Readd the function to create the parents home directory if it does not exists.
if it is only a directory at the top level of the hierarchy symlink it into /usr
as it used to be done before.
Reported by: kevlo, adrian
Watchdogd currently disables the watchdog when it exits, such as during
rc.shutdown processing. That leaves the system vulnerable to getting hung
or deadlocked during the shutdown part of a reboot. For embedded systems
it's especially important that the hardware watchdog always be active. It
can also be useful for servers that are administered remotely.
The new -x <seconds> option tells watchdogd to program the watchdog with the
given timeout just before exiting. The -x value can be longer or shorter
than the -t normal time value, to allow for various exceptional conditions
at shutdown such as allowing extra time for buffer flushing.
The exit value is also used internally in the "failsafe" handling (which
used to just disable the watchdog), on the theory that if you're using this
option, "safe" means having the watchdog always running, not disabled.
The default is still to disable the watchdog on exit if -x is not specified.
Differential Revision: https://reviews.freebsd.org/D2556 (timed out)
repository signature_type is unsupported by bootstrap pkg(7).
Previously, when signature_type specified an unsupported method,
the bootstrap pkg(7) would proceed like when signature_type is
"none". MITM attackers may be able to use this vulnerability and
bypass validation and install their own versions of pkg(8).
At this time, only fingerprint and none are supported by the
bootstrap pkg(7).
FreeBSD's official pkg(8) repository uses the fingerprint method
and is therefore unaffected.
Errata candidate.
Discussed with: bapt@
Submitted by: Fabian Keil
Obtained from: ElectroBSD
The C library already knows how to lookup eui64 entries from NIS. For
example, fwcontrol(8) does it. But /var/yp/Makefile.dist doesn't build the
eui64 maps, and ypinit(8) doesn't push them to slaves. This change fixes
that.
Reviewed by: brooks, wblock
MFC after: 2 weeks
Sponsored by: SpectraLogic Corp
Differential Revision: https://reviews.freebsd.org/D3404
Its idea was to be a simple initiator and execute several commands from
kernel level, but FreeBSD never had consumer for that functionality,
while its implementation polluted many unrelated places..
characters use the defined constant so that in case of change this
would not break.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D3340
MFC after: 2 weeks
This will help ensure we don't trash file descriptors that get used later on
in the daemon
Found via internal Coverity scan
MFC after: 2 weeks
Discussed with: cem, ed, markj
Differential Revision: https://reviews.freebsd.org/D3081
Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com>
Sponsored by: EMC / Isilon Storage Division
/usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c: In function 'pw_user_next':
/usr/home/adrian/work/freebsd/head-embedded-2/src/usr.sbin/pw/pw_user.c:680: warning: statement with no effect
Now each subcommands checks its arguments in a dedicated functions.
This helps improving input validation, code readability/maintainability
While here:
- Add a -y option to pw userdel/usermod so it can maintain NIS servers if
nispasswd is not defined in pw.conf(5)
- Allow pw -r <rootdir> to remove directory with userdel -r
- Fix bug when renaming a user which was not renaming the user name it groups
it is a member of.
- Only parse pw.conf(5) when needed.
First they are redundant with the tests we currently have on pw(8)
Second they to modify the host database instead of being self contained withing
the test directory
supposed to be manipulated
This prevent pw usermod creating a new local user when requesting to usermod on
a username is defined in LDAP.
This issue only happens when modifying the local user database (not inpacting
commands when -V or -R are used).
PR: 187653
Submitted by: tmwalaszek@gmail.com
This was causing the following error:
rescue
sh: rescue: not found
*** [rescue] Error code 127
make[1]: stopped in /usr/obj/usr/src/rescue/rescue
Sponsored by: EMC / Isilon Storage Division
-HEAD) in libntp so we can make reproducible build.
