diff options
| author | sjg <sjg@FreeBSD.org> | 2014-11-19 01:07:58 +0000 |
|---|---|---|
| committer | sjg <sjg@FreeBSD.org> | 2014-11-19 01:07:58 +0000 |
| commit | b137080f19736ee33fede2e88bb54438604cf86b (patch) | |
| tree | 377ac0ac449528621eb192cd245adadb5fd53668 /etc | |
| parent | ab21a29eb607d4dfe389b965fbdee27558e791aa (diff) | |
| parent | 4a8d07956d121238d006d34ffe7d6269744e8b1a (diff) | |
| download | FreeBSD-src-b137080f19736ee33fede2e88bb54438604cf86b.zip FreeBSD-src-b137080f19736ee33fede2e88bb54438604cf86b.tar.gz | |
Merge from head@274682
Diffstat (limited to 'etc')
57 files changed, 1130 insertions, 430 deletions
diff --git a/etc/Makefile b/etc/Makefile index 054b2d6..0c872aa 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -11,7 +11,8 @@ SUBDIR= sendmail SUBDIR+=tests .endif -BIN1= crontab \ +BIN1= auto_master \ + crontab \ devd.conf \ devfs.conf \ ddb.conf \ @@ -225,6 +226,7 @@ distribution: echo "./etc/spwd.db type=file mode=0600 uname=root gname=wheel"; \ ) | ${METALOG.add} .endif + ${_+_}cd ${.CURDIR}/autofs; ${MAKE} install .if ${MK_BLUETOOTH} != "no" ${_+_}cd ${.CURDIR}/bluetooth; ${MAKE} install .endif diff --git a/etc/auto_master b/etc/auto_master new file mode 100644 index 0000000..3b3e5da --- /dev/null +++ b/etc/auto_master @@ -0,0 +1,5 @@ +# $FreeBSD$ +# +# Automounter master map, see auto_master(5) for details. +# +/net -hosts -nobrowse,nosuid diff --git a/etc/autofs/Makefile b/etc/autofs/Makefile new file mode 100644 index 0000000..c9eda50 --- /dev/null +++ b/etc/autofs/Makefile @@ -0,0 +1,9 @@ +# $FreeBSD$ + +FILES= include_ldap special_hosts special_null + +NO_OBJ= +FILESDIR= /etc/autofs +FILESMODE= 755 + +.include <bsd.prog.mk> diff --git a/etc/autofs/include_ldap b/etc/autofs/include_ldap new file mode 100644 index 0000000..58970c0 --- /dev/null +++ b/etc/autofs/include_ldap @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Modify this to suit your needs. The "$1" is the map name, eg. "auto_master". +# To debug, simply run this script with map name as the only parameter. It's +# supposed to output map contents ("key location" pairs) to standard output. +SEARCHBASE="ou=$1,dc=example,dc=com" +ENTRY_ATTRIBUTE="cn" +VALUE_ATTRIBUTE="automountInformation" + +/usr/local/bin/ldapsearch -LLL -x -o ldif-wrap=no -b "$SEARCHBASE" "$ENTRY_ATTRIBUTE" "$VALUE_ATTRIBUTE" | awk ' +$1 == "'$ENTRY_ATTRIBUTE':" { + key = $2 +} + +$1 == "'$VALUE_ATTRIBUTE':" && key { + printf "%s%s", key, OFS + key = "" + for (i=2; i<NF; i++) { + printf "%s%s", $(i), OFS + } + printf "%s%s", $NF, ORS +} + +# Double colon after attribute name means the value is in Base64. +$1 == "'$VALUE_ATTRIBUTE'::" && key { + printf "%s%s", key, OFS + key = "" + for (i=2; i<NF; i++) { + printf "%s%s", $(i), OFS + } + printf "%s", $NF | "b64decode -rp" + close("b64decode -rp") + printf "%s", ORS +} +' diff --git a/etc/autofs/special_hosts b/etc/autofs/special_hosts new file mode 100644 index 0000000..f81449d --- /dev/null +++ b/etc/autofs/special_hosts @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +if [ $# -eq 0 ]; then + out=`getent hosts` + [ $? -eq 0 ] || exit 1 + echo "$out" | awk '{ print $2 }' | sort -u + exit 0 +fi + +out=`showmount -e "$1"` +[ $? -eq 0 ] || exit 1 +echo "$out" | awk -v host="$1" \ + 'NR > 1 { printf "%s\t%s:%s ", $1, host, $1 } END { printf "\n" }' + diff --git a/etc/autofs/special_null b/etc/autofs/special_null new file mode 100644 index 0000000..41c1000 --- /dev/null +++ b/etc/autofs/special_null @@ -0,0 +1,4 @@ +#!/usr/bin/true +# +# $FreeBSD$ +# diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 8520fc5..bbf97d9 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -75,10 +75,6 @@ daily_backup_passwd_enable="YES" # Backup passwd & group # 210.backup-aliases daily_backup_aliases_enable="YES" # Backup mail aliases -# 220.backup-pkgdb -daily_backup_pkgdb_enable="YES" # Backup /var/db/pkg -daily_backup_pkgdb_dir="/var/backups" - # 300.calendar daily_calendar_enable="NO" # Run calendar -a @@ -257,10 +253,6 @@ security_status_passwdless_period="daily" security_status_logincheck_enable="YES" security_status_logincheck_period="daily" -# 460.chkportsum -security_status_chkportsum_enable="NO" # Check ports w/ wrong checksum -security_status_chkportsum_period="daily" - # 500.ipfwdenied security_status_ipfwdenied_enable="YES" security_status_ipfwdenied_period="daily" diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index aa19b30..1422390 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -21,7 +21,7 @@ ### Important initial Boot-time options #################### ############################################################## -rc_debug="NO" # Set to YES to enable debugging output from rc.d +#rc_debug="NO" # Set to YES to enable debugging output from rc.d rc_info="NO" # Enables display of informational messages at boot. rc_startmsgs="YES" # Show "Starting foo:" messages at boot rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown @@ -110,6 +110,8 @@ synchronous_dhclient="NO" # Start dhclient directly on configured # interfaces during startup. defaultroute_delay="30" # Time to wait for a default route on a DHCP interface. defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route. +netif_enable="YES" # Set to YES to initialize network interfaces +netif_ipexpand_max="2048" # Maximum number of IP addrs in a range spec. wpa_supplicant_program="/usr/sbin/wpa_supplicant" wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant wpa_supplicant_conf_file="/etc/wpa_supplicant.conf" @@ -271,17 +273,31 @@ local_unbound_enable="NO" # local caching resolver # # kerberos. Do not run the admin daemons on slave servers # -kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). -kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC -kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server -kadmind5_server_enable="NO" # Run kadmind (or NO) -kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon -kpasswdd_server_enable="NO" # Run kpasswdd (or NO) -kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon +kdc_enable="NO" # Run a kerberos 5 KDC (or NO). +kdc_program="/usr/libexec/kdc" # path to kerberos 5 KDC +kdc_flags="" # Additional flags to the kerberos 5 KDC +kadmind_enable="NO" # Run kadmind (or NO) +kadmind_program="/usr/libexec/kadmind" # path to kadmind +kpasswdd_enable="NO" # Run kpasswdd (or NO) +kpasswdd_program="/usr/libexec/kpasswdd" # path to kpasswdd kfd_enable="NO" # Run kfd (or NO) kfd_program="/usr/libexec/kfd" # path to kerberos 5 kfd daemon +kfd_flags="" +ipropd_master_enable="NO" # Run Heimdal incremental propagation daemon + # (master daemon). +ipropd_master_program="/usr/libexec/ipropd-master" +ipropd_master_flags="" # Flags to ipropd-master. +ipropd_master_keytab="/etc/krb5.keytab" # keytab for ipropd-master. +ipropd_master_slaves="" # slave node names used for /var/heimdal/slaves. +ipropd_slave_enable="NO" # Run Heimdal incremental propagation daemon + # (slave daemon). +ipropd_slave_program="/usr/libexec/ipropd-slave" +ipropd_slave_flags="" # Flags to ipropd-slave. +ipropd_slave_keytab="/etc/krb5.keytab" # keytab for ipropd-slave. +ipropd_slave_master="" # master node name. gssd_enable="NO" # Run the gssd daemon (or NO). +gssd_program="/usr/sbin/gssd" # Path to gssd. gssd_flags="" # Flags for gssd. rwhod_enable="NO" # Run the rwho daemon (or NO). @@ -306,6 +322,7 @@ amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_program="/usr/sbin/amd" # path to amd, if you want a different one. amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" +autofs_enable="NO" # Run automountd(8) nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_access_cache="60" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). @@ -497,9 +514,6 @@ stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. # If you like, you can set "AUTO" for this. stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 -ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH - # IPv6-to-IPv4 TCP translator. You also need - # faithd(8) setup. ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr # communication. (like ::ffff:a.b.c.d) ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, @@ -515,15 +529,15 @@ ip6addrctl_policy="AUTO" # A pre-defined address selection policy ############################################################## keyboard="" # keyboard device to use (default /dev/kbd0). -keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO). +keymap="NO" # keymap in /usr/share/{syscons,vt}/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable. keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). -font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). -font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). -font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). +font8x16="NO" # font 8x16 from /usr/share/{syscons,vt}/fonts/* (or NO). +font8x14="NO" # font 8x14 from /usr/share/{syscons,vt}/fonts/* (or NO). +font8x8="NO" # font 8x8 from /usr/share/{syscons,vt}/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko moused_nondefault_enable="YES" # Treat non-default mice as enabled unless @@ -610,7 +624,8 @@ clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg" # shared library search paths -ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths +ldconfig32_paths="/usr/lib32 /usr/lib32/compat" + # 32-bit compatibility shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout" # a.out shared library search paths ldconfig_local_dirs="/usr/local/libdata/ldconfig" @@ -627,7 +642,7 @@ update_motd="YES" # update version info in /etc/motd (or NO) entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. -entropy_save_sz="2048" # Size of the entropy cache files. +entropy_save_sz="4096" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. harvest_interrupt="YES" # Entropy device harvests interrupt randomness harvest_ethernet="YES" # Entropy device harvests ethernet randomness diff --git a/etc/devd/Makefile b/etc/devd/Makefile index c744398..27dfb92 100644 --- a/etc/devd/Makefile +++ b/etc/devd/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -FILES= uath.conf usb.conf zfs.conf +.include <src.opts.mk> .if ${MACHINE} == "powerpc" FILES+= apple.conf @@ -8,6 +8,17 @@ FILES+= apple.conf .if ${MACHINE} == "amd64" || ${MACHINE} == "i386" FILES+= asus.conf +.if ${MK_HYPERV} != "no" +FILES+= hyperv.conf +.endif +.endif + +.if ${MK_USB} != "no" +FILES+= uath.conf ulpt.conf usb.conf +.endif + +.if ${MK_ZFS} != "no" +FILES+= zfs.conf .endif NO_OBJ= diff --git a/etc/devd/apple.conf b/etc/devd/apple.conf index 8518890..9a84542 100644 --- a/etc/devd/apple.conf +++ b/etc/devd/apple.conf @@ -71,4 +71,10 @@ notify 0 { action "camcontrol eject cd0"; }; - +# Equivalent to the ACPI/ACAD notify +notify 10 { + match "system" "PMU"; + match "subsystem" "POWER"; + match "type" "ACLINE"; + action "/etc/rc.d/power_profile $notify"; +}; diff --git a/etc/devd/hyperv.conf b/etc/devd/hyperv.conf new file mode 100644 index 0000000..bed7383 --- /dev/null +++ b/etc/devd/hyperv.conf @@ -0,0 +1,19 @@ +# $FreeBSD$ +# +# Hyper-V specific events + +notify 10 { + match "system" "DEVFS"; + match "subsystem" "CDEV"; + match "type" "CREATE"; + match "cdev" "hv_kvp_dev"; + action "/usr/sbin/hv_kvp_daemon"; +}; + +notify 10 { + match "system" "DEVFS"; + match "subsystem" "CDEV"; + match "type" "DESTROY"; + match "cdev" "hv_kvp_dev"; + action "pkill -x hv_kvp_daemon"; +}; diff --git a/etc/devd/ulpt.conf b/etc/devd/ulpt.conf new file mode 100644 index 0000000..2082726 --- /dev/null +++ b/etc/devd/ulpt.conf @@ -0,0 +1,18 @@ +# +# $FreeBSD$ +# + +# +# Example devd configuration file for USB printers. +# Uncomment the notify rule below to enable. +# +# Generic USB printer devices +#notify 100 { +# match "system" "USB"; +# match "subsystem" "INTERFACE"; +# match "type" "ATTACH"; +# match "intclass" "0x07"; +# match "intsubclass" "0x01"; +# match "intprotocol" "(0x01|0x02|0x03)"; +# action "chown root:wheel /dev/$cdev"; +#}; diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index c8d252a..7828a85 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -65,7 +65,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x03f0"; - match "product" "(0x2016|0x2116|0x2216|0x3016|0x3116)"; + match "product" "(0x2016|0x2116|0x2216)"; + action "kldload -n uipaq"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "(0x241d|0x251d)"; + action "kldload -n u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x03f0"; + match "product" "(0x3016|0x3116)"; action "kldload -n uipaq"; }; @@ -129,7 +145,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0403"; - match "product" "(0x6001|0x6004|0x6006|0x6006|0x6010|0x6011|0x6014|0x6015|0x8372|0x9378|0x9379|0x937a|0x937c|0x9868|0x9e90|0x9f80|0xa6d0|0xabb8|0xb810|0xb811|0xb812|0xbaf8|0xbbe2|0xbca0|0xbca1|0xbca2|0xbca4|0xbcd8|0xbcd9|0xbcda|0xbdc8|0xbfd8|0xbfd9|0xbfda|0xbfdb|0xbfdc|0xc7d0|0xc850|0xc991|0xcaa0|0xcc48|0xcc49|0xcc4a|0xd010|0xd011|0xd012|0xd013|0xd014|0xd015|0xd016|0xd017|0xd070|0xd071|0xd388|0xd389|0xd38a|0xd38b|0xd38c|0xd38d|0xd38e|0xd38f|0xd578|0xd678|0xd738|0xd780|0xdaf8|0xdaf9|0xdafa|0xdafb|0xdafc|0xdafd|0xdafe|0xdaff|0xdc00|0xdc01|0xdd20|0xdf28|0xdf30|0xdf31|0xdf32|0xdf33|0xdf35|0xe000|0xe001|0xe002|0xe004|0xe006|0xe008|0xe009|0xe00a|0xe050|0xe0e8|0xe0e9|0xe0ea|0xe0eb|0xe0ec|0xe0ed|0xe0ee|0xe0ef|0xe0f0|0xe0f1|0xe0f2|0xe0f3|0xe0f4|0xe0f5|0xe0f6|0xe0f7|0xe40b|0xe520|0xe548|0xe6c8|0xe700|0xe729|0xe808|0xe809|0xe80a|0xe80b|0xe80c|0xe80d|0xe80e|0xe80f|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xe88d|0xe88e|0xe88f|0xea90|0xebe0|0xec88|0xec89|0xed22|0xed71|0xed72|0xed73|0xed74|0xee18|0xeee8|0xeee9|0xeeea|0xeeeb|0xeeec|0xeeed|0xeeee|0xeeef|0xef50|0xef51|0xf068|0xf069|0xf06a|0xf06b|0xf06c|0xf06d|0xf06e|0xf06f|0xf070|0xf0c0|0xf0c8|0xf208|0xf2d0|0xf3c0|0xf3c1|0xf3c2|0xf448|0xf449|0xf44a|0xf44b|0xf44c|0xf460|0xf608|0xf60b|0xf680|0xf850|0xf857|0xf9d0|0xf9d1|0xf9d2|0xf9d3|0xf9d4|0xf9d5|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfa05|0xfa06|0xfa10|0xfa33|0xfa88|0xfad0|0xfaf0|0xfb58|0xfb59|0xfb5a|0xfb5b|0xfb5c|0xfb5d|0xfb5e|0xfb5f|0xfb80|0xfb99|0xfbfa|0xfc08|0xfc09|0xfc0a|0xfc0b|0xfc0c|0xfc0d|0xfc0e|0xfc0f|0xfc60|0xfc70|0xfc71|0xfc72|0xfc73|0xfc82|0xfd60|0xfe38|0xff00|0xff18|0xff1c|0xff1d|0xff20|0xff38|0xff39|0xff3a|0xff3b|0xff3c|0xff3d|0xff3e|0xff3f|0xffa8)"; + match "product" "(0x6001|0x6004|0x6006|0x6006|0x6010|0x6011|0x6014|0x6015|0x8372|0x9378|0x9379|0x937a|0x937c|0x9868|0x9e90|0x9f80|0xa6d0|0xa6d1|0xabb8|0xb810|0xb811|0xb812|0xbaf8|0xbbe2|0xbca0|0xbca1|0xbca2|0xbca4|0xbcd8|0xbcd9|0xbcda|0xbdc8|0xbfd8|0xbfd9|0xbfda|0xbfdb|0xbfdc|0xc7d0|0xc850|0xc991|0xcaa0|0xcc48|0xcc49|0xcc4a|0xd010|0xd011|0xd012|0xd013|0xd014|0xd015|0xd016|0xd017|0xd070|0xd071|0xd388|0xd389|0xd38a|0xd38b|0xd38c|0xd38d|0xd38e|0xd38f|0xd578|0xd678|0xd738|0xd780|0xdaf8|0xdaf9|0xdafa|0xdafb|0xdafc|0xdafd|0xdafe|0xdaff|0xdc00|0xdc01|0xdd20|0xdf28|0xdf30|0xdf31|0xdf32|0xdf33|0xdf35|0xe000|0xe001|0xe002|0xe004|0xe006|0xe008|0xe009|0xe00a|0xe050|0xe0e8|0xe0e9|0xe0ea|0xe0eb|0xe0ec|0xe0ed|0xe0ee|0xe0ef|0xe0f0|0xe0f1|0xe0f2|0xe0f3|0xe0f4|0xe0f5|0xe0f6|0xe0f7|0xe40b|0xe520|0xe548|0xe6c8|0xe700|0xe729|0xe808|0xe809|0xe80a|0xe80b|0xe80c|0xe80d|0xe80e|0xe80f|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xe88d|0xe88e|0xe88f|0xea90|0xebe0|0xec88|0xec89|0xed22|0xed71|0xed72|0xed73|0xed74|0xee18|0xeee8|0xeee9|0xeeea|0xeeeb|0xeeec|0xeeed|0xeeee|0xeeef|0xef50|0xef51|0xf068|0xf069|0xf06a|0xf06b|0xf06c|0xf06d|0xf06e|0xf06f|0xf070|0xf0c0|0xf0c8|0xf208|0xf2d0|0xf3c0|0xf3c1|0xf3c2|0xf448|0xf449|0xf44a|0xf44b|0xf44c|0xf460|0xf608|0xf60b|0xf680|0xf850|0xf857|0xf9d0|0xf9d1|0xf9d2|0xf9d3|0xf9d4|0xf9d5|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfa05|0xfa06|0xfa10|0xfa33|0xfa88|0xfad0|0xfaf0|0xfb58|0xfb59|0xfb5a|0xfb5b|0xfb5c|0xfb5d|0xfb5e|0xfb5f|0xfb80|0xfb99|0xfbfa|0xfc08|0xfc09|0xfc0a|0xfc0b|0xfc0c|0xfc0d|0xfc0e|0xfc0f|0xfc60|0xfc70|0xfc71|0xfc72|0xfc73|0xfc82|0xfd60|0xfe38|0xff00|0xff18|0xff1c|0xff1d|0xff20|0xff38|0xff39|0xff3a|0xff3b|0xff3c|0xff3d|0xff3e|0xff3f|0xffa8)"; action "kldload -n uftdi"; }; @@ -1057,7 +1073,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0586"; - match "product" "(0x3416|0x341a)"; + match "product" "(0x3416|0x341a|0x341e)"; action "kldload -n if_run"; }; @@ -1097,7 +1113,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x05ac"; - match "product" "(0x020d|0x020e|0x020f|0x0215|0x0217|0x0218|0x0219|0x021a|0x021b|0x021c)"; + match "product" "(0x020d|0x020e|0x020f|0x0210|0x0214|0x0215|0x0216|0x0217|0x0218|0x0219|0x021a|0x021b|0x021c)"; action "kldload -n atp"; }; @@ -2353,7 +2369,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; - match "product" "(0x17b5|0x17cb)"; + match "product" "0x17b5"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x17ba"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x17cb"; action "kldload -n ng_ubt"; }; @@ -2481,7 +2513,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; - match "product" "(0x018a|0x317f)"; + match "product" "(0x0179|0x018a|0x317f)"; action "kldload -n if_urtwn"; }; @@ -2513,7 +2545,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; - match "product" "(0x8176|0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; + match "product" "(0x8176|0x8176|0x8177|0x8178|0x8179|0x817a|0x817b|0x817c|0x817d|0x817e)"; action "kldload -n if_urtwn"; }; @@ -2929,6 +2961,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0df6"; + match "product" "0x0072"; + action "kldload -n if_axge"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; match "product" "0x061c"; action "kldload -n if_axe"; }; @@ -3577,7 +3617,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x12d1"; - match "product" "(0x1001|0x1003|0x1004|0x1401|0x1402|0x1403|0x1404|0x1405|0x1406|0x1407|0x1408|0x1409|0x140a|0x140b|0x140c|0x140d|0x140e|0x140f|0x1410|0x1411|0x1412|0x1413|0x1414|0x1415|0x1416|0x1417|0x1418|0x1419|0x141a|0x141b|0x141c|0x141d|0x141e|0x141f|0x1420|0x1421|0x1422|0x1423|0x1424|0x1425|0x1426|0x1427|0x1428|0x1429|0x142a|0x142b|0x142c|0x142d|0x142e|0x142f|0x1430|0x1431|0x1432|0x1433|0x1434|0x1435|0x1436|0x1437|0x1438|0x1439|0x143a|0x143b|0x143c|0x143d|0x143e|0x143f|0x1446|0x1464|0x1465|0x14ac|0x14c9|0x14d1|0x14fe|0x1505|0x1506|0x1520|0x1521|0x1803|0x1c05|0x1c0b)"; + match "product" "(0x1001|0x1003|0x1004|0x1401|0x1402|0x1403|0x1404|0x1405|0x1406|0x1407|0x1408|0x1409|0x140a|0x140b|0x140c|0x140d|0x140e|0x140f|0x1410|0x1411|0x1412|0x1413|0x1414|0x1415|0x1416|0x1417|0x1418|0x1419|0x141a|0x141b|0x141c|0x141d|0x141e|0x141f|0x1420|0x1421|0x1422|0x1423|0x1424|0x1425|0x1426|0x1427|0x1428|0x1429|0x142a|0x142b|0x142c|0x142d|0x142e|0x142f|0x1430|0x1431|0x1432|0x1433|0x1434|0x1435|0x1436|0x1437|0x1438|0x1439|0x143a|0x143b|0x143c|0x143d|0x143e|0x143f|0x1446|0x1464|0x1465|0x14ac|0x14c9|0x14d1|0x14fe|0x1505|0x1506|0x1520|0x1521)"; + action "kldload -n u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x12d1"; + match "product" "0x155b"; + action "kldload -n if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x12d1"; + match "product" "(0x1803|0x1c05|0x1c0b)"; action "kldload -n u3g"; }; @@ -3753,7 +3809,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x1410"; - match "product" "(0x1100|0x1110|0x1120|0x1130|0x1400|0x1410|0x1420|0x1430|0x1450|0x2100|0x2110|0x2120|0x2130|0x2400|0x2410|0x2420|0x4100|0x4400|0x5010|0x5020|0x5041|0x5100|0x6000|0x6002|0x7042)"; + match "product" "(0x1100|0x1110|0x1120|0x1130|0x1400|0x1410|0x1420|0x1430|0x1450|0x2100|0x2110|0x2120|0x2130|0x2400|0x2410|0x2420|0x4100|0x4400|0x5010|0x5020|0x5041|0x5100|0x6000|0x6002|0x7001|0x7031|0x7042)"; action "kldload -n u3g"; }; @@ -4553,7 +4609,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x1cf1"; - match "product" "(0x0001|0x0004)"; + match "product" "(0x0001|0x0004|0x0022)"; action "kldload -n uftdi"; }; @@ -4568,6 +4624,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x1d34"; + match "product" "0x0004"; + action "kldload -n uled"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x1d4d"; match "product" "(0x0002|0x000c|0x000e|0x0010)"; action "kldload -n if_run"; @@ -4633,7 +4697,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; - match "product" "(0x3307|0x3308|0x3309|0x330a|0x330d)"; + match "product" "(0x3307|0x3308|0x3309|0x330a|0x330d|0x330f)"; action "kldload -n if_urtwn"; }; @@ -4665,7 +4729,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; - match "product" "(0x3c09|0x3c0a|0x3c15|0x3c1a|0x3c1b|0x3c1f)"; + match "product" "(0x3c09|0x3c0a|0x3c15|0x3c1a|0x3c1b|0x3c1f|0x3c20)"; action "kldload -n if_run"; }; @@ -4689,6 +4753,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; + match "product" "0x4a00"; + action "kldload -n if_axge"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; match "product" "(0x7e12|0xa805)"; action "kldload -n u3g"; }; @@ -5232,6 +5304,36 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x12d1"; + match "intclass" "0xff"; + match "intsubclass" "0x02"; + match "intprotocol" "0x16"; + action "kldload -n if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x12d1"; + match "intclass" "0xff"; + match "intsubclass" "0x02"; + match "intprotocol" "0x46"; + action "kldload -n if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x12d1"; + match "intclass" "0xff"; + match "intsubclass" "0x02"; + match "intprotocol" "0x76"; + action "kldload -n if_cdce"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "intclass" "0x02"; match "intsubclass" "0x02"; match "intprotocol" "0x00"; @@ -5399,5 +5501,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2621 USB entries processed +# 2643 USB entries processed diff --git a/etc/mail/Makefile b/etc/mail/Makefile index 3f085cc..510b024 100644 --- a/etc/mail/Makefile +++ b/etc/mail/Makefile @@ -69,7 +69,7 @@ SENDMAIL_MC!= hostname SENDMAIL_MC:= ${SENDMAIL_MC}.mc ${SENDMAIL_MC}: - cp freebsd.mc ${SENDMAIL_MC} + cp -f freebsd.mc ${SENDMAIL_MC} .endif .ifndef SENDMAIL_SUBMIT_MC @@ -77,7 +77,7 @@ SENDMAIL_SUBMIT_MC!= hostname SENDMAIL_SUBMIT_MC:= ${SENDMAIL_SUBMIT_MC}.submit.mc ${SENDMAIL_SUBMIT_MC}: - cp freebsd.submit.mc ${SENDMAIL_SUBMIT_MC} + cp -f freebsd.submit.mc ${SENDMAIL_SUBMIT_MC} .endif INSTALL_CF= ${SENDMAIL_MC:R}.cf @@ -2,24 +2,20 @@ FreeBSD ?.?.? (UNKNOWN) Welcome to FreeBSD! -Before seeking technical support, please use the following resources: +Release Notes, Errata: https://www.FreeBSD.org/releases/ +Security Advisories: https://www.FreeBSD.org/security/ +FreeBSD Handbook: https://www.FreeBSD.org/handbook/ +FreeBSD FAQ: https://www.FreeBSD.org/faq/ +Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ +FreeBSD Forums: https://forums.FreeBSD.org/ -o Security advisories and updated errata information for all releases are - at http://www.FreeBSD.org/releases/ - always consult the ERRATA section - for your release first as it's updated frequently. +Documents installed with the system are in the /usr/local/share/doc/freebsd/ +directory, or can be installed later with: pkg install en-freebsd-doc +For other languages, replace "en" with a language code like de or fr. -o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, - along with the mailing lists, can be searched by going to - http://www.FreeBSD.org/search/. If the doc package has been installed - (or fetched via pkg install lang-freebsd-doc, where lang is the - 2-letter language code, e.g. en), they are also available formatted - in /usr/local/share/doc/freebsd. - -If you still have a question or problem, please take the output of -`uname -a', along with any relevant error messages, and email it -as a question to the questions@FreeBSD.org mailing list. If you are -unfamiliar with FreeBSD's directory layout, please refer to the hier(7) -manual page. If you are not familiar with manual pages, type `man man'. +Show the version of FreeBSD installed: freebsd-version ; uname -a +Please include that output and any error messages when posting questions. +Introduction to manual pages: man man +FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. - diff --git a/etc/mtree/BSD.debug.dist b/etc/mtree/BSD.debug.dist index ab75d0f..7797a4c 100644 --- a/etc/mtree/BSD.debug.dist +++ b/etc/mtree/BSD.debug.dist @@ -26,8 +26,16 @@ lib engines .. + i18n + .. + private + .. .. lib32 + i18n + .. + private + .. .. libexec bsdinstall diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 3462d7e..fd54387 