freebsd-dev/etc/rc.d/netoptions

830 lines
18 KiB
Plaintext
Raw Normal View History

#!/bin/sh -
#
# Copyright (c) 1993 The FreeBSD Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
1999-08-27 23:37:10 +00:00
# $FreeBSD$
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
#
# Note that almost all of the user-configurable behavior is no longer in
# this file, but rather in /etc/defaults/rc.conf. Please check that file
# first before contemplating any changes here. If you do need to change
# this file for some reason, we would like to know about it.
# First pass startup stuff.
#
network_pass1() {
echo -n 'Doing initial network setup:'
# Convert host.conf to nsswitch.conf if necessary
if [ -f "/etc/host.conf" ]; then
echo ''
echo 'Warning: /etc/host.conf is no longer used'
if [ -f "/etc/nsswitch.conf" ]; then
echo ' /etc/nsswitch.conf will be used instead'
else
echo ' /etc/nsswitch.conf will be created for you'
convert_host_conf /etc/host.conf /etc/nsswitch.conf
fi
fi
# Set the host name if it is not already set
#
if [ -z "`hostname -s`" ]; then
hostname ${hostname}
echo -n ' hostname'
fi
# Establish ipfilter ruleset as early as possible (best in
# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
#
if /sbin/ipfstat -i > /dev/null 2>&1; then
ipfilter_in_kernel=1
else
ipfilter_in_kernel=0
fi
case "${ipfilter_enable}" in
[Yy][Ee][Ss])
if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
ipfilter_in_kernel=1
echo "Kernel ipfilter module loaded."
elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
echo "Warning: ipfilter kernel module failed to load."
fi
if [ -r "${ipfilter_rules}" ]; then
echo -n ' ipfilter';
${ipfilter_program:-/sbin/ipf -Fa -f} \
"${ipfilter_rules}" ${ipfilter_flags}
case "${ipmon_enable}" in
[Yy][Ee][Ss])
echo -n ' ipmon'
${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
;;
esac
case "${ipnat_enable}" in
[Yy][Ee][Ss])
if [ -r "${ipnat_rules}" ]; then
echo -n ' ipnat';
eval ${ipnat_program:-/sbin/ipnat -CF -f} \
"${ipnat_rules}" ${ipnat_flags}
else
echo -n ' NO IPNAT RULES'
fi
;;
esac
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
fi
;;
esac
# Set the domainname if we're using NIS
#
case ${nisdomainname} in
[Nn][Oo] | '')
;;
*)
domainname ${nisdomainname}
echo -n ' domain'
;;
esac
echo '.'
# Initial ATM interface configuration
#
case ${atm_enable} in
[Yy][Ee][Ss])
if [ -r /etc/rc.atm ]; then
. /etc/rc.atm
atm_pass1
fi
;;
