tests.7: Remove an unused configuration variable
No existing tests require it, and I cannot understand what kinds of test
scenarios are supposed to require it. Just remove it.
While here, improve the documentation of test variables a bit.
Reviewed by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56604
(cherry picked from commit 6bd97b5f3778aa36bcf89ff870bb1483b301a9be)
rpcsec_tls: Avoid a socket reference underflow in rpctls_server()
The upcall_sockets tree owns a ref on any resident socket. When a
socket is removed after a TLS handshake failure, rpctls_rpc_failed()
thus calls soclose().
rpctls_server() does not acquire an extra ref to compensate for this.
So, if the upcall fails, e.g., because rpc.tlsservd is not running,
we'll call soclose() to drop the reference, but this effectively
releases the xprt layer's reference.
Fix the problem by explicitly acquiring a socket reference when adding
a socket to the upcall tree.
PR: 289734
Reviewed by: rmacklem, glebius
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57555
[2 lines not shown]
tests: Fix race condition in aslr_setuid
Use a cloexec pipe to block the parent until the child is ready.
While here, redirect the output from ping to /dev/null, and mark the
test as requiring the inet feature since we ping the IPv4 loopback.
PR: 296116
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57734
[LV] Tests for combined exit conditions
Some initial tests for loops where earlier scalar transforms have
combined a countable exit with an uncountable one.
rc: work around zpool-imporit disappearing devices nodes briefly
Observed this on 15.1 with the importer step of the installer not
seeing /dev/ada0p3 and opening the wrong one /dev/ada0p1 instead.
The issue wasn't the scripting but the fact that ada0p3 was briefly
unavailable. This was an full UFS system, no ZFS pools installed.
Restrict TOTP interval to supported values
This commit adds changes to restrict the per-user two-factor TOTP interval to 30 or 60 seconds, since the OATH users file consumed by pam_oath only understands those time-steps and any other value silently breaks 2FA for the user. A migration clears the secret and resets the interval for existing rows holding an unsupported value so affected users re-enroll, and the render-time coercion is dropped now that the input is validated at the API.
(cherry picked from commit aaf8345258c69177b2fd6c847636bbf08bb75fb2)
NAS-141431 / 26.0.0-RC.1 / Restrict TOTP interval to supported values (#19170)
This commit adds changes to restrict the per-user two-factor TOTP
interval to 30 or 60 seconds, since the OATH users file consumed by
pam_oath only understands those time-steps and any other value silently
breaks 2FA for the user. A migration clears the secret and resets the
interval for existing rows holding an unsupported value so affected
users re-enroll, and the render-time coercion is dropped now that the
input is validated at the API.
jail.8: Fix two typos in the manual page
- s/Similarily/Similarly/
- s/passtrough/passthrough/
(cherry picked from commit d9e0452f0c8af6b0c03b0bb2e3b824095021e168)