PR: bin/201661
Reviewed by: gjb, cy, roberto
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D3122
For Lenovo laptops with buggy bios (x220, t420, t520):
Write the 0xee entry into the second slot in the pmbr instead of the first
For some Dell and HP models:
The BIOS gives a warning message when booting in legacy mode from a GPT partitioned disk where the 0xee partition in the pmbr is not flagged active
For models known to have this problem, mark the pmbr active during installation
Use smbios data to identify machines known to be affected by any of the above, and offer the user the option to apply the workaround
In bsdinstall's ufs auto mode (autopart partition wizard):
Allow users to select which type of partition table to use
Keep current defaults: MBR for BIOS, GPT for UEFI
This allows users to choose GPT for legacy boot if they wish
PR: 184910
PR: 194359
Reviewed by: Michael Dexter
Approved by: marcel
MFC after: 3 days
X-MFC-With: r285594
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3091
retval is used to test the return of XML_Parse function which is ok if 1 is
returned and retval it directly returned to the main function and used as an
exit value.
if all the parsing part is done reset retval to 0 so that the command return 0
if everything ok
Differential Revision: https://reviews.freebsd.org/D3102
Reviewed by: trasz
MFC after: 3 days
Sponsored by: gandi.net
strict-aliasing rules.
Declare some variables as statics as well as some functions that are internal
helpers. Update the function broadcast_result() to a post-K&R definition.
Differential Revision: D2690
Reviewed by: rodrigc, dim
A variable was misspelled resulting in chmod executing on the installer instead of on the target chroot
PR: 191402
Submitted by: Martin Simmons <martin@lispworks.com>
Approved by: brueffer
MFC after: 3 days
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3061
Note: currently 'mkver' script is using hardcoded knowledge and always
emits -a in the version string, a more through solution would be to generate
the script with something that we own.
Rewrite rm_r to use *at function, allowing to remove home directories along with
users. only crontabs and at(1) installation are not removed
Relnotes: yes
functions
This allows to simplify the code a bit for -R by not having to keep modifying
path and also prepare the code to improve support -R in userdel
While here, add regression tests for the functionality
Add a new flag, -l, for a clean environment, same as jail(8) exec.clean.
Change the GET_USER_INFO macro into a function.
PR: 201300
Submitted by: Willem Jan Withagen
MFC after: 3 days
jail.conf parameters. This flag disallows redefinition of the parameter.
"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions. However,
one could override them by using a variable with the same name like
$name = "foo". This confused the parser and could end up with SIGSEGV.
Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf. Specifically,
"jail -c name=j1 name=j2" no longer works. This should be harmless.
PR: 196574
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D3017
Also, the changes made in r272451 and r272653 that were lost in the
merge of 4.6.2 (r276788) have been restored.
PR: 199568
Differential Revision: https://reviews.freebsd.org/D3007
Reviewed by: brooks, hiren
Approved by: jmallett (mentor)
MFC after: 1 month
in jail.conf. The following did not work correctly:
A="A_${B}_C_${D}"
B="BBBBB"
D="DDDD_${E}_FFFFF"
E="EEEEE"
PR: 189139
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D3018
The /etc/ttys entry for a serial console in FreeBSD/x86 is as follows:
ttyu0 "/usr/libexec/getty 3wire" vt100 onifconsole secure
The initial terminal type passed to getty(8) is "3wire" which sets the
CLOCAL flag. However reset(1) clears this flag and any programs that try
to open the terminal will hang waiting for DCD to be asserted.
Fix this by always asserting DCD and DSR in the emulated uart.
The following discussion on virtualization@ has more details:
https://lists.freebsd.org/pipermail/freebsd-virtualization/2015-June/003666.html
Reported by: jmg
Discussed with: grehan
temporary file is created and then a rename() call move it to official file.
This operation didn't have any check to make sure data was written to disk
and if a power cycle happens system could end up with a 0 length passwd
or group database.
There is a pfSense bug with more infor about it:
https://redmine.pfsense.org/issues/4523
The following changes were made to protect passwd and group operations:
* lib/libutil/gr_util.c:
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.c
- Replace mkstemp() by mkostemp() with O_SYNC flag to create temp file
* usr.sbin/pwd_mkdb/pwd_mkdb.c
- Added O_SYNC flag on dbopen() calls
- After rename(), fsync() call on directory for faster result
* lib/libutil/pw_util.3
- pw_lock() returns a file descriptor to master password file on success
Differential Revision: https://reviews.freebsd.org/D2978
Approved by: bapt
Sponsored by: Netgate
This allows ctld to work with isp(4) virtual ports, specifying them as
isp0/1, isp0/2, etc. There are still problems on isp(4) layer with
disabling those ports after enabling, but hopefully they can be fixed.
MFC after: 3 days
Sponsored by: iXsystems, Inc.
