diff options
author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2018-10-17 16:49:11 +0000 |
---|---|---|
committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2018-10-17 16:49:11 +0000 |
commit | 0696600c41600d80bcd993bfd8e675d0ae6951fe (patch) | |
tree | 45a1b1b869fe29f26dc2cb4978b509ba9a74e706 /libexec | |
parent | 6f65800cbbb453c18a098f0e14bff8dc5818aa93 (diff) | |
download | src-0696600c41600d80bcd993bfd8e675d0ae6951fe.tar.gz src-0696600c41600d80bcd993bfd8e675d0ae6951fe.zip |
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.
Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)
Notes
Notes:
svn path=/head/; revision=339413
Diffstat (limited to 'libexec')
179 files changed, 17161 insertions, 0 deletions
diff --git a/libexec/Makefile b/libexec/Makefile index 37983f2069d0..89688daafb59 100644 --- a/libexec/Makefile +++ b/libexec/Makefile @@ -13,6 +13,7 @@ SUBDIR= ${_atf} \ ${_makewhatis.local} \ ${_mknetid} \ ${_pppoed} \ + rc \ revnetgroup \ ${_rlogind} \ rpc.rquotad \ diff --git a/libexec/rc/Makefile b/libexec/rc/Makefile new file mode 100644 index 000000000000..bcca7f33a490 --- /dev/null +++ b/libexec/rc/Makefile @@ -0,0 +1,16 @@ +# $FreeBSD$ + +CONFGROUPS= CONFETC CONFETCEXEC CONFETCDEFAULTS +CONFETCDIR= /etc +CONFETC= network.subr rc rc.initdiskless rc.subr rc.shutdown +CONFETCMODE= 644 +CONFETCEXEC= netstart pccard_ether rc.resume rc.suspend +CONFETCEXECDIR= /etc +CONFETCEXECMODE= 755 +CONFETCDEFAULTSDIR= /etc/defaults +CONFETCDEFAULTS= rc.conf +PACKAGE=rc + +SUBDIR+= rc.d + +.include <bsd.prog.mk> diff --git a/libexec/rc/netstart b/libexec/rc/netstart new file mode 100755 index 000000000000..fa4ce382e4ff --- /dev/null +++ b/libexec/rc/netstart @@ -0,0 +1,57 @@ +#!/bin/sh - +# +# Copyright (c) 1993 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# From: @(#)netstart 5.9 (Berkeley) 3/30/91 +# + +# This file is NOT called by any of the other scripts - it has been +# obsoleted by /etc/rc.d/* and is provided here only for user +# convenience (if you're sitting in single user mode and wish to start +# the network by hand, this script will do it for you). +# + +_start=quietstart + +/etc/rc.d/devd ${_start} +/etc/rc.d/hostid ${_start} +/etc/rc.d/hostname ${_start} +/etc/rc.d/ipmon ${_start} +/etc/rc.d/ipfilter ${_start} +/etc/rc.d/ipnat ${_start} +/etc/rc.d/ipfs ${_start} +/etc/rc.d/sppp ${_start} +/etc/rc.d/netif ${_start} +/etc/rc.d/ipsec ${_start} +/etc/rc.d/ppp ${_start} +/etc/rc.d/ipfw ${_start} +/etc/rc.d/routing ${_start} +/etc/rc.d/route6d ${_start} +/etc/rc.d/routed ${_start} +/etc/rc.d/rtsold ${_start} +/etc/rc.d/nisdomain ${_start} + +exit 0 diff --git a/libexec/rc/network.subr b/libexec/rc/network.subr new file mode 100644 index 000000000000..af2b2147a05f --- /dev/null +++ b/libexec/rc/network.subr @@ -0,0 +1,1793 @@ +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +IFCONFIG_CMD="/sbin/ifconfig" +: ${netif_ipexpand_max:=2048} + +# +# Subroutines commonly used from network startup scripts. +# Requires that rc.conf be loaded first. +# + +# ifn_start ifn +# Bring up and configure an interface. If some configuration is +# applied, print the interface configuration. +# +ifn_start() +{ + local ifn cfg + ifn="$1" + cfg=1 + + [ -z "$ifn" ] && err 1 "ifn_start called without an interface" + + ifscript_up ${ifn} && cfg=0 + ifconfig_up ${ifn} && cfg=0 + if ! noafif $ifn; then + afexists inet && ipv4_up ${ifn} && cfg=0 + afexists inet6 && ipv6_up ${ifn} && cfg=0 + fi + childif_create ${ifn} && cfg=0 + + return $cfg +} + +# ifn_stop ifn +# Shutdown and de-configure an interface. If action is taken, +# print the interface name. +# +ifn_stop() +{ + local ifn cfg + ifn="$1" + cfg=1 + + [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" + + if ! noafif $ifn; then + afexists inet6 && ipv6_down ${ifn} && cfg=0 + afexists inet && ipv4_down ${ifn} && cfg=0 + fi + ifconfig_down ${ifn} && cfg=0 + ifscript_down ${ifn} && cfg=0 + childif_destroy ${ifn} && cfg=0 + + return $cfg +} + +# ifn_vnetup ifn +# Move ifn to the specified vnet jail. +# +ifn_vnetup() +{ + + ifn_vnet0 $1 vnet +} + +# ifn_vnetdown ifn +# Reclaim ifn from the specified vnet jail. +# +ifn_vnetdown() +{ + + ifn_vnet0 $1 -vnet +} + +# ifn_vnet0 ifn action +# Helper function for ifn_vnetup and ifn_vnetdown. +# +ifn_vnet0() +{ + local _ifn _cfg _action _vnet + _ifn="$1" + _action="$2" + _cfg=1 + + if _vnet=$(vnetif $_ifn); then + ${IFCONFIG_CMD} $_ifn $_action $_vnet && _cfg=0 + fi + + return $_cfg +} + +# ifconfig_up if +# Evaluate ifconfig(8) arguments for interface $if and +# run ifconfig(8) with those arguments. It returns 0 if +# arguments were found and executed or 1 if the interface +# had no arguments. Pseudo arguments DHCP and WPA are handled +# here. +# +ifconfig_up() +{ + local _cfg _ifconfig_descr _ipv6_opts ifconfig_args + _cfg=1 + + # Make sure lo0 always comes up. + if [ "$1" = "lo0" ]; then + _cfg=0 + fi + + # inet6 specific + if ! noafif $1 && afexists inet6; then + if checkyesno ipv6_activate_all_interfaces; then + _ipv6_opts="-ifdisabled" + elif [ "$1" != "lo0" ]; then + _ipv6_opts="ifdisabled" + fi + + # backward compatibility: $ipv6_enable + case $ipv6_enable in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + case $1 in + bridge[0-9]*) + # No accept_rtadv by default on if_bridge(4) + # to avoid a conflict with the member + # interfaces. + ;; + *) + if ! checkyesno ipv6_gateway_enable; then + _ipv6_opts="${_ipv6_opts} accept_rtadv" + fi + ;; + esac + ;; + esac + + case $ipv6_cpe_wanif in + $1) + _ipv6_opts="${_ipv6_opts} -no_radr accept_rtadv" + ;; + esac + + if [ -n "${_ipv6_opts}" ]; then + ${IFCONFIG_CMD} $1 inet6 ${_ipv6_opts} + fi + fi + + # ifconfig_IF + ifconfig_args=`ifconfig_getargs $1` + if [ -n "${ifconfig_args}" ]; then + eval ${IFCONFIG_CMD} $1 ${ifconfig_args} + _cfg=0 + fi + + # inet6 specific + if ! noafif $1 && afexists inet6; then + # ifconfig_IF_ipv6 + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + # backward compatibility: inet6 keyword + case "${ifconfig_args}" in + :*|[0-9a-fA-F]*:*) + warn "\$ifconfig_$1_ipv6 needs leading" \ + "\"inet6\" keyword for an IPv6 address." + ifconfig_args="inet6 ${ifconfig_args}" + ;; + esac + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + eval ${IFCONFIG_CMD} $1 ${ifconfig_args} + _cfg=0 + fi + + # $ipv6_prefix_IF will be handled in + # ipv6_prefix_hostid_addr_common(). + ifconfig_args=`get_if_var $1 ipv6_prefix_IF` + if [ -n "${ifconfig_args}" ]; then + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + _cfg=0 + fi + + # backward compatibility: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + eval ${IFCONFIG_CMD} $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + ifalias $1 link alias + ifalias $1 ether alias + + _ifconfig_descr=`get_if_var $1 ifconfig_IF_descr` + if [ -n "${_ifconfig_descr}" ]; then + ${IFCONFIG_CMD} $1 description "${_ifconfig_descr}" + fi + + if wpaif $1; then + /etc/rc.d/wpa_supplicant start $1 + _cfg=0 # XXX: not sure this should count + elif hostapif $1; then + /etc/rc.d/hostapd start $1 + _cfg=0 + elif [ ${_cfg} -eq 0 ]; then + ${IFCONFIG_CMD} $1 up + fi + + if dhcpif $1; then + if [ $_cfg -ne 0 ] ; then + ${IFCONFIG_CMD} $1 up + fi + if syncdhcpif $1; then + /etc/rc.d/dhclient start $1 + fi + _cfg=0 + fi + + return $_cfg +} + +# ifconfig_down if +# returns 1 if wpa_supplicant or dhclient was stopped or +# the interface exists. +# +ifconfig_down() +{ + local _cfg + _cfg=1 + + if wpaif $1; then + /etc/rc.d/wpa_supplicant stop $1 + _cfg=0 + elif hostapif $1; then + /etc/rc.d/hostapd stop $1 + _cfg=0 + fi + + if dhcpif $1; then + /etc/rc.d/dhclient stop $1 + _cfg=0 + fi + + if ifexists $1; then + ${IFCONFIG_CMD} $1 down + _cfg=0 + fi + + return $_cfg +} + +# get_if_var if var [default] +# Return the value of the pseudo-hash corresponding to $if where +# $var is a string containg the sub-string "IF" which will be +# replaced with $if after the characters defined in _punct are +# replaced with '_'. If the variable is unset, replace it with +# $default if given. +get_if_var() +{ + local _if _punct _punct_c _var _default prefix suffix + + if [ $# -ne 2 -a $# -ne 3 ]; then + err 3 'USAGE: get_if_var name var [default]' + fi + + _if=$1 + _punct=".-/+" + ltr ${_if} "${_punct}" '_' _if + _var=$2 + _default=$3 + + prefix=${_var%%IF*} + suffix=${_var##*IF} + eval echo \${${prefix}${_if}${suffix}-${_default}} +} + +# _ifconfig_getargs if [af] +# Prints the arguments for the supplied interface to stdout. +# Returns 1 if empty. In general, ifconfig_getargs should be used +# outside this file. +_ifconfig_getargs() +{ + local _ifn _af + _ifn=$1 + _af=${2+_$2} + + if [ -z "$_ifn" ]; then + return 1 + fi + + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" +} + +# ifconfig_getargs if [af] +# Takes the result from _ifconfig_getargs and removes pseudo +# args such as DHCP and WPA. +ifconfig_getargs() +{ + local _tmpargs _arg _args _vnet + _tmpargs=`_ifconfig_getargs $1 $2` + if [ $? -eq 1 ]; then + return 1 + fi + _args= + _vnet=0 + + for _arg in $_tmpargs; do + case $_arg:$_vnet in + [Dd][Hh][Cc][Pp]:0) ;; + [Nn][Oo][Aa][Uu][Tt][Oo]:0) ;; + [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]:0) ;; + [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]:0) ;; + [Ww][Pp][Aa]:0) ;; + [Hh][Oo][Ss][Tt][Aa][Pp]:0) ;; + vnet:0) _vnet=1 ;; + *:1) _vnet=0 ;; + *:0) + _args="$_args $_arg" + ;; + esac + done + + echo $_args +} + +# autoif +# Returns 0 if the interface should be automatically configured at +# boot time and 1 otherwise. +autoif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Nn][Oo][Aa][Uu][Tt][Oo]) + return 1 + ;; + esac + done + + return 0 +} + +# dhcpif if +# Returns 0 if the interface is a DHCP interface and 1 otherwise. +dhcpif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + case $1 in + lo[0-9]*|\ + stf[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac + if noafif $1; then + return 1 + fi + + for _arg in $_tmpargs; do + case $_arg in + [Dd][Hh][Cc][Pp]) + return 0 + ;; + [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 0 + ;; + [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 0 + ;; + esac + done + + return 1 +} + +# syncdhcpif +# Returns 0 if the interface should be configured synchronously and +# 1 otherwise. +syncdhcpif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + if noafif $1; then + return 1 + fi + + for _arg in $_tmpargs; do + case $_arg in + [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 1 + ;; + [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) + return 0 + ;; + esac + done + + checkyesno synchronous_dhclient +} + +# wpaif if +# Returns 0 if the interface is a WPA interface and 1 otherwise. +wpaif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Ww][Pp][Aa]) + return 0 + ;; + esac + done + + return 1 +} + +# hostapif if +# Returns 0 if the interface is a HOSTAP interface and 1 otherwise. +hostapif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Hh][Oo][Ss][Tt][Aa][Pp]) + return 0 + ;; + esac + done + + return 1 +} + +# vnetif if +# Returns 0 and echo jail if "vnet" keyword is specified on the +# interface, and 1 otherwise. +vnetif() +{ + local _tmpargs _arg _vnet + _tmpargs=`_ifconfig_getargs $1` + + _vnet=0 + for _arg in $_tmpargs; do + case $_arg:$_vnet in + vnet:0) _vnet=1 ;; + *:1) echo $_arg; return 0 ;; + esac + done + + return 1 +} + +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + local _af + _af=$1 + + case ${_af} in + inet|inet6) + check_kern_features ${_af} + ;; + link|ether) + return 0 + ;; + *) + err 1 "afexists(): Unsupported address family: $_af" + ;; + esac +} + +# noafif if +# Returns 0 if the interface has no af configuration and 1 otherwise. +noafif() +{ + local _if + _if=$1 + + case $_if in + pflog[0-9]*|\ + pfsync[0-9]*|\ + usbus[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + ipfw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 0 + ;; + esac + + return 1 +} + +# ipv6if if +# Returns 0 if the interface should be configured for IPv6 and +# 1 otherwise. +ipv6if() +{ + local _if _tmpargs i + _if=$1 + + if ! afexists inet6; then + return 1 + fi + + # lo0 is always IPv6-enabled + case $_if in + lo0) + return 0 + ;; + esac + + case "${ipv6_network_interfaces}" in + $_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo]) + # True if $ifconfig_IF_ipv6 is defined. + _tmpargs=`_ifconfig_getargs $_if ipv6` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + + # True if $ipv6_prefix_IF is defined. + _tmpargs=`get_if_var $_if ipv6_prefix_IF` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + + # backward compatibility: True if $ipv6_ifconfig_IF is defined. + _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + ;; + esac + + return 1 +} + +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration; 1 otherwise. +ipv6_autoconfif() +{ + local _if _tmpargs _arg + _if=$1 + + case $_if in + lo[0-9]*|\ + stf[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac + if noafif $_if; then + return 1 + fi + if ! ipv6if $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + _tmpargs=`get_if_var $_if ipv6_prefix_IF` + if [ -n "${_tmpargs}" ]; then + return 1 + fi + # backward compatibility: $ipv6_enable + case $ipv6_enable in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + if checkyesno ipv6_gateway_enable; then + return 1 + fi + case $1 in + bridge[0-9]*) + # No accept_rtadv by default on if_bridge(4) + # to avoid a conflict with the member + # interfaces. + return 1 + ;; + *) + return 0 + ;; + esac + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + # backward compatibility: $ipv6_ifconfig_IF + _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + return 1 +} + +# ifexists if +# Returns 0 if the interface exists and 1 otherwise. +ifexists() +{ + [ -z "$1" ] && return 1 + ${IFCONFIG_CMD} -n $1 > /dev/null 2>&1 +} + +# ipv4_up if +# add IPv4 addresses to the interface $if +ipv4_up() +{ + local _if _ret + _if=$1 + _ret=1 + + # Add 127.0.0.1/8 to lo0 unless otherwise specified. + if [ "${_if}" = "lo0" ]; then + ifconfig_args=`get_if_var ${_if} ifconfig_IF` + if [ -z "${ifconfig_args}" ]; then + ${IFCONFIG_CMD} ${_if} inet 127.0.0.1/8 alias + fi + fi + ifalias ${_if} inet alias && _ret=0 + + return $_ret +} + +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + local _if _ret + _if=$1 + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ifalias ${_if} inet6 alias && _ret=0 + ipv6_prefix_hostid_addr_common ${_if} alias && _ret=0 + ipv6_accept_rtadv_up ${_if} && _ret=0 + + return $_ret +} + +# ipv4_down if +# remove IPv4 addresses from the interface $if +ipv4_down() +{ + local _if _ifs _ret inetList oldifs _inet + _if=$1 + _ifs="^" + _ret=1 + + ifalias ${_if} inet -alias && _ret=0 + + inetList="`${IFCONFIG_CMD} ${_if} | grep 'inet ' | tr "\n\t" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet in $inetList ; do + # get rid of extraneous line + case $_inet in + inet\ *) ;; + *) continue ;; + esac + + _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` + + IFS="$oldifs" + ${IFCONFIG_CMD} ${_if} ${_inet} delete + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + local _if _ifs _ret inetList oldifs _inet6 + _if=$1 + _ifs="^" + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} && _ret=0 + ipv6_prefix_hostid_addr_common ${_if} -alias && _ret=0 + ifalias ${_if} inet6 -alias && _ret=0 + + inetList="`${IFCONFIG_CMD} ${_if} | grep 'inet6 ' | tr "\n\t" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + case $_inet6 in + inet6\ *) ;; + *) continue ;; + esac + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ${IFCONFIG_CMD} ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + +# ifalias if af action +# Configure or remove aliases for network interface $if. +# It returns 0 if at least one alias was configured or +# removed, or 1 if there were none. +# +ifalias() +{ + local _ret + _ret=1 + + afexists $2 || return $_ret + + case "$2" in + inet|inet6|link|ether) + ifalias_af_common $1 $2 $3 && _ret=0 + ;; + esac + + return $_ret +} + +# ifalias_expand_addr af action addr +# Expand address range ("N-M") specification in addr. +# "addr" must not include an address-family keyword. +# The results will include an address-family keyword. +# +ifalias_expand_addr() +{ + local _af _action + + _af=$1 + _action=$2 + shift 2 + + afexists $_af || return + ifalias_expand_addr_$_af $_action $* +} + +# ifalias_expand_addr_inet action addr +# Helper function for ifalias_expand_addr(). Handles IPv4. +# +ifalias_expand_addr_inet() +{ + local _action _arg _cidr _cidr_addr _exargs + local _ipaddr _plen _range _iphead _iptail _iplow _iphigh _ipcount + local _retstr _c + _action=$1 + _arg=$2 + shift 2 + _exargs=$* + _retstr= + + case $_action:$_arg:$_exargs in + *:*--*) return ;; # invalid + tmp:*[0-9]-[0-9]*:*) # to be expanded + _action="alias" + ;; + *:*[0-9]-[0-9]*:*) # to be expanded + ;; + tmp:*:*netmask*) # already expanded w/ netmask option + echo ${_arg%/[0-9]*} $_exargs && return + ;; + tmp:*:*) # already expanded w/o netmask option + echo $_arg $_exargs && return + ;; + *:*:*netmask*) # already expanded w/ netmask option + echo inet ${_arg%/[0-9]*} $_exargs && return + ;; + *:*:*) # already expanded w/o netmask option + echo inet $_arg $_exargs && return + ;; + esac + + for _cidr in $_arg; do + _ipaddr=${_cidr%%/*} + _plen=${_cidr##*/} + # When subnet prefix length is not specified, use /32. + case $_plen in + $_ipaddr) _plen=32 ;; # "/" character not found + esac + + OIFS=$IFS + IFS=. set -- $_ipaddr + _range= + _iphead= + _iptail= + for _c in $@; do + case $_range:$_c in + :[0-9]*-[0-9]*) + _range=$_c + ;; + :*) + _iphead="${_iphead}${_iphead:+.}${_c}" + ;; + *:*) + _iptail="${_iptail}${_iptail:+.}${_c}" + ;; + esac + done + IFS=$OIFS + _iplow=${_range%-*} + _iphigh=${_range#*-} + + # clear netmask when removing aliases + if [ "$_action" = "-alias" ]; then + _plen="" + fi + + _ipcount=$_iplow + while [ "$_ipcount" -le "$_iphigh" ]; do + _retstr="${_retstr} ${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail}${_plen:+/}${_plen}" + if [ $_ipcount -gt $(($_iplow + $netif_ipexpand_max)) ]; then + warn "Range specification is too large (${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_iphigh}${_iptail:+.}${_iptail}). ${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail} was processed. Increase \$netif_ipexpand_max in rc.conf." + break + else + _ipcount=$(($_ipcount + 1)) + fi + # Forcibly set /32 for remaining aliases. + _plen=32 + done + done + + for _c in $_retstr; do + ifalias_expand_addr_inet $_action $_c $_exargs + done +} + +# ifalias_expand_addr_inet6 action addr +# Helper function for ifalias_expand_addr(). Handles IPv6. +# +ifalias_expand_addr_inet6() +{ + local _action _arg _cidr _cidr_addr _exargs + local _ipaddr _plen _ipleft _ipright _iplow _iphigh _ipcount + local _ipv4part + local _retstr _c + _action=$1 + _arg=$2 + shift 2 + _exargs=$* + _retstr= + + case $_action:$_arg:$_exargs in + *:*--*:*) return ;; # invalid + tmp:*[0-9a-zA-Z]-[0-9a-zA-Z]*:*)# to be expanded + _action="alias" + ;; + *:*[0-9a-zA-Z]-[0-9a-zA-Z]*:*) # to be expanded + ;; + tmp:*:*prefixlen*) # already expanded w/ prefixlen option + echo ${_arg%/[0-9]*} $_exargs && return + ;; + tmp:*:*) # already expanded w/o prefixlen option + echo $_arg $_exargs && return + ;; + *:*:*prefixlen*) # already expanded w/ prefixlen option + echo inet6 ${_arg%/[0-9]*} $_exargs && return + ;; + *:*:*) # already expanded w/o prefixlen option + echo inet6 $_arg $_exargs && return + ;; + esac + + for _cidr in $_arg; do + _ipaddr="${_cidr%%/*}" + _plen="${_cidr##*/}" + + case $_action:$_ipaddr:$_cidr in + -alias:*:*) unset _plen ;; + *:$_cidr:$_ipaddr) unset _plen ;; + esac + + if [ "${_ipaddr%:*.*.*.*}" = "$_ipaddr" ]; then + # Handle !v4mapped && !v4compat addresses. + + # The default prefix length is 64. + case $_ipaddr:$_cidr in + $_cidr:$_ipaddr) _plen="64" ;; + esac + _ipleft=${_ipaddr%-*} + _ipright=${_ipaddr#*-} + _iplow=${_ipleft##*:} + _iphigh=${_ipright%%:*} + _ipleft=${_ipleft%:*} + _ipright=${_ipright#*:} + + if [ "$_iphigh" = "$_ipright" ]; then + unset _ipright + else + _ipright=:$_ipright + fi + + if [ -n "$_iplow" -a -n "$_iphigh" ]; then + _iplow=$((0x$_iplow)) + _iphigh=$((0x$_iphigh)) + _ipcount=$_iplow + while [ $_ipcount -le $_iphigh ]; do + _r=`printf "%s:%04x%s%s" \ + $_ipleft $_ipcount $_ipright \ + ${_plen:+/}$_plen` + _retstr="$_retstr $_r" + if [ $_ipcount -gt $(($_iplow + $netif_ipexpand_max)) ] + then + warn "Range specification is too large $(printf '(%s:%x%s-%s:%x%s)' "$_ipleft" "$_iplow" "$_ipright" "$_ipleft" "$_iphigh" "$_ipright"). $(printf '%s:%x%s-%s:%x%s' "$_ipleft" "$_iplow" "$_ipright" "$_ipleft" "$_ipcount" "$_ipright") was processed. Increase \$netif_ipexpand_max in rc.conf." + break + else + _ipcount=$(($_ipcount + 1)) + fi + done + else + _retstr="${_ipaddr}${_plen:+/}${_plen}" + fi + + for _c in $_retstr; do + ifalias_expand_addr_inet6 $_action $_c $_exargs + done + else + # v4mapped/v4compat should handle as an IPv4 alias + _ipv4part=${_ipaddr##*:} + + # Adjust prefix length if any. If not, set the + # default prefix length as 32. + case $_ipaddr:$_cidr in + $_cidr:$_ipaddr) _plen=32 ;; + *) _plen=$(($_plen - 96)) ;; + esac + + _retstr=`ifalias_expand_addr_inet \ + tmp ${_ipv4part}${_plen:+/}${_plen}` + for _c in $_retstr; do + ifalias_expand_addr_inet $_action $_c $_exargs + done + fi + done +} + +# ifalias_af_common_handler if af action args +# Helper function for ifalias_af_common(). +# +ifalias_af_common_handler() +{ + local _ret _if _af _action _args _c _tmpargs + + _ret=1 + _if=$1 + _af=$2 + _action=$3 + shift 3 + _args=$* + + case $_args in + ${_af}\ *) ;; + *) return ;; + esac + + # link(ether) does not support address removal. + case $_af:$_action in + link:-alias|ether:-alias) return ;; + esac + + _tmpargs= + for _c in $_args; do + case $_c in + ${_af}) + case $_tmpargs in + ${_af}\ *[0-9a-fA-F]-*) + ifalias_af_common_handler $_if $_af $_action \ + `ifalias_expand_addr $_af $_action ${_tmpargs#${_af}\ }` + ;; + ${_af}\ *) + ${IFCONFIG_CMD} $_if $_tmpargs $_action && _ret=0 + ;; + esac + _tmpargs=$_af + ;; + *) + _tmpargs="$_tmpargs $_c" + ;; + esac + done + # Process the last component if any. + if [ -n "$_tmpargs}" ]; then + case $_tmpargs in + ${_af}\ *[0-9a-fA-F]-*) + ifalias_af_common_handler $_if $_af $_action \ + `ifalias_expand_addr $_af $_action ${_tmpargs#${_af}\ }` + ;; + ${_af}\ *) + ${IFCONFIG_CMD} $_if $_tmpargs $_action && _ret=0 + ;; + esac + fi + + return $_ret +} + +# ifalias_af_common if af action +# Helper function for ifalias(). +# +ifalias_af_common() +{ + local _ret _if _af _action alias ifconfig_args _aliasn _c _tmpargs _iaf + local _vif _punct=".-/+" + + _ret=1 + _aliasn= + _if=$1 + _af=$2 + _action=$3 + + # Normalize $_if before using it in a pattern to list_vars() + ltr "$_if" "$_punct" "_" _vif + + # ifconfig_IF_aliasN which starts with $_af + for alias in `list_vars ifconfig_${_vif}_alias[0-9]\* | + sort_lite -nk1.$((9+${#_vif}+7))` + do + eval ifconfig_args=\"\$$alias\" + _iaf= + case $ifconfig_args in + inet\ *) _iaf=inet ;; + inet6\ *) _iaf=inet6 ;; + link\ *) _iaf=link ;; + ether\ *) _iaf=ether ;; + esac + + case ${_af}:${_action}:${_iaf}:"${ifconfig_args}" in + ${_af}:*:${_af}:*) + _aliasn="$_aliasn $ifconfig_args" + ;; + ${_af}:*:"":"") + break + ;; + inet:alias:"":*) + _aliasn="$_aliasn inet $ifconfig_args" + warn "\$${alias} needs leading" \ + "\"inet\" keyword for an IPv4 address." + esac + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + case $_af in + inet6) + for alias in `list_vars ipv6_ifconfig_${_vif}_alias[0-9]\* | + sort_lite -nk1.$((14+${#_vif}+7))` + do + eval ifconfig_args=\"\$$alias\" + case ${_action}:"${ifconfig_args}" in + *:"") + break + ;; + alias:*) + _aliasn="${_aliasn} inet6 ${ifconfig_args}" + warn "\$${alias} is obsolete. " \ + "Use ifconfig_${_vif}_aliasN instead." + ;; + esac + done + esac + + # backward compatibility: ipv4_addrs_IF. + for _tmpargs in `get_if_var $_if ipv4_addrs_IF`; do + _aliasn="$_aliasn inet $_tmpargs" + done + + # Handle ifconfig_IF_aliases, ifconfig_IF_aliasN, and the others. + _tmpargs= + for _c in `get_if_var $_if ifconfig_IF_aliases` $_aliasn; do + case $_c in + inet|inet6|link|ether) + case $_tmpargs in + ${_af}\ *) + eval ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 + ;; + esac + _tmpargs=$_c + ;; + *) + _tmpargs="$_tmpargs $_c" + esac + done + # Process the last component + case $_tmpargs in + ${_af}\ *) + ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 + ;; + esac + + return $_ret +} + +# ipv6_prefix_hostid_addr_common if action +# Add or remove IPv6 prefix + hostid addr on the interface $if +# +ipv6_prefix_hostid_addr_common() +{ + local _if _action prefix j + _if=$1 + _action=$2 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + for j in ${prefix}; do + # The default prefixlen is 64. + plen=${j#*/} + case $j:$plen in + $plen:$j) plen=64 ;; + *) j=${j%/*} ;; + esac + + # Normalize the last part by removing ":" + j=${j%::*} + j=${j%:} + ${IFCONFIG_CMD} ${_if} inet6 $j:: \ + prefixlen $plen eui64 ${_action} + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ${IFCONFIG_CMD} ${_if} inet6 $j:: \ + prefixlen $plen ${_action} anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router +# Solicitation message +ipv6_accept_rtadv_up() +{ + if ipv6_autoconfif $1; then + ${IFCONFIG_CMD} $1 inet6 accept_rtadv up + if ! checkyesno rtsold_enable; then + rtsol ${rtsol_flags} $1 + fi + fi +} + +# ipv6_accept_rtadv_down if +# Disable accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + if ipv6_autoconfif $1; then + ${IFCONFIG_CMD} $1 inet6 -accept_rtadv + fi +} + +# ifscript_up if +# Evaluate a startup script for the $if interface. +# It returns 0 if a script was found and processed or +# 1 if no script was found. +# +ifscript_up() +{ + if [ -r /etc/start_if.$1 ]; then + . /etc/start_if.$1 + return 0 + else + return 1 + fi +} + +# ifscript_down if +# Evaluate a shutdown script for the $if interface. +# It returns 0 if a script was found and processed or +# 1 if no script was found. +# +ifscript_down() +{ + if [ -r /etc/stop_if.$1 ]; then + . /etc/stop_if.$1 + return 0 + else + return 1 + fi +} + +# wlan_up +# Create IEEE802.11 interfaces. +# +wlan_up() +{ + local _list _iflist parent child_wlans child create_args debug_flags + _list= + _iflist=$* + + # Parse wlans_$parent="$child ..." + for parent in `set | sed -nE 's/wlans_([a-z]+[0-9]+)=.*/\1/p'`; do + child_wlans=`get_if_var $parent wlans_IF` + for child in ${child_wlans}; do + create_args="wlandev $parent `get_if_var $child create_args_IF`" + debug_flags="`get_if_var $child wlandebug_IF`" + case $_iflist in + ""|$child|$child\ *|*\ $child\ *|*\ $child) ;; + *) continue ;; + esac + # Skip if ${child} already exists. + if ${IFCONFIG_CMD} $child > /dev/null 2>&1; then + continue + fi + if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 + else + ${IFCONFIG_CMD} wlan create ${create_args} name $child && cfg=0 + fi + if [ $? -eq 0 ]; then + _list="$_list $child" + fi + if [ -n "${debug_flags}" ]; then + wlandebug -i $child ${debug_flags} + fi + done + done + if [ -n "${_list# }" ]; then + echo "Created wlan(4) interfaces: ${_list# }." + fi + debug "Created wlan(4)s: ${_list# }" +} + +# wlan_down +# Destroy IEEE802.11 interfaces. +# +wlan_down() +{ + local _list _iflist parent child_wlans child + _list= + _iflist=$* + + # Parse wlans_$parent="$child ..." + for parent in `set | sed -nE 's/wlans_([a-z]+[0-9]+)=.*/\1/p'`; do + child_wlans=`get_if_var $parent wlans_IF` + for child in ${child_wlans}; do + case $_iflist in + ""|$child|$child\ *|*\ $child\ *|*\ $child) ;; + *) continue ;; + esac + # Skip if ${child} doesn't exists. + if ! ${IFCONFIG_CMD} $child > /dev/null 2>&1; then + continue + fi + ${IFCONFIG_CMD} -n ${child} destroy + if [ $? -eq 0 ]; then + _list="$_list $child" + fi + done + done + if [ -n "${_list# }" ]; then + echo "Destroyed wlan(4) interfaces: ${_list# }." + fi + debug "Destroyed wlan(4)s: ${_list# }" +} + +# clone_up +# Create cloneable interfaces. +# +clone_up() +{ + local _list ifn ifopt _iflist _n tmpargs + _list= + _iflist=$* + + # create_args_IF + for ifn in ${cloned_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + case $ifn in + epair[0-9]*) + # epair(4) uses epair[0-9] for creation and + # epair[0-9][ab] for configuration. + # + # Skip if ${ifn}a or ${ifn}b already exist. + if ${IFCONFIG_CMD} ${ifn}a > /dev/null 2>&1; then + continue + elif ${IFCONFIG_CMD} ${ifn}b > /dev/null 2>&1; then + continue + fi + ${IFCONFIG_CMD} ${ifn} create \ + `get_if_var ${ifn} create_args_IF` + if [ $? -eq 0 ]; then + _list="$_list ${ifn}a ${ifn}b" + fi + ;; + *) + # Skip if ${ifn} already exists. + if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + ${IFCONFIG_CMD} ${ifn} create \ + `get_if_var ${ifn} create_args_IF` + if [ $? -eq 0 ]; then + _list="$_list $ifn" + fi + esac + done + if [ -n "$gif_interfaces" ]; then + warn "\$gif_interfaces is obsolete. Use \$cloned_interfaces instead." + fi + for ifn in ${gif_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn already exists. + if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + case $ifn in + gif[0-9]*) + ${IFCONFIG_CMD} $ifn create + ;; + *) + _n=$(${IFCONFIG_CMD} gif create) + ${IFCONFIG_CMD} $_n name $ifn + ;; + esac + if [ $? -eq 0 ]; then + _list="$_list $ifn" + fi + tmpargs=$(get_if_var $ifn gifconfig_IF) + eval ifconfig_${ifn}=\"tunnel \$tmpargs\" + done + if [ -n "${_list# }" ]; then + echo "Created clone interfaces: ${_list# }." + fi + debug "Cloned: ${_list# }" +} + +# clone_down +# Destroy cloned interfaces. Destroyed interfaces are echoed to +# standard output. +# +clone_down() +{ + local _list ifn _difn ifopt _iflist _sticky + _list= + _iflist=$* + + : ${cloned_interfaces_sticky:=NO} + if checkyesno cloned_interfaces_sticky; then + _sticky=1 + else + _sticky=0 + fi + for ifn in ${cloned_interfaces} ${gif_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $ifopt:$_sticky in + sticky:*) continue ;; # :sticky => not destroy + nosticky:*) ;; # :nosticky => destroy + *:1) continue ;; # global sticky knob == 1 + esac + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + case $ifn in + epair[0-9]*) + # Note: epair(4) uses epair[0-9] for removal and + # epair[0-9][ab] for configuration. + # + # Skip if both of ${ifn}a and ${ifn}b do not exist. + if ${IFCONFIG_CMD} ${ifn}a > /dev/null 2>&1; then + _difn=${ifn}a + elif ${IFCONFIG_CMD} ${ifn}b > /dev/null 2>&1; then + _difn=${ifn}b + else + continue + fi + ${IFCONFIG_CMD} -n $_difn destroy + if [ $? -eq 0 ]; then + _list="$_list ${ifn}a ${ifn}b" + fi + ;; + *) + # Skip if ifn does not exist. + if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + ${IFCONFIG_CMD} -n ${ifn} destroy + if [ $? -eq 0 ]; then + _list="$_list $ifn" + fi + ;; + esac + done + if [ -n "${_list# }" ]; then + echo "Destroyed clone interfaces: ${_list# }." + fi + debug "Destroyed clones: ${_list# }" +} + +# childif_create +# Create and configure child interfaces. Return 0 if child +# interfaces are created. +# +# XXXGL: the wlan code in this functions is superseded by wlan_up(), +# and will go away soon. +# +childif_create() +{ + local cfg child child_vlans child_wlans create_args debug_flags ifn i + cfg=1 + ifn=$1 + + # Create wireless interfaces + child_wlans=`get_if_var $ifn wlans_IF` + + for child in ${child_wlans}; do + create_args="wlandev $ifn `get_if_var $child create_args_IF`" + debug_flags="`get_if_var $child wlandebug_IF`" + + if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 + if [ -n "${debug_flags}" ]; then + wlandebug -i $child ${debug_flags} + fi + else + i=`${IFCONFIG_CMD} wlan create ${create_args}` + if [ -n "${debug_flags}" ]; then + wlandebug -i $i ${debug_flags} + fi + ${IFCONFIG_CMD} $i name $child && cfg=0 + fi + if autoif $child; then + ifn_start $child + fi + done + + # Create vlan interfaces + child_vlans=`get_if_var $ifn vlans_IF` + + if [ -n "${child_vlans}" ]; then + load_kld if_vlan + fi + + for child in ${child_vlans}; do + if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then + child="${ifn}.${child}" + create_args=`get_if_var $child create_args_IF` + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 + else + create_args="vlandev $ifn `get_if_var $child create_args_IF`" + if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 + else + i=`${IFCONFIG_CMD} vlan create ${create_args}` + ${IFCONFIG_CMD} $i name $child && cfg=0 + fi + fi + if autoif $child; then + ifn_start $child + fi + done + + return ${cfg} +} + +# childif_destroy +# Destroy child interfaces. +# +childif_destroy() +{ + local cfg child child_vlans child_wlans ifn + cfg=1 + + child_wlans=`get_if_var $ifn wlans_IF` + for child in ${child_wlans}; do + if ! ifexists $child; then + continue + fi + ${IFCONFIG_CMD} -n $child destroy && cfg=0 + done + + child_vlans=`get_if_var $ifn vlans_IF` + for child in ${child_vlans}; do + if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then + child="${ifn}.${child}" + fi + if ! ifexists $child; then + continue + fi + ${IFCONFIG_CMD} -n $child destroy && cfg=0 + done + + return ${cfg} +} + +# ng_mkpeer +# Create netgraph nodes. +# +ng_mkpeer() +{ + ngctl -f - 2> /dev/null <<EOF +mkpeer $* +msg dummy nodeinfo +EOF +} + +# ng_create_one +# Create netgraph nodes. +# +ng_create_one() +{ + local t + + ng_mkpeer $* | while read line; do + t=`expr "${line}" : '.* name="\([a-z]*[0-9]*\)" .*'` + if [ -n "${t}" ]; then + echo ${t} + return + fi + done +} + +# ifnet_rename [ifname] +# Rename interfaces if ifconfig_IF_name is defined. +# +ifnet_rename() +{ + local _if _ifname + + # ifconfig_IF_name + for _if in ${*:-$(${IFCONFIG_CMD} -l)}; do + _ifname=`get_if_var $_if ifconfig_IF_name` + if [ ! -z "$_ifname" ]; then + ${IFCONFIG_CMD} $_if name $_ifname + fi + done + + return 0 +} + +# list_net_interfaces type +# List all network interfaces. The type of interface returned +# can be controlled by the type argument. The type +# argument can be any of the following: +# nodhcp - all interfaces, excluding DHCP configured interfaces +# dhcp - list only DHCP configured interfaces +# noautoconf - all interfaces, excluding IPv6 Stateless +# Address Autoconf configured interfaces +# autoconf - list only IPv6 Stateless Address Autoconf +# configured interfaces +# If no argument is specified all network interfaces are output. +# Note that the list will include cloned interfaces if applicable. +# Cloned interfaces must already exist to have a chance to appear +# in the list if ${network_interfaces} is set to `auto'. +# +list_net_interfaces() +{ + local type _tmplist _list _autolist _lo _if + type=$1 + + # Get a list of ALL the interfaces and make lo0 first if it's there. + # + _tmplist= + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + _autolist="`${IFCONFIG_CMD} -l`" + _lo= + for _if in ${_autolist} ; do + if autoif $_if; then + if [ "$_if" = "lo0" ]; then + _lo="lo0 " + else + _tmplist="${_tmplist} ${_if}" + fi + fi + done + _tmplist="${_lo}${_tmplist# }" + ;; + *) + for _if in ${network_interfaces} ${cloned_interfaces}; do + # epair(4) uses epair[0-9] for creation and + # epair[0-9][ab] for configuration. + case $_if in + epair[0-9]*) + _tmplist="$_tmplist ${_if}a ${_if}b" + ;; + *) + _tmplist="$_tmplist $_if" + ;; + esac + done + # + # lo0 is effectively mandatory, so help prevent foot-shooting + # + case "$_tmplist" in + lo0|'lo0 '*|*' lo0'|*' lo0 '*) + # This is fine, do nothing + _tmplist="${_tmplist# }" + ;; + *) + _tmplist="lo0 ${_tmplist# }" + ;; + esac + ;; + esac + + _list= + case "$type" in + nodhcp) + for _if in ${_tmplist} ; do + if ! dhcpif $_if && \ + [ -n "`_ifconfig_getargs $_if`" ]; then + _list="${_list# } ${_if}" + fi + done + ;; + dhcp) + for _if in ${_tmplist} ; do + if dhcpif $_if; then + _list="${_list# } ${_if}" + fi + done + ;; + noautoconf) + for _if in ${_tmplist} ; do + if ! ipv6_autoconfif $_if && \ + [ -n "`_ifconfig_getargs $_if ipv6`" ]; then + _list="${_list# } ${_if}" + fi + done + ;; + autoconf) + for _if in ${_tmplist} ; do + if ipv6_autoconfif $_if; then + _list="${_list# } ${_if}" + fi + done + ;; + *) + _list=${_tmplist} + ;; + esac + + echo $_list + + return 0 +} + +# get_default_if -address_family +# Get the interface of the default route for the given address family. +# The -address_family argument must be suitable passing to route(8). +# +get_default_if() +{ + local routeget oldifs defif line + defif= + oldifs="$IFS" + IFS=" +" + for line in `route -n get $1 default 2>/dev/null`; do + case $line in + *interface:*) + defif=${line##*: } + ;; + esac + done + IFS=${oldifs} + + echo $defif +} + +# hexdigit arg +# Echo decimal number $arg (single digit) in hexadecimal format. +hexdigit() +{ + printf '%x\n' "$1" +} + +# hexprint arg +# Echo decimal number $arg (multiple digits) in hexadecimal format. +hexprint() +{ + printf '%x\n' "$1" +} + +is_wired_interface() +{ + local media + + case `${IFCONFIG_CMD} $1 2>/dev/null` in + *media:?Ethernet*) media=Ethernet ;; + esac + + test "$media" = "Ethernet" +} + +# network6_getladdr if [flag] +# Echo link-local address from $if if any. +# If flag is defined, tentative ones will be excluded. +network6_getladdr() +{ + local _if _flag proto addr rest + _if=$1 + _flag=$2 + + ${IFCONFIG_CMD} $_if 2>/dev/null | while read proto addr rest; do + case "${proto}/${addr}/${_flag}/${rest}" in + inet6/fe80::*//*) + echo ${addr} + ;; + inet6/fe80:://*tentative*) # w/o flag + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + network6_getladdr $_if $_flags + ;; + inet6/fe80::/*/*tentative*) # w/ flag + echo ${addr} + ;; + *) + continue + ;; + esac + + return + done +} diff --git a/libexec/rc/pccard_ether b/libexec/rc/pccard_ether new file mode 100755 index 000000000000..bf4f9c231440 --- /dev/null +++ b/libexec/rc/pccard_ether @@ -0,0 +1,147 @@ +#!/bin/sh - +# +# $FreeBSD$ +# +# pccard_ether interfacename [start|stop|restart] +# +# example: pccard_ether fxp0 start +# + +. /etc/rc.subr +. /etc/network.subr + +name="pccard_ether" +start_precmd="checkauto" +start_cmd="pccard_ether_start" +stop_precmd="checkauto" +stop_cmd="pccard_ether_stop" +restart_precmd="checkauto" +restart_cmd="pccard_ether_restart" +startchildren_cmd="pccard_ether_startchildren" +stopchildren_cmd="pccard_ether_stopchildren" +extra_commands="startchildren stopchildren" + +setup_routes() +{ + # Add default route into $static_routes + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Add private route for this interface into $static_routes + eval ifx_routes=\$static_routes_${ifn} + if [ -n "${ifx_routes}" ]; then + static_routes="${ifx_routes} ${static_routes}" + fi + + # Set up any static routes if specified + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi +} + +remove_routes() +{ + # Delete static route if specified + eval ifx_routes=\$static_routes_${ifn} + if [ -n "${ifx_routes}" ]; then + for i in ${ifx_routes}; do + eval route_args=\$route_${i} + route delete ${route_args} + done + fi +} + +checkauto() +{ + if [ -z "$rc_force" ]; then + # Ignore interfaces with the NOAUTO keyword + autoif $ifn || exit 0 + fi +} + +pccard_ether_start() +{ + ifexists $ifn || exit 1 + + if [ -z "$rc_force" ]; then + for uif in `ifconfig -ul`; do + if [ "${uif}" = "${ifn}" ]; then + # Interface is already up, so ignore it. + exit 0 + fi + done + fi + + /etc/rc.d/netif quietstart $ifn + + # Do route configuration if needed. + # XXX: should probably do this by calling rc.d/routing. + if [ -n "`ifconfig_getargs $ifn`" ]; then + if ! dhcpif $ifn; then + setup_routes + fi + fi + + # XXX: IPv6 setup should be done in some way. +} + +pccard_ether_stop() +{ + if [ -n "`ifconfig_getargs $ifn`" ]; then + if ! dhcpif $ifn; then + remove_routes + fi + fi + + /etc/rc.d/netif quietstop $ifn + + # clean ARP table + ifexists $ifn && arp -d -i $ifn -a +} + +pccard_ether_restart() +{ + # Hand implemented because the default implementation runs + # the equivalent of "$0 start; $0 stop" and this script + # doesn't support that syntax + pccard_ether_stop + pccard_ether_start +} + +pccard_ether_startchildren() +{ + for child in `get_if_var $ifn wlans_IF`; do + if ifexists $child; then + continue + fi + /etc/rc.d/netif quietstart $child + done +} + +pccard_ether_stopchildren() +{ + for child in `get_if_var $ifn wlans_IF`; do + /etc/rc.d/netif quietstop $child + done +} + +ifn=$1 +shift +if [ -z "$*" ]; then + args="start" +else + args=$* +fi + +load_rc_config pccard_ether +load_rc_config network +run_rc_command $args diff --git a/libexec/rc/rc b/libexec/rc/rc new file mode 100644 index 000000000000..69edcf4ac9ff --- /dev/null +++ b/libexec/rc/rc @@ -0,0 +1,152 @@ +#!/bin/sh +# +# Copyright (c) 2000-2004 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# @(#)rc 5.27 (Berkeley) 6/5/91 +# $FreeBSD$ +# + +# System startup script run by init on autoboot +# or after single-user. +# Output and error are redirected to console by init, +# and the console is the controlling terminal. + +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file +# first before contemplating any changes here. If you do need to change +# this file for some reason, we would like to know about it. + +stty status '^T' 2> /dev/null + +# Set shell to ignore SIGINT (2), but not children; +# shell catches SIGQUIT (3) and returns to single user. +# +trap : 2 +trap "echo 'Boot interrupted'; exit 1" 3 + +HOME=/ +PATH=/sbin:/bin:/usr/sbin:/usr/bin +export HOME PATH + +if [ "$1" = autoboot ]; then + autoboot=yes + _boot="faststart" + rc_fast=yes # run_rc_command(): do fast booting +else + autoboot=no + _boot="quietstart" +fi + +dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` +if [ ${dlv:=0} -ne 0 -o -f /etc/diskless ]; then + sh /etc/rc.initdiskless +fi + +# Run these after determining whether we are booting diskless in order +# to minimize the number of files that are needed on a diskless system, +# and to make the configuration file variables available to rc itself. +# +. /etc/rc.subr +load_rc_config + +# If we receive a SIGALRM, re-source /etc/rc.conf; this allows rc.d +# scripts to perform "boot-time configuration" including enabling and +# disabling rc.d scripts which appear later in the boot order. +trap "_rc_conf_loaded=false; load_rc_config" ALRM + +skip="-s nostart" +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + skip="$skip -s nojail" + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + skip="$skip -s nojailvnet" + fi +fi + +# If the firstboot sentinel doesn't exist, we want to skip firstboot scripts. +if ! [ -e ${firstboot_sentinel} ]; then + skip_firstboot="-s firstboot" +fi + +# Do a first pass to get everything up to $early_late_divider so that +# we can do a second pass that includes $local_startup directories +# +files=`rcorder ${skip} ${skip_firstboot} /etc/rc.d/* 2>/dev/null` + +_rc_elem_done=' ' +for _rc_elem in ${files}; do + run_rc_script ${_rc_elem} ${_boot} + _rc_elem_done="${_rc_elem_done}${_rc_elem} " + + case "$_rc_elem" in + */${early_late_divider}) break ;; + esac +done + +unset files local_rc + +# Now that disks are mounted, for each dir in $local_startup +# search for init scripts that use the new rc.d semantics. +# +case ${local_startup} in +[Nn][Oo] | '') ;; +*) find_local_scripts_new ;; +esac + +# The firstboot sentinel might be on a newly mounted filesystem; look for it +# again and unset skip_firstboot if we find it. +if [ -e ${firstboot_sentinel} ]; then + skip_firstboot="" +fi + +files=`rcorder ${skip} ${skip_firstboot} /etc/rc.d/* ${local_rc} 2>/dev/null` +for _rc_elem in ${files}; do + case "$_rc_elem_done" in + *" $_rc_elem "*) continue ;; + esac + + run_rc_script ${_rc_elem} ${_boot} +done + +# Remove the firstboot sentinel, and reboot if it was requested. +# Be a bit paranoid about removing it to handle the common failure +# modes since the consequence of failure can be big. +# Note: this assumes firstboot_sentinel is on / when we have +# a read-only /, or that it is on media that's writable. +if [ -e ${firstboot_sentinel} ]; then + checkyesno root_rw_mount && mount -uw / + chflags -R 0 ${firstboot_sentinel} + rm -rf ${firstboot_sentinel} + if [ -e ${firstboot_sentinel}-reboot ]; then + chflags -R 0 ${firstboot_sentinel}-reboot + rm -rf ${firstboot_sentinel}-reboot + checkyesno root_rw_mount || mount -ur / + kill -INT 1 + fi + checkyesno root_rw_mount || mount -ur / +fi + +echo '' +date +exit 0 diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf new file mode 100644 index 000000000000..3acc6743ec5a --- /dev/null +++ b/libexec/rc/rc.conf @@ -0,0 +1,750 @@ +#!/bin/sh + +# This is rc.conf - a file full of useful variables that you can set +# to change the default startup behavior of your system. You should +# not edit this file! Put any overrides into one of the ${rc_conf_files} +# instead and you will be able to update these defaults later without +# spamming your local configuration information. +# +# The ${rc_conf_files} files should only contain values which override +# values set in this file. This eases the upgrade path when defaults +# are changed and new features are added. +# +# All arguments must be in double or single quotes. +# +# For a more detailed explanation of all the rc.conf variables, please +# refer to the rc.conf(5) manual page. +# +# $FreeBSD$ + +############################################################## +### Important initial Boot-time options #################### +############################################################## + +# rc_debug can't be set here without interferring with rc.subr's setting it +# when the kenv variable rc.debug is set. +#rc_debug="NO" # Set to YES to enable debugging output from rc.d +rc_info="NO" # Enables display of informational messages at boot. +rc_startmsgs="YES" # Show "Starting foo:" messages at boot +rcshutdown_timeout="90" # Seconds to wait before terminating rc.shutdown +early_late_divider="FILESYSTEMS" # Script that separates early/late + # stages of the boot process. Make sure you know + # the ramifications if you change this. + # See rc.conf(5) for more details. +always_force_depends="NO" # Set to check that indicated dependencies are + # running during boot (can increase boot time). + +apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). +apmd_enable="NO" # Run apmd to handle APM event from userland. +apmd_flags="" # Flags to apmd (if enabled). +ddb_enable="NO" # Set to YES to load ddb scripts at boot. +ddb_config="/etc/ddb.conf" # ddb(8) config file. +devd_enable="YES" # Run devd, to trigger programs on device tree changes. +devd_flags="" # Additional flags for devd(8). +devmatch_enable="YES" # Demand load kernel modules based on device ids. +devmatch_blacklist="" # List of modules (w/o .ko) to exclude from devmatch. +#kld_list="" # Kernel modules to load after local disks are mounted +kldxref_enable="YES" # Build linker.hints files with kldxref(8). +kldxref_clobber="NO" # Overwrite old linker.hints at boot. +kldxref_module_path="" # Override kern.module_path. A ';'-delimited list. +powerd_enable="NO" # Run powerd to lower our power usage. +powerd_flags="" # Flags to powerd (if enabled). +tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never +tmpsize="20m" # Size of mfs /tmp if created +tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp +varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never +varsize="32m" # Size of mfs /var if created +varmfs_flags="-S" # Extra mount options for the mfs /var +mfs_type="auto" # "md", "tmpfs", "auto" to prefer tmpfs with md as fallback +populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never +cleanvar_enable="YES" # Clean the /var directory +local_startup="/usr/local/etc/rc.d" # startup script dirs. +script_name_sep=" " # Change if your startup scripts' names contain spaces +rc_conf_files="/etc/rc.conf /etc/rc.conf.local" + +# ZFS support +zfs_enable="NO" # Set to YES to automatically mount ZFS file systems + +# ZFSD support +zfsd_enable="NO" # Set to YES to automatically start the ZFS fault + # management daemon. + +gptboot_enable="YES" # GPT boot success/failure reporting. + +# Experimental - test before enabling +gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab +gbde_devices="NO" # Devices to automatically attach (list, or AUTO) +gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices +gbde_lockdir="/etc" # Where to look for gbde lockfiles + +# GELI disk encryption configuration. +geli_devices="" # List of devices to automatically attach in addition to + # GELI devices listed in /etc/fstab. +geli_groups="" # List of groups containing devices to automatically + # attach with the same keyfiles and passphrase +geli_tries="" # Number of times to attempt attaching geli device. + # If empty, kern.geom.eli.tries will be used. +geli_default_flags="" # Default flags for geli(8). +geli_autodetach="YES" # Automatically detach on last close. + # Providers are marked as such when all file systems are + # mounted. +# Example use. +#geli_devices="da1 mirror/home" +#geli_da1_flags="-p -k /etc/geli/da1.keys" +#geli_da1_autodetach="NO" +#geli_mirror_home_flags="-k /etc/geli/home.keys" +#geli_groups="storage backup" +#geli_storage_flags="-k /etc/geli/storage.keys" +#geli_storage_devices="ada0 ada1" +#geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys" +#geli_backup_devices="ada2 ada3" + +root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. +root_hold_delay="30" # Time to wait for root mount hold release. +fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. +fsck_y_flags="-T ffs:-R -T ufs:-R" # Additional flags for fsck -y +background_fsck="YES" # Attempt to run fsck in the background where possible. +background_fsck_delay="60" # Time to wait (seconds) before starting the fsck. +growfs_enable="NO" # Set to YES to attempt to grow the root filesystem on boot +netfs_types="nfs:NFS smbfs:SMB" # Net filesystems. +extra_netfs_types="NO" # List of network extra filesystem types for delayed + # mount at startup (or NO). + +############################################################## +### Network configuration sub-section ###################### +############################################################## + +### Basic network and firewall/security options: ### +hostname="" # Set this! +hostid_enable="YES" # Set host UUID. +hostid_file="/etc/hostid" # File with hostuuid. +nisdomainname="NO" # Set to NIS domain if using NIS (or NO). +dhclient_program="/sbin/dhclient" # Path to dhcp client program. +dhclient_flags="" # Extra flags to pass to dhcp client. +#dhclient_flags_fxp0="" # Extra dhclient flags for fxp0 only +background_dhclient="NO" # Start dhcp client in the background. +#background_dhclient_fxp0="YES" # Start dhcp client on fxp0 in the background. +synchronous_dhclient="NO" # Start dhclient directly on configured + # interfaces during startup. +defaultroute_delay="30" # Time to wait for a default route on a DHCP interface. +defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route. +netif_enable="YES" # Set to YES to initialize network interfaces +netif_ipexpand_max="2048" # Maximum number of IP addrs in a range spec. +wpa_supplicant_program="/usr/sbin/wpa_supplicant" +wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant +wpa_supplicant_conf_file="/etc/wpa_supplicant.conf" +# +firewall_enable="NO" # Set to YES to enable firewall functionality +firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall +firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) +firewall_quiet="NO" # Set to YES to suppress rule display +firewall_logging="NO" # Set to YES to enable events logging +firewall_logif="NO" # Set to YES to create logging-pseudo interface +firewall_flags="" # Flags passed to ipfw when type is a file +firewall_coscripts="" # List of executables/scripts to run after + # firewall starts/stops +firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" + # firewall. +#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for + # "client" firewall. +firewall_simple_iif="ed1" # Inside network interface for "simple" + # firewall. +firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple" + # firewall. +firewall_simple_oif="ed0" # Outside network interface for "simple" + # firewall. +firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple" + # firewall. +#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple" + # firewall. +#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix + # for "simple" firewall. +#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple" + # firewall. +#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix + # for "simple" firewall. +firewall_myservices="" # List of ports/protocols on which this host + # offers services for "workstation" firewall. +firewall_allowservices="" # List of IPs which have access to + # $firewall_myservices for "workstation" + # firewall. +firewall_trusted="" # List of IPs which have full access to this + # host for "workstation" firewall. +firewall_logdeny="NO" # Set to YES to log default denied incoming + # packets for "workstation" firewall. +firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports + # for which denied incoming packets are not + # logged for "workstation" firewall. +firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES) +firewall_nat_interface="" # Public interface or IPaddress to use +firewall_nat_flags="" # Additional configuration parameters +dummynet_enable="NO" # Load the dummynet(4) module +ipfw_netflow_enable="NO" # Enable netflow logging via ng_netflow +ip_portrange_first="NO" # Set first dynamically allocated port +ip_portrange_last="NO" # Set last dynamically allocated port +ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) +ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon +ike_flags="" # Additional flags for IKE daemon +ipsec_enable="NO" # Set to YES to run setkey on ipsec_file +ipsec_file="/etc/ipsec.conf" # Name of config file for setkey +natd_program="/sbin/natd" # path to natd, if you want a different one. +natd_enable="NO" # Enable natd (if firewall_enable == YES). +natd_interface="" # Public interface or IPaddress to use. +natd_flags="" # Additional flags for natd. +ipfilter_enable="NO" # Set to YES to enable ipfilter functionality +ipfilter_program="/sbin/ipf" # where the ipfilter program lives +ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see + # /usr/src/contrib/ipfilter/rules for examples +ipfilter_flags="" # additional flags for ipfilter +ipnat_enable="NO" # Set to YES to enable ipnat functionality +ipnat_program="/sbin/ipnat" # where the ipnat program lives +ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat +ipnat_flags="" # additional flags for ipnat +ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat +ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives +ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" +ipfs_enable="NO" # Set to YES to enable saving and restoring + # of state tables at shutdown and boot +ipfs_program="/sbin/ipfs" # where the ipfs program lives +ipfs_flags="" # additional flags for ipfs +pf_enable="NO" # Set to YES to enable packet filter (pf) +pf_rules="/etc/pf.conf" # rules definition file for pf +pf_program="/sbin/pfctl" # where the pfctl program lives +pf_flags="" # additional flags for pfctl +pflog_enable="NO" # Set to YES to enable packet filter logging +pflog_logfile="/var/log/pflog" # where pflogd should store the logfile +pflog_program="/sbin/pflogd" # where the pflogd program lives +pflog_flags="" # additional flags for pflogd +ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf +ftpproxy_flags="" # additional flags for ftp-proxy(8) +pfsync_enable="NO" # Expose pf state to other hosts for syncing +pfsync_syncdev="" # Interface for pfsync to work through +pfsync_syncpeer="" # IP address of pfsync peer host +pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync +tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. +log_in_vain="0" # >=1 to log connects to ports w/o listeners. +tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). +tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN + # NOTE: this violates the TCP specification +icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets +icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets +network_interfaces="auto" # List of network interfaces (or "auto"). +cloned_interfaces="" # List of cloned network interfaces to create. +#cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. +#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. +#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. +#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry +#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias +#ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. +#vlans_fxp0="101 vlan0" # vlan(4) interfaces for fxp0 device +#create_args_vlan0="vlan 102" # vlan tag for vlan0 device +#wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device +#wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlandebug(8) +#ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry. +# +#autobridge_interfaces="bridge0" # List of bridges to check +#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge +# +# If you have any sppp(4) interfaces above, you might also want to set +# the following parameters. Refer to spppcontrol(8) for their meaning. +sppp_interfaces="" # List of sppp interfaces. +#sppp_interfaces="...0" # example: sppp over ... +#spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'" + +# User ppp configuration. +ppp_enable="NO" # Start user-ppp (or NO). +ppp_program="/usr/sbin/ppp" # Path to user-ppp program. +ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated". + # For details see man page for ppp(8). Default is auto. +ppp_nat="YES" # Use PPP's internal network address translation or NO. +ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. +ppp_user="root" # Which user to run ppp as + +# Start multiple instances of ppp at boot time +#ppp_profile="profile1 profile2 profile3" # Which profiles to use +#ppp_profile1_mode="ddial" # Override ppp mode for profile1 +#ppp_profile2_nat="NO" # Override nat mode for profile2 +# profile3 uses default ppp_mode and ppp_nat + +### Network daemon (miscellaneous) ### +hostapd_enable="NO" # Run hostap daemon. +syslogd_enable="YES" # Run syslog daemon (or NO). +syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. +syslogd_flags="-s" # Flags to syslogd (if enabled). +syslogd_oomprotect="YES" # Don't kill syslogd when swap space is exhausted. +altlog_proglist="" # List of chrooted applicatioins in /var +inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). +inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. +inetd_flags="-wW -C 60" # Optional flags to inetd +iscsid_enable="NO" # iSCSI initiator daemon. +iscsictl_enable="NO" # iSCSI initiator autostart. +iscsictl_flags="-Aa" # Optional flags to iscsictl. +hastd_enable="NO" # Run the HAST daemon (YES/NO). +hastd_program="/sbin/hastd" # path to hastd, if you want a different one. +hastd_flags="" # Optional flags to hastd. +ctld_enable="NO" # CAM Target Layer / iSCSI target daemon. +local_unbound_enable="NO" # local caching resolver +blacklistd_enable="NO" # Run blacklistd daemon (YES/NO). +blacklistd_flags="" # Optional flags for blacklistd(8). +resolv_enable="YES" # Enable resolv / resolvconf + +# +# kerberos. Do not run the admin daemons on slave servers +# +kdc_enable="NO" # Run a kerberos 5 KDC (or NO). +kdc_program="/usr/libexec/kdc" # path to kerberos 5 KDC +kdc_flags="" # Additional flags to the kerberos 5 KDC +kadmind_enable="NO" # Run kadmind (or NO) +kadmind_program="/usr/libexec/kadmind" # path to kadmind +kpasswdd_enable="NO" # Run kpasswdd (or NO) +kpasswdd_program="/usr/libexec/kpasswdd" # path to kpasswdd +kfd_enable="NO" # Run kfd (or NO) +kfd_program="/usr/libexec/kfd" # path to kerberos 5 kfd daemon +kfd_flags="" +ipropd_master_enable="NO" # Run Heimdal incremental propagation daemon + # (master daemon). +ipropd_master_program="/usr/libexec/ipropd-master" +ipropd_master_flags="" # Flags to ipropd-master. +ipropd_master_keytab="/etc/krb5.keytab" # keytab for ipropd-master. +ipropd_master_slaves="" # slave node names used for /var/heimdal/slaves. +ipropd_slave_enable="NO" # Run Heimdal incremental propagation daemon + # (slave daemon). +ipropd_slave_program="/usr/libexec/ipropd-slave" +ipropd_slave_flags="" # Flags to ipropd-slave. +ipropd_slave_keytab="/etc/krb5.keytab" # keytab for ipropd-slave. +ipropd_slave_master="" # master node name. + +gssd_enable="NO" # Run the gssd daemon (or NO). +gssd_program="/usr/sbin/gssd" # Path to gssd. +gssd_flags="" # Flags for gssd. + +rwhod_enable="NO" # Run the rwho daemon (or NO). +rwhod_flags="" # Flags for rwhod +rarpd_enable="NO" # Run rarpd (or NO). +rarpd_flags="-a" # Flags to rarpd. +bootparamd_enable="NO" # Run bootparamd (or NO). +bootparamd_flags="" # Flags to bootparamd +pppoed_enable="NO" # Run the PPP over Ethernet daemon. +pppoed_provider="*" # Provider and ppp(8) config file entry. +pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). +pppoed_interface="fxp0" # The interface that pppoed runs on. +sshd_enable="NO" # Enable sshd +sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. +sshd_flags="" # Additional flags for sshd. +ftpd_enable="NO" # Enable stand-alone ftpd. +ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one. +ftpd_flags="" # Additional flags to stand-alone ftpd. + +### Network daemon (NFS): All need rpcbind_enable="YES" ### +amd_enable="NO" # Run amd service with $amd_flags (or NO). +amd_program="/usr/sbin/amd" # path to amd, if you want a different one. +amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" +amd_map_program="NO" # Can be set to "ypcat -k amd.master" +autofs_enable="NO" # Run autofs daemons. +automount_flags="" # Flags to automount(8) (if autofs enabled). +automountd_flags="" # Flags to automountd(8) (if autofs enabled). +autounmountd_flags="" # Flags to autounmountd(8) (if autofs enabled). +nfs_client_enable="NO" # This host is an NFS client (or NO). +nfs_access_cache="60" # Client cache timeout in seconds +nfs_server_enable="NO" # This host is an NFS server (or NO). +nfs_server_flags="-u -t" # Flags to nfsd (if enabled). +nfs_server_managegids="NO" # The NFS server maps gids for AUTH_SYS (or NO). +mountd_enable="NO" # Run mountd (or NO). +mountd_flags="-r -S" # Flags to mountd (if NFS server enabled). +weak_mountd_authentication="NO" # Allow non-root mount requests to be served. +nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). +nfs_bufpackets="" # bufspace (in packets) for client +rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server. +rpc_lockd_flags="" # Flags to rpc.lockd (if enabled). +rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server. +rpc_statd_flags="" # Flags to rpc.statd (if enabled). +rpcbind_enable="NO" # Run the portmapper service (YES/NO). +rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one. +rpcbind_flags="" # Flags to rpcbind (if enabled). +rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). +keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). +keyserv_flags="" # Flags to keyserv (if enabled). +nfsv4_server_enable="NO" # Enable support for NFSv4 +nfscbd_enable="NO" # NFSv4 client side callback daemon +nfscbd_flags="" # Flags for nfscbd +nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon +nfsuserd_flags="" # Flags for nfsuserd + +### Network Time Services options: ### +timed_enable="NO" # Run the time daemon (or NO). +timed_flags="" # Flags to timed (if enabled). +ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO). +ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one. +ntpdate_flags="-b" # Flags to ntpdate (if enabled). +ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file +ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers. +ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO). +ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one. +ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file +ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high +ntpd_flags="" # Additional flags to ntpd +ntp_src_leapfile="/etc/ntp/leap-seconds" + # Initial source for ntpd leapfile +ntp_db_leapfile="/var/db/ntpd.leap-seconds.list" + # Working copy (updated weekly) leapfile +ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list" + # Source from which to fetch leapfile +ntp_leapfile_fetch_opts="-mq" # Options to use for ntp leapfile fetch, + # e.g. --no-verify-peer +ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days prior to + # expiry. +ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch + +# Network Information Services (NIS) options: All need rpcbind_enable="YES" ### +nis_client_enable="NO" # We're an NIS client (or NO). +nis_client_flags="" # Flags to ypbind (if enabled). +nis_ypset_enable="NO" # Run ypset at boot time (or NO). +nis_ypset_flags="" # Flags to ypset (if enabled). +nis_server_enable="NO" # We're an NIS server (or NO). +nis_server_flags="" # Flags to ypserv (if enabled). +nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). +nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). +nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). +nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). +nis_ypldap_enable="NO" # Run ypldap at boot time (or NO). +nis_ypldap_flags="" # Flags to ypldap (if enabled). + +### SNMP daemon ### +# Be sure to understand the security implications of running SNMP v1/v2 +# in your network. +bsnmpd_enable="NO" # Run the SNMP daemon (or NO). +bsnmpd_flags="" # Flags for bsnmpd. + +### Network routing options: ### +defaultrouter="NO" # Set to default gateway (or NO). +static_arp_pairs="" # Set to static ARP list (or leave empty). +static_ndp_pairs="" # Set to static NDP list (or leave empty). +static_routes="" # Set to static route list (or leave empty). +gateway_enable="NO" # Set to YES if this host will be a gateway. +routed_enable="NO" # Set to YES to enable a routing daemon. +routed_program="/sbin/routed" # Name of routing daemon to use if enabled. +routed_flags="-q" # Flags for routing daemon. +arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL. +forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") +accept_sourceroute="NO" # accept source routed packets to us + +### Bluetooth ### +hcsecd_enable="NO" # Enable hcsecd(8) (or NO) +hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file + +sdpd_enable="NO" # Enable sdpd(8) (or NO) +sdpd_control="/var/run/sdp" # sdpd(8) control socket +sdpd_groupname="nobody" # set spdp(8) user/group to run as after +sdpd_username="nobody" # it initializes + +bthidd_enable="NO" # Enable bthidd(8) (or NO) +bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file +bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file +bthidd_evdev_support="AUTO" # AUTO depends on EVDEV_SUPPORT kernel option + +rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO) +rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf +# +#rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one' +rfcomm_pppd_server_one_channel="1" # Override local channel for 'one' +#rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register +#rfcomm_pppd_server_one_register_dun="NO" # for 'one' +# +#rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two' +rfcomm_pppd_server_two_channel="3" # Override local channel for 'two' +#rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register +#rfcomm_pppd_server_two_register_dun="NO" # for 'two' + +ubthidhci_enable="NO" # Switch an USB BT controller present on +#ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode. +#ubthidhci_addr="2" # Check usbconfig list to find the correct + # numbers for your system. + +### Network link/usability verification options +netwait_enable="NO" # Enable rc.d/netwait (or NO) +#netwait_ip="" # Wait for ping response from any IP in this list. +netwait_timeout="60" # Total number of seconds to perform pings. +#netwait_if="" # Wait for active link on each intf in this list. +netwait_if_timeout="30" # Total number of seconds to monitor link state. + +### Miscellaneous network options: ### +icmp_bmcastecho="NO" # respond to broadcast ping packets + +### IPv6 options: ### +ipv6_network_interfaces="auto" # List of IPv6 network interfaces + # (or "auto" or "none"). +ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no + # corresponding $ifconfig_IF_ipv6 is + # marked as IFDISABLED for security + # reason. +ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). +#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) +ipv6_static_routes="" # Set to static route list (or leave empty). +#ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64 + # route toward loopback interface. +#ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" +ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. +ipv6_cpe_wanif="NO" # Set to the upstream interface name if this + # node will work as a router to forward IPv6 + # packets not explicitly addressed to itself. +ipv6_privacy="NO" # Use privacy address on RA-receiving IFs + # (RFC 4941) + +route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. +route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. +route6d_flags="" # Flags to IPv6 routing daemon. +#route6d_flags="-l" # Example for route6d with only IPv6 site local + # addrs. +#route6d_flags="-q" # If you want to run a routing daemon on an end + # node, you should stop advertisement. +#ipv6_network_interfaces="ed0 ep0" # Examples for router + # or static configuration for end node. + # Choose correct prefix value. +#ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. +#ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. +ipv6_default_interface="NO" # Default output interface for scoped addrs. + # This works only with + # ipv6_gateway_enable="NO". +rtsol_flags="" # Flags to IPv6 router solicitation. +rtsold_enable="NO" # Set to YES to enable an IPv6 router + # solicitation daemon. +rtsold_flags="-a" # Flags to an IPv6 router solicitation + # daemon. +rtadvd_enable="NO" # Set to YES to enable an IPv6 router + # advertisement daemon. If set to YES, + # this router becomes a possible candidate + # IPv6 default router for local subnets. +rtadvd_interfaces="" # Interfaces rtadvd sends RA packets. +stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4 + # tunneling interface. Specify this entry + # to enable 6to4 interface. +stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, + # to limit peer addr range. Effective value + # is 0-31. +stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. + # If you like, you can set "AUTO" for this. +stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 +ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr + # communication. (like ::ffff:a.b.c.d) +ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, + # see /usr/src/contrib/ipfilter/rules + # for examples +ip6addrctl_enable="YES" # Set to YES to enable default address selection +ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages +ip6addrctl_policy="AUTO" # A pre-defined address selection policy + # (ipv4_prefer, ipv6_prefer, or AUTO) + +############################################################## +### System console options ################################# +############################################################## + +keyboard="" # keyboard device to use (default /dev/kbd0). +keymap="NO" # keymap in /usr/share/{syscons,vt}/keymaps/* (or NO). +keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). +keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable. +keychange="NO" # function keys default values (or NO). +cursor="NO" # cursor type {normal|blink|destructive} (or NO). +scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). +font8x16="NO" # font 8x16 from /usr/share/{syscons,vt}/fonts/* (or NO). +font8x14="NO" # font 8x14 from /usr/share/{syscons,vt}/fonts/* (or NO). +font8x8="NO" # font 8x8 from /usr/share/{syscons,vt}/fonts/* (or NO). +blanktime="300" # blank time (in seconds) or "NO" to turn it off. +saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko +moused_nondefault_enable="YES" # Treat non-default mice as enabled unless + # specifically overriden in rc.conf(5). +moused_enable="NO" # Run the mouse daemon. +moused_type="auto" # See man page for rc.conf(5) for available settings. +moused_port="/dev/psm0" # Set to your mouse port. +moused_flags="" # Any additional flags to moused. +mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your + # language code table, specify alternative range + # start like mousechar_start=3, see vidcontrol(1) +allscreens_flags="" # Set this vidcontrol mode for all virtual screens +allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens + +############################################################## +### Mail Transfer Agent (MTA) options ###################### +############################################################## + +mta_start_script="/etc/rc.sendmail" + # Script to start your chosen MTA, called by /etc/rc. +# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail: +sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). +sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file +sendmail_procname="/usr/sbin/sendmail" # sendmail process name +sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) +sendmail_cert_create="YES" # Create a server certificate if none (YES/NO) +#sendmail_cert_cn="CN" # CN of the generate certificate +sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission +sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" + # Flags for localhost-only MTA +sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO). +sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only) +sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO). +sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" + # Flags for sendmail_msp_queue daemon. +sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO). + + +############################################################## +### Miscellaneous administrative options ################### +############################################################## + +auditd_enable="NO" # Run the audit daemon. +auditd_program="/usr/sbin/auditd" # Path to the audit daemon. +auditd_flags="" # Which options to pass to the audit daemon. +auditdistd_enable="NO" # Run the audit daemon. +auditdistd_program="/usr/sbin/auditdistd" # Path to the auditdistd daemon. +auditdistd_flags="" # Which options to pass to the auditdistd daemon. +cron_enable="YES" # Run the periodic job daemon. +cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled). +cron_dst="YES" # Handle DST transitions intelligently (YES/NO) +cron_flags="" # Which options to pass to the cron daemon. +cfumass_enable="NO" # Create default LUN for cfumass(4). +cfumass_dir="/var/cfumass" # File to LUN's contents. +cfumass_image="/var/tmp/cfumass.img" # LUN's backing file path. +lpd_enable="NO" # Run the line printer daemon. +lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. +lpd_flags="" # Flags to lpd (if enabled). +nscd_enable="NO" # Run the nsswitch caching daemon. +chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd. +chkprintcap_flags="-d" # Create missing directories by default. +dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). +dumpon_flags="" # Options to pass to dumpon(8), followed by dumpdev. +dumpdir="/var/crash" # Directory where crash dumps are to be stored +savecore_enable="YES" # Extract core from dump devices if any +savecore_flags="-m 10" # Used if dumpdev is enabled above, and present. + # By default, only the 10 most recent kernel dumps + # are saved. +crashinfo_enable="YES" # Automatically generate crash dump summary. +crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary. +quota_enable="NO" # turn on quotas on startup (or NO). +check_quotas="YES" # Check quotas on startup (or NO). +quotaon_flags="-a" # Turn quotas on for all file systems (if enabled) +quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown +quotacheck_flags="-a" # Check all file system quotas (if enabled) +accounting_enable="NO" # Turn on process accounting (or NO). +ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). +ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO). +firstboot_sentinel="/firstboot" # Scripts with "firstboot" keyword are run if + # this file exists. Should be on a R/W filesystem so + # the file can be deleted after the boot completes. + +# Emulation/compatibility services provided by /etc/rc.d/abi +sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO). +linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). +clear_tmp_enable="NO" # Clear /tmp at startup. +clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp +ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks +ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg" + # shared library search paths +ldconfig32_paths="/usr/lib32 /usr/lib32/compat" + # 32-bit compatibility shared library search paths +ldconfigsoft_paths="/usr/libsoft /usr/libsoft/compat /usr/local/libsoft" + # soft float compatibility shared library search paths + # Note: temporarily with extra stuff for transition +ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout" + # a.out shared library search paths +ldconfig_local_dirs="/usr/local/libdata/ldconfig" + # Local directories with ldconfig configuration files. +ldconfig_local32_dirs="/usr/local/libdata/ldconfig32" + # Local directories with 32-bit compatibility ldconfig + # configuration files. +ldconfig_localsoft_dirs="/usr/local/libdata/ldconfigsoft" + # Local directories with soft float compatibility ldconfig + # configuration files. +kern_securelevel_enable="NO" # kernel security level (see security(7)) +kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure + # Note that setting securelevel to 0 will result + # in the system booting with securelevel set to 1, as + # init(8) will raise the level when rc(8) completes. +update_motd="YES" # update version info in /etc/motd (or NO) +entropy_boot_file="/boot/entropy" # Set to NO to disable very early + # (used at early boot time) entropy caching through reboots. +entropy_file="/entropy" # Set to NO to disable late (used when going multi-user) + # entropy through reboots. + # /var/db/entropy-file is preferred if / is not avail. +entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. +entropy_save_sz="4096" # Size of the entropy cache files. +entropy_save_num="8" # Number of entropy cache files to save. +harvest_mask="511" # Entropy device harvests all but the very invasive sources. + # (See 'sysctl kern.random.harvest' and random(4)) +dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot +watchdogd_enable="NO" # Start the software watchdog daemon +watchdogd_flags="" # Flags to watchdogd (if enabled) +devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing + # devfs(8) rules. +devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev +devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to + # apply (must be mounted already, i.e. fstab(5)) +devfs_load_rulesets="YES" # Enable to always load the default rulesets +performance_cx_lowest="NONE" # Online CPU idle state +performance_cpu_freq="NONE" # Online CPU frequency +economy_cx_lowest="Cmax" # Offline CPU idle state +economy_cpu_freq="NONE" # Offline CPU frequency +virecover_enable="YES" # Perform housekeeping for the vi(1) editor +ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot +bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4) + # ruleset file. +newsyslog_enable="YES" # Run newsyslog at startup. +newsyslog_flags="-CN" # Newsyslog flags to create marked files +mixer_enable="YES" # Run the sound mixer. +opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off + +# rctl(8) requires kernel options RACCT and RCTL +rctl_enable="YES" # Load rctl(8) rules on boot +rctl_rules="/etc/rctl.conf" # rctl(8) ruleset. See rctl.conf(5). + +iovctl_files="" # Config files for iovctl(8) + +############################################################## +### Jail Configuration (see rc.conf(5) manual page) ########## +############################################################## +jail_enable="NO" # Set to NO to disable starting of any jails +jail_confwarn="YES" # Prevent warning about obsolete per-jail configuration +jail_parallel_start="NO" # Start jails in the background +jail_list="" # Space separated list of names of jails +jail_reverse_stop="NO" # Stop jails in reverse order + +############################################################## +### Define source_rc_confs, the mechanism used by /etc/rc.