATING. Upgrading &os; should, of course, only be attempted after backing up all data and configuration files.
Index: head/release/picobsd/tinyware/passwd/local_passwd.c =================================================================== --- head/release/picobsd/tinyware/passwd/local_passwd.c (revision 229778) +++ head/release/picobsd/tinyware/passwd/local_passwd.c (revision 229779) @@ -1,237 +1,237 @@ /*- * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char sccsid[] = "@(#)local_passwd.c 8.3 (Berkeley) 4/2/94"; #endif /* not lint */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #ifdef YP #include #endif #ifdef LOGGING #include #endif #ifdef LOGIN_CAP #ifdef AUTH_NONE /* multiple defs :-( */ #undef AUTH_NONE #endif #include #endif #include "extern.h" static uid_t uid; int randinit; extern void pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw); char *tempname; static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; void to64(s, v, n) char *s; long v; int n; { while (--n >= 0) { *s++ = itoa64[v&0x3f]; v >>= 6; } } char * getnewpasswd(pw, nis) struct passwd *pw; int nis; { int tries, min_length = 6; int force_mix_case = 1; char *p, *t; #ifdef LOGIN_CAP login_cap_t * lc; #endif char buf[_PASSWORD_LEN+1], salt[32]; struct timeval tv; if (!nis) (void)printf("Changing local password for %s.\n", pw->pw_name); if (uid && pw->pw_passwd[0] && strcmp(crypt(getpass("Old password:"), pw->pw_passwd), pw->pw_passwd)) { errno = EACCES; pw_error(NULL, 1, 1); } #ifdef LOGIN_CAP /* * Determine minimum password length, next password change date, * and whether or not to force mixed case passwords. * Note that even for NIS passwords, login_cap is still used. */ if ((lc = login_getpwclass(pw)) != NULL) { time_t period; /* minpasswordlen capablity */ min_length = (int)login_getcapnum(lc, "minpasswordlen", min_length, min_length); /* passwordtime capability */ period = login_getcaptime(lc, "passwordtime", 0, 0); if (period > (time_t)0) { pw->pw_change = time(NULL) + period; } /* mixpasswordcase capability */ force_mix_case = login_getcapbool(lc, "mixpasswordcase", 1); } #endif for (buf[0] = '\0', tries = 0;;) { p = getpass("New password:"); if (!*p) { (void)printf("Password unchanged.\n"); pw_error(NULL, 0, 0); } if (strlen(p) < min_length && (uid != 0 || ++tries < 2)) { (void)printf("Please enter a password at least %d characters in length.\n", min_length); continue; } if (force_mix_case) { for (t = p; *t && islower(*t); ++t); if (!*t && (uid != 0 || ++tries < 2)) { (void)printf("Please don't use an all-lower case password.\nUnusual capitalization, control characters or digits are suggested.\n"); continue; } } (void)strcpy(buf, p); if (!strcmp(buf, getpass("Retype new password:"))) break; (void)printf("Mismatch; try again, EOF to quit.\n"); } /* grab a random printable character that isn't a colon */ if (!randinit) { randinit = 1; srandomdev(); } #ifdef NEWSALT salt[0] = _PASSWORD_EFMT1; to64(&salt[1], (long)(29 * 25), 4); to64(&salt[5], random(), 4); salt[9] = '\0'; #else - /* Make a good size salt for algoritms that can use it. */ + /* Make a good size salt for algorithms that can use it. */ gettimeofday(&tv,0); #ifdef LOGIN_CAP if (login_setcryptfmt(lc, "md5", NULL) == NULL) pw_error("cannot set password cipher", 1, 1); login_close(lc); #else (void)crypt_set_format("md5"); #endif /* Salt suitable for anything */ to64(&salt[0], random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); to64(&salt[8], random(), 5); to64(&salt[13], random(), 5); to64(&salt[17], random(), 5); to64(&salt[22], random(), 5); salt[27] = '\0'; #endif return (crypt(buf, salt)); } int local_passwd(uname) char *uname; { struct passwd *pw; int pfd, tfd; if (!