1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-25 11:37:56 +00:00
Commit Graph

4711 Commits

Author SHA1 Message Date
Mike Makonnen
33eba7d495 My forced commit to note the repo-copy (naturally) changed the $FreeBSD$ keyword line,
so that when I applied the patch to my check-in tree the top half of my patch failed to
apply.  Off course I saw what I *expected* to see (the bottom half succeeded) and
didn't notice that it had failed to apply cleanly.

Approved by: re (bmah)
2007-08-18 04:08:53 +00:00
Mike Makonnen
6ee326fe2f The rc.d/nfslocking file controls two servers: rpc.statd and rpc.lockd. It worked well
in most cases, except one. The 'restart' case was not working as expected. Specifically,
it would stop both lockd and statd, but it would restart only statd (which appears first
in the script). This is because rc.subr(8) contains code to guard against infinite
recursion in the 'restart' casae.

To fix this use the traditional approach of controlling only one server from one script by
breaking out rc.d/nfslocking into its contituent parts: rc.d/lockd and rc.d/statd. Keep
rc.d/nfslocking around but don't include it in the boot rcorder(8)ing.

PR:	     conf/107316
Approved by: re (bmah)
MFC after:   2 weeks
2007-08-17 07:58:26 +00:00
Doug Barton
f183dbca4f 1. Remove root name servers from the list of possible masters in the
commented out example who have either not responded, or specifically
asked not to participate because they do not view AXFR as "a production
service."

2. Add f.root-servers.net to the example after confirmation from
Paul Vixie.

3. Add a warning to the commented out "root zone slave" example to the
effect that it requires more attention than a hints file, and provides
more benefit to larger sites than individual hosts.

4. Correct a typo copied from RFC 2544 which was corrected in a later
errata, and confirmed in RFC 3330. Update the comment to reflect that
RFC 3330 got it right and to avoid confusion down the road. 3330 also
contains a reference back to 2544 for anyone interested in pursuing the
history. [1]

PR:             conf/115573 [1]
Submitted by:   Oliver Fromme <olli@secnetix.de> [1]

Approved by:	re (kensmith)
2007-08-17 04:37:02 +00:00
Olivier Houchard
77912eb26b Use ttyu instead of ttyd for arm, since we will probably never use sio(4).
Approved by:	re (blanket)
2007-08-12 17:13:06 +00:00
Michael Bushkov
db1bdf2b02 - Renaming repocopied cached to nscd
Approved by:	re (kensmith), brooks (mentor)
2007-08-09 13:06:12 +00:00
Doug Barton
1c24b5458d 1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.

2. Change the default behavior back to using a hint zone for the root.

3. Leave the root slave zone config as a commented out example.

4. Remove the B and F root servers from the example at the request of
their operators.

Requested by:	he-who-must-not-be-named [1]
Requested by:	many [2]

Approved by:	re (rwatson)
2007-08-02 09:18:53 +00:00
John Baldwin
f2c789a923 Require 'cleanvar' so that files and sockets created in /var/run by
wpa_supplicant and other programs started by 'netif' don't get erased
by a subsequent 'cleanvar'.

Approved by:	re (bmah)
Reviewed by:	dougb
MFC after:	1 week
2007-07-25 18:08:01 +00:00
Scott Long
039886f83f Fix a whitespace mistake from the last commit.
Submitted by: far too many to list
Approved by: re
2007-07-25 13:37:33 +00:00
Scott Long
c5933b2086 Introduce Danny Braniss' iSCSI initiator, version 2.0.99. Please read the
included man pages on how to use it.  This code is still somewhat experimental
but has been successfully tested on a number of targets.  Many thanks to
Danny for contributing this.

Approved by: re
2007-07-24 15:35:02 +00:00
Robert Watson
2b851aeb63 Disconnect netatm from the build as it is not MPSAFE and relies on
NET_NEEDS_GIANT, which will shortly be removed.  This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added.  Specifics:

- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm

This removes the last remaining consumer of NET_NEEDS_GIANT.

Reviewed by:	harti
Discussed with:	bz, bms
Approved by:	re (kensmith)
2007-07-14 21:49:24 +00:00
Warner Losh
b906fea63d Arm doesn't have GENERIC.hints, so don't install it if it doesn't exist.
Approved by: re (kensmith)
2007-07-13 14:28:10 +00:00
Bjoern A. Zeeb
9fa28ff687 I4B header files were repo-copied from sys/i386/include to
sys/i4b/include/ so they will be available to all architectures
once I4B compiles on those.

I4B header files are now installed in include/i4b/ and no longer
in include/machine/.

For now we still install the headers for i386 only.

Approved by:	re (kensmith)
2007-07-06 07:20:59 +00:00
Xin LI
c425727e97 Remove reference to the old ftp-proxy implementation,
which was replaced during the pf 4.1 import.

Approved by:	re (mux)
2007-07-05 09:46:53 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Rong-En Fan
534046e301 - Remove UMAP filesystem. It was disconnected from build three years ago,
and it is seriously broken.

Discussed on:   freebsd-arch@
Approved by:	re (mux)
2007-06-25 05:06:57 +00:00
Nate Lawson
00a304487f Update the suspend/resume user API while maintaining backwards compat.
Improvements:
* /etc/rc.suspend,rc.resume are always run, no matter the source of the
  suspend request (user or kernel, apm or acpi)
* suspend now requires positive user acknowledgement.  If a user program
  wants to cancel the suspend, they can.  If one of the user programs
  hangs or doesn't respond within 10 seconds, the system suspends anyway.
* /dev/apm is clonable, allowing multiple listeners for suspend events.
  In the future, xorg-server can use this to be informed about suspend
  even if there are other listeners (i.e. apmd).

Changes:
* Two new ACPI ioctls:  REQSLPSTATE and ACKSLPSTATE.  Request begins the
  process of suspending by notifying all listeners.  acpi is monitored by
  devd(8) and /dev/apm listener(s) are also counted.  Users register their
  approval or disapproval via Ack.  If anyone disapproves, suspend is vetoed.
* Old user programs or kernel modules that used SETSLPSTATE continue to
  work.  A message is printed once that this interface is deprecated.
* acpiconf gains the -k flag to ack the suspend request.  This flag is
  undocumented on purpose since it's only used by /etc/rc.suspend.  It is
  not intended to be a permanent change and will be removed once a better
  power API is implemented.
* S5 (power off) is no longer supported via acpiconf -s 5 or apm -z/-Z.
  This restores previous behavior of halt/shutdown -p being the interface.
* Miscellaneous improvements to error reporting

Approved by:	re
2007-06-21 22:50:37 +00:00
Doug Barton
e56dafe630 Drop the default zones that are now covered by the new zones that
were added in the last revision.
2007-06-18 06:29:45 +00:00
Doug Barton
1de57a4c76 Bring our default named configuration more in line with current
best practices:

1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."

2. In named.conf
	a. Clean up white space
	b. Add/clarify a few comments
	c. Slave zones from the root servers instead of using a hints
	file. This has several advantages, as described in the comments.
	d. Significantly revamp the default zones, including the
	forward localhost zone, and the reverse zones for IPv4 and IPv6
	loopback addresses. There are extensive comments describing what
	is included and why. Interested readers should take the time to
	review the RFCs mentioned in the comments. There is also relevant
	information about the motivations for hosting these zones in the
	"work in progress" Internet-Draft,
	http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
	or its successor.
	It's also worth noting that a significant number of these
	empty zones are already included by default in the named binary
	without any user configuration.
	e. Because we're including a lot of examples of both local
	forward zones and slave zones in the default configuration,
	eliminate some of those examples.

3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
2007-06-18 05:58:23 +00:00
Doug Barton
bc998fd6f4 Add a namedb/master directory for the zone files I'm about to add,
and switch to the more "normal" way of installing files for the
namedb directory so that we can pick up the new subdir.
2007-06-18 05:44:38 +00:00
Yaroslav Tykhiy
997c6eefd8 Add PAM support to cron(8). Now cron(8) will skip commands scheduled
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
2007-06-17 17:25:53 +00:00
Yaroslav Tykhiy
553284d74a Add PAM support to atrun(8). 2007-06-15 12:02:16 +00:00
Yaroslav Tykhiy
b1cf245735 Locked out and expired accounts shouldn't be accessible via remote
mailbox protocols.  Add pam_unix to the `account' function class, too,
for imap and pop3 to actually implement this policy.
2007-06-15 11:33:13 +00:00
Yaroslav Tykhiy
2422857757 Split the FILES list across multiple lines as in rc.d/Makefile
so that the change history stays easily readable as the number
of PAM-aware services grows.
2007-06-15 11:22:10 +00:00
Gregory Neil Shapiro
2bc2025c44 Add a new rc.conf variable, sendmail_rebuild_aliases, which tells
/etc/rc.d/sendmail whether or not to run newaliases if the database
is missing or the aliases text file is newer than aliases.db.

In my opinion, the aliases file should never be automatically rebuilt.
The current text form could represent a work in progress.  Therefore,
in FreeBSD 7.0, this new option will default to "NO".  When this rc.d
change is MFC'ed, it will need to remain "YES" to maintain backward
compatibility.

PR:		conf/86252
Approved by:	re (kensmith)
MFC after:	3 days
2007-06-12 17:33:23 +00:00
Ceri Davies
3213dc8412 Create group ftp by default. This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
2007-06-11 18:36:39 +00:00
Yaroslav Tykhiy
9cd40e64b4 Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
2007-06-10 18:57:20 +00:00
Yaroslav Tykhiy
039e8df3cf Be robust to a bogus script specification or contents
when figuring out what the real interpreter is for an
interpreted command.  That is, check whether we can read
the script file in the first place and, if so, make sure
we got a valid shebang line from it.
2007-06-04 11:39:35 +00:00
Doug Barton
ab512a8e4d Finish making resolv ordering deterministic by REQUIRE'ing it here. 2007-06-02 05:25:19 +00:00
Doug Barton
36617e509a Add REQUIRE netif to make ordering more deterministic, and to make sure
we have a fighting chance of having useful stuff from DHCP.

Tighten up the code a little, and fix whitespace issues.
2007-06-02 05:24:39 +00:00
Ruslan Ermilov
6969552de1 s/tabs/spaces/ 2007-06-01 18:53:36 +00:00
Doug Barton
9c933e2939 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
Doug Barton
2c61a906a5 Remove X11R6 from the default PATH to join the new world order.
While I'm here, make the default PATH match that in the csh profile,
and login.conf.
2007-05-29 06:33:10 +00:00
Doug Barton
95f0e983b6 Now that a separate /usr/X11R6 directory is no longer in fashion,
stop looking there for things like rc.d and periodic. This avoids
duplicating effort when /usr/X11R6 is a symlink to /usr/local,
which it is by default now.

It is not anticipated at this time that we will MFC this change, since
we'd like to avoid breaking legacy systems. However, there is a fix for
/etc/rc.subr in the works to avoid running any rc.d scripts twice which
we should be able to MFC.
2007-05-29 06:22:14 +00:00
Ralf S. Engelschall
f31380b233 Fix indentation. 2007-05-24 06:01:06 +00:00
Ralf S. Engelschall
cc42bdd415 Remove two superfluous trailing semicolons. 2007-05-24 05:58:20 +00:00
Ralf S. Engelschall
b9b38f5d90 Remove two unnecessary and useless sub-shell constructs. 2007-05-24 05:54:37 +00:00
Andrew Thompson
ddf1c6facd Do not attempt to load the kernel module when checking if an interface exists.
This would cause pseudo network modules to be reloaded again when trying to
unload the first time if any cloned interfaces exist.