* ## +### scripts to source rc_conf_files overrides safely. ## +############################################################## + +if [ -z "${source_rc_confs_defined}" ]; then + source_rc_confs_defined=yes + source_rc_confs() { + local i sourced_files + for i in ${rc_conf_files}; do + case ${sourced_files} in + *:$i:*) + ;; + *) + sourced_files="${sourced_files}:$i:" + if [ -r $i ]; then + . $i + fi + ;; + esac + done + # Re-do process to pick up [possibly] redefined $rc_conf_files + for i in ${rc_conf_files}; do + case ${sourced_files} in + *:$i:*) + ;; + *) + sourced_files="${sourced_files}:$i:" + if [ -r $i ]; then + . $i + fi + ;; + esac + done + } +fi + +# Allow vendors to override FreeBSD defaults in /etc/default/rc.conf +# without the need to carefully manage /etc/rc.conf. +if [ -r /etc/defaults/vendor.conf ]; then + . /etc/defaults/vendor.conf +fi diff --git a/libexec/rc/rc.d/DAEMON b/libexec/rc/rc.d/DAEMON new file mode 100755 index 000000000000..a656a88ac664 --- /dev/null +++ b/libexec/rc/rc.d/DAEMON @@ -0,0 +1,10 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: DAEMON +# REQUIRE: NETWORKING SERVERS + +# This is a dummy dependency, to ensure that general purpose daemons +# are run _after_ the above are. diff --git a/libexec/rc/rc.d/FILESYSTEMS b/libexec/rc/rc.d/FILESYSTEMS new file mode 100755 index 000000000000..c44bbe126e3e --- /dev/null +++ b/libexec/rc/rc.d/FILESYSTEMS @@ -0,0 +1,12 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: FILESYSTEMS +# REQUIRE: root mountcritlocal cleanvar + +# This is a dummy dependency, for services which require filesystems +# to be mounted before starting. It also serves as the default early / +# late divider; after this point, rc.d directories are rescanned to +# catch scripts from other filesystems than /. diff --git a/libexec/rc/rc.d/LOGIN b/libexec/rc/rc.d/LOGIN new file mode 100755 index 000000000000..2b45ba88a4b4 --- /dev/null +++ b/libexec/rc/rc.d/LOGIN @@ -0,0 +1,13 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: LOGIN +# REQUIRE: DAEMON + +# This is a dummy dependency to ensure user services such as xdm, +# inetd, cron and kerberos are started after everything else, in case +# the administrator has increased the system security level and +# wants to delay user logins until the system is (almost) fully +# operational. diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile new file mode 100644 index 000000000000..93bdf13d60d4 --- /dev/null +++ b/libexec/rc/rc.d/Makefile @@ -0,0 +1,335 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +CONFDIR= /etc/rc.d +CONFGROUPS= CONFS +PACKAGE=rc + +CONFS= DAEMON \ + FILESYSTEMS \ + LOGIN \ + NETWORKING \ + SERVERS \ + abi \ + addswap \ + adjkerntz \ + archdep \ + auditd \ + auditdistd \ + bgfsck \ + ${_blacklistd} \ + ${_bluetooth} \ + bridge \ + ${_bthidd} \ + cfumass \ + cleanvar \ + cleartmp \ + cron \ + ctld \ + ddb \ + defaultroute \ + devd \ + devfs \ + devmatch \ + dhclient \ + dmesg \ + dumpon \ + fsck \ + gbde \ + geli \ + geli2 \ + gptboot \ + growfs \ + gssd \ + ${_hcsecd} \ + hostid \ + hostid_save \ + hostname \ + iovctl \ + ip6addrctl \ + ipfilter \ + ipfs \ + ipmon \ + ipnat \ + ipsec \ + ${_kadmind} \ + ${_kdc} \ + ${_kfd} \ + kld \ + kldxref \ + ${_kpasswdd} \ + ldconfig \ + local \ + localpkg \ + lockd \ + mixer \ + motd \ + mountcritlocal \ + mountcritremote \ + mountlate \ + mdconfig \ + mdconfig2 \ + mountd \ + msgs \ + natd \ + netif \ + netoptions \ + netwait \ + newsyslog \ + nfsclient \ + nfscbd \ + nfsd \ + nfsuserd \ + nisdomain \ + ${_nscd} \ + nsswitch \ + ntpdate \ + ${_opensm} \ + pf \ + pflog \ + pfsync \ + ppp \ + pppoed \ + pwcheck \ + quota \ + random \ + rarpd \ + rctl \ + resolv \ + root \ + route6d \ + routing \ + rpcbind \ + rtadvd \ + rtsold \ + rwho \ + savecore \ + securelevel \ + serial \ + sppp \ + statd \ + static_arp \ + static_ndp \ + stf \ + swap \ + swaplate \ + sysctl \ + syslogd \ + tmp \ + ${_ubthidhci} \ + ugidfw \ + ${_utx} \ + var \ + watchdogd + +.if ${MK_NIS} != "no" +CONFS+= ypbind \ + ypldap \ + yppasswdd \ + ypserv \ + ypset \ + ypupdated \ + ypxfrd +.endif + +.if ${MK_ACCT} != "no" +CONFGROUPS+= ACCT +ACCT+= accounting +ACCTPACKAGE= acct +.endif + +.if ${MK_ACPI} != "no" +CONFGROUPS+= ACPI +ACPI= power_profile +ACPIPACKAGE= acpi +.endif + +.if ${MK_ACPI} != "no" || ${MK_APM} != "no" +CONFS+= powerd +.endif + +.if ${MK_AMD} != "no" +CONFGROUPS+= AMD +AMD+= amd +AMDPACKAGE= amd +.endif + +.if ${MK_APM} != "no" +CONFGROUPS+= APM +APM+= apm +.if ${MACHINE} == "i386" +APM+= apmd +.endif +APMPACKAGE= apm +.endif + +.if ${MK_AUTOFS} != "no" +CONFS+= automount +CONFS+= automountd +CONFS+= autounmountd +.endif + +.if ${MK_BLACKLIST} != "no" +_blacklistd+= blacklistd +.endif + +.if ${MK_BLUETOOTH} != "no" +_bluetooth= bluetooth +_bthidd= bthidd +_hcsecd= hcsecd +CONFS+= rfcomm_pppd_server +CONFS+= sdpd +_ubthidhci= ubthidhci +.endif + +.if ${MK_BOOTPARAMD} != "no" +CONFS+= bootparams +.endif + +.if ${MK_BSNMP} != "no" +CONFGROUPS+= BSNMP +BSNMP+= bsnmpd +BSNMPPACKAGE= bsnmp +.endif + +.if ${MK_CCD} != "no" +CONFS+= ccd +.endif + +.if ${MK_FTP} != "no" +CONFS+= ftpd +.endif + +.if ${MK_HAST} != "no" +CONFGROUPS+= HAST +HAST= hastd +HASTPACKAGE= hast +.endif + +.if ${MK_INETD} != "no" +CONFS+= inetd +.endif + +.if ${MK_IPFW} != "no" +CONFS+= ipfw +.if ${MK_NETGRAPH} != "no" +CONFS+= ipfw_netflow +.endif +.endif + +.if ${MK_ISCSI} != "no" +CONFS+= iscsictl +CONFS+= iscsid +.endif + +.if ${MK_JAIL} != "no" +CONFGROUPS+= JAIL +JAIL+= jail +JAILPACKAGE= jail +.endif + +.if ${MK_LEGACY_CONSOLE} != "no" +CONFS+= moused +CONFS+= syscons +.endif + +.if ${MK_LPR} != "no" +CONFS+= lpd +.endif + +.if ${MK_KERBEROS} != "no" +CONFS+= ipropd_master +CONFS+= ipropd_slave +_kadmind= kadmind +_kdc= kdc +_kfd= kfd +_kpasswdd= kpasswdd + +DIRS+= VAR_HEMIDAL +VAR_HEMIDAL= /var/heimdal +VAR_HEMIDAL_MODE= 700 +.endif + +.if ${MK_MAIL} != "no" +CONFS+= othermta +.endif + +.if ${MK_NS_CACHING} != "no" +_nscd= nscd +.endif + +.if ${MK_NTP} != "no" +CONFS+= ntpd +.endif + +.if ${MK_OFED} != "no" +_opensm= opensm +.endif + +.if ${MK_OPENSSL} != "no" +CONFS+= keyserv +.endif + +.if ${MK_OPENSSH} != "no" +CONFGROUPS+= SSH +SSH= sshd +SSHPACKAGE= ssh +.endif + +.if ${MK_PF} != "no" +CONFS+= ftp-proxy +.endif + +.if ${MK_ROUTED} != "no" +CONFS+= routed +.endif + +.if ${MK_SENDMAIL} != "no" +CONFGROUPS+= SMRCD +SMRCD= sendmail +SMRCDPACKAGE= sendmail +.endif + +.if ${MK_TIMED} != "no" +CONFS+= timed +.endif + +.if ${MK_UNBOUND} != "no" +CONFGROUPS+= UNBOUND +UNBOUND+= local_unbound +UNBOUNDPACKAGE= unbound +.endif + +.if ${MK_UTMPX} != "no" +_utx= utx +.endif + +.if ${MK_VI} != "no" +CONFGROUPS+= VI +VI+= virecover +VIPACKAGE= vi +.endif + +.if ${MK_WIRELESS} != "no" +CONFS+= hostapd +CONFS+= wpa_supplicant +.endif + +.if ${MK_ZFS} != "no" +CONFGROUPS+= ZFS +ZFS+= zfs +ZFS+= zfsbe +ZFS+= zfsd +ZFS+= zvol +ZFSPACKAGE= zfs +DIRS+= ETC_ZFS +ETC_ZFS= /etc/zfs +ETC_ZFSPACKAGE= zfs +.endif + +.for fg in ${CONFGROUPS} +${fg}MODE?= ${BINMODE} +.endfor + +.include <bsd.prog.mk> diff --git a/libexec/rc/rc.d/NETWORKING b/libexec/rc/rc.d/NETWORKING new file mode 100755 index 000000000000..9cdb5577ed2b --- /dev/null +++ b/libexec/rc/rc.d/NETWORKING @@ -0,0 +1,12 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: NETWORKING NETWORK +# REQUIRE: netif netwait netoptions routing ppp ipfw stf +# REQUIRE: defaultroute route6d resolv bridge +# REQUIRE: static_arp static_ndp + +# This is a dummy dependency, for services which require networking +# to be operational before starting. diff --git a/libexec/rc/rc.d/SERVERS b/libexec/rc/rc.d/SERVERS new file mode 100755 index 000000000000..1cf019a056dd --- /dev/null +++ b/libexec/rc/rc.d/SERVERS @@ -0,0 +1,10 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: SERVERS +# REQUIRE: mountcritremote abi ldconfig savecore watchdogd + +# This is a dummy dependency, for early-start servers relying on +# some basic configuration. diff --git a/libexec/rc/rc.d/abi b/libexec/rc/rc.d/abi new file mode 100755 index 000000000000..bf582219a1f7 --- /dev/null +++ b/libexec/rc/rc.d/abi @@ -0,0 +1,63 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: abi +# REQUIRE: archdep +# KEYWORD: nojail + +. /etc/rc.subr + +name="abi" +desc="Enable foreign ABIs" +start_cmd="${name}_start" +stop_cmd=":" + +sysv_start() +{ + echo -n ' sysvipc' + load_kld sysvmsg + load_kld sysvsem + load_kld sysvshm +} + +linux_start() +{ + local _tmpdir + + echo -n ' linux' + load_kld -e 'linux(aout|elf)' linux + case `sysctl -n hw.machine_arch` in + amd64) + load_kld -e 'linux64elf' linux64 + ;; + esac + if [ -x /compat/linux/sbin/ldconfigDisabled ]; then + _tmpdir=`mktemp -d -t linux-ldconfig` + /compat/linux/sbin/ldconfig -C ${_tmpdir}/ld.so.cache + if ! cmp -s ${_tmpdir}/ld.so.cache /compat/linux/etc/ld.so.cache; then + cat ${_tmpdir}/ld.so.cache > /compat/linux/etc/ld.so.cache + fi + rm -rf ${_tmpdir} + fi +} + +abi_start() +{ + local _echostop + + _echostop= + if checkyesno sysvipc_enable || checkyesno linux_enable; then + echo -n 'Additional ABI support:' + _echostop=yes + fi + + checkyesno sysvipc_enable && sysv_start + checkyesno linux_enable && linux_start + + [ -n "${_echostop}" ] && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/accounting b/libexec/rc/rc.d/accounting new file mode 100755 index 000000000000..0c7ac36c0e81 --- /dev/null +++ b/libexec/rc/rc.d/accounting @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: accounting +# REQUIRE: mountcritremote +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="accounting" +rcvar="accounting_enable" +accounting_command="/usr/sbin/accton" +accounting_file="/var/account/acct" + +extra_commands="rotate_log" + +start_cmd="accounting_start" +stop_cmd="accounting_stop" +rotate_log_cmd="accounting_rotate_log" + +accounting_start() +{ + local _dir + + _dir="${accounting_file%/*}" + if [ ! -d "$_dir" ]; then + if ! mkdir -p "$_dir"; then + err 1 "Could not create $_dir." + fi + fi + + if [ ! -e "$accounting_file" ]; then + echo -n "Creating accounting file ${accounting_file}" + touch "$accounting_file" + echo '.' + fi + chmod 644 "$accounting_file" + + echo "Turning on accounting." + ${accounting_command} ${accounting_file} +} + +accounting_stop() +{ + echo "Turning off accounting." + ${accounting_command} +} + +accounting_rotate_log() +{ + local _dir _file + + _dir="${accounting_file%/*}" + cd $_dir + + if checkyesno accounting_enable; then + _file=`mktemp newacct-XXXXX` + chmod 644 $_file + ${accounting_command} ${_dir}/${_file} + fi + + mv ${accounting_file} ${accounting_file}.0 + + if checkyesno accounting_enable; then + mv $_file ${accounting_file} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/addswap b/libexec/rc/rc.d/addswap new file mode 100755 index 000000000000..1758df8409a8 --- /dev/null +++ b/libexec/rc/rc.d/addswap @@ -0,0 +1,24 @@ +#!/bin/sh +# +# Add additional swap files +# +# $FreeBSD$ +# + +# PROVIDE: addswap +# REQUIRE: FILESYSTEMS kld +# BEFORE: netif +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="addswap" +start_cmd=":" +stop_cmd=":" +rcvar= + +set_rcvar_obsolete swapfile +set_rcvar_obsolete geli_swap_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/adjkerntz b/libexec/rc/rc.d/adjkerntz new file mode 100755 index 000000000000..18a822012059 --- /dev/null +++ b/libexec/rc/rc.d/adjkerntz @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: adjkerntz +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="adjkerntz" +start_cmd="adjkerntz -i" +stop_cmd=":" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/amd b/libexec/rc/rc.d/amd new file mode 100755 index 000000000000..123e89fbe656 --- /dev/null +++ b/libexec/rc/rc.d/amd @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: amd +# REQUIRE: rpcbind ypset nfsclient FILESYSTEMS ldconfig +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="amd" +desc="Automatically mount filesystems" +rcvar="amd_enable" +command="/usr/sbin/${name}" +start_precmd="amd_precmd" +command_args="&" +extra_commands="reload" + +amd_precmd() +{ + force_depend nfsclient nfs_client || return 1 + force_depend rpcbind || return 1 + + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + rc_flags="${rc_flags} `echo $(eval ${amd_map_program})`" + ;; + esac + + case "${amd_flags}" in + '') + if [ ! -r /etc/amd.conf ]; then + warn 'amd will not load without arguments' + return 1 + fi + ;; + *) + rc_flags="-p ${rc_flags}" + command_args="> /var/run/amd.pid 2> /dev/null" + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/apm b/libexec/rc/rc.d/apm new file mode 100755 index 000000000000..55e33d0741e4 --- /dev/null +++ b/libexec/rc/rc.d/apm @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: apm +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="apm" +desc="Advanced power management" +rcvar="apm_enable" +start_precmd="apm_precmd" +command="/usr/sbin/${name}" +start_cmd="${command} -e enable" +stop_cmd="${command} -e disable" +status_cmd="apm_status" + +apm_precmd() +{ + case `${SYSCTL_N} hw.machine_arch` in + i386) + return 0 + ;; + esac + return 1 +} + +apm_status() +{ + case `${command} -s` in + 1) + echo "APM is enabled." + return 0 + ;; + 0) + echo "APM is disabled" + ;; + esac + return 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/apmd b/libexec/rc/rc.d/apmd new file mode 100755 index 000000000000..96751000a36f --- /dev/null +++ b/libexec/rc/rc.d/apmd @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: apmd +# REQUIRE: DAEMON apm +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="apmd" +desc="Advanced power management daemon" +rcvar="apmd_enable" +command="/usr/sbin/${name}" +start_precmd="apmd_prestart" + +apmd_prestart() +{ + case `${SYSCTL_N} hw.machine_arch` in + i386) + force_depend apm || return 1 + + # Warn user about acpi apm compatibility support which + # does not work with apmd. + if [ ! -e /dev/apmctl ]; then + warn "/dev/apmctl not found; kernel is missing apm(4)" + fi + ;; + *) + return 1 + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/archdep b/libexec/rc/rc.d/archdep new file mode 100755 index 000000000000..157df8bb5699 --- /dev/null +++ b/libexec/rc/rc.d/archdep @@ -0,0 +1,45 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: archdep +# REQUIRE: mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="archdep" +start_cmd="archdep_start" +stop_cmd=":" + +archdep_start() +{ + local _arch + + _arch=`${SYSCTL_N} hw.machine_arch` + case $_arch in + i386) + # SCO binary emulation + # + if checkyesno ibcs2_enable; then + echo -n 'Initial i386 initialization:' + echo -n ' ibcs2' + load_kld ibcs2 + case ${ibcs2_loaders} in + [Nn][Oo]) + ;; + *) + for i in ${ibcs2_loaders}; do + load_kld ibcs2_$i + done + ;; + esac + echo '.' + fi + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditd b/libexec/rc/rc.d/auditd new file mode 100755 index 000000000000..8e078ec4c856 --- /dev/null +++ b/libexec/rc/rc.d/auditd @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Start up for the Audit daemon. +# + +# PROVIDE: auditd +# REQUIRE: syslogd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="auditd" +desc="Audit daemon" +stop_cmd="auditd_stop" +command="/usr/sbin/${name}" +rcvar="auditd_enable" +command_args="${auditd_flags}" +required_files="/etc/security/audit_class /etc/security/audit_control + /etc/security/audit_event /etc/security/audit_user + /etc/security/audit_warn" + +auditd_stop() +{ + + /usr/sbin/audit -t + sleep 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/auditdistd b/libexec/rc/rc.d/auditdistd new file mode 100644 index 000000000000..13cb5d5b69d7 --- /dev/null +++ b/libexec/rc/rc.d/auditdistd @@ -0,0 +1,22 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: auditdistd +# REQUIRE: auditd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="auditdistd" +desc="Audit trail files distribution daemon" +rcvar="${name}_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" +required_files="/etc/security/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/automount b/libexec/rc/rc.d/automount new file mode 100644 index 000000000000..e0789cb8d050 --- /dev/null +++ b/libexec/rc/rc.d/automount @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: automount +# REQUIRE: nfsclient automountd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="automount" +rcvar="autofs_enable" +start_cmd="automount_start" +stop_cmd="automount_stop" +required_modules="autofs" + +automount_start() +{ + + /usr/sbin/automount ${automount_flags} +} + +automount_stop() +{ + + /sbin/umount -At autofs +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/automountd b/libexec/rc/rc.d/automountd new file mode 100644 index 000000000000..f9d8db8b2f37 --- /dev/null +++ b/libexec/rc/rc.d/automountd @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: automountd +# REQUIRE: rpcbind ypset nfsclient FILESYSTEMS ldconfig +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="automountd" +desc="daemon handling autofs mount requests" +rcvar="autofs_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" +required_modules="autofs" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/autounmountd b/libexec/rc/rc.d/autounmountd new file mode 100644 index 000000000000..2acbe09139ca --- /dev/null +++ b/libexec/rc/rc.d/autounmountd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: autounmountd +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="autounmountd" +desc="daemon unmounting automounted filesystems" +rcvar="autofs_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/bgfsck b/libexec/rc/rc.d/bgfsck new file mode 100755 index 000000000000..e83f6fb3634f --- /dev/null +++ b/libexec/rc/rc.d/bgfsck @@ -0,0 +1,50 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bgfsck +# REQUIRE: cron devfs syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="background_fsck" +desc="Run fsck in background" +rcvar="background_fsck" +start_cmd="bgfsck_start" +start_precmd="bgfsck_start_precmd" +stop_cmd=":" + +bgfsck_start_precmd() +{ + if [ $($ID -u) != 0 ]; then + err 1 "Must be root." + fi +} + +bgfsck_start() +{ + : ${background_fsck_delay=0} + if [ -n "${rc_force}" ]; then + background_fsck_delay=0 + fi + if [ ${background_fsck_delay} -lt 0 ]; then + warn "Background file system checks delayed indefinitely" + return 0 + fi + + bgfsck_msg='Starting background file system checks' + if [ "${background_fsck_delay}" -gt 0 ]; then + bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds" + fi + if [ -z "${rc_force}" ]; then + check_startmsgs && echo "${bgfsck_msg}." + fi + + (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \ + logger -p daemon.notice -t fsck & +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd new file mode 100644 index 000000000000..8e79250f377a --- /dev/null +++ b/libexec/rc/rc.d/blacklistd @@ -0,0 +1,45 @@ +#!/bin/sh +# +# Copyright (c) 2016 The FreeBSD Foundation +# All rights reserved. +# +# This software was developed by Kurt Lidl under sponsorship from the +# FreeBSD Foundation. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: blacklistd +# REQUIRE: netif pf + +. /etc/rc.subr + +name="blacklistd" +desc="System blacklist daemon" +rcvar="blacklistd_enable" +command="/usr/sbin/${name}" +required_files="/etc/blacklistd.conf" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/bluetooth b/libexec/rc/rc.d/bluetooth new file mode 100755 index 000000000000..ac10719861ae --- /dev/null +++ b/libexec/rc/rc.d/bluetooth @@ -0,0 +1,366 @@ +#!/bin/sh +# +# Copyright (c) 2005 Maksim Yevmenkin <m_evmenkin@yahoo.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# PROVIDE: bluetooth +# REQUIRE: DAEMON +# KEYWORD: nojail nostart + +. /etc/rc.subr + +name="bluetooth" +desc="Bluetooth setup script" +rcvar= +start_cmd="bluetooth_start" +stop_cmd="bluetooth_stop" +required_modules="ng_bluetooth ng_hci ng_l2cap ng_btsocket" + +############################################################################## +# Read and parse Bluetooth device configuration file +############################################################################## + +bluetooth_read_conf() +{ + local _err _file _line _namespace + + _file=$1 + _namespace=$2 + _err=0 + + if [ ! -e $_file ]; then + return 0 + fi + + if [ ! -f $_file -o ! -r $_file ]; then + err 1 "Bluetooth configuration file $_file is not a file or not readable" + fi + + while read _line + do + case "$_line" in + \#*) + continue + ;; + + *) + if [ -z "$_line" ]; then + continue; + fi + + + if expr "$_line" : "[a-zA-Z0-9_]*=" > /dev/null 2>&1; then + eval "${_namespace}${_line}" + else + warn "Unable to parse line \"$_line\" in $_file" + _err=1 + fi + ;; + esac + done < $_file + + return $_err +} + +############################################################################## +# Setup Bluetooth stack. Create and connect nodes +############################################################################## + +bluetooth_setup_stack() +{ + dev=$1 + shift + hook=$1 + shift + + # Setup HCI + ngctl mkpeer ${dev}: hci ${hook} drv \ + > /dev/null 2>&1 || return 1 + + ngctl name ${dev}:${hook} ${dev}hci \ + > /dev/null 2>&1 || return 1 + + ngctl msg ${dev}hci: set_debug ${bluetooth_device_hci_debug_level} \ + > /dev/null 2>&1 || return 1 + + # Setup L2CAP + ngctl mkpeer ${dev}hci: l2cap acl hci \ + > /dev/null 2>&1 || return 1 + + ngctl name ${dev}hci:acl ${dev}l2cap \ + > /dev/null 2>&1 || return 1 + + ngctl msg ${dev}l2cap: set_debug ${bluetooth_device_l2cap_debug_level} \ + > /dev/null 2>&1 || return 1 + + # Connect HCI node to the Bluetooth sockets layer + ngctl connect ${dev}hci: btsock_hci_raw: raw ${dev}raw \ + > /dev/null 2>&1 || return 1 + + # Connect L2CAP node to Bluetooth sockets layer + ngctl connect ${dev}l2cap: btsock_l2c_raw: ctl ${dev}ctl \ + > /dev/null 2>&1 || return 1 + + ngctl connect ${dev}l2cap: btsock_l2c: l2c ${dev}l2c \ + > /dev/null 2>&1 || return 1 + + # Initilalize HCI node + ${hccontrol} -n ${dev}hci reset \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_bd_addr \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_local_supported_features \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci read_buffer_size \ + > /dev/null 2>&1 || return 1 + + if checkyesno bluetooth_device_discoverable; then + if checkyesno bluetooth_device_connectable; then + ${hccontrol} -n ${dev}hci write_scan_enable 3 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_scan_enable 1 \ + > /dev/null 2>&1 || return 1 + fi + else + if checkyesno bluetooth_device_connectable; then + ${hccontrol} -n ${dev}hci write_scan_enable 2 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_scan_enable 0 \ + > /dev/null 2>&1 || return 1 + fi + fi + + + ${hccontrol} -n ${dev}hci write_class_of_device ${bluetooth_device_class} \ + > /dev/null 2>&1 || return 1 + + if checkyesno bluetooth_device_authentication_enable; then + ${hccontrol} -n ${dev}hci write_authentication_enable 1 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_authentication_enable 0 \ + > /dev/null 2>&1 || return 1 + fi + + case "${bluetooth_device_encryption_mode}" in + [Nn][Oo][Nn][Ee]|0) + ${hccontrol} -n ${dev}hci write_encryption_mode 0 \ + > /dev/null 2>&1 || return 1 + ;; + + [Pp][2][Pp]|1) + ${hccontrol} -n ${dev}hci write_encryption_mode 1 \ + > /dev/null 2>&1 || return 1 + ;; + + [Al][Ll][Ll]|2) + ${hccontrol} -n ${dev}hci write_encryption_mode 2 \ + > /dev/null 2>&1 || return 1 + ;; + + *) + warn "Unsupported encryption mode ${bluetooth_device_encryption_mode} for device ${dev}" + return 1 + ;; + esac + + if checkyesno bluetooth_device_role_switch; then + ${hccontrol} -n ${dev}hci write_node_role_switch 1 \ + > /dev/null 2>&1 || return 1 + else + ${hccontrol} -n ${dev}hci write_node_role_switch 0 \ + > /dev/null 2>&1 || return 1 + fi + + ${hccontrol} -n ${dev}hci change_local_name "${bluetooth_device_local_name}" \ + > /dev/null 2>&1 || return 1 + + ${hccontrol} -n ${dev}hci initialize \ + > /dev/null 2>&1 || return 1 + + return 0 +} + +############################################################################## +# Shutdown Bluetooth stack. Destroy all nodes +############################################################################## + +bluetooth_shutdown_stack() +{ + dev=$1 + + ngctl shutdown ${dev}hci: > /dev/null 2>&1 + ngctl shutdown ${dev}l2cap: > /dev/null 2>&1 + + return 0 +} + +############################################################################## +# bluetooth_start() +############################################################################## + +bluetooth_start() +{ + local _file + + dev=$1 + + # Try to figure out device type by looking at device name + case "${dev}" in + # uartX - serial/UART Bluetooth device + uart*) + load_kld ng_h4 || return 1 + + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'uart\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get uart unit number: ${dev}" + fi + + ${hcseriald} -f /dev/cuau${unit} -n ${dev} + sleep 1 # wait a little bit + + if [ ! -f "/var/run/hcseriald.${dev}.pid" ]; then + err 1 "Unable to start hcseriald on ${dev}" + fi + ;; + + # 3Com Bluetooth Adapter 3CRWB60-A + btccc*) + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'btccc\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get bt3c unit number: ${dev}" + fi + ;; + + # USB Bluetooth adapters + ubt*) + hook="hook" + + # Obtain unit number from device. + unit=`expr ${dev} : 'ubt\([0-9]\{1,\}\)'` + if [ -z "${unit}" ]; then + err 1 "Unable to get ubt unit number: ${dev}" + fi + ;; + + # Unknown + *) + err 1 "Unsupported device: ${dev}" + ;; + esac + + # Be backward compatible and setup reasonable defaults + bluetooth_device_authentication_enable="0" + bluetooth_device_class="ff:01:0c" + bluetooth_device_connectable="1" + bluetooth_device_discoverable="0" + bluetooth_device_encryption_mode="0" + bluetooth_device_hci_debug_level="3" + bluetooth_device_l2cap_debug_level="3" + bluetooth_device_local_name="`/usr/bin/uname -n` (${dev})" + bluetooth_device_role_switch="1" + + # Load default device configuration parameters + _file="/etc/defaults/bluetooth.device.conf" + + if ! bluetooth_read_conf $_file bluetooth_device_ ; then + err 1 "Unable to read default Bluetooth configuration from $_file" + fi + + # Load device specific overrides + _file="/etc/bluetooth/$dev.conf" + + if ! bluetooth_read_conf $_file bluetooth_device_ ; then + err 1 "Unable to read Bluetooth device configuration from $_file" + fi + + # Setup stack + if ! bluetooth_setup_stack ${dev} ${hook} ; then + bluetooth_shutdown_stack $dev + err 1 "Unable to setup Bluetooth stack for device ${dev}" + fi + + return 0 +} + +############################################################################## +# bluetooth_stop() +############################################################################## + +bluetooth_stop() +{ + dev=$1 + + # Try to figure out device type by looking at device name + case "${dev}" in + # uartX - serial/UART Bluetooth device + uart*) + if [ -f "/var/run/hcseriald.${dev}.pid" ]; then + kill `cat /var/run/hcseriald.${dev}.pid` + sleep 1 # wait a little bit + fi + ;; + + # 3Com Bluetooth Adapter 3CRWB60-A + btccc*) + ;; + + # USB Bluetooth adapters + ubt*) + ;; + + # Unknown + *) + err 1 "Unsupported device: ${dev}" + ;; + esac + + bluetooth_shutdown_stack ${dev} + + return 0 +} + +############################################################################## +# Start here +############################################################################## + +load_rc_config $name +hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}" +hcseriald="${bluetooth_hcseriald:-/usr/sbin/hcseriald}" + +run_rc_command $* + diff --git a/libexec/rc/rc.d/bootparams b/libexec/rc/rc.d/bootparams new file mode 100755 index 000000000000..0fdbee024d4e --- /dev/null +++ b/libexec/rc/rc.d/bootparams @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bootparams +# REQUIRE: rpcbind DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="bootparamd" +desc="Boot parameter daemon" +rcvar="bootparamd_enable" +required_files="/etc/bootparams" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/bridge b/libexec/rc/rc.d/bridge new file mode 100755 index 000000000000..95e4eb9c2fac --- /dev/null +++ b/libexec/rc/rc.d/bridge @@ -0,0 +1,94 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: bridge +# REQUIRE: netif ppp stf +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="bridge" +desc="Network bridge setup" +start_cmd="bridge_start" +stop_cmd="bridge_stop" +cmd="" + +glob_int() { + case "$1" in + $2 ) true ;; + * ) false ;; + esac +} + +bridge_test() { + bridge=$1 + iface=$2 + + eval interfaces=\$autobridge_${bridge} + if [ -n "${interfaces}" ]; then + for i in ${interfaces}; do + if glob_int $iface $i ; then + ifconfig $bridge $cmd $iface > /dev/null 2>&1 + return + fi + done + fi +} + +autobridge() +{ + if [ -n "${autobridge_interfaces}" ]; then + if [ -z "$iflist" ]; then + # We're operating as a general network start routine. + iflist="`list_net_interfaces`" + fi + + for br in ${autobridge_interfaces}; do + for i in $iflist; do + bridge_test $br $i + done + done + fi +} + +bridge_start() +{ + cmd="addm" + autobridge +} + +bridge_stop() +{ + cmd="deletem" + autobridge +} + +iflist=$2 + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/bsnmpd b/libexec/rc/rc.d/bsnmpd new file mode 100755 index 000000000000..ecebfe0174a3 --- /dev/null +++ b/libexec/rc/rc.d/bsnmpd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bsnmpd +# REQUIRE: NETWORKING syslogd +# KEYWORD: nojailvnet shutdown + +. /etc/rc.subr + +name="bsnmpd" +desc="Simple and extensible SNMP daemon" +rcvar="bsnmpd_enable" +command="/usr/sbin/${name}" + +load_rc_config $name +pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" +command_args="-p ${pidfile}" +run_rc_command "$1" diff --git a/libexec/rc/rc.d/bthidd b/libexec/rc/rc.d/bthidd new file mode 100755 index 000000000000..647152264187 --- /dev/null +++ b/libexec/rc/rc.d/bthidd @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: bthidd +# REQUIRE: DAEMON hcsecd +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="bthidd" +desc="Bluetooth HID daemon" +rcvar="bthidd_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_precmd="bthidd_prestart" + +evdev_enabled() +{ + case ${bthidd_evdev_support} in + [Aa][Uu][Tt][Oo]) + check_kern_features evdev_support + return $? + ;; + *) + checkyesno bthidd_evdev_support + return $? + ;; + esac +} + +bthidd_prestart() +{ + if evdev_enabled; then + load_kld -m uinput uinput + fi + load_kld -m kbdmux kbdmux + load_kld -m vkbd vkbd + load_kld -m ng_btsocket ng_btsocket + return 0 +} + +load_rc_config $name +config="${bthidd_config:-/etc/bluetooth/${name}.conf}" +hids="${bthidd_hids:-/var/db/${name}.hids}" +command_args="-c ${config} -H ${hids} -p ${pidfile}" +if evdev_enabled; then + command_args="$command_args -u" +fi +required_files="${config}" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ccd b/libexec/rc/rc.d/ccd new file mode 100755 index 000000000000..d86589b84bcb --- /dev/null +++ b/libexec/rc/rc.d/ccd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="ccd" +desc="Concatenated disks setup" +start_cmd="ccd_start" +stop_cmd=":" + +ccd_start() +{ + if [ -f /etc/ccd.conf ]; then + echo "Configuring CCD devices." + ccdconfig -C + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/cfumass b/libexec/rc/rc.d/cfumass new file mode 100755 index 000000000000..9e34ddaf4b73 --- /dev/null +++ b/libexec/rc/rc.d/cfumass @@ -0,0 +1,149 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cfumass +# REQUIRE: var +# KEYWORD: nojail + +. /etc/rc.subr + +name="cfumass" +desc="Configure the LUN for device mode USB mass storage" +rcvar="cfumass_enable" + +start_cmd="${name}_start" +stop_cmd="${name}_stop" + +extra_commands="reload" +reload_cmd="${name}_start" + +: ${cfumass_dir:=/var/cfumass} +: ${cfumass_image:=/var/tmp/cfumass.img} +: ${cfumass_vendor:="FreeBSD"} +: ${cfumass_product:="cfumass(4)"} + +remove_luns() +{ + local _lun _luns + + _luns=`ctladm devlist -b block -v | awk ' + + $1 ~ /^[0-9]+$/ { + lun = $1 + } + + $1 == "file='"${cfumass_image}"'" { + print lun + }'` + + for _lun in ${_luns}; do + ctladm remove -b block -l "${_lun}" > /dev/null + done +} + +cfumass_start() +{ + local err _files _template _new_template + + if [ ! -d "${cfumass_dir}" ]; then + warn "${cfumass_dir} does not exist" + return 1 + fi + + _files=`find "${cfumass_dir}" -newer "${cfumass_image}" -print 2> /dev/null` + if [ ! -e "${cfumass_image}" -o -n "${_files}" ]; then + # The image doesn't exist or is out of date. + makefs -t cd9660 -o label="${cfumass_vendor}" \ + -o rockridge "${cfumass_image}" "${cfumass_dir}" + err=$? + if [ "${err}" -ne 0 ]; then + warn "unable to create ${cfumass_image}" + return "${err}" + fi + fi + + remove_luns + + ctladm create -b block -o file="${cfumass_image}" -o readonly=on \ + -o vendor="${cfumass_vendor}" -o product="${cfumass_product}" \ + -S 0 > /dev/null + err=$? + if [ "${err}" -ne 0 ]; then + warn "unable to create CTL LUN" + return "${err}" + fi + + load_kld -e cfumass cfumass + + # If the template is already switched to Mass Storage, then reset + # it to -1 to force the host to reenumerate it; otherwise it might + # not notice the new LUN. + _template=`sysctl -n hw.usb.template` + if [ "${_template}" -eq 0 ]; then + sysctl hw.usb.template=-1 > /dev/null + err=$? + if [ "${err}" -ne 0 ]; then + warn "unable to set hw.usb.template sysctl" + return "${err}" + fi + fi + + # Set the template number based on the current one. + _template=`sysctl -n hw.usb.template` + case "${_template}" in + -1) + _new_template="0" + ;; + 8) + _new_template="10" + ;; + *) + warn "hw.usb.template sysctl set to neither -1 nor 8; not changing" + _new_template="" + ;; + esac + + if [ -n "${_new_template}" ]; then + sysctl hw.usb.template="${_new_template}" > /dev/null + err=$? + if [ "${err}" -ne 0 ]; then + warn "unable to set hw.usb.template sysctl to ${_new_template}" + return "${err}" + fi + fi +} + +cfumass_stop() +{ + local err _template _new_template + + remove_luns + + _template=`sysctl -n hw.usb.template` + case "${_template}" in + 0) + _new_template="-1" + ;; + 10) + _new_template="8" + ;; + *) + warn "hw.usb.template sysctl set to neither 0 nor 10; not changing" + _new_template="" + ;; + esac + + if [ -n "${_new_template}" ]; then + sysctl hw.usb.template="${_new_template}" > /dev/null + err=$? + if [ "${err}" -ne 0 ]; then + warn "unable to set hw.usb.template sysctl to ${_new_template}" + return "${err}" + fi + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleanvar b/libexec/rc/rc.d/cleanvar new file mode 100755 index 000000000000..fcfd365268c3 --- /dev/null +++ b/libexec/rc/rc.d/cleanvar @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cleanvar +# REQUIRE: var + +. /etc/rc.subr + +name="cleanvar" +desc="Purge /var directory" +rcvar="cleanvar_enable" + +start_precmd="${name}_prestart" +start_cmd="${name}_start" +stop_cmd=":" + +extra_commands="reload" +reload_cmd="${name}_start" + +cleanvar_prestart() +{ + # These files must be removed only the first time this script is run + # on boot. + # + rm -f /var/run/clean_var /var/spool/lock/clean_var +} + +cleanvar_start() +{ + if [ -d /var/run -a ! -f /var/run/clean_var ]; then + # Skip over logging sockets + find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete + >/var/run/clean_var + fi + if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then + find /var/spool/lock -type f -delete + >/var/spool/lock/clean_var + fi + if [ -d /var/spool/uucp/.Temp ]; then + find /var/spool/uucp/.Temp -delete + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/cleartmp b/libexec/rc/rc.d/cleartmp new file mode 100755 index 000000000000..72e6c3ee881a --- /dev/null +++ b/libexec/rc/rc.d/cleartmp @@ -0,0 +1,61 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cleartmp +# REQUIRE: mountcritremote tmp +# BEFORE: DAEMON + +. /etc/rc.subr + +name="cleartmp" +desc="Purge /tmp directory" +# Disguise rcvar for the start method to run irrespective of its setting. +rcvar1="clear_tmp_enable" +start_cmd="${name}_start" +stop_cmd=":" + +cleartmp_start() +{ + # Make /tmp location variable for easier debugging. + local tmp="/tmp" + + # X related directories to create in /tmp. + local x11_socket_dirs="${tmp}/.X11-unix ${tmp}/.XIM-unix \ + ${tmp}/.ICE-unix ${tmp}/.font-unix" + + if checkyesno ${rcvar1}; then + check_startmsgs && echo "Clearing ${tmp}." + + # This is not needed for mfs, but doesn't hurt anything. + # Things to note: + # + The dot in ${tmp}/. is important. + # + Put -prune before -exec so find never descends + # into a directory that was already passed to rm -rf. + # + "--" in rm arguments isn't strictly necessary, but + # it can prevent foot-shooting in future. + # + /tmp/lost+found is preserved, but its contents are removed. + # + lost+found and quota.* in subdirectories are removed. + # + .sujournal and .snap are preserved. + find -x ${tmp}/. ! -name . \ + ! \( -name .sujournal -type f -user root \) \ + ! \( -name .snap -type d -user root \) \ + ! \( -name lost+found -type d -user root \) \ + ! \( \( -name quota.user -or -name quota.group \) \ + -type f -user root \) \ + -prune -exec rm -rf -- {} + + elif checkyesno clear_tmp_X; then + # Remove X lock files, since they will prevent you from + # restarting X. Remove other X related directories. + check_startmsgs && echo "Clearing ${tmp} (X related)." + rm -rf ${tmp}/.X[0-9]-lock ${x11_socket_dirs} + fi + if checkyesno clear_tmp_X; then + # Create X related directories with proper permissions. + mkdir -m 1777 ${x11_socket_dirs} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/cron b/libexec/rc/rc.d/cron new file mode 100755 index 000000000000..22428daa167f --- /dev/null +++ b/libexec/rc/rc.d/cron @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: cron +# REQUIRE: LOGIN FILESYSTEMS +# BEFORE: securelevel +# KEYWORD: shutdown + +. /etc/rc.subr + +name="cron" +desc="Daemon to execute scheduled commands" +rcvar="cron_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" + +load_rc_config $name +if checkyesno cron_dst +then + cron_flags="$cron_flags -s" +fi +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ctld b/libexec/rc/rc.d/ctld new file mode 100755 index 000000000000..1364d4f6c7a7 --- /dev/null +++ b/libexec/rc/rc.d/ctld @@ -0,0 +1,23 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ctld +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="ctld" +desc="CAM Target Layer / iSCSI target daemon" +rcvar="ctld_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" +required_files="/etc/ctl.conf" +required_modules="ctl" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ddb b/libexec/rc/rc.d/ddb new file mode 100755 index 000000000000..84f44e20e341 --- /dev/null +++ b/libexec/rc/rc.d/ddb @@ -0,0 +1,39 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ddb +# REQUIRE: dumpon +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="ddb" +desc="DDB kernel debugger" +rcvar="ddb_enable" +command="/sbin/${name}" +start_precmd="ddb_prestart" +start_cmd="ddb_start" +stop_cmd=":" + +ddb_prestart() +{ + # Silently exit if ddb is not enabled + if [ -z "`sysctl -Nq debug.ddb.scripting.scripts`" ]; then + return 1 + fi +} + +ddb_start() +{ + ${command} ${command_args} +} + +load_rc_config $name + +required_files="${ddb_config}" +command_args="${ddb_config}" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/defaultroute b/libexec/rc/rc.d/defaultroute new file mode 100755 index 000000000000..a4c9647766a8 --- /dev/null +++ b/libexec/rc/rc.d/defaultroute @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Wait for the default route to be up if DHCP is in use +# +# $FreeBSD$ +# + +# PROVIDE: defaultroute +# REQUIRE: devd netif stf +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="defaultroute" +desc="Setup default router" +start_cmd="defaultroute_start" +stop_cmd=":" + +# Does any interface have a carrier? +defaultroute_carrier() +{ + local carrier nocarrier + + carrier=1 + for _if in ${dhcp_interfaces}; do + output=`/sbin/ifconfig ${_if}` + nocarrier=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` + [ -z "${nocarrier}" ] && carrier=0 + done + return ${carrier} +} + +defaultroute_start() +{ + local nl waited + + afexists inet || return 0 + + # Return without waiting if we don't have dhcp interfaces or + # if none of the dhcp interfaces is plugged in. + dhcp_interfaces=`list_net_interfaces dhcp` + [ -z "${dhcp_interfaces}" ] && return + + # Wait for a default route + waited=0 + while [ ${waited} -lt ${defaultroute_delay} ]; do + defif=`get_default_if -inet` + if [ -n "${defif}" ]; then + if [ ${waited} -ne 0 ]; then + echo -n "($defif)" + nl=1 + fi + break + fi + if [ ${waited} -eq 0 ]; then + echo -n "Waiting ${defaultroute_delay}s for the default route interface: " + else + echo -n . + fi + if [ ${waited} -eq ${defaultroute_carrier_delay} ] && ! defaultroute_carrier; then + echo -n "(no carrier)" + break + fi + nl=1 + sleep 1 + waited=$(($waited + 1)) + done + + [ -n "$nl" ] && echo +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/devd b/libexec/rc/rc.d/devd new file mode 100755 index 000000000000..ef0c20450f8f --- /dev/null +++ b/libexec/rc/rc.d/devd @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: devd +# REQUIRE: netif ldconfig +# BEFORE: NETWORKING mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="devd" +desc="Device state change daemon" +rcvar="devd_enable" +command="/sbin/${name}" + +start_precmd=${name}_prestart +stop_precmd=find_pidfile + +find_pidfile() +{ + if get_pidfile_from_conf pid-file /etc/devd.conf; then + pidfile="$_pidfile_from_conf" + else + pidfile="/var/run/${name}.pid" + fi +} + +devd_prestart() +{ + find_pidfile + + # If devd is disabled, turn it off in the kernel to avoid unnecessary + # memory usage. + if ! checkyesno ${rcvar}; then + $SYSCTL hw.bus.devctl_queue=0 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/devfs b/libexec/rc/rc.d/devfs new file mode 100755 index 000000000000..1e7697d53109 --- /dev/null +++ b/libexec/rc/rc.d/devfs @@ -0,0 +1,72 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: devfs +# REQUIRE: mountcritremote +# BEFORE: SERVERS securelevel +# KEYWORD: nojail + +. /etc/rc.subr + +name="devfs" +desc="Device filesystem" +start_cmd='devfs_start' +stop_cmd=':' + +devfs_start() +{ + if [ -n "$devfs_system_ruleset" -o -n "$devfs_set_rulesets" ] || + checkyesno devfs_load_rulesets; then + devfs_init_rulesets + if [ -n "$devfs_system_ruleset" ]; then + devfs_set_ruleset $devfs_system_ruleset /dev + devfs_apply_ruleset $devfs_system_ruleset /dev + fi + if [ -n "$devfs_set_rulesets" ]; then + local _dir_set + local _dir + local _set + for _dir_set in $devfs_set_rulesets; do + _dir=${_dir_set%=*} + _set=${_dir_set#*=} + devfs_set_ruleset $_set $_dir + devfs_apply_ruleset $_set $_dir + done + fi + fi + read_devfs_conf +} + +read_devfs_conf() +{ + if [ -r /etc/devfs.conf ]; then + cd /dev + while read action devicelist parameter; do + case "${action}" in + l*) for device in ${devicelist}; do + if [ ! -e ${parameter} ]; then + ln -fs ${device} ${parameter} + fi + done + ;; + o*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chown ${parameter} ${device} + fi + done + ;; + p*) for device in ${devicelist}; do + if [ -c ${device} ]; then + chmod ${parameter} ${device} + fi + done + ;; + esac + done < /etc/devfs.conf + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/devmatch b/libexec/rc/rc.d/devmatch new file mode 100755 index 000000000000..234aaf6dae0e --- /dev/null +++ b/libexec/rc/rc.d/devmatch @@ -0,0 +1,75 @@ +#!/bin/sh + +# Copyright (c) 2018 M. Warner Losh +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +# PROVIDE: devmatch +# REQUIRE: kldxref +# KEYWORD: nojail + +. /etc/rc.subr + +name="devmatch" +desc="Use devmatch(8) to load kernel modules" +rcvar="${name}_enable" + +start_cmd="${name}_start" +stop_cmd=':' +one_nomatch="$2" + +devmatch_start() +{ + local x m list + + if [ -n "$one_nomatch" ]; then + list=$(devmatch -p "${one_nomatch}" | sort -u) + else + list=$(devmatch | sort -u) + fi + + [ -n "$list" ] || return + + # While kldload can accept multiple modules + # on the line at once, we loop here in case + # there's some weird error with one of them. + # We also optimize against the false positives + # or drivers that have symbolic links that + # confuse devmatch by running it -n. + # Finally, we filter out all items in the + # devmactch_blacklist. + devctl freeze + x=$(echo ${devmatch_blacklist} | tr ' ' '#') + for m in ${list}; do + case "#${x}#" in + *"#${m}#"*) continue ;; + esac + echo "Autoloading module: ${m}" + kldload -n ${m} + done + devctl thaw +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/dhclient b/libexec/rc/rc.d/dhclient new file mode 100755 index 000000000000..520a0850ccbc --- /dev/null +++ b/libexec/rc/rc.d/dhclient @@ -0,0 +1,65 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dhclient +# KEYWORD: nojailvnet nostart + +. /etc/rc.subr +. /etc/network.subr + +ifn="$2" + +name="dhclient" +desc="Dynamic Host Configuration Protocol (DHCP) client" +rcvar= +pidfile="/var/run/dhclient/${name}.${ifn}.pid" +start_precmd="dhclient_prestart" +stop_precmd="dhclient_pre_check" + +# rc_force check can only be done at the run_rc_command +# time, so we're testing it in the pre* hooks. +dhclient_pre_check() +{ + if [ -z "${rc_force}" ] && ! dhcpif $ifn; then + local msg + msg="'$ifn' is not a DHCP-enabled interface" + if [ -z "${rc_quiet}" ]; then + echo "$msg" + else + debug "$msg" + fi + exit 1 + fi +} + +dhclient_prestart() +{ + dhclient_pre_check + + # Interface-specific flags (see rc.subr for $flags setting) + specific=$(get_if_var $ifn dhclient_flags_IF) + if [ -z "$flags" -a -n "$specific" ]; then + rc_flags=$specific + fi + + background_dhclient=$(get_if_var $ifn background_dhclient_IF $background_dhclient) + if checkyesno background_dhclient; then + rc_flags="${rc_flags} -b" + fi + + rc_flags="${rc_flags} ${ifn}" +} + +load_rc_config $name +load_rc_config network + +if [ -z $ifn ] ; then + # only complain if a command was specified but no interface + if [ -n "$1" ] ; then + err 1 "$0: no interface specified" + fi +fi + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg new file mode 100755 index 000000000000..3da6196b6ff5 --- /dev/null +++ b/libexec/rc/rc.d/dmesg @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dmesg +# REQUIRE: mountcritremote FILESYSTEMS +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="dmesg" +desc="Save kernel boot messages to disk" +rcvar="dmesg_enable" +dmesg_file="/var/run/dmesg.boot" +start_cmd="do_dmesg" +stop_cmd=":" + +do_dmesg() +{ + rm -f ${dmesg_file} + ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} ) +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon new file mode 100755 index 000000000000..dddbf2af01cc --- /dev/null +++ b/libexec/rc/rc.d/dumpon @@ -0,0 +1,77 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: dumpon +# BEFORE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="dumpon" +desc="Dump kernel corefiles from swap to disk" +start_cmd="dumpon_start" +stop_cmd="dumpon_stop" + +dumpon_try() +{ + local flags + + flags=${dumpon_flags} + if [ -n "${dumppubkey}" ]; then + warn "The dumppubkey variable is deprecated. Use dumpon_flags." + flags="${flags} -k ${dumppubkey}" + fi + /sbin/dumpon ${flags} "${1}" + if [ $? -eq 0 ]; then + # Make a symlink in devfs for savecore + ln -fs "${1}" /dev/dumpdev + return 0 + fi + warn "unable to specify $1 as a dump device" + return 1 +} + +dumpon_start() +{ + # Enable dumpdev so that savecore can see it. Enable it + # early so a crash early in the boot process can be caught. + # + case ${dumpdev} in + [Nn][Oo] | '') + ;; + [Aa][Uu][Tt][Oo]) + dev=$(/bin/kenv -q dumpdev) + if [ -n "${dev}" ] ; then + dumpon_try "${dev}" + return $? + fi + while read dev mp type more ; do + [ "${type}" = "swap" ] || continue + [ -c "${dev}" ] || continue + dumpon_try "${dev}" 2>/dev/null && return 0 + done </etc/fstab + echo "No suitable dump device was found." 1>&2 + return 1 + ;; + *) + dumpon_try "${dumpdev}" + ;; + esac +} + +dumpon_stop() +{ + case ${dumpdev} in + [Nn][Oo] | '') + ;; + *) + rm -f /dev/dumpdev + /sbin/dumpon -v off + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/fsck b/libexec/rc/rc.d/fsck new file mode 100755 index 000000000000..747d357c4412 --- /dev/null +++ b/libexec/rc/rc.d/fsck @@ -0,0 +1,93 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: fsck +# REQUIRE: swap +# KEYWORD: nojail + +. /etc/rc.subr + +name="fsck" +desc="Run file system checks" +start_cmd="fsck_start" +stop_cmd=":" + +fsck_start() +{ + if [ "$autoboot" = no ]; then + echo "Fast boot: skipping disk checks." + elif [ ! -r /etc/fstab ]; then + echo "Warning! No /etc/fstab: skipping disk checks." + elif [ "$autoboot" = yes ]; then + # During fsck ignore SIGQUIT + trap : 3 + + check_startmsgs && echo "Starting file system checks:" + if checkyesno background_fsck; then + fsck -F -p + else + fsck -p + fi + + err=$? + if [ ${err} -eq 3 ]; then + echo "Warning! Some of the devices might not be" \ + "available; retrying" + root_hold_wait + check_startmsgs && echo "Restarting file system checks:" + if checkyesno background_fsck; then + fsck -F -p + else + fsck -p + fi + err=$? + fi + + case ${err} in + 0) + ;; + 2) + stop_boot + ;; + 4) + echo "Rebooting..." + reboot + echo "Reboot failed; help!" + stop_boot + ;; + 8|16) + if checkyesno fsck_y_enable; then + echo "File system preen failed, trying fsck -y ${fsck_y_flags}" + fsck -y ${fsck_y_flags} + case $? in + 0) + ;; + *) + echo "Automatic file system check failed; help!" + stop_boot + ;; + esac + else + echo "Automatic file system check failed; help!" + stop_boot + fi + ;; + 12) + echo "Boot interrupted." + stop_boot + ;; + 130) + stop_boot + ;; + *) + echo "Unknown error ${err}; help!" + stop_boot + ;; + esac + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ftp-proxy b/libexec/rc/rc.d/ftp-proxy new file mode 100755 index 000000000000..76bbb6ad5dd1 --- /dev/null +++ b/libexec/rc/rc.d/ftp-proxy @@ -0,0 +1,76 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ftp-proxy +# REQUIRE: DAEMON pf +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ftpproxy" +desc="Internet File Transfer Protocol proxy daemon" +rcvar="ftpproxy_enable" +command="/usr/sbin/ftp-proxy" + +load_rc_config $name + +# +# manage_pid argument +# Create or remove a pidfile manually, for daemons that can't be bothered +# to do it themselves. Takes one argument, which is the argument provided +# to the rc script. The pidfile will be named /var/run/<$name>.pid, +# unless $pidfile is defined. +# +# The method used to determine the pid is rather hacky; grep ps output to +# find '$procname|$command', then grep for ${name}_flags. If at all +# possible, use another method if at all possible, to avoid that dirty- +# code feeling. +# +manage_pid() { + local search_string ps_pid + case $1 in + *start) + cmd_string=`basename ${procname:-${command}}` + eval flag_string=\"\$${name}_flags\" + # Determine the pid. + ps_pid=`ps ax -o pid= -o command= | grep $cmd_string | grep -e "$flag_string" | grep -v grep | awk '{ print $1 }'` + # Write the pidfile depending on $pidfile status. + echo $ps_pid > ${pidfile:-"/var/run/$name.pid"} + ;; + stop) + rm $pidfile + ;; + esac +} + +# Allow ftp-proxy to start up in two different ways. The typical behavior +# is to start up one instance of ftp-proxy by setting ftpproxy_enable and +# ftpproxy_flags. The alternate behavior allows multiple instances of ftp- +# proxy to be started, allowing different types of proxy behavior. To use the +# new behavior, a list of instances must be defined, and a list of flags for +# each instance. For example, if we want to start two instances of ftp-proxy, +# foo and bar, we would set the following vars. +# ftpproxy_enable="YES" +# ftpproxy_instances="foo bar" +# ftpproxy_foo="<arguments for foo>" +# ftpproxy_bar="<arguments for bar>" +# +# Starting more than one ftp-proxy? +if [ "$ftpproxy_instances" ] && [ -n "${ftpproxy_instances}" ]; then + # Iterate through instance list. + for i in $ftpproxy_instances; do + #eval ftpproxy_${i}_flags=\$ftpproxy_${i} + #eval name=ftpproxy_${i} + # Set flags for this instance. + eval ftpproxy_flags=\$ftpproxy_${i} + # Define a unique pid file name. + pidfile="/var/run/ftp-proxy.$i.pid" + run_rc_command "$1" + manage_pid $1 + done +else + # Traditional single-instance behavior + run_rc_command "$1" +fi diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd new file mode 100755 index 000000000000..dc623ea59436 --- /dev/null +++ b/libexec/rc/rc.d/ftpd @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ftpd +# REQUIRE: LOGIN FILESYSTEMS +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ftpd" +desc="Internet File Transfer Protocol daemon" +rcvar="ftpd_enable" +command="/usr/libexec/${name}" +pidfile="/var/run/${name}.pid" +start_precmd=ftpd_prestart + +ftpd_prestart() +{ + rc_flags="-D ${rc_flags}" + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/gbde b/libexec/rc/rc.d/gbde new file mode 100755 index 000000000000..1bbf3e40efa3 --- /dev/null +++ b/libexec/rc/rc.d/gbde @@ -0,0 +1,120 @@ +#!/bin/sh +# +# This file, originally written by Garrett A. Wollman, is in the public +# domain. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="gbde" +desc="GEOM Based Disk Encryption" +start_precmd="find_gbde_devices start" +stop_precmd="find_gbde_devices stop" +start_cmd="gbde_start" +stop_cmd="gbde_stop" + +find_gbde_devices() +{ + case "${gbde_devices-auto}" in + [Aa][Uu][Tt][Oo]) + gbde_devices="" + ;; + *) + return 0 + ;; + esac + + case "$1" in + start) + fstab="/etc/fstab" + ;; + stop) + fstab=$(mktemp /tmp/mtab.XXXXXX) + mount -p >${fstab} + ;; + esac + + # + # We can't use "mount -p | while ..." because when a shell loop + # is the target of a pipe it executes in a subshell, and so can't + # modify variables in the script. + # + while read device mountpt type options dump pass; do + case "$device" in + *.bde) + # Ignore swap devices + case "$type" in + swap) + continue + ;; + esac + + case "$options" in + *noauto*) + if checkyesno gbde_autoattach_all; then + gbde_devices="${gbde_devices} ${device}" + fi + ;; + *) + gbde_devices="${gbde_devices} ${device}" + ;; + esac + ;; + esac + done <${fstab} + + case "$1" in + stop) + rm -f ${fstab} + ;; + esac + + return 0 +} + +gbde_start() +{ + for device in $gbde_devices; do + parent=${device%.bde} + parent=${parent#/dev/} + parent_=`ltr ${parent} '/' '_'` + eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}" + if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then + echo "Configuring Disk Encryption for ${parent}." + + count=1 + while [ ${count} -le ${gbde_attach_attempts} ]; do + if [ -e "${lock}" ]; then + gbde attach ${parent} -l ${lock} + else + gbde attach ${parent} + fi + if [ -e "/dev/${parent}.bde" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}." + count=$((${count} + 1)) + done + fi + done +} + +gbde_stop() +{ + for device in $gbde_devices; do + parent=${device%.bde} + parent=${parent#/dev/} + if [ -e "/dev/${parent}.bde" ]; then + umount "/dev/${parent}.bde" 2>/dev/null + gbde detach "${parent}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli b/libexec/rc/rc.d/geli new file mode 100755 index 000000000000..e1442e439940 --- /dev/null +++ b/libexec/rc/rc.d/geli @@ -0,0 +1,126 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: disks +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli" +desc="GELI disk encryption" +start_precmd='[ -n "$(geli_make_list)" -o -n "${geli_groups}" ]' +start_cmd="geli_start" +stop_cmd="geli_stop" +required_modules="geom_eli:g_eli" + +geli_start() +{ + devices=`geli_make_list` + + if [ -z "${geli_tries}" ]; then + if [ -n "${geli_attach_attempts}" ]; then + # Compatibility with rc.d/gbde. + geli_tries=${geli_attach_attempts} + else + geli_tries=`${SYSCTL_N} kern.geom.eli.tries` + fi + fi + + for provider in ${devices}; do + provider_=`ltr ${provider} '/-' '_'` + + eval "flags=\${geli_${provider_}_flags}" + if [ -z "${flags}" ]; then + flags=${geli_default_flags} + fi + if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then + echo "Configuring Disk Encryption for ${provider}." + count=1 + while [ ${count} -le ${geli_tries} ]; do + geli attach ${flags} ${provider} + if [ -e "/dev/${provider}.eli" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${geli_tries}." + count=$((count+1)) + done + fi + done + + for group in ${geli_groups}; do + group_=`ltr ${group} '/-' '_'` + + eval "flags=\${geli_${group_}_flags}" + if [ -z "${flags}" ]; then + flags=${geli_default_flags} + fi + + eval "providers=\${geli_${group_}_devices}" + if [ -z "${providers}" ]; then + echo "No devices listed in geli group ${group}." + continue + fi + + if [ -e "/dev/${providers%% *}" -a ! -e "/dev/${providers%% *}.eli" ]; then + echo "Configuring Disk Encryption for geli group ${group}, containing ${providers}." + count=1 + while [ ${count} -le ${geli_tries} ]; do + geli attach ${flags} ${providers} + if [ -e "/dev/${providers%% *}.eli" ]; then + break + fi + echo "Attach failed; attempt ${count} of ${geli_tries}." + count=$((count+1)) + done + fi + done +} + +geli_stop() +{ + devices=`geli_make_list` + + for group in ${geli_groups}; do + group_=`ltr ${group} '/-' '_'` + + eval "providers=\${geli_${group_}_devices}" + + devices="${devices} ${providers}" + done + + for provider in ${devices}; do + if [ -e "/dev/${provider}.eli" ]; then + umount "/dev/${provider}.eli" 2>/dev/null + geli detach "${provider}" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/geli2 b/libexec/rc/rc.d/geli2 new file mode 100755 index 000000000000..a35f23fb279a --- /dev/null +++ b/libexec/rc/rc.d/geli2 @@ -0,0 +1,59 @@ +#!/bin/sh +# +# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: geli2 +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="geli2" +desc="GELI disk encryption" +start_cmd="geli2_start" +stop_cmd=":" + +geli2_start() +{ + devices=`geli_make_list` + + for provider in ${devices}; do + provider_=`ltr ${provider} '/-' '_'` + + eval "autodetach=\${geli_${provider_}_autodetach}" + if [ -z "${autodetach}" ]; then + autodetach=${geli_autodetach} + fi + if checkyesno autodetach && [ -e "/dev/${provider}.eli" ]; then + geli detach -l ${provider} + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/gptboot b/libexec/rc/rc.d/gptboot new file mode 100755 index 000000000000..a6cee684508a --- /dev/null +++ b/libexec/rc/rc.d/gptboot @@ -0,0 +1,77 @@ +#!/bin/sh +# +# Copyright (c) 2010 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: gptboot +# REQUIRE: mountcritremote +# KEYWORD: nojail + +. /etc/rc.subr + +name="gptboot" +rcvar="gptboot_enable" +start_cmd="gptboot_report" + +gptboot_report() +{ + gpart show | \ + egrep '(^=>| freebsd-ufs .*(\[|,)(bootfailed|bootonce)(,|\]))' | \ + sed 's/^=>//' | \ + egrep -v '(\[|,)bootme(,|\])' | \ + while read start size pos type attrs rest; do + case "${pos}" in + [0-9]*) + if [ -n "${disk}" ]; then + part="${disk}p${pos}" + echo "${attrs}" | egrep -q '(\[|,)bootfailed(,|\])' + bootfailed=$? + echo "${attrs}" | egrep -q '(\[|,)bootonce(,|\])' + bootonce=$? + if [ ${bootfailed} -eq 0 ]; then + logger -t gptboot -p local0.notice "Boot from ${part} failed." + gpart unset -a bootfailed -i ${pos} ${disk} >/dev/null + elif [ ${bootonce} -eq 0 ]; then + # We want to log success after all failures. + echo -n "Boot from ${part} succeeded." + gpart unset -a bootonce -i ${pos} ${disk} >/dev/null + fi + fi + ;; + *) + if [ "${type}" = "GPT" ]; then + disk="${pos}" + else + disk="" + fi + ;; + esac + done | logger -t gptboot -p local0.notice +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/growfs b/libexec/rc/rc.d/growfs new file mode 100755 index 000000000000..9b69eb6b3520 --- /dev/null +++ b/libexec/rc/rc.d/growfs @@ -0,0 +1,98 @@ +#!/bin/sh +# +# Copyright 2014 John-Mark Gurney +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: growfs +# BEFORE: sysctl +# KEYWORD: firstboot + +# This allows us to distribute a image +# and have it work on essentially any size drive. +# +# TODO: Figure out where this should really be ordered. +# I suspect it should go just after fsck but before mountcritlocal. +# + +. /etc/rc.subr + +name="growfs" +desc="Grow root partition to fill device" +start_cmd="growfs_start" +stop_cmd=":" +rcvar="growfs_enable" + +growfs_start () +{ + echo "Growing root partition to fill device" + rootdev=$(df / | tail -n 1 | awk '{ sub("/dev/", "", $1); print $1 }') + if [ x"$rootdev" = x"${rootdev%/*}" ]; then + # raw device + rawdev="$rootdev" + else + rawdev=$(glabel status | awk '$1 == "'"$rootdev"'" { print $3 }') + if [ x"$rawdev" = x"" ]; then + echo "Can't figure out device for: $rootdev" + return + fi + fi + + sysctl -b kern.geom.conftxt | awk ' +{ + lvl=$1 + device[lvl] = $3 + type[lvl] = $2 + idx[lvl] = $7 + parttype[lvl] = $13 + if (dev == $3) { + for (i = 1; i <= lvl; i++) { + # resize + if (type[i] == "PART") { + pdev = device[i - 1] + cmd[i] = "gpart resize -i " idx[i] " " pdev + if (parttype[i] == "GPT") + cmd[i] = "gpart recover " pdev " ; " cmd[i] + } else if (type[i] == "LABEL") { + continue + } else { + print "unhandled type: " type[i] + exit 1 + } + } + for (i = 1; i <= lvl; i++) { + if (cmd[i]) + system(cmd[i]) + } + exit 0 + } +}' dev="$rawdev" + gpart commit "$rootdev" + growfs -y /dev/"$rootdev" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/gssd b/libexec/rc/rc.d/gssd new file mode 100755 index 000000000000..1d7e72a42ffb --- /dev/null +++ b/libexec/rc/rc.d/gssd @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: gssd +# REQUIRE: root +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name=gssd +desc="Generic Security Services Daemon" +rcvar=gssd_enable + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/hastd b/libexec/rc/rc.d/hastd new file mode 100755 index 000000000000..c170be401be6 --- /dev/null +++ b/libexec/rc/rc.d/hastd @@ -0,0 +1,30 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hastd +# REQUIRE: NETWORKING syslogd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hastd" +desc="Highly Available Storage daemon" +rcvar="hastd_enable" +pidfile="/var/run/${name}.pid" +command="/sbin/${name}" +hastctl="/sbin/hastctl" +required_files="/etc/hast.conf" +stop_precmd="hastd_stop_precmd" +required_modules="geom_gate:g_gate" +extra_commands="reload" + +hastd_stop_precmd() +{ + ${hastctl} role init all +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/hcsecd b/libexec/rc/rc.d/hcsecd new file mode 100755 index 000000000000..3c8f0e71e299 --- /dev/null +++ b/libexec/rc/rc.d/hcsecd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hcsecd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hcsecd" +desc="Control link keys and PIN codes for Bluetooth devices" +rcvar="hcsecd_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_modules="ng_btsocket" + +load_rc_config $name +config="${hcsecd_config:-/etc/bluetooth/${name}.conf}" +command_args="-f ${config}" +required_files="${config}" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostapd b/libexec/rc/rc.d/hostapd new file mode 100755 index 000000000000..d0c2d88f2ff4 --- /dev/null +++ b/libexec/rc/rc.d/hostapd @@ -0,0 +1,33 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hostapd +# REQUIRE: mountcritremote +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="hostapd" +desc="Authenticator for IEEE 802.11 networks" +command="/usr/sbin/${name}" + +ifn="$2" +if [ -z "$ifn" ]; then + rcvar="hostapd_enable" + conf_file="/etc/${name}.conf" + pidfile="/var/run/${name}.pid" +else + rcvar= + conf_file="/etc/${name}-${ifn}.conf" + pidfile="/var/run/${name}-${ifn}.pid" +fi + +command_args="-P ${pidfile} -B ${conf_file}" +required_files="${conf_file}" +required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp" +extra_commands="reload" + +load_rc_config ${name} +run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid b/libexec/rc/rc.d/hostid new file mode 100755 index 000000000000..3cf7dd42eb6c --- /dev/null +++ b/libexec/rc/rc.d/hostid @@ -0,0 +1,151 @@ +#!/bin/sh +# +# Copyright (c) 2007 Pawel Jakub Dawidek <pjd@FreeBSD.org> +# Copyright (c) 2015 Xin LI <delphij@FreeBSD.org> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: hostid +# REQUIRE: sysctl +# KEYWORD: nojail + +. /etc/rc.subr + +name="hostid" +desc="Generate a unique host ID" +start_cmd="hostid_start" +stop_cmd=":" +reset_cmd="hostid_reset" +extra_commands="reset" +rcvar="hostid_enable" + +hostid_set() +{ + uuid=$1 + # Generate hostid based on hostuuid - take first four bytes from md5(uuid). + id=`echo -n $uuid | /sbin/md5` + id="0x${id%????????????????????????}" + + # Set both kern.hostuuid and kern.hostid. + # + check_startmsgs && echo "Setting hostuuid: ${uuid}." + ${SYSCTL} kern.hostuuid="${uuid}" >/dev/null + check_startmsgs && echo "Setting hostid: ${id}." + ${SYSCTL} kern.hostid=${id} >/dev/null +} + +valid_hostid() +{ + uuid=$1 + + x="[0-9a-f]" + y=$x$x$x$x + + # Check against a blacklist before + # accepting the UUID. + case "${uuid}" in + 00000000-0000-0000-0000-000000000000) + ;; + 00020003-0004-0005-0006-000700080009) + ;; + 03000200-0400-0500-0006-000700080009) + ;; + 07090201-0103-0301-0807-060504030201) + ;; + 11111111-1111-1111-1111-111111111111) + ;; + 11111111-2222-3333-4444-555555555555) + ;; + 4c4c4544-0000-2010-8020-80c04f202020) + ;; + 58585858-5858-5858-5858-585858585858) + ;; + 890e2d14-cacd-45d1-ae66-bc80e8bfeb0f) + ;; + 8e275844-178f-44a8-aceb-a7d7e5178c63) + ;; + dc698397-fa54-4cf2-82c8-b1b5307a6a7f) + ;; + fefefefe-fefe-fefe-fefe-fefefefefefe) + ;; + *-ffff-ffff-ffff-ffffffffffff) + ;; + $y$y-$y-$y-$y-$y$y$y) + return 0 + ;; + esac + + return 1 +} + +hostid_hardware() +{ + uuid=`kenv -q smbios.system.uuid` + + if valid_hostid $uuid; then + echo "${uuid}" + fi +} + +hostid_generate() +{ + # First look for UUID in hardware. + uuid=`hostid_hardware` + if [ -z "${uuid}" ]; then + warn "hostid: unable to figure out a UUID from DMI data, generating a new one" + sleep 2 + # If not found, fall back to software-generated UUID. + uuid=`uuidgen` + fi + hostid_set $uuid +} + +hostid_reset() +{ + hostid_generate + # Store newly generated UUID in ${hostid_file}. + echo $uuid > ${hostid_file} + if [ $? -ne 0 ]; then + warn "could not store hostuuid in ${hostid_file}." + fi +} + +hostid_start() +{ + # If ${hostid_file} already exists, we take UUID from there. + if [ -r ${hostid_file} ]; then + read saved_hostid < ${hostid_file} + if valid_hostid ${saved_hostid}; then + hostid_set `cat ${hostid_file}` + exit 0 + fi + fi + + # No hostid file, generate UUID. + hostid_generate +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostid_save b/libexec/rc/rc.d/hostid_save new file mode 100755 index 000000000000..f535ea2596f2 --- /dev/null +++ b/libexec/rc/rc.d/hostid_save @@ -0,0 +1,36 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hostid_save +# REQUIRE: hostid root +# KEYWORD: nojail + +. /etc/rc.subr + +name="hostid_save" +desc="Save unique host ID to disk" +start_cmd="hostid_save" +stop_cmd=":" +rcvar="hostid_enable" + +hostid_save() +{ + current_hostid=`$SYSCTL_N kern.hostuuid` + + if [ -r ${hostid_file} ]; then + read saved_hostid < ${hostid_file} + if [ ${saved_hostid} = ${current_hostid} ]; then + exit 0 + fi + fi + + echo ${current_hostid} > ${hostid_file} + if [ $? -ne 0 ]; then + warn "could not store hostuuid in ${hostid_file}." + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/hostname b/libexec/rc/rc.d/hostname new file mode 100755 index 000000000000..148b61fd68f2 --- /dev/null +++ b/libexec/rc/rc.d/hostname @@ -0,0 +1,81 @@ +#!/bin/sh +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: hostname +# REQUIRE: FILESYSTEMS +# BEFORE: netif + +. /etc/rc.subr +. /etc/network.subr + +name="hostname" +desc="Set the system\'s hostname" +start_cmd="hostname_start" +stop_cmd=":" + +hostname_start() +{ + # If we are not inside a jail, set the host name. + # If we are inside a jail, set the host name if it is permitted. + # + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then + return + fi + else + # If we're not in a jail and rc.conf doesn't specify a + # hostname, see if we can get one from kenv. + # + if [ -z "${hostname}" -a \ + -n "`/bin/kenv dhcp.host-name 2> /dev/null`" ]; then + hostname=`/bin/kenv dhcp.host-name` + fi + fi + + # Have we got a hostname yet? + # + if [ -z "${hostname}" ]; then + # Null hostname is probably OK if DHCP is in use, + # or when hostname is already set (common for jails). + # + if [ -z "`list_net_interfaces dhcp`" -a \ + -z "`/bin/hostname`" ]; then + warn "\$hostname is not set -- see rc.conf(5)." + fi + return + fi + + # All right, it is safe to invoke hostname(1) now. + # + check_startmsgs && echo -n "Setting hostname: ${hostname}" + /bin/hostname "${hostname}" + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/inetd b/libexec/rc/rc.d/inetd new file mode 100755 index 000000000000..aa8ac20aeae3 --- /dev/null +++ b/libexec/rc/rc.d/inetd @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: inetd +# REQUIRE: DAEMON LOGIN FILESYSTEMS +# KEYWORD: shutdown + +. /etc/rc.subr + +name="inetd" +desc="Internet \"super-server\"" +rcvar="inetd_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/${name}.conf" +extra_commands="reload" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/iovctl b/libexec/rc/rc.d/iovctl new file mode 100644 index 000000000000..1958a266a9c9 --- /dev/null +++ b/libexec/rc/rc.d/iovctl @@ -0,0 +1,39 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: iovctl +# REQUIRE: FILESYSTEMS sysctl + +. /etc/rc.subr + +name="iovctl" +command="/usr/sbin/iovctl" +start_cmd="iovctl_start" +stop_cmd="iovctl_stop" + +run_iovctl() +{ + local _f flag + + flag=$1 + for _f in ${iovctl_files} ; do + if [ -r ${_f} ]; then + ${command} ${flag} -f ${_f} > /dev/null + fi + done +} + +iovctl_start() +{ + run_iovctl -C +} + +iovctl_stop() +{ + run_iovctl -D +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ip6addrctl b/libexec/rc/rc.d/ip6addrctl new file mode 100755 index 000000000000..3260b1cab9a5 --- /dev/null +++ b/libexec/rc/rc.d/ip6addrctl @@ -0,0 +1,124 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ip6addrctl +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="ip6addrctl" +desc="configure address selection policy for IPv6 and IPv4" +rcvar="ip6addrctl_enable" +start_cmd="ip6addrctl_start" +stop_cmd="ip6addrctl_stop" +extra_commands="status prefer_ipv6 prefer_ipv4" +status_cmd="ip6addrctl" +prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" +prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" +config_file="/etc/ip6addrctl.conf" + +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer ip6addrctl_policy + +IP6ADDRCTL_CMD="/usr/sbin/ip6addrctl" + +ip6addrctl_prefer_ipv6() +{ + afexists inet6 || return 0 + + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + cat <<EOT | ${IP6ADDRCTL_CMD} install /dev/stdin + ::1/128 50 0 + ::/0 40 1 + ::ffff:0:0/96 35 4 + 2002::/16 30 2 + 2001::/32 5 5 + fc00::/7 3 13 + ::/96 1 3 + fec0::/10 1 11 + 3ffe::/16 1 12 +EOT +} + +ip6addrctl_prefer_ipv4() +{ + afexists inet6 || return 0 + + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + cat <<EOT | ${IP6ADDRCTL_CMD} install /dev/stdin + ::1/128 50 0 + ::/0 40 1 + ::ffff:0:0/96 100 4 + 2002::/16 30 2 + 2001::/32 5 5 + fc00::/7 3 13 + ::/96 1 3 + fec0::/10 1 11 + 3ffe::/16 1 12 +EOT +} + +ip6addrctl_start() +{ + afexists inet6 || return 0 + + # install the policy of the address selection algorithm. + case "${ip6addrctl_policy}" in + [Aa][Uu][Tt][Oo]) + if [ -r "${config_file}" -a -s "${config_file}" ]; then + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + ${IP6ADDRCTL_CMD} install "${config_file}" + else + if checkyesno ipv6_activate_all_interfaces; then + ip6addrctl_prefer_ipv6 + elif [ -n "$(list_vars ifconfig_\*_ipv6)" ]; then + ip6addrctl_prefer_ipv6 + else + ip6addrctl_prefer_ipv4 + fi + fi + ;; + ipv4_prefer) + ip6addrctl_prefer_ipv4 + ;; + ipv6_prefer) + ip6addrctl_prefer_ipv6 + ;; + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + # Backward compatibility when ipv6_prefer=YES + ip6addrctl_prefer_ipv6 + ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + # Backward compatibility when ipv6_prefer=NO + ip6addrctl_prefer_ipv4 + ;; + [Nn][Oo][Nn][Ee]) + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + ;; + *) + warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ + " \"ipv4_prefer\" is used instead." + ip6addrctl_prefer_ipv4 + ;; + esac + + if checkyesno ip6addrctl_verbose; then + echo 'Address selection policy table for IPv4 and IPv6:' + ${IP6ADDRCTL_CMD} + fi +} + +ip6addrctl_stop() +{ + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfilter b/libexec/rc/rc.d/ipfilter new file mode 100755 index 000000000000..5c1a86876d6c --- /dev/null +++ b/libexec/rc/rc.d/ipfilter @@ -0,0 +1,90 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfilter +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipfilter" +desc="IP packet filter" +rcvar="ipfilter_enable" +load_rc_config $name +stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}" + +start_precmd="$stop_precmd" +start_cmd="ipfilter_start" +stop_cmd="ipfilter_stop" +reload_precmd="$stop_precmd" +reload_cmd="ipfilter_reload" +resync_precmd="$stop_precmd" +resync_cmd="ipfilter_resync" +status_precmd="$stop_precmd" +status_cmd="ipfilter_status" +extra_commands="reload resync" +required_modules="ipl:ipfilter" + +ipfilter_start() +{ + echo "Enabling ipfilter." + if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + ${ipfilter_program:-/sbin/ipf} -E + fi + ${ipfilter_program:-/sbin/ipf} -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} \ + -f "${ipfilter_rules}" ${ipfilter_flags} + fi + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + fi +} + +ipfilter_stop() +{ + if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then + echo "Saving firewall state tables" + ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags} + echo "Disabling ipfilter." + ${ipfilter_program:-/sbin/ipf} -D + fi +} + +ipfilter_reload() +{ + echo "Reloading ipfilter rules." + + ${ipfilter_program:-/sbin/ipf} -I -Fa + if [ -r "${ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I \ + -f "${ipfilter_rules}" ${ipfilter_flags} + if [ $? -ne 0 ]; then + err 1 'Load of rules into alternate set failed; aborting reload' + fi + fi + if [ -r "${ipv6_ipfilter_rules}" ]; then + ${ipfilter_program:-/sbin/ipf} -I -6 \ + -f "${ipv6_ipfilter_rules}" ${ipfilter_flags} + if [ $? -ne 0 ]; then + err 1 'Load of IPv6 rules into alternate set failed; aborting reload' + fi + fi + ${ipfilter_program:-/sbin/ipf} -s + +} + +ipfilter_resync() +{ + ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} +} + +ipfilter_status() +{ + ${ipfilter_program:-/sbin/ipf} -V +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfs b/libexec/rc/rc.d/ipfs new file mode 100755 index 000000000000..0cb968f0e4a5 --- /dev/null +++ b/libexec/rc/rc.d/ipfs @@ -0,0 +1,52 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfs +# REQUIRE: ipnat +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ipfs" +desc="Saves and restores information for NAT and state tables" +rcvar="ipfs_enable" +start_cmd="ipfs_start" +stop_cmd="ipfs_stop" +start_precmd="ipfs_prestart" + +ipfs_prestart() +{ + # Do not continue if either ipnat or ipfilter is not enabled or + # if the ipfilter module is not loaded. + # + if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} + +ipfs_start() +{ + if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then + ${ipfs_program} -R ${rc_flags} + rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf + fi +} + +ipfs_stop() +{ + if [ ! -d /var/db/ipf ]; then + mkdir /var/db/ipf + chmod 700 /var/db/ipf + chown root:wheel /var/db/ipf + fi + ${ipfs_program} -W ${rc_flags} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw new file mode 100755 index 000000000000..e0c46f8ef925 --- /dev/null +++ b/libexec/rc/rc.d/ipfw @@ -0,0 +1,133 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfw +# REQUIRE: ppp +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="ipfw" +desc="Firewall, traffic shaper, packet scheduler, in-kernel NAT" +rcvar="firewall_enable" +start_cmd="ipfw_start" +start_precmd="ipfw_prestart" +start_postcmd="ipfw_poststart" +stop_cmd="ipfw_stop" +status_cmd="ipfw_status" +required_modules="ipfw" +extra_commands="status" + +set_rcvar_obsolete ipv6_firewall_enable + +ipfw_prestart() +{ + if checkyesno dummynet_enable; then + required_modules="$required_modules dummynet" + fi + if checkyesno natd_enable; then + required_modules="$required_modules ipdivert" + fi + if checkyesno firewall_nat_enable; then + required_modules="$required_modules ipfw_nat" + fi +} + +ipfw_start() +{ + local _firewall_type + + if [ -n "${1}" ]; then + _firewall_type=$1 + else + _firewall_type=${firewall_type} + fi + + # set the firewall rules script if none was specified + [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall + + if [ -r "${firewall_script}" ]; then + /bin/sh "${firewall_script}" "${_firewall_type}" + echo 'Firewall rules loaded.' + elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then + echo 'Warning: kernel has firewall functionality, but' \ + ' firewall rules are not enabled.' + echo ' All ip services are disabled.' + fi + + # Firewall logging + # + if checkyesno firewall_logging; then + echo 'Firewall logging enabled.' + ${SYSCTL} net.inet.ip.fw.verbose=1 >/dev/null + fi + if checkyesno firewall_logif; then + ifconfig ipfw0 create + echo 'Firewall logging pseudo-interface (ipfw0) created.' + fi +} + +ipfw_poststart() +{ + local _coscript + + # Start firewall coscripts + # + for _coscript in ${firewall_coscripts} ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstart + fi + done + + # Enable the firewall + # + if ! ${SYSCTL} net.inet.ip.fw.enable=1 >/dev/null 2>&1; then + warn "failed to enable IPv4 firewall" + fi + if afexists inet6; then + if ! ${SYSCTL} net.inet6.ip6.fw.enable=1 >/dev/null 2>&1 + then + warn "failed to enable IPv6 firewall" + fi + fi +} + +ipfw_stop() +{ + local _coscript + + # Disable the firewall + # + ${SYSCTL} net.inet.ip.fw.enable=0 >/dev/null + if afexists inet6; then + ${SYSCTL} net.inet6.ip6.fw.enable=0 >/dev/null + fi + + # Stop firewall coscripts + # + for _coscript in `reverse_list ${firewall_coscripts}` ; do + if [ -f "${_coscript}" ]; then + ${_coscript} quietstop + fi + done +} + +ipfw_status() +{ + status=$(sysctl -i -n net.inet.ip.fw.enable) + if [ ${status:-0} -eq 0 ]; then + echo "ipfw is not enabled" + exit 1 + else + echo "ipfw is enabled" + exit 0 + fi +} + +load_rc_config $name +firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}" + +run_rc_command $* diff --git a/libexec/rc/rc.d/ipfw_netflow b/libexec/rc/rc.d/ipfw_netflow new file mode 100755 index 000000000000..b9523db9eb5a --- /dev/null +++ b/libexec/rc/rc.d/ipfw_netflow @@ -0,0 +1,77 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipfw_netflow +# REQUIRE: ipfw +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="ipfw_netflow" +desc="firewall, ipfw, netflow" +rcvar="${name}_enable" +start_cmd="${name}_start" +stop_cmd="${name}_stop" +start_precmd="${name}_test" +status_cmd="${name}_status" +required_modules="ipfw ng_netflow ng_ipfw" +extra_commands="status" + +: ${ipfw_netflow_hook:=9995} +: ${ipfw_netflow_rule:=01000} +: ${ipfw_netflow_ip:=127.0.0.1} +: ${ipfw_netflow_port:=9995} +: ${ipfw_netflow_version:=} + +ipfw_netflow_test() +{ + if [ "${ipfw_netflow_version}" != "" ] && [ "${ipfw_netflow_version}" != 9 ]; then + err 1 "Unknown netflow version \'${ipfw_netflow_version}\'" + fi + case "${ipfw_netflow_hook}" in + [!0-9]*) + err 1 "Bad value \"${ipfw_netflow_hook}\": Hook must be numerical" + esac + case "${ipfw_netflow_rule}" in + [!0-9]*) + err 1 "Bad value \"${ipfw_netflow_rule}\": Rule number must be numerical" + esac +} + +ipfw_netflow_is_running() +{ + ngctl show netflow: > /dev/null 2>&1 && return 0 || return 1 +} + +ipfw_netflow_status() +{ + ipfw_netflow_is_running && echo "ipfw_netflow is active" || echo "ipfw_netflow is not active" +} + +ipfw_netflow_start() +{ + ipfw_netflow_is_running && err 1 "ipfw_netflow is already active" + ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}} + ngctl -f - <<-EOF + mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0 + name ipfw:${ipfw_netflow_hook} netflow + mkpeer netflow: ksocket export${ipfw_netflow_version} inet/dgram/udp + msg netflow: setdlt {iface=0 dlt=12} + name netflow:export${ipfw_netflow_version} netflow_export + msg netflow:export${ipfw_netflow_version} connect inet/${ipfw_netflow_ip}:${ipfw_netflow_port} +EOF +} + +ipfw_netflow_stop() +{ + ipfw_netflow_is_running || err 1 "ipfw_netflow is not active" + ngctl shutdown netflow: + ipfw delete ${ipfw_netflow_rule} +} + +load_rc_config $name + +run_rc_command $* diff --git a/libexec/rc/rc.d/ipmon b/libexec/rc/rc.d/ipmon new file mode 100755 index 000000000000..129bdda157f9 --- /dev/null +++ b/libexec/rc/rc.d/ipmon @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipmon +# REQUIRE: FILESYSTEMS hostname sysctl ipfilter +# BEFORE: SERVERS +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipmon" +desc="Monitors /dev/ipl for logged packets" +rcvar="ipmon_enable" +command="/sbin/${name}" +start_precmd="ipmon_precmd" + +ipmon_precmd() +{ + # Continue only if ipfilter or ipnat is enabled and the + # ipfilter module is loaded. + # + if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then + err 1 "${name} requires either ipfilter or ipnat enabled" + fi + if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then + err 1 "ipfilter module is not loaded" + fi + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipnat b/libexec/rc/rc.d/ipnat new file mode 100755 index 000000000000..6914bceaf466 --- /dev/null +++ b/libexec/rc/rc.d/ipnat @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipnat +# REQUIRE: ipfilter +# KEYWORD: nojail + +. /etc/rc.subr + +name="ipnat" +desc="user interface to the NAT subsystem" +rcvar="ipnat_enable" +load_rc_config $name +start_cmd="ipnat_start" +stop_cmd="${ipnat_program} -F -C" +reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}" +extra_commands="reload" +required_files="${ipnat_rules}" +required_modules="ipl:ipfilter" + +ipnat_start() +{ + echo "Installing NAT rules." + ${ipnat_program} -CF -f ${ipnat_rules} ${ipnat_flags} +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_master b/libexec/rc/rc.d/ipropd_master new file mode 100755 index 000000000000..0611dea794d8 --- /dev/null +++ b/libexec/rc/rc.d/ipropd_master @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipropd_master +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=ipropd_master +rcvar=${name}_enable +required_files="$ipropd_master_keytab" +start_precmd=${name}_start_precmd +start_postcmd=${name}_start_postcmd + +ipropd_master_start_precmd() +{ + + if [ -z "$ipropd_master_slaves" ]; then + warn "\$ipropd_master_slaves is empty." + return 1 + fi + for _slave in $ipropd_master_slaves; do + echo $_slave + done > /var/heimdal/slaves || return 1 + command_args="$command_args \ + --keytab=\"$ipropd_master_keytab\" \ + --detach \ + " +} +ipropd_master_start_postcmd() +{ + + echo "${name}: slave nodes: $ipropd_master_slaves" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipropd_slave b/libexec/rc/rc.d/ipropd_slave new file mode 100755 index 000000000000..70c4c70e98cc --- /dev/null +++ b/libexec/rc/rc.d/ipropd_slave @@ -0,0 +1,32 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipropd_slave +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=ipropd_slave +rcvar=${name}_enable +required_files="$ipropd_slave_keytab" +start_precmd=${name}_start_precmd + +ipropd_slave_start_precmd() +{ + + if [ -z "$ipropd_slave_master" ]; then + warn "\$ipropd_slave_master is empty." + return 1 + fi + command_args=" \ + $command_args \ + --keytab=\"$ipropd_slave_keytab\" \ + --detach \ + $ipropd_slave_master" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec new file mode 100755 index 000000000000..a48bd485d999 --- /dev/null +++ b/libexec/rc/rc.d/ipsec @@ -0,0 +1,60 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ipsec +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON mountcritremote +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="ipsec" +desc="Internet Protocol Security protocol" +rcvar="ipsec_enable" +start_precmd="ipsec_prestart" +start_cmd="ipsec_start" +stop_precmd="test -f $ipsec_file" +stop_cmd="ipsec_stop" +reload_cmd="ipsec_reload" +extra_commands="reload" +ipsec_program="/sbin/setkey" +# ipsec_file is set by rc.conf + +ipsec_prestart() +{ + if [ ! -f "$ipsec_file" ]; then + warn "$ipsec_file not readable; ipsec start aborted." + stop_boot + return 1 + fi + return 0 +} + +ipsec_start() +{ + echo "Installing ipsec manual keys/policies." + ${ipsec_program} -f $ipsec_file +} + +ipsec_stop() +{ + echo "Clearing ipsec manual keys/policies." + + # Still not 100% sure if we would like to do this. + # It is very questionable to do this during shutdown session + # since it can hang any of the remaining IPv4/v6 sessions. + # + ${ipsec_program} -F + ${ipsec_program} -FP +} + +ipsec_reload() +{ + echo "Reloading ipsec manual keys/policies." + ${ipsec_program} -f "$ipsec_file" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsictl b/libexec/rc/rc.d/iscsictl new file mode 100755 index 000000000000..6ae3910f0628 --- /dev/null +++ b/libexec/rc/rc.d/iscsictl @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: iscsictl +# REQUIRE: NETWORK iscsid +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="iscsictl" +desc="iSCSI initiator management utility" +rcvar="iscsictl_enable" +command="/usr/bin/${name}" +command_args="${iscsictl_flags}" +required_modules="iscsi" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/iscsid b/libexec/rc/rc.d/iscsid new file mode 100755 index 000000000000..3b1cb6f40d1c --- /dev/null +++ b/libexec/rc/rc.d/iscsid @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: iscsid +# REQUIRE: NETWORK +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="iscsid" +desc="iSCSI initiator daemon" +rcvar="iscsid_enable" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/${name}" +required_modules="iscsi" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/jail b/libexec/rc/rc.d/jail new file mode 100755 index 000000000000..9e6c7e847dba --- /dev/null +++ b/libexec/rc/rc.d/jail @@ -0,0 +1,601 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: jail +# REQUIRE: LOGIN FILESYSTEMS +# BEFORE: securelevel +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="jail" +desc="Manage system jails" +rcvar="jail_enable" + +start_cmd="jail_start" +start_postcmd="jail_warn" +stop_cmd="jail_stop" +config_cmd="jail_config" +console_cmd="jail_console" +status_cmd="jail_status" +extra_commands="config console status" +: ${jail_conf:=/etc/jail.conf} +: ${jail_program:=/usr/sbin/jail} +: ${jail_consolecmd:=/usr/bin/login -f root} +: ${jail_jexec:=/usr/sbin/jexec} +: ${jail_jls:=/usr/sbin/jls} + +need_dad_wait= + +# extract_var jv name param num defval +# Extract value from ${jail_$jv_$name} or ${jail_$name} and +# set it to $param. If not defined, $defval is used. +# When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and +# $param is set by using +=. $num=0 is optional (params may start at 1). +# When $num is YN or NY, the value is interpreted as boolean. +# When $num is @, the value is interpreted as an array separted by IFS. +extract_var() +{ + local i _jv _name _param _num _def _name1 _name2 + _jv=$1 + _name=$2 + _param=$3 + _num=$4 + _def=$5 + + case $_num in + YN) + _name1=jail_${_jv}_${_name} + _name2=jail_${_name} + eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" + if checkyesno $_name1; then + echo " $_param = 1;" + else + echo " $_param = 0;" + fi + ;; + NY) + _name1=jail_${_jv}_${_name} + _name2=jail_${_name} + eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" + if checkyesno $_name1; then + echo " $_param = 0;" + else + echo " $_param = 1;" + fi + ;; + [0-9]*) + i=$_num + while : ; do + _name1=jail_${_jv}_${_name}${i} + _name2=jail_${_name}${i} + eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" + if [ -n "$_tmpargs" ]; then + echo " $_param += \"$_tmpargs\";" + elif [ $i != 0 ]; then + break; + fi + i=$(($i + 1)) + done + ;; + @) + _name1=jail_${_jv}_${_name} + _name2=jail_${_name} + eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" + set -- $_tmpargs + if [ $# -gt 0 ]; then + echo -n " $_param = " + while [ $# -gt 1 ]; do + echo -n "\"$1\", " + shift + done + echo "\"$1\";" + fi + ;; + *) + _name1=jail_${_jv}_${_name} + _name2=jail_${_name} + eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" + if [ -n "$_tmpargs" ]; then + echo " $_param = \"$_tmpargs\";" + fi + ;; + esac +} + +# parse_options _j _jv +# Parse options and create a temporary configuration file if necessary. +# +parse_options() +{ + local _j _jv _p + _j=$1 + _jv=$2 + + _confwarn=0 + if [ -z "$_j" ]; then + warn "parse_options: you must specify a jail" + return + fi + eval _jconf=\"\${jail_${_jv}_conf:-/etc/jail.${_j}.conf}\" + eval _rootdir=\"\$jail_${_jv}_rootdir\" + eval _hostname=\"\$jail_${_jv}_hostname\" + if [ -z "$_rootdir" -o \ + -z "$_hostname" ]; then + if [ -r "$_jconf" ]; then + _conf="$_jconf" + return 0 + elif [ -r "$jail_conf" ]; then + _conf="$jail_conf" + return 0 + else + warn "Invalid configuration for $_j " \ + "(no jail.conf, no hostname, or no path). " \ + "Jail $_j was ignored." + fi + return 1 + fi + eval _ip=\"\$jail_${_jv}_ip\" + if [ -z "$_ip" ] && ! check_kern_features vimage; then + warn "no ipaddress specified and no vimage support. " \ + "Jail $_j was ignored." + return 1 + fi + _conf=/var/run/jail.${_j}.conf + # + # To relieve confusion, show a warning message. + # + : ${jail_confwarn:=YES} + checkyesno jail_confwarn && _confwarn=1 + if [ -r "$jail_conf" -o -r "$_jconf" ]; then + if ! checkyesno jail_parallel_start; then + warn "$_conf is created and used for jail $_j." + fi + fi + /usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1 + + eval : \${jail_${_jv}_flags:=${jail_flags}} + eval _exec=\"\$jail_${_jv}_exec\" + eval _exec_start=\"\$jail_${_jv}_exec_start\" + eval _exec_stop=\"\$jail_${_jv}_exec_stop\" + if [ -n "${_exec}" ]; then + # simple/backward-compatible execution + _exec_start="${_exec}" + _exec_stop="" + else + # flexible execution + if [ -z "${_exec_start}" ]; then + _exec_start="/bin/sh /etc/rc" + if [ -z "${_exec_stop}" ]; then + _exec_stop="/bin/sh /etc/rc.shutdown" + fi + fi + fi + eval _interface=\"\${jail_${_jv}_interface:-${jail_interface}}\" + eval _parameters=\"\${jail_${_jv}_parameters:-${jail_parameters}}\" + eval _fstab=\"\${jail_${_jv}_fstab:-${jail_fstab:-/etc/fstab.$_j}}\" + ( + date +"# Generated by rc.d/jail at %Y-%m-%d %H:%M:%S" + echo "$_j {" + extract_var $_jv hostname host.hostname - "" + extract_var $_jv rootdir path - "" + if [ -n "$_ip" ]; then + extract_var $_jv interface interface - "" + jail_handle_ips_option $_ip $_interface + alias=0 + while : ; do + eval _x=\"\$jail_${_jv}_ip_multi${alias}\" + [ -z "$_x" ] && break + + jail_handle_ips_option $_x $_interface + alias=$(($alias + 1)) + done + case $need_dad_wait in + 1) + # Sleep to let DAD complete before + # starting services. + echo " exec.start += \"sleep " \ + $(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1)) \ + "\";" + ;; + esac + # These are applicable only to non-vimage jails. + extract_var $_jv fib exec.fib - "" + extract_var $_jv socket_unixiproute_only \ + allow.raw_sockets NY YES + else + echo " vnet;" + extract_var $_jv vnet_interface vnet.interface @ "" + fi + + echo " exec.clean;" + echo " exec.system_user = \"root\";" + echo " exec.jail_user = \"root\";" + extract_var $_jv exec_prestart exec.prestart 0 "" + extract_var $_jv exec_poststart exec.poststart 0 "" + extract_var $_jv exec_prestop exec.prestop 0 "" + extract_var $_jv exec_poststop exec.poststop 0 "" + + echo " exec.start += \"$_exec_start\";" + extract_var $_jv exec_afterstart exec.start 0 "" + echo " exec.stop = \"$_exec_stop\";" + + extract_var $_jv consolelog exec.consolelog - \ + /var/log/jail_${_j}_console.log + + if [ -r $_fstab ]; then + echo " mount.fstab = \"$_fstab\";" + fi + + eval : \${jail_${_jv}_devfs_enable:=${jail_devfs_enable:-NO}} + if checkyesno jail_${_jv}_devfs_enable; then + echo " mount.devfs;" + eval _ruleset=\${jail_${_jv}_devfs_ruleset:-${jail_devfs_ruleset}} + case $_ruleset in + "") ;; + [0-9]*) echo " devfs_ruleset = \"$_ruleset\";" ;; + devfsrules_jail) + # XXX: This is the default value, + # Let jail(8) to use the default because + # mount(8) only accepts an integer. + # This should accept a ruleset name. + ;; + *) warn "devfs_ruleset must be an integer." ;; + esac + fi + eval : \${jail_${_jv}_fdescfs_enable:=${jail_fdescfs_enable:-NO}} + if checkyesno jail_${_jv}_fdescfs_enable; then + echo " mount.fdescfs;" + fi + eval : \${jail_${_jv}_procfs_enable:=${jail_procfs_enable:-NO}} + if checkyesno jail_${_jv}_procfs_enable; then + echo " mount.procfs;" + fi + + eval : \${jail_${_jv}_mount_enable:=${jail_mount_enable:-NO}} + if checkyesno jail_${_jv}_mount_enable; then + echo " allow.mount;" + fi + + extract_var $_jv set_hostname_allow allow.set_hostname YN NO + extract_var $_jv sysvipc_allow allow.sysvipc YN NO + extract_var $_jv enforce_statfs enforce_statfs - 2 + extract_var $_jv osreldate osreldate + extract_var $_jv osrelease osrelease + for _p in $_parameters; do + echo " ${_p%\;};" + done + echo "}" + ) >> $_conf + + return 0 +} + +# jail_extract_address argument iface +# The second argument is the string from one of the _ip +# or the _multi variables. In case of a comma separated list +# only one argument must be passed in at a time. +# The function alters the _type, _iface, _addr and _mask variables. +# +jail_extract_address() +{ + local _i _interface + _i=$1 + _interface=$2 + + if [ -z "${_i}" ]; then + warn "jail_extract_address: called without input" + return + fi + + # Check if we have an interface prefix given and split into + # iFace and rest. + case "${_i}" in + *\|*) # ifN|.. prefix there + _iface=${_i%%|*} + _r=${_i##*|} + ;; + *) _iface="" + _r=${_i} + ;; + esac + + # In case the IP has no interface given, check if we have a global one. + _iface=${_iface:-${_interface}} + + # Set address, cut off any prefix/netmask/prefixlen. + _addr=${_r} + _addr=${_addr%%[/ ]*} + + # Theoretically we can return here if interface is not set, + # as we only care about the _mask if we call ifconfig. + # This is not done because we may want to santize IP addresses + # based on _type later, and optionally change the type as well. + + # Extract the prefix/netmask/prefixlen part by cutting off the address. + _mask=${_r} + _mask=`expr -- "${_mask}" : "${_addr}\(.*\)"` + + # Identify type {inet,inet6}. + case "${_addr}" in + *\.*\.*\.*) _type="inet" ;; + *:*) _type="inet6" ;; + *) warn "jail_extract_address: type not identified" + ;; + esac + + # Handle the special /netmask instead of /prefix or + # "netmask xxx" case for legacy IP. + # We do NOT support shortend class-full netmasks. + if [ "${_type}" = "inet" ]; then + case "${_mask}" in + /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;; + *) ;; + esac + + # In case _mask is still not set use /32. + _mask=${_mask:-/32} + + elif [ "${_type}" = "inet6" ]; then + # In case _mask is not set for IPv6, use /128. + _mask=${_mask:-/128} + fi +} + +# jail_handle_ips_option input iface +# Handle a single argument imput which can be a comma separated +# list of addresses (theoretically with an option interface and +# prefix/netmask/prefixlen). +# +jail_handle_ips_option() +{ + local _x _type _i _defif + _x=$1 + _defif=$2 + + if [ -z "${_x}" ]; then + # No IP given. This can happen for the primary address + # of each address family. + return + fi + + # Loop, in case we find a comma separated list, we need to handle + # each argument on its own. + while [ ${#_x} -gt 0 ]; do + case "${_x}" in + *,*) # Extract the first argument and strip it off the list. + _i=`expr -- "${_x}" : '^\([^,]*\)'` + _x=`expr -- "${_x}" : "^[^,]*,\(.*\)"` + ;; + *) _i=${_x} + _x="" + ;; + esac + + _type="" + _addr="" + _mask="" + _iface="" + jail_extract_address $_i $_defif + + # make sure we got an address. + case $_addr in + "") continue ;; + *) ;; + esac + + # Append address to list of addresses for the jail command. + case $_type in + inet) + echo " ip4.