Commit Graph

4732 Commits

Author SHA1 Message Date
Maksim Yevmenkin
69204f46de Teach /etc/rc.d/ppp how to start/stop individual instances
of ppp. This is an extension of previous commit.

Submitted by:	Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by:	mtm
MFC after:	3 days
2007-10-18 17:10:40 +00:00
Michael Bushkov
e83df45f27 Removing obsolete etc/cached.conf.
Approved by:	brooks (mentor)
2007-10-18 09:09:22 +00:00
Michael Bushkov
0f3c4f0fac Forced commit to note cached.conf -> nscd.conf repocopy. etc/Makefile
changed accordingly.

Approved by:	brooks (mentor)
2007-10-18 08:26:20 +00:00
Alexander Leidinger
9f05d312b3 Backout sensors framework.
Requested by:	phk
Discussed on:	cvs-all
2007-10-15 20:00:24 +00:00
Alexander Leidinger
99f6b270e3 Import OpenBSD's sysctl hardware sensors framework.
This commit includes the following core components:

 * sample configuration file for sensorsd
 * rc(8) script and glue code for sensorsd(8)
 * sysctl(3) doc fixes for CTL_HW tree
 * sysctl(3) documentation for hardware sensors
 * sysctl(8) documentation for hardware sensors
 * support for the sensor structure for sysctl(8)
 * rc.conf(5) documentation for starting sensorsd(8)
 * sensor_attach(9) et al documentation
 * /sys/kern/kern_sensors.c
   o sensor_attach(9) API for drivers to register ksensors
   o sensor_task_register(9) API for the update task
   o sysctl(3) glue code
   o hw.sensors shadow tree for sysctl(8) internal magic
 * <sys/sensors.h>
 * HW_SENSORS definition for <sys/sysctl.h>
 * sensors display for systat(1), including documentation
 * sensorsd(8) and all applicable documentation

The userland part of the framework is entirely source-code
compatible with OpenBSD 4.1, 4.2 and  -current as of today.

All sensor readings can be viewed with `sysctl hw.sensors`,
monitored in semi-realtime with `systat -sensors` and also
logged with `sensorsd`.

Submitted by:	Constantine A. Murenin <cnst@FreeBSD.org>
Sponsored by:	Google Summer of Code 2007 (GSoC2007/cnst-sensors)
Mentored by:	syrinx
Tested by:	many
OKed by:	kensmith
Obtained from:	OpenBSD (parts)
2007-10-14 10:45:31 +00:00
Maksim Yevmenkin
b1e50be2c6 Teach /etc/rc.d/ppp to start multiple instances of ppp.
ppp_profile variable can now contain multiple profiles.
Overrides for ppp mode and nat can go into ppp_$profile_mode
and ppp_$profile_nat variables respectively. If those are
not specified, defaults from ppp_mode and ppp_nat are used.

Submitted by:	Yuri Kurenkov < y dot kurenkov at init dot ru >
Reviewed by:	mtm
MFC after:	1 week
2007-10-12 16:35:36 +00:00
Christian S.J. Peron
4c5ada1230 Add pts/pty to the un-hidden devices for logins. This un-breaks
logins to jailed environments when the system is using PTS style
ptys (kern.pts.enable=1).

Discussed with:	rwatson
MFc after:	1 week
2007-10-12 14:55:41 +00:00
Doug Barton
b5ed5226dd Deprecate use of the early.sh script as advertised when the support for
local rc.d scripts in the overall boot order was added.

Proper rc.d scripts are run by rc.subr in a subshell, whereas scripts that
end in .sh are sourced into rc's shell. The latter has potential to create
serious boot problems, and there is no reason that the same functionality
cannot be added by the user in the form of a proper rc.d script (as
opposed to being added by the user in the form of /etc/rc.early).

This script will be removed prior to the 8.0 branch.

Approved by:	re (kensmith)
2007-10-09 07:30:14 +00:00
Doug Barton
416c130ca1 Remove pre-rc.d compatibility shims that were added before the 5.0 branch
for pre-5.0 variable names.

Remove two dhcp compatibility variables added after the 5.1-RELEASE.

Remove the now-unused support for these shims.

Approved by:	re (kensmith)
2007-10-09 07:20:44 +00:00
Ruslan Ermilov
3c03a2300b Sort as per README.
Approved by:	re (kensmith)
2007-10-03 05:51:20 +00:00
Ruslan Ermilov
51a8a564d5 Removed "tail +5" from the command used to sanity check changes to
mtree files -- the 5-line header is no longer printed when mtree(8)
is run with -n (as of mtree/create.c,v 1.34).

