From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 19:31:43 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E10CE1065670; Wed, 10 Dec 2008 19:31:42 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id CE2FD8FC1F; Wed, 10 Dec 2008 19:31:42 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAJVgfs040506; Wed, 10 Dec 2008 19:31:42 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAJVg23040505; Wed, 10 Dec 2008 19:31:42 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812101931.mBAJVg23040505@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 19:31:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185872 - in vendor/pf: 3.4/authpf 3.4/contrib 3.4/ftp-proxy 3.4/man 3.4/pfctl 3.4/pflogd 3.5.001/contrib 3.5.001/pfctl 3.5/authpf 3.5/contrib 3.5/ftp-proxy 3.5/man 3.5/pfctl 3.5/pflogd... X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 19:31:43 -0000 Author: mlaier Date: Wed Dec 10 19:31:42 2008 New Revision: 185872 URL: http://svn.freebsd.org/changeset/base/185872 Log: Flatten out the pf userland vendor area Added: vendor/pf/3.4/authpf/ - copied from r185870, vendor/pf/3.4/contrib/pf/authpf/ vendor/pf/3.4/ftp-proxy/ - copied from r185870, vendor/pf/3.4/contrib/pf/ftp-proxy/ vendor/pf/3.4/man/ - copied from r185870, vendor/pf/3.4/contrib/pf/man/ vendor/pf/3.4/pfctl/ - copied from r185870, vendor/pf/3.4/contrib/pf/pfctl/ vendor/pf/3.4/pflogd/ - copied from r185870, vendor/pf/3.4/contrib/pf/pflogd/ vendor/pf/3.5.001/pfctl/ - copied from r185870, vendor/pf/3.5.001/contrib/pf/pfctl/ vendor/pf/3.5/authpf/ - copied from r185870, vendor/pf/3.5/contrib/pf/authpf/ vendor/pf/3.5/ftp-proxy/ - copied from r185870, vendor/pf/3.5/contrib/pf/ftp-proxy/ vendor/pf/3.5/man/ - copied from r185870, vendor/pf/3.5/contrib/pf/man/ vendor/pf/3.5/pfctl/ - copied from r185870, vendor/pf/3.5/contrib/pf/pfctl/ vendor/pf/3.5/pflogd/ - copied from r185870, vendor/pf/3.5/contrib/pf/pflogd/ vendor/pf/3.7/authpf/ - copied from r185870, vendor/pf/3.7/contrib/pf/authpf/ vendor/pf/3.7/ftp-proxy/ - copied from r185870, vendor/pf/3.7/contrib/pf/ftp-proxy/ vendor/pf/3.7/man/ - copied from r185870, vendor/pf/3.7/contrib/pf/man/ vendor/pf/3.7/pfctl/ - copied from r185870, vendor/pf/3.7/contrib/pf/pfctl/ vendor/pf/3.7/pflogd/ - copied from r185870, vendor/pf/3.7/contrib/pf/pflogd/ vendor/pf/4.1/authpf/ - copied from r185870, vendor/pf/4.1/contrib/pf/authpf/ vendor/pf/4.1/ftp-proxy/ - copied from r185870, vendor/pf/4.1/contrib/pf/ftp-proxy/ vendor/pf/4.1/libevent/ - copied from r185870, vendor/pf/4.1/contrib/pf/libevent/ vendor/pf/4.1/man/ - copied from r185870, vendor/pf/4.1/contrib/pf/man/ vendor/pf/4.1/pfctl/ - copied from r185870, vendor/pf/4.1/contrib/pf/pfctl/ vendor/pf/4.1/pflogd/ - copied from r185870, vendor/pf/4.1/contrib/pf/pflogd/ vendor/pf/4.1/tftp-proxy/ - copied from r185870, vendor/pf/4.1/contrib/pf/tftp-proxy/ vendor/pf/dist/authpf/ - copied from r185870, vendor/pf/dist/contrib/pf/authpf/ vendor/pf/dist/ftp-proxy/ - copied from r185870, vendor/pf/dist/contrib/pf/ftp-proxy/ vendor/pf/dist/libevent/ - copied from r185870, vendor/pf/dist/contrib/pf/libevent/ vendor/pf/dist/man/ - copied from r185870, vendor/pf/dist/contrib/pf/man/ vendor/pf/dist/pfctl/ - copied from r185870, vendor/pf/dist/contrib/pf/pfctl/ vendor/pf/dist/pflogd/ - copied from r185870, vendor/pf/dist/contrib/pf/pflogd/ vendor/pf/dist/tftp-proxy/ - copied from r185870, vendor/pf/dist/contrib/pf/tftp-proxy/ Deleted: vendor/pf/3.4/contrib/ vendor/pf/3.5.001/contrib/ vendor/pf/3.5/contrib/ vendor/pf/3.7/contrib/ vendor/pf/4.1/contrib/ vendor/pf/dist/contrib/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 19:33:11 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 576221065673; Wed, 10 Dec 2008 19:33:11 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 430558FC25; Wed, 10 Dec 2008 19:33:11 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAJXBRa040583; Wed, 10 Dec 2008 19:33:11 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAJXBWM040582; Wed, 10 Dec 2008 19:33:11 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812101933.mBAJXBWM040582@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 19:33:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185873 - in vendor/pf: 3.4/authpf 3.4/ftp-proxy 3.4/man 3.4/pfctl 3.4/pflogd 3.5.001/pfctl 3.5/authpf 3.5/ftp-proxy 3.5/man 3.5/pfctl 3.5/pflogd 3.7/authpf 3.7/ftp-proxy 3.7/man 3.7/pf... X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 19:33:11 -0000 Author: mlaier Date: Wed Dec 10 19:33:10 2008 New Revision: 185873 URL: http://svn.freebsd.org/changeset/base/185873 Log: No keyword expansion in vendor code, please. Modified: vendor/pf/3.4/authpf/authpf.8 (props changed) vendor/pf/3.4/authpf/authpf.c (props changed) vendor/pf/3.4/authpf/pathnames.h (props changed) vendor/pf/3.4/ftp-proxy/ftp-proxy.8 (props changed) vendor/pf/3.4/ftp-proxy/ftp-proxy.c (props changed) vendor/pf/3.4/ftp-proxy/getline.c (props changed) vendor/pf/3.4/ftp-proxy/util.c (props changed) vendor/pf/3.4/ftp-proxy/util.h (props changed) vendor/pf/3.4/man/pf.4 (props changed) vendor/pf/3.4/man/pf.conf.5 (props changed) vendor/pf/3.4/man/pf.os.5 (props changed) vendor/pf/3.4/man/pflog.4 (props changed) vendor/pf/3.4/man/pfsync.4 (props changed) vendor/pf/3.4/pfctl/parse.y (props changed) vendor/pf/3.4/pfctl/pf_print_state.c (props changed) vendor/pf/3.4/pfctl/pfctl.8 (props changed) vendor/pf/3.4/pfctl/pfctl.c (props changed) vendor/pf/3.4/pfctl/pfctl.h (props changed) vendor/pf/3.4/pfctl/pfctl_altq.c (props changed) vendor/pf/3.4/pfctl/pfctl_osfp.c (props changed) vendor/pf/3.4/pfctl/pfctl_parser.c (props changed) vendor/pf/3.4/pfctl/pfctl_parser.h (props changed) vendor/pf/3.4/pfctl/pfctl_qstats.c (props changed) vendor/pf/3.4/pfctl/pfctl_radix.c (props changed) vendor/pf/3.4/pfctl/pfctl_table.c (props changed) vendor/pf/3.4/pflogd/pflogd.8 (props changed) vendor/pf/3.4/pflogd/pflogd.c (props changed) vendor/pf/3.4/pflogd/pidfile.c (props changed) vendor/pf/3.4/pflogd/pidfile.h (props changed) vendor/pf/3.5.001/pfctl/parse.y (props changed) vendor/pf/3.5.001/pfctl/pf_print_state.c (props changed) vendor/pf/3.5.001/pfctl/pfctl.8 (props changed) vendor/pf/3.5.001/pfctl/pfctl.c (props changed) vendor/pf/3.5.001/pfctl/pfctl.h (props changed) vendor/pf/3.5.001/pfctl/pfctl_altq.c (props changed) vendor/pf/3.5.001/pfctl/pfctl_osfp.c (props changed) vendor/pf/3.5.001/pfctl/pfctl_parser.c (props changed) vendor/pf/3.5.001/pfctl/pfctl_parser.h (props changed) vendor/pf/3.5.001/pfctl/pfctl_qstats.c (props changed) vendor/pf/3.5.001/pfctl/pfctl_radix.c (props changed) vendor/pf/3.5.001/pfctl/pfctl_table.c (props changed) vendor/pf/3.5/authpf/authpf.8 (props changed) vendor/pf/3.5/authpf/authpf.c (props changed) vendor/pf/3.5/authpf/pathnames.h (props changed) vendor/pf/3.5/ftp-proxy/ftp-proxy.8 (props changed) vendor/pf/3.5/ftp-proxy/ftp-proxy.c (props changed) vendor/pf/3.5/ftp-proxy/getline.c (props changed) vendor/pf/3.5/ftp-proxy/util.c (props changed) vendor/pf/3.5/ftp-proxy/util.h (props changed) vendor/pf/3.5/man/pf.4 (props changed) vendor/pf/3.5/man/pf.conf.5 (props changed) vendor/pf/3.5/man/pf.os.5 (props changed) vendor/pf/3.5/man/pflog.4 (props changed) vendor/pf/3.5/man/pfsync.4 (props changed) vendor/pf/3.5/pfctl/parse.y (props changed) vendor/pf/3.5/pfctl/pf_print_state.c (props changed) vendor/pf/3.5/pfctl/pfctl.8 (props changed) vendor/pf/3.5/pfctl/pfctl.c (props changed) vendor/pf/3.5/pfctl/pfctl.h (props changed) vendor/pf/3.5/pfctl/pfctl_altq.c (props changed) vendor/pf/3.5/pfctl/pfctl_osfp.c (props changed) vendor/pf/3.5/pfctl/pfctl_parser.c (props changed) vendor/pf/3.5/pfctl/pfctl_parser.h (props changed) vendor/pf/3.5/pfctl/pfctl_qstats.c (props changed) vendor/pf/3.5/pfctl/pfctl_radix.c (props changed) vendor/pf/3.5/pfctl/pfctl_table.c (props changed) vendor/pf/3.5/pflogd/pflogd.8 (props changed) vendor/pf/3.5/pflogd/pflogd.c (props changed) vendor/pf/3.5/pflogd/pflogd.h (props changed) vendor/pf/3.5/pflogd/pidfile.c (props changed) vendor/pf/3.5/pflogd/pidfile.h (props changed) vendor/pf/3.5/pflogd/privsep.c (props changed) vendor/pf/3.5/pflogd/privsep_fdpass.c (props changed) vendor/pf/3.7/authpf/authpf.8 (props changed) vendor/pf/3.7/authpf/authpf.c (props changed) vendor/pf/3.7/authpf/pathnames.h (props changed) vendor/pf/3.7/ftp-proxy/ftp-proxy.8 (props changed) vendor/pf/3.7/ftp-proxy/ftp-proxy.c (props changed) vendor/pf/3.7/ftp-proxy/getline.c (props changed) vendor/pf/3.7/ftp-proxy/util.c (props changed) vendor/pf/3.7/ftp-proxy/util.h (props changed) vendor/pf/3.7/man/pf.4 (props changed) vendor/pf/3.7/man/pf.conf.5 (props changed) vendor/pf/3.7/man/pf.os.5 (props changed) vendor/pf/3.7/man/pflog.4 (props changed) vendor/pf/3.7/man/pfsync.4 (props changed) vendor/pf/3.7/pfctl/parse.y (props changed) vendor/pf/3.7/pfctl/pf_print_state.c (props changed) vendor/pf/3.7/pfctl/pfctl.8 (props changed) vendor/pf/3.7/pfctl/pfctl.c (props changed) vendor/pf/3.7/pfctl/pfctl.h (props changed) vendor/pf/3.7/pfctl/pfctl_altq.c (props changed) vendor/pf/3.7/pfctl/pfctl_optimize.c (props changed) vendor/pf/3.7/pfctl/pfctl_osfp.c (props changed) vendor/pf/3.7/pfctl/pfctl_parser.c (props changed) vendor/pf/3.7/pfctl/pfctl_parser.h (props changed) vendor/pf/3.7/pfctl/pfctl_qstats.c (props changed) vendor/pf/3.7/pfctl/pfctl_radix.c (props changed) vendor/pf/3.7/pfctl/pfctl_table.c (props changed) vendor/pf/3.7/pflogd/pflogd.8 (props changed) vendor/pf/3.7/pflogd/pflogd.c (props changed) vendor/pf/3.7/pflogd/pflogd.h (props changed) vendor/pf/3.7/pflogd/pidfile.c (props changed) vendor/pf/3.7/pflogd/pidfile.h (props changed) vendor/pf/3.7/pflogd/privsep.c (props changed) vendor/pf/3.7/pflogd/privsep_fdpass.c (props changed) vendor/pf/4.1/authpf/authpf.8 (props changed) vendor/pf/4.1/authpf/authpf.c (props changed) vendor/pf/4.1/authpf/pathnames.h (props changed) vendor/pf/4.1/ftp-proxy/filter.c (props changed) vendor/pf/4.1/ftp-proxy/filter.h (props changed) vendor/pf/4.1/ftp-proxy/ftp-proxy.8 (props changed) vendor/pf/4.1/ftp-proxy/ftp-proxy.c (props changed) vendor/pf/4.1/libevent/buffer.c (props changed) vendor/pf/4.1/libevent/evbuffer.c (props changed) vendor/pf/4.1/libevent/event-internal.h (props changed) vendor/pf/4.1/libevent/event.c (props changed) vendor/pf/4.1/libevent/event.h (props changed) vendor/pf/4.1/libevent/evsignal.h (props changed) vendor/pf/4.1/libevent/kqueue.c (props changed) vendor/pf/4.1/libevent/log.c (props changed) vendor/pf/4.1/libevent/log.h (props changed) vendor/pf/4.1/libevent/poll.c (props changed) vendor/pf/4.1/libevent/select.c (props changed) vendor/pf/4.1/libevent/signal.c (props changed) vendor/pf/4.1/man/pf.4 (props changed) vendor/pf/4.1/man/pf.conf.5 (props changed) vendor/pf/4.1/man/pf.os.5 (props changed) vendor/pf/4.1/man/pflog.4 (props changed) vendor/pf/4.1/man/pfsync.4 (props changed) vendor/pf/4.1/pfctl/parse.y (props changed) vendor/pf/4.1/pfctl/pf_print_state.c (props changed) vendor/pf/4.1/pfctl/pfctl.8 (props changed) vendor/pf/4.1/pfctl/pfctl.c (props changed) vendor/pf/4.1/pfctl/pfctl.h (props changed) vendor/pf/4.1/pfctl/pfctl_altq.c (props changed) vendor/pf/4.1/pfctl/pfctl_optimize.c (props changed) vendor/pf/4.1/pfctl/pfctl_osfp.c (props changed) vendor/pf/4.1/pfctl/pfctl_parser.c (props changed) vendor/pf/4.1/pfctl/pfctl_parser.h (props changed) vendor/pf/4.1/pfctl/pfctl_qstats.c (props changed) vendor/pf/4.1/pfctl/pfctl_radix.c (props changed) vendor/pf/4.1/pfctl/pfctl_table.c (props changed) vendor/pf/4.1/pflogd/pflogd.8 (props changed) vendor/pf/4.1/pflogd/pflogd.c (props changed) vendor/pf/4.1/pflogd/pflogd.h (props changed) vendor/pf/4.1/pflogd/privsep.c (props changed) vendor/pf/4.1/pflogd/privsep_fdpass.c (props changed) vendor/pf/4.1/tftp-proxy/filter.c (props changed) vendor/pf/4.1/tftp-proxy/filter.h (props changed) vendor/pf/4.1/tftp-proxy/tftp-proxy.8 (props changed) vendor/pf/4.1/tftp-proxy/tftp-proxy.c (props changed) vendor/pf/dist/authpf/authpf.8 (props changed) vendor/pf/dist/authpf/authpf.c (props changed) vendor/pf/dist/authpf/pathnames.h (props changed) vendor/pf/dist/ftp-proxy/filter.c (props changed) vendor/pf/dist/ftp-proxy/filter.h (props changed) vendor/pf/dist/ftp-proxy/ftp-proxy.8 (props changed) vendor/pf/dist/ftp-proxy/ftp-proxy.c (props changed) vendor/pf/dist/ftp-proxy/getline.c (props changed) vendor/pf/dist/ftp-proxy/util.c (props changed) vendor/pf/dist/ftp-proxy/util.h (props changed) vendor/pf/dist/libevent/buffer.c (props changed) vendor/pf/dist/libevent/evbuffer.c (props changed) vendor/pf/dist/libevent/event-internal.h (props changed) vendor/pf/dist/libevent/event.c (props changed) vendor/pf/dist/libevent/event.h (props changed) vendor/pf/dist/libevent/evsignal.h (props changed) vendor/pf/dist/libevent/kqueue.c (props changed) vendor/pf/dist/libevent/log.c (props changed) vendor/pf/dist/libevent/log.h (props changed) vendor/pf/dist/libevent/poll.c (props changed) vendor/pf/dist/libevent/select.c (props changed) vendor/pf/dist/libevent/signal.c (props changed) vendor/pf/dist/man/pf.4 (props changed) vendor/pf/dist/man/pf.conf.5 (props changed) vendor/pf/dist/man/pf.os.5 (props changed) vendor/pf/dist/man/pflog.4 (props changed) vendor/pf/dist/man/pfsync.4 (props changed) vendor/pf/dist/pfctl/parse.y (props changed) vendor/pf/dist/pfctl/pf_print_state.c (props changed) vendor/pf/dist/pfctl/pfctl.8 (props changed) vendor/pf/dist/pfctl/pfctl.c (props changed) vendor/pf/dist/pfctl/pfctl.h (props changed) vendor/pf/dist/pfctl/pfctl_altq.c (props changed) vendor/pf/dist/pfctl/pfctl_optimize.c (props changed) vendor/pf/dist/pfctl/pfctl_osfp.c (props changed) vendor/pf/dist/pfctl/pfctl_parser.c (props changed) vendor/pf/dist/pfctl/pfctl_parser.h (props changed) vendor/pf/dist/pfctl/pfctl_qstats.c (props changed) vendor/pf/dist/pfctl/pfctl_radix.c (props changed) vendor/pf/dist/pfctl/pfctl_table.c (props changed) vendor/pf/dist/pflogd/pflogd.8 (props changed) vendor/pf/dist/pflogd/pflogd.c (props changed) vendor/pf/dist/pflogd/pflogd.h (props changed) vendor/pf/dist/pflogd/pidfile.c (props changed) vendor/pf/dist/pflogd/pidfile.h (props changed) vendor/pf/dist/pflogd/privsep.c (props changed) vendor/pf/dist/pflogd/privsep_fdpass.c (props changed) vendor/pf/dist/tftp-proxy/filter.c (props changed) vendor/pf/dist/tftp-proxy/filter.h (props changed) vendor/pf/dist/tftp-proxy/tftp-proxy.8 (props changed) vendor/pf/dist/tftp-proxy/tftp-proxy.c (props changed) From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 20:54:38 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9071A106564A; Wed, 10 Dec 2008 20:54:38 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7B8E38FC1A; Wed, 10 Dec 2008 20:54:38 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAKscca042256; Wed, 10 Dec 2008 20:54:38 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAKsb8n042234; Wed, 10 Dec 2008 20:54:37 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102054.mBAKsb8n042234@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 20:54:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185876 - in vendor/pf/dist: authpf ftp-proxy man pfctl pflogd tftp-proxy X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 20:54:38 -0000 Author: mlaier Date: Wed Dec 10 20:54:37 2008 New Revision: 185876 URL: http://svn.freebsd.org/changeset/base/185876 Log: Import OPENBSD_4_2_BASE Added: vendor/pf/dist/authpf/Makefile (contents, props changed) vendor/pf/dist/ftp-proxy/Makefile (contents, props changed) vendor/pf/dist/pfctl/Makefile (contents, props changed) vendor/pf/dist/pflogd/Makefile (contents, props changed) vendor/pf/dist/tftp-proxy/Makefile (contents, props changed) Deleted: vendor/pf/dist/ftp-proxy/getline.c vendor/pf/dist/ftp-proxy/util.c vendor/pf/dist/ftp-proxy/util.h vendor/pf/dist/pflogd/pidfile.c vendor/pf/dist/pflogd/pidfile.h Modified: vendor/pf/dist/authpf/authpf.8 vendor/pf/dist/ftp-proxy/filter.c vendor/pf/dist/ftp-proxy/filter.h vendor/pf/dist/ftp-proxy/ftp-proxy.8 vendor/pf/dist/ftp-proxy/ftp-proxy.c vendor/pf/dist/man/pf.4 vendor/pf/dist/man/pf.conf.5 vendor/pf/dist/man/pf.os.5 vendor/pf/dist/man/pflog.4 vendor/pf/dist/man/pfsync.4 vendor/pf/dist/pfctl/parse.y vendor/pf/dist/pfctl/pf_print_state.c vendor/pf/dist/pfctl/pfctl.8 vendor/pf/dist/pfctl/pfctl.c vendor/pf/dist/pfctl/pfctl.h vendor/pf/dist/pfctl/pfctl_altq.c vendor/pf/dist/pflogd/pflogd.8 vendor/pf/dist/pflogd/pflogd.c vendor/pf/dist/tftp-proxy/filter.c vendor/pf/dist/tftp-proxy/tftp-proxy.8 Added: vendor/pf/dist/authpf/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/pf/dist/authpf/Makefile Wed Dec 10 20:54:37 2008 (r185876) @@ -0,0 +1,11 @@ +# $OpenBSD: Makefile,v 1.12 2004/04/25 19:24:52 deraadt Exp $ + +PROG= authpf +MAN= authpf.8 +BINOWN= root +BINGRP= authpf +BINMODE= 6555 +SRCS= authpf.c +CFLAGS+= -Wall + +.include Modified: vendor/pf/dist/authpf/authpf.8 ============================================================================== --- vendor/pf/dist/authpf/authpf.8 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/authpf/authpf.8 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: authpf.8,v 1.43 2007/02/24 17:21:04 beck Exp $ +.\" $OpenBSD: authpf.8,v 1.44 2007/05/31 19:20:22 jmc Exp $ .\" .\" Copyright (c) 1998-2007 Bob Beck (beck@openbsd.org>. All rights reserved. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd January 10, 2002 +.Dd $Mdocdate$ .Dt AUTHPF 8 .Os .Sh NAME Added: vendor/pf/dist/ftp-proxy/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/pf/dist/ftp-proxy/Makefile Wed Dec 10 20:54:37 2008 (r185876) @@ -0,0 +1,13 @@ +# $OpenBSD: Makefile,v 1.3 2006/11/26 11:31:13 deraadt Exp $ + +PROG= ftp-proxy +SRCS= ftp-proxy.c filter.c +MAN= ftp-proxy.8 + +CFLAGS+= -I${.CURDIR} +CFLAGS+= -Wall -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith \ + -Wno-uninitialized +LDADD+= -levent +DPADD+= ${LIBEVENT} + +.include Modified: vendor/pf/dist/ftp-proxy/filter.c ============================================================================== --- vendor/pf/dist/ftp-proxy/filter.c Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/ftp-proxy/filter.c Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.5 2006/12/01 07:31:21 camield Exp $ */ +/* $OpenBSD: filter.c,v 1.6 2007/08/01 09:31:41 henning Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -53,7 +53,7 @@ static struct pfioc_rule pfr; static struct pfioc_trans pft; static struct pfioc_trans_e pfte[TRANS_SIZE]; static int dev, rule_log; -static char *qname; +static char *qname, *tagname; int add_filter(u_int32_t id, u_int8_t dir, struct sockaddr *src, @@ -159,11 +159,12 @@ do_rollback(void) } void -init_filter(char *opt_qname, int opt_verbose) +init_filter(char *opt_qname, char *opt_tagname, int opt_verbose) { struct pf_status status; qname = opt_qname; + tagname = opt_tagname; if (opt_verbose == 1) rule_log = PF_LOG; @@ -276,6 +277,8 @@ prepare_rule(u_int32_t id, int rs_num, s } pfr.rule.dst.port_op = PF_OP_EQ; pfr.rule.dst.port[0] = htons(d_port); + if (tagname != NULL) + strlcpy(pfr.rule.tagname, tagname, sizeof pfr.rule.tagname); switch (rs_num) { case PF_RULESET_FILTER: Modified: vendor/pf/dist/ftp-proxy/filter.h ============================================================================== --- vendor/pf/dist/ftp-proxy/filter.h Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/ftp-proxy/filter.h Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.h,v 1.3 2005/06/07 14:12:07 camield Exp $ */ +/* $OpenBSD: filter.h,v 1.4 2007/08/01 09:31:41 henning Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -26,6 +26,6 @@ int add_rdr(u_int32_t, struct sockaddr * struct sockaddr *, u_int16_t); int do_commit(void); int do_rollback(void); -void init_filter(char *, int); +void init_filter(char *, char *, int); int prepare_commit(u_int32_t); int server_lookup(struct sockaddr *, struct sockaddr *, struct sockaddr *); Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.8 ============================================================================== --- vendor/pf/dist/ftp-proxy/ftp-proxy.8 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/ftp-proxy/ftp-proxy.8 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.7 2006/12/30 13:01:54 camield Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.10 2007/08/01 15:45:41 jmc Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd November 28, 2004 +.Dd $Mdocdate$ .Dt FTP-PROXY 8 .Os .Sh NAME @@ -22,6 +22,7 @@ .Nd Internet File Transfer Protocol proxy daemon .Sh SYNOPSIS .Nm ftp-proxy +.Bk -words .Op Fl 6Adrv .Op Fl a Ar address .Op Fl b Ar address @@ -31,7 +32,9 @@ .Op Fl p Ar port .Op Fl q Ar queue .Op Fl R Ar address +.Op Fl T Ar tag .Op Fl t Ar timeout +.Ek .Sh DESCRIPTION .Nm is a proxy for the Internet File Transfer Protocol. @@ -128,6 +131,10 @@ connections to another proxy. .It Fl r Rewrite sourceport to 20 in active mode to suit ancient clients that insist on this RFC property. +.It Fl T Ar tag +Automatically tag packets passing through the +.Xr pf 4 +rule with the name supplied. .It Fl t Ar timeout Number of seconds that the control connection can be idle, before the proxy will disconnect. Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.c ============================================================================== --- vendor/pf/dist/ftp-proxy/ftp-proxy.c Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/ftp-proxy/ftp-proxy.c Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp-proxy.c,v 1.13 2006/12/30 13:24:00 camield Exp $ */ +/* $OpenBSD: ftp-proxy.c,v 1.15 2007/08/15 15:18:02 camield Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -102,6 +102,7 @@ u_int16_t pick_proxy_port(void); void proxy_reply(int, struct sockaddr *, u_int16_t); void server_error(struct bufferevent *, short, void *); int server_parse(struct session *s); +int allow_data_connection(struct session *s); void server_read(struct bufferevent *, void *); const char *sock_ntop(struct sockaddr *); void usage(void); @@ -113,7 +114,7 @@ char ntop_buf[NTOP_BUFS][INET6_ADDRSTRLE struct sockaddr_storage fixed_server_ss, fixed_proxy_ss; char *fixed_server, *fixed_server_port, *fixed_proxy, *listen_ip, *listen_port, - *qname; + *qname, *tagname; int anonymous_only, daemonize, id_count, ipv6_mode, loglevel, max_sessions, rfc_mode, session_count, timeout, verbose; extern char *__progname; @@ -149,8 +150,19 @@ client_parse(struct session *s) return (1); if (linebuf[0] == 'P' || linebuf[0] == 'p' || - linebuf[0] == 'E' || linebuf[0] == 'e') - return (client_parse_cmd(s)); + linebuf[0] == 'E' || linebuf[0] == 'e') { + if (!client_parse_cmd(s)) + return (0); + + /* + * Allow active mode connections immediately, instead of + * waiting for a positive reply from the server. Some + * rare servers/proxies try to probe or setup the data + * connection before an actual transfer request. + */ + if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) + return (allow_data_connection(s)); + } if (anonymous_only && (linebuf[0] == 'U' || linebuf[0] == 'u')) return (client_parse_anon(s)); @@ -588,6 +600,7 @@ main(int argc, char *argv[]) max_sessions = 100; qname = NULL; rfc_mode = 0; + tagname = NULL; timeout = 24 * 3600; verbose = 0; @@ -595,7 +608,7 @@ main(int argc, char *argv[]) id_count = 1; session_count = 0; - while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rt:v")) != -1) { + while ((ch = getopt(argc, argv, "6Aa:b:D:dm:P:p:q:R:rT:t:v")) != -1) { switch (ch) { case '6': ipv6_mode = 1; @@ -640,6 +653,11 @@ main(int argc, char *argv[]) case 'r': rfc_mode = 1; break; + case 'T': + if (strlen(optarg) >= PF_TAG_NAME_SIZE) + errx(1, "tagname too long"); + tagname = optarg; + break; case 't': timeout = strtonum(optarg, 0, 86400, &errstr); if (errstr) @@ -720,7 +738,7 @@ main(int argc, char *argv[]) freeaddrinfo(res); /* Initialize pf. */ - init_filter(qname, verbose); + init_filter(qname, tagname, verbose); if (daemonize) { if (daemon(0, 0) == -1) @@ -888,12 +906,26 @@ server_error(struct bufferevent *bufev, int server_parse(struct session *s) { - struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa; - int prepared = 0; - if (s->cmd == CMD_NONE || linelen < 4 || linebuf[0] != '2') goto out; + if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) || + (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0)) + return (allow_data_connection(s)); + + out: + s->cmd = CMD_NONE; + s->port = 0; + + return (1); +} + +int +allow_data_connection(struct session *s) +{ + struct sockaddr *client_sa, *orig_sa, *proxy_sa, *server_sa; + int prepared = 0; + /* * The pf rules below do quite some NAT rewriting, to keep up * appearances. Points to keep in mind: @@ -918,8 +950,7 @@ server_parse(struct session *s) orig_sa = sstosa(&s->server_ss); /* Passive modes. */ - if ((s->cmd == CMD_PASV && strncmp("227 ", linebuf, 4) == 0) || - (s->cmd == CMD_EPSV && strncmp("229 ", linebuf, 4) == 0)) { + if (s->cmd == CMD_PASV || s->cmd == CMD_EPSV) { s->port = parse_port(s->cmd); if (s->port < MIN_PORT) { logmsg(LOG_CRIT, "#%d bad port in '%s'", s->id, @@ -960,8 +991,7 @@ server_parse(struct session *s) } /* Active modes. */ - if ((s->cmd == CMD_PORT || s->cmd == CMD_EPRT) && - strncmp("200 ", linebuf, 4) == 0) { + if (s->cmd == CMD_PORT || s->cmd == CMD_EPRT) { logmsg(LOG_INFO, "#%d active: server to client port %d" " via port %d", s->id, s->port, s->proxy_port); @@ -1011,7 +1041,6 @@ server_parse(struct session *s) goto fail; } - out: s->cmd = CMD_NONE; s->port = 0; @@ -1088,6 +1117,6 @@ usage(void) { fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]" " [-D level] [-m maxsessions]\n [-P port]" - " [-p port] [-q queue] [-R address] [-t timeout]\n", __progname); + " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname); exit(1); } Modified: vendor/pf/dist/man/pf.4 ============================================================================== --- vendor/pf/dist/man/pf.4 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/man/pf.4 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.4,v 1.58 2007/02/09 11:39:06 henning Exp $ +.\" $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $ .\" .\" Copyright (C) 2001, Kjell Wooding. All rights reserved. .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 24, 2001 +.Dd $Mdocdate$ .Dt PF 4 .Os .Sh NAME Modified: vendor/pf/dist/man/pf.conf.5 ============================================================================== --- vendor/pf/dist/man/pf.conf.5 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/man/pf.conf.5 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.376 2006/12/01 07:23:26 camield Exp $ +.\" $OpenBSD: pf.conf.5,v 1.383 2007/07/17 16:27:38 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 19, 2002 +.Dd $Mdocdate: June 26 2007 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -402,9 +402,10 @@ set limit { states 20000, frags 20000, s .Bl -tag -width xxxxxxxx -compact .It Ar none Disable the ruleset optimizer. -This is the default behaviour. .It Ar basic -Enable basic ruleset optimization, which does four things to improve the +Enable basic ruleset optimization. +This is the default behaviour. +Basic ruleset optimization does four things to improve the performance of ruleset evaluations: .Pp .Bl -enum -compact @@ -1247,7 +1248,7 @@ block all .Ed .It Ar pass The packet is passed; -state is created state unless the +state is created unless the .Ar no state option is specified. .El @@ -1418,7 +1419,8 @@ This rule applies only to packets with t addresses and ports. .Pp Addresses can be specified in CIDR notation (matching netblocks), as -symbolic host names or interface names, or as any of the following keywords: +symbolic host names, interface names or interface group names, or as any +of the following keywords: .Pp .Bl -tag -width xxxxxxxxxxxxxx -compact .It Ar any @@ -1440,7 +1442,7 @@ the route back to the packet's source ad Any address that matches the given table. .El .Pp -Interface names can have modifiers appended: +Interface names and interface group names can have modifiers appended: .Pp .Bl -tag -width xxxxxxxxxxxx -compact .It Ar :network @@ -1603,7 +1605,7 @@ Flags not specified in are ignored. For stateful connections, the default is .Ar flags S/SA . -To indicate that flags should not be checkd at all, specify +To indicate that flags should not be checked at all, specify .Ar flags any . The flags are: (F)IN, (S)YN, (R)ST, (P)USH, (A)CK, (U)RG, (E)CE, and C(W)R. .Bl -tag -width Fl @@ -1687,13 +1689,14 @@ pass all tos 0x10 pass all tos 16 .Ed .It Ar allow-opts -By default, packets which contain IP options are blocked. +By default, IPv4 packets with IP options or IPv6 packets with routing +extension headers are blocked. When .Ar allow-opts is specified for a .Ar pass rule, packets that pass the filter based on that rule (last matching) -do so even if they contain IP options. +do so even if they contain IP options or routing extension headers. For packets that match state, the rule that initially created the state is used. The implicit @@ -1914,7 +1917,7 @@ pool options. Note that by default these associations are destroyed as soon as there are no longer states which refer to them; in order to make the mappings last beyond the lifetime of the states, increase the global options with -.Ar set timeout source-track +.Ar set timeout src.track . See .Sx STATEFUL TRACKING OPTIONS for more ways to control the source tracking. @@ -2759,7 +2762,7 @@ option = "set" ( [ "timeout" ( t [ "state-policy" ( "if-bound" | "floating" ) ] [ "require-order" ( "yes" | "no" ) ] [ "fingerprints" filename ] | - [ "skip on" ( interface-name | "{" interface-list "}" ) ] | + [ "skip on" ifspec ] | [ "debug" ( "none" | "urgent" | "misc" | "loud" ) ] ) pf-rule = action [ ( "in" | "out" ) ] @@ -2801,8 +2804,7 @@ rdr-rule = [ "no" ] "rdr" [ "pass" [ portspec ] [ pooltype ] ] antispoof-rule = "antispoof" [ "log" ] [ "quick" ] - "for" ( interface-name | "{" interface-list "}" ) - [ af ] [ "label" string ] + "for" ifspec [ af ] [ "label" string ] table-rule = "table" "\*(Lt" string "\*(Gt" [ tableopts-list ] tableopts-list = tableopts-list tableopts | tableopts @@ -2810,8 +2812,8 @@ tableopts = "persist" | "const" | " "{" [ tableaddr-list ] "}" tableaddr-list = tableaddr-list [ "," ] tableaddr-spec | tableaddr-spec tableaddr-spec = [ "!" ] tableaddr [ "/" mask-bits ] -tableaddr = hostname | ipv4-dotted-quad | ipv6-coloned-hex | - interface-name | "self" +tableaddr = hostname | ifspec | "self" | + ipv4-dotted-quad | ipv6-coloned-hex altq-rule = "altq on" interface-name queueopts-list "queue" subqueue @@ -2842,8 +2844,10 @@ return = "drop" | "return" | "re icmpcode = ( icmp-code-name | icmp-code-number ) icmp6code = ( icmp6-code-name | icmp6-code-number ) -ifspec = ( [ "!" ] interface-name ) | "{" interface-list "}" -interface-list = [ "!" ] interface-name [ [ "," ] interface-list ] +ifspec = ( [ "!" ] ( interface-name | interface-group ) ) | + "{" interface-list "}" +interface-list = [ "!" ] ( interface-name | interface-group ) + [ [ "," ] interface-list ] route = ( "route-to" | "reply-to" | "dup-to" ) ( routehost | "{" routehost-list "}" ) [ pooltype ] @@ -2863,8 +2867,9 @@ ipspec = "any" | host | "{" host host = [ "!" ] ( address [ "/" mask-bits ] | "\*(Lt" string "\*(Gt" ) redirhost = address [ "/" mask-bits ] routehost = "(" interface-name [ address [ "/" mask-bits ] ] ")" -address = ( interface-name | "(" interface-name ")" | hostname | - ipv4-dotted-quad | ipv6-coloned-hex ) +address = ( interface-name | interface-group | + "(" ( interface-name | interface-group ) ")" | + hostname | ipv4-dotted-quad | ipv6-coloned-hex ) host-list = host [ [ "," ] host-list ] redirhost-list = redirhost [ [ "," ] redirhost-list ] routehost-list = routehost [ [ "," ] routehost-list ] Modified: vendor/pf/dist/man/pf.os.5 ============================================================================== --- vendor/pf/dist/man/pf.os.5 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/man/pf.os.5 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.os.5,v 1.7 2005/11/16 20:07:18 stevesk Exp $ +.\" $OpenBSD: pf.os.5,v 1.8 2007/05/31 19:19:58 jmc Exp $ .\" .\" Copyright (c) 2003 Mike Frantzen .\" @@ -13,7 +13,7 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd August 18, 2003 +.Dd $Mdocdate$ .Dt PF.OS 5 .Os .Sh NAME Modified: vendor/pf/dist/man/pflog.4 ============================================================================== --- vendor/pf/dist/man/pflog.4 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/man/pflog.4 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pflog.4,v 1.9 2006/10/25 12:51:31 jmc Exp $ +.\" $OpenBSD: pflog.4,v 1.10 2007/05/31 19:19:51 jmc Exp $ .\" .\" Copyright (c) 2001 Tobias Weingartner .\" All rights reserved. @@ -23,7 +23,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd December 10, 2001 +.Dd $Mdocdate$ .Dt PFLOG 4 .Os .Sh NAME Modified: vendor/pf/dist/man/pfsync.4 ============================================================================== --- vendor/pf/dist/man/pfsync.4 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/man/pfsync.4 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfsync.4,v 1.24 2006/10/23 07:05:49 jmc Exp $ +.\" $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\" .\" Copyright (c) 2002 Michael Shalayeff .\" Copyright (c) 2003-2004 Ryan McBride @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 29, 2002 +.Dd $Mdocdate$ .Dt PFSYNC 4 .Os .Sh NAME Added: vendor/pf/dist/pfctl/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/pf/dist/pfctl/Makefile Wed Dec 10 20:54:37 2008 (r185876) @@ -0,0 +1,18 @@ +# $OpenBSD: Makefile,v 1.19 2006/12/24 18:52:43 miod Exp $ + +PROG= pfctl +SRCS= pfctl.c parse.y pfctl_parser.c pf_print_state.c pfctl_altq.c +SRCS+= pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c +SRCS+= pfctl_optimize.c pf_ruleset.c +CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized +CFLAGS+= -Wstrict-prototypes -I${.CURDIR} +YFLAGS= +MAN= pfctl.8 + +# Ruleset and Anchor handling +.PATH: ${.CURDIR}/../../sys/net + +LDADD+= -lm +DPADD+= ${LIBM} + +.include Modified: vendor/pf/dist/pfctl/parse.y ============================================================================== --- vendor/pf/dist/pfctl/parse.y Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pfctl/parse.y Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.517 2007/02/03 23:26:40 dhartmei Exp $ */ +/* $OpenBSD: parse.y,v 1.519 2007/06/21 19:30:03 henning Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -425,7 +425,7 @@ typedef struct { %type tos not yesno %type no dir af fragcache optimizer %type sourcetrack flush unaryop statelock -%type action nataction natpass scrubaction +%type action nataction natpasslog scrubaction %type flags flag blockspec %type port rport %type hashkey @@ -3439,12 +3439,13 @@ redirection : /* empty */ { $$ = NULL; } ; -natpass : /* empty */ { $$.b1 = $$.b2 = 0; } - | PASS { $$.b1 = 1; $$.b2 = 0; } +natpasslog : /* empty */ { $$.b1 = $$.b2 = 0; $$.w2 = 0; } + | PASS { $$.b1 = 1; $$.b2 = 0; $$.w2 = 0; } | PASS log { $$.b1 = 1; $$.b2 = $2.log; $$.w2 = $2.logif; } + | log { $$.b1 = 0; $$.b2 = $1.log; $$.w2 = $1.logif; } ; -nataction : no NAT natpass { +nataction : no NAT natpasslog { if ($1 && $3.b1) { yyerror("\"pass\" not valid with \"no\""); YYERROR; @@ -3457,7 +3458,7 @@ nataction : no NAT natpass { $$.w = $3.b2; $$.w2 = $3.w2; } - | no RDR natpass { + | no RDR natpasslog { if ($1 && $3.b1) { yyerror("\"pass\" not valid with \"no\""); YYERROR; @@ -3631,7 +3632,7 @@ natrule : nataction interface af proto } ; -binatrule : no BINAT natpass interface af proto FROM host TO ipspec tag +binatrule : no BINAT natpasslog interface af proto FROM host TO ipspec tag tagged rtable redirection { struct pf_rule binat; Modified: vendor/pf/dist/pfctl/pf_print_state.c ============================================================================== --- vendor/pf/dist/pfctl/pf_print_state.c Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pfctl/pf_print_state.c Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_print_state.c,v 1.44 2007/03/01 17:20:53 deraadt Exp $ */ +/* $OpenBSD: pf_print_state.c,v 1.45 2007/05/31 04:13:37 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -151,7 +151,7 @@ print_name(struct pf_addr *addr, sa_fami } void -print_host(struct pf_state_host *h, sa_family_t af, int opts) +print_host(struct pfsync_state_host *h, sa_family_t af, int opts) { u_int16_t p = ntohs(h->port); @@ -180,7 +180,7 @@ print_host(struct pf_state_host *h, sa_f } void -print_seq(struct pf_state_peer *p) +print_seq(struct pfsync_state_peer *p) { if (p->seqdiff) printf("[%u + %u](+%u)", p->seqlo, p->seqhi - p->seqlo, @@ -190,9 +190,9 @@ print_seq(struct pf_state_peer *p) } void -print_state(struct pf_state *s, int opts) +print_state(struct pfsync_state *s, int opts) { - struct pf_state_peer *src, *dst; + struct pfsync_state_peer *src, *dst; struct protoent *p; int min, sec; @@ -203,7 +203,7 @@ print_state(struct pf_state *s, int opts src = &s->dst; dst = &s->src; } - printf("%s ", s->u.ifname); + printf("%s ", s->ifname); if ((p = getprotobynumber(s->proto)) != NULL) printf("%s ", p->p_name); else @@ -278,20 +278,23 @@ print_state(struct pf_state *s, int opts s->expire /= 60; printf(", expires in %.2u:%.2u:%.2u", s->expire, min, sec); printf(", %llu:%llu pkts, %llu:%llu bytes", - s->packets[0], s->packets[1], s->bytes[0], s->bytes[1]); - if (s->anchor.nr != -1) - printf(", anchor %u", s->anchor.nr); - if (s->rule.nr != -1) - printf(", rule %u", s->rule.nr); - if (s->src_node != NULL) + pf_state_counter_from_pfsync(s->packets[0]), + pf_state_counter_from_pfsync(s->packets[1]), + pf_state_counter_from_pfsync(s->bytes[0]), + pf_state_counter_from_pfsync(s->bytes[1])); + if (s->anchor != -1) + printf(", anchor %u", s->anchor); + if (s->rule != -1) + printf(", rule %u", s->rule); + if (s->sync_flags & PFSYNC_FLAG_SRCNODE) printf(", source-track"); - if (s->nat_src_node != NULL) + if (s->sync_flags & PFSYNC_FLAG_NATSRCNODE) printf(", sticky-address"); printf("\n"); } if (opts & PF_OPT_VERBOSE2) { printf(" id: %016llx creatorid: %08x%s\n", - betoh64(s->id), ntohl(s->creatorid), + pf_state_counter_from_pfsync(s->id), ntohl(s->creatorid), ((s->sync_flags & PFSTATE_NOSYNC) ? " (no-sync)" : "")); } } Modified: vendor/pf/dist/pfctl/pfctl.8 ============================================================================== --- vendor/pf/dist/pfctl/pfctl.8 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pfctl/pfctl.8 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.128 2007/01/30 21:01:56 jmc Exp $ +.\" $OpenBSD: pfctl.8,v 1.133 2007/07/01 11:38:51 henning Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 20, 2002 +.Dd $Mdocdate: May 31 2007 $ .Dt PFCTL 8 .Os .Sh NAME @@ -42,14 +42,14 @@ .Op Fl i Ar interface .Op Fl K Ar host | network .Op Fl k Ar host | network -.Op Fl o Op Ar level +.Op Fl o Ar level .Op Fl p Ar device .Op Fl s Ar modifier -.Oo -.Fl t Ar table +.Xo +.Oo Fl t Ar table .Fl T Ar command -.Op Ar address ... -.Oc +.Op Ar address ... Oc +.Xc .Op Fl x Ar level .Ek .Sh DESCRIPTION @@ -209,7 +209,7 @@ Flush the NAT rules. Flush the queue rules. .It Fl F Cm rules Flush the filter rules. -.It Fl F Cm state +.It Fl F Cm states Flush the state table (NAT and filter). .It Fl F Cm Sources Flush the source tracking table. @@ -296,58 +296,20 @@ Do not actually load rules, just parse t .It Fl O Load only the options present in the rule file. Other rules and options are ignored. -.It Fl o Op Ar level -Control the ruleset optimizer. -The ruleset optimizer attempts to improve rulesets by removing rule -duplication and making better use of rule ordering. +.It Fl o Ar level +Control the ruleset optimizer, overriding any rule file settings. .Pp .Bl -tag -width xxxxxxxxxxxx -compact .It Fl o Cm none Disable the ruleset optimizer. .It Fl o Cm basic Enable basic ruleset optimizations. +This is the default behaviour. .It Fl o Cm profile Enable basic ruleset optimizations with profiling. .El -.Pp -.Cm basic -optimization does does four things: -.Pp -.Bl -enum -compact -.It -remove duplicate rules -.It -remove rules that are a subset of another rule -.It -combine multiple rules into a table when advantageous -.It -re-order the rules to improve evaluation performance -.El -.Pp -If -.Cm profile -is specified, the currently loaded ruleset will be examined as a feedback -profile to tailor the optimization of the -.Ar quick -rules to the actual network behavior. -.Pp -It is important to note that the ruleset optimizer will modify the ruleset -to improve performance. -A side effect of the ruleset modification is that per-rule accounting -statistics will have different meanings than before. -If per-rule accounting is important for billing purposes or whatnot, either -the ruleset optimizer should not be used or a -.Ar label -field should be added to all of the accounting rules to act as optimization -barriers. -.Pp -To retain compatibility with previous behaviour, a single -.Fl o -without any options will enable -.Cm basic -optimizations, and a second -.Fl o -will enable profiling. +For further information on the ruleset optimizer, see +.Xr pf.conf 5 . .It Fl p Ar device Use the device file .Ar device @@ -402,7 +364,7 @@ If .Fl v is specified, all anchors attached under the target anchor will be displayed recursively. -.It Fl s Cm state +.It Fl s Cm states Show the contents of the state table. .It Fl s Cm Sources Show the contents of the source tracking table. Modified: vendor/pf/dist/pfctl/pfctl.c ============================================================================== --- vendor/pf/dist/pfctl/pfctl.c Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pfctl/pfctl.c Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.262 2007/03/01 17:20:53 deraadt Exp $ */ +/* $OpenBSD: pfctl.c,v 1.268 2007/06/30 18:25:08 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -201,11 +201,11 @@ static const struct { static const char *clearopt_list[] = { "nat", "queue", "rules", "Sources", - "state", "info", "Tables", "osfp", "all", NULL + "states", "info", "Tables", "osfp", "all", NULL }; static const char *showopt_list[] = { - "nat", "queue", "rules", "Anchors", "Sources", "state", "info", + "nat", "queue", "rules", "Anchors", "Sources", "states", "info", "Interfaces", "labels", "timeouts", "memory", "Tables", "osfp", "all", NULL }; @@ -220,7 +220,7 @@ static const char *debugopt_list[] = { }; static const char *optiopt_list[] = { - "o", "none", "basic", "profile", NULL + "none", "basic", "profile", NULL }; void @@ -231,8 +231,8 @@ usage(void) fprintf(stderr, "usage: %s [-AdeghmNnOqRrvz] ", __progname); fprintf(stderr, "[-a anchor] [-D macro=value] [-F modifier]\n"); fprintf(stderr, "\t[-f file] [-i interface] [-K host | network] "); - fprintf(stderr, "[-k host | network ]\n"); - fprintf(stderr, "\t[-o [level]] [-p device] [-s modifier ]\n"); + fprintf(stderr, "[-k host | network]\n"); + fprintf(stderr, "\t[-o level] [-p device] [-s modifier]\n"); fprintf(stderr, "\t[-t table -T command [address ...]] [-x level]\n"); exit(1); } @@ -998,7 +998,7 @@ int pfctl_show_states(int dev, const char *iface, int opts) { struct pfioc_states ps; - struct pf_state *p; + struct pfsync_state *p; char *inbuf = NULL, *newinbuf = NULL; unsigned len = 0; int i, dotitle = (opts & PF_OPT_SHOWALL); @@ -1029,7 +1029,7 @@ pfctl_show_states(int dev, const char *i } p = ps.ps_states; for (i = 0; i < ps.ps_len; i += sizeof(*p), p++) { - if (iface != NULL && strcmp(p->u.ifname, iface)) + if (iface != NULL && strcmp(p->ifname, iface)) continue; if (dotitle) { pfctl_print_title("STATES:"); @@ -1954,7 +1954,7 @@ main(int argc, char *argv[]) int ch; int mode = O_RDONLY; int opts = 0; - int optimize = 0; + int optimize = PF_OPTIMIZE_BASIC; char anchorname[MAXPATHLEN]; char *path; FILE *fin = NULL; @@ -1963,7 +1963,7 @@ main(int argc, char *argv[]) usage(); while ((ch = getopt(argc, argv, - "a:AdD:eqf:F:ghi:k:K:mnNOo::p:rRs:t:T:vx:z")) != -1) { + "a:AdD:eqf:F:ghi:k:K:mnNOo:p:rRs:t:T:vx:z")) != -1) { switch (ch) { case 'a': anchoropt = optarg; @@ -2039,24 +2039,11 @@ main(int argc, char *argv[]) loadopt |= PFCTL_FLAG_FILTER; break; case 'o': - if (optarg) { - optiopt = pfctl_lookup_option(optarg, - optiopt_list); - if (optiopt == NULL) { - warnx("Unknown optimization '%s'", - optarg); - usage(); - } - } - if (opts & PF_OPT_OPTIMIZE) { - if (optiopt != NULL) { - warnx("Cannot specify -o multiple times" - "with optimizer level"); - usage(); - } - optimize |= PF_OPTIMIZE_PROFILE; + optiopt = pfctl_lookup_option(optarg, optiopt_list); + if (optiopt == NULL) { + warnx("Unknown optimization '%s'", optarg); + usage(); } - optimize |= PF_OPTIMIZE_BASIC; opts |= PF_OPT_OPTIMIZE; break; case 'O': Modified: vendor/pf/dist/pfctl/pfctl.h ============================================================================== --- vendor/pf/dist/pfctl/pfctl.h Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pfctl/pfctl.h Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.h,v 1.40 2007/02/09 11:25:27 henning Exp $ */ +/* $OpenBSD: pfctl.h,v 1.41 2007/05/31 04:13:37 mcbride Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -112,9 +112,9 @@ struct pf_altq *pfaltq_lookup(const char char *rate2str(double); void print_addr(struct pf_addr_wrap *, sa_family_t, int); -void print_host(struct pf_state_host *, sa_family_t, int); -void print_seq(struct pf_state_peer *); -void print_state(struct pf_state *, int); +void print_host(struct pfsync_state_host *, sa_family_t, int); +void print_seq(struct pfsync_state_peer *); +void print_state(struct pfsync_state *, int); int unmask(struct pf_addr *, sa_family_t); int pfctl_cmdline_symset(char *); Modified: vendor/pf/dist/pfctl/pfctl_altq.c ============================================================================== --- vendor/pf/dist/pfctl/pfctl_altq.c Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pfctl/pfctl_altq.c Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl_altq.c,v 1.91 2006/11/28 00:08:50 henning Exp $ */ +/* $OpenBSD: pfctl_altq.c,v 1.92 2007/05/27 05:15:17 claudio Exp $ */ /* * Copyright (c) 2002 @@ -1091,8 +1091,6 @@ getifspeed(char *ifname) ifr.ifr_data = (caddr_t)&ifrdat; if (ioctl(s, SIOCGIFDATA, (caddr_t)&ifr) == -1) err(1, "SIOCGIFDATA"); - if (shutdown(s, SHUT_RDWR) == -1) - err(1, "shutdown"); if (close(s)) err(1, "close"); return ((u_int32_t)ifrdat.ifi_baudrate); @@ -1112,8 +1110,6 @@ getifmtu(char *ifname) errx(1, "getifmtu: strlcpy"); if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == -1) err(1, "SIOCGIFMTU"); - if (shutdown(s, SHUT_RDWR) == -1) - err(1, "shutdown"); if (close(s)) err(1, "close"); if (ifr.ifr_mtu > 0) Added: vendor/pf/dist/pflogd/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/pf/dist/pflogd/Makefile Wed Dec 10 20:54:37 2008 (r185876) @@ -0,0 +1,11 @@ +# $OpenBSD: Makefile,v 1.7 2006/11/26 11:31:08 deraadt Exp $ + +CFLAGS+=-Wall -Wmissing-prototypes -Wshadow +LDADD+= -lpcap -lutil +DPADD+= ${LIBPCAP} ${LIBUTIL} + +PROG= pflogd +SRCS= pflogd.c privsep.c privsep_fdpass.c +MAN= pflogd.8 + +.include Modified: vendor/pf/dist/pflogd/pflogd.8 ============================================================================== --- vendor/pf/dist/pflogd/pflogd.8 Wed Dec 10 20:44:18 2008 (r185875) +++ vendor/pf/dist/pflogd/pflogd.8 Wed Dec 10 20:54:37 2008 (r185876) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pflogd.8,v 1.32 2006/12/08 10:26:38 joel Exp $ +.\" $OpenBSD: pflogd.8,v 1.35 2007/05/31 19:19:47 jmc Exp $ .\" .\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd July 9, 2001 +.Dd $Mdocdate$ .Dt PFLOGD 8 .Os .Sh NAME @@ -32,12 +32,15 @@ .Nd packet filter logging daemon .Sh SYNOPSIS .Nm pflogd +.Bk -words .Op Fl Dx .Op Fl d Ar delay .Op Fl f Ar filename .Op Fl i Ar interface +.Op Fl p Ar pidfile .Op Fl s Ar snaplen .Op Ar expression +.Ek .Sh DESCRIPTION .Nm is a background daemon which reads packets logged by @@ -114,6 +117,14 @@ By default, .Nm will use .Ar pflog0 . +.It Fl p Ar pidfile +Writes a file containing the process ID of the program. +The file name has the form +.Pa /var/run/pidname.pid . +If the option is not given, +.Ar pidfile +defaults to +.Pa pflogd . *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 20:55:44 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78A2B1065690; Wed, 10 Dec 2008 20:55:44 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4D81D8FC14; Wed, 10 Dec 2008 20:55:44 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAKtiie042329; Wed, 10 Dec 2008 20:55:44 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAKtirT042328; Wed, 10 Dec 2008 20:55:44 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102055.mBAKtirT042328@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 20:55:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185877 - vendor/pf/4.2 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 20:55:44 -0000 Author: mlaier Date: Wed Dec 10 20:55:44 2008 New Revision: 185877 URL: http://svn.freebsd.org/changeset/base/185877 Log: Tag for pf 4.2 Added: vendor/pf/4.2/ - copied from r185876, vendor/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 20:59:27 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18DF11065672; Wed, 10 Dec 2008 20:59:27 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 044BE8FC08; Wed, 10 Dec 2008 20:59:27 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAKxR5o042544; Wed, 10 Dec 2008 20:59:27 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAKxQu3042532; Wed, 10 Dec 2008 20:59:26 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102059.mBAKxQu3042532@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 20:59:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185880 - in vendor/pf/dist: authpf ftp-proxy man pfctl pflogd X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 20:59:27 -0000 Author: mlaier Date: Wed Dec 10 20:59:26 2008 New Revision: 185880 URL: http://svn.freebsd.org/changeset/base/185880 Log: Import OPENBSD_4_3_BASE Modified: vendor/pf/dist/authpf/Makefile vendor/pf/dist/authpf/authpf.8 vendor/pf/dist/authpf/authpf.c vendor/pf/dist/authpf/pathnames.h vendor/pf/dist/ftp-proxy/filter.c vendor/pf/dist/ftp-proxy/ftp-proxy.8 vendor/pf/dist/ftp-proxy/ftp-proxy.c vendor/pf/dist/man/pf.4 vendor/pf/dist/man/pf.conf.5 vendor/pf/dist/man/pfsync.4 vendor/pf/dist/pfctl/parse.y vendor/pf/dist/pfctl/pf_print_state.c vendor/pf/dist/pfctl/pfctl.c vendor/pf/dist/pfctl/pfctl.h vendor/pf/dist/pfctl/pfctl_altq.c vendor/pf/dist/pfctl/pfctl_optimize.c vendor/pf/dist/pfctl/pfctl_parser.c vendor/pf/dist/pfctl/pfctl_parser.h vendor/pf/dist/pfctl/pfctl_qstats.c vendor/pf/dist/pfctl/pfctl_radix.c vendor/pf/dist/pflogd/pflogd.8 Modified: vendor/pf/dist/authpf/Makefile ============================================================================== --- vendor/pf/dist/authpf/Makefile Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/authpf/Makefile Wed Dec 10 20:59:26 2008 (r185880) @@ -1,7 +1,11 @@ -# $OpenBSD: Makefile,v 1.12 2004/04/25 19:24:52 deraadt Exp $ +# $OpenBSD: Makefile,v 1.13 2008/02/14 01:49:17 mcbride Exp $ PROG= authpf MAN= authpf.8 + +LINKS= ${BINDIR}/authpf ${BINDIR}/authpf-noip +MLINKS+=authpf.8 authpf-noip.8 + BINOWN= root BINGRP= authpf BINMODE= 6555 Modified: vendor/pf/dist/authpf/authpf.8 ============================================================================== --- vendor/pf/dist/authpf/authpf.8 Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/authpf/authpf.8 Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -.\" $OpenBSD: authpf.8,v 1.44 2007/05/31 19:20:22 jmc Exp $ +.\" $OpenBSD: authpf.8,v 1.45 2008/02/14 01:49:17 mcbride Exp $ .\" .\" Copyright (c) 1998-2007 Bob Beck (beck@openbsd.org>. All rights reserved. .\" @@ -14,14 +14,16 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate$ +.Dd $Mdocdate: May 31 2007 $ .Dt AUTHPF 8 .Os .Sh NAME -.Nm authpf +.Nm authpf , +.Nm authpf-noip .Nd authenticating gateway user shell .Sh SYNOPSIS .Nm authpf +.Nm authpf-noip .Sh DESCRIPTION .Nm is a user shell for authenticating gateways. @@ -30,43 +32,63 @@ It is used to change rules when a user authenticates and starts a session with .Xr sshd 8 and to undo these changes when the user's session exits. -It is designed for changing filter and translation rules for an individual -source IP address as long as a user maintains an active -.Xr ssh 1 -session. Typical use would be for a gateway that authenticates users before allowing them Internet use, or a gateway that allows different users into different places. +Combined with properly set up filter rules and secure switches, .Nm -logs the successful start and end of a session to -.Xr syslogd 8 . -This, combined with properly set up filter rules and secure switches, can be used to ensure users are held accountable for their network traffic. -.Pp -.Nm -can add filter and translation rules using the syntax described in -.Xr pf.conf 5 . -.Nm -requires that the +It is meant to be used with users who can connect via +.Xr ssh 1 +only, and requires the .Xr pf 4 -system be enabled before use. +subsystem to be enabled. +.Pp +.Nm authpf-noip +is a user shell +which allows multiple connections to take +place from the same IP address. +It is useful primarily in cases where connections are tunneled via +the gateway system, and can be directly associated with the user name. +It cannot ensure accountability when +classifying connections by IP address; +in this case the client's IP address +is not provided to the packet filter via the +.Ar client_ip +macro or the +.Ar authpf users +table. +Additionally, states associated with the client IP address +are not purged when the session is ended. +.Pp +To use either .Nm -can also maintain the list of IP address of connected users -in the "authpf_users" -.Pa table . +or +.Nm authpf-noip , +the user's shell needs to be set to +.Pa /usr/sbin/authpf +or +.Pa /usr/sbin/authpf-noip . .Pp .Nm -is meant to be used with users who can connect via +uses the +.Xr pf.conf 5 +syntax to change filter and translation rules for an individual +user or client IP address as long as a user maintains an active .Xr ssh 1 -only. -On startup, +session, and logs the successful start and end of a session to +.Xr syslogd 8 . .Nm retrieves the client's connecting IP address via the .Ev SSH_CLIENT environment variable and, after performing additional access checks, reads a template file to determine what filter and translation rules -(if any) to add. -On session exit the same rules that were added at startup are removed. +(if any) to add, and +maintains the list of IP addresses of connected users in the +.Ar authpf_users +table. +On session exit the same rules and table entries that were added at startup +are removed, and all states associated with the client's IP address are purged. .Pp Each .Nm @@ -496,6 +518,31 @@ table persist anchor "authpf/*" from rdr-anchor "authpf/*" from .Ed +.Pp +.Sy Tunneled users +\- normally +.Nm +allows only one session per client IP address. +However in some cases, such as when connections are tunneled via +.Xr ssh 1 +or +.Xr ipsec 4 , +the connections can be authorized based on the userid of the user instead of +the client IP address. +In this case it is appropriate to use +.Nm authpf-noip +to allow multiple users behind a NAT gateway to connect. +In the +.Pa /etc/authpf/authpf.rules +example below, the remote user could tunnel a remote desktop session to their +workstation: +.Bd -literal +internal_if="bge0" +workstation_ip="10.2.3.4" + +pass out on $internal_if from (self) to $workstation_ip port 3389 \e + user $user_id +.Ed .Sh FILES .Bl -tag -width "/etc/authpf/authpf.conf" -compact .It Pa /etc/authpf/authpf.conf Modified: vendor/pf/dist/authpf/authpf.c ============================================================================== --- vendor/pf/dist/authpf/authpf.c Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/authpf/authpf.c Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -/* $OpenBSD: authpf.c,v 1.104 2007/02/24 17:35:08 beck Exp $ */ +/* $OpenBSD: authpf.c,v 1.107 2008/02/14 01:49:17 mcbride Exp $ */ /* * Copyright (C) 1998 - 2007 Bob Beck (beck@openbsd.org). @@ -46,6 +46,7 @@ static void print_message(char *); static int allowed_luser(char *); static int check_luser(char *, char *); static int remove_stale_rulesets(void); +static int recursive_ruleset_purge(char *, char *); static int change_filter(int, const char *, const char *); static int change_table(int, const char *); static void authpf_kill_states(void); @@ -54,6 +55,7 @@ int dev; /* pf device */ char anchorname[PF_ANCHOR_NAME_SIZE] = "authpf"; char rulesetname[MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 2]; char tablename[PF_TABLE_NAME_SIZE] = "authpf_users"; +int user_ip = 1; /* controls whether $user_ip is set */ FILE *pidfp; char luser[MAXLOGNAME]; /* username */ @@ -65,6 +67,7 @@ struct timeval Tstart, Tend; /* start an volatile sig_atomic_t want_death; static void need_death(int signo); static __dead void do_death(int); +extern char *__progname; /* program name */ /* * User shell for authenticating gateways. Sole purpose is to allow @@ -85,6 +88,9 @@ main(int argc, char *argv[]) char *shell; login_cap_t *lc; + if (strcmp(__progname, "-authpf-noip") == 0) + user_ip = 0; + config = fopen(PATH_CONFFILE, "r"); if (config == NULL) { syslog(LOG_ERR, "can not open %s (%m)", PATH_CONFFILE); @@ -139,7 +145,8 @@ main(int argc, char *argv[]) login_close(lc); - if (strcmp(shell, PATH_AUTHPF_SHELL)) { + if (strcmp(shell, PATH_AUTHPF_SHELL) && + strcmp(shell, PATH_AUTHPF_SHELL_NOIP)) { syslog(LOG_ERR, "wrong shell for user %s, uid %u", pw->pw_name, pw->pw_uid); if (shell != pw->pw_shell) @@ -171,8 +178,9 @@ main(int argc, char *argv[]) } - /* Make our entry in /var/authpf as /var/authpf/ipaddr */ - n = snprintf(pidfile, sizeof(pidfile), "%s/%s", PATH_PIDFILE, ipsrc); + /* Make our entry in /var/authpf as ipaddr or username */ + n = snprintf(pidfile, sizeof(pidfile), "%s/%s", + PATH_PIDFILE, user_ip ? ipsrc : luser); if (n < 0 || (u_int)n >= sizeof(pidfile)) { syslog(LOG_ERR, "path to pidfile too long"); goto die; @@ -292,7 +300,7 @@ main(int argc, char *argv[]) printf("Unable to modify filters\r\n"); do_death(0); } - if (change_table(1, ipsrc) == -1) { + if (user_ip && change_table(1, ipsrc) == -1) { printf("Unable to modify table\r\n"); change_filter(0, luser, ipsrc); do_death(0); @@ -349,6 +357,8 @@ read_config(FILE *f) } i++; len = strlen(buf); + if (len == 0) + continue; if (buf[len - 1] != '\n' && !feof(f)) { syslog(LOG_ERR, "line %d too long in %s", i, PATH_CONFFILE); @@ -569,7 +579,7 @@ static int remove_stale_rulesets(void) { struct pfioc_ruleset prs; - u_int32_t nr, mnr; + u_int32_t nr; memset(&prs, 0, sizeof(prs)); strlcpy(prs.path, anchorname, sizeof(prs.path)); @@ -580,13 +590,12 @@ remove_stale_rulesets(void) return (1); } - mnr = prs.nr; - nr = 0; - while (nr < mnr) { + nr = prs.nr; + while (nr) { char *s, *t; pid_t pid; - prs.nr = nr; + prs.nr = nr - 1; if (ioctl(dev, DIOCGETRULESET, &prs)) return (1); errno = 0; @@ -598,111 +607,156 @@ remove_stale_rulesets(void) if (!prs.name[0] || errno || (*s && (t == prs.name || *s != ')'))) return (1); - if (kill(pid, 0) && errno != EPERM) { - int i; - struct pfioc_trans_e t_e[PF_RULESET_MAX+1]; - struct pfioc_trans t; - - bzero(&t, sizeof(t)); - bzero(t_e, sizeof(t_e)); - t.size = PF_RULESET_MAX+1; - t.esize = sizeof(t_e[0]); - t.array = t_e; - for (i = 0; i < PF_RULESET_MAX+1; ++i) { - t_e[i].rs_num = i; - snprintf(t_e[i].anchor, sizeof(t_e[i].anchor), - "%s/%s", anchorname, prs.name); - } - t_e[PF_RULESET_MAX].rs_num = PF_RULESET_TABLE; - if ((ioctl(dev, DIOCXBEGIN, &t) || - ioctl(dev, DIOCXCOMMIT, &t)) && - errno != EINVAL) + if ((kill(pid, 0) && errno != EPERM) || pid == getpid()) { + if (recursive_ruleset_purge(anchorname, prs.name)) return (1); - mnr--; - } else - nr++; + } + nr--; } return (0); } +static int +recursive_ruleset_purge(char *an, char *rs) +{ + struct pfioc_trans_e *t_e = NULL; + struct pfioc_trans *t = NULL; + struct pfioc_ruleset *prs = NULL; + int i; + + + /* purge rules */ + errno = 0; + if ((t = calloc(1, sizeof(struct pfioc_trans))) == NULL) + goto no_mem; + if ((t_e = calloc(PF_RULESET_MAX+1, + sizeof(struct pfioc_trans_e))) == NULL) + goto no_mem; + t->size = PF_RULESET_MAX+1; + t->esize = sizeof(struct pfioc_trans_e); + t->array = t_e; + for (i = 0; i < PF_RULESET_MAX+1; ++i) { + t_e[i].rs_num = i; + snprintf(t_e[i].anchor, sizeof(t_e[i].anchor), "%s/%s", an, rs); + } + t_e[PF_RULESET_MAX].rs_num = PF_RULESET_TABLE; + if ((ioctl(dev, DIOCXBEGIN, t) || + ioctl(dev, DIOCXCOMMIT, t)) && + errno != EINVAL) + goto cleanup; + + /* purge any children */ + if ((prs = calloc(1, sizeof(struct pfioc_ruleset))) == NULL) + goto no_mem; + snprintf(prs->path, sizeof(prs->path), "%s/%s", an, rs); + if (ioctl(dev, DIOCGETRULESETS, prs)) { + if (errno != EINVAL) + goto cleanup; + errno = 0; + } else { + int nr = prs->nr; + + while (nr) { + prs->nr = 0; + if (ioctl(dev, DIOCGETRULESET, prs)) + goto cleanup; + + if (recursive_ruleset_purge(prs->path, prs->name)) + goto cleanup; + nr--; + } + } + +no_mem: + if (errno == ENOMEM) + syslog(LOG_ERR, "calloc failed"); + +cleanup: + free(t); + free(t_e); + free(prs); + return (errno); +} + /* * Add/remove filter entries for user "luser" from ip "ipsrc" */ static int change_filter(int add, const char *luser, const char *ipsrc) { - char *pargv[13] = { - "pfctl", "-p", "/dev/pf", "-q", "-a", "anchor/ruleset", - "-D", "user_ip=X", "-D", "user_id=X", "-f", - "file", NULL - }; char *fdpath = NULL, *userstr = NULL, *ipstr = NULL; char *rsn = NULL, *fn = NULL; pid_t pid; gid_t gid; int s; - if (luser == NULL || !luser[0] || ipsrc == NULL || !ipsrc[0]) { - syslog(LOG_ERR, "invalid luser/ipsrc"); - goto error; - } - - if (asprintf(&rsn, "%s/%s", anchorname, rulesetname) == -1) - goto no_mem; - if (asprintf(&fdpath, "/dev/fd/%d", dev) == -1) - goto no_mem; - if (asprintf(&ipstr, "user_ip=%s", ipsrc) == -1) - goto no_mem; - if (asprintf(&userstr, "user_id=%s", luser) == -1) - goto no_mem; - if (add) { struct stat sb; + char *pargv[13] = { + "pfctl", "-p", "/dev/pf", "-q", "-a", "anchor/ruleset", + "-D", "user_id=X", "-D", "user_ip=X", "-f", "file", NULL + }; + + if (luser == NULL || !luser[0] || ipsrc == NULL || !ipsrc[0]) { + syslog(LOG_ERR, "invalid luser/ipsrc"); + goto error; + } - if (asprintf(&fn, "%s/%s/authpf.rules", PATH_USER_DIR, luser) - == -1) + if (asprintf(&rsn, "%s/%s", anchorname, rulesetname) == -1) + goto no_mem; + if (asprintf(&fdpath, "/dev/fd/%d", dev) == -1) + goto no_mem; + if (asprintf(&ipstr, "user_ip=%s", ipsrc) == -1) + goto no_mem; + if (asprintf(&userstr, "user_id=%s", luser) == -1) + goto no_mem; + if (asprintf(&fn, "%s/%s/authpf.rules", + PATH_USER_DIR, luser) == -1) goto no_mem; if (stat(fn, &sb) == -1) { free(fn); if ((fn = strdup(PATH_PFRULES)) == NULL) goto no_mem; } - } - pargv[2] = fdpath; - pargv[5] = rsn; - pargv[7] = userstr; - pargv[9] = ipstr; - if (!add) - pargv[11] = "/dev/null"; - else - pargv[11] = fn; + pargv[2] = fdpath; + pargv[5] = rsn; + pargv[7] = userstr; + if (user_ip) { + pargv[9] = ipstr; + pargv[11] = fn; + } else { + pargv[8] = "-f"; + pargv[9] = fn; + pargv[10] = NULL; + } - switch (pid = fork()) { - case -1: - syslog(LOG_ERR, "fork failed"); - goto error; - case 0: - /* revoke group privs before exec */ - gid = getgid(); - if (setregid(gid, gid) == -1) { - err(1, "setregid"); - } - execvp(PATH_PFCTL, pargv); - warn("exec of %s failed", PATH_PFCTL); - _exit(1); - } - - /* parent */ - waitpid(pid, &s, 0); - if (s != 0) { - syslog(LOG_ERR, "pfctl exited abnormally"); - goto error; - } + switch (pid = fork()) { + case -1: + syslog(LOG_ERR, "fork failed"); + goto error; + case 0: + /* revoke group privs before exec */ + gid = getgid(); + if (setregid(gid, gid) == -1) { + err(1, "setregid"); + } + execvp(PATH_PFCTL, pargv); + warn("exec of %s failed", PATH_PFCTL); + _exit(1); + } + + /* parent */ + waitpid(pid, &s, 0); + if (s != 0) { + syslog(LOG_ERR, "pfctl exited abnormally"); + goto error; + } - if (add) { gettimeofday(&Tstart, NULL); syslog(LOG_INFO, "allowing %s, user %s", ipsrc, luser); } else { + remove_stale_rulesets(); + gettimeofday(&Tend, NULL); syslog(LOG_INFO, "removed %s, user %s - duration %ld seconds", ipsrc, luser, Tend.tv_sec - Tstart.tv_sec); @@ -819,9 +873,10 @@ do_death(int active) if (active) { change_filter(0, luser, ipsrc); - change_table(0, ipsrc); - authpf_kill_states(); - remove_stale_rulesets(); + if (user_ip) { + change_table(0, ipsrc); + authpf_kill_states(); + } } if (pidfile[0] && (pidfp != NULL)) if (unlink(pidfile) == -1) Modified: vendor/pf/dist/authpf/pathnames.h ============================================================================== --- vendor/pf/dist/authpf/pathnames.h Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/authpf/pathnames.h Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.7 2004/04/25 18:40:42 beck Exp $ */ +/* $OpenBSD: pathnames.h,v 1.8 2008/02/14 01:49:17 mcbride Exp $ */ /* * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca) @@ -35,4 +35,5 @@ #define PATH_DEVFILE "/dev/pf" #define PATH_PIDFILE "/var/authpf" #define PATH_AUTHPF_SHELL "/usr/sbin/authpf" +#define PATH_AUTHPF_SHELL_NOIP "/usr/sbin/authpf-noip" #define PATH_PFCTL "/sbin/pfctl" Modified: vendor/pf/dist/ftp-proxy/filter.c ============================================================================== --- vendor/pf/dist/ftp-proxy/filter.c Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/ftp-proxy/filter.c Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.6 2007/08/01 09:31:41 henning Exp $ */ +/* $OpenBSD: filter.c,v 1.7 2008/02/26 18:52:53 henning Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -277,15 +277,13 @@ prepare_rule(u_int32_t id, int rs_num, s } pfr.rule.dst.port_op = PF_OP_EQ; pfr.rule.dst.port[0] = htons(d_port); - if (tagname != NULL) - strlcpy(pfr.rule.tagname, tagname, sizeof pfr.rule.tagname); switch (rs_num) { case PF_RULESET_FILTER: /* - * pass quick [log] inet[6] proto tcp \ + * pass [quick] [log] inet[6] proto tcp \ * from $src to $dst port = $d_port flags S/SA keep state - * (max 1) [queue qname] + * (max 1) [queue qname] [tag tagname] */ pfr.rule.action = PF_PASS; pfr.rule.quick = 1; @@ -296,6 +294,11 @@ prepare_rule(u_int32_t id, int rs_num, s pfr.rule.max_states = 1; if (qname != NULL) strlcpy(pfr.rule.qname, qname, sizeof pfr.rule.qname); + if (tagname != NULL) { + pfr.rule.quick = 0; + strlcpy(pfr.rule.tagname, tagname, + sizeof pfr.rule.tagname); + } break; case PF_RULESET_NAT: /* Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.8 ============================================================================== --- vendor/pf/dist/ftp-proxy/ftp-proxy.8 Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/ftp-proxy/ftp-proxy.8 Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.10 2007/08/01 15:45:41 jmc Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.11 2008/02/26 18:52:53 henning Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, .\" @@ -21,7 +21,7 @@ .Nm ftp-proxy .Nd Internet File Transfer Protocol proxy daemon .Sh SYNOPSIS -.Nm ftp-proxy +.Nm .Bk -words .Op Fl 6Adrv .Op Fl a Ar address @@ -59,7 +59,7 @@ facility for this. Assuming the FTP control connection is from $client to $server, the proxy connected to the server using the $proxy source address, and $port is negotiated, then -.Nm ftp-proxy +.Nm adds the following rules to the various anchors. (These example rules use inet, but the proxy also supports inet6.) .Pp @@ -132,9 +132,19 @@ connections to another proxy. Rewrite sourceport to 20 in active mode to suit ancient clients that insist on this RFC property. .It Fl T Ar tag -Automatically tag packets passing through the +The filter rules will add tag +.Ar tag +to data connections, and not match quick. +This way alternative rules that use the +.Ar tagged +keyword can be implemented following the +.Nm +anchor. +These rules can use special .Xr pf 4 -rule with the name supplied. +features like route-to, reply-to, label, rtable, overload, etc. that +.Nm +does not implement itself. .It Fl t Ar timeout Number of seconds that the control connection can be idle, before the proxy will disconnect. @@ -177,7 +187,7 @@ does not allow the ruleset to be modifie .Xr securelevel 7 higher than 1. At that level -.Nm ftp-proxy +.Nm cannot add rules to the anchors and FTP data connections may get blocked. .Pp Negotiated data connection ports below 1024 are not allowed. @@ -186,5 +196,5 @@ The negotiated IP address for active mod reasons. This makes third party file transfers impossible. .Pp -.Nm ftp-proxy +.Nm chroots to "/var/empty" and changes to user "proxy" to drop privileges. Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.c ============================================================================== --- vendor/pf/dist/ftp-proxy/ftp-proxy.c Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/ftp-proxy/ftp-proxy.c Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp-proxy.c,v 1.15 2007/08/15 15:18:02 camield Exp $ */ +/* $OpenBSD: ftp-proxy.c,v 1.16 2008/02/26 18:52:53 henning Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -1117,6 +1117,7 @@ usage(void) { fprintf(stderr, "usage: %s [-6Adrv] [-a address] [-b address]" " [-D level] [-m maxsessions]\n [-P port]" - " [-p port] [-q queue] [-R address] [-T tag] [-t timeout]\n", __progname); + " [-p port] [-q queue] [-R address] [-T tag]\n" + " [-t timeout]\n", __progname); exit(1); } Modified: vendor/pf/dist/man/pf.4 ============================================================================== --- vendor/pf/dist/man/pf.4 Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/man/pf.4 Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $ +.\" $OpenBSD: pf.4,v 1.60 2007/12/02 12:08:04 pascoe Exp $ .\" .\" Copyright (C) 2001, Kjell Wooding. All rights reserved. .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate$ +.Dd $Mdocdate: May 31 2007 $ .Dt PF 4 .Os .Sh NAME @@ -292,14 +292,17 @@ if another process is concurrently updat Add a state entry. .Bd -literal struct pfioc_state { - u_int32_t nr; - struct pf_state state; + struct pfsync_state state; }; .Ed .It Dv DIOCGETSTATE Fa "struct pfioc_state *ps" -Extract the entry with the specified number -.Va nr -from the state table. +Extract the entry identified by the +.Va id +and +.Va creatorid +fields of the +.Va state +structure from the state table. .It Dv DIOCKILLSTATES Fa "struct pfioc_state_kill *psk" Remove matching entries from the state table. This ioctl returns the number of killed states in Modified: vendor/pf/dist/man/pf.conf.5 ============================================================================== --- vendor/pf/dist/man/pf.conf.5 Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/man/pf.conf.5 Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.383 2007/07/17 16:27:38 jmc Exp $ +.\" $OpenBSD: pf.conf.5,v 1.393 2008/02/11 07:46:32 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 26 2007 $ +.Dd $Mdocdate: Febuary 1 2008 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -78,6 +78,17 @@ By default enforces this order (see .Ar set require-order below). +.Pp +Comments can be put anywhere in the file using a hash mark +.Pq Sq # , +and extend to the end of the current line. +.Pp +Additional configuration files can be included with the +.Ic include +keyword, for example: +.Bd -literal -offset indent +include "/etc/pf/sub.filter.conf" +.Ed .Sh MACROS Macros can be defined that will later be expanded in context. Macro names must start with a letter, and may contain letters, digits @@ -327,7 +338,8 @@ With 9000 state table entries, the timeo (tcp.first 60, tcp.established 43200). .Pp .It Ar set loginterface -Enable collection of packet and byte count statistics for the given interface. +Enable collection of packet and byte count statistics for the given +interface or interface group. These statistics can be viewed using .Bd -literal -offset indent # pfctl -s info @@ -808,7 +820,7 @@ assigned. .Ar Priority mainly controls the time packets take to get sent out, while .Ar bandwidth -has primarily effects on throughput. +primarily affects throughput. .Ar hfsc supports both link-sharing and guaranteed real-time services. It employs a service curve based QoS model, @@ -1163,7 +1175,7 @@ or to the firewall itself. Note that redirecting external incoming connections to the loopback address, as in .Bd -literal -offset indent -rdr on ne3 inet proto tcp to port spamd -\*(Gt 127.0.0.1 port smtp +rdr on ne3 inet proto tcp to port smtp -\*(Gt 127.0.0.1 port spamd .Ed .Pp will effectively allow an external host to connect to daemons @@ -1442,6 +1454,14 @@ the route back to the packet's source ad Any address that matches the given table. .El .Pp +Ranges of addresses are specified by using the +.Sq - +operator. +For instance: +.Dq 10.1.1.10 - 10.1.1.12 +means all addresses from 10.1.1.10 to 10.1.1.12, +hence addresses 10.1.1.10, 10.1.1.11, and 10.1.1.12. +.Pp Interface names and interface group names can have modifiers appended: .Pp .Bl -tag -width xxxxxxxxxxxx -compact @@ -2023,8 +2043,8 @@ must be specified explicitly to apply op .Bl -tag -width xxxx -compact .It Ar max Aq Ar number Limits the number of concurrent states the rule may create. -When this limit is reached, further packets matching the rule that would -create state are dropped, until existing states time out. +When this limit is reached, further packets that would create +state will not match this rule until existing states time out. .It Ar no-sync Prevent state changes for states created by this rule from appearing on the .Xr pfsync 4 @@ -2442,10 +2462,8 @@ into the anchor. .Pp Optionally, .Ar anchor -rules can specify the parameter's -direction, interface, address family, protocol and source/destination -address/port -using the same syntax as filter rules. +rules can specify packet filtering parameters using the same syntax as +filter rules. When parameters are used, the .Ar anchor rule is only evaluated for matching packets. @@ -2526,8 +2544,8 @@ anchor "external" on egress { .Ed .Pp Since the parser specification for anchor names is a string, any -reference to an anchor name containing solidus -.Pq Sq / +reference to an anchor name containing +.Sq / characters will require double quote .Pq Sq \&" characters around the anchor name. @@ -2749,10 +2767,11 @@ in BNF: .Bd -literal line = ( option | pf-rule | nat-rule | binat-rule | rdr-rule | antispoof-rule | altq-rule | queue-rule | trans-anchors | - anchor-rule | anchor-close | load-anchor | table-rule | ) + anchor-rule | anchor-close | load-anchor | table-rule | + include ) option = "set" ( [ "timeout" ( timeout | "{" timeout-list "}" ) ] | - [ "ruleset-optimization" [ "none" | "basic" | "profile" ]] | + [ "ruleset-optimization" [ "none" | "basic" | "profile" ]] | [ "optimization" [ "default" | "normal" | "high-latency" | "satellite" | "aggressive" | "conservative" ] ] @@ -2821,7 +2840,7 @@ queue-rule = "queue" string [ "on" i subqueue anchor-rule = "anchor" [ string ] [ ( "in" | "out" ) ] [ "on" ifspec ] - [ af ] [ protospec ] [ hosts ] [ "{" ] + [ af ] [ protospec ] [ hosts ] [ filteropt-list ] [ "{" ] anchor-close = "}" @@ -2956,8 +2975,6 @@ Default location of OS fingerprints. Protocol name database. .It Pa /etc/services Service name database. -.It Pa /usr/share/pf -Example rulesets. .El .Sh SEE ALSO .Xr carp 4 , Modified: vendor/pf/dist/man/pfsync.4 ============================================================================== --- vendor/pf/dist/man/pfsync.4 Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/man/pfsync.4 Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ +.\" $OpenBSD: pfsync.4,v 1.26 2007/09/20 20:50:07 mpf Exp $ .\" .\" Copyright (c) 2002 Michael Shalayeff .\" Copyright (c) 2003-2004 Ryan McBride @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate$ +.Dd $Mdocdate: May 31 2007 $ .Dt PFSYNC 4 .Os .Sh NAME @@ -199,8 +199,8 @@ traffic through. The following should be added to the top of .Pa /etc/pf.conf : .Bd -literal -offset indent -pass quick on { sis2 } proto pfsync -pass on { sis0 sis1 } proto carp +pass quick on { sis2 } proto pfsync keep state (no-sync) +pass on { sis0 sis1 } proto carp keep state (no-sync) .Ed .Pp If it is preferable that one firewall handle the traffic, Modified: vendor/pf/dist/pfctl/parse.y ============================================================================== --- vendor/pf/dist/pfctl/parse.y Wed Dec 10 20:57:16 2008 (r185879) +++ vendor/pf/dist/pfctl/parse.y Wed Dec 10 20:59:26 2008 (r185880) @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.519 2007/06/21 19:30:03 henning Exp $ */ +/* $OpenBSD: parse.y,v 1.536 2008/02/01 06:58:45 mcbride Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -29,6 +29,7 @@ %{ #include #include +#include #include #include #include @@ -43,6 +44,7 @@ #include #include +#include #include #include #include @@ -60,10 +62,7 @@ #include "pfctl.h" static struct pfctl *pf = NULL; -static FILE *fin = NULL; static int debug = 0; -static int lineno = 1; -static int errors = 0; static int rulestate = 0; static u_int16_t returnicmpdefault = (ICMP_UNREACH << 8) | ICMP_UNREACH_PORT; @@ -73,6 +72,39 @@ static int blockpolicy = PFRULE_DROP; static int require_order = 1; static int default_statelock; +TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files); +static struct file { + TAILQ_ENTRY(file) entry; + FILE *stream; + char *name; + int lineno; + int errors; +} *file; +struct file *pushfile(const char *, int); +int popfile(void); +int check_file_secrecy(int, const char *); +int yyparse(void); +int yylex(void); +int yyerror(const char *, ...); +int kw_cmp(const void *, const void *); +int lookup(char *); +int lgetc(int); +int lungetc(int); +int findeol(void); + +TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead); +struct sym { + TAILQ_ENTRY(sym) entry; + int used; + int persist; + char *nam; + char *val; +}; +int symset(const char *, const char *, int); +char *symget(const char *); + +int atoul(char *, u_long *); + enum { PFCTL_STATE_NONE, PFCTL_STATE_OPTION, @@ -199,12 +231,12 @@ struct filter_opts { char *tag; char *match_tag; u_int8_t match_tag_not; - int rtableid; + u_int rtableid; } filter_opts; struct antispoof_opts { char *label; - int rtableid; + u_int rtableid; } antispoof_opts; struct scrub_opts { @@ -218,7 +250,7 @@ struct scrub_opts { int fragcache; int randomid; int reassemble_tcp; - int rtableid; + u_int rtableid; } scrub_opts; struct queue_opts { @@ -255,61 +287,42 @@ struct pool_opts { struct node_hfsc_opts hfsc_opts; -int yyerror(const char *, ...); -int disallow_table(struct node_host *, const char *); -int disallow_urpf_failed(struct node_host *, const char *); -int disallow_alias(struct node_host *, const char *); -int rule_consistent(struct pf_rule *, int); -int filter_consistent(struct pf_rule *, int); -int nat_consistent(struct pf_rule *); -int rdr_consistent(struct pf_rule *); -int process_tabledef(char *, struct table_opts *); -int yyparse(void); -void expand_label_str(char *, size_t, const char *, const char *); -void expand_label_if(const char *, char *, size_t, const char *); -void expand_label_addr(const char *, char *, size_t, u_int8_t, - struct node_host *); -void expand_label_port(const char *, char *, size_t, struct node_port *); -void expand_label_proto(const char *, char *, size_t, u_int8_t); -void expand_label_nr(const char *, char *, size_t); -void expand_label(char *, size_t, const char *, u_int8_t, struct node_host *, - struct node_port *, struct node_host *, struct node_port *, - u_int8_t); -void expand_rule(struct pf_rule *, struct node_if *, struct node_host *, - struct node_proto *, struct node_os*, struct node_host *, - struct node_port *, struct node_host *, struct node_port *, - struct node_uid *, struct node_gid *, struct node_icmp *, - const char *); -int expand_altq(struct pf_altq *, struct node_if *, struct node_queue *, - struct node_queue_bw bwspec, struct node_queue_opt *); -int expand_queue(struct pf_altq *, struct node_if *, struct node_queue *, - struct node_queue_bw, struct node_queue_opt *); -int expand_skip_interface(struct node_if *); +int disallow_table(struct node_host *, const char *); +int disallow_urpf_failed(struct node_host *, const char *); +int disallow_alias(struct node_host *, const char *); +int rule_consistent(struct pf_rule *, int); +int filter_consistent(struct pf_rule *, int); +int nat_consistent(struct pf_rule *); +int rdr_consistent(struct pf_rule *); +int process_tabledef(char *, struct table_opts *); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:00:02 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E3F641065689; Wed, 10 Dec 2008 21:00:02 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B4E4B8FC2A; Wed, 10 Dec 2008 21:00:02 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAL02kI042615; Wed, 10 Dec 2008 21:00:02 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAL02aH042614; Wed, 10 Dec 2008 21:00:02 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102100.mBAL02aH042614@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:00:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185881 - vendor/pf/4.3 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:00:03 -0000 Author: mlaier Date: Wed Dec 10 21:00:02 2008 New Revision: 185881 URL: http://svn.freebsd.org/changeset/base/185881 Log: Tag for pf 4.3 Added: vendor/pf/4.3/ - copied from r185880, vendor/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:08:43 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63DC41065676; Wed, 10 Dec 2008 21:08:43 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4E6398FC12; Wed, 10 Dec 2008 21:08:43 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAL8hn6042841; Wed, 10 Dec 2008 21:08:43 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAL8gDG042828; Wed, 10 Dec 2008 21:08:42 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102108.mBAL8gDG042828@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:08:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185882 - in vendor/pf/dist: authpf ftp-proxy libevent man pfctl pflogd tftp-proxy X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:08:43 -0000 Author: mlaier Date: Wed Dec 10 21:08:42 2008 New Revision: 185882 URL: http://svn.freebsd.org/changeset/base/185882 Log: Import OPENBSD_4_4_BASE and libevent 1.3e Modified: vendor/pf/dist/authpf/authpf.8 vendor/pf/dist/ftp-proxy/filter.c vendor/pf/dist/ftp-proxy/ftp-proxy.c vendor/pf/dist/libevent/buffer.c vendor/pf/dist/libevent/event-internal.h vendor/pf/dist/libevent/event.c vendor/pf/dist/libevent/event.h vendor/pf/dist/libevent/evsignal.h vendor/pf/dist/libevent/kqueue.c vendor/pf/dist/libevent/poll.c vendor/pf/dist/libevent/select.c vendor/pf/dist/libevent/signal.c vendor/pf/dist/man/pf.conf.5 vendor/pf/dist/man/pfsync.4 vendor/pf/dist/pfctl/parse.y vendor/pf/dist/pfctl/pf_print_state.c vendor/pf/dist/pfctl/pfctl.8 vendor/pf/dist/pfctl/pfctl.c vendor/pf/dist/pfctl/pfctl.h vendor/pf/dist/pfctl/pfctl_altq.c vendor/pf/dist/pfctl/pfctl_optimize.c vendor/pf/dist/pfctl/pfctl_parser.c vendor/pf/dist/pfctl/pfctl_table.c vendor/pf/dist/pflogd/privsep_fdpass.c vendor/pf/dist/tftp-proxy/tftp-proxy.c Modified: vendor/pf/dist/authpf/authpf.8 ============================================================================== --- vendor/pf/dist/authpf/authpf.8 Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/authpf/authpf.8 Wed Dec 10 21:08:42 2008 (r185882) @@ -1,4 +1,4 @@ -.\" $OpenBSD: authpf.8,v 1.45 2008/02/14 01:49:17 mcbride Exp $ +.\" $OpenBSD: authpf.8,v 1.46 2008/03/18 23:03:14 merdely Exp $ .\" .\" Copyright (c) 1998-2007 Bob Beck (beck@openbsd.org>. All rights reserved. .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: February 14 2008 $ .Dt AUTHPF 8 .Os .Sh NAME @@ -56,7 +56,7 @@ in this case the client's IP address is not provided to the packet filter via the .Ar client_ip macro or the -.Ar authpf users +.Ar authpf_users table. Additionally, states associated with the client IP address are not purged when the session is ended. Modified: vendor/pf/dist/ftp-proxy/filter.c ============================================================================== --- vendor/pf/dist/ftp-proxy/filter.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/ftp-proxy/filter.c Wed Dec 10 21:08:42 2008 (r185882) @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.7 2008/02/26 18:52:53 henning Exp $ */ +/* $OpenBSD: filter.c,v 1.8 2008/06/13 07:25:26 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -173,7 +173,7 @@ init_filter(char *opt_qname, char *opt_t dev = open("/dev/pf", O_RDWR); if (dev == -1) - err(1, "/dev/pf"); + err(1, "open /dev/pf"); if (ioctl(dev, DIOCGETSTATUS, &status) == -1) err(1, "DIOCGETSTATUS"); if (!status.running) Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.c ============================================================================== --- vendor/pf/dist/ftp-proxy/ftp-proxy.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/ftp-proxy/ftp-proxy.c Wed Dec 10 21:08:42 2008 (r185882) @@ -1,4 +1,4 @@ -/* $OpenBSD: ftp-proxy.c,v 1.16 2008/02/26 18:52:53 henning Exp $ */ +/* $OpenBSD: ftp-proxy.c,v 1.19 2008/06/13 07:25:26 claudio Exp $ */ /* * Copyright (c) 2004, 2005 Camiel Dobbelaar, @@ -91,7 +91,7 @@ int client_parse_cmd(struct session *s); void client_read(struct bufferevent *, void *); int drop_privs(void); void end_session(struct session *); -int exit_daemon(void); +void exit_daemon(void); int getline(char *, size_t *); void handle_connection(const int, short, void *); void handle_signal(int, short, void *); @@ -282,6 +282,12 @@ end_session(struct session *s) logmsg(LOG_INFO, "#%d ending session", s->id); + /* Flush output buffers. */ + if (s->client_bufev && s->client_fd != -1) + evbuffer_write(s->client_bufev->output, s->client_fd); + if (s->server_bufev && s->server_fd != -1) + evbuffer_write(s->server_bufev->output, s->server_fd); + if (s->client_fd != -1) close(s->client_fd); if (s->server_fd != -1) @@ -309,7 +315,7 @@ end_session(struct session *s) session_count--; } -int +void exit_daemon(void) { struct session *s, *next; @@ -323,9 +329,6 @@ exit_daemon(void) closelog(); exit(0); - - /* NOTREACHED */ - return (-1); } int @@ -519,7 +522,7 @@ handle_signal(int sig, short event, void * Signal handler rules don't apply, libevent decouples for us. */ - logmsg(LOG_ERR, "%s exiting on signal %d", __progname, sig); + logmsg(LOG_ERR, "exiting on signal %d", sig); exit_daemon(); } @@ -834,8 +837,8 @@ u_int16_t pick_proxy_port(void) { /* Random should be good enough for avoiding port collisions. */ - return (IPPORT_HIFIRSTAUTO + (arc4random() % - (IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO))); + return (IPPORT_HIFIRSTAUTO + + arc4random_uniform(IPPORT_HILASTAUTO - IPPORT_HIFIRSTAUTO)); } void Modified: vendor/pf/dist/libevent/buffer.c ============================================================================== --- vendor/pf/dist/libevent/buffer.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/buffer.c Wed Dec 10 21:08:42 2008 (r185882) @@ -44,6 +44,7 @@ #include #endif +#include #include #include #include @@ -106,7 +107,7 @@ evbuffer_add_buffer(struct evbuffer *out /* * Optimization comes with a price; we need to notify the * buffer if necessary of the changes. oldoff is the amount - * of data that we tranfered from inbuf to outbuf + * of data that we transfered from inbuf to outbuf */ if (inbuf->off != oldoff && inbuf->cb != NULL) (*inbuf->cb)(inbuf, oldoff, inbuf->off, inbuf->cbarg); @@ -134,9 +135,13 @@ evbuffer_add_vprintf(struct evbuffer *bu int sz; va_list aq; + /* make sure that at least some space is available */ + evbuffer_expand(buf, 64); for (;;) { + size_t used = buf->misalign + buf->off; buffer = (char *)buf->buffer + buf->off; - space = buf->totallen - buf->misalign - buf->off; + assert(buf->totallen >= used); + space = buf->totallen - used; #ifndef va_copy #define va_copy(dst, src) memcpy(&(dst), &(src), sizeof(va_list)) @@ -152,7 +157,7 @@ evbuffer_add_vprintf(struct evbuffer *bu va_end(aq); - if (sz == -1) + if (sz < 0) return (-1); if (sz < space) { buf->off += sz; @@ -244,7 +249,7 @@ evbuffer_readline(struct evbuffer *buffe /* Adds data to an event buffer */ -static inline void +static void evbuffer_align(struct evbuffer *buf) { memmove(buf->orig_buffer, buf->buffer, buf->off); @@ -431,13 +436,12 @@ evbuffer_write(struct evbuffer *buffer, u_char * evbuffer_find(struct evbuffer *buffer, const u_char *what, size_t len) { - size_t remain = buffer->off; - u_char *search = buffer->buffer; + u_char *search = buffer->buffer, *end = search + buffer->off; u_char *p; - while ((p = memchr(search, *what, remain)) != NULL) { - remain = buffer->off - (size_t)(search - buffer->buffer); - if (remain < len) + while (search < end && + (p = memchr(search, *what, end - search)) != NULL) { + if (p + len > end) break; if (memcmp(p, what, len) == 0) return (p); Modified: vendor/pf/dist/libevent/event-internal.h ============================================================================== --- vendor/pf/dist/libevent/event-internal.h Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/event-internal.h Wed Dec 10 21:08:42 2008 (r185882) @@ -31,6 +31,8 @@ extern "C" { #endif +#include "evsignal.h" + struct event_base { const struct eventop *evsel; void *evbase; @@ -43,6 +45,9 @@ struct event_base { struct event_list **activequeues; int nactivequeues; + /* signal handling info */ + struct evsignal_info sig; + struct event_list eventqueue; struct timeval event_tv; Modified: vendor/pf/dist/libevent/event.c ============================================================================== --- vendor/pf/dist/libevent/event.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/event.c Wed Dec 10 21:08:42 2008 (r185882) @@ -51,6 +51,7 @@ #include #include #include +#include #include "event.h" #include "event-internal.h" @@ -111,9 +112,9 @@ const struct eventop *eventops[] = { }; /* Global state */ -struct event_list signalqueue; - struct event_base *current_base = NULL; +extern struct event_base *evsignal_base; +static int use_monotonic; /* Handle signals - This is a deprecated interface */ int (*event_sigcb)(void); /* Signal callback when gotsig is set */ @@ -126,7 +127,7 @@ static int event_haveevents(struct event static void event_process_active(struct event_base *); -static int timeout_next(struct event_base *, struct timeval *); +static int timeout_next(struct event_base *, struct timeval **); static void timeout_process(struct event_base *); static void timeout_correct(struct event_base *, struct timeval *); @@ -144,25 +145,34 @@ compare(struct event *a, struct event *b return (0); } +static void +detect_monotonic(void) +{ +#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) + struct timespec ts; + + if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) + use_monotonic = 1; +#endif +} + static int gettime(struct timeval *tp) { -#ifdef HAVE_CLOCK_GETTIME +#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) struct timespec ts; -#ifdef HAVE_CLOCK_MONOTONIC - if (clock_gettime(CLOCK_MONOTONIC, &ts) == -1) -#else - if (clock_gettime(CLOCK_REALTIME, &ts) == -1) -#endif - return (-1); - tp->tv_sec = ts.tv_sec; - tp->tv_usec = ts.tv_nsec / 1000; -#else - gettimeofday(tp, NULL); + if (use_monotonic) { + if (clock_gettime(CLOCK_MONOTONIC, &ts) == -1) + return (-1); + + tp->tv_sec = ts.tv_sec; + tp->tv_usec = ts.tv_nsec / 1000; + return (0); + } #endif - return (0); + return (gettimeofday(tp, NULL)); } RB_PROTOTYPE(event_tree, event, ev_timeout_node, compare); @@ -174,36 +184,42 @@ void * event_init(void) { int i; + struct event_base *base; - if ((current_base = calloc(1, sizeof(struct event_base))) == NULL) + if ((base = calloc(1, sizeof(struct event_base))) == NULL) event_err(1, "%s: calloc"); event_sigcb = NULL; event_gotsig = 0; - gettime(¤t_base->event_tv); + + detect_monotonic(); + gettime(&base->event_tv); - RB_INIT(¤t_base->timetree); - TAILQ_INIT(¤t_base->eventqueue); - TAILQ_INIT(&signalqueue); + RB_INIT(&base->timetree); + TAILQ_INIT(&base->eventqueue); + TAILQ_INIT(&base->sig.signalqueue); + base->sig.ev_signal_pair[0] = -1; + base->sig.ev_signal_pair[1] = -1; - current_base->evbase = NULL; - for (i = 0; eventops[i] && !current_base->evbase; i++) { - current_base->evsel = eventops[i]; + base->evbase = NULL; + for (i = 0; eventops[i] && !base->evbase; i++) { + base->evsel = eventops[i]; - current_base->evbase = current_base->evsel->init(); + base->evbase = base->evsel->init(base); } - if (current_base->evbase == NULL) + if (base->evbase == NULL) event_errx(1, "%s: no event mechanism available", __func__); if (getenv("EVENT_SHOW_METHOD")) event_msgx("libevent using: %s\n", - current_base->evsel->name); + base->evsel->name); /* allocate a single active event queue */ - event_base_priority_init(current_base, 1); + event_base_priority_init(base, 1); - return (current_base); + current_base = base; + return (base); } void @@ -217,7 +233,8 @@ event_base_free(struct event_base *base) current_base = NULL; assert(base); - assert(TAILQ_EMPTY(&base->eventqueue)); + if (base->evsel->dealloc != NULL) + base->evsel->dealloc(base, base->evbase); for (i=0; i < base->nactivequeues; ++i) assert(TAILQ_EMPTY(base->activequeues[i])); @@ -227,8 +244,7 @@ event_base_free(struct event_base *base) free(base->activequeues[i]); free(base->activequeues); - if (base->evsel->dealloc != NULL) - base->evsel->dealloc(base->evbase); + assert(TAILQ_EMPTY(&base->eventqueue)); free(base); } @@ -343,7 +359,6 @@ event_loopexit_cb(int fd, short what, vo } /* not thread safe */ - int event_loopexit(struct timeval *tv) { @@ -354,7 +369,7 @@ event_loopexit(struct timeval *tv) int event_base_loopexit(struct event_base *event_base, struct timeval *tv) { - return (event_once(-1, EV_TIMEOUT, event_loopexit_cb, + return (event_base_once(event_base, -1, EV_TIMEOUT, event_loopexit_cb, event_base, tv)); } @@ -372,8 +387,13 @@ event_base_loop(struct event_base *base, const struct eventop *evsel = base->evsel; void *evbase = base->evbase; struct timeval tv; + struct timeval *tv_p; int res, done; +#ifndef WIN32 + if(!TAILQ_EMPTY(&base->sig.signalqueue)) + evsignal_base = base; +#endif done = 0; while (!done) { /* Calculate the initial events that we are waiting for */ @@ -398,21 +418,18 @@ event_base_loop(struct event_base *base, } } - /* Check if time is running backwards */ - gettime(&tv); - if (timercmp(&tv, &base->event_tv, <)) { - struct timeval off; - event_debug(("%s: time is running backwards, corrected", - __func__)); - timersub(&base->event_tv, &tv, &off); - timeout_correct(base, &off); - } - base->event_tv = tv; + timeout_correct(base, &tv); - if (!base->event_count_active && !(flags & EVLOOP_NONBLOCK)) - timeout_next(base, &tv); - else + tv_p = &tv; + if (!base->event_count_active && !(flags & EVLOOP_NONBLOCK)) { + timeout_next(base, &tv_p); + } else { + /* + * if we have active events, we just poll new events + * without waiting. + */ timerclear(&tv); + } /* If we have no events, we just exit */ if (!event_haveevents(base)) { @@ -420,7 +437,8 @@ event_base_loop(struct event_base *base, return (1); } - res = evsel->dispatch(base, evbase, &tv); + res = evsel->dispatch(base, evbase, tv_p); + if (res == -1) return (-1); @@ -459,12 +477,19 @@ event_once_cb(int fd, short events, void free(eonce); } -/* Schedules an event once */ - +/* not threadsafe, event scheduled once. */ int event_once(int fd, short events, void (*callback)(int, short, void *), void *arg, struct timeval *tv) { + return event_base_once(current_base, fd, events, callback, arg, tv); +} + +/* Schedules an event once */ +int +event_base_once(struct event_base *base, int fd, short events, + void (*callback)(int, short, void *), void *arg, struct timeval *tv) +{ struct event_once *eonce; struct timeval etv; int res; @@ -496,7 +521,9 @@ event_once(int fd, short events, return (-1); } - res = event_add(&eonce->ev, tv); + res = event_base_set(base, &eonce->ev); + if (res == 0) + res = event_add(&eonce->ev, tv); if (res != 0) { free(eonce); return (res); @@ -516,12 +543,14 @@ event_set(struct event *ev, int fd, shor ev->ev_arg = arg; ev->ev_fd = fd; ev->ev_events = events; + ev->ev_res = 0; ev->ev_flags = EVLIST_INIT; ev->ev_ncalls = 0; ev->ev_pncalls = NULL; /* by default, we put new events into the middle priority */ - ev->ev_pri = current_base->nactivequeues/2; + if(current_base) + ev->ev_pri = current_base->nactivequeues/2; } int @@ -710,16 +739,16 @@ event_active(struct event *ev, int res, event_queue_insert(ev->ev_base, ev, EVLIST_ACTIVE); } -int -timeout_next(struct event_base *base, struct timeval *tv) +static int +timeout_next(struct event_base *base, struct timeval **tv_p) { - struct timeval dflt = TIMEOUT_DEFAULT; - struct timeval now; struct event *ev; + struct timeval *tv = *tv_p; if ((ev = RB_MIN(event_tree, &base->timetree)) == NULL) { - *tv = dflt; + /* if no time-based events are active wait for I/O */ + *tv_p = NULL; return (0); } @@ -740,17 +769,38 @@ timeout_next(struct event_base *base, st return (0); } +/* + * Determines if the time is running backwards by comparing the current + * time against the last time we checked. Not needed when using clock + * monotonic. + */ + static void -timeout_correct(struct event_base *base, struct timeval *off) +timeout_correct(struct event_base *base, struct timeval *tv) { struct event *ev; + struct timeval off; + + if (use_monotonic) + return; + + /* Check if time is running backwards */ + gettime(tv); + if (timercmp(tv, &base->event_tv, >=)) { + base->event_tv = *tv; + return; + } + + event_debug(("%s: time is running backwards, corrected", + __func__)); + timersub(&base->event_tv, tv, &off); /* * We can modify the key element of the node without destroying * the key, beause we apply it to all in the right order. */ RB_FOREACH(ev, event_tree, &base->timetree) - timersub(&ev->ev_timeout, off, &ev->ev_timeout); + timersub(&ev->ev_timeout, &off, &ev->ev_timeout); } void @@ -801,7 +851,7 @@ event_queue_remove(struct event_base *ba ev, ev_active_next); break; case EVLIST_SIGNAL: - TAILQ_REMOVE(&signalqueue, ev, ev_signal_next); + TAILQ_REMOVE(&base->sig.signalqueue, ev, ev_signal_next); break; case EVLIST_TIMEOUT: RB_REMOVE(event_tree, &base->timetree, ev); @@ -843,7 +893,7 @@ event_queue_insert(struct event_base *ba ev,ev_active_next); break; case EVLIST_SIGNAL: - TAILQ_INSERT_TAIL(&signalqueue, ev, ev_signal_next); + TAILQ_INSERT_TAIL(&base->sig.signalqueue, ev, ev_signal_next); break; case EVLIST_TIMEOUT: { struct event *tmp = RB_INSERT(event_tree, &base->timetree, ev); Modified: vendor/pf/dist/libevent/event.h ============================================================================== --- vendor/pf/dist/libevent/event.h Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/event.h Wed Dec 10 21:08:42 2008 (r185882) @@ -31,6 +31,8 @@ extern "C" { #endif +#include +#include #include #ifdef WIN32 @@ -131,16 +133,14 @@ TAILQ_HEAD (evkeyvalq, evkeyval); struct eventop { char *name; - void *(*init)(void); + void *(*init)(struct event_base *); int (*add)(void *, struct event *); int (*del)(void *, struct event *); int (*recalc)(struct event_base *, void *, int); int (*dispatch)(struct event_base *, void *, struct timeval *); - void (*dealloc)(void *); + void (*dealloc)(struct event_base *, void *); }; -#define TIMEOUT_DEFAULT {5, 0} - void *event_init(void); int event_dispatch(void); int event_base_dispatch(struct event_base *); @@ -184,6 +184,7 @@ int event_base_loopexit(struct event_bas void event_set(struct event *, int, short, void (*)(int, short, void *), void *); int event_once(int, short, void (*)(int, short, void *), void *, struct timeval *); +int event_base_once(struct event_base *, int, short, void (*)(int, short, void *), void *, struct timeval *); int event_add(struct event *, struct timeval *); int event_del(struct event *); @@ -299,39 +300,37 @@ void evbuffer_setcb(struct evbuffer *, v void evtag_init(void); -void evtag_marshal(struct evbuffer *evbuf, u_int8_t tag, const void *data, - u_int32_t len); +void evtag_marshal(struct evbuffer *evbuf, uint8_t tag, const void *data, + uint32_t len); -void encode_int(struct evbuffer *evbuf, u_int32_t number); +void encode_int(struct evbuffer *evbuf, uint32_t number); -void evtag_marshal_int(struct evbuffer *evbuf, u_int8_t tag, - u_int32_t integer); +void evtag_marshal_int(struct evbuffer *evbuf, uint8_t tag, uint32_t integer); -void evtag_marshal_string(struct evbuffer *buf, u_int8_t tag, +void evtag_marshal_string(struct evbuffer *buf, uint8_t tag, const char *string); -void evtag_marshal_timeval(struct evbuffer *evbuf, u_int8_t tag, +void evtag_marshal_timeval(struct evbuffer *evbuf, uint8_t tag, struct timeval *tv); void evtag_test(void); -int evtag_unmarshal(struct evbuffer *src, u_int8_t *ptag, - struct evbuffer *dst); -int evtag_peek(struct evbuffer *evbuf, u_int8_t *ptag); -int evtag_peek_length(struct evbuffer *evbuf, u_int32_t *plength); -int evtag_payload_length(struct evbuffer *evbuf, u_int32_t *plength); +int evtag_unmarshal(struct evbuffer *src, uint8_t *ptag, struct evbuffer *dst); +int evtag_peek(struct evbuffer *evbuf, uint8_t *ptag); +int evtag_peek_length(struct evbuffer *evbuf, uint32_t *plength); +int evtag_payload_length(struct evbuffer *evbuf, uint32_t *plength); int evtag_consume(struct evbuffer *evbuf); -int evtag_unmarshal_int(struct evbuffer *evbuf, u_int8_t need_tag, - u_int32_t *pinteger); +int evtag_unmarshal_int(struct evbuffer *evbuf, uint8_t need_tag, + uint32_t *pinteger); -int evtag_unmarshal_fixed(struct evbuffer *src, u_int8_t need_tag, void *data, +int evtag_unmarshal_fixed(struct evbuffer *src, uint8_t need_tag, void *data, size_t len); -int evtag_unmarshal_string(struct evbuffer *evbuf, u_int8_t need_tag, +int evtag_unmarshal_string(struct evbuffer *evbuf, uint8_t need_tag, char **pstring); -int evtag_unmarshal_timeval(struct evbuffer *evbuf, u_int8_t need_tag, +int evtag_unmarshal_timeval(struct evbuffer *evbuf, uint8_t need_tag, struct timeval *ptv); #ifdef __cplusplus Modified: vendor/pf/dist/libevent/evsignal.h ============================================================================== --- vendor/pf/dist/libevent/evsignal.h Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/evsignal.h Wed Dec 10 21:08:42 2008 (r185882) @@ -27,9 +27,18 @@ #ifndef _EVSIGNAL_H_ #define _EVSIGNAL_H_ -void evsignal_init(void); -void evsignal_process(void); +struct evsignal_info { + struct event_list signalqueue; + struct event ev_signal; + int ev_signal_pair[2]; + int ev_signal_added; + volatile sig_atomic_t evsignal_caught; + sig_atomic_t evsigcaught[NSIG]; +}; +void evsignal_init(struct event_base *); +void evsignal_process(struct event_base *); int evsignal_add(struct event *); int evsignal_del(struct event *); +void evsignal_dealloc(struct event_base *); #endif /* _EVSIGNAL_H_ */ Modified: vendor/pf/dist/libevent/kqueue.c ============================================================================== --- vendor/pf/dist/libevent/kqueue.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/kqueue.c Wed Dec 10 21:08:42 2008 (r185882) @@ -48,10 +48,13 @@ #include #endif -#if defined(HAVE_INTTYPES_H) && !defined(__OpenBSD__) && !defined(__FreeBSD__) -#define INTPTR(x) (intptr_t)x +/* Some platforms apparently define the udata field of struct kevent as + * ntptr_t, whereas others define it as void*. There doesn't seem to be an + * easy way to tell them apart via autoconf, so we need to use OS macros. */ +#if defined(HAVE_INTTYPES_H) && !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__darwin__) && !defined(__APPLE__) +#define PTR_TO_UDATA(x) ((intptr_t)(x)) #else -#define INTPTR(x) x +#define PTR_TO_UDATA(x) (x) #endif #include "event.h" @@ -69,13 +72,13 @@ struct kqop { int kq; }; -void *kq_init (void); +void *kq_init (struct event_base *); int kq_add (void *, struct event *); int kq_del (void *, struct event *); int kq_recalc (struct event_base *, void *, int); int kq_dispatch (struct event_base *, void *, struct timeval *); int kq_insert (struct kqop *, struct kevent *); -void kq_dealloc (void *); +void kq_dealloc (struct event_base *, void *); const struct eventop kqops = { "kqueue", @@ -88,7 +91,7 @@ const struct eventop kqops = { }; void * -kq_init(void) +kq_init(struct event_base *base) { int kq; struct kqop *kqueueop; @@ -212,13 +215,16 @@ kq_dispatch(struct event_base *base, voi struct kevent *changes = kqop->changes; struct kevent *events = kqop->events; struct event *ev; - struct timespec ts; + struct timespec ts, *ts_p = NULL; int i, res; - TIMEVAL_TO_TIMESPEC(tv, &ts); + if (tv != NULL) { + TIMEVAL_TO_TIMESPEC(tv, &ts); + ts_p = &ts; + } res = kevent(kqop->kq, changes, kqop->nchanges, - events, kqop->nevents, &ts); + events, kqop->nevents, ts_p); kqop->nchanges = 0; if (res == -1) { if (errno != EINTR) { @@ -294,7 +300,7 @@ kq_add(void *arg, struct event *ev) kev.flags = EV_ADD; if (!(ev->ev_events & EV_PERSIST)) kev.flags |= EV_ONESHOT; - kev.udata = INTPTR(ev); + kev.udata = PTR_TO_UDATA(ev); if (kq_insert(kqop, &kev) == -1) return (-1); @@ -317,7 +323,7 @@ kq_add(void *arg, struct event *ev) kev.flags = EV_ADD; if (!(ev->ev_events & EV_PERSIST)) kev.flags |= EV_ONESHOT; - kev.udata = INTPTR(ev); + kev.udata = PTR_TO_UDATA(ev); if (kq_insert(kqop, &kev) == -1) return (-1); @@ -332,7 +338,7 @@ kq_add(void *arg, struct event *ev) kev.flags = EV_ADD; if (!(ev->ev_events & EV_PERSIST)) kev.flags |= EV_ONESHOT; - kev.udata = INTPTR(ev); + kev.udata = PTR_TO_UDATA(ev); if (kq_insert(kqop, &kev) == -1) return (-1); @@ -398,7 +404,7 @@ kq_del(void *arg, struct event *ev) } void -kq_dealloc(void *arg) +kq_dealloc(struct event_base *base, void *arg) { struct kqop *kqop = arg; Modified: vendor/pf/dist/libevent/poll.c ============================================================================== --- vendor/pf/dist/libevent/poll.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/poll.c Wed Dec 10 21:08:42 2008 (r185882) @@ -54,8 +54,6 @@ #include "evsignal.h" #include "log.h" -extern volatile sig_atomic_t evsignal_caught; - struct pollop { int event_count; /* Highest number alloc */ int nfds; /* Size of event_* */ @@ -68,12 +66,12 @@ struct pollop { * "no entry." */ }; -void *poll_init (void); +void *poll_init (struct event_base *); int poll_add (void *, struct event *); int poll_del (void *, struct event *); int poll_recalc (struct event_base *, void *, int); int poll_dispatch (struct event_base *, void *, struct timeval *); -void poll_dealloc (void *); +void poll_dealloc (struct event_base *, void *); const struct eventop pollops = { "poll", @@ -86,7 +84,7 @@ const struct eventop pollops = { }; void * -poll_init(void) +poll_init(struct event_base *base) { struct pollop *pollop; @@ -97,7 +95,7 @@ poll_init(void) if (!(pollop = calloc(1, sizeof(struct pollop)))) return (NULL); - evsignal_init(); + evsignal_init(base); return (pollop); } @@ -150,13 +148,16 @@ poll_check_ok(struct pollop *pop) int poll_dispatch(struct event_base *base, void *arg, struct timeval *tv) { - int res, i, sec, nfds; + int res, i, msec = -1, nfds; struct pollop *pop = arg; poll_check_ok(pop); - sec = tv->tv_sec * 1000 + (tv->tv_usec + 999) / 1000; + + if (tv != NULL) + msec = tv->tv_sec * 1000 + (tv->tv_usec + 999) / 1000; + nfds = pop->nfds; - res = poll(pop->event_set, nfds, sec); + res = poll(pop->event_set, nfds, msec); if (res == -1) { if (errno != EINTR) { @@ -164,10 +165,11 @@ poll_dispatch(struct event_base *base, v return (-1); } - evsignal_process(); + evsignal_process(base); return (0); - } else if (evsignal_caught) - evsignal_process(); + } else if (base->sig.evsignal_caught) { + evsignal_process(base); + } event_debug(("%s: poll reports %d", __func__, res)); @@ -370,10 +372,11 @@ poll_del(void *arg, struct event *ev) } void -poll_dealloc(void *arg) +poll_dealloc(struct event_base *base, void *arg) { struct pollop *pop = arg; + evsignal_dealloc(base); if (pop->event_set) free(pop->event_set); if (pop->event_r_back) Modified: vendor/pf/dist/libevent/select.c ============================================================================== --- vendor/pf/dist/libevent/select.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/select.c Wed Dec 10 21:08:42 2008 (r185882) @@ -36,6 +36,9 @@ #else #include #endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif #include #include #include @@ -57,8 +60,6 @@ #define howmany(x, y) (((x)+((y)-1))/(y)) #endif -extern volatile sig_atomic_t evsignal_caught; - struct selectop { int event_fds; /* Highest fd in fd set */ int event_fdsz; @@ -70,12 +71,12 @@ struct selectop { struct event **event_w_by_fd; }; -void *select_init (void); +void *select_init (struct event_base *); int select_add (void *, struct event *); int select_del (void *, struct event *); int select_recalc (struct event_base *, void *, int); int select_dispatch (struct event_base *, void *, struct timeval *); -void select_dealloc (void *); +void select_dealloc (struct event_base *, void *); const struct eventop selectops = { "select", @@ -90,7 +91,7 @@ const struct eventop selectops = { static int select_resize(struct selectop *sop, int fdsz); void * -select_init(void) +select_init(struct event_base *base) { struct selectop *sop; @@ -103,7 +104,7 @@ select_init(void) select_resize(sop, howmany(32 + 1, NFDBITS)*sizeof(fd_mask)); - evsignal_init(); + evsignal_init(base); return (sop); } @@ -113,7 +114,7 @@ static void check_selectop(struct selectop *sop) { int i; - for (i=0;i<=sop->event_fds;++i) { + for (i = 0; i <= sop->event_fds; ++i) { if (FD_ISSET(i, sop->event_readset_in)) { assert(sop->event_r_by_fd[i]); assert(sop->event_r_by_fd[i]->ev_events & EV_READ); @@ -174,10 +175,11 @@ select_dispatch(struct event_base *base, return (-1); } - evsignal_process(); + evsignal_process(base); return (0); - } else if (evsignal_caught) - evsignal_process(); + } else if (base->sig.evsignal_caught) { + evsignal_process(base); + } event_debug(("%s: select reports %d", __func__, res)); @@ -348,10 +350,11 @@ select_del(void *arg, struct event *ev) } void -select_dealloc(void *arg) +select_dealloc(struct event_base *base, void *arg) { struct selectop *sop = arg; + evsignal_dealloc(base); if (sop->event_readset_in) free(sop->event_readset_in); if (sop->event_writeset_in) Modified: vendor/pf/dist/libevent/signal.c ============================================================================== --- vendor/pf/dist/libevent/signal.c Wed Dec 10 21:00:02 2008 (r185881) +++ vendor/pf/dist/libevent/signal.c Wed Dec 10 21:08:42 2008 (r185882) @@ -31,6 +31,7 @@ #endif #include +#include #ifdef HAVE_SYS_TIME_H #include #else @@ -47,19 +48,14 @@ #ifdef HAVE_FCNTL_H #include #endif +#include #include "event.h" +#include "event-internal.h" #include "evsignal.h" #include "log.h" -extern struct event_list signalqueue; - -static sig_atomic_t evsigcaught[NSIG]; -volatile sig_atomic_t evsignal_caught = 0; - -static struct event ev_signal; -static int ev_signal_pair[2]; -static int ev_signal_added; +struct event_base *evsignal_base = NULL; static void evsignal_handler(int sig); @@ -87,24 +83,27 @@ evsignal_cb(int fd, short what, void *ar #endif void -evsignal_init(void) +evsignal_init(struct event_base *base) { /* *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:09:10 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 008B41065678; Wed, 10 Dec 2008 21:09:10 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C93C58FC08; Wed, 10 Dec 2008 21:09:09 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBAL99d6042891; Wed, 10 Dec 2008 21:09:09 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBAL99lT042890; Wed, 10 Dec 2008 21:09:09 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102109.mBAL99lT042890@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:09:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185883 - vendor/pf/4.4 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:09:10 -0000 Author: mlaier Date: Wed Dec 10 21:09:09 2008 New Revision: 185883 URL: http://svn.freebsd.org/changeset/base/185883 Log: Tag for pf 4.4 Added: vendor/pf/4.4/ - copied from r185882, vendor/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:21:10 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81A2A1065678; Wed, 10 Dec 2008 21:21:10 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 6C5948FC1C; Wed, 10 Dec 2008 21:21:10 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALLA28043151; Wed, 10 Dec 2008 21:21:10 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALLATn043146; Wed, 10 Dec 2008 21:21:10 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102121.mBALLATn043146@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:21:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185884 - vendor-sys/pf/dist/net X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:21:10 -0000 Author: mlaier Date: Wed Dec 10 21:21:09 2008 New Revision: 185884 URL: http://svn.freebsd.org/changeset/base/185884 Log: Import OPENBSD_4_2_BASE Modified: vendor-sys/pf/dist/net/if_pflog.c vendor-sys/pf/dist/net/if_pfsync.c vendor-sys/pf/dist/net/if_pfsync.h vendor-sys/pf/dist/net/pf.c vendor-sys/pf/dist/net/pf_if.c vendor-sys/pf/dist/net/pf_ioctl.c vendor-sys/pf/dist/net/pf_norm.c vendor-sys/pf/dist/net/pf_table.c vendor-sys/pf/dist/net/pfvar.h Modified: vendor-sys/pf/dist/net/if_pflog.c ============================================================================== --- vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:21:09 2008 (r185884) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.22 2006/12/15 09:31:20 otto Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -87,8 +87,6 @@ struct if_clone pflog_cloner = struct ifnet *pflogifs[PFLOGIFS_MAX]; /* for fast access */ -extern int ifqmaxlen; - void pflogattach(int npflog) { @@ -96,7 +94,6 @@ pflogattach(int npflog) LIST_INIT(&pflogif_list); for (i = 0; i < PFLOGIFS_MAX; i++) pflogifs[i] = NULL; - (void) pflog_clone_create(&pflog_cloner, 0); if_clone_attach(&pflog_cloner); } Modified: vendor-sys/pf/dist/net/if_pfsync.c ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:21:09 2008 (r185884) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.73 2006/11/16 13:13:38 henning Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.83 2007/06/26 14:44:12 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -106,7 +106,6 @@ void pfsync_bulk_update(void *); void pfsync_bulkfail(void *); int pfsync_sync_ok; -extern int ifqmaxlen; struct if_clone pfsync_cloner = IF_CLONE_INITIALIZER("pfsync", pfsync_clone_create, pfsync_clone_destroy); @@ -221,6 +220,7 @@ int pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag) { struct pf_state *st = NULL; + struct pf_state_key *sk = NULL; struct pf_rule *r = NULL; struct pfi_kif *kif; @@ -243,7 +243,9 @@ pfsync_insert_net_state(struct pfsync_st * If the ruleset checksums match, it's safe to associate the state * with the rule of that number. */ - if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag) + if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag && + ntohl(sp->rule) < + pf_main_ruleset.rules[PF_RULESET_FILTER].active.rcount) r = pf_main_ruleset.rules[ PF_RULESET_FILTER].active.ptr_array[ntohl(sp->rule)]; else @@ -257,6 +259,12 @@ pfsync_insert_net_state(struct pfsync_st } bzero(st, sizeof(*st)); + if ((sk = pf_alloc_state_key(st)) == NULL) { + pool_put(&pf_state_pl, st); + pfi_kif_unref(kif, PFI_KIF_REF_NONE); + return (ENOMEM); + } + /* allocate memory for scrub info */ if (pfsync_alloc_scrub_memory(&sp->src, &st->src) || pfsync_alloc_scrub_memory(&sp->dst, &st->dst)) { @@ -264,6 +272,7 @@ pfsync_insert_net_state(struct pfsync_st if (st->src.scrub) pool_put(&pf_state_scrub_pl, st->src.scrub); pool_put(&pf_state_pl, st); + pool_put(&pf_state_key_pl, sk); return (ENOMEM); } @@ -274,9 +283,9 @@ pfsync_insert_net_state(struct pfsync_st r->states++; /* fill in the rest of the state entry */ - pf_state_host_ntoh(&sp->lan, &st->lan); - pf_state_host_ntoh(&sp->gwy, &st->gwy); - pf_state_host_ntoh(&sp->ext, &st->ext); + pf_state_host_ntoh(&sp->lan, &sk->lan); + pf_state_host_ntoh(&sp->gwy, &sk->gwy); + pf_state_host_ntoh(&sp->ext, &sk->ext); pf_state_peer_ntoh(&sp->src, &st->src); pf_state_peer_ntoh(&sp->dst, &st->dst); @@ -285,9 +294,9 @@ pfsync_insert_net_state(struct pfsync_st st->creation = time_second - ntohl(sp->creation); st->expire = ntohl(sp->expire) + time_second; - st->af = sp->af; - st->proto = sp->proto; - st->direction = sp->direction; + sk->af = sp->af; + sk->proto = sp->proto; + sk->direction = sp->direction; st->log = sp->log; st->timeout = sp->timeout; st->allow_opts = sp->allow_opts; @@ -318,14 +327,17 @@ pfsync_input(struct mbuf *m, ...) struct pfsync_header *ph; struct pfsync_softc *sc = pfsyncif; struct pf_state *st; - struct pf_state_cmp key; + struct pf_state_key *sk; + struct pf_state_cmp id_key; struct pfsync_state *sp; struct pfsync_state_upd *up; struct pfsync_state_del *dp; struct pfsync_state_clr *cp; struct pfsync_state_upd_req *rup; struct pfsync_state_bus *bus; +#ifdef IPSEC struct pfsync_tdb *pt; +#endif struct in_addr src; struct mbuf *mp; int iplen, action, error, i, s, count, offp, sfail, stale = 0; @@ -389,7 +401,8 @@ pfsync_input(struct mbuf *m, ...) switch (action) { case PFSYNC_ACT_CLR: { struct pf_state *nexts; - struct pfi_kif *kif; + struct pf_state_key *nextsk; + struct pfi_kif *kif; u_int32_t creatorid; if ((mp = m_pulldown(m, iplen + sizeof(*ph), sizeof(*cp), &offp)) == NULL) { @@ -414,13 +427,16 @@ pfsync_input(struct mbuf *m, ...) splx(s); return; } - for (st = RB_MIN(pf_state_tree_lan_ext, - &kif->pfik_lan_ext); st; st = nexts) { - nexts = RB_NEXT(pf_state_tree_lan_ext, - &kif->pfik_lan_ext, st); - if (st->creatorid == creatorid) { - st->sync_flags |= PFSTATE_FROMSYNC; - pf_unlink_state(st); + for (sk = RB_MIN(pf_state_tree_lan_ext, + &pf_statetbl_lan_ext); sk; sk = nextsk) { + nextsk = RB_NEXT(pf_state_tree_lan_ext, + &pf_statetbl_lan_ext, sk); + TAILQ_FOREACH(st, &sk->states, next) { + if (st->creatorid == creatorid) { + st->sync_flags |= + PFSTATE_FROMSYNC; + pf_unlink_state(st); + } } } } @@ -485,18 +501,19 @@ pfsync_input(struct mbuf *m, ...) continue; } - bcopy(sp->id, &key.id, sizeof(key.id)); - key.creatorid = sp->creatorid; + bcopy(sp->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = sp->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { /* insert the update */ if (pfsync_insert_net_state(sp, chksum_flag)) pfsyncstats.pfsyncs_badstate++; continue; } + sk = st->state_key; sfail = 0; - if (st->proto == IPPROTO_TCP) { + if (sk->proto == IPPROTO_TCP) { /* * The state should never go backwards except * for syn-proxy states. Neither should the @@ -579,10 +596,10 @@ pfsync_input(struct mbuf *m, ...) s = splsoftnet(); for (i = 0, sp = (struct pfsync_state *)(mp->m_data + offp); i < count; i++, sp++) { - bcopy(sp->id, &key.id, sizeof(key.id)); - key.creatorid = sp->creatorid; + bcopy(sp->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = sp->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { pfsyncstats.pfsyncs_badstate++; continue; @@ -616,10 +633,10 @@ pfsync_input(struct mbuf *m, ...) continue; } - bcopy(up->id, &key.id, sizeof(key.id)); - key.creatorid = up->creatorid; + bcopy(up->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = up->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { /* We don't have this state. Ask for it. */ error = pfsync_request_update(up, &src); @@ -631,8 +648,9 @@ pfsync_input(struct mbuf *m, ...) pfsyncstats.pfsyncs_badstate++; continue; } + sk = st->state_key; sfail = 0; - if (st->proto == IPPROTO_TCP) { + if (sk->proto == IPPROTO_TCP) { /* * The state should never go backwards except * for syn-proxy states. Neither should the @@ -702,10 +720,10 @@ pfsync_input(struct mbuf *m, ...) s = splsoftnet(); for (i = 0, dp = (struct pfsync_state_del *)(mp->m_data + offp); i < count; i++, dp++) { - bcopy(dp->id, &key.id, sizeof(key.id)); - key.creatorid = dp->creatorid; + bcopy(dp->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = dp->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { pfsyncstats.pfsyncs_badstate++; continue; @@ -732,10 +750,10 @@ pfsync_input(struct mbuf *m, ...) for (i = 0, rup = (struct pfsync_state_upd_req *)(mp->m_data + offp); i < count; i++, rup++) { - bcopy(rup->id, &key.id, sizeof(key.id)); - key.creatorid = rup->creatorid; + bcopy(rup->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = rup->creatorid; - if (key.id == 0 && key.creatorid == 0) { + if (id_key.id == 0 && id_key.creatorid == 0) { sc->sc_ureq_received = time_uptime; if (sc->sc_bulk_send_next == NULL) sc->sc_bulk_send_next = @@ -747,7 +765,7 @@ pfsync_input(struct mbuf *m, ...) pfsync_send_bus(sc, PFSYNC_BUS_START); timeout_add(&sc->sc_bulk_tmo, 1 * hz); } else { - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { pfsyncstats.pfsyncs_badstate++; continue; @@ -804,6 +822,7 @@ pfsync_input(struct mbuf *m, ...) break; } break; +#ifdef IPSEC case PFSYNC_ACT_TDB_UPD: if ((mp = m_pulldown(m, iplen + sizeof(*ph), count * sizeof(*pt), &offp)) == NULL) { @@ -816,6 +835,7 @@ pfsync_input(struct mbuf *m, ...) pfsync_update_net_tdb(pt); splx(s); break; +#endif } done: @@ -1080,6 +1100,7 @@ pfsync_pack_state(u_int8_t action, struc struct pfsync_state *sp = NULL; struct pfsync_state_upd *up = NULL; struct pfsync_state_del *dp = NULL; + struct pf_state_key *sk = st->state_key; struct pf_rule *r; u_long secs; int s, ret = 0; @@ -1164,10 +1185,10 @@ pfsync_pack_state(u_int8_t action, struc bcopy(&st->id, sp->id, sizeof(sp->id)); sp->creatorid = st->creatorid; - strlcpy(sp->ifname, st->u.s.kif->pfik_name, sizeof(sp->ifname)); - pf_state_host_hton(&st->lan, &sp->lan); - pf_state_host_hton(&st->gwy, &sp->gwy); - pf_state_host_hton(&st->ext, &sp->ext); + strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); + pf_state_host_hton(&sk->lan, &sp->lan); + pf_state_host_hton(&sk->gwy, &sp->gwy); + pf_state_host_hton(&sk->ext, &sp->ext); bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); @@ -1184,9 +1205,9 @@ pfsync_pack_state(u_int8_t action, struc sp->anchor = htonl(-1); else sp->anchor = htonl(r->nr); - sp->af = st->af; - sp->proto = st->proto; - sp->direction = st->direction; + sp->af = sk->af; + sp->proto = sk->proto; + sp->direction = sk->direction; sp->log = st->log; sp->allow_opts = st->allow_opts; sp->timeout = st->timeout; @@ -1418,7 +1439,7 @@ pfsync_bulk_update(void *v) } /* figure next state to send */ - state = TAILQ_NEXT(state, u.s.entry_list); + state = TAILQ_NEXT(state, entry_list); /* wrap to start of list if we hit the end */ if (!state) @@ -1577,6 +1598,7 @@ pfsync_sendout_mbuf(struct pfsync_softc return (0); } +#ifdef IPSEC /* Update an in-kernel tdb. Silently fail if no tdb is found. */ void pfsync_update_net_tdb(struct pfsync_tdb *pt) @@ -1727,3 +1749,4 @@ pfsync_update_tdb(struct tdb *tdb, int o splx(s); return (ret); } +#endif Modified: vendor-sys/pf/dist/net/if_pfsync.h ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:21:09 2008 (r185884) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.h,v 1.30 2006/10/31 14:49:01 henning Exp $ */ +/* $OpenBSD: if_pfsync.h,v 1.31 2007/05/31 04:11:42 mcbride Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -32,62 +32,6 @@ #define PFSYNC_ID_LEN sizeof(u_int64_t) -struct pfsync_state_scrub { - u_int16_t pfss_flags; - u_int8_t pfss_ttl; /* stashed TTL */ -#define PFSYNC_SCRUB_FLAG_VALID 0x01 - u_int8_t scrub_flag; - u_int32_t pfss_ts_mod; /* timestamp modulation */ -} __packed; - -struct pfsync_state_host { - struct pf_addr addr; - u_int16_t port; - u_int16_t pad[3]; -} __packed; - -struct pfsync_state_peer { - struct pfsync_state_scrub scrub; /* state is scrubbed */ - u_int32_t seqlo; /* Max sequence number sent */ - u_int32_t seqhi; /* Max the other end ACKd + win */ - u_int32_t seqdiff; /* Sequence number modulator */ - u_int16_t max_win; /* largest window (pre scaling) */ - u_int16_t mss; /* Maximum segment size option */ - u_int8_t state; /* active state level */ - u_int8_t wscale; /* window scaling factor */ - u_int8_t pad[6]; -} __packed; - -struct pfsync_state { - u_int32_t id[2]; - char ifname[IFNAMSIZ]; - struct pfsync_state_host lan; - struct pfsync_state_host gwy; - struct pfsync_state_host ext; - struct pfsync_state_peer src; - struct pfsync_state_peer dst; - struct pf_addr rt_addr; - u_int32_t rule; - u_int32_t anchor; - u_int32_t nat_rule; - u_int32_t creation; - u_int32_t expire; - u_int32_t packets[2][2]; - u_int32_t bytes[2][2]; - u_int32_t creatorid; - sa_family_t af; - u_int8_t proto; - u_int8_t direction; - u_int8_t log; - u_int8_t allow_opts; - u_int8_t timeout; - u_int8_t sync_flags; - u_int8_t updates; -} __packed; - -#define PFSYNC_FLAG_COMPRESS 0x01 -#define PFSYNC_FLAG_STALE 0x02 - struct pfsync_tdb { u_int32_t spi; union sockaddr_union dst; @@ -251,6 +195,7 @@ struct pfsyncreq { }; +/* for copies to/from network */ #define pf_state_peer_hton(s,d) do { \ (d)->seqlo = htonl((s)->seqlo); \ (d)->seqhi = htonl((s)->seqhi); \ @@ -312,7 +257,7 @@ int pfsync_clear_states(u_int32_t, char int pfsync_pack_state(u_int8_t, struct pf_state *, int); #define pfsync_insert_state(st) do { \ if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) || \ - (st->proto == IPPROTO_PFSYNC)) \ + (st->state_key->proto == IPPROTO_PFSYNC)) \ st->sync_flags |= PFSTATE_NOSYNC; \ else if (!st->sync_flags) \ pfsync_pack_state(PFSYNC_ACT_INS, (st), \ Modified: vendor-sys/pf/dist/net/pf.c ============================================================================== --- vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:21:09 2008 (r185884) @@ -1,5 +1,4 @@ -/* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */ -/* add: $OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */ +/* $OpenBSD: pf.c,v 1.552 2007/08/21 15:57:27 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -96,6 +95,10 @@ * Global variables */ +/* state tables */ +struct pf_state_tree_lan_ext pf_statetbl_lan_ext; +struct pf_state_tree_ext_gwy pf_statetbl_ext_gwy; + struct pf_altqqueue pf_altqs[2]; struct pf_palist pf_pabuf; struct pf_altqqueue *pf_altqs_active; @@ -114,8 +117,9 @@ struct pf_anchor_stackframe { struct pf_anchor *child; } pf_anchor_stack[64]; -struct pool pf_src_tree_pl, pf_rule_pl; -struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl; +struct pool pf_src_tree_pl, pf_rule_pl, pf_pooladdr_pl; +struct pool pf_state_pl, pf_state_key_pl; +struct pool pf_altq_pl; void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); @@ -153,22 +157,13 @@ struct pf_rule *pf_get_translation(stru struct pf_addr *, u_int16_t, struct pf_addr *, u_int16_t, struct pf_addr *, u_int16_t *); -int pf_test_tcp(struct pf_rule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, - void *, struct pf_pdesc *, struct pf_rule **, - struct pf_ruleset **, struct ifqueue *); -int pf_test_udp(struct pf_rule **, struct pf_state **, +void pf_attach_state(struct pf_state_key *, + struct pf_state *, int); +void pf_detach_state(struct pf_state *, int); +int pf_test_rule(struct pf_rule **, struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **, struct ifqueue *); -int pf_test_icmp(struct pf_rule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, - void *, struct pf_pdesc *, struct pf_rule **, - struct pf_ruleset **, struct ifqueue *); -int pf_test_other(struct pf_rule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, void *, - struct pf_pdesc *, struct pf_rule **, - struct pf_ruleset **, struct ifqueue *); int pf_test_fragment(struct pf_rule **, int, struct pfi_kif *, struct mbuf *, void *, struct pf_pdesc *, struct pf_rule **, @@ -184,8 +179,9 @@ int pf_test_state_icmp(struct pf_stat void *, struct pf_pdesc *, u_short *); int pf_test_state_other(struct pf_state **, int, struct pfi_kif *, struct pf_pdesc *); -int pf_match_tag(struct mbuf *, struct pf_rule *, - struct pf_mtag *, int *); +int pf_match_tag(struct mbuf *, struct pf_rule *, int *); +void pf_step_into_anchor(int *, struct pf_ruleset **, int, + struct pf_rule **, struct pf_rule **, int *); int pf_step_out_of_anchor(int *, struct pf_ruleset **, int, struct pf_rule **, struct pf_rule **, int *); @@ -217,9 +213,11 @@ int pf_check_proto_cksum(struct mbuf u_int8_t, sa_family_t); int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); -struct pf_state *pf_find_state_recurse(struct pfi_kif *, - struct pf_state_cmp *, u_int8_t); +struct pf_state *pf_find_state(struct pfi_kif *, + struct pf_state_key_cmp *, u_int8_t); int pf_src_connlimit(struct pf_state **); +void pf_stateins_err(const char *, struct pf_state *, + struct pfi_kif *); int pf_check_congestion(struct ifqueue *); extern struct pool pfr_ktable_pl; @@ -236,11 +234,9 @@ struct pf_pool_limit pf_pool_limits[PF_L #define STATE_LOOKUP() \ do { \ if (direction == PF_IN) \ - *state = pf_find_state_recurse( \ - kif, &key, PF_EXT_GWY); \ + *state = pf_find_state(kif, &key, PF_EXT_GWY); \ else \ - *state = pf_find_state_recurse( \ - kif, &key, PF_LAN_EXT); \ + *state = pf_find_state(kif, &key, PF_LAN_EXT); \ if (*state == NULL || (*state)->timeout == PFTM_PURGE) \ return (PF_DROP); \ if (direction == PF_OUT && \ @@ -253,13 +249,13 @@ struct pf_pool_limit pf_pool_limits[PF_L return (PF_PASS); \ } while (0) -#define STATE_TRANSLATE(s) \ - (s)->lan.addr.addr32[0] != (s)->gwy.addr.addr32[0] || \ - ((s)->af == AF_INET6 && \ - ((s)->lan.addr.addr32[1] != (s)->gwy.addr.addr32[1] || \ - (s)->lan.addr.addr32[2] != (s)->gwy.addr.addr32[2] || \ - (s)->lan.addr.addr32[3] != (s)->gwy.addr.addr32[3])) || \ - (s)->lan.port != (s)->gwy.port +#define STATE_TRANSLATE(sk) \ + (sk)->lan.addr.addr32[0] != (sk)->gwy.addr.addr32[0] || \ + ((sk)->af == AF_INET6 && \ + ((sk)->lan.addr.addr32[1] != (sk)->gwy.addr.addr32[1] || \ + (sk)->lan.addr.addr32[2] != (sk)->gwy.addr.addr32[2] || \ + (sk)->lan.addr.addr32[3] != (sk)->gwy.addr.addr32[3])) || \ + (sk)->lan.port != (sk)->gwy.port #define BOUND_IFACE(r, k) \ ((r)->rule_flag & PFRULE_IFBOUND) ? (k) : pfi_all @@ -283,10 +279,10 @@ struct pf_pool_limit pf_pool_limits[PF_L } while (0) static __inline int pf_src_compare(struct pf_src_node *, struct pf_src_node *); -static __inline int pf_state_compare_lan_ext(struct pf_state *, - struct pf_state *); -static __inline int pf_state_compare_ext_gwy(struct pf_state *, - struct pf_state *); +static __inline int pf_state_compare_lan_ext(struct pf_state_key *, + struct pf_state_key *); +static __inline int pf_state_compare_ext_gwy(struct pf_state_key *, + struct pf_state_key *); static __inline int pf_state_compare_id(struct pf_state *, struct pf_state *); @@ -296,12 +292,15 @@ struct pf_state_tree_id tree_id; struct pf_state_queue state_list; RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare); -RB_GENERATE(pf_state_tree_lan_ext, pf_state, - u.s.entry_lan_ext, pf_state_compare_lan_ext); -RB_GENERATE(pf_state_tree_ext_gwy, pf_state, - u.s.entry_ext_gwy, pf_state_compare_ext_gwy); +RB_GENERATE(pf_state_tree_lan_ext, pf_state_key, + entry_lan_ext, pf_state_compare_lan_ext); +RB_GENERATE(pf_state_tree_ext_gwy, pf_state_key, + entry_ext_gwy, pf_state_compare_ext_gwy); RB_GENERATE(pf_state_tree_id, pf_state, - u.s.entry_id, pf_state_compare_id); + entry_id, pf_state_compare_id); + +#define PF_DT_SKIP_LANEXT 0x01 +#define PF_DT_SKIP_EXTGWY 0x02 static __inline int pf_src_compare(struct pf_src_node *a, struct pf_src_node *b) @@ -348,7 +347,7 @@ pf_src_compare(struct pf_src_node *a, st } static __inline int -pf_state_compare_lan_ext(struct pf_state *a, struct pf_state *b) +pf_state_compare_lan_ext(struct pf_state_key *a, struct pf_state_key *b) { int diff; @@ -416,7 +415,7 @@ pf_state_compare_lan_ext(struct pf_state } static __inline int -pf_state_compare_ext_gwy(struct pf_state *a, struct pf_state *b) +pf_state_compare_ext_gwy(struct pf_state_key *a, struct pf_state_key *b) { int diff; @@ -522,74 +521,71 @@ struct pf_state * pf_find_state_byid(struct pf_state_cmp *key) { pf_status.fcounters[FCNT_STATE_SEARCH]++; + return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); } struct pf_state * -pf_find_state_recurse(struct pfi_kif *kif, struct pf_state_cmp *key, u_int8_t tree) +pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int8_t tree) { - struct pf_state *s; + struct pf_state_key *sk; + struct pf_state *s; pf_status.fcounters[FCNT_STATE_SEARCH]++; switch (tree) { case PF_LAN_EXT: - if ((s = RB_FIND(pf_state_tree_lan_ext, &kif->pfik_lan_ext, - (struct pf_state *)key)) != NULL) - return (s); - if ((s = RB_FIND(pf_state_tree_lan_ext, &pfi_all->pfik_lan_ext, - (struct pf_state *)key)) != NULL) - return (s); - return (NULL); + sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, + (struct pf_state_key *)key); + break; case PF_EXT_GWY: - if ((s = RB_FIND(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, - (struct pf_state *)key)) != NULL) - return (s); - if ((s = RB_FIND(pf_state_tree_ext_gwy, &pfi_all->pfik_ext_gwy, - (struct pf_state *)key)) != NULL) - return (s); - return (NULL); + sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, + (struct pf_state_key *)key); + break; default: - panic("pf_find_state_recurse"); + panic("pf_find_state"); } + + /* list is sorted, if-bound states before floating ones */ + if (sk != NULL) + TAILQ_FOREACH(s, &sk->states, next) + if (s->kif == pfi_all || s->kif == kif) + return (s); + + return (NULL); } struct pf_state * -pf_find_state_all(struct pf_state_cmp *key, u_int8_t tree, int *more) +pf_find_state_all(struct pf_state_key_cmp *key, u_int8_t tree, int *more) { - struct pf_state *s, *ss = NULL; - struct pfi_kif *kif; + struct pf_state_key *sk; + struct pf_state *s, *ret = NULL; pf_status.fcounters[FCNT_STATE_SEARCH]++; switch (tree) { case PF_LAN_EXT: - TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { - s = RB_FIND(pf_state_tree_lan_ext, - &kif->pfik_lan_ext, (struct pf_state *)key); - if (s == NULL) - continue; - if (more == NULL) - return (s); - ss = s; - (*more)++; - } - return (ss); + sk = RB_FIND(pf_state_tree_lan_ext, + &pf_statetbl_lan_ext, (struct pf_state_key *)key); + break; case PF_EXT_GWY: - TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { - s = RB_FIND(pf_state_tree_ext_gwy, - &kif->pfik_ext_gwy, (struct pf_state *)key); - if (s == NULL) - continue; - if (more == NULL) - return (s); - ss = s; - (*more)++; - } - return (ss); + sk = RB_FIND(pf_state_tree_ext_gwy, + &pf_statetbl_ext_gwy, (struct pf_state_key *)key); + break; default: panic("pf_find_state_all"); } + + if (sk != NULL) { + ret = TAILQ_FIRST(&sk->states); + if (more == NULL) + return (ret); + + TAILQ_FOREACH(s, &sk->states, next) + (*more)++; + } + + return (ret); } void @@ -625,7 +621,6 @@ pf_check_threshold(struct pf_threshold * int pf_src_connlimit(struct pf_state **state) { - struct pf_state *s; int bad = 0; (*state)->src_node->conn++; @@ -656,12 +651,12 @@ pf_src_connlimit(struct pf_state **state if (pf_status.debug >= PF_DEBUG_MISC) { printf("pf_src_connlimit: blocking address "); pf_print_host(&(*state)->src_node->addr, 0, - (*state)->af); + (*state)->state_key->af); } bzero(&p, sizeof(p)); - p.pfra_af = (*state)->af; - switch ((*state)->af) { + p.pfra_af = (*state)->state_key->af; + switch ((*state)->state_key->af) { #ifdef INET case AF_INET: p.pfra_net = 32; @@ -681,26 +676,31 @@ pf_src_connlimit(struct pf_state **state /* kill existing states if that's required. */ if ((*state)->rule.ptr->flush) { - pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; + struct pf_state_key *sk; + struct pf_state *st; - RB_FOREACH(s, pf_state_tree_id, &tree_id) { + pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; + RB_FOREACH(st, pf_state_tree_id, &tree_id) { + sk = st->state_key; /* * Kill states from this source. (Only those * from the same rule if PF_FLUSH_GLOBAL is not * set) */ - if (s->af == (*state)->af && - (((*state)->direction == PF_OUT && + if (sk->af == + (*state)->state_key->af && + (((*state)->state_key->direction == + PF_OUT && PF_AEQ(&(*state)->src_node->addr, - &s->lan.addr, s->af)) || - ((*state)->direction == PF_IN && + &sk->lan.addr, sk->af)) || + ((*state)->state_key->direction == PF_IN && PF_AEQ(&(*state)->src_node->addr, - &s->ext.addr, s->af))) && + &sk->ext.addr, sk->af))) && ((*state)->rule.ptr->flush & PF_FLUSH_GLOBAL || - (*state)->rule.ptr == s->rule.ptr)) { - s->timeout = PFTM_PURGE; - s->src.state = s->dst.state = + (*state)->rule.ptr == st->rule.ptr)) { + st->timeout = PFTM_PURGE; + st->src.state = st->dst.state = TCPS_CLOSED; killed++; } @@ -782,73 +782,80 @@ pf_insert_src_node(struct pf_src_node ** return (0); } +void +pf_stateins_err(const char *tree, struct pf_state *s, struct pfi_kif *kif) +{ + struct pf_state_key *sk = s->state_key; + + if (pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: state insert failed: %s %s", tree, kif->pfik_name); + printf(" lan: "); + pf_print_host(&sk->lan.addr, sk->lan.port, + sk->af); + printf(" gwy: "); + pf_print_host(&sk->gwy.addr, sk->gwy.port, + sk->af); + printf(" ext: "); + pf_print_host(&sk->ext.addr, sk->ext.port, + sk->af); + if (s->sync_flags & PFSTATE_FROMSYNC) + printf(" (from sync)"); + printf("\n"); + } +} + int -pf_insert_state(struct pfi_kif *kif, struct pf_state *state) +pf_insert_state(struct pfi_kif *kif, struct pf_state *s) { - /* Thou MUST NOT insert multiple duplicate keys */ - state->u.s.kif = kif; - if (RB_INSERT(pf_state_tree_lan_ext, &kif->pfik_lan_ext, state)) { - if (pf_status.debug >= PF_DEBUG_MISC) { - printf("pf: state insert failed: tree_lan_ext"); - printf(" lan: "); - pf_print_host(&state->lan.addr, state->lan.port, - state->af); - printf(" gwy: "); - pf_print_host(&state->gwy.addr, state->gwy.port, - state->af); - printf(" ext: "); - pf_print_host(&state->ext.addr, state->ext.port, - state->af); - if (state->sync_flags & PFSTATE_FROMSYNC) - printf(" (from sync)"); - printf("\n"); - } - return (-1); + struct pf_state_key *cur; + struct pf_state *sp; + + KASSERT(s->state_key != NULL); + s->kif = kif; + + if ((cur = RB_INSERT(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, + s->state_key)) != NULL) { + /* key exists. check for same kif, if none, add to key */ + TAILQ_FOREACH(sp, &cur->states, next) + if (sp->kif == kif) { /* collision! */ + pf_stateins_err("tree_lan_ext", s, kif); + return (-1); + } + pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); + pf_attach_state(cur, s, kif == pfi_all ? 1 : 0); } - if (RB_INSERT(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, state)) { - if (pf_status.debug >= PF_DEBUG_MISC) { - printf("pf: state insert failed: tree_ext_gwy"); - printf(" lan: "); - pf_print_host(&state->lan.addr, state->lan.port, - state->af); - printf(" gwy: "); - pf_print_host(&state->gwy.addr, state->gwy.port, - state->af); - printf(" ext: "); - pf_print_host(&state->ext.addr, state->ext.port, - state->af); - if (state->sync_flags & PFSTATE_FROMSYNC) - printf(" (from sync)"); - printf("\n"); - } - RB_REMOVE(pf_state_tree_lan_ext, &kif->pfik_lan_ext, state); + /* if cur != NULL, we already found a state key and attached to it */ + if (cur == NULL && (cur = RB_INSERT(pf_state_tree_ext_gwy, + &pf_statetbl_ext_gwy, s->state_key)) != NULL) { + /* must not happen. we must have found the sk above! */ + pf_stateins_err("tree_ext_gwy", s, kif); + pf_detach_state(s, PF_DT_SKIP_EXTGWY); return (-1); } - if (state->id == 0 && state->creatorid == 0) { - state->id = htobe64(pf_status.stateid++); - state->creatorid = pf_status.hostid; + if (s->id == 0 && s->creatorid == 0) { + s->id = htobe64(pf_status.stateid++); + s->creatorid = pf_status.hostid; } - if (RB_INSERT(pf_state_tree_id, &tree_id, state) != NULL) { + if (RB_INSERT(pf_state_tree_id, &tree_id, s) != NULL) { if (pf_status.debug >= PF_DEBUG_MISC) { printf("pf: state insert failed: " "id: %016llx creatorid: %08x", - betoh64(state->id), ntohl(state->creatorid)); - if (state->sync_flags & PFSTATE_FROMSYNC) + betoh64(s->id), ntohl(s->creatorid)); + if (s->sync_flags & PFSTATE_FROMSYNC) printf(" (from sync)"); printf("\n"); } - RB_REMOVE(pf_state_tree_lan_ext, &kif->pfik_lan_ext, state); - RB_REMOVE(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, state); + pf_detach_state(s, 0); return (-1); } - TAILQ_INSERT_TAIL(&state_list, state, u.s.entry_list); + TAILQ_INSERT_TAIL(&state_list, s, entry_list); pf_status.fcounters[FCNT_STATE_INSERT]++; pf_status.states++; pfi_kif_ref(kif, PFI_KIF_REF_STATE); #if NPFSYNC - pfsync_insert_state(state); + pfsync_insert_state(s); #endif return (0); } @@ -954,7 +961,7 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout; if (s->src_node != NULL) { - if (s->proto == IPPROTO_TCP) { + if (s->state_key->proto == IPPROTO_TCP) { if (s->src.tcp_est) --s->src_node->conn; } @@ -983,16 +990,12 @@ void pf_unlink_state(struct pf_state *cur) { if (cur->src.state == PF_TCPS_PROXY_DST) { - pf_send_tcp(cur->rule.ptr, cur->af, - &cur->ext.addr, &cur->lan.addr, - cur->ext.port, cur->lan.port, + pf_send_tcp(cur->rule.ptr, cur->state_key->af, + &cur->state_key->ext.addr, &cur->state_key->lan.addr, + cur->state_key->ext.port, cur->state_key->lan.port, cur->src.seqhi, cur->src.seqlo + 1, TH_RST|TH_ACK, 0, 0, 0, 1, cur->tag, NULL, NULL); } - RB_REMOVE(pf_state_tree_ext_gwy, - &cur->u.s.kif->pfik_ext_gwy, cur); - RB_REMOVE(pf_state_tree_lan_ext, - &cur->u.s.kif->pfik_lan_ext, cur); RB_REMOVE(pf_state_tree_id, &tree_id, cur); #if NPFSYNC if (cur->creatorid == pf_status.hostid) @@ -1000,6 +1003,7 @@ pf_unlink_state(struct pf_state *cur) #endif cur->timeout = PFTM_UNLINKED; pf_src_tree_remove_state(cur); + pf_detach_state(cur, 0); } /* callers should be at splsoftnet and hold the @@ -1025,8 +1029,8 @@ pf_free_state(struct pf_state *cur) if (--cur->anchor.ptr->states <= 0) pf_rm_rule(NULL, cur->anchor.ptr); pf_normalize_tcp_cleanup(cur); - pfi_kif_unref(cur->u.s.kif, PFI_KIF_REF_STATE); - TAILQ_REMOVE(&state_list, cur, u.s.entry_list); + pfi_kif_unref(cur->kif, PFI_KIF_REF_STATE); + TAILQ_REMOVE(&state_list, cur, entry_list); if (cur->tag) pf_tag_unref(cur->tag); pool_put(&pf_state_pl, cur); @@ -1050,7 +1054,7 @@ pf_purge_expired_states(u_int32_t maxche } /* get next state, as cur may get deleted */ - next = TAILQ_NEXT(cur, u.s.entry_list); + next = TAILQ_NEXT(cur, entry_list); if (cur->timeout == PFTM_UNLINKED) { /* free unlinked state */ @@ -1175,7 +1179,8 @@ pf_print_host(struct pf_addr *addr, u_in void pf_print_state(struct pf_state *s) { - switch (s->proto) { + struct pf_state_key *sk = s->state_key; + switch (sk->proto) { case IPPROTO_TCP: printf("TCP "); break; @@ -1189,14 +1194,14 @@ pf_print_state(struct pf_state *s) printf("ICMPV6 "); break; default: - printf("%u ", s->proto); + printf("%u ", sk->proto); break; } - pf_print_host(&s->lan.addr, s->lan.port, s->af); + pf_print_host(&sk->lan.addr, sk->lan.port, sk->af); printf(" "); - pf_print_host(&s->gwy.addr, s->gwy.port, s->af); + pf_print_host(&sk->gwy.addr, sk->gwy.port, sk->af); printf(" "); - pf_print_host(&s->ext.addr, s->ext.port, s->af); + pf_print_host(&sk->ext.addr, sk->ext.port, sk->af); printf(" [lo=%u high=%u win=%u modulator=%u", s->src.seqlo, s->src.seqhi, s->src.max_win, s->src.seqdiff); if (s->src.wscale && s->dst.wscale) @@ -1565,7 +1570,6 @@ pf_send_tcp(const struct pf_rule *r, sa_ #endif /* INET6 */ struct tcphdr *th; char *opt; - struct pf_mtag *pf_mtag; /* maximum segment size tcp option */ tlen = sizeof(struct tcphdr); @@ -1589,24 +1593,18 @@ pf_send_tcp(const struct pf_rule *r, sa_ m = m_gethdr(M_DONTWAIT, MT_HEADER); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:21:10 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9408D1065679; Wed, 10 Dec 2008 21:21:10 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7F4308FC1D; Wed, 10 Dec 2008 21:21:10 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALLA9J043161; Wed, 10 Dec 2008 21:21:10 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALLAxC043156; Wed, 10 Dec 2008 21:21:10 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102121.mBALLAxC043156@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:21:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185884 - vendor-sys/pf/dist/net X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:21:10 -0000 Author: mlaier Date: Wed Dec 10 21:21:09 2008 New Revision: 185884 URL: http://svn.freebsd.org/changeset/base/185884 Log: Import OPENBSD_4_2_BASE Modified: vendor-sys/pf/dist/net/if_pflog.c vendor-sys/pf/dist/net/if_pfsync.c vendor-sys/pf/dist/net/if_pfsync.h vendor-sys/pf/dist/net/pf.c vendor-sys/pf/dist/net/pf_if.c vendor-sys/pf/dist/net/pf_ioctl.c vendor-sys/pf/dist/net/pf_norm.c vendor-sys/pf/dist/net/pf_table.c vendor-sys/pf/dist/net/pfvar.h Modified: vendor-sys/pf/dist/net/if_pflog.c ============================================================================== --- vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:21:09 2008 (r185884) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.22 2006/12/15 09:31:20 otto Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -87,8 +87,6 @@ struct if_clone pflog_cloner = struct ifnet *pflogifs[PFLOGIFS_MAX]; /* for fast access */ -extern int ifqmaxlen; - void pflogattach(int npflog) { @@ -96,7 +94,6 @@ pflogattach(int npflog) LIST_INIT(&pflogif_list); for (i = 0; i < PFLOGIFS_MAX; i++) pflogifs[i] = NULL; - (void) pflog_clone_create(&pflog_cloner, 0); if_clone_attach(&pflog_cloner); } Modified: vendor-sys/pf/dist/net/if_pfsync.c ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:21:09 2008 (r185884) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.73 2006/11/16 13:13:38 henning Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.83 2007/06/26 14:44:12 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -106,7 +106,6 @@ void pfsync_bulk_update(void *); void pfsync_bulkfail(void *); int pfsync_sync_ok; -extern int ifqmaxlen; struct if_clone pfsync_cloner = IF_CLONE_INITIALIZER("pfsync", pfsync_clone_create, pfsync_clone_destroy); @@ -221,6 +220,7 @@ int pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag) { struct pf_state *st = NULL; + struct pf_state_key *sk = NULL; struct pf_rule *r = NULL; struct pfi_kif *kif; @@ -243,7 +243,9 @@ pfsync_insert_net_state(struct pfsync_st * If the ruleset checksums match, it's safe to associate the state * with the rule of that number. */ - if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag) + if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag && + ntohl(sp->rule) < + pf_main_ruleset.rules[PF_RULESET_FILTER].active.rcount) r = pf_main_ruleset.rules[ PF_RULESET_FILTER].active.ptr_array[ntohl(sp->rule)]; else @@ -257,6 +259,12 @@ pfsync_insert_net_state(struct pfsync_st } bzero(st, sizeof(*st)); + if ((sk = pf_alloc_state_key(st)) == NULL) { + pool_put(&pf_state_pl, st); + pfi_kif_unref(kif, PFI_KIF_REF_NONE); + return (ENOMEM); + } + /* allocate memory for scrub info */ if (pfsync_alloc_scrub_memory(&sp->src, &st->src) || pfsync_alloc_scrub_memory(&sp->dst, &st->dst)) { @@ -264,6 +272,7 @@ pfsync_insert_net_state(struct pfsync_st if (st->src.scrub) pool_put(&pf_state_scrub_pl, st->src.scrub); pool_put(&pf_state_pl, st); + pool_put(&pf_state_key_pl, sk); return (ENOMEM); } @@ -274,9 +283,9 @@ pfsync_insert_net_state(struct pfsync_st r->states++; /* fill in the rest of the state entry */ - pf_state_host_ntoh(&sp->lan, &st->lan); - pf_state_host_ntoh(&sp->gwy, &st->gwy); - pf_state_host_ntoh(&sp->ext, &st->ext); + pf_state_host_ntoh(&sp->lan, &sk->lan); + pf_state_host_ntoh(&sp->gwy, &sk->gwy); + pf_state_host_ntoh(&sp->ext, &sk->ext); pf_state_peer_ntoh(&sp->src, &st->src); pf_state_peer_ntoh(&sp->dst, &st->dst); @@ -285,9 +294,9 @@ pfsync_insert_net_state(struct pfsync_st st->creation = time_second - ntohl(sp->creation); st->expire = ntohl(sp->expire) + time_second; - st->af = sp->af; - st->proto = sp->proto; - st->direction = sp->direction; + sk->af = sp->af; + sk->proto = sp->proto; + sk->direction = sp->direction; st->log = sp->log; st->timeout = sp->timeout; st->allow_opts = sp->allow_opts; @@ -318,14 +327,17 @@ pfsync_input(struct mbuf *m, ...) struct pfsync_header *ph; struct pfsync_softc *sc = pfsyncif; struct pf_state *st; - struct pf_state_cmp key; + struct pf_state_key *sk; + struct pf_state_cmp id_key; struct pfsync_state *sp; struct pfsync_state_upd *up; struct pfsync_state_del *dp; struct pfsync_state_clr *cp; struct pfsync_state_upd_req *rup; struct pfsync_state_bus *bus; +#ifdef IPSEC struct pfsync_tdb *pt; +#endif struct in_addr src; struct mbuf *mp; int iplen, action, error, i, s, count, offp, sfail, stale = 0; @@ -389,7 +401,8 @@ pfsync_input(struct mbuf *m, ...) switch (action) { case PFSYNC_ACT_CLR: { struct pf_state *nexts; - struct pfi_kif *kif; + struct pf_state_key *nextsk; + struct pfi_kif *kif; u_int32_t creatorid; if ((mp = m_pulldown(m, iplen + sizeof(*ph), sizeof(*cp), &offp)) == NULL) { @@ -414,13 +427,16 @@ pfsync_input(struct mbuf *m, ...) splx(s); return; } - for (st = RB_MIN(pf_state_tree_lan_ext, - &kif->pfik_lan_ext); st; st = nexts) { - nexts = RB_NEXT(pf_state_tree_lan_ext, - &kif->pfik_lan_ext, st); - if (st->creatorid == creatorid) { - st->sync_flags |= PFSTATE_FROMSYNC; - pf_unlink_state(st); + for (sk = RB_MIN(pf_state_tree_lan_ext, + &pf_statetbl_lan_ext); sk; sk = nextsk) { + nextsk = RB_NEXT(pf_state_tree_lan_ext, + &pf_statetbl_lan_ext, sk); + TAILQ_FOREACH(st, &sk->states, next) { + if (st->creatorid == creatorid) { + st->sync_flags |= + PFSTATE_FROMSYNC; + pf_unlink_state(st); + } } } } @@ -485,18 +501,19 @@ pfsync_input(struct mbuf *m, ...) continue; } - bcopy(sp->id, &key.id, sizeof(key.id)); - key.creatorid = sp->creatorid; + bcopy(sp->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = sp->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { /* insert the update */ if (pfsync_insert_net_state(sp, chksum_flag)) pfsyncstats.pfsyncs_badstate++; continue; } + sk = st->state_key; sfail = 0; - if (st->proto == IPPROTO_TCP) { + if (sk->proto == IPPROTO_TCP) { /* * The state should never go backwards except * for syn-proxy states. Neither should the @@ -579,10 +596,10 @@ pfsync_input(struct mbuf *m, ...) s = splsoftnet(); for (i = 0, sp = (struct pfsync_state *)(mp->m_data + offp); i < count; i++, sp++) { - bcopy(sp->id, &key.id, sizeof(key.id)); - key.creatorid = sp->creatorid; + bcopy(sp->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = sp->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { pfsyncstats.pfsyncs_badstate++; continue; @@ -616,10 +633,10 @@ pfsync_input(struct mbuf *m, ...) continue; } - bcopy(up->id, &key.id, sizeof(key.id)); - key.creatorid = up->creatorid; + bcopy(up->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = up->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { /* We don't have this state. Ask for it. */ error = pfsync_request_update(up, &src); @@ -631,8 +648,9 @@ pfsync_input(struct mbuf *m, ...) pfsyncstats.pfsyncs_badstate++; continue; } + sk = st->state_key; sfail = 0; - if (st->proto == IPPROTO_TCP) { + if (sk->proto == IPPROTO_TCP) { /* * The state should never go backwards except * for syn-proxy states. Neither should the @@ -702,10 +720,10 @@ pfsync_input(struct mbuf *m, ...) s = splsoftnet(); for (i = 0, dp = (struct pfsync_state_del *)(mp->m_data + offp); i < count; i++, dp++) { - bcopy(dp->id, &key.id, sizeof(key.id)); - key.creatorid = dp->creatorid; + bcopy(dp->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = dp->creatorid; - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { pfsyncstats.pfsyncs_badstate++; continue; @@ -732,10 +750,10 @@ pfsync_input(struct mbuf *m, ...) for (i = 0, rup = (struct pfsync_state_upd_req *)(mp->m_data + offp); i < count; i++, rup++) { - bcopy(rup->id, &key.id, sizeof(key.id)); - key.creatorid = rup->creatorid; + bcopy(rup->id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = rup->creatorid; - if (key.id == 0 && key.creatorid == 0) { + if (id_key.id == 0 && id_key.creatorid == 0) { sc->sc_ureq_received = time_uptime; if (sc->sc_bulk_send_next == NULL) sc->sc_bulk_send_next = @@ -747,7 +765,7 @@ pfsync_input(struct mbuf *m, ...) pfsync_send_bus(sc, PFSYNC_BUS_START); timeout_add(&sc->sc_bulk_tmo, 1 * hz); } else { - st = pf_find_state_byid(&key); + st = pf_find_state_byid(&id_key); if (st == NULL) { pfsyncstats.pfsyncs_badstate++; continue; @@ -804,6 +822,7 @@ pfsync_input(struct mbuf *m, ...) break; } break; +#ifdef IPSEC case PFSYNC_ACT_TDB_UPD: if ((mp = m_pulldown(m, iplen + sizeof(*ph), count * sizeof(*pt), &offp)) == NULL) { @@ -816,6 +835,7 @@ pfsync_input(struct mbuf *m, ...) pfsync_update_net_tdb(pt); splx(s); break; +#endif } done: @@ -1080,6 +1100,7 @@ pfsync_pack_state(u_int8_t action, struc struct pfsync_state *sp = NULL; struct pfsync_state_upd *up = NULL; struct pfsync_state_del *dp = NULL; + struct pf_state_key *sk = st->state_key; struct pf_rule *r; u_long secs; int s, ret = 0; @@ -1164,10 +1185,10 @@ pfsync_pack_state(u_int8_t action, struc bcopy(&st->id, sp->id, sizeof(sp->id)); sp->creatorid = st->creatorid; - strlcpy(sp->ifname, st->u.s.kif->pfik_name, sizeof(sp->ifname)); - pf_state_host_hton(&st->lan, &sp->lan); - pf_state_host_hton(&st->gwy, &sp->gwy); - pf_state_host_hton(&st->ext, &sp->ext); + strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); + pf_state_host_hton(&sk->lan, &sp->lan); + pf_state_host_hton(&sk->gwy, &sp->gwy); + pf_state_host_hton(&sk->ext, &sp->ext); bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); @@ -1184,9 +1205,9 @@ pfsync_pack_state(u_int8_t action, struc sp->anchor = htonl(-1); else sp->anchor = htonl(r->nr); - sp->af = st->af; - sp->proto = st->proto; - sp->direction = st->direction; + sp->af = sk->af; + sp->proto = sk->proto; + sp->direction = sk->direction; sp->log = st->log; sp->allow_opts = st->allow_opts; sp->timeout = st->timeout; @@ -1418,7 +1439,7 @@ pfsync_bulk_update(void *v) } /* figure next state to send */ - state = TAILQ_NEXT(state, u.s.entry_list); + state = TAILQ_NEXT(state, entry_list); /* wrap to start of list if we hit the end */ if (!state) @@ -1577,6 +1598,7 @@ pfsync_sendout_mbuf(struct pfsync_softc return (0); } +#ifdef IPSEC /* Update an in-kernel tdb. Silently fail if no tdb is found. */ void pfsync_update_net_tdb(struct pfsync_tdb *pt) @@ -1727,3 +1749,4 @@ pfsync_update_tdb(struct tdb *tdb, int o splx(s); return (ret); } +#endif Modified: vendor-sys/pf/dist/net/if_pfsync.h ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:21:09 2008 (r185884) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.h,v 1.30 2006/10/31 14:49:01 henning Exp $ */ +/* $OpenBSD: if_pfsync.h,v 1.31 2007/05/31 04:11:42 mcbride Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -32,62 +32,6 @@ #define PFSYNC_ID_LEN sizeof(u_int64_t) -struct pfsync_state_scrub { - u_int16_t pfss_flags; - u_int8_t pfss_ttl; /* stashed TTL */ -#define PFSYNC_SCRUB_FLAG_VALID 0x01 - u_int8_t scrub_flag; - u_int32_t pfss_ts_mod; /* timestamp modulation */ -} __packed; - -struct pfsync_state_host { - struct pf_addr addr; - u_int16_t port; - u_int16_t pad[3]; -} __packed; - -struct pfsync_state_peer { - struct pfsync_state_scrub scrub; /* state is scrubbed */ - u_int32_t seqlo; /* Max sequence number sent */ - u_int32_t seqhi; /* Max the other end ACKd + win */ - u_int32_t seqdiff; /* Sequence number modulator */ - u_int16_t max_win; /* largest window (pre scaling) */ - u_int16_t mss; /* Maximum segment size option */ - u_int8_t state; /* active state level */ - u_int8_t wscale; /* window scaling factor */ - u_int8_t pad[6]; -} __packed; - -struct pfsync_state { - u_int32_t id[2]; - char ifname[IFNAMSIZ]; - struct pfsync_state_host lan; - struct pfsync_state_host gwy; - struct pfsync_state_host ext; - struct pfsync_state_peer src; - struct pfsync_state_peer dst; - struct pf_addr rt_addr; - u_int32_t rule; - u_int32_t anchor; - u_int32_t nat_rule; - u_int32_t creation; - u_int32_t expire; - u_int32_t packets[2][2]; - u_int32_t bytes[2][2]; - u_int32_t creatorid; - sa_family_t af; - u_int8_t proto; - u_int8_t direction; - u_int8_t log; - u_int8_t allow_opts; - u_int8_t timeout; - u_int8_t sync_flags; - u_int8_t updates; -} __packed; - -#define PFSYNC_FLAG_COMPRESS 0x01 -#define PFSYNC_FLAG_STALE 0x02 - struct pfsync_tdb { u_int32_t spi; union sockaddr_union dst; @@ -251,6 +195,7 @@ struct pfsyncreq { }; +/* for copies to/from network */ #define pf_state_peer_hton(s,d) do { \ (d)->seqlo = htonl((s)->seqlo); \ (d)->seqhi = htonl((s)->seqhi); \ @@ -312,7 +257,7 @@ int pfsync_clear_states(u_int32_t, char int pfsync_pack_state(u_int8_t, struct pf_state *, int); #define pfsync_insert_state(st) do { \ if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) || \ - (st->proto == IPPROTO_PFSYNC)) \ + (st->state_key->proto == IPPROTO_PFSYNC)) \ st->sync_flags |= PFSTATE_NOSYNC; \ else if (!st->sync_flags) \ pfsync_pack_state(PFSYNC_ACT_INS, (st), \ Modified: vendor-sys/pf/dist/net/pf.c ============================================================================== --- vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:09:09 2008 (r185883) +++ vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:21:09 2008 (r185884) @@ -1,5 +1,4 @@ -/* $OpenBSD: pf.c,v 1.527 2007/02/22 15:23:23 pyr Exp $ */ -/* add: $OpenBSD: pf.c,v 1.559 2007/09/18 18:45:59 markus Exp $ */ +/* $OpenBSD: pf.c,v 1.552 2007/08/21 15:57:27 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -96,6 +95,10 @@ * Global variables */ +/* state tables */ +struct pf_state_tree_lan_ext pf_statetbl_lan_ext; +struct pf_state_tree_ext_gwy pf_statetbl_ext_gwy; + struct pf_altqqueue pf_altqs[2]; struct pf_palist pf_pabuf; struct pf_altqqueue *pf_altqs_active; @@ -114,8 +117,9 @@ struct pf_anchor_stackframe { struct pf_anchor *child; } pf_anchor_stack[64]; -struct pool pf_src_tree_pl, pf_rule_pl; -struct pool pf_state_pl, pf_altq_pl, pf_pooladdr_pl; +struct pool pf_src_tree_pl, pf_rule_pl, pf_pooladdr_pl; +struct pool pf_state_pl, pf_state_key_pl; +struct pool pf_altq_pl; void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); @@ -153,22 +157,13 @@ struct pf_rule *pf_get_translation(stru struct pf_addr *, u_int16_t, struct pf_addr *, u_int16_t, struct pf_addr *, u_int16_t *); -int pf_test_tcp(struct pf_rule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, - void *, struct pf_pdesc *, struct pf_rule **, - struct pf_ruleset **, struct ifqueue *); -int pf_test_udp(struct pf_rule **, struct pf_state **, +void pf_attach_state(struct pf_state_key *, + struct pf_state *, int); +void pf_detach_state(struct pf_state *, int); +int pf_test_rule(struct pf_rule **, struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **, struct ifqueue *); -int pf_test_icmp(struct pf_rule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, - void *, struct pf_pdesc *, struct pf_rule **, - struct pf_ruleset **, struct ifqueue *); -int pf_test_other(struct pf_rule **, struct pf_state **, - int, struct pfi_kif *, struct mbuf *, int, void *, - struct pf_pdesc *, struct pf_rule **, - struct pf_ruleset **, struct ifqueue *); int pf_test_fragment(struct pf_rule **, int, struct pfi_kif *, struct mbuf *, void *, struct pf_pdesc *, struct pf_rule **, @@ -184,8 +179,9 @@ int pf_test_state_icmp(struct pf_stat void *, struct pf_pdesc *, u_short *); int pf_test_state_other(struct pf_state **, int, struct pfi_kif *, struct pf_pdesc *); -int pf_match_tag(struct mbuf *, struct pf_rule *, - struct pf_mtag *, int *); +int pf_match_tag(struct mbuf *, struct pf_rule *, int *); +void pf_step_into_anchor(int *, struct pf_ruleset **, int, + struct pf_rule **, struct pf_rule **, int *); int pf_step_out_of_anchor(int *, struct pf_ruleset **, int, struct pf_rule **, struct pf_rule **, int *); @@ -217,9 +213,11 @@ int pf_check_proto_cksum(struct mbuf u_int8_t, sa_family_t); int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); -struct pf_state *pf_find_state_recurse(struct pfi_kif *, - struct pf_state_cmp *, u_int8_t); +struct pf_state *pf_find_state(struct pfi_kif *, + struct pf_state_key_cmp *, u_int8_t); int pf_src_connlimit(struct pf_state **); +void pf_stateins_err(const char *, struct pf_state *, + struct pfi_kif *); int pf_check_congestion(struct ifqueue *); extern struct pool pfr_ktable_pl; @@ -236,11 +234,9 @@ struct pf_pool_limit pf_pool_limits[PF_L #define STATE_LOOKUP() \ do { \ if (direction == PF_IN) \ - *state = pf_find_state_recurse( \ - kif, &key, PF_EXT_GWY); \ + *state = pf_find_state(kif, &key, PF_EXT_GWY); \ else \ - *state = pf_find_state_recurse( \ - kif, &key, PF_LAN_EXT); \ + *state = pf_find_state(kif, &key, PF_LAN_EXT); \ if (*state == NULL || (*state)->timeout == PFTM_PURGE) \ return (PF_DROP); \ if (direction == PF_OUT && \ @@ -253,13 +249,13 @@ struct pf_pool_limit pf_pool_limits[PF_L return (PF_PASS); \ } while (0) -#define STATE_TRANSLATE(s) \ - (s)->lan.addr.addr32[0] != (s)->gwy.addr.addr32[0] || \ - ((s)->af == AF_INET6 && \ - ((s)->lan.addr.addr32[1] != (s)->gwy.addr.addr32[1] || \ - (s)->lan.addr.addr32[2] != (s)->gwy.addr.addr32[2] || \ - (s)->lan.addr.addr32[3] != (s)->gwy.addr.addr32[3])) || \ - (s)->lan.port != (s)->gwy.port +#define STATE_TRANSLATE(sk) \ + (sk)->lan.addr.addr32[0] != (sk)->gwy.addr.addr32[0] || \ + ((sk)->af == AF_INET6 && \ + ((sk)->lan.addr.addr32[1] != (sk)->gwy.addr.addr32[1] || \ + (sk)->lan.addr.addr32[2] != (sk)->gwy.addr.addr32[2] || \ + (sk)->lan.addr.addr32[3] != (sk)->gwy.addr.addr32[3])) || \ + (sk)->lan.port != (sk)->gwy.port #define BOUND_IFACE(r, k) \ ((r)->rule_flag & PFRULE_IFBOUND) ? (k) : pfi_all @@ -283,10 +279,10 @@ struct pf_pool_limit pf_pool_limits[PF_L } while (0) static __inline int pf_src_compare(struct pf_src_node *, struct pf_src_node *); -static __inline int pf_state_compare_lan_ext(struct pf_state *, - struct pf_state *); -static __inline int pf_state_compare_ext_gwy(struct pf_state *, - struct pf_state *); +static __inline int pf_state_compare_lan_ext(struct pf_state_key *, + struct pf_state_key *); +static __inline int pf_state_compare_ext_gwy(struct pf_state_key *, + struct pf_state_key *); static __inline int pf_state_compare_id(struct pf_state *, struct pf_state *); @@ -296,12 +292,15 @@ struct pf_state_tree_id tree_id; struct pf_state_queue state_list; RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare); -RB_GENERATE(pf_state_tree_lan_ext, pf_state, - u.s.entry_lan_ext, pf_state_compare_lan_ext); -RB_GENERATE(pf_state_tree_ext_gwy, pf_state, - u.s.entry_ext_gwy, pf_state_compare_ext_gwy); +RB_GENERATE(pf_state_tree_lan_ext, pf_state_key, + entry_lan_ext, pf_state_compare_lan_ext); +RB_GENERATE(pf_state_tree_ext_gwy, pf_state_key, + entry_ext_gwy, pf_state_compare_ext_gwy); RB_GENERATE(pf_state_tree_id, pf_state, - u.s.entry_id, pf_state_compare_id); + entry_id, pf_state_compare_id); + +#define PF_DT_SKIP_LANEXT 0x01 +#define PF_DT_SKIP_EXTGWY 0x02 static __inline int pf_src_compare(struct pf_src_node *a, struct pf_src_node *b) @@ -348,7 +347,7 @@ pf_src_compare(struct pf_src_node *a, st } static __inline int -pf_state_compare_lan_ext(struct pf_state *a, struct pf_state *b) +pf_state_compare_lan_ext(struct pf_state_key *a, struct pf_state_key *b) { int diff; @@ -416,7 +415,7 @@ pf_state_compare_lan_ext(struct pf_state } static __inline int -pf_state_compare_ext_gwy(struct pf_state *a, struct pf_state *b) +pf_state_compare_ext_gwy(struct pf_state_key *a, struct pf_state_key *b) { int diff; @@ -522,74 +521,71 @@ struct pf_state * pf_find_state_byid(struct pf_state_cmp *key) { pf_status.fcounters[FCNT_STATE_SEARCH]++; + return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); } struct pf_state * -pf_find_state_recurse(struct pfi_kif *kif, struct pf_state_cmp *key, u_int8_t tree) +pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int8_t tree) { - struct pf_state *s; + struct pf_state_key *sk; + struct pf_state *s; pf_status.fcounters[FCNT_STATE_SEARCH]++; switch (tree) { case PF_LAN_EXT: - if ((s = RB_FIND(pf_state_tree_lan_ext, &kif->pfik_lan_ext, - (struct pf_state *)key)) != NULL) - return (s); - if ((s = RB_FIND(pf_state_tree_lan_ext, &pfi_all->pfik_lan_ext, - (struct pf_state *)key)) != NULL) - return (s); - return (NULL); + sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, + (struct pf_state_key *)key); + break; case PF_EXT_GWY: - if ((s = RB_FIND(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, - (struct pf_state *)key)) != NULL) - return (s); - if ((s = RB_FIND(pf_state_tree_ext_gwy, &pfi_all->pfik_ext_gwy, - (struct pf_state *)key)) != NULL) - return (s); - return (NULL); + sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, + (struct pf_state_key *)key); + break; default: - panic("pf_find_state_recurse"); + panic("pf_find_state"); } + + /* list is sorted, if-bound states before floating ones */ + if (sk != NULL) + TAILQ_FOREACH(s, &sk->states, next) + if (s->kif == pfi_all || s->kif == kif) + return (s); + + return (NULL); } struct pf_state * -pf_find_state_all(struct pf_state_cmp *key, u_int8_t tree, int *more) +pf_find_state_all(struct pf_state_key_cmp *key, u_int8_t tree, int *more) { - struct pf_state *s, *ss = NULL; - struct pfi_kif *kif; + struct pf_state_key *sk; + struct pf_state *s, *ret = NULL; pf_status.fcounters[FCNT_STATE_SEARCH]++; switch (tree) { case PF_LAN_EXT: - TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { - s = RB_FIND(pf_state_tree_lan_ext, - &kif->pfik_lan_ext, (struct pf_state *)key); - if (s == NULL) - continue; - if (more == NULL) - return (s); - ss = s; - (*more)++; - } - return (ss); + sk = RB_FIND(pf_state_tree_lan_ext, + &pf_statetbl_lan_ext, (struct pf_state_key *)key); + break; case PF_EXT_GWY: - TAILQ_FOREACH(kif, &pfi_statehead, pfik_w_states) { - s = RB_FIND(pf_state_tree_ext_gwy, - &kif->pfik_ext_gwy, (struct pf_state *)key); - if (s == NULL) - continue; - if (more == NULL) - return (s); - ss = s; - (*more)++; - } - return (ss); + sk = RB_FIND(pf_state_tree_ext_gwy, + &pf_statetbl_ext_gwy, (struct pf_state_key *)key); + break; default: panic("pf_find_state_all"); } + + if (sk != NULL) { + ret = TAILQ_FIRST(&sk->states); + if (more == NULL) + return (ret); + + TAILQ_FOREACH(s, &sk->states, next) + (*more)++; + } + + return (ret); } void @@ -625,7 +621,6 @@ pf_check_threshold(struct pf_threshold * int pf_src_connlimit(struct pf_state **state) { - struct pf_state *s; int bad = 0; (*state)->src_node->conn++; @@ -656,12 +651,12 @@ pf_src_connlimit(struct pf_state **state if (pf_status.debug >= PF_DEBUG_MISC) { printf("pf_src_connlimit: blocking address "); pf_print_host(&(*state)->src_node->addr, 0, - (*state)->af); + (*state)->state_key->af); } bzero(&p, sizeof(p)); - p.pfra_af = (*state)->af; - switch ((*state)->af) { + p.pfra_af = (*state)->state_key->af; + switch ((*state)->state_key->af) { #ifdef INET case AF_INET: p.pfra_net = 32; @@ -681,26 +676,31 @@ pf_src_connlimit(struct pf_state **state /* kill existing states if that's required. */ if ((*state)->rule.ptr->flush) { - pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; + struct pf_state_key *sk; + struct pf_state *st; - RB_FOREACH(s, pf_state_tree_id, &tree_id) { + pf_status.lcounters[LCNT_OVERLOAD_FLUSH]++; + RB_FOREACH(st, pf_state_tree_id, &tree_id) { + sk = st->state_key; /* * Kill states from this source. (Only those * from the same rule if PF_FLUSH_GLOBAL is not * set) */ - if (s->af == (*state)->af && - (((*state)->direction == PF_OUT && + if (sk->af == + (*state)->state_key->af && + (((*state)->state_key->direction == + PF_OUT && PF_AEQ(&(*state)->src_node->addr, - &s->lan.addr, s->af)) || - ((*state)->direction == PF_IN && + &sk->lan.addr, sk->af)) || + ((*state)->state_key->direction == PF_IN && PF_AEQ(&(*state)->src_node->addr, - &s->ext.addr, s->af))) && + &sk->ext.addr, sk->af))) && ((*state)->rule.ptr->flush & PF_FLUSH_GLOBAL || - (*state)->rule.ptr == s->rule.ptr)) { - s->timeout = PFTM_PURGE; - s->src.state = s->dst.state = + (*state)->rule.ptr == st->rule.ptr)) { + st->timeout = PFTM_PURGE; + st->src.state = st->dst.state = TCPS_CLOSED; killed++; } @@ -782,73 +782,80 @@ pf_insert_src_node(struct pf_src_node ** return (0); } +void +pf_stateins_err(const char *tree, struct pf_state *s, struct pfi_kif *kif) +{ + struct pf_state_key *sk = s->state_key; + + if (pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: state insert failed: %s %s", tree, kif->pfik_name); + printf(" lan: "); + pf_print_host(&sk->lan.addr, sk->lan.port, + sk->af); + printf(" gwy: "); + pf_print_host(&sk->gwy.addr, sk->gwy.port, + sk->af); + printf(" ext: "); + pf_print_host(&sk->ext.addr, sk->ext.port, + sk->af); + if (s->sync_flags & PFSTATE_FROMSYNC) + printf(" (from sync)"); + printf("\n"); + } +} + int -pf_insert_state(struct pfi_kif *kif, struct pf_state *state) +pf_insert_state(struct pfi_kif *kif, struct pf_state *s) { - /* Thou MUST NOT insert multiple duplicate keys */ - state->u.s.kif = kif; - if (RB_INSERT(pf_state_tree_lan_ext, &kif->pfik_lan_ext, state)) { - if (pf_status.debug >= PF_DEBUG_MISC) { - printf("pf: state insert failed: tree_lan_ext"); - printf(" lan: "); - pf_print_host(&state->lan.addr, state->lan.port, - state->af); - printf(" gwy: "); - pf_print_host(&state->gwy.addr, state->gwy.port, - state->af); - printf(" ext: "); - pf_print_host(&state->ext.addr, state->ext.port, - state->af); - if (state->sync_flags & PFSTATE_FROMSYNC) - printf(" (from sync)"); - printf("\n"); - } - return (-1); + struct pf_state_key *cur; + struct pf_state *sp; + + KASSERT(s->state_key != NULL); + s->kif = kif; + + if ((cur = RB_INSERT(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, + s->state_key)) != NULL) { + /* key exists. check for same kif, if none, add to key */ + TAILQ_FOREACH(sp, &cur->states, next) + if (sp->kif == kif) { /* collision! */ + pf_stateins_err("tree_lan_ext", s, kif); + return (-1); + } + pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); + pf_attach_state(cur, s, kif == pfi_all ? 1 : 0); } - if (RB_INSERT(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, state)) { - if (pf_status.debug >= PF_DEBUG_MISC) { - printf("pf: state insert failed: tree_ext_gwy"); - printf(" lan: "); - pf_print_host(&state->lan.addr, state->lan.port, - state->af); - printf(" gwy: "); - pf_print_host(&state->gwy.addr, state->gwy.port, - state->af); - printf(" ext: "); - pf_print_host(&state->ext.addr, state->ext.port, - state->af); - if (state->sync_flags & PFSTATE_FROMSYNC) - printf(" (from sync)"); - printf("\n"); - } - RB_REMOVE(pf_state_tree_lan_ext, &kif->pfik_lan_ext, state); + /* if cur != NULL, we already found a state key and attached to it */ + if (cur == NULL && (cur = RB_INSERT(pf_state_tree_ext_gwy, + &pf_statetbl_ext_gwy, s->state_key)) != NULL) { + /* must not happen. we must have found the sk above! */ + pf_stateins_err("tree_ext_gwy", s, kif); + pf_detach_state(s, PF_DT_SKIP_EXTGWY); return (-1); } - if (state->id == 0 && state->creatorid == 0) { - state->id = htobe64(pf_status.stateid++); - state->creatorid = pf_status.hostid; + if (s->id == 0 && s->creatorid == 0) { + s->id = htobe64(pf_status.stateid++); + s->creatorid = pf_status.hostid; } - if (RB_INSERT(pf_state_tree_id, &tree_id, state) != NULL) { + if (RB_INSERT(pf_state_tree_id, &tree_id, s) != NULL) { if (pf_status.debug >= PF_DEBUG_MISC) { printf("pf: state insert failed: " "id: %016llx creatorid: %08x", - betoh64(state->id), ntohl(state->creatorid)); - if (state->sync_flags & PFSTATE_FROMSYNC) + betoh64(s->id), ntohl(s->creatorid)); + if (s->sync_flags & PFSTATE_FROMSYNC) printf(" (from sync)"); printf("\n"); } - RB_REMOVE(pf_state_tree_lan_ext, &kif->pfik_lan_ext, state); - RB_REMOVE(pf_state_tree_ext_gwy, &kif->pfik_ext_gwy, state); + pf_detach_state(s, 0); return (-1); } - TAILQ_INSERT_TAIL(&state_list, state, u.s.entry_list); + TAILQ_INSERT_TAIL(&state_list, s, entry_list); pf_status.fcounters[FCNT_STATE_INSERT]++; pf_status.states++; pfi_kif_ref(kif, PFI_KIF_REF_STATE); #if NPFSYNC - pfsync_insert_state(state); + pfsync_insert_state(s); #endif return (0); } @@ -954,7 +961,7 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout; if (s->src_node != NULL) { - if (s->proto == IPPROTO_TCP) { + if (s->state_key->proto == IPPROTO_TCP) { if (s->src.tcp_est) --s->src_node->conn; } @@ -983,16 +990,12 @@ void pf_unlink_state(struct pf_state *cur) { if (cur->src.state == PF_TCPS_PROXY_DST) { - pf_send_tcp(cur->rule.ptr, cur->af, - &cur->ext.addr, &cur->lan.addr, - cur->ext.port, cur->lan.port, + pf_send_tcp(cur->rule.ptr, cur->state_key->af, + &cur->state_key->ext.addr, &cur->state_key->lan.addr, + cur->state_key->ext.port, cur->state_key->lan.port, cur->src.seqhi, cur->src.seqlo + 1, TH_RST|TH_ACK, 0, 0, 0, 1, cur->tag, NULL, NULL); } - RB_REMOVE(pf_state_tree_ext_gwy, - &cur->u.s.kif->pfik_ext_gwy, cur); - RB_REMOVE(pf_state_tree_lan_ext, - &cur->u.s.kif->pfik_lan_ext, cur); RB_REMOVE(pf_state_tree_id, &tree_id, cur); #if NPFSYNC if (cur->creatorid == pf_status.hostid) @@ -1000,6 +1003,7 @@ pf_unlink_state(struct pf_state *cur) #endif cur->timeout = PFTM_UNLINKED; pf_src_tree_remove_state(cur); + pf_detach_state(cur, 0); } /* callers should be at splsoftnet and hold the @@ -1025,8 +1029,8 @@ pf_free_state(struct pf_state *cur) if (--cur->anchor.ptr->states <= 0) pf_rm_rule(NULL, cur->anchor.ptr); pf_normalize_tcp_cleanup(cur); - pfi_kif_unref(cur->u.s.kif, PFI_KIF_REF_STATE); - TAILQ_REMOVE(&state_list, cur, u.s.entry_list); + pfi_kif_unref(cur->kif, PFI_KIF_REF_STATE); + TAILQ_REMOVE(&state_list, cur, entry_list); if (cur->tag) pf_tag_unref(cur->tag); pool_put(&pf_state_pl, cur); @@ -1050,7 +1054,7 @@ pf_purge_expired_states(u_int32_t maxche } /* get next state, as cur may get deleted */ - next = TAILQ_NEXT(cur, u.s.entry_list); + next = TAILQ_NEXT(cur, entry_list); if (cur->timeout == PFTM_UNLINKED) { /* free unlinked state */ @@ -1175,7 +1179,8 @@ pf_print_host(struct pf_addr *addr, u_in void pf_print_state(struct pf_state *s) { - switch (s->proto) { + struct pf_state_key *sk = s->state_key; + switch (sk->proto) { case IPPROTO_TCP: printf("TCP "); break; @@ -1189,14 +1194,14 @@ pf_print_state(struct pf_state *s) printf("ICMPV6 "); break; default: - printf("%u ", s->proto); + printf("%u ", sk->proto); break; } - pf_print_host(&s->lan.addr, s->lan.port, s->af); + pf_print_host(&sk->lan.addr, sk->lan.port, sk->af); printf(" "); - pf_print_host(&s->gwy.addr, s->gwy.port, s->af); + pf_print_host(&sk->gwy.addr, sk->gwy.port, sk->af); printf(" "); - pf_print_host(&s->ext.addr, s->ext.port, s->af); + pf_print_host(&sk->ext.addr, sk->ext.port, sk->af); printf(" [lo=%u high=%u win=%u modulator=%u", s->src.seqlo, s->src.seqhi, s->src.max_win, s->src.seqdiff); if (s->src.wscale && s->dst.wscale) @@ -1565,7 +1570,6 @@ pf_send_tcp(const struct pf_rule *r, sa_ #endif /* INET6 */ struct tcphdr *th; char *opt; - struct pf_mtag *pf_mtag; /* maximum segment size tcp option */ tlen = sizeof(struct tcphdr); @@ -1589,24 +1593,18 @@ pf_send_tcp(const struct pf_rule *r, sa_ m = m_gethdr(M_DONTWAIT, MT_HEADER); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:22:15 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DA97F1065676; Wed, 10 Dec 2008 21:22:15 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id AE6768FC24; Wed, 10 Dec 2008 21:22:15 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALMF8o043239; Wed, 10 Dec 2008 21:22:15 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALMFxj043238; Wed, 10 Dec 2008 21:22:15 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102122.mBALMFxj043238@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:22:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185885 - vendor-sys/pf/4.2 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:22:16 -0000 Author: mlaier Date: Wed Dec 10 21:22:15 2008 New Revision: 185885 URL: http://svn.freebsd.org/changeset/base/185885 Log: Tag for pf 4.2 Added: vendor-sys/pf/4.2/ - copied from r185884, vendor-sys/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:22:16 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DAB01065679; Wed, 10 Dec 2008 21:22:16 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D56228FC25; Wed, 10 Dec 2008 21:22:15 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALMF96043244; Wed, 10 Dec 2008 21:22:15 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALMFNX043243; Wed, 10 Dec 2008 21:22:15 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102122.mBALMFNX043243@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:22:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185885 - vendor-sys/pf/4.2 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:22:16 -0000 Author: mlaier Date: Wed Dec 10 21:22:15 2008 New Revision: 185885 URL: http://svn.freebsd.org/changeset/base/185885 Log: Tag for pf 4.2 Added: vendor-sys/pf/4.2/ - copied from r185884, vendor-sys/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:22:58 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 15B171065678; Wed, 10 Dec 2008 21:22:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0163D8FC13; Wed, 10 Dec 2008 21:22:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALMwew043311; Wed, 10 Dec 2008 21:22:58 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALMvpq043303; Wed, 10 Dec 2008 21:22:57 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102122.mBALMvpq043303@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:22:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185886 - vendor-sys/pf/dist/net X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:22:58 -0000 Author: mlaier Date: Wed Dec 10 21:22:57 2008 New Revision: 185886 URL: http://svn.freebsd.org/changeset/base/185886 Log: Import OPENBSD_4_3_BASE Modified: vendor-sys/pf/dist/net/if_pflog.c vendor-sys/pf/dist/net/if_pfsync.c vendor-sys/pf/dist/net/if_pfsync.h vendor-sys/pf/dist/net/pf.c vendor-sys/pf/dist/net/pf_if.c vendor-sys/pf/dist/net/pf_ioctl.c vendor-sys/pf/dist/net/pf_norm.c vendor-sys/pf/dist/net/pf_osfp.c vendor-sys/pf/dist/net/pf_table.c vendor-sys/pf/dist/net/pfvar.h Modified: vendor-sys/pf/dist/net/if_pflog.c ============================================================================== --- vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.27 2007/12/20 02:53:02 brad Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -107,9 +107,9 @@ pflog_clone_create(struct if_clone *ifc, if (unit >= PFLOGIFS_MAX) return (EINVAL); - if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT)) == NULL) + if ((pflogif = malloc(sizeof(*pflogif), + M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) return (ENOMEM); - bzero(pflogif, sizeof(*pflogif)); pflogif->sc_unit = unit; ifp = &pflogif->sc_if; @@ -191,9 +191,6 @@ int pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { switch (cmd) { - case SIOCSIFADDR: - case SIOCAIFADDR: - case SIOCSIFDSTADDR: case SIOCSIFFLAGS: if (ifp->if_flags & IFF_UP) ifp->if_flags |= IFF_RUNNING; @@ -201,7 +198,7 @@ pflogioctl(struct ifnet *ifp, u_long cmd ifp->if_flags &= ~IFF_RUNNING; break; default: - return (EINVAL); + return (ENOTTY); } return (0); Modified: vendor-sys/pf/dist/net/if_pfsync.c ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.83 2007/06/26 14:44:12 mcbride Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.89 2008/01/12 17:08:33 mpf Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -36,6 +36,7 @@ #include #include #include +#include #include #include @@ -45,6 +46,7 @@ #include #include #include +#include #ifdef INET #include @@ -124,9 +126,9 @@ pfsync_clone_create(struct if_clone *ifc return (EINVAL); pfsync_sync_ok = 1; - if ((pfsyncif = malloc(sizeof(*pfsyncif), M_DEVBUF, M_NOWAIT)) == NULL) + if ((pfsyncif = malloc(sizeof(*pfsyncif), M_DEVBUF, + M_NOWAIT|M_ZERO)) == NULL) return (ENOMEM); - bzero(pfsyncif, sizeof(*pfsyncif)); pfsyncif->sc_mbuf = NULL; pfsyncif->sc_mbuf_net = NULL; pfsyncif->sc_mbuf_tdb = NULL; @@ -140,6 +142,10 @@ pfsync_clone_create(struct if_clone *ifc pfsyncif->sc_ureq_sent = 0; pfsyncif->sc_bulk_send_next = NULL; pfsyncif->sc_bulk_terminator = NULL; + pfsyncif->sc_imo.imo_membership = (struct in_multi **)malloc( + (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_IPMOPTS, + M_WAITOK|M_ZERO); + pfsyncif->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS; ifp = &pfsyncif->sc_if; snprintf(ifp->if_xname, sizeof ifp->if_xname, "pfsync%d", unit); ifp->if_softc = pfsyncif; @@ -171,10 +177,21 @@ pfsync_clone_create(struct if_clone *ifc int pfsync_clone_destroy(struct ifnet *ifp) { + struct pfsync_softc *sc = ifp->if_softc; + + timeout_del(&sc->sc_tmo); + timeout_del(&sc->sc_tdb_tmo); + timeout_del(&sc->sc_bulk_tmo); + timeout_del(&sc->sc_bulkfail_tmo); +#if NCARP > 0 + if (!pfsync_sync_ok) + carp_group_demote_adj(&sc->sc_if, -1); +#endif #if NBPFILTER > 0 bpfdetach(ifp); #endif if_detach(ifp); + free(pfsyncif->sc_imo.imo_membership, M_IPMOPTS); free(pfsyncif, M_DEVBUF); pfsyncif = NULL; return (0); @@ -461,9 +478,9 @@ pfsync_input(struct mbuf *m, ...) sp->direction > PF_OUT || (sp->af != AF_INET && sp->af != AF_INET6)) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert: PFSYNC_ACT_INS: " + printf("pfsync_input: PFSYNC_ACT_INS: " "invalid value\n"); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_badval++; continue; } @@ -495,9 +512,9 @@ pfsync_input(struct mbuf *m, ...) sp->src.state > PF_TCPS_PROXY_DST || sp->dst.state > PF_TCPS_PROXY_DST) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert: PFSYNC_ACT_UPD: " + printf("pfsync_input: PFSYNC_ACT_UPD: " "invalid value\n"); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_badval++; continue; } @@ -559,7 +576,7 @@ pfsync_input(struct mbuf *m, ...) : "partial"), sfail, betoh64(st->id), ntohl(st->creatorid)); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_stale++; if (!(sp->sync_flags & PFSTATE_STALE)) { /* we have a better state, send it */ @@ -626,10 +643,10 @@ pfsync_input(struct mbuf *m, ...) up->src.state > PF_TCPS_PROXY_DST || up->dst.state > PF_TCPS_PROXY_DST) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert: " + printf("pfsync_input: " "PFSYNC_ACT_UPD_C: " "invalid value\n"); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_badval++; continue; } @@ -685,7 +702,7 @@ pfsync_input(struct mbuf *m, ...) "creatorid: %08x\n", sfail, betoh64(st->id), ntohl(st->creatorid)); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_stale++; /* we have a better state, send it out */ if ((!stale || update_requested) && @@ -1750,3 +1767,22 @@ pfsync_update_tdb(struct tdb *tdb, int o return (ret); } #endif + +int +pfsync_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, + size_t newlen) +{ + /* All sysctl names at this level are terminal. */ + if (namelen != 1) + return (ENOTDIR); + + switch (name[0]) { + case PFSYNCCTL_STATS: + if (newp != NULL) + return (EPERM); + return (sysctl_struct(oldp, oldlenp, newp, newlen, + &pfsyncstats, sizeof(pfsyncstats))); + default: + return (ENOPROTOOPT); + } +} Modified: vendor-sys/pf/dist/net/if_pfsync.h ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.h,v 1.31 2007/05/31 04:11:42 mcbride Exp $ */ +/* $OpenBSD: if_pfsync.h,v 1.32 2007/12/14 18:33:37 deraadt Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -86,6 +86,17 @@ struct pfsync_state_bus { u_int8_t pad[7]; } __packed; +/* + * Names for PFSYNC sysctl objects + */ +#define PFSYNCCTL_STATS 1 /* PFSYNC stats */ +#define PFSYNCCTL_MAXID 2 + +#define PFSYNCCTL_NAMES { \ + { 0, 0 }, \ + { "stats", CTLTYPE_STRUCT }, \ +} + #ifdef _KERNEL union sc_statep { @@ -255,6 +266,8 @@ struct pfsyncreq { void pfsync_input(struct mbuf *, ...); int pfsync_clear_states(u_int32_t, char *); int pfsync_pack_state(u_int8_t, struct pf_state *, int); +int pfsync_sysctl(int *, u_int, void *, size_t *, void *, size_t); + #define pfsync_insert_state(st) do { \ if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) || \ (st->state_key->proto == IPPROTO_PFSYNC)) \ Modified: vendor-sys/pf/dist/net/pf.c ============================================================================== --- vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.552 2007/08/21 15:57:27 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.567 2008/02/20 23:40:13 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -51,6 +51,8 @@ #include #include +#include + #include #include #include @@ -110,6 +112,11 @@ u_int32_t ticket_altqs_inactive; int altqs_inactive_open; u_int32_t ticket_pabuf; +MD5_CTX pf_tcp_secret_ctx; +u_char pf_tcp_secret[16]; +int pf_tcp_secret_init; +int pf_tcp_iss_off; + struct pf_anchor_stackframe { struct pf_ruleset *rs; struct pf_rule *r; @@ -160,6 +167,7 @@ struct pf_rule *pf_get_translation(stru void pf_attach_state(struct pf_state_key *, struct pf_state *, int); void pf_detach_state(struct pf_state *, int); +u_int32_t pf_tcp_iss(struct pf_pdesc *); int pf_test_rule(struct pf_rule **, struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, @@ -214,7 +222,7 @@ int pf_check_proto_cksum(struct mbuf int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); struct pf_state *pf_find_state(struct pfi_kif *, - struct pf_state_key_cmp *, u_int8_t); + struct pf_state_key_cmp *, u_int); int pf_src_connlimit(struct pf_state **); void pf_stateins_err(const char *, struct pf_state *, struct pfi_kif *); @@ -233,10 +241,7 @@ struct pf_pool_limit pf_pool_limits[PF_L #define STATE_LOOKUP() \ do { \ - if (direction == PF_IN) \ - *state = pf_find_state(kif, &key, PF_EXT_GWY); \ - else \ - *state = pf_find_state(kif, &key, PF_LAN_EXT); \ + *state = pf_find_state(kif, &key, direction); \ if (*state == NULL || (*state)->timeout == PFTM_PURGE) \ return (PF_DROP); \ if (direction == PF_OUT && \ @@ -526,19 +531,19 @@ pf_find_state_byid(struct pf_state_cmp * } struct pf_state * -pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int8_t tree) +pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) { struct pf_state_key *sk; struct pf_state *s; pf_status.fcounters[FCNT_STATE_SEARCH]++; - switch (tree) { - case PF_LAN_EXT: + switch (dir) { + case PF_OUT: sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, (struct pf_state_key *)key); break; - case PF_EXT_GWY: + case PF_IN: sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, (struct pf_state_key *)key); break; @@ -556,19 +561,19 @@ pf_find_state(struct pfi_kif *kif, struc } struct pf_state * -pf_find_state_all(struct pf_state_key_cmp *key, u_int8_t tree, int *more) +pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) { struct pf_state_key *sk; struct pf_state *s, *ret = NULL; pf_status.fcounters[FCNT_STATE_SEARCH]++; - switch (tree) { - case PF_LAN_EXT: + switch (dir) { + case PF_OUT: sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, (struct pf_state_key *)key); break; - case PF_EXT_GWY: + case PF_IN: sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, (struct pf_state_key *)key); break; @@ -819,6 +824,8 @@ pf_insert_state(struct pfi_kif *kif, str TAILQ_FOREACH(sp, &cur->states, next) if (sp->kif == kif) { /* collision! */ pf_stateins_err("tree_lan_ext", s, kif); + pf_detach_state(s, + PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); return (-1); } pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); @@ -961,10 +968,8 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout; if (s->src_node != NULL) { - if (s->state_key->proto == IPPROTO_TCP) { - if (s->src.tcp_est) - --s->src_node->conn; - } + if (s->src.tcp_est) + --s->src_node->conn; if (--s->src_node->states <= 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) @@ -1295,6 +1300,7 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw return (1); switch (aw1->type) { case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, 0)) return (1); if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, 0)) @@ -1598,7 +1604,7 @@ pf_send_tcp(const struct pf_rule *r, sa_ m->m_pkthdr.pf.tag = rtag; if (r != NULL && r->rtableid >= 0) - m->m_pkthdr.pf.rtableid = m->m_pkthdr.pf.rtableid; + m->m_pkthdr.pf.rtableid = r->rtableid; #ifdef ALTQ if (r != NULL && r->qid) { @@ -1790,6 +1796,44 @@ pf_match_addr(u_int8_t n, struct pf_addr } } +/* + * Return 1 if b <= a <= e, otherwise return 0. + */ +int +pf_match_addr_range(struct pf_addr *b, struct pf_addr *e, + struct pf_addr *a, sa_family_t af) +{ + switch (af) { +#ifdef INET + case AF_INET: + if ((a->addr32[0] < b->addr32[0]) || + (a->addr32[0] > e->addr32[0])) + return (0); + break; +#endif /* INET */ +#ifdef INET6 + case AF_INET6: { + int i; + + /* check a >= b */ + for (i = 0; i < 4; ++i) + if (a->addr32[i] > b->addr32[i]) + break; + else if (a->addr32[i] < b->addr32[i]) + return (0); + /* check a <= e */ + for (i = 0; i < 4; ++i) + if (a->addr32[i] < e->addr32[i]) + break; + else if (a->addr32[i] > e->addr32[i]) + return (0); + break; + } +#endif /* INET6 */ + } + return (1); +} + int pf_match(u_int8_t op, u_int32_t a1, u_int32_t a2, u_int32_t p) { @@ -2267,15 +2311,15 @@ pf_get_sport(sa_family_t af, u_int8_t pr if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP || proto == IPPROTO_ICMP)) { key.gwy.port = dport; - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) return (0); } else if (low == 0 && high == 0) { key.gwy.port = *nport; - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) return (0); } else if (low == high) { key.gwy.port = htons(low); - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) { + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) { *nport = htons(low); return (0); } @@ -2292,7 +2336,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr /* low <= cut <= high */ for (tmp = cut; tmp <= high; ++(tmp)) { key.gwy.port = htons(tmp); - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) { *nport = htons(tmp); return (0); @@ -2300,7 +2344,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr } for (tmp = cut - 1; tmp >= low; --(tmp)) { key.gwy.port = htons(tmp); - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) { *nport = htons(tmp); return (0); @@ -2836,6 +2880,34 @@ pf_alloc_state_key(struct pf_state *s) return (sk); } +u_int32_t +pf_tcp_iss(struct pf_pdesc *pd) +{ + MD5_CTX ctx; + u_int32_t digest[4]; + + if (pf_tcp_secret_init == 0) { + arc4random_bytes(pf_tcp_secret, sizeof(pf_tcp_secret)); + MD5Init(&pf_tcp_secret_ctx); + MD5Update(&pf_tcp_secret_ctx, pf_tcp_secret, sizeof(pf_tcp_secret)); + pf_tcp_secret_init = 1; + } + ctx = pf_tcp_secret_ctx; + + MD5Update(&ctx, (char *)&pd->hdr.tcp->th_sport, sizeof(u_short)); + MD5Update(&ctx, (char *)&pd->hdr.tcp->th_dport, sizeof(u_short)); + if (pd->af == AF_INET6) { + MD5Update(&ctx, (char *)&pd->src->v6, sizeof(struct in6_addr)); + MD5Update(&ctx, (char *)&pd->dst->v6, sizeof(struct in6_addr)); + } else { + MD5Update(&ctx, (char *)&pd->src->v4, sizeof(struct in_addr)); + MD5Update(&ctx, (char *)&pd->dst->v4, sizeof(struct in_addr)); + } + MD5Final((u_char *)digest, &ctx); + pf_tcp_iss_off += 4096; + return (digest[0] + tcp_iss + pf_tcp_iss_off); +} + int pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, struct pfi_kif *kif, struct mbuf *m, int off, void *h, @@ -3077,7 +3149,8 @@ pf_test_rule(struct pf_rule **rm, struct !