(pw = getpwnam(uname))) errx(1, "unknown user %s", uname); #ifdef YP /* Use the right password information. */ pw = (struct passwd *)&local_password; #endif uid = getuid(); if (uid && uid != pw->pw_uid) errx(1, "%s", strerror(EACCES)); pw_init(); /* * Get the new password. Reset passwd change time to zero by * default. If the user has a valid login class (or the default * fallback exists), then the next password change date is set * by getnewpasswd() according to the "passwordtime" capability * if one has been specified. */ pw->pw_change = 0; pw->pw_passwd = getnewpasswd(pw, 0); pfd = pw_lock(); tfd = pw_tmp(); pw_copy(pfd, tfd, pw, NULL); if (!pw_mkdb(uname)) pw_error((char *)NULL, 0, 1); #ifdef LOGGING syslog(LOG_DEBUG, "user %s changed their local password\n", uname); #endif return (0); } Index: head/release/picobsd/tinyware/passwd/pw_copy.c =================================================================== --- head/release/picobsd/tinyware/passwd/pw_copy.c (revision 229778) +++ head/release/picobsd/tinyware/passwd/pw_copy.c (revision 229779) @@ -1,304 +1,304 @@ /*- * Copyright (c) 1990, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #ifndef lint static const char sccsid[] = "@(#)pw_copy.c 8.4 (Berkeley) 4/2/94"; #endif /* not lint */ #include __FBSDID("$FreeBSD$"); /* * This module is used to copy the master password file, replacing a single * record, by chpass(1) and passwd(1). */ #include #include #include #include #include #if 0 #include #endif extern int pw_big_ids_warning; extern int pw_scan(char *, struct passwd *); #include extern char *tempname; /* for use in pw_copy(). Compare a pw entry to a pw struct. */ static int pw_equal(char *buf, struct passwd *pw) { struct passwd buf_pw; int len; len = strlen (buf); if (buf[len-1] == '\n') buf[len-1] = '\0'; return (strcmp(pw->pw_name, buf_pw.pw_name) == 0 && pw->pw_uid == buf_pw.pw_uid && pw->pw_gid == buf_pw.pw_gid && strcmp(pw->pw_class, buf_pw.pw_class) == 0 && (long)pw->pw_change == (long)buf_pw.pw_change && (long)pw->pw_expire == (long)buf_pw.pw_expire && strcmp(pw->pw_gecos, buf_pw.pw_gecos) == 0 && strcmp(pw->pw_dir, buf_pw.pw_dir) == 0 && strcmp(pw->pw_shell, buf_pw.pw_shell) == 0); } void pw_copy(int ffd, int tfd, struct passwd *pw, struct passwd *old_pw) { FILE *from, *to; int done; char *p, buf[8192]; char uidstr[20]; char gidstr[20]; char chgstr[20]; char expstr[20]; snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long)pw->pw_uid); snprintf(gidstr, sizeof(gidstr), "%lu", (unsigned long)pw->pw_gid); snprintf(chgstr, sizeof(chgstr), "%ld", (long)pw->pw_change); snprintf(expstr, sizeof(expstr), "%ld", (long)pw->pw_expire); if (!(from = fdopen(ffd, "r"))) pw_error(_PATH_MASTERPASSWD, 1, 1); if (!(to = fdopen(tfd, "w"))) pw_error(tempname, 1, 1); for (done = 0; fgets(buf, sizeof(buf), from);) { if (!strchr(buf, '\n')) { warnx("%s: line too long", _PATH_MASTERPASSWD); pw_error(NULL, 0, 1); } if (done) { (void)fprintf(to, "%s", buf); if (ferror(to)) goto err; continue; } for (p = buf; *p != '\n'; p++) if (*p != ' ' && *p != '\t') break; if (*p == '#' || *p == '\n') { (void)fprintf(to, "%s", buf); if (ferror(to)) goto err; continue; } if (!(p = strchr(buf, ':'))) { warnx("%s: corrupted entry", _PATH_MASTERPASSWD); pw_error(NULL, 0, 1); } *p = '\0'; if (strcmp(buf, pw->pw_name)) { *p = ':'; (void)fprintf(to, "%s", buf); if (ferror(to)) goto err; continue; } *p = ':'; if (old_pw && !pw_equal(buf, old_pw)) { warnx("%s: entry for %s has changed", _PATH_MASTERPASSWD, pw->pw_name); pw_error(NULL, 0, 1); } (void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", pw->pw_name, pw->pw_passwd, pw->pw_fields & _PWF_UID ? uidstr : "", pw->pw_fields & _PWF_GID ? gidstr : "", pw->pw_class, pw->pw_fields & _PWF_CHANGE ? chgstr : "", pw->pw_fields & _PWF_EXPIRE ? expstr : "", pw->pw_gecos, pw->pw_dir, pw->pw_shell); done = 1; if (ferror(to)) goto err; } if (!done) { #ifdef YP /* Ultra paranoid: shouldn't happen. */ if (getuid()) { warnx("%s: not found in %s -- permission denied", pw->pw_name, _PATH_MASTERPASSWD); pw_error(NULL, 0, 1); } else #endif /* YP */ (void)fprintf(to, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n", pw->pw_name, pw->pw_passwd, pw->pw_fields & _PWF_UID ? uidstr : "", pw->pw_fields & _PWF_GID ? gidstr : "", pw->pw_class, pw->pw_fields & _PWF_CHANGE ? chgstr : "", pw->pw_fields & _PWF_EXPIRE ? expstr : "", pw->pw_gecos, pw->pw_dir, pw->pw_shell); } if (ferror(to)) err: pw_error(NULL, 1, 1); (void)fclose(to); } #include #include #include #include #include #include #include #include #include /* * Some software assumes that IDs are short. We should emit warnings * for id's which can not be stored in a short, but we are more liberal * by default, warning for IDs greater than USHRT_MAX. * * If pw_big_ids_warning is anything other than -1 on entry to pw_scan() - * it will be set based on the existance of PW_SCAN_BIG_IDS in the + * it will be set based on the existence of PW_SCAN_BIG_IDS in the * environment. */ int pw_big_ids_warning = -1; int pw_scan(bp, pw) char *bp; struct passwd *pw; { uid_t id; int root; char *p, *sh; if (pw_big_ids_warning == -1) pw_big_ids_warning = getenv("PW_SCAN_BIG_IDS") == NULL ? 