Just return from jkfprintf if either (a) user lookup fails (that is,
getpwnam fails) or (b) setuid() to the user's uid fails. If comsat is
invoked from inetd using the default of tty:tty we will now return due
to setuid() failing rather than fopen() failing.
PR: 270404
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47823
(cherry picked from commit 062b69ba045dc0fef3d9b8d73365d2798c05a480)
Other atf components are guarded by WITH_TESTS_SUPPORT already.
WITH_TESTS is for actual tests.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47660
(cherry picked from commit 43e045c1733d50fad79f3a53e05140b8dc0d7fa6)
Some sanitizers need to be able to use dl_iterate_phdr() after stopping
the rest of the process, but it's very hard to do so reliably as a
non-participant in the main logic of the program.
Introduce _dl_iterate_phdr_locked to bypass the locking that's normally
required for dl_iterate_phdr() and slap some scary warning on it. It
will remain undocumented and probably shouldn't be used for anything
else.
Reviewed by: kib
(cherry picked from commit 1426fd6cff0603f0ee275b99f2ba35dc36f3d0c2)
net/frr[89] revealed an interesting edge-case on arm when dynamically
linking a shared library that declares more than one static TLS variable
with at least one using the "initial-exec" TLS model. In the case
of frr[89], this library was libfrr.so which essentially does the
following:
#include <stdio.h>
#include "lib.h"
static __thread int *a
__attribute__((tls_model("initial-exec")));
void lib_test()
{
static __thread int b = -1;
printf("&a = %p\n", &a);
printf(" a = %p\n", a);
printf("\n");
printf("&b = %p\n", &b);
printf(" b = %d\n", b);
}
Allocates a file scoped `static __thread` pointer with
tls_model("initial-exec") and later a block scoped TLS int. Notice in
the above minimal reproducer, `b == -1`. The relocation process does
the wrong thing and ends up pointing both `a` and `b` at the same place
in memory.
The output of the above in the broken state is:
&a = 0x4009c018
a = 0xffffffff
&b = 0x4009c018
b = -1
With the patch applied, the output becomes:
&a = 0x4009c01c
a = 0x0
&b = 0x4009c018
b = -1
Reviewed by: kib
Approved by: kp (mentor)
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42415/
(cherry picked from commit 98fd69f0090da73d9d0451bd769d7752468284c6)
The tftpd tests all follow the same pattern:
1. open a UDP socket,
2. fork a child to exec tftpd, which subsequently handles requests on
the socket,
3. use a client socket to send some message to the tftpd daemon.
However, tftpd's first action is to mark its socket as non-blocking and
then read a request from it. If no data is present in the socket, tftpd
exits immediately with an error. So, there is a race; we often see
tftpd test timeouts when running tests in parallel. These timeouts also
arise periodically in CI runs.
One solution is to restructure each test to create the server socket,
then write the request to the client socket, then fork tftpd. This
closes the race. However, this involves a lot of churn.
This patch fixes the problem a different way, by adding a new -b flag to
tftpd which makes it block to read the initial request. Each test is
modified to use -b, closing the race.
Reviewed by: imp, asomers
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47404
(cherry picked from commit 79c342aaf86feb4efbd15383f54e4fe7bdc9da7b)
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
Differential Revision: https://reviews.freebsd.org/D47346
(cherry picked from commit 8d6feaaaa26f444abb209360e52b993e39cb81bb)
It was originally /usr/src/contrib/ipfilter/rules and moved to
/usr/src/share/examples/ipfilter/rules in 41edb306f0.
Point to users to /usr/src/share/examples/ipfilter instead, as the base
directory also contains example rules.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47392
(cherry picked from commit 8934526be1843ba033e1423f6ecd8b3b3f2a9c23)
Some kernel modules will print informative messages when they are
loaded, making the output confusing. Print everything up front instead.
Fixes: 152382e6613d ("rc.d/kld: Print the kernel modules being loaded")
(cherry picked from commit 3e55170e0fa2695f6d662e3ab67201138a6f8698)
Add naive support for openstack network config.
if no config driver have been found, try to detect that we are running a
VM on openstack via the smbios information, use the first iface
available and temporary activate dhcp on it, to be able to fetch the
necessary informations for cloudinit.