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1], pd->lookup.gid)) r = TAILQ_NEXT(r, entries); - else if (r->prob && r->prob <= arc4random()) + else if (r->prob && r->prob <= + (arc4random() % (UINT_MAX - 1) + 1)) r = TAILQ_NEXT(r, entries); else if (r->match_tag && !pf_match_tag(m, r, &tag)) r = TAILQ_NEXT(r, entries); @@ -3203,10 +3276,22 @@ pf_test_rule(struct pf_rule **rm, struct (r->rule_flag & PFRULE_RETURN)) && !(th->th_flags & TH_RST)) { u_int32_t ack = ntohl(th->th_seq) + pd->p_len; - struct ip *h = mtod(m, struct ip *); + int len = 0; + struct ip *h4; + struct ip6_hdr *h6; + + switch (af) { + case AF_INET: + h4 = mtod(m, struct ip *); + len = ntohs(h4->ip_len) - off; + break; + case AF_INET6: + h6 = mtod(m, struct ip6_hdr *); + len = ntohs(h6->ip6_plen) - (off - sizeof(*h6)); + break; + } - if (pf_check_proto_cksum(m, off, - ntohs(h->ip_len) - off, IPPROTO_TCP, AF_INET)) + if (pf_check_proto_cksum(m, off, len, IPPROTO_TCP, af)) REASON_SET(&reason, PFRES_PROTCKSUM); else { if (th->th_flags & TH_SYN) @@ -3218,10 +3303,12 @@ pf_test_rule(struct pf_rule **rm, struct ntohl(th->th_ack), ack, TH_RST|TH_ACK, 0, 0, r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp); } - } else if ((af == AF_INET) && r->return_icmp) + } else if (pd->proto != IPPROTO_ICMP && af == AF_INET && + r->return_icmp) pf_send_icmp(m, r->return_icmp >> 8, r->return_icmp & 255, af, r); - else if ((af == AF_INET6) && r->return_icmp6) + else if (pd->proto != IPPROTO_ICMPV6 && af == AF_INET6 && + r->return_icmp6) pf_send_icmp(m, r->return_icmp6 >> 8, r->return_icmp6 & 255, af, r); } @@ -3237,7 +3324,6 @@ pf_test_rule(struct pf_rule **rm, struct if (!state_icmp && (r->keep_state || nr != NULL || (pd->flags & PFDESC_TCP_NORM))) { /* create new state */ - u_int16_t len; struct pf_state *s = NULL; struct pf_state_key *sk = NULL; struct pf_src_node *sn = NULL; @@ -3296,15 +3382,14 @@ cleanup: s->log |= nr->log & PF_LOG_ALL; switch (pd->proto) { case IPPROTO_TCP: - len = pd->tot_len - off - (th->th_off << 2); s->src.seqlo = ntohl(th->th_seq); - s->src.seqhi = s->src.seqlo + len + 1; + s->src.seqhi = s->src.seqlo + pd->p_len + 1; if ((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN && r->keep_state == PF_STATE_MODULATE) { /* Generate sequence number modulator */ - while ((s->src.seqdiff = - tcp_rndiss_next() - s->src.seqlo) == 0) - ; + if ((s->src.seqdiff = pf_tcp_iss(pd) - + s->src.seqlo) == 0) + s->src.seqdiff = 1; pf_change_a(&th->th_seq, &th->th_sum, htonl(s->src.seqlo + s->src.seqdiff), 0); rewrite = 1; @@ -3525,11 +3610,20 @@ pf_test_fragment(struct pf_rule **rm, in r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); - else if (r->src.port_op || r->dst.port_op || - r->flagset || r->type || r->code || - r->os_fingerprint != PF_OSFP_ANY) + else if (r->os_fingerprint != PF_OSFP_ANY) + r = TAILQ_NEXT(r, entries); + else if (pd->proto == IPPROTO_UDP && + (r->src.port_op || r->dst.port_op)) r = TAILQ_NEXT(r, entries); - else if (r->prob && r->prob <= arc4random()) + else if (pd->proto == IPPROTO_TCP && + (r->src.port_op || r->dst.port_op || r->flagset)) + r = TAILQ_NEXT(r, entries); + else if ((pd->proto == IPPROTO_ICMP || + pd->proto == IPPROTO_ICMPV6) && + (r->type || r->code)) + r = TAILQ_NEXT(r, entries); + else if (r->prob && r->prob <= + (arc4random() % (UINT_MAX - 1) + 1)) r = TAILQ_NEXT(r, entries); else if (r->match_tag && !pf_match_tag(m, r, &tag)) r = TAILQ_NEXT(r, entries); @@ -3698,6 +3792,22 @@ pf_test_state_tcp(struct pf_state **stat } } + if (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) && + dst->state >= TCPS_FIN_WAIT_2 && + src->state >= TCPS_FIN_WAIT_2) { + if (pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: state reuse "); + pf_print_state(*state); + pf_print_flags(th->th_flags); + printf("\n"); + } + /* XXX make sure it's the same direction ?? */ + (*state)->src.state = (*state)->dst.state = TCPS_CLOSED; + pf_unlink_state(*state); + *state = NULL; + return (PF_DROP); + } + if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) { sws = src->wscale & PF_WSCALE_MASK; dws = dst->wscale & PF_WSCALE_MASK; @@ -3724,7 +3834,8 @@ pf_test_state_tcp(struct pf_state **stat /* Deferred generation of sequence number modulator */ if (dst->seqdiff && !src->seqdiff) { - while ((src->seqdiff = tcp_rndiss_next() - seq) == 0) + /* use random iss for the TCP server */ + while ((src->seqdiff = arc4random() - seq) == 0) ; ack = ntohl(th->th_ack) - dst->seqdiff; pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + @@ -3842,7 +3953,8 @@ pf_test_state_tcp(struct pf_state **stat (ackskew <= (MAXACKWINDOW << sws)) && /* Acking not more than one window forward */ ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo || - (orig_seq == src->seqlo + 1) || (pd->flags & PFDESC_IP_REAS) == 0)) { + (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo) || + (pd->flags & PFDESC_IP_REAS) == 0)) { /* Require an exact/+1 sequence match on resets when possible */ if (dst->scrub || src->scrub) { @@ -3937,9 +4049,12 @@ pf_test_state_tcp(struct pf_state **stat pf_print_state(*state); pf_print_flags(th->th_flags); printf(" seq=%u (%u) ack=%u len=%u ackskew=%d " - "pkts=%llu:%llu\n", seq, orig_seq, ack, pd->p_len, - ackskew, (*state)->packets[0], - (*state)->packets[1]); + "pkts=%llu:%llu dir=%s,%s\n", seq, orig_seq, ack, + pd->p_len, ackskew, (*state)->packets[0], + (*state)->packets[1], + direction == PF_IN ? "in" : "out", + direction == (*state)->state_key->direction ? + "fwd" : "rev"); } if (dst->scrub || src->scrub) { Modified: vendor-sys/pf/dist/net/pf_if.c ============================================================================== --- vendor-sys/pf/dist/net/pf_if.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf_if.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.47 2007/07/13 09:17:48 markus Exp $ */ +/* $OpenBSD: pf_if.c,v 1.51 2007/11/07 17:28:40 mpf Exp $ */ /* * Copyright 2005 Henning Brauer @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -110,10 +111,9 @@ pfi_kif_get(const char *kif_name) return (kif); /* create new one */ - if ((kif = malloc(sizeof(*kif), PFI_MTYPE, M_DONTWAIT)) == NULL) + if ((kif = malloc(sizeof(*kif), PFI_MTYPE, M_DONTWAIT|M_ZERO)) == NULL) return (NULL); - bzero(kif, sizeof(*kif)); strlcpy(kif->pfik_name, kif_name, sizeof(kif->pfik_name)); kif->pfik_tzero = time_second; TAILQ_INIT(&kif->pfik_dynaddrs); @@ -603,49 +603,57 @@ pfi_if_compare(struct pfi_kif *p, struct } void -pfi_fill_oldstatus(struct pf_status *pfs) +pfi_update_status(const char *name, struct pf_status *pfs) { struct pfi_kif *p; struct pfi_kif_cmp key; + struct ifg_member p_member, *ifgm; + TAILQ_HEAD(, ifg_member) ifg_members; int i, j, k, s; - strlcpy(key.pfik_name, pfs->ifname, sizeof(key.pfik_name)); + strlcpy(key.pfik_name, name, sizeof(key.pfik_name)); s = splsoftnet(); p = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&key); if (p == NULL) { splx(s); return; } - bzero(pfs->pcounters, sizeof(pfs->pcounters)); - bzero(pfs->bcounters, sizeof(pfs->bcounters)); - for (i = 0; i < 2; i++) - for (j = 0; j < 2; j++) - for (k = 0; k < 2; k++) { - pfs->pcounters[i][j][k] = - p->pfik_packets[i][j][k]; - pfs->bcounters[i][j] += - p->pfik_bytes[i][j][k]; - } - splx(s); -} - -int -pfi_clr_istats(const char *name) -{ - struct pfi_kif *p; - int s; + if (p->pfik_group != NULL) { + bcopy(&p->pfik_group->ifg_members, &ifg_members, + sizeof(ifg_members)); + } else { + /* build a temporary list for p only */ + bzero(&p_member, sizeof(p_member)); + p_member.ifgm_ifp = p->pfik_ifp; + TAILQ_INIT(&ifg_members); + TAILQ_INSERT_TAIL(&ifg_members, &p_member, ifgm_next); + } + if (pfs) { + bzero(pfs->pcounters, sizeof(pfs->pcounters)); + bzero(pfs->bcounters, sizeof(pfs->bcounters)); + } + TAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) { + if (ifgm->ifgm_ifp == NULL) + continue; + p = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; - s = splsoftnet(); - RB_FOREACH(p, pfi_ifhead, &pfi_ifs) { - if (pfi_skip_if(name, p)) + /* just clear statistics */ + if (pfs == NULL) { + bzero(p->pfik_packets, sizeof(p->pfik_packets)); + bzero(p->pfik_bytes, sizeof(p->pfik_bytes)); + p->pfik_tzero = time_second; continue; - bzero(p->pfik_packets, sizeof(p->pfik_packets)); - bzero(p->pfik_bytes, sizeof(p->pfik_bytes)); - p->pfik_tzero = time_second; + } + for (i = 0; i < 2; i++) + for (j = 0; j < 2; j++) + for (k = 0; k < 2; k++) { + pfs->pcounters[i][j][k] += + p->pfik_packets[i][j][k]; + pfs->bcounters[i][j] += + p->pfik_bytes[i][j][k]; + } } splx(s); - - return (0); } int Modified: vendor-sys/pf/dist/net/pf_ioctl.c ============================================================================== --- vendor-sys/pf/dist/net/pf_ioctl.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf_ioctl.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.182 2007/06/24 11:17:13 mcbride Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.193 2007/12/02 12:08:04 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -160,7 +160,7 @@ pfattach(int num) pool_sethardlimit(pf_pool_limits[PF_LIMIT_STATES].pp, pf_pool_limits[PF_LIMIT_STATES].limit, NULL, 0); - if (ctob(physmem) <= 100*1024*1024) + if (ptoa(physmem) <= 100*1024*1024) pf_pool_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT_SMALL; @@ -379,11 +379,9 @@ tagname2tag(struct pf_tags *head, char * return (0); /* allocate and fill new struct pf_tagname */ - tag = (struct pf_tagname *)malloc(sizeof(struct pf_tagname), - M_TEMP, M_NOWAIT); + tag = malloc(sizeof(*tag), M_TEMP, M_NOWAIT|M_ZERO); if (tag == NULL) return (0); - bzero(tag, sizeof(struct pf_tagname)); strlcpy(tag->name, tagname, sizeof(tag->name)); tag->tag = new_tagid; tag->ref++; @@ -912,7 +910,6 @@ pf_state_import(struct pfsync_state *sp, /* copy to state */ memcpy(&s->id, &sp->id, sizeof(sp->id)); s->creatorid = sp->creatorid; - strlcpy(sp->ifname, s->kif->pfik_name, sizeof(sp->ifname)); pf_state_peer_from_pfsync(&sp->src, &s->src); pf_state_peer_from_pfsync(&sp->dst, &s->dst); @@ -921,6 +918,9 @@ pf_state_import(struct pfsync_state *sp, s->anchor.ptr = NULL; s->rt_kif = NULL; s->creation = time_second; + s->expire = time_second; + if (sp->expire > 0) + s->expire -= pf_default_rule.timeout[sp->timeout] - sp->expire; s->pfsync_time = 0; s->packets[0] = s->packets[1] = 0; s->bytes[0] = s->bytes[1] = 0; @@ -1633,7 +1633,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCADDSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; - struct pfsync_state *sp = (struct pfsync_state *)ps->state; + struct pfsync_state *sp = &ps->state; struct pf_state *s; struct pf_state_key *sk; struct pfi_kif *kif; @@ -1650,6 +1650,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a } bzero(s, sizeof(struct pf_state)); if ((sk = pf_alloc_state_key(s)) == NULL) { + pool_put(&pf_state_pl, s); error = ENOMEM; break; } @@ -1664,30 +1665,28 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a if (pf_insert_state(kif, s)) { pfi_kif_unref(kif, PFI_KIF_REF_NONE); pool_put(&pf_state_pl, s); - pool_put(&pf_state_key_pl, sk); - error = ENOMEM; + error = EEXIST; + break; } + pf_default_rule.states++; break; } case DIOCGETSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; struct pf_state *s; - u_int32_t nr; + struct pf_state_cmp id_key; - nr = 0; - RB_FOREACH(s, pf_state_tree_id, &tree_id) { - if (nr >= ps->nr) - break; - nr++; - } + bcopy(ps->state.id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = ps->state.creatorid; + + s = pf_find_state_byid(&id_key); if (s == NULL) { - error = EBUSY; + error = ENOENT; break; } - pf_state_export((struct pfsync_state *)&ps->state, - s->state_key, s); + pf_state_export(&ps->state, s->state_key, s); break; } @@ -1735,7 +1734,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCGETSTATUS: { struct pf_status *s = (struct pf_status *)addr; bcopy(&pf_status, s, sizeof(struct pf_status)); - pfi_fill_oldstatus(s); + pfi_update_status(s->ifname, s); break; } @@ -1746,10 +1745,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a bzero(pf_status.ifname, IFNAMSIZ); break; } - if (ifunit(pi->ifname) == NULL) { - error = EINVAL; - break; - } strlcpy(pf_status.ifname, pi->ifname, IFNAMSIZ); break; } @@ -1760,7 +1755,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a bzero(pf_status.scounters, sizeof(pf_status.scounters)); pf_status.since = time_second; if (*pf_status.ifname) - pfi_clr_istats(pf_status.ifname); + pfi_update_status(pf_status.ifname, NULL); break; } @@ -1793,13 +1788,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a key.ext.port = pnl->dport; PF_ACPY(&key.gwy.addr, &pnl->saddr, pnl->af); key.gwy.port = pnl->sport; - state = pf_find_state_all(&key, PF_EXT_GWY, &m); + state = pf_find_state_all(&key, PF_IN, &m); } else { PF_ACPY(&key.lan.addr, &pnl->daddr, pnl->af); key.lan.port = pnl->dport; PF_ACPY(&key.ext.addr, &pnl->saddr, pnl->af); key.ext.port = pnl->sport; - state = pf_find_state_all(&key, PF_LAN_EXT, &m); + state = pf_find_state_all(&key, PF_OUT, &m); } if (m > 1) error = E2BIG; /* more than one state */ @@ -1968,6 +1963,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a pool_put(&pf_altq_pl, altq); break; } + altq->altq_disc = NULL; TAILQ_FOREACH(a, pf_altqs_inactive, entries) { if (strncmp(a->ifname, altq->ifname, IFNAMSIZ) == 0 && a->qname[0] == 0) { @@ -2547,10 +2543,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a error = ENODEV; goto fail; } - ioe = (struct pfioc_trans_e *)malloc(sizeof(*ioe), - M_TEMP, M_WAITOK); - table = (struct pfr_table *)malloc(sizeof(*table), - M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); + table = malloc(sizeof(*table), M_TEMP, M_WAITOK); for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { free(table, M_TEMP); @@ -2616,10 +2610,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a error = ENODEV; goto fail; } - ioe = (struct pfioc_trans_e *)malloc(sizeof(*ioe), - M_TEMP, M_WAITOK); - table = (struct pfr_table *)malloc(sizeof(*table), - M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); + table = malloc(sizeof(*table), M_TEMP, M_WAITOK); for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { free(table, M_TEMP); @@ -2680,10 +2672,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a error = ENODEV; goto fail; } - ioe = (struct pfioc_trans_e *)malloc(sizeof(*ioe), - M_TEMP, M_WAITOK); - table = (struct pfr_table *)malloc(sizeof(*table), - M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); + table = malloc(sizeof(*table), M_TEMP, M_WAITOK); /* first makes sure everything will succeed */ for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { Modified: vendor-sys/pf/dist/net/pf_norm.c ============================================================================== --- vendor-sys/pf/dist/net/pf_norm.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf_norm.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.109 2007/05/28 17:16:39 henning Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.111 2007/12/30 10:32:24 mglocker Exp $ */ /* * Copyright 2001 Niels Provos @@ -115,7 +115,7 @@ struct mbuf *pf_reassemble(struct mbuf struct mbuf *pf_fragcache(struct mbuf **, struct ip*, struct pf_fragment **, int, int, int *); int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, - struct tcphdr *, int); + struct tcphdr *, int, sa_family_t); #define DPFPRINTF(x) do { \ if (pf_status.debug >= PF_DEBUG_MISC) { \ @@ -1316,7 +1316,7 @@ pf_normalize_tcp(int dir, struct pfi_kif } /* Process options */ - if (r->max_mss && pf_normalize_tcpopt(r, m, th, off)) + if (r->max_mss && pf_normalize_tcpopt(r, m, th, off, pd->af)) rewrite = 1; /* copy back packet headers if we sanitized */ @@ -1819,17 +1819,21 @@ pf_normalize_tcp_stateful(struct mbuf *m int pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th, - int off) + int off, sa_family_t af) { u_int16_t *mss; int thoff; int opt, cnt, optlen = 0; int rewrite = 0; - u_char *optp; + u_char opts[MAX_TCPOPTLEN]; + u_char *optp = opts; thoff = th->th_off << 2; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:22:58 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B20C1065670; Wed, 10 Dec 2008 21:22:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 56B128FC18; Wed, 10 Dec 2008 21:22:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALMw2a043324; Wed, 10 Dec 2008 21:22:58 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALMwS7043316; Wed, 10 Dec 2008 21:22:58 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102122.mBALMwS7043316@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:22:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185886 - vendor-sys/pf/dist/net X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:22:58 -0000 Author: mlaier Date: Wed Dec 10 21:22:57 2008 New Revision: 185886 URL: http://svn.freebsd.org/changeset/base/185886 Log: Import OPENBSD_4_3_BASE Modified: vendor-sys/pf/dist/net/if_pflog.c vendor-sys/pf/dist/net/if_pfsync.c vendor-sys/pf/dist/net/if_pfsync.h vendor-sys/pf/dist/net/pf.c vendor-sys/pf/dist/net/pf_if.c vendor-sys/pf/dist/net/pf_ioctl.c vendor-sys/pf/dist/net/pf_norm.c vendor-sys/pf/dist/net/pf_osfp.c vendor-sys/pf/dist/net/pf_table.c vendor-sys/pf/dist/net/pfvar.h Modified: vendor-sys/pf/dist/net/if_pflog.c ============================================================================== --- vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/if_pflog.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pflog.c,v 1.24 2007/05/26 17:13:30 jason Exp $ */ +/* $OpenBSD: if_pflog.c,v 1.27 2007/12/20 02:53:02 brad Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -107,9 +107,9 @@ pflog_clone_create(struct if_clone *ifc, if (unit >= PFLOGIFS_MAX) return (EINVAL); - if ((pflogif = malloc(sizeof(*pflogif), M_DEVBUF, M_NOWAIT)) == NULL) + if ((pflogif = malloc(sizeof(*pflogif), + M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL) return (ENOMEM); - bzero(pflogif, sizeof(*pflogif)); pflogif->sc_unit = unit; ifp = &pflogif->sc_if; @@ -191,9 +191,6 @@ int pflogioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { switch (cmd) { - case SIOCSIFADDR: - case SIOCAIFADDR: - case SIOCSIFDSTADDR: case SIOCSIFFLAGS: if (ifp->if_flags & IFF_UP) ifp->if_flags |= IFF_RUNNING; @@ -201,7 +198,7 @@ pflogioctl(struct ifnet *ifp, u_long cmd ifp->if_flags &= ~IFF_RUNNING; break; default: - return (EINVAL); + return (ENOTTY); } return (0); Modified: vendor-sys/pf/dist/net/if_pfsync.c ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.83 2007/06/26 14:44:12 mcbride Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.89 2008/01/12 17:08:33 mpf Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -36,6 +36,7 @@ #include #include #include +#include #include #include @@ -45,6 +46,7 @@ #include #include #include +#include #ifdef INET #include @@ -124,9 +126,9 @@ pfsync_clone_create(struct if_clone *ifc return (EINVAL); pfsync_sync_ok = 1; - if ((pfsyncif = malloc(sizeof(*pfsyncif), M_DEVBUF, M_NOWAIT)) == NULL) + if ((pfsyncif = malloc(sizeof(*pfsyncif), M_DEVBUF, + M_NOWAIT|M_ZERO)) == NULL) return (ENOMEM); - bzero(pfsyncif, sizeof(*pfsyncif)); pfsyncif->sc_mbuf = NULL; pfsyncif->sc_mbuf_net = NULL; pfsyncif->sc_mbuf_tdb = NULL; @@ -140,6 +142,10 @@ pfsync_clone_create(struct if_clone *ifc pfsyncif->sc_ureq_sent = 0; pfsyncif->sc_bulk_send_next = NULL; pfsyncif->sc_bulk_terminator = NULL; + pfsyncif->sc_imo.imo_membership = (struct in_multi **)malloc( + (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_IPMOPTS, + M_WAITOK|M_ZERO); + pfsyncif->sc_imo.imo_max_memberships = IP_MIN_MEMBERSHIPS; ifp = &pfsyncif->sc_if; snprintf(ifp->if_xname, sizeof ifp->if_xname, "pfsync%d", unit); ifp->if_softc = pfsyncif; @@ -171,10 +177,21 @@ pfsync_clone_create(struct if_clone *ifc int pfsync_clone_destroy(struct ifnet *ifp) { + struct pfsync_softc *sc = ifp->if_softc; + + timeout_del(&sc->sc_tmo); + timeout_del(&sc->sc_tdb_tmo); + timeout_del(&sc->sc_bulk_tmo); + timeout_del(&sc->sc_bulkfail_tmo); +#if NCARP > 0 + if (!pfsync_sync_ok) + carp_group_demote_adj(&sc->sc_if, -1); +#endif #if NBPFILTER > 0 bpfdetach(ifp); #endif if_detach(ifp); + free(pfsyncif->sc_imo.imo_membership, M_IPMOPTS); free(pfsyncif, M_DEVBUF); pfsyncif = NULL; return (0); @@ -461,9 +478,9 @@ pfsync_input(struct mbuf *m, ...) sp->direction > PF_OUT || (sp->af != AF_INET && sp->af != AF_INET6)) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert: PFSYNC_ACT_INS: " + printf("pfsync_input: PFSYNC_ACT_INS: " "invalid value\n"); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_badval++; continue; } @@ -495,9 +512,9 @@ pfsync_input(struct mbuf *m, ...) sp->src.state > PF_TCPS_PROXY_DST || sp->dst.state > PF_TCPS_PROXY_DST) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert: PFSYNC_ACT_UPD: " + printf("pfsync_input: PFSYNC_ACT_UPD: " "invalid value\n"); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_badval++; continue; } @@ -559,7 +576,7 @@ pfsync_input(struct mbuf *m, ...) : "partial"), sfail, betoh64(st->id), ntohl(st->creatorid)); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_stale++; if (!(sp->sync_flags & PFSTATE_STALE)) { /* we have a better state, send it */ @@ -626,10 +643,10 @@ pfsync_input(struct mbuf *m, ...) up->src.state > PF_TCPS_PROXY_DST || up->dst.state > PF_TCPS_PROXY_DST) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert: " + printf("pfsync_input: " "PFSYNC_ACT_UPD_C: " "invalid value\n"); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_badval++; continue; } @@ -685,7 +702,7 @@ pfsync_input(struct mbuf *m, ...) "creatorid: %08x\n", sfail, betoh64(st->id), ntohl(st->creatorid)); - pfsyncstats.pfsyncs_badstate++; + pfsyncstats.pfsyncs_stale++; /* we have a better state, send it out */ if ((!stale || update_requested) && @@ -1750,3 +1767,22 @@ pfsync_update_tdb(struct tdb *tdb, int o return (ret); } #endif + +int +pfsync_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, + size_t newlen) +{ + /* All sysctl names at this level are terminal. */ + if (namelen != 1) + return (ENOTDIR); + + switch (name[0]) { + case PFSYNCCTL_STATS: + if (newp != NULL) + return (EPERM); + return (sysctl_struct(oldp, oldlenp, newp, newlen, + &pfsyncstats, sizeof(pfsyncstats))); + default: + return (ENOPROTOOPT); + } +} Modified: vendor-sys/pf/dist/net/if_pfsync.h ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.h,v 1.31 2007/05/31 04:11:42 mcbride Exp $ */ +/* $OpenBSD: if_pfsync.h,v 1.32 2007/12/14 18:33:37 deraadt Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -86,6 +86,17 @@ struct pfsync_state_bus { u_int8_t pad[7]; } __packed; +/* + * Names for PFSYNC sysctl objects + */ +#define PFSYNCCTL_STATS 1 /* PFSYNC stats */ +#define PFSYNCCTL_MAXID 2 + +#define PFSYNCCTL_NAMES { \ + { 0, 0 }, \ + { "stats", CTLTYPE_STRUCT }, \ +} + #ifdef _KERNEL union sc_statep { @@ -255,6 +266,8 @@ struct pfsyncreq { void pfsync_input(struct mbuf *, ...); int pfsync_clear_states(u_int32_t, char *); int pfsync_pack_state(u_int8_t, struct pf_state *, int); +int pfsync_sysctl(int *, u_int, void *, size_t *, void *, size_t); + #define pfsync_insert_state(st) do { \ if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) || \ (st->state_key->proto == IPPROTO_PFSYNC)) \ Modified: vendor-sys/pf/dist/net/pf.c ============================================================================== --- vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.552 2007/08/21 15:57:27 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.567 2008/02/20 23:40:13 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -51,6 +51,8 @@ #include #include +#include + #include #include #include @@ -110,6 +112,11 @@ u_int32_t ticket_altqs_inactive; int altqs_inactive_open; u_int32_t ticket_pabuf; +MD5_CTX pf_tcp_secret_ctx; +u_char pf_tcp_secret[16]; +int pf_tcp_secret_init; +int pf_tcp_iss_off; + struct pf_anchor_stackframe { struct pf_ruleset *rs; struct pf_rule *r; @@ -160,6 +167,7 @@ struct pf_rule *pf_get_translation(stru void pf_attach_state(struct pf_state_key *, struct pf_state *, int); void pf_detach_state(struct pf_state *, int); +u_int32_t pf_tcp_iss(struct pf_pdesc *); int pf_test_rule(struct pf_rule **, struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, @@ -214,7 +222,7 @@ int pf_check_proto_cksum(struct mbuf int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); struct pf_state *pf_find_state(struct pfi_kif *, - struct pf_state_key_cmp *, u_int8_t); + struct pf_state_key_cmp *, u_int); int pf_src_connlimit(struct pf_state **); void pf_stateins_err(const char *, struct pf_state *, struct pfi_kif *); @@ -233,10 +241,7 @@ struct pf_pool_limit pf_pool_limits[PF_L #define STATE_LOOKUP() \ do { \ - if (direction == PF_IN) \ - *state = pf_find_state(kif, &key, PF_EXT_GWY); \ - else \ - *state = pf_find_state(kif, &key, PF_LAN_EXT); \ + *state = pf_find_state(kif, &key, direction); \ if (*state == NULL || (*state)->timeout == PFTM_PURGE) \ return (PF_DROP); \ if (direction == PF_OUT && \ @@ -526,19 +531,19 @@ pf_find_state_byid(struct pf_state_cmp * } struct pf_state * -pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int8_t tree) +pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) { struct pf_state_key *sk; struct pf_state *s; pf_status.fcounters[FCNT_STATE_SEARCH]++; - switch (tree) { - case PF_LAN_EXT: + switch (dir) { + case PF_OUT: sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, (struct pf_state_key *)key); break; - case PF_EXT_GWY: + case PF_IN: sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, (struct pf_state_key *)key); break; @@ -556,19 +561,19 @@ pf_find_state(struct pfi_kif *kif, struc } struct pf_state * -pf_find_state_all(struct pf_state_key_cmp *key, u_int8_t tree, int *more) +pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) { struct pf_state_key *sk; struct pf_state *s, *ret = NULL; pf_status.fcounters[FCNT_STATE_SEARCH]++; - switch (tree) { - case PF_LAN_EXT: + switch (dir) { + case PF_OUT: sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, (struct pf_state_key *)key); break; - case PF_EXT_GWY: + case PF_IN: sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, (struct pf_state_key *)key); break; @@ -819,6 +824,8 @@ pf_insert_state(struct pfi_kif *kif, str TAILQ_FOREACH(sp, &cur->states, next) if (sp->kif == kif) { /* collision! */ pf_stateins_err("tree_lan_ext", s, kif); + pf_detach_state(s, + PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); return (-1); } pf_detach_state(s, PF_DT_SKIP_LANEXT|PF_DT_SKIP_EXTGWY); @@ -961,10 +968,8 @@ pf_src_tree_remove_state(struct pf_state u_int32_t timeout; if (s->src_node != NULL) { - if (s->state_key->proto == IPPROTO_TCP) { - if (s->src.tcp_est) - --s->src_node->conn; - } + if (s->src.tcp_est) + --s->src_node->conn; if (--s->src_node->states <= 0) { timeout = s->rule.ptr->timeout[PFTM_SRC_NODE]; if (!timeout) @@ -1295,6 +1300,7 @@ pf_addr_wrap_neq(struct pf_addr_wrap *aw return (1); switch (aw1->type) { case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: if (PF_ANEQ(&aw1->v.a.addr, &aw2->v.a.addr, 0)) return (1); if (PF_ANEQ(&aw1->v.a.mask, &aw2->v.a.mask, 0)) @@ -1598,7 +1604,7 @@ pf_send_tcp(const struct pf_rule *r, sa_ m->m_pkthdr.pf.tag = rtag; if (r != NULL && r->rtableid >= 0) - m->m_pkthdr.pf.rtableid = m->m_pkthdr.pf.rtableid; + m->m_pkthdr.pf.rtableid = r->rtableid; #ifdef ALTQ if (r != NULL && r->qid) { @@ -1790,6 +1796,44 @@ pf_match_addr(u_int8_t n, struct pf_addr } } +/* + * Return 1 if b <= a <= e, otherwise return 0. + */ +int +pf_match_addr_range(struct pf_addr *b, struct pf_addr *e, + struct pf_addr *a, sa_family_t af) +{ + switch (af) { +#ifdef INET + case AF_INET: + if ((a->addr32[0] < b->addr32[0]) || + (a->addr32[0] > e->addr32[0])) + return (0); + break; +#endif /* INET */ +#ifdef INET6 + case AF_INET6: { + int i; + + /* check a >= b */ + for (i = 0; i < 4; ++i) + if (a->addr32[i] > b->addr32[i]) + break; + else if (a->addr32[i] < b->addr32[i]) + return (0); + /* check a <= e */ + for (i = 0; i < 4; ++i) + if (a->addr32[i] < e->addr32[i]) + break; + else if (a->addr32[i] > e->addr32[i]) + return (0); + break; + } +#endif /* INET6 */ + } + return (1); +} + int pf_match(u_int8_t op, u_int32_t a1, u_int32_t a2, u_int32_t p) { @@ -2267,15 +2311,15 @@ pf_get_sport(sa_family_t af, u_int8_t pr if (!(proto == IPPROTO_TCP || proto == IPPROTO_UDP || proto == IPPROTO_ICMP)) { key.gwy.port = dport; - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) return (0); } else if (low == 0 && high == 0) { key.gwy.port = *nport; - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) return (0); } else if (low == high) { key.gwy.port = htons(low); - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == NULL) { + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) { *nport = htons(low); return (0); } @@ -2292,7 +2336,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr /* low <= cut <= high */ for (tmp = cut; tmp <= high; ++(tmp)) { key.gwy.port = htons(tmp); - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) { *nport = htons(tmp); return (0); @@ -2300,7 +2344,7 @@ pf_get_sport(sa_family_t af, u_int8_t pr } for (tmp = cut - 1; tmp >= low; --(tmp)) { key.gwy.port = htons(tmp); - if (pf_find_state_all(&key, PF_EXT_GWY, NULL) == + if (pf_find_state_all(&key, PF_IN, NULL) == NULL) { *nport = htons(tmp); return (0); @@ -2836,6 +2880,34 @@ pf_alloc_state_key(struct pf_state *s) return (sk); } +u_int32_t +pf_tcp_iss(struct pf_pdesc *pd) +{ + MD5_CTX ctx; + u_int32_t digest[4]; + + if (pf_tcp_secret_init == 0) { + arc4random_bytes(pf_tcp_secret, sizeof(pf_tcp_secret)); + MD5Init(&pf_tcp_secret_ctx); + MD5Update(&pf_tcp_secret_ctx, pf_tcp_secret, sizeof(pf_tcp_secret)); + pf_tcp_secret_init = 1; + } + ctx = pf_tcp_secret_ctx; + + MD5Update(&ctx, (char *)&pd->hdr.tcp->th_sport, sizeof(u_short)); + MD5Update(&ctx, (char *)&pd->hdr.tcp->th_dport, sizeof(u_short)); + if (pd->af == AF_INET6) { + MD5Update(&ctx, (char *)&pd->src->v6, sizeof(struct in6_addr)); + MD5Update(&ctx, (char *)&pd->dst->v6, sizeof(struct in6_addr)); + } else { + MD5Update(&ctx, (char *)&pd->src->v4, sizeof(struct in_addr)); + MD5Update(&ctx, (char *)&pd->dst->v4, sizeof(struct in_addr)); + } + MD5Final((u_char *)digest, &ctx); + pf_tcp_iss_off += 4096; + return (digest[0] + tcp_iss + pf_tcp_iss_off); +} + int pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, struct pfi_kif *kif, struct mbuf *m, int off, void *h, @@ -3077,7 +3149,8 @@ pf_test_rule(struct pf_rule **rm, struct !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1], pd->lookup.gid)) r = TAILQ_NEXT(r, entries); - else if (r->prob && r->prob <= arc4random()) + else if (r->prob && r->prob <= + (arc4random() % (UINT_MAX - 1) + 1)) r = TAILQ_NEXT(r, entries); else if (r->match_tag && !pf_match_tag(m, r, &tag)) r = TAILQ_NEXT(r, entries); @@ -3203,10 +3276,22 @@ pf_test_rule(struct pf_rule **rm, struct (r->rule_flag & PFRULE_RETURN)) && !(th->th_flags & TH_RST)) { u_int32_t ack = ntohl(th->th_seq) + pd->p_len; - struct ip *h = mtod(m, struct ip *); + int len = 0; + struct ip *h4; + struct ip6_hdr *h6; + + switch (af) { + case AF_INET: + h4 = mtod(m, struct ip *); + len = ntohs(h4->ip_len) - off; + break; + case AF_INET6: + h6 = mtod(m, struct ip6_hdr *); + len = ntohs(h6->ip6_plen) - (off - sizeof(*h6)); + break; + } - if (pf_check_proto_cksum(m, off, - ntohs(h->ip_len) - off, IPPROTO_TCP, AF_INET)) + if (pf_check_proto_cksum(m, off, len, IPPROTO_TCP, af)) REASON_SET(&reason, PFRES_PROTCKSUM); else { if (th->th_flags & TH_SYN) @@ -3218,10 +3303,12 @@ pf_test_rule(struct pf_rule **rm, struct ntohl(th->th_ack), ack, TH_RST|TH_ACK, 0, 0, r->return_ttl, 1, 0, pd->eh, kif->pfik_ifp); } - } else if ((af == AF_INET) && r->return_icmp) + } else if (pd->proto != IPPROTO_ICMP && af == AF_INET && + r->return_icmp) pf_send_icmp(m, r->return_icmp >> 8, r->return_icmp & 255, af, r); - else if ((af == AF_INET6) && r->return_icmp6) + else if (pd->proto != IPPROTO_ICMPV6 && af == AF_INET6 && + r->return_icmp6) pf_send_icmp(m, r->return_icmp6 >> 8, r->return_icmp6 & 255, af, r); } @@ -3237,7 +3324,6 @@ pf_test_rule(struct pf_rule **rm, struct if (!state_icmp && (r->keep_state || nr != NULL || (pd->flags & PFDESC_TCP_NORM))) { /* create new state */ - u_int16_t len; struct pf_state *s = NULL; struct pf_state_key *sk = NULL; struct pf_src_node *sn = NULL; @@ -3296,15 +3382,14 @@ cleanup: s->log |= nr->log & PF_LOG_ALL; switch (pd->proto) { case IPPROTO_TCP: - len = pd->tot_len - off - (th->th_off << 2); s->src.seqlo = ntohl(th->th_seq); - s->src.seqhi = s->src.seqlo + len + 1; + s->src.seqhi = s->src.seqlo + pd->p_len + 1; if ((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN && r->keep_state == PF_STATE_MODULATE) { /* Generate sequence number modulator */ - while ((s->src.seqdiff = - tcp_rndiss_next() - s->src.seqlo) == 0) - ; + if ((s->src.seqdiff = pf_tcp_iss(pd) - + s->src.seqlo) == 0) + s->src.seqdiff = 1; pf_change_a(&th->th_seq, &th->th_sum, htonl(s->src.seqlo + s->src.seqdiff), 0); rewrite = 1; @@ -3525,11 +3610,20 @@ pf_test_fragment(struct pf_rule **rm, in r = r->skip[PF_SKIP_DST_ADDR].ptr; else if (r->tos && !(r->tos == pd->tos)) r = TAILQ_NEXT(r, entries); - else if (r->src.port_op || r->dst.port_op || - r->flagset || r->type || r->code || - r->os_fingerprint != PF_OSFP_ANY) + else if (r->os_fingerprint != PF_OSFP_ANY) + r = TAILQ_NEXT(r, entries); + else if (pd->proto == IPPROTO_UDP && + (r->src.port_op || r->dst.port_op)) r = TAILQ_NEXT(r, entries); - else if (r->prob && r->prob <= arc4random()) + else if (pd->proto == IPPROTO_TCP && + (r->src.port_op || r->dst.port_op || r->flagset)) + r = TAILQ_NEXT(r, entries); + else if ((pd->proto == IPPROTO_ICMP || + pd->proto == IPPROTO_ICMPV6) && + (r->type || r->code)) + r = TAILQ_NEXT(r, entries); + else if (r->prob && r->prob <= + (arc4random() % (UINT_MAX - 1) + 1)) r = TAILQ_NEXT(r, entries); else if (r->match_tag && !pf_match_tag(m, r, &tag)) r = TAILQ_NEXT(r, entries); @@ -3698,6 +3792,22 @@ pf_test_state_tcp(struct pf_state **stat } } + if (((th->th_flags & (TH_SYN|TH_ACK)) == TH_SYN) && + dst->state >= TCPS_FIN_WAIT_2 && + src->state >= TCPS_FIN_WAIT_2) { + if (pf_status.debug >= PF_DEBUG_MISC) { + printf("pf: state reuse "); + pf_print_state(*state); + pf_print_flags(th->th_flags); + printf("\n"); + } + /* XXX make sure it's the same direction ?? */ + (*state)->src.state = (*state)->dst.state = TCPS_CLOSED; + pf_unlink_state(*state); + *state = NULL; + return (PF_DROP); + } + if (src->wscale && dst->wscale && !(th->th_flags & TH_SYN)) { sws = src->wscale & PF_WSCALE_MASK; dws = dst->wscale & PF_WSCALE_MASK; @@ -3724,7 +3834,8 @@ pf_test_state_tcp(struct pf_state **stat /* Deferred generation of sequence number modulator */ if (dst->seqdiff && !src->seqdiff) { - while ((src->seqdiff = tcp_rndiss_next() - seq) == 0) + /* use random iss for the TCP server */ + while ((src->seqdiff = arc4random() - seq) == 0) ; ack = ntohl(th->th_ack) - dst->seqdiff; pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + @@ -3842,7 +3953,8 @@ pf_test_state_tcp(struct pf_state **stat (ackskew <= (MAXACKWINDOW << sws)) && /* Acking not more than one window forward */ ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo || - (orig_seq == src->seqlo + 1) || (pd->flags & PFDESC_IP_REAS) == 0)) { + (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo) || + (pd->flags & PFDESC_IP_REAS) == 0)) { /* Require an exact/+1 sequence match on resets when possible */ if (dst->scrub || src->scrub) { @@ -3937,9 +4049,12 @@ pf_test_state_tcp(struct pf_state **stat pf_print_state(*state); pf_print_flags(th->th_flags); printf(" seq=%u (%u) ack=%u len=%u ackskew=%d " - "pkts=%llu:%llu\n", seq, orig_seq, ack, pd->p_len, - ackskew, (*state)->packets[0], - (*state)->packets[1]); + "pkts=%llu:%llu dir=%s,%s\n", seq, orig_seq, ack, + pd->p_len, ackskew, (*state)->packets[0], + (*state)->packets[1], + direction == PF_IN ? "in" : "out", + direction == (*state)->state_key->direction ? + "fwd" : "rev"); } if (dst->scrub || src->scrub) { Modified: vendor-sys/pf/dist/net/pf_if.c ============================================================================== --- vendor-sys/pf/dist/net/pf_if.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf_if.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_if.c,v 1.47 2007/07/13 09:17:48 markus Exp $ */ +/* $OpenBSD: pf_if.c,v 1.51 2007/11/07 17:28:40 mpf Exp $ */ /* * Copyright 2005 Henning Brauer @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -110,10 +111,9 @@ pfi_kif_get(const char *kif_name) return (kif); /* create new one */ - if ((kif = malloc(sizeof(*kif), PFI_MTYPE, M_DONTWAIT)) == NULL) + if ((kif = malloc(sizeof(*kif), PFI_MTYPE, M_DONTWAIT|M_ZERO)) == NULL) return (NULL); - bzero(kif, sizeof(*kif)); strlcpy(kif->pfik_name, kif_name, sizeof(kif->pfik_name)); kif->pfik_tzero = time_second; TAILQ_INIT(&kif->pfik_dynaddrs); @@ -603,49 +603,57 @@ pfi_if_compare(struct pfi_kif *p, struct } void -pfi_fill_oldstatus(struct pf_status *pfs) +pfi_update_status(const char *name, struct pf_status *pfs) { struct pfi_kif *p; struct pfi_kif_cmp key; + struct ifg_member p_member, *ifgm; + TAILQ_HEAD(, ifg_member) ifg_members; int i, j, k, s; - strlcpy(key.pfik_name, pfs->ifname, sizeof(key.pfik_name)); + strlcpy(key.pfik_name, name, sizeof(key.pfik_name)); s = splsoftnet(); p = RB_FIND(pfi_ifhead, &pfi_ifs, (struct pfi_kif *)&key); if (p == NULL) { splx(s); return; } - bzero(pfs->pcounters, sizeof(pfs->pcounters)); - bzero(pfs->bcounters, sizeof(pfs->bcounters)); - for (i = 0; i < 2; i++) - for (j = 0; j < 2; j++) - for (k = 0; k < 2; k++) { - pfs->pcounters[i][j][k] = - p->pfik_packets[i][j][k]; - pfs->bcounters[i][j] += - p->pfik_bytes[i][j][k]; - } - splx(s); -} - -int -pfi_clr_istats(const char *name) -{ - struct pfi_kif *p; - int s; + if (p->pfik_group != NULL) { + bcopy(&p->pfik_group->ifg_members, &ifg_members, + sizeof(ifg_members)); + } else { + /* build a temporary list for p only */ + bzero(&p_member, sizeof(p_member)); + p_member.ifgm_ifp = p->pfik_ifp; + TAILQ_INIT(&ifg_members); + TAILQ_INSERT_TAIL(&ifg_members, &p_member, ifgm_next); + } + if (pfs) { + bzero(pfs->pcounters, sizeof(pfs->pcounters)); + bzero(pfs->bcounters, sizeof(pfs->bcounters)); + } + TAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) { + if (ifgm->ifgm_ifp == NULL) + continue; + p = (struct pfi_kif *)ifgm->ifgm_ifp->if_pf_kif; - s = splsoftnet(); - RB_FOREACH(p, pfi_ifhead, &pfi_ifs) { - if (pfi_skip_if(name, p)) + /* just clear statistics */ + if (pfs == NULL) { + bzero(p->pfik_packets, sizeof(p->pfik_packets)); + bzero(p->pfik_bytes, sizeof(p->pfik_bytes)); + p->pfik_tzero = time_second; continue; - bzero(p->pfik_packets, sizeof(p->pfik_packets)); - bzero(p->pfik_bytes, sizeof(p->pfik_bytes)); - p->pfik_tzero = time_second; + } + for (i = 0; i < 2; i++) + for (j = 0; j < 2; j++) + for (k = 0; k < 2; k++) { + pfs->pcounters[i][j][k] += + p->pfik_packets[i][j][k]; + pfs->bcounters[i][j] += + p->pfik_bytes[i][j][k]; + } } splx(s); - - return (0); } int Modified: vendor-sys/pf/dist/net/pf_ioctl.c ============================================================================== --- vendor-sys/pf/dist/net/pf_ioctl.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf_ioctl.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.182 2007/06/24 11:17:13 mcbride Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.193 2007/12/02 12:08:04 pascoe Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -160,7 +160,7 @@ pfattach(int num) pool_sethardlimit(pf_pool_limits[PF_LIMIT_STATES].pp, pf_pool_limits[PF_LIMIT_STATES].limit, NULL, 0); - if (ctob(physmem) <= 100*1024*1024) + if (ptoa(physmem) <= 100*1024*1024) pf_pool_limits[PF_LIMIT_TABLE_ENTRIES].limit = PFR_KENTRY_HIWAT_SMALL; @@ -379,11 +379,9 @@ tagname2tag(struct pf_tags *head, char * return (0); /* allocate and fill new struct pf_tagname */ - tag = (struct pf_tagname *)malloc(sizeof(struct pf_tagname), - M_TEMP, M_NOWAIT); + tag = malloc(sizeof(*tag), M_TEMP, M_NOWAIT|M_ZERO); if (tag == NULL) return (0); - bzero(tag, sizeof(struct pf_tagname)); strlcpy(tag->name, tagname, sizeof(tag->name)); tag->tag = new_tagid; tag->ref++; @@ -912,7 +910,6 @@ pf_state_import(struct pfsync_state *sp, /* copy to state */ memcpy(&s->id, &sp->id, sizeof(sp->id)); s->creatorid = sp->creatorid; - strlcpy(sp->ifname, s->kif->pfik_name, sizeof(sp->ifname)); pf_state_peer_from_pfsync(&sp->src, &s->src); pf_state_peer_from_pfsync(&sp->dst, &s->dst); @@ -921,6 +918,9 @@ pf_state_import(struct pfsync_state *sp, s->anchor.ptr = NULL; s->rt_kif = NULL; s->creation = time_second; + s->expire = time_second; + if (sp->expire > 0) + s->expire -= pf_default_rule.timeout[sp->timeout] - sp->expire; s->pfsync_time = 0; s->packets[0] = s->packets[1] = 0; s->bytes[0] = s->bytes[1] = 0; @@ -1633,7 +1633,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCADDSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; - struct pfsync_state *sp = (struct pfsync_state *)ps->state; + struct pfsync_state *sp = &ps->state; struct pf_state *s; struct pf_state_key *sk; struct pfi_kif *kif; @@ -1650,6 +1650,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a } bzero(s, sizeof(struct pf_state)); if ((sk = pf_alloc_state_key(s)) == NULL) { + pool_put(&pf_state_pl, s); error = ENOMEM; break; } @@ -1664,30 +1665,28 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a if (pf_insert_state(kif, s)) { pfi_kif_unref(kif, PFI_KIF_REF_NONE); pool_put(&pf_state_pl, s); - pool_put(&pf_state_key_pl, sk); - error = ENOMEM; + error = EEXIST; + break; } + pf_default_rule.states++; break; } case DIOCGETSTATE: { struct pfioc_state *ps = (struct pfioc_state *)addr; struct pf_state *s; - u_int32_t nr; + struct pf_state_cmp id_key; - nr = 0; - RB_FOREACH(s, pf_state_tree_id, &tree_id) { - if (nr >= ps->nr) - break; - nr++; - } + bcopy(ps->state.id, &id_key.id, sizeof(id_key.id)); + id_key.creatorid = ps->state.creatorid; + + s = pf_find_state_byid(&id_key); if (s == NULL) { - error = EBUSY; + error = ENOENT; break; } - pf_state_export((struct pfsync_state *)&ps->state, - s->state_key, s); + pf_state_export(&ps->state, s->state_key, s); break; } @@ -1735,7 +1734,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a case DIOCGETSTATUS: { struct pf_status *s = (struct pf_status *)addr; bcopy(&pf_status, s, sizeof(struct pf_status)); - pfi_fill_oldstatus(s); + pfi_update_status(s->ifname, s); break; } @@ -1746,10 +1745,6 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a bzero(pf_status.ifname, IFNAMSIZ); break; } - if (ifunit(pi->ifname) == NULL) { - error = EINVAL; - break; - } strlcpy(pf_status.ifname, pi->ifname, IFNAMSIZ); break; } @@ -1760,7 +1755,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a bzero(pf_status.scounters, sizeof(pf_status.scounters)); pf_status.since = time_second; if (*pf_status.ifname) - pfi_clr_istats(pf_status.ifname); + pfi_update_status(pf_status.ifname, NULL); break; } @@ -1793,13 +1788,13 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a key.ext.port = pnl->dport; PF_ACPY(&key.gwy.addr, &pnl->saddr, pnl->af); key.gwy.port = pnl->sport; - state = pf_find_state_all(&key, PF_EXT_GWY, &m); + state = pf_find_state_all(&key, PF_IN, &m); } else { PF_ACPY(&key.lan.addr, &pnl->daddr, pnl->af); key.lan.port = pnl->dport; PF_ACPY(&key.ext.addr, &pnl->saddr, pnl->af); key.ext.port = pnl->sport; - state = pf_find_state_all(&key, PF_LAN_EXT, &m); + state = pf_find_state_all(&key, PF_OUT, &m); } if (m > 1) error = E2BIG; /* more than one state */ @@ -1968,6 +1963,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a pool_put(&pf_altq_pl, altq); break; } + altq->altq_disc = NULL; TAILQ_FOREACH(a, pf_altqs_inactive, entries) { if (strncmp(a->ifname, altq->ifname, IFNAMSIZ) == 0 && a->qname[0] == 0) { @@ -2547,10 +2543,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a error = ENODEV; goto fail; } - ioe = (struct pfioc_trans_e *)malloc(sizeof(*ioe), - M_TEMP, M_WAITOK); - table = (struct pfr_table *)malloc(sizeof(*table), - M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); + table = malloc(sizeof(*table), M_TEMP, M_WAITOK); for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { free(table, M_TEMP); @@ -2616,10 +2610,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a error = ENODEV; goto fail; } - ioe = (struct pfioc_trans_e *)malloc(sizeof(*ioe), - M_TEMP, M_WAITOK); - table = (struct pfr_table *)malloc(sizeof(*table), - M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); + table = malloc(sizeof(*table), M_TEMP, M_WAITOK); for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { free(table, M_TEMP); @@ -2680,10 +2672,8 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a error = ENODEV; goto fail; } - ioe = (struct pfioc_trans_e *)malloc(sizeof(*ioe), - M_TEMP, M_WAITOK); - table = (struct pfr_table *)malloc(sizeof(*table), - M_TEMP, M_WAITOK); + ioe = malloc(sizeof(*ioe), M_TEMP, M_WAITOK); + table = malloc(sizeof(*table), M_TEMP, M_WAITOK); /* first makes sure everything will succeed */ for (i = 0; i < io->size; i++) { if (copyin(io->array+i, ioe, sizeof(*ioe))) { Modified: vendor-sys/pf/dist/net/pf_norm.c ============================================================================== --- vendor-sys/pf/dist/net/pf_norm.c Wed Dec 10 21:22:15 2008 (r185885) +++ vendor-sys/pf/dist/net/pf_norm.c Wed Dec 10 21:22:57 2008 (r185886) @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_norm.c,v 1.109 2007/05/28 17:16:39 henning Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.111 2007/12/30 10:32:24 mglocker Exp $ */ /* * Copyright 2001 Niels Provos @@ -115,7 +115,7 @@ struct mbuf *pf_reassemble(struct mbuf struct mbuf *pf_fragcache(struct mbuf **, struct ip*, struct pf_fragment **, int, int, int *); int pf_normalize_tcpopt(struct pf_rule *, struct mbuf *, - struct tcphdr *, int); + struct tcphdr *, int, sa_family_t); #define DPFPRINTF(x) do { \ if (pf_status.debug >= PF_DEBUG_MISC) { \ @@ -1316,7 +1316,7 @@ pf_normalize_tcp(int dir, struct pfi_kif } /* Process options */ - if (r->max_mss && pf_normalize_tcpopt(r, m, th, off)) + if (r->max_mss && pf_normalize_tcpopt(r, m, th, off, pd->af)) rewrite = 1; /* copy back packet headers if we sanitized */ @@ -1819,17 +1819,21 @@ pf_normalize_tcp_stateful(struct mbuf *m int pf_normalize_tcpopt(struct pf_rule *r, struct mbuf *m, struct tcphdr *th, - int off) + int off, sa_family_t af) { u_int16_t *mss; int thoff; int opt, cnt, optlen = 0; int rewrite = 0; - u_char *optp; + u_char opts[MAX_TCPOPTLEN]; + u_char *optp = opts; thoff = th->th_off << 2; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:23:24 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C96C106568E; Wed, 10 Dec 2008 21:23:24 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D49908FC1D; Wed, 10 Dec 2008 21:23:23 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALNNvP043381; Wed, 10 Dec 2008 21:23:23 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALNNMh043380; Wed, 10 Dec 2008 21:23:23 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102123.mBALNNMh043380@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:23:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185887 - vendor-sys/pf/4.3 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:23:24 -0000 Author: mlaier Date: Wed Dec 10 21:23:23 2008 New Revision: 185887 URL: http://svn.freebsd.org/changeset/base/185887 Log: Tag for pf 4.3 Added: vendor-sys/pf/4.3/ - copied from r185886, vendor-sys/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:23:24 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3546210656A8; Wed, 10 Dec 2008 21:23:24 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 077728FC1F; Wed, 10 Dec 2008 21:23:24 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALNNsb043386; Wed, 10 Dec 2008 21:23:23 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALNNHs043385; Wed, 10 Dec 2008 21:23:23 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102123.mBALNNHs043385@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:23:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185887 - vendor-sys/pf/4.3 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:23:24 -0000 Author: mlaier Date: Wed Dec 10 21:23:23 2008 New Revision: 185887 URL: http://svn.freebsd.org/changeset/base/185887 Log: Tag for pf 4.3 Added: vendor-sys/pf/4.3/ - copied from r185886, vendor-sys/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:24:31 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 701B11065675; Wed, 10 Dec 2008 21:24:31 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 5BA7E8FC25; Wed, 10 Dec 2008 21:24:31 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALOVBB043443; Wed, 10 Dec 2008 21:24:31 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALOVYN043439; Wed, 10 Dec 2008 21:24:31 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102124.mBALOVYN043439@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:24:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185888 - vendor-sys/pf/dist/net X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:24:31 -0000 Author: mlaier Date: Wed Dec 10 21:24:31 2008 New Revision: 185888 URL: http://svn.freebsd.org/changeset/base/185888 Log: Import OPENBSD_4_4_BASE Modified: vendor-sys/pf/dist/net/if_pfsync.c vendor-sys/pf/dist/net/if_pfsync.h vendor-sys/pf/dist/net/pf.c vendor-sys/pf/dist/net/pf_if.c vendor-sys/pf/dist/net/pf_ioctl.c vendor-sys/pf/dist/net/pf_norm.c vendor-sys/pf/dist/net/pf_osfp.c vendor-sys/pf/dist/net/pf_table.c vendor-sys/pf/dist/net/pfvar.h Modified: vendor-sys/pf/dist/net/if_pfsync.c ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:23:23 2008 (r185887) +++ vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:24:31 2008 (r185888) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.89 2008/01/12 17:08:33 mpf Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.98 2008/06/29 08:42:15 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -89,7 +89,6 @@ int pfsync_clone_destroy(struct ifnet *) void pfsync_setmtu(struct pfsync_softc *, int); int pfsync_alloc_scrub_memory(struct pfsync_state_peer *, struct pf_state_peer *); -int pfsync_insert_net_state(struct pfsync_state *, u_int8_t); void pfsync_update_net_tdb(struct pfsync_tdb *); int pfsyncoutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); @@ -224,117 +223,218 @@ pfsync_alloc_scrub_memory(struct pfsync_ struct pf_state_peer *d) { if (s->scrub.scrub_flag && d->scrub == NULL) { - d->scrub = pool_get(&pf_state_scrub_pl, PR_NOWAIT); + d->scrub = pool_get(&pf_state_scrub_pl, PR_NOWAIT | PR_ZERO); if (d->scrub == NULL) return (ENOMEM); - bzero(d->scrub, sizeof(*d->scrub)); } return (0); } +void +pfsync_state_export(struct pfsync_state *sp, struct pf_state *st) +{ + bzero(sp, sizeof(struct pfsync_state)); + + /* copy from state key */ + sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0]; + sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1]; + sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0]; + sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1]; + sp->key[PF_SK_STACK].addr[0] = st->key[PF_SK_STACK]->addr[0]; + sp->key[PF_SK_STACK].addr[1] = st->key[PF_SK_STACK]->addr[1]; + sp->key[PF_SK_STACK].port[0] = st->key[PF_SK_STACK]->port[0]; + sp->key[PF_SK_STACK].port[1] = st->key[PF_SK_STACK]->port[1]; + sp->proto = st->key[PF_SK_WIRE]->proto; + sp->af = st->key[PF_SK_WIRE]->af; + + /* copy from state */ + strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); + bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); + sp->creation = htonl(time_second - st->creation); + sp->expire = pf_state_expires(st); + if (sp->expire <= time_second) + sp->expire = htonl(0); + else + sp->expire = htonl(sp->expire - time_second); + + sp->direction = st->direction; + sp->log = st->log; + sp->timeout = st->timeout; + sp->state_flags = st->state_flags; + if (st->src_node) + sp->sync_flags |= PFSYNC_FLAG_SRCNODE; + if (st->nat_src_node) + sp->sync_flags |= PFSYNC_FLAG_NATSRCNODE; + + bcopy(&st->id, &sp->id, sizeof(sp->id)); + sp->creatorid = st->creatorid; + pf_state_peer_hton(&st->src, &sp->src); + pf_state_peer_hton(&st->dst, &sp->dst); + + if (st->rule.ptr == NULL) + sp->rule = htonl(-1); + else + sp->rule = htonl(st->rule.ptr->nr); + if (st->anchor.ptr == NULL) + sp->anchor = htonl(-1); + else + sp->anchor = htonl(st->anchor.ptr->nr); + if (st->nat_rule.ptr == NULL) + sp->nat_rule = htonl(-1); + else + sp->nat_rule = htonl(st->nat_rule.ptr->nr); + + pf_state_counter_hton(st->packets[0], sp->packets[0]); + pf_state_counter_hton(st->packets[1], sp->packets[1]); + pf_state_counter_hton(st->bytes[0], sp->bytes[0]); + pf_state_counter_hton(st->bytes[1], sp->bytes[1]); + +} + int -pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag) +pfsync_state_import(struct pfsync_state *sp, u_int8_t flags) { struct pf_state *st = NULL; - struct pf_state_key *sk = NULL; + struct pf_state_key *skw = NULL, *sks = NULL; struct pf_rule *r = NULL; struct pfi_kif *kif; + int pool_flags; + int error; if (sp->creatorid == 0 && pf_status.debug >= PF_DEBUG_MISC) { - printf("pfsync_insert_net_state: invalid creator id:" + printf("pfsync_state_import: invalid creator id:" " %08x\n", ntohl(sp->creatorid)); return (EINVAL); } - kif = pfi_kif_get(sp->ifname); - if (kif == NULL) { + if ((kif = pfi_kif_get(sp->ifname)) == NULL) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert_net_state: " + printf("pfsync_state_import: " "unknown interface: %s\n", sp->ifname); - /* skip this state */ - return (0); + if (flags & PFSYNC_SI_IOCTL) + return (EINVAL); + return (0); /* skip this state */ } /* - * If the ruleset checksums match, it's safe to associate the state - * with the rule of that number. + * If the ruleset checksums match or the state is coming from the ioctl, + * it's safe to associate the state with the rule of that number. */ - if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag && - ntohl(sp->rule) < + if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && + (flags & (PFSYNC_SI_IOCTL | PFSYNC_SI_CKSUM)) && ntohl(sp->rule) < pf_main_ruleset.rules[PF_RULESET_FILTER].active.rcount) r = pf_main_ruleset.rules[ PF_RULESET_FILTER].active.ptr_array[ntohl(sp->rule)]; else r = &pf_default_rule; - if (!r->max_states || r->states < r->max_states) - st = pool_get(&pf_state_pl, PR_NOWAIT); - if (st == NULL) { - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - return (ENOMEM); - } - bzero(st, sizeof(*st)); + if ((r->max_states && r->states_cur >= r->max_states)) + goto cleanup; - if ((sk = pf_alloc_state_key(st)) == NULL) { - pool_put(&pf_state_pl, st); - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - return (ENOMEM); - } + if (flags & PFSYNC_SI_IOCTL) + pool_flags = PR_WAITOK | PR_LIMITFAIL | PR_ZERO; + else + pool_flags = PR_LIMITFAIL | PR_ZERO; - /* allocate memory for scrub info */ - if (pfsync_alloc_scrub_memory(&sp->src, &st->src) || - pfsync_alloc_scrub_memory(&sp->dst, &st->dst)) { - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - if (st->src.scrub) - pool_put(&pf_state_scrub_pl, st->src.scrub); - pool_put(&pf_state_pl, st); - pool_put(&pf_state_key_pl, sk); - return (ENOMEM); - } + if ((st = pool_get(&pf_state_pl, pool_flags)) == NULL) + goto cleanup; - st->rule.ptr = r; - /* XXX get pointers to nat_rule and anchor */ + if ((skw = pf_alloc_state_key(pool_flags)) == NULL) + goto cleanup; - /* XXX when we have nat_rule/anchors, use STATE_INC_COUNTERS */ - r->states++; + if (PF_ANEQ(&sp->key[PF_SK_WIRE].addr[0], + &sp->key[PF_SK_STACK].addr[0], sp->af) || + PF_ANEQ(&sp->key[PF_SK_WIRE].addr[1], + &sp->key[PF_SK_STACK].addr[1], sp->af) || + sp->key[PF_SK_WIRE].port[0] != sp->key[PF_SK_STACK].port[0] || + sp->key[PF_SK_WIRE].port[1] != sp->key[PF_SK_STACK].port[1]) { + if ((sks = pf_alloc_state_key(pool_flags)) == NULL) + goto cleanup; + } else + sks = skw; - /* fill in the rest of the state entry */ - pf_state_host_ntoh(&sp->lan, &sk->lan); - pf_state_host_ntoh(&sp->gwy, &sk->gwy); - pf_state_host_ntoh(&sp->ext, &sk->ext); + /* allocate memory for scrub info */ + if (pfsync_alloc_scrub_memory(&sp->src, &st->src) || + pfsync_alloc_scrub_memory(&sp->dst, &st->dst)) + goto cleanup; - pf_state_peer_ntoh(&sp->src, &st->src); - pf_state_peer_ntoh(&sp->dst, &st->dst); + /* copy to state key(s) */ + skw->addr[0] = sp->key[PF_SK_WIRE].addr[0]; + skw->addr[1] = sp->key[PF_SK_WIRE].addr[1]; + skw->port[0] = sp->key[PF_SK_WIRE].port[0]; + skw->port[1] = sp->key[PF_SK_WIRE].port[1]; + skw->proto = sp->proto; + skw->af = sp->af; + if (sks != skw) { + sks->addr[0] = sp->key[PF_SK_STACK].addr[0]; + sks->addr[1] = sp->key[PF_SK_STACK].addr[1]; + sks->port[0] = sp->key[PF_SK_STACK].port[0]; + sks->port[1] = sp->key[PF_SK_STACK].port[1]; + sks->proto = sp->proto; + sks->af = sp->af; + } + /* copy to state */ bcopy(&sp->rt_addr, &st->rt_addr, sizeof(st->rt_addr)); st->creation = time_second - ntohl(sp->creation); - st->expire = ntohl(sp->expire) + time_second; + st->expire = time_second; + if (sp->expire) { + /* XXX No adaptive scaling. */ + st->expire -= r->timeout[sp->timeout] - ntohl(sp->expire); + } - sk->af = sp->af; - sk->proto = sp->proto; - sk->direction = sp->direction; + st->expire = ntohl(sp->expire) + time_second; + st->direction = sp->direction; st->log = sp->log; st->timeout = sp->timeout; - st->allow_opts = sp->allow_opts; + st->state_flags = sp->state_flags; + if (!