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -249,6 +249,8 @@ .. libmilter .. + libxo + .. lzma .. machine diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist index 4462013..af2f6a9 100644 --- a/etc/mtree/BSD.root.dist +++ b/etc/mtree/BSD.root.dist @@ -10,6 +10,8 @@ boot defaults .. + dtb + .. firmware .. kernel @@ -24,6 +26,8 @@ etc X11 .. + autofs + .. bluetooth .. casper @@ -60,6 +64,8 @@ .. ppp .. + rc.conf.d + .. rc.d .. security diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist index 4d6f18a..8604c55 100644 --- a/etc/mtree/BSD.tests.dist +++ b/etc/mtree/BSD.tests.dist @@ -17,6 +17,8 @@ doc atf .. + pjdfstest + .. .. .. tests @@ -47,6 +49,8 @@ set-e .. .. + sleep + .. test .. .. @@ -68,6 +72,8 @@ lib .. usr.bin + diff + .. .. .. lib @@ -83,8 +89,76 @@ test-programs .. .. + libc + c063 + .. + db + .. + gen + execve + .. + posix_spawn + .. + .. + hash + data + .. + .. + inet + .. + locale + .. + net + getaddrinfo + data + .. + .. + .. + regex + data + .. + .. + ssp + .. + stdio + .. + stdlib + .. + string + .. + sys + .. + time + .. + tls + dso + .. + .. + termios + .. + ttyio + .. + .. libcrypt .. + libmp + .. + libnv + .. + libpam + .. + libproc + .. + librt + .. + libthr + dlopen + .. + .. + libutil + .. + msun + .. .. libexec atf @@ -99,6 +173,8 @@ sbin dhclient .. + devd + .. growfs .. mdconfig @@ -129,10 +205,44 @@ .. netinet .. + pjdfstest + chflags + .. + chmod + .. + chown + .. + ftruncate + .. + granular + .. + link + .. + mkdir + .. + mkfifo + .. + mknod + .. + open + .. + rename + .. + rmdir + .. + symlink + .. + truncate + .. + unlink + .. + .. .. usr.bin apply .. + basename + .. bmake archives fmt_44bsd @@ -233,10 +343,20 @@ .. calendar .. + cmp + .. comm .. + cut + .. + dirname + .. file2c .. + grep + .. + gzip + .. join .. jot @@ -245,6 +365,8 @@ .. m4 .. + mkimg + .. ncal .. printf @@ -253,6 +375,8 @@ regress.multitest.out .. .. + timeout + .. tr .. truncate @@ -275,8 +399,14 @@ .. newsyslog .. + nmtree + .. + pw + .. sa .. .. .. .. + +# vim: set expandtab ts=4 sw=4: diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 0848500..977cf75 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -108,6 +108,8 @@ .. bsdinstall .. + hyperv + .. lpr ru .. diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 990c23c..7d4af0b 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -42,6 +42,8 @@ .. freebsd-update mode=0700 .. + hyperv mode=0700 + .. ipf mode=0700 .. pkg diff --git a/etc/network.subr b/etc/network.subr index f67622d..b8e0654 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -25,9 +25,7 @@ # $FreeBSD$ # IFCONFIG_CMD="/sbin/ifconfig" - -# Maximum number of addresses expanded from a address range specification. -_IPEXPANDMAX=31 +: ${netif_ipexpand_max:=2048} # # Subroutines commonly used from network startup scripts. @@ -374,7 +372,6 @@ dhcpif() case $1 in lo[0-9]*|\ stf[0-9]*|\ - faith[0-9]*|\ lp[0-9]*|\ sl[0-9]*) return 1 @@ -593,7 +590,6 @@ ipv6_autoconfif() case $_if in lo[0-9]*|\ stf[0-9]*|\ - faith[0-9]*|\ lp[0-9]*|\ sl[0-9]*) return 1 @@ -886,8 +882,8 @@ ifalias_expand_addr_inet() _ipcount=$_iplow while [ "$_ipcount" -le "$_iphigh" ]; do _retstr="${_retstr} ${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail}${_plen:+/}${_plen}" - if [ $_ipcount -gt $(($_iplow + $_IPEXPANDMAX)) ]; then - warn "Range specification is too large (${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_iphigh}${_iptail:+.}${_iptail}). ${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail} was processed." + if [ $_ipcount -gt $(($_iplow + $netif_ipexpand_max)) ]; then + warn "Range specification is too large (${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_iphigh}${_iptail:+.}${_iptail}). ${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail} was processed. Increase \$netif_ipexpand_max in rc.conf." break else _ipcount=$(($_ipcount + 1)) @@ -976,9 +972,9 @@ ifalias_expand_addr_inet6() $_ipleft $_ipcount $_ipright \ ${_plen:+/}$_plen` _retstr="$_retstr $_r" - if [ $_ipcount -gt $(($_iplow + $_IPEXPANDMAX)) ] + if [ $_ipcount -gt $(($_iplow + $netif_ipexpand_max)) ] then - warn "Range specification is too large $(printf '(%s:%04x%s-%s:%04x%s)' $_ipleft $_iplow $_ipright $_ipleft $_iphigh $_ipright). $(printf '%s:%04x%s-%s:%04x%s' $_ipleft $_iplow $_ipright $_ipleft $_ipcount $_ipright) was processed." + warn "Range specification is too large $(printf '(%s:%x%s-%s:%x%s)' "$_ipleft" "$_iplow" "$_ipright" "$_ipleft" "$_iphigh" "$_ipright"). $(printf '%s:%x%s-%s:%x%s' "$_ipleft" "$_iplow" "$_ipright" "$_ipleft" "$_ipcount" "$_ipright") was processed. Increase \$netif_ipexpand_max in rc.conf." break else _ipcount=$(($_ipcount + 1)) diff --git a/etc/pam.d/README b/etc/pam.d/README index 7b8f958..2824c05 100644 --- a/etc/pam.d/README +++ b/etc/pam.d/README @@ -8,7 +8,7 @@ particular service, the /etc/pam.d/other is used instead. If that file does not exist, /etc/pam.conf is searched for entries matching the specified service or, failing that, the "other" service. -See the pam(8) manual page for an explanation of the workings of the +See the pam(3) manual page for an explanation of the workings of the PAM library and descriptions of the various files and modules. Below is a summary of the format for the pam.conf and /etc/pam.d/* files. diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps index eef3bc6..67bcec6 100755 --- a/etc/periodic/daily/110.clean-tmps +++ b/etc/periodic/daily/110.clean-tmps @@ -45,8 +45,8 @@ case "$daily_clean_tmps_enable" in rc=$(for dir in $daily_clean_tmps_dirs do [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { - find -d . -type f $args -delete $print - find -d . ! -name . -type d $dargs -delete $print + find -x -d . -type f $args -delete $print + find -x -d . ! -name . -type d $dargs -delete $print } | sed "s,^\\., $dir," done | tee /dev/stderr | wc -l) [ -z "$print" ] && rc=0 diff --git a/etc/periodic/security/Makefile b/etc/periodic/security/Makefile index 026948b..8174133 100644 --- a/etc/periodic/security/Makefile +++ b/etc/periodic/security/Makefile @@ -2,6 +2,8 @@ .include <src.opts.mk> +FILESGROUPS= FILES DATA + FILES= 100.chksetuid \ 110.neggrpperm \ 200.chkmounts \ @@ -10,8 +12,8 @@ FILES= 100.chksetuid \ 410.logincheck \ 700.kernelmsg \ 800.loginfail \ - 900.tcpwrap \ - security.functions + 900.tcpwrap +DATA= security.functions # NB: keep these sorted by MK_* knobs diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 7302d29..f26c190 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -20,6 +20,9 @@ FILES= DAEMON \ atm3 \ auditd \ auditdistd \ + automount \ + automountd \ + autounmountd \ bgfsck \ ${_bluetooth} \ bootparams \ @@ -39,14 +42,13 @@ FILES= DAEMON \ dhclient \ dmesg \ dumpon \ - faith \ fsck \ - ftp-proxy \ ftpd \ gbde \ geli \ geli2 \ gptboot \ + growfs \ gssd \ hastd \ ${_hcsecd} \ @@ -55,24 +57,24 @@ FILES= DAEMON \ hostid_save \ hostname \ inetd \ - initrandom \ ip6addrctl \ ipfilter \ ipfs \ ipfw \ ipmon \ ipnat \ + ipropd_master \ + ipropd_slave \ ipsec \ iscsictl \ iscsid \ jail \ - kadmind \ - kerberos \ - keyserv \ - kfd \ + ${_kadmind} \ + ${_kdc} \ + ${_kfd} \ kld \ kldxref \ - kpasswdd \ + ${_kpasswdd} \ ldconfig \ local \ localpkg \ @@ -109,7 +111,6 @@ FILES= DAEMON \ pf \ pflog \ pfsync \ - postrandom \ powerd \ power_profile \ ppp \ @@ -128,7 +129,6 @@ FILES= DAEMON \ rpcbind \ rtadvd \ rtsold \ - rwho \ savecore \ sdpd \ securelevel \ @@ -164,27 +164,46 @@ FILES= DAEMON \ zfs \ zvol -.if ${MK_OFED} != "no" -_opensm= opensm +.if ${MK_BLUETOOTH} != "no" +_bluetooth= bluetooth +_bthidd= bthidd +_hcsecd= hcsecd +_ubthidhci= ubthidhci .endif -.if ${MK_OPENSSH} != "no" -_sshd= sshd +.if ${MK_CASPER} != "no" +_casperd= casperd .endif .if ${MK_NS_CACHING} != "no" _nscd= nscd .endif -.if ${MK_BLUETOOTH} != "no" -_bluetooth= bluetooth -_bthidd= bthidd -_hcsecd= hcsecd -_ubthidhci= ubthidhci +.if ${MK_KERBEROS} != "no" +_kadmind= kadmind +_kdc= kdc +_kfd= kfd +_kpasswdd= kpasswdd .endif -.if ${MK_CASPER} != "no" -_casperd= casperd +.if ${MK_OFED} != "no" +_opensm= opensm +.endif + +.if ${MK_OPENSSL} != "no" +FILES+= keyserv +.endif + +.if ${MK_OPENSSH} != "no" +_sshd= sshd +.endif + +.if ${MK_PF} != "no" +FILES+= ftp-proxy +.endif + +.if ${MK_RCMDS} != "no" +FILES+= rwho .endif .if ${MK_UNBOUND} != "no" diff --git a/etc/rc.d/NETWORKING b/etc/rc.d/NETWORKING index c86150f..12dd3b0 100755 --- a/etc/rc.d/NETWORKING +++ b/etc/rc.d/NETWORKING @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing ppp ipfw stf faith +# REQUIRE: netif netoptions routing ppp ipfw stf # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv bridge # REQUIRE: static_arp static_ndp local_unbound diff --git a/etc/rc.d/SERVERS b/etc/rc.d/SERVERS index 1cf019a..7cd156a 100755 --- a/etc/rc.d/SERVERS +++ b/etc/rc.d/SERVERS @@ -4,7 +4,7 @@ # # PROVIDE: SERVERS -# REQUIRE: mountcritremote abi ldconfig savecore watchdogd +# REQUIRE: mountcritremote abi ldconfig savecore watchdogd kdc # This is a dummy dependency, for early-start servers relying on # some basic configuration. diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz index 03f6159..18a8220 100755 --- a/etc/rc.d/adjkerntz +++ b/etc/rc.d/adjkerntz @@ -4,7 +4,7 @@ # # PROVIDE: adjkerntz -# REQUIRE: FILESYSTEMS postrandom +# REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail diff --git a/etc/rc.d/automount b/etc/rc.d/automount new file mode 100644 index 0000000..63bda42 --- /dev/null +++ b/etc/rc.d/automount @@ -0,0 +1,31 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: automount +# REQUIRE: nfsclient +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="automount" +rcvar="autofs_enable" +start_cmd="automount_start" +stop_cmd="automount_stop" +required_modules="autofs" + +automount_start() +{ + + /usr/sbin/automount +} + +automount_stop() +{ + + /sbin/umount -At autofs +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/automountd b/etc/rc.d/automountd new file mode 100644 index 0000000..6d74665 --- /dev/null +++ b/etc/rc.d/automountd @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: automountd +# REQUIRE: automount +# KEYWORD: nojail + +. /etc/rc.subr + +name="automountd" +rcvar="autofs_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" +required_modules="autofs" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/autounmountd b/etc/rc.d/autounmountd new file mode 100644 index 0000000..c57f90d --- /dev/null +++ b/etc/rc.d/autounmountd @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: autounmountd +# REQUIRE: nfsclient +# KEYWORD: nojail + +. /etc/rc.subr + +name="autounmountd" +rcvar="autofs_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bgfsck b/etc/rc.d/bgfsck index 101577e..d15744c 100755 --- a/etc/rc.d/bgfsck +++ b/etc/rc.d/bgfsck @@ -9,7 +9,7 @@ . /etc/rc.subr -name="background-fsck" +name="background_fsck" rcvar="background_fsck" start_cmd="bgfsck_start" stop_cmd=":" diff --git a/etc/rc.d/bridge b/etc/rc.d/bridge index 4c3b340..93e68a2 100755 --- a/etc/rc.d/bridge +++ b/etc/rc.d/bridge @@ -26,7 +26,7 @@ # # PROVIDE: bridge -# REQUIRE: netif faith ppp stf +# REQUIRE: netif ppp stf # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/defaultroute b/etc/rc.d/defaultroute index ea54c83..8e87775 100755 --- a/etc/rc.d/defaultroute +++ b/etc/rc.d/defaultroute @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd faith netif stf +# REQUIRE: devd netif stf # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/faith b/etc/rc.d/faith deleted file mode 100755 index 4790ebd..0000000 --- a/etc/rc.d/faith +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -# $FreeBSD$ -# - -# PROVIDE: faith -# REQUIRE: netif -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="faith" -start_cmd="faith_up" -stop_cmd="faith_down" - -faith_up() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \ - " faith0." - ${SYSCTL} net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - check_startmsgs && ifconfig faith0 - ;; - esac -} - -faith_down() -{ - echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0." - ifconfig faith0 destroy - ${SYSCTL} net.inet6.ip6.keepfaith=0 - - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route delete -inet6 ${prefix} -prefixlen ${prefixlen} - done - ;; - esac -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/geli b/etc/rc.d/geli index 8b867b3..77fff39 100755 --- a/etc/rc.d/geli +++ b/etc/rc.d/geli @@ -28,7 +28,6 @@ # # PROVIDE: disks -# REQUIRE: initrandom # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/growfs b/etc/rc.d/growfs new file mode 100755 index 0000000..cc0ed11 --- /dev/null +++ b/etc/rc.d/growfs @@ -0,0 +1,96 @@ +#!/bin/sh +# +# Copyright 2014 John-Mark Gurney +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: growfs +# BEFORE: sysctl +# KEYWORD: firstboot + +# This allows us to distribute a image +# and have it work on essentially any size drive. +# +# TODO: Figure out where this should really be ordered. +# I suspect it should go just after fsck but before mountcritlocal. +# + +. /etc/rc.subr + +name="growfs" +start_cmd="growfs_start" +stop_cmd=":" +rcvar="growfs_enable" + +growfs_start () +{ + echo "Growing root partition to fill device" + rootdev=$(df / | tail -n 1 | awk '{ sub("/dev/", "", $1); print $1 }') + if [ x"$rootdev" = x"${rootdev%/*}" ]; then + # raw device + rawdev="$rootdev" + else + rawdev=$(glabel status | awk '$1 == "'"$rootdev"'" { print $3 }') + if [ x"$rawdev" = x"" ]; then + echo "Can't figure out device for: $rootdev" + return + fi + fi + + sysctl -b kern.geom.conftxt | awk ' +{ + lvl=$1 + device[lvl] = $3 + type[lvl] = $2 + idx[lvl] = $7 + parttype[lvl] = $13 + if (dev == $3) { + for (i = 1; i <= lvl; i++) { + # resize + if (type[i] == "PART") { + pdev = device[i - 1] + cmd[i] = "gpart resize -i " idx[i] " " pdev + if (parttype[i] == "GPT") + cmd[i] = "gpart recover " pdev " ; " cmd[i] + } else if (type[i] == "LABEL") { + continue + } else { + print "unhandled type: " type[i] + exit 1 + } + } + for (i = 1; i <= lvl; i++) { + if (cmd[i]) + system(cmd[i]) + } + exit 0 + } +}' dev="$rawdev" + growfs -y /dev/"$rootdev" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gssd b/etc/rc.d/gssd index 3788307..e981478 100755 --- a/etc/rc.d/gssd +++ b/etc/rc.d/gssd @@ -9,10 +9,8 @@ . /etc/rc.subr -name="gssd" +name=gssd +rcvar=gssd_enable load_rc_config $name -rcvar="gssd_enable" -command="${gssd:-/usr/sbin/${name}}" -eval ${name}_flags=\"${gssd_flags}\" run_rc_command "$1" diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom deleted file mode 100755 index 907668b..0000000 --- a/etc/rc.d/initrandom +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: initrandom -# REQUIRE: dumpon ddb -# BEFORE: disks -# KEYWORD: nojail - -. /etc/rc.subr - -name="initrandom" -start_cmd="initrandom_start" -stop_cmd=":" - -initrandom_start() -{ - soft_random_generator=`sysctl kern.random 2>/dev/null` - - echo -n 'Entropy harvesting:' - - if [ \! -z "${soft_random_generator}" ] ; then - - if [ -w /dev/random ]; then - if checkyesno harvest_interrupt; then - ${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null - echo -n ' interrupts' - else - ${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null - fi - - if checkyesno harvest_ethernet; then - ${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null - echo -n ' ethernet' - else - ${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null - fi - - if checkyesno harvest_p_to_p; then - ${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null - echo -n ' point_to_point' - else - ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null - fi - - if checkyesno harvest_swi; then - ${SYSCTL} kern.random.sys.harvest.swi=1 >/dev/null - echo -n ' swi' - else - ${SYSCTL} kern.random.sys.harvest.swi=0 >/dev/null - fi - fi - - fi - - echo '.' -} - -load_rc_config random -run_rc_command "$1" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index a7aa90c..8b7486f 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -75,6 +75,8 @@ ip6addrctl_start() else if checkyesno ipv6_activate_all_interfaces; then ip6addrctl_prefer_ipv6 + elif [ -n "$(list_vars ifconfig_\*_ipv6)" ]; then + ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 fi diff --git a/etc/rc.d/ipropd_master b/etc/rc.d/ipropd_master new file mode 100755 index 0000000..0611dea --- /dev/null +++ b/etc/rc.d/ipropd_master @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipropd_master +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=ipropd_master +rcvar=${name}_enable +required_files="$ipropd_master_keytab" +start_precmd=${name}_start_precmd +start_postcmd=${name}_start_postcmd + +ipropd_master_start_precmd() +{ + + if [ -z "$ipropd_master_slaves" ]; then + warn "\$ipropd_master_slaves is empty." + return 1 + fi + for _slave in $ipropd_master_slaves; do + echo $_slave + done > /var/heimdal/slaves || return 1 + command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ + " +} +ipropd_master_start_postcmd() +{ + + echo "${name}: slave nodes: $ipropd_master_slaves" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipropd_slave b/etc/rc.d/ipropd_slave new file mode 100755 index 0000000..70c4c70 --- /dev/null +++ b/etc/rc.d/ipropd_slave @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipropd_slave +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=ipropd_slave +rcvar=${name}_enable +required_files="$ipropd_slave_keytab" +start_precmd=${name}_start_precmd + +ipropd_slave_start_precmd() +{ + + if [ -z "$ipropd_slave_master" ]; then + warn "\$ipropd_slave_master is empty." + return 1 + fi + command_args=" \ + $command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_master" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/jail b/etc/rc.d/jail index d8a88e4..0b886fd 100755 --- a/etc/rc.d/jail +++ b/etc/rc.d/jail @@ -207,6 +207,10 @@ parse_options() extract_var $_j consolelog exec.consolelog - \ /var/log/jail_${_j}_console.log + if [ -r $_fstab ]; then + echo " mount.fstab = \"$_fstab\";" + fi + eval : \${jail_${_j}_devfs_enable:=${jail_devfs_enable:-NO}} if checkyesno jail_${_j}_devfs_enable; then echo " mount.devfs;" @@ -222,11 +226,7 @@ parse_options() ;; *) warn "devfs_ruleset must be an integer." ;; esac - if [ -r $_fstab ]; then - echo " mount.fstab = \"$_fstab\";" - fi fi - eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} if checkyesno jail_${_j}_fdescfs_enable; then echo " mount.fdescfs;" @@ -319,7 +319,7 @@ jail_extract_address() _mask=${_mask:-/32} elif [ "${_type}" = "inet6" ]; then - # In case _maske is not set for IPv6, use /128. + # In case _mask is not set for IPv6, use /128. _mask=${_mask:-/128} fi } @@ -420,7 +420,7 @@ jail_status() jail_start() { - local _j _jid _jn _jl + local _j _jid _jl if [ $# = 0 ]; then return @@ -433,12 +433,10 @@ jail_start() command_args="-f $jail_conf -c" _tmp=`mktemp -t jail` || exit 3 if $command $rc_flags $command_args >> $_tmp 2>&1; then - $jail_jls -nq | while read IN; do - _jn=$(echo $IN | tr " " "\n" | grep ^name=) - _jid=$(echo $IN | tr " " "\n" | grep ^jid=) - echo -n " ${_jn#name=}" - echo "${_jid#jid=}" \ - > /var/run/jail_${_jn#name=}.id + $jail_jls jid name | while read IN; do + set -- $IN + echo -n " $2" + echo $1 > /var/run/jail_$2.id done else tail -1 $_tmp @@ -468,9 +466,8 @@ jail_start() sleep 1 for _j in $_jl; do echo -n " ${_hostname:-${_j}}" - if _jid=$($jail_jls -n -j $_j | tr " " "\n" | \ - grep ^jid=); then - echo "${_jid#jid=}" > /var/run/jail_${_j}.id + if _jid=$($jail_jls -j $_j jid); then + echo "$_jid" > /var/run/jail_${_j}.id else rm -f /var/run/jail_${_j}.id echo " cannot start jail " \ @@ -492,9 +489,8 @@ jail_start() if $command $rc_flags $command_args \ >> $_tmp 2>&1 </dev/null; then echo -n " ${_hostname:-${_j}}" - _jid=$($jail_jls -n -j $_j | \ - tr " " "\n" | grep ^jid=) - echo "${_jid#jid=}" > /var/run/jail_${_j}.id + _jid=$($jail_jls -j $_j jid) + echo $_jid > /var/run/jail_${_j}.id else rm -f /var/run/jail_${_j}.id echo " cannot start jail " \ @@ -509,7 +505,7 @@ jail_start() jail_stop() { - local _j _jn + local _j if [ $# = 0 ]; then return @@ -520,16 +516,14 @@ jail_stop() command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -r" - $jail_jls -nq | while read IN; do - _jn=$(echo $IN | tr " " "\n" | grep ^name=) - echo -n " ${_jn#name=}" + $jail_jls name | while read _j; do + echo -n " $_j" _tmp=`mktemp -t jail` || exit 3 - $command $rc_flags $command_args ${_jn#name=} \ - >> $_tmp 2>&1 - if $jail_jls -j ${_jn#name=} > /dev/null 2>&1; then + $command $rc_flags $command_args $_j >> $_tmp 2>&1 + if $jail_jls -j $_j > /dev/null 2>&1; then tail -1 $_tmp else - rm -f /var/run/jail_${_jn#name=}.id + rm -f /var/run/jail_${_j}.id fi rm -f $_tmp done diff --git a/etc/rc.d/kadmind b/etc/rc.d/kadmind index 1e07938..d4acd7c 100755 --- a/etc/rc.d/kadmind +++ b/etc/rc.d/kadmind @@ -3,18 +3,26 @@ # $FreeBSD$ # -# PROVIDE: kadmin -# REQUIRE: kerberos -# BEFORE: DAEMON +# PROVIDE: kadmind +# REQUIRE: kdc +# KEYWORD: shutdown . /etc/rc.subr -name="kadmind5" -load_rc_config $name -rcvar="kadmind5_server_enable" -unset start_cmd -command="${kadmind5_server}" -command_args="&" -required_vars="kerberos5_server_enable" +name=kadmind +rcvar=${name}_enable +required_vars=kdc_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kadmind5_server_enable kadmind_enable +set_rcvar_obsolete kadmind5_server kadmind_program +set_rcvar_obsolete kerberos5_server_enable kdc_enable + +kadmind_start_precmd() +{ + command_args="$command_args &" +} + +load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/kdc b/etc/rc.d/kdc new file mode 100755 index 0000000..aef96df --- /dev/null +++ b/etc/rc.d/kdc @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kdc +# REQUIRE: NETWORKING +# KEYWORD: shutdown + +. /etc/rc.subr + +name=kdc +rcvar=${name}_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kerberos5_server_enable kdc_enable +set_rcvar_obsolete kerberos5_server kdc_program +set_rcvar_obsolete kerberos5_server_flags kdc_flags + +kdc_start_precmd() +{ + + command_args="$command_args --detach" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kerberos b/etc/rc.d/kerberos deleted file mode 100755 index 3eeb32a..0000000 --- a/etc/rc.d/kerberos +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: kerberos -# REQUIRE: NETWORKING - -. /etc/rc.subr - -name="kerberos5" -rcvar="kerberos5_server_enable" - -load_rc_config $name -command="${kerberos5_server}" -kerberos5_flags="${kerberos5_server_flags}" -run_rc_command "$1" diff --git a/etc/rc.d/kfd b/etc/rc.d/kfd index d393f95..b6d9365 100755 --- a/etc/rc.d/kfd +++ b/etc/rc.d/kfd @@ -10,8 +10,14 @@ . /etc/rc.subr name=kfd -rcvar=kfd_enable -load_rc_config $name -command_args="-i &" +rcvar=${name}_enable +start_precmd=${name}_start_precmd + +kfd_start_precmd() +{ + command_args="$command_args -i &" +} + +load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/kpasswdd b/etc/rc.d/kpasswdd index d7f40ac..cf72d80 100755 --- a/etc/rc.d/kpasswdd +++ b/etc/rc.d/kpasswdd @@ -4,17 +4,25 @@ # # PROVIDE: kpasswdd -# REQUIRE: kadmin -# BEFORE: DAEMON +# REQUIRE: kdc +# KEYWORD: shutdown . /etc/rc.subr -name="kpasswdd" -load_rc_config $name -rcvar="kpasswdd_server_enable" -unset start_cmd -command="${kpasswdd_server}" -command_args="&" -required_vars="kadmind5_server_enable" +name=kpasswdd +rcvar=${name}_enable +required_vars=kdc_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable +set_rcvar_obsolete kpasswdd_server kpasswdd_program +set_rcvar_obsolete kerberos5_server_enable kdc_enable + +kpasswdd_start_precmd() +{ + command_args="$command_args &" +} + +load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/netif b/etc/rc.d/netif index 154f1ce..dd0dde2 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -33,9 +33,10 @@ . /etc/rc.subr . /etc/network.subr -name="network" -start_cmd="network_start" -stop_cmd="network_stop" +name="netif" +rcvar="${name}_enable" +start_cmd="netif_start" +stop_cmd="netif_stop" cloneup_cmd="clone_up" clonedown_cmd="clone_down" clear_cmd="doclear" @@ -47,7 +48,7 @@ cmdifn= set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces set_rcvar_obsolete ipv6_prefer -network_start() +netif_start() { local _if @@ -71,7 +72,7 @@ network_start() ifnet_rename $cmdifn # Configure the interface(s). - network_common ifn_start $cmdifn + netif_common ifn_start $cmdifn if [ -f /etc/rc.d/ipfilter ] ; then # Resync ipfilter @@ -87,19 +88,19 @@ network_start() fi } -network_stop() +netif_stop() { _clone_down=1 - network_stop0 $* + netif_stop0 $* } doclear() { _clone_down= - network_stop0 $* + netif_stop0 $* } -network_stop0() +netif_stop0() { local _if @@ -108,7 +109,7 @@ network_stop0() cmdifn=$* # Deconfigure the interface(s) - network_common ifn_stop $cmdifn + netif_common ifn_stop $cmdifn # Destroy cloned interfaces if [ -n "$_clone_down" ]; then @@ -126,28 +127,28 @@ vnet_up() { cmdifn=$* - network_common ifn_vnetup $cmdifn + netif_common ifn_vnetup $cmdifn } vnet_down() { cmdifn=$* - network_common ifn_vnetdown $cmdifn + netif_common ifn_vnetdown $cmdifn } -# network_common routine +# netif_common routine # Common configuration subroutine for network interfaces. This # routine takes all the preparatory steps needed for configuriing # an interface and then calls $routine. -network_common() +netif_common() { local _cooked_list _tmp_list _fail _func _ok _str _cmdifn _func= if [ -z "$1" ]; then - err 1 "network_common(): No function name specified." + err 1 "netif_common(): No function name specified." else _func="$1" shift diff --git a/etc/rc.d/postrandom b/etc/rc.d/postrandom deleted file mode 100755 index 006d563..0000000 --- a/etc/rc.d/postrandom +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: postrandom -# REQUIRE: initrandom random FILESYSTEMS -# BEFORE: LOGIN -# KEYWORD: nojail - -. /etc/rc.subr - -name="postrandom" -start_cmd="${name}_start" -stop_cmd=":" - -# This will remove old ${entropy_file} and generate a new one. -# According to Bruce Schneier, this is strongly recommended in order -# to avoid using same ${entropy_file} across reboots. -# Reference: Chapter 10.6, Practical Cryptography, ISBN: 0-471-22357-3 - -postrandom_start() -{ - /etc/rc.d/random fastsaveseed - - case ${entropy_dir} in - [Nn][Oo]) - ;; - *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - rm -f ${entropy_dir}/* - fi - fi - ;; - esac -} - -load_rc_config random -run_rc_command "$1" diff --git a/etc/rc.d/random b/etc/rc.d/random index 8499522..2420a39 100755 --- a/etc/rc.d/random +++ b/etc/rc.d/random @@ -4,7 +4,7 @@ # # PROVIDE: random -# REQUIRE: initrandom FILESYSTEMS +# REQUIRE: FILESYSTEMS # BEFORE: netif # KEYWORD: nojail shutdown @@ -17,41 +17,58 @@ stop_cmd="random_stop" extra_commands="saveseed" saveseed_cmd="${name}_stop" +save_dev_random() +{ + for f ; do + if :>>"$f" ; then + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null + fi + done +} + feed_dev_random() { - if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then - cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null - fi + for f ; do + if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then + if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then + debug "entropy read from $f" + rm -f "$f" + fi + fi + done } random_start() { + echo -n 'Feeding entropy:' + + if [ ! -w /dev/random ] ; then + warn "/dev/random is not writeable" + return 1 + fi + # Reseed /dev/random with previously stored entropy. - case ${entropy_dir} in + case ${entropy_dir:=/var/db/entropy} in [Nn][Oo]) ;; *) - entropy_dir=${entropy_dir:-/var/db/entropy} - if [ -d "${entropy_dir}" ]; then - if [ -w /dev/random ]; then - for seedfile in ${entropy_dir}/*; do - feed_dev_random "${seedfile}" - done - fi + if [ -d "${entropy_dir}" ] ; then + feed_dev_random "${entropy_dir}"/* fi ;; esac - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *) - if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" - feed_dev_random /var/db/entropy-file - fi + feed_dev_random "${entropy_file}" /var/db/entropy-file + save_dev_random "${entropy_file}" ;; esac + + echo '.' } random_stop() @@ -59,7 +76,7 @@ random_stop() # Write some entropy so when the machine reboots /dev/random # can be reseeded # - case ${entropy_file} in + case ${entropy_file:=/entropy} in [Nn][Oo] | '') ;; *) diff --git a/etc/rc.d/routing b/etc/rc.d/routing index c37c706..b381471 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -6,7 +6,7 @@ # # PROVIDE: routing -# REQUIRE: faith netif ppp stf +# REQUIRE: netif ppp stf # KEYWORD: nojailvnet . /etc/rc.subr @@ -23,32 +23,33 @@ ROUTE_CMD="/sbin/route" routing_start() { - local _cmd _af _if _a + local _cmd _af _if _a _ret _cmd=$1 _af=$2 _if=$3 + _ret=0 case $_if in ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; esac case $_af in - inet|inet6|atm) - if afexists $_af; then - setroutes $_cmd $_af $_if - else - err 1 "Unsupported address family: $_af." - fi - ;; ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) for _a in inet inet6 atm; do - afexists $_a && setroutes $_cmd $_a $_if + afexists $_a || continue + setroutes $_cmd $_a $_if || _ret=1 done - ;; + ;; *) - err 1 "Unsupported address family: $_af." - ;; + if afexists $_af; then + setroutes $_cmd $_af $_if || _ret=1 + else + err 1 "Unsupported address family: $_af." + fi + ;; esac + + return $_ret } routing_stop() @@ -62,17 +63,6 @@ routing_stop() esac case $_af in - inet|inet6|atm) - if afexists $_af; then - eval static_${_af} delete $_if - # When $_if is specified, do not flush routes. - if ! [ -n "$_if" ]; then - eval routing_stop_${_af} - fi - else - err 1 "Unsupported address family: $_af." - fi - ;; ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) for _a in inet inet6 atm; do afexists $_a || continue @@ -82,10 +72,18 @@ routing_stop() eval routing_stop_${_a} fi done - ;; + ;; *) - err 1 "Unsupported address family: $_af." - ;; + if afexists $_af; then + eval static_${_af} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_af} + fi + else + err 1 "Unsupported address family: $_af." + fi + ;; esac } @@ -247,7 +245,7 @@ static_inet6() [Nn][Oo][Nn][Ee]) return ;; - lo0|faith[0-9]*) + lo0) continue ;; esac diff --git a/etc/rc.d/syscons b/etc/rc.d/syscons index f611e3b..67a9b91 100755 --- a/etc/rc.d/syscons +++ b/etc/rc.d/syscons @@ -45,27 +45,133 @@ stop_cmd=":" kbddev=/dev/ttyv0 viddev=/dev/ttyv0 -_sc_config="syscons" +_sc_config= +_sc_console= _sc_initdone= +_sc_keymap_msg= sc_init() { if [ -z "${_sc_initdone}" ]; then + if [ -z "${_sc_console}" ]; then + if [ x`sysctl -n kern.vty` = x"vt" ]; then + _sc_console="vt" + else + _sc_console="syscons" + fi + _sc_config="${_sc_console}" + fi echo -n "Configuring ${_sc_config}:" _sc_initdone=yes fi } +# syscons to vt migration helper +lookup_keymap_for_vt() +{ + keymap=`basename $1 .kbd` + case $keymap in +hy.armscii-8) echo am;; +be.iso.acc) echo be.acc;; +be.iso) echo be;; +bg.bds.ctrlcaps) echo bg.bds;; +bg.phonetic.ctrlcaps) echo bg.phonetic;; +br275.iso.acc) echo br;; +br275.*) echo br.noacc;; +by.*) echo by;; +fr_CA.iso.acc) echo ca-fr;; +swissgerman.macbook.acc) echo ch.macbook.acc;; +swissgerman.iso.acc) echo ch.acc;; +swissgerman.*) echo ch;; +swissfrench.iso.acc) echo ch-fr.acc;; +swissfrench.*) echo ch-fr;; +ce.iso2) echo centraleuropean.qwerty;; +colemak.iso15.acc) echo colemak.acc;; +cs.*|cz.*) echo cz;; +german.iso.acc) echo de.acc;; +german.*) echo de;; +danish.iso.acc) echo dk.acc;; +danish.iso.macbook) echo dk.macbook;; +danish.*) echo dk;; +estonian.*) echo ee;; +spanish.dvorak) echo es.dvorak;; +spanish.iso*.acc) echo es.acc;; +spanish.iso) echo es;; +finnish.*) echo fi;; +fr.macbook.acc) echo fr.macbook;; +fr.iso.acc) echo fr.acc;; +fr.iso) echo fr;; +el.iso07) echo gr;; +gr.us101.acc) echo gr.101.acc;; +hr.iso) echo hr;; +hu.iso2.101keys) echo hu.101;; +hu.iso2.102keys) echo hu.102;; +iw.iso8) echo il;; +icelandic.iso.acc) echo is.acc;; +icelandic.iso) echo is;; +it.iso) echo it;; +jp.106x) echo jp.capsctrl;; +jp.106) echo jp;; +#?? jp.pc98.iso) echo jp.pc98;; +kk.pt154.io) echo kz.io;; +kk.pt154.kst) echo kz.kst;; +latinamerican.iso.acc) echo latinamerican.acc;; +lt.iso4) echo lt;; +norwegian.iso) echo no;; +norwegian.dvorak) echo no.dvorak;; +dutch.iso.acc) echo nl;; +eee_nordic) echo nordic.asus-eee;; +pl_PL.dvorak) echo pl.dvorak;; +pl_PL.ISO8859-2) echo pl;; +pt.iso.acc) echo pt.acc;; +pt.iso) echo pt;; +ru.koi8-r.shift) echo ru.shift;; +ru.koi8-r.win) echo ru.win;; +ru.*) echo ru;; +swedish.