While here make the rc script execute after devmatch, some ethernet
device might be attached via devmatch and may be needed for cloudinit.
Tested on OVHCloud Public Cloud.
MFC after: 3 weeks
Sponsored by: OVHCloud
(cherry picked from commit 2775b9b0bcc278dd4183b57784953c26a3fcdc89)
These were reported by `mandoc -T lint ...` as warnings.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1475
(cherry picked from commit b74aaa1a2199261f9078247d29481a994b6b5e42)
If you have a mail server that is running sendmail daemon
(sendmail_enable=YES) and sendmail queue runner (sendmail_msp_queue=YES)
and the sendmail daemon dies, /etc/rc.d/sendmail status does see the
daemon is not running but returns 0 as the exit code. This prevents
other programs (like puppet) from restarting sendmail to fix the issue.
Make sure that the exit code is propagated towards the end of the script
if any of the sendmail services fail.
This patch does not call exit directly but instead just sets the exit
status code by calling exit in a subshell. This way we do not exit the
current shell in case the service script is sourced (e.g., when
rc_fast_and_loose is active).
PR: 223132
MFC after: 2 weeks
Reported by: pirzyk
Discussed with: jilles, eugen
Reviewed by: christos, gshapiro (previous version), markj
Approved by: christos (mentor), markj (mentor)
Differential Revision: https://reviews.freebsd.org/D46862
Co-authored-by: Jim Pirzyk <pirzyk@FreeBSD.org>
(cherry picked from commit d2e7bb630b83848a774d8213014a9e0747775019)
The sendmail service script needs to be stopped during shutdown
to ensure a clean shutdown of active SMTP connections (and writing
any in memory queue files).
rcorder(8) requires the rcorder block to be an uninterrupted sequence of
REQUIRE, PROVIDE, BEFORE, and KEYWORD lines. Having a comment in between
REQUIRE and KEYWORD makes rcorder stop parsing the block when it reaches
the comment.
Fix that by moving the comment out from the rcorder block.
Reviewed by: bnovkov, christos, gshapiro, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46924
(cherry picked from commit 8751fbe36ff02ed695f02132ee6eac723d2bbe3f)
- Export NUAGE_FAKE_ROOTDIR only once
- Use the header section of the test to require the root user
- Use the PWD environment variable
- Set the root/sys shell as /bin/sh
- Use RFC 5737 reserved IP addresses
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit e72457c4f5166eef2a27249e02f3c1e9a1cf852d)
The hashed password usually contains a "$" sign, which, when used on a
shell, must be escaped. Also, the plain text password may contain
special characters that require escaping.
Add a quick fix by enclosing it in single quotes. Note that if the
plain text password contains a "'", it will still fail. This will be
properly fixed in later commits.
Some here documents require the document to be a string literal,
especially when passing invalid characters. Enclose it in single
quotes.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit b9ce743c5447e90c2c97f4d49e048c301f708527)
Standardize the utilities from nuage.lua, to return nil on failure, plus
an error message as a second result, and some value different from nil
on success.
Make warnmsg() and errmsg() append "nuageinit: " by default. Pass an
optional second parameter as false to avoid printing this tag.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit 945632ca76117029e7bd1f46d17ccb378973daf7)
Prefer posix.sys.stat's chmod() to os.execute(). While here, change the
name of the locals to be more descriptive.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit 9b2d92addc31ba6f5696c85d184a45d43e9073dc)
Silence a warning emitted by fread(3) in fstyp(8)'s read_buf(), when
detecting the file system type of the cloud-init device:
% fstyp /dev/iso9660/cidata
fstyp: fread: Invalid argument
cd9660
Also rephrase slightly a comment while here.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit d71e2c037c942dbe2a9fd2630d5cf155dd1bf7db)
Mostly white space, style, and luacheck compliance.
Signed-off-by: Jose Luis Duran <jlduran@gmail.com>
(cherry picked from commit 504981357aa36365784458cfe8d9e23097bfac7b)
As of 1b5be7204e we setup parts of IPv6
before IPv4 if configured. For consistency change a case in ifn_start()
calling ipv6_up() before ipv4_up() and reverse in ifn_stop().