Approved by:	re (kensmith)
2007-10-03 05:44:27 +00:00
Michael Bushkov
1035d0cb65 Removing obsolete cached files after cached->nscd renaming.
Approved by:	re (kensmith), brooks (mentor)
2007-10-02 07:51:43 +00:00
Michael Bushkov
c97fe77db3 Finishing renaming of cached into nscd. etc/rc.d and usr.sbin/Makefile
updated. Note added to UPDATING.

Approved by:	re (kensmith, bmah), brooks (mentor)
2007-09-28 10:38:08 +00:00
Pawel Jakub Dawidek
f854db0bf5 Bring in the GEOM Virtualisation class, which allows to create huge GEOM
providers with limited physical storage and add physical storage as
needed.

Submitted by:	Ivan Voras
Sponsored by:	Google Summer of Code 2006
Approved by:	re (kensmith)
2007-09-23 07:34:23 +00:00
Brooks Davis
65db91329e Use the udp protocol in favor of the nonexistant upd protocol in the
sge_execd entry.

Reported by:	emaste
Pointy hat to:	brooks
Approved by:	re (kensmith)
2007-09-21 01:26:00 +00:00
Michael Reifenberger
fadab45370 Add IANA assigned iscsi-target port as its the default port
according RFC 3720.

Approved by:	re (bmah)
2007-09-08 08:56:01 +00:00
Max Laier
ff72ebb1ba Add the startup script for ftp-proxy(8) to the Makefile as well.
Approved by:	re (bmah - implicit)
Reminded by:	mtm
2007-09-07 15:44:09 +00:00
Max Laier
cb3ab5e31a Add a startup script for ftp-proxy(8) now that it is no longer started as
part of inetd(8).

Approved by:	re (bmah)
Reviewed by:	freebsd-rc (a while back)
Reminded by:	kevlo
2007-09-06 21:00:48 +00:00
Brooks Davis
91c0813e7d Add service entries for Sun Grid Engine's qmaster and execution service
as per IANA assignments to simplify the installation of the sysutils/sge
port.

Approved by:	re (bmah)
2007-09-06 19:04:47 +00:00
Mike Makonnen
5060bcfacd Start lockd after statd.
Approved by:	re (bmah)
Noticed by:	Ted Faber <faber@ISI.EDU>
2007-09-03 02:02:31 +00:00
Matteo Riondato
63f45c4bdf sleep 2 seconds after having loaded g_uzip.ko. We need this because
otherwise the /dev/mdX.uzip won't be created immediately, which is
needed because we issue a mount right afterwards.

Approved by:	re@ (bmah@)
MFC after:	2 days
2007-08-25 00:19:17 +00:00
Mike Makonnen
33eba7d495 My forced commit to note the repo-copy (naturally) changed the $FreeBSD$ keyword line,
so that when I applied the patch to my check-in tree the top half of my patch failed to
apply.  Off course I saw what I *expected* to see (the bottom half succeeded) and
didn't notice that it had failed to apply cleanly.

Approved by: re (bmah)
2007-08-18 04:08:53 +00:00
Mike Makonnen
6ee326fe2f The rc.d/nfslocking file controls two servers: rpc.statd and rpc.lockd. It worked well
in most cases, except one. The 'restart' case was not working as expected. Specifically,
it would stop both lockd and statd, but it would restart only statd (which appears first
in the script). This is because rc.subr(8) contains code to guard against infinite
recursion in the 'restart' casae.

To fix this use the traditional approach of controlling only one server from one script by
breaking out rc.d/nfslocking into its contituent parts: rc.d/lockd and rc.d/statd. Keep
rc.d/nfslocking around but don't include it in the boot rcorder(8)ing.

PR:	     conf/107316
Approved by: re (bmah)
MFC after:   2 weeks
2007-08-17 07:58:26 +00:00
Doug Barton
f183dbca4f 1. Remove root name servers from the list of possible masters in the
commented out example who have either not responded, or specifically
asked not to participate because they do not view AXFR as "a production
service."

2. Add f.root-servers.net to the example after confirmation from
Paul Vixie.

3. Add a warning to the commented out "root zone slave" example to the
effect that it requires more attention than a hints file, and provides
more benefit to larger sites than individual hosts.

4. Correct a typo copied from RFC 2544 which was corrected in a later
errata, and confirmed in RFC 3330. Update the comment to reflect that
RFC 3330 got it right and to avoid confusion down the road. 3330 also
contains a reference back to 2544 for anyone interested in pursuing the
history. [1]

PR:             conf/115573 [1]
Submitted by:   Oliver Fromme <olli@secnetix.de> [1]

Approved by:	re (kensmith)
2007-08-17 04:37:02 +00:00
Olivier Houchard
77912eb26b Use ttyu instead of ttyd for arm, since we will probably never use sio(4).
Approved by:	re (blanket)
2007-08-12 17:13:06 +00:00
Michael Bushkov
db1bdf2b02 - Renaming repocopied cached to nscd
Approved by:	re (kensmith), brooks (mentor)
2007-08-09 13:06:12 +00:00
Doug Barton
1c24b5458d 1. Move the disable-empty-zone stuff down below the first 25 lines so
that the listen-on stuff floats up to the first "page" of text. This
makes it very obvious what's going on so that someone trying to enable
a server for use on a network can easily see how to do that.

2. Change the default behavior back to using a hint zone for the root.

3. Leave the root slave zone config as a commented out example.

4. Remove the B and F root servers from the example at the request of
their operators.

Requested by:	he-who-must-not-be-named [1]
Requested by:	many [2]

Approved by:	re (rwatson)
2007-08-02 09:18:53 +00:00
John Baldwin
f2c789a923 Require 'cleanvar' so that files and sockets created in /var/run by
wpa_supplicant and other programs started by 'netif' don't get erased
by a subsequent 'cleanvar'.

Approved by:	re (bmah)
Reviewed by:	dougb
MFC after:	1 week
2007-07-25 18:08:01 +00:00
Scott Long
039886f83f Fix a whitespace mistake from the last commit.
Submitted by: far too many to list
Approved by: re
2007-07-25 13:37:33 +00:00
Scott Long
c5933b2086 Introduce Danny Braniss' iSCSI initiator, version 2.0.99. Please read the
included man pages on how to use it.  This code is still somewhat experimental
but has been successfully tested on a number of targets.  Many thanks to
Danny for contributing this.

Approved by: re
2007-07-24 15:35:02 +00:00
Robert Watson
2b851aeb63 Disconnect netatm from the build as it is not MPSAFE and relies on
NET_NEEDS_GIANT, which will shortly be removed.  This is done in a
away that it may be easily reattached to the build before 7.1 if
appropriate locking is added.  Specifics:

- Don't install netatm include files
- Disconnect netatm command line management tools
- Don't build libatm
- Don't include ATM parts in rescue or sysinstall
- Don't install sample configuration files and documents
- Don't build kernel support as a module or in NOTES
- Don't build netgraph wrapper nodes for netatm

This removes the last remaining consumer of NET_NEEDS_GIANT.

Reviewed by:	harti
Discussed with:	bz, bms
Approved by:	re (kensmith)
2007-07-14 21:49:24 +00:00
Warner Losh
b906fea63d Arm doesn't have GENERIC.hints, so don't install it if it doesn't exist.
Approved by: re (kensmith)
2007-07-13 14:28:10 +00:00
Bjoern A. Zeeb
9fa28ff687 I4B header files were repo-copied from sys/i386/include to
sys/i4b/include/ so they will be available to all architectures
once I4B compiles on those.

I4B header files are now installed in include/i4b/ and no longer
in include/machine/.

For now we still install the headers for i386 only.

Approved by:	re (kensmith)
2007-07-06 07:20:59 +00:00
Xin LI
c425727e97 Remove reference to the old ftp-proxy implementation,
which was replaced during the pf 4.1 import.

Approved by:	re (mux)
2007-07-05 09:46:53 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Rong-En Fan
534046e301 - Remove UMAP filesystem. It was disconnected from build three years ago,
and it is seriously broken.

Discussed on:   freebsd-arch@
Approved by:	re (mux)
2007-06-25 05:06:57 +00:00
Nate Lawson
00a304487f Update the suspend/resume user API while maintaining backwards compat.
Improvements:
* /etc/rc.suspend,rc.resume are always run, no matter the source of the
  suspend request (user or kernel, apm or acpi)
* suspend now requires positive user acknowledgement.  If a user program
  wants to cancel the suspend, they can.  If one of the user programs
  hangs or doesn't respond within 10 seconds, the system suspends anyway.
* /dev/apm is clonable, allowing multiple listeners for suspend events.
  In the future, xorg-server can use this to be informed about suspend
  even if there are other listeners (i.e. apmd).

Changes:
* Two new ACPI ioctls:  REQSLPSTATE and ACKSLPSTATE.  Request begins the
  process of suspending by notifying all listeners.  acpi is monitored by
  devd(8) and /dev/apm listener(s) are also counted.  Users register their
  approval or disapproval via Ack.  If anyone disapproves, suspend is vetoed.
* Old user programs or kernel modules that used SETSLPSTATE continue to
  work.  A message is printed once that this interface is deprecated.
* acpiconf gains the -k flag to ack the suspend request.  This flag is
  undocumented on purpose since it's only used by /etc/rc.suspend.  It is
  not intended to be a permanent change and will be removed once a better
  power API is implemented.
* S5 (power off) is no longer supported via acpiconf -s 5 or apm -z/-Z.
  This restores previous behavior of halt/shutdown -p being the interface.
* Miscellaneous improvements to error reporting

Approved by:	re
2007-06-21 22:50:37 +00:00
Doug Barton
e56dafe630 Drop the default zones that are now covered by the new zones that
were added in the last revision.
2007-06-18 06:29:45 +00:00
Doug Barton
1de57a4c76 Bring our default named configuration more in line with current
best practices:

1. The old way of generating the localhost zones was not optimal both
because they did not exist by default, and because they were not really
aligned with BCP. There is no need to have the dynamic data that the
make-localhost script generated, and good reasons to do this more
"by the book."

2. In named.conf
	a. Clean up white space
	b. Add/clarify a few comments
	c. Slave zones from the root servers instead of using a hints
	file. This has several advantages, as described in the comments.
	d. Significantly revamp the default zones, including the
	forward localhost zone, and the reverse zones for IPv4 and IPv6
	loopback addresses. There are extensive comments describing what
	is included and why. Interested readers should take the time to
	review the RFCs mentioned in the comments. There is also relevant
	information about the motivations for hosting these zones in the
	"work in progress" Internet-Draft,
	http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
	or its successor.
	It's also worth noting that a significant number of these
	empty zones are already included by default in the named binary
	without any user configuration.
	e. Because we're including a lot of examples of both local
	forward zones and slave zones in the default configuration,
	eliminate some of those examples.

3. Add new localhost-{forward|reverse} zone files, and an "empty" zone
to support the changes in 2.d. above. The empty zone file isn't really
empty in order to avoid a warning from BIND about a zone file that
doesn't contain any A or AAAA records.
2007-06-18 05:58:23 +00:00
Doug Barton
bc998fd6f4 Add a namedb/master directory for the zone files I'm about to add,
and switch to the more "normal" way of installing files for the
namedb directory so that we can pick up the new subdir.
2007-06-18 05:44:38 +00:00
Yaroslav Tykhiy
997c6eefd8 Add PAM support to cron(8). Now cron(8) will skip commands scheduled
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
2007-06-17 17:25:53 +00:00
Yaroslav Tykhiy
553284d74a Add PAM support to atrun(8). 2007-06-15 12:02:16 +00:00
Yaroslav Tykhiy
b1cf245735 Locked out and expired accounts shouldn't be accessible via remote
mailbox protocols.  Add pam_unix to the `account' function class, too,
for imap and pop3 to actually implement this policy.
2007-06-15 11:33:13 +00:00
Yaroslav Tykhiy
2422857757 Split the FILES list across multiple lines as in rc.d/Makefile
so that the change history stays easily readable as the number
of PAM-aware services grows.
2007-06-15 11:22:10 +00:00
Gregory Neil Shapiro
2bc2025c44 Add a new rc.conf variable, sendmail_rebuild_aliases, which tells
/etc/rc.d/sendmail whether or not to run newaliases if the database
is missing or the aliases text file is newer than aliases.db.

In my opinion, the aliases file should never be automatically rebuilt.
The current text form could represent a work in progress.  Therefore,
in FreeBSD 7.0, this new option will default to "NO".  When this rc.d
change is MFC'ed, it will need to remain "YES" to maintain backward
compatibility.

PR:		conf/86252
Approved by:	re (kensmith)
MFC after:	3 days
2007-06-12 17:33:23 +00:00
Ceri Davies
3213dc8412 Create group ftp by default. This is gid 14 as this is the historical
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
2007-06-11 18:36:39 +00:00
Yaroslav Tykhiy
9cd40e64b4 Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
2007-06-10 18:57:20 +00:00
Yaroslav Tykhiy
039e8df3cf Be robust to a bogus script specification or contents
when figuring out what the real interpreter is for an
interpreted command.  That is, check whether we can read
the script file in the first place and, if so, make sure
we got a valid shebang line from it.
2007-06-04 11:39:35 +00:00
Doug Barton
ab512a8e4d Finish making resolv ordering deterministic by REQUIRE'ing it here. 2007-06-02 05:25:19 +00:00
Doug Barton
36617e509a Add REQUIRE netif to make ordering more deterministic, and to make sure
we have a fighting chance of having useful stuff from DHCP.

Tighten up the code a little, and fix whitespace issues.
2007-06-02 05:24:39 +00:00