esac
# Attempt to create cloned interfaces.
for ifn in ${cloned_interfaces}; do
ifconfig ${ifn} create
done
# Special options for sppp(4) interfaces go here. These need
# to go _before_ the general ifconfig section, since in the case
# of hardwired (no link1 flag) but required authentication, you
# cannot pass auth parameters down to the already running interface.
#
for ifn in ${sppp_interfaces}; do
eval spppcontrol_args=\$spppconfig_${ifn}
if [ -n "${spppcontrol_args}" ]; then
# The auth secrets might contain spaces; in order
# to retain the quotation, we need to eval them
# here.
eval spppcontrol ${ifn} ${spppcontrol_args}
fi
done
# gifconfig
network_gif_setup
# Set up all the network interfaces, calling startup scripts if needed
#
case ${network_interfaces} in
[Aa][Uu][Tt][Oo])
network_interfaces="`ifconfig -l`"
;;
*)
network_interfaces="${network_interfaces} ${cloned_interfaces}"
;;
esac
dhcp_interfaces=""
for ifn in ${network_interfaces}; do
if [ -r /etc/start_if.${ifn} ]; then
. /etc/start_if.${ifn}
eval showstat_$ifn=1
fi
# Do the primary ifconfig if specified
#
eval ifconfig_args=\$ifconfig_${ifn}
case ${ifconfig_args} in
'')
;;
[Dd][Hh][Cc][Pp])
# DHCP inits are done all in one go below
dhcp_interfaces="$dhcp_interfaces $ifn"
eval showstat_$ifn=1
;;
*)
ifconfig ${ifn} ${ifconfig_args}
eval showstat_$ifn=1
;;
esac
done
if [ ! -z "${dhcp_interfaces}" ]; then
${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
fi
for ifn in ${network_interfaces}; do
# Check to see if aliases need to be added
#
alias=0
while : ; do
eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
if [ -n "${ifconfig_args}" ]; then
ifconfig ${ifn} ${ifconfig_args} alias
eval showstat_$ifn=1
alias=`expr ${alias} + 1`
else
break;
fi
done
# Do ipx address if specified
#
eval ifconfig_args=\$ifconfig_${ifn}_ipx
if [ -n "${ifconfig_args}" ]; then
ifconfig ${ifn} ${ifconfig_args}
eval showstat_$ifn=1
fi
done
for ifn in ${network_interfaces}; do
eval showstat=\$showstat_${ifn}
if [ ! -z ${showstat} ]; then
ifconfig ${ifn}
fi
done
# ISDN subsystem startup
#
case ${isdn_enable} in
[Yy][Ee][Ss])
if [ -r /etc/rc.isdn ]; then
. /etc/rc.isdn
fi
;;
esac
# Start user ppp if required. This must happen before natd.
#
case ${ppp_enable} in
[Yy][Ee][Ss])
# Establish ppp mode.
#
if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
-a "${ppp_mode}" != "dedicated" \
-a "${ppp_mode}" != "background" ]; then
ppp_mode="auto"
fi
ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
# Switch on NAT mode?
#
case ${ppp_nat} in
[Yy][Ee][Ss])
ppp_command="${ppp_command} -nat"
;;
esac
ppp_command="${ppp_command} ${ppp_profile}"
echo "Starting ppp as \"${ppp_user}\""
su -m ${ppp_user} -c "exec ${ppp_command}"
;;
esac
# Initialize IP filtering using ipfw
#
if /sbin/ipfw -q flush > /dev/null 2>&1; then
firewall_in_kernel=1
else
firewall_in_kernel=0
fi
case ${firewall_enable} in
[Yy][Ee][Ss])
if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
firewall_in_kernel=1
echo 'Kernel firewall module loaded'
elif [ "${firewall_in_kernel}" -eq 0 ]; then
echo 'Warning: firewall kernel module failed to load'
fi
;;
esac
# Load the filters if required
#
case ${firewall_in_kernel} in
1)
if [ -z "${firewall_script}" ]; then
firewall_script=/etc/rc.firewall
fi
case ${firewall_enable} in
[Yy][Ee][Ss])
if [ -r "${firewall_script}" ]; then
. "${firewall_script}"
echo -n 'Firewall rules loaded, starting divert daemons:'
# Network Address Translation daemon
#
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
if echo ${natd_interface} | \
grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
natd_ifarg="-a ${natd_interface}"
else
natd_ifarg="-n ${natd_interface}"
fi
echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
fi
;;
esac
echo '.'
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
echo 'Warning: kernel has firewall functionality,' \
'but firewall rules are not enabled.'
echo ' All ip services are disabled.'
fi
case ${firewall_logging} in
[Yy][Ee][Ss] | '')
echo 'Firewall logging=YES'
sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
;;
*)
;;
esac
;;
esac
;;
esac
# Additional ATM interface configuration
#
if [ -n "${atm_pass1_done}" ]; then
atm_pass2
fi
# Configure routing
#
case ${defaultrouter} in
[Nn][Oo] | '')
;;
*)
static_routes="default ${static_routes}"
route_default="default ${defaultrouter}"
;;
