Commit Graph

3502 Commits

Author SHA1 Message Date
Konstantin Belousov 3eafe01884 rtld-elf: add some tests for parse_integer()
Reviewed by:	des, dim
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57549
2026-06-14 04:02:00 +03:00
Konstantin Belousov 4249a9bc09 rtld parse_integer(): support binary, octal, and hex C notations
Reviewed by:	des, dim
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57549
2026-06-14 04:01:55 +03:00
Pouria Mousavizadeh Tehrani 9f80c8b90b rc.d/routing: Silence errors for loopback routes
_loopback entry in `static_routes` ensures a loopback route
exists in all routing tables.
However, loopback routes may already be added by the kernel.
Therefore, re-adding them triggers an `EEXIST` error on every boot.
This change suppresses those harmless errors.

PR:		259553
MFC after:	1 week
Reviewed by:	glebius, jlduran, markj
Differential Revision:	https://reviews.freebsd.org/D57470
2026-06-12 19:48:28 +03:30
Baptiste Daroussin 13fb6dbc73 nuageinit: validate set-name to prevent shell injection in variable names
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.
2026-06-09 18:04:25 +02:00
Baptiste Daroussin 09d068e527 nuageinit: fix shell injection in power_state_change delay and add test 2026-06-09 18:04:25 +02:00
Baptiste Daroussin 0211c8722f nuageinit: fix shell command injection in multiple rc.conf.d writes 2026-06-09 18:04:24 +02:00
Baptiste Daroussin da3890fdcc nuageinit: use single-quote shell escaping for hostname in rc.conf.d
The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).

Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.

While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.

Reported by:	Yazdan Soltani <yazdan.soltani@gmail.com>
2026-06-09 18:04:24 +02:00
Jesús Daniel Colmenares Oviedo ea3426bc80 nuageinit: Create parent directories in write_files
Currently, 'write_files' does not create parent directories, and
'runcmd' cannot be used here, since those scripts run after the files
have been written. The only workaround is to create the files in an
existing directory, such as '/root' or '/tmp', and then move those
files using 'runcmd', but this is cumbersome when there are many files,
even if they are small.

With this change, nuageinit now creates the parent directories for each
file using the path field, which mimics the same behavior as in
cloud-init.

Permissions and ownership can also be configured using 'runcmd'.

Reviewed by:            bapt@
Approved by:            bapt@
Differential Revision:  https://reviews.freebsd.org/D57395
2026-06-08 17:05:09 -04:00
Baptiste Daroussin e5ef12ccd0 nuageinit: install certs in /usr/share/certs/trusted
Suggested by:	kevans
2026-06-06 21:31:21 +02:00
Baptiste Daroussin bad3c15dff nuageinit: update documentation for phone_home and final_message 2026-06-06 08:17:04 +02:00
Baptiste Daroussin 68e60bb8b6 nuageinit: expose decode_base64 to fix tests 2026-06-06 08:05:50 +02:00
Baptiste Daroussin 58653bf4d0 nuageinit: implement phone_home support
Posts instance data (hostname, instance_id, public keys) to a URL
using fetch(1). Supports:
- url: target URL
- post: list of data items to send, or 'all'
- tries: number of retry attempts (default 1)
2026-06-05 23:28:25 +02:00
Baptiste Daroussin e01f202ecf nuageinit: implement final_message support 2026-06-05 23:03:45 +02:00
Baptiste Daroussin 71e8122b3f nuage.lua: add encode_base64 helper 2026-06-06 08:01:48 +02:00
Baptiste Daroussin 328a76d17f nuageinit: implement power_state_change and locale support 2026-06-05 22:48:18 +02:00
Baptiste Daroussin be711ade6f nuageinit: implement MIME multipart user-data support
Add support for MIME multipart/mixed user-data, allowing a single
user-data blob to contain multiple parts with different content types.
2026-06-05 22:45:54 +02:00
Baptiste Daroussin b56f029add nuageinit: implement ca_certs support
Add support for the 'ca_certs' cloud-config key which manages
CA certificates by writing them to /etc/ssl/certs/ and running
certctl rehash.
2026-06-05 22:27:07 +02:00
Baptiste Daroussin 6d27d52ccd nuageinit: implement ntp support
Add support for the 'ntp' cloud-config key which configures NTP
by writing /etc/ntp.conf with server and pool entries.
2026-06-05 22:25:29 +02:00
Dag-Erling Smørgrav 641e8e3956 Revert "libc: Constify the getcap API"
This broke cross-building on Linux and macOS.

