diff options
Diffstat (limited to 'etc/rc.d')
153 files changed, 10110 insertions, 0 deletions
diff --git a/etc/rc.d/DAEMON b/etc/rc.d/DAEMON new file mode 100755 index 0000000..a656a88 --- /dev/null +++ b/etc/rc.d/DAEMON @@ -0,0 +1,10 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: DAEMON +# REQUIRE: NETWORKING SERVERS + +# This is a dummy dependency, to ensure that general purpose daemons +# are run _after_ the above are. diff --git a/etc/rc.d/FILESYSTEMS b/etc/rc.d/FILESYSTEMS new file mode 100755 index 0000000..ba2a2d6 --- /dev/null +++ b/etc/rc.d/FILESYSTEMS @@ -0,0 +1,12 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: FILESYSTEMS +# REQUIRE: root mountcritlocal zfs + +# This is a dummy dependency, for services which require file systems +# to be mounted before starting. It also serves as the default early / +# late divider; after this point, rc.d directories are rescanned to +# catch scripts from other file systems than /. diff --git a/etc/rc.d/LOGIN b/etc/rc.d/LOGIN new file mode 100755 index 0000000..2b45ba8 --- /dev/null +++ b/etc/rc.d/LOGIN @@ -0,0 +1,13 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: LOGIN +# REQUIRE: DAEMON + +# This is a dummy dependency to ensure user services such as xdm, +# inetd, cron and kerberos are started after everything else, in case +# the administrator has increased the system security level and +# wants to delay user logins until the system is (almost) fully +# operational. diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile new file mode 100644 index 0000000..887db41 --- /dev/null +++ b/etc/rc.d/Makefile @@ -0,0 +1,64 @@ +# $FreeBSD$ + +.include <bsd.own.mk> + +FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ + abi accounting addswap adjkerntz amd \ + apm apmd archdep atm1 atm2 atm3 auditd \ + bgfsck bluetooth bootparams bridge bsnmpd bthidd \ + ccd cleanvar cleartmp cron \ + ddb defaultroute devd devfs dhclient \ + dmesg dumpon \ + encswap \ + faith fsck ftp-proxy ftpd \ + gbde geli geli2 gptboot gssd \ + hastd hcsecd \ + hostapd hostid hostid_save hostname \ + inetd initrandom \ + ip6addrctl ipfilter ipfs ipfw ipmon \ + ipnat ipsec ipxrouted \ + jail \ + kadmind kerberos keyserv kldxref kpasswdd \ + ldconfig local localpkg lockd lpd \ + mixer motd mountcritlocal mountcritremote mountlate \ + mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ + named natd netif netoptions \ + newsyslog nfsclient nfscbd nfsd \ + nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ + othermta \ + pf pflog pfsync \ + powerd power_profile ppp pppoed pwcheck \ + quota \ + random rarpd rctl resolv rfcomm_pppd_server root \ + route6d routed routing rpcbind rtadvd rtsold rwho \ + savecore sdpd securelevel sendmail \ + serial sppp statd static_arp stf swap1 \ + syscons sysctl syslogd \ + timed tmp \ + ugidfw \ + var virecover \ + watchdogd wpa_supplicant \ + ypbind yppasswdd ypserv \ + ypset ypupdated ypxfrd \ + zfs zvol + +.if ${MK_OFED} != "no" +FILES+= opensm +.endif + +.if ${MK_OPENSSH} != "no" +FILES+= sshd +.endif + +.if ${MK_NS_CACHING} != "no" +FILES+= nscd +.endif + +.if ${MK_BLUETOOTH} != "no" +FILES+= ubthidhci +.endif + +FILESDIR= /etc/rc.d +FILESMODE= ${BINMODE} + +.include <bsd.prog.mk> diff --git a/etc/rc.d/NETWORKING b/etc/rc.d/NETWORKING new file mode 100755 index 0000000..8da2498 --- /dev/null +++ b/etc/rc.d/NETWORKING @@ -0,0 +1,11 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: NETWORKING NETWORK +# REQUIRE: netif netoptions routing ppp ipfw stf faith +# REQUIRE: defaultroute routed mrouted route6d mroute6d resolv + +# This is a dummy dependency, for services which require networking +# to be operational before starting. diff --git a/etc/rc.d/SERVERS b/etc/rc.d/SERVERS new file mode 100755 index 0000000..3398487 --- /dev/null +++ b/etc/rc.d/SERVERS @@ -0,0 +1,10 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: SERVERS +# REQUIRE: mountcritremote abi ldconfig savecore + +# This is a dummy dependency, for early-start servers relying on +# some basic configuration. diff --git a/etc/rc.d/abi b/etc/rc.d/abi new file mode 100755 index 0000000..3765b05 --- /dev/null +++ b/etc/rc.d/abi @@ -0,0 +1,64 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: abi +# REQUIRE: archdep +# KEYWORD: nojail + +. /etc/rc.subr + +name="abi" +start_cmd="${name}_start" +stop_cmd=":" + +sysv_start() +{ + echo -n ' sysvipc' + load_kld sysvmsg + load_kld sysvsem + load_kld sysvshm +} + +linux_start() +{ + local _tmpdir + + echo -n ' linux' + load_kld -e 'linux(aout|elf)' linux + if [ -x /compat/linux/sbin/ldconfigDisabled ]; then + _tmpdir=`mktemp -d -t linux-ldconfig` + /compat/linux/sbin/ldconfig -C ${_tmpdir}/ld.so.cache + if ! cmp -s ${_tmpdir}/ld.so.cache /compat/linux/etc/ld.so.cache; then + cat ${_tmpdir}/ld.so.cache > /compat/linux/etc/ld.so.cache + fi + rm -rf ${_tmpdir} + fi +} + +svr4_start() +{ + echo -n ' svr4' + load_kld -m svr4elf svr4 +} + +abi_start() +{ + local _echostop + + _echostop= + if checkyesno sysvipc_enable || checkyesno linux_enable || checkyesno svr4_enable; then + echo -n 'Additional ABI support:' + _echostop=yes + fi + + checkyesno sysvipc_enable && sysv_start + checkyesno linux_enable && linux_start + checkyesno svr4_enable && svr4_start + + [ -n "${_echostop}" ] && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/accounting b/etc/rc.d/accounting new file mode 100755 index 0000000..502ffe6 --- /dev/null +++ b/etc/rc.d/accounting @@ -0,0 +1,75 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: accounting +# REQUIRE: mountcritremote +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="accounting" +rcvar=`set_rcvar` +accounting_command="/usr/sbin/accton" +accounting_file="/var/account/acct" + +extra_commands="rotate_log" + +start_cmd="accounting_start" +stop_cmd="accounting_stop" +rotate_log_cmd="accounting_rotate_log" + +accounting_start() +{ + local _dir + + _dir="${accounting_file%/*}" + if [ ! -d "$_dir" ]; then + if ! mkdir -p "$_dir"; then + err 1 "Could not create $_dir." + fi + fi + + if [ ! -e "$accounting_file" ]; then + echo -n "Creating accounting file ${accounting_file}" + touch "$accounting_file" + echo '.' + fi + chmod 644 "$accounting_file" + + echo "Turning on accounting." + ${accounting_command} ${accounting_file} +} + +accounting_stop() +{ + echo "Turning off accounting." + ${accounting_command} +} + +accounting_rotate_log() +{ + local _dir _file + + _dir="${accounting_file%/*}" + cd $_dir + + if checkyesno accounting_enable; then + _file=`mktemp newacct-XXXXX` + chmod 644 $_file + ${accounting_command} ${_dir}/${_file} + fi + + mv ${accounting_file} ${accounting_file}.0 + + if checkyesno accounting_enable; then + ln $_file ${accounting_file##*/} + ${accounting_command} ${accounting_file} + unlink $_file + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap new file mode 100755 index 0000000..79bf1f1 --- /dev/null +++ b/etc/rc.d/addswap @@ -0,0 +1,33 @@ +#!/bin/sh +# +# Add additional swap files +# +# $FreeBSD$ +# + +# PROVIDE: addswap +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="addswap" +start_cmd="addswap_start" +stop_cmd=":" + +addswap_start() +{ + case ${swapfile} in + [Nn][Oo] | '') + ;; + *) + if [ -w "${swapfile}" ]; then + echo "Adding ${swapfile} as additional swap" + mdev=`mdconfig -a -t vnode -f ${swapfile}` && swapon /dev/${mdev} + fi + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz new file mode 100755 index 0000000..77e1e9d --- /dev/null +++ b/etc/rc.d/adjkerntz @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: adjkerntz +# REQUIRE: FILESYSTEMS random +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="adjkerntz" +start_cmd="adjkerntz -i" +stop_cmd=":" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/amd b/etc/rc.d/amd new file mode 100755 index 0000000..8105aeb --- /dev/null +++ b/etc/rc.d/amd @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: amd +# REQUIRE: rpcbind ypset nfsclient cleanvar ldconfig +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="amd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="amd_precmd" +command_args="&" +extra_commands="reload" + +amd_precmd() +{ + if ! checkyesno nfs_client_enable; then + force_depend nfsclient || return 1 + fi + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + rc_flags="${rc_flags} `echo $(eval ${amd_map_program})`" + ;; + esac + + case "${amd_flags}" in + '') + if [ ! -r /etc/amd.conf ]; then + warn 'amd will not load without arguments' + return 1 + fi + ;; + *) + rc_flags="-p ${rc_flags}" + command_args="> /var/run/amd.pid 2> /dev/null" + ;; + esac + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/apm b/etc/rc.d/apm new file mode 100755 index 0000000..3d15701 --- /dev/null +++ b/etc/rc.d/apm @@ -0,0 +1,46 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: apm +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="apm" +rcvar=`set_rcvar` +start_precmd="apm_precmd" +command="/usr/sbin/${name}" +start_cmd="${command} -e enable" +stop_cmd="${command} -e disable" +status_cmd="apm_status" + +apm_precmd() +{ + case `${SYSCTL_N} hw.machine_arch` in + i386) + return 0 + ;; + esac + return 1 +} + +apm_status() +{ + case `${command} -s` in + 1) + echo "APM is enabled." + return 0 + ;; + 0) + echo "APM is disabled" + ;; + esac + return 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/apmd b/etc/rc.d/apmd new file mode 100755 index 0000000..c2d6967 --- /dev/null +++ b/etc/rc.d/apmd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: apmd +# REQUIRE: DAEMON apm +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="apmd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="apmd_prestart" + +apmd_prestart() +{ + case `${SYSCTL_N} hw.machine_arch` in + i386) + # Enable apm if it is not already enabled + if ! checkyesno apm_enable && \ + ! /etc/rc.d/apm forcestatus 1>/dev/null 2>&1 + then + force_depend apm || return 1 + fi + + # Warn user about acpi apm compatibility support which + # does not work with apmd. + if [ ! -e /dev/apmctl ]; then + warn "/dev/apmctl not found; kernel is missing apm(4)" + fi + ;; + *) + return 1 + ;; + esac + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/archdep b/etc/rc.d/archdep new file mode 100755 index 0000000..157df8b --- /dev/null +++ b/etc/rc.d/archdep @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: archdep +# REQUIRE: mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="archdep" +start_cmd="archdep_start" +stop_cmd=":" + +archdep_start() +{ + local _arch + + _arch=`${SYSCTL_N} hw.machine_arch` + case $_arch in + i386) + # SCO binary emulation + # + if checkyesno ibcs2_enable; then + echo -n 'Initial i386 initialization:' + echo -n ' ibcs2' + load_kld ibcs2 + case ${ibcs2_loaders} in + [Nn][Oo]) + ;; + *) + for i in ${ibcs2_loaders}; do + load_kld ibcs2_$i + done + ;; + esac + echo '.' + fi + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm1 b/etc/rc.d/atm1 new file mode 100755 index 0000000..da50df0 --- /dev/null +++ b/etc/rc.d/atm1 @@ -0,0 +1,176 @@ +#!/bin/sh +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: atm1 +# REQUIRE: root +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="atm" +rcvar="atm_enable" +start_cmd="atm_start" +stop_cmd=":" + +# ATM networking startup script +# +# Initial interface configuration. +# N.B. /usr is not mounted. +# +atm_start() +{ + if [ -n "${natm_interfaces}" ] ; then + # Load the HARP pseudo interface + load_kld if_harp || return 1 + + # Load all the NATM drivers that we need + for natm in ${natm_interfaces} ; do + ifconfig ${natm} up + done + fi + + # Load loadable HARP drivers + for dev in ${atm_load} ; do + load_kld ${dev} || return 1 + done + + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + idt[0-9] | idt[0-9][0-9]) + echo "${dev} " + ;; + + # NATM interfaces per pseudo driver + en[0-9] | en[0-9][0-9]) + echo "${dev} " + ;; + fatm[0-9] | fatm[0-9][0-9]) + echo "${dev} " + ;; + hatm[0-9] | hatm[0-9][0-9]) + echo "${dev} " + ;; + patm[0-9] | patm[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` + + if [ -z "${atmdev}" ]; then + echo 'No ATM adapters found' + return 0 + fi + + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld + fi + + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo ' missing network interface definition' + continue + fi + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue + else + echo ' missing signalling manager definition' + continue + fi + + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo ' missing NSAP prefix for UNI interface' + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi + + atm_phy="${atm_phy} ${phy}" + echo '.' + done + + echo -n 'Starting initial ATM daemons:' + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n ' ilmid' + ilmid + ;; + esac + + echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm2 b/etc/rc.d/atm2 new file mode 100755 index 0000000..ffb63c3 --- /dev/null +++ b/etc/rc.d/atm2 @@ -0,0 +1,97 @@ +#!/bin/sh +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: atm2 +# REQUIRE: atm1 netif +# BEFORE: routing +# KEYWORD: nojail + +# +# Additional ATM interface configuration +# +. /etc/rc.subr + +name="atm2" +rcvar="atm_enable" +start_cmd="atm2_start" +stop_cmd=":" + +atm2_start() +{ + # Configure network interfaces + + # get a list of physical interfaces + atm_phy=`atm show stat int | { read junk ; read junk ; \ + while read dev junk ; do + case ${dev} in + en[0-9] | en[0-9][0-9]) + ;; + *) + echo "${dev} " + ;; + esac + done ; }` + + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + # skip unused physical interfaces + if [ $# -lt 2 ] ; then + continue + fi + + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=$((${netindx} + 1)) + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue + fi + done + done + echo '.' + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm3 b/etc/rc.d/atm3 new file mode 100755 index 0000000..4dbd128 --- /dev/null +++ b/etc/rc.d/atm3 @@ -0,0 +1,93 @@ +#!/bin/sh +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Start ATM daemons + +# PROVIDE: atm3 +# REQUIRE: atm2 +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="atm3" +rcvar="atm_enable" +start_cmd="atm3_start" +stop_cmd=":" + +atm3_start() +{ + echo -n 'Starting ATM daemons:' + + # Get a list of network interfaces + atm_nif=`atm sh netif | { read junk ; \ + while read dev junk ; do + echo "${dev} " + done + }` + + for net in ${atm_nif} ; do + eval atmarp_args=\$atm_arpserver_${net} + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + warn "${net}: local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + ;; + esac + done + + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n ' scspd' + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n ' atmarpd' + atmarpd ${atm_atmarpd} + fi + echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/auditd b/etc/rc.d/auditd new file mode 100755 index 0000000..4d0760c --- /dev/null +++ b/etc/rc.d/auditd @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Start up for the Audit daemon. +# + +# PROVIDE: auditd +# REQUIRE: syslogd +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="auditd" +stop_cmd="auditd_stop" +command="/usr/sbin/${name}" +rcvar="auditd_enable" +command_args="${auditd_flags}" +required_files="/etc/security/audit_class /etc/security/audit_control + /etc/security/audit_event /etc/security/audit_user + /etc/security/audit_warn" + +auditd_stop() +{ + + /usr/sbin/audit -t + sleep 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bgfsck b/etc/rc.d/bgfsck new file mode 100755 index 0000000..3715354 --- /dev/null +++ b/etc/rc.d/bgfsck @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bgfsck +# REQUIRE: cron devfs syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="background-fsck" +rcvar="background_fsck" +start_cmd="bgfsck_start" +stop_cmd=":" + +bgfsck_start () +{ + if [ -z "${rc_force}" ]; then + background_fsck_delay=${background_fsck_delay:=0} + else + background_fsck_delay=0 + fi + if [ ${background_fsck_delay} -lt 0 ]; then + echo "Background file system checks delayed indefinitly" + return 0 + fi + + bgfsck_msg='Starting background file system checks' + if [ "${background_fsck_delay}" -gt 0 ]; then + bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds" + fi + if [ -z "${rc_force}" ]; then + check_startmsgs && echo "${bgfsck_msg}." + fi + + (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \ + logger -p daemon.notice -t fsck & +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bluetooth b/etc/rc.d/bluetooth new file mode 100755 index 0000000..183f835 --- /dev/null +++ b/etc/rc.d/bluetooth @@ -0,0 +1,365 @@ +#!/bin/sh +# +# Copyright (c) 2005 Maksim Yevmenkin <m_evmenkin@yahoo.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# PROVIDE: bluetooth +# REQUIRE: DAEMON +# KEYWORD: nojail nostart + +. /etc/rc.subr + +name="bluetooth" +rcvar= +start_cmd="bluetooth_start" +stop_cmd="bluetooth_stop" +required_modules="ng_bluetooth ng_hci ng_l2cap ng_btsocket" + +############################################################################## +# Read and parse Bluetooth device configuration file +############################################################################## + +bluetooth_read_conf() +{ + local _err _file _line _namespace + + _file=$1 + _namespace=$2 + _err=0 + + if [ ! -e $_file ]; then + return 0 + fi + + if [ ! -f $_file -o ! -r $_file ]; then + err 1 "Bluetooth configuration file $_file is not a file or not readable" + fi + + while read _line + do + case "$_line" in + \#*) + continue + ;; + + *) + if [ -z "$_line" ]; then + continue; + fi + + + if expr "$_line" : "[a-zA-Z0-9_]*=" > /dev/null 2>&1; then + eval "${_namespace}${_line}" + else + warn "Unable to parse line \"$_line\" in $_file" + _err=1 + fi + ;; + esac + done < $_file + + return $_err +} + +############################################################################## +# Setup Bluetooth stack. Create and connect nodes +############################################################################## + +bluetooth_setup_stack() +{ + dev=$1 + shift + hook=$1 + shift + + # Setup HCI + ngctl mkpeer ${dev}: hci ${hook} drv \ + > /dev/null 2>&1 || return 1 + + ngctl name ${dev}:${hook} ${dev}hci \ + > /dev/null 2>&1 || return 1 + + ngctl msg ${dev}hci: set_debug ${bluetooth_device_hci_debug_level} \ + > /dev/null 2>&1 || return 1 + + # Setup L2CAP + ngctl mkpeer ${dev}hci: l2cap acl hci \ + > /dev/null 2>&1 || return 1 + + ngctl name ${dev}hci:acl ${dev}l2cap \ + > /dev/null 2>&1 || return 1 + + ngctl msg ${dev}l2cap: set_debug ${bluetooth_device_l2cap_debug_level} \ + > /dev/null 2>&1 || return 1 + + # Connect HCI node to the Bluetooth sockets layer + ngctl connect ${dev}hci: btsock_hci_raw: raw ${dev}raw \ + > /dev/null 2>&1 || return 1 + + # Connect L2CAP node to Bluetooth sockets layer + ngctl connect ${dev}l2cap: btsock_l2c_raw: ctl ${dev}ctl \ + > /dev/null 2>&1 || return 1 + + ngctl connect ${dev}l2cap: btsock_l2c: l2c ${dev}l2c \ + > /dev/null 2>&1 || return 1 + + # Initilalize HCI node + ${hccontrol} -n ${dev}hci reset \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_bd_addr \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_local_supported_features \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_buffer_size \ + > /dev/null 2>&1 || return 1 + + if checkyesno bluetooth_device_discoverable; then + if checkyesno bluetooth_device_connectable; then + ${hccontrol} -n ${dev}hci write_scan_enable 3 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_scan_enable 1 \ + > /dev/null 2>&1 || return 1 + fi + else + if checkyesno bluetooth_device_connectable; then + ${hccontrol} -n ${dev}hci write_scan_enable 2 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_scan_enable 0 \ + > /dev/null 2>&1 || return 1 + fi + fi + + + ${hccontrol} -n ${dev}hci write_class_of_device ${bluetooth_device_class} \ + > /dev/null 2>&1 || return 1 + + if checkyesno bluetooth_device_authentication_enable; then + ${hccontrol} -n ${dev}hci write_authentication_enable 1 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_authentication_enable 0 \ + > /dev/null 2>&1 || return 1 + fi + + case "${bluetooth_device_encryption_mode}" in + [Nn][Oo][Nn][Ee]|0) + ${hccontrol} -n ${dev}hci write_encryption_mode 0 \ + > /dev/null 2>&1 || return 1 + ;; + + [Pp][2][Pp]|1) + ${hccontrol} -n ${dev}hci write_encryption_mode 1 \ + > /dev/null 2>&1 || return 1 + ;; + + [Al][Ll][Ll]|2) + ${hccontrol} -n ${dev}hci write_encryption_mode 2 \ + > /dev/null 2>&1 || return 1 + ;; + + *) + warn "Unsupported encryption mode ${bluetooth_device_encryption_mode} for device ${dev}" + return 1 + ;; + esac + + if checkyesno bluetooth_device_role_switch; then + ${hccontrol} -n ${dev}hci write_node_role_switch 1 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_node_role_switch 0 \ + > /dev/null 2>&1 || return 1 + fi + + ${hccontrol} -n ${dev}hci change_local_name "${bluetooth_device_local_name}" \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci initialize \ + > /dev/null 2>&1 || return 1 + + return 0 +} + +############################################################################## +# Shutdown Bluetooth stack. Destroy all nodes +############################################################################## + +bluetooth_shutdown_stack() +{ + dev=$1 + + ngctl shutdown ${dev}hci: > /dev/null 2>&1 + ngctl shutdown ${dev}l2cap: > /dev/null 2>&1 + + return 0 +} + +############################################################################## +# bluetooth_start() +############################################################################## + +bluetooth_start() +{ + local _file + + dev=$1 + + # Try to figure out device type by looking at device name + case "${dev}" in + # uartX - serial/UART Bluetooth device + uart*) + load_kld ng_h4 || return 1 + + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'uart\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get uart unit number: ${dev}" + fi + + ${hcseriald} -f /dev/cuau${unit} -n ${dev} + sleep 1 # wait a little bit + + if [ ! -f "/var/run/hcseriald.${dev}.pid" ]; then + err 1 "Unable to start hcseriald on ${dev}" + fi + ;; + + # 3Com Bluetooth Adapter 3CRWB60-A + btccc*) + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'btccc\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get bt3c unit number: ${dev}" + fi + ;; + + # USB Bluetooth adapters + ubt*) + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'ubt\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get ubt unit number: ${dev}" + fi + ;; + + # Unknown + *) + err 1 "Unsupported device: ${dev}" + ;; + esac + + # Be backward compatible and setup reasonable defaults + bluetooth_device_authentication_enable="0" + bluetooth_device_class="ff:01:0c" + bluetooth_device_connectable="1" + bluetooth_device_discoverable="1" + bluetooth_device_encryption_mode="0" + bluetooth_device_hci_debug_level="3" + bluetooth_device_l2cap_debug_level="3" + bluetooth_device_local_name="`/usr/bin/uname -n` (${dev})" + bluetooth_device_role_switch="1" + + # Load default device configuration parameters + _file="/etc/defaults/bluetooth.device.conf" + + if ! bluetooth_read_conf $_file bluetooth_device_ ; then + err 1 "Unable to read default Bluetooth configuration from $_file" + fi + + # Load device specific overrides + _file="/etc/bluetooth/$dev.conf" + + if ! bluetooth_read_conf $_file bluetooth_device_ ; then + err 1 "Unable to read Bluetooth device configuration from $_file" + fi + + # Setup stack + if ! bluetooth_setup_stack ${dev} ${hook} ; then + bluetooth_shutdown_stack $dev + err 1 "Unable to setup Bluetooth stack for device ${dev}" + fi + + return 0 +} + +############################################################################## +# bluetooth_stop() +############################################################################## + +bluetooth_stop() +{ + dev=$1 + + # Try to figure out device type by looking at device name + case "${dev}" in + # uartX - serial/UART Bluetooth device + uart*) + if [ -f "/var/run/hcseriald.${dev}.pid" ]; then + kill `cat /var/run/hcseriald.