freebsd-skq/etc/network.subr

970 lines
21 KiB
Plaintext
Raw Normal View History

#!/bin/sh -
#
# Copyright (c) 1993 The FreeBSD Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
1999-08-27 23:37:10 +00:00
# $FreeBSD$
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
#
# Note that almost all of the user-configurable behavior is no longer in
# this file, but rather in /etc/defaults/rc.conf. Please check that file
# first before contemplating any changes here. If you do need to change
# this file for some reason, we would like to know about it.
# First pass startup stuff.
#
network_pass1() {
echo -n 'Doing initial network setup:'
# Generate host.conf for compatibility
#
if [ -f "/etc/nsswitch.conf" ]; then
echo -n ' host.conf'
generate_host_conf /etc/nsswitch.conf /etc/host.conf
fi
# Convert host.conf to nsswitch.conf if necessary
#
if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
echo ''
echo 'Warning: /etc/host.conf is no longer used'
echo ' /etc/nsswitch.conf will be created for you'
convert_host_conf /etc/host.conf /etc/nsswitch.conf
fi
# Set the host name if it is not already set
#
if [ -z "`hostname -s`" ]; then
hostname ${hostname}
echo -n ' hostname'
fi
# Establish ipfilter ruleset as early as possible (best in
# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
# check whether ipfilter and/or ipnat is enabled
ipfilter_active="NO"
case ${ipfilter_enable} in
[Yy][Ee][Ss])
ipfilter_active="YES"
;;
esac
case ${ipnat_enable} in
[Yy][Ee][Ss])
ipfilter_active="YES"
;;
esac
case ${ipfilter_active} in
[Yy][Ee][Ss])
# load ipfilter kernel module if needed
if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
if kldload ipl; then
echo 'IP-filter module loaded.'
else
echo 'Warning: IP-filter module failed to load.'
# avoid further errors
ipfilter_active="NO"
ipmon_enable="NO"
ipfilter_enable="NO"
ipnat_enable="NO"
ipfs_enable="NO"
fi
fi
# start ipmon before loading any rules
case "${ipmon_enable}" in
[Yy][Ee][Ss])
echo -n ' ipmon'
${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
;;
esac
case "${ipfilter_enable}" in
[Yy][Ee][Ss])
if [ -r "${ipfilter_rules}" ]; then
echo -n ' ipfilter'
${ipfilter_program:-/sbin/ipf} -Fa -f \
"${ipfilter_rules}" ${ipfilter_flags}
else
ipfilter_enable="NO"
echo -n ' NO IPF RULES'
fi
;;
esac
case "${ipnat_enable}" in
[Yy][Ee][Ss])
if [ -r "${ipnat_rules}" ]; then
echo -n ' ipnat'
eval ${ipnat_program:-/sbin/ipnat} -CF -f \
"${ipnat_rules}" ${ipnat_flags}
else
ipnat_enable="NO"
echo -n ' NO IPNAT RULES'
fi
;;
esac
# restore filter/NAT state tables after loading the rules
case "${ipfs_enable}" in
[Yy][Ee][Ss])
if [ -r "/var/db/ipf/ipstate.ipf" ]; then
echo -n ' ipfs'
${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
# remove files to avoid reloading old state
# after an ungraceful shutdown
rm -f /var/db/ipf/ipstate.ipf
rm -f /var/db/ipf/ipnat.ipf
fi
;;
esac
;;
esac
# Set the domainname if we're using NIS
#
case ${nisdomainname} in
[Nn][Oo] | '')
;;
*)
domainname ${nisdomainname}
echo -n ' domain'
;;
esac
echo '.'
# Initial ATM interface configuration
#
case ${atm_enable} in
[Yy][Ee][Ss])
if [ -r /etc/rc.atm ]; then
. /etc/rc.atm
atm_pass1
fi
;;
esac
# Attempt to create cloned interfaces.
for ifn in ${cloned_interfaces}; do
ifconfig ${ifn} create
done
# Special options for sppp(4) interfaces go here. These need
# to go _before_ the general ifconfig section, since in the case
# of hardwired (no link1 flag) but required authentication, you
# cannot pass auth parameters down to the already running interface.
#
for ifn in ${sppp_interfaces}; do
eval spppcontrol_args=\$spppconfig_${ifn}
if [ -n "${spppcontrol_args}" ]; then
# The auth secrets might contain spaces; in order
# to retain the quotation, we need to eval them
# here.
eval spppcontrol ${ifn} ${spppcontrol_args}
fi
done
# gifconfig
network_gif_setup
# Set up all the network interfaces, calling startup scripts if needed
#
case ${network_interfaces} in
[Aa][Uu][Tt][Oo])
network_interfaces="`ifconfig -l`"
;;
*)
network_interfaces="${network_interfaces} ${cloned_interfaces}"
;;
esac
dhcp_interfaces=""
for ifn in ${network_interfaces}; do
if [ -r /etc/start_if.${ifn} ]; then
. /etc/start_if.${ifn}
eval showstat_$ifn=1
fi
# Do the primary ifconfig if specified
#
eval ifconfig_args=\$ifconfig_${ifn}
case ${ifconfig_args} in
'')
;;
[Dd][Hh][Cc][Pp])
# DHCP inits are done all in one go below
dhcp_interfaces="$dhcp_interfaces $ifn"
eval showstat_$ifn=1
;;
*)
ifconfig ${ifn} ${ifconfig_args}
eval showstat_$ifn=1
;;
esac
done
if [ ! -z "${dhcp_interfaces}" ]; then
${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
fi
for ifn in ${network_interfaces}; do
# Check to see if aliases need to be added
#
alias=0
while : ; do
eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
if [ -n "${ifconfig_args}" ]; then
ifconfig ${ifn} ${ifconfig_args} alias
eval showstat_$ifn=1
alias=$((${alias} + 1))
else
break;
fi
done
# Do ipx address if specified
#
eval ifconfig_args=\$ifconfig_${ifn}_ipx
if [ -n "${ifconfig_args}" ]; then
ifconfig ${ifn} ${ifconfig_args}
eval showstat_$ifn=1
fi
done
for ifn in ${network_interfaces}; do
eval showstat=\$showstat_${ifn}
if [ ! -z ${showstat} ]; then
ifconfig ${ifn}
fi
done
# ISDN subsystem startup
#
case ${isdn_enable} in
[Yy][Ee][Ss])
if [ -r /etc/rc.isdn ]; then
. /etc/rc.isdn
fi
;;
esac
# Start user ppp if required. This must happen before natd.
#
case ${ppp_enable} in
[Yy][Ee][Ss])
# Establish ppp mode.
#
if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
-a "${ppp_mode}" != "dedicated" \
-a "${ppp_mode}" != "background" ]; then
ppp_mode="auto"
fi
ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
# Switch on NAT mode?
#
case ${ppp_nat} in
[Yy][Ee][Ss])
ppp_command="${ppp_command} -nat"
;;
esac
ppp_command="${ppp_command} ${ppp_profile}"
echo "Starting ppp as \"${ppp_user}\""
su -m ${ppp_user} -c "exec ${ppp_command}"
;;
esac
# Re-Sync ipfilter so it picks up any new network interfaces
#
case ${ipfilter_active} in
[Yy][Ee][Ss])
${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
;;
esac
unset ipfilter_active
# Initialize IP filtering using ipfw
#
if /sbin/ipfw -q flush > /dev/null 2>&1; then
firewall_in_kernel=1
else
firewall_in_kernel=0
fi
case ${firewall_enable} in
[Yy][Ee][Ss])
if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
firewall_in_kernel=1
echo 'Kernel firewall module loaded'
elif [ "${firewall_in_kernel}" -eq 0 ]; then
echo 'Warning: firewall kernel module failed to load'
fi
;;
esac
# Load the filters if required
#
case ${firewall_in_kernel} in
1)
if [ -z "${firewall_script}" ]; then
firewall_script=/etc/rc.firewall
fi
case ${firewall_enable} in
[Yy][Ee][Ss])
if [ -r "${firewall_script}" ]; then
. "${firewall_script}"
echo -n 'Firewall rules loaded, starting divert daemons:'
# Network Address Translation daemon
#
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
if echo ${natd_interface} | \
grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
natd_flags="$natd_flags -a ${natd_interface}"
else
natd_flags="$natd_flags -n ${natd_interface}"
fi
fi
echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
;;
esac
echo '.'
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
echo 'Warning: kernel has firewall functionality,' \
'but firewall rules are not enabled.'
echo ' All ip services are disabled.'
fi
case ${firewall_logging} in
[Yy][Ee][Ss] | '')
echo 'Firewall logging=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.ip.fw.verbose=1 >/dev/null
;;
*)
;;
esac
;;
esac
;;
esac
# Additional ATM interface configuration
#
if [ -n "${atm_pass1_done}" ]; then
atm_pass2
fi
# Configure routing
#
case ${defaultrouter} in
[Nn][Oo] | '')
;;
*)
static_routes="default ${static_routes}"
route_default="default ${defaultrouter}"
;;
esac
# Set up any static routes. This should be done before router discovery.
#
if [ -n "${static_routes}" ]; then
for i in ${static_routes}; do
eval route_args=\$route_${i}
route add ${route_args}
done
fi
echo -n 'Additional routing options:'
case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
;;
*)
echo -n ' tcp extensions=NO'
2001-12-11 08:21:46 +00:00
sysctl net.inet.tcp.rfc1323=0 >/dev/null
;;
esac
case ${icmp_bmcastecho} in
[Yy][Ee][Ss])
echo -n ' broadcast ping responses=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.icmp.bmcastecho=1 >/dev/null
;;
esac
case ${icmp_drop_redirect} in
[Yy][Ee][Ss])
echo -n ' ignore ICMP redirect=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.icmp.drop_redirect=1 >/dev/null
;;
esac
case ${icmp_log_redirect} in
[Yy][Ee][Ss])
echo -n ' log ICMP redirect=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.icmp.log_redirect=1 >/dev/null
;;
esac
case ${gateway_enable} in
[Yy][Ee][Ss])
echo -n ' IP gateway=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.ip.forwarding=1 >/dev/null
;;
esac
case ${forward_sourceroute} in
[Yy][Ee][Ss])
echo -n ' do source routing=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.ip.sourceroute=1 >/dev/null
;;
esac
case ${accept_sourceroute} in
[Yy][Ee][Ss])
echo -n ' accept source routing=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
;;
esac
case ${tcp_keepalive} in
[Nn][Oo])
echo -n ' TCP keepalive=NO'
2001-12-11 08:21:46 +00:00
sysctl net.inet.tcp.always_keepalive=0 >/dev/null
;;
esac
case ${tcp_drop_synfin} in
[Yy][Ee][Ss])
echo -n ' drop SYN+FIN packets=YES'
2001-12-11 08:21:46 +00:00
sysctl net.inet.tcp.drop_synfin=1 >/dev/null
;;
esac
case ${ipxgateway_enable} in
[Yy][Ee][Ss])
echo -n ' IPX gateway=YES'
2001-12-11 08:21:46 +00:00
sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
;;
esac
case ${arpproxy_all} in
[Yy][Ee][Ss])
echo -n ' ARP proxyall=YES'
2001-12-11 08:21:46 +00:00
sysctl net.link.ether.inet.proxyall=1 >/dev/null
;;
esac
case ${ip_portrange_first} in
[Nn][Oo] | '')
;;
*)
echo -n " ip_portrange_first=$ip_portrange_first"
2001-12-11 08:21:46 +00:00
sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
;;
esac
case ${ip_portrange_last} in
[Nn][Oo] | '')
2000-08-16 23:08:28 +00:00
;;
*)
echo -n " ip_portrange_last=$ip_portrange_last"
2001-12-11 08:21:46 +00:00
sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
;;
esac
echo '.'
case ${ipsec_enable} in
[Yy][Ee][Ss])
if [ -f ${ipsec_file} ]; then
echo ' ipsec: enabled'
setkey -f ${ipsec_file}
else
echo ' ipsec: file not found'
fi
;;
esac
echo -n 'Routing daemons:'
case ${router_enable} in
[Yy][Ee][Ss])
echo -n " ${router}"; ${router} ${router_flags}
;;
esac
case ${ipxrouted_enable} in
[Yy][Ee][Ss])
echo -n ' IPXrouted'
IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
;;
esac
case ${mrouted_enable} in
[Yy][Ee][Ss])
echo -n ' mrouted'; mrouted ${mrouted_flags}
;;
esac
case ${rarpd_enable} in
[Yy][Ee][Ss])
echo -n ' rarpd'; rarpd ${rarpd_flags}
;;
esac
echo '.'
# Let future generations know we made it.
#
network_pass1_done=YES
}
network_pass2() {
echo -n 'Doing additional network setup:'
case ${named_enable} in
[Yy][Ee][Ss])
echo -n ' named'; ${named_program:-named} ${named_flags}
;;
esac
case ${ntpdate_enable} in
[Yy][Ee][Ss])
echo -n ' ntpdate'
${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
;;
esac
case ${xntpd_enable} in
[Yy][Ee][Ss])
1999-12-17 13:36:40 +00:00
echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
;;
esac
case ${timed_enable} in
[Yy][Ee][Ss])
echo -n ' timed'; timed ${timed_flags}
;;
esac
case ${portmap_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \
${portmap_flags}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start ypserv if we're an NIS server.
# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
#
case ${nis_server_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' ypserv'; ypserv ${nis_server_flags}
case ${nis_ypxfrd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.ypxfrd'
rpc.ypxfrd ${nis_ypxfrd_flags}
;;
esac
case ${nis_yppasswdd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.yppasswdd'
rpc.yppasswdd ${nis_yppasswdd_flags}
;;
esac
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start ypbind if we're an NIS client
#
case ${nis_client_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' ypbind'; ypbind ${nis_client_flags}
case ${nis_ypset_enable} in
[Yy][Ee][Ss])
echo -n ' ypset'; ypset ${nis_ypset_flags}
;;
esac
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start keyserv if we are running Secure RPC
#
case ${keyserv_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' keyserv'; keyserv ${keyserv_flags}
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# Start ypupdated if we are running Secure RPC
# and we are NIS master
#
case ${rpc_ypupdated_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.ypupdated'; rpc.ypupdated
;;
esac
;;
esac
# Start ATM daemons
if [ -n "${atm_pass2_done}" ]; then
atm_pass3
fi
echo '.'
network_pass2_done=YES
}
network_pass3() {
echo -n 'Starting final network daemons:'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${portmap_enable} in
[Yy][Ee][Ss])
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${nfs_server_enable} in
[Yy][Ee][Ss])
# Handle absent nfs server support
nfsserver_in_kernel=0
if sysctl vfs.nfsrv >/dev/null 2>&1; then
nfsserver_in_kernel=1
else
kldload nfsserver && nfsserver_in_kernel=1
fi
if [ -r /etc/exports -a \
${nfsserver_in_kernel} -eq 1 ]; then
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' mountd'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${weak_mountd_authentication} in
[Yy][Ee][Ss])
mountd_flags="${mountd_flags} -n"
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
mountd ${mountd_flags}
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${nfs_reserved_port_only} in
[Yy][Ee][Ss])
echo -n ' NFS on reserved port only=YES'
2001-12-11 08:21:46 +00:00
sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
echo -n ' nfsd'; nfsd ${nfs_server_flags}
case ${rpc_statd_enable} in
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
[Yy][Ee][Ss])
echo -n ' rpc.statd'; rpc.statd
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
;;
esac
case ${rpc_lockd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.lockd'; rpc.lockd
;;
esac
else
echo -n ' Warning: nfs server failed'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
fi
;;
*)
case ${single_mountd_enable} in
[Yy][Ee][Ss])
if [ -r /etc/exports ]; then
echo -n ' mountd'
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
case ${weak_mountd_authentication} in
[Yy][Ee][Ss])
mountd_flags="-n"
;;
esac
mountd ${mountd_flags}
fi
;;
esac
;;
esac
case ${nfs_client_enable} in
[Yy][Ee][Ss])
nfsclient_in_kernel=0
# Handle absent nfs client support
if sysctl vfs.nfs >/dev/null 2>&1; then
nfsclient_in_kernel=1
else
kldload nfsclient && nfsclient_in_kernel=1
fi
if [ ${nfsclient_in_kernel} -eq 1 ]
then
if [ -n "${nfs_access_cache}" ]; then
echo -n " NFS access cache time=${nfs_access_cache}"
sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
fi
if [ -n "${nfs_bufpackets}" ]; then
sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
fi
case ${rpc_statd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.statd'; rpc.statd
;;
esac
case ${rpc_lockd_enable} in
[Yy][Ee][Ss])
echo -n ' rpc.lockd'; rpc.lockd
;;
esac
case ${amd_enable} in
[Yy][Ee][Ss])
echo -n ' amd'
case ${amd_map_program} in
[Nn][Oo] | '')
;;
*)
amd_flags="${amd_flags} `eval\
${amd_map_program}`"
;;
esac
case "${amd_flags}" in
'')
if [ -r /etc/amd.conf ]; then
amd &
else
echo ''
echo 'Warning: amd will not load without arguments'
fi
;;
*)
amd -p ${amd_flags} \
>/var/run/amd.pid \
2>/dev/null &
;;
esac
;;
esac
else
echo 'Warning: NFS client kernel module failed to load'
nfs_client_enable=NO
fi
;;
esac
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# If /var/db/mounttab exists, some nfs-server has not been
