alternative MTAs. Therefore, always install rc.sendmail, regardless of
NO_SENDMAIL make.conf setting. Users can still set mta_start_script to a
different script.
This commit is after a repo-copy of src/etc/sendmail/rc.sendmail to
src/etc/rc.sendmail.
Noticed by: Calvin NG <calvinng@brel.com>
MFC after: 3 days
the creation of /var/spool/clientmqueue and therefore the need for the
smmsp user and group if NO_SENDMAIL is defined. This required breaking out
the creation of the directory into a new BSD.sendmail.dist mtree file.
MFC after: 1 week
Added NOOBJ if anyone even attempts to "make obj" here.
Revert to installing files with mode 644 except README.
Make this overall look like a BSD-style Makefile rather
than roll-your-own (this is not a bug).
For the record. Previous revision also fixed the breakage
introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no
longer automatically included from sys.mk.
Reported by: jhay
the .mc file used for /etc/mail/submit.cf. By default,
/etc/mail/freebsd.submit.mc is installed and used.
Requested by: fenner
Submitted by: ume
MFC after: 1 week
Add /etc/rc.d to the startup dirs list. It is a convenient place to put
custom startup scripts instead of hacking a shared rc.local. eg: ftpd in
listener mode, or maybe even sendmail or another mailer, etc.
<peril sensitive sunglasses off>
clientmqueue (submit mail queue).
The new mailq display is only active if both the old
daily_status_mailq_enable is set to "YES" and the new
daily_status_include_submit_mailq is set to "YES" so people who disabled
440.status-mailq won't have any surprises.
Likewise, the new queue run is only active if both the old
daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun
is set to "YES" so people who disabled 500.queuerun won't have any
surprises.
While I am here, remove the [ ! -d /var/spool/mqueue ] checks from
both scripts as the queue directory isn't always /var/spool/mqueue for
the main daemon -- it can be set to anything in the sendmail.cf file.
MFC after: 1 week
prevent the interfaces from being initialized by /etc/rc.network6
wrongly. So, you can explicitly initialize the interfaces by
/etc/pccard_ether.
With previous rc.network6, if you specify pccardd_flags="-z",
net.inet6.ip6.accept_rtadv was wronly set to 0, then RA was not
accepted.
again."
As an alternative to sendmail_enable=NONE, solve the boot time problem
for non-sendmail users completely by moving all of the sendmail startup
code from /etc/rc to /etc/rc.sendmail. The source for that script will
be kept in src/etc/sendmail/rc.sendmail so make.conf's NO_SENDMAIL will
prevent it from being installed. A new rc.conf variable,
mta_start_script specifies the script to run to start the user's
preferred MTA. For backward compatibility, it will default to
/etc/rc.sendmail. The specified script is called out of /etc/rc after
checking to make sure it exists. A new rc.sendmail.8 man page has also
been added which now houses the sendmail_* variable descriptions
formerly in rc.conf.5.
Use /etc/rc.sendmail in /etc/mail/Makefile to reduce code duplication.
Reviewed by: -current, -stable, obrien, peter, ru
MFC after: 1 week
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.
In any case, now it's fixed.
(65536 * 32 - 1), but MAKEDEV only supports up to (32 * 32 -1). Device
names use the unit number in base 32 for all "digits".
This required fixing an old bug in MAKEDEV:ttyminor(). Its arg was the
global $unit instead of $1.
Reminded by: Valentin K. Ponomarenko <valka@krog.ukrtel.net>
MFC-after: 1 week
logic and added a new set of targets for controlling the MSP queue runner
(start-mspq, stop-mspq, and restart-mspq).
Reminded by: Mark Santcroos <marks@ripe.net>
MFC after: 1 week
at boot time.
Instead of rc.conf's sendmail_enable only accepting YES or NO, it can now
also accept NONE. If set to NONE, none of the other sendmail related
startup items will be done.
Remove an extra queue running daemon might be started that wasn't necessary
(it didn't hurt anything but it wasn't needed).
The new logic is:
# MTA
if ${sendmail_enable} == NONE
# Do nothing
else if ${sendmail_enable} == YES
start sendmail with ${sendmail_flags}
else if ${sendmail_submit_enable} == YES
start sendmail with ${sendmail_submit_flags}
else if ${sendmail_outbound_enable} == YES
start sendmail with ${sendmail_outbound_flags}
endif
# MSP Queue Runner
if ${sendmail_enable} != NONE &&
[ -r /etc/mail/submit.cf] && ${sendmail_msp_queue_enable} == YES
start sendmail with ${sendmail_msp_queue_flags}
endif
Discussed with: Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>,
Christopher Schulte <schulte+freebsd@nospam.schulte.org>
MFC after: 1 week
Install sys/<arch>/include/pc/*.h to /usr/include/machine/pc/.
PR: docs/29534
Install sys/netatm/*/*.h to /usr/include/netatm/*/.
Don't install compatibility symlinks for <machine/soundcard.h>
and <machine/joystick.h>. Three years is enough to be aware of
the change, and these weren't visible in the SHARED=symlinks
case.
Back out include/Makefile,v 1.160 that was a null change anyway
due to the bug in the path, and we now don't want to install
these headers because they would otherwise be invisible in the
SHARED=symlinks case.
Don't install IPFILTER headers. Userland utilities fetch them
directly, and they were not visible in the SHARED=symlinks case.