${dev}.pid` + sleep 1 # wait a little bit + fi + ;; + + # 3Com Bluetooth Adapter 3CRWB60-A + btccc*) + ;; + + # USB Bluetooth adapters + ubt*) + ;; + + # Unknown + *) + err 1 "Unsupported device: ${dev}" + ;; + esac + + bluetooth_shutdown_stack ${dev} + + return 0 +} + +############################################################################## +# Start here +############################################################################## + +load_rc_config $name +hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +hcseriald="${bluetooth_hcseriald:-/usr/sbin/hcseriald}" + +run_rc_command $* + diff --git a/etc/rc.d/bootparams b/etc/rc.d/bootparams new file mode 100755 index 0000000..1081bbf --- /dev/null +++ b/etc/rc.d/bootparams @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bootparams +# REQUIRE: rpcbind DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="bootparamd" +rcvar=`set_rcvar` +required_files="/etc/bootparams" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bridge b/etc/rc.d/bridge new file mode 100755 index 0000000..2727038 --- /dev/null +++ b/etc/rc.d/bridge @@ -0,0 +1,93 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: bridge +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="bridge" +start_cmd="bridge_start" +stop_cmd="bridge_stop" +cmd="" + +glob_int () { + case "$1" in + $2 ) true ;; + * ) false ;; + esac +} + +bridge_test () { + bridge=$1 + iface=$2 + + eval interfaces=\$autobridge_${bridge} + if [ -n "${interfaces}" ]; then + for i in ${interfaces}; do + if glob_int $iface $i ; then + ifconfig $bridge $cmd $iface > /dev/null 2>&1 + return + fi + done + fi +} + +autobridge() +{ + if [ -n "${autobridge_interfaces}" ]; then + if [ -z "$iflist" ]; then + # We're operating as a general network start routine. + iflist="`list_net_interfaces`" + fi + + for br in ${autobridge_interfaces}; do + for i in $iflist; do + bridge_test $br $i + done + done + fi +} + +bridge_start() +{ + cmd="addm" + autobridge +} + +bridge_stop() +{ + cmd="deletem" + autobridge +} + +iflist=$2 + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd new file mode 100755 index 0000000..c24a08f --- /dev/null +++ b/etc/rc.d/bsnmpd @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bsnmpd +# REQUIRE: NETWORKING syslogd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="bsnmpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/snmpd.pid" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/bthidd b/etc/rc.d/bthidd new file mode 100755 index 0000000..907305e --- /dev/null +++ b/etc/rc.d/bthidd @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bthidd +# REQUIRE: DAEMON hcsecd +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="bthidd" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +rcvar=`set_rcvar` +start_precmd="bthidd_prestart" + +bthidd_prestart() +{ + load_kld -m kbdmux kbdmux + load_kld -m vkbd vkbd + load_kld -m ng_btsocket ng_btsocket + return 0 +} + +load_rc_config $name +config="${bthidd_config:-/etc/bluetooth/${name}.conf}" +hids="${bthidd_hids:-/var/db/${name}.hids}" +command_args="-c ${config} -H ${hids} -p ${pidfile}" +required_files="${config}" + +run_rc_command "$1" diff --git a/etc/rc.d/ccd b/etc/rc.d/ccd new file mode 100755 index 0000000..1188148 --- /dev/null +++ b/etc/rc.d/ccd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="ccd" +start_cmd="ccd_start" +stop_cmd=":" + +ccd_start() +{ + if [ -f /etc/ccd.conf ]; then + echo "Configuring CCD devices." + ccdconfig -C + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/cleanvar b/etc/rc.d/cleanvar new file mode 100755 index 0000000..490b5c5 --- /dev/null +++ b/etc/rc.d/cleanvar @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cleanvar +# REQUIRE: FILESYSTEMS var + +. /etc/rc.subr + +name="cleanvar" +rcvar=`set_rcvar` + +start_precmd="${name}_prestart" +start_cmd="${name}_start" +stop_cmd=":" + +extra_commands="reload" +reload_cmd="${name}_start" + +purgedir() +{ + local dir file + + if [ $# -eq 0 ]; then + purgedir . + else + for dir + do + ( + cd "$dir" && for file in .* * + do + # Skip over logging sockets + [ -S "$file" -a "$file" = "log" ] && continue + [ -S "$file" -a "$file" = "logpriv" ] && continue + [ ."$file" = .. -o ."$file" = ... ] && continue + if [ -d "$file" -a ! -L "$file" ] + then + purgedir "$file" + else + rm -f -- "$file" + fi + done + ) + done + fi +} + +cleanvar_prestart() +{ + # These files must be removed only the first time this script is run + # on boot. + # + rm -f /var/run/clean_var /var/spool/lock/clean_var +} + +cleanvar_start () +{ + if [ -d /var/run -a ! -f /var/run/clean_var ]; then + purgedir /var/run + # And an initial utmpx active session file + (cd /var/run && cp /dev/null utx.active && chmod 644 utx.active) + >/var/run/clean_var + fi + if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then + purgedir /var/spool/lock + >/var/spool/lock/clean_var + fi + rm -rf /var/spool/uucp/.Temp/* +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/cleartmp b/etc/rc.d/cleartmp new file mode 100755 index 0000000..0d84987 --- /dev/null +++ b/etc/rc.d/cleartmp @@ -0,0 +1,60 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cleartmp +# REQUIRE: mountcritremote tmp +# BEFORE: DAEMON + +. /etc/rc.subr + +name="cleartmp" +# Disguise rcvar for the start method to run irrespective of its setting. +rcvar1=`set_rcvar clear_tmp` +start_cmd="${name}_start" +stop_cmd=":" + +cleartmp_start() +{ + # Make /tmp location variable for easier debugging. + local tmp="/tmp" + + # X related directories to create in /tmp. + local x11_socket_dirs="${tmp}/.X11-unix ${tmp}/.XIM-unix \ + ${tmp}/.ICE-unix ${tmp}/.font-unix" + + if checkyesno ${rcvar1}; then + check_startmsgs && echo "Clearing ${tmp}." + + # This is not needed for mfs, but doesn't hurt anything. + # Things to note: + # + The dot in ${tmp}/. is important. + # + Put -prune before -exec so find never descends + # into a directory that was already passed to rm -rf. + # + "--" in rm arguments isn't strictly necessary, but + # it can prevent foot-shooting in future. + # + /tmp/lost+found is preserved, but its contents are removed. + # + lost+found and quota.* in subdirectories are removed. + # + .sujournal and .snap are preserved. + find -x ${tmp}/. ! -name . \ + ! \( -name .sujournal -type f -user root \) \ + ! \( -name .snap -type d -user root \) \ + ! \( -name lost+found -type d -user root \) \ + ! \( \( -name quota.user -or -name quota.group \) \ + -type f -user root \) \ + -prune -exec rm -rf -- {} + + elif checkyesno clear_tmp_X; then + # Remove X lock files, since they will prevent you from + # restarting X. Remove other X related directories. + check_startmsgs && echo "Clearing ${tmp} (X related)." + rm -rf ${tmp}/.X[0-9]-lock ${x11_socket_dirs} + fi + if checkyesno clear_tmp_X; then + # Create X related directories with proper permissions. + mkdir -m 1777 ${x11_socket_dirs} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/cron b/etc/rc.d/cron new file mode 100755 index 0000000..cc87d42 --- /dev/null +++ b/etc/rc.d/cron @@ -0,0 +1,23 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cron +# REQUIRE: LOGIN cleanvar +# BEFORE: securelevel +# KEYWORD: shutdown + +. /etc/rc.subr + +name="cron" +rcvar="`set_rcvar`" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" + +load_rc_config $name +if checkyesno cron_dst +then + cron_flags="$cron_flags -s" +fi +run_rc_command "$1" diff --git a/etc/rc.d/ddb b/etc/rc.d/ddb new file mode 100755 index 0000000..51e24ea --- /dev/null +++ b/etc/rc.d/ddb @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ddb +# REQUIRE: dumpon +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="ddb" +rcvar=`set_rcvar` +command="/sbin/${name}" +start_precmd="ddb_prestart" +stop_cmd=":" + +ddb_prestart() +{ + # Silently exit if ddb is not enabled + if [ -z "`sysctl -Nq debug.ddb.scripting.scripts`" ]; then + return 1 + fi +} + +load_rc_config $name + +required_files="${ddb_config}" +command_args="${ddb_config}" + +run_rc_command "$1" diff --git a/etc/rc.d/defaultroute b/etc/rc.d/defaultroute new file mode 100755 index 0000000..ea54c83 --- /dev/null +++ b/etc/rc.d/defaultroute @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Wait for the default route to be up if DHCP is in use +# +# $FreeBSD$ +# + +# PROVIDE: defaultroute +# REQUIRE: devd faith netif stf +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="defaultroute" +start_cmd="defaultroute_start" +stop_cmd=":" + +# Does any interface have a carrier? +defaultroute_carrier() +{ + local carrier nocarrier + + carrier=1 + for _if in ${dhcp_interfaces}; do + output=`/sbin/ifconfig ${_if}` + nocarrier=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` + [ -z "${nocarrier}" ] && carrier=0 + done + return ${carrier} +} + +defaultroute_start() +{ + local nl waited + + afexists inet || return 0 + + # Return without waiting if we don't have dhcp interfaces or + # if none of the dhcp interfaces is plugged in. + dhcp_interfaces=`list_net_interfaces dhcp` + [ -z "${dhcp_interfaces}" ] && return + + # Wait for a default route + waited=0 + while [ ${waited} -lt ${defaultroute_delay} ]; do + defif=`get_default_if -inet` + if [ -n "${defif}" ]; then + if [ ${waited} -ne 0 ]; then + echo -n "($defif)" + nl=1 + fi + break + fi + if [ ${waited} -eq 0 ]; then + echo -n "Waiting ${defaultroute_delay}s for the default route interface: " + else + echo -n . + fi + if [ ${waited} -eq ${defaultroute_carrier_delay} ] && ! defaultroute_carrier; then + echo -n "(no carrier)" + break + fi + nl=1 + sleep 1 + waited=$(($waited + 1)) + done + + [ -n "$nl" ] && echo +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/devd b/etc/rc.d/devd new file mode 100755 index 0000000..e257da6 --- /dev/null +++ b/etc/rc.d/devd @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: devd +# REQUIRE: netif +# BEFORE: NETWORKING mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="devd" +rcvar=`set_rcvar` +command="/sbin/${name}" + +start_precmd=${name}_prestart +stop_precmd=find_pidfile + +find_pidfile() +{ + if get_pidfile_from_conf pid-file /etc/devd.conf; then + pidfile="$_pidfile_from_conf" + else + pidfile="/var/run/${name}.pid" + fi +} + +devd_prestart () +{ + find_pidfile + + # If devd is disabled, turn it off in the kernel to avoid memory leaks. + if ! checkyesno ${rcvar}; then + $SYSCTL hw.bus.devctl_disable=1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/devfs b/etc/rc.d/devfs new file mode 100755 index 0000000..82278af --- /dev/null +++ b/etc/rc.d/devfs @@ -0,0 +1,70 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: devfs +# REQUIRE: mountcritremote +# BEFORE: SERVERS securelevel +# KEYWORD: nojail + +. /etc/rc.subr + +name="devfs" +start_cmd='devfs_start' +stop_cmd=':' + +devfs_start() +{ + if [ -n "$devfs_system_ruleset" -o -n "$devfs_set_rulesets" ]; then + devfs_init_rulesets + if [ -n "$devfs_system_ruleset" ]; then + devfs_set_ruleset $devfs_system_ruleset /dev + devfs_apply_ruleset $devfs_system_ruleset /dev + fi + if [ -n "$devfs_set_rulesets" ]; then + local _dir_set + local _dir + local _set + for _dir_set in $devfs_set_rulesets; do + _dir=${_dir_set%=*} + _set=${_dir_set#*=} + devfs_set_ruleset $_set $_dir + devfs_apply_ruleset $_set $_dir + done + fi + fi + read_devfs_conf +} + +read_devfs_conf() +{ + if [ -r /etc/devfs.conf ]; then + cd /dev + while read action devicelist parameter; do + case "${action}" in + l*) for device in ${devicelist}; do + if [ ! -e ${parameter} ]; then + ln -fs ${device} ${parameter} + fi + done + ;; + o*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chown ${parameter} ${device} + fi + done + ;; + p*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chmod ${parameter} ${device} + fi + done + ;; + esac + done < /etc/devfs.conf + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/dhclient b/etc/rc.d/dhclient new file mode 100755 index 0000000..c7e4b4d --- /dev/null +++ b/etc/rc.d/dhclient @@ -0,0 +1,64 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dhclient +# KEYWORD: nojail nostart + +. /etc/rc.subr +. /etc/network.subr + +name="dhclient" +rcvar= +start_cmd="dhclient_start" +stop_cmd="dhclient_stop" + +dhclient_start() +{ + # prevent unnecessary restarts + # XXX: dhclient had better create a pidfile + if [ -x /bin/pgrep ]; then + pids=`/bin/pgrep -f "dhclient: $ifn(\$| .*)"` + if [ -n "$pids" ]; then + sleep 1 + pids=`/bin/pgrep -f "dhclient: $ifn(\$| .*)"` + if [ -n "$pids" ]; then + exit 0 + fi + elif [ -e /var/run/dhclient.pid ]; then + if [ -n "`pgrep -F /var/run/dhclient.pid`" ]; then + exit 0 + fi + fi + fi + + # Override for $ifn specific flags (see rc.subr for $flags setting) + specific=`get_if_var $ifn dhclient_flags_IF` + if [ -z "$flags" -a -n "$specific" ]; then + rc_flags=$specific + fi + + background_dhclient=`get_if_var $ifn background_dhclient_IF $background_dhclient` + if checkyesno background_dhclient; then + rc_flags="${rc_flags} -b" + fi + + ${dhclient_program} ${rc_flags} $ifn +} + +dhclient_stop() +{ + ifconfig $ifn down # cause dhclient to die +} + +ifn="$2" + +load_rc_config $name +load_rc_config network + +if ! dhcpif $ifn; then + return 1 +fi + +run_rc_command "$1" diff --git a/etc/rc.d/dmesg b/etc/rc.d/dmesg new file mode 100755 index 0000000..c6cdca3 --- /dev/null +++ b/etc/rc.d/dmesg @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dmesg +# REQUIRE: mountcritremote cleanvar +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="dmesg" +rcvar=`set_rcvar` +dmesg_file="/var/run/dmesg.boot" +start_cmd="do_dmesg" +stop_cmd=":" + +do_dmesg() +{ + rm -f ${dmesg_file} + ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} ) +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/dumpon b/etc/rc.d/dumpon new file mode 100755 index 0000000..ce5fc1c --- /dev/null +++ b/etc/rc.d/dumpon @@ -0,0 +1,69 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dumpon +# REQUIRE: zvol +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="dumpon" +start_cmd="dumpon_start" +stop_cmd="dumpon_stop" + +dumpon_try() +{ + if /sbin/dumpon "${1}" ; then + # Make a symlink in devfs for savecore + ln -fs "${1}" /dev/dumpdev + return 0 + fi + warn "unable to specify $1 as a dump device" + return 1 +} + +dumpon_start() +{ + # Enable dumpdev so that savecore can see it. Enable it + # early so a crash early in the boot process can be caught. + # + case ${dumpdev} in + [Nn][Oo] | '') + ;; + [Aa][Uu][Tt][Oo]) + dev=$(/bin/kenv -q dumpdev) + if [ -n "${dev}" ] ; then + dumpon_try "${dev}" + return $? + fi + while read dev mp type more ; do + [ "${type}" = "swap" ] || continue + [ -c "${dev}" ] || continue + dumpon_try "${dev}" 2>/dev/null && return 0 + done </etc/fstab + echo "No suitable dump device was found." 1>&2 + return 1 + ;; + *) + dumpon_try "${dumpdev}" + ;; + esac +} + +dumpon_stop() +{ + case ${dumpdev} in + [Nn][Oo] | '') + ;; + *) + rm -f /dev/dumpdev + /sbin/dumpon -v off + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap new file mode 100755 index 0000000..6221998 --- /dev/null +++ b/etc/rc.d/encswap @@ -0,0 +1,57 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: initrandom +# KEYWORD: nojail + +. /etc/rc.subr + +name="encswap" +start_cmd="encswap_attach" +stop_cmd="encswap_detach" + +encswap_attach() +{ + while read device mountpoint type options rest ; do + case ":${device}:${type}:${options}" in + :#*) + continue + ;; + *.bde:swap:sw) + passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q` + device="${device%.bde}" + gbde init "${device}" -P "${passphrase}" || return 1 + gbde attach "${device}" -p "${passphrase}" || return 1 + ;; + *.eli:swap:sw) + device="${device%.eli}" + geli onetime ${geli_swap_flags} "${device}" || return 1 + ;; + esac + done < /etc/fstab +} + +encswap_detach() +{ + while read device mountpoint type options rest ; do + case ":${device}:${type}:${options}" in + :#*) + continue + ;; + *.bde:swap:sw) + device="${device%.bde}" + gbde detach "${device}" + ;; + *.eli:swap:sw) + # Nothing here, because geli swap devices should be + # created with the auto-detach-on-last-close option. + ;; + esac + done < /etc/fstab +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/faith b/etc/rc.d/faith new file mode 100755 index 0000000..4790ebd --- /dev/null +++ b/etc/rc.d/faith @@ -0,0 +1,75 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \ + " faith0." + ${SYSCTL} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + check_startmsgs && ifconfig faith0 + ;; + esac +} + +faith_down() +{ + echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0." + ifconfig faith0 destroy + ${SYSCTL} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/fsck b/etc/rc.d/fsck new file mode 100755 index 0000000..c1fe155 --- /dev/null +++ b/etc/rc.d/fsck @@ -0,0 +1,78 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: fsck +# REQUIRE: localswap +# KEYWORD: nojail + +. /etc/rc.subr + +name="fsck" +start_cmd="fsck_start" +stop_cmd=":" + +fsck_start() +{ + if [ "$autoboot" = no ]; then + echo "Fast boot: skipping disk checks." + elif [ ! -r /etc/fstab ]; then + echo "Warning! No /etc/fstab: skipping disk checks." + elif [ "$autoboot" = yes ]; then + # During fsck ignore SIGQUIT + trap : 3 + + check_startmsgs && echo "Starting file system checks:" + if checkyesno background_fsck; then + fsck -F -p + else + fsck -p + fi + + case $? in + 0) + ;; + 2) + stop_boot + ;; + 4) + echo "Rebooting..." + reboot + echo "Reboot failed; help!" + stop_boot + ;; + 8) + if checkyesno fsck_y_enable; then + echo "File system preen failed, trying fsck -y ${fsck_y_flags}" + fsck -y ${fsck_y_flags} + case $? in + 0) + ;; + *) + echo "Automatic file system check failed; help!" + stop_boot + ;; + esac + else + echo "Automatic file system check failed; help!" + stop_boot + fi + ;; + 12) + echo "Boot interrupted." + stop_boot + ;; + 130) + stop_boot + ;; + *) + echo "Unknown error; help!" + stop_boot + ;; + esac + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ftp-proxy b/etc/rc.d/ftp-proxy new file mode 100755 index 0000000..6712e68 --- /dev/null +++ b/etc/rc.d/ftp-proxy @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ftp-proxy +# REQUIRE: DAEMON pf +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ftpproxy" +rcvar=`set_rcvar` +command="/usr/sbin/ftp-proxy" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ftpd b/etc/rc.d/ftpd new file mode 100755 index 0000000..338d735 --- /dev/null +++ b/etc/rc.d/ftpd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ftpd +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ftpd" +rcvar=`set_rcvar` +command="/usr/libexec/${name}" +pidfile="/var/run/${name}.pid" +start_precmd=ftpd_prestart + +ftpd_prestart() +{ + rc_flags="-D ${rc_flags}" + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gbde b/etc/rc.d/gbde new file mode 100755 index 0000000..6117b86 --- /dev/null +++ b/etc/rc.d/gbde @@ -0,0 +1,119 @@ +#!/bin/sh +# +# This file, originally written by Garrett A. Wollman, is in the public +# domain. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="gbde" +start_precmd="find_gbde_devices start" +stop_precmd="find_gbde_devices stop" +start_cmd="gbde_start" +stop_cmd="gbde_stop" + +find_gbde_devices() +{ + case "${gbde_devices-auto}" in + [Aa][Uu][Tt][Oo]) + gbde_devices="" + ;; + *) + return 0 + ;; + esac + + case "$1" in + start) + fstab="/etc/fstab" + ;; + stop) + fstab=$(mktemp /tmp/mtab.XXXXXX) + mount -p >${fstab} + ;; + esac + + # + # We can't use "mount -p | while ..." because when a shell loop + # is the target of a pipe it executes in a subshell, and so can't + # modify variables in the script. + # + while read device mountpt type options dump pass; do + case "$device" in + *.bde) + # Ignore swap devices + case "$type" in + swap) + continue + ;; + esac + + case "$options" in + *noauto*) + if checkyesno gbde_autoattach_all; then + gbde_devices="${gbde_devices} ${device}" + fi + ;; + *) + gbde_devices="${gbde_devices} ${device}" + ;; + esac + ;; + esac + done <${fstab} + + case "$1" in + stop) + rm -f ${fstab} + ;; + esac + + return 0 +} + +gbde_start() +{ + for device in $gbde_devices; do + parent=${device%.bde} + parent=${parent#/dev/} + parent_=`ltr ${parent} '/' '_'` + eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}" + if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then + echo "Configuring Disk Encryption for ${parent}." + + count=1 + while [ ${count} -le ${gbde_attach_attempts} ]; do + if [ -e "${lock}" ]; then + gbde attach ${parent} -l ${lock} + else + gbde attach ${parent} + fi + if [ -e "/dev/${parent}.bde" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}." + count=$((${count} + 1)) + done + fi + done +} + +gbde_stop() +{ + for device in $gbde_devices; do + parent=${device%.bde} + parent=${parent#/dev/} + if [ -e "/dev/${parent}.bde" ]; then + umount "/dev/${parent}.bde" 2>/dev/null + gbde detach "${parent}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/geli b/etc/rc.d/geli new file mode 100755 index 0000000..736b10a --- /dev/null +++ b/etc/rc.d/geli @@ -0,0 +1,90 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# REQUIRE: initrandom +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli" +start_precmd='[ -n "$(geli_make_list)" ]' +start_cmd="geli_start" +stop_cmd="geli_stop" +required_modules="geom_eli:g_eli" + +geli_start() +{ + devices=`geli_make_list` + + if [ -z "${geli_tries}" ]; then + if [ -n "${geli_attach_attempts}" ]; then + # Compatibility with rc.d/gbde. + geli_tries=${geli_attach_attempts} + else + geli_tries=`${SYSCTL_N} kern.geom.eli.tries` + fi + fi + + for provider in ${devices}; do + provider_=`ltr ${provider} '/' '_'` + + eval "flags=\${geli_${provider_}_flags}" + if [ -z "${flags}" ]; then + flags=${geli_default_flags} + fi + if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then + echo "Configuring Disk Encryption for ${provider}." + count=1 + while [ ${count} -le ${geli_tries} ]; do + geli attach ${flags} ${provider} + if [ -e "/dev/${provider}.eli" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${geli_tries}." + count=$((count+1)) + done + fi + done +} + +geli_stop() +{ + devices=`geli_make_list` + + for provider in ${devices}; do + if [ -e "/dev/${provider}.eli" ]; then + umount "/dev/${provider}.eli" 2>/dev/null + geli detach "${provider}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/geli2 b/etc/rc.d/geli2 new file mode 100755 index 0000000..4726de0 --- /dev/null +++ b/etc/rc.d/geli2 @@ -0,0 +1,58 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: geli2 +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli2" +start_cmd="geli2_start" +stop_cmd=":" + +geli2_start() +{ + devices=`geli_make_list` + + for provider in ${devices}; do + provider_=`ltr ${provider} '/' '_'` + + eval "autodetach=\${geli_${provider_}_autodetach}" + if [ -z "${autodetach}" ]; then + autodetach=${geli_autodetach} + fi + if checkyesno autodetach && [ -e "/dev/${provider}.eli" ]; then + geli detach -l ${provider} + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gptboot b/etc/rc.d/gptboot new file mode 100755 index 0000000..abfcaa1 --- /dev/null +++ b/etc/rc.d/gptboot @@ -0,0 +1,77 @@ +#!/bin/sh +# +# Copyright (c) 2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: gptboot +# REQUIRE: mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="gptboot" +rcvar=`set_rcvar` +start_cmd="gptboot_report" + +gptboot_report() +{ + gpart show | \ + egrep '(^=>| freebsd-ufs .