# successfully notified about a previous client shutdown.
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
# If there is no /var/db/mounttab, we do nothing.
if [ -f /var/db/mounttab ]; then
rpc.umntall -k
fi
;;
esac
case ${rwhod_enable} in
[Yy][Ee][Ss])
echo -n ' rwhod'; rwhod ${rwhod_flags}
;;
esac
# Kerberos servers run ONLY on the Kerberos server machine
case ${kerberos4_server_enable} in
[Yy][Ee][Ss])
case ${kerberos_stash} in
[Yy][Ee][Ss])
stash=-n
;;
*)
stash=
;;
esac
echo -n ' kerberosIV'
${kerberos4_server} ${stash} >> /var/log/kerberos.log &
case ${kadmind4_server_enable} in
[Yy][Ee][Ss])
echo -n ' kadmindIV'
(
sleep 20;
${kadmind4_server} ${stash} >/dev/null 2>&1 &
) &
;;
esac
unset stash_flag
;;
esac
case ${kerberos5_server_enable} in
[Yy][Ee][Ss])
echo -n ' kerberos5'
${kerberos5_server} &
case ${kadmind5_server_enable} in
[Yy][Ee][Ss])
echo -n ' kadmind5'
${kadmind5_server} &
;;
esac
;;
esac
1999-11-23 00:22:25 +00:00
case ${pppoed_enable} in
[Yy][Ee][Ss])
1999-11-23 00:26:03 +00:00
if [ -n "${pppoed_provider}" ]; then
1999-11-23 00:22:25 +00:00
pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
fi
echo -n ' pppoed';
_opts=$-; set -f
1999-11-23 00:22:25 +00:00
/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
set +f; set -${_opts}
1999-11-23 00:22:25 +00:00
;;
esac
case ${sshd_enable} in
[Yy][Ee][Ss])
if [ -x /usr/bin/ssh-keygen ]; then
if [ ! -f /etc/ssh/ssh_host_key ]; then
echo ' creating ssh1 RSA host key';
/usr/bin/ssh-keygen -t rsa1 -N "" \
-f /etc/ssh/ssh_host_key
fi
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
echo ' creating ssh2 RSA host key';
/usr/bin/ssh-keygen -t rsa -N "" \
-f /etc/ssh/ssh_host_rsa_key
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
echo ' creating ssh2 DSA host key';
/usr/bin/ssh-keygen -t dsa -N "" \
-f /etc/ssh/ssh_host_dsa_key
fi
fi
;;
esac
echo '.'
network_pass3_done=YES
}
network_pass4() {
echo -n 'Additional TCP options:'
case ${log_in_vain} in
[Nn][Oo] | '')
log_in_vain=0
;;
[Yy][Ee][Ss])
log_in_vain=1
;;
[0-9]*)
;;
*)
echo " invalid log_in_vain setting: ${log_in_vain}"
log_in_vain=0
;;
esac
[ "${log_in_vain}" -ne 0 ] && (
echo -n " log_in_vain=${log_in_vain}"
sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
)
echo '.'
network_pass4_done=YES
}
network_gif_setup() {
case ${gif_interfaces} in
[Nn][Oo] | '')
;;
*)
for i in ${gif_interfaces}; do
eval peers=\$gifconfig_$i
case ${peers} in
'')
continue
;;
*)
ifconfig $i create >/dev/null 2>&1
ifconfig $i tunnel ${peers}
;;
esac
done
;;
esac
}
convert_host_conf() {
host_conf=$1; shift;
nsswitch_conf=$1; shift;
awk ' \
/^[:blank:]*#/ { next } \
/(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \
/(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \
/nis/ { nsswitch[c] = "nis"; c++; next } \
{ printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \
END { \
printf "hosts: "; \
for (i in nsswitch) printf "%s ", nsswitch[i]; \
printf "\n"; \
}' < $host_conf > $nsswitch_conf
}
generate_host_conf() {
nsswitch_conf=$1; shift;
host_conf=$1; shift;
awk '
BEGIN {
xlat["files"] = "hosts";
xlat["dns"] = "bind";
xlat["nis"] = "nis";
cont = 0;
}
sub(/^[\t ]*hosts:/, "") || cont {
if (!cont)
srcs = ""
sub(/#.*/, "")
gsub(/[][]/, " & ")
cont = sub(/\\$/, "")
srcs = srcs " " $0
}
END {
print "# Auto-generated from nsswitch.conf, do not edit"
ns = split(srcs, s)
for (n = 1; n <= ns; ++n) {
if (s[n] in xlat)
print xlat[s[n]]
}
}
' <$nsswitch_conf >$host_conf
}