Commit Graph

5067 Commits

Author SHA1 Message Date
Doug Barton
1323e3dbec s/named_confidr/named_confdir/ in the rndc.key check. The line in
the command to create it was right, but the check was wrong, so it
was getting created every time. Mea culpa.

Submitted by:	oliver
2010-01-01 22:10:07 +00:00
Doug Barton
fc3c7b9569 With the introduction of named_conf the -c example in named_flags
is no longer necessary or desirable. Update the comment to indicate
that _flags should be used for options other than -u and -c.
2010-01-01 19:09:40 +00:00
Doug Barton
2128551758 The script hard-coded the assumption that the "configuration directory"
would be "/etc/namedb" in a number of places. Since the user may make
a different choice, introduce a new internal variable, named_confdir
that is generated relative to the location of $named_conf.

While this will work for some things (especially a highly customized
build from ISC source) there are still a number of places where
/etc/namedb is assumed that it is not easily virtualized (E.g., mtree).
If you deviate from the defaults you'd better know what you're doing. :)
2010-01-01 19:06:00 +00:00
John Baldwin
f50c094638 Remove a trailing reference to the obsolete vaps_<IF> variable.
Reviewed by:	brooks
MFC after:	3 days
2009-12-29 21:06:49 +00:00
John Baldwin
9557a45059 Add support for configuring vlan(4) interfaces as child devices similar to
wlan(4) interfaces.  vlan(4) interfaces are listed via a new 'vlans_<IF>'
variable.  If a vlan interface is a number, then that number is treated as
the vlan tag for the interface and the interface will be named '<IF>.<tag>'.
Otherwise, the vlan tag must be provided via a vlan parameter in a
'create_args_<vlan>' variable.

While I'm here, fix a few nits in rc.conf(5) and mention create_args_<IF> in
the description of cloned_interfaces.

Reviewed by:	brooks
MFC after:	2 weeks
2009-12-29 21:03:36 +00:00
Edward Tomasz Napierala
5689f92fb0 Remove examples for pppd and SLIP-related stuff. 2009-12-29 20:20:51 +00:00
Hajimu UMEMOTO
30e7dc3c56 Add missing me6 rules. Now, the IPv6 rules become equivalent
to the IPv4 rules.

Reported by:	David Horn <dhorn2000__at__gmail.com>
2009-12-29 11:27:51 +00:00
Doug Barton
a4dd7f22af Update the comments about files ending in .sh
Prompted by:	Alex Kozlov <spam@rm-rf.kiev.ua>
2009-12-27 06:27:09 +00:00
Doug Barton
38b8fa9739 Delete some trailing whitespace 2009-12-27 06:25:03 +00:00
Jilles Tjoelker
bd3e243f9f rc.subr: Use pwait in wait_for_pids.
This waits for the requested process(es) to terminate, rather than polling
with an interval of 2 seconds.

If pwait is not available, the old method is used.

PR:		conf/132766
Reviewed by:	dougb
2009-12-21 22:16:07 +00:00
Doug Barton
0fcd844921 The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.

In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.

This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
2009-12-15 05:14:39 +00:00
Doug Barton
9190ba057c Revert the xterm terminal behavior to NOT clear the screen after
exiting a pager, vi, etc.

Add some example xterm*-clear entries to the termcap files to make
it easier for people to enable that behavior.

Document the examples in the man page to make them easier to find.
2009-12-14 07:18:31 +00:00
Doug Barton
f25291f3a1 Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
	Add "-c $named_conf" to command_args if it's not set to the
	default. If it is set to the default and we're using the base
	BIND it's not necessary. If we're using BIND from the ports
	the user is likely to have included it in _flags (due to long
	necessity for doing so) so don't duplicate that if it's set.

	Add $named_conf to required_files
2009-12-12 21:51:50 +00:00
Antoine Brodin
cb174b37be Install firmware(9) examples.
MFC after:	1 month
2009-12-12 17:04:36 +00:00
Doug Barton
1d0185c436 Update to the December 12, 2008 version of this file. The one
substantive change is to add the IPv6 address of L. The other
changes are all CAPS LOCK related.
2009-12-11 01:06:04 +00:00
Ed Schouten
a7e5e29990 Update termcap entries for xterm.
It turns out these entries do make Terminal.app behave a little better.
According to Thomas Dickey, Terminal.app should use TERM=nsterm anyway,
but we don't support this yet. Already having an improved termcap entry
helps, so I am going to MFC this change after all.

