Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r258578, r258580, r258581 (by hrs):
Replace Sun RPC license in TI-RPC library with a 3-clause BSD license
with the explicit permissions.

rpc: fix __rpc_getconfip

__rpc_getconfip is supposed to return the first netconf
entry supporting tcp or udp, respectively. The code will
currently return the *last* entry, plus it will leak
memory when there is more than one such entry.

Tested by: David Wolfskill
Obtained from: Bull GNU/linux NFSv4 Project (libtirpc)

MFC r241007, r241008:

Complete revert of r239963 (from head).

The attempt to merge changes from the linux libtirpc caused
rpc.lockd to exit after startup under unclear conditions.

Reported by: David Wolfskill

MFC r239963:

Bring some changes from Bull's NFSv4 libtirpc implementation.

____

Fixed infinite loop in svc_run()
____

__rpc_taddr2uaddr_af() assumes the netbuf to always have a
non-zero data. This is a bad assumption and can lead to a
seg-fault. This patch adds a check for zero length and returns
NULL when found.
____

Changed clnt_spcreateerror() to return clearer
and more concise error messages.
____

Converted all uid and gid variables of the type uid_t and gid_t.
____

libtirpc: set r_netid and r_owner in __rpcb_findaddr_timed

These fields in the rpcbind GETADDR call are being passed uninitialized
to CLNT_CALL. In the case of x86_64 at least, this usually leads to a
segfault. On x86, it sometimes causes segfaults and other times causes
garbage to be sent on the wire.

rpcbind generally ignores the r_owner field for calls that come in over
the wire, so it really doesn't matter what we send in that slot. We just
need to send something. The reference implementation from Sun seems to
send a blank string. Have ours follow suit.
____

libtirpc: be sure to free cl_netid and cl_tp

When creating a client with clnt_tli_create, it uses strdup to copy
strings for these fields if nconf is passed in. clnt_dg_destroy frees
these strings already. Make sure clnt_vc_destroy frees them in the same
way.

____

Obtained from: Bull GNU/Linux NFSv4 Project

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Fix a bug in the previous change: remove function-local definition of
tcp_key and udp_key that shadows the global definition.

PR: threads/144558
Submitted by: Sam Robb

Use thr_once() with once_t controls to initialize various thread_key_t
objects used to provide per-thread storage in the RPC code. Almost all
of these used double-checking with a dedicated mutex (tsd_lock) to do this
before. However, that is not always safe with more relaxed memory orders.
There were also other bugs, such as one in __rpc_createrr() that caused a
new key to be allocated each time __rpc_createrr() was invoked.

PR: threads/144558
Reported by: Sam Robb samrobb of averesystems com (key leak)
MFC after: 1 week

Fix some improper handling of malloc failures

PR: bin/83344 , kern/81987
Reviewed by: alfred
Approved by: re (kensmith)
MFC after: 1 week

Staticize a couple of functions.

Remove a few unused locks.

Remove locks from application namespace.

Don't use NULL to compare against a char.

Obtained from: NetBSD

Free the correct buffer in error handling.
Handle that malloc may return NULL.

NetBSD Rev. 1.8

Reviewed by: phk
Obtained from: NetBSD

Fix memleak.

Reviewed by: rwatson
MFC after: 2 weeks

Change the name for the local unix-socket based protocol
from "unix" back to "local". Add some compat stuff so both
ways work for some time.

Reviewed by: phk
Approved by: imp (UPDATING)
Requested by: iedowse, lukem@netbsd.org

Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.

Remove __P() usage.

Fix cc -Wall, fix rcsid warnings, add missing prototypes,
change prototypes to be the same as in the original sun tirpc code.
Remove ()P macro in a file where the mayority had ()P already removed.
Add them if the mayority use ()P macros.

Submitted by: mbr
Requested by: bde

Extract the path from an AF_LOCAL sockaddr_un in a way that correctly
terminates the string in all cases, based on code from netstat(1).
The path in a sockaddr_un is terminated either by a '\0', or by
the end of the sockaddr as defined by sun_len.

Previously, the code could write the "safety" '\0' beyond the end
of the sockaddr (sockaddr_un's need only be large enough to store
sun_len bytes), and writing into the the supplied sockaddr is bad
anyway.

The function __rpc_uaddr2taddr_af() converts an RPC "universal
address" string to a netbuf/sockaddr "transport address". In the
case of an AF_LOCAL address, it was missing the code to actually
point the netbuf at the newly allocated sockaddr_un, so the caller
ended up with a netbuf containing junk.

Submitted by: Martin Blapp <mb@imp.ch>

The maximum RPC message size was set at 8k for UDP. This is lower
than the default buffer size in the old RPC code (8800 bytes), and
it could not be overriden by the application. This caused problems
with CFS (/usr/port/security/cfs).

Change this default back to UDPMSGSIZE (8800 bytes), but more
importantly, allow applications to use larger message sizes for
all protocols if desired. Choose an arbitrary maximum message size
of 256k instead of using the default as the maximum (which is
silly).

Reported by: ache
Reviewed by: alfred, Martin Blapp <mb@imp.ch>

Move the #includes of reentrant.h to after the `#include "namespace.h"',
so that the underscored versions of the pthread functions get
declared. This removes around 300 lines of 'implicit declaration
of XXX' warnings from the output of a libc build with -Wall.

Reviewed by: Martin Blapp <mb@imp.ch>, alfred

Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

Bring in required TLI library routines to support this.

Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.

This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).

The submitter has agreed to continue on and bring us up to the
1999 release.

Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.

Many userland updates were done to bring the code up to par with
the recent RPC API.

There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.

While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.

New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.

Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.

Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul