Commit Graph

3152 Commits

Author SHA1 Message Date
Crist J. Clark
45c2f0c12b After getting IANA to fix a typo in their port assignments, add
some new IANA-blessed services and close some PRs. Ports for
Jabber and PostgreSQL.

PR:		conf/35219, conf/35220
Submitted by:	Sean Chittenden <sean@chittenden.org>
MFC after:	1 day
2002-02-26 02:36:49 +00:00
Gregory Neil Shapiro
d7bbec76f2 Make sure we don't remove /etc/mail/sendmail.cf on make clean since this
will break a running system during a buildworld.

Noticed by:	Alexandr Listopad <laa@laa.zp.ua>
MFC after:	1 week
2002-02-24 02:38:23 +00:00
Mitsuru IWASAKI
eac1840126 Use the regular expression form to solve the ambiguous card parameters
which have tailing spaces.
Some card entries had problem because of incorrect number of spaces.

Approved by:	imp
MFC after:	1 week
2002-02-23 16:38:45 +00:00
Crist J. Clark
b36cde4c79 Long overdue whitespace cleanup. To give yourself an idea of how
ugly it was,

  $ awk '/[[:space:]]$/ { sub(/$/,"\$"); print; }' /etc/services

On the previous revision. And that's only the trailing whitespace.
2002-02-23 11:59:42 +00:00
David E. O'Brien
04e7d65aeb The usage of 'newaliases' needs to be after we know for sure that /usr
is mounted.

Submitted by:	rizzo
2002-02-23 01:49:20 +00:00
David E. O'Brien
5158a0f59f The existing bazaar and site-specific policy in rc.diskless1 is Just Wrong;
and looks like no other Unix diskless configuration I've ever seen.
Thus allow a more traditional /etc.

Note, the use of an MFS /var should also be settable.
Otherwise installing ports(packages) is just a total PITA.
2002-02-22 19:05:22 +00:00
Crist J. Clark
5439c489f8 Bring rc.firewall{,6} more in line with the word and spirit of
rc.conf(5) and the files' inline documentation.

  - Add the "closed"-type, documented in both places, but which did not
    exist in the code.

  - When provided a ruleset, the system should not make any assumptions
    about the sites's policy and should add no rules of its own.

  - Make the "UNKNOWN" (documented in-line) actual work as advertised,
    load no rules.

Prodded by:	Igor M Podlesny <poige@morning.ru>
MFC after:	1 week
2002-02-21 13:14:19 +00:00
Hajimu UMEMOTO
2643a003d1 Delete a needless rule for DAD. An unspecified address is never used
as a destination address of IPv6 packets.

Submitted by:	cjc
MFC after:	1 week
2002-02-20 18:05:44 +00:00
Crist J. Clark
29c0f078e2 There is no reason to demand the administrator set 'natd_interface'
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'

Fix the documentation, rc.conf(5), to reflect this change.

Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.

MFC after:	3 days
2002-02-20 10:31:01 +00:00
Gregory Neil Shapiro
8448f2e2cf Turn FEATURE(relay_based_on_MX) off by default. It should not be used unless
absolutely necessary

Requested by:	peter
PR:		conf/33855
MFC after:	1 week
2002-02-17 23:38:16 +00:00
Gregory Neil Shapiro
feb15b97ab Add infrastructure for sendmail 8.12. If users are not starting a daemon
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions.  If this isn't desired, see etc/mail/README for more hints.

Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.

Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.
2002-02-17 22:19:14 +00:00
Gregory Neil Shapiro
5cd5c25e71 Add information about how the new sendmail set-group-ID mail submission
works and ways to work around common problems people might have.
Include information on reverting to a set-user-ID root sendmail binary in
case anyone really needs to do this.
2002-02-17 22:14:29 +00:00
Gregory Neil Shapiro
a8247f3a53 Don't build a submit.cf file if SENDMAIL_SET_USER_ID is set 2002-02-17 22:12:57 +00:00
Gregory Neil Shapiro
ab3e277c5c Add /var/spool/clientmqueue for 8.12's non-set-user-ID root mail submission 2002-02-17 22:11:41 +00:00
Gregory Neil Shapiro
9a63f27e11 Add new include/libmilter directory for libmilter (sendmail mail filter API)
include files
2002-02-17 22:10:56 +00:00
Gregory Neil Shapiro
910976f7b0 Add new build knob, SENDMAIL_SET_USER_ID, which installs sendmail as a
set-user-ID root binary instead of the new method (set-group-ID smmsp).
Therefore, we shouldn't install /etc/mail/submit.cf if it is set.
2002-02-17 22:09:15 +00:00
Gregory Neil Shapiro
742253f5fd Update for sendmail 8.12 which has a new OSTYPE(freebsd5)
Fix access_db usage for 8.12
2002-02-17 22:08:18 +00:00
Warner Losh
b3290f8139 Add Proxim RangeLAN-DS.
Submitted by: Matt Peterson <matt@peterson.org>
PR:	35057

Also update my note for the 3crwe737A after talking to Alan Clegg at BSDcon.
2002-02-17 20:05:39 +00:00
Crist J. Clark
412c2bb7c1 Remove check for sendmail.conf before even trying to start sendmail.
Checking for the existence of sendmail.cf is rather silly when someone
is using the mailwrapper(8) to run a mail daemon that is not actually
sendmail(8). It is also probably better to let sendmail(8) actually
try to start and error out if the administrator has
'sendmail_enable="YES"' but no sendmail.conf. At present, it would
fail silently.

Reviewed by:	gshapiro
MFC after:	2 days
2002-02-17 02:01:15 +00:00
Brian Somers
55ade43025 Set rc=1 rather than 0 so that setting daily_show_success=YES masks
the output of all goes well.

PR:		34825
Submitted by:	Valentin Nechayev <netch@netch.kiev.ua>
MFC after:	3 weeks
2002-02-13 19:10:07 +00:00
Maxim Konovalov
d60b85c4d7 Fix a typo in swat example.
Spotted by:	Sergey Osokin <osa@freebsd.org.ru>
Reviewed by:	ru
Approved by:	ru
MFC after:	1 week
2002-02-13 08:21:45 +00:00
Mark Peek
90e0035cca Install complete.tcsh and csh-mode.el into ${SHAREDIR}/examples/tcsh.
PR:		misc/34800 (from Steven Grady)
Submitted by:	phantom (patch)
MFC after:	3 days
2002-02-12 04:50:12 +00:00
Dima Dorfman
35fe8af95c crdup(9) is not a protocol.
PR:		34624
Submitted by:	John Nielsen <nielsenj@cs.byu.edu>,
		Hiten Pandya <hiten@uk.FreeBSD.org>
2002-02-10 08:19:58 +00:00
John Baldwin
bffd6ef83d Fix MAKEDEV for RocketPort (rp(4)) cuaR* and ttyR* to work with the
updated driver.  The newer driver in current outputs a version string
that contains a space, so we need to eat two words in between RocketPortX
and the number of ports on the board.
2002-02-09 21:16:54 +00:00
Dag-Erling Smørgrav
1f3030b053 Add missing "nullok" option to pam_unix. 2002-02-08 23:27:22 +00:00
Crist J. Clark
36a48df48e peter points out that we probably should not mess with the sysctl(8)
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
2002-02-08 13:25:33 +00:00
Mark Murray
adb79039fd Enable TCP_WRAPPERs for the NIS server. The protection afforded is
not massive, but usable.
2002-02-06 20:39:36 +00:00
Hajimu UMEMOTO
9785aaf1b3 Install PROTO.localhost-v6.rev. Umm, it seems namedb/Makefile
is not used.
2002-02-06 04:57:25 +00:00
Hajimu UMEMOTO
232b0e36b5 Install PROTO.localhost-v6.rev.
Reported by:	Scott Allendorf <scott-allendorf@uiowa.edu>
Forgot by:	me (ume)
2002-02-06 04:46:07 +00:00
Sheldon Hearn
4155ccefee Add the MTA users 'mailnull' and 'smmp'.
PR:		conf/34535
Submitted by:	Ceri <setantae@submonkey.net>
MFC after:	1 week
2002-02-04 15:12:06 +00:00
Yoshihiro Takahashi
f25125064b Use MACHINE_ARCH instead of MACHINE to check i386 arch.
MFC after:	3 days
2002-02-04 12:50:52 +00:00
Dag-Erling Smørgrav
34cab37003 Add pam_self(8) so users can login(1) as themselves without authentication,
pam_login_access(8) and pam_securetty(8) to enforce various checks
previously done by login(1) but now handled by PAM, and pam_lastlog(8) to
record login sessions in utmp / wtmp / lastlog.

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:13:23 +00:00
Dag-Erling Smørgrav
86f01a8b27 Use pam_self(8) to allow users to su(1) to themselves without authentication.
Sponsored by:	DARPA, NAI Labs
2002-01-30 19:04:39 +00:00
Bruce Evans
f52150f696 Added this makefile. This is not attached to the build yet. I often
install parts of /etc manually and it helps to have a makefile for
each subdir even if the main makefile doesn't invoke it.
2002-01-30 09:27:03 +00:00
MIHIRA Sanpei Yoshiro
8aa32802b9 By commit of usr.sbin/pccard/pccardd/cardd.c at Nov 29 (Dec
10 in -STABLE), pccardd's string comparison between
pccard.conf's entry and PC card's CIS tupple became strict
matching.

As influences of this commit, some PC cards don't work since
some /etc/default/pccard.conf's card identifiers entries are
incorrectly described.

  - Lexar Media compact flash
  - IO DATA CBIDE2 in 16 bit mode
  - TOSHIBA Portable 24X Speed CD-ROM Drive PA2673UJ
  - Hewlett Packard M820e (CD-writer)

Update these card configs.

PR:		33815
Obtained from:	[bsd-nomads:16128]
2002-01-29 21:17:05 +00:00
Ruslan Ermilov
ec5e499155 Tidy up gecos field for `bin'. 2002-01-29 14:00:03 +00:00
Sheldon Hearn
1887ffe3ca Uncomment kserver-adm, which is IANA-sanctioned and has no apparent
conflicts.

PR:		conf/34316
Submitted by:	Sean Chittenden <sean@chittenden.org>
MFC after:	2 weeks
2002-01-29 12:28:51 +00:00
Warner Losh
9fecc8d840 Add Linksys Instant Wireless WPC11 v2.5
Submitted by: eliedtke@apogeetelecom.com
2002-01-29 05:15:56 +00:00
Crist J. Clark
7fc6e2f775 Put a complete set of pppd(8) sample configuration files in
/usr/share/examples/pppd.

Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.

Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.
2002-01-29 01:10:47 +00:00
Crist J. Clark
76f10508d4 Put a complete set of pppd(8) sample configuration files in
/usr/share/examples/pppd.

Update pppd(8) documentation to reflect this, usr.sbin/pppd/pppd.8.

Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.

Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.

The files from etc/ppp, ppp.shells.sample and ppp.deny, were moved
with a repo copy. Note it in the logs with a forced commit to these
two.

Submitted by:	Maxim Konovalov <maxim@macomnet.ru> provided the new samples.
2002-01-29 00:23:35 +00:00
Sheldon Hearn
3e38757beb Register amd's dependency on NFS.
This change was submitted to the freebsd-audit mailing list for review
but received no feedback.  Hindsight-enabled reviews are welcome.

PR:		conf/31358
Submitted:	Thomas Quinot <thomas@cuivre.fr.eu.org>
2002-01-28 11:05:01 +00:00
Warner Losh
a5959e20bf Add ADLINK340C wireless card mentioned in nomads.
# This card has the same PCMCIA and OEM id as ELSA XI300 wireless card, which
# appears to be listed elsewhere in this file.

Submitted by: Abe Toshiaki-san <ans@sun-tec.co.jp>
MFC After: 5 days
2002-01-28 04:46:20 +00:00
Crist J. Clark
f44609fe71 Make the rc.conf(5) 'log_in_vain' knob an integer.
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR:		bin/32953
Reviewed by:	-bugs discussion
MFC after:	1 week
2002-01-26 09:05:13 +00:00
Dag-Erling Smørgrav
c84317d7ad Add local/share/java/classes, local/share/sgml, local/share/xml
Approved by:	ru, silence on -ports
MFC after:	1 week
2002-01-23 13:02:16 +00:00
Hajimu UMEMOTO
fc50a44458 Do not taint ::/124 for localhost reverse table. 2002-01-22 17:22:41 +00:00
Ruslan Ermilov
322628519e Reincarnate SETUID code in man(1), not compiled in by default.
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
2002-01-22 15:15:38 +00:00
Dag-Erling Smørgrav
ae739ec469 Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it.  If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:51:24 +00:00
Dag-Erling Smørgrav
819a142080 Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
2002-01-19 18:29:50 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
3bfbfd1770 Turn on pam_opie by default. It should not affect non-OPIE users. 2002-01-19 10:31:32 +00:00