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D33426
(cherry picked from commit ed4d2a54fc7a0397c2042f496f176305ca03ebdd)
As with various other rc scripts, we don't want the output from this
being visible in the boot log.
Fixes: 6437872c1d66 ("New sysctl to disable NOMATCH until devmatch runs")
MFC after: 1 week
(cherry picked from commit 62775aebf725a79703592f3276118245a74afdac)
in openstack when no user is specified but a sshkey is provided
the information is stored in meta_data.json under "public_keys"
PR: 280461
Reported by: tdb
(cherry picked from commit 19fb9ad746517c7af9d79a982334b2550f285355)
Commit 07d17ca189fcf3cc44b7706040b05ca8135c3b85 set the recommended
permissions for the SSH authorized keys file and directory. The tests,
however, were failing on CI.
Use stat to check for the proper permissions.
Fixes: 07d17ca189f nuageinit: Set recommended SSH permissions
Reported by: Jenkins
(cherry picked from commit 8edd6c07c8dafcc5828bceb5fea0684c7d0d0775)
As stated in sshd(8), the recommended permissions for ~/.ssh are
read/write/execute for the user, and not accessible by others; and the
recommended permissions for ~/.ssh/authorized_keys are read/write for
the user, and not accessible by others.
(cherry picked from commit 07d17ca189fcf3cc44b7706040b05ca8135c3b85)
Per pw(8), when -H is set, the password should be supplied already
encrypted in a form suitable for writing directly to the password
database (passwd in cloud-init tems); -h provides a special interface by
which interactive scripts can set an account password using pw(8) in
plain text (plain_text_passwd in cloud-init terms).
The default user (freebsd) is defined with a plain_text_passwd
(freebsd), not with an encrypted one.
(cherry picked from commit 7b73ecfe648487c7706ac2b854dcf1435e60e4ca)
openstack, ec2 and other implementation of cloudinit disagrees on the
name of the file "user-data" or "user_data", test both and use the first
found
PR: 279876
(cherry picked from commit cde6642431bb0ca21aeebc7c521e99c681d31ffb)
Commit 99132daf6f70cb0cc969c555d3612547fa3cf1db prepends /usr/lib32 to
the list of paths in ldconfig32_paths since it is a standard library
path in ld-elf32.so.1. Remove /usr/lib32 from the value in rc.conf so
that it is not listed twice.
Reviewed by: olce, kib
Sponsored by: University of Cambridge, Google, Inc.
Differential Revision: https://reviews.freebsd.org/D44752
(cherry picked from commit 4bf5db113f760619bf754c22864b1d7e2acdeabd)
Move logic that computes paths passed to ldconfig(8) to a
ldconfig_paths() function that can be called for multiple ABIs.
Reviewed by: olce, kib
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D44751
(cherry picked from commit e6e38bc522e29de6299536b547bf11dab11e9679)
Introduce a new rc.conf option to not wait for ARP resolution within
dhclient. This is plausible on many modern networks where it is possible
to trust the DHCP server to know whether an IP address is available.
Sponsored by: Google LLC (GSoC 2024)
Signed-off-by: Isaac Cilia Attard <icattard@FreeBSD.org>
MFC after: 10 days
Reviwed by: cperciva, brooks, Tom Hukins, Alexander Ziaee
Pull Request: https://github.com/freebsd/freebsd-src/pull/1368
(cherry picked from commit 503adcdf1db35eab0f3d35392947a6da3bd19539)
These ones were unambiguous cases where the Foundation was the only
listed copyright holder.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5c2bc3db201a4fe8d7911cf816bea104d5dc2138)
11da791920ba switched Leap-seconds source from IANA to IERS, as IERS
is the canonoical source. The problem ist that IERS is not accessible
from IPv6 only networks. To work around this we must add IANA back in
order to provide IPv6-only users a source for leap-seconds fetch.
PR: 279413
Fixes: 11da791920ba
(cherry picked from commit 66f360515d2829d261c0ad7bd516e9dd18c2dd83)
Add a macro the architectures can use to add per-arch fields to
Struct_Obj_Entry.
Reviewed by: kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45116
(cherry picked from commit 06db20ffeca9898e5802d63f3b06caaa37c3a4ed)