MFC after:	2 weeks
2007-05-23 00:18:44 +00:00
Ralf S. Engelschall
0d5b72b307 backout filter of Nil UUID as the boot loader code already filters out Nil UUIDs (see src/sys/boot/i386/libi386/smbios.c:smbios_setuuid for details) 2007-05-22 13:53:59 +00:00
Ralf S. Engelschall
dff50af93b Remove the ugly csh(1) based UUID lower-case translation hack from
/etc/rc.d/hostid now that we switched the origin of the UUID (variable
smbios.system.uuid as provided by the i386 BIOS code) to already provide
a standard conforming lower-case UUID text representation.
2007-05-22 10:22:24 +00:00
Ralf S. Engelschall
e3e421bacf Cleanup style by consistently using braces around variable expansion and
apply an addition from Andrew Thompson <thompsa> for filtering out the
special "Nil" UUID (all zeros) which would be a useless host UUID.
2007-05-21 11:57:01 +00:00
Ralf S. Engelschall
3148ce8687 Adjust UUID lower-case translation from straight-forward tr(1)
usage to an equivalent csh(1) usage as tr(1) stays in /usr/bin and
/etc/rc.d/hostid has just the root filesystem (and this way mainly the
tools in /bin) available.

I've chosen csh(1) here as the string manipulation tools available in
/bin is extremely limited and the (only) alternative ed(1) usage would
have been a lot more complicated or even might require a temporary file.
2007-05-21 11:44:13 +00:00
Ralf S. Engelschall
a8698e63bb The standardized textual representation of UUIDs according to RFC 4122
and ISO/IEC-9834-8:2005 is with LOWER-CASE hexadecimal characters only,
so translate the (usually upper-case and this way not conforming)
representation of the BIOS UUID when reading it. Also be more strict
about the valid characters in the textual representation by checking for
just the hexadecimal characters.
2007-05-21 08:22:43 +00:00
Greg Lehey
1c7163a14f Update /etc/protocols with IANA list updated 2007-02-12
Gotcha:  Number 48 (mhrp) is replaced with dsr.

Submitted by:	edwin
PR:		config/112732
MFC after:	2 weeks
2007-05-20 03:55:22 +00:00
Greg Lehey
2dee7077cf White space fixes only: replace spaces with tabs. 2007-05-20 03:41:26 +00:00
Greg Lehey
532e2282f5 Bring the well known ports of /etc/services into sync with the IANA
list.

This is only for the well known known ports (port 1-1023) for tcp and
udp only.

Changes:
- Removed "problems" comments around port 57, 77 and 87
- Removed audionews (port 114)
- Added imap3 (port 220)
- Removed yak-chat (port 258)
- Removed concert (port 786)
- Added a lot of new allocations

Submitted by: edwin
2007-05-20 03:31:52 +00:00
Alexander Kabaev
caea7898ac Add templates for new GCC 4.2 C++ include files hierarchy. 2007-05-19 03:31:39 +00:00
Mike Makonnen
3d03791bb4 o Implement the stop_boot subroutine [1]. This subroutine can be used by
scripts in rc.d to stop rc(8) from booting into multi-user mode when
  a critical or severe error condition is encountered.

o Modify scripts in etc/rc.d that already implemented this functionality
  independently.

o Document it.

[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
      to rc.subr(8). Our version differs slightly in that it takes an
      optional argument to stop the boot even if "autoboot" is not set.

Obtained from: NetBSD
MFC after: 2 weeks
2007-05-18 12:04:41 +00:00
Mike Makonnen
9cb24de6ed o Use the --detach option to kdc(8) instead of using the shell
background operator '&'.

  PR: conf/102722

o No need to include $kerberos5_server_flags in $command_args as
  rc.subr(8) will take care of this.
2007-05-17 11:33:08 +00:00
Mike Makonnen
c76ad7642f The precmd routine does not need to check whether the command should be
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.

MFC after: 2 weeks
2007-05-17 08:57:14 +00:00
Greg Lehey
6a96c8eef4 Add SIP-related ports.
Obtained from:  IANA list of reserved ports.
Reviewed by:	edwin@
2007-05-16 01:02:16 +00:00