(flags & PFSYNC_SI_IOCTL)) + st->sync_flags = PFSTATE_FROMSYNC; bcopy(sp->id, &st->id, sizeof(st->id)); st->creatorid = sp->creatorid; - st->sync_flags = PFSTATE_FROMSYNC; + pf_state_peer_ntoh(&sp->src, &st->src); + pf_state_peer_ntoh(&sp->dst, &st->dst); - if (pf_insert_state(kif, st)) { - pfi_kif_unref(kif, PFI_KIF_REF_NONE); + st->rule.ptr = r; + st->nat_rule.ptr = NULL; + st->anchor.ptr = NULL; + st->rt_kif = NULL; + + st->pfsync_time = 0; + + + /* XXX when we have nat_rule/anchors, use STATE_INC_COUNTERS */ + r->states_cur++; + r->states_tot++; + + if ((error = pf_state_insert(kif, skw, sks, st)) != 0) { /* XXX when we have nat_rule/anchors, use STATE_DEC_COUNTERS */ - r->states--; + r->states_cur--; + goto cleanup_state; + } + + return (0); + + cleanup: + error = ENOMEM; + if (skw == sks) + sks = NULL; + if (skw != NULL) + pool_put(&pf_state_key_pl, skw); + if (sks != NULL) + pool_put(&pf_state_key_pl, sks); + + cleanup_state: /* pf_state_insert frees the state keys */ + if (st) { if (st->dst.scrub) pool_put(&pf_state_scrub_pl, st->dst.scrub); if (st->src.scrub) pool_put(&pf_state_scrub_pl, st->src.scrub); pool_put(&pf_state_pl, st); - return (EINVAL); } - - return (0); + return (error); } void @@ -345,6 +445,7 @@ pfsync_input(struct mbuf *m, ...) struct pfsync_softc *sc = pfsyncif; struct pf_state *st; struct pf_state_key *sk; + struct pf_state_item *si; struct pf_state_cmp id_key; struct pfsync_state *sp; struct pfsync_state_upd *up; @@ -358,7 +459,7 @@ pfsync_input(struct mbuf *m, ...) struct in_addr src; struct mbuf *mp; int iplen, action, error, i, s, count, offp, sfail, stale = 0; - u_int8_t chksum_flag = 0; + u_int8_t flags = 0; pfsyncstats.pfsyncs_ipackets++; @@ -413,7 +514,7 @@ pfsync_input(struct mbuf *m, ...) src = ip->ip_src; if (!bcmp(&ph->pf_chksum, &pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH)) - chksum_flag++; + flags |= PFSYNC_SI_CKSUM; switch (action) { case PFSYNC_ACT_CLR: { @@ -444,15 +545,16 @@ pfsync_input(struct mbuf *m, ...) splx(s); return; } - for (sk = RB_MIN(pf_state_tree_lan_ext, - &pf_statetbl_lan_ext); sk; sk = nextsk) { - nextsk = RB_NEXT(pf_state_tree_lan_ext, - &pf_statetbl_lan_ext, sk); - TAILQ_FOREACH(st, &sk->states, next) { - if (st->creatorid == creatorid) { - st->sync_flags |= + /* XXX correct? */ + for (sk = RB_MIN(pf_state_tree, + &pf_statetbl); sk; sk = nextsk) { + nextsk = RB_NEXT(pf_state_tree, + &pf_statetbl, sk); + TAILQ_FOREACH(si, &sk->states, entry) { + if (si->s->creatorid == creatorid) { + si->s->sync_flags |= PFSTATE_FROMSYNC; - pf_unlink_state(st); + pf_unlink_state(si->s); } } } @@ -484,8 +586,7 @@ pfsync_input(struct mbuf *m, ...) continue; } - if ((error = pfsync_insert_net_state(sp, - chksum_flag))) { + if ((error = pfsync_state_import(sp, flags))) { if (error == ENOMEM) { splx(s); goto done; @@ -524,11 +625,11 @@ pfsync_input(struct mbuf *m, ...) st = pf_find_state_byid(&id_key); if (st == NULL) { /* insert the update */ - if (pfsync_insert_net_state(sp, chksum_flag)) + if (pfsync_state_import(sp, flags)) pfsyncstats.pfsyncs_badstate++; continue; } - sk = st->state_key; + sk = st->key[PF_SK_WIRE]; /* XXX right one? */ sfail = 0; if (sk->proto == IPPROTO_TCP) { /* @@ -589,7 +690,7 @@ pfsync_input(struct mbuf *m, ...) } continue; } - pfsync_alloc_scrub_memory(&sp->dst, &st->dst); + pfsync_alloc_scrub_memory(&sp->dst, &st->dst); pf_state_peer_ntoh(&sp->src, &st->src); pf_state_peer_ntoh(&sp->dst, &st->dst); st->expire = ntohl(sp->expire) + time_second; @@ -665,7 +766,7 @@ pfsync_input(struct mbuf *m, ...) pfsyncstats.pfsyncs_badstate++; continue; } - sk = st->state_key; + sk = st->key[PF_SK_WIRE]; /* XXX right one? */ sfail = 0; if (sk->proto == IPPROTO_TCP) { /* @@ -716,7 +817,7 @@ pfsync_input(struct mbuf *m, ...) PFSYNC_FLAG_STALE); continue; } - pfsync_alloc_scrub_memory(&up->dst, &st->dst); + pfsync_alloc_scrub_memory(&up->dst, &st->dst); pf_state_peer_ntoh(&up->src, &st->src); pf_state_peer_ntoh(&up->dst, &st->dst); st->expire = ntohl(up->expire) + time_second; @@ -1117,9 +1218,6 @@ pfsync_pack_state(u_int8_t action, struc struct pfsync_state *sp = NULL; struct pfsync_state_upd *up = NULL; struct pfsync_state_del *dp = NULL; - struct pf_state_key *sk = st->state_key; - struct pf_rule *r; - u_long secs; int s, ret = 0; u_int8_t i = 255, newaction = 0; @@ -1186,8 +1284,6 @@ pfsync_pack_state(u_int8_t action, struc } } - secs = time_second; - st->pfsync_time = time_uptime; if (sp == NULL) { @@ -1199,47 +1295,19 @@ pfsync_pack_state(u_int8_t action, struc h->count++; bzero(sp, sizeof(*sp)); - bcopy(&st->id, sp->id, sizeof(sp->id)); - sp->creatorid = st->creatorid; - - strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); - pf_state_host_hton(&sk->lan, &sp->lan); - pf_state_host_hton(&sk->gwy, &sp->gwy); - pf_state_host_hton(&sk->ext, &sp->ext); - - bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); - - sp->creation = htonl(secs - st->creation); - pf_state_counter_hton(st->packets[0], sp->packets[0]); - pf_state_counter_hton(st->packets[1], sp->packets[1]); - pf_state_counter_hton(st->bytes[0], sp->bytes[0]); - pf_state_counter_hton(st->bytes[1], sp->bytes[1]); - if ((r = st->rule.ptr) == NULL) - sp->rule = htonl(-1); - else - sp->rule = htonl(r->nr); - if ((r = st->anchor.ptr) == NULL) - sp->anchor = htonl(-1); - else - sp->anchor = htonl(r->nr); - sp->af = sk->af; - sp->proto = sk->proto; - sp->direction = sk->direction; - sp->log = st->log; - sp->allow_opts = st->allow_opts; - sp->timeout = st->timeout; + pfsync_state_export(sp, st); if (flags & PFSYNC_FLAG_STALE) sp->sync_flags |= PFSTATE_STALE; - } - - pf_state_peer_hton(&st->src, &sp->src); - pf_state_peer_hton(&st->dst, &sp->dst); + } else { + pf_state_peer_hton(&st->src, &sp->src); + pf_state_peer_hton(&st->dst, &sp->dst); - if (st->expire <= secs) - sp->expire = htonl(0); - else - sp->expire = htonl(st->expire - secs); + if (st->expire <= time_second) + sp->expire = htonl(0); + else + sp->expire = htonl(st->expire - time_second); + } /* do we need to build "compressed" actions for network transfer? */ if (sc->sc_sync_ifp && flags & PFSYNC_FLAG_COMPRESS) { @@ -1715,7 +1783,7 @@ pfsync_update_tdb(struct tdb *tdb, int o for (i = 0; !pt && i < h->count; i++) { if (tdb->tdb_spi == u->spi && tdb->tdb_sproto == u->sproto && - !bcmp(&tdb->tdb_dst, &u->dst, + !bcmp(&tdb->tdb_dst, &u->dst, SA_LEN(&u->dst.sa))) { pt = u; pt->updates++; Modified: vendor-sys/pf/dist/net/if_pfsync.h ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:23:23 2008 (r185887) +++ vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:24:31 2008 (r185888) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.h,v 1.32 2007/12/14 18:33:37 deraadt Exp $ */ +/* $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -146,7 +146,7 @@ extern struct pfsync_softc *pfsyncif; struct pfsync_header { u_int8_t version; -#define PFSYNC_VERSION 3 +#define PFSYNC_VERSION 4 u_int8_t af; u_int8_t action; #define PFSYNC_ACT_CLR 0 /* clear all states */ @@ -205,72 +205,22 @@ struct pfsyncreq { int pfsyncr_authlevel; }; - -/* for copies to/from network */ -#define pf_state_peer_hton(s,d) do { \ - (d)->seqlo = htonl((s)->seqlo); \ - (d)->seqhi = htonl((s)->seqhi); \ - (d)->seqdiff = htonl((s)->seqdiff); \ - (d)->max_win = htons((s)->max_win); \ - (d)->mss = htons((s)->mss); \ - (d)->state = (s)->state; \ - (d)->wscale = (s)->wscale; \ - if ((s)->scrub) { \ - (d)->scrub.pfss_flags = \ - htons((s)->scrub->pfss_flags & PFSS_TIMESTAMP); \ - (d)->scrub.pfss_ttl = (s)->scrub->pfss_ttl; \ - (d)->scrub.pfss_ts_mod = htonl((s)->scrub->pfss_ts_mod);\ - (d)->scrub.scrub_flag = PFSYNC_SCRUB_FLAG_VALID; \ - } \ -} while (0) - -#define pf_state_peer_ntoh(s,d) do { \ - (d)->seqlo = ntohl((s)->seqlo); \ - (d)->seqhi = ntohl((s)->seqhi); \ - (d)->seqdiff = ntohl((s)->seqdiff); \ - (d)->max_win = ntohs((s)->max_win); \ - (d)->mss = ntohs((s)->mss); \ - (d)->state = (s)->state; \ - (d)->wscale = (s)->wscale; \ - if ((s)->scrub.scrub_flag == PFSYNC_SCRUB_FLAG_VALID && \ - (d)->scrub != NULL) { \ - (d)->scrub->pfss_flags = \ - ntohs((s)->scrub.pfss_flags) & PFSS_TIMESTAMP; \ - (d)->scrub->pfss_ttl = (s)->scrub.pfss_ttl; \ - (d)->scrub->pfss_ts_mod = ntohl((s)->scrub.pfss_ts_mod);\ - } \ -} while (0) - -#define pf_state_host_hton(s,d) do { \ - bcopy(&(s)->addr, &(d)->addr, sizeof((d)->addr)); \ - (d)->port = (s)->port; \ -} while (0) - -#define pf_state_host_ntoh(s,d) do { \ - bcopy(&(s)->addr, &(d)->addr, sizeof((d)->addr)); \ - (d)->port = (s)->port; \ -} while (0) - -#define pf_state_counter_hton(s,d) do { \ - d[0] = htonl((s>>32)&0xffffffff); \ - d[1] = htonl(s&0xffffffff); \ -} while (0) - -#define pf_state_counter_ntoh(s,d) do { \ - d = ntohl(s[0]); \ - d = d<<32; \ - d += ntohl(s[1]); \ -} while (0) - #ifdef _KERNEL -void pfsync_input(struct mbuf *, ...); -int pfsync_clear_states(u_int32_t, char *); -int pfsync_pack_state(u_int8_t, struct pf_state *, int); -int pfsync_sysctl(int *, u_int, void *, size_t *, void *, size_t); +void pfsync_input(struct mbuf *, ...); +int pfsync_clear_states(u_int32_t, char *); +int pfsync_pack_state(u_int8_t, struct pf_state *, int); +int pfsync_sysctl(int *, u_int, void *, size_t *, + void *, size_t); +void pfsync_state_export(struct pfsync_state *, + struct pf_state *); + +#define PFSYNC_SI_IOCTL 0x01 +#define PFSYNC_SI_CKSUM 0x02 +int pfsync_state_import(struct pfsync_state *, u_int8_t); #define pfsync_insert_state(st) do { \ if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) || \ - (st->state_key->proto == IPPROTO_PFSYNC)) \ + (st->key[PF_SK_WIRE]->proto == IPPROTO_PFSYNC)) \ st->sync_flags |= PFSTATE_NOSYNC; \ else if (!st->sync_flags) \ pfsync_pack_state(PFSYNC_ACT_INS, (st), \ Modified: vendor-sys/pf/dist/net/pf.c ============================================================================== --- vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:23:23 2008 (r185887) +++ vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:24:31 2008 (r185888) @@ -1,8 +1,8 @@ -/* $OpenBSD: pf.c,v 1.567 2008/02/20 23:40:13 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.614 2008/08/02 12:34:37 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier - * Copyright (c) 2002,2003 Henning Brauer + * Copyright (c) 2002 - 2008 Henning Brauer * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -98,8 +98,7 @@ */ /* state tables */ -struct pf_state_tree_lan_ext pf_statetbl_lan_ext; -struct pf_state_tree_ext_gwy pf_statetbl_ext_gwy; +struct pf_state_tree pf_statetbl; struct pf_altqqueue pf_altqs[2]; struct pf_palist pf_pabuf; @@ -125,7 +124,7 @@ struct pf_anchor_stackframe { } pf_anchor_stack[64]; struct pool pf_src_tree_pl, pf_rule_pl, pf_pooladdr_pl; -struct pool pf_state_pl, pf_state_key_pl; +struct pool pf_state_pl, pf_state_key_pl, pf_state_item_pl; struct pool pf_altq_pl; void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); @@ -161,21 +160,41 @@ struct pf_rule *pf_match_translation(st u_int16_t, int); struct pf_rule *pf_get_translation(struct pf_pdesc *, struct mbuf *, int, int, struct pfi_kif *, struct pf_src_node **, - struct pf_addr *, u_int16_t, - struct pf_addr *, u_int16_t, - struct pf_addr *, u_int16_t *); -void pf_attach_state(struct pf_state_key *, - struct pf_state *, int); -void pf_detach_state(struct pf_state *, int); + struct pf_state_key **, struct pf_state_key **, + struct pf_state_key **, struct pf_state_key **, + struct pf_addr *, struct pf_addr *, + u_int16_t, u_int16_t); +void pf_detach_state(struct pf_state *); +int pf_state_key_setup(struct pf_pdesc *, struct pf_rule *, + struct pf_state_key **, struct pf_state_key **, + struct pf_state_key **, struct pf_state_key **, + struct pf_addr *, struct pf_addr *, + u_int16_t, u_int16_t); +void pf_state_key_detach(struct pf_state *, int); u_int32_t pf_tcp_iss(struct pf_pdesc *); int pf_test_rule(struct pf_rule **, struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **, struct ifqueue *); +static __inline int pf_create_state(struct pf_rule *, struct pf_rule *, + struct pf_rule *, struct pf_pdesc *, + struct pf_src_node *, struct pf_state_key *, + struct pf_state_key *, struct pf_state_key *, + struct pf_state_key *, struct mbuf *, int, + u_int16_t, u_int16_t, int *, struct pfi_kif *, + struct pf_state **, int, u_int16_t, u_int16_t, + int); int pf_test_fragment(struct pf_rule **, int, struct pfi_kif *, struct mbuf *, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **); +int pf_tcp_track_full(struct pf_state_peer *, + struct pf_state_peer *, struct pf_state **, + struct pfi_kif *, struct mbuf *, int, + struct pf_pdesc *, u_short *, int *); +int pf_tcp_track_sloppy(struct pf_state_peer *, + struct pf_state_peer *, struct pf_state **, + struct pf_pdesc *, u_short *); int pf_test_state_tcp(struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); @@ -186,10 +205,9 @@ int pf_test_state_icmp(struct pf_stat struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); int pf_test_state_other(struct pf_state **, int, - struct pfi_kif *, struct pf_pdesc *); -int pf_match_tag(struct mbuf *, struct pf_rule *, int *); + struct pfi_kif *, struct mbuf *, struct pf_pdesc *); void pf_step_into_anchor(int *, struct pf_ruleset **, int, - struct pf_rule **, struct pf_rule **, int *); + struct pf_rule **, struct pf_rule **, int *); int pf_step_out_of_anchor(int *, struct pf_ruleset **, int, struct pf_rule **, struct pf_rule **, int *); @@ -219,13 +237,14 @@ void pf_set_rt_ifp(struct pf_state *, struct pf_addr *); int pf_check_proto_cksum(struct mbuf *, int, int, u_int8_t, sa_family_t); +struct pf_divert *pf_get_divert(struct mbuf *); +void pf_print_state_parts(struct pf_state *, + struct pf_state_key *, struct pf_state_key *); int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); struct pf_state *pf_find_state(struct pfi_kif *, - struct pf_state_key_cmp *, u_int); + struct pf_state_key_cmp *, u_int, struct mbuf *); int pf_src_connlimit(struct pf_state **); -void pf_stateins_err(const char *, struct pf_state *, - struct pfi_kif *); int pf_check_congestion(struct ifqueue *); extern struct pool pfr_ktable_pl; @@ -239,54 +258,49 @@ struct pf_pool_limit pf_pool_limits[PF_L { &pfr_kentry_pl, PFR_KENTRY_HIWAT } }; -#define STATE_LOOKUP() \ +#define STATE_LOOKUP(i, k, d, s, m) \ do { \ - *state = pf_find_state(kif, &key, direction); \ - if (*state == NULL || (*state)->timeout == PFTM_PURGE) \ + s = pf_find_state(i, k, d, m); \ + if (s == NULL || (s)->timeout == PFTM_PURGE) \ return (PF_DROP); \ - if (direction == PF_OUT && \ - (((*state)->rule.ptr->rt == PF_ROUTETO && \ - (*state)->rule.ptr->direction == PF_OUT) || \ - ((*state)->rule.ptr->rt == PF_REPLYTO && \ - (*state)->rule.ptr->direction == PF_IN)) && \ - (*state)->rt_kif != NULL && \ - (*state)->rt_kif != kif) \ + if (d == PF_OUT && \ + (((s)->rule.ptr->rt == PF_ROUTETO && \ + (s)->rule.ptr->direction == PF_OUT) || \ + ((s)->rule.ptr->rt == PF_REPLYTO && \ + (s)->rule.ptr->direction == PF_IN)) && \ + (s)->rt_kif != NULL && \ + (s)->rt_kif != i) \ return (PF_PASS); \ } while (0) -#define STATE_TRANSLATE(sk) \ - (sk)->lan.addr.addr32[0] != (sk)->gwy.addr.addr32[0] || \ - ((sk)->af == AF_INET6 && \ - ((sk)->lan.addr.addr32[1] != (sk)->gwy.addr.addr32[1] || \ - (sk)->lan.addr.addr32[2] != (sk)->gwy.addr.addr32[2] || \ - (sk)->lan.addr.addr32[3] != (sk)->gwy.addr.addr32[3])) || \ - (sk)->lan.port != (sk)->gwy.port - #define BOUND_IFACE(r, k) \ ((r)->rule_flag & PFRULE_IFBOUND) ? (k) : pfi_all #define STATE_INC_COUNTERS(s) \ do { \ - s->rule.ptr->states++; \ - if (s->anchor.ptr != NULL) \ - s->anchor.ptr->states++; \ - if (s->nat_rule.ptr != NULL) \ - s->nat_rule.ptr->states++; \ + s->rule.ptr->states_cur++; \ + s->rule.ptr->states_tot++; \ + if (s->anchor.ptr != NULL) { \ + s->anchor.ptr->states_cur++; \ + s->anchor.ptr->states_tot++; \ + } \ + if (s->nat_rule.ptr != NULL) { \ + s->nat_rule.ptr->states_cur++; \ + s->nat_rule.ptr->states_tot++; \ + } \ } while (0) #define STATE_DEC_COUNTERS(s) \ do { \ if (s->nat_rule.ptr != NULL) \ - s->nat_rule.ptr->states--; \ + s->nat_rule.ptr->states_cur--; \ if (s->anchor.ptr != NULL) \ - s->anchor.ptr->states--; \ - s->rule.ptr->states--; \ + s->anchor.ptr->states_cur--; \ + s->rule.ptr->states_cur--; \ } while (0) static __inline int pf_src_compare(struct pf_src_node *, struct pf_src_node *); -static __inline int pf_state_compare_lan_ext(struct pf_state_key *, - struct pf_state_key *); -static __inline int pf_state_compare_ext_gwy(struct pf_state_key *, +static __inline int pf_state_compare_key(struct pf_state_key *, struct pf_state_key *); static __inline int pf_state_compare_id(struct pf_state *, struct pf_state *); @@ -297,16 +311,10 @@ struct pf_state_tree_id tree_id; struct pf_state_queue state_list; RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare); -RB_GENERATE(pf_state_tree_lan_ext, pf_state_key, - entry_lan_ext, pf_state_compare_lan_ext); -RB_GENERATE(pf_state_tree_ext_gwy, pf_state_key, - entry_ext_gwy, pf_state_compare_ext_gwy); +RB_GENERATE(pf_state_tree, pf_state_key, entry, pf_state_compare_key); RB_GENERATE(pf_state_tree_id, pf_state, entry_id, pf_state_compare_id); -#define PF_DT_SKIP_LANEXT 0x01 -#define PF_DT_SKIP_EXTGWY 0x02 - static __inline int pf_src_compare(struct pf_src_node *a, struct pf_src_node *b) { @@ -351,157 +359,6 @@ pf_src_compare(struct pf_src_node *a, st return (0); } -static __inline int -pf_state_compare_lan_ext(struct pf_state_key *a, struct pf_state_key *b) -{ - int diff; - - if ((diff = a->proto - b->proto) != 0) - return (diff); - if ((diff = a->af - b->af) != 0) - return (diff); - switch (a->af) { -#ifdef INET - case AF_INET: - if (a->lan.addr.addr32[0] > b->lan.addr.addr32[0]) - return (1); - if (a->lan.addr.addr32[0] < b->lan.addr.addr32[0]) - return (-1); - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - break; -#endif /* INET */ -#ifdef INET6 - case AF_INET6: - if (a->lan.addr.addr32[3] > b->lan.addr.addr32[3]) - return (1); - if (a->lan.addr.addr32[3] < b->lan.addr.addr32[3]) - return (-1); - if (a->ext.addr.addr32[3] > b->ext.addr.addr32[3]) - return (1); - if (a->ext.addr.addr32[3] < b->ext.addr.addr32[3]) - return (-1); - if (a->lan.addr.addr32[2] > b->lan.addr.addr32[2]) - return (1); - if (a->lan.addr.addr32[2] < b->lan.addr.addr32[2]) - return (-1); - if (a->ext.addr.addr32[2] > b->ext.addr.addr32[2]) - return (1); - if (a->ext.addr.addr32[2] < b->ext.addr.addr32[2]) - return (-1); - if (a->lan.addr.addr32[1] > b->lan.addr.addr32[1]) - return (1); - if (a->lan.addr.addr32[1] < b->lan.addr.addr32[1]) - return (-1); - if (a->ext.addr.addr32[1] > b->ext.addr.addr32[1]) - return (1); - if (a->ext.addr.addr32[1] < b->ext.addr.addr32[1]) - return (-1); - if (a->lan.addr.addr32[0] > b->lan.addr.addr32[0]) - return (1); - if (a->lan.addr.addr32[0] < b->lan.addr.addr32[0]) - return (-1); - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - break; -#endif /* INET6 */ - } - - if ((diff = a->lan.port - b->lan.port) != 0) - return (diff); - if ((diff = a->ext.port - b->ext.port) != 0) - return (diff); - - return (0); -} - -static __inline int -pf_state_compare_ext_gwy(struct pf_state_key *a, struct pf_state_key *b) -{ - int diff; - - if ((diff = a->proto - b->proto) != 0) - return (diff); - if ((diff = a->af - b->af) != 0) - return (diff); - switch (a->af) { -#ifdef INET - case AF_INET: - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - if (a->gwy.addr.addr32[0] > b->gwy.addr.addr32[0]) - return (1); - if (a->gwy.addr.addr32[0] < b->gwy.addr.addr32[0]) - return (-1); - break; -#endif /* INET */ -#ifdef INET6 - case AF_INET6: - if (a->ext.addr.addr32[3] > b->ext.addr.addr32[3]) - return (1); - if (a->ext.addr.addr32[3] < b->ext.addr.addr32[3]) - return (-1); - if (a->gwy.addr.addr32[3] > b->gwy.addr.addr32[3]) - return (1); - if (a->gwy.addr.addr32[3] < b->gwy.addr.addr32[3]) - return (-1); - if (a->ext.addr.addr32[2] > b->ext.addr.addr32[2]) - return (1); - if (a->ext.addr.addr32[2] < b->ext.addr.addr32[2]) - return (-1); - if (a->gwy.addr.addr32[2] > b->gwy.addr.addr32[2]) - return (1); - if (a->gwy.addr.addr32[2] < b->gwy.addr.addr32[2]) - return (-1); - if (a->ext.addr.addr32[1] > b->ext.addr.addr32[1]) - return (1); - if (a->ext.addr.addr32[1] < b->ext.addr.addr32[1]) - return (-1); - if (a->gwy.addr.addr32[1] > b->gwy.addr.addr32[1]) - return (1); - if (a->gwy.addr.addr32[1] < b->gwy.addr.addr32[1]) - return (-1); - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - if (a->gwy.addr.addr32[0] > b->gwy.addr.addr32[0]) - return (1); - if (a->gwy.addr.addr32[0] < b->gwy.addr.addr32[0]) - return (-1); - break; -#endif /* INET6 */ - } - - if ((diff = a->ext.port - b->ext.port) != 0) - return (diff); - if ((diff = a->gwy.port - b->gwy.port) != 0) - return (diff); - - return (0); -} - -static __inline int -pf_state_compare_id(struct pf_state *a, struct pf_state *b) -{ - if (a->id > b->id) - return (1); - if (a->id < b->id) - return (-1); - if (a->creatorid > b->creatorid) - return (1); - if (a->creatorid < b->creatorid) - return (-1); - - return (0); -} - #ifdef INET6 void pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) @@ -522,77 +379,6 @@ pf_addrcpy(struct pf_addr *dst, struct p } #endif /* INET6 */ -struct pf_state * -pf_find_state_byid(struct pf_state_cmp *key) -{ - pf_status.fcounters[FCNT_STATE_SEARCH]++; - - return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); -} - -struct pf_state * -pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) -{ - struct pf_state_key *sk; - struct pf_state *s; - - pf_status.fcounters[FCNT_STATE_SEARCH]++; - - switch (dir) { - case PF_OUT: - sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, - (struct pf_state_key *)key); - break; - case PF_IN: - sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, - (struct pf_state_key *)key); - break; - default: - panic("pf_find_state"); - } - - /* list is sorted, if-bound states before floating ones */ - if (sk != NULL) - TAILQ_FOREACH(s, &sk->states, next) - if (s->kif == pfi_all || s->kif == kif) - return (s); - - return (NULL); -} - -struct pf_state * -pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) -{ - struct pf_state_key *sk; - struct pf_state *s, *ret = NULL; - - pf_status.fcounters[FCNT_STATE_SEARCH]++; - - switch (dir) { - case PF_OUT: *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:24:31 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AC261065676; Wed, 10 Dec 2008 21:24:31 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 862818FC26; Wed, 10 Dec 2008 21:24:31 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALOVg3043452; Wed, 10 Dec 2008 21:24:31 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALOVJF043448; Wed, 10 Dec 2008 21:24:31 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102124.mBALOVJF043448@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:24:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185888 - vendor-sys/pf/dist/net X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:24:31 -0000 Author: mlaier Date: Wed Dec 10 21:24:31 2008 New Revision: 185888 URL: http://svn.freebsd.org/changeset/base/185888 Log: Import OPENBSD_4_4_BASE Modified: vendor-sys/pf/dist/net/if_pfsync.c vendor-sys/pf/dist/net/if_pfsync.h vendor-sys/pf/dist/net/pf.c vendor-sys/pf/dist/net/pf_if.c vendor-sys/pf/dist/net/pf_ioctl.c vendor-sys/pf/dist/net/pf_norm.c vendor-sys/pf/dist/net/pf_osfp.c vendor-sys/pf/dist/net/pf_table.c vendor-sys/pf/dist/net/pfvar.h Modified: vendor-sys/pf/dist/net/if_pfsync.c ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:23:23 2008 (r185887) +++ vendor-sys/pf/dist/net/if_pfsync.c Wed Dec 10 21:24:31 2008 (r185888) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.c,v 1.89 2008/01/12 17:08:33 mpf Exp $ */ +/* $OpenBSD: if_pfsync.c,v 1.98 2008/06/29 08:42:15 mcbride Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff @@ -89,7 +89,6 @@ int pfsync_clone_destroy(struct ifnet *) void pfsync_setmtu(struct pfsync_softc *, int); int pfsync_alloc_scrub_memory(struct pfsync_state_peer *, struct pf_state_peer *); -int pfsync_insert_net_state(struct pfsync_state *, u_int8_t); void pfsync_update_net_tdb(struct pfsync_tdb *); int pfsyncoutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); @@ -224,117 +223,218 @@ pfsync_alloc_scrub_memory(struct pfsync_ struct pf_state_peer *d) { if (s->scrub.scrub_flag && d->scrub == NULL) { - d->scrub = pool_get(&pf_state_scrub_pl, PR_NOWAIT); + d->scrub = pool_get(&pf_state_scrub_pl, PR_NOWAIT | PR_ZERO); if (d->scrub == NULL) return (ENOMEM); - bzero(d->scrub, sizeof(*d->scrub)); } return (0); } +void +pfsync_state_export(struct pfsync_state *sp, struct pf_state *st) +{ + bzero(sp, sizeof(struct pfsync_state)); + + /* copy from state key */ + sp->key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0]; + sp->key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1]; + sp->key[PF_SK_WIRE].port[0] = st->key[PF_SK_WIRE]->port[0]; + sp->key[PF_SK_WIRE].port[1] = st->key[PF_SK_WIRE]->port[1]; + sp->key[PF_SK_STACK].addr[0] = st->key[PF_SK_STACK]->addr[0]; + sp->key[PF_SK_STACK].addr[1] = st->key[PF_SK_STACK]->addr[1]; + sp->key[PF_SK_STACK].port[0] = st->key[PF_SK_STACK]->port[0]; + sp->key[PF_SK_STACK].port[1] = st->key[PF_SK_STACK]->port[1]; + sp->proto = st->key[PF_SK_WIRE]->proto; + sp->af = st->key[PF_SK_WIRE]->af; + + /* copy from state */ + strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); + bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); + sp->creation = htonl(time_second - st->creation); + sp->expire = pf_state_expires(st); + if (sp->expire <= time_second) + sp->expire = htonl(0); + else + sp->expire = htonl(sp->expire - time_second); + + sp->direction = st->direction; + sp->log = st->log; + sp->timeout = st->timeout; + sp->state_flags = st->state_flags; + if (st->src_node) + sp->sync_flags |= PFSYNC_FLAG_SRCNODE; + if (st->nat_src_node) + sp->sync_flags |= PFSYNC_FLAG_NATSRCNODE; + + bcopy(&st->id, &sp->id, sizeof(sp->id)); + sp->creatorid = st->creatorid; + pf_state_peer_hton(&st->src, &sp->src); + pf_state_peer_hton(&st->dst, &sp->dst); + + if (st->rule.ptr == NULL) + sp->rule = htonl(-1); + else + sp->rule = htonl(st->rule.ptr->nr); + if (st->anchor.ptr == NULL) + sp->anchor = htonl(-1); + else + sp->anchor = htonl(st->anchor.ptr->nr); + if (st->nat_rule.ptr == NULL) + sp->nat_rule = htonl(-1); + else + sp->nat_rule = htonl(st->nat_rule.ptr->nr); + + pf_state_counter_hton(st->packets[0], sp->packets[0]); + pf_state_counter_hton(st->packets[1], sp->packets[1]); + pf_state_counter_hton(st->bytes[0], sp->bytes[0]); + pf_state_counter_hton(st->bytes[1], sp->bytes[1]); + +} + int -pfsync_insert_net_state(struct pfsync_state *sp, u_int8_t chksum_flag) +pfsync_state_import(struct pfsync_state *sp, u_int8_t flags) { struct pf_state *st = NULL; - struct pf_state_key *sk = NULL; + struct pf_state_key *skw = NULL, *sks = NULL; struct pf_rule *r = NULL; struct pfi_kif *kif; + int pool_flags; + int error; if (sp->creatorid == 0 && pf_status.debug >= PF_DEBUG_MISC) { - printf("pfsync_insert_net_state: invalid creator id:" + printf("pfsync_state_import: invalid creator id:" " %08x\n", ntohl(sp->creatorid)); return (EINVAL); } - kif = pfi_kif_get(sp->ifname); - if (kif == NULL) { + if ((kif = pfi_kif_get(sp->ifname)) == NULL) { if (pf_status.debug >= PF_DEBUG_MISC) - printf("pfsync_insert_net_state: " + printf("pfsync_state_import: " "unknown interface: %s\n", sp->ifname); - /* skip this state */ - return (0); + if (flags & PFSYNC_SI_IOCTL) + return (EINVAL); + return (0); /* skip this state */ } /* - * If the ruleset checksums match, it's safe to associate the state - * with the rule of that number. + * If the ruleset checksums match or the state is coming from the ioctl, + * it's safe to associate the state with the rule of that number. */ - if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && chksum_flag && - ntohl(sp->rule) < + if (sp->rule != htonl(-1) && sp->anchor == htonl(-1) && + (flags & (PFSYNC_SI_IOCTL | PFSYNC_SI_CKSUM)) && ntohl(sp->rule) < pf_main_ruleset.rules[PF_RULESET_FILTER].active.rcount) r = pf_main_ruleset.rules[ PF_RULESET_FILTER].active.ptr_array[ntohl(sp->rule)]; else r = &pf_default_rule; - if (!r->max_states || r->states < r->max_states) - st = pool_get(&pf_state_pl, PR_NOWAIT); - if (st == NULL) { - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - return (ENOMEM); - } - bzero(st, sizeof(*st)); + if ((r->max_states && r->states_cur >= r->max_states)) + goto cleanup; - if ((sk = pf_alloc_state_key(st)) == NULL) { - pool_put(&pf_state_pl, st); - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - return (ENOMEM); - } + if (flags & PFSYNC_SI_IOCTL) + pool_flags = PR_WAITOK | PR_LIMITFAIL | PR_ZERO; + else + pool_flags = PR_LIMITFAIL | PR_ZERO; - /* allocate memory for scrub info */ - if (pfsync_alloc_scrub_memory(&sp->src, &st->src) || - pfsync_alloc_scrub_memory(&sp->dst, &st->dst)) { - pfi_kif_unref(kif, PFI_KIF_REF_NONE); - if (st->src.scrub) - pool_put(&pf_state_scrub_pl, st->src.scrub); - pool_put(&pf_state_pl, st); - pool_put(&pf_state_key_pl, sk); - return (ENOMEM); - } + if ((st = pool_get(&pf_state_pl, pool_flags)) == NULL) + goto cleanup; - st->rule.ptr = r; - /* XXX get pointers to nat_rule and anchor */ + if ((skw = pf_alloc_state_key(pool_flags)) == NULL) + goto cleanup; - /* XXX when we have nat_rule/anchors, use STATE_INC_COUNTERS */ - r->states++; + if (PF_ANEQ(&sp->key[PF_SK_WIRE].addr[0], + &sp->key[PF_SK_STACK].addr[0], sp->af) || + PF_ANEQ(&sp->key[PF_SK_WIRE].addr[1], + &sp->key[PF_SK_STACK].addr[1], sp->af) || + sp->key[PF_SK_WIRE].port[0] != sp->key[PF_SK_STACK].port[0] || + sp->key[PF_SK_WIRE].port[1] != sp->key[PF_SK_STACK].port[1]) { + if ((sks = pf_alloc_state_key(pool_flags)) == NULL) + goto cleanup; + } else + sks = skw; - /* fill in the rest of the state entry */ - pf_state_host_ntoh(&sp->lan, &sk->lan); - pf_state_host_ntoh(&sp->gwy, &sk->gwy); - pf_state_host_ntoh(&sp->ext, &sk->ext); + /* allocate memory for scrub info */ + if (pfsync_alloc_scrub_memory(&sp->src, &st->src) || + pfsync_alloc_scrub_memory(&sp->dst, &st->dst)) + goto cleanup; - pf_state_peer_ntoh(&sp->src, &st->src); - pf_state_peer_ntoh(&sp->dst, &st->dst); + /* copy to state key(s) */ + skw->addr[0] = sp->key[PF_SK_WIRE].addr[0]; + skw->addr[1] = sp->key[PF_SK_WIRE].addr[1]; + skw->port[0] = sp->key[PF_SK_WIRE].port[0]; + skw->port[1] = sp->key[PF_SK_WIRE].port[1]; + skw->proto = sp->proto; + skw->af = sp->af; + if (sks != skw) { + sks->addr[0] = sp->key[PF_SK_STACK].addr[0]; + sks->addr[1] = sp->key[PF_SK_STACK].addr[1]; + sks->port[0] = sp->key[PF_SK_STACK].port[0]; + sks->port[1] = sp->key[PF_SK_STACK].port[1]; + sks->proto = sp->proto; + sks->af = sp->af; + } + /* copy to state */ bcopy(&sp->rt_addr, &st->rt_addr, sizeof(st->rt_addr)); st->creation = time_second - ntohl(sp->creation); - st->expire = ntohl(sp->expire) + time_second; + st->expire = time_second; + if (sp->expire) { + /* XXX No adaptive scaling. */ + st->expire -= r->timeout[sp->timeout] - ntohl(sp->expire); + } - sk->af = sp->af; - sk->proto = sp->proto; - sk->direction = sp->direction; + st->expire = ntohl(sp->expire) + time_second; + st->direction = sp->direction; st->log = sp->log; st->timeout = sp->timeout; - st->allow_opts = sp->allow_opts; + st->state_flags = sp->state_flags; + if (!(flags & PFSYNC_SI_IOCTL)) + st->sync_flags = PFSTATE_FROMSYNC; bcopy(sp->id, &st->id, sizeof(st->id)); st->creatorid = sp->creatorid; - st->sync_flags = PFSTATE_FROMSYNC; + pf_state_peer_ntoh(&sp->src, &st->src); + pf_state_peer_ntoh(&sp->dst, &st->dst); - if (pf_insert_state(kif, st)) { - pfi_kif_unref(kif, PFI_KIF_REF_NONE); + st->rule.ptr = r; + st->nat_rule.ptr = NULL; + st->anchor.ptr = NULL; + st->rt_kif = NULL; + + st->pfsync_time = 0; + + + /* XXX when we have nat_rule/anchors, use STATE_INC_COUNTERS */ + r->states_cur++; + r->states_tot++; + + if ((error = pf_state_insert(kif, skw, sks, st)) != 0) { /* XXX when we have nat_rule/anchors, use STATE_DEC_COUNTERS */ - r->states--; + r->states_cur--; + goto cleanup_state; + } + + return (0); + + cleanup: + error = ENOMEM; + if (skw == sks) + sks = NULL; + if (skw != NULL) + pool_put(&pf_state_key_pl, skw); + if (sks != NULL) + pool_put(&pf_state_key_pl, sks); + + cleanup_state: /* pf_state_insert frees the state keys */ + if (st) { if (st->dst.scrub) pool_put(&pf_state_scrub_pl, st->dst.scrub); if (st->src.scrub) pool_put(&pf_state_scrub_pl, st->src.scrub); pool_put(&pf_state_pl, st); - return (EINVAL); } - - return (0); + return (error); } void @@ -345,6 +445,7 @@ pfsync_input(struct mbuf *m, ...) struct pfsync_softc *sc = pfsyncif; struct pf_state *st; struct pf_state_key *sk; + struct pf_state_item *si; struct pf_state_cmp id_key; struct pfsync_state *sp; struct pfsync_state_upd *up; @@ -358,7 +459,7 @@ pfsync_input(struct mbuf *m, ...) struct in_addr src; struct mbuf *mp; int iplen, action, error, i, s, count, offp, sfail, stale = 0; - u_int8_t chksum_flag = 0; + u_int8_t flags = 0; pfsyncstats.pfsyncs_ipackets++; @@ -413,7 +514,7 @@ pfsync_input(struct mbuf *m, ...) src = ip->ip_src; if (!bcmp(&ph->pf_chksum, &pf_status.pf_chksum, PF_MD5_DIGEST_LENGTH)) - chksum_flag++; + flags |= PFSYNC_SI_CKSUM; switch (action) { case PFSYNC_ACT_CLR: { @@ -444,15 +545,16 @@ pfsync_input(struct mbuf *m, ...) splx(s); return; } - for (sk = RB_MIN(pf_state_tree_lan_ext, - &pf_statetbl_lan_ext); sk; sk = nextsk) { - nextsk = RB_NEXT(pf_state_tree_lan_ext, - &pf_statetbl_lan_ext, sk); - TAILQ_FOREACH(st, &sk->states, next) { - if (st->creatorid == creatorid) { - st->sync_flags |= + /* XXX correct? */ + for (sk = RB_MIN(pf_state_tree, + &pf_statetbl); sk; sk = nextsk) { + nextsk = RB_NEXT(pf_state_tree, + &pf_statetbl, sk); + TAILQ_FOREACH(si, &sk->states, entry) { + if (si->s->creatorid == creatorid) { + si->s->sync_flags |= PFSTATE_FROMSYNC; - pf_unlink_state(st); + pf_unlink_state(si->s); } } } @@ -484,8 +586,7 @@ pfsync_input(struct mbuf *m, ...) continue; } - if ((error = pfsync_insert_net_state(sp, - chksum_flag))) { + if ((error = pfsync_state_import(sp, flags))) { if (error == ENOMEM) { splx(s); goto done; @@ -524,11 +625,11 @@ pfsync_input(struct mbuf *m, ...) st = pf_find_state_byid(&id_key); if (st == NULL) { /* insert the update */ - if (pfsync_insert_net_state(sp, chksum_flag)) + if (pfsync_state_import(sp, flags)) pfsyncstats.pfsyncs_badstate++; continue; } - sk = st->state_key; + sk = st->key[PF_SK_WIRE]; /* XXX right one? */ sfail = 0; if (sk->proto == IPPROTO_TCP) { /* @@ -589,7 +690,7 @@ pfsync_input(struct mbuf *m, ...) } continue; } - pfsync_alloc_scrub_memory(&sp->dst, &st->dst); + pfsync_alloc_scrub_memory(&sp->dst, &st->dst); pf_state_peer_ntoh(&sp->src, &st->src); pf_state_peer_ntoh(&sp->dst, &st->dst); st->expire = ntohl(sp->expire) + time_second; @@ -665,7 +766,7 @@ pfsync_input(struct mbuf *m, ...) pfsyncstats.pfsyncs_badstate++; continue; } - sk = st->state_key; + sk = st->key[PF_SK_WIRE]; /* XXX right one? */ sfail = 0; if (sk->proto == IPPROTO_TCP) { /* @@ -716,7 +817,7 @@ pfsync_input(struct mbuf *m, ...) PFSYNC_FLAG_STALE); continue; } - pfsync_alloc_scrub_memory(&up->dst, &st->dst); + pfsync_alloc_scrub_memory(&up->dst, &st->dst); pf_state_peer_ntoh(&up->src, &st->src); pf_state_peer_ntoh(&up->dst, &st->dst); st->expire = ntohl(up->expire) + time_second; @@ -1117,9 +1218,6 @@ pfsync_pack_state(u_int8_t action, struc struct pfsync_state *sp = NULL; struct pfsync_state_upd *up = NULL; struct pfsync_state_del *dp = NULL; - struct pf_state_key *sk = st->state_key; - struct pf_rule *r; - u_long secs; int s, ret = 0; u_int8_t i = 255, newaction = 0; @@ -1186,8 +1284,6 @@ pfsync_pack_state(u_int8_t action, struc } } - secs = time_second; - st->pfsync_time = time_uptime; if (sp == NULL) { @@ -1199,47 +1295,19 @@ pfsync_pack_state(u_int8_t action, struc h->count++; bzero(sp, sizeof(*sp)); - bcopy(&st->id, sp->id, sizeof(sp->id)); - sp->creatorid = st->creatorid; - - strlcpy(sp->ifname, st->kif->pfik_name, sizeof(sp->ifname)); - pf_state_host_hton(&sk->lan, &sp->lan); - pf_state_host_hton(&sk->gwy, &sp->gwy); - pf_state_host_hton(&sk->ext, &sp->ext); - - bcopy(&st->rt_addr, &sp->rt_addr, sizeof(sp->rt_addr)); - - sp->creation = htonl(secs - st->creation); - pf_state_counter_hton(st->packets[0], sp->packets[0]); - pf_state_counter_hton(st->packets[1], sp->packets[1]); - pf_state_counter_hton(st->bytes[0], sp->bytes[0]); - pf_state_counter_hton(st->bytes[1], sp->bytes[1]); - if ((r = st->rule.ptr) == NULL) - sp->rule = htonl(-1); - else - sp->rule = htonl(r->nr); - if ((r = st->anchor.ptr) == NULL) - sp->anchor = htonl(-1); - else - sp->anchor = htonl(r->nr); - sp->af = sk->af; - sp->proto = sk->proto; - sp->direction = sk->direction; - sp->log = st->log; - sp->allow_opts = st->allow_opts; - sp->timeout = st->timeout; + pfsync_state_export(sp, st); if (flags & PFSYNC_FLAG_STALE) sp->sync_flags |= PFSTATE_STALE; - } - - pf_state_peer_hton(&st->src, &sp->src); - pf_state_peer_hton(&st->dst, &sp->dst); + } else { + pf_state_peer_hton(&st->src, &sp->src); + pf_state_peer_hton(&st->dst, &sp->dst); - if (st->expire <= secs) - sp->expire = htonl(0); - else - sp->expire = htonl(st->expire - secs); + if (st->expire <= time_second) + sp->expire = htonl(0); + else + sp->expire = htonl(st->expire - time_second); + } /* do we need to build "compressed" actions for network transfer? */ if (sc->sc_sync_ifp && flags & PFSYNC_FLAG_COMPRESS) { @@ -1715,7 +1783,7 @@ pfsync_update_tdb(struct tdb *tdb, int o for (i = 0; !pt && i < h->count; i++) { if (tdb->tdb_spi == u->spi && tdb->tdb_sproto == u->sproto && - !bcmp(&tdb->tdb_dst, &u->dst, + !bcmp(&tdb->tdb_dst, &u->dst, SA_LEN(&u->dst.sa))) { pt = u; pt->updates++; Modified: vendor-sys/pf/dist/net/if_pfsync.h ============================================================================== --- vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:23:23 2008 (r185887) +++ vendor-sys/pf/dist/net/if_pfsync.h Wed Dec 10 21:24:31 2008 (r185888) @@ -1,4 +1,4 @@ -/* $OpenBSD: if_pfsync.h,v 1.32 2007/12/14 18:33:37 deraadt Exp $ */ +/* $OpenBSD: if_pfsync.h,v 1.35 2008/06/29 08:42:15 mcbride Exp $ */ /* * Copyright (c) 2001 Michael Shalayeff @@ -146,7 +146,7 @@ extern struct pfsync_softc *pfsyncif; struct pfsync_header { u_int8_t version; -#define PFSYNC_VERSION 3 +#define PFSYNC_VERSION 4 u_int8_t af; u_int8_t action; #define PFSYNC_ACT_CLR 0 /* clear all states */ @@ -205,72 +205,22 @@ struct pfsyncreq { int pfsyncr_authlevel; }; - -/* for copies to/from network */ -#define pf_state_peer_hton(s,d) do { \ - (d)->seqlo = htonl((s)->seqlo); \ - (d)->seqhi = htonl((s)->seqhi); \ - (d)->seqdiff = htonl((s)->seqdiff); \ - (d)->max_win = htons((s)->max_win); \ - (d)->mss = htons((s)->mss); \ - (d)->state = (s)->state; \ - (d)->wscale = (s)->wscale; \ - if ((s)->scrub) { \ - (d)->scrub.pfss_flags = \ - htons((s)->scrub->pfss_flags & PFSS_TIMESTAMP); \ - (d)->scrub.pfss_ttl = (s)->scrub->pfss_ttl; \ - (d)->scrub.pfss_ts_mod = htonl((s)->scrub->pfss_ts_mod);\ - (d)->scrub.scrub_flag = PFSYNC_SCRUB_FLAG_VALID; \ - } \ -} while (0) - -#define pf_state_peer_ntoh(s,d) do { \ - (d)->seqlo = ntohl((s)->seqlo); \ - (d)->seqhi = ntohl((s)->seqhi); \ - (d)->seqdiff = ntohl((s)->seqdiff); \ - (d)->max_win = ntohs((s)->max_win); \ - (d)->mss = ntohs((s)->mss); \ - (d)->state = (s)->state; \ - (d)->wscale = (s)->wscale; \ - if ((s)->scrub.scrub_flag == PFSYNC_SCRUB_FLAG_VALID && \ - (d)->scrub != NULL) { \ - (d)->scrub->pfss_flags = \ - ntohs((s)->scrub.pfss_flags) & PFSS_TIMESTAMP; \ - (d)->scrub->pfss_ttl = (s)->scrub.pfss_ttl; \ - (d)->scrub->pfss_ts_mod = ntohl((s)->scrub.pfss_ts_mod);\ - } \ -} while (0) - -#define pf_state_host_hton(s,d) do { \ - bcopy(&(s)->addr, &(d)->addr, sizeof((d)->addr)); \ - (d)->port = (s)->port; \ -} while (0) - -#define pf_state_host_ntoh(s,d) do { \ - bcopy(&(s)->addr, &(d)->addr, sizeof((d)->addr)); \ - (d)->port = (s)->port; \ -} while (0) - -#define pf_state_counter_hton(s,d) do { \ - d[0] = htonl((s>>32)&0xffffffff); \ - d[1] = htonl(s&0xffffffff); \ -} while (0) - -#define pf_state_counter_ntoh(s,d) do { \ - d = ntohl(s[0]); \ - d = d<<32; \ - d += ntohl(s[1]); \ -} while (0) - #ifdef _KERNEL -void pfsync_input(struct mbuf *, ...); -int pfsync_clear_states(u_int32_t, char *); -int pfsync_pack_state(u_int8_t, struct pf_state *, int); -int pfsync_sysctl(int *, u_int, void *, size_t *, void *, size_t); +void pfsync_input(struct mbuf *, ...); +int pfsync_clear_states(u_int32_t, char *); +int pfsync_pack_state(u_int8_t, struct pf_state *, int); +int pfsync_sysctl(int *, u_int, void *, size_t *, + void *, size_t); +void pfsync_state_export(struct pfsync_state *, + struct pf_state *); + +#define PFSYNC_SI_IOCTL 0x01 +#define PFSYNC_SI_CKSUM 0x02 +int pfsync_state_import(struct pfsync_state *, u_int8_t); #define pfsync_insert_state(st) do { \ if ((st->rule.ptr->rule_flag & PFRULE_NOSYNC) || \ - (st->state_key->proto == IPPROTO_PFSYNC)) \ + (st->key[PF_SK_WIRE]->proto == IPPROTO_PFSYNC)) \ st->sync_flags |= PFSTATE_NOSYNC; \ else if (!st->sync_flags) \ pfsync_pack_state(PFSYNC_ACT_INS, (st), \ Modified: vendor-sys/pf/dist/net/pf.c ============================================================================== --- vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:23:23 2008 (r185887) +++ vendor-sys/pf/dist/net/pf.c Wed Dec 10 21:24:31 2008 (r185888) @@ -1,8 +1,8 @@ -/* $OpenBSD: pf.c,v 1.567 2008/02/20 23:40:13 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.614 2008/08/02 12:34:37 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier - * Copyright (c) 2002,2003 Henning Brauer + * Copyright (c) 2002 - 2008 Henning Brauer * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -98,8 +98,7 @@ */ /* state tables */ -struct pf_state_tree_lan_ext pf_statetbl_lan_ext; -struct pf_state_tree_ext_gwy pf_statetbl_ext_gwy; +struct pf_state_tree pf_statetbl; struct pf_altqqueue pf_altqs[2]; struct pf_palist pf_pabuf; @@ -125,7 +124,7 @@ struct pf_anchor_stackframe { } pf_anchor_stack[64]; struct pool pf_src_tree_pl, pf_rule_pl, pf_pooladdr_pl; -struct pool pf_state_pl, pf_state_key_pl; +struct pool pf_state_pl, pf_state_key_pl, pf_state_item_pl; struct pool pf_altq_pl; void pf_print_host(struct pf_addr *, u_int16_t, u_int8_t); @@ -161,21 +160,41 @@ struct pf_rule *pf_match_translation(st u_int16_t, int); struct pf_rule *pf_get_translation(struct pf_pdesc *, struct mbuf *, int, int, struct pfi_kif *, struct pf_src_node **, - struct pf_addr *, u_int16_t, - struct pf_addr *, u_int16_t, - struct pf_addr *, u_int16_t *); -void pf_attach_state(struct pf_state_key *, - struct pf_state *, int); -void pf_detach_state(struct pf_state *, int); + struct pf_state_key **, struct pf_state_key **, + struct pf_state_key **, struct pf_state_key **, + struct pf_addr *, struct pf_addr *, + u_int16_t, u_int16_t); +void pf_detach_state(struct pf_state *); +int pf_state_key_setup(struct pf_pdesc *, struct pf_rule *, + struct pf_state_key **, struct pf_state_key **, + struct pf_state_key **, struct pf_state_key **, + struct pf_addr *, struct pf_addr *, + u_int16_t, u_int16_t); +void pf_state_key_detach(struct pf_state *, int); u_int32_t pf_tcp_iss(struct pf_pdesc *); int pf_test_rule(struct pf_rule **, struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **, struct ifqueue *); +static __inline int pf_create_state(struct pf_rule *, struct pf_rule *, + struct pf_rule *, struct pf_pdesc *, + struct pf_src_node *, struct pf_state_key *, + struct pf_state_key *, struct pf_state_key *, + struct pf_state_key *, struct mbuf *, int, + u_int16_t, u_int16_t, int *, struct pfi_kif *, + struct pf_state **, int, u_int16_t, u_int16_t, + int); int pf_test_fragment(struct pf_rule **, int, struct pfi_kif *, struct mbuf *, void *, struct pf_pdesc *, struct pf_rule **, struct pf_ruleset **); +int pf_tcp_track_full(struct pf_state_peer *, + struct pf_state_peer *, struct pf_state **, + struct pfi_kif *, struct mbuf *, int, + struct pf_pdesc *, u_short *, int *); +int pf_tcp_track_sloppy(struct pf_state_peer *, + struct pf_state_peer *, struct pf_state **, + struct pf_pdesc *, u_short *); int pf_test_state_tcp(struct pf_state **, int, struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); @@ -186,10 +205,9 @@ int pf_test_state_icmp(struct pf_stat struct pfi_kif *, struct mbuf *, int, void *, struct pf_pdesc *, u_short *); int pf_test_state_other(struct pf_state **, int, - struct pfi_kif *, struct pf_pdesc *); -int pf_match_tag(struct mbuf *, struct pf_rule *, int *); + struct pfi_kif *, struct mbuf *, struct pf_pdesc *); void pf_step_into_anchor(int *, struct pf_ruleset **, int, - struct pf_rule **, struct pf_rule **, int *); + struct pf_rule **, struct pf_rule **, int *); int pf_step_out_of_anchor(int *, struct pf_ruleset **, int, struct pf_rule **, struct pf_rule **, int *); @@ -219,13 +237,14 @@ void pf_set_rt_ifp(struct pf_state *, struct pf_addr *); int pf_check_proto_cksum(struct mbuf *, int, int, u_int8_t, sa_family_t); +struct pf_divert *pf_get_divert(struct mbuf *); +void pf_print_state_parts(struct pf_state *, + struct pf_state_key *, struct pf_state_key *); int pf_addr_wrap_neq(struct pf_addr_wrap *, struct pf_addr_wrap *); struct pf_state *pf_find_state(struct pfi_kif *, - struct pf_state_key_cmp *, u_int); + struct pf_state_key_cmp *, u_int, struct mbuf *); int pf_src_connlimit(struct pf_state **); -void pf_stateins_err(const char *, struct pf_state *, - struct pfi_kif *); int pf_check_congestion(struct ifqueue *); extern struct pool pfr_ktable_pl; @@ -239,54 +258,49 @@ struct pf_pool_limit pf_pool_limits[PF_L { &pfr_kentry_pl, PFR_KENTRY_HIWAT } }; -#define STATE_LOOKUP() \ +#define STATE_LOOKUP(i, k, d, s, m) \ do { \ - *state = pf_find_state(kif, &key, direction); \ - if (*state == NULL || (*state)->timeout == PFTM_PURGE) \ + s = pf_find_state(i, k, d, m); \ + if (s == NULL || (s)->timeout == PFTM_PURGE) \ return (PF_DROP); \ - if (direction == PF_OUT && \ - (((*state)->rule.ptr->rt == PF_ROUTETO && \ - (*state)->rule.ptr->direction == PF_OUT) || \ - ((*state)->rule.ptr->rt == PF_REPLYTO && \ - (*state)->rule.ptr->direction == PF_IN)) && \ - (*state)->rt_kif != NULL && \ - (*state)->rt_kif != kif) \ + if (d == PF_OUT && \ + (((s)->rule.ptr->rt == PF_ROUTETO && \ + (s)->rule.ptr->direction == PF_OUT) || \ + ((s)->rule.ptr->rt == PF_REPLYTO && \ + (s)->rule.ptr->direction == PF_IN)) && \ + (s)->rt_kif != NULL && \ + (s)->rt_kif != i) \ return (PF_PASS); \ } while (0) -#define STATE_TRANSLATE(sk) \ - (sk)->lan.addr.addr32[0] != (sk)->gwy.addr.addr32[0] || \ - ((sk)->af == AF_INET6 && \ - ((sk)->lan.addr.addr32[1] != (sk)->gwy.addr.addr32[1] || \ - (sk)->lan.addr.addr32[2] != (sk)->gwy.addr.addr32[2] || \ - (sk)->lan.addr.addr32[3] != (sk)->gwy.addr.addr32[3])) || \ - (sk)->lan.port != (sk)->gwy.port - #define BOUND_IFACE(r, k) \ ((r)->rule_flag & PFRULE_IFBOUND) ? (k) : pfi_all #define STATE_INC_COUNTERS(s) \ do { \ - s->rule.ptr->states++; \ - if (s->anchor.ptr != NULL) \ - s->anchor.ptr->states++; \ - if (s->nat_rule.ptr != NULL) \ - s->nat_rule.ptr->states++; \ + s->rule.ptr->states_cur++; \ + s->rule.ptr->states_tot++; \ + if (s->anchor.ptr != NULL) { \ + s->anchor.ptr->states_cur++; \ + s->anchor.ptr->states_tot++; \ + } \ + if (s->nat_rule.ptr != NULL) { \ + s->nat_rule.ptr->states_cur++; \ + s->nat_rule.ptr->states_tot++; \ + } \ } while (0) #define STATE_DEC_COUNTERS(s) \ do { \ if (s->nat_rule.ptr != NULL) \ - s->nat_rule.ptr->states--; \ + s->nat_rule.ptr->states_cur--; \ if (s->anchor.ptr != NULL) \ - s->anchor.ptr->states--; \ - s->rule.ptr->states--; \ + s->anchor.ptr->states_cur--; \ + s->rule.ptr->states_cur--; \ } while (0) static __inline int pf_src_compare(struct pf_src_node *, struct pf_src_node *); -static __inline int pf_state_compare_lan_ext(struct pf_state_key *, - struct pf_state_key *); -static __inline int pf_state_compare_ext_gwy(struct pf_state_key *, +static __inline int pf_state_compare_key(struct pf_state_key *, struct pf_state_key *); static __inline int pf_state_compare_id(struct pf_state *, struct pf_state *); @@ -297,16 +311,10 @@ struct pf_state_tree_id tree_id; struct pf_state_queue state_list; RB_GENERATE(pf_src_tree, pf_src_node, entry, pf_src_compare); -RB_GENERATE(pf_state_tree_lan_ext, pf_state_key, - entry_lan_ext, pf_state_compare_lan_ext); -RB_GENERATE(pf_state_tree_ext_gwy, pf_state_key, - entry_ext_gwy, pf_state_compare_ext_gwy); +RB_GENERATE(pf_state_tree, pf_state_key, entry, pf_state_compare_key); RB_GENERATE(pf_state_tree_id, pf_state, entry_id, pf_state_compare_id); -#define PF_DT_SKIP_LANEXT 0x01 -#define PF_DT_SKIP_EXTGWY 0x02 - static __inline int pf_src_compare(struct pf_src_node *a, struct pf_src_node *b) { @@ -351,157 +359,6 @@ pf_src_compare(struct pf_src_node *a, st return (0); } -static __inline int -pf_state_compare_lan_ext(struct pf_state_key *a, struct pf_state_key *b) -{ - int diff; - - if ((diff = a->proto - b->proto) != 0) - return (diff); - if ((diff = a->af - b->af) != 0) - return (diff); - switch (a->af) { -#ifdef INET - case AF_INET: - if (a->lan.addr.addr32[0] > b->lan.addr.addr32[0]) - return (1); - if (a->lan.addr.addr32[0] < b->lan.addr.addr32[0]) - return (-1); - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - break; -#endif /* INET */ -#ifdef INET6 - case AF_INET6: - if (a->lan.addr.addr32[3] > b->lan.addr.addr32[3]) - return (1); - if (a->lan.addr.addr32[3] < b->lan.addr.addr32[3]) - return (-1); - if (a->ext.addr.addr32[3] > b->ext.addr.addr32[3]) - return (1); - if (a->ext.addr.addr32[3] < b->ext.addr.addr32[3]) - return (-1); - if (a->lan.addr.addr32[2] > b->lan.addr.addr32[2]) - return (1); - if (a->lan.addr.addr32[2] < b->lan.addr.addr32[2]) - return (-1); - if (a->ext.addr.addr32[2] > b->ext.addr.addr32[2]) - return (1); - if (a->ext.addr.addr32[2] < b->ext.addr.addr32[2]) - return (-1); - if (a->lan.addr.addr32[1] > b->lan.addr.addr32[1]) - return (1); - if (a->lan.addr.addr32[1] < b->lan.addr.addr32[1]) - return (-1); - if (a->ext.addr.addr32[1] > b->ext.addr.addr32[1]) - return (1); - if (a->ext.addr.addr32[1] < b->ext.addr.addr32[1]) - return (-1); - if (a->lan.addr.addr32[0] > b->lan.addr.addr32[0]) - return (1); - if (a->lan.addr.addr32[0] < b->lan.addr.addr32[0]) - return (-1); - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - break; -#endif /* INET6 */ - } - - if ((diff = a->lan.port - b->lan.port) != 0) - return (diff); - if ((diff = a->ext.port - b->ext.port) != 0) - return (diff); - - return (0); -} - -static __inline int -pf_state_compare_ext_gwy(struct pf_state_key *a, struct pf_state_key *b) -{ - int diff; - - if ((diff = a->proto - b->proto) != 0) - return (diff); - if ((diff = a->af - b->af) != 0) - return (diff); - switch (a->af) { -#ifdef INET - case AF_INET: - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - if (a->gwy.addr.addr32[0] > b->gwy.addr.addr32[0]) - return (1); - if (a->gwy.addr.addr32[0] < b->gwy.addr.addr32[0]) - return (-1); - break; -#endif /* INET */ -#ifdef INET6 - case AF_INET6: - if (a->ext.addr.addr32[3] > b->ext.addr.addr32[3]) - return (1); - if (a->ext.addr.addr32[3] < b->ext.addr.addr32[3]) - return (-1); - if (a->gwy.addr.addr32[3] > b->gwy.addr.addr32[3]) - return (1); - if (a->gwy.addr.addr32[3] < b->gwy.addr.addr32[3]) - return (-1); - if (a->ext.addr.addr32[2] > b->ext.addr.addr32[2]) - return (1); - if (a->ext.addr.addr32[2] < b->ext.addr.addr32[2]) - return (-1); - if (a->gwy.addr.addr32[2] > b->gwy.addr.addr32[2]) - return (1); - if (a->gwy.addr.addr32[2] < b->gwy.addr.addr32[2]) - return (-1); - if (a->ext.addr.addr32[1] > b->ext.addr.addr32[1]) - return (1); - if (a->ext.addr.addr32[1] < b->ext.addr.addr32[1]) - return (-1); - if (a->gwy.addr.addr32[1] > b->gwy.addr.addr32[1]) - return (1); - if (a->gwy.addr.addr32[1] < b->gwy.addr.addr32[1]) - return (-1); - if (a->ext.addr.addr32[0] > b->ext.addr.addr32[0]) - return (1); - if (a->ext.addr.addr32[0] < b->ext.addr.addr32[0]) - return (-1); - if (a->gwy.addr.addr32[0] > b->gwy.addr.addr32[0]) - return (1); - if (a->gwy.addr.addr32[0] < b->gwy.addr.addr32[0]) - return (-1); - break; -#endif /* INET6 */ - } - - if ((diff = a->ext.port - b->ext.port) != 0) - return (diff); - if ((diff = a->gwy.port - b->gwy.port) != 0) - return (diff); - - return (0); -} - -static __inline int -pf_state_compare_id(struct pf_state *a, struct pf_state *b) -{ - if (a->id > b->id) - return (1); - if (a->id < b->id) - return (-1); - if (a->creatorid > b->creatorid) - return (1); - if (a->creatorid < b->creatorid) - return (-1); - - return (0); -} - #ifdef INET6 void pf_addrcpy(struct pf_addr *dst, struct pf_addr *src, sa_family_t af) @@ -522,77 +379,6 @@ pf_addrcpy(struct pf_addr *dst, struct p } #endif /* INET6 */ -struct pf_state * -pf_find_state_byid(struct pf_state_cmp *key) -{ - pf_status.fcounters[FCNT_STATE_SEARCH]++; - - return (RB_FIND(pf_state_tree_id, &tree_id, (struct pf_state *)key)); -} - -struct pf_state * -pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir) -{ - struct pf_state_key *sk; - struct pf_state *s; - - pf_status.fcounters[FCNT_STATE_SEARCH]++; - - switch (dir) { - case PF_OUT: - sk = RB_FIND(pf_state_tree_lan_ext, &pf_statetbl_lan_ext, - (struct pf_state_key *)key); - break; - case PF_IN: - sk = RB_FIND(pf_state_tree_ext_gwy, &pf_statetbl_ext_gwy, - (struct pf_state_key *)key); - break; - default: - panic("pf_find_state"); - } - - /* list is sorted, if-bound states before floating ones */ - if (sk != NULL) - TAILQ_FOREACH(s, &sk->states, next) - if (s->kif == pfi_all || s->kif == kif) - return (s); - - return (NULL); -} - -struct pf_state * -pf_find_state_all(struct pf_state_key_cmp *key, u_int dir, int *more) -{ - struct pf_state_key *sk; - struct pf_state *s, *ret = NULL; - - pf_status.fcounters[FCNT_STATE_SEARCH]++; - - switch (dir) { - case PF_OUT: *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:24:58 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E23511065688; Wed, 10 Dec 2008 21:24:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B611B8FC14; Wed, 10 Dec 2008 21:24:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALOweX043497; Wed, 10 Dec 2008 21:24:58 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALOwOB043496; Wed, 10 Dec 2008 21:24:58 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102124.mBALOwOB043496@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:24:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185889 - vendor-sys/pf/4.4 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:24:59 -0000 Author: mlaier Date: Wed Dec 10 21:24:58 2008 New Revision: 185889 URL: http://svn.freebsd.org/changeset/base/185889 Log: Tag for pf 4.4 Added: vendor-sys/pf/4.4/ - copied from r185888, vendor-sys/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:24:59 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 146971065691; Wed, 10 Dec 2008 21:24:59 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id DCBE08FC19; Wed, 10 Dec 2008 21:24:58 +0000 (UTC) (envelope-from mlaier@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBALOwaq043502; Wed, 10 Dec 2008 21:24:58 GMT (envelope-from mlaier@svn.freebsd.org) Received: (from mlaier@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBALOwW3043501; Wed, 10 Dec 2008 21:24:58 GMT (envelope-from mlaier@svn.freebsd.org) Message-Id: <200812102124.mBALOwW3043501@svn.freebsd.org> From: Max Laier Date: Wed, 10 Dec 2008 21:24:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r185889 - vendor-sys/pf/4.4 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:24:59 -0000 Author: mlaier Date: Wed Dec 10 21:24:58 2008 New Revision: 185889 URL: http://svn.freebsd.org/changeset/base/185889 Log: Tag for pf 4.4 Added: vendor-sys/pf/4.4/ - copied from r185888, vendor-sys/pf/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:31:13 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E444D1065670; Wed, 10 Dec 2008 21:31:13 +0000 (UTC) (envelope-from prvs=julian=223e0e01c@elischer.org) Received: from smtp-outbound.ironport.com (smtp-outbound.ironport.com [63.251.108.112]) by mx1.freebsd.org (Postfix) with ESMTP id C06608FC13; Wed, 10 Dec 2008 21:31:13 +0000 (UTC) (envelope-from prvs=julian=223e0e01c@elischer.org) Received: from unknown (HELO julian-mac.elischer.org) ([10.251.60.167]) by smtp-outbound.ironport.com with ESMTP; 10 Dec 2008 13:02:36 -0800 Message-ID: <49402E6B.3010206@elischer.org> Date: Wed, 10 Dec 2008 13:02:35 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.18 (Macintosh/20081105) MIME-Version: 1.0 To: Max Laier References: <200812102059.mBAKxQu3042532@svn.freebsd.org> In-Reply-To: <200812102059.mBAKxQu3042532@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-all@freebsd.org, src-committers@freebsd.org, svn-src-vendor@freebsd.org Subject: Re: svn commit: r185880 - in vendor/pf/dist: authpf ftp-proxy man pfctl pflogd X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:31:14 -0000 Max Laier wrote: > Author: mlaier > Date: Wed Dec 10 20:59:26 2008 > New Revision: 185880 > URL: http://svn.freebsd.org/changeset/base/185880 > > Log: > Import OPENBSD_4_3_BASE > so, how do we go about virtualizing this? and I don't like our chances of getting virtualized macros into the openbsd sources.... From owner-svn-src-vendor@FreeBSD.ORG Wed Dec 10 21:56:32 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F5B11065673 for ; Wed, 10 Dec 2008 21:56:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id 921038FC12 for ; Wed, 10 Dec 2008 21:56:31 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-005-194.pools.arcor-ip.net [88.66.5.194]) by mrelayeu.kundenserver.de (node=mrelayeu7) with ESMTP (Nemesis) id 0ML2xA-1LAWqZ2k12-0005KO; Wed, 10 Dec 2008 22:43:56 +0100 Received: (qmail 40225 invoked from network); 10 Dec 2008 21:43:55 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 10 Dec 2008 21:43:55 -0000 From: Max Laier Organization: FreeBSD To: Julian Elischer , src-committers@freebsd.org Date: Wed, 10 Dec 2008 22:43:54 +0100 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <200812102059.mBAKxQu3042532@svn.freebsd.org> <49402E6B.3010206@elischer.org> In-Reply-To: <49402E6B.3010206@elischer.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200812102243.54975.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+LHWmr5tmvQvRPLMytWcoUI+XrVrCnzDiNLUB T6IFb1GDfp6/12gvIJEXtV/s97IAkQKH6gj7rNSJfAKZKPY2To u96XthLQRdMFZV6O+wNFQ== Cc: svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: Re: svn commit: r185880 - in vendor/pf/dist: authpf ftp-proxy man pfctl pflogd X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Dec 2008 21:56:32 -0000 On Wednesday 10 December 2008 22:02:35 Julian Elischer wrote: > Max Laier wrote: > > Author: mlaier > > Date: Wed Dec 10 20:59:26 2008 > > New Revision: 185880 > > URL: http://svn.freebsd.org/changeset/base/185880 > > > > Log: > > Import OPENBSD_4_3_BASE > > so, how do we go about virtualizing this? > and I don't like our chances of getting virtualized macros into the > openbsd sources.... Yeah, most likely a no-go. From what I understand, Marko has a virtualized version of what's in the tree now and I don't intend to void that work by blindly dumping the new version in head and have him deal with it. It will take some time to get the import done and I'll do it in my user dir. Once this is in somewhat usable shape I'll start looking at the V_ stuff and how to best go about merging it. FWIW, it might be easier to virtualize the new version as it greatly reduces code duplication in some relevant areas. If you are ready to commit the 2nd half of the vnet stuff in the meantime, please go ahead and do so. I'll figure out how to deal with it. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-svn-src-vendor@FreeBSD.ORG Thu Dec 11 00:28:22 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 89D411065670; Thu, 11 Dec 2008 00:28:22 +0000 (UTC) (envelope-from zec@icir.org) Received: from xaqua.tel.fer.hr (xaqua.tel.fer.hr [161.53.19.25]) by mx1.freebsd.org (Postfix) with ESMTP id D347C8FC12; Thu, 11 Dec 2008 00:28:21 +0000 (UTC) (envelope-from zec@icir.org) Received: by xaqua.tel.fer.hr (Postfix, from userid 20006) id 5E3F49B649; Thu, 11 Dec 2008 01:04:38 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on xaqua.tel.fer.hr X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.1.7 Received: from [192.168.200.110] (zec2.tel.fer.hr [161.53.19.79]) by xaqua.tel.fer.hr (Postfix) with ESMTP id 584569B645; Thu, 11 Dec 2008 01:04:37 +0100 (CET) From: Marko Zec To: Max Laier Date: Thu, 11 Dec 2008 01:04:29 +0100 User-Agent: KMail/1.9.7 References: <200812102059.mBAKxQu3042532@svn.freebsd.org> <49402E6B.3010206@elischer.org> <200812102243.54975.max@love2party.net> In-Reply-To: <200812102243.54975.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200812110104.29592.zec@icir.org> Cc: svn-src-vendor@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer Subject: Re: svn commit: r185880 - in vendor/pf/dist: authpf ftp-proxy man pfctl pflogd X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2008 00:28:22 -0000 On Wednesday 10 December 2008 22:43:54 Max Laier wrote: > On Wednesday 10 December 2008 22:02:35 Julian Elischer wrote: > > Max Laier wrote: > > > Author: mlaier > > > Date: Wed Dec 10 20:59:26 2008 > > > New Revision: 185880 > > > URL: http://svn.freebsd.org/changeset/base/185880 > > > > > > Log: > > > Import OPENBSD_4_3_BASE > > > > so, how do we go about virtualizing this? > > and I don't like our chances of getting virtualized macros into the > > openbsd sources.... > > Yeah, most likely a no-go. From what I understand, Marko has a > virtualized version of what's in the tree now and I don't intend to > void that work by blindly dumping the new version in head and have > him deal with it. I _had_ a virtualized version that become obsolete with the import of then new PF version around May 2007... Given that virtualizing PF isn't quite a trivial task, I was reluctant to spent another full week or so on crunching the current version of PF that we have in the tree, just to see it becoming obsolete again and again. > It will take some time to get the import done and I'll do it in my > user dir. Once this is in somewhat usable shape I'll start looking at > the V_ stuff and how to best go about merging it. FWIW, it might be > easier to virtualize the new version as it greatly reduces code > duplication in some relevant areas. Great! So from my perspective by all means pls. go ahead and proceed with merging the latest PF to head, and by the time that will be done, we'll also have more than enough of virtualization infrastructure in the tree to justify another round of PF virtualization game. Of course we should start thinking on what tricks would be best suited for PF virtualization while still permitting code syncing with OpenBSD. Marko > If you are ready to commit the 2nd half of the vnet stuff in the > meantime, please go ahead and do so. I'll figure out how to deal > with it. From owner-svn-src-vendor@FreeBSD.ORG Sat Dec 13 22:45:26 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6ED431065672; Sat, 13 Dec 2008 22:45:26 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 575F58FC1F; Sat, 13 Dec 2008 22:45:26 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBDMjQ1M042052; Sat, 13 Dec 2008 22:45:26 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBDMjOsU042019; Sat, 13 Dec 2008 22:45:24 GMT (envelope-from des@svn.freebsd.org) Message-Id: <200812132245.mBDMjOsU042019@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Sat, 13 Dec 2008 22:45:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186063 - in vendor/openpam: CALAMITE CALAMITE/bin CALAMITE/bin/su CALAMITE/contrib CALAMITE/doc CALAMITE/doc/man CALAMITE/include CALAMITE/include/security CALAMITE/lib CALAMITE/module... X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 22:45:26 -0000 Author: des Date: Sat Dec 13 22:45:22 2008 New Revision: 186063 URL: http://svn.freebsd.org/changeset/base/186063 Log: Flatten and clean up. Added: vendor/openpam/CALAMITE/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/HISTORY vendor/openpam/CALAMITE/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/INSTALL vendor/openpam/CALAMITE/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/LICENSE vendor/openpam/CALAMITE/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/MANIFEST vendor/openpam/CALAMITE/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/Makefile vendor/openpam/CALAMITE/README (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/README vendor/openpam/CALAMITE/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CALAMITE/contrib/openpam/RELNOTES vendor/openpam/CALAMITE/bin/ - copied from r186060, vendor/openpam/CALAMITE/contrib/openpam/bin/ vendor/openpam/CALAMITE/doc/ - copied from r186060, vendor/openpam/CALAMITE/contrib/openpam/doc/ vendor/openpam/CALAMITE/include/ - copied from r186060, vendor/openpam/CALAMITE/contrib/openpam/include/ vendor/openpam/CALAMITE/lib/ - copied from r186060, vendor/openpam/CALAMITE/contrib/openpam/lib/ vendor/openpam/CALAMITE/modules/ - copied from r186060, vendor/openpam/CALAMITE/contrib/openpam/modules/ vendor/openpam/CALIOPSIS/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/HISTORY vendor/openpam/CALIOPSIS/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/INSTALL vendor/openpam/CALIOPSIS/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/LICENSE vendor/openpam/CALIOPSIS/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/MANIFEST vendor/openpam/CALIOPSIS/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/Makefile vendor/openpam/CALIOPSIS/README (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/README vendor/openpam/CALIOPSIS/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/RELNOTES vendor/openpam/CALIOPSIS/bin/ - copied from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/bin/ vendor/openpam/CALIOPSIS/doc/ - copied from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/doc/ vendor/openpam/CALIOPSIS/include/ - copied from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/include/ vendor/openpam/CALIOPSIS/lib/ - copied from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/lib/ vendor/openpam/CALIOPSIS/modules/ - copied from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/modules/ vendor/openpam/CANTALOUPE/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/HISTORY vendor/openpam/CANTALOUPE/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/INSTALL vendor/openpam/CANTALOUPE/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/LICENSE vendor/openpam/CANTALOUPE/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/MANIFEST vendor/openpam/CANTALOUPE/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/Makefile vendor/openpam/CANTALOUPE/README (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/README vendor/openpam/CANTALOUPE/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/RELNOTES vendor/openpam/CANTALOUPE/bin/ - copied from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/bin/ vendor/openpam/CANTALOUPE/doc/ - copied from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/doc/ vendor/openpam/CANTALOUPE/include/ - copied from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/include/ vendor/openpam/CANTALOUPE/lib/ - copied from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/lib/ vendor/openpam/CANTALOUPE/misc/ - copied from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/misc/ vendor/openpam/CANTALOUPE/modules/ - copied from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/modules/ vendor/openpam/CELANDINE/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/HISTORY vendor/openpam/CELANDINE/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/INSTALL vendor/openpam/CELANDINE/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/LICENSE vendor/openpam/CELANDINE/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/MANIFEST vendor/openpam/CELANDINE/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/Makefile vendor/openpam/CELANDINE/README (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/README vendor/openpam/CELANDINE/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CELANDINE/contrib/openpam/RELNOTES vendor/openpam/CELANDINE/bin/ - copied from r186060, vendor/openpam/CELANDINE/contrib/openpam/bin/ vendor/openpam/CELANDINE/doc/ - copied from r186060, vendor/openpam/CELANDINE/contrib/openpam/doc/ vendor/openpam/CELANDINE/include/ - copied from r186060, vendor/openpam/CELANDINE/contrib/openpam/include/ vendor/openpam/CELANDINE/lib/ - copied from r186060, vendor/openpam/CELANDINE/contrib/openpam/lib/ vendor/openpam/CELANDINE/misc/ - copied from r186060, vendor/openpam/CELANDINE/contrib/openpam/misc/ vendor/openpam/CELANDINE/modules/ - copied from r186060, vendor/openpam/CELANDINE/contrib/openpam/modules/ vendor/openpam/CENTAURY/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/HISTORY vendor/openpam/CENTAURY/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/INSTALL vendor/openpam/CENTAURY/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/LICENSE vendor/openpam/CENTAURY/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/MANIFEST vendor/openpam/CENTAURY/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/Makefile vendor/openpam/CENTAURY/README (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/README vendor/openpam/CENTAURY/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CENTAURY/contrib/openpam/RELNOTES vendor/openpam/CENTAURY/bin/ - copied from r186060, vendor/openpam/CENTAURY/contrib/openpam/bin/ vendor/openpam/CENTAURY/doc/ - copied from r186060, vendor/openpam/CENTAURY/contrib/openpam/doc/ vendor/openpam/CENTAURY/include/ - copied from r186060, vendor/openpam/CENTAURY/contrib/openpam/include/ vendor/openpam/CENTAURY/lib/ - copied from r186060, vendor/openpam/CENTAURY/contrib/openpam/lib/ vendor/openpam/CENTAURY/misc/ - copied from r186060, vendor/openpam/CENTAURY/contrib/openpam/misc/ vendor/openpam/CENTAURY/modules/ - copied from r186060, vendor/openpam/CENTAURY/contrib/openpam/modules/ vendor/openpam/CINCHONA/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/CREDITS vendor/openpam/CINCHONA/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/HISTORY vendor/openpam/CINCHONA/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/INSTALL vendor/openpam/CINCHONA/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/LICENSE vendor/openpam/CINCHONA/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/MANIFEST vendor/openpam/CINCHONA/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/Makefile vendor/openpam/CINCHONA/README (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/README vendor/openpam/CINCHONA/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CINCHONA/contrib/openpam/RELNOTES vendor/openpam/CINCHONA/bin/ - copied from r186060, vendor/openpam/CINCHONA/contrib/openpam/bin/ vendor/openpam/CINCHONA/doc/ - copied from r186060, vendor/openpam/CINCHONA/contrib/openpam/doc/ vendor/openpam/CINCHONA/include/ - copied from r186060, vendor/openpam/CINCHONA/contrib/openpam/include/ vendor/openpam/CINCHONA/lib/ - copied from r186060, vendor/openpam/CINCHONA/contrib/openpam/lib/ vendor/openpam/CINCHONA/misc/ - copied from r186060, vendor/openpam/CINCHONA/contrib/openpam/misc/ vendor/openpam/CINCHONA/modules/ - copied from r186060, vendor/openpam/CINCHONA/contrib/openpam/modules/ vendor/openpam/CINERARIA/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/CREDITS vendor/openpam/CINERARIA/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/HISTORY vendor/openpam/CINERARIA/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/INSTALL vendor/openpam/CINERARIA/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/LICENSE vendor/openpam/CINERARIA/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/MANIFEST vendor/openpam/CINERARIA/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/Makefile vendor/openpam/CINERARIA/README (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/README vendor/openpam/CINERARIA/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CINERARIA/contrib/openpam/RELNOTES vendor/openpam/CINERARIA/bin/ - copied from r186060, vendor/openpam/CINERARIA/contrib/openpam/bin/ vendor/openpam/CINERARIA/doc/ - copied from r186060, vendor/openpam/CINERARIA/contrib/openpam/doc/ vendor/openpam/CINERARIA/include/ - copied from r186060, vendor/openpam/CINERARIA/contrib/openpam/include/ vendor/openpam/CINERARIA/lib/ - copied from r186060, vendor/openpam/CINERARIA/contrib/openpam/lib/ vendor/openpam/CINERARIA/misc/ - copied from r186060, vendor/openpam/CINERARIA/contrib/openpam/misc/ vendor/openpam/CINERARIA/modules/ - copied from r186060, vendor/openpam/CINERARIA/contrib/openpam/modules/ vendor/openpam/CINNAMON/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/CREDITS vendor/openpam/CINNAMON/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/HISTORY vendor/openpam/CINNAMON/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/INSTALL vendor/openpam/CINNAMON/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/LICENSE vendor/openpam/CINNAMON/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/MANIFEST vendor/openpam/CINNAMON/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/Makefile vendor/openpam/CINNAMON/README (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/README vendor/openpam/CINNAMON/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CINNAMON/contrib/openpam/RELNOTES vendor/openpam/CINNAMON/bin/ - copied from r186060, vendor/openpam/CINNAMON/contrib/openpam/bin/ vendor/openpam/CINNAMON/doc/ - copied from r186060, vendor/openpam/CINNAMON/contrib/openpam/doc/ vendor/openpam/CINNAMON/include/ - copied from r186060, vendor/openpam/CINNAMON/contrib/openpam/include/ vendor/openpam/CINNAMON/lib/ - copied from r186060, vendor/openpam/CINNAMON/contrib/openpam/lib/ vendor/openpam/CINNAMON/misc/ - copied from r186060, vendor/openpam/CINNAMON/contrib/openpam/misc/ vendor/openpam/CINNAMON/modules/ - copied from r186060, vendor/openpam/CINNAMON/contrib/openpam/modules/ vendor/openpam/CINQUEFOIL/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/CREDITS vendor/openpam/CINQUEFOIL/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/HISTORY vendor/openpam/CINQUEFOIL/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/INSTALL vendor/openpam/CINQUEFOIL/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/LICENSE vendor/openpam/CINQUEFOIL/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/MANIFEST vendor/openpam/CINQUEFOIL/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/Makefile vendor/openpam/CINQUEFOIL/README (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/README vendor/openpam/CINQUEFOIL/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/RELNOTES vendor/openpam/CINQUEFOIL/bin/ - copied from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/bin/ vendor/openpam/CINQUEFOIL/doc/ - copied from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/doc/ vendor/openpam/CINQUEFOIL/include/ - copied from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/include/ vendor/openpam/CINQUEFOIL/lib/ - copied from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/lib/ vendor/openpam/CINQUEFOIL/misc/ - copied from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/misc/ vendor/openpam/CINQUEFOIL/modules/ - copied from r186060, vendor/openpam/CINQUEFOIL/contrib/openpam/modules/ vendor/openpam/CITRONELLA/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/CREDITS vendor/openpam/CITRONELLA/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/HISTORY vendor/openpam/CITRONELLA/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/INSTALL vendor/openpam/CITRONELLA/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/LICENSE vendor/openpam/CITRONELLA/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/MANIFEST vendor/openpam/CITRONELLA/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/Makefile vendor/openpam/CITRONELLA/README (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/README vendor/openpam/CITRONELLA/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CITRONELLA/contrib/openpam/RELNOTES vendor/openpam/CITRONELLA/bin/ - copied from r186060, vendor/openpam/CITRONELLA/contrib/openpam/bin/ vendor/openpam/CITRONELLA/doc/ - copied from r186060, vendor/openpam/CITRONELLA/contrib/openpam/doc/ vendor/openpam/CITRONELLA/include/ - copied from r186060, vendor/openpam/CITRONELLA/contrib/openpam/include/ vendor/openpam/CITRONELLA/lib/ - copied from r186060, vendor/openpam/CITRONELLA/contrib/openpam/lib/ vendor/openpam/CITRONELLA/misc/ - copied from r186060, vendor/openpam/CITRONELLA/contrib/openpam/misc/ vendor/openpam/CITRONELLA/modules/ - copied from r186060, vendor/openpam/CITRONELLA/contrib/openpam/modules/ vendor/openpam/CYCLAMEN/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/CREDITS vendor/openpam/CYCLAMEN/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/HISTORY vendor/openpam/CYCLAMEN/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/INSTALL vendor/openpam/CYCLAMEN/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/LICENSE vendor/openpam/CYCLAMEN/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/MANIFEST vendor/openpam/CYCLAMEN/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/Makefile vendor/openpam/CYCLAMEN/README (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/README vendor/openpam/CYCLAMEN/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/RELNOTES vendor/openpam/CYCLAMEN/bin/ - copied from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/bin/ vendor/openpam/CYCLAMEN/doc/ - copied from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/doc/ vendor/openpam/CYCLAMEN/include/ - copied from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/include/ vendor/openpam/CYCLAMEN/lib/ - copied from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/lib/ vendor/openpam/CYCLAMEN/misc/ - copied from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/misc/ vendor/openpam/CYCLAMEN/modules/ - copied from r186060, vendor/openpam/CYCLAMEN/contrib/openpam/modules/ vendor/openpam/DAFFODIL/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/CREDITS vendor/openpam/DAFFODIL/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/HISTORY vendor/openpam/DAFFODIL/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/INSTALL vendor/openpam/DAFFODIL/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/LICENSE vendor/openpam/DAFFODIL/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/MANIFEST vendor/openpam/DAFFODIL/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/Makefile vendor/openpam/DAFFODIL/README (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/README vendor/openpam/DAFFODIL/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/DAFFODIL/contrib/openpam/RELNOTES vendor/openpam/DAFFODIL/bin/ - copied from r186060, vendor/openpam/DAFFODIL/contrib/openpam/bin/ vendor/openpam/DAFFODIL/doc/ - copied from r186060, vendor/openpam/DAFFODIL/contrib/openpam/doc/ vendor/openpam/DAFFODIL/include/ - copied from r186060, vendor/openpam/DAFFODIL/contrib/openpam/include/ vendor/openpam/DAFFODIL/lib/ - copied from r186060, vendor/openpam/DAFFODIL/contrib/openpam/lib/ vendor/openpam/DAFFODIL/misc/ - copied from r186060, vendor/openpam/DAFFODIL/contrib/openpam/misc/ vendor/openpam/DAFFODIL/modules/ - copied from r186060, vendor/openpam/DAFFODIL/contrib/openpam/modules/ vendor/openpam/DIANTHUS/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/CREDITS vendor/openpam/DIANTHUS/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/HISTORY vendor/openpam/DIANTHUS/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/INSTALL vendor/openpam/DIANTHUS/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/LICENSE vendor/openpam/DIANTHUS/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/MANIFEST vendor/openpam/DIANTHUS/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/Makefile vendor/openpam/DIANTHUS/README (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/README vendor/openpam/DIANTHUS/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/DIANTHUS/contrib/openpam/RELNOTES vendor/openpam/DIANTHUS/bin/ - copied from r186060, vendor/openpam/DIANTHUS/contrib/openpam/bin/ vendor/openpam/DIANTHUS/doc/ - copied from r186060, vendor/openpam/DIANTHUS/contrib/openpam/doc/ vendor/openpam/DIANTHUS/include/ - copied from r186060, vendor/openpam/DIANTHUS/contrib/openpam/include/ vendor/openpam/DIANTHUS/lib/ - copied from r186060, vendor/openpam/DIANTHUS/contrib/openpam/lib/ vendor/openpam/DIANTHUS/misc/ - copied from r186060, vendor/openpam/DIANTHUS/contrib/openpam/misc/ vendor/openpam/DIANTHUS/modules/ - copied from r186060, vendor/openpam/DIANTHUS/contrib/openpam/modules/ vendor/openpam/DIGITALIS/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/CREDITS vendor/openpam/DIGITALIS/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/HISTORY vendor/openpam/DIGITALIS/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/INSTALL vendor/openpam/DIGITALIS/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/LICENSE vendor/openpam/DIGITALIS/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/MANIFEST vendor/openpam/DIGITALIS/Makefile (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/Makefile vendor/openpam/DIGITALIS/Makefile.inc (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/Makefile.inc vendor/openpam/DIGITALIS/README (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/README vendor/openpam/DIGITALIS/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/DIGITALIS/contrib/openpam/RELNOTES vendor/openpam/DIGITALIS/bin/ - copied from r186060, vendor/openpam/DIGITALIS/contrib/openpam/bin/ vendor/openpam/DIGITALIS/doc/ - copied from r186060, vendor/openpam/DIGITALIS/contrib/openpam/doc/ vendor/openpam/DIGITALIS/include/ - copied from r186060, vendor/openpam/DIGITALIS/contrib/openpam/include/ vendor/openpam/DIGITALIS/lib/ - copied from r186060, vendor/openpam/DIGITALIS/contrib/openpam/lib/ vendor/openpam/DIGITALIS/misc/ - copied from r186060, vendor/openpam/DIGITALIS/contrib/openpam/misc/ vendor/openpam/DIGITALIS/modules/ - copied from r186060, vendor/openpam/DIGITALIS/contrib/openpam/modules/ vendor/openpam/DOGWOOD/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/CREDITS vendor/openpam/DOGWOOD/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/HISTORY vendor/openpam/DOGWOOD/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/INSTALL vendor/openpam/DOGWOOD/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/LICENSE vendor/openpam/DOGWOOD/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/MANIFEST vendor/openpam/DOGWOOD/Makefile.am (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/Makefile.am vendor/openpam/DOGWOOD/Makefile.in (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/Makefile.in vendor/openpam/DOGWOOD/README (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/README vendor/openpam/DOGWOOD/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/RELNOTES vendor/openpam/DOGWOOD/aclocal.m4 (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/aclocal.m4 vendor/openpam/DOGWOOD/autogen.sh (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/autogen.sh vendor/openpam/DOGWOOD/bin/ - copied from r186060, vendor/openpam/DOGWOOD/contrib/openpam/bin/ vendor/openpam/DOGWOOD/config.guess (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/config.guess vendor/openpam/DOGWOOD/config.h.in (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/config.h.in vendor/openpam/DOGWOOD/config.sub (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/config.sub vendor/openpam/DOGWOOD/configure (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/configure vendor/openpam/DOGWOOD/configure.in (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/configure.in vendor/openpam/DOGWOOD/depcomp (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/depcomp vendor/openpam/DOGWOOD/doc/ - copied from r186060, vendor/openpam/DOGWOOD/contrib/openpam/doc/ vendor/openpam/DOGWOOD/include/ - copied from r186060, vendor/openpam/DOGWOOD/contrib/openpam/include/ vendor/openpam/DOGWOOD/install-sh (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/install-sh vendor/openpam/DOGWOOD/lib/ - copied from r186060, vendor/openpam/DOGWOOD/contrib/openpam/lib/ vendor/openpam/DOGWOOD/ltconfig (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/ltconfig vendor/openpam/DOGWOOD/ltmain.sh (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/ltmain.sh vendor/openpam/DOGWOOD/misc/ - copied from r186060, vendor/openpam/DOGWOOD/contrib/openpam/misc/ vendor/openpam/DOGWOOD/missing (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/missing vendor/openpam/DOGWOOD/mkinstalldirs (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/mkinstalldirs vendor/openpam/DOGWOOD/modules/ - copied from r186060, vendor/openpam/DOGWOOD/contrib/openpam/modules/ vendor/openpam/DOGWOOD/stamp-h.in (props changed) - copied unchanged from r186060, vendor/openpam/DOGWOOD/contrib/openpam/stamp-h.in vendor/openpam/EELGRASS/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/CREDITS vendor/openpam/EELGRASS/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/HISTORY vendor/openpam/EELGRASS/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/INSTALL vendor/openpam/EELGRASS/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/LICENSE vendor/openpam/EELGRASS/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/MANIFEST vendor/openpam/EELGRASS/Makefile.am (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/Makefile.am vendor/openpam/EELGRASS/Makefile.in (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/Makefile.in vendor/openpam/EELGRASS/README (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/README vendor/openpam/EELGRASS/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/RELNOTES vendor/openpam/EELGRASS/aclocal.m4 (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/aclocal.m4 vendor/openpam/EELGRASS/autogen.sh (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/autogen.sh vendor/openpam/EELGRASS/bin/ - copied from r186060, vendor/openpam/EELGRASS/contrib/openpam/bin/ vendor/openpam/EELGRASS/config.guess (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/config.guess vendor/openpam/EELGRASS/config.h.in (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/config.h.in vendor/openpam/EELGRASS/config.sub (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/config.sub vendor/openpam/EELGRASS/configure (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/configure vendor/openpam/EELGRASS/configure.in (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/configure.in vendor/openpam/EELGRASS/depcomp (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/depcomp vendor/openpam/EELGRASS/doc/ - copied from r186060, vendor/openpam/EELGRASS/contrib/openpam/doc/ vendor/openpam/EELGRASS/include/ - copied from r186060, vendor/openpam/EELGRASS/contrib/openpam/include/ vendor/openpam/EELGRASS/install-sh (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/install-sh vendor/openpam/EELGRASS/lib/ - copied from r186060, vendor/openpam/EELGRASS/contrib/openpam/lib/ vendor/openpam/EELGRASS/ltconfig (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/ltconfig vendor/openpam/EELGRASS/ltmain.sh (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/ltmain.sh vendor/openpam/EELGRASS/misc/ - copied from r186060, vendor/openpam/EELGRASS/contrib/openpam/misc/ vendor/openpam/EELGRASS/missing (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/missing vendor/openpam/EELGRASS/mkinstalldirs (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/mkinstalldirs vendor/openpam/EELGRASS/modules/ - copied from r186060, vendor/openpam/EELGRASS/contrib/openpam/modules/ vendor/openpam/EELGRASS/stamp-h.in (props changed) - copied unchanged from r186060, vendor/openpam/EELGRASS/contrib/openpam/stamp-h.in vendor/openpam/FETERITA/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/CREDITS vendor/openpam/FETERITA/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/HISTORY vendor/openpam/FETERITA/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/INSTALL vendor/openpam/FETERITA/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/LICENSE vendor/openpam/FETERITA/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/MANIFEST vendor/openpam/FETERITA/Makefile.am (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/Makefile.am vendor/openpam/FETERITA/Makefile.in (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/Makefile.in vendor/openpam/FETERITA/README (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/README vendor/openpam/FETERITA/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/RELNOTES vendor/openpam/FETERITA/aclocal.m4 (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/aclocal.m4 vendor/openpam/FETERITA/autogen.sh (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/autogen.sh vendor/openpam/FETERITA/bin/ - copied from r186060, vendor/openpam/FETERITA/contrib/openpam/bin/ vendor/openpam/FETERITA/config.guess (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/config.guess vendor/openpam/FETERITA/config.h.in (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/config.h.in vendor/openpam/FETERITA/config.sub (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/config.sub vendor/openpam/FETERITA/configure (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/configure vendor/openpam/FETERITA/configure.ac (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/configure.ac vendor/openpam/FETERITA/depcomp (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/depcomp vendor/openpam/FETERITA/doc/ - copied from r186060, vendor/openpam/FETERITA/contrib/openpam/doc/ vendor/openpam/FETERITA/include/ - copied from r186060, vendor/openpam/FETERITA/contrib/openpam/include/ vendor/openpam/FETERITA/install-sh (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/install-sh vendor/openpam/FETERITA/lib/ - copied from r186060, vendor/openpam/FETERITA/contrib/openpam/lib/ vendor/openpam/FETERITA/ltmain.sh (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/ltmain.sh vendor/openpam/FETERITA/misc/ - copied from r186060, vendor/openpam/FETERITA/contrib/openpam/misc/ vendor/openpam/FETERITA/missing (props changed) - copied unchanged from r186060, vendor/openpam/FETERITA/contrib/openpam/missing vendor/openpam/FETERITA/modules/ - copied from r186060, vendor/openpam/FETERITA/contrib/openpam/modules/ vendor/openpam/FIGWORT/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/CREDITS vendor/openpam/FIGWORT/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/HISTORY vendor/openpam/FIGWORT/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/INSTALL vendor/openpam/FIGWORT/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/LICENSE vendor/openpam/FIGWORT/MANIFEST (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/MANIFEST vendor/openpam/FIGWORT/Makefile.am (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/Makefile.am vendor/openpam/FIGWORT/Makefile.in (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/Makefile.in vendor/openpam/FIGWORT/README (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/README vendor/openpam/FIGWORT/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/RELNOTES vendor/openpam/FIGWORT/aclocal.m4 (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/aclocal.m4 vendor/openpam/FIGWORT/autogen.sh (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/autogen.sh vendor/openpam/FIGWORT/bin/ - copied from r186060, vendor/openpam/FIGWORT/contrib/openpam/bin/ vendor/openpam/FIGWORT/config.guess (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/config.guess vendor/openpam/FIGWORT/config.h.in (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/config.h.in vendor/openpam/FIGWORT/config.sub (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/config.sub vendor/openpam/FIGWORT/configure (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/configure vendor/openpam/FIGWORT/configure.ac (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/configure.ac vendor/openpam/FIGWORT/depcomp (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/depcomp vendor/openpam/FIGWORT/doc/ - copied from r186060, vendor/openpam/FIGWORT/contrib/openpam/doc/ vendor/openpam/FIGWORT/include/ - copied from r186060, vendor/openpam/FIGWORT/contrib/openpam/include/ vendor/openpam/FIGWORT/install-sh (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/install-sh vendor/openpam/FIGWORT/lib/ - copied from r186060, vendor/openpam/FIGWORT/contrib/openpam/lib/ vendor/openpam/FIGWORT/ltmain.sh (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/ltmain.sh vendor/openpam/FIGWORT/misc/ - copied from r186060, vendor/openpam/FIGWORT/contrib/openpam/misc/ vendor/openpam/FIGWORT/missing (props changed) - copied unchanged from r186060, vendor/openpam/FIGWORT/contrib/openpam/missing vendor/openpam/FIGWORT/modules/ - copied from r186060, vendor/openpam/FIGWORT/contrib/openpam/modules/ vendor/openpam/HYDRANGEA/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/CREDITS vendor/openpam/HYDRANGEA/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/HISTORY vendor/openpam/HYDRANGEA/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/INSTALL vendor/openpam/HYDRANGEA/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/LICENSE vendor/openpam/HYDRANGEA/Makefile.am (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/Makefile.am vendor/openpam/HYDRANGEA/Makefile.in (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/Makefile.in vendor/openpam/HYDRANGEA/README (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/README vendor/openpam/HYDRANGEA/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/RELNOTES vendor/openpam/HYDRANGEA/aclocal.m4 (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/aclocal.m4 vendor/openpam/HYDRANGEA/autogen.sh (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/autogen.sh vendor/openpam/HYDRANGEA/bin/ - copied from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/bin/ vendor/openpam/HYDRANGEA/compile (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/compile vendor/openpam/HYDRANGEA/config.guess (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/config.guess vendor/openpam/HYDRANGEA/config.h.in (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/config.h.in vendor/openpam/HYDRANGEA/config.sub (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/config.sub vendor/openpam/HYDRANGEA/configure (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/configure vendor/openpam/HYDRANGEA/configure.ac (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/configure.ac vendor/openpam/HYDRANGEA/depcomp (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/depcomp vendor/openpam/HYDRANGEA/doc/ - copied from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/doc/ vendor/openpam/HYDRANGEA/include/ - copied from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/include/ vendor/openpam/HYDRANGEA/install-sh (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/install-sh vendor/openpam/HYDRANGEA/lib/ - copied from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/lib/ vendor/openpam/HYDRANGEA/ltmain.sh (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/ltmain.sh vendor/openpam/HYDRANGEA/misc/ - copied from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/misc/ vendor/openpam/HYDRANGEA/missing (props changed) - copied unchanged from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/missing vendor/openpam/HYDRANGEA/modules/ - copied from r186060, vendor/openpam/HYDRANGEA/contrib/openpam/modules/ vendor/openpam/dist/CREDITS (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/CREDITS vendor/openpam/dist/HISTORY (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/HISTORY vendor/openpam/dist/INSTALL (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/INSTALL vendor/openpam/dist/LICENSE (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/LICENSE vendor/openpam/dist/Makefile.am (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/Makefile.am vendor/openpam/dist/Makefile.in (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/Makefile.in vendor/openpam/dist/README (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/README vendor/openpam/dist/RELNOTES (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/RELNOTES vendor/openpam/dist/aclocal.m4 (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/aclocal.m4 vendor/openpam/dist/autogen.sh (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/autogen.sh vendor/openpam/dist/bin/ - copied from r186060, vendor/openpam/dist/contrib/openpam/bin/ vendor/openpam/dist/compile (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/compile vendor/openpam/dist/config.guess (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/config.guess vendor/openpam/dist/config.h.in (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/config.h.in vendor/openpam/dist/config.sub (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/config.sub vendor/openpam/dist/configure (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/configure vendor/openpam/dist/configure.ac (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/configure.ac vendor/openpam/dist/depcomp (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/depcomp vendor/openpam/dist/doc/ - copied from r186060, vendor/openpam/dist/contrib/openpam/doc/ vendor/openpam/dist/include/ - copied from r186060, vendor/openpam/dist/contrib/openpam/include/ vendor/openpam/dist/install-sh (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/install-sh vendor/openpam/dist/lib/ - copied from r186060, vendor/openpam/dist/contrib/openpam/lib/ vendor/openpam/dist/ltmain.sh (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/ltmain.sh vendor/openpam/dist/misc/ - copied from r186060, vendor/openpam/dist/contrib/openpam/misc/ vendor/openpam/dist/missing (props changed) - copied unchanged from r186060, vendor/openpam/dist/contrib/openpam/missing vendor/openpam/dist/modules/ - copied from r186060, vendor/openpam/dist/contrib/openpam/modules/ Deleted: vendor/openpam/CALAMITE/contrib/ vendor/openpam/CALIOPSIS/contrib/ vendor/openpam/CANTALOUPE/contrib/ vendor/openpam/CELANDINE/contrib/ vendor/openpam/CENTAURY/contrib/ vendor/openpam/CINCHONA/contrib/ vendor/openpam/CINERARIA/contrib/ vendor/openpam/CINNAMON/contrib/ vendor/openpam/CINQUEFOIL/contrib/ vendor/openpam/CITRONELLA/contrib/ vendor/openpam/CYCLAMEN/contrib/ vendor/openpam/DAFFODIL/contrib/ vendor/openpam/DIANTHUS/contrib/ vendor/openpam/DIGITALIS/contrib/ vendor/openpam/DOGWOOD/contrib/ vendor/openpam/EELGRASS/contrib/ vendor/openpam/FETERITA/contrib/ vendor/openpam/FIGWORT/contrib/ vendor/openpam/HYDRANGEA/contrib/ vendor/openpam/dist/contrib/ Modified: vendor/openpam/CALAMITE/bin/Makefile (props changed) vendor/openpam/CALAMITE/bin/su/Makefile (props changed) vendor/openpam/CALAMITE/bin/su/su.c (props changed) vendor/openpam/CALAMITE/doc/Makefile (props changed) vendor/openpam/CALAMITE/doc/man/Makefile (props changed) vendor/openpam/CALAMITE/doc/man/pam.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_close_session.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_end.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_error.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_get_data.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_get_item.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_get_user.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_getenv.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_info.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_open_session.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_prompt.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_putenv.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_set_data.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_set_item.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_setcred.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_setenv.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_start.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_strerror.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_verror.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CALAMITE/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CALAMITE/include/security/openpam.h (props changed) vendor/openpam/CALAMITE/include/security/pam_appl.h (props changed) vendor/openpam/CALAMITE/include/security/pam_constants.h (props changed) vendor/openpam/CALAMITE/include/security/pam_modules.h (props changed) vendor/openpam/CALAMITE/include/security/pam_types.h (props changed) vendor/openpam/CALAMITE/lib/Makefile (props changed) vendor/openpam/CALAMITE/lib/openpam_dispatch.c (props changed) vendor/openpam/CALAMITE/lib/openpam_findenv.c (props changed) vendor/openpam/CALAMITE/lib/openpam_impl.h (props changed) vendor/openpam/CALAMITE/lib/openpam_load.c (props changed) vendor/openpam/CALAMITE/lib/openpam_log.c (props changed) vendor/openpam/CALAMITE/lib/openpam_ttyconv.c (props changed) vendor/openpam/CALAMITE/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CALAMITE/lib/pam_authenticate.c (props changed) vendor/openpam/CALAMITE/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CALAMITE/lib/pam_chauthtok.c (props changed) vendor/openpam/CALAMITE/lib/pam_close_session.c (props changed) vendor/openpam/CALAMITE/lib/pam_end.c (props changed) vendor/openpam/CALAMITE/lib/pam_error.c (props changed) vendor/openpam/CALAMITE/lib/pam_get_authtok.c (props changed) vendor/openpam/CALAMITE/lib/pam_get_data.c (props changed) vendor/openpam/CALAMITE/lib/pam_get_item.c (props changed) vendor/openpam/CALAMITE/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CALAMITE/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CALAMITE/lib/pam_get_user.c (props changed) vendor/openpam/CALAMITE/lib/pam_getenv.c (props changed) vendor/openpam/CALAMITE/lib/pam_getenvlist.c (props changed) vendor/openpam/CALAMITE/lib/pam_info.c (props changed) vendor/openpam/CALAMITE/lib/pam_open_session.c (props changed) vendor/openpam/CALAMITE/lib/pam_prompt.c (props changed) vendor/openpam/CALAMITE/lib/pam_putenv.c (props changed) vendor/openpam/CALAMITE/lib/pam_set_data.c (props changed) vendor/openpam/CALAMITE/lib/pam_set_item.c (props changed) vendor/openpam/CALAMITE/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CALAMITE/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CALAMITE/lib/pam_setcred.c (props changed) vendor/openpam/CALAMITE/lib/pam_setenv.c (props changed) vendor/openpam/CALAMITE/lib/pam_start.c (props changed) vendor/openpam/CALAMITE/lib/pam_strerror.c (props changed) vendor/openpam/CALAMITE/lib/pam_verror.c (props changed) vendor/openpam/CALAMITE/lib/pam_vinfo.c (props changed) vendor/openpam/CALAMITE/lib/pam_vprompt.c (props changed) vendor/openpam/CALAMITE/modules/Makefile (props changed) vendor/openpam/CALAMITE/modules/pam_deny/Makefile (props changed) vendor/openpam/CALAMITE/modules/pam_deny/pam_deny.c (contents, props changed) vendor/openpam/CALAMITE/modules/pam_dummy/Makefile (props changed) vendor/openpam/CALAMITE/modules/pam_dummy/pam_dummy.c (contents, props changed) vendor/openpam/CALAMITE/modules/pam_permit/Makefile (props changed) vendor/openpam/CALAMITE/modules/pam_permit/pam_permit.c (contents, props changed) vendor/openpam/CALIOPSIS/bin/Makefile (props changed) vendor/openpam/CALIOPSIS/bin/su/Makefile (props changed) vendor/openpam/CALIOPSIS/bin/su/su.c (props changed) vendor/openpam/CALIOPSIS/doc/Makefile (props changed) vendor/openpam/CALIOPSIS/doc/man/Makefile (props changed) vendor/openpam/CALIOPSIS/doc/man/pam.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_close_session.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_end.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_error.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_get_data.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_get_item.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_get_user.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_getenv.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_info.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_open_session.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_prompt.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_putenv.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_set_data.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_set_item.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_setcred.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_setenv.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_start.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_strerror.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_verror.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CALIOPSIS/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CALIOPSIS/include/security/openpam.h (props changed) vendor/openpam/CALIOPSIS/include/security/pam_appl.h (props changed) vendor/openpam/CALIOPSIS/include/security/pam_constants.h (props changed) vendor/openpam/CALIOPSIS/include/security/pam_modules.h (props changed) vendor/openpam/CALIOPSIS/include/security/pam_types.h (props changed) vendor/openpam/CALIOPSIS/lib/Makefile (props changed) vendor/openpam/CALIOPSIS/lib/openpam_dispatch.c (props changed) vendor/openpam/CALIOPSIS/lib/openpam_findenv.c (props changed) vendor/openpam/CALIOPSIS/lib/openpam_impl.h (props changed) vendor/openpam/CALIOPSIS/lib/openpam_load.c (props changed) vendor/openpam/CALIOPSIS/lib/openpam_log.c (props changed) vendor/openpam/CALIOPSIS/lib/openpam_ttyconv.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_authenticate.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_chauthtok.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_close_session.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_end.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_error.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_get_authtok.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_get_data.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_get_item.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_get_user.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_getenv.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_getenvlist.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_info.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_open_session.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_prompt.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_putenv.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_set_data.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_set_item.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_setcred.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_setenv.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_start.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_strerror.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_verror.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_vinfo.c (props changed) vendor/openpam/CALIOPSIS/lib/pam_vprompt.c (props changed) vendor/openpam/CALIOPSIS/modules/Makefile (props changed) vendor/openpam/CALIOPSIS/modules/pam_deny/Makefile (props changed) vendor/openpam/CALIOPSIS/modules/pam_deny/pam_deny.c (contents, props changed) vendor/openpam/CALIOPSIS/modules/pam_dummy/Makefile (props changed) vendor/openpam/CALIOPSIS/modules/pam_dummy/pam_dummy.c (contents, props changed) vendor/openpam/CALIOPSIS/modules/pam_permit/Makefile (props changed) vendor/openpam/CALIOPSIS/modules/pam_permit/pam_permit.c (contents, props changed) vendor/openpam/CANTALOUPE/bin/Makefile (props changed) vendor/openpam/CANTALOUPE/bin/su/Makefile (props changed) vendor/openpam/CANTALOUPE/bin/su/su.c (props changed) vendor/openpam/CANTALOUPE/doc/Makefile (props changed) vendor/openpam/CANTALOUPE/doc/man/Makefile (props changed) vendor/openpam/CANTALOUPE/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/openpam_log.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_close_session.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_end.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_error.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_get_data.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_get_item.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_get_user.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_getenv.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_info.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_open_session.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_prompt.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_putenv.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_set_data.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_set_item.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_setcred.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_setenv.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_start.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_strerror.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_verror.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CANTALOUPE/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CANTALOUPE/include/security/openpam.h (props changed) vendor/openpam/CANTALOUPE/include/security/pam_appl.h (props changed) vendor/openpam/CANTALOUPE/include/security/pam_constants.h (props changed) vendor/openpam/CANTALOUPE/include/security/pam_modules.h (props changed) vendor/openpam/CANTALOUPE/include/security/pam_types.h (props changed) vendor/openpam/CANTALOUPE/lib/Makefile (props changed) vendor/openpam/CANTALOUPE/lib/openpam_dispatch.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_findenv.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_get_option.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_impl.h (props changed) vendor/openpam/CANTALOUPE/lib/openpam_load.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_log.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_set_option.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_static.c (props changed) vendor/openpam/CANTALOUPE/lib/openpam_ttyconv.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_authenticate.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_chauthtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_close_session.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_end.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_error.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_get_authtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_get_data.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_get_item.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_get_user.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_getenv.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_getenvlist.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_info.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_open_session.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_prompt.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_putenv.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_set_data.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_set_item.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_setcred.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_setenv.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_close_session.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_open_session.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_sm_setcred.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_start.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_strerror.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_verror.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_vinfo.c (props changed) vendor/openpam/CANTALOUPE/lib/pam_vprompt.c (props changed) vendor/openpam/CANTALOUPE/misc/gendoc.pl (props changed) vendor/openpam/CANTALOUPE/modules/Makefile (props changed) vendor/openpam/CANTALOUPE/modules/pam_deny/Makefile (props changed) vendor/openpam/CANTALOUPE/modules/pam_deny/pam_deny.c (contents, props changed) vendor/openpam/CANTALOUPE/modules/pam_dummy/Makefile (props changed) vendor/openpam/CANTALOUPE/modules/pam_dummy/pam_dummy.c (contents, props changed) vendor/openpam/CANTALOUPE/modules/pam_permit/Makefile (props changed) vendor/openpam/CANTALOUPE/modules/pam_permit/pam_permit.c (contents, props changed) vendor/openpam/CELANDINE/bin/Makefile (props changed) vendor/openpam/CELANDINE/bin/su/Makefile (props changed) vendor/openpam/CELANDINE/bin/su/su.c (props changed) vendor/openpam/CELANDINE/doc/Makefile (props changed) vendor/openpam/CELANDINE/doc/man/Makefile (props changed) vendor/openpam/CELANDINE/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CELANDINE/doc/man/openpam_log.3 (props changed) vendor/openpam/CELANDINE/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CELANDINE/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_close_session.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_end.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_error.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_get_data.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_get_item.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_get_user.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_getenv.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_info.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_open_session.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_prompt.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_putenv.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_set_data.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_set_item.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_setcred.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_setenv.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_start.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_strerror.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_verror.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CELANDINE/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CELANDINE/include/security/openpam.h (props changed) vendor/openpam/CELANDINE/include/security/pam_appl.h (props changed) vendor/openpam/CELANDINE/include/security/pam_constants.h (props changed) vendor/openpam/CELANDINE/include/security/pam_modules.h (props changed) vendor/openpam/CELANDINE/include/security/pam_types.h (props changed) vendor/openpam/CELANDINE/lib/Makefile (props changed) vendor/openpam/CELANDINE/lib/openpam_dispatch.c (props changed) vendor/openpam/CELANDINE/lib/openpam_dynamic.c (props changed) vendor/openpam/CELANDINE/lib/openpam_findenv.c (props changed) vendor/openpam/CELANDINE/lib/openpam_get_option.c (props changed) vendor/openpam/CELANDINE/lib/openpam_impl.h (props changed) vendor/openpam/CELANDINE/lib/openpam_load.c (props changed) vendor/openpam/CELANDINE/lib/openpam_log.c (props changed) vendor/openpam/CELANDINE/lib/openpam_set_option.c (props changed) vendor/openpam/CELANDINE/lib/openpam_static.c (props changed) vendor/openpam/CELANDINE/lib/openpam_ttyconv.c (props changed) vendor/openpam/CELANDINE/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CELANDINE/lib/pam_authenticate.c (props changed) vendor/openpam/CELANDINE/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CELANDINE/lib/pam_chauthtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_close_session.c (props changed) vendor/openpam/CELANDINE/lib/pam_end.c (props changed) vendor/openpam/CELANDINE/lib/pam_error.c (props changed) vendor/openpam/CELANDINE/lib/pam_get_authtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_get_data.c (props changed) vendor/openpam/CELANDINE/lib/pam_get_item.c (props changed) vendor/openpam/CELANDINE/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CELANDINE/lib/pam_get_user.c (props changed) vendor/openpam/CELANDINE/lib/pam_getenv.c (props changed) vendor/openpam/CELANDINE/lib/pam_getenvlist.c (props changed) vendor/openpam/CELANDINE/lib/pam_info.c (props changed) vendor/openpam/CELANDINE/lib/pam_open_session.c (props changed) vendor/openpam/CELANDINE/lib/pam_prompt.c (props changed) vendor/openpam/CELANDINE/lib/pam_putenv.c (props changed) vendor/openpam/CELANDINE/lib/pam_set_data.c (props changed) vendor/openpam/CELANDINE/lib/pam_set_item.c (props changed) vendor/openpam/CELANDINE/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CELANDINE/lib/pam_setcred.c (props changed) vendor/openpam/CELANDINE/lib/pam_setenv.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_close_session.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_open_session.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CELANDINE/lib/pam_sm_setcred.c (props changed) vendor/openpam/CELANDINE/lib/pam_start.c (props changed) vendor/openpam/CELANDINE/lib/pam_strerror.c (props changed) vendor/openpam/CELANDINE/lib/pam_verror.c (props changed) vendor/openpam/CELANDINE/lib/pam_vinfo.c (props changed) vendor/openpam/CELANDINE/lib/pam_vprompt.c (props changed) vendor/openpam/CELANDINE/misc/gendoc.pl (props changed) vendor/openpam/CELANDINE/modules/Makefile (props changed) vendor/openpam/CELANDINE/modules/pam_deny/Makefile (props changed) vendor/openpam/CELANDINE/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CELANDINE/modules/pam_dummy/Makefile (props changed) vendor/openpam/CELANDINE/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CELANDINE/modules/pam_permit/Makefile (props changed) vendor/openpam/CELANDINE/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CENTAURY/bin/Makefile (props changed) vendor/openpam/CENTAURY/bin/su/Makefile (props changed) vendor/openpam/CENTAURY/bin/su/su.c (props changed) vendor/openpam/CENTAURY/doc/Makefile (props changed) vendor/openpam/CENTAURY/doc/man/Makefile (props changed) vendor/openpam/CENTAURY/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CENTAURY/doc/man/openpam_log.3 (props changed) vendor/openpam/CENTAURY/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CENTAURY/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_close_session.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_end.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_error.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_get_data.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_get_item.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_get_user.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_getenv.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_info.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_open_session.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_prompt.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_putenv.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_set_data.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_set_item.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_setcred.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_setenv.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_start.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_strerror.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_verror.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CENTAURY/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CENTAURY/include/security/openpam.h (props changed) vendor/openpam/CENTAURY/include/security/pam_appl.h (props changed) vendor/openpam/CENTAURY/include/security/pam_constants.h (props changed) vendor/openpam/CENTAURY/include/security/pam_modules.h (props changed) vendor/openpam/CENTAURY/include/security/pam_types.h (props changed) vendor/openpam/CENTAURY/lib/Makefile (props changed) vendor/openpam/CENTAURY/lib/openpam_dispatch.c (props changed) vendor/openpam/CENTAURY/lib/openpam_dynamic.c (props changed) vendor/openpam/CENTAURY/lib/openpam_findenv.c (props changed) vendor/openpam/CENTAURY/lib/openpam_get_option.c (props changed) vendor/openpam/CENTAURY/lib/openpam_impl.h (props changed) vendor/openpam/CENTAURY/lib/openpam_load.c (props changed) vendor/openpam/CENTAURY/lib/openpam_log.c (props changed) vendor/openpam/CENTAURY/lib/openpam_set_option.c (props changed) vendor/openpam/CENTAURY/lib/openpam_static.c (props changed) vendor/openpam/CENTAURY/lib/openpam_ttyconv.c (props changed) vendor/openpam/CENTAURY/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CENTAURY/lib/pam_authenticate.c (props changed) vendor/openpam/CENTAURY/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CENTAURY/lib/pam_chauthtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_close_session.c (props changed) vendor/openpam/CENTAURY/lib/pam_end.c (props changed) vendor/openpam/CENTAURY/lib/pam_error.c (props changed) vendor/openpam/CENTAURY/lib/pam_get_authtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_get_data.c (props changed) vendor/openpam/CENTAURY/lib/pam_get_item.c (props changed) vendor/openpam/CENTAURY/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CENTAURY/lib/pam_get_user.c (props changed) vendor/openpam/CENTAURY/lib/pam_getenv.c (props changed) vendor/openpam/CENTAURY/lib/pam_getenvlist.c (props changed) vendor/openpam/CENTAURY/lib/pam_info.c (props changed) vendor/openpam/CENTAURY/lib/pam_open_session.c (props changed) vendor/openpam/CENTAURY/lib/pam_prompt.c (props changed) vendor/openpam/CENTAURY/lib/pam_putenv.c (props changed) vendor/openpam/CENTAURY/lib/pam_set_data.c (props changed) vendor/openpam/CENTAURY/lib/pam_set_item.c (props changed) vendor/openpam/CENTAURY/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CENTAURY/lib/pam_setcred.c (props changed) vendor/openpam/CENTAURY/lib/pam_setenv.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_close_session.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_open_session.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CENTAURY/lib/pam_sm_setcred.c (props changed) vendor/openpam/CENTAURY/lib/pam_start.c (props changed) vendor/openpam/CENTAURY/lib/pam_strerror.c (props changed) vendor/openpam/CENTAURY/lib/pam_verror.c (props changed) vendor/openpam/CENTAURY/lib/pam_vinfo.c (props changed) vendor/openpam/CENTAURY/lib/pam_vprompt.c (props changed) vendor/openpam/CENTAURY/misc/gendoc.pl (props changed) vendor/openpam/CENTAURY/modules/Makefile (props changed) vendor/openpam/CENTAURY/modules/pam_deny/Makefile (props changed) vendor/openpam/CENTAURY/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CENTAURY/modules/pam_dummy/Makefile (props changed) vendor/openpam/CENTAURY/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CENTAURY/modules/pam_permit/Makefile (props changed) vendor/openpam/CENTAURY/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CINCHONA/bin/Makefile (props changed) vendor/openpam/CINCHONA/bin/su/Makefile (props changed) vendor/openpam/CINCHONA/bin/su/su.c (props changed) vendor/openpam/CINCHONA/doc/Makefile (props changed) vendor/openpam/CINCHONA/doc/man/Makefile (props changed) vendor/openpam/CINCHONA/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/CINCHONA/doc/man/openpam_free_data.3 (props changed) vendor/openpam/CINCHONA/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CINCHONA/doc/man/openpam_log.3 (props changed) vendor/openpam/CINCHONA/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/CINCHONA/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CINCHONA/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_close_session.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_end.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_error.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_get_data.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_get_item.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_get_user.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_getenv.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_info.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_open_session.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_prompt.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_putenv.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_set_data.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_set_item.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_setcred.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_setenv.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_start.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_strerror.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_verror.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CINCHONA/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CINCHONA/include/security/openpam.h (props changed) vendor/openpam/CINCHONA/include/security/pam_appl.h (props changed) vendor/openpam/CINCHONA/include/security/pam_constants.h (props changed) vendor/openpam/CINCHONA/include/security/pam_modules.h (props changed) vendor/openpam/CINCHONA/include/security/pam_types.h (props changed) vendor/openpam/CINCHONA/lib/Makefile (props changed) vendor/openpam/CINCHONA/lib/openpam_borrow_cred.c (props changed) vendor/openpam/CINCHONA/lib/openpam_dispatch.c (props changed) vendor/openpam/CINCHONA/lib/openpam_dynamic.c (props changed) vendor/openpam/CINCHONA/lib/openpam_findenv.c (props changed) vendor/openpam/CINCHONA/lib/openpam_free_data.c (props changed) vendor/openpam/CINCHONA/lib/openpam_get_option.c (props changed) vendor/openpam/CINCHONA/lib/openpam_impl.h (props changed) vendor/openpam/CINCHONA/lib/openpam_load.c (props changed) vendor/openpam/CINCHONA/lib/openpam_log.c (props changed) vendor/openpam/CINCHONA/lib/openpam_restore_cred.c (props changed) vendor/openpam/CINCHONA/lib/openpam_set_option.c (props changed) vendor/openpam/CINCHONA/lib/openpam_static.c (props changed) vendor/openpam/CINCHONA/lib/openpam_ttyconv.c (props changed) vendor/openpam/CINCHONA/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CINCHONA/lib/pam_authenticate.c (props changed) vendor/openpam/CINCHONA/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CINCHONA/lib/pam_chauthtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_close_session.c (props changed) vendor/openpam/CINCHONA/lib/pam_end.c (props changed) vendor/openpam/CINCHONA/lib/pam_error.c (props changed) vendor/openpam/CINCHONA/lib/pam_get_authtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_get_data.c (props changed) vendor/openpam/CINCHONA/lib/pam_get_item.c (props changed) vendor/openpam/CINCHONA/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CINCHONA/lib/pam_get_user.c (props changed) vendor/openpam/CINCHONA/lib/pam_getenv.c (props changed) vendor/openpam/CINCHONA/lib/pam_getenvlist.c (props changed) vendor/openpam/CINCHONA/lib/pam_info.c (props changed) vendor/openpam/CINCHONA/lib/pam_open_session.c (props changed) vendor/openpam/CINCHONA/lib/pam_prompt.c (props changed) vendor/openpam/CINCHONA/lib/pam_putenv.c (props changed) vendor/openpam/CINCHONA/lib/pam_set_data.c (props changed) vendor/openpam/CINCHONA/lib/pam_set_item.c (props changed) vendor/openpam/CINCHONA/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CINCHONA/lib/pam_setcred.c (props changed) vendor/openpam/CINCHONA/lib/pam_setenv.