*(\[|,)(bootfailed|bootonce)(,|\]))' | \ + sed 's/^=>//' | \ + egrep -v '(\[|,)bootme(,|\])' | \ + while read start size pos type attrs rest; do + case "${pos}" in + [0-9]*) + if [ -n "${disk}" ]; then + part="${disk}p${pos}" + echo "${attrs}" | egrep -q '(\[|,)bootfailed(,|\])' + bootfailed=$? + echo "${attrs}" | egrep -q '(\[|,)bootonce(,|\])' + bootonce=$? + if [ ${bootfailed} -eq 0 ]; then + logger -t gptboot -p local0.notice "Boot from ${part} failed." + gpart unset -a bootfailed -i ${pos} ${disk} >/dev/null + elif [ ${bootonce} -eq 0 ]; then + # We want to log success after all failures. + echo -n "Boot from ${part} succeeded." + gpart unset -a bootonce -i ${pos} ${disk} >/dev/null + fi + fi + ;; + *) + if [ "${type}" = "GPT" ]; then + disk="${pos}" + else + disk="" + fi + ;; + esac + done | logger -t gptboot -p local0.notice +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/gssd b/etc/rc.d/gssd new file mode 100755 index 0000000..3788307 --- /dev/null +++ b/etc/rc.d/gssd @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: gssd +# REQUIRE: root +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="gssd" + +load_rc_config $name +rcvar="gssd_enable" +command="${gssd:-/usr/sbin/${name}}" +eval ${name}_flags=\"${gssd_flags}\" +run_rc_command "$1" diff --git a/etc/rc.d/hastd b/etc/rc.d/hastd new file mode 100755 index 0000000..b9d9516 --- /dev/null +++ b/etc/rc.d/hastd @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hastd +# REQUIRE: NETWORKING syslogd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hastd" +rcvar=`set_rcvar` +pidfile="/var/run/${name}.pid" +command="/sbin/${name}" +hastctl="/sbin/hastctl" +required_files="/etc/hast.conf" +stop_precmd="hastd_stop_precmd" +required_modules="geom_gate:g_gate" +extra_commands="reload" + +hastd_stop_precmd() +{ + ${hastctl} role init all +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/hcsecd b/etc/rc.d/hcsecd new file mode 100755 index 0000000..fd6a925 --- /dev/null +++ b/etc/rc.d/hcsecd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hcsecd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hcsecd" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +rcvar=`set_rcvar` +required_modules="ng_btsocket" + +load_rc_config $name +config="${hcsecd_config:-/etc/bluetooth/${name}.conf}" +command_args="-f ${config}" +required_files="${config}" + +run_rc_command "$1" diff --git a/etc/rc.d/hostapd b/etc/rc.d/hostapd new file mode 100755 index 0000000..5f8203e --- /dev/null +++ b/etc/rc.d/hostapd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hostapd +# REQUIRE: mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hostapd" +command="/usr/sbin/${name}" +rcvar=`set_rcvar` + +conf_file="/etc/${name}.conf" +pidfile="/var/run/${name}.pid" + +command_args="-P ${pidfile} -B ${conf_file}" +required_files="${conf_file}" +required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" +extra_commands="reload" + +load_rc_config ${name} +run_rc_command "$1" diff --git a/etc/rc.d/hostid b/etc/rc.d/hostid new file mode 100755 index 0000000..c4545bd --- /dev/null +++ b/etc/rc.d/hostid @@ -0,0 +1,103 @@ +#!/bin/sh +# +# Copyright (c) 2007 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: hostid +# REQUIRE: sysctl +# KEYWORD: nojail + +. /etc/rc.subr + +name="hostid" +start_cmd="hostid_start" +stop_cmd=":" +reset_cmd="hostid_reset" +extra_commands="reset" +rcvar="hostid_enable" + +hostid_set() +{ + uuid=$1 + # Generate hostid based on hostuuid - take first four bytes from md5(uuid). + id=`echo -n $uuid | /sbin/md5` + id="0x${id%????????????????????????}" + + # Set both kern.hostuuid and kern.hostid. + # + check_startmsgs && echo "Setting hostuuid: ${uuid}." + ${SYSCTL} kern.hostuuid="${uuid}" >/dev/null + check_startmsgs && echo "Setting hostid: ${id}." + ${SYSCTL} kern.hostid=${id} >/dev/null +} + +hostid_hardware() +{ + uuid=`kenv -q smbios.system.uuid` + x="[0-9a-f]" + y=$x$x$x$x + case "${uuid}" in + $y$y-$y-$y-$y-$y$y$y) + echo "${uuid}" + ;; + esac +} + +hostid_generate() +{ + # First look for UUID in hardware. + uuid=`hostid_hardware` + if [ -z ${uuid} ]; then + # If not found, fall back to software-generated UUID. + uuid=`uuidgen` + fi + hostid_set $uuid +} + +hostid_reset() +{ + hostid_generate + # Store newly generated UUID in ${hostid_file}. + echo $uuid > ${hostid_file} + if [ $? -ne 0 ]; then + warn "could not store hostuuid in ${hostid_file}." + fi +} + +hostid_start() +{ + # If ${hostid_file} already exists, we take UUID from there. + if [ -r ${hostid_file} ]; then + hostid_set `cat ${hostid_file}` + else + # No hostid file, generate UUID. + hostid_generate + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/hostid_save b/etc/rc.d/hostid_save new file mode 100755 index 0000000..fca0521 --- /dev/null +++ b/etc/rc.d/hostid_save @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hostid_save +# REQUIRE: root +# KEYWORD: nojail + +. /etc/rc.subr + +name="hostid_save" +start_cmd="hostid_save" +stop_cmd=":" +rcvar="hostid_enable" + +hostid_save() +{ + if [ ! -r ${hostid_file} ]; then + $SYSCTL_N kern.hostuuid > ${hostid_file} + if [ $? -ne 0 ]; then + warn "could not store hostuuid in ${hostid_file}." + fi + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/hostname b/etc/rc.d/hostname new file mode 100755 index 0000000..142dc47 --- /dev/null +++ b/etc/rc.d/hostname @@ -0,0 +1,81 @@ +#!/bin/sh +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: hostname +# REQUIRE: FILESYSTEMS +# BEFORE: netif + +. /etc/rc.subr +. /etc/network.subr + +name="hostname" +start_cmd="hostname_start" +stop_cmd=":" + +hostname_start() +{ + # If we are not inside a jail, set the host name if it is not already set. + # If we are inside a jail, set the host name even if it is already set, + # but first check if it is permitted. + # + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then + return + fi + elif [ -n "`/bin/hostname -s`" ]; then + return + else + # If we're not in a jail and rc.conf doesn't specify a + # hostname, see if we can get one from kenv. + # + if [ -z "${hostname}" -a \ + -n "`/bin/kenv dhcp.host-name 2> /dev/null`" ]; then + hostname=`/bin/kenv dhcp.host-name` + fi + fi + + # Have we got a hostname yet? + # + if [ -z "${hostname}" ]; then + # Null hostname is probably OK if DHCP is in use. + # + if [ -z "`list_net_interfaces dhcp`" ]; then + warn "\$hostname is not set -- see ${rcvar_manpage}." + fi + return + fi + + # All right, it is safe to invoke hostname(1) now. + # + check_startmsgs && echo -n "Setting hostname: ${hostname}" + /bin/hostname "${hostname}" + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/inetd b/etc/rc.d/inetd new file mode 100755 index 0000000..fc00f38 --- /dev/null +++ b/etc/rc.d/inetd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: inetd +# REQUIRE: DAEMON LOGIN cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="inetd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom new file mode 100755 index 0000000..fcc047b --- /dev/null +++ b/etc/rc.d/initrandom @@ -0,0 +1,82 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: initrandom +# REQUIRE: dumpon ddb +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="initrandom" +start_cmd="initrandom_start" +stop_cmd=":" + +feed_dev_random() +{ + if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then + cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null + fi +} + +initrandom_start() +{ + soft_random_generator=`sysctl kern.random 2>/dev/null` + + echo -n 'Entropy harvesting:' + + if [ \! -z "${soft_random_generator}" ] ; then + + if [ -w /dev/random ]; then + if checkyesno harvest_interrupt; then + ${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null + echo -n ' interrupts' + else + ${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null + fi + + if checkyesno harvest_ethernet; then + ${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null + echo -n ' ethernet' + else + ${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null + fi + + if checkyesno harvest_p_to_p; then + ${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null + echo -n ' point_to_point' + else + ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null + fi + fi + + # XXX temporary until we can improve the entropy + # harvesting rate. + # Entropy below is not great, but better than nothing. + # This unblocks the generator at startup + ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \ + | dd of=/dev/random bs=8k 2>/dev/null + cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null + + # First pass at reseeding /dev/random. + # + case ${entropy_file} in + [Nn][Oo] | '') + ;; + *) + if [ -w /dev/random ]; then + feed_dev_random "${entropy_file}" + fi + ;; + esac + + echo -n ' kickstart' + fi + + echo '.' +} + +load_rc_config random +run_rc_command "$1" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl new file mode 100755 index 0000000..d38018c --- /dev/null +++ b/etc/rc.d/ip6addrctl @@ -0,0 +1,102 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ip6addrctl +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="ip6addrctl" +rcvar=`set_rcvar` +start_cmd="ip6addrctl_start" +stop_cmd="ip6addrctl_stop" +extra_commands="status prefer_ipv6 prefer_ipv4" +status_cmd="ip6addrctl" +prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" +prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" +config_file="/etc/ip6addrctl.conf" + +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer ip6addrctl_policy + +ip6addrctl_prefer_ipv6() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl add ::1/128 50 0 + ip6addrctl add ::/0 40 1 + ip6addrctl add 2002::/16 30 2 + ip6addrctl add ::/96 20 3 + ip6addrctl add ::ffff:0:0/96 10 4 + checkyesno ip6addrctl_verbose && ip6addrctl +} + +ip6addrctl_prefer_ipv4() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl add ::ffff:0:0/96 50 0 + ip6addrctl add ::1/128 40 1 + ip6addrctl add ::/0 30 2 + ip6addrctl add 2002::/16 20 3 + ip6addrctl add ::/96 10 4 + checkyesno ip6addrctl_verbose && ip6addrctl +} + +ip6addrctl_start() +{ + afexists inet6 || return 0 + + # install the policy of the address selection algorithm. + case "${ip6addrctl_policy}" in + [Aa][Uu][Tt][Oo]) + if [ -r "${config_file}" -a -s "${config_file}" ]; then + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl install "${config_file}" + checkyesno ip6addrctl_verbose && ip6addrctl + else + if checkyesno ipv6_activate_all_interfaces; then + ip6addrctl_prefer_ipv6 + else + ip6addrctl_prefer_ipv4 + fi + fi + ;; + ipv4_prefer) + ip6addrctl_prefer_ipv4 + ;; + ipv6_prefer) + ip6addrctl_prefer_ipv6 + ;; + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + # Backward compatibility when ipv6_prefer=YES + ip6addrctl_prefer_ipv6 + ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + # Backward compatibility when ipv6_prefer=NO + ip6addrctl_prefer_ipv4 + ;; + *) + warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ + " \"ipv4_prefer\" is used instead." + ip6addrctl_prefer_ipv4 + ;; + esac +} + +ip6addrctl_stop() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter new file mode 100755 index 0000000..fd1e99b --- /dev/null +++ b/etc/rc.d/ipfilter @@ -0,0 +1,92 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfilter +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipfilter" +rcvar=`set_rcvar` +load_rc_config $name +stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" + +start_precmd="$stop_precmd" +start_cmd="ipfilter_start" +stop_cmd="ipfilter_stop" +reload_precmd="$stop_precmd" +reload_cmd="ipfilter_reload" +resync_precmd="$stop_precmd" +resync_cmd="ipfilter_resync" +status_precmd="$stop_precmd" +status_cmd="ipfilter_status" +extra_commands="reload resync status" +required_modules="ipl:ipfilter" + +ipfilter_start() +{ + echo "Enabling ipfilter." + if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then + ${ipfilter_program:-/sbin/ipf} -E + fi + ${ipfilter_program:-/sbin/ipf} -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} \ + -f "${ipfilter_rules}" ${ipfilter_flags} + fi + ${ipfilter_program:-/sbin/ipf} -6 -Fa + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + fi +} + +ipfilter_stop() +{ + # XXX - The ipf -D command is not effective for 'lkm's + if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then + echo "Saving firewall state tables" + ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} + echo "Disabling ipfilter." + ${ipfilter_program:-/sbin/ipf} -D + fi +} + +ipfilter_reload() +{ + echo "Reloading ipfilter rules." + + ${ipfilter_program:-/sbin/ipf} -I -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I \ + -f "${ipfilter_rules}" ${ipfilter_flags} + if [ $? -ne 0 ]; then + err 1 'Load of rules into alternate set failed; aborting reload' + fi + fi + ${ipfilter_program:-/sbin/ipf} -I -6 -Fa + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + if [ $? -ne 0 ]; then + err 1 'Load of IPv6 rules into alternate set failed; aborting reload' + fi + fi + ${ipfilter_program:-/sbin/ipf} -s + +} + +ipfilter_resync() +{ + ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} +} + +ipfilter_status() +{ + ${ipfilter_program:-/sbin/ipf} -V +} + +run_rc_command "$1" diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs new file mode 100755 index 0000000..9b5ccac --- /dev/null +++ b/etc/rc.d/ipfs @@ -0,0 +1,51 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfs +# REQUIRE: ipnat +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ipfs" +rcvar=`set_rcvar` +start_cmd="ipfs_start" +stop_cmd="ipfs_stop" +start_precmd="ipfs_prestart" + +ipfs_prestart() +{ + # Do not continue if either ipnat or ipfilter is not enabled or + # if the ipfilter module is not loaded. + # + if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} + +ipfs_start() +{ + if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then + ${ipfs_program} -R ${rc_flags} + rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf + fi +} + +ipfs_stop() +{ + if [ ! -d /var/db/ipf ]; then + mkdir /var/db/ipf + chmod 700 /var/db/ipf + chown root:wheel /var/db/ipf + fi + ${ipfs_program} -W ${rc_flags} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw new file mode 100755 index 0000000..4beb609 --- /dev/null +++ b/etc/rc.d/ipfw @@ -0,0 +1,110 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfw +# REQUIRE: ppp +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="ipfw" +rcvar="firewall_enable" +start_cmd="ipfw_start" +start_precmd="ipfw_prestart" +start_postcmd="ipfw_poststart" +stop_cmd="ipfw_stop" +required_modules="ipfw" + +set_rcvar_obsolete ipv6_firewall_enable + +ipfw_prestart() +{ + if checkyesno dummynet_enable; then + required_modules="$required_modules dummynet" + fi + + if checkyesno firewall_nat_enable; then + if ! checkyesno natd_enable; then + required_modules="$required_modules ipfw_nat" + fi + fi +} + +ipfw_start() +{ + local _firewall_type + + _firewall_type=$1 + + # set the firewall rules script if none was specified + [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall + + if [ -r "${firewall_script}" ]; then + /bin/sh "${firewall_script}" "${_firewall_type}" + echo 'Firewall rules loaded.' + elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then + echo 'Warning: kernel has firewall functionality, but' \ + ' firewall rules are not enabled.' + echo ' All ip services are disabled.' + fi + + # Firewall logging + # + if checkyesno firewall_logging; then + echo 'Firewall logging enabled.' + sysctl net.inet.ip.fw.verbose=1 >/dev/null + fi +} + +ipfw_poststart() +{ + local _coscript + + # Start firewall coscripts + # + for _coscript in ${firewall_coscripts} ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstart + fi + done + + # Enable the firewall + # + if ! ${SYSCTL} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then + warn "failed to enable IPv4 firewall" + fi + if afexists inet6; then + if ! ${SYSCTL} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1 + then + warn "failed to enable IPv6 firewall" + fi + fi +} + +ipfw_stop() +{ + local _coscript + + # Disable the firewall + # + ${SYSCTL} net.inet.ip.fw.enable=0 + if afexists inet6; then + ${SYSCTL} net.inet6.ip6.fw.enable=0 + fi + + # Stop firewall coscripts + # + for _coscript in `reverse_list ${firewall_coscripts}` ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstop + fi + done +} + +load_rc_config $name +firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" + +run_rc_command $* diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon new file mode 100755 index 0000000..cbed453 --- /dev/null +++ b/etc/rc.d/ipmon @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipmon +# REQUIRE: FILESYSTEMS hostname sysctl cleanvar ipfilter +# BEFORE: SERVERS +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipmon" +rcvar=`set_rcvar` +command="/sbin/${name}" +start_precmd="ipmon_precmd" + +ipmon_precmd() +{ + # Continue only if ipfilter or ipnat is enabled and the + # ipfilter module is loaded. + # + if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipnat b/etc/rc.d/ipnat new file mode 100755 index 0000000..6bf2e08 --- /dev/null +++ b/etc/rc.d/ipnat @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipnat +# REQUIRE: ipfilter +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipnat" +rcvar=`set_rcvar` +load_rc_config $name +start_cmd="ipnat_start" +stop_cmd="${ipnat_program} -F -C" +reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}" +extra_commands="reload" +required_files="${ipnat_rules}" +required_modules="ipl:ipfilter" + +ipnat_start() +{ + echo "Installing NAT rules." + ${ipnat_program} -CF -f ${ipnat_rules} ${ipnat_flags} +} + +run_rc_command "$1" diff --git a/etc/rc.d/ipsec b/etc/rc.d/ipsec new file mode 100755 index 0000000..0ad5490 --- /dev/null +++ b/etc/rc.d/ipsec @@ -0,0 +1,59 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipsec +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipsec" +rcvar=`set_rcvar` +start_precmd="ipsec_prestart" +start_cmd="ipsec_start" +stop_precmd="test -f $ipsec_file" +stop_cmd="ipsec_stop" +reload_cmd="ipsec_reload" +extra_commands="reload" +ipsec_program="/sbin/setkey" +# ipsec_file is set by rc.conf + +ipsec_prestart() +{ + if [ ! -f "$ipsec_file" ]; then + warn "$ipsec_file not readable; ipsec start aborted." + stop_boot + return 1 + fi + return 0 +} + +ipsec_start() +{ + echo "Installing ipsec manual keys/policies." + ${ipsec_program} -f $ipsec_file +} + +ipsec_stop() +{ + echo "Clearing ipsec manual keys/policies." + + # Still not 100% sure if we would like to do this. + # It is very questionable to do this during shutdown session + # since it can hang any of the remaining IPv4/v6 sessions. + # + ${ipsec_program} -F + ${ipsec_program} -FP +} + +ipsec_reload() +{ + echo "Reloading ipsec manual keys/policies." + ${ipsec_program} -f "$ipsec_file" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ipxrouted b/etc/rc.d/ipxrouted new file mode 100755 index 0000000..04d3586 --- /dev/null +++ b/etc/rc.d/ipxrouted @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipxrouted +# REQUIRE: SERVERS +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipxrouted" +rcvar=`set_rcvar` +command="/usr/sbin/IPXrouted" +command_args="> /dev/null 2>&1" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/jail b/etc/rc.d/jail new file mode 100755 index 0000000..09170bd --- /dev/null +++ b/etc/rc.d/jail @@ -0,0 +1,742 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: jail +# REQUIRE: LOGIN cleanvar +# BEFORE: securelevel +# KEYWORD: nojail shutdown + +# WARNING: This script deals with untrusted data (the data and +# processes inside the jails) and care must be taken when changing the +# code related to this! If you have any doubt whether a change is +# correct and have security impact, please get the patch reviewed by +# the FreeBSD Security Team prior to commit. + +. /etc/rc.subr + +name="jail" +rcvar=`set_rcvar` + +start_precmd="jail_prestart" +start_cmd="jail_start" +stop_cmd="jail_stop" + +# init_variables _j +# Initialize the various jail variables for jail _j. +# +init_variables() +{ + _j="$1" + + if [ -z "$_j" ]; then + warn "init_variables: you must specify a jail" + return + fi + + eval _rootdir=\"\$jail_${_j}_rootdir\" + _devdir="${_rootdir}/dev" + _fdescdir="${_devdir}/fd" + _procdir="${_rootdir}/proc" + eval _hostname=\"\$jail_${_j}_hostname\" + eval _ip=\"\$jail_${_j}_ip\" + eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" + eval _exec=\"\$jail_${_j}_exec\" + + i=0 + while : ; do + eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\" + [ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break + i=$((i + 1)) + done + + eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" + + i=1 + while : ; do + eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\" + [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break + i=$((i + 1)) + done + + i=0 + while : ; do + eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\" + [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break + i=$((i + 1)) + done + + i=0 + while : ; do + eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\" + [ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break + i=$((i + 1)) + done + + eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\" + + i=0 + while : ; do + eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\" + [ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break + i=$((i + 1)) + done + + if [ -n "${_exec}" ]; then + # simple/backward-compatible execution + _exec_start="${_exec}" + _exec_stop="" + else + # flexible execution + if [ -z "${_exec_start}" ]; then + _exec_start="/bin/sh /etc/rc" + if [ -z "${_exec_stop}" ]; then + _exec_stop="/bin/sh /etc/rc.shutdown" + fi + fi + fi + + # The default jail ruleset will be used by rc.subr if none is specified. + eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\" + eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\" + [ -z "${_devfs}" ] && _devfs="NO" + eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\" + [ -z "${_fdescfs}" ] && _fdescfs="NO" + eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\" + [ -z "${_procfs}" ] && _procfs="NO" + + eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\" + [ -z "${_mount}" ] && _mount="NO" + # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified. + eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\" + [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}" + eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\" + [ -z "${_flags}" ] && _flags="-l -U root" + eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\" + [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log" + eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\" + + # Debugging aid + # + debug "$_j devfs enable: $_devfs" + debug "$_j fdescfs enable: $_fdescfs" + debug "$_j procfs enable: $_procfs" + debug "$_j mount enable: $_mount" + debug "$_j hostname: $_hostname" + debug "$_j ip: $_ip" + jail_show_addresses ${_j} + debug "$_j interface: $_interface" + debug "$_j fib: $_fib" + debug "$_j root: $_rootdir" + debug "$_j devdir: $_devdir" + debug "$_j fdescdir: $_fdescdir" + debug "$_j procdir: $_procdir" + debug "$_j ruleset: $_ruleset" + debug "$_j fstab: $_fstab" + + i=0 + while : ; do + eval out=\"\${_exec_prestart${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec pre-start #${i}: ${out}" + i=$((i + 1)) + done + + debug "$_j exec start: $_exec_start" + + i=1 + while : ; do + eval out=\"\${_exec_afterstart${i}:-''}\" + + if [ -z "$out" ]; then + break; + fi + + debug "$_j exec after start #${i}: ${out}" + i=$((i + 1)) + done + + i=0 + while : ; do + eval out=\"\${_exec_poststart${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec post-start #${i}: ${out}" + i=$((i + 1)) + done + + i=0 + while : ; do + eval out=\"\${_exec_prestop${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec pre-stop #${i}: ${out}" + i=$((i + 1)) + done + + debug "$_j exec stop: $_exec_stop" + + i=0 + while : ; do + eval out=\"\${_exec_poststop${i}:-''}\" + if [ -z "$out" ]; then + break + fi + debug "$_j exec post-stop #${i}: ${out}" + i=$((i + 1)) + done + + debug "$_j flags: $_flags" + debug "$_j consolelog: $_consolelog" + + if [ -z "${_hostname}" ]; then + err 3 "$name: No hostname has been defined for ${_j}" + fi + if [ -z "${_rootdir}" ]; then + err 3 "$name: No root directory has been defined for ${_j}" + fi +} + +# set_sysctl rc_knob mib msg +# If the mib sysctl is set according to what rc_knob +# specifies, this function does nothing. However if +# rc_knob is set differently than mib, then the mib +# is set accordingly and msg is displayed followed by +# an '=" sign and the word 'YES' or 'NO'. +# +set_sysctl() +{ + _knob="$1" + _mib="$2" + _msg="$3" + + _current=`${SYSCTL} -n $_mib 2>/dev/null` + if checkyesno $_knob ; then + if [ "$_current" -ne 1 ]; then + echo -n " ${_msg}=YES" + ${SYSCTL} 1>/dev/null ${_mib}=1 + fi + else + if [ "$_current" -ne 0 ]; then + echo -n " ${_msg}=NO" + ${SYSCTL} 1>/dev/null ${_mib}=0 + fi + fi +} + +# is_current_mountpoint() +# Is the directory mount point for a currently mounted file +# system? +# +is_current_mountpoint() +{ + local _dir _dir2 + + _dir=$1 + + _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'` + [ ! -d "${_dir}" ] && return 1 + _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'` + [ "${_dir}" = "${_dir2}" ] + return $? +} + +# is_symlinked_mountpoint() +# Is a mount point, or any of its parent directories, a symlink? +# +is_symlinked_mountpoint() +{ + local _dir + + _dir=$1 + + [ -L "$_dir" ] && return 0 + [ "$_dir" = "/" ] && return 1 + is_symlinked_mountpoint `dirname $_dir` + return $? +} + +# secure_umount +# Try to unmount a mount point without being vulnerable to +# symlink attacks. +# +secure_umount() +{ + local _dir + + _dir=$1 + + if is_current_mountpoint ${_dir}; then + umount -f ${_dir} >/dev/null 2>&1 + else + debug "Nothing mounted on ${_dir} - not unmounting" + fi +} + + +# jail_umount_fs +# This function unmounts certain special filesystems in the +# currently selected jail. The caller must call the init_variables() +# routine before calling this one. +# +jail_umount_fs() +{ + local _device _mountpt _rest + + if checkyesno _fdescfs; then + if [ -d "${_fdescdir}" ] ; then + secure_umount ${_fdescdir} + fi + fi + if checkyesno _devfs; then + if [ -d "${_devdir}" ] ; then + secure_umount ${_devdir} + fi + fi + if checkyesno _procfs; then + if [ -d "${_procdir}" ] ; then + secure_umount ${_procdir} + fi + fi + if checkyesno _mount; then + [ -f "${_fstab}" ] || warn "${_fstab} does not exist" + tail -r ${_fstab} | while read _device _mountpt _rest; do + case ":${_device}" in + :#* | :) + continue + ;; + esac + secure_umount ${_mountpt} + done + fi +} + +# jail_mount_fstab() +# Mount file systems from a per jail fstab while trying to +# secure against symlink attacks at the mount points. +# +# If we are certain we cannot secure against symlink attacks we +# do not mount all of the file systems (since we cannot just not +# mount the file system with the problematic mount point). +# +# The caller must call the init_variables() routine before +# calling this one. +# +jail_mount_fstab() +{ + local _device _mountpt _rest + + while read _device _mountpt _rest; do + case ":${_device}" in + :#* | :) + continue + ;; + esac + if is_symlinked_mountpoint ${_mountpt}; then + warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}" + return + fi + done <${_fstab} + mount -a -F "${_fstab}" +} + +# jail_show_addresses jail +# Debug print the input for the given _multi aliases +# for a jail for init_variables(). +# +jail_show_addresses() +{ + local _j _type alias + _j="$1" + alias=0 + + if [ -z "${_j}" ]; then + warn "jail_show_addresses: you must specify a jail" + return + fi + + while : ; do + eval _addr=\"\$jail_${_j}_ip_multi${alias}\" + if [ -n "${_addr}" ]; then + debug "${_j} ip_multi${alias}: $_addr" + alias=$((${alias} + 1)) + else + break + fi + done +} + +# jail_extract_address argument +# The second argument is the string from one of the _ip +# or the _multi variables. In case of a comma separated list +# only one argument must be passed in at a time. +# The function alters the _type, _iface, _addr and _mask variables. +# +jail_extract_address() +{ + local _i + _i=$1 + + if [ -z "${_i}" ]; then + warn "jail_extract_address: called without input" + return + fi + + # Check if we have an interface prefix given and split into + # iFace and rest. + case "${_i}" in + *\|*) # ifN|.. prefix there + _iface=${_i%%|*} + _r=${_i##*|} + ;; + *) _iface="" + _r=${_i} + ;; + esac + + # In case the IP has no interface given, check if we have a global one. + _iface=${_iface:-${_interface}} + + # Set address, cut off any prefix/netmask/prefixlen. + _addr=${_r} + _addr=${_addr%%[/ ]*} + + # Theoretically we can return here if interface is not set, + # as we only care about the _mask if we call ifconfig. + # This is not done because we may want to santize IP addresses + # based on _type later, and optionally change the type as well. + + # Extract the prefix/netmask/prefixlen part by cutting off the address. + _mask=${_r} + _mask=`expr "${_mask}" : "${_addr}\(.*\)"` + + # Identify type {inet,inet6}. + case "${_addr}" in + *\.*\.*\.*) _type="inet" ;; + *:*) _type="inet6" ;; + *) warn "jail_extract_address: type not identified" + ;; + esac + + # Handle the special /netmask instead of /prefix or + # "netmask xxx" case for legacy IP. + # We do NOT support shortend class-full netmasks. + if [ "${_type}" = "inet" ]; then + case "${_mask}" in + /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;; + *) ;; + esac + + # In case _mask is still not set use /32. + _mask=${_mask:-/32} + + elif [ "${_type}" = "inet6" ]; then + # In case _maske is not set for IPv6, use /128. + _mask=${_mask:-/128} + fi +} + +# jail_handle_ips_option {add,del} input +# Handle a single argument imput which can be a comma separated +# list of addresses (theoretically with an option interface and +# prefix/netmask/prefixlen). +# +jail_handle_ips_option() +{ + local _x _action _type _i + _action=$1 + _x=$2 + + if [ -z "${_x}" ]; then + # No IP given. This can happen for the primary address + # of each address family. + return + fi + + # Loop, in case we find a comma separated list, we need to handle + # each argument on its own. + while [ ${#_x} -gt 0 ]; do + case "${_x}" in + *,*) # Extract the first argument and strip it off the list. + _i=`expr "${_x}" : '^\([^,]*\)'` + _x=`expr "${_x}" : "^[^,]*,\(.*\)"` + ;; + *) _i=${_x} + _x="" + ;; + esac + + _type="" + _iface="" + _addr="" + _mask="" + jail_extract_address "${_i}" + + # make sure we got an address. + case "${_addr}" in + "") continue ;; + *) ;; + esac + + # Append address to list of addresses for the jail command. + case "${_addrl}" in + "") _addrl="${_addr}" ;; + *) _addrl="${_addrl},${_addr}" ;; + esac + + # Configure interface alias if requested by a given interface + # and if we could correctly parse everything. + case "${_iface}" in + "") continue ;; + esac + case "${_type}" in + inet) ;; + inet6) ;; + *) warn "Could not determine address family. Not going" \ + "to ${_action} address '${_addr}' for ${_jail}." + continue + ;; + esac + case "${_action}" in + add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias + ;; + del) # When removing the IP, ignore the _mask. + ifconfig ${_iface} ${_type} ${_addr} -alias + ;; + esac + done +} + +# jail_ips {add,del} +# Extract the comma separated list of addresses and return them +# for the jail command. +# Handle more than one address via the _multi option as well. +# If an interface is given also add/remove an alias for the +# address with an optional netmask. +# +jail_ips() +{ + local _action + _action=$1 + + case "${_action}" in + add) ;; + del) ;; + *) warn "jail_ips: invalid action '${_action}'" + return + ;; + esac + + # Handle addresses. + jail_handle_ips_option ${_action} "${_ip}" + # Handle jail_xxx_ip_multi<N> + alias=0 + while : ; do + eval _x=\"\$jail_${_jail}_ip_multi${alias}\" + case "${_x}" in + "") break ;; + *) jail_handle_ips_option ${_action} "${_x}" + alias=$((${alias} + 1)) + ;; + esac + done +} + +jail_prestart() +{ + if checkyesno jail_parallel_start; then + command_args='&' + fi +} + +jail_start() +{ + echo -n 'Configuring jails:' + set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \ + set_hostname_allow + set_sysctl jail_socket_unixiproute_only \ + security.jail.socket_unixiproute_only unixiproute_only + set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \ + sysvipc_allow + echo '.' + + echo -n 'Starting jails:' + _tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \ + err 3 "$name: Can't create temp dir, exiting..." + for _jail in ${jail_list} + do + init_variables $_jail + if [ -f /var/run/jail_${_jail}.id ]; then + echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]" + continue; + fi + _addrl="" + jail_ips "add" + if [ -n "${_fib}" ]; then + _setfib="setfib -F '${_fib}'" + else + _setfib="" + fi + if checkyesno _mount; then + info "Mounting fstab for jail ${_jail} (${_fstab})" + if [ ! -f "${_fstab}" ]; then + err 3 "$name: ${_fstab} does not exist" + fi + jail_mount_fstab + fi + if checkyesno _devfs; then + # If devfs is already mounted here, skip it. + df -t devfs "${_devdir}" >/dev/null + if [ $? -ne 0 ]; then + if is_symlinked_mountpoint ${_devdir}; then + warn "${_devdir} has symlink as parent - not starting jail ${_jail}" + continue + fi + info "Mounting devfs on ${_devdir}" + devfs_mount_jail "${_devdir}" ${_ruleset} + # Transitional symlink for old binaries + if [ ! -L "${_devdir}/log" ]; then + __pwd="`pwd`" + cd "${_devdir}" + ln -sf ../var/run/log log + cd "$__pwd" + fi + fi + + # XXX - It seems symlinks don't work when there + # is a devfs(5) device of the same name. + # Jail console output + # __pwd="`pwd`" + # cd "${_devdir}" + # ln -sf ../var/log/console console + # cd "$__pwd" + fi + if checkyesno _fdescfs; then + if is_symlinked_mountpoint ${_fdescdir}; then + warn "${_fdescdir} has symlink as parent, not mounting" + else + info "Mounting fdescfs on ${_fdescdir}" + mount -t fdescfs fdesc "${_fdescdir}" + fi + fi + if checkyesno _procfs; then + if is_symlinked_mountpoint ${_procdir}; then + warn "${_procdir} has symlink as parent, not mounting" + else + info "Mounting procfs onto ${_procdir}" + if [ -d "${_procdir}" ] ; then + mount -t procfs proc "${_procdir}" + fi + fi + fi + _tmp_jail=${_tmp_dir}/jail.$$ + + i=0 + while : ; do + eval out=\"\${_exec_prestart${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + + eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \ + \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \ + </dev/null + + if [ "$?" -eq 0 ] ; then + _jail_id=$(head -1 ${_tmp_jail}) + i=1 + while : ; do + eval out=\"\${_exec_afterstart${i}:-''}\" + + if [ -z "$out" ]; then + break; + fi + + jexec "${_jail_id}" ${out} + i=$((i + 1)) + done + + echo -n " $_hostname" + tail +2 ${_tmp_jail} >${_consolelog} + echo ${_jail_id} > /var/run/jail_${_jail}.id + + i=0 + while : ; do + eval out=\"\${_exec_poststart${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + else + jail_umount_fs + jail_ips "del" + echo " cannot start jail \"${_jail}\": " + tail +2 ${_tmp_jail} + fi + rm -f ${_tmp_jail} + done + rmdir ${_tmp_dir} + echo '.' +} + +jail_stop() +{ + echo -n 'Stopping jails:' + for _jail in ${jail_list} + do + if [ -f "/var/run/jail_${_jail}.id" ]; then + _jail_id=$(cat /var/run/jail_${_jail}.id) + if [ ! -z "${_jail_id}" ]; then + init_variables $_jail + + i=0 + while : ; do + eval out=\"\${_exec_prestop${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + + if [ -n "${_exec_stop}" ]; then + eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \ + >> ${_consolelog} 2>&1 + fi + killall -j ${_jail_id} -TERM > /dev/null 2>&1 + sleep 1 + killall -j ${_jail_id} -KILL > /dev/null 2>&1 + jail_umount_fs + echo -n " $_hostname" + + i=0 + while : ; do + eval out=\"\${_exec_poststop${i}:-''}\" + [ -z "$out" ] && break + ${out} + i=$((i + 1)) + done + fi + jail_ips "del" + rm /var/run/jail_${_jail}.id + else + echo " cannot stop jail ${_jail}. No jail id in /var/run" + fi + done + echo '.' +} + +load_rc_config $name +cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +if [ -n "$*" ]; then + jail_list="$*" +fi + +run_rc_command "${cmd}" diff --git a/etc/rc.d/kadmind b/etc/rc.d/kadmind new file mode 100755 index 0000000..1e07938 --- /dev/null +++ b/etc/rc.d/kadmind @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kadmin +# REQUIRE: kerberos +# BEFORE: DAEMON + +. /etc/rc.subr + +name="kadmind5" +load_rc_config $name +rcvar="kadmind5_server_enable" +unset start_cmd +command="${kadmind5_server}" +command_args="&" +required_vars="kerberos5_server_enable" + +run_rc_command "$1" diff --git a/etc/rc.d/kerberos b/etc/rc.d/kerberos new file mode 100755 index 0000000..3eeb32a --- /dev/null +++ b/etc/rc.d/kerberos @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kerberos +# REQUIRE: NETWORKING + +. /etc/rc.subr + +name="kerberos5" +rcvar="kerberos5_server_enable" + +load_rc_config $name +command="${kerberos5_server}" +kerberos5_flags="${kerberos5_server_flags}" +run_rc_command "$1" diff --git a/etc/rc.d/keyserv b/etc/rc.d/keyserv new file mode 100755 index 0000000..d1eaaee --- /dev/null +++ b/etc/rc.d/keyserv @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Start keyserv if we are running Secure RPC + +# PROVIDE: keyserv +# REQUIRE: ypset +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="keyserv" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="keyserv_prestart" + +keyserv_prestart() +{ + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kldxref b/etc/rc.d/kldxref new file mode 100755 index 0000000..40140cc --- /dev/null +++ b/etc/rc.d/kldxref @@ -0,0 +1,35 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kldxref +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +rcvar="kldxref_enable" +name="kldxref" +stop_cmd=":" +start_cmd="kldxref_start" + +kldxref_start () { + if [ -n "$kldxref_module_path" ]; then + MODULE_PATHS="$kldxref_module_path" + else + MODULE_PATHS=`sysctl -n kern.module_path` + fi + IFS=';' + for MODULE_DIR in $MODULE_PATHS; do + if [ ! -f "$MODULE_DIR/linker.hints" ] || + checkyesno kldxref_clobber; then + echo "Building $MODULE_DIR/linker.hints" + kldxref "$MODULE_DIR" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/kpasswdd b/etc/rc.d/kpasswdd new file mode 100755 index 0000000..d7f40ac --- /dev/null +++ b/etc/rc.d/kpasswdd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kpasswdd +# REQUIRE: kadmin +# BEFORE: DAEMON + +. /etc/rc.subr + +name="kpasswdd" +load_rc_config $name +rcvar="kpasswdd_server_enable" +unset start_cmd +command="${kpasswdd_server}" +command_args="&" +required_vars="kadmind5_server_enable" + +run_rc_command "$1" diff --git a/etc/rc.d/ldconfig b/etc/rc.d/ldconfig new file mode 100755 index 0000000..54114a6 --- /dev/null +++ b/etc/rc.d/ldconfig @@ -0,0 +1,83 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ldconfig +# REQUIRE: mountcritremote cleanvar +# BEFORE: DAEMON + +. /etc/rc.subr + +name="ldconfig" +ldconfig_command="/sbin/ldconfig" +start_cmd="ldconfig_start" +stop_cmd=":" + +ldconfig_start() +{ + local _files _ins + + _ins= + ldconfig=${ldconfig_command} + checkyesno ldconfig_insecure && _ins="-i" + if [ -x "${ldconfig_command}" ]; then + _LDC="/lib /usr/lib" + for i in ${ldconfig_local_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfig_paths="${ldconfig_paths} `cat ${_files} | sort -u`" + fi + fi + done + for i in ${ldconfig_paths} /etc/ld-elf.so.conf; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && echo 'ELF ldconfig path:' ${_LDC} + ${ldconfig} -elf ${_ins} ${_LDC} + + case `sysctl -n hw.machine_arch` in + amd64) + for i in ${ldconfig_local32_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfig32_paths="${ldconfig32_paths} `cat ${_files} | sort -u`" + fi + fi + done + _LDC="" + for i in ${ldconfig32_paths}; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && + echo '32-bit compatibility ldconfig path:' ${_LDC} + ${ldconfig} -32 -m ${_ins} ${_LDC} + ;; + esac + + # Legacy aout support for i386 only + case `sysctl -n hw.machine_arch` in + i386) + # Default the a.out ldconfig path. + : ${ldconfig_paths_aout=${ldconfig_paths}} + _LDC="" + for i in /usr/lib/aout ${ldconfig_paths_aout} /etc/ld.so.conf; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && echo 'a.out ldconfig path:' ${_LDC} + ${ldconfig} -aout ${_ins} ${_LDC} + ;; + esac + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/local b/etc/rc.d/local new file mode 100755 index 0000000..61a0852 --- /dev/null +++ b/etc/rc.d/local @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: local +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="local" +start_cmd="local_start" +stop_cmd="local_stop" + +local_start() +{ + if [ -f /etc/rc.local ]; then + echo -n 'Starting local daemons:' + . /etc/rc.local + echo '.' + fi +} + +local_stop() +{ + if [ -f /etc/rc.shutdown.local ]; then + echo -n 'Shutting down local daemons:' + . /etc/rc.shutdown.local + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/localpkg b/etc/rc.d/localpkg new file mode 100755 index 0000000..b3a3f68 --- /dev/null +++ b/etc/rc.d/localpkg @@ -0,0 +1,77 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: localpkg +# REQUIRE: abi +# BEFORE: securelevel +# KEYWORD: shutdown + +. /etc/rc.subr + +name="localpkg" +start_cmd="pkg_start" +stop_cmd="pkg_stop" + +pkg_start() +{ + local initdone + + # For each dir in $local_startup, search for init scripts matching *.sh + # + case ${local_startup} in + [Nn][Oo] | '') + ;; + *) + initdone= + find_local_scripts_old + for script in ${zlist} ${slist}; do + if [ -z "${initdone}" -a -f "${script}" ]; then + echo -n 'Local package initialization:' + initdone=yes + fi + if [ -x "${script}" ]; then + (set -T + trap 'exit 1' 2 + ${script} start) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script}, not executable)" + fi + done + [ -n "${initdone}" ] && echo '.' + ;; + esac +} + +pkg_stop() +{ + local initdone + + case ${local_startup} in + [Nn][Oo] | '') + ;; + *) + initdone= + find_local_scripts_old + for script in `reverse_list ${slist} ${zlist}`; do + if [ -z "${initdone}" -a -f "${script}" ]; then + echo -n 'Shutting down local packages:' + initdone=yes + fi + if [ -x "${script}" ]; then + if [ `sysctl -n debug.bootverbose` -eq 1 ]; then + echo "==>" ${script} + fi + (set -T + trap 'exit 1' 2 + ${script} stop) + fi + done + [ -n "${initdone}" ] && echo '.' + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/lockd b/etc/rc.d/lockd new file mode 100755 index 0000000..1a3fc6b --- /dev/null +++ b/etc/rc.d/lockd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm +# $FreeBSD$ +# + +# PROVIDE: lockd +# REQUIRE: nfsserver nfsclient nfsd rpcbind statd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="lockd" +rcvar=rpc_lockd_enable +command="/usr/sbin/rpc.${name}" +start_precmd='lockd_precmd' +stop_precmd='checkyesno nfs_server_enable || checkyesno nfs_client_enable' +status_precmd=$stop_precmd + +# Make sure that we are either an NFS client or server, and that we get +# the correct flags from rc.conf(5). +# +lockd_precmd() +{ + local ret + ret=0 + + if ! checkyesno nfs_server_enable && ! checkyesno nfs_client_enable + then + ret=1 + fi + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || ret=1 + fi + rc_flags=${rpc_lockd_flags} + return ${ret} +} + +load_rc_config $name +run_rc_command $1 diff --git a/etc/rc.d/lpd b/etc/rc.d/lpd new file mode 100755 index 0000000..552e068 --- /dev/null +++ b/etc/rc.d/lpd @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: lpd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="lpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +required_files="/etc/printcap" +start_precmd="chkprintcap" + +chkprintcap() +{ + if checkyesno chkprintcap_enable ; then + /usr/sbin/chkprintcap ${chkprintcap_flags} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mdconfig b/etc/rc.d/mdconfig new file mode 100755 index 0000000..c697c35 --- /dev/null +++ b/etc/rc.d/mdconfig @@ -0,0 +1,197 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mdconfig +# REQUIRE: localswap root + +. /etc/rc.subr + +name="mdconfig" +stop_cmd="mdconfig_stop" +start_cmd="mdconfig_start" +start_precmd='[ -n "${_mdconfig_list}" ]' +required_modules="geom_md:g_md" + +is_readonly() +{ + local _mp _ret + + _mp=$1 + _ret=`mount | while read _line; do + case ${_line} in + *" ${_mp} "*read-only*) + echo "yes" + ;; + + *) + ;; + esac; + done` + + if [ -n "${_ret}" ]; then + return 0 + else + return 1 + fi +} + +init_variables() +{ + local _i + + _fs="" + _mp="" + _dev="/dev/${_md}" + eval _config=\$mdconfig_${_md} + eval _newfs=\$mdconfig_${_md}_newfs + + _type=${_config##*-t\ } + _type=${_type%%\ *} + if [ -z "${_type}" ]; then + err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}" + fi + + if [ "${_type}" = "vnode" ]; then + _file=${_config##*-f\ } + _file=${_file%%\ *} + if [ -z "${_file}" ]; then + err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices" + fi + if [ "${_file}" != "${_file%.uzip}" ]; then + _dev="/dev/${_md}.uzip" + fi + for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done + fi + + # Debugging help. + debug "${_md} config: ${_config}" + debug "${_md} type: ${_type}" + debug "${_md} dev: ${_dev}" + debug "${_md} file: ${_file}" + debug "${_md} fs: ${_fs}" + debug "${_md} newfs flags: ${_newfs}" +} + +mdconfig_start() +{ + local _md _mp _config _type _dev _file _fs _newfs _fsck_cmd + + for _md in ${_mdconfig_list}; do + init_variables ${_md} + # Create md(4) devices of types swap, malloc and vnode if the + # file is on the root partition. + if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then + if [ "${_type}" = "vnode" ]; then + if is_readonly ${_fs}; then + warn "${_fs} is mounted read-only, skipping ${_md}." + continue + fi + if [ "${_file}" != "${_file%.uzip}" ]; then + load_kld -m g_uzip geom_uzip || return 3 + # sleep a bit to allow creation of /dev/mdX.uzip + sleep 2 + fi + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + err 3 "${_md} already exists" + fi + echo "Creating ${_md} device (${_type})." + if ! mdconfig -a ${_config} -u ${_md}; then + echo "Creating ${_md} device failed, moving on." + continue + fi + # Skip fsck for uzip devices. + if [ "${_type}" = "vnode" ]; then + if [ "${_file}" != "${_file%.uzip}" ]; then + _fsck_cmd=":" + elif checkyesno background_fsck; then + _fsck_cmd="fsck -F" + else + _fsck_cmd="fsck" + fi + if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then + echo "Fsck failed on ${_dev}, not mounting the filesystem." + continue + + fi + else + newfs ${_newfs} ${_dev} >/dev/null + fi + if mount -d ${_dev} 2>&1 >/dev/null; then + echo "Mounting ${_dev}." + mount ${_dev} + fi + fi + done +} + +mdconfig_stop() +{ + local _md _mp _config _type _dev _file _fs _newfs _i + + for _md in ${_mdconfig_list}; do + init_variables ${_md} + if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then + for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done + if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then + echo "Device ${_dev} isn't mounted." + else + echo "Umounting ${_dev}." + umount ${_dev} + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + echo "Destroying ${_md}." + mdconfig -d -u ${_md} + fi + fi + done +} + +_mdconfig_cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +[ -n "$*" ] && _mdconfig_list="$*" + +load_rc_config $name + +_mdconfig_unit=0 +if [ -z "${_mdconfig_list}" ]; then + while :; do + eval _mdconfig_config=\$mdconfig_md${_mdconfig_unit} + if [ -z "${_mdconfig_config}" ]; then + break + else + _mdconfig_list="${_mdconfig_list}${_mdconfig_list:+ }md${_mdconfig_unit}" + _mdconfig_unit=$((${_mdconfig_unit} + 1)) + fi + done +fi + +run_rc_command "${_mdconfig_cmd}" diff --git a/etc/rc.d/mdconfig2 b/etc/rc.d/mdconfig2 new file mode 100755 index 0000000..4b1535e --- /dev/null +++ b/etc/rc.d/mdconfig2 @@ -0,0 +1,227 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mdconfig2 +# REQUIRE: mountcritremote +# BEFORE: SERVERS + +. /etc/rc.subr + +name="mdconfig2" +stop_cmd="mdconfig2_stop" +start_cmd="mdconfig2_start" +start_precmd='[ -n "${_mdconfig2_list}" ]' +required_modules="geom_md:g_md" + +is_readonly() +{ + local _mp _ret + + _mp=$1 + _ret=`mount | while read _line; do + case ${_line} in + *" ${_mp} "*read-only*) + echo "yes" + ;; + + *) + ;; + esac; + done` + + if [ -n "${_ret}" ]; then + return 0 + else + return 1 + fi +} + +init_variables() +{ + local _i + + _fs="" + _mp="" + _mounted="no" + _dev="/dev/${_md}" + eval _config=\$mdconfig_${_md} + eval _owner=\$mdconfig_${_md}_owner + eval _perms=\$mdconfig_${_md}_perms + eval _files=\$mdconfig_${_md}_files + eval _populate=\$mdconfig_${_md}_cmd + + _type=${_config##*-t\ } + _type=${_type%%\ *} + if [ -z "${_type}" ]; then + err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}" + fi + + if [ "${_type}" = "vnode" ]; then + _file=${_config##*-f\ } + _file=${_file%%\ *} + if [ -z "${_file}" ]; then + err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices" + fi + + if [ "${_file}" != "${_file%.uzip}" ]; then + _dev="/dev/${_md}.uzip" + fi + for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done + fi + + # Debugging help. + debug "${_md} config: ${_config}" + debug "${_md} type: ${_type}" + debug "${_md} dev: ${_dev}" + debug "${_md} file: ${_file}" + debug "${_md} fs: ${_fs}" + debug "${_md} owner: ${_owner}" + debug "${_md} perms: ${_perms}" + debug "${_md} files: ${_files}" + debug "${_md} populate cmd: ${_populate}" +} + +mdconfig2_start() +{ + local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate _fsck_cmd _i + + for _md in ${_mdconfig2_list}; do + init_variables ${_md} + if [ ! -r ${_file} ]; then + err 3 "${_file} doesn't exist" + continue + fi + # First pass: create md(4) vnode devices from files stored on + # non-root partition. Swap and malloc md(4) devices have already + # been created. + if [ "${_type}" = "vnode" -a "${_fs}" != "/" ]; then + if [ "${_file}" != "${_file%.uzip}" ]; then + load_kld -m g_uzip geom_uzip || return 3 + fi + if is_readonly ${_fs}; then + warn "${_fs} is mounted read-only, skipping ${_md}." + continue + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + err 3 "${_md} already exists" + fi + echo "Creating ${_md} device (${_type})." + if ! mdconfig -a ${_config} -u ${_md}; then + echo "Creating ${_md} device failed, moving on." + continue + fi + # Skip fsck for uzip devices. + if [ "${_file}" != "${_file%.uzip}" ]; then + _fsck_cmd=":" + elif checkyesno background_fsck; then + _fsck_cmd="fsck -F" + else + _fsck_cmd="fsck" + fi + if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then + echo "Fsck failed on ${_dev}, not mounting the filesystem." + continue + fi + if mount -d ${_dev} >/dev/null 2>&1; then + echo "Mounting ${_dev}." + mount ${_dev} + fi + fi + + for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done + if [ ! -z "${_mp}" -a "${_mp}" = "${_mp%%%}" ]; then + _mounted="yes" + fi + + if checkyesno _mounted; then + # Second pass: change permissions and ownership. + [ -z "${_owner}" ] || chown -f ${_owner} ${_dev} ${_mp} + [ -z "${_perms}" ] || chmod -f ${_perms} ${_dev} ${_mp} + + # Third pass: populate with foreign files. + if [ -n "${_files}" -o -n "${_populate}" ]; then + echo "Populating ${_dev}." + fi + if [ -n "${_files}" ]; then + cp -Rp ${_files} ${_mp} + fi + if [ -n "${_populate}" ]; then + eval ${_populate} + fi + fi + done +} + +mdconfig2_stop() +{ + local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate + + for _md in ${_mdconfig2_list}; do + init_variables ${_md} + if [ "${_type}" = "vnode" ]; then + for i in `df ${_dev} 2>/dev/null`; do _mp=$i; done + if [ ! -r "${_file}" -o "${_fs}" = "/" ]; then + continue + fi + if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then + echo "Device ${_dev} isn't mounted." + else + echo "Umounting ${_dev}." + umount ${_dev} + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + echo "Destroying ${_md}." + mdconfig -d -u ${_md} + fi + fi + done +} + +_mdconfig2_cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +[ -n "$*" ] && _mdconfig2_list="$*" + +load_rc_config $name + +_mdconfig2_unit=0 +if [ -z "${_mdconfig2_list}" ]; then + while :; do + eval _mdconfig2_config=\$mdconfig_md${_mdconfig2_unit} + if [ -z "${_mdconfig2_config}" ]; then + break + else + _mdconfig2_list="${_mdconfig2_list}${_mdconfig2_list:+ }md${_mdconfig2_unit}" + _mdconfig2_unit=$((${_mdconfig2_unit} + 1)) + fi + done +fi + +run_rc_command "${_mdconfig2_cmd}" diff --git a/etc/rc.d/mixer b/etc/rc.d/mixer new file mode 100755 index 0000000..cc7fb2d --- /dev/null +++ b/etc/rc.d/mixer @@ -0,0 +1,103 @@ +#!