Resurrect SHARED=symlinks in Makefile.inc1.
PR: bin/28002
Prodded by: bde
MFC after: 2 weeks
black lists in the default config, give a pointer to a non-static list.
I was convinced this was the right thing to do after getting a PR
asking to add ORBZ the day before ORBZ went off the air.
PR: conf/35884
MFC after: 4 days
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet)
MFC after: 3 days
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432
Submitted by: Me
administrator wishes to run commands outside of the PATH, he should
use a full pathname for the executable or set the PATH as appropriate
in any local startup scripts.
PR: misc/35770
addition, take out the checks on the $dumpdev. dumpon(8) behaves well
if given a non-existent filename. It gives a nice error message which
is better rather than the current silent failure.
Reviewed by: des
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.
o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).
This creates a special authentication log, which can now be searched
by scripts for authentication events.
argument. Don't fail silently, but let savecore(8) make noise. It
won't behave badly, it doesn't need protection.
At the same time, allow the administrator to have dumpdev enabled
while dumpdir (savecore(8)) is disabled and document how to do it.
PR: conf/35725
systems due to sshd not using the security log class. Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.
Submitted by: aeonflux@synapse.subneural.net
MFC after: 4 weeks
Kerberized CVS (kserver) listens on the same port as normal CVS
(pserver). In /etc/inetd.conf cvs kserver is disabled by default,
but set to listen to the service port 'cvs' which doesn't exist. It
should listen to 'cvspserver'.
PR: 34317
Submitted by: Sean Chittenden <sean@chittenden.org>
seperate the short name and the long name. This was present for most
but not all entries. Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
MFC after: 2 weeks
some new IANA-blessed services and close some PRs. Ports for
Jabber and PostgreSQL.
PR: conf/35219, conf/35220
Submitted by: Sean Chittenden <sean@chittenden.org>
MFC after: 1 day
and looks like no other Unix diskless configuration I've ever seen.
Thus allow a more traditional /etc.
Note, the use of an MFS /var should also be settable.
Otherwise installing ports(packages) is just a total PITA.
rc.conf(5) and the files' inline documentation.
- Add the "closed"-type, documented in both places, but which did not
exist in the code.
- When provided a ruleset, the system should not make any assumptions
about the sites's policy and should add no rules of its own.
- Make the "UNKNOWN" (documented in-line) actual work as advertised,
load no rules.
Prodded by: Igor M Podlesny <poige@morning.ru>
MFC after: 1 week
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions. If this isn't desired, see etc/mail/README for more hints.
Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.
Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.
works and ways to work around common problems people might have.
Include information on reverting to a set-user-ID root sendmail binary in
case anyone really needs to do this.
Checking for the existence of sendmail.cf is rather silly when someone
is using the mailwrapper(8) to run a mail daemon that is not actually
sendmail(8). It is also probably better to let sendmail(8) actually
try to start and error out if the administrator has
'sendmail_enable="YES"' but no sendmail.conf. At present, it would
fail silently.
Reviewed by: gshapiro
MFC after: 2 days
updated driver. The newer driver in current outputs a version string
that contains a space, so we need to eat two words in between RocketPortX
and the number of ports on the board.
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.
If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
pam_login_access(8) and pam_securetty(8) to enforce various checks
previously done by login(1) but now handled by PAM, and pam_lastlog(8) to
record login sessions in utmp / wtmp / lastlog.
Sponsored by: DARPA, NAI Labs
10 in -STABLE), pccardd's string comparison between
pccard.conf's entry and PC card's CIS tupple became strict
matching.
As influences of this commit, some PC cards don't work since
some /etc/default/pccard.conf's card identifiers entries are
incorrectly described.
- Lexar Media compact flash
- IO DATA CBIDE2 in 16 bit mode
- TOSHIBA Portable 24X Speed CD-ROM Drive PA2673UJ
- Hewlett Packard M820e (CD-writer)
Update these card configs.
PR: 33815
Obtained from: [bsd-nomads:16128]
/usr/share/examples/pppd.
Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.
Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.
/usr/share/examples/pppd.
Update pppd(8) documentation to reflect this, usr.sbin/pppd/pppd.8.
Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.
Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.
The files from etc/ppp, ppp.shells.sample and ppp.deny, were moved
with a repo copy. Note it in the logs with a forced commit to these
two.
Submitted by: Maxim Konovalov <maxim@macomnet.ru> provided the new samples.
This change was submitted to the freebsd-audit mailing list for review
but received no feedback. Hindsight-enabled reviews are welcome.
PR: conf/31358
Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
# This card has the same PCMCIA and OEM id as ELSA XI300 wireless card, which
# appears to be listed elsewhere in this file.
Submitted by: Abe Toshiaki-san <ans@sun-tec.co.jp>
MFC After: 5 days
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).
PR: bin/32953
Reviewed by: -bugs discussion
MFC after: 1 week
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
users who don't wish to use it. If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file. The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
We now do it as a "camcontrol rescan all" which is something ken
promised to implement; for the time being it's not worse than the old
"camcontrol rescan $device" which ended up in something like
"camcontrol rescan aic1". Currently, camcontrol misinterprets the
third non-numeric arg as number 0, and rescans bus 0, which is about
the best we could get at this time.
Approved by: imp
MFC after: 1 week