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_close_session.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_open_session.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CINCHONA/lib/pam_sm_setcred.c (props changed) vendor/openpam/CINCHONA/lib/pam_start.c (props changed) vendor/openpam/CINCHONA/lib/pam_strerror.c (props changed) vendor/openpam/CINCHONA/lib/pam_verror.c (props changed) vendor/openpam/CINCHONA/lib/pam_vinfo.c (props changed) vendor/openpam/CINCHONA/lib/pam_vprompt.c (props changed) vendor/openpam/CINCHONA/misc/gendoc.pl (props changed) vendor/openpam/CINCHONA/modules/Makefile (props changed) vendor/openpam/CINCHONA/modules/pam_deny/Makefile (props changed) vendor/openpam/CINCHONA/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CINCHONA/modules/pam_dummy/Makefile (props changed) vendor/openpam/CINCHONA/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CINCHONA/modules/pam_permit/Makefile (props changed) vendor/openpam/CINCHONA/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CINERARIA/bin/Makefile (props changed) vendor/openpam/CINERARIA/bin/su/Makefile (props changed) vendor/openpam/CINERARIA/bin/su/su.c (props changed) vendor/openpam/CINERARIA/doc/Makefile (props changed) vendor/openpam/CINERARIA/doc/man/Makefile (props changed) vendor/openpam/CINERARIA/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/CINERARIA/doc/man/openpam_free_data.3 (props changed) vendor/openpam/CINERARIA/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CINERARIA/doc/man/openpam_log.3 (props changed) vendor/openpam/CINERARIA/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/CINERARIA/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CINERARIA/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_close_session.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_end.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_error.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_get_data.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_get_item.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_get_user.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_getenv.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_info.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_open_session.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_prompt.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_putenv.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_set_data.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_set_item.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_setcred.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_setenv.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_start.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_strerror.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_verror.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CINERARIA/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CINERARIA/include/security/openpam.h (props changed) vendor/openpam/CINERARIA/include/security/openpam_version.h (props changed) vendor/openpam/CINERARIA/include/security/pam_appl.h (props changed) vendor/openpam/CINERARIA/include/security/pam_constants.h (props changed) vendor/openpam/CINERARIA/include/security/pam_modules.h (props changed) vendor/openpam/CINERARIA/include/security/pam_types.h (props changed) vendor/openpam/CINERARIA/lib/Makefile (props changed) vendor/openpam/CINERARIA/lib/openpam_borrow_cred.c (props changed) vendor/openpam/CINERARIA/lib/openpam_configure.c (props changed) vendor/openpam/CINERARIA/lib/openpam_dispatch.c (props changed) vendor/openpam/CINERARIA/lib/openpam_dynamic.c (props changed) vendor/openpam/CINERARIA/lib/openpam_findenv.c (props changed) vendor/openpam/CINERARIA/lib/openpam_free_data.c (props changed) vendor/openpam/CINERARIA/lib/openpam_get_option.c (props changed) vendor/openpam/CINERARIA/lib/openpam_impl.h (props changed) vendor/openpam/CINERARIA/lib/openpam_load.c (props changed) vendor/openpam/CINERARIA/lib/openpam_log.c (props changed) vendor/openpam/CINERARIA/lib/openpam_restore_cred.c (props changed) vendor/openpam/CINERARIA/lib/openpam_set_option.c (props changed) vendor/openpam/CINERARIA/lib/openpam_static.c (props changed) vendor/openpam/CINERARIA/lib/openpam_ttyconv.c (props changed) vendor/openpam/CINERARIA/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CINERARIA/lib/pam_authenticate.c (props changed) vendor/openpam/CINERARIA/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CINERARIA/lib/pam_chauthtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_close_session.c (props changed) vendor/openpam/CINERARIA/lib/pam_end.c (props changed) vendor/openpam/CINERARIA/lib/pam_error.c (props changed) vendor/openpam/CINERARIA/lib/pam_get_authtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_get_data.c (props changed) vendor/openpam/CINERARIA/lib/pam_get_item.c (props changed) vendor/openpam/CINERARIA/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CINERARIA/lib/pam_get_user.c (props changed) vendor/openpam/CINERARIA/lib/pam_getenv.c (props changed) vendor/openpam/CINERARIA/lib/pam_getenvlist.c (props changed) vendor/openpam/CINERARIA/lib/pam_info.c (props changed) vendor/openpam/CINERARIA/lib/pam_open_session.c (props changed) vendor/openpam/CINERARIA/lib/pam_prompt.c (props changed) vendor/openpam/CINERARIA/lib/pam_putenv.c (props changed) vendor/openpam/CINERARIA/lib/pam_set_data.c (props changed) vendor/openpam/CINERARIA/lib/pam_set_item.c (props changed) vendor/openpam/CINERARIA/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CINERARIA/lib/pam_setcred.c (props changed) vendor/openpam/CINERARIA/lib/pam_setenv.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_close_session.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_open_session.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CINERARIA/lib/pam_sm_setcred.c (props changed) vendor/openpam/CINERARIA/lib/pam_start.c (props changed) vendor/openpam/CINERARIA/lib/pam_strerror.c (props changed) vendor/openpam/CINERARIA/lib/pam_verror.c (props changed) vendor/openpam/CINERARIA/lib/pam_vinfo.c (props changed) vendor/openpam/CINERARIA/lib/pam_vprompt.c (props changed) vendor/openpam/CINERARIA/misc/gendoc.pl (props changed) vendor/openpam/CINERARIA/modules/Makefile (props changed) vendor/openpam/CINERARIA/modules/pam_deny/Makefile (props changed) vendor/openpam/CINERARIA/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CINERARIA/modules/pam_dummy/Makefile (props changed) vendor/openpam/CINERARIA/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CINERARIA/modules/pam_permit/Makefile (props changed) vendor/openpam/CINERARIA/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CINNAMON/bin/Makefile (props changed) vendor/openpam/CINNAMON/bin/su/Makefile (props changed) vendor/openpam/CINNAMON/bin/su/su.c (props changed) vendor/openpam/CINNAMON/doc/Makefile (props changed) vendor/openpam/CINNAMON/doc/man/Makefile (props changed) vendor/openpam/CINNAMON/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/CINNAMON/doc/man/openpam_free_data.3 (props changed) vendor/openpam/CINNAMON/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CINNAMON/doc/man/openpam_log.3 (props changed) vendor/openpam/CINNAMON/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/CINNAMON/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CINNAMON/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_close_session.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_end.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_error.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_get_data.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_get_item.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_get_user.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_getenv.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_info.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_open_session.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_prompt.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_putenv.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_set_data.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_set_item.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_setcred.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_setenv.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_start.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_strerror.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_verror.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CINNAMON/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CINNAMON/include/security/openpam.h (props changed) vendor/openpam/CINNAMON/include/security/openpam_version.h (props changed) vendor/openpam/CINNAMON/include/security/pam_appl.h (props changed) vendor/openpam/CINNAMON/include/security/pam_constants.h (props changed) vendor/openpam/CINNAMON/include/security/pam_modules.h (props changed) vendor/openpam/CINNAMON/include/security/pam_types.h (props changed) vendor/openpam/CINNAMON/lib/Makefile (props changed) vendor/openpam/CINNAMON/lib/openpam_borrow_cred.c (props changed) vendor/openpam/CINNAMON/lib/openpam_configure.c (props changed) vendor/openpam/CINNAMON/lib/openpam_dispatch.c (props changed) vendor/openpam/CINNAMON/lib/openpam_dynamic.c (props changed) vendor/openpam/CINNAMON/lib/openpam_findenv.c (props changed) vendor/openpam/CINNAMON/lib/openpam_free_data.c (props changed) vendor/openpam/CINNAMON/lib/openpam_get_option.c (props changed) vendor/openpam/CINNAMON/lib/openpam_impl.h (props changed) vendor/openpam/CINNAMON/lib/openpam_load.c (props changed) vendor/openpam/CINNAMON/lib/openpam_log.c (props changed) vendor/openpam/CINNAMON/lib/openpam_nullconv.c (props changed) vendor/openpam/CINNAMON/lib/openpam_restore_cred.c (props changed) vendor/openpam/CINNAMON/lib/openpam_set_option.c (props changed) vendor/openpam/CINNAMON/lib/openpam_static.c (props changed) vendor/openpam/CINNAMON/lib/openpam_ttyconv.c (props changed) vendor/openpam/CINNAMON/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CINNAMON/lib/pam_authenticate.c (props changed) vendor/openpam/CINNAMON/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CINNAMON/lib/pam_chauthtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_close_session.c (props changed) vendor/openpam/CINNAMON/lib/pam_end.c (props changed) vendor/openpam/CINNAMON/lib/pam_error.c (props changed) vendor/openpam/CINNAMON/lib/pam_get_authtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_get_data.c (props changed) vendor/openpam/CINNAMON/lib/pam_get_item.c (props changed) vendor/openpam/CINNAMON/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CINNAMON/lib/pam_get_user.c (props changed) vendor/openpam/CINNAMON/lib/pam_getenv.c (props changed) vendor/openpam/CINNAMON/lib/pam_getenvlist.c (props changed) vendor/openpam/CINNAMON/lib/pam_info.c (props changed) vendor/openpam/CINNAMON/lib/pam_open_session.c (props changed) vendor/openpam/CINNAMON/lib/pam_prompt.c (props changed) vendor/openpam/CINNAMON/lib/pam_putenv.c (props changed) vendor/openpam/CINNAMON/lib/pam_set_data.c (props changed) vendor/openpam/CINNAMON/lib/pam_set_item.c (props changed) vendor/openpam/CINNAMON/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CINNAMON/lib/pam_setcred.c (props changed) vendor/openpam/CINNAMON/lib/pam_setenv.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_close_session.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_open_session.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CINNAMON/lib/pam_sm_setcred.c (props changed) vendor/openpam/CINNAMON/lib/pam_start.c (props changed) vendor/openpam/CINNAMON/lib/pam_strerror.c (props changed) vendor/openpam/CINNAMON/lib/pam_verror.c (props changed) vendor/openpam/CINNAMON/lib/pam_vinfo.c (props changed) vendor/openpam/CINNAMON/lib/pam_vprompt.c (props changed) vendor/openpam/CINNAMON/misc/gendoc.pl (props changed) vendor/openpam/CINNAMON/modules/Makefile (props changed) vendor/openpam/CINNAMON/modules/pam_deny/Makefile (props changed) vendor/openpam/CINNAMON/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CINNAMON/modules/pam_dummy/Makefile (props changed) vendor/openpam/CINNAMON/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CINNAMON/modules/pam_permit/Makefile (props changed) vendor/openpam/CINNAMON/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CINQUEFOIL/bin/Makefile (props changed) vendor/openpam/CINQUEFOIL/bin/su/Makefile (props changed) vendor/openpam/CINQUEFOIL/bin/su/su.c (props changed) vendor/openpam/CINQUEFOIL/doc/Makefile (props changed) vendor/openpam/CINQUEFOIL/doc/man/Makefile (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_free_data.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_log.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_close_session.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_end.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_error.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_get_data.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_get_item.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_get_user.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_getenv.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_info.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_open_session.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_prompt.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_putenv.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_set_data.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_set_item.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_setcred.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_setenv.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_start.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_strerror.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_verror.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CINQUEFOIL/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CINQUEFOIL/include/security/openpam.h (props changed) vendor/openpam/CINQUEFOIL/include/security/openpam_version.h (props changed) vendor/openpam/CINQUEFOIL/include/security/pam_appl.h (props changed) vendor/openpam/CINQUEFOIL/include/security/pam_constants.h (props changed) vendor/openpam/CINQUEFOIL/include/security/pam_modules.h (props changed) vendor/openpam/CINQUEFOIL/include/security/pam_types.h (props changed) vendor/openpam/CINQUEFOIL/lib/Makefile (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_borrow_cred.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_configure.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_dispatch.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_dynamic.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_findenv.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_free_data.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_get_option.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_impl.h (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_load.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_log.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_nullconv.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_restore_cred.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_set_option.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_static.c (props changed) vendor/openpam/CINQUEFOIL/lib/openpam_ttyconv.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_authenticate.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_chauthtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_close_session.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_end.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_error.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_get_authtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_get_data.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_get_item.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_get_user.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_getenv.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_getenvlist.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_info.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_open_session.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_prompt.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_putenv.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_set_data.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_set_item.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_setcred.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_setenv.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_close_session.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_open_session.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_sm_setcred.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_start.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_strerror.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_verror.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_vinfo.c (props changed) vendor/openpam/CINQUEFOIL/lib/pam_vprompt.c (props changed) vendor/openpam/CINQUEFOIL/misc/gendoc.pl (props changed) vendor/openpam/CINQUEFOIL/modules/Makefile (props changed) vendor/openpam/CINQUEFOIL/modules/pam_deny/Makefile (props changed) vendor/openpam/CINQUEFOIL/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CINQUEFOIL/modules/pam_dummy/Makefile (props changed) vendor/openpam/CINQUEFOIL/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CINQUEFOIL/modules/pam_permit/Makefile (props changed) vendor/openpam/CINQUEFOIL/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CITRONELLA/bin/Makefile (props changed) vendor/openpam/CITRONELLA/bin/su/Makefile (props changed) vendor/openpam/CITRONELLA/bin/su/su.c (props changed) vendor/openpam/CITRONELLA/doc/Makefile (props changed) vendor/openpam/CITRONELLA/doc/man/Makefile (props changed) vendor/openpam/CITRONELLA/doc/man/openpam.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam.man (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_free_data.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_log.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CITRONELLA/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam.man (props changed) vendor/openpam/CITRONELLA/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_close_session.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_conv.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_end.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_error.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_get_data.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_get_item.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_get_user.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_getenv.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_info.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_open_session.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_prompt.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_putenv.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_set_data.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_set_item.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_setcred.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_setenv.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_start.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_strerror.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_verror.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CITRONELLA/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CITRONELLA/include/security/openpam.h (props changed) vendor/openpam/CITRONELLA/include/security/openpam_version.h (props changed) vendor/openpam/CITRONELLA/include/security/pam_appl.h (props changed) vendor/openpam/CITRONELLA/include/security/pam_constants.h (props changed) vendor/openpam/CITRONELLA/include/security/pam_modules.h (props changed) vendor/openpam/CITRONELLA/include/security/pam_types.h (props changed) vendor/openpam/CITRONELLA/lib/Makefile (props changed) vendor/openpam/CITRONELLA/lib/openpam_borrow_cred.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_configure.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_dispatch.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_dynamic.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_findenv.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_free_data.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_get_option.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_impl.h (props changed) vendor/openpam/CITRONELLA/lib/openpam_load.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_log.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_nullconv.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_restore_cred.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_set_option.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_static.c (props changed) vendor/openpam/CITRONELLA/lib/openpam_ttyconv.c (props changed) vendor/openpam/CITRONELLA/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CITRONELLA/lib/pam_authenticate.c (props changed) vendor/openpam/CITRONELLA/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CITRONELLA/lib/pam_chauthtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_close_session.c (props changed) vendor/openpam/CITRONELLA/lib/pam_end.c (props changed) vendor/openpam/CITRONELLA/lib/pam_error.c (props changed) vendor/openpam/CITRONELLA/lib/pam_get_authtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_get_data.c (props changed) vendor/openpam/CITRONELLA/lib/pam_get_item.c (props changed) vendor/openpam/CITRONELLA/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CITRONELLA/lib/pam_get_user.c (props changed) vendor/openpam/CITRONELLA/lib/pam_getenv.c (props changed) vendor/openpam/CITRONELLA/lib/pam_getenvlist.c (props changed) vendor/openpam/CITRONELLA/lib/pam_info.c (props changed) vendor/openpam/CITRONELLA/lib/pam_open_session.c (props changed) vendor/openpam/CITRONELLA/lib/pam_prompt.c (props changed) vendor/openpam/CITRONELLA/lib/pam_putenv.c (props changed) vendor/openpam/CITRONELLA/lib/pam_set_data.c (props changed) vendor/openpam/CITRONELLA/lib/pam_set_item.c (props changed) vendor/openpam/CITRONELLA/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CITRONELLA/lib/pam_setcred.c (props changed) vendor/openpam/CITRONELLA/lib/pam_setenv.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_close_session.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_open_session.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CITRONELLA/lib/pam_sm_setcred.c (props changed) vendor/openpam/CITRONELLA/lib/pam_start.c (props changed) vendor/openpam/CITRONELLA/lib/pam_strerror.c (props changed) vendor/openpam/CITRONELLA/lib/pam_verror.c (props changed) vendor/openpam/CITRONELLA/lib/pam_vinfo.c (props changed) vendor/openpam/CITRONELLA/lib/pam_vprompt.c (props changed) vendor/openpam/CITRONELLA/misc/gendoc.pl (props changed) vendor/openpam/CITRONELLA/modules/Makefile (props changed) vendor/openpam/CITRONELLA/modules/pam_deny/Makefile (props changed) vendor/openpam/CITRONELLA/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CITRONELLA/modules/pam_dummy/Makefile (props changed) vendor/openpam/CITRONELLA/modules/pam_dummy/pam_dummy.c (props changed) vendor/openpam/CITRONELLA/modules/pam_permit/Makefile (props changed) vendor/openpam/CITRONELLA/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CITRONELLA/modules/pam_unix/Makefile (props changed) vendor/openpam/CITRONELLA/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/CYCLAMEN/bin/Makefile (props changed) vendor/openpam/CYCLAMEN/bin/su/Makefile (props changed) vendor/openpam/CYCLAMEN/bin/su/su.c (props changed) vendor/openpam/CYCLAMEN/doc/Makefile (props changed) vendor/openpam/CYCLAMEN/doc/man/Makefile (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam.man (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_free_data.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_get_option.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_log.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_set_option.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam.man (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_authenticate.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_close_session.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_conv.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_end.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_error.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_get_data.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_get_item.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_get_user.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_getenv.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_info.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_open_session.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_prompt.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_putenv.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_set_data.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_set_item.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_setcred.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_setenv.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_start.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_strerror.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_verror.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_vinfo.3 (props changed) vendor/openpam/CYCLAMEN/doc/man/pam_vprompt.3 (props changed) vendor/openpam/CYCLAMEN/include/security/openpam.h (props changed) vendor/openpam/CYCLAMEN/include/security/openpam_version.h (props changed) vendor/openpam/CYCLAMEN/include/security/pam_appl.h (props changed) vendor/openpam/CYCLAMEN/include/security/pam_constants.h (props changed) vendor/openpam/CYCLAMEN/include/security/pam_modules.h (props changed) vendor/openpam/CYCLAMEN/include/security/pam_types.h (props changed) vendor/openpam/CYCLAMEN/lib/Makefile (props changed) vendor/openpam/CYCLAMEN/lib/openpam_borrow_cred.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_configure.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_dispatch.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_dynamic.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_findenv.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_free_data.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_get_option.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_impl.h (props changed) vendor/openpam/CYCLAMEN/lib/openpam_load.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_log.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_nullconv.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_restore_cred.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_set_option.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_static.c (props changed) vendor/openpam/CYCLAMEN/lib/openpam_ttyconv.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_acct_mgmt.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_authenticate.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_chauthtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_close_session.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_end.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_error.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_get_authtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_get_data.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_get_item.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_get_mapped_username.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_get_user.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_getenv.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_getenvlist.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_info.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_open_session.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_prompt.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_putenv.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_set_data.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_set_item.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_set_mapped_username.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_setcred.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_setenv.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_authenticate.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_close_session.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_open_session.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_sm_setcred.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_start.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_strerror.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_verror.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_vinfo.c (props changed) vendor/openpam/CYCLAMEN/lib/pam_vprompt.c (props changed) vendor/openpam/CYCLAMEN/misc/gendoc.pl (props changed) vendor/openpam/CYCLAMEN/modules/Makefile (props changed) vendor/openpam/CYCLAMEN/modules/pam_deny/Makefile (props changed) vendor/openpam/CYCLAMEN/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/CYCLAMEN/modules/pam_permit/Makefile (props changed) vendor/openpam/CYCLAMEN/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/CYCLAMEN/modules/pam_unix/Makefile (props changed) vendor/openpam/CYCLAMEN/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/DAFFODIL/bin/Makefile (props changed) vendor/openpam/DAFFODIL/bin/su/Makefile (props changed) vendor/openpam/DAFFODIL/bin/su/su.c (props changed) vendor/openpam/DAFFODIL/doc/Makefile (props changed) vendor/openpam/DAFFODIL/doc/man/Makefile (props changed) vendor/openpam/DAFFODIL/doc/man/openpam.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam.man (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_free_data.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_get_option.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_log.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_set_option.3 (props changed) vendor/openpam/DAFFODIL/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam.man (props changed) vendor/openpam/DAFFODIL/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_authenticate.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_close_session.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_conv.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_end.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_error.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_get_data.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_get_item.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_get_user.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_getenv.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_info.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_open_session.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_prompt.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_putenv.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_set_data.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_set_item.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_setcred.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_setenv.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_start.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_strerror.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_verror.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_vinfo.3 (props changed) vendor/openpam/DAFFODIL/doc/man/pam_vprompt.3 (props changed) vendor/openpam/DAFFODIL/include/security/openpam.h (props changed) vendor/openpam/DAFFODIL/include/security/openpam_version.h (props changed) vendor/openpam/DAFFODIL/include/security/pam_appl.h (props changed) vendor/openpam/DAFFODIL/include/security/pam_constants.h (props changed) vendor/openpam/DAFFODIL/include/security/pam_modules.h (props changed) vendor/openpam/DAFFODIL/include/security/pam_types.h (props changed) vendor/openpam/DAFFODIL/lib/Makefile (props changed) vendor/openpam/DAFFODIL/lib/openpam_borrow_cred.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_configure.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_dispatch.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_dynamic.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_findenv.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_free_data.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_get_option.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_impl.h (props changed) vendor/openpam/DAFFODIL/lib/openpam_load.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_log.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_nullconv.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_restore_cred.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_set_option.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_static.c (props changed) vendor/openpam/DAFFODIL/lib/openpam_ttyconv.c (props changed) vendor/openpam/DAFFODIL/lib/pam_acct_mgmt.c (props changed) vendor/openpam/DAFFODIL/lib/pam_authenticate.c (props changed) vendor/openpam/DAFFODIL/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/DAFFODIL/lib/pam_chauthtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_close_session.c (props changed) vendor/openpam/DAFFODIL/lib/pam_end.c (props changed) vendor/openpam/DAFFODIL/lib/pam_error.c (props changed) vendor/openpam/DAFFODIL/lib/pam_get_authtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_get_data.c (props changed) vendor/openpam/DAFFODIL/lib/pam_get_item.c (props changed) vendor/openpam/DAFFODIL/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_get_mapped_username.c (props changed) vendor/openpam/DAFFODIL/lib/pam_get_user.c (props changed) vendor/openpam/DAFFODIL/lib/pam_getenv.c (props changed) vendor/openpam/DAFFODIL/lib/pam_getenvlist.c (props changed) vendor/openpam/DAFFODIL/lib/pam_info.c (props changed) vendor/openpam/DAFFODIL/lib/pam_open_session.c (props changed) vendor/openpam/DAFFODIL/lib/pam_prompt.c (props changed) vendor/openpam/DAFFODIL/lib/pam_putenv.c (props changed) vendor/openpam/DAFFODIL/lib/pam_set_data.c (props changed) vendor/openpam/DAFFODIL/lib/pam_set_item.c (props changed) vendor/openpam/DAFFODIL/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_set_mapped_username.c (props changed) vendor/openpam/DAFFODIL/lib/pam_setcred.c (props changed) vendor/openpam/DAFFODIL/lib/pam_setenv.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_authenticate.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_close_session.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_open_session.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/DAFFODIL/lib/pam_sm_setcred.c (props changed) vendor/openpam/DAFFODIL/lib/pam_start.c (props changed) vendor/openpam/DAFFODIL/lib/pam_strerror.c (props changed) vendor/openpam/DAFFODIL/lib/pam_verror.c (props changed) vendor/openpam/DAFFODIL/lib/pam_vinfo.c (props changed) vendor/openpam/DAFFODIL/lib/pam_vprompt.c (props changed) vendor/openpam/DAFFODIL/misc/gendoc.pl (props changed) vendor/openpam/DAFFODIL/modules/Makefile (props changed) vendor/openpam/DAFFODIL/modules/pam_deny/Makefile (props changed) vendor/openpam/DAFFODIL/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/DAFFODIL/modules/pam_permit/Makefile (props changed) vendor/openpam/DAFFODIL/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/DAFFODIL/modules/pam_unix/Makefile (props changed) vendor/openpam/DAFFODIL/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/DIANTHUS/bin/Makefile (props changed) vendor/openpam/DIANTHUS/bin/su/Makefile (props changed) vendor/openpam/DIANTHUS/bin/su/su.c (props changed) vendor/openpam/DIANTHUS/doc/Makefile (props changed) vendor/openpam/DIANTHUS/doc/man/Makefile (props changed) vendor/openpam/DIANTHUS/doc/man/openpam.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam.man (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_free_data.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_get_option.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_log.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_set_option.3 (props changed) vendor/openpam/DIANTHUS/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam.man (props changed) vendor/openpam/DIANTHUS/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_authenticate.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_close_session.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_conv.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_end.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_error.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_get_data.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_get_item.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_get_user.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_getenv.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_info.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_open_session.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_prompt.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_putenv.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_set_data.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_set_item.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_setcred.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_setenv.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_start.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_strerror.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_verror.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_vinfo.3 (props changed) vendor/openpam/DIANTHUS/doc/man/pam_vprompt.3 (props changed) vendor/openpam/DIANTHUS/include/security/openpam.h (props changed) vendor/openpam/DIANTHUS/include/security/openpam_version.h (props changed) vendor/openpam/DIANTHUS/include/security/pam_appl.h (props changed) vendor/openpam/DIANTHUS/include/security/pam_constants.h (props changed) vendor/openpam/DIANTHUS/include/security/pam_modules.h (props changed) vendor/openpam/DIANTHUS/include/security/pam_types.h (props changed) vendor/openpam/DIANTHUS/lib/Makefile (props changed) vendor/openpam/DIANTHUS/lib/openpam_borrow_cred.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_configure.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_dispatch.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_dynamic.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_findenv.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_free_data.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_get_option.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_impl.h (props changed) vendor/openpam/DIANTHUS/lib/openpam_load.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_log.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_nullconv.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_restore_cred.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_set_option.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_static.c (props changed) vendor/openpam/DIANTHUS/lib/openpam_ttyconv.c (props changed) vendor/openpam/DIANTHUS/lib/pam_acct_mgmt.c (props changed) vendor/openpam/DIANTHUS/lib/pam_authenticate.c (props changed) vendor/openpam/DIANTHUS/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/DIANTHUS/lib/pam_chauthtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_close_session.c (props changed) vendor/openpam/DIANTHUS/lib/pam_end.c (props changed) vendor/openpam/DIANTHUS/lib/pam_error.c (props changed) vendor/openpam/DIANTHUS/lib/pam_get_authtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_get_data.c (props changed) vendor/openpam/DIANTHUS/lib/pam_get_item.c (props changed) vendor/openpam/DIANTHUS/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_get_mapped_username.c (props changed) vendor/openpam/DIANTHUS/lib/pam_get_user.c (props changed) vendor/openpam/DIANTHUS/lib/pam_getenv.c (props changed) vendor/openpam/DIANTHUS/lib/pam_getenvlist.c (props changed) vendor/openpam/DIANTHUS/lib/pam_info.c (props changed) vendor/openpam/DIANTHUS/lib/pam_open_session.c (props changed) vendor/openpam/DIANTHUS/lib/pam_prompt.c (props changed) vendor/openpam/DIANTHUS/lib/pam_putenv.c (props changed) vendor/openpam/DIANTHUS/lib/pam_set_data.c (props changed) vendor/openpam/DIANTHUS/lib/pam_set_item.c (props changed) vendor/openpam/DIANTHUS/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_set_mapped_username.c (props changed) vendor/openpam/DIANTHUS/lib/pam_setcred.c (props changed) vendor/openpam/DIANTHUS/lib/pam_setenv.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_authenticate.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_close_session.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_open_session.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/DIANTHUS/lib/pam_sm_setcred.c (props changed) vendor/openpam/DIANTHUS/lib/pam_start.c (props changed) vendor/openpam/DIANTHUS/lib/pam_strerror.c (props changed) vendor/openpam/DIANTHUS/lib/pam_verror.c (props changed) vendor/openpam/DIANTHUS/lib/pam_vinfo.c (props changed) vendor/openpam/DIANTHUS/lib/pam_vprompt.c (props changed) vendor/openpam/DIANTHUS/misc/gendoc.pl (props changed) vendor/openpam/DIANTHUS/modules/Makefile (props changed) vendor/openpam/DIANTHUS/modules/pam_deny/Makefile (props changed) vendor/openpam/DIANTHUS/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/DIANTHUS/modules/pam_permit/Makefile (props changed) vendor/openpam/DIANTHUS/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/DIANTHUS/modules/pam_unix/Makefile (props changed) vendor/openpam/DIANTHUS/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/DIGITALIS/bin/Makefile (props changed) vendor/openpam/DIGITALIS/bin/Makefile.inc (props changed) vendor/openpam/DIGITALIS/bin/su/Makefile (props changed) vendor/openpam/DIGITALIS/bin/su/su.c (props changed) vendor/openpam/DIGITALIS/doc/Makefile (props changed) vendor/openpam/DIGITALIS/doc/man/Makefile (props changed) vendor/openpam/DIGITALIS/doc/man/openpam.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam.man (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_free_data.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_get_option.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_log.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_readline.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_set_option.3 (props changed) vendor/openpam/DIGITALIS/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam.man (props changed) vendor/openpam/DIGITALIS/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_authenticate.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_close_session.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_conv.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_end.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_error.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_get_data.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_get_item.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_get_user.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_getenv.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_info.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_open_session.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_prompt.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_putenv.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_set_data.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_set_item.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_setcred.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_setenv.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_start.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_strerror.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_verror.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_vinfo.3 (props changed) vendor/openpam/DIGITALIS/doc/man/pam_vprompt.3 (props changed) vendor/openpam/DIGITALIS/include/security/openpam.h (props changed) vendor/openpam/DIGITALIS/include/security/openpam_version.h (props changed) vendor/openpam/DIGITALIS/include/security/pam_appl.h (props changed) vendor/openpam/DIGITALIS/include/security/pam_constants.h (props changed) vendor/openpam/DIGITALIS/include/security/pam_modules.h (props changed) vendor/openpam/DIGITALIS/include/security/pam_types.h (props changed) vendor/openpam/DIGITALIS/lib/Makefile (props changed) vendor/openpam/DIGITALIS/lib/openpam_borrow_cred.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_configure.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_dispatch.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_dynamic.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_findenv.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_free_data.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_get_option.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_impl.h (props changed) vendor/openpam/DIGITALIS/lib/openpam_load.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_log.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_nullconv.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_readline.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_restore_cred.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_set_option.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_static.c (props changed) vendor/openpam/DIGITALIS/lib/openpam_ttyconv.c (props changed) vendor/openpam/DIGITALIS/lib/pam_acct_mgmt.c (props changed) vendor/openpam/DIGITALIS/lib/pam_authenticate.c (props changed) vendor/openpam/DIGITALIS/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/DIGITALIS/lib/pam_chauthtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_close_session.c (props changed) vendor/openpam/DIGITALIS/lib/pam_end.c (props changed) vendor/openpam/DIGITALIS/lib/pam_error.c (props changed) vendor/openpam/DIGITALIS/lib/pam_get_authtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_get_data.c (props changed) vendor/openpam/DIGITALIS/lib/pam_get_item.c (props changed) vendor/openpam/DIGITALIS/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_get_mapped_username.c (props changed) vendor/openpam/DIGITALIS/lib/pam_get_user.c (props changed) vendor/openpam/DIGITALIS/lib/pam_getenv.c (props changed) vendor/openpam/DIGITALIS/lib/pam_getenvlist.c (props changed) vendor/openpam/DIGITALIS/lib/pam_info.c (props changed) vendor/openpam/DIGITALIS/lib/pam_open_session.c (props changed) vendor/openpam/DIGITALIS/lib/pam_prompt.c (props changed) vendor/openpam/DIGITALIS/lib/pam_putenv.c (props changed) vendor/openpam/DIGITALIS/lib/pam_set_data.c (props changed) vendor/openpam/DIGITALIS/lib/pam_set_item.c (props changed) vendor/openpam/DIGITALIS/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_set_mapped_username.c (props changed) vendor/openpam/DIGITALIS/lib/pam_setcred.c (props changed) vendor/openpam/DIGITALIS/lib/pam_setenv.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_authenticate.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_close_session.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_open_session.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/DIGITALIS/lib/pam_sm_setcred.c (props changed) vendor/openpam/DIGITALIS/lib/pam_start.c (props changed) vendor/openpam/DIGITALIS/lib/pam_strerror.c (props changed) vendor/openpam/DIGITALIS/lib/pam_verror.c (props changed) vendor/openpam/DIGITALIS/lib/pam_vinfo.c (props changed) vendor/openpam/DIGITALIS/lib/pam_vprompt.c (props changed) vendor/openpam/DIGITALIS/misc/gendoc.pl (props changed) vendor/openpam/DIGITALIS/modules/Makefile (props changed) vendor/openpam/DIGITALIS/modules/pam_deny/Makefile (props changed) vendor/openpam/DIGITALIS/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/DIGITALIS/modules/pam_permit/Makefile (props changed) vendor/openpam/DIGITALIS/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/DIGITALIS/modules/pam_unix/Makefile (props changed) vendor/openpam/DIGITALIS/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/DOGWOOD/bin/Makefile.am (props changed) vendor/openpam/DOGWOOD/bin/Makefile.in (props changed) vendor/openpam/DOGWOOD/bin/su/Makefile.am (props changed) vendor/openpam/DOGWOOD/bin/su/Makefile.in (props changed) vendor/openpam/DOGWOOD/bin/su/su.c (props changed) vendor/openpam/DOGWOOD/doc/Makefile.am (props changed) vendor/openpam/DOGWOOD/doc/Makefile.in (props changed) vendor/openpam/DOGWOOD/doc/man/Makefile.am (props changed) vendor/openpam/DOGWOOD/doc/man/Makefile.in (props changed) vendor/openpam/DOGWOOD/doc/man/openpam.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam.man (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_free_data.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_get_option.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_log.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_readline.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_set_option.3 (props changed) vendor/openpam/DOGWOOD/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam.man (props changed) vendor/openpam/DOGWOOD/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_authenticate.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_close_session.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_conv.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_end.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_error.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_get_data.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_get_item.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_get_user.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_getenv.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_info.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_open_session.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_prompt.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_putenv.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_set_data.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_set_item.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_setcred.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_setenv.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_start.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_strerror.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_verror.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_vinfo.3 (props changed) vendor/openpam/DOGWOOD/doc/man/pam_vprompt.3 (props changed) vendor/openpam/DOGWOOD/include/Makefile.am (props changed) vendor/openpam/DOGWOOD/include/Makefile.in (props changed) vendor/openpam/DOGWOOD/include/security/Makefile.am (props changed) vendor/openpam/DOGWOOD/include/security/Makefile.in (props changed) vendor/openpam/DOGWOOD/include/security/openpam.h (props changed) vendor/openpam/DOGWOOD/include/security/openpam_version.h (props changed) vendor/openpam/DOGWOOD/include/security/pam_appl.h (props changed) vendor/openpam/DOGWOOD/include/security/pam_constants.h (props changed) vendor/openpam/DOGWOOD/include/security/pam_modules.h (props changed) vendor/openpam/DOGWOOD/include/security/pam_types.h (props changed) vendor/openpam/DOGWOOD/lib/Makefile.am (props changed) vendor/openpam/DOGWOOD/lib/Makefile.in (props changed) vendor/openpam/DOGWOOD/lib/openpam_borrow_cred.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_configure.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_dispatch.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_dynamic.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_findenv.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_free_data.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_get_option.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_impl.h (props changed) vendor/openpam/DOGWOOD/lib/openpam_load.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_log.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_nullconv.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_readline.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_restore_cred.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_set_option.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_static.c (props changed) vendor/openpam/DOGWOOD/lib/openpam_ttyconv.c (props changed) vendor/openpam/DOGWOOD/lib/pam_acct_mgmt.c (props changed) vendor/openpam/DOGWOOD/lib/pam_authenticate.c (props changed) vendor/openpam/DOGWOOD/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/DOGWOOD/lib/pam_chauthtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_close_session.c (props changed) vendor/openpam/DOGWOOD/lib/pam_end.c (props changed) vendor/openpam/DOGWOOD/lib/pam_error.c (props changed) vendor/openpam/DOGWOOD/lib/pam_get_authtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_get_data.c (props changed) vendor/openpam/DOGWOOD/lib/pam_get_item.c (props changed) vendor/openpam/DOGWOOD/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_get_mapped_username.c (props changed) vendor/openpam/DOGWOOD/lib/pam_get_user.c (props changed) vendor/openpam/DOGWOOD/lib/pam_getenv.c (props changed) vendor/openpam/DOGWOOD/lib/pam_getenvlist.c (props changed) vendor/openpam/DOGWOOD/lib/pam_info.c (props changed) vendor/openpam/DOGWOOD/lib/pam_open_session.c (props changed) vendor/openpam/DOGWOOD/lib/pam_prompt.c (props changed) vendor/openpam/DOGWOOD/lib/pam_putenv.c (props changed) vendor/openpam/DOGWOOD/lib/pam_set_data.c (props changed) vendor/openpam/DOGWOOD/lib/pam_set_item.c (props changed) vendor/openpam/DOGWOOD/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_set_mapped_username.c (props changed) vendor/openpam/DOGWOOD/lib/pam_setcred.c (props changed) vendor/openpam/DOGWOOD/lib/pam_setenv.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_authenticate.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_close_session.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_open_session.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/DOGWOOD/lib/pam_sm_setcred.c (props changed) vendor/openpam/DOGWOOD/lib/pam_start.c (props changed) vendor/openpam/DOGWOOD/lib/pam_strerror.c (props changed) vendor/openpam/DOGWOOD/lib/pam_verror.c (props changed) vendor/openpam/DOGWOOD/lib/pam_vinfo.c (props changed) vendor/openpam/DOGWOOD/lib/pam_vprompt.c (props changed) vendor/openpam/DOGWOOD/misc/gendoc.pl (props changed) vendor/openpam/DOGWOOD/modules/Makefile.am (props changed) vendor/openpam/DOGWOOD/modules/Makefile.in (props changed) vendor/openpam/DOGWOOD/modules/pam_deny/Makefile.am (props changed) vendor/openpam/DOGWOOD/modules/pam_deny/Makefile.in (props changed) vendor/openpam/DOGWOOD/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/DOGWOOD/modules/pam_permit/Makefile.am (props changed) vendor/openpam/DOGWOOD/modules/pam_permit/Makefile.in (props changed) vendor/openpam/DOGWOOD/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/DOGWOOD/modules/pam_unix/Makefile.am (props changed) vendor/openpam/DOGWOOD/modules/pam_unix/Makefile.in (props changed) vendor/openpam/DOGWOOD/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/EELGRASS/bin/Makefile.am (props changed) vendor/openpam/EELGRASS/bin/Makefile.in (props changed) vendor/openpam/EELGRASS/bin/su/Makefile.am (props changed) vendor/openpam/EELGRASS/bin/su/Makefile.in (props changed) vendor/openpam/EELGRASS/bin/su/su.c (props changed) vendor/openpam/EELGRASS/doc/Makefile.am (props changed) vendor/openpam/EELGRASS/doc/Makefile.in (props changed) vendor/openpam/EELGRASS/doc/man/Makefile.am (props changed) vendor/openpam/EELGRASS/doc/man/Makefile.in (props changed) vendor/openpam/EELGRASS/doc/man/openpam.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam.man (props changed) vendor/openpam/EELGRASS/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_free_data.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_get_option.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_log.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_readline.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_set_option.3 (props changed) vendor/openpam/EELGRASS/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam.man (props changed) vendor/openpam/EELGRASS/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_authenticate.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_close_session.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_conv.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_end.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_error.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_get_data.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_get_item.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_get_user.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_getenv.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_info.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_open_session.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_prompt.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_putenv.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_set_data.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_set_item.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_setcred.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_setenv.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_start.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_strerror.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_verror.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_vinfo.3 (props changed) vendor/openpam/EELGRASS/doc/man/pam_vprompt.3 (props changed) vendor/openpam/EELGRASS/include/Makefile.am (props changed) vendor/openpam/EELGRASS/include/Makefile.in (props changed) vendor/openpam/EELGRASS/include/security/Makefile.am (props changed) vendor/openpam/EELGRASS/include/security/Makefile.in (props changed) vendor/openpam/EELGRASS/include/security/openpam.h (props changed) vendor/openpam/EELGRASS/include/security/openpam_version.h (props changed) vendor/openpam/EELGRASS/include/security/pam_appl.h (props changed) vendor/openpam/EELGRASS/include/security/pam_constants.h (props changed) vendor/openpam/EELGRASS/include/security/pam_modules.h (props changed) vendor/openpam/EELGRASS/include/security/pam_types.h (props changed) vendor/openpam/EELGRASS/lib/Makefile.am (props changed) vendor/openpam/EELGRASS/lib/Makefile.in (props changed) vendor/openpam/EELGRASS/lib/openpam_borrow_cred.c (props changed) vendor/openpam/EELGRASS/lib/openpam_configure.c (props changed) vendor/openpam/EELGRASS/lib/openpam_dispatch.c (props changed) vendor/openpam/EELGRASS/lib/openpam_dynamic.c (props changed) vendor/openpam/EELGRASS/lib/openpam_findenv.c (props changed) vendor/openpam/EELGRASS/lib/openpam_free_data.c (props changed) vendor/openpam/EELGRASS/lib/openpam_get_option.c (props changed) vendor/openpam/EELGRASS/lib/openpam_impl.h (props changed) vendor/openpam/EELGRASS/lib/openpam_load.c (props changed) vendor/openpam/EELGRASS/lib/openpam_log.c (props changed) vendor/openpam/EELGRASS/lib/openpam_nullconv.c (props changed) vendor/openpam/EELGRASS/lib/openpam_readline.c (props changed) vendor/openpam/EELGRASS/lib/openpam_restore_cred.c (props changed) vendor/openpam/EELGRASS/lib/openpam_set_option.c (props changed) vendor/openpam/EELGRASS/lib/openpam_static.c (props changed) vendor/openpam/EELGRASS/lib/openpam_ttyconv.c (props changed) vendor/openpam/EELGRASS/lib/pam_acct_mgmt.c (props changed) vendor/openpam/EELGRASS/lib/pam_authenticate.c (props changed) vendor/openpam/EELGRASS/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/EELGRASS/lib/pam_chauthtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_close_session.c (props changed) vendor/openpam/EELGRASS/lib/pam_end.c (props changed) vendor/openpam/EELGRASS/lib/pam_error.c (props changed) vendor/openpam/EELGRASS/lib/pam_get_authtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_get_data.c (props changed) vendor/openpam/EELGRASS/lib/pam_get_item.c (props changed) vendor/openpam/EELGRASS/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_get_mapped_username.c (props changed) vendor/openpam/EELGRASS/lib/pam_get_user.c (props changed) vendor/openpam/EELGRASS/lib/pam_getenv.c (props changed) vendor/openpam/EELGRASS/lib/pam_getenvlist.c (props changed) vendor/openpam/EELGRASS/lib/pam_info.c (props changed) vendor/openpam/EELGRASS/lib/pam_open_session.c (props changed) vendor/openpam/EELGRASS/lib/pam_prompt.c (props changed) vendor/openpam/EELGRASS/lib/pam_putenv.c (props changed) vendor/openpam/EELGRASS/lib/pam_set_data.c (props changed) vendor/openpam/EELGRASS/lib/pam_set_item.c (props changed) vendor/openpam/EELGRASS/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_set_mapped_username.c (props changed) vendor/openpam/EELGRASS/lib/pam_setcred.c (props changed) vendor/openpam/EELGRASS/lib/pam_setenv.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_authenticate.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_close_session.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_open_session.