/bin/sh - +# +# Copyright (c) 2004 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mixer +# REQUIRE: cleanvar +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mixer" +rcvar="mixer_enable" +stop_cmd="mixer_stop" +start_cmd="mixer_start" +reload_cmd="mixer_start" +extra_commands="reload" + +# +# List current mixer devices to stdout. +# +list_mixers() +{ + ( cd /dev ; ls mixer* 2>/dev/null ) +} + +# +# Save state of an individual mixer specified as $1 +# +mixer_save() +{ + local dev + + dev="/dev/${1}" + if [ -r ${dev} ]; then + /usr/sbin/mixer -f ${dev} -s > /var/db/${1}-state 2>/dev/null + fi +} + +# +# Restore the state of an individual mixer specified as $1 +# +mixer_restore() +{ + local file dev + + dev="/dev/${1}" + file="/var/db/${1}-state" + if [ -r ${dev} -a -r ${file} ]; then + /usr/sbin/mixer -f ${dev} `cat ${file}` > /dev/null + fi +} + +# +# Restore state of all mixers +# +mixer_start() +{ + local mixer + + for mixer in `list_mixers`; do + mixer_restore ${mixer} + done +} + +# +# Save the state of all mixers +# +mixer_stop() +{ + local mixer + + for mixer in `list_mixers`; do + mixer_save ${mixer} + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/motd b/etc/rc.d/motd new file mode 100755 index 0000000..8256d96 --- /dev/null +++ b/etc/rc.d/motd @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="motd" +rcvar="update_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + check_startmsgs && echo -n 'Updating motd:' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + cp $T /etc/motd + chmod ${PERMS} /etc/motd + } + rm -f $T + + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountcritlocal b/etc/rc.d/mountcritlocal new file mode 100755 index 0000000..06bf464 --- /dev/null +++ b/etc/rc.d/mountcritlocal @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountcritlocal +# REQUIRE: root hostid_save mdconfig +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mountcritlocal" +start_cmd="mountcritlocal_start" +stop_cmd=sync + +mountcritlocal_start() +{ + local err + + # Set up the list of network filesystem types for which mounting + # should be delayed until after network initialization. + case ${extra_netfs_types} in + [Nn][Oo]) + ;; + *) + netfs_types="${netfs_types} ${extra_netfs_types}" + ;; + esac + + # Mount everything except nfs filesystems. + check_startmsgs && echo -n 'Mounting local file systems:' + mount_excludes='no' + for i in ${netfs_types}; do + fstype=${i%:*} + mount_excludes="${mount_excludes}${fstype}," + done + mount_excludes=${mount_excludes%,} + mount -a -t ${mount_excludes} + err=$? + check_startmsgs && echo '.' + + case ${err} in + 0) + ;; + *) + echo 'Mounting /etc/fstab filesystems failed,' \ + ' startup aborted' + stop_boot true + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountcritremote b/etc/rc.d/mountcritremote new file mode 100755 index 0000000..ff965da --- /dev/null +++ b/etc/rc.d/mountcritremote @@ -0,0 +1,79 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountcritremote +# REQUIRE: NETWORKING FILESYSTEMS cleanvar ipsec +# KEYWORD: nojail + +. /etc/rc.subr + +name="mountcritremote" +stop_cmd=":" +start_cmd="mountcritremote_start" +start_precmd="mountcritremote_precmd" + +# Mount NFS filesystems if present in /etc/fstab +# +# XXX When the vfsload() issues with nfsclient support and related sysctls +# have been resolved, this block can be removed, and the condition that +# skips nfs in the following block (for "other network filesystems") can +# be removed. +# +mountcritremote_precmd() +{ + case "`mount -d -a -t nfs 2> /dev/null`" in + *mount_nfs*) + # Handle absent nfs client support + load_kld -m nfs nfsclient || return 1 + ;; + esac + return 0 +} + +mountcritremote_start() +{ + # Mount nfs filesystems. + # + case "`/sbin/mount -d -a -t nfs`" in + '') + ;; + *) + echo -n 'Mounting NFS file systems:' + mount -a -t nfs + echo '.' + ;; + esac + + # Mount other network filesystems if present in /etc/fstab. + case ${extra_netfs_types} in + [Nn][Oo]) + ;; + *) + netfs_types="${netfs_types} ${extra_netfs_types}" + ;; + esac + + for i in ${netfs_types}; do + fstype=${i%:*} + fsdecr=${i#*:} + + [ "${fstype}" = "nfs" ] && continue + + case "`mount -d -a -t ${fstype}`" in + *mount_${fstype}*) + echo -n "Mounting ${fsdecr} file systems:" + mount -a -t ${fstype} + echo '.' + ;; + esac + done + + # Cleanup /var again just in case it's a network mount. + /etc/rc.d/cleanvar quietreload + rm -f /var/run/clean_var /var/spool/lock/clean_var +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountd b/etc/rc.d/mountd new file mode 100755 index 0000000..1fad302 --- /dev/null +++ b/etc/rc.d/mountd @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountd +# REQUIRE: NETWORKING nfsserver rpcbind quota +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mountd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/exports" +start_precmd="mountd_precmd" +extra_commands="reload" + +mountd_precmd() +{ + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + # mountd flags will differ depending on rc.conf settings + # + if checkyesno nfs_server_enable ; then + if checkyesno weak_mountd_authentication; then + rc_flags="${mountd_flags} -n" + fi + else + if checkyesno mountd_enable; then + checkyesno weak_mountd_authentication && rc_flags="-n" + fi + fi + + # If oldnfs_server_enable is yes, force use of the old NFS server + # + if checkyesno oldnfs_server_enable; then + rc_flags="-o ${rc_flags}" + fi + + if checkyesno zfs_enable; then + rc_flags="${rc_flags} /etc/exports /etc/zfs/exports" + fi + + rm -f /var/db/mountdtab + ( umask 022 ; > /var/db/mountdtab ) + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mountlate b/etc/rc.d/mountlate new file mode 100755 index 0000000..5b8ff73 --- /dev/null +++ b/etc/rc.d/mountlate @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountlate +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="mountlate" +start_cmd="mountlate_start" +stop_cmd=":" + +mountlate_start() +{ + local err latefs + + # Mount "late" filesystems. + # + err=0 + latefs= + # / (root) fs is always remounted, so remove from list + latefs="`/sbin/mount -d -a -l | grep -v ' /$'`" + case ${latefs} in + '') + ;; + *) + echo -n 'Mounting late file systems:' + mount -a -l + err=$? + echo '.' + ;; + esac + + case ${err} in + 0) + ;; + *) + echo 'Mounting /etc/fstab filesystems failed,' \ + ' startup aborted' + stop_boot true + ;; + esac + + # If we booted a special kernel remove the record + # so we will boot the default kernel next time. + if [ -x /sbin/nextboot ]; then + /sbin/nextboot -D + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/moused b/etc/rc.d/moused new file mode 100755 index 0000000..fd2c447 --- /dev/null +++ b/etc/rc.d/moused @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: moused +# REQUIRE: DAEMON cleanvar +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="moused" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_cmd="moused_start" +pidprefix="/var/run/moused" +pidfile="${pidprefix}.pid" +pidarg= +load_rc_config $name + +# Set the pid file and variable name. The second argument, if it exists, is +# expected to be the mouse device. +# +if [ -n "$2" ]; then + eval moused_$2_enable=\${moused_$2_enable-${moused_nondefault_enable}} + rcvar=`set_rcvar moused_$2` + pidfile="${pidprefix}.$2.pid" + pidarg="-I $pidfile" +fi + +moused_start() +{ + local ms myflags myport mytype + + # Set the mouse device and get any related variables. If + # a moused device has been specified on the commandline, then + # rc.conf(5) variables defined for that device take precedence + # over the generic moused_* variables. The only exception is + # the moused_port variable, which if not defined sets it to the + # passed in device name. + # + ms=$1 + if [ -n "$ms" ]; then + eval myflags=\${moused_${ms}_flags-$moused_flags} + eval myport=\${moused_${ms}_port-/dev/$ms} + eval mytype=\${moused_${ms}_type-$moused_type} + else + ms="default" + myflags="$moused_flags" + myport="$moused_port" + mytype="$moused_type" + fi + + check_startmsgs && echo -n "Starting ${ms} moused" + /usr/sbin/moused ${myflags} -p ${myport} -t ${mytype} ${pidarg} + check_startmsgs && echo '.' + + mousechar_arg= + case ${mousechar_start} in + [Nn][Oo] | '') + ;; + *) + mousechar_arg="-M ${mousechar_start}" + ;; + esac + + for ttyv in /dev/ttyv* ; do + vidcontrol < ${ttyv} ${mousechar_arg} -m on + done +} + +run_rc_command $* diff --git a/etc/rc.d/mroute6d b/etc/rc.d/mroute6d new file mode 100755 index 0000000..047f241 --- /dev/null +++ b/etc/rc.d/mroute6d @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mroute6d +# REQUIRE: netif routing +# BEFORE: NETWORKING +# KEYWORD: nojail + +. /etc/rc.subr + +name="mroute6d" +rcvar=`set_rcvar` +command="/usr/local/sbin/pim6dd" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/mrouted b/etc/rc.d/mrouted new file mode 100755 index 0000000..2eb9144 --- /dev/null +++ b/etc/rc.d/mrouted @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mrouted +# REQUIRE: netif routing cleanvar +# KEYWORD: nojail + +. /etc/rc.subr + +name="mrouted" +rcvar=`set_rcvar` +command="/usr/local/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/msgs b/etc/rc.d/msgs new file mode 100755 index 0000000..6031acc --- /dev/null +++ b/etc/rc.d/msgs @@ -0,0 +1,13 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: msgs +# REQUIRE: LOGIN + +# Make a bounds file for msgs(1) if there isn't one already +# +if [ -d /var/msgs -a ! -f /var/msgs/bounds -a ! -L /var/msgs/bounds ]; then + echo 0 > /var/msgs/bounds +fi diff --git a/etc/rc.d/named b/etc/rc.d/named new file mode 100755 index 0000000..676de76 --- /dev/null +++ b/etc/rc.d/named @@ -0,0 +1,301 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: named +# REQUIRE: SERVERS cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="named" +rcvar=named_enable + +extra_commands="reload" + +start_precmd="named_prestart" +start_postcmd="named_poststart" +reload_cmd="named_reload" +stop_cmd="named_stop" +stop_postcmd="named_poststop" + +# If running in a chroot cage, ensure that the appropriate files +# exist inside the cage, as well as helper symlinks into the cage +# from outside. +# +# As this is called after the is_running and required_dir checks +# are made in run_rc_command(), we can safely assume ${named_chrootdir} +# exists and named isn't running at this point (unless forcestart +# is used). +# +chroot_autoupdate() +{ + local file + + # Create (or update) the chroot directory structure + # + if [ -r /etc/mtree/BIND.chroot.dist ]; then + mtree -deU -f /etc/mtree/BIND.chroot.dist \ + -p ${named_chrootdir} + else + warn "/etc/mtree/BIND.chroot.dist missing," + warn "chroot directory structure not updated" + fi + + # Create (or update) the configuration directory symlink + # + if [ ! -L "${named_conf%/*}" ]; then + if [ -d "${named_conf%/*}" ]; then + warn "named chroot: ${named_conf%/*} is a directory!" + elif [ -e "${named_conf%/*}" ]; then + warn "named chroot: ${named_conf%/*} exists!" + else + ln -s ${named_confdir} ${named_conf%/*} + fi + else + # Make sure it points to the right place. + ln -shf ${named_confdir} ${named_conf%/*} + fi + + # Mount a devfs in the chroot directory if needed + # + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null + devfs_domount ${named_chrootdir}/dev devfsrules_hide_all + devfs -m ${named_chrootdir}/dev rule apply path null unhide + devfs -m ${named_chrootdir}/dev rule apply path random unhide + else + if [ -c ${named_chrootdir}/dev/null -a \ + -c ${named_chrootdir}/dev/random ]; then + info "named chroot: using pre-mounted devfs." + else + err 1 "named chroot: devfs cannot be mounted from" \ + "within a jail. Thus a chrooted named cannot" \ + "be run from within a jail." \ + "To run named without chrooting it, set" \ + "named_chrootdir=\"\" in /etc/rc.conf." + fi + fi + + # Copy and/or update key files to the chroot /etc + # + for file in localtime protocols services; do + if [ -r /etc/$file ]; then + cmp -s /etc/$file "${named_chrootdir}/etc/$file" || + cp -p /etc/$file "${named_chrootdir}/etc/$file" + fi + done +} + +# Make symlinks to the correct pid file +# +make_symlinks() +{ + checkyesno named_symlink_enable && + ln -fs "${named_chrootdir}${pidfile}" ${pidfile} +} + +named_poststart () { + make_symlinks + + if checkyesno named_wait; then + until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve $named_wait_host" + sleep 1 + done + fi +} + +named_reload() +{ + ${command%/named}/rndc reload +} + +find_pidfile() +{ + if get_pidfile_from_conf pid-file $named_conf; then + pidfile="$_pidfile_from_conf" + else + pidfile="/var/run/named/pid" + fi +} + +named_stop() +{ + find_pidfile + + # This duplicates an undesirably large amount of code from the stop + # routine in rc.subr in order to use rndc to shut down the process, + # and to give it a second chance in case rndc fails. + rc_pid=$(check_pidfile $pidfile $command) + if [ -z "$rc_pid" ]; then + [ -n "$rc_fast" ] && return 0 + _run_rc_notrunning + return 1 + fi + echo 'Stopping named.' + if ${command%/named}/rndc stop 2>/dev/null; then + wait_for_pids $rc_pid + else + echo -n 'rndc failed, trying kill: ' + kill -TERM $rc_pid + wait_for_pids $rc_pid + fi +} + +named_poststop() +{ + if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi + fi +} + +create_file () { + if [ -e "$1" ]; then + unlink $1 + fi + > $1 + chown root:wheel $1 + chmod 644 $1 +} + +named_prestart() +{ + find_pidfile + + if [ -n "$named_pidfile" ]; then + warn 'named_pidfile: now determined from the conf file' + fi + + command_args="-u ${named_uid:=root}" + + if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then + case "$named_flags" in + -c*|*' -c'*) ;; # No need to add it + *) command_args="-c $named_conf $command_args" ;; + esac + fi + + local line nsip firstns + + # Is the user using a sandbox? + # + if [ -n "$named_chrootdir" ]; then + rc_flags="$rc_flags -t $named_chrootdir" + checkyesno named_chroot_autoupdate && chroot_autoupdate + else + named_symlink_enable=NO + fi + + # Create an rndc.key file for the user if none exists + # + confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \ + -c ${named_confdir}/rndc.key" + if [ -s "${named_confdir}/rndc.conf" ]; then + unset confgen_command + fi + if [ -s "${named_confdir}/rndc.key" ]; then + case `stat -f%Su ${named_confdir}/rndc.key` in + root|$named_uid) ;; + *) $confgen_command ;; + esac + else + $confgen_command + fi + + local checkconf + + checkconf="${command%/named}/named-checkconf" + if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then + checkconf="$checkconf -t $named_chrootdir" + fi + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${named_confdir}/auto_forward.conf" ] && + create_file ${named_confdir}/auto_forward.conf + + $checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "$line" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "$firstns" ]; then + if [ ! "$nsip" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "$nsip" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo $line + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${named_confdir}/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${named_confdir}/auto_forward.conf" ] && + unlink ${named_confdir}/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${named_confdir}/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${named_confdir}/auto_forward.conf" ] && + create_file ${named_confdir}/auto_forward.conf + fi + + $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' +} + +load_rc_config $name + +# Updating the following variables requires that rc.conf be loaded first +# +required_dirs="$named_chrootdir" # if it is set, it must exist + +named_confdir="${named_chrootdir}${named_conf%/*}" + +run_rc_command "$1" diff --git a/etc/rc.d/natd b/etc/rc.d/natd new file mode 100755 index 0000000..e22353a --- /dev/null +++ b/etc/rc.d/natd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: natd +# KEYWORD: nostart nojail + +. /etc/rc.subr +. /etc/network.subr + +name="natd" +rcvar=`set_rcvar` +command="/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_precmd="natd_precmd" +required_modules="ipdivert" + +natd_precmd() +{ + if [ -n "${natd_interface}" ]; then + dhcp_list="`list_net_interfaces dhcp`" + for ifn in ${dhcp_list}; do + case "${natd_interface}" in + ${ifn}) + rc_flags="$rc_flags -dynamic" + ;; + esac + done + + if echo "${natd_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + rc_flags="$rc_flags -a ${natd_interface}" + else + rc_flags="$rc_flags -n ${natd_interface}" + fi + fi + + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/netif b/etc/rc.d/netif new file mode 100755 index 0000000..01da302 --- /dev/null +++ b/etc/rc.d/netif @@ -0,0 +1,158 @@ +#!/bin/sh +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: netif +# REQUIRE: atm1 cleanvar FILESYSTEMS serial sppp sysctl +# REQUIRE: ipfilter ipfs +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="network" +start_cmd="network_start" +stop_cmd="network_stop" +cloneup_cmd="clone_up" +clonedown_cmd="clone_down" +extra_commands="cloneup clonedown" +cmdifn= + +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer + +network_start() +{ + # Set the list of interfaces to work on. + # + cmdifn=$* + + if [ -z "$cmdifn" ]; then + # + # We're operating as a general network start routine. + # + + # disable SIGINT (Ctrl-c) when running at startup + trap : 2 + + # Create cloned interfaces + clone_up + + # Create Fast EtherChannel interfaces + fec_up + + # Create IPv6<-->IPv4 tunnels + gif_up + + # Rename interfaces. + ifnet_rename + fi + + # Configure the interface(s). + network_common ifn_start + + if [ -f /etc/rc.d/ipfilter ] ; then + # Resync ipfilter + /etc/rc.d/ipfilter quietresync + fi + if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then + /etc/rc.d/bridge start $cmdifn + fi +} + +network_stop() +{ + # Set the list of interfaces to work on. + # + cmdifn=$* + + # Deconfigure the interface(s) + network_common ifn_stop +} + +# network_common routine +# Common configuration subroutine for network interfaces. This +# routine takes all the preparatory steps needed for configuriing +# an interface and then calls $routine. +network_common() +{ + local _cooked_list _fail _func _ok _str + + _func= + + if [ -z "$1" ]; then + err 1 "network_common(): No function name specified." + else + _func="$1" + fi + + # Set the scope of the command (all interfaces or just one). + # + _cooked_list= + if [ -n "$cmdifn" ]; then + # Don't check that the interface(s) exist. We need to run + # the down code even when the interface doesn't exist to + # kill off wpa_supplicant. + # XXXBED: is this really true or does wpa_supplicant die? + # if so, we should get rid of the devd entry + _cooked_list="$cmdifn" + else + _cooked_list="`list_net_interfaces`" + fi + + _fail= + _ok= + for ifn in ${_cooked_list}; do + if ${_func} ${ifn} $2; then + _ok="${_ok} ${ifn}" + else + _fail="${_fail} ${ifn}" + fi + done + + _str= + if [ -n "${_ok}" ]; then + case ${_func} in + ifn_start) + _str='Starting' + ;; + ifn_stop) + _str='Stopping' + ;; + esac + echo "${_str} Network:${_ok}." + if check_startmsgs; then + for ifn in ${_ok}; do + /sbin/ifconfig ${ifn} + done + fi + fi + + debug "The following interfaces were not configured: $_fail" +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions new file mode 100755 index 0000000..09ed6ef --- /dev/null +++ b/etc/rc.d/netoptions @@ -0,0 +1,112 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: netoptions +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="netoptions" +start_cmd="netoptions_start" +stop_cmd=: + +_netoptions_initdone= +netoptions_init() +{ + if [ -z "${_netoptions_initdone}" ]; then + echo -n 'Additional TCP/IP options:' + _netoptions_initdone=yes + fi +} + +netoptions_start() +{ + local _af + + for _af in inet inet6; do + afexists ${_af} && eval netoptions_${_af} + done + [ -n "${_netoptions_initdone}" ] && echo '.' +} + +netoptions_inet() +{ + case ${log_in_vain} in + [12]) + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null + ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null + ;; + *) + ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null + ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null + ;; + esac + + if checkyesno tcp_extensions; then + ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null + else + netoptions_init + echo -n " rfc1323 extensions=${tcp_extensions}" + ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null + fi + + if checkyesno tcp_keepalive; then + ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null + else + netoptions_init + echo -n " TCP keepalive=${tcp_keepalive}" + ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null + fi + + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" + ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null + else + ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null + fi + + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac + + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac +} + +netoptions_inet6() +{ + if checkyesno ipv6_ipv4mapping; then + netoptions_init + echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" + ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null + else + ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null + fi + + if checkyesno ipv6_privacy; then + netoptions_init + echo -n " IPv6 Privacy Addresses" + ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null + ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null + fi +} + +load_rc_config $name +run_rc_command $1 diff --git a/etc/rc.d/newsyslog b/etc/rc.d/newsyslog new file mode 100755 index 0000000..ab8f2d3 --- /dev/null +++ b/etc/rc.d/newsyslog @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: newsyslog +# REQUIRE: cleanvar mountcritremote + +. /etc/rc.subr + +name="newsyslog" +rcvar=`set_rcvar` +required_files="/etc/newsyslog.conf" +command="/usr/sbin/${name}" +start_cmd="newsyslog_start" +stop_cmd=":" + +newsyslog_start() +{ + check_startmsgs && echo -n 'Creating and/or trimming log files' + ${command} ${rc_flags} + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nfscbd b/etc/rc.d/nfscbd new file mode 100755 index 0000000..8fecfe9 --- /dev/null +++ b/etc/rc.d/nfscbd @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfscbd +# REQUIRE: NETWORKING nfsuserd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfscbd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +sig_stop="USR1" + +load_rc_config $name + +run_rc_command "$1" diff --git a/etc/rc.d/nfsclient b/etc/rc.d/nfsclient new file mode 100755 index 0000000..c97a52a --- /dev/null +++ b/etc/rc.d/nfsclient @@ -0,0 +1,50 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsclient +# REQUIRE: NETWORKING mountcritremote rpcbind +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsclient" +rcvar="nfs_client_enable" +start_cmd="nfsclient_start" +stop_cmd="unmount_all" +required_modules="nfsclient:oldnfs" + +nfsclient_start() +{ + # + # Set some nfs client related sysctls + # + + if [ -n "${nfs_access_cache}" ]; then + check_startmsgs && + echo "NFS access cache time=${nfs_access_cache}" + if ! sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null; then + warn "failed to set access cache timeout" + fi + fi + if [ -n "${nfs_bufpackets}" ]; then + if ! sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null; then + warn "failed to set vfs.nfs.bufpackets" + fi + fi + + unmount_all +} + +unmount_all() +{ + # If /var/db/mounttab exists, some nfs-server has not been + # successfully notified about a previous client shutdown. + # If there is no /var/db/mounttab, we do nothing. + if [ -f /var/db/mounttab ]; then + rpc.umntall -k + fi +} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nfsd b/etc/rc.d/nfsd new file mode 100755 index 0000000..402ba2d --- /dev/null +++ b/etc/rc.d/nfsd @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsd +# REQUIRE: mountd hostname gssd nfsuserd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsd" +rcvar=`set_rcvar nfs_server` +command="/usr/sbin/${name}" + +load_rc_config $name +start_precmd="nfsd_precmd" +sig_stop="USR1" + +nfsd_precmd() +{ + if checkyesno oldnfs_server_enable; then + rc_flags="-o ${nfs_server_flags}" + + if ! sysctl vfs.nfsrv >/dev/null 2>&1; then + force_depend nfsserver || return 1 + fi + + if checkyesno nfs_reserved_port_only; then + echo 'NFS on reserved port only=YES' + sysctl vfs.nfsrv.nfs_privport=1 > /dev/null + fi + else + rc_flags="${nfs_server_flags}" + + # Load the modules now, so that the vfs.newnfs sysctl + # oids are available. + load_kld nfsd + + if checkyesno nfs_reserved_port_only; then + echo 'NFS on reserved port only=YES' + sysctl vfs.newnfs.nfs_privport=1 > /dev/null + fi + + if checkyesno nfsv4_server_enable; then + if ! checkyesno nfsuserd_enable && \ + ! /etc/rc.d/nfsuserd forcestatus 1>/dev/null 2>&1 + then + if ! force_depend nfsuserd; then + err 1 "Cannot run nfsuserd" + fi + fi + else + echo 'NFSv4 is disabled' + sysctl vfs.newnfs.server_max_nfsvers=3 > /dev/null + fi + fi + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + if ! checkyesno mountd_enable && \ + ! /etc/rc.d/mountd forcestatus 1>/dev/null 2>&1 + then + force_depend mountd || return 1 + fi + return 0 +} + +run_rc_command "$1" diff --git a/etc/rc.d/nfsserver b/etc/rc.d/nfsserver new file mode 100755 index 0000000..bfa3f12 --- /dev/null +++ b/etc/rc.d/nfsserver @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsserver +# REQUIRE: NETWORKING mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="nfsserver" +rcvar="nfs_server_enable" +start_cmd=":" +stop_cmd=":" +required_modules="nfsserver" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nfsuserd b/etc/rc.d/nfsuserd new file mode 100755 index 0000000..278c666 --- /dev/null +++ b/etc/rc.d/nfsuserd @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsuserd +# REQUIRE: NETWORKING +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsuserd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +sig_stop="USR1" + +load_rc_config $name + +run_rc_command "$1" diff --git a/etc/rc.d/nisdomain b/etc/rc.d/nisdomain new file mode 100755 index 0000000..9763a9a --- /dev/null +++ b/etc/rc.d/nisdomain @@ -0,0 +1,54 @@ +#!/bin/sh +# +# Copyright (c) 1993 - 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: nisdomain +# REQUIRE: SERVERS rpcbind +# BEFORE: ypset ypbind ypserv ypxfrd + +. /etc/rc.subr + +name="nisdomain" +start_cmd="nisdomain_start" +stop_cmd=":" + +nisdomain_start() +{ + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo]|'') + ;; + *) + domainname ${nisdomainname} + echo "Setting NIS domain: `/bin/domainname`." + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/nscd b/etc/rc.d/nscd new file mode 100755 index 0000000..42041a7 --- /dev/null +++ b/etc/rc.d/nscd @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nscd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable nscd: +# +# nscd_enable="YES" +# +# See nscd(8) for flags +# + +. /etc/rc.subr + +name="nscd" +rcvar=`set_rcvar` + +command=/usr/sbin/nscd +extra_commands="flush" +flush_cmd="${command} -I all" + +# usage: _nscd_set_option <option name> <default value> +# +_nscd_set_option() { + local _optname _defoptval _nscd_opt_val _cached_opt_val + _optname=$1 + _defoptval=$2 + + _nscd_opt_val=$(eval "echo \$nscd_${_optname}") + _cached_opt_val=$(eval "echo \$cached_${_optname}") + + if [ -n "$_cached_opt_val" -a "$_nscd_opt_val" != "$_defoptval" ]; then + warn "You should use nscd_${_optname} instead of" \ + "cached_${_optname}" + setvar "nscd_${_optname}" "$_cached_opt_val" + else + setvar "nscd_${_optname}" "${_nscd_opt_val:-$_defoptval}" + fi +} + + +load_rc_config $name +_nscd_set_option "enable" "NO" +_nscd_set_option "pidfile" "/var/run/nscd.pid" +_nscd_set_option "flags" "" +run_rc_command "$1" + diff --git a/etc/rc.d/nsswitch b/etc/rc.d/nsswitch new file mode 100755 index 0000000..caca52f --- /dev/null +++ b/etc/rc.d/nsswitch @@ -0,0 +1,103 @@ +#!/bin/sh +# +# Copyright (c) 1993 - 2004 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: nsswitch +# REQUIRE: root +# BEFORE: NETWORK + +. /etc/rc.subr + +name="nsswitch" +start_cmd="nsswitch_start" +stop_cmd=":" + +generate_host_conf() +{ + local _cont _sources + + nsswitch_conf=$1; shift; + host_conf=$1; shift; + + _cont=0 + _sources="" + while read line; do + line=${line##[ ]} + case $line in + hosts:*) + ;; + *) + if [ $_cont -ne 1 ]; then + continue + fi + ;; + esac + if [ "${line%\\}" = "${line}\\" ]; then + _cont=1 + fi + line=${line#hosts:} + line=${line%\\} + line=${line%%#*} + _sources="${_sources}${_sources:+ }$line" + done < $nsswitch_conf + + echo "# Auto-generated from nsswitch.conf" > $host_conf + for _s in ${_sources}; do + case $_s in + files) + echo "hosts" >> $host_conf + ;; + dns) + echo "dns" >> $host_conf + ;; + nis) + echo "nis" >> $host_conf + ;; + cache | *=*) + ;; + *) + echo "Warning: unrecognized source [$_s]" >&2 + ;; + esac + done +} + +nsswitch_start() +{ + # Generate host.conf for compatibility + # + if [ ! -f "/etc/host.conf" -o \ + "/etc/host.conf" -ot "/etc/nsswitch.conf" ] + then + echo 'Generating host.conf.' + generate_host_conf /etc/nsswitch.conf /etc/host.conf + fi + +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd new file mode 100755 index 0000000..b7b009c --- /dev/null +++ b/etc/rc.d/ntpd @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ntpd +# REQUIRE: DAEMON ntpdate cleanvar devfs +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ntpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_precmd="ntpd_precmd" + +load_rc_config $name + +ntpd_precmd() +{ + rc_flags="-c ${ntpd_config} ${ntpd_flags}" + + if checkyesno ntpd_sync_on_start; then + rc_flags="-g $rc_flags" + fi + + if [ -z "$ntpd_chrootdir" ]; then + return 0; + fi + + # If running in a chroot cage, ensure that the appropriate files + # exist inside the cage, as well as helper symlinks into the cage + # from outside. + # + # As this is called after the is_running and required_dir checks + # are made in run_rc_command(), we can safely assume ${ntpd_chrootdir} + # exists and ntpd isn't running at this point (unless forcestart + # is used). + # + if [ ! -c "${ntpd_chrootdir}/dev/clockctl" ]; then + rm -f "${ntpd_chrootdir}/dev/clockctl" + ( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" ) + fi + ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift + + # Change run_rc_commands()'s internal copy of $ntpd_flags + # + rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags" +} + +run_rc_command "$1" diff --git a/etc/rc.d/ntpdate b/etc/rc.d/ntpdate new file mode 100755 index 0000000..3f93e27 --- /dev/null +++ b/etc/rc.d/ntpdate @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ntpdate +# REQUIRE: NETWORKING syslogd named +# KEYWORD: nojail + +. /etc/rc.subr + +name="ntpdate" +rcvar=`set_rcvar` +stop_cmd=":" +start_cmd="ntpdate_start" + +ntpdate_start() +{ + if [ -z "$ntpdate_hosts" -a -f ${ntpdate_config} ]; then + ntpdate_hosts=`awk ' + /^server[ \t]*127.127/ {next} + /^(server|peer)/ { + if ($2 ~/^-/) {print $3} + else {print $2}} + ' < ${ntpdate_config}` + fi + if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then + echo "Setting date via ntp." + ${ntpdate_program:-ntpdate} $rc_flags $ntpdate_hosts + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/opensm b/etc/rc.d/opensm new file mode 100755 index 0000000..310476b --- /dev/null +++ b/etc/rc.d/opensm @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: opensm +# BEFORE: netif +# REQUIRE: FILESYSTEMS + +. /etc/rc.subr + +name="opensm" +start_cmd="opensm_start" +rcvar="opensm_enable" + +command=/usr/bin/opensm +command_args="-B" + +opensm_start() +{ + for guid in `ibstat | grep "Port GUID" | cut -d ':' -f2`; do + [ -z "${rc_quiet}" ] && echo "Starting ${guid} opensm." + ${command} ${command_args} -g ${guid} >> /dev/null + done +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/othermta b/etc/rc.d/othermta new file mode 100755 index 0000000..7ab3e63 --- /dev/null +++ b/etc/rc.d/othermta @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mail +# REQUIRE: LOGIN + +# XXX - TEMPORARY SCRIPT UNTIL YOU WRITE YOUR OWN REPLACEMENT. +# +. /etc/rc.subr + +load_rc_config 'XXX' + +if [ -n "${mta_start_script}" ]; then + [ "${mta_start_script}" != "/etc/rc.sendmail" ] && \ + sh ${mta_start_script} "$1" +fi diff --git a/etc/rc.d/pf b/etc/rc.d/pf new file mode 100755 index 0000000..3426e90 --- /dev/null +++ b/etc/rc.d/pf @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pf +# REQUIRE: FILESYSTEMS netif pflog pfsync +# BEFORE: routing +# KEYWORD: nojail + +. /etc/rc.subr + +name="pf" +rcvar=`set_rcvar` +load_rc_config $name +start_cmd="pf_start" +stop_cmd="pf_stop" +check_cmd="pf_check" +reload_cmd="pf_reload" +resync_cmd="pf_resync" +status_cmd="pf_status" +extra_commands="check reload resync status" +required_files="$pf_rules" +required_modules="pf" + +pf_start() +{ + check_startmsgs && echo -n 'Enabling pf' + $pf_program -F all > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags + if ! $pf_program -s info | grep -q "Enabled" ; then + $pf_program -eq + fi + check_startmsgs && echo '.' +} + +pf_stop() +{ + if $pf_program -s info | grep -q "Enabled" ; then + echo -n 'Disabling pf' + $pf_program -dq + echo '.' + fi +} + +pf_check() +{ + echo "Checking pf rules." + $pf_program -n -f "$pf_rules" +} + +pf_reload() +{ + echo "Reloading pf rules." + $pf_program -n -f "$pf_rules" || return 1 + # Flush everything but existing state entries that way when + # rules are read in, it doesn't break established connections. + $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags +} + +pf_resync() +{ + $pf_program -f "$pf_rules" $pf_flags +} + +pf_status() +{ + $pf_program -s info +} + +run_rc_command "$1" diff --git a/etc/rc.d/pflog b/etc/rc.d/pflog new file mode 100755 index 0000000..001ad38 --- /dev/null +++ b/etc/rc.d/pflog @@ -0,0 +1,56 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pflog +# REQUIRE: FILESYSTEMS netif cleanvar +# KEYWORD: nojail + +. /etc/rc.subr + +name="pflog" +rcvar=`set_rcvar` +command="/sbin/pflogd" +pidfile="/var/run/pflogd.pid" +start_precmd="pflog_prestart" +stop_postcmd="pflog_poststop" +extra_commands="reload resync" + +# for backward compatibility +resync_cmd="pflog_resync" + +pflog_prestart() +{ + load_kld pflog || return 1 + + # set pflog0 interface to up state + if ! ifconfig pflog0 up; then + warn 'could not bring up pflog0.' + return 1 + fi + + # prepare the command line for pflogd + rc_flags="-f $pflog_logfile $rc_flags" + + # report we're ready to run pflogd + return 0 +} + +pflog_poststop() +{ + if ! ifconfig pflog0 down; then + warn 'could not bring down pflog0.' + return 1 + fi + return 0 +} + +# for backward compatibility +pflog_resync() +{ + run_rc_command reload +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync new file mode 100755 index 0000000..8be8928 --- /dev/null +++ b/etc/rc.d/pfsync @@ -0,0 +1,55 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pfsync +# REQUIRE: FILESYSTEMS netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="pfsync" +rcvar=`set_rcvar` +start_precmd="pfsync_prestart" +start_cmd="pfsync_start" +stop_cmd="pfsync_stop" +required_modules="pf" + +pfsync_prestart() +{ + # XXX Currently pfsync cannot be a module as it must register + # a network protocol in a static kernel table. + if ! kldstat -q -m pfsync; then + warn "pfsync(4) must be statically compiled in the kernel." + return 1 + fi + + case "$pfsync_syncdev" in + '') + warn "pfsync_syncdev is not set." + return 1 + ;; + esac + return 0 +} + +pfsync_start() +{ + local _syncpeer + + echo "Enabling pfsync." + if [ -n "${pfsync_syncpeer}" ]; then + _syncpeer="syncpeer ${pfsync_syncpeer}" + fi + ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up +} + +pfsync_stop() +{ + echo "Disabling pfsync." + ifconfig pfsync0 -syncdev down +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/power_profile b/etc/rc.d/power_profile new file mode 100755 index 0000000..03d36be --- /dev/null +++ b/etc/rc.d/power_profile @@ -0,0 +1,97 @@ +#!/bin/sh +# +# Modify the power profile based on AC line state. This script is +# usually called from devd(8). +# +# Arguments: 0x00 (AC offline, economy) or 0x01 (AC online, performance) +# +# $FreeBSD$ +# + +# PROVIDE: power_profile +# REQUIRE: FILESYSTEMS syslogd +# KEYWORD: nojail nostart + +. /etc/rc.subr + +name="power_profile" +stop_cmd=':' +LOGGER="logger -t power_profile -p daemon.notice" + +# Set a given sysctl node to a value. +# +# Variables: +# $node: sysctl node to set with the new value +# $value: HIGH for the highest performance value, LOW for the best +# economy value, or the value itself. +# $highest_value: maximum value for this sysctl, when $value is "HIGH" +# $lowest_value: minimum value for this sysctl, when $value is "LOW" +# +sysctl_set () +{ + # Check if the node exists + if [ -z "$(sysctl -n ${node} 2> /dev/null)" ]; then + return + fi + + # Get the new value, checking for special types HIGH or LOW + case ${value} in + [Hh][Ii][Gg][Hh]) + value=${highest_value} + ;; + [Ll][Oo][Ww]) + value=${lowest_value} + ;; + [Nn][Oo][Nn][Ee]) + return + ;; + *) + ;; + esac + + # Set the desired value + if [ -n "${value}" ]; then + if ! sysctl ${node}=${value} > /dev/null 2>&1; then + warn "unable to set ${node}=${value}" + fi + fi +} + +if [ $# -ne 1 ]; then + err 1 "Usage: $0 [0x00|0x01]" +fi +load_rc_config $name + +# Find the next state (performance or economy). +state=$1 +case ${state} in +0x01 | '') + ${LOGGER} "changed to 'performance'" + profile="performance" + ;; +0x00) + ${LOGGER} "changed to 'economy'" + profile="economy" + ;; +*) + echo "Usage: $0 [0x00|0x01]" + exit 1 +esac + +# Set the various sysctls based on the profile's values. +node="hw.acpi.cpu.cx_lowest" +highest_value="C1" +lowest_value="`(sysctl -n dev.cpu.0.cx_supported | \ + awk '{ print "C" split($0, a) }' -) 2> /dev/null`" +eval value=\$${profile}_cx_lowest +sysctl_set + +node="dev.cpu.0.freq" +highest_value="`(sysctl -n dev.cpu.0.freq_levels | \ + awk '{ split($0, a, "[/ ]"); print a[1] }' -) 2> /dev/null`" +lowest_value="`(sysctl -n dev.cpu.0.freq_levels | \ + awk '{ split($0, a, "[/ ]"); print a[length(a) - 1] }' -) 2> /dev/null`" +eval value=\$${profile}_cpu_freq +sysctl_set + +exit 0 diff --git a/etc/rc.d/powerd b/etc/rc.d/powerd new file mode 100755 index 0000000..e59d979 --- /dev/null +++ b/etc/rc.d/powerd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: powerd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="powerd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +stop_postcmd=powerd_poststop + +powerd_poststop() +{ + sysctl dev.cpu.0.freq=`sysctl -n dev.cpu.0.freq_levels | + sed -e 's:/.*::'` > /dev/null +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ppp b/etc/rc.d/ppp new file mode 100755 index 0000000..84d6bc4 --- /dev/null +++ b/etc/rc.d/ppp @@ -0,0 +1,134 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ppp +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="ppp" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_cmd="ppp_start" +stop_cmd="ppp_stop" +start_postcmd="ppp_poststart" + +ppp_start_profile() +{ + local _ppp_profile _ppp_mode _ppp_nat _ppp_unit + local _ppp_profile_cleaned _punct _punct_c + + _ppp_profile=$1 + _ppp_profile_cleaned=$1 + _punct=". - / +" + for _punct_c in $_punct; do + _ppp_profile_cleaned=`ltr ${_ppp_profile_cleaned} ${_punct_c} '_'` + done + + # Check for ppp profile mode override. + # + eval _ppp_mode=\$ppp_${_ppp_profile_cleaned}_mode + if [ -z "$_ppp_mode" ]; then + _ppp_mode=$ppp_mode + fi + + # Check for ppp profile nat override. + # + eval _ppp_nat=\$ppp_${_ppp_profile_cleaned}_nat + if [ -z "$_ppp_nat" ]; then + _ppp_nat=$ppp_nat + fi + + # Establish ppp mode. + # + if [ "${_ppp_mode}" != "ddial" -a "${_ppp_mode}" != "direct" \ + -a "${_ppp_mode}" != "dedicated" \ + -a "${_ppp_mode}" != "background" ]; then + _ppp_mode="auto" + fi + + rc_flags="-quiet -${_ppp_mode}" + + # Switch on NAT mode? + # + case ${_ppp_nat} in + [Yy][Ee][Ss]) + rc_flags="$rc_flags -nat" + ;; + esac + + # Check for hard wired unit + eval _ppp_unit=\$ppp_${_ppp_profile_cleaned}_unit + if [ -n "${_ppp_unit}" ]; then + _ppp_unit="-unit${_ppp_unit}" + fi + rc_flags="$rc_flags $_ppp_unit" + + # Run! + # + su -m $ppp_user -c "$command ${rc_flags} ${_ppp_profile}" +} + +ppp_start() +{ + local _ppp_profile _p + + _ppp_profile=$* + if [ -z "${_ppp_profile}" ]; then + _ppp_profile=$ppp_profile + fi + + echo -n "Starting PPP profile:" + + for _p in $_ppp_profile; do + echo -n " $_p" + ppp_start_profile $_p + done + + echo "." +} + +ppp_poststart() +{ + # Re-Sync ipfilter and pf so they pick up any new network interfaces + # + if [ -f /etc/rc.d/ipfilter ]; then + /etc/rc.d/ipfilter quietresync + fi + if [ -f /etc/rc.d/pf ]; then + /etc/rc.d/pf quietresync + fi +} + +ppp_stop_profile() { + local _ppp_profile + + _ppp_profile=$1 + + /bin/pkill -f "^${command}.*[[:space:]]${_ppp_profile}\$" || \ + echo -n "(not running)" +} + +ppp_stop() { + local _ppp_profile _p + + _ppp_profile=$* + if [ -z "${_ppp_profile}" ]; then + _ppp_profile=$ppp_profile + fi + + echo -n "Stopping PPP profile:" + + for _p in $_ppp_profile; do + echo -n " $_p" + ppp_stop_profile $_p + done + + echo "." +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/pppoed b/etc/rc.d/pppoed new file mode 100755 index 0000000..c939112 --- /dev/null +++ b/etc/rc.d/pppoed @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pppoed +# REQUIRE: NETWORKING +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="pppoed" +rcvar="`set_rcvar`" +start_cmd="pppoed_start" +# XXX stop_cmd will not be straightforward +stop_cmd=":" + +pppoed_start() +{ + local _opts + + if [ -n "${pppoed_provider}" ]; then + pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" + fi + echo 'Starting pppoed' + _opts=$-; set -f + /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} + set +f; set -${_opts} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/pwcheck b/etc/rc.d/pwcheck new file mode 100755 index 0000000..a8df716 --- /dev/null +++ b/etc/rc.d/pwcheck @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pwcheck +# REQUIRE: mountcritremote syslogd +# BEFORE: DAEMON + +. /etc/rc.subr + +name="pwcheck" +start_cmd="pwcheck_start" +stop_cmd=":" + +pwcheck_start() +{ + # check the password temp/lock file + # + if [ -f /etc/ptmp ]; then + logger -s -p auth.err \ + "password file may be incorrect -- /etc/ptmp exists" + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/quota b/etc/rc.d/quota new file mode 100755 index 0000000..6432f50 --- /dev/null +++ b/etc/rc.d/quota @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Enable/Check the quotas (must be after ypbind if using NIS) + +# PROVIDE: quota +# REQUIRE: mountcritremote ypset +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="quota" +rcvar=`set_rcvar` +start_cmd="quota_start" +stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" + +quota_start() +{ + if checkyesno check_quotas; then + echo -n 'Checking quotas:' + quotacheck ${quotacheck_flags} + echo ' done.' + fi + + echo -n 'Enabling quotas:' + quotaon ${quotaon_flags} + echo ' done.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/random b/etc/rc.d/random new file mode 100755 index 0000000..160b1d4 --- /dev/null +++ b/etc/rc.d/random @@ -0,0 +1,93 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: random +# REQUIRE: var initrandom +# BEFORE: netif +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="random" +start_cmd="random_start" +stop_cmd="random_stop" + +feed_dev_random() +{ + if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then + cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null + fi +} + +random_start() +{ + # Reseed /dev/random with previously stored entropy. + case ${entropy_dir} in + [Nn][Oo]) + ;; + *) + entropy_dir=${entropy_dir:-/var/db/entropy} + if [ -d "${entropy_dir}" ]; then + if [ -w /dev/random ]; then + for seedfile in ${entropy_dir}/*; do + feed_dev_random "${seedfile}" + done + fi + fi + ;; + esac + + case ${entropy_file} in + [Nn][Oo] | '') + ;; + *) + if [ -w /dev/random ]; then + feed_dev_random "${entropy_file}" + feed_dev_random /var/db/entropy-file + fi + ;; + esac +} + +random_stop() +{ + # Write some entropy so when the machine reboots /dev/random + # can be reseeded + # + case ${entropy_file} in + [Nn][Oo] | '') + ;; + *) + echo -n 'Writing entropy file:' + rm -f ${entropy_file} 2> /dev/null + oumask=`umask` + umask 077 + if touch ${entropy_file} 2> /dev/null; then + entropy_file_confirmed="${entropy_file}" + else + # Try this as a reasonable alternative for read-only + # roots, diskless workstations, etc. + rm -f /var/db/entropy-file 2> /dev/null + if touch /var/db/entropy-file 2> /dev/null; then + entropy_file_confirmed=/var/db/entropy-file + fi + fi + case ${entropy_file_confirmed} in + '') + warn 'write failed (read-only fs?)' + ;; + *) + dd if=/dev/random of=${entropy_file_confirmed} \ + bs=4096 count=1 2> /dev/null + echo '.' + ;; + esac + umask ${oumask} + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rarpd b/etc/rc.d/rarpd new file mode 100755 index 0000000..3602c87 --- /dev/null +++ b/etc/rc.d/rarpd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rarpd +# REQUIRE: DAEMON cleanvar +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rarpd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/ethers" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rctl b/etc/rc.d/rctl new file mode 100755 index 0000000..4fa0579 --- /dev/null +++ b/etc/rc.d/rctl @@ -0,0 +1,39 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rctl +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rctl" +start_cmd="rctl_start" +stop_cmd="rctl_stop" + +rctl_start() +{ + if [ -f /etc/rctl.conf ]; then + while read var comments + do + case ${var} in + \#*|'') + ;; + *) + rctl -a "${var}" + ;; + esac + done < /etc/rctl.conf + fi +} + +rctl_stop() +{ + + rctl -r : +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/resolv b/etc/rc.d/resolv new file mode 100755 index 0000000..c34209c --- /dev/null +++ b/etc/rc.d/resolv @@ -0,0 +1,57 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: resolv +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="resolv" +stop_cmd=':' + +load_rc_config $name + +# if the info is available via dhcp/kenv +# build the resolv.conf +# +if [ ! -e /etc/resolv.conf -a \ + -n "`/bin/kenv dhcp.domain-name-servers 2> /dev/null`" ]; then + > /etc/resolv.conf + + if [ -n "`/bin/kenv dhcp.domain-name 2> /dev/null`" ]; then + echo domain `/bin/kenv dhcp.domain-name` > /etc/resolv.conf + fi + + set -- `/bin/kenv dhcp.domain-name-servers` + for ns in `IFS=','; echo $*`; do + echo nameserver $ns >> /etc/resolv.conf; + done +fi + diff --git a/etc/rc.d/rfcomm_pppd_server b/etc/rc.d/rfcomm_pppd_server new file mode 100755 index 0000000..f666684 --- /dev/null +++ b/etc/rc.d/rfcomm_pppd_server @@ -0,0 +1,122 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rfcomm_pppd_server +# REQUIRE: DAEMON sdpd +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rfcomm_pppd_server" +rcvar=`set_rcvar` +command="/usr/sbin/rfcomm_pppd" +start_cmd="rfcomm_pppd_server_start" +stop_cmd="rfcomm_pppd_server_stop" +required_modules="ng_btsocket" + +rfcomm_pppd_server_start_profile() +{ + local _profile _profile_cleaned _punct _punct_c + local _bdaddr _channel _x + + _profile=$1 + _profile_cleaned=$1 + + _punct=". - / +" + for _punct_c in ${_punct} ; do + _profile_cleaned=`ltr ${_profile_cleaned} ${_punct_c} '_'` + done + + rc_flags="" + + # Check for RFCOMM PPP profile bdaddr override + # + eval _bdaddr=\$rfcomm_pppd_server_${_profile_cleaned}_bdaddr + if [ -n "${_bdaddr}" ]; then + rc_flags="${rc_flags} -a ${_bdaddr}" + fi + + # Check for RFCOMM PPP profile channel override + # + eval _channel=\$rfcomm_pppd_server_${_profile_cleaned}_channel + if [ -z "${_channel}" ]; then + _channel=1 + fi + rc_flags="${rc_flags} -C ${_channel}" + + # Check for RFCOMM PPP profile register SP override + # + eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_sp + if [ -n "${_x}" ]; then + if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_sp" ; then + rc_flags="${rc_flags} -S" + fi + fi + + # Check for RFCOMM PPP profile register DUN override + # + eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_dun + if [ -n "${_x}" ]; then + if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_dun" ; then + rc_flags="${rc_flags} -D" + fi + fi + + # Run! + # + $command -s ${rc_flags} -l ${_profile} +} + +rfcomm_pppd_server_stop_profile() +{ + local _profile + + _profile=$1 + + /bin/pkill -f "^${command}.*[[:space:]]${_profile}\$" || \ + echo -n "(not running)" +} + +rfcomm_pppd_server_start() +{ + local _profile _p + + _profile=$* + if [ -z "${_profile}" ]; then + _profile=${rfcomm_pppd_server_profile} + fi + + echo -n "Starting RFCOMM PPP profile:" + + for _p in ${_profile} ; do + echo -n " ${_p}" + rfcomm_pppd_server_start_profile ${_p} + done + + echo "." +} + +rfcomm_pppd_server_stop() +{ + local _profile _p + + _profile=$* + if [ -z "${_profile}" ]; then + _profile=${rfcomm_pppd_server_profile} + fi + + echo -n "Stopping RFCOMM PPP profile:" + + for _p in ${_profile} ; do + echo -n " ${_p}" + rfcomm_pppd_server_stop_profile ${_p} + done + + echo "." +} + +load_rc_config $name +run_rc_command $* diff --git a/etc/rc.d/root b/etc/rc.d/root new file mode 100755 index 0000000..6bddb17 --- /dev/null +++ b/etc/rc.d/root @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: root +# REQUIRE: fsck +# KEYWORD: nojail + +. /etc/rc.subr + +name="root" +start_cmd="root_start" +stop_cmd=":" + +root_start() +{ + # root normally must be read/write, but if this is a BOOTP NFS + # diskless boot it does not have to be. + # + case ${root_rw_mount} in + [Nn][Oo] | '') + ;; + *) + if ! mount -uw /; then + echo 'Mounting root filesystem rw failed, startup aborted' + stop_boot true + fi + ;; + esac + + umount -a >/dev/null 2>&1 + + # If we booted a special kernel remove the record + # so we will boot the default kernel next time. + if [ -x /sbin/nextboot ]; then + /sbin/nextboot -D > /dev/null 2>&1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/route6d b/etc/rc.d/route6d new file mode 100755 index 0000000..a94c3e4 --- /dev/null +++ b/etc/rc.d/route6d @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: route6d +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr + +name="route6d" +rcvar=`set_rcvar` + +set_rcvar_obsolete ipv6_router_enable route6d_enable +set_rcvar_obsolete ipv6_router route6d_program +set_rcvar_obsolete ipv6_router_flags route6d_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/routed b/etc/rc.d/routed new file mode 100755 index 0000000..c0bd5f7 --- /dev/null +++ b/etc/rc.d/routed @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: routed +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr + +name="routed" +desc="network RIP and router discovery routing daemon" +rcvar=`set_rcvar` + +set_rcvar_obsolete router_enable routed_enable +set_rcvar_obsolete router routed_program +set_rcvar_obsolete router_flags routed_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/routing b/etc/rc.d/routing new file mode 100755 index 0000000..add1e0a --- /dev/null +++ b/etc/rc.d/routing @@ -0,0 +1,348 @@ +#!/bin/sh +# +# Configure routing and miscellaneous network tunables +# +# $FreeBSD$ +# + +# PROVIDE: routing +# REQUIRE: faith netif ppp stf +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="routing" +start_cmd="routing_start doall" +stop_cmd="routing_stop" +extra_commands="options static" +static_cmd="routing_start static" +options_cmd="routing_start options" + +afcheck() +{ + case $_af in + ""|inet|inet6|ipx|atm) + ;; + *) + err 1 "Unsupported address family: $_af." + ;; + esac +} + +routing_start() +{ + local _cmd _af _a + _cmd=$1 + _af=$2 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + setroutes $_cmd $_af + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a && setroutes $_cmd $_a + done + ;; + esac + [ -n "${_ropts_initdone}" ] && echo '.' +} + +routing_stop() +{ + local _af _a + _af=$1 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + eval static_${_af} delete + eval routing_stop_${_af} + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a || continue + eval static_${_a} delete + eval routing_stop_${_a} + done + ;; + esac +} + +setroutes() +{ + case $1 in + static) + static_$2 add + ;; + options) + options_$2 + ;; + doall) + static_$2 add + options_$2 + ;; + esac +} + +routing_stop_inet() +{ + route -n flush -inet +} + +routing_stop_inet6() +{ + local i + + route -n flush -inet6 + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done +} + +routing_stop_atm() +{ + return 0 +} + +routing_stop_ipx() +{ + return 0 +} + +static_inet() +{ + local _action + _action=$1 + + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} + done + fi +} + +static_inet6() +{ + local _action i + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${ipv6_route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow link-local unicast packets without outgoing scope + # identifiers. However, if you set "ipv6_default_interface", + # for the host case, you will allow to omit the identifiers. + # Under this configuration, the packets will go to the default + # interface. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + + case ${ipv6_default_interface} in + '') + ;; + *) + # Disable installing the default interface when we act + # as router to avoid conflict between the default + # router list and the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} inet6 defaultif + sysctl net.inet6.ip6.use_defaultzone=1 + fi + ;; + esac +} + +static_atm() +{ + local _action i route_args + _action=$1 + + if [ -n "${natm_static_routes}" ]; then + for i in ${natm_static_routes}; do + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} + done + fi +} + +static_ipx() +{ +} + +_ropts_initdone= +ropts_init() +{ + if [ -z "${_ropts_initdone}" ]; then + echo -n 'Additional routing options:' + _ropts_initdone=yes + fi +} + +options_inet() +{ + if checkyesno icmp_bmcastecho; then + ropts_init + echo -n ' broadcast ping responses=YES' + ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null + fi + + if checkyesno icmp_drop_redirect; then + ropts_init + echo -n ' ignore ICMP redirect=YES' + ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null + fi + + if checkyesno icmp_log_redirect; then + ropts_init + echo -n ' log ICMP redirect=YES' + ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null + fi + + if checkyesno gateway_enable; then + ropts_init + echo -n ' IPv4 gateway=YES' + ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null + else + ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null + fi + + if checkyesno forward_sourceroute; then + ropts_init + echo -n ' do source routing=YES' + ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null + else + ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null + fi + + if checkyesno accept_sourceroute; then + ropts_init + echo -n ' accept source routing=YES' + ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null + else + ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null + fi + + if checkyesno arpproxy_all; then + ropts_init + echo -n ' ARP proxyall=YES' + ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null + else + ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null + fi +} + +options_inet6() +{ + if checkyesno ipv6_gateway_enable; then + ropts_init + echo -n ' IPv6 gateway=YES' + ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null + else + ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null + fi +} + +options_atm() +{ +} + +options_ipx() +{ + if checkyesno ipxgateway_enable; then + ropts_init + echo -n ' IPX gateway=YES' + ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null + else + ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null + fi +} + +load_rc_config $name +run_rc_command "$@" diff --git a/etc/rc.d/rpcbind b/etc/rc.d/rpcbind new file mode 100755 index 0000000..94f4580 --- /dev/null +++ b/etc/rc.d/rpcbind @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rpcbind +# REQUIRE: NETWORKING ntpdate syslogd named +# KEYWORD: shutdown + +. /etc/rc.subr + +name="rpcbind" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" + +stop_postcmd='/bin/rm -f /var/run/rpcbind.*' + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rtadvd b/etc/rc.d/rtadvd new file mode 100755 index 0000000..99b700d --- /dev/null +++ b/etc/rc.d/rtadvd @@ -0,0 +1,67 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rtadvd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr +. /etc/network.subr + +name="rtadvd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +start_precmd="rtadvd_precmd" + +rtadvd_precmd() +{ + if ! checkyesno ipv6_gateway_enable ; then + warn \ + "${name} cannot be used on IPv6 host, only on an IPv6 router." + return 1 + fi + + # This should be enabled with a great care. + # You may want to fine-tune /etc/rtadvd.conf. + # + # And if you wish your rtadvd to receive and process + # router renumbering messages, specify your Router Renumbering + # security policy by -R option. + # + # See `man 3 ipsec_set_policy` for IPsec policy specification + # details. + # (CAUTION: This enables your routers prefix renumbering + # from another machine, so if you enable this, do it with + # enough care.) + # + # If specific interfaces haven't been specified, + # get a list of interfaces and enable it on them + # + case ${rtadvd_interfaces} in + [Aa][Uu][Tt][Oo]|'') + for i in `ifconfig -l` ; do + case $i in + lo0) continue ;; + esac + if ipv6if $i; then + rtadvd_interfaces="${rtadvd_interfaces} ${i}" + fi + done + ;; + esac + command_args="${rtadvd_interfaces}" + + # Enable Router Renumbering, unicast case + # (use correct src/dst addr) + # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" ${ipv6_network_interfaces} + # Enable Router Renumbering, multicast case + # (use correct src addr) + # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" ${ipv6_network_interfaces} + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rtsold b/etc/rc.d/rtsold new file mode 100755 index 0000000..64a83e3 --- /dev/null +++ b/etc/rc.d/rtsold @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rtsold +# REQUIRE: netif +# BEFORE: NETWORKING +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="rtsold" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_postcmd="rtsold_poststart" + +rtsold_poststart() +{ + # wait for DAD + sleep $(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1)) +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/rwho b/etc/rc.d/rwho new file mode 100755 index 0000000..e088d99 --- /dev/null +++ b/etc/rc.d/rwho @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rwho +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="rwhod" +rcvar="`set_rcvar`" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/savecore b/etc/rc.d/savecore new file mode 100755 index 0000000..4efb7db --- /dev/null +++ b/etc/rc.d/savecore @@ -0,0 +1,76 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: savecore +# REQUIRE: dumpon ddb syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="savecore" +start_cmd="savecore_start" +start_precmd="savecore_prestart" +stop_cmd=":" + +savecore_prestart() +{ + # Quit if we have no dump device + case ${dumpdev} in + [Nn][Oo] | '') + debug 'No dump device. Quitting.' + return 1 + ;; + [Aa][Uu][Tt][Oo]) + dumpdev=`/bin/realpath /dev/dumpdev` + ;; + esac + + # If there is no crash directory set it now + case ${dumpdir} in + '') + dumpdir='/var/crash' + ;; + [Nn][Oo]) + dumpdir='NO' + ;; + esac + + if [ ! -c "${dumpdev}" ]; then + warn "Dump device does not exist. Savecore not run." + return 1 + fi + + if [ ! -d "${dumpdir}" ]; then + warn "Dump directory does not exist. Savecore not run." + return 1 + fi + return 0 +} + +savecore_start() +{ + local dev + + case "${dumpdev}" in + [Aa][Uu][Tt][Oo]) + dev= + ;; + *) + dev="${dumpdev}" + ;; + esac + + if savecore -C "${dumpdir}" "${dev}" >/dev/null; then + savecore ${savecore_flags} ${dumpdir} ${dumpdev} + if checkyesno crashinfo_enable; then + ${crashinfo_program} -d ${dumpdir} + fi + else + check_startmsgs && echo 'No core dumps found.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sdpd b/etc/rc.d/sdpd new file mode 100755 index 0000000..acaf380 --- /dev/null +++ b/etc/rc.d/sdpd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sdpd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="sdpd" +command="/usr/sbin/${name}" +rcvar=`set_rcvar` +required_modules="ng_btsocket" + +load_rc_config $name +control="${sdpd_control:-/var/run/sdp}" +group="${sdpd_groupname:-nobody}" +user="${sdpd_username:-nobody}" +command_args="-c ${control} -g ${group} -u ${user}" + +run_rc_command "$1" diff --git a/etc/rc.d/securelevel b/etc/rc.d/securelevel new file mode 100755 index 0000000..f179004 --- /dev/null +++ b/etc/rc.d/securelevel @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: securelevel + +. /etc/rc.subr + +name="securelevel" +rcvar='kern_securelevel_enable' +start_cmd="securelevel_start" +stop_cmd=":" + +# Last chance to set sysctl variables that failed the first time. +# +/etc/rc.d/sysctl lastload + +securelevel_start() +{ + if [ ${kern_securelevel} -ge 0 ]; then + echo 'Raising kernel security level: ' + ${SYSCTL} kern.securelevel=${kern_securelevel} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sendmail b/etc/rc.d/sendmail new file mode 100755 index 0000000..dfaa8e0 --- /dev/null +++ b/etc/rc.d/sendmail @@ -0,0 +1,99 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mail +# REQUIRE: LOGIN cleanvar +# we make mail start late, so that things like .forward's are not +# processed until the system is fully operational +# KEYWORD: shutdown + +# XXX - Get together with sendmail mantainer to figure out how to +# better handle SENDMAIL_ENABLE and 3rd party MTAs. +# +. /etc/rc.subr + +name="sendmail" +rcvar=`set_rcvar` +required_files="/etc/mail/${name}.cf" +start_precmd="sendmail_precmd" + +load_rc_config $name +command=${sendmail_program:-/usr/sbin/${name}} +pidfile=${sendmail_pidfile:-/var/run/${name}.pid} +procname=${sendmail_procname:-/usr/sbin/${name}} + +case ${sendmail_enable} in +[Nn][Oo][Nn][Ee]) + sendmail_enable="NO" + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" + sendmail_msp_queue_enable="NO" + ;; +esac + +# If sendmail_enable=yes, don't need submit or outbound daemon +if checkyesno sendmail_enable; then + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" +fi + +# If sendmail_submit_enable=yes, don't need outbound daemon +if checkyesno sendmail_submit_enable; then + sendmail_outbound_enable="NO" +fi + +sendmail_precmd() +{ + # Die if there's pre-8.10 custom configuration file. This check is + # mandatory for smooth upgrade. See NetBSD PR 10100 for details. + # + if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then + if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then + warn \ + "${name} was not started; you have multiple copies of sendmail.cf." + return 1 + fi + fi + + # check modifications on /etc/mail/aliases + if checkyesno sendmail_rebuild_aliases; then + if [ -f "/etc/mail/aliases.db" ]; then + if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then + echo \ + "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating" + /usr/bin/newaliases + fi + else + echo \ + "${name}: /etc/mail/aliases.db not present, generating" + /usr/bin/newaliases + fi + fi +} + +run_rc_command "$1" + +required_files= + +if checkyesno sendmail_submit_enable; then + name="sendmail_submit" + rcvar=`set_rcvar` + start_cmd="${command} ${sendmail_submit_flags}" + run_rc_command "$1" +fi + +if checkyesno sendmail_outbound_enable; then + name="sendmail_outbound" + rcvar=`set_rcvar` + start_cmd="${command} ${sendmail_outbound_flags}" + run_rc_command "$1" +fi + +name="sendmail_clientmqueue" +rcvar="sendmail_msp_queue_enable" +start_cmd="${command} ${sendmail_msp_queue_flags}" +pidfile="${sendmail_mspq_pidfile:-/var/spool/clientmqueue/sm-client.pid}" +required_files="/etc/mail/submit.cf" +run_rc_command "$1" diff --git a/etc/rc.d/serial b/etc/rc.d/serial new file mode 100755 index 0000000..d569a0b --- /dev/null +++ b/etc/rc.d/serial @@ -0,0 +1,168 @@ +#!/bin/sh +# +# Copyright (c) 1996 Andrey A. Chernov +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: serial +# REQUIRE: root +# KEYWORD: nojail + +# Change some defaults for serial devices. +# Standard defaults are: +# dtrwait 300 drainwait `sysctl -n kern.drainwait` +# initial cflag from <sys/ttydefaults.h> = cread cs8 hupcl +# initial iflag, lflag and oflag all 0 +# speed 9600 +# special chars from <sys/ttydefaults.h> +# nothing locked +# except for serial consoles the initial iflag, lflag and oflag are from +# <sys/ttydefaults.h> and clocal is locked on. + +default() { + # Reset everything changed by the other functions to initial defaults. + + dc=$1; shift # device name character + drainwait=`sysctl -n kern.drainwait` + + for i in $* + do + comcontrol /dev/tty${dc}${i} dtrwait 300 drainwait $drainwait + stty < /dev/tty${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R + stty < /dev/tty${dc}${i}.lock -clocal -crtscts -hupcl 0 + stty < /dev/cua${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R + stty < /dev/cua${dc}${i}.lock -clocal -crtscts -hupcl 0 + done +} + +maybe() { + # Special settings. + + dc=$1; shift + + for i in $* + do + # Don't use ^R; it breaks bash's ^R when typed ahead. + stty < /dev/tty${dc}${i}.init reprint undef + stty < /dev/cua${dc}${i}.init reprint undef + # Lock clocal off on dialin device for security. + stty < /dev/tty${dc}${i}.lock clocal + # Lock the speeds to use old binaries that don't support them. + # Any legal speed works to lock the initial speed. + stty < /dev/tty${dc}${i}.lock 300 + stty < /dev/cua${dc}${i}.lock 300 + done +} + +modem() { + # Modem that supports CTS and perhaps RTS handshaking. + + dc=$1; shift + + for i in $* + do + # may depend on modem + comcontrol /dev/tty${dc}${i} dtrwait 100 drainwait 180 + # Lock crtscts on. + # Speed reasonable for V42bis. + stty < /dev/tty${dc}${i}.init crtscts 115200 + stty < /dev/tty${dc}${i}.lock crtscts + stty < /dev/cua${dc}${i}.init crtscts 115200 + stty < /dev/cua${dc}${i}.lock crtscts + done +} + +mouse() { + # Mouse on either callin or callout port. + + dc=$1; shift + + for i in $* + do + # Lock clocal on, hupcl off. + # Standard speed for Microsoft mouse. + stty < /dev/tty${dc}${i}.init clocal -hupcl 1200 + stty < /dev/tty${dc}${i}.lock clocal hupcl + stty < /dev/cua${dc}${i}.init clocal -hupcl 1200 + stty < /dev/cua${dc}${i}.lock clocal hupcl + done +} + +terminal() { + # Terminal that supports CTS and perhaps RTS handshaking + # with the cable or terminal arranged so that DCD is on + # at least while the terminal is on. + # Also works for bidirectional communications to another pc + # provided at most one side runs getty. + # Same as modem() except we want a faster speed and no dtrwait. + + dc=$1; shift + + modem ${dc} $* + for i in $* + do + comcontrol /dev/tty${dc}${i} dtrwait 0 + stty < /dev/tty${dc}${i}.init 115200 + stty < /dev/cua${dc}${i}.init 115200 + done +} + +3wire() { + # 3-wire serial terminals. These don't supply carrier, so + # clocal needs to be set, and crtscts needs to be unset. + + dc=$1; shift + + terminal ${dc} $* + for i in $* + do + stty < /dev/tty${dc}${i}.init clocal -crtscts + stty < /dev/cua${dc}${i}.init clocal -crtscts + done +} + +# Don't use anything from this file unless you have some buggy programs +# that require it. + +# Edit the functions and the examples to suit your system. +# $1 is the device identifier, and the remainder of the line +# lists the device numbers. + +# Initialize assorted 8250-16550 (uart) ports. +# maybe u 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v +# mouse u 2 +# modem u 1 +# terminal u 0 +# 3wire u 0 + +# Initialize all ports on a Cyclades-8yo. +# modem c 00 01 02 03 04 05 06 07 + +# Initialize all ports on a Cyclades-16ye. +# modem c 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f + +# Initialize all ports on a Digiboard 8. +# modem D 00 01 02 03 04 05 06 07 diff --git a/etc/rc.d/sppp b/etc/rc.d/sppp new file mode 100755 index 0000000..d4a183b --- /dev/null +++ b/etc/rc.d/sppp @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sppp +# REQUIRE: root +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="sppp" +start_cmd="sppp_start" +stop_cmd=":" + +sppp_start() +{ + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd new file mode 100755 index 0000000..9f00199 --- /dev/null +++ b/etc/rc.d/sshd @@ -0,0 +1,102 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sshd +# REQUIRE: LOGIN cleanvar +# KEYWORD: shutdown + +. /etc/rc.subr + +name="sshd" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" +keygen_cmd="sshd_keygen" +start_precmd="sshd_precmd" +pidfile="/var/run/${name}.pid" +extra_commands="keygen reload" + +timeout=300 + +user_reseed() +{ + ( + seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null` + if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then + warn "Setting entropy source to blocking mode." + echo "====================================================" + echo "Type a full screenful of random junk to unblock" + echo "it and remember to finish with <enter>. This will" + echo "timeout in ${timeout} seconds, but waiting for" + echo "the timeout without typing junk may make the" + echo "entropy source deliver predictable output." + echo "" + echo "Just hit <enter> for fast+insecure startup." + echo "====================================================" + sysctl kern.random.sys.seeded=0 2>/dev/null + read -t ${timeout} junk + echo "${junk}" `sysctl -a` `date` > /dev/random + fi + ) +} + +sshd_keygen() +{ + ( + umask 022 + + # Can't do anything if ssh is not installed + [ -x /usr/bin/ssh-keygen ] || { + warn "/usr/bin/ssh-keygen does not exist." + return 1 + } + + if [ -f /etc/ssh/ssh_host_key ]; then + echo "You already have an RSA host key" \ + "in /etc/ssh/ssh_host_key" + echo "Skipping protocol version 1 RSA Key Generation" + else + /usr/bin/ssh-keygen -t rsa1 -b 1024 \ + -f /etc/ssh/ssh_host_key -N '' + fi + + if [ -f /etc/ssh/ssh_host_dsa_key ]; then + echo "You already have a DSA host key" \ + "in /etc/ssh/ssh_host_dsa_key" + echo "Skipping protocol version 2 DSA Key Generation" + else + /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + fi + + if [ -f /etc/ssh/ssh_host_rsa_key ]; then + echo "You already have an RSA host key" \ + "in /etc/ssh/ssh_host_rsa_key" + echo "Skipping protocol version 2 RSA Key Generation" + else + /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + fi + + if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then + echo "You already have an ECDSA host key" \ + "in /etc/ssh/ssh_host_ecdsa_key" + echo "Skipping protocol version 2 ECDSA Key Generation" + else + /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' + fi + ) +} + +sshd_precmd() +{ + if [ ! -f /etc/ssh/ssh_host_key -o \ + ! -f /etc/ssh/ssh_host_dsa_key -o \ + ! -f /etc/ssh/ssh_host_ecdsa_key -o \ + ! -f /etc/ssh/ssh_host_rsa_key ]; then + user_reseed + run_rc_command keygen + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/statd b/etc/rc.d/statd new file mode 100755 index 0000000..85e003d --- /dev/null +++ b/etc/rc.d/statd @@ -0,0 +1,43 @@ +#!