svn commit: r293801 - in head: . etc share/examples/ypldap usr.sbin/ypldap

Antoine Brodin antoine at FreeBSD.org
Sun Jan 24 13:58:09 UTC 2016


On Jan 13, 2016 2:49 AM, "Marcelo Araujo" <araujo at freebsd.org> wrote:
>
> Author: araujo
> Date: Wed Jan 13 01:49:35 2016
> New Revision: 293801
> URL: https://svnweb.freebsd.org/changeset/base/293801
>
> Log:
>   ypldap(8) is a feature ready to be used to translate nis(8) database to
ldap(3).
>
>   This commit, fix a core dump on ypldap(8) related with memory
allocation.
>   Also an example of how to set the ypldap.conf(5) properly is added to
>   examples files.
>
>   A new user _ypldap is required to be able to run ypldap(8) as well as
>   in a chroot mode.
>
>   Reviewed by:  rodrigc (mentor), bjk
>   Approved by:  bapt (mentor)
>   Relnotes:     Yes
>   Sponsored by: gandi.net
>   Differential Revision:        https://reviews.freebsd.org/D4744
>

Hi,

Uid 93 is already used in the ports tree by jabber.  (/usr/ports/UIDs)

Cheers,

Antoine

> Added:
>   head/share/examples/ypldap/
>   head/share/examples/ypldap/ypldap.conf   (contents, props changed)
> Modified:
>   head/UPDATING
>   head/etc/master.passwd
>   head/usr.sbin/ypldap/yp.c
>   head/usr.sbin/ypldap/ypldap.conf.5
>
> Modified: head/UPDATING
>
==============================================================================
> --- head/UPDATING       Wed Jan 13 01:32:04 2016        (r293800)
> +++ head/UPDATING       Wed Jan 13 01:49:35 2016        (r293801)
> @@ -31,6 +31,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11
>         disable the most expensive debugging functionality run
>         "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
>
> +20160113:
> +       With the addition of ypldap(8), a new _ypldap user is now required
> +       during installworld. "mergemaster -p" can be used to add the user
> +       prior to installworld, as documented in the handbook.
> +
>  20151216:
>         The tftp loader (pxeboot) now uses the option root-path
directive. As a
>         consequence it no longer looks for a pxeboot.4th file on the tftp
>
> Modified: head/etc/master.passwd
>
==============================================================================
> --- head/etc/master.passwd      Wed Jan 13 01:32:04 2016        (r293800)
> +++ head/etc/master.passwd      Wed Jan 13 01:49:35 2016        (r293801)
> @@ -22,5 +22,6 @@ uucp:*:66:66::0:0:UUCP pseudo-user:/var/
>  pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
>  auditdistd:*:78:77::0:0:Auditdistd unprivileged
user:/var/empty:/usr/sbin/nologin
>  www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
> +_ypldap:*:93:93::0:0:YP Ldap unprivileged
user:/var/empty:/usr/sbin/nologin
>  hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
>  nobody:*:65534:65534::0:0:Unprivileged
user:/nonexistent:/usr/sbin/nologin
>
> Added: head/share/examples/ypldap/ypldap.conf
>
==============================================================================
> --- /dev/null   00:00:00 1970   (empty, because file is newly added)
> +++ head/share/examples/ypldap/ypldap.conf      Wed Jan 13 01:49:35 2016
      (r293801)
> @@ -0,0 +1,40 @@
> +$FreeBSD$
> +domain         "freebsd.org"
> +interval       60
> +provide map    "passwd.byname"
> +provide map    "passwd.byuid"
> +provide map    "group.byname"
> +provide map    "group.bygid"
> +provide map    "netid.byname"
> +
> +directory "127.0.0.1" {
> +       # directory options
> +       binddn "cn=ldap,dc=freebsd,dc=org"
> +       bindcred "secret"
> +       basedn "dc=freebsd.,dc=org"
> +       # starting point for groups directory search, default to basedn
> +       groupdn "ou=Groups,dc=freebsd,dc=org"
> +
> +       # passwd maps configuration (RFC 2307 posixAccount object class)
> +       passwd filter "(objectClass=posixAccount)"
> +
> +       attribute name maps to "uid"
> +       fixed attribute passwd "*"
> +       attribute uid maps to "uidNumber"
> +       attribute gid maps to "gidNumber"
> +       attribute gecos maps to "cn"
> +       attribute home maps to "homeDirectory"
> +       attribute shell maps to "loginShell"
> +       fixed attribute change "0"
> +       fixed attribute expire "0"
> +       fixed attribute class ""
> +
> +       # group maps configuration (RFC 2307 posixGroup object class)
> +       group filter "(objectClass=posixGroup)"
> +
> +       attribute groupname maps to "cn"
> +       fixed attribute grouppasswd "*"
> +       attribute groupgid maps to "gidNumber"
> +       # memberUid returns multiple group members
> +       list groupmembers maps to "memberUid"
> +}
>
> Modified: head/usr.sbin/ypldap/yp.c
>
==============================================================================
> --- head/usr.sbin/ypldap/yp.c   Wed Jan 13 01:32:04 2016        (r293800)
> +++ head/usr.sbin/ypldap/yp.c   Wed Jan 13 01:49:35 2016        (r293801)
> @@ -83,10 +83,10 @@ void
>  yp_enable_events(void)
>  {
>         int i;
> -       extern fd_set   svc_fdset;
> +       extern fd_set svc_fdset;
>         struct yp_event *ye;
>
> -       for (i = 0; i < getdtablesize(); i++) {
> +       for (i = 0; i < FD_SETSIZE; i++) {
>                 if (FD_ISSET(i, &svc_fdset)) {
>                         if ((ye = calloc(1, sizeof(*ye))) == NULL)
>                                 fatal(NULL);
>
> Modified: head/usr.sbin/ypldap/ypldap.conf.5
>
==============================================================================
> --- head/usr.sbin/ypldap/ypldap.conf.5  Wed Jan 13 01:32:04 2016
(r293800)
> +++ head/usr.sbin/ypldap/ypldap.conf.5  Wed Jan 13 01:49:35 2016
(r293801)
> @@ -15,7 +15,7 @@
>  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF
>  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  .\"
> -.Dd $Mdocdate: April 30 2012 $
> +.Dd $Mdocdate: January 13 2016 $
>  .Dt YPLDAP.CONF 5
>  .Os
>  .Sh NAME
> @@ -155,6 +155,9 @@ Use the supplied LDAP filter to retrieve
>  .It Pa /etc/ypldap.conf
>  .Xr ypldap 8
>  configuration file.
> +.It Pa /usr/share/example/ypldap/ypldap.conf
> +.Xr ypldap 8
> +configuration file example.
>  .El
>  .Sh SEE ALSO
>  .Xr ypbind 8 ,
>


More information about the svn-src-all mailing list