Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC: r265238

Properly free resources in case of error.

CID: 1007032
Found with: Coverity Prevent(tm)

MFC r258578, r258580, r258581 (by hrs):
Replace Sun RPC license in TI-RPC library with a 3-clause BSD license
with the explicit permissions.

MFC r241143:

rpc: be sure to free cl_netid and cl_tp.

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

Tested by: David Wolfskill
Obtained from: Bull GNU/Linux NFSv4 Project (libtirpc)

MFC 240880:

Revert a change from Bull's NFSv4 libtirpc implementation:

libtirpc: be sure to free cl_netid and cl_tp

This change is causing rpc.lockd to exit after startup.

Reported by: David Wolfskill

MFC r239963:

Bring some changes from Bull's NFSv4 libtirpc implementation.

____

Fixed infinite loop in svc_run()
____

__rpc_taddr2uaddr_af() assumes the netbuf to always have a
non-zero data. This is a bad assumption and can lead to a
seg-fault. This patch adds a check for zero length and returns
NULL when found.
____

Changed clnt_spcreateerror() to return clearer
and more concise error messages.
____

Converted all uid and gid variables of the type uid_t and gid_t.
____

libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed

These fields in the rpcbind GETADDR call are being passed uninitialized
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
segfault. On x86, it sometimes causes segfaults and other times causes
garbage to be sent on the wire.

rpcbind generally ignores the r_owner field for calls that come in over
the wire, so it really doesn't matter what we send in that slot. We just
need to send something. The reference implementation from Sun seems to
send a blank string. Have ours follow suit.
____

libtirpc: be sure to free cl_netid and cl_tp

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

____

Obtained from: Bull GNU/Linux NFSv4 Project

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by: Isilon Systems
Reviewed by: alfred

Sync part of NetBSD rev. 1.14

Fix unpaired sigblock which possibly leaves the process with all
signals blocked.

MFC after: 2 weeks

Staticize a couple of functions.

Remove a few unused locks.

Remove locks from application namespace.

Avoid pointer arithmetics on void *.

Approved by: alfred

Try to bring some sanity to the SCM ID's.
+ spell LIBC_SCCS consistently
+ enable builds with LIBC_SCCS defined to not syntax error
+ minor SCM reformatting to try to have some consistency

Avoid using void pointers in additive expressions.

PR: 56653 (libc/rpc bits)
Approved by: alfred

clnt_vc_create() has const scalar arguments that wind up being modified,
fix it (make them non-const) and update the associated documentation.

Submitted by: mbr

Silence several warnings due to functions that needed to take a void *
having a char * as an argument instead. clnt_dg_control(), clnt_raw_control(),
clnt_vc_control().

Spell void * as void * rather than caddr_t. This is complicated by the
fact that caddr_t is often misspelled as char *.

Sponsored by: DARPA, NAI Labs

Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.

Remove multi-line __P() usage.

Remove __P() usage.

o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on: alpha, i386
Reviewed by: bde, jake, tmm

Hopefully improve control message passing over Unix domain sockets.

1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.

2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.

3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.

4) You can now send SCM_TIMESTAMP messages.

5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).

This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).

6) Fix userland programs to use CMSG_* macros too.

7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.

PR: 29499
MFC after: 6 weeks

Copy the sockaddr from the netbuf data area, not from the netbuf
data pointer. This bug has been here since the ti-rpc import; it
apparently broke the clnt_control CLGET_SVC_ADDR options.

PR: misc/27813
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>

Remove some hacks that were apparently added to avoid problems with
RPC clients hanging. The real problem turned out to be missing
cleanup code; this was fixed in clnt_vc.c r1.5 and clnt_dg.c r1.4.

Submitted by: Martin Blapp <mb@imp.ch>

There were a few error cases where the RPC code would return with
all signals masked (whoops). Add the missing cleanup code.

Reviewed by: Martin Blapp <mb@imp.ch>, alfred

Move the #includes of reentrant.h to after the `#include "namespace.h"',
so that the underscored versions of the pthread functions get
declared. This removes around 300 lines of 'implicit declaration
of XXX' warnings from the output of a libc build with -Wall.

Reviewed by: Martin Blapp <mb@imp.ch>, alfred

Remove struct cmessage from sys/socket.h and reintroduce the private
definitions.

Requested by: wollman

Hopefully fix some of the bugs in passing credentials over UNIX domain sockets.

Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)

Make __rpc_get_local_uid() useable and give it prototype that's
visible.

Fix some issues with printing out usernames from rpcbind and keyserv.

Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

Bring in required TLI library routines to support this.

Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.

This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).

The submitter has agreed to continue on and bring us up to the
1999 release.

Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.

Many userland updates were done to bring the code up to par with
the recent RPC API.

There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.

While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.

New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.

Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.

Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul