Commit Graph

4686 Commits

Author SHA1 Message Date
Yaroslav Tykhiy
9cd40e64b4 Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
2007-06-10 18:57:20 +00:00
Yaroslav Tykhiy
039e8df3cf Be robust to a bogus script specification or contents
when figuring out what the real interpreter is for an
interpreted command.  That is, check whether we can read
the script file in the first place and, if so, make sure
we got a valid shebang line from it.
2007-06-04 11:39:35 +00:00
Doug Barton
ab512a8e4d Finish making resolv ordering deterministic by REQUIRE'ing it here. 2007-06-02 05:25:19 +00:00
Doug Barton
36617e509a Add REQUIRE netif to make ordering more deterministic, and to make sure
we have a fighting chance of having useful stuff from DHCP.

Tighten up the code a little, and fix whitespace issues.
2007-06-02 05:24:39 +00:00
Ruslan Ermilov
6969552de1 s/tabs/spaces/ 2007-06-01 18:53:36 +00:00
Doug Barton
9c933e2939 Remove more vestiges of /usr/X11R6, but leave mtree for portmgr. 2007-05-29 06:37:58 +00:00
Doug Barton
2c61a906a5 Remove X11R6 from the default PATH to join the new world order.
While I'm here, make the default PATH match that in the csh profile,
and login.conf.
2007-05-29 06:33:10 +00:00
Doug Barton
95f0e983b6 Now that a separate /usr/X11R6 directory is no longer in fashion,
stop looking there for things like rc.d and periodic. This avoids
duplicating effort when /usr/X11R6 is a symlink to /usr/local,
which it is by default now.

It is not anticipated at this time that we will MFC this change, since
we'd like to avoid breaking legacy systems. However, there is a fix for
/etc/rc.subr in the works to avoid running any rc.d scripts twice which
we should be able to MFC.
2007-05-29 06:22:14 +00:00
Ralf S. Engelschall
f31380b233 Fix indentation. 2007-05-24 06:01:06 +00:00
Ralf S. Engelschall
cc42bdd415 Remove two superfluous trailing semicolons. 2007-05-24 05:58:20 +00:00
Ralf S. Engelschall
b9b38f5d90 Remove two unnecessary and useless sub-shell constructs. 2007-05-24 05:54:37 +00:00
Andrew Thompson
ddf1c6facd Do not attempt to load the kernel module when checking if an interface exists.
This would cause pseudo network modules to be reloaded again when trying to
unload the first time if any cloned interfaces exist.

MFC after:	2 weeks
2007-05-23 00:18:44 +00:00
Ralf S. Engelschall
0d5b72b307 backout filter of Nil UUID as the boot loader code already filters out Nil UUIDs (see src/sys/boot/i386/libi386/smbios.c:smbios_setuuid for details) 2007-05-22 13:53:59 +00:00
Ralf S. Engelschall
dff50af93b Remove the ugly csh(1) based UUID lower-case translation hack from
/etc/rc.d/hostid now that we switched the origin of the UUID (variable
smbios.system.uuid as provided by the i386 BIOS code) to already provide
a standard conforming lower-case UUID text representation.
2007-05-22 10:22:24 +00:00
Ralf S. Engelschall
e3e421bacf Cleanup style by consistently using braces around variable expansion and
apply an addition from Andrew Thompson <thompsa> for filtering out the
special "Nil" UUID (all zeros) which would be a useless host UUID.
2007-05-21 11:57:01 +00:00
Ralf S. Engelschall
3148ce8687 Adjust UUID lower-case translation from straight-forward tr(1)
usage to an equivalent csh(1) usage as tr(1) stays in /usr/bin and
/etc/rc.d/hostid has just the root filesystem (and this way mainly the
tools in /bin) available.

I've chosen csh(1) here as the string manipulation tools available in
/bin is extremely limited and the (only) alternative ed(1) usage would
have been a lot more complicated or even might require a temporary file.
2007-05-21 11:44:13 +00:00
Ralf S. Engelschall
a8698e63bb The standardized textual representation of UUIDs according to RFC 4122
and ISO/IEC-9834-8:2005 is with LOWER-CASE hexadecimal characters only,
so translate the (usually upper-case and this way not conforming)
representation of the BIOS UUID when reading it. Also be more strict
about the valid characters in the textual representation by checking for
just the hexadecimal characters.
2007-05-21 08:22:43 +00:00
Greg Lehey
1c7163a14f Update /etc/protocols with IANA list updated 2007-02-12
Gotcha:  Number 48 (mhrp) is replaced with dsr.

Submitted by:	edwin
PR:		config/112732
MFC after:	2 weeks
2007-05-20 03:55:22 +00:00
Greg Lehey
2dee7077cf White space fixes only: replace spaces with tabs. 2007-05-20 03:41:26 +00:00
Greg Lehey
532e2282f5 Bring the well known ports of /etc/services into sync with the IANA
list.

This is only for the well known known ports (port 1-1023) for tcp and
udp only.

Changes:
- Removed "problems" comments around port 57, 77 and 87
- Removed audionews (port 114)
- Added imap3 (port 220)
- Removed yak-chat (port 258)
- Removed concert (port 786)
- Added a lot of new allocations

Submitted by: edwin
2007-05-20 03:31:52 +00:00
Alexander Kabaev
caea7898ac Add templates for new GCC 4.2 C++ include files hierarchy. 2007-05-19 03:31:39 +00:00
Mike Makonnen
3d03791bb4 o Implement the stop_boot subroutine [1]. This subroutine can be used by
scripts in rc.d to stop rc(8) from booting into multi-user mode when
  a critical or severe error condition is encountered.

o Modify scripts in etc/rc.d that already implemented this functionality
  independently.

o Document it.

[1] - This subroutine was implemented in FreeBSD in rc.d/fsck. I moved it
      to rc.subr(8). Our version differs slightly in that it takes an
      optional argument to stop the boot even if "autoboot" is not set.

Obtained from: NetBSD
MFC after: 2 weeks
2007-05-18 12:04:41 +00:00
Mike Makonnen
9cb24de6ed o Use the --detach option to kdc(8) instead of using the shell
background operator '&'.

  PR: conf/102722

o No need to include $kerberos5_server_flags in $command_args as
  rc.subr(8) will take care of this.
2007-05-17 11:33:08 +00:00
Mike Makonnen
c76ad7642f The precmd routine does not need to check whether the command should be
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.

MFC after: 2 weeks
2007-05-17 08:57:14 +00:00
Greg Lehey
6a96c8eef4 Add SIP-related ports.
Obtained from:  IANA list of reserved ports.
Reviewed by:	edwin@
2007-05-16 01:02:16 +00:00
Greg Lehey
a234307899 White space tidy-up. 2007-05-16 00:59:31 +00:00
Maxim Konovalov
f629328d0a o Install 480.status-ntpd.
Pointed out by:	Henrik Brix Anders
2007-05-14 17:34:59 +00:00
Maxim Konovalov
c7cc017f3b o Add a script to check ntpd(8) state. Default is off.
PR:		conf/112604
Submitted by:	Oliver Fromme
MFC after:	1 month
2007-05-13 09:33:35 +00:00
Mike Makonnen
e11cc001a9 Move options that do not have anything to do with routing out of
rc.d/routing and in to rc.d/netoptions. Also instead of saying
"TCP options" say "IP options".
2007-05-02 15:49:30 +00:00
Mike Makonnen
47ba326abe When rc.d/NETWORKING included this script in its REQUIRE line, a circular
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.

From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
2007-05-02 15:32:05 +00:00
Pawel Jakub Dawidek
4d739c23fd When zfs dataset has jailed=on property, it won't be mounted with
'zfs mount -a' from the main system - this is by design, as mountpoint
may be set to dangerous value. This all means, that such file system
has to be mounted from within a jail. To make it easier, reorganize
rc.d/zfs script so it can be used from within a jail.
2007-04-22 20:55:08 +00:00
Tom Rhodes
13c100b0d8 Quick kill posix4 directory.
Submitted by:	rodrigc (BSD.include.dist).
2007-04-18 10:16:43 +00:00
Pawel Jakub Dawidek
2c9c9b9f7f When org.freebsd:swap property is set to 'on' on a ZVOL, use is as a swap
device.

Discussed with:	des
2007-04-15 18:07:14 +00:00
Dag-Erling Smørgrav
7c275b458a Remove the shutdown keyword. It just adds noise to the shutdown process. 2007-04-13 18:46:35 +00:00
Pawel Jakub Dawidek
e21f48c40e - Create an empty /etc/zfs/exports file when zfs_enable="YES" and we don't
NFS-share anything. This way we can safely start mountd with
  /etc/zfs/exports and mountd won't complain.

  Pointed out by:	ceri

- Move 'zfs volinit' before 'zfs mount -a' and 'zfs volfini' after
  'zfs unmount -a'.
2007-04-13 11:02:06 +00:00
Pawel Jakub Dawidek
83ad9fd2d5 mountd(8) was changed to only abort when all given exports files cannot be
open, so we not longer has to check if /etc/zfs/exports exists.
2007-04-13 10:29:25 +00:00
Mike Makonnen
e70b852038 o Look for a zfs(1) exports file only if it exists and is readable. If
we don't do this and the file doesn't exist mountd(8) will abort.
o The mountd(8) daemon creates a pidfile, so use it.
2007-04-13 06:42:25 +00:00
Stanislav Sedov
158bb4cb18 - Add IANA-assigned ports for HP status & services daemon and I/O backend
daemon. The FreeBSD port print/hplip currently provides these services.

PR:		conf/99593
Submitted by:	Anish Mistry <amistry@am-productions.biz>
Approved by:	maxim
MFC after:	1 week
2007-04-11 16:02:04 +00:00
Stanislav Sedov
b6a8b26f35 - Add IANA assigned port for amanda server control over tcp. The
current misc/amanda-server code uses it.

PR:		conf/111050
Submitted by:	Charles Sprickman<spork@bway.net>
Approved by:	maxim
MFC after:	1 week
2007-04-11 15:58:36 +00:00
Stanislav Sedov
2b1d8ce08a - Sync service names with IANA (http://www.iana.org/assignments/port-numbers).
The registration names for 5222(tcp,udp) and 5269(tcp,udp) was changed to
  xmpp-client and xmpp-server correspondingly.

  This inconsistency causes problems to applications developed on other
  systems, as they tries to use port numbers from /etc/services as fallback.

PR:		conf/100606
Submitted by:	Ralph Meijer <freebsd-gnats2@ralphm.ik.nu>
Approved by:	maxim
MFC after:	1 week
2007-04-11 13:06:05 +00:00
Pawel Jakub Dawidek
6f7c3bdd63 If available, take UUID from smbios.system.uuid, if not fall back to
software-generated UUID. Store the result in /etc/hostid and use it in
the future. Perform simple UUID format check, as there is a lot of
hardware with broken UUIDs. The check should be improved to also eliminate
fake UUIDs like 00000000-0000-0000-0000-000000000000.

Requested by:	many
2007-04-11 00:05:25 +00:00
Giorgos Keramidas
671901e973 Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5),
which can be used to turn off multicast pfsync support, and enable
the transmission of directed PFSYNC (IP protocol: 240) packets to
a specific "sync peer" host.

PR:		conf/111225
Submitted by:	Bas van Beek <bas@tobin.nl>
Approved by:	mtm, mlaier
MFC after:	2 weeks
2007-04-10 16:42:14 +00:00
Pawel Jakub Dawidek
d5ec19ea68 Add rc.d/hostid script (turned on by default) which on first boot generates
UUID and stores it in /etc/hostid ($hostid_file) as well as sets kern.hostuuid
and kern.hostid sysctls on every boot.

Hostid can be reset using '/etc/rc.d/hostid reset' command.

Hostid generation and setting can be turned off by setting variable
hostid_enable to "NO" in /etc/rc.conf.

Reviewed by:	mlaier, rink, brooks, rwatson
2007-04-09 19:21:27 +00:00
Dag-Erling Smørgrav
680aa4e3b8 Apply "additional TCP options" earlier.
Requested by:	andre@
MFC after:	1 week
2007-04-09 10:09:40 +00:00
Dag-Erling Smørgrav
255d327cc5 FILESYSTEMS requires root, so requiring both of them is redundant. 2007-04-09 08:53:40 +00:00
Dag-Erling Smørgrav
90f6241a0e Add zfs to REQUIRE. 2007-04-09 08:44:50 +00:00
Pawel Jakub Dawidek
f92cb15e7b Move zpool.cache from /etc/zfs/ to /boot/zfs/, so we can keep it on
dedicated /boot/ file system and use ZFS for the root file system.
2007-04-08 23:59:39 +00:00
Pawel Jakub Dawidek
86e97941c4 There can be many reasons of VDEV failures, so log type as well. 2007-04-08 16:05:23 +00:00
Pawel Jakub Dawidek
3fcdc8c362 Provide sample entries to handle ZFS problem reports.
It'd be nice to send them via e-mail...
2007-04-08 15:56:49 +00:00
Pawel Jakub Dawidek
0daa3e3561 Add ZFS periodic scripts that monitors status of ZFS pools.
Submitted by:	des
2007-04-06 02:33:06 +00:00