Page MenuHomeFreeBSD
Files F145459009

D4744.1777963453.diff
No OneTemporary
Actions

Size
4 KB
Referenced Files
None
Subscribers
None

D4744.1777963453.diff
View Options

Index: UPDATING
===================================================================
--- UPDATING
+++ UPDATING
@@ -31,6 +31,11 @@
disable the most expensive debugging functionality run
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
+20151231:
+ With the addition of ypldap(8), a new _ypldap user is now required
+ during installworld. "mergemaster -p" can be used to add the user
+ prior to installworld, as documented in the handbook.
+
20151216:
The tftp loader (pxeboot) now uses the option root-path directive. As a
consequence it no longer looks for a pxeboot.4th file on the tftp
Index: etc/master.passwd
===================================================================
--- etc/master.passwd
+++ etc/master.passwd
@@ -23,4 +23,5 @@
auditdistd:*:78:77::0:0:Auditdistd unprivileged user:/var/empty:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
+_ypldap:*:65533:65533::0:0:YP Ldap unprivileged user:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
Index: share/examples/ypldap/ypldap.conf
===================================================================
--- /dev/null
+++ share/examples/ypldap/ypldap.conf
@@ -0,0 +1,39 @@
+domain "freebsd.org"
+interval 60
+provide map "passwd.byname"
+provide map "passwd.byuid"
+provide map "group.byname"
+provide map "group.bygid"
+provide map "netid.byname"
+
+directory "127.0.0.1" {
+ # directory options
+ binddn "cn=ldap,dc=freebsd,dc=org"
+ bindcred "secret"
+ basedn "dc=freebsd.,dc=org"
+ # starting point for groups directory search, default to basedn
+ groupdn "ou=Groups,dc=freebsd,dc=org"
+
+ # passwd maps configuration (RFC 2307 posixAccount object class)
+ passwd filter "(objectClass=posixAccount)"
+
+ attribute name maps to "uid"
+ fixed attribute passwd "*"
+ attribute uid maps to "uidNumber"
+ attribute gid maps to "gidNumber"
+ attribute gecos maps to "cn"
+ attribute home maps to "homeDirectory"
+ attribute shell maps to "loginShell"
+ fixed attribute change "0"
+ fixed attribute expire "0"
+ fixed attribute class ""
+
+ # group maps configuration (RFC 2307 posixGroup object class)
+ group filter "(objectClass=posixGroup)"
+
+ attribute groupname maps to "cn"
+ fixed attribute grouppasswd "*"
+ attribute groupgid maps to "gidNumber"
+ # memberUid returns multiple group members
+ list groupmembers maps to "memberUid"
+}
Index: usr.sbin/ypldap/ldapclient.c
===================================================================
--- usr.sbin/ypldap/ldapclient.c
+++ usr.sbin/ypldap/ldapclient.c
@@ -385,26 +385,9 @@
dns_pid = ypldap_dns(pipe_dns, pw);
close(pipe_dns[1]);
-#ifndef DEBUG
- if (chroot(pw->pw_dir) == -1)
- fatal("chroot");
- if (chdir("/") == -1)
- fatal("chdir");
-#else
-#warning disabling chrooting in DEBUG mode
-#endif
setproctitle("ldap client");
ypldap_process = PROC_CLIENT;
-#ifndef DEBUG
- if (setgroups(1, &pw->pw_gid) ||
- setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
- setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
- fatal("cannot drop privileges");
-#else
-#warning disabling privilege revocation in DEBUG mode
-#endif
-
event_init();
signal(SIGPIPE, SIG_IGN);
signal_set(&ev_sigint, SIGINT, client_sig_handler, NULL);
Index: usr.sbin/ypldap/yp.c
===================================================================
--- usr.sbin/ypldap/yp.c
+++ usr.sbin/ypldap/yp.c
@@ -83,10 +83,10 @@
yp_enable_events(void)
{
int i;
- extern fd_set svc_fdset;
+ extern fd_set svc_fdset;
struct yp_event *ye;
- for (i = 0; i < getdtablesize(); i++) {
+ for (i = 0; i < FD_SETSIZE; i++) {
if (FD_ISSET(i, &svc_fdset)) {
if ((ye = calloc(1, sizeof(*ye))) == NULL)
fatal(NULL);
Index: usr.sbin/ypldap/ypldap.c
===================================================================
--- usr.sbin/ypldap/ypldap.c
+++ usr.sbin/ypldap/ypldap.c
@@ -601,15 +601,6 @@
if ((pw = getpwnam(YPLDAP_USER)) == NULL)
fatal("getpwnam");
-#ifndef DEBUG
- if (setgroups(1, &pw->pw_gid) ||
- setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
- setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
- fatal("cannot drop privileges");
-#else
-#warning disabling privilege revocation in debug mode
-#endif
-
bzero(&tv, sizeof(tv));
evtimer_set(&ev_timer, main_init_timer, &env);
evtimer_add(&ev_timer, &tv);
Index: usr.sbin/ypldap/ypldap.conf.5
===================================================================
--- usr.sbin/ypldap/ypldap.conf.5
+++ usr.sbin/ypldap/ypldap.conf.5
@@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: April 30 2012 $
+.Dd $Mdocdate: December 31 2015 $
.Dt YPLDAP.CONF 5
.Os
.Sh NAME
@@ -155,6 +155,9 @@
.It Pa /etc/ypldap.conf
.Xr ypldap 8
configuration file.
+.It Pa /usr/share/example/ypldap/ypldap.conf
+.Xr ypldap 8
+configuration file example.
.El
.Sh SEE ALSO
.Xr ypbind 8 ,

File Metadata

Mime Type
text/plain
Expires
Tue, May 5, 6:44 AM (6 h, 36 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28559927
Default Alt Text
D4744.1777963453.diff (4 KB)

Event Timeline