1 : 0; pw->pw_fields = 0; if (!(pw->pw_name = strsep(&bp, ":"))) /* login */ goto fmt; root = !strcmp(pw->pw_name, "root"); if(pw->pw_name[0] && (pw->pw_name[0] != '+' || pw->pw_name[1] == '\0')) pw->pw_fields |= _PWF_NAME; if (!(pw->pw_passwd = strsep(&bp, ":"))) /* passwd */ goto fmt; if(pw->pw_passwd[0]) pw->pw_fields |= _PWF_PASSWD; if (!(p = strsep(&bp, ":"))) /* uid */ goto fmt; if (p[0]) pw->pw_fields |= _PWF_UID; else { if (pw->pw_name[0] != '+' && pw->pw_name[0] != '-') { warnx("no uid for user %s", pw->pw_name); return (0); } } id = strtoul(p, (char **)NULL, 10); if (errno == ERANGE) { warnx("%s > max uid value (%lu)", p, ULONG_MAX); return (0); } if (root && id) { warnx("root uid should be 0"); return (0); } if (pw_big_ids_warning && id > USHRT_MAX) { warnx("%s > recommended max uid value (%u)", p, USHRT_MAX); /*return (0);*/ /* THIS SHOULD NOT BE FATAL! */ } pw->pw_uid = id; if (!(p = strsep(&bp, ":"))) /* gid */ goto fmt; if(p[0]) pw->pw_fields |= _PWF_GID; id = strtoul(p, (char **)NULL, 10); if (errno == ERANGE) { warnx("%s > max gid value (%u)", p, ULONG_MAX); return (0); } if (pw_big_ids_warning && id > USHRT_MAX) { warnx("%s > recommended max gid value (%u)", p, USHRT_MAX); /* return (0); This should not be fatal! */ } pw->pw_gid = id; pw->pw_class = strsep(&bp, ":"); /* class */ if(pw->pw_class[0]) pw->pw_fields |= _PWF_CLASS; if (!(p = strsep(&bp, ":"))) /* change */ goto fmt; if(p[0]) pw->pw_fields |= _PWF_CHANGE; pw->pw_change = atol(p); if (!(p = strsep(&bp, ":"))) /* expire */ goto fmt; if(p[0]) pw->pw_fields |= _PWF_EXPIRE; pw->pw_expire = atol(p); if (!(pw->pw_gecos = strsep(&bp, ":"))) /* gecos */ goto fmt; if(pw->pw_gecos[0]) pw->pw_fields |= _PWF_GECOS; if (!(pw->pw_dir = strsep(&bp, ":"))) /* directory */ goto fmt; if(pw->pw_dir[0]) pw->pw_fields |= _PWF_DIR; if (!(pw->pw_shell = strsep(&bp, ":"))) /* shell */ goto fmt; p = pw->pw_shell; if (root && *p) /* empty == /bin/sh */ for (setusershell();;) { if (!(sh = getusershell())) { warnx("warning, unknown root shell"); break; } if (!strcmp(p, sh)) break; } if(p[0]) pw->pw_fields |= _PWF_SHELL; if ((p = strsep(&bp, ":"))) { /* too many */ fmt: warnx("corrupted entry"); return (0); } return (1); } Index: head/release/picobsd/tinyware/simple_httpd/README =================================================================== --- head/release/picobsd/tinyware/simple_httpd/README (revision 229778) +++ head/release/picobsd/tinyware/simple_httpd/README (revision 229779) @@ -1,167 +1,167 @@ Simple_httpd - A small and free Web server "Simple_httpd is like /usr/bin/mail is to mail clients, no frills." This HTTP server can be used in any FreeBSD/PicoBSD application. It has been tested under FreeBSD 2.2.x, 3.x and 4.x. It might work on other OS systems, but it's for FreeBSD primarily. The main advantage to Simple_httpd is that it is very small. The 25K binary can satisfy most needs in a small or embedded appplication. If you want a full featured server see /usr/ports/www/apache* or http://www.apache.org Simple_httpd is released under a BSD style copyright that unlike GPL is embedded developer friendly. The server is designed to be run in one of two modes. The standard mode is a httpd server running in the background serving up a directory of html,gif,cgi whatever. Your traditional www server. The "fetch" mode supports file transfer over httpd. This is best thought of as mate for fetch(1). This feature can be -usefull to transfer a file from one host to another. +useful to transfer a file from one host to another. Simple_httpd has the ability to run CGI scripts. All CGI scripts must be located in ${DOCUMENT_ROOT}/cgi-bin. The -server currently only sets 3 enviroment variables before calling +server currently only sets 3 environment variables before calling the script. -CGI Enviroment variables are below: +CGI Environment variables are below: SERVER_SOFTWARE = FreeBSD/PicoBSD