Commit Graph

3594 Commits

Author SHA1 Message Date
gordon
390d72be15 Add a support for a ${OSTYPE} which is set once in /etc/rc.subr. Also convert
all instances of `${CMD_OSTYPE}` to just using ${OSTYPE}. This saves us a
shell invocation on anything that is OS-dependent. I seriously doubt that we
will be spontaneously changing OS types during bootup.
2002-09-06 16:15:29 +00:00
peter
a6cef6d872 rev 1.6 claimed to add 'bootparams', but in fact added 'bootparamd' which
does not exist.
2002-09-06 01:23:31 +00:00
fenner
62292673aa Only try to initialize syscons if /dev/ttyv0 exists and it's not a pcvt. 2002-09-05 23:51:28 +00:00
fenner
472042a2cb Only try to run /usr/sbin/ispcvt if it exists and is executable. 2002-09-05 23:50:34 +00:00
gordon
b0ff5bb69d Add an archdep script and hook it up to the build.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-09-05 20:29:18 +00:00
gordon
d98c8d93bc Hook bootparams up to the world 2002-09-05 20:15:08 +00:00
gordon
190ae3a6ce Introduce bootparamd into the boot scripts. Add a bootparamd_enable and
_flags to rc.conf

Submitted by:	John Hay <jhay@zibbi.icomtek.csir.co.za>
2002-09-05 20:14:46 +00:00
gshapiro
de510133e2 Deprecate the use of sendmail_enable="NONE" as it adversely affects the
new rcNG effort.

Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-09-03 22:15:57 +00:00
gordon
98e21cf6b7 nfsd doesn't die on SIGTERM but on SIGUSR1, correct script to kill nfsd with
the right signal.
2002-09-03 16:02:57 +00:00
gordon
6068c024d6 We don't use single_mountd_enable anymore. It's just mountd_enable. I must
have missed this in my earlier sweep.
2002-09-02 21:20:58 +00:00
gordon
24c38d2a02 Only install the scripts that actually used on FreeBSD. 2002-09-02 20:49:26 +00:00
gordon
53b139eb5a Commit a revised sendmail script that works the same way as rc.sendmail.
This should also quell warnings when sendmail_enable="NONE"
2002-09-02 20:37:03 +00:00
gordon
9b019eb1eb Turn rc_ng on by default now, it's time has come. While we are at it, I'd
like to thank Mike Makonnen for all his work on rcNG. Without him, none
of this would have been possible.
2002-09-02 16:35:01 +00:00
hm
aa0a56823e establish default values for /etc/rc.d/pcvt script 2002-08-30 13:01:42 +00:00
hm
bb3cc65f1f integrate pcvt configuration into the new /etc/rc.d startup system
PR:           i386/7100
Reviewed by:  Gordon Tetlow <gordon@FreeBSD.org>
2002-08-30 12:43:23 +00:00
cjc
1bdbc52de7 Only create a temporary file if we are actually going to do something
in the script. Eliminates a bug where we create a temp file, but don't
delete it since the rm(1) is only done if the check is enabled.

PR:		bin/40960
Submitted by:	frf <frf@xocolatl.com>
MFC after:	3 days
2002-08-25 04:09:17 +00:00
gordon
a9dd424f2f Print out a carriage return to make the screen output make more sense
Submitted by:	mike@
2002-08-20 00:14:11 +00:00
gordon
1ae011b749 I missed the single_mountd_enable in rc.network.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-15 03:29:19 +00:00
gordon
af5c72f277 Remove an accidental double chkdepend that snuck in during the last commit.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-15 03:24:47 +00:00
gordon
7776e3081f Don't export variables from /etc/rc when doing rc_ng because the scripts
are sourced in a subshell.

Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-14 05:58:44 +00:00
gordon
008b9b25ad Clean up the scripts to use the new variables:
xntpd_* -> ntpd_*
portmap_* -> rpcbind_*

Also change single_mountd_enable -> mountd_enable
Changing the mountd flags brings us closer to NetBSD.

All of the old variable names are shimmed so you can continue to use the
old variable name.

Finally make /etc/rc.d/mountd no longer dependent on nfs as there are
(apparently) other consumers of mountd.

Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-14 05:44:32 +00:00
gordon
2f904c0a96 Clean up some variables that should have been done before:
xntpd_* -> ntpd_*
portmap_* -> rpcbind_*

Also change single_mountd_enable to mountd_enable.

We also include shims for all the old variable names.

Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-14 05:37:15 +00:00
schweikh
859c765d64 o Test and change to the correct directory, /var/spool/.hoststat
o Bring if/then style in sync with /etc/rc scripts

PR:		conf/41570
Submitted by:	Konstantin M Volevatch <cox@rosnet.ru>
MFC after:	1 week
2002-08-12 11:09:01 +00:00
schweikh
5eefae432e Fix typos (s/seperat/separat/ et al); add FreeBSD ID.
Suggested by:	bde
MFC after:	3 days
2002-08-12 10:04:32 +00:00
iedowse
3e2d19afb9 Remove some unnecessary sanity checks that break "sh MAKEDEV cd"
and others, because test(1) does not do shortcut evaluation.

Fix the same off-by-one error for acd*t* that revision 1.326 fixed
for other *cd devices.

Suggested by:	bde
Reviewed by:	bde
2002-08-10 22:03:58 +00:00
iedowse
29e0235aba Permit the creation of just cd0 if desired. Previously it always
created cd1 as well due to an off-by-one error left over from
revision 1.249.

PR:		conf/20436
Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
MFC after:	1 week
2002-08-10 00:20:32 +00:00
fanf
37ea1698f6 Remove trailing whitespace. 2002-08-09 20:58:54 +00:00
gordon
338f3e58ec Make the othermta script DTRT when an mta startup script is not specified.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-09 17:45:04 +00:00
gordon
07b40589c7 Correct comment. We use rpcbind now, not portmap
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-09 17:34:13 +00:00
gordon
4d33b6e56f Correct comment
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-08-09 17:33:07 +00:00
ru
3b1b4edbda We no longer have a COPY. 2002-08-07 16:01:06 +00:00
jake
8325f04853 Add example entries for ttya and ttyb (sab). 2002-08-04 19:16:13 +00:00
gshapiro
8cc0839b13 If all file systems are marked nosuid, the line:
MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort`

sets ${MP} to an empty string so the next line:

	set ${MP}

actually just dumps all of the shells variables to stdout (and therefore
the security report).  Fixed by surrounding the code which goes through the
mounts with a test for an empty string before using ${MP}.

Reviewed by:	brian
MFC after:	3 days
2002-08-03 22:33:34 +00:00
rwatson
5ca8a85ebe Introduce support for Mandatory Access Control and extensible
kernel access control.

Create directories for per-policy include files.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:37:08 +00:00
ume
ec26b61ae7 FreeBSD has setkey in different location from NetBSD.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-07-31 16:39:19 +00:00
blackend
5b8d2d8de6 Correct URL to the Handbook
MFC after:	1 week
2002-07-31 10:05:37 +00:00
ru
a8adf98c82 Drop support for COPY, -c has been the default mode of install(1)
for a long time now.

Approved by:	bde
2002-07-29 09:40:17 +00:00
dd
67306baf36 Stock -current has more than 300 files in /etc, so 255 inodes for the
/etc filesystem isn't enough; consequently, add "-i 4096" to the newfs
command for /etc.  This results in 1022 inodes, which should be enough
for the forseeable future (although I don't know why we would ever
have more than 1000 files in a default /etc).

Silence by:	-current
2002-07-28 03:41:53 +00:00
dd
6f27324be2 Add a period to the end of the "starting" message to be consistent
with the rest of the output during a boot.
2002-07-28 03:38:10 +00:00
imp
def36fc897 Add a generic NANOSPEED wi card.
Submitted by: matt peterson

While I'm here, kill the flags 0x10000 on all the prism based cards.
Both stable and current figure this out on their own and we've had at
least one releases where this is the case.
2002-07-26 06:12:14 +00:00
ume
afcf651cf8 Change the default setting of an IPv4-mapped IPv6 address to off.
Requested by:	many people
2002-07-25 15:44:01 +00:00
ume
ae5301d38f be able to configure to run an IPv6 routing daemon even on
an end node (sync with rc.network6 1.30).

Approved by:	gordon
2002-07-21 19:12:21 +00:00
ru
f2824cbad3 sys.mk no longer includes bsd.own.mk. 2002-07-20 10:56:00 +00:00
ru
ed13465e59 Install scripts via FILES (purposedly not via SCRIPTS that would
strip the suffixes).
2002-07-18 12:33:01 +00:00
ru
cd7c90d38f s/${INSTALL} -c/${INSTALL} ${COPY}/ 2002-07-18 12:07:49 +00:00
imp
ebb07e7ff8 The Compaq WL200 is a CL-PD6729 based pci card with a prism 2 pcmcia
card behind it (without the pcmcia form factor).  This entry gets to
the point of attaching, but there's something wrong with the '29
support, so it doesn't quite work yet.
2002-07-18 06:01:35 +00:00
dd
6197784f1d Remove spurious "echo '.'". 2002-07-18 05:00:23 +00:00
bsd
e3e0f48306 Apply same fix as Rev 1.19 of /etc/rc.diskless2: create sendmail
required directories if sendmail_enable is not set to "none".

Suggested by:   gordon
2002-07-18 05:00:22 +00:00
dougb
ebec404eb6 Anonymize the "portmap" program to get better compatibility with
rpcbind in -current.

Submitted by:   Alexander Kabaev <ak03@gte.com>
2002-07-18 05:00:21 +00:00
dougb
0564223a48 Make nisdomainname=NO DTRT
Submitted by:   des, via Mike Makonnen <makonnen@pacbell.net>
2002-07-18 05:00:20 +00:00
dougb
30dfb601b9 Cleanup some pollution from the NetBSD sync, and add gif setup.
Submitted by:   Mike Makonnen <makonnen@pacbell.net>
2002-07-18 05:00:19 +00:00
gordon
e141e08d6b Fix a typo that caused dhclient not to work.
Submitted by:   Dennis Kristensen <snicki@snicki.dk>
Reviewed by:    Mike Makonnen <makonnen@pacbell.net>
2002-07-18 05:00:18 +00:00
gordon
259601fa05 Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:   Mike Makonnen <makonnen@pacbell.net>
Reviewed by:    silence on -current and -hackers
Prodded by:     rwatson
2002-07-18 05:00:17 +00:00
ume
c8703a911a be able to configure to run an IPv6 routing daemon even on
an end node.

Requested by:	Masachika ISHIZUKA <ishizuka@ish.org>
MFC after:	1 week
2002-07-18 05:00:16 +00:00
ru
8280e04b3b Removed no longer used share/examples/diskless/* dirs (forgotten
by luigi@) and never used share/examples/kld/dyn_sysctl/module.
2002-07-11 07:15:36 +00:00
joe
ddb988fd9f Rename 'usio' to 'ucom'.
Spotted by:	akiyama
2002-07-10 16:07:33 +00:00
gordon
a4cf039ac6 Remove debugging nit
Submitted by:	bmah
2002-07-08 21:04:16 +00:00
peter
a01296978c GRRR! rc.* cannot do an "exit 0" or it aborts the entire /etc/rc process.
We do a '. /etc/rc.syscons' - not run it in a seperate shell.
2002-07-08 04:03:21 +00:00
gordon
6a6fb8b86a nfsd and mountd now live in /usr/sbin not /sbin. Correct the command args.
This also reduces the diff to NetBSD (very marginally).

Reviewed by:	jake (mentor)
2002-07-07 22:19:08 +00:00
des
5c93810aed Silence pam_lastlog for now. 2002-07-07 10:00:43 +00:00
dougb
93b3f4508c Another update from Mike Makonnen.
Missed by: Me
2002-07-07 08:00:31 +00:00
dougb
9b623ad295 Latest improvements from Mike Makonnen. Better kerberos and apm handling. 2002-07-07 04:16:53 +00:00
ru
13ade03a10 There is apparently no reason for the existence of the `etc' target. 2002-07-05 13:47:29 +00:00
ru
294d4cf00f Whitespace and indentation (style) fixes. 2002-07-05 13:39:38 +00:00
ru
0bcd5c6bf3 Added DEFAULTS, to denote the contents of etc/defaults/.
Once upon a time (in rev. 1.81), COPYRIGHT and FREEBSD
were multi-value.

Moved installation of /var/log/cron to where it belongs
(this finishes the change in rev. 1.205).

Removed (with extreme prejudice) a bunch of parentheses
that unnecessarily obfuscated this makefile.

Run pwd_mkdb(8) right after master.passwd is installed.

Install nsmb.conf to /usr/share/examples/etc/.
2002-07-05 13:17:24 +00:00
maxim
954ff8bf68 Trim EOL spaces.
Reviewed by:	gshapiro
2002-06-30 12:08:36 +00:00
maxim
d0a28864e1 Add an alias for sshd. 2002-06-30 12:04:41 +00:00
maxim
638246b4b9 Include 'sshd' to the lists of forbidden users.
Reviewed by:	cvs-committers
2002-06-28 15:46:29 +00:00
brian
c4dd2bd45f Mention that we're checking kernel log messages, even if there's
no output.

PR:		39618
MFC after:	1 week
2002-06-28 10:32:18 +00:00
sheldonh
0148f2db27 Revert previous delta, setting the system immutable flag on /var/empty
instead of the user immutable flag, now that mergemaster handles
schg directories in its /var/tmp/temproot.
2002-06-26 17:05:48 +00:00
sheldonh
70a58092b5 Tone down the previous delta: don't set the system immutable flag on
/var/empty, because it makes it difficult for mergemaster(8) to remove
/var/tmp/temproot/var.
2002-06-26 08:58:28 +00:00
dillon
5a2f3bd0ed add default vmemoryuse (unlimited), and samples 2002-06-26 04:04:37 +00:00
ken
0d3a835f3f At long last, commit the zero copy sockets code.
MAKEDEV:	Add MAKEDEV glue for the ti(4) device nodes.

ti.4:		Update the ti(4) man page to include information on the
		TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options,
		and also include information about the new character
		device interface and the associated ioctls.

man9/Makefile:	Add jumbo.9 and zero_copy.9 man pages and associated
		links.

jumbo.9:	New man page describing the jumbo buffer allocator
		interface and operation.

zero_copy.9:	New man page describing the general characteristics of
		the zero copy send and receive code, and what an
		application author should do to take advantage of the
		zero copy functionality.

NOTES:		Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS,
		TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT.

conf/files:	Add uipc_jumbo.c and uipc_cow.c.

conf/options:	Add the 5 options mentioned above.

kern_subr.c:	Receive side zero copy implementation.  This takes
		"disposable" pages attached to an mbuf, gives them to
		a user process, and then recycles the user's page.
		This is only active when ZERO_COPY_SOCKETS is turned on
		and the kern.ipc.zero_copy.receive sysctl variable is
		set to 1.

uipc_cow.c:	Send side zero copy functions.  Takes a page written
		by the user and maps it copy on write and assigns it
		kernel virtual address space.  Removes copy on write
		mapping once the buffer has been freed by the network
		stack.

uipc_jumbo.c:	Jumbo disposable page allocator code.  This allocates
		(optionally) disposable pages for network drivers that
		want to give the user the option of doing zero copy
		receive.

uipc_socket.c:	Add kern.ipc.zero_copy.{send,receive} sysctls that are
		enabled if ZERO_COPY_SOCKETS is turned on.

		Add zero copy send support to sosend() -- pages get
		mapped into the kernel instead of getting copied if
		they meet size and alignment restrictions.

uipc_syscalls.c:Un-staticize some of the sf* functions so that they
		can be used elsewhere.  (uipc_cow.c)

if_media.c:	In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid
		calling malloc() with M_WAITOK.  Return an error if
		the M_NOWAIT malloc fails.

		The ti(4) driver and the wi(4) driver, at least, call
		this with a mutex held.  This causes witness warnings
		for 'ifconfig -a' with a wi(4) or ti(4) board in the
		system.  (I've only verified for ti(4)).

ip_output.c:	Fragment large datagrams so that each segment contains
		a multiple of PAGE_SIZE amount of data plus headers.
		This allows the receiver to potentially do page
		flipping on receives.

if_ti.c:	Add zero copy receive support to the ti(4) driver.  If
		TI_PRIVATE_JUMBOS is not defined, it now uses the
		jumbo(9) buffer allocator for jumbo receive buffers.

		Add a new character device interface for the ti(4)
		driver for the new debugging interface.  This allows
		(a patched version of) gdb to talk to the Tigon board
		and debug the firmware.  There are also a few additional
		debugging ioctls available through this interface.

		Add header splitting support to the ti(4) driver.

		Tweak some of the default interrupt coalescing
		parameters to more useful defaults.

		Add hooks for supporting transmit flow control, but
		leave it turned off with a comment describing why it
		is turned off.

if_tireg.h:	Change the firmware rev to 12.4.11, since we're really
		at 12.4.11 plus fixes from 12.4.13.

		Add defines needed for debugging.

		Remove the ti_stats structure, it is now defined in
		sys/tiio.h.

ti_fw.h:	12.4.11 firmware.

ti_fw2.h:	12.4.11 firmware, plus selected fixes from 12.4.13,
		and my header splitting patches.  Revision 12.4.13
		doesn't handle 10/100 negotiation properly.  (This
		firmware is the same as what was in the tree previously,
		with the addition of header splitting support.)

sys/jumbo.h:	Jumbo buffer allocator interface.

sys/mbuf.h:	Add a new external mbuf type, EXT_DISPOSABLE, to
		indicate that the payload buffer can be thrown away /
		flipped to a userland process.

socketvar.h:	Add prototype for socow_setup.

tiio.h:		ioctl interface to the character portion of the ti(4)
		driver, plus associated structure/type definitions.

uio.h:		Change prototype for uiomoveco() so that we'll know
		whether the source page is disposable.

ufs_readwrite.c:Update for new prototype of uiomoveco().

vm_fault.c:	In vm_fault(), check to see whether we need to do a page
		based copy on write fault.

vm_object.c:	Add a new function, vm_object_allocate_wait().  This
		does the same thing that vm_object allocate does, except
		that it gives the caller the opportunity to specify whether
		it should wait on the uma_zalloc() of the object structre.

		This allows vm objects to be allocated while holding a
		mutex.  (Without generating WITNESS warnings.)

		vm_object_allocate() is implemented as a call to
		vm_object_allocate_wait() with the malloc flag set to
		M_WAITOK.

vm_object.h:	Add prototype for vm_object_allocate_wait().

vm_page.c:	Add page-based copy on write setup, clear and fault
		routines.

vm_page.h:	Add page based COW function prototypes and variable in
		the vm_page structure.

Many thanks to Drew Gallatin, who wrote the zero copy send and receive
code, and to all the other folks who have tested and reviewed this code
over the years.
2002-06-26 03:37:47 +00:00
jdp
8b97544268 Fix the amd invocation to honor the amd_flags setting.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-06-24 19:50:56 +00:00
sheldonh
68469a22f1 The previous delta introduced /var/empty, for use by openssh-portable,
which needs an empty directory into which to chroot(2).

Hint to the operator that this directory really _should_ be empty
by creating it with mode 0555 and the system immutable flag (schg)
set.

Reviewed by:	des
2002-06-24 18:31:47 +00:00
des
049fabb373 Previous commit was just a tad too hasty, the sshd peudo-user's home
directory should be /var/empty.
2002-06-23 20:46:44 +00:00
des
6c4dd41fe3 Add /var/empty for the OpenSSH privsep code. 2002-06-23 20:44:19 +00:00
des
9ffcd90b2f Add an sshd user and group for the OpenSSH privilege separation code. 2002-06-23 20:41:06 +00:00
bsd
4dd39b52f9 Create sendmail required directories if sendmail is enabled. 2002-06-22 19:44:25 +00:00
dougb
a27bc1f2cf Hone the rpcbind dependency checking.
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
2002-06-21 19:50:01 +00:00
obrien
f91ef96f2f This commit was generated by cvs2svn to compensate for changes in r98576,
which included commits to RCS files with non-trunk default branches.
2002-06-21 19:07:21 +00:00
obrien
ee31175803 Sync with NetBSD's mainline. 2002-06-21 19:07:21 +00:00
ru
25fe20626e Make NO_OPENSSL actually imply NO_OPENSSH, as documented in make.conf(5). 2002-06-21 08:54:03 +00:00
dougb
74d7d809a7 Anonymize the "portmap" program to get better compatibility with
rpcbind in -current.

Submitted by:	Alexander Kabaev <ak03@gte.com>
2002-06-20 08:49:44 +00:00
des
3dfd2c1e9b We don't use this any more.
Sponsored by:	DARPA, NAI Labs
2002-06-19 20:01:25 +00:00
des
2645a88fb1 Enable OPIE for sshd and telnetd. I thought I'd done this a long time
ago...

Sponsored by:	DARPA, NAI Labs
2002-06-19 20:00:43 +00:00
dougb
4b8cabb04a Another good suggestion from Bruce, only create links if the
file doesn't exist already.
2002-06-19 05:35:16 +00:00
gordon
881107f895 Fix a typo in the named startup options
Submitted by:	sheldonh@
2002-06-18 19:42:37 +00:00
dougb
293e16b82f Do vidcontrol -m on after starting moused for a usb mouse.
PR:		conf/39125
Submitted by:	Mike Makonnen <makonnen@pacbell.net>
Not objected to by: -current and -hackers
2002-06-18 07:50:16 +00:00
dougb
f54b57d488 Should have paid more attention to the PR. Update (improve?) the examples
by doing them in /dev/, and provide more than just the one example.

Submitted by:	bde (for the ideas, blame for mistakes is mine)
2002-06-18 07:33:56 +00:00
dougb
695434d319 Only create symlink if /dev/ttyv0 exists.
PR:		misc/39381
Submitted by:	Dirk-Willem van Gulik <dirkx@covalent.net>
2002-06-18 07:14:43 +00:00
dougb
9acb83325d Try handling lack of syscons (for diskless boot, or other) by
testing for the presence of /dev/ttyv0.

PR:		misc/39351
Submitted by:	Dirk-Willem van Gulik <dirkx@covalent.net>
2002-06-16 20:59:16 +00:00
gordon
3f27304ae2 Make sendmail really not start when sendmail_enable="NONE"
Submitted by:	Dennis Kristensen <snicki@snicki.dk>
Reviewed by:	Mike Makonnen <makonnen@pacbell.net>
2002-06-15 18:39:05 +00:00
gordon
71e9fd7b1a Add the final bits that allow the use of rc.d. Note that you can toggle
between rc.d and the classic boot scripts based on the rcng variable in
your rc.conf. Defaults to classic boot scripts.

Submitted by:	Mike Makonnen
2002-06-13 22:30:02 +00:00
gordon
c61b4c2e3d Add a couple of variables for rc.d
Submitted by:	Mike Makonnen
2002-06-13 22:27:31 +00:00
gordon
0af5b0e962 Hook rcorder and rc.d into the build.
Submitted by:	Mike Makonnen
2002-06-13 22:26:15 +00:00
gordon
c06ac7c4ff Bring this up to date with the latest NetBSD bits. Also add some bits of
our own.

Submitted by:	Mike Makonnen
Reviewed by:	silence on -current and -hackers
2002-06-13 22:19:42 +00:00
cvs2svn
bf98eb7293 This commit was manufactured by cvs2svn to create branch 'NETBSD'. 2002-06-13 22:14:38 +00:00
gordon
9c5433cb22 Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:	Mike Makonnen <makonnen@pacbell.net>
Reviewed by:	silence on -current and -hackers
Prodded by:	rwatson
2002-06-13 22:14:37 +00:00
obrien
5d096a1b5c Change our default XF86Config location from /etc/ to /etc/X11/,
following the lead of The XFree86 Project's default.

Approved by:	Murray
2002-06-10 04:47:26 +00:00
obrien
656c10dac5 We want to play osterage and stick our heads in the sand and ignore things.
Requested by:	jhb
2002-06-04 22:26:11 +00:00
obrien
d3c26c96f0 ntpdate(1) is depreciated. 2002-06-04 21:25:41 +00:00
shiba
61082730c6 Add new entry PLANEX GW-NS11H(PRISM3.0).
Submitted by [bsd-nomads:16322] Yasufumi Susuki <yasu@triaez.kaisei.org>
2002-05-29 21:16:51 +00:00
peter
f19553daeb Update g++ include subdirs 2002-05-29 00:46:33 +00:00
imp
5d0d03b327 Correct US Robotics Wireless Card 2410 entry 2002-05-24 15:28:38 +00:00
gshapiro
f6c55bbe1c Add a new make.conf knob, SENDMAIL_MAP_PERMS, which specifies the
permissions to use for alias and map database files built by
/etc/mail/Makefile.  The default is 0640 to assist users in avoiding
a file locking local denial of service.

MFC after:	1 day
		pending RE approval
2002-05-24 01:46:39 +00:00
gshapiro
d71c35a87e Change the default permissions for the sendmail statistics file to 0640
instead of 0644 to help protect users against a file locking local
denial of service.

MFC after:	1 day
		pending RE approval
2002-05-24 01:44:53 +00:00
gshapiro
c4bd09146b Add a warning regarding localhost-only listening daemons inside jails.
Apparently binding only to 127.0.0.1 inside of a jail actually binds
to the jail IP address as well (in effect, bind to all available
interfaces in the jail).

Submitted by:	Helge Oldach <test-smtp@oldach.net>
MFC after:	1 day
		pending RE approval
2002-05-22 16:37:32 +00:00
ru
f239fc025d Build sccs(1) docs. 2002-05-22 11:55:47 +00:00
ru
5dc994e2ab Added share/doc/[pu]sd entries.
Reviewed by:	grog
2002-05-22 10:38:25 +00:00
gshapiro
b7c2a22c23 There are still many broken nameservers out there in the wild. Even
though I would personally prefer to see the broken nameservers fixed
instead of standards compliant applications work around them, I can't
force FreeBSD users to help fight that battle.

Submitted by:	Damon Anton Permezel <dap@damon.com>
MFC after:	2 days
		pending RE approval
2002-05-21 02:02:23 +00:00
gordon
969293170b Explictly set kerberos_stash to NO instead of blank. While we are at it,
fix a comment that suggested setting ipv6_ipv4mapping to blank. This
will aid in merging with rcng which requires all veriables to be
explicitly set.

Submitted by:	Mike Makonnen
MFC after:	1 week
2002-05-20 05:26:44 +00:00
markm
83845db29a Remove Perl and TCL/TK bits, neither of which are in the base system
(anymore).
2002-05-18 14:27:17 +00:00
ru
f1c27c590f Sigh, this README is not a shell script. 2002-05-18 12:37:19 +00:00
ru
130d381df9 Remind developers to update hier(7) if they make changes to these files. 2002-05-18 12:35:10 +00:00
obrien
10889ae656 We haven't needed libg++ since 1999-04-04 (pre 4.0). 2002-05-18 05:38:31 +00:00
gordon
feb720dec5 Fix the order of shutdown scripts so it not only reverses the order of the
files in each ${local_startup} directory, it also reverses the order of the
directories.

Suggested by:	jhb
Reviewed by:	jake
Approved by:	dougb
MFC after:	1 week
2002-05-18 00:26:10 +00:00
brian
58e4877cc4 Temporarily change our umask to 066 so that the potential creation
of wtmp.0 is done as mode 600.

This ensures that tight permissions set in /etc/newsyslog.conf for
wtmp logging aren't ``betrayed''.

Suggested by:	lumpy <lumpy@the.whole.net>
MFC after:	3 days
2002-05-17 14:05:08 +00:00
brian
e0be427440 Change `dmesg -a'' to `dmesg''.
The change was introduced in src/etc/security 1.53 almost a year ago
in an attempt to see ipfw deny message logs.

However, ipfw deny/reject logs have been displayed since version 1.13
of the same file as a separate ``job'' and have since moved to
src/etc/periodic/security/500.ipfwdenied.

MFC after:	3 days
2002-05-17 13:38:36 +00:00
brian
e0e62927af Tighten up temporary file permissions and move them to ${TMPDIR:-/tmp}
Problem reported by:	lumpy <lumpy@the.whole.net>
MFC after:		3 days
2002-05-17 11:34:12 +00:00
brian
4068215add Return 3 unless $daily_status_security_enable != YES.
Returning $? masks security output when ``periodic security'' is successful !

MFC after:	3 days
2002-05-17 11:31:45 +00:00
markm
5c57da1647 No need to build perl dirs anymore. 2002-05-16 09:29:40 +00:00
ru
56b7010bb9 MF4: sync with RELENG_4 version as much as possible. 2002-05-16 08:06:07 +00:00
trhodes
004729ff8a Consistancy, file system > filesystem 2002-05-16 02:10:03 +00:00
obrien
507dcb3a48 Time to enter modern age and default to NFS version 3. 2002-05-15 22:24:29 +00:00
nectar
751111934c It is dangerous to use globbing like so in startup scripts:
rm -f /tmp/.X11-unix/*

If /tmp/.X11-unix didn't already exist, a user could symlink it to a directory
with files that he wants to wipe out, and wait for next reboot.

Reported by:	lumpy <lumpy@the.whole.net>
2002-05-08 14:47:44 +00:00
gshapiro
e35948a6ef Fix typo.
Submitted by:	Marius Strom <marius@marius.org>
MFC after:	1 day
		and RE approval
2002-05-08 05:17:46 +00:00
des
0be56e68fc Use pam_lastlog(8)'s new no_fail option.
Sponsored by:	DARPA, NAI Labs
2002-05-08 00:33:02 +00:00
keichii
789a44127f This is two new entries for Taiwanese 16bit PCMCIA cards.
The Blue Concentric CF 802.11b card is a compactflash form-factored card
that does 802.11b, including 128bit encryption.
The Zonet modem pccard is a simple FAX/Modem card.

Both are sold in Guang-Hua Market in Taipei, and functions perfectly
with -current and -stable.
2002-05-07 16:50:15 +00:00
brian
79d9fd6c13 Fix the output when daily_status_mailq_shorten is set to YES
PR:			23766
Mostly submitted by:	lambert@ssabsd.csw.net
MFC after:		3 days
2002-05-07 13:11:05 +00:00
maxim
0cbbb2e256 Include 'www' in the list of forbidden ftp users.
Reviewed by:	sheldonh
MFC after:	3 days
2002-05-07 11:07:39 +00:00
cjc
560bc9d245 Remove leading whitespace from the setuid file lists.
Due to the way we run ls(1), through xargs(1), the leading whitespace
can change even when the setuid files haven't. To avoid displaying
these lines, we currently run diff(1) with the '-w' option. However,
this is probably not the ideal way to go; there is a very, very small
possibility for diff(1) to miss things is shouldn't. So, with the
leading space cleaned, we can revert to the '-b' option which is
"safer."

PR:		conf/37618
Reviewed by:	brian
MFC after:	3 days
2002-05-05 00:59:37 +00:00
des
e94fae922c Add a PAM policy for rexecd(8).
Sponsored by:	DARPA, NAI Labs
2002-05-02 05:05:28 +00:00
des
6f813d5f2f xdm plays horrid tricks with PAM, and dumps core if it's allowed to call
pam_lastlog, so add a dummy session chain to avoid using the one from
pam.d/other.  I assume gdm does something similar, so give it a dummy
session chain as well.

Sponsored by:	DARPA, NAI Labs.
2002-05-02 05:00:40 +00:00
brian
0e37ad70ef Handle .bz2 files created by newsyslog
PR:			37529
Partially submitted by:	Peter Hollaubek <fifteen@inext.hu>
MFC after:		1 week
2002-04-30 17:07:32 +00:00
dwmalone
c6f306a6a4 Don't use ISO_8859 when I should use ISO8859. 2002-04-29 20:57:36 +00:00
des
70fd7e0ff2 Add no_warn to pam_lastlog. This should prevent xdm from dumping core
when linked with Linux-PAM.
2002-04-29 15:22:00 +00:00
dwmalone
4af9569b92 Add a French calendar.
PR:		32265
Submitted by:	Thierry Thomas <thierry@pompo.net>
MFC after:	1 week
2002-04-28 23:22:13 +00:00
dougb
6f9b0f198f Remove reference to the TCP_RESTRICT_RST option, which was removed
over a year ago.

Small ws twiddle while I'm here.
2002-04-27 06:24:58 +00:00
wes
210f257e4e Rename the file used to specify the nextboot to make it clear that this
is a loader configuration file and can be used for more than just a
kernel name.

Submitted by:	Gordon Tetlow <gordont@gnf.org>
2002-04-26 22:32:15 +00:00
ru
8ad1c2807b Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.

Eliminate the need in the second installworld.  For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.

Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1.  Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).

Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).

In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.

Moved the creation of the "crypto" dist from release.5 to
release.2.

In release.3 and doMFSKERN, build kernels in the "world"
environment.  KERNELS now means "additional" kernels, GENERIC is
always built.

Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.

Inline createBOOTMFS target.

Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules.  GC doMODULES as such.

Assorted fixes:

Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".

Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.

gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.

release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists.  Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories.  This will be fixed
soon.

Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage.  Most of the userland makefiles did not test it for "YES"
anyway.

XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists?  (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)

Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.

Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
2002-04-26 17:55:27 +00:00
wes
9bf40bea60 Add a -k option to reboot to specify the kernel to boot next time
around.  If the kernel boots successfully, the record of this kernel
is erased, it is intended to be a one-shot option for testing
kernels.

This could be improved by having the loader remove the record of
the next kernel to boot, it is currently removed in /etc/rc immediately
after disks are mounted r/w.

I'd like to MFC this before the 4.6 freeze unless there is violent
objection.

Reviewed by:	Several on IRC
MFC after:	4 days
2002-04-26 07:31:04 +00:00
obrien
c837861546 Change the name of the 'bin' distribution to 'base'.
This is done since it contains much more than /bin, and also gets in the
way when making a combined install+fixit CD.

OK'ed by:	jkh
2002-04-23 22:16:41 +00:00
gshapiro
1a7fe4db89 sys.mk no longer includes bsd.own.mk so I need to include it here for
the definition of SHAREMODE.

Submitted by:	Udo Schweigert <Udo.Schweigert@siemens.com>
2002-04-23 17:08:08 +00:00
sobomax
e42e586ab2 Correct default value of drainwait: it should be 300 seconds, not forever.
PR:		37370
Submitted by:	Daniel O'Connor <doconnor@gsoft.com.au>
MFC after:	2 weeks
2002-04-23 08:26:50 +00:00
obrien
c141c42f1c Do not use 'ps -e' for entropy gathering. It uses /proc/*/mem to rummage
around *user* memory to extract the environment variable strings.  This
is problematic for us.

Submitted by:	peter
2002-04-23 00:05:48 +00:00
obrien
0b358fe827 Utilize dhcp information in the kernel environment if we don't have
hostname and DNS information already.

Submitted by:	Danny Braniss <danny@cs.huji.ac.il>
2002-04-22 21:42:18 +00:00
sheldonh
ad5ada62ef Bring in changes from smbfs-1.4.4. 2002-04-22 16:18:36 +00:00
des
4d6b787d2d Usage style sweep: spell "usage" with a small 'u'.
Also change one case of blatant __progname abuse (several more remain)
This commit does not touch anything in src/{contrib,crypto,gnu}/.
2002-04-22 13:44:47 +00:00
gshapiro
dc941e21d5 Non-sendmail users use the FreeBSD sendmail startup functionality to start
alternative MTAs.  Therefore, always install rc.sendmail, regardless of
NO_SENDMAIL make.conf setting.  Users can still set mta_start_script to a
different script.

This commit is after a repo-copy of src/etc/sendmail/rc.sendmail to
src/etc/rc.sendmail.

Noticed by:	Calvin NG <calvinng@brel.com>
MFC after:	3 days
2002-04-21 20:32:28 +00:00
cjc
129b6e1381 Consistently use full pathnames for files, especially executables.
PR:		conf/37292
Submitted by:	Helge Oldach <send-pr@oldach.net>
MFC after:	3 days
2002-04-21 08:32:35 +00:00
gshapiro
5e1dc7a023 In my continuing crusade to make life better for non-sendmail users, avoid
the creation of /var/spool/clientmqueue and therefore the need for the
smmsp user and group if NO_SENDMAIL is defined.  This required breaking out
the creation of the directory into a new BSD.sendmail.dist mtree file.

MFC after:	1 week
2002-04-20 19:00:11 +00:00
des
3e36ee6341 Don't list pam_unix in the session chain, since it does not provide any
session management services.

Sponsored by:	DARPA, NAI Labs
2002-04-18 17:40:27 +00:00
ru
d28f5d490f Fixed bugs in previous revision:
Added NOOBJ if anyone even attempts to "make obj" here.
Revert to installing files with mode 644 except README.
Make this overall look like a BSD-style Makefile rather
than roll-your-own (this is not a bug).

For the record.  Previous revision also fixed the breakage
introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no
longer automatically included from sys.mk.

Reported by:	jhay
2002-04-18 10:58:14 +00:00
des
6139bb3c53 Use ${FILES} and <bsd.prog.mk> rather than roll-your-own. 2002-04-18 10:07:36 +00:00
gerald
ac7a3ce817 Mention that terminal type vt220 will work better if one needs
interoperability with other systems like Solaris or GNU/Linux.

PR:		33810
Approved by:	obrien
2002-04-17 10:42:41 +00:00
ru
ed0fcaf91d Really sort entries. 2002-04-16 07:55:20 +00:00
des
b9658dfaf2 Add PAM policy for the "passwd" service, including a sample config line
for pam_passwdqc.

Sponsored by:	DARPA, NAI Labs
2002-04-15 03:01:32 +00:00
des
7b3eec9c1b Add pam_lastlog(8) here since I removed lastlog support from sshd.
Sponsored by:	DARPA, NAI Labs
2002-04-15 02:46:24 +00:00
dougb
62a877b86f Remove ws at EOL 2002-04-14 22:35:46 +00:00
gshapiro
fef0f2cd24 Fix up submit.cf alternation instructions in light of new SENDMAIL_SUBMIT_MC
make.conf knob.

MFC after:	1 week
2002-04-14 19:24:28 +00:00
gshapiro
b7ddd3c1a9 Provide a new make.conf knob, SENDMAIL_SUBMIT_MC to allow users to pick
the .mc file used for /etc/mail/submit.cf.  By default,
/etc/mail/freebsd.submit.mc is installed and used.

Requested by:	fenner
Submitted by:	ume
MFC after:	1 week
2002-04-14 19:20:26 +00:00
hm
5b2c8cd7d6 update german national holidays file for 2002, 2003 and 2004 2002-04-13 12:23:38 +00:00
des
af95c9711d Use pam_rhosts(8). 2002-04-12 23:20:30 +00:00
gshapiro
a025cc5b24 Add my Copyright on this file so I can allow others to use it 2002-04-12 20:28:06 +00:00
des
a51f09d3d4 Add etc/pam.d. 2002-04-12 16:22:58 +00:00
des
1a399fc73c Cosmetic changes to the previous commit, bringing it closer to what I
already had in my tree but didn't want to commit.
2002-04-11 22:06:27 +00:00
ume
a9a33dfb17 Add an IPv6 sample line for tftpd.
MFC after:	2 weeks
2002-04-11 17:17:28 +00:00
peter
b66ff604b7 Back out /etc/rc.d addition. I'd like to see something come of what has
already been imported.  It would have been nice to get it out there
in DP1, but that is too late now.
2002-04-11 08:48:52 +00:00
peter
47709f9931 <peril sensitive sunglasses on>
Add /etc/rc.d to the startup dirs list.  It is a convenient place to put
custom startup scripts instead of hacking a shared rc.local.  eg: ftpd in
listener mode, or maybe even sendmail or another mailer, etc.
<peril sensitive sunglasses off>
2002-04-10 22:42:27 +00:00
peter
32ba147180 Since sshd expects /etc/ssh/ssh_host_rsa_key to exist, we had better
create it.  Also specify protocol v1/v2 in case people wonder why we
generate two RSA keys.
2002-04-10 22:30:54 +00:00
gshapiro
cb7ff33241 Update mail queue related periodic scripts to account for sendmail 8.12's
clientmqueue (submit mail queue).

The new mailq display is only active if both the old
daily_status_mailq_enable is set to "YES" and the new
daily_status_include_submit_mailq is set to "YES" so people who disabled
440.status-mailq won't have any surprises.

Likewise, the new queue run is only active if both the old
daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun
is set to "YES" so people who disabled 500.queuerun won't have any
surprises.

While I am here, remove the [ ! -d /var/spool/mqueue ] checks from
both scripts as the queue directory isn't always /var/spool/mqueue for
the main daemon -- it can be set to anything in the sendmail.cf file.

MFC after:	1 week
2002-04-10 03:58:40 +00:00
des
843d3c8e1c If used, pam_ssh should be marked "sufficient", not "required".
Sponsored by:	DARPA, NAI Labs
2002-04-08 09:52:47 +00:00
asmodai
fa91ff61da Correct path for saver to reflect reality.
Submitted by:	Martin Faxer <gmh003532@brfmasthugget.se>
2002-04-06 18:02:52 +00:00
ume
e97360061b Now, you can specify "" or "NONE" for ipv6_network_interfaces to
prevent the interfaces from being initialized by /etc/rc.network6
wrongly.  So, you can explicitly initialize the interfaces by
/etc/pccard_ether.
With previous rc.network6, if you specify pccardd_flags="-z",
net.inet6.ip6.accept_rtadv was wronly set to 0, then RA was not
accepted.
2002-04-06 15:15:43 +00:00
phk
2317fe447f Per discussion on current: Don't spam root with syslog messages. 2002-04-06 11:22:01 +00:00
dd
24845561fa Correct grammar(?) in comments.
PR:		36808
Submitted by:	Andrew Boothman <andrew@cream.org>
2002-04-06 09:28:37 +00:00
phantom
9538412adc Add directories for pt_BR.ISO8859-1 locale 2002-04-05 14:58:03 +00:00
gshapiro
b42614032f Add the missing hoststat and purgestat commands. These are normally
symlinks to the sendmail binary but in FreeBSD's case, they are
symlinks to mailwrapper.

Submitted by:	tisco
MFC after:	4 days
2002-04-05 04:25:14 +00:00
gshapiro
cd7393b940 Quoting Peter Wemm, "At great personal risk, touch the sendmail startup
again."

As an alternative to sendmail_enable=NONE, solve the boot time problem
for non-sendmail users completely by moving all of the sendmail startup
code from /etc/rc to /etc/rc.sendmail.  The source for that script will
be kept in src/etc/sendmail/rc.sendmail so make.conf's NO_SENDMAIL will
prevent it from being installed.  A new rc.conf variable,
mta_start_script specifies the script to run to start the user's
preferred MTA.  For backward compatibility, it will default to
/etc/rc.sendmail.  The specified script is called out of /etc/rc after
checking to make sure it exists.  A new rc.sendmail.8 man page has also
been added which now houses the sendmail_* variable descriptions
formerly in rc.conf.5.

Use /etc/rc.sendmail in /etc/mail/Makefile to reduce code duplication.

Reviewed by:	-current, -stable, obrien, peter, ru
MFC after:	1 week
2002-04-05 02:30:49 +00:00
ru
2abc929acf Back out last commit. (This file is installed under /etc/mail.)
Requested by:	gshapiro
2002-04-04 07:42:12 +00:00
ru
d4b911cb52 Use a relative path to contrib/sendmail/cf. 2002-04-04 07:18:29 +00:00
dougb
3b51c999a4 The good news is that my initial PR was correct... the bad news is that I
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.

In any case, now it's fixed.
2002-04-01 18:33:45 +00:00
bde
df30d6374f Support more than 32 sio unit numbers. The maximum unit number is now
(65536 * 32 - 1), but MAKEDEV only supports up to (32 * 32 -1).  Device
names use the unit number in base 32 for all "digits".

This required fixing an old bug in MAKEDEV:ttyminor().  Its arg was the
global $unit instead of $1.

Reminded by:	Valentin K. Ponomarenko <valka@krog.ukrtel.net>
MFC-after:	1 week
2002-03-31 09:15:43 +00:00
gshapiro
e33a1d7e19 Update the /etc/mail/Makefile "start" target code to match the new startup
logic and added a new set of targets for controlling the MSP queue runner
(start-mspq, stop-mspq, and restart-mspq).

Reminded by: Mark Santcroos <marks@ripe.net>
MFC after:	1 week
2002-03-28 03:30:27 +00:00
gshapiro
cdfdb8738b Provide a way for users to completely prevent sendmail from trying to start
at boot time.

Instead of rc.conf's sendmail_enable only accepting YES or NO, it can now
also accept NONE.  If set to NONE, none of the other sendmail related
startup items will be done.

Remove an extra queue running daemon might be started that wasn't necessary
(it didn't hurt anything but it wasn't needed).

The new logic is:

# MTA
if ${sendmail_enable} == NONE
        # Do nothing
else if ${sendmail_enable} == YES
        start sendmail with ${sendmail_flags}
else if ${sendmail_submit_enable} == YES
        start sendmail with ${sendmail_submit_flags}
else if ${sendmail_outbound_enable} == YES
        start sendmail with ${sendmail_outbound_flags}
endif
# MSP Queue Runner
if ${sendmail_enable} != NONE &&
   [ -r /etc/mail/submit.cf] && ${sendmail_msp_queue_enable} == YES
        start sendmail with ${sendmail_msp_queue_flags}
endif

Discussed with: Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>,
		Christopher Schulte <schulte+freebsd@nospam.schulte.org>
MFC after:	1 week
2002-03-28 03:29:22 +00:00
obrien
6e00963ef6 Add a sample line for lukemftp. 2002-03-26 19:54:12 +00:00
gshapiro
3f48fd65ca Fix typos
Noticed by:	Larry Rosenman <ler@lerctr.org>
2002-03-26 16:46:27 +00:00
ru
f6da61bcc9 Install sys/security/lomac/*.h to /usr/include/security/lomac/.
Install sys/<arch>/include/pc/*.h to /usr/include/machine/pc/.

PR:		docs/29534

Install sys/netatm/*/*.h to /usr/include/netatm/*/.

Don't install compatibility symlinks for <machine/soundcard.h>
and <machine/joystick.h>.  Three years is enough to be aware of
the change, and these weren't visible in the SHARED=symlinks
case.

Back out include/Makefile,v 1.160 that was a null change anyway
due to the bug in the path, and we now don't want to install
these headers because they would otherwise be invisible in the
SHARED=symlinks case.

Don't install IPFILTER headers.  Userland utilities fetch them
directly, and they were not visible in the SHARED=symlinks case.

Resurrect SHARED=symlinks in Makefile.inc1.

PR:		bin/28002

Prodded by:	bde
MFC after:	2 weeks
2002-03-26 16:05:14 +00:00
ru
6cabbe8e84 Removed some redundant stuff that causes compilation warnings. 2002-03-26 13:00:03 +00:00
ru
065ea04bd8 Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
2002-03-26 12:52:28 +00:00
obrien
89fb9979f2 Don't start any sendmail process in the back ground.
Requested by:	gshapiro
2002-03-26 02:38:08 +00:00
obrien
66959139eb Don't background the sendmail-clientmqueue process -- can give:
sm-queue[181]: NOQUEUE: SYSERR(root): fill_fd: before readcf: fd 1 not open: Bad file descriptor
2002-03-25 20:53:48 +00:00
obrien
0e2f70d957 Sendmail can be slow to startup.
So start it in the background to speed up booting.
2002-03-22 23:45:13 +00:00
gshapiro
f01b236369 Instead of dealing with the endless requests to provide more DNS based
black lists in the default config, give a pointer to a non-static list.
I was convinced this was the right thing to do after getting a PR
asking to add ORBZ the day before ORBZ went off the air.

PR:		conf/35884
MFC after:	4 days
2002-03-22 06:40:26 +00:00
des
861727c094 Install moduli instead of primes 2002-03-21 21:44:03 +00:00
des
3d91eadb74 This commit was generated by cvs2svn to compensate for changes in r92894,
which included commits to RCS files with non-trunk default branches.
2002-03-21 21:43:25 +00:00
des
101e6ea253 Import OpenBSD's moduli file. 2002-03-21 21:43:25 +00:00
gshapiro
20c7c9d94e Use the proper terminology. 2002-03-21 06:09:20 +00:00
des
918221515e Don't try to generate ssh keys if ssh isn't installed. 2002-03-19 03:45:02 +00:00
cjc
505f3e0be8 IPFilter may need to be re-sync'ed even if we are not filtering, but
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@devet.org (Arjan de Vet)
MFC after:	3 days
2002-03-19 01:56:04 +00:00
imp
90f0b523f4 Home Wireless Network Airway wireless card 2002-03-18 04:51:01 +00:00
dougb
9634b14afa Make sure that rc.syctl gets its own version of positional parameters
Submitted by:	cjc
2002-03-18 00:56:51 +00:00
dougb
ffa228092d Distinguish between first and last passes of rc.sysctl, and only set
mibs whose values are not already what is specified in sysctl.conf.
2002-03-17 20:14:11 +00:00
dougb
d0e0826a8c Add a late rc.sysctl pass to catch sysctl's for things that were
not loaded yet on the first pass.

PR:		conf/19629
Submitted by:	Stephen J. Roznowski <sjr@home.com>
2002-03-17 08:38:03 +00:00
dougb
0589708b9d Answer the question posed in 1.126. amd won't start without either a
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)

PR:		conf/12432
Submitted by:	Me
2002-03-17 07:35:51 +00:00
markm
5dd0946513 Update for Perl 5.6.1 2002-03-16 21:41:09 +00:00
markm
d736b831ba Correct a comment; FreeBSD-4 --> FreeBSD-5. 2002-03-16 21:39:26 +00:00
cjc
96faff292d Only put standard FreeBSD directories in the PATH. If the
administrator wishes to run commands outside of the PATH, he should
use a full pathname for the executable or set the PATH as appropriate
in any local startup scripts.

PR:		misc/35770
2002-03-16 20:01:25 +00:00
rwatson
02ff3db358 Allow LOMAC to be loaded as part of the boot scripts using "lomac_enable"
setting in rc.conf.

Extracted from the still clammy hands of:	green
Sponsored by:	DARPA, NAI Labs
2002-03-12 21:47:31 +00:00
rwatson
5ccd83be46 No need to explicitly check for both cases when using grep -i. 2002-03-12 21:44:33 +00:00
cjc
17b6d49a7c Run dumpon(8) early so crashes during startup can be caught. In
addition, take out the checks on the $dumpdev. dumpon(8) behaves well
if given a non-existent filename. It gives a nice error message which
is better rather than the current silent failure.

Reviewed by:	des
2002-03-12 20:59:35 +00:00
cjc
bde27f5c3c The reload of ipf(8) rules should depend on $ipfilter_enable, not
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).

MFC after:	3 days
2002-03-12 20:25:25 +00:00
obrien
0f0107f79e Background the startup of `Amd', it often blocks on startup. 2002-03-12 01:04:35 +00:00
obrien
eff3c6b824 Why shouldn't amd always write its PID to a file?
Since I cannot answer that question, make it.
2002-03-12 01:01:53 +00:00
rwatson
dcb54d0614 Update login failure checking to check auth.log instead of messages,
and teach it to look for more general classes of failures, including
SSH login failures.  This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
2002-03-11 19:39:08 +00:00
rwatson
2cd75cb889 Turns out everyone is a lot lazier than I thought. Spell
'authentication.log' as 'auth.log'.

This is also more consistent with syslog facility names.

Sigh. :-)

Submitted by:	asmodai, aeonflux, green, ....
2002-03-11 19:34:57 +00:00
rwatson
89e30355de Clean up logging of security information a bit:
o Introduce /var/log/authentication.log, which will be the target for
  auth.info and authpriv.info by default.  Rotate on the same schedule
  as most other logs.  Create at installation.

o Remove logging of auth.info from /var/log/security.log, which will
  return to being only for security feature subsystems (such as ipfw,
  and so on).

This creates a special authentication log, which can now be searched
by scripts for authentication events.
2002-03-11 19:26:29 +00:00
cjc
352806ecf3 Don't protect savecore(8) from being run with a bad dumpdir
argument. Don't fail silently, but let savecore(8) make noise. It
won't behave badly, it doesn't need protection.

At the same time, allow the administrator to have dumpdev enabled
while dumpdir (savecore(8)) is disabled and document how to do it.

PR:		conf/35725
2002-03-11 08:47:02 +00:00
cjc
d488da1915 Remove a mention of the worm(4) device that was missed when it was
removed from MAKEDEV in 1.171.

PR:		misc/35729
MFC after:	1 day
2002-03-10 22:34:56 +00:00
rwatson
c2d83956da /var/log/security gets almost no (if not no) activity on many FreeBSD
systems due to sshd not using the security log class.  Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.

Submitted by:	aeonflux@synapse.subneural.net
MFC after:	4 weeks
2002-03-10 15:20:36 +00:00
dd
43a9719eeb In the words of the submitter:
Kerberized CVS (kserver) listens on the same port as normal CVS
        (pserver).  In /etc/inetd.conf cvs kserver is disabled by default,
        but set to listen to the service port 'cvs' which doesn't exist.  It
        should listen to 'cvspserver'.

PR:		34317
Submitted by:	Sean Chittenden <sean@chittenden.org>
2002-03-09 04:55:35 +00:00
n_hibma
f116f7a004 Add an entry for coldsync, to facilitate synchronising a Handspring Visor
with FreeBSD.
2002-03-08 14:46:13 +00:00
obrien
b5d91caf1c fix backwards spelling 2002-03-07 07:17:15 +00:00
cjc
be470ebd23 Environmental variable was not being passed to a subshell as intended.
PR:		bin/35558
Submitted by:	Nicolas Rachinsky <list@rachinsky.de>
2002-03-05 19:13:05 +00:00
imp
42b1fbecf5 Buffalo LPC3-CLT
Submitted by: TANAKA Tomohiko <tomo@oso.to>
PR: 34954
2002-03-05 05:51:30 +00:00
imp
dfffbb2682 Fix Simple Tech STI-ATA
Submitted by: dwhite@paypal.com
PR: 34243
2002-03-05 05:48:32 +00:00
imp
dccb02841a US Robotics Wireless Card 2410
Submitted by: Jerry A! <jerry@thehutt.org>
PR: 33858
2002-03-05 05:44:28 +00:00
dd
0b2f9cb783 Redirect stdout of `ipf -y' to /dev/null. This removes a stray
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
2002-03-04 10:30:24 +00:00
rwatson
7ced7faebd Fix typo. '|' looks a lot like 'l' in my xterm font. 2002-03-01 15:42:27 +00:00
rwatson
cc54b5bea4 When having an expanded name for a class, use '|' instead if ':' to
seperate the short name and the long name.  This was present for most
but not all entries.  Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.

Submitted by:	Martin Faxer <gmh003532@brfmasthugget.se>
MFC after:	2 weeks
2002-03-01 15:30:24 +00:00
ru
ab0f432b2d Fixed a few typos. 2002-02-27 14:43:55 +00:00
cjc
aea627e849 After getting IANA to fix a typo in their port assignments, add
some new IANA-blessed services and close some PRs. Ports for
Jabber and PostgreSQL.

PR:		conf/35219, conf/35220
Submitted by:	Sean Chittenden <sean@chittenden.org>
MFC after:	1 day
2002-02-26 02:36:49 +00:00
gshapiro
526c28fb44 Make sure we don't remove /etc/mail/sendmail.cf on make clean since this
will break a running system during a buildworld.

Noticed by:	Alexandr Listopad <laa@laa.zp.ua>
MFC after:	1 week
2002-02-24 02:38:23 +00:00
iwasaki
80535be2ba Use the regular expression form to solve the ambiguous card parameters
which have tailing spaces.
Some card entries had problem because of incorrect number of spaces.

Approved by:	imp
MFC after:	1 week
2002-02-23 16:38:45 +00:00
cjc
6baa1f255a Long overdue whitespace cleanup. To give yourself an idea of how
ugly it was,

  $ awk '/[[:space:]]$/ { sub(/$/,"\$"); print; }' /etc/services

On the previous revision. And that's only the trailing whitespace.
2002-02-23 11:59:42 +00:00
obrien
d1962c6a7d The usage of 'newaliases' needs to be after we know for sure that /usr
is mounted.

Submitted by:	rizzo
2002-02-23 01:49:20 +00:00
obrien
119bc74831 The existing bazaar and site-specific policy in rc.diskless1 is Just Wrong;
and looks like no other Unix diskless configuration I've ever seen.
Thus allow a more traditional /etc.

Note, the use of an MFS /var should also be settable.
Otherwise installing ports(packages) is just a total PITA.
2002-02-22 19:05:22 +00:00
cjc
f864694415 Bring rc.firewall{,6} more in line with the word and spirit of
rc.conf(5) and the files' inline documentation.

  - Add the "closed"-type, documented in both places, but which did not
    exist in the code.

  - When provided a ruleset, the system should not make any assumptions
    about the sites's policy and should add no rules of its own.

  - Make the "UNKNOWN" (documented in-line) actual work as advertised,
    load no rules.

Prodded by:	Igor M Podlesny <poige@morning.ru>
MFC after:	1 week
2002-02-21 13:14:19 +00:00
ume
c7a3f8f136 Delete a needless rule for DAD. An unspecified address is never used
as a destination address of IPv6 packets.

Submitted by:	cjc
MFC after:	1 week
2002-02-20 18:05:44 +00:00
cjc
5eebfcea9b There is no reason to demand the administrator set 'natd_interface'
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'

Fix the documentation, rc.conf(5), to reflect this change.

Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.

MFC after:	3 days
2002-02-20 10:31:01 +00:00
gshapiro
e26790e916 Turn FEATURE(relay_based_on_MX) off by default. It should not be used unless
absolutely necessary

Requested by:	peter
PR:		conf/33855
MFC after:	1 week
2002-02-17 23:38:16 +00:00
gshapiro
f9b416a6c3 Add infrastructure for sendmail 8.12. If users are not starting a daemon
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions.  If this isn't desired, see etc/mail/README for more hints.

Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.

Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.
2002-02-17 22:19:14 +00:00
gshapiro
0db14425f9 Add information about how the new sendmail set-group-ID mail submission
works and ways to work around common problems people might have.
Include information on reverting to a set-user-ID root sendmail binary in
case anyone really needs to do this.
2002-02-17 22:14:29 +00:00
gshapiro
be0f0b6ad9 Don't build a submit.cf file if SENDMAIL_SET_USER_ID is set 2002-02-17 22:12:57 +00:00
gshapiro
72b2a94378 Add /var/spool/clientmqueue for 8.12's non-set-user-ID root mail submission 2002-02-17 22:11:41 +00:00
gshapiro
b61da01763 Add new include/libmilter directory for libmilter (sendmail mail filter API)
include files
2002-02-17 22:10:56 +00:00
gshapiro
9ca121f5b3 Add new build knob, SENDMAIL_SET_USER_ID, which installs sendmail as a
set-user-ID root binary instead of the new method (set-group-ID smmsp).
Therefore, we shouldn't install /etc/mail/submit.cf if it is set.
2002-02-17 22:09:15 +00:00
gshapiro
bf8692f3b6 Update for sendmail 8.12 which has a new OSTYPE(freebsd5)
Fix access_db usage for 8.12
2002-02-17 22:08:18 +00:00
imp
6e86074098 Add Proxim RangeLAN-DS.
Submitted by: Matt Peterson <matt@peterson.org>
PR:	35057

Also update my note for the 3crwe737A after talking to Alan Clegg at BSDcon.
2002-02-17 20:05:39 +00:00