This reverts commit 823d00b2d4.
2026-06-05 19:15:46 +02:00
Dag-Erling Smørgrav b5a96894f6 rc: Bail if /dev/null is not a device
On startup, check that /dev/null exists and is a character device.
Otherwise, one of two things will happen: either /dev is a writable
directory and we will immediately create /dev/null as a regular file
and dump garbage into it, or it does not and we will spit out a stream
of error messages about failing to create /dev/null.

PR:		295782
MFC after:	1 week
Reviewed by:	jhb, emaste
Differential Revision:	https://reviews.freebsd.org/D57447
2026-06-05 17:53:29 +02:00
Baptiste Daroussin d798491238 nuageinit: implement ssh_authkey_fingerprints support
Add support for the 'ssh_authkey_fingerprints' cloud-config key
which logs SSH host key fingerprints to the console via ssh-keygen.
2026-06-05 13:17:55 +02:00
Baptiste Daroussin 58184a301a nuageinit: implement keyboard support 2026-06-05 13:17:22 +02:00
Baptiste Daroussin 4662263c24 nuageinit: implement resolv_conf support
Add support for the 'resolv_conf' cloud-config key which writes
directly to /etc/resolv.conf.
2026-06-05 13:15:37 +02:00
Baptiste Daroussin 797dad91ff nuageinit: implement mounts support
Add support for the 'mounts' cloud-config key which configures
mount points by appending entries to /etc/fstab and creating
the corresponding directories.
2026-06-05 13:15:16 +02:00
Baptiste Daroussin 6e54d00867 nuageinit: add tests for bootcmd, ssh_deletekeys, disable_root, manage_etc_hosts 2026-06-05 08:38:33 +02:00
Baptiste Daroussin ba58e8ad72 nuageinit: implement manage_etc_hosts support
Add support for adding the instance hostname to /etc/hosts on the
127.0.0.1 and ::1 localhost lines, matching cloud-init's default
behaviour (manage_etc_hosts: true).

create a revolve_hostname helper to avoid code duplucation.
2026-06-05 07:49:16 +02:00
Baptiste Daroussin b9be7608cd nuageinit: implement bootcmd support
Add support for the 'bootcmd' cloud-config directive, which allows
running commands very early in the boot process, before the hostname
is set and before the network is configured.

- nuageinit: bootcmd() function follows the same pattern as runcmd(),
  writing commands to /var/cache/nuageinit/bootcmds instead of runcmds.
  It is the first entry in the pre_network_calls table.

- rc.d/nuageinit: execute /var/cache/nuageinit/bootcmds immediately
  after /usr/libexec/nuageinit completes, before unmounting the config
  drive. This ensures bootcmd runs before NETWORKING per cloud-init spec.
2026-06-05 07:00:00 +02:00
Dag-Erling Smørgrav 823d00b2d4 libc: Constify the getcap API
MFC after:	1 week
Inspired by:	NetBSD
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D57252
2026-06-05 00:41:22 +02:00
Baptiste Daroussin 22c1f5d0ec nuageinit: complete SSH support with ssh_deletekeys and disable_root
Add missing SSH cloud-config options from cloud-init spec:

- ssh_deletekeys: remove existing SSH host keys on first boot so
  new ones are generated automatically by sshd(8).
  Implemented as delete_ssh_host_keys() in nuage.lua using lfs.dir()
  with a directory existence guard via lfs.attributes().