REMOTE_HOST = client.canada_lower_taxes.com REMOTE_ADDR = 200.122.13.108 In most target applications for this server the extra DNS traffic from the remote_addr lookup will likely be on the local lan anyway and not on the other side of the internet. You can turn it off yourself in the code if you want to speed the whole process up. Be sure to turn it off for the logfile also. How to use it? ============== Compile with make, run as follows usage: simple_httpd [-vD] [-d directory] [-g grpid] [-l logfile] [-p port] or usage: simple_httpd [-p port] -f filename -v Run the server verbose. Show the program options that will be used for this process. Will only show information during startup, no messages will be displayed while serving requests. In other words you can still daemonize without fear of output on stdout. -D Do not daemonize. The server will not run in the background. It will -stay attached to the tty. This is usefull for debugging. In this +stay attached to the tty. This is useful for debugging. In this mode no log file is created. Logging info is to stdout. This option is automatically selected if fetch option is selected. -d directory The html document directory, if nothing is provided the default is /httphome if UID is root, otherwise document root is ${HOME}/public_html -l logfile Set the logfile to use. Log messages will be written to /var/log/jhttpd.log if you are root and ${HOME}/jhttpd.log otherwise. If you don't want a log file try "-l /dev/null" -p port Set the port httpd server will listen to. Default is port 80 if you are root and 1080 if you are not. -f filename This is the only option needed to use the "fetch" feature. The file specified will be the ONLY file served to ANY GET request from a browser or fetch(1). Example ======= Standard Mode: -------------- If you have the FreeBSD handbook installed on your machine and would like to serve it up over http for a quick look you could do this simple_httpd -d /usr/share/doc/handbook -l /usr/tmp/jlog.txt -p 1088 -v Any browser would be able to look at the handbook with http://whatever_host/handbook.html:1088 I'm using 1088 as the port since I already have apache running on port 80 and port 1080 on my host. Please note, the handbook is not installed by default in FreeBSD 3.x It must be installed from the ports collection first if you want to try this. Another simple example is to browse your local ports collection: cd /usr/ports make readmes #wait about 1 hour! simple_httpd -p 1080 -v -d /usr/ports Then point your browser at http://whatever_host/README.html Fetch Mode: -------------- This is designed to be used in conjunction with fetch(3). It allows for easy transfer of files from one host to another without messy authentication or pathnames required with ftp. The file to be served up must be readable by the user running simple_httpd. This is not a magic way to avoid permissions and read files. The daemon will only serve up ONE file. The file specified will be returned for every GET request regardless of what the browser asks for. This allows for on the fly naming. sender# simple_httpd -f /usr/tmp/big_file.tgz receiver# fetch http://sender.com/Industrial_Secrets.tgz big_file.tgz was transferred from one machine to another and renamed Industrial_Secrets.tgz at the same time. Tunneling over other TCP ports. Choose something that firewall will probably pass. See /etc/services. sender# simple_httpd -p 53 -f /usr/tmp/big_file.tgz receiver# fetch http://sender.com:53/Industrial_Secrets.tgz To Do ===== -Simple authentication would be very usefull[understatment]. +Simple authentication would be very useful [understatment]. /etc/passwd or PAM would be nice. I think a netmask option would be good. Most internet appliances probably want to restrict traffic to local ethernet anyway. ie: Allow anything from my class C. The server always has 1 zombie process hanging around when it runs as a daemon. Should fix so that it doesn't happen. Anything to make it faster! Man page If anyone has any improvements or ways to easily implement something please let me know. If you make some neat embedded device with PicoBSD I want to know too! Credits ======= This program was originally contributed by Marc Nicholas Major rewrite by William Lloyd $FreeBSD$