Suggested by:	Leonidas Tsampros <ltsampros upnet gr>
MFC after:	1 month
2009-12-10 22:25:53 +00:00
Colin Percival
a235643007 Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:15.ssl
Security:	FreeBSD-SA-09:16.rtld
Security:	FreeBSD-SA-09:17.freebsd-udpate
2009-12-03 09:18:40 +00:00
Hajimu UMEMOTO
2bba0e1a00 Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6
and rc.d/ip6fw.

Reviewed by:	dougb, jhb
MFC after:	1 month
2009-12-02 15:05:26 +00:00
Ed Schouten
71a9e1e305 Use cons25w on pc98.
Discussed with:	nyan
2009-11-13 11:54:52 +00:00
Ed Schouten
4b2361f811 Convert syscons on i386 to TERM=xterm.
TEKEN_XTERM is now gone. Because we always use xterm mode now, we only
need a TEKEN_CONS25 switch to go back to cons25.
2009-11-13 11:28:54 +00:00
Ed Schouten
d29a98f47f Split up etc.i386/ttys into a PC98 version as well.
This means I can now convert syscons on i386 to xterm as well.

Discussed with:	nyan
2009-11-13 11:26:44 +00:00
Ed Schouten
e42fc36867 Switch the default terminal emulation style to xterm for most platforms.
Right now syscons(4) uses a cons25-style terminal emulator. The
disadvantages of that are:

- Little compatibility with embedded devices with serial interfaces.
- Bad bandwidth efficiency, mainly because of the lack of scrolling
  regions.
- A very hard transition path to support for modern character sets like
  UTF-8.

Our terminal emulation library, libteken, has been supporting
xterm-style terminal emulation for months, so flip the switch and make
everyone use an xterm-style console driver.

I still have to enable this on i386. Right now pc98 and i386 share the
same /etc/ttys file. I'm not going to switch pc98, because it uses its
own Kanji-capable cons25 emulator.

IMPORTANT: What to do if things go wrong (i.e. graphical artifacts):

- Run the application inside script(1), try to reduce the problem and
  send me the log file.
- In the mean time, you can run `vidcontrol -T cons25' and `export
  TERM=cons25' so you can run applications the same way you did before.
  You can also build your kernel with `options TEKEN_CONS25' to make all
  virtual terminals use the cons25 emulator by default.

Discussed on:	current@
2009-11-13 05:54:55 +00:00
Remko Lodder
eabd1bcb21 Execute the start/stop process of a jail in the background.
This will prevent that the script hangs during startup, which
could cause annoying effects after rebooting for example.

PR:		kern/139422
Submitted by:	Andrey Groshev <greenx at yartv dot ru>
Approved by:	imp (mentor, implicit)
MFC after:	3 days
Facilitated by:	Snow B.V.
2009-11-02 09:56:46 +00:00
Hiroki Sato
da5f0a6fac Use double-quotation marks to fix the unexpanded variable issue.
Spotted by:	swell.k
2009-10-23 09:30:19 +00:00
Christian Brueffer
e8097b1fba Add empty watchdogd_flags.
PR:		136620
Submitted by:	amdmi3
MFC after:	3 days
2009-10-21 09:43:22 +00:00
Ed Schouten
248389c80f Partially revert the change to the gettytab made in r198214.
By misinterpreting some data, I thought that getty wouldn't apply any
baud rate to the syscons devices, but it uses the default entry instead.
This means that the baud rate is set to 1200. This isn't too bad, except
when using canonical mode. Make it use 9600 baud by default.