- disable_root: set PermitRootLogin to 'no' (or a custom value via
  disable_root_opts) in /etc/ssh/sshd_config.

- disable_root_opts: optional string or array to override the
  PermitRootLogin value used when disable_root is true. Only the
  first array element is used.
2026-06-04 22:17:03 +02:00
Baptiste Daroussin ea0932d71a nuageinit: refactor goto abuse in chpasswd()
Replace goto next/list pattern with proper elseif/else control
structure. The goto-based flow was fragile and hard to follow;
the elseif chain makes the validation logic explicit and linear.
2026-06-04 22:02:58 +02:00
Baptiste Daroussin 0ba9b7b7f8 nuageinit: fix update_sshd_config crash when file does not exist
Previously update_sshd_config() would assert-fail if sshd_config did
not exist. Now it creates a new file with the given key/value.

Also replace the fragile simultaneous r+ + temp file approach with
a cleaner read-then-write pattern: read all lines into memory, modify
as needed, then write to a temp file and rename. All assert() calls
replaced with proper error handling via warnmsg().

Add test case for missing file creation.
2026-06-04 21:10:37 +02:00
Baptiste Daroussin cf5722ed60 nuageinit: fix TOCTOU in addsshkey, adddoas, addsudo
Replace check-then-create patterns with direct creation:

- addsshkey: check what exists before creation, use mkdir_p() for
  .ssh directory, handle errors with warnmsg() instead of assert().
  Apply chmod/chown only on newly created files/directories.

- adddoas: same pattern for doas.conf and the etc directory.

- addsudo: same pattern for the sudoers file and sudoers.d directory.

All three functions now use warnmsg() for error handling instead of
returning nil,err or using assert().
2026-06-04 21:06:35 +02:00
Baptiste Daroussin fdff89256f nuageinit: fix non-standard f:close(cmd) and remove dead precmd
- f:close(cmd) -> f:close() in adduser() and exec_change_password():
  the 'cmd' argument is not standard Lua and is silently ignored.
- Remove dead 'precmd' variable in adduser().
2026-06-04 20:59:30 +02:00
Baptiste Daroussin 852504a5fa nuageinit: remove dead checkgroup(), inline check in purge_group()
Call getgroups() once instead of N times per call. Inline the
membership check directly, removing the now-unused checkgroup()
helper function.
2026-06-04 20:32:48 +02:00
Baptiste Daroussin 46d1758aa7 nuageinit: add hostname validation (RFC 952/1123) to sethostname()
Validate hostnames before writing them:
- Reject empty hostnames
- Reject hostnames longer than 253 characters
- Reject hostnames with invalid characters
- Reject hostnames starting or ending with dot/hyphen
- Reject labels longer than 63 characters
- Reject labels starting or ending with hyphen

Expand the sethostname test to cover all rejection cases.
Update nuage.sh sethostname_body to ignore stderr (warnings).
2026-06-04 20:26:49 +02:00
Baptiste Daroussin 57807f389a nuageinit: add nil/empty guard to decode_base64()
Return an empty string when input is nil or zero-length instead
of processing it through the decoding loop.
2026-06-04 20:09:06 +02:00
Baptiste Daroussin 9459465308 nuageinit: add config2_network DNS services test 2026-06-04 19:48:32 +02:00
Baptiste Daroussin 5f58d92074 nuageinit: add dirname edge case tests 2026-06-04 19:24:45 +02:00
Baptiste Daroussin b813e46e15 nuageinit: fix dirname('/') returning nil instead of '/' 2026-06-04 18:44:31 +02:00
Marek Zarychta d52de9a344 defaultroute: Fix dual-stack and IPv6-only handling
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.

Reviewed by:	pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
2026-06-04 12:19:13 +03:30
Pouria Mousavizadeh Tehrani 4258829c8f Revert "defaultroute: Fix dual-stack and IPv6-only handling"
This reverts commit 5b5a836e72.