/bin/sh +# +# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm Exp +# $FreeBSD$ +# + +# PROVIDE: statd +# REQUIRE: nfsserver nfsclient nfsd rpcbind +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="statd" +rcvar=rpc_statd_enable +command="/usr/sbin/rpc.${name}" +start_precmd='statd_precmd' +stop_precmd='checkyesno nfs_server_enable || checkyesno nfs_client_enable' +status_precmd=$stop_precmd + +# Make sure that we are either an NFS client or server, and that we get +# the correct flags from rc.conf(5). +# +statd_precmd() +{ + local ret + ret=0 + + if ! checkyesno nfs_server_enable && ! checkyesno nfs_client_enable + then + ret=1 + fi + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || ret=1 + fi + rc_flags=${rpc_statd_flags} + return ${ret} +} + +load_rc_config $name +run_rc_command $1 diff --git a/etc/rc.d/static_arp b/etc/rc.d/static_arp new file mode 100755 index 0000000..6283b56 --- /dev/null +++ b/etc/rc.d/static_arp @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Copyright (c) 2009 Xin LI <delphij@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# Configure static ARP table +# +# $FreeBSD$ +# + +# PROVIDE: static_arp +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="static_arp" +start_cmd="static_arp_start" +stop_cmd="static_arp_stop" + +static_arp_start() +{ + local e arp_args + + if [ -n "${static_arp_pairs}" ]; then + echo -n 'Binding static ARP pair(s):' + for e in ${static_arp_pairs}; do + echo -n " ${e}" + eval arp_args=\$static_arp_${e} + arp -S ${arp_args} >/dev/null 2>&1 + done + echo '.' + fi +} + +static_arp_stop() +{ + local e arp_args + + if [ -n "${static_arp_pairs}" ]; then + echo -n 'Unbinding static ARP pair(s):' + for e in ${static_arp_pairs}; do + echo -n " ${e}" + eval arp_args=\$static_arp_${e} + arp -d ${arp_args%%[ ]*} > /dev/null 2>&1 + done + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/stf b/etc/rc.d/stf new file mode 100755 index 0000000..feb7b52 --- /dev/null +++ b/etc/rc.d/stf @@ -0,0 +1,78 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring 6to4 tunnel interface: stf0." + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + check_startmsgs && /sbin/ifconfig stf0 + + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing 6to4 tunnel interface: stf0." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/swap1 b/etc/rc.d/swap1 new file mode 100755 index 0000000..71a1908 --- /dev/null +++ b/etc/rc.d/swap1 @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: localswap +# REQUIRE: disks +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swap1" +start_cmd='swapon -aq' +stop_cmd=':' + +load_rc_config swap +run_rc_command "$1" diff --git a/etc/rc.d/syscons b/etc/rc.d/syscons new file mode 100755 index 0000000..815f0b2 --- /dev/null +++ b/etc/rc.d/syscons @@ -0,0 +1,263 @@ +#!/bin/sh - +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: syscons +# REQUIRE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="syscons" +extra_commands="setkeyboard" +setkeyboard_cmd="syscons_setkeyboard" +start_precmd="syscons_precmd" +start_cmd="syscons_start" +stop_cmd=":" + +# stdin must be redirected because it might be for a serial console +# +kbddev=/dev/ttyv0 +viddev=/dev/ttyv0 + +_sc_config="syscons" +_sc_initdone= +sc_init() +{ + if [ -z "${_sc_initdone}" ]; then + echo -n "Configuring ${_sc_config}:" + _sc_initdone=yes + fi +} + +# helper +syscons_configure_keyboard() +{ + # keymap + # + case ${keymap} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keymap'; kbdcontrol < ${kbddev} -l ${keymap} + ;; + esac + + # keyrate + # + case ${keyrate} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keyrate'; kbdcontrol < ${kbddev} -r ${keyrate} + ;; + esac + + # keybell + # + case ${keybell} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keybell'; kbdcontrol < ${kbddev} -b ${keybell} + ;; + esac + + # change function keys + # + case ${keychange} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keychange' + set - ${keychange} + while [ $# -gt 0 ]; do + kbdcontrol <${kbddev} -f "$1" "$2" + shift; shift + done + ;; + esac + + # set this keyboard mode for all virtual terminals + # + if [ -n "${allscreens_kbdflags}" ]; then + sc_init + echo -n ' allscreens_kbd' + for ttyv in /dev/ttyv*; do + kbdcontrol ${allscreens_kbdflags} < ${ttyv} > ${ttyv} 2>&1 + done + fi +} + +syscons_setkeyboard() +{ + kbd=$1 + + if [ -z "${kbd}" ]; then + return 1 + fi + + # Check if the kbdmux(4) is the current active keyboard + kbdcontrol -i < ${kbddev} | grep kbdmux > /dev/null 2>&1 + if [ $? -ne 0 ]; then + kbdcontrol -k ${kbd} < ${kbddev} > /dev/null 2>&1 + fi + + _sc_config="keyboard" + syscons_configure_keyboard + + # Terminate keyboard configuration line and reset global variables. + # + if [ -n "${_sc_initdone}" ]; then + echo '.' + _sc_config="syscons" + _sc_initdone= + fi + +} + +syscons_precmd() +{ + if [ ! -c $kbddev ] + then + return 1 + fi + return 0 +} + +syscons_start() +{ + # keyboard + # + if [ -n "${keyboard}" ]; then + syscons_setkeyboard ${keyboard} + fi + + syscons_configure_keyboard + + # cursor type + # + case ${cursor} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' cursor'; vidcontrol < ${viddev} -c ${cursor} + ;; + esac + + # screen mapping + # + case ${scrnmap} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' scrnmap'; vidcontrol < ${viddev} -l ${scrnmap} + ;; + esac + + # font 8x16 + # + case ${font8x16} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x16'; vidcontrol < ${viddev} -f 8x16 ${font8x16} + ;; + esac + + # font 8x14 + # + case ${font8x14} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x14'; vidcontrol < ${viddev} -f 8x14 ${font8x14} + ;; + esac + + # font 8x8 + # + case ${font8x8} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x8'; vidcontrol < ${viddev} -f 8x8 ${font8x8} + ;; + esac + + # blank time + # + case ${blanktime} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' blanktime'; vidcontrol < ${viddev} -t ${blanktime} + ;; + esac + + # screen saver + # + case ${saver} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' screensaver' + for i in `kldstat | awk '$5 ~ "_saver\.ko$" { print $5 }'`; do + kldunload ${i} + done + load_kld -e _saver ${saver}_saver + ;; + esac + + # set this mode for all virtual screens + # + if [ -n "${allscreens_flags}" ]; then + sc_init + echo -n ' allscreens' + for ttyv in /dev/ttyv*; do + vidcontrol ${allscreens_flags} < ${ttyv} > ${ttyv} 2>&1 + done + fi + + [ -n "${_sc_initdone}" ] && echo '.' +} + +load_rc_config $name +run_rc_command $* + diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl new file mode 100755 index 0000000..34fb3b5 --- /dev/null +++ b/etc/rc.d/sysctl @@ -0,0 +1,59 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sysctl + +. /etc/rc.subr + +name="sysctl" +stop_cmd=":" +start_cmd="sysctl_start" +reload_cmd="sysctl_start" +lastload_cmd="sysctl_start last" +extra_commands="reload lastload" + +# +# Read in a file containing sysctl settings and set things accordingly. +# +parse_file() +{ + if [ -f $1 ]; then + while read var comments + do + case ${var} in + \#*|'') + ;; + *) + mib=${var%=*} + val=${var#*=} + + if current_value=`${SYSCTL} -n ${mib} 2>/dev/null`; then + case ${current_value} in + ${val}) + ;; + *) + if ! sysctl "${var}" >/dev/null 2>&1; then + warn "unable to set ${var}" + fi + ;; + esac + elif [ "$2" = "last" ]; then + warn "sysctl ${mib} does not exist." + fi + ;; + esac + done < $1 + fi +} + +sysctl_start() +{ + + parse_file /etc/sysctl.conf $1 + parse_file /etc/sysctl.conf.local $1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd new file mode 100755 index 0000000..5dcd3e9 --- /dev/null +++ b/etc/rc.d/syslogd @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: syslogd +# REQUIRE: mountcritremote cleanvar newsyslog +# BEFORE: SERVERS + +. /etc/rc.subr + +name="syslogd" +rcvar=`set_rcvar` +pidfile="/var/run/syslog.pid" +command="/usr/sbin/${name}" +required_files="/etc/syslog.conf" +start_precmd="syslogd_precmd" +extra_commands="reload" + +sockfile="/var/run/syslogd.sockets" +evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" +altlog_proglist="named" + +syslogd_precmd() +{ + local _l _ldir + + # Transitional symlink for old binaries + # + if [ ! -L /dev/log ]; then + ln -sf /var/run/log /dev/log + fi + rm -f /var/run/log + + # Create default list of syslog sockets to watch + # + ( umask 022 ; > $sockfile ) + + # If running named(8) or ntpd(8) chrooted, added appropriate + # syslog socket to list of sockets to watch. + # + for _l in $altlog_proglist; do + eval _ldir=\$${_l}_chrootdir + if checkyesno `set_rcvar $_l` && [ -n "$_ldir" ]; then + echo "${_ldir}/var/run/log" >> $sockfile + fi + done + + # If other sockets have been provided, change run_rc_command()'s + # internal copy of $syslogd_flags to force use of specific + # syslogd sockets. + # + if [ -s $sockfile ]; then + echo "/var/run/log" >> $sockfile + eval $evalargs + fi + + return 0 +} + +set_socketlist() +{ + local _s _socketargs + + _socketargs= + for _s in `cat $sockfile | tr '\n' ' '` ; do + _socketargs="-l $_s $_socketargs" + done + echo $_socketargs +} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/timed b/etc/rc.d/timed new file mode 100755 index 0000000..d1cf1a2 --- /dev/null +++ b/etc/rc.d/timed @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: timed +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="timed" +rcvar=`set_rcvar` +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp new file mode 100755 index 0000000..dfb439e --- /dev/null +++ b/etc/rc.d/tmp @@ -0,0 +1,71 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: tmp +# REQUIRE: mountcritremote + +. /etc/rc.subr + +name="tmp" +stop_cmd=':' + +load_rc_config $name + +mount_tmpmfs () +{ + if ! /bin/df /tmp | grep -q "^/dev/md[0-9]"; then + mount_md ${tmpsize} /tmp "${tmpmfs_flags}" + chmod 01777 /tmp + fi +} + +# If we do not have a writable /tmp, create a memory +# filesystem for /tmp. If /tmp is a symlink (e.g. to /var/tmp, +# then it should already be writable). +# +case "${tmpmfs}" in +[Aa][Uu][Tt][Oo]) + if _tmpdir=$(mktemp -d -q /tmp/.diskless.XXXXXX); then + rmdir ${_tmpdir} + else + if [ -h /tmp ]; then + echo "*** /tmp is a symlink to a non-writable area!" + echo "dropping into shell, ^D to continue anyway." + /bin/sh + else + mount_tmpmfs + fi + fi + ;; +*) + if checkyesno tmpmfs; then + mount_tmpmfs + fi + ;; +esac diff --git a/etc/rc.d/ubthidhci b/etc/rc.d/ubthidhci new file mode 100755 index 0000000..529f8d6 --- /dev/null +++ b/etc/rc.d/ubthidhci @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ubthidhci +# REQUIRE: DAEMON +# BEFORE: bluetooth +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ubthidhci" +command="/usr/sbin/usbconfig" +rcvar=`set_rcvar` +start_precmd="ubthidhci_prestart" + +ubthidhci_prestart() +{ + + if [ -z ${ubthidhci_busnum} ]; then + warn ubthidhci_busnum is not set + return 1 + fi + if [ -z ${ubthidhci_addr} ]; then + warn ubthidhci_addr is not set + return 1 + fi +} + +load_rc_config $name +# +# We discard the output because: +# 1) we don't want it to show up during boot; and +# 2) the request usually returns an error, but that doesn't mean it failed +# +# NB: 0x40 is UT_VENDOR +command_args="-u ${ubthidhci_busnum} -a ${ubthidhci_addr} do_request 0x40 0 0 0 0 > /dev/null 2>&1" + +run_rc_command "$1" diff --git a/etc/rc.d/ugidfw b/etc/rc.d/ugidfw new file mode 100755 index 0000000..d65d6a3 --- /dev/null +++ b/etc/rc.d/ugidfw @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ + +# PROVIDE: ugidfw +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ugidfw" +rcvar="ugidfw_enable" +start_cmd="ugidfw_start" +stop_cmd="ugidfw_stop" +required_modules="mac_bsdextended" + +ugidfw_load() +{ + if [ -r "${bsdextended_script}" ]; then + . "${bsdextended_script}" + fi +} + +ugidfw_start() +{ + [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended + + if [ -r "${bsdextended_script}" ]; then + ugidfw_load + echo "MAC bsdextended rules loaded." + fi +} + +ugidfw_stop() +{ + # Disable the policy + # + kldunload mac_bsdextended +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/var b/etc/rc.d/var new file mode 100755 index 0000000..8e5bdde --- /dev/null +++ b/etc/rc.d/var @@ -0,0 +1,109 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: var +# REQUIRE: FILESYSTEMS + +. /etc/rc.subr + +name="var" +stop_cmd=':' + +load_rc_config $name + +populate_var() +{ + /usr/sbin/mtree -deU -f /etc/mtree/BSD.var.dist -p /var > /dev/null + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + ;; + *) + /usr/sbin/mtree -deU -f /etc/mtree/BSD.sendmail.dist -p / > /dev/null + ;; + esac +} + +# If we do not have a writable /var, create a memory filesystem for /var +# unless told otherwise by rc.conf. We don't have /usr yet so use mkdir +# instead of touch to test. We want mount to record its mounts so we +# have to make sure /var/db exists before doing the mount -a. +# +case "${varmfs}" in +[Yy][Ee][Ss]) + mount_md ${varsize} /var "${varmfs_flags}" + ;; +[Nn][Oo]) + ;; +*) + if /bin/mkdir -p /var/.diskless 2> /dev/null; then + rmdir /var/.diskless + else + mount_md ${varsize} /var "${varmfs_flags}" + fi +esac + + +# If we have an empty looking /var, populate it, but only if we have +# /usr available. Hopefully, we'll eventually find a workaround, but +# in realistic diskless setups, we're probably ok. +case "${populate_var}" in +[Yy][Ee][Ss]) + populate_var + ;; +[Nn][Oo]) + exit 0 + ;; +*) + if [ -d /var/run -a -d /var/db -a -d /var/empty ] ; then + true + elif [ -x /usr/sbin/mtree ] ; then + populate_var + else + # We need mtree to populate /var so try mounting /usr. + # If this does not work, we can not boot so it is OK to + # try to mount out of order. + mount /usr + if [ ! -x /usr/sbin/mtree ] ; then + exit 1 + else + populate_var + fi + fi + ;; +esac + +# Make sure we have /var/log/utx.lastlogin and /var/log/utx.log files +if [ ! -f /var/log/utx.lastlogin ]; then + cp /dev/null /var/log/utx.lastlogin + chmod 644 /var/log/utx.lastlogin +fi +if [ ! -f /var/log/utx.log ]; then + cp /dev/null /var/log/utx.log + chmod 644 /var/log/utx.log +fi diff --git a/etc/rc.d/virecover b/etc/rc.d/virecover new file mode 100755 index 0000000..77cd9a0 --- /dev/null +++ b/etc/rc.d/virecover @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: virecover +# REQUIRE: mountcritremote ldconfig +# BEFORE: DAEMON +# +# XXX: should require `mail'! + +. /etc/rc.subr + +name="virecover" +rcvar="`set_rcvar`" +stop_cmd=":" +start_cmd="virecover_start" + +virecover_start() +{ + [ -d /var/tmp/vi.recover ] || return + find /var/tmp/vi.recover ! -type f -a ! -type d -delete + vibackup=`echo /var/tmp/vi.recover/vi.*` + if [ "${vibackup}" != '/var/tmp/vi.recover/vi.*' ]; then + echo -n 'Recovering vi editor sessions:' + for i in /var/tmp/vi.recover/vi.*; do + # Only test files that are readable. + if [ ! -r "${i}" ]; then + continue + fi + + # Unmodified nvi editor backup files either have the + # execute bit set or are zero length. Delete them. + if [ -x "${i}" -o ! -s "${i}" ]; then + rm -f "${i}" + fi + done + + # It is possible to get incomplete recovery files, if the editor + # crashes at the right time. + virecovery=`echo /var/tmp/vi.recover/recover.*` + if [ "${virecovery}" != "/var/tmp/vi.recover/recover.*" ]; then + for i in /var/tmp/vi.recover/recover.*; do + # Only test files that are readable. + if [ ! -r "${i}" ]; then + continue + fi + + # Delete any recovery files that are zero length, + # corrupted, or that have no corresponding backup file. + # Else send mail to the user. + recfile=`awk '/^X-vi-recover-path:/{print $2}' < "${i}"` + if [ -n "${recfile}" -a -s "${recfile}" ]; then + sendmail -t < "${i}" + else + rm -f "${i}" + fi + done + fi + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/watchdogd b/etc/rc.d/watchdogd new file mode 100755 index 0000000..e852126 --- /dev/null +++ b/etc/rc.d/watchdogd @@ -0,0 +1,42 @@ +#!/bin/sh + +# Copyright (c) 2003 Sean M. Kelly <smkelly@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: watchdogd +# REQUIRE: DAEMON cleanvar +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="watchdogd" +rcvar="`set_rcvar`" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/wpa_supplicant b/etc/rc.d/wpa_supplicant new file mode 100755 index 0000000..8514efc --- /dev/null +++ b/etc/rc.d/wpa_supplicant @@ -0,0 +1,46 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: wpa_supplicant +# REQUIRE: mountcritremote +# KEYWORD: nojail nostart + +. /etc/rc.subr +. /etc/network.subr + +name="wpa_supplicant" +rcvar= + +ifn="$2" +if [ -z "$ifn" ]; then + return 1 +fi + +is_ndis_interface() +{ + case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in + ndis*) true ;; + *) false ;; + esac +} + +if is_wired_interface ${ifn} ; then + driver="wired" +elif is_ndis_interface ${ifn} ; then + driver="ndis" +else + driver="bsd" +fi + +load_rc_config $name + +command=${wpa_supplicant_program} +conf_file=${wpa_supplicant_conf_file} +pidfile="/var/run/${name}/${ifn}.pid" +command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" +required_files=$conf_file +required_modules="wlan_wep wlan_tkip wlan_ccmp" + +run_rc_command "$1" diff --git a/etc/rc.d/ypbind b/etc/rc.d/ypbind new file mode 100755 index 0000000..4dbf351 --- /dev/null +++ b/etc/rc.d/ypbind @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypbind +# REQUIRE: ypserv +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypbind" +command="/usr/sbin/${name}" +start_precmd="ypbind_precmd" + +load_rc_config $name +rcvar="nis_client_enable" +command_args="${nis_client_flags}" + +ypbind_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/yppasswdd b/etc/rc.d/yppasswdd new file mode 100755 index 0000000..fbb80bc --- /dev/null +++ b/etc/rc.d/yppasswdd @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: yppasswdd +# REQUIRE: ypserv ypset +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="yppasswdd" +command="/usr/sbin/rpc.${name}" +start_precmd="yppasswdd_precmd" + +load_rc_config $name +rcvar="nis_yppasswdd_enable" +command_args="${nis_yppasswdd_flags}" + +yppasswdd_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_server_enable && \ + ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1 + then + force_depend ypserv || return 1 + fi + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/ypserv b/etc/rc.d/ypserv new file mode 100755 index 0000000..8e17fd7 --- /dev/null +++ b/etc/rc.d/ypserv @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypserv +# REQUIRE: rpcbind +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypserv" +rcvar="nis_server_enable" +command="/usr/sbin/${name}" +start_precmd="ypserv_prestart" + +load_rc_config $name +command_args="${nis_server_flags}" + +ypserv_prestart() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi + if [ ! -d /var/yp/$_domain/. ]; then + warn "/var/yp/$_domain is not a directory." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/ypset b/etc/rc.d/ypset new file mode 100755 index 0000000..78c408b --- /dev/null +++ b/etc/rc.d/ypset @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypset +# REQUIRE: ypbind +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypset" +rcvar="nis_ypset_enable" +command="/usr/sbin/${name}" +start_precmd="ypset_precmd" +load_rc_config $name +command_args="${nis_ypset_flags}" + +ypset_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_client_enable && \ + ! /etc/rc.d/ypbind forcestatus 1>/dev/null 2>&1 + then + force_depend ypbind || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/ypupdated b/etc/rc.d/ypupdated new file mode 100755 index 0000000..98ef203 --- /dev/null +++ b/etc/rc.d/ypupdated @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypupdated +# REQUIRE: rpcbind ypserv +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypupdated" +rcvar="rpc_ypupdated_enable" +command="/usr/sbin/rpc.${name}" +start_precmd="rpc_ypupdated_precmd" + +rpc_ypupdated_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_server_enable && \ + ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1 + then + force_depend ypserv || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ypxfrd b/etc/rc.d/ypxfrd new file mode 100755 index 0000000..f125a30 --- /dev/null +++ b/etc/rc.d/ypxfrd @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypxfrd +# REQUIRE: rpcbind ypserv +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypxfrd" +rcvar="nis_ypxfrd_enable" +command="/usr/sbin/rpc.${name}" +start_precmd="ypxfrd_precmd" +load_rc_config $name +command_args="${nis_ypxfrd_flags}" + +ypxfrd_precmd() +{ + local _domain + + if ! checkyesno rpcbind_enable && \ + ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1 + then + force_depend rpcbind || return 1 + fi + if ! checkyesno nis_server_enable && \ + ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1 + then + force_depend ypserv || return 1 + fi + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/etc/rc.d/zfs b/etc/rc.d/zfs new file mode 100755 index 0000000..cabbcf6 --- /dev/null +++ b/etc/rc.d/zfs @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zfs +# REQUIRE: mountcritlocal + +. /etc/rc.subr + +name="zfs" +rcvar="zfs_enable" +start_cmd="zfs_start" +stop_cmd="zfs_stop" +required_modules="zfs" + +zfs_start_jail() +{ + if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + zfs mount -a + fi +} + +zfs_start_main() +{ + zfs mount -a + zfs share -a + if [ ! -r /etc/zfs/exports ]; then + touch /etc/zfs/exports + fi +} + +zfs_start() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + zfs_start_jail + else + zfs_start_main + fi +} + +zfs_stop_jail() +{ + if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + zfs unmount -a + fi +} + +zfs_stop_main() +{ + zfs unshare -a + zfs unmount -a +} + +zfs_stop() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + zfs_stop_jail + else + zfs_stop_main + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/zvol b/etc/rc.d/zvol new file mode 100755 index 0000000..b52f4ce --- /dev/null +++ b/etc/rc.d/zvol @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zvol +# REQUIRE: hostid +# KEYWORD: nojail + +. /etc/rc.subr + +name="zvol" +rcvar="zfs_enable" +start_cmd="zvol_start" +stop_cmd="zvol_stop" +required_modules="zfs" + +zvol_start() +{ + # Enable swap on ZVOLs with property org.freebsd:swap=on. + zfs list -H -o org.freebsd:swap,name -t volume | \ + while read state name; do + case "${state}" in + [oO][nN]) + swapon /dev/zvol/${name} + ;; + esac + done +} + +zvol_stop() +{ + # Disable swap on ZVOLs with property org.freebsd:swap=on. + zfs list -H -o org.freebsd:swap,name -t volume | \ + while read state name; do + case "${state}" in + [oO][nN]) + swapoff /dev/zvol/${name} + ;; + esac + done +} + +load_rc_config $name +run_rc_command "$1" |