MFC after:	1 week
2009-10-19 11:10:44 +00:00
Ed Schouten
e79939add1 Fix qouting in a comment, to make it look more consistent
Submitted by:	Jille Timmermans <jille quis cx>
MFC after:	1 week
2009-10-18 19:51:06 +00:00
Ed Schouten
5ed8d12443 Allow the buffer size to be configured for pseudo-like TTY devices.
Devices that don't implement param() (which means they don't support
hardware parameters such as flow control, baud rate) hardcode the baud
rate to TTYDEF_SPEED. This means the buffer size cannot be configured,
which is a little inconvenient when using canonical mode with big lines
of input, etc.

Make it adjustable, but do clamp it between B50 and B115200 to prevent
awkward buffer sizes. Remove the baud rate assignment from
/etc/gettytab. Trust the kernel to fill in a proper value.

Reported by:	Mikolaj Golub <to my trociny gmail com>
MFC after:	1 month
2009-10-18 19:48:53 +00:00
Doug Barton
c5a82ce01d Remove a circular dependency on routing
Submitted by:	Mykola Dzham <freebsd@levsha.org.ua>
Approved by:	hrs
2009-10-17 21:09:15 +00:00
Doug Barton
0e22665fc7 Allow $name_program to override $command in a more robust way that
will not cause the value to be null if $command is not set.
2009-10-15 23:20:23 +00:00
Doug Barton
70d4ef1ea1 In regards to the "Starting foo:" type messages at boot time, create and
employ a more generic solution, and use it in the individual rc.d scripts
that also have an $rc_quiet test:

1. Add check_startmsgs() to rc.subr.
2. In the rc.d scripts that use rc_quiet (and rc.subr) substitute
variations of [ -z "$rc_quiet" ] with check_startmsgs
3. In savecore add a trailing '.' to the end of the message to make it
more consistent with other scripts.
4. In newsyslog remove a : before the terminal '.' since we do not expect
there to be anything printed out in between to make it more consistent.
5. In the following scripts change "quotes" to 'quotes' where no variables
exist in the message: savecore pf newsyslog
6. In the following scripts substitute if/then/fi for the simpler (and
more consistent) check_startmsgs &&: faith stf
7. In the following scripts separate the "Starting foo:" from the terminal
'.' to make them more consistent: moused hostname pf
8. In nfsclient move the message to its own line to avoid a style bug
9. In pf rc_quiet does not apply to the _stop method, so remove the
test there.
10. In motd add 'quotes' around the terminal '.' for consistency
2009-10-10 22:17:03 +00:00
Hiroki Sato
2880192bf2 Fix a case when both ${name}_program and ${command} are defined.
Spotted by:	Michio "Karl" Jinbo
2009-10-05 20:11:33 +00:00
Dag-Erling Smørgrav
4fa5b48f39 tabify
MFC after:	3 weeks
2009-10-05 09:28:54 +00:00
Dag-Erling Smørgrav
3e485d4cba Change the pam_ssh examples: if you use it, you probably want want_agent.
MFC after:	3 weeks
2009-10-05 09:26:22 +00:00
Rui Paulo
4011f96514 Add OpenVPN IANA assigned port number. 2009-10-03 11:02:36 +00:00
Hiroki Sato
df2b25f6ee - Enable an afexists() check only when no AF argument is specified.
- Simplify helper functions.

Discussed with:	ume
2009-10-02 20:19:53 +00:00
Hiroki Sato
b5a70c98b2 The net.inet.tcp.log_in_vain accepts 0, 1 or 2, not Y/N. 2009-10-02 06:51:39 +00:00
Hiroki Sato
ccbc06d893 Revert the previous afexists() change. Knobs configured explicitly by
the user should not be ignored if possible even if the kernel does not
support the prerequisite feature.

Discussed with:	ume
2009-10-02 06:19:34 +00:00
Hiroki Sato
e248dc09a8 - Split routing_*() and option_*() to *_AF() and add afexists() check
for each address family.  Replace AF_static() with static_AF() for
  consistency.

- Display a message only if the user sets a non-default value, and set
  a sysctl explicitly even if it is the default value.
2009-10-02 02:28:59 +00:00
Hiroki Sato
01ce5591ad - Fix logic inversion bug of net.inet.tcp.rfc1323[*].
- Split netoptions_start() to netoptions_AF() and add afexists() check
  for each address family.