esac
# Set up any static routes. This should be done before router discovery.
#
if [ -n "${static_routes}" ]; then
for i in ${static_routes}; do
eval route_args=\$route_${i}
route add ${route_args}
done
fi
echo -n 'Additional routing options:'
case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
;;
*)
echo -n ' tcp extensions=NO'
sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
;;
esac
case ${icmp_bmcastecho} in
[Yy][Ee][Ss])
echo -n ' broadcast ping responses=YES'
sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
;;
esac
case ${icmp_drop_redirect} in
[Yy][Ee][Ss])
echo -n ' ignore ICMP redirect=YES'
sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
;;
esac
case ${icmp_log_redirect} in
[Yy][Ee][Ss])
echo -n ' log ICMP redirect=YES'
sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
;;
esac
case ${gateway_enable} in
[Yy][Ee][Ss])
echo -n ' IP gateway=YES'
sysctl -w net.inet.ip.forwarding=1 >/dev/null
;;
esac
case ${forward_sourceroute} in
[Yy][Ee][Ss])
echo -n ' do source routing=YES'
sysctl -w net.inet.ip.sourceroute=1 >/dev/null
;;
esac
case ${accept_sourceroute} in
[Yy][Ee][Ss])
echo -n ' accept source routing=YES'
sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
;;
esac
case ${tcp_keepalive} in
[Yy][Ee][Ss])
echo -n ' TCP keepalive=YES'
sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
;;
esac
case ${tcp_drop_synfin} in
[Yy][Ee][Ss])
echo -n ' drop SYN+FIN packets=YES'
sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
;;
esac
case ${ipxgateway_enable} in
[Yy][Ee][Ss])
echo -n ' IPX gateway=YES'
sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
;;
esac
case ${arpproxy_all} in
[Yy][Ee][Ss])
echo -n ' ARP proxyall=YES'
sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
;;
esac
case ${ip_portrange_first} in
[Nn][Oo] | '')
;;
*)
echo -n " ip_portrange_first=$ip_portrange_first"
sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
;;
esac
case ${ip_portrange_last} in
[Nn][Oo] | '')
2000-08-16 23:08:28 +00:00
;;
*)
echo -n " ip_portrange_last=$ip_portrange_last"
sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
;;
esac
echo '.'
case ${ipsec_enable} in
[Yy][Ee][Ss])
if [ -f ${ipsec_file} ]; then
echo ' ipsec: enabled'
setkey -f ${ipsec_file}
else
echo ' ipsec: file not found'
fi
;;
esac
echo -n 'Routing daemons:'
case ${router_enable} in
[Yy][Ee][Ss])
echo -n " ${router}"; ${router} ${router_flags}
;;
esac
case ${ipxrouted_enable} in
[Yy][Ee][Ss])
echo -n ' IPXrouted'
IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
;;
esac
case ${mrouted_enable} in
[Yy][Ee][Ss])
echo -n ' mrouted'; mrouted ${mrouted_flags}
;;
esac
case ${rarpd_enable} in
[Yy][Ee][Ss])
echo -n ' rarpd'; rarpd ${rarpd_flags}
;;
esac
echo '.'
# Let future generations know we made it.
#
network_pass1_done=YES
}
network_pass2() {
echo -n 'Doing additional network setup:'
case ${named_enable} in
[Yy][Ee][Ss])
echo -n ' named'; ${named_program:-named} ${named_flags}
;;
esac
case ${ntpdate_enable} in
[Yy][Ee][Ss])
echo -n ' ntpdate'
${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
;;
esac
case ${xntpd_enable} in
[Yy][Ee][Ss])
1999-12-17 13:36:40 +00:00
echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
;;
esac
case ${timed_enable} in
[Yy][Ee][Ss])
echo -n ' timed'; timed ${timed_flags}
;;
esac
case ${portmap_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \
${portmap_flags}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start ypserv if we're an NIS server.
# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
#
case ${nis_server_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' ypserv'; ypserv ${nis_server_flags}
case ${nis_ypxfrd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.ypxfrd'
rpc.ypxfrd ${nis_ypxfrd_flags}
;;
esac
case ${nis_yppasswdd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.yppasswdd'
rpc.yppasswdd ${nis_yppasswdd_flags}
;;
esac
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start ypbind if we're an NIS client
#
case ${nis_client_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' ypbind'; ypbind ${nis_client_flags}
case ${nis_ypset_enable} in
[Yy][Ee][Ss])
echo -n ' ypset'; ypset ${nis_ypset_flags}
;;
esac
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start keyserv if we are running Secure RPC
#
case ${keyserv_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' keyserv'; keyserv ${keyserv_flags}
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start ypupdated if we are running Secure RPC
# and we are NIS master
#
case ${rpc_ypupdated_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.ypupdated'; rpc.ypupdated
;;
esac
;;
esac
# Start ATM daemons
if [ -n "${atm_pass2_done}" ]; then
atm_pass3
fi
echo '.'