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/EELGRASS/lib/pam_sm_setcred.c (props changed) vendor/openpam/EELGRASS/lib/pam_start.c (props changed) vendor/openpam/EELGRASS/lib/pam_strerror.c (props changed) vendor/openpam/EELGRASS/lib/pam_verror.c (props changed) vendor/openpam/EELGRASS/lib/pam_vinfo.c (props changed) vendor/openpam/EELGRASS/lib/pam_vprompt.c (props changed) vendor/openpam/EELGRASS/misc/gendoc.pl (props changed) vendor/openpam/EELGRASS/modules/Makefile.am (props changed) vendor/openpam/EELGRASS/modules/Makefile.in (props changed) vendor/openpam/EELGRASS/modules/pam_deny/Makefile.am (props changed) vendor/openpam/EELGRASS/modules/pam_deny/Makefile.in (props changed) vendor/openpam/EELGRASS/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/EELGRASS/modules/pam_permit/Makefile.am (props changed) vendor/openpam/EELGRASS/modules/pam_permit/Makefile.in (props changed) vendor/openpam/EELGRASS/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/EELGRASS/modules/pam_unix/Makefile.am (props changed) vendor/openpam/EELGRASS/modules/pam_unix/Makefile.in (props changed) vendor/openpam/EELGRASS/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/FETERITA/bin/Makefile.am (props changed) vendor/openpam/FETERITA/bin/Makefile.in (props changed) vendor/openpam/FETERITA/bin/su/Makefile.am (props changed) vendor/openpam/FETERITA/bin/su/Makefile.in (props changed) vendor/openpam/FETERITA/bin/su/su.c (props changed) vendor/openpam/FETERITA/doc/Makefile.am (props changed) vendor/openpam/FETERITA/doc/Makefile.in (props changed) vendor/openpam/FETERITA/doc/man/Makefile.am (props changed) vendor/openpam/FETERITA/doc/man/Makefile.in (props changed) vendor/openpam/FETERITA/doc/man/openpam.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam.man (props changed) vendor/openpam/FETERITA/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_free_data.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_free_envlist.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_get_option.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_log.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_readline.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_set_option.3 (props changed) vendor/openpam/FETERITA/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/FETERITA/doc/man/pam.3 (props changed) vendor/openpam/FETERITA/doc/man/pam.man (props changed) vendor/openpam/FETERITA/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_authenticate.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_close_session.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_conv.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_end.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_error.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_get_data.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_get_item.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_get_user.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_getenv.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_info.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_open_session.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_prompt.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_putenv.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_set_data.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_set_item.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_setcred.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_setenv.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_start.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_strerror.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_verror.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_vinfo.3 (props changed) vendor/openpam/FETERITA/doc/man/pam_vprompt.3 (props changed) vendor/openpam/FETERITA/include/Makefile.am (props changed) vendor/openpam/FETERITA/include/Makefile.in (props changed) vendor/openpam/FETERITA/include/security/Makefile.am (props changed) vendor/openpam/FETERITA/include/security/Makefile.in (props changed) vendor/openpam/FETERITA/include/security/openpam.h (props changed) vendor/openpam/FETERITA/include/security/openpam_version.h (props changed) vendor/openpam/FETERITA/include/security/pam_appl.h (props changed) vendor/openpam/FETERITA/include/security/pam_constants.h (props changed) vendor/openpam/FETERITA/include/security/pam_modules.h (props changed) vendor/openpam/FETERITA/include/security/pam_types.h (props changed) vendor/openpam/FETERITA/lib/Makefile.am (props changed) vendor/openpam/FETERITA/lib/Makefile.in (props changed) vendor/openpam/FETERITA/lib/openpam_borrow_cred.c (props changed) vendor/openpam/FETERITA/lib/openpam_configure.c (props changed) vendor/openpam/FETERITA/lib/openpam_dispatch.c (props changed) vendor/openpam/FETERITA/lib/openpam_dynamic.c (props changed) vendor/openpam/FETERITA/lib/openpam_findenv.c (props changed) vendor/openpam/FETERITA/lib/openpam_free_data.c (props changed) vendor/openpam/FETERITA/lib/openpam_free_envlist.c (props changed) vendor/openpam/FETERITA/lib/openpam_get_option.c (props changed) vendor/openpam/FETERITA/lib/openpam_impl.h (props changed) vendor/openpam/FETERITA/lib/openpam_load.c (props changed) vendor/openpam/FETERITA/lib/openpam_log.c (props changed) vendor/openpam/FETERITA/lib/openpam_nullconv.c (props changed) vendor/openpam/FETERITA/lib/openpam_readline.c (props changed) vendor/openpam/FETERITA/lib/openpam_restore_cred.c (props changed) vendor/openpam/FETERITA/lib/openpam_set_option.c (props changed) vendor/openpam/FETERITA/lib/openpam_static.c (props changed) vendor/openpam/FETERITA/lib/openpam_ttyconv.c (props changed) vendor/openpam/FETERITA/lib/pam_acct_mgmt.c (props changed) vendor/openpam/FETERITA/lib/pam_authenticate.c (props changed) vendor/openpam/FETERITA/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/FETERITA/lib/pam_chauthtok.c (props changed) vendor/openpam/FETERITA/lib/pam_close_session.c (props changed) vendor/openpam/FETERITA/lib/pam_end.c (props changed) vendor/openpam/FETERITA/lib/pam_error.c (props changed) vendor/openpam/FETERITA/lib/pam_get_authtok.c (props changed) vendor/openpam/FETERITA/lib/pam_get_data.c (props changed) vendor/openpam/FETERITA/lib/pam_get_item.c (props changed) vendor/openpam/FETERITA/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/FETERITA/lib/pam_get_mapped_username.c (props changed) vendor/openpam/FETERITA/lib/pam_get_user.c (props changed) vendor/openpam/FETERITA/lib/pam_getenv.c (props changed) vendor/openpam/FETERITA/lib/pam_getenvlist.c (props changed) vendor/openpam/FETERITA/lib/pam_info.c (props changed) vendor/openpam/FETERITA/lib/pam_open_session.c (props changed) vendor/openpam/FETERITA/lib/pam_prompt.c (props changed) vendor/openpam/FETERITA/lib/pam_putenv.c (props changed) vendor/openpam/FETERITA/lib/pam_set_data.c (props changed) vendor/openpam/FETERITA/lib/pam_set_item.c (props changed) vendor/openpam/FETERITA/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/FETERITA/lib/pam_set_mapped_username.c (props changed) vendor/openpam/FETERITA/lib/pam_setcred.c (props changed) vendor/openpam/FETERITA/lib/pam_setenv.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_authenticate.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_close_session.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_open_session.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/FETERITA/lib/pam_sm_setcred.c (props changed) vendor/openpam/FETERITA/lib/pam_start.c (props changed) vendor/openpam/FETERITA/lib/pam_strerror.c (props changed) vendor/openpam/FETERITA/lib/pam_verror.c (props changed) vendor/openpam/FETERITA/lib/pam_vinfo.c (props changed) vendor/openpam/FETERITA/lib/pam_vprompt.c (props changed) vendor/openpam/FETERITA/misc/gendoc.pl (props changed) vendor/openpam/FETERITA/modules/Makefile.am (props changed) vendor/openpam/FETERITA/modules/Makefile.in (props changed) vendor/openpam/FETERITA/modules/pam_deny/Makefile.am (props changed) vendor/openpam/FETERITA/modules/pam_deny/Makefile.in (props changed) vendor/openpam/FETERITA/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/FETERITA/modules/pam_permit/Makefile.am (props changed) vendor/openpam/FETERITA/modules/pam_permit/Makefile.in (props changed) vendor/openpam/FETERITA/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/FETERITA/modules/pam_unix/Makefile.am (props changed) vendor/openpam/FETERITA/modules/pam_unix/Makefile.in (props changed) vendor/openpam/FETERITA/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/FIGWORT/bin/Makefile.am (props changed) vendor/openpam/FIGWORT/bin/Makefile.in (props changed) vendor/openpam/FIGWORT/bin/su/Makefile.am (props changed) vendor/openpam/FIGWORT/bin/su/Makefile.in (props changed) vendor/openpam/FIGWORT/bin/su/su.c (props changed) vendor/openpam/FIGWORT/doc/Makefile.am (props changed) vendor/openpam/FIGWORT/doc/Makefile.in (props changed) vendor/openpam/FIGWORT/doc/man/Makefile.am (props changed) vendor/openpam/FIGWORT/doc/man/Makefile.in (props changed) vendor/openpam/FIGWORT/doc/man/openpam.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam.man (props changed) vendor/openpam/FIGWORT/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_free_data.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_free_envlist.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_get_option.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_log.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_readline.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_set_option.3 (props changed) vendor/openpam/FIGWORT/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam.conf.5 (props changed) vendor/openpam/FIGWORT/doc/man/pam.man (props changed) vendor/openpam/FIGWORT/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_authenticate.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_close_session.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_conv.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_end.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_error.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_get_data.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_get_item.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_get_user.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_getenv.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_info.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_open_session.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_prompt.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_putenv.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_set_data.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_set_item.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_setcred.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_setenv.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_start.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_strerror.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_verror.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_vinfo.3 (props changed) vendor/openpam/FIGWORT/doc/man/pam_vprompt.3 (props changed) vendor/openpam/FIGWORT/include/Makefile.am (props changed) vendor/openpam/FIGWORT/include/Makefile.in (props changed) vendor/openpam/FIGWORT/include/security/Makefile.am (props changed) vendor/openpam/FIGWORT/include/security/Makefile.in (props changed) vendor/openpam/FIGWORT/include/security/openpam.h (props changed) vendor/openpam/FIGWORT/include/security/openpam_version.h (props changed) vendor/openpam/FIGWORT/include/security/pam_appl.h (props changed) vendor/openpam/FIGWORT/include/security/pam_constants.h (props changed) vendor/openpam/FIGWORT/include/security/pam_modules.h (props changed) vendor/openpam/FIGWORT/include/security/pam_types.h (props changed) vendor/openpam/FIGWORT/lib/Makefile.am (props changed) vendor/openpam/FIGWORT/lib/Makefile.in (props changed) vendor/openpam/FIGWORT/lib/openpam_borrow_cred.c (props changed) vendor/openpam/FIGWORT/lib/openpam_configure.c (props changed) vendor/openpam/FIGWORT/lib/openpam_dispatch.c (props changed) vendor/openpam/FIGWORT/lib/openpam_dynamic.c (props changed) vendor/openpam/FIGWORT/lib/openpam_findenv.c (props changed) vendor/openpam/FIGWORT/lib/openpam_free_data.c (props changed) vendor/openpam/FIGWORT/lib/openpam_free_envlist.c (props changed) vendor/openpam/FIGWORT/lib/openpam_get_option.c (props changed) vendor/openpam/FIGWORT/lib/openpam_impl.h (props changed) vendor/openpam/FIGWORT/lib/openpam_load.c (props changed) vendor/openpam/FIGWORT/lib/openpam_log.c (props changed) vendor/openpam/FIGWORT/lib/openpam_nullconv.c (props changed) vendor/openpam/FIGWORT/lib/openpam_readline.c (props changed) vendor/openpam/FIGWORT/lib/openpam_restore_cred.c (props changed) vendor/openpam/FIGWORT/lib/openpam_set_option.c (props changed) vendor/openpam/FIGWORT/lib/openpam_static.c (props changed) vendor/openpam/FIGWORT/lib/openpam_ttyconv.c (props changed) vendor/openpam/FIGWORT/lib/pam_acct_mgmt.c (props changed) vendor/openpam/FIGWORT/lib/pam_authenticate.c (props changed) vendor/openpam/FIGWORT/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/FIGWORT/lib/pam_chauthtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_close_session.c (props changed) vendor/openpam/FIGWORT/lib/pam_end.c (props changed) vendor/openpam/FIGWORT/lib/pam_error.c (props changed) vendor/openpam/FIGWORT/lib/pam_get_authtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_get_data.c (props changed) vendor/openpam/FIGWORT/lib/pam_get_item.c (props changed) vendor/openpam/FIGWORT/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_get_mapped_username.c (props changed) vendor/openpam/FIGWORT/lib/pam_get_user.c (props changed) vendor/openpam/FIGWORT/lib/pam_getenv.c (props changed) vendor/openpam/FIGWORT/lib/pam_getenvlist.c (props changed) vendor/openpam/FIGWORT/lib/pam_info.c (props changed) vendor/openpam/FIGWORT/lib/pam_open_session.c (props changed) vendor/openpam/FIGWORT/lib/pam_prompt.c (props changed) vendor/openpam/FIGWORT/lib/pam_putenv.c (props changed) vendor/openpam/FIGWORT/lib/pam_set_data.c (props changed) vendor/openpam/FIGWORT/lib/pam_set_item.c (props changed) vendor/openpam/FIGWORT/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_set_mapped_username.c (props changed) vendor/openpam/FIGWORT/lib/pam_setcred.c (props changed) vendor/openpam/FIGWORT/lib/pam_setenv.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_authenticate.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_close_session.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_open_session.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/FIGWORT/lib/pam_sm_setcred.c (props changed) vendor/openpam/FIGWORT/lib/pam_start.c (props changed) vendor/openpam/FIGWORT/lib/pam_strerror.c (props changed) vendor/openpam/FIGWORT/lib/pam_verror.c (props changed) vendor/openpam/FIGWORT/lib/pam_vinfo.c (props changed) vendor/openpam/FIGWORT/lib/pam_vprompt.c (props changed) vendor/openpam/FIGWORT/misc/gendoc.pl (props changed) vendor/openpam/FIGWORT/modules/Makefile.am (props changed) vendor/openpam/FIGWORT/modules/Makefile.in (props changed) vendor/openpam/FIGWORT/modules/pam_deny/Makefile.am (props changed) vendor/openpam/FIGWORT/modules/pam_deny/Makefile.in (props changed) vendor/openpam/FIGWORT/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/FIGWORT/modules/pam_permit/Makefile.am (props changed) vendor/openpam/FIGWORT/modules/pam_permit/Makefile.in (props changed) vendor/openpam/FIGWORT/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/FIGWORT/modules/pam_unix/Makefile.am (props changed) vendor/openpam/FIGWORT/modules/pam_unix/Makefile.in (props changed) vendor/openpam/FIGWORT/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/HYDRANGEA/bin/Makefile.am (props changed) vendor/openpam/HYDRANGEA/bin/Makefile.in (props changed) vendor/openpam/HYDRANGEA/bin/su/Makefile.am (props changed) vendor/openpam/HYDRANGEA/bin/su/Makefile.in (props changed) vendor/openpam/HYDRANGEA/bin/su/su.c (props changed) vendor/openpam/HYDRANGEA/doc/Makefile.am (props changed) vendor/openpam/HYDRANGEA/doc/Makefile.in (props changed) vendor/openpam/HYDRANGEA/doc/man/Makefile.am (props changed) vendor/openpam/HYDRANGEA/doc/man/Makefile.in (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam.man (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_free_data.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_free_envlist.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_get_option.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_log.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_readline.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_set_option.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam.conf.5 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam.man (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_authenticate.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_close_session.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_conv.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_end.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_error.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_get_data.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_get_item.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_get_user.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_getenv.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_info.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_open_session.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_prompt.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_putenv.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_set_data.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_set_item.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_setcred.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_setenv.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_start.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_strerror.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_verror.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_vinfo.3 (props changed) vendor/openpam/HYDRANGEA/doc/man/pam_vprompt.3 (props changed) vendor/openpam/HYDRANGEA/include/Makefile.am (props changed) vendor/openpam/HYDRANGEA/include/Makefile.in (props changed) vendor/openpam/HYDRANGEA/include/security/Makefile.am (props changed) vendor/openpam/HYDRANGEA/include/security/Makefile.in (props changed) vendor/openpam/HYDRANGEA/include/security/openpam.h (props changed) vendor/openpam/HYDRANGEA/include/security/openpam_attr.h (props changed) vendor/openpam/HYDRANGEA/include/security/openpam_version.h (props changed) vendor/openpam/HYDRANGEA/include/security/pam_appl.h (props changed) vendor/openpam/HYDRANGEA/include/security/pam_constants.h (props changed) vendor/openpam/HYDRANGEA/include/security/pam_modules.h (props changed) vendor/openpam/HYDRANGEA/include/security/pam_types.h (props changed) vendor/openpam/HYDRANGEA/lib/Makefile.am (props changed) vendor/openpam/HYDRANGEA/lib/Makefile.in (props changed) vendor/openpam/HYDRANGEA/lib/openpam_borrow_cred.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_configure.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_dispatch.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_dynamic.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_findenv.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_free_data.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_free_envlist.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_get_option.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_impl.h (props changed) vendor/openpam/HYDRANGEA/lib/openpam_load.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_log.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_nullconv.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_readline.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_restore_cred.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_set_option.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_static.c (props changed) vendor/openpam/HYDRANGEA/lib/openpam_ttyconv.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_acct_mgmt.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_authenticate.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_chauthtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_close_session.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_end.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_error.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_get_authtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_get_data.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_get_item.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_get_mapped_username.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_get_user.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_getenv.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_getenvlist.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_info.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_open_session.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_prompt.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_putenv.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_set_data.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_set_item.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_set_mapped_username.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_setcred.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_setenv.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_authenticate.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_close_session.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_open_session.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_sm_setcred.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_start.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_strerror.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_verror.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_vinfo.c (props changed) vendor/openpam/HYDRANGEA/lib/pam_vprompt.c (props changed) vendor/openpam/HYDRANGEA/misc/gendoc.pl (props changed) vendor/openpam/HYDRANGEA/modules/Makefile.am (props changed) vendor/openpam/HYDRANGEA/modules/Makefile.in (props changed) vendor/openpam/HYDRANGEA/modules/pam_deny/Makefile.am (props changed) vendor/openpam/HYDRANGEA/modules/pam_deny/Makefile.in (props changed) vendor/openpam/HYDRANGEA/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/HYDRANGEA/modules/pam_permit/Makefile.am (props changed) vendor/openpam/HYDRANGEA/modules/pam_permit/Makefile.in (props changed) vendor/openpam/HYDRANGEA/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/HYDRANGEA/modules/pam_unix/Makefile.am (props changed) vendor/openpam/HYDRANGEA/modules/pam_unix/Makefile.in (props changed) vendor/openpam/HYDRANGEA/modules/pam_unix/pam_unix.c (props changed) vendor/openpam/dist/bin/Makefile.am (props changed) vendor/openpam/dist/bin/Makefile.in (props changed) vendor/openpam/dist/bin/su/Makefile.am (props changed) vendor/openpam/dist/bin/su/Makefile.in (props changed) vendor/openpam/dist/bin/su/su.c (props changed) vendor/openpam/dist/doc/Makefile.am (props changed) vendor/openpam/dist/doc/Makefile.in (props changed) vendor/openpam/dist/doc/man/Makefile.am (props changed) vendor/openpam/dist/doc/man/Makefile.in (props changed) vendor/openpam/dist/doc/man/openpam.3 (props changed) vendor/openpam/dist/doc/man/openpam.man (props changed) vendor/openpam/dist/doc/man/openpam_borrow_cred.3 (props changed) vendor/openpam/dist/doc/man/openpam_free_data.3 (props changed) vendor/openpam/dist/doc/man/openpam_free_envlist.3 (props changed) vendor/openpam/dist/doc/man/openpam_get_option.3 (props changed) vendor/openpam/dist/doc/man/openpam_log.3 (props changed) vendor/openpam/dist/doc/man/openpam_nullconv.3 (props changed) vendor/openpam/dist/doc/man/openpam_readline.3 (props changed) vendor/openpam/dist/doc/man/openpam_restore_cred.3 (props changed) vendor/openpam/dist/doc/man/openpam_set_option.3 (props changed) vendor/openpam/dist/doc/man/openpam_ttyconv.3 (props changed) vendor/openpam/dist/doc/man/pam.3 (props changed) vendor/openpam/dist/doc/man/pam.conf.5 (props changed) vendor/openpam/dist/doc/man/pam.man (props changed) vendor/openpam/dist/doc/man/pam_acct_mgmt.3 (props changed) vendor/openpam/dist/doc/man/pam_authenticate.3 (props changed) vendor/openpam/dist/doc/man/pam_chauthtok.3 (props changed) vendor/openpam/dist/doc/man/pam_close_session.3 (props changed) vendor/openpam/dist/doc/man/pam_conv.3 (props changed) vendor/openpam/dist/doc/man/pam_end.3 (props changed) vendor/openpam/dist/doc/man/pam_error.3 (props changed) vendor/openpam/dist/doc/man/pam_get_authtok.3 (props changed) vendor/openpam/dist/doc/man/pam_get_data.3 (props changed) vendor/openpam/dist/doc/man/pam_get_item.3 (props changed) vendor/openpam/dist/doc/man/pam_get_user.3 (props changed) vendor/openpam/dist/doc/man/pam_getenv.3 (props changed) vendor/openpam/dist/doc/man/pam_getenvlist.3 (props changed) vendor/openpam/dist/doc/man/pam_info.3 (props changed) vendor/openpam/dist/doc/man/pam_open_session.3 (props changed) vendor/openpam/dist/doc/man/pam_prompt.3 (props changed) vendor/openpam/dist/doc/man/pam_putenv.3 (props changed) vendor/openpam/dist/doc/man/pam_set_data.3 (props changed) vendor/openpam/dist/doc/man/pam_set_item.3 (props changed) vendor/openpam/dist/doc/man/pam_setcred.3 (props changed) vendor/openpam/dist/doc/man/pam_setenv.3 (props changed) vendor/openpam/dist/doc/man/pam_sm_acct_mgmt.3 (props changed) vendor/openpam/dist/doc/man/pam_sm_authenticate.3 (props changed) vendor/openpam/dist/doc/man/pam_sm_chauthtok.3 (props changed) vendor/openpam/dist/doc/man/pam_sm_close_session.3 (props changed) vendor/openpam/dist/doc/man/pam_sm_open_session.3 (props changed) vendor/openpam/dist/doc/man/pam_sm_setcred.3 (props changed) vendor/openpam/dist/doc/man/pam_start.3 (props changed) vendor/openpam/dist/doc/man/pam_strerror.3 (props changed) vendor/openpam/dist/doc/man/pam_verror.3 (props changed) vendor/openpam/dist/doc/man/pam_vinfo.3 (props changed) vendor/openpam/dist/doc/man/pam_vprompt.3 (props changed) vendor/openpam/dist/include/Makefile.am (props changed) vendor/openpam/dist/include/Makefile.in (props changed) vendor/openpam/dist/include/security/Makefile.am (props changed) vendor/openpam/dist/include/security/Makefile.in (props changed) vendor/openpam/dist/include/security/openpam.h (props changed) vendor/openpam/dist/include/security/openpam_attr.h (props changed) vendor/openpam/dist/include/security/openpam_version.h (props changed) vendor/openpam/dist/include/security/pam_appl.h (props changed) vendor/openpam/dist/include/security/pam_constants.h (props changed) vendor/openpam/dist/include/security/pam_modules.h (props changed) vendor/openpam/dist/include/security/pam_types.h (props changed) vendor/openpam/dist/lib/Makefile.am (props changed) vendor/openpam/dist/lib/Makefile.in (props changed) vendor/openpam/dist/lib/openpam_borrow_cred.c (props changed) vendor/openpam/dist/lib/openpam_configure.c (props changed) vendor/openpam/dist/lib/openpam_dispatch.c (props changed) vendor/openpam/dist/lib/openpam_dynamic.c (props changed) vendor/openpam/dist/lib/openpam_findenv.c (props changed) vendor/openpam/dist/lib/openpam_free_data.c (props changed) vendor/openpam/dist/lib/openpam_free_envlist.c (props changed) vendor/openpam/dist/lib/openpam_get_option.c (props changed) vendor/openpam/dist/lib/openpam_impl.h (props changed) vendor/openpam/dist/lib/openpam_load.c (props changed) vendor/openpam/dist/lib/openpam_log.c (props changed) vendor/openpam/dist/lib/openpam_nullconv.c (props changed) vendor/openpam/dist/lib/openpam_readline.c (props changed) vendor/openpam/dist/lib/openpam_restore_cred.c (props changed) vendor/openpam/dist/lib/openpam_set_option.c (props changed) vendor/openpam/dist/lib/openpam_static.c (props changed) vendor/openpam/dist/lib/openpam_ttyconv.c (props changed) vendor/openpam/dist/lib/pam_acct_mgmt.c (props changed) vendor/openpam/dist/lib/pam_authenticate.c (props changed) vendor/openpam/dist/lib/pam_authenticate_secondary.c (props changed) vendor/openpam/dist/lib/pam_chauthtok.c (props changed) vendor/openpam/dist/lib/pam_close_session.c (props changed) vendor/openpam/dist/lib/pam_end.c (props changed) vendor/openpam/dist/lib/pam_error.c (props changed) vendor/openpam/dist/lib/pam_get_authtok.c (props changed) vendor/openpam/dist/lib/pam_get_data.c (props changed) vendor/openpam/dist/lib/pam_get_item.c (props changed) vendor/openpam/dist/lib/pam_get_mapped_authtok.c (props changed) vendor/openpam/dist/lib/pam_get_mapped_username.c (props changed) vendor/openpam/dist/lib/pam_get_user.c (props changed) vendor/openpam/dist/lib/pam_getenv.c (props changed) vendor/openpam/dist/lib/pam_getenvlist.c (props changed) vendor/openpam/dist/lib/pam_info.c (props changed) vendor/openpam/dist/lib/pam_open_session.c (props changed) vendor/openpam/dist/lib/pam_prompt.c (props changed) vendor/openpam/dist/lib/pam_putenv.c (props changed) vendor/openpam/dist/lib/pam_set_data.c (props changed) vendor/openpam/dist/lib/pam_set_item.c (props changed) vendor/openpam/dist/lib/pam_set_mapped_authtok.c (props changed) vendor/openpam/dist/lib/pam_set_mapped_username.c (props changed) vendor/openpam/dist/lib/pam_setcred.c (props changed) vendor/openpam/dist/lib/pam_setenv.c (props changed) vendor/openpam/dist/lib/pam_sm_acct_mgmt.c (props changed) vendor/openpam/dist/lib/pam_sm_authenticate.c (props changed) vendor/openpam/dist/lib/pam_sm_authenticate_secondary.c (props changed) vendor/openpam/dist/lib/pam_sm_chauthtok.c (props changed) vendor/openpam/dist/lib/pam_sm_close_session.c (props changed) vendor/openpam/dist/lib/pam_sm_get_mapped_authtok.c (props changed) vendor/openpam/dist/lib/pam_sm_get_mapped_username.c (props changed) vendor/openpam/dist/lib/pam_sm_open_session.c (props changed) vendor/openpam/dist/lib/pam_sm_set_mapped_authtok.c (props changed) vendor/openpam/dist/lib/pam_sm_set_mapped_username.c (props changed) vendor/openpam/dist/lib/pam_sm_setcred.c (props changed) vendor/openpam/dist/lib/pam_start.c (props changed) vendor/openpam/dist/lib/pam_strerror.c (props changed) vendor/openpam/dist/lib/pam_verror.c (props changed) vendor/openpam/dist/lib/pam_vinfo.c (props changed) vendor/openpam/dist/lib/pam_vprompt.c (props changed) vendor/openpam/dist/misc/gendoc.pl (props changed) vendor/openpam/dist/modules/Makefile.am (props changed) vendor/openpam/dist/modules/Makefile.in (props changed) vendor/openpam/dist/modules/pam_deny/Makefile.am (props changed) vendor/openpam/dist/modules/pam_deny/Makefile.in (props changed) vendor/openpam/dist/modules/pam_deny/pam_deny.c (props changed) vendor/openpam/dist/modules/pam_permit/Makefile.am (props changed) vendor/openpam/dist/modules/pam_permit/Makefile.in (props changed) vendor/openpam/dist/modules/pam_permit/pam_permit.c (props changed) vendor/openpam/dist/modules/pam_unix/Makefile.am (props changed) vendor/openpam/dist/modules/pam_unix/Makefile.in (props changed) vendor/openpam/dist/modules/pam_unix/pam_unix.c (props changed) Copied: vendor/openpam/CALAMITE/HISTORY (from r186060, vendor/openpam/CALAMITE/contrib/openpam/HISTORY) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/HISTORY Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/HISTORY) @@ -0,0 +1,6 @@ +============================================================================ +OpenPAM Calamite 2002-02-09 + +First (beta) release. +============================================================================ +$Id$ Copied: vendor/openpam/CALAMITE/INSTALL (from r186060, vendor/openpam/CALAMITE/contrib/openpam/INSTALL) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/INSTALL Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/INSTALL) @@ -0,0 +1,25 @@ + + Installing OpenPAM + ================== + +1. REQUIREMENTS + + This release of OpenPAM is targeted at FreeBSD-CURRENT, and has not + been tested on other platforms. It should, however, build with + little or no trouble other BSDs such as BSDI, Darwin, NetBSD or + OpenBSD, and should not prove much of a challenge to port to other + platforms, except for the static linking support. + +2. CONFIGURATION + + No configuration is necessary or possible at this time. + +3. COMPILATION + + Change into the top-level OpenPAM directory and run 'make'. + +4. INSTALLATION + + Change into the top-level OpenPAM directory and run 'make install'. + +$Id$ Copied: vendor/openpam/CALAMITE/LICENSE (from r186060, vendor/openpam/CALAMITE/contrib/openpam/LICENSE) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/LICENSE Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/LICENSE) @@ -0,0 +1,34 @@ + +Copyright (c) 2002 Networks Associates Technologies, Inc. +All rights reserved. + +This software was developed for the FreeBSD Project by ThinkSec AS and +NAI Labs, the Security Research Division of Network Associates, Inc. +under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +DARPA CHATS research program. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +$Id$ Copied: vendor/openpam/CALAMITE/MANIFEST (from r186060, vendor/openpam/CALAMITE/contrib/openpam/MANIFEST) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/MANIFEST Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/MANIFEST) @@ -0,0 +1,87 @@ +HISTORY +INSTALL +LICENSE +MANIFEST +Makefile +README +RELNOTES +bin/Makefile +bin/su/Makefile +bin/su/su.c +doc/Makefile +doc/man/Makefile +doc/man/pam.3 +doc/man/pam_acct_mgmt.3 +doc/man/pam_authenticate.3 +doc/man/pam_chauthtok.3 +doc/man/pam_close_session.3 +doc/man/pam_end.3 +doc/man/pam_error.3 +doc/man/pam_get_authtok.3 +doc/man/pam_get_data.3 +doc/man/pam_get_item.3 +doc/man/pam_get_user.3 +doc/man/pam_getenv.3 +doc/man/pam_getenvlist.3 +doc/man/pam_info.3 +doc/man/pam_open_session.3 +doc/man/pam_prompt.3 +doc/man/pam_putenv.3 +doc/man/pam_set_data.3 +doc/man/pam_set_item.3 +doc/man/pam_setcred.3 +doc/man/pam_setenv.3 +doc/man/pam_start.3 +doc/man/pam_strerror.3 +doc/man/pam_verror.3 +doc/man/pam_vinfo.3 +doc/man/pam_vprompt.3 +include/security/openpam.h +include/security/pam_appl.h +include/security/pam_constants.h +include/security/pam_modules.h +include/security/pam_types.h +lib/Makefile +lib/openpam_dispatch.c +lib/openpam_findenv.c +lib/openpam_impl.h +lib/openpam_load.c +lib/openpam_log.c +lib/openpam_ttyconv.c +lib/pam_acct_mgmt.c +lib/pam_authenticate.c +lib/pam_authenticate_secondary.c +lib/pam_chauthtok.c +lib/pam_close_session.c +lib/pam_end.c +lib/pam_error.c +lib/pam_get_authtok.c +lib/pam_get_data.c +lib/pam_get_item.c +lib/pam_get_mapped_authtok.c +lib/pam_get_mapped_username.c +lib/pam_get_user.c +lib/pam_getenv.c +lib/pam_getenvlist.c +lib/pam_info.c +lib/pam_open_session.c +lib/pam_prompt.c +lib/pam_putenv.c +lib/pam_set_data.c +lib/pam_set_item.c +lib/pam_set_mapped_authtok.c +lib/pam_set_mapped_username.c +lib/pam_setcred.c +lib/pam_setenv.c +lib/pam_start.c +lib/pam_strerror.c +lib/pam_verror.c +lib/pam_vinfo.c +lib/pam_vprompt.c +modules/Makefile +modules/pam_deny/Makefile +modules/pam_deny/pam_deny.c +modules/pam_dummy/Makefile +modules/pam_dummy/pam_dummy.c +modules/pam_permit/Makefile +modules/pam_permit/pam_permit.c Copied: vendor/openpam/CALAMITE/Makefile (from r186060, vendor/openpam/CALAMITE/contrib/openpam/Makefile) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/Makefile Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/Makefile) @@ -0,0 +1,43 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += modules +SUBDIR += lib +SUBDIR += bin +SUBDIR += doc + +.include Copied: vendor/openpam/CALAMITE/README (from r186060, vendor/openpam/CALAMITE/contrib/openpam/README) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/README Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/README) @@ -0,0 +1,30 @@ +OpenPAM is an open source PAM library that focuses on simplicity, +correctness, and cleanliness. + +OpenPAM aims to gather the best features of Solaris PAM, XSSO and +Linux-PAM, plus some innovations of its own. In areas where these +implementations disagree, OpenPAM tries to remain compatible with +Solaris, at the expense of XSSO conformance and Linux-PAM +compatibility. + +These are some of OpenPAM's features: + + - Implements the complete PAM API as described in the original PAM + paper and in OSF-RFC 86.0; this corresponds to the full XSSO API + except for mappings and secondary authentication. + + - Extends the API with several useful and time-saving functions: + pam_error(), pam_get_authtok(), pam_info(), pam_prompt(), + pam_setenv(), pam_verror(), pam_vinfo(), pam_vprompt() + + - Offers a number of time-saving convenience functions: + openpam_log(), openpam_ttyconv(). + + - Performs strict checking of return values from service modules. + + - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and + /etc/pam.conf, in that order; this will be made configurable in a + future release.Please direct bug reports and inquiries to + openpam@thinksec.com. + +$Id$ Copied: vendor/openpam/CALAMITE/RELNOTES (from r186060, vendor/openpam/CALAMITE/contrib/openpam/RELNOTES) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALAMITE/RELNOTES Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALAMITE/contrib/openpam/RELNOTES) @@ -0,0 +1,16 @@ + + Release notes for OpenPAM Calamite + ================================== + +This is a beta release. + +The library itself is mostly complete. Documentation exists in the +form of skeletal man pages for the library itself, but no detailed +documentation is provided in this release. + +This release is primarily intended for reviewers and developers +interested in testing OpenPAM on FreeBSD. It has not been tested on +any other OS, though it should build and run with minimal tweaks on +NetBSD and OpenBSD. + +$Id$ Modified: vendor/openpam/CALAMITE/modules/pam_deny/pam_deny.c ============================================================================== --- vendor/openpam/CALAMITE/contrib/openpam/modules/pam_deny/pam_deny.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CALAMITE/modules/pam_deny/pam_deny.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CALAMITE/contrib/openpam/modules/pam_deny/pam_deny.c 91094 2002-02-23 01:22:51Z des $ */ #include Modified: vendor/openpam/CALAMITE/modules/pam_dummy/pam_dummy.c ============================================================================== --- vendor/openpam/CALAMITE/contrib/openpam/modules/pam_dummy/pam_dummy.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CALAMITE/modules/pam_dummy/pam_dummy.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CALAMITE/contrib/openpam/modules/pam_dummy/pam_dummy.c 91094 2002-02-23 01:22:51Z des $ */ #include Modified: vendor/openpam/CALAMITE/modules/pam_permit/pam_permit.c ============================================================================== --- vendor/openpam/CALAMITE/contrib/openpam/modules/pam_permit/pam_permit.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CALAMITE/modules/pam_permit/pam_permit.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CALAMITE/contrib/openpam/modules/pam_permit/pam_permit.c 91094 2002-02-23 01:22:51Z des $ */ #include Copied: vendor/openpam/CALIOPSIS/HISTORY (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/HISTORY) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/HISTORY Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/HISTORY) @@ -0,0 +1,17 @@ +============================================================================ +OpenPAM Caliopsis 2002-02-13 + +Fixed a number of bugs in the previous release, including: + - a number of bugs in and related to pam_[gs]et_item(3) + - off-by-one bug in pam_start.c would trim last character off certain + configuration lines + - incorrect ordering of an array in openpam_load.c would cause service + module functions to get mixed up + - missing 'continue' in openpam_dispatch.c caused successes to be + counted as failures +============================================================================ +OpenPAM Calamite 2002-02-09 + +First (beta) release. +============================================================================ +$Id$ Copied: vendor/openpam/CALIOPSIS/INSTALL (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/INSTALL) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/INSTALL Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/INSTALL) @@ -0,0 +1,25 @@ + + Installing OpenPAM + ================== + +1. REQUIREMENTS + + This release of OpenPAM is targeted at FreeBSD-CURRENT, and has not + been tested on other platforms. It should, however, build with + little or no trouble other BSDs such as BSDI, Darwin, NetBSD or + OpenBSD, and should not prove much of a challenge to port to other + platforms, except for the static linking support. + +2. CONFIGURATION + + No configuration is necessary or possible at this time. + +3. COMPILATION + + Change into the top-level OpenPAM directory and run 'make'. + +4. INSTALLATION + + Change into the top-level OpenPAM directory and run 'make install'. + +$Id$ Copied: vendor/openpam/CALIOPSIS/LICENSE (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/LICENSE) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/LICENSE Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/LICENSE) @@ -0,0 +1,34 @@ + +Copyright (c) 2002 Networks Associates Technologies, Inc. +All rights reserved. + +This software was developed for the FreeBSD Project by ThinkSec AS and +NAI Labs, the Security Research Division of Network Associates, Inc. +under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +DARPA CHATS research program. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +$Id$ Copied: vendor/openpam/CALIOPSIS/MANIFEST (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/MANIFEST) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/MANIFEST Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/MANIFEST) @@ -0,0 +1,87 @@ +HISTORY +INSTALL +LICENSE +MANIFEST +Makefile +README +RELNOTES +bin/Makefile +bin/su/Makefile +bin/su/su.c +doc/Makefile +doc/man/Makefile +doc/man/pam.3 +doc/man/pam_acct_mgmt.3 +doc/man/pam_authenticate.3 +doc/man/pam_chauthtok.3 +doc/man/pam_close_session.3 +doc/man/pam_end.3 +doc/man/pam_error.3 +doc/man/pam_get_authtok.3 +doc/man/pam_get_data.3 +doc/man/pam_get_item.3 +doc/man/pam_get_user.3 +doc/man/pam_getenv.3 +doc/man/pam_getenvlist.3 +doc/man/pam_info.3 +doc/man/pam_open_session.3 +doc/man/pam_prompt.3 +doc/man/pam_putenv.3 +doc/man/pam_set_data.3 +doc/man/pam_set_item.3 +doc/man/pam_setcred.3 +doc/man/pam_setenv.3 +doc/man/pam_start.3 +doc/man/pam_strerror.3 +doc/man/pam_verror.3 +doc/man/pam_vinfo.3 +doc/man/pam_vprompt.3 +include/security/openpam.h +include/security/pam_appl.h +include/security/pam_constants.h +include/security/pam_modules.h +include/security/pam_types.h +lib/Makefile +lib/openpam_dispatch.c +lib/openpam_findenv.c +lib/openpam_impl.h +lib/openpam_load.c +lib/openpam_log.c +lib/openpam_ttyconv.c +lib/pam_acct_mgmt.c +lib/pam_authenticate.c +lib/pam_authenticate_secondary.c +lib/pam_chauthtok.c +lib/pam_close_session.c +lib/pam_end.c +lib/pam_error.c +lib/pam_get_authtok.c +lib/pam_get_data.c +lib/pam_get_item.c +lib/pam_get_mapped_authtok.c +lib/pam_get_mapped_username.c +lib/pam_get_user.c +lib/pam_getenv.c +lib/pam_getenvlist.c +lib/pam_info.c +lib/pam_open_session.c +lib/pam_prompt.c +lib/pam_putenv.c +lib/pam_set_data.c +lib/pam_set_item.c +lib/pam_set_mapped_authtok.c +lib/pam_set_mapped_username.c +lib/pam_setcred.c +lib/pam_setenv.c +lib/pam_start.c +lib/pam_strerror.c +lib/pam_verror.c +lib/pam_vinfo.c +lib/pam_vprompt.c +modules/Makefile +modules/pam_deny/Makefile +modules/pam_deny/pam_deny.c +modules/pam_dummy/Makefile +modules/pam_dummy/pam_dummy.c +modules/pam_permit/Makefile +modules/pam_permit/pam_permit.c Copied: vendor/openpam/CALIOPSIS/Makefile (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/Makefile) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/Makefile Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/Makefile) @@ -0,0 +1,43 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += modules +SUBDIR += lib +SUBDIR += bin +SUBDIR += doc + +.include Copied: vendor/openpam/CALIOPSIS/README (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/README) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/README Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/README) @@ -0,0 +1,30 @@ +OpenPAM is an open source PAM library that focuses on simplicity, +correctness, and cleanliness. + +OpenPAM aims to gather the best features of Solaris PAM, XSSO and +Linux-PAM, plus some innovations of its own. In areas where these +implementations disagree, OpenPAM tries to remain compatible with +Solaris, at the expense of XSSO conformance and Linux-PAM +compatibility. + +These are some of OpenPAM's features: + + - Implements the complete PAM API as described in the original PAM + paper and in OSF-RFC 86.0; this corresponds to the full XSSO API + except for mappings and secondary authentication. + + - Extends the API with several useful and time-saving functions: + pam_error(), pam_get_authtok(), pam_info(), pam_prompt(), + pam_setenv(), pam_verror(), pam_vinfo(), pam_vprompt() + + - Offers a number of time-saving convenience functions: + openpam_log(), openpam_ttyconv(). + + - Performs strict checking of return values from service modules. + + - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and + /etc/pam.conf, in that order; this will be made configurable in a + future release.Please direct bug reports and inquiries to + openpam@thinksec.com. + +$Id$ Copied: vendor/openpam/CALIOPSIS/RELNOTES (from r186060, vendor/openpam/CALIOPSIS/contrib/openpam/RELNOTES) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CALIOPSIS/RELNOTES Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CALIOPSIS/contrib/openpam/RELNOTES) @@ -0,0 +1,28 @@ + + Release notes for OpenPAM Caliopsis + =================================== + +This is a beta release. + +The library itself is mostly complete. Documentation exists in the +form of skeletal man pages for the library itself, but no detailed +documentation is provided in this release. + +This release is primarily intended for reviewers and developers +interested in testing OpenPAM on FreeBSD. It has not been tested on +any other OS, though it should build and run with minimal tweaks on +NetBSD and OpenBSD. + +Known issues: + + - The pam_get_user() and pam_get_authtok() functions do not check + for commonly used options such as {use,try}_first_pass or + auth_as_self. In fact, pam_get_authtok() behaves as if + try_first_pass was always specified. + + - The provided conversation function, openpam_ttyconv(), should + block signals, and support some sort of timeout. + + - The documentation is far from complete. + +$Id$ Modified: vendor/openpam/CALIOPSIS/modules/pam_deny/pam_deny.c ============================================================================== --- vendor/openpam/CALIOPSIS/contrib/openpam/modules/pam_deny/pam_deny.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CALIOPSIS/modules/pam_deny/pam_deny.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CALIOPSIS/contrib/openpam/modules/pam_deny/pam_deny.c 91094 2002-02-23 01:22:51Z des $ */ #include Modified: vendor/openpam/CALIOPSIS/modules/pam_dummy/pam_dummy.c ============================================================================== --- vendor/openpam/CALIOPSIS/contrib/openpam/modules/pam_dummy/pam_dummy.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CALIOPSIS/modules/pam_dummy/pam_dummy.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CALIOPSIS/contrib/openpam/modules/pam_dummy/pam_dummy.c 91094 2002-02-23 01:22:51Z des $ */ #include Modified: vendor/openpam/CALIOPSIS/modules/pam_permit/pam_permit.c ============================================================================== --- vendor/openpam/CALIOPSIS/contrib/openpam/modules/pam_permit/pam_permit.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CALIOPSIS/modules/pam_permit/pam_permit.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CALIOPSIS/contrib/openpam/modules/pam_permit/pam_permit.c 91094 2002-02-23 01:22:51Z des $ */ #include Copied: vendor/openpam/CANTALOUPE/HISTORY (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/HISTORY) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/HISTORY Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/HISTORY) @@ -0,0 +1,47 @@ +============================================================================ +OpenPAM Cantaloupe 2002-02-22 + + - BUGFIX: The proper use of PAM_SYMBOL_ERR is to indicate an invalid + argument to pam_[gs]et_item(3), not to indicate dlsym(3) failures. + + - ENHANCE: Add in-line documentation in most source files, and a Perl + script that generates mdoc code from that. + + - BUGFIX: The environment list was not properly NULL-terminated. + + - ENHANCE: Allow the PAM_AUTHTOK_PROMPT item to override the prompt + specified by the module. + + - BUGFIX: PAM_NUM_ITEMS was set too low. It has been moved to + pam_constants.h to avoid it going stale again. + + - ENHANCE: Move all code related to static modules into a separate + file. + + - ENHANCE: openpam_ttyconv() now masks most signals while prompting the + user, and supports setting a timeout (which defaults to off). + + - BUGFIX: Some manual pages referenced XSSO even though they + documented OpenPAM-specific functions. + + - ENHANCE: Added openpam_get_option() and openpam_set_option(). + + - ENHANCE: openpam_get_authtok() now respects the echo_pass, + try_first_pass, and use_first_pass options. +============================================================================ +OpenPAM Caliopsis 2002-02-13 + +Fixed a number of bugs in the previous release, including: + - a number of bugs in and related to pam_[gs]et_item(3) + - off-by-one bug in pam_start.c would trim last character off certain + configuration lines + - incorrect ordering of an array in openpam_load.c would cause service + module functions to get mixed up + - missing 'continue' in openpam_dispatch.c caused successes to be + counted as failures +============================================================================ +OpenPAM Calamite 2002-02-09 + +First (beta) release. +============================================================================ +$Id$ Copied: vendor/openpam/CANTALOUPE/INSTALL (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/INSTALL) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/INSTALL Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/INSTALL) @@ -0,0 +1,25 @@ + + Installing OpenPAM + ================== + +1. REQUIREMENTS + + This release of OpenPAM is targeted at FreeBSD-CURRENT, and has not + been tested on other platforms. It should, however, build with + little or no trouble other BSDs such as BSDI, Darwin, NetBSD or + OpenBSD, and should not prove much of a challenge to port to other + platforms, except for the static linking support. + +2. CONFIGURATION + + No configuration is necessary or possible at this time. + +3. COMPILATION + + Change into the top-level OpenPAM directory and run 'make'. + +4. INSTALLATION + + Change into the top-level OpenPAM directory and run 'make install'. + +$Id$ Copied: vendor/openpam/CANTALOUPE/LICENSE (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/LICENSE) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/LICENSE Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/LICENSE) @@ -0,0 +1,34 @@ + +Copyright (c) 2002 Networks Associates Technologies, Inc. +All rights reserved. + +This software was developed for the FreeBSD Project by ThinkSec AS and +NAI Labs, the Security Research Division of Network Associates, Inc. +under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +DARPA CHATS research program. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior written + permission. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +$Id$ Copied: vendor/openpam/CANTALOUPE/MANIFEST (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/MANIFEST) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/MANIFEST Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/MANIFEST) @@ -0,0 +1,112 @@ +HISTORY +INSTALL +LICENSE +MANIFEST +Makefile +README +RELNOTES +bin/Makefile +bin/su/Makefile +bin/su/su.c +doc/Makefile +doc/man/Makefile +doc/man/openpam_get_option.3 +doc/man/openpam_log.3 +doc/man/openpam_set_option.3 +doc/man/openpam_ttyconv.3 +doc/man/pam.3 +doc/man/pam_acct_mgmt.3 +doc/man/pam_authenticate.3 +doc/man/pam_chauthtok.3 +doc/man/pam_close_session.3 +doc/man/pam_end.3 +doc/man/pam_error.3 +doc/man/pam_get_authtok.3 +doc/man/pam_get_data.3 +doc/man/pam_get_item.3 +doc/man/pam_get_user.3 +doc/man/pam_getenv.3 +doc/man/pam_getenvlist.3 +doc/man/pam_info.3 +doc/man/pam_open_session.3 +doc/man/pam_prompt.3 +doc/man/pam_putenv.3 +doc/man/pam_set_data.3 +doc/man/pam_set_item.3 +doc/man/pam_setcred.3 +doc/man/pam_setenv.3 +doc/man/pam_sm_acct_mgmt.3 +doc/man/pam_sm_authenticate.3 +doc/man/pam_sm_chauthtok.3 +doc/man/pam_sm_close_session.3 +doc/man/pam_sm_open_session.3 +doc/man/pam_sm_setcred.3 +doc/man/pam_start.3 +doc/man/pam_strerror.3 +doc/man/pam_verror.3 +doc/man/pam_vinfo.3 +doc/man/pam_vprompt.3 +include/security/openpam.h +include/security/pam_appl.h +include/security/pam_constants.h +include/security/pam_modules.h +include/security/pam_types.h +lib/Makefile +lib/openpam_dispatch.c +lib/openpam_findenv.c +lib/openpam_get_option.c +lib/openpam_impl.h +lib/openpam_load.c +lib/openpam_log.c +lib/openpam_set_option.c +lib/openpam_static.c +lib/openpam_ttyconv.c +lib/pam_acct_mgmt.c +lib/pam_authenticate.c +lib/pam_authenticate_secondary.c +lib/pam_chauthtok.c +lib/pam_close_session.c +lib/pam_end.c +lib/pam_error.c +lib/pam_get_authtok.c +lib/pam_get_data.c +lib/pam_get_item.c +lib/pam_get_mapped_authtok.c +lib/pam_get_mapped_username.c +lib/pam_get_user.c +lib/pam_getenv.c +lib/pam_getenvlist.c +lib/pam_info.c +lib/pam_open_session.c +lib/pam_prompt.c +lib/pam_putenv.c +lib/pam_set_data.c +lib/pam_set_item.c +lib/pam_set_mapped_authtok.c +lib/pam_set_mapped_username.c +lib/pam_setcred.c +lib/pam_setenv.c +lib/pam_sm_acct_mgmt.c +lib/pam_sm_authenticate.c +lib/pam_sm_authenticate_secondary.c +lib/pam_sm_chauthtok.c +lib/pam_sm_close_session.c +lib/pam_sm_get_mapped_authtok.c +lib/pam_sm_get_mapped_username.c +lib/pam_sm_open_session.c +lib/pam_sm_set_mapped_authtok.c +lib/pam_sm_set_mapped_username.c +lib/pam_sm_setcred.c +lib/pam_start.c +lib/pam_strerror.c +lib/pam_verror.c +lib/pam_vinfo.c +lib/pam_vprompt.c +misc/gendoc.pl +modules/Makefile +modules/pam_deny/Makefile +modules/pam_deny/pam_deny.c +modules/pam_dummy/Makefile +modules/pam_dummy/pam_dummy.c +modules/pam_permit/Makefile +modules/pam_permit/pam_permit.c Copied: vendor/openpam/CANTALOUPE/Makefile (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/Makefile) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/Makefile Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/Makefile) @@ -0,0 +1,43 @@ +#- +# Copyright (c) 2002 Networks Associates Technologies, Inc. +# All rights reserved. +# +# This software was developed for the FreeBSD Project by ThinkSec AS and +# NAI Labs, the Security Research Division of Network Associates, Inc. +# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the +# DARPA CHATS research program. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote +# products derived from this software without specific prior written +# permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $Id$ +# + +SUBDIR = +SUBDIR += modules +SUBDIR += lib +SUBDIR += bin +SUBDIR += doc + +.include Copied: vendor/openpam/CANTALOUPE/README (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/README) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/README Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/README) @@ -0,0 +1,30 @@ +OpenPAM is an open source PAM library that focuses on simplicity, +correctness, and cleanliness. + +OpenPAM aims to gather the best features of Solaris PAM, XSSO and +Linux-PAM, plus some innovations of its own. In areas where these +implementations disagree, OpenPAM tries to remain compatible with +Solaris, at the expense of XSSO conformance and Linux-PAM +compatibility. + +These are some of OpenPAM's features: + + - Implements the complete PAM API as described in the original PAM + paper and in OSF-RFC 86.0; this corresponds to the full XSSO API + except for mappings and secondary authentication. + + - Extends the API with several useful and time-saving functions: + pam_error(), pam_get_authtok(), pam_info(), pam_prompt(), + pam_setenv(), pam_verror(), pam_vinfo(), pam_vprompt() + + - Offers a number of time-saving convenience functions: + openpam_log(), openpam_ttyconv(). + + - Performs strict checking of return values from service modules. + + - Reads configuration from /etc/pam.d/, /usr/local/etc/pam.d/ and + /etc/pam.conf, in that order; this will be made configurable in a + future release.Please direct bug reports and inquiries to + openpam@thinksec.com. + +$Id$ Copied: vendor/openpam/CANTALOUPE/RELNOTES (from r186060, vendor/openpam/CANTALOUPE/contrib/openpam/RELNOTES) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CANTALOUPE/RELNOTES Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CANTALOUPE/contrib/openpam/RELNOTES) @@ -0,0 +1,23 @@ + + Release notes for OpenPAM Cantaloupe + ==================================== + +This is a beta release. + +The library itself is mostly complete. Documentation exists in the +form of man pages for the library functions, though some pages are +still incomplete. + +This release is primarily intended for reviewers and developers +interested in testing OpenPAM on FreeBSD. It has not been tested on +any other OS, though it should build and run with minimal tweaks on +NetBSD and OpenBSD. + +Known issues: + + - The documentation is still incomplete. + +Oh, and the previous release's code name was misspelled - egg on my +face! It should have been "Calliopsis". + +$Id$ Modified: vendor/openpam/CANTALOUPE/modules/pam_deny/pam_deny.c ============================================================================== --- vendor/openpam/CANTALOUPE/contrib/openpam/modules/pam_deny/pam_deny.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CANTALOUPE/modules/pam_deny/pam_deny.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CANTALOUPE/contrib/openpam/modules/pam_deny/pam_deny.c 91094 2002-02-23 01:22:51Z des $ */ #include Modified: vendor/openpam/CANTALOUPE/modules/pam_dummy/pam_dummy.c ============================================================================== --- vendor/openpam/CANTALOUPE/contrib/openpam/modules/pam_dummy/pam_dummy.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CANTALOUPE/modules/pam_dummy/pam_dummy.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CANTALOUPE/contrib/openpam/modules/pam_dummy/pam_dummy.c 91094 2002-02-23 01:22:51Z des $ */ #include Modified: vendor/openpam/CANTALOUPE/modules/pam_permit/pam_permit.c ============================================================================== --- vendor/openpam/CANTALOUPE/contrib/openpam/modules/pam_permit/pam_permit.c Sat Dec 13 22:26:24 2008 (r186060) +++ vendor/openpam/CANTALOUPE/modules/pam_permit/pam_permit.c Sat Dec 13 22:45:22 2008 (r186063) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD$ + * $FreeBSD: vendor/openpam/CANTALOUPE/contrib/openpam/modules/pam_permit/pam_permit.c 91094 2002-02-23 01:22:51Z des $ */ #include Copied: vendor/openpam/CELANDINE/HISTORY (from r186060, vendor/openpam/CELANDINE/contrib/openpam/HISTORY) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/openpam/CELANDINE/HISTORY Sat Dec 13 22:45:22 2008 (r186063, copy of r186060, vendor/openpam/CELANDINE/contrib/openpam/HISTORY) @@ -0,0 +1,70 @@ +============================================================================ +OpenPAM Celandine 2002-03-05 + + - BUGFIX: PAM_TRY_AGAIN is a valid return value for pam_chauthtok(). + + - BUGFIX: Run passwd chain twice, first with the PAM_PRELIM_CHECK + flag set, then with the PAM_UPDATE_AUTHTOK flag set. + + - BUGFIX: Failure of a "sufficient" module should not terminate the + passwd chain if the PAM_PRELIM_CHECK flag is set. + + - BUGFIX: Clear PAM_AUTHTOK after running the service modules. + + - ENHANCE: Prevent applications from specifying the PAM_PRELIM_CHECK + or PAM_UPDATE_AUTHTOK flags themselves. + *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Sat Dec 13 23:10:37 2008 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16218106564A; Sat, 13 Dec 2008 23:10:37 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 05A1A8FC14; Sat, 13 Dec 2008 23:10:37 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBDNAa8R042584; Sat, 13 Dec 2008 23:10:36 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBDNAa6M042583; Sat, 13 Dec 2008 23:10:36 GMT (envelope-from des@svn.freebsd.org) Message-Id: <200812132310.mBDNAa6M042583@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Sat, 13 Dec 2008 23:10:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186064 - vendor/openpam/dist/include/security X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Dec 2008 23:10:37 -0000 Author: des Date: Sat Dec 13 23:10:36 2008 New Revision: 186064 URL: http://svn.freebsd.org/changeset/base/186064 Log: Merge upstream r418: remove static build autodetection. Modified: vendor/openpam/dist/include/security/openpam.h Modified: vendor/openpam/dist/include/security/openpam.h ============================================================================== --- vendor/openpam/dist/include/security/openpam.h Sat Dec 13 22:45:22 2008 (r186063) +++ vendor/openpam/dist/include/security/openpam.h Sat Dec 13 23:10:36 2008 (r186064) @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2007 Dag-Erling Smørgrav + * Copyright (c) 2004-2008 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,7 +32,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: openpam.h 408 2007-12-21 11:36:24Z des $ + * $Id: openpam.h 418 2008-12-13 22:39:24Z des $ */ #ifndef SECURITY_OPENPAM_H_INCLUDED @@ -309,18 +309,17 @@ struct pam_module { * Infrastructure for static modules using GCC linker sets. * You are not expected to understand this. */ -#if defined(__FreeBSD__) +#if !defined(PAM_SOEXT) # define PAM_SOEXT ".so" -#else -# undef NO_STATIC_MODULES -# define NO_STATIC_MODULES #endif -#if defined(__GNUC__) && !defined(__PIC__) && !defined(NO_STATIC_MODULES) +#if defined(OPENPAM_STATIC_MODULES) +# if !defined(__GNUC__) +# error "Don't know how to build static modules on non-GNU compilers" +# endif /* gcc, static linking */ # include # include -# define OPENPAM_STATIC_MODULES # define PAM_EXTERN static # define PAM_MODULE_ENTRY(name) \ static char _pam_name[] = name PAM_SOEXT; \