- Display a message only if the user sets a non-default value, and set
  a sysctl explicitly even if it is the default value.

Spotted by:	Pegasus Mc Cleaft[*]
2009-10-02 02:27:49 +00:00
Hiroki Sato
b558571de6 - Add AF_IPX and AF_NATM to afexists().
- Add afexists() check to address family specific rc.d scripts.  A
  script for an AF will be silently ignored if the kernel has no
  support for the AF.
2009-10-02 02:24:25 +00:00
Hajimu UMEMOTO
db4abd60a3 Don't do an IPv6 operation when the kernel doesn't have
an IPv6 support.

Reported by:	Alexander Best <alexbestms__at__math.uni-muenster.de>
Confirmed by:	Paul B. Mahol <onemda__at__gmail.com>,
		Alexander Best <alexbestms__at__math.uni-muenster.de>
2009-09-30 14:58:10 +00:00
Doug Barton
e52df452d1 By popular acclaim, enable "Starting foo:" messages by default 2009-09-29 16:49:10 +00:00
Colin Percival
ca82268b2a Silence warning printed by getfsspec(3) when /etc/fstab does not exist
fstab: /etc/fstab:0: No such file or directory
and from dump(8) when setfsent(3) fails due to /etc/fstab not existing:
  DUMP: Can't open /etc/fstab for dump table information: No such...

This makes daily and security periodic runs somewhat cleaner in jails
which lack /etc/fstab files.

MFC after:	1 month
2009-09-28 03:32:35 +00:00
Gabor Kovesdan
d0a021b7bf - Add share/nls/gl_ES.ISO8859-1, which I forgot in my last commit
Submitted by:	Andrzej Tobola <ato@iem.pw.edu.pl> (via private mail)
2009-09-27 21:27:11 +00:00
Hiroki Sato
97c8942c91 Use ipv6if() when $rtadvd_interfaces="AUTO". 2009-09-26 19:00:47 +00:00
Hiroki Sato
27fa984efd Move rc.d/{stf,faith} to just before rc.d/routing.
Pointed out by:	tegge
2009-09-26 19:00:20 +00:00
Hiroki Sato
2e77c5abfb Fix several logic bugs in the previous IPv6 variable change and
re-add $ipv6_enable support for backward compatibility.  From
UPDATING:

 1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
    for IPv4.  For aliases, $ifconfig_IF_aliasN should be used.
    Note that both variables need the "inet6" keyword at the head.

    Do not set $ipv6_network_interfaces manually if you do not
    understand what you are doing.  It is not needed in most cases.

    $ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
    they are obsolete.

 2. $ipv6_enable is obsolete.  Use $ipv6_prefer and/or
    "inet6 accept_rtadv" keyword in ifconfig(8) instead.

    If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
    all configured interfaces have "inet6 accept_rtadv" in the
    $ifconfig_IF_ipv6.  These are for backward compatibility.

 3. A new variable $ipv6_prefer has been added.  If NO, IPv6
    functionality of interfaces with no corresponding
    $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
    and the default address selection policy of ip6addrctl(8)
    is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
    Note that if you want to configure IPv6 functionality on the
    disabled interfaces after boot, first you need to clear the flag by
    using ifconfig(8) like:

         ifconfig em0 inet6 -ifdisabled

    If YES, the default address selection policy is set as
    IPv6-preferred.

    The default value of $ipv6_prefer is NO.

 4. If your system need to receive Router Advertisement messages,
    define "inet6 accept_rtadv" in $ifconfig_IF_ipv6.  The rc(8)
    scripts automatically invoke rtsol(8) when the interface becomes
    UP.  The Router Advertisement messages are used for SLAAC
    (State-Less Address AutoConfiguration).
2009-09-26 18:59:00 +00:00
Doug Barton
f414327c25 Add a knob to show 'Starting foo:' messages when faststart is used,
such as at boot time.
2009-09-17 19:05:47 +00:00
Ed Maste
66e5a431cf Protect cross-script invocation by checking that the target script exists.
This allows pruning of rc.d scripts without getting too many ugly boottime
error messages.

Inspired by phk's r128714 change to netif.
2009-09-14 16:52:38 +00:00