BSD Commit Log Search

NAS-135784 / 25.04.2 / Avoid TOCTOU issues in account and iscsi.target (by anodos325) (#16468)

This commit changes the behavior of get_next_uid and get_next_gid such
that we keep track of uids/gids handed out by this endpoint and prevent
them from being reused in concurrent calls. These reservations of uid /
gids time out after one hour.

During investigation it was discovered that additional simpler toctou
issues existed related to iscsi.target and nvmet namespaces. These ones
were remedied by adding locking.

Original PR: https://github.com/truenas/middleware/pull/16460
Jira URL: https://ixsystems.atlassian.net/browse/NAS-135784

Co-authored-by: Andrew Walker <awalker at ixsystems.com>

NAS-135784 / 25.10 / Avoid TOCTOU issues in account and iscsi.target (#16460)

This commit changes the behavior of get_next_uid and get_next_gid such
that we keep track of uids/gids handed out by this endpoint and prevent
them from being reused in concurrent calls. These reservations of uid /
gids time out after one hour.

During investigation it was discovered that additional simpler toctou
issues existed related to iscsi.target and nvmet namespaces. These ones
were remedied by adding locking.

Avoid modifying dict while iterating keys

This bug was introduced while addressing review.

Handle incus service itself in attachment delegate

Fix

NAS-135792 / 25.04.2 / Fix mutual TLS authentication for LDAP (#16466)

This commit fixes a longstanding validation bug in mutual tls
authentication for the LDAP plugin. Tests will be added once CI pipeline
added with this authentication type and an LDAP identity provider. This
commit is not targeted for master since the underlying fix will be
rolled into the overall larger rewrite project.

Fix mutual TLS authentication for LDAP

This commit fixes a longstanding validation bug in mutual tls
authentication for the LDAP plugin. Tests will be added once
CI pipeline added with this authentication type and an LDAP
identity provider. This commit is not targeted for master since
the underlying fix will be rolled into the overall larger rewrite
project.

fix migration

fix tests

Make the lock type clearer

Merge branch 'master' of https://github.com/truenas/middleware into NAS-135606

Merge branch 'master' of https://github.com/truenas/middleware into NAS-133835

Revert "NAS-131416 / 25.10 / Convert service management plugin to jobs" (#16465)

Reverts truenas/middleware#16380

flake8

Fix typo

Fix mtls auth LDAP

Address review

Address review

don't raise `KeyError` in `_create_model`

Fix

Allow running containers in privileged mode

fix leaving stale db entries on interface delete

NAS-135790 / 25.04.2 / Fix test client with py_exceptions=False (#16463)

NAS-131416 / 25.10 / Convert service management plugin to jobs (#16380)

NAS-135788 / 25.10 / remove comment from debian/control (#16462)

Nightly builds are failing because of this comment line.

remove comment from debian/control

fix leaving stale db entries on interface delete

`APIVersion` raises `APIVersionDoesNotContainModelException` instead

polymorphic method `register_model`

Adjust unit test

Make it so that unit test exercises concurrent attempts to get
next uid / gid.