*) echo se;; +si.iso) echo si;; +sk.iso2) echo sk;; +tr.iso9.q) echo tr;; +ua.koi8-u.shift.alt) echo ua.shift.alt;; +ua.*) echo ua;; +uk.*-ctrl) echo uk.capsctrl;; +uk.dvorak) echo uk.dvorak;; +uk.*) echo uk;; +us.iso.acc) echo us.acc;; +us.pc-ctrl) echo us.ctrl;; +us.iso) echo us;; + esac +} + +kbdcontrol_load_keymap() +{ + errmsg=`kbdcontrol < ${kbddev} -l ${keymap} 2>&1` + if [ -n "${errmsg}" -a "${_sc_console}" = "vt" ]; then + _sc_keymap_msg="${errmsg}" + keymap_vt=`lookup_keymap_for_vt ${keymap}` + if [ -n "${keymap_vt}" ]; then + errmsg=`kbdcontrol < ${kbddev} -l ${keymap_vt} 2>&1` + if [ -z "${errmsg}" ]; then + _sc_keymap_msg="New keymap: In /etc/rc.conf replace 'keymap=${keymap}' by 'keymap=${keymap_vt}'" + fi + else + _sc_keymap_msg="No replacement found for keymap '${keymap}'. +You may try to convert your keymap file using 'convert-keymap.pl', which is +part of the system sources and located in /usr/src/tools/tools/vt/keymaps/" + fi + fi +} + # helper syscons_configure_keyboard() { # keymap # case ${keymap} in - [Nn][Oo] | '') + NO | '') ;; *) sc_init - echo -n ' keymap'; kbdcontrol < ${kbddev} -l ${keymap} + echo -n ' keymap'; kbdcontrol_load_keymap ;; esac @@ -139,10 +245,9 @@ syscons_setkeyboard() # if [ -n "${_sc_initdone}" ]; then echo '.' - _sc_config="syscons" + _sc_config="${_sc_console}" _sc_initdone= fi - } syscons_precmd() @@ -256,6 +361,12 @@ syscons_start() fi [ -n "${_sc_initdone}" ] && echo '.' + if [ -n "${_sc_keymap_msg}" ]; then + echo + echo "WARNING:" + echo "${_sc_keymap_msg}." + echo + fi } load_rc_config $name diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd index 2842b48..747b6f0 100755 --- a/etc/rc.d/syslogd +++ b/etc/rc.d/syslogd @@ -28,7 +28,7 @@ syslogd_precmd() # Transitional symlink for old binaries # - if [ ! -L /dev/log ]; then + if [ ! -L /dev/log ] && ! check_jail jailed; then ln -sf /var/run/log /dev/log fi rm -f /var/run/log diff --git a/etc/rc.firewall b/etc/rc.firewall index d8a3f6c..ee578ef 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -422,8 +422,8 @@ case ${firewall_type} in [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) # Configuration: - # firewall_myservices: List of TCP ports on which this host - # offers services. + # firewall_myservices: List of ports/protocols on which this + # host offers services. # firewall_allowservices: List of IPv4 and/or IPv6 addresses # that have access to # $firewall_myservices. @@ -487,7 +487,25 @@ case ${firewall_type} in # for i in ${firewall_allowservices} ; do for j in ${firewall_myservices} ; do - ${fwcmd} add pass tcp from $i to me $j + case $j in + [0-9A-Za-z]*/[Pp][Rr][Oo][Tt][Oo]) + ${fwcmd} add pass ${j%/[Pp][Rr][Oo][Tt][Oo]} from $i to me + ;; + [0-9A-Za-z]*/[Tt][Cc][Pp]) + ${fwcmd} add pass tcp from $i to me ${j%/[Tt][Cc][Pp]} + ;; + [0-9A-Za-z]*/[Uu][Dd][Pp]) + ${fwcmd} add pass udp from $i to me ${j%/[Uu][Dd][Pp]} + ;; + *[0-9A-Za-z]) + echo "Consider using ${j}/tcp in firewall_myservices." \ + > /dev/stderr + ${fwcmd} add pass tcp from $i to me $j + ;; + *) + echo "Invalid port in firewall_myservices: $j" > /dev/stderr + ;; + esac done done diff --git a/etc/rc.subr b/etc/rc.subr index b6172db..6534f68 100644 --- a/etc/rc.subr +++ b/etc/rc.subr @@ -68,6 +68,39 @@ list_vars() done; } } +# set_rcvar [var] [defval] [desc] +# +# Echo or define a rc.conf(5) variable name. Global variable +# $rcvars is used. +# +# If no argument is specified, echo "${name}_enable". +# +# If only a var is specified, echo "${var}_enable". +# +# If var and defval are specified, the ${var} is defined as +# rc.conf(5) variable and the default value is ${defvar}. An +# optional argument $desc can also be specified to add a +# description for that. +# +set_rcvar() +{ + local _var + + case $# in + 0) echo ${name}_enable ;; + 1) echo ${1}_enable ;; + *) + debug "set_rcvar: \$$1=$2 is added" \ + " as a rc.conf(5) variable." + _var=$1 + rcvars="${rcvars# } $_var" + eval ${_var}_defval=\"$2\" + shift 2 + eval ${_var}_desc=\"$*\" + ;; + esac +} + # set_rcvar_obsolete oldvar [newvar] [msg] # Define obsolete variable. # Global variable $rcvars_obsolete is used. @@ -76,7 +109,7 @@ set_rcvar_obsolete() { local _var _var=$1 - debug "rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" + debug "set_rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" rcvars_obsolete="${rcvars_obsolete# } $1" eval ${1}_newvar=\"$2\" @@ -716,6 +749,8 @@ check_startmsgs() # NOTE: $flags from the parent environment # can be used to override this. # +# ${name}_env n Environment variables to run ${command} with. +# # ${name}_fib n Routing table number to run ${command} with. # # ${name}_nice n Nice level to run ${command} at. @@ -731,6 +766,8 @@ check_startmsgs() # to run the chrooted ${command} with. # Requires /usr to be mounted. # +# ${name}_prepend n Command added before ${command}. +# # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # @@ -904,7 +941,8 @@ run_rc_command() eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ _nice=\$${name}_nice _user=\$${name}_user \ _group=\$${name}_group _groups=\$${name}_groups \ - _fib=\$${name}_fib + _fib=\$${name}_fib _env=\$${name}_env \ + _prepend=\$${name}_prepend if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then @@ -989,12 +1027,14 @@ run_rc_command() _doit="\ ${_nice:+nice -n $_nice }\ ${_fib:+setfib -F $_fib }\ +${_env:+env $_env }\ chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ $_chroot $command $rc_flags $command_args" else _doit="\ ${_chdir:+cd $_chdir && }\ ${_fib:+setfib -F $_fib }\ +${_env:+env $_env }\ $command $rc_flags $command_args" if [ -n "$_user" ]; then _doit="su -m $_user -c 'sh -c \"$_doit\"'" @@ -1005,6 +1045,9 @@ $command $rc_flags $command_args" fi _doit="nice -n $_nice $_doit" fi + if [ -n "$_prepend" ]; then + _doit="$_prepend $_doit" + fi fi # run the full command @@ -1091,8 +1134,8 @@ $command $rc_flags $command_args" echo "" fi echo "#" - # Get unique vars in $rcvar - for _v in $rcvar; do + # Get unique vars in $rcvar $rcvars + for _v in $rcvar $rcvars; do case $v in $_v\ *|\ *$_v|*\ $_v\ *) ;; *) v="${v# } $_v" ;; @@ -1238,7 +1281,7 @@ run_rc_script() unset name command command_args command_interpreter \ extra_commands pidfile procname \ - rcvar rcvars_obsolete required_dirs required_files \ + rcvar rcvars rcvars_obsolete required_dirs required_files \ required_vars eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd @@ -1270,7 +1313,7 @@ run_rc_script() # load_rc_config() { - local _name _rcvar_val _var _defval _v _msg _new + local _name _rcvar_val _var _defval _v _msg _new _d _name=$1 if [ -z "$_name" ]; then err 3 'USAGE: load_rc_config name' @@ -1289,13 +1332,24 @@ load_rc_config() fi _rc_conf_loaded=true fi - if [ -f /etc/rc.conf.d/"$_name" ]; then - debug "Sourcing /etc/rc.conf.d/${_name}" - . /etc/rc.conf.d/"$_name" - fi + + for _d in /etc ${local_startup%*/rc.d}; do + if [ -f ${_d}/rc.conf.d/"$_name" ]; then + debug "Sourcing ${_d}/rc.conf.d/$_name" + . ${_d}/rc.conf.d/"$_name" + elif [ -d ${_d}/rc.conf.d/"$_name" ] ; then + local _rc + for _rc in ${_d}/rc.conf.d/"$_name"/* ; do + if [ -f "$_rc" ] ; then + debug "Sourcing $_rc" + . "$_rc" + fi + done + fi + done # Set defaults if defined. - for _var in $rcvar; do + for _var in $rcvar $rcvars; do eval _defval=\$${_var}_defval if [ -n "$_defval" ]; then eval : \${$_var:=\$${_var}_defval} @@ -1955,6 +2009,22 @@ check_required_after() return 0 } +# check_jail mib +# Return true if security.jail.$mib exists and set to 1. + +check_jail() +{ + local _mib _v + + _mib=$1 + if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then + case $_v in + 1) return 0;; + esac + fi + return 1 +} + # check_kern_features mib # Return existence of kern.features.* sysctl MIB as true or # false. The result will be cached in $_rc_cache_kern_features_ @@ -1980,7 +2050,7 @@ check_kern_features() # check_namevarlist var # Return "0" if ${name}_var is reserved in rc.subr. -_rc_namevarlist="program chroot chdir flags fib nice user group groups" +_rc_namevarlist="program chroot chdir env flags fib nice user group groups prepend" check_namevarlist() { local _v |