network_pass2_done=YES
}
network_pass3() {
echo -n 'Starting final network daemons:'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${portmap_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${nfs_server_enable} in
[Yy][Ee][Ss])
if [ -r /etc/exports ]; then
echo -n ' mountd'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${weak_mountd_authentication} in
[Yy][Ee][Ss])
mountd_flags="${mountd_flags} -n"
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
mountd ${mountd_flags}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${nfs_reserved_port_only} in
[Yy][Ee][Ss])
echo -n ' NFS on reserved port only=YES'
sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' nfsd'; nfsd ${nfs_server_flags}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${rpc_lockd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.lockd'; rpc.lockd
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${rpc_statd_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' rpc.statd'; rpc.statd
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
fi
;;
*)
case ${single_mountd_enable} in
[Yy][Ee][Ss])
if [ -r /etc/exports ]; then
echo -n ' mountd'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${weak_mountd_authentication} in
[Yy][Ee][Ss])
mountd_flags="-n"
;;
esac
mountd ${mountd_flags}
fi
;;
esac
;;
esac
case ${nfs_client_enable} in
[Yy][Ee][Ss])
if [ -n "${nfs_access_cache}" ]; then
echo -n " NFS access cache time=${nfs_access_cache}"
sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
fi
if [ -n "${nfs_bufpackets}" ]; then
sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
fi
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# If /var/db/mounttab exists, some nfs-server has not been
# sucessfully notified about a previous client shutdown.
# If there is no /var/db/mounttab, we do nothing.
if [ -f /var/db/mounttab ]; then
rpc.umntall -k
fi
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${amd_enable} in
[Yy][Ee][Ss])
echo -n ' amd'
case ${amd_map_program} in
[Nn][Oo] | '')
;;
*)
amd_flags="${amd_flags} `eval\
${amd_map_program}`"
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
if [ -n "${amd_flags}" ]; then
amd -p ${amd_flags}\
> /var/run/amd.pid 2> /dev/null
else
amd 2> /dev/null
fi
;;
esac
;;
esac
case ${rwhod_enable} in
[Yy][Ee][Ss])
echo -n ' rwhod'; rwhod ${rwhod_flags}
;;
esac
# Kerberos servers run ONLY on the Kerberos server machine
case ${kerberos4_server_enable} in
[Yy][Ee][Ss])
case ${kerberos_stash} in
[Yy][Ee][Ss])
stash=-n
;;
*)
stash=
;;
esac
echo -n ' kerberosIV'
${kerberos4_server} ${stash} >> /var/log/kerberos.log &
case ${kadmind4_server_enable} in
[Yy][Ee][Ss])
echo -n ' kadmindIV'
(
sleep 20;
${kadmind4_server} ${stash} >/dev/null 2>&1 &
) &
;;
esac
unset stash_flag
;;
esac
case ${kerberos5_server_enable} in
[Yy][Ee][Ss])
echo -n ' kerberos5'
${kerberos5_server} &
case ${kadmind5_server_enable} in
[Yy][Ee][Ss])
echo -n ' kadmind5'
${kadmind5_server} &
;;
esac
;;
esac
1999-11-23 00:22:25 +00:00
case ${pppoed_enable} in
[Yy][Ee][Ss])
1999-11-23 00:26:03 +00:00
if [ -n "${pppoed_provider}" ]; then
1999-11-23 00:22:25 +00:00
pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
fi
echo -n ' pppoed';
/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
;;
esac
case ${sshd_enable} in
[Yy][Ee][Ss])
if [ ! -f /etc/ssh/ssh_host_key ]; then
echo ' creating ssh RSA host key';
/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
echo ' creating ssh DSA host key';
/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
fi
;;
esac
echo '.'
network_pass3_done=YES
}
network_pass4() {
echo -n 'Additional TCP options:'
case ${log_in_vain} in
[Nn][Oo] | '')
;;
*)
echo -n ' log_in_vain=YES'
sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
;;
esac
echo '.'
network_pass4_done=YES
}
network_gif_setup() {
case ${gif_interfaces} in
[Nn][Oo] | '')
;;
*)
for i in ${gif_interfaces}; do
eval peers=\$gifconfig_$i
case ${peers} in
'')
continue
;;
*)
ifconfig $i create >/dev/null 2>&1
ifconfig $i tunnel ${peers}
;;
esac
done
;;
esac
}
convert_host_conf() {
host_conf=$1; shift;
nsswitch_conf=$1; shift;
awk ' \
/^[:blank:]*#/ { next } \
/(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \
/(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \
/nis/ { nsswitch[c] = "nis"; c++; next } \
{ printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \
END { \
printf "hosts: "; \
for (i in nsswitch) printf "%s ", nsswitch[i]; \
printf "\n"; \
}' < $host_conf > $nsswitch_conf
}