Despite using arcpatch for this commit, I attributed the wrong
author of the patch.
2026-06-04 12:17:41 +03:30
Pouria Mousavizadeh Tehrani 5b5a836e72 defaultroute: Fix dual-stack and IPv6-only handling
Since IPv6-only setups are becoming more common, and IPv6
connectivity is often sufficient for tasks such as DNS
resolution and NTP time synchronization, update defaultroute
rc.d script to support IPv6-only environments.

Reviewed by:	pouria, ae
Differential Revision: https://reviews.freebsd.org/D56797
2026-06-04 12:07:21 +03:30
Christos Margiolis b2677d002e rc: virtual_oss: Handle absent pidfile properly
Instead of throwing errors from the programs that use it, print a
warning if the file does not exist.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	0mp, jrm
Pull-Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
2026-05-28 16:06:06 +02:00
Christos Margiolis 803f686938 rc: virtual_oss: Wait for process to exit
Sometimes virtual_oss processes do not exit immediatelly. If we do not
wait for the processes to fully exit before returning from
virtual_oss_stop(), then the service restart operation might call
virtual_oss_start() too early and fail, because it will think the
service wasn't stopped and is still running.

Reported by:	jrm
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	0mp, jrm
Pull-Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
2026-05-28 16:06:06 +02:00
Christos Margiolis a576e5140e rc: virtual_oss: Define some variables in rc.conf
They will now be part of /etc/defaults/rc.conf and be accessible by
sysrc(8).

Fixes:		70e27ecba5 ("virtual_oss: Introduce virtual_oss_default_control_device rc variable")
PR:		295560
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	0mp, jrm
Pull-Reqeust:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/33
2026-05-28 16:06:06 +02:00
Dag-Erling Smørgrav 05e8f2bf09 ttymsg: Overhaul
* Instead of an error string, return the usual 0 or -1 and let the caller
  figure out what, if anything, to tell the user.

* Avoid string manipulations by opening /dev first and using openat()
  with O_RESOLVE_BENEATH.

* Add a boolean argument which, if false, causes ttymsg() to return
  without sending the message if the tty's group-writable bit is not
  set.  This saves programs that respect this setting (like syslogd(8))
  from having to check before calling ttymsg().

* Update all callers.

The observable effect of this change is minimal except for slightly
different error messages when ttymsg() fails.  However, syslogd(8) will
no longer print spurious error messages on the console after trying and
failing to write a log message to an X11 session.

PR:		295171
MFC after:	1 week
Reviewed by:	jfree, markj
Differential Revision:	https://reviews.freebsd.org/D57018
2026-05-25 18:52:15 +02:00
Dag-Erling Smørgrav 76c3387024 tftpd: Simplify packet drop macro
The first argument is always the function name, for which we can simply
use __func__.  This leaves only the optional return value, so we can use
a single variadic macro instead of two nearly-identical copies.

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57076
2026-05-22 19:57:35 +02:00
Dag-Erling Smørgrav 9338937713 tftpd: Add missing bounds checks
In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.

Luckily, this code is only ever used by tftp(1), not tftpd(8).

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57075
2026-05-22 19:57:31 +02:00
Christos Margiolis 8532b4a436 rc: virtual_oss: Create a loopback device in the default configuration
The loopback device allows us to record desktop sound by reading from
it, or even use it as an input device, for example during a call.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	emaste
Pull-Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/16
2026-05-21 19:37:34 +02:00
Simon J. Gerraty 701d7be6e4 Add test cases for safe_eval.sh
safe_set is the routine that does all the work.

In safe_set; if we replace one=`cmd arg` or two=$(cmd arg) add quotes
around the result eg. one="_cmd arg_"
Also lines containing `` or $() are too likely to result in syntax
errors, so just delete them.

Differential Revision:	https://reviews.freebsd.org/D56795
2026-05-18 10:51:18 -07:00