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";" + ;; + inet6) + echo " ip6.addr += \"${_iface:+${_iface}|}${_addr}${_mask}\";" + need_dad_wait=1 + ;; + esac + done +} + +jail_config() +{ + local _j _jv + + case $1 in + _ALL) return ;; + esac + for _j in $@; do + _j=$(echo $_j | tr /. _) + _jv=$(echo -n $_j | tr -c '[:alnum:]' _) + if parse_options $_j $_jv; then + echo "$_j: parameters are in $_conf." + fi + done +} + +jail_console() +{ + local _j _jv _cmd + + # One argument that is not _ALL. + case $#:$1 in + 0:*|1:_ALL) err 3 "Specify a jail name." ;; + 1:*) ;; + esac + _j=$(echo $1 | tr /. _) + _jv=$(echo -n $1 | tr -c '[:alnum:]' _) + shift + case $# in + 0) eval _cmd=\${jail_${_jv}_consolecmd:-$jail_consolecmd} ;; + *) _cmd=$@ ;; + esac + $jail_jexec $_j $_cmd +} + +jail_status() +{ + + $jail_jls -N +} + +jail_start() +{ + local _j _jv _jid _id _name + + if [ $# = 0 ]; then + return + fi + echo -n 'Starting jails:' + case $1 in + _ALL) + command=$jail_program + rc_flags=$jail_flags + command_args="-f $jail_conf -c" + if ! checkyesno jail_parallel_start; then + command_args="$command_args -p1" + fi + _tmp=`mktemp -t jail` || exit 3 + if $command $rc_flags $command_args >> $_tmp 2>&1; then + $jail_jls jid name | while read _id _name; do + echo -n " $_name" + echo $_id > /var/run/jail_${_name}.id + done + else + cat $_tmp + fi + rm -f $_tmp + echo '.' + return + ;; + esac + if checkyesno jail_parallel_start; then + # + # Start jails in parallel and then check jail id when + # jail_parallel_start is YES. + # + for _j in $@; do + _j=$(echo $_j | tr /. _) + _jv=$(echo -n $_j | tr -c '[:alnum:]' _) + parse_options $_j $_jv || continue + + eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} + eval command=\${jail_${_jv}_program:-$jail_program} + command_args="-i -f $_conf -c $_j" + ( + _tmp=`mktemp -t jail_${_j}` || exit 3 + if $command $rc_flags $command_args \ + >> $_tmp 2>&1 </dev/null; then + echo -n " ${_hostname:-${_j}}" + _jid=$($jail_jls -j $_j jid) + echo $_jid > /var/run/jail_${_j}.id + else + echo " cannot start jail " \ + "\"${_hostname:-${_j}}\": " + cat $_tmp + fi + rm -f $_tmp + ) & + done + wait + else + # + # Start jails one-by-one when jail_parallel_start is NO. + # + for _j in $@; do + _j=$(echo $_j | tr /. _) + _jv=$(echo -n $_j | tr -c '[:alnum:]' _) + parse_options $_j $_jv || continue + + eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} + eval command=\${jail_${_jv}_program:-$jail_program} + command_args="-i -f $_conf -c $_j" + _tmp=`mktemp -t jail` || exit 3 + if $command $rc_flags $command_args \ + >> $_tmp 2>&1 </dev/null; then + echo -n " ${_hostname:-${_j}}" + _jid=$($jail_jls -j $_j jid) + echo $_jid > /var/run/jail_${_j}.id + else + echo " cannot start jail " \ + "\"${_hostname:-${_j}}\": " + cat $_tmp + fi + rm -f $_tmp + done + fi + echo '.' +} + +jail_stop() +{ + local _j _jv + + if [ $# = 0 ]; then + return + fi + echo -n 'Stopping jails:' + case $1 in + _ALL) + command=$jail_program + rc_flags=$jail_flags + command_args="-f $jail_conf -r" + if checkyesno jail_reverse_stop; then + $jail_jls name | tail -r + else + $jail_jls name + fi | while read _j; do + echo -n " $_j" + _tmp=`mktemp -t jail` || exit 3 + $command $rc_flags $command_args $_j >> $_tmp 2>&1 + if $jail_jls -j $_j > /dev/null 2>&1; then + cat $_tmp + else + rm -f /var/run/jail_${_j}.id + fi + rm -f $_tmp + done + echo '.' + return + ;; + esac + checkyesno jail_reverse_stop && set -- $(reverse_list $@) + for _j in $@; do + _j=$(echo $_j | tr /. _) + _jv=$(echo -n $_j | tr -c '[:alnum:]' _) + parse_options $_j $_jv || continue + if ! $jail_jls -j $_j > /dev/null 2>&1; then + continue + fi + eval command=\${jail_${_jv}_program:-$jail_program} + echo -n " ${_hostname:-${_j}}" + _tmp=`mktemp -t jail` || exit 3 + $command -q -f $_conf -r $_j >> $_tmp 2>&1 + if $jail_jls -j $_j > /dev/null 2>&1; then + cat $_tmp + else + rm -f /var/run/jail_${_j}.id + fi + rm -f $_tmp + done + echo '.' +} + +jail_warn() +{ + + # To relieve confusion, show a warning message. + case $_confwarn in + 1) warn "Per-jail configuration via jail_* variables " \ + "is obsolete. Please consider migrating to $jail_conf." + ;; + esac +} + +load_rc_config $name +case $# in +1) run_rc_command $@ ${jail_list:-_ALL} ;; +*) jail_reverse_stop="no" + run_rc_command $@ ;; +esac diff --git a/libexec/rc/rc.d/kadmind b/libexec/rc/rc.d/kadmind new file mode 100755 index 000000000000..773b2d0e4995 --- /dev/null +++ b/libexec/rc/rc.d/kadmind @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kadmind +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=kadmind +desc="Server for administrative access to Kerberos database" +rcvar=${name}_enable +required_vars=kdc_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kadmind5_server_enable kadmind_enable +set_rcvar_obsolete kadmind5_server kadmind_program +set_rcvar_obsolete kerberos5_server_enable kdc_enable + +kadmind_start_precmd() +{ + + command_args="$command_args &" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/kdc b/libexec/rc/rc.d/kdc new file mode 100755 index 000000000000..c2747ae08ca2 --- /dev/null +++ b/libexec/rc/rc.d/kdc @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kdc +# REQUIRE: NETWORKING +# BEFORE: SERVERS +# KEYWORD: shutdown + +. /etc/rc.subr + +name=kdc +desc="Kerberos 5 server" +rcvar=${name}_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kerberos5_server_enable kdc_enable +set_rcvar_obsolete kerberos5_server kdc_program +set_rcvar_obsolete kerberos5_server_flags kdc_flags + +kdc_start_precmd() +{ + + command_args="$command_args --detach" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/keyserv b/libexec/rc/rc.d/keyserv new file mode 100755 index 000000000000..d2f4a291fbca --- /dev/null +++ b/libexec/rc/rc.d/keyserv @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Start keyserv if we are running Secure RPC + +# PROVIDE: keyserv +# REQUIRE: ypset +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="keyserv" +desc="Server for storing private encryption keys" +rcvar="keyserv_enable" +command="/usr/sbin/${name}" +start_precmd="keyserv_prestart" + +keyserv_prestart() +{ + force_depend rpcbind || return 1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/kfd b/libexec/rc/rc.d/kfd new file mode 100755 index 000000000000..5a1a16c37af4 --- /dev/null +++ b/libexec/rc/rc.d/kfd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kfd +# REQUIRE: NETWORK +# KEYWORD: shutdown + +. /etc/rc.subr + +name=kfd +desc="Receive forwarded tickets" +rcvar=${name}_enable +start_precmd=${name}_start_precmd + +kfd_start_precmd() +{ + + command_args="$command_args -i &" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/kld b/libexec/rc/rc.d/kld new file mode 100755 index 000000000000..d3829efe824a --- /dev/null +++ b/libexec/rc/rc.d/kld @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (c) 2011 Douglas Barton +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# +# PROVIDE: kld +# REQUIRE: kldxref +# KEYWORD: nojail + +. /etc/rc.subr + +name="kld" +desc="Load kernel modules" + +start_cmd="${name}_start" +stop_cmd=':' + +kld_start() +{ + [ -n "$kld_list" ] || return + + local _kld + + echo 'Loading kernel modules:' + for _kld in $kld_list ; do + load_kld -e ${_kld}.ko $_kld + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/kldxref b/libexec/rc/rc.d/kldxref new file mode 100755 index 000000000000..4d232ee0d4cf --- /dev/null +++ b/libexec/rc/rc.d/kldxref @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kldxref +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +rcvar="kldxref_enable" +name="kldxref" +desc="Generate hints for the kernel loader" +stop_cmd=":" +start_cmd="kldxref_start" + +kldxref_start() { + if [ -n "$kldxref_module_path" ]; then + MODULE_PATHS="$kldxref_module_path" + else + MODULE_PATHS=`sysctl -n kern.module_path` + fi + IFS=';' + for MODULE_DIR in $MODULE_PATHS; do + if checkyesno kldxref_clobber || + [ ! -f "$MODULE_DIR/linker.hints" ] && + [ `echo ${MODULE_DIR}/*.ko` != "${MODULE_DIR}/*.ko" ]; then + echo "Building $MODULE_DIR/linker.hints" + kldxref "$MODULE_DIR" + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/kpasswdd b/libexec/rc/rc.d/kpasswdd new file mode 100755 index 000000000000..a2875bf15155 --- /dev/null +++ b/libexec/rc/rc.d/kpasswdd @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: kpasswdd +# REQUIRE: kdc +# KEYWORD: shutdown + +. /etc/rc.subr + +name=kpasswdd +desc="Kerberos 5 password changing" +rcvar=${name}_enable +required_vars=kdc_enable +start_precmd=${name}_start_precmd + +set_rcvar_obsolete kpasswdd_server_enable kpasswdd_enable +set_rcvar_obsolete kpasswdd_server kpasswdd_program +set_rcvar_obsolete kerberos5_server_enable kdc_enable + +kpasswdd_start_precmd() +{ + + command_args="$command_args &" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ldconfig b/libexec/rc/rc.d/ldconfig new file mode 100755 index 000000000000..9e5e02ab29d5 --- /dev/null +++ b/libexec/rc/rc.d/ldconfig @@ -0,0 +1,106 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ldconfig +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON + +. /etc/rc.subr + +name="ldconfig" +desc="Configure the shared library cache" +ldconfig_command="/sbin/ldconfig" +start_cmd="ldconfig_start" +stop_cmd=":" + +ldconfig_start() +{ + local _files _ins + + _ins= + ldconfig=${ldconfig_command} + checkyesno ldconfig_insecure && _ins="-i" + if [ -x "${ldconfig_command}" ]; then + _LDC="/lib /usr/lib" + for i in ${ldconfig_local_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfig_paths="${ldconfig_paths} `cat ${_files} | sort -u`" + fi + fi + done + for i in ${ldconfig_paths} /etc/ld-elf.so.conf; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && echo 'ELF ldconfig path:' ${_LDC} + ${ldconfig} -elf ${_ins} ${_LDC} + + case `sysctl -n hw.machine_arch` in + amd64|mips64|powerpc64) + for i in ${ldconfig_local32_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfig32_paths="${ldconfig32_paths} `cat ${_files} | sort -u`" + fi + fi + done + _LDC="" + for i in ${ldconfig32_paths}; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && + echo '32-bit compatibility ldconfig path:' ${_LDC} + ${ldconfig} -32 ${_ins} ${_LDC} + ;; + esac + + case `sysctl -n hw.machine_arch` in + armv[67]) + for i in ${ldconfig_localsoft_dirs}; do + if [ -d "${i}" ]; then + _files=`find ${i} -type f` + if [ -n "${_files}" ]; then + ldconfigsoft_paths="${ldconfigsoft_paths} `cat ${_files} | sort -u`" + fi + fi + done + _LDC="" + for i in ${ldconfigsoft_paths}; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && + echo 'Soft Float compatibility ldconfig path:' ${_LDC} + ${ldconfig} -soft ${_ins} ${_LDC} + ;; + esac + + # Legacy aout support for i386 only + case `sysctl -n hw.machine_arch` in + i386) + # Default the a.out ldconfig path. + : ${ldconfig_paths_aout=${ldconfig_paths}} + _LDC="" + for i in /usr/lib/aout ${ldconfig_paths_aout} /etc/ld.so.conf; do + if [ -r "${i}" ]; then + _LDC="${_LDC} ${i}" + fi + done + check_startmsgs && echo 'a.out ldconfig path:' ${_LDC} + ${ldconfig} -aout ${_ins} ${_LDC} + ;; + esac + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/local b/libexec/rc/rc.d/local new file mode 100755 index 000000000000..c5aa0e4a690d --- /dev/null +++ b/libexec/rc/rc.d/local @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: local +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="local" +desc="Run /etc/rc.local and /etc/shutdown.local" +start_cmd="local_start" +stop_cmd="local_stop" + +local_start() +{ + if [ -f /etc/rc.local ]; then + echo -n 'Starting local daemons:' + . /etc/rc.local + echo '.' + fi +} + +local_stop() +{ + if [ -f /etc/rc.shutdown.local ]; then + echo -n 'Shutting down local daemons:' + . /etc/rc.shutdown.local + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/local_unbound b/libexec/rc/rc.d/local_unbound new file mode 100755 index 000000000000..b9b8a6510940 --- /dev/null +++ b/libexec/rc/rc.d/local_unbound @@ -0,0 +1,115 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: local_unbound +# REQUIRE: FILESYSTEMS netif resolv +# BEFORE: NETWORKING +# KEYWORD: shutdown + +. /etc/rc.subr + +name="local_unbound" +desc="Local caching forwarding resolver" +rcvar="local_unbound_enable" + +command="/usr/sbin/local-unbound" +extra_commands="anchor configtest reload setup" +start_precmd="local_unbound_prestart" +start_postcmd="local_unbound_poststart" +reload_precmd="local_unbound_configtest" +anchor_cmd="local_unbound_anchor" +configtest_cmd="local_unbound_configtest" +setup_cmd="local_unbound_setup" +pidfile="/var/run/${name}.pid" + +load_rc_config $name + +: ${local_unbound_workdir:=/var/unbound} +: ${local_unbound_config:=${local_unbound_workdir}/unbound.conf} +: ${local_unbound_flags:="-c ${local_unbound_config}"} +: ${local_unbound_forwardconf:=${local_unbound_workdir}/forward.conf} +: ${local_unbound_controlconf:=${local_unbound_workdir}/control.conf} +: ${local_unbound_anchor:=${local_unbound_workdir}/root.key} +: ${local_unbound_forwarders:=} + +do_as_unbound() +{ + echo "$@" | su -m unbound +} + +# +# Retrieve or update the DNSSEC root anchor +# +local_unbound_anchor() +{ + do_as_unbound ${command}-anchor -a ${local_unbound_anchor} + # we can't trust the exit code - check if the file exists + [ -f ${local_unbound_anchor} ] +} + +# +# Check the unbound configuration file +# +local_unbound_configtest() +{ + do_as_unbound ${command}-checkconf ${local_unbound_config} +} + +# +# Create the unbound configuration file and update resolv.conf to +# point to unbound. +# +local_unbound_setup() +{ + echo "Performing initial setup." + ${command}-setup -n \ + -u unbound \ + -w ${local_unbound_workdir} \ + -c ${local_unbound_config} \ + -f ${local_unbound_forwardconf} \ + -o ${local_unbound_controlconf} \ + -a ${local_unbound_anchor} \ + ${local_unbound_forwarders} +} + +# +# Before starting, check that the configuration file and root anchor +# exist. If not, attempt to generate them. +# +local_unbound_prestart() +{ + # Create configuration file + if [ ! -f ${local_unbound_config} ] ; then + run_rc_command setup + fi + + # Retrieve DNSSEC root key + if [ ! -f ${local_unbound_anchor} ] ; then + run_rc_command anchor + fi +} + +# +# After starting, wait for Unbound to report that it is ready to avoid +# race conditions with services which require functioning DNS. +# +local_unbound_poststart() +{ + local retry=5 + + echo -n "Waiting for nameserver to start..." + until "${command}-control" status | grep -q "is running" ; do + if [ $((retry -= 1)) -eq 0 ] ; then + echo " giving up" + return 1 + fi + echo -n "." + sleep 1 + done + echo " good" +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/localpkg b/libexec/rc/rc.d/localpkg new file mode 100755 index 000000000000..1214a263ccac --- /dev/null +++ b/libexec/rc/rc.d/localpkg @@ -0,0 +1,78 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: localpkg +# REQUIRE: abi +# BEFORE: securelevel +# KEYWORD: shutdown + +. /etc/rc.subr + +name="localpkg" +desc="Run local init scripts" +start_cmd="pkg_start" +stop_cmd="pkg_stop" + +pkg_start() +{ + local initdone + + # For each dir in $local_startup, search for init scripts matching *.sh + # + case ${local_startup} in + [Nn][Oo] | '') + ;; + *) + initdone= + find_local_scripts_old + for script in ${zlist} ${slist}; do + if [ -z "${initdone}" -a -f "${script}" ]; then + echo -n 'Local package initialization:' + initdone=yes + fi + if [ -x "${script}" ]; then + (set -T + trap 'exit 1' 2 + ${script} start) + elif [ -f "${script}" -o -L "${script}" ]; then + echo -n " (skipping ${script}, not executable)" + fi + done + [ -n "${initdone}" ] && echo '.' + ;; + esac +} + +pkg_stop() +{ + local initdone + + case ${local_startup} in + [Nn][Oo] | '') + ;; + *) + initdone= + find_local_scripts_old + for script in `reverse_list ${slist} ${zlist}`; do + if [ -z "${initdone}" -a -f "${script}" ]; then + echo -n 'Shutting down local packages:' + initdone=yes + fi + if [ -x "${script}" ]; then + if [ `sysctl -n debug.bootverbose` -eq 1 ]; then + echo "==>" ${script} + fi + (set -T + trap 'exit 1' 2 + ${script} stop) + fi + done + [ -n "${initdone}" ] && echo '.' + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/lockd b/libexec/rc/rc.d/lockd new file mode 100755 index 000000000000..565ba35164eb --- /dev/null +++ b/libexec/rc/rc.d/lockd @@ -0,0 +1,32 @@ +#!/bin/sh +# +# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm +# $FreeBSD$ +# + +# PROVIDE: lockd +# REQUIRE: nfsclient nfsd rpcbind statd +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="lockd" +desc="NFS file locking daemon" +rcvar=rpc_lockd_enable +command="/usr/sbin/rpc.${name}" +start_precmd='lockd_precmd' + +# Make sure that we are either an NFS client or server, and that we get +# the correct flags from rc.conf(5). +# +lockd_precmd() +{ + force_depend rpcbind || return 1 + force_depend statd rpc_statd || return 1 + + rc_flags=${rpc_lockd_flags} +} + +load_rc_config $name +run_rc_command $1 diff --git a/libexec/rc/rc.d/lpd b/libexec/rc/rc.d/lpd new file mode 100755 index 000000000000..fc8180cb2217 --- /dev/null +++ b/libexec/rc/rc.d/lpd @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: lpd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="lpd" +desc="Line printer spooler daemon" +rcvar="lpd_enable" +command="/usr/sbin/${name}" +required_files="/etc/printcap" +start_precmd="chkprintcap" + +chkprintcap() +{ + if checkyesno chkprintcap_enable ; then + /usr/sbin/chkprintcap ${chkprintcap_flags} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/mdconfig b/libexec/rc/rc.d/mdconfig new file mode 100755 index 000000000000..26f282bbe950 --- /dev/null +++ b/libexec/rc/rc.d/mdconfig @@ -0,0 +1,197 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mdconfig +# REQUIRE: swap root + +. /etc/rc.subr + +name="mdconfig" +desc="Create and control memory disks" +stop_cmd="mdconfig_stop" +start_cmd="mdconfig_start" +start_precmd='[ -n "${_mdconfig_list}" ]' +required_modules="geom_md:g_md" + +is_readonly() +{ + local _mp _ret + + _mp=$1 + _ret=`mount | while read _line; do + case ${_line} in + *" ${_mp} "*read-only*) + echo "yes" + ;; + + *) + ;; + esac; + done` + + if [ -n "${_ret}" ]; then + return 0 + else + return 1 + fi +} + +init_variables() +{ + local _i + + _fs="" + _mp="" + _dev="/dev/${_md}" + eval _config=\$mdconfig_${_md} + eval _newfs=\$mdconfig_${_md}_newfs + + _type=${_config##*-t\ } + _type=${_type%%\ *} + if [ -z "${_type}" ]; then + err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}" + fi + + if [ "${_type}" = "vnode" ]; then + _file=${_config##*-f\ } + _file=${_file%%\ *} + if [ -z "${_file}" ]; then + err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices" + fi + if [ "${_file}" != "${_file%.uzip}" ]; then + _dev="/dev/${_md}.uzip" + fi + for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done + fi + + # Debugging help. + debug "${_md} config: ${_config}" + debug "${_md} type: ${_type}" + debug "${_md} dev: ${_dev}" + debug "${_md} file: ${_file}" + debug "${_md} fs: ${_fs}" + debug "${_md} newfs flags: ${_newfs}" +} + +mdconfig_start() +{ + local _md _mp _config _type _dev _file _fs _newfs _fsck_cmd + + for _md in ${_mdconfig_list}; do + init_variables ${_md} + # Create md(4) devices of types swap, malloc and vnode if the + # file is on the root partition. + if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then + if [ "${_type}" = "vnode" ]; then + if is_readonly ${_fs}; then + warn "${_fs} is mounted read-only, skipping ${_md}." + continue + fi + if [ "${_file}" != "${_file%.uzip}" ]; then + load_kld -m g_uzip geom_uzip || return 3 + # sleep a bit to allow creation of /dev/mdX.uzip + sleep 2 + fi + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + err 3 "${_md} already exists" + fi + echo "Creating ${_md} device (${_type})." + if ! mdconfig -a ${_config} -u ${_md}; then + echo "Creating ${_md} device failed, moving on." + continue + fi + # Skip fsck for uzip devices. + if [ "${_type}" = "vnode" ]; then + if [ "${_file}" != "${_file%.uzip}" ]; then + _fsck_cmd=":" + elif checkyesno background_fsck; then + _fsck_cmd="fsck -F" + else + _fsck_cmd="fsck" + fi + if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then + echo "Fsck failed on ${_dev}, not mounting the filesystem." + continue + + fi + else + newfs ${_newfs} ${_dev} >/dev/null + fi + if mount -d ${_dev} 2>&1 >/dev/null; then + echo "Mounting ${_dev}." + mount ${_dev} + fi + fi + done +} + +mdconfig_stop() +{ + local _md _mp _config _type _dev _file _fs _newfs _i + + for _md in ${_mdconfig_list}; do + init_variables ${_md} + if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then + for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done + if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then + echo "Device ${_dev} isn't mounted." + else + echo "Umounting ${_dev}." + umount ${_dev} + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + echo "Destroying ${_md}." + mdconfig -d -u ${_md} + fi + fi + done +} + +_mdconfig_cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +[ -n "$*" ] && _mdconfig_list="$*" + +load_rc_config $name + +if [ -z "${_mdconfig_list}" ]; then + for _mdconfig_config in `list_vars mdconfig_md[0-9]\* | + sort_lite -nk1.12` + do + _mdconfig_unit=${_mdconfig_config#mdconfig_md} + [ "${_mdconfig_unit#*[!0-9]}" = "$_mdconfig_unit" ] || + continue + _mdconfig_list="$_mdconfig_list md$_mdconfig_unit" + done + _mdconfig_list="${_mdconfig_list# }" +fi + +run_rc_command "${_mdconfig_cmd}" diff --git a/libexec/rc/rc.d/mdconfig2 b/libexec/rc/rc.d/mdconfig2 new file mode 100755 index 000000000000..3a7f263d19e1 --- /dev/null +++ b/libexec/rc/rc.d/mdconfig2 @@ -0,0 +1,227 @@ +#!/bin/sh +# +# Copyright (c) 2006 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mdconfig2 +# REQUIRE: mountcritremote +# BEFORE: SERVERS + +. /etc/rc.subr + +name="mdconfig2" +desc="Create and control memory disks" +stop_cmd="mdconfig2_stop" +start_cmd="mdconfig2_start" +start_precmd='[ -n "${_mdconfig2_list}" ]' +required_modules="geom_md:g_md" + +is_readonly() +{ + local _mp _ret + + _mp=$1 + _ret=`mount | while read _line; do + case ${_line} in + *" ${_mp} "*read-only*) + echo "yes" + ;; + + *) + ;; + esac; + done` + + if [ -n "${_ret}" ]; then + return 0 + else + return 1 + fi +} + +init_variables() +{ + local _i + + _fs="" + _mp="" + _mounted="no" + _dev="/dev/${_md}" + eval _config=\$mdconfig_${_md} + eval _owner=\$mdconfig_${_md}_owner + eval _perms=\$mdconfig_${_md}_perms + eval _files=\$mdconfig_${_md}_files + eval _populate=\$mdconfig_${_md}_cmd + + _type=${_config##*-t\ } + _type=${_type%%\ *} + if [ -z "${_type}" ]; then + err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}" + fi + + if [ "${_type}" = "vnode" ]; then + _file=${_config##*-f\ } + _file=${_file%%\ *} + if [ -z "${_file}" ]; then + err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices" + fi + + if [ "${_file}" != "${_file%.uzip}" ]; then + _dev="/dev/${_md}.uzip" + fi + for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done + fi + + # Debugging help. + debug "${_md} config: ${_config}" + debug "${_md} type: ${_type}" + debug "${_md} dev: ${_dev}" + debug "${_md} file: ${_file}" + debug "${_md} fs: ${_fs}" + debug "${_md} owner: ${_owner}" + debug "${_md} perms: ${_perms}" + debug "${_md} files: ${_files}" + debug "${_md} populate cmd: ${_populate}" +} + +mdconfig2_start() +{ + local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate _fsck_cmd _i + + for _md in ${_mdconfig2_list}; do + init_variables ${_md} + if [ ! -r ${_file} ]; then + err 3 "${_file} doesn't exist" + continue + fi + # First pass: create md(4) vnode devices from files stored on + # non-root partition. Swap and malloc md(4) devices have already + # been created. + if [ "${_type}" = "vnode" -a "${_fs}" != "/" ]; then + if [ "${_file}" != "${_file%.uzip}" ]; then + load_kld -m g_uzip geom_uzip || return 3 + fi + if is_readonly ${_fs}; then + warn "${_fs} is mounted read-only, skipping ${_md}." + continue + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + err 3 "${_md} already exists" + fi + echo "Creating ${_md} device (${_type})." + if ! mdconfig -a ${_config} -u ${_md}; then + echo "Creating ${_md} device failed, moving on." + continue + fi + # Skip fsck for uzip devices. + if [ "${_file}" != "${_file%.uzip}" ]; then + _fsck_cmd=":" + elif checkyesno background_fsck; then + _fsck_cmd="fsck -F" + else + _fsck_cmd="fsck" + fi + if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then + echo "Fsck failed on ${_dev}, not mounting the filesystem." + continue + fi + if mount -d ${_dev} >/dev/null 2>&1; then + echo "Mounting ${_dev}." + mount ${_dev} + fi + fi + + for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done + if [ ! -z "${_mp}" -a "${_mp}" = "${_mp%%%}" ]; then + _mounted="yes" + fi + + if checkyesno _mounted; then + # Second pass: change permissions and ownership. + [ -z "${_owner}" ] || chown -f ${_owner} ${_dev} ${_mp} + [ -z "${_perms}" ] || chmod -f ${_perms} ${_dev} ${_mp} + + # Third pass: populate with foreign files. + if [ -n "${_files}" -o -n "${_populate}" ]; then + echo "Populating ${_dev}." + fi + if [ -n "${_files}" ]; then + cp -Rp ${_files} ${_mp} + fi + if [ -n "${_populate}" ]; then + eval ${_populate} + fi + fi + done +} + +mdconfig2_stop() +{ + local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate + + for _md in ${_mdconfig2_list}; do + init_variables ${_md} + if [ "${_type}" = "vnode" ]; then + for i in `df ${_dev} 2>/dev/null`; do _mp=$i; done + if [ ! -r "${_file}" -o "${_fs}" = "/" ]; then + continue + fi + if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then + echo "Device ${_dev} isn't mounted." + else + echo "Umounting ${_dev}." + umount ${_dev} + fi + if mdconfig -l -u ${_md} >/dev/null 2>&1; then + echo "Destroying ${_md}." + mdconfig -d -u ${_md} + fi + fi + done +} + +_mdconfig2_cmd="$1" +if [ $# -gt 0 ]; then + shift +fi +[ -n "$*" ] && _mdconfig2_list="$*" + +load_rc_config $name + +if [ -z "${_mdconfig2_list}" ]; then + for _mdconfig2_config in `list_vars mdconfig_md[0-9]\* | + sort_lite -nk1.12` + do + _mdconfig2_unit=${_mdconfig2_config#mdconfig_md} + [ "${_mdconfig2_unit#*[!0-9]}" = "$_mdconfig2_unit" ] || + continue + _mdconfig2_list="$_mdconfig2_list md$_mdconfig2_unit" + done + _mdconfig2_list="${_mdconfig2_list# }" +fi + +run_rc_command "${_mdconfig2_cmd}" diff --git a/libexec/rc/rc.d/mixer b/libexec/rc/rc.d/mixer new file mode 100755 index 000000000000..d815fb75425e --- /dev/null +++ b/libexec/rc/rc.d/mixer @@ -0,0 +1,104 @@ +#!/bin/sh - +# +# Copyright (c) 2004 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: mixer +# REQUIRE: FILESYSTEMS +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mixer" +desc="Save and restore soundcard mixer values" +rcvar="mixer_enable" +stop_cmd="mixer_stop" +start_cmd="mixer_start" +reload_cmd="mixer_start" +extra_commands="reload" + +# +# List current mixer devices to stdout. +# +list_mixers() +{ + ( cd /dev ; ls mixer* 2>/dev/null ) +} + +# +# Save state of an individual mixer specified as $1 +# +mixer_save() +{ + local dev + + dev="/dev/${1}" + if [ -r ${dev} ]; then + /usr/sbin/mixer -f ${dev} -s > /var/db/${1}-state 2>/dev/null + fi +} + +# +# Restore the state of an individual mixer specified as $1 +# +mixer_restore() +{ + local file dev + + dev="/dev/${1}" + file="/var/db/${1}-state" + if [ -r ${dev} -a -r ${file} ]; then + /usr/sbin/mixer -f ${dev} `cat ${file}` > /dev/null + fi +} + +# +# Restore state of all mixers +# +mixer_start() +{ + local mixer + + for mixer in `list_mixers`; do + mixer_restore ${mixer} + done +} + +# +# Save the state of all mixers +# +mixer_stop() +{ + local mixer + + for mixer in `list_mixers`; do + mixer_save ${mixer} + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/motd b/libexec/rc/rc.d/motd new file mode 100755 index 000000000000..acb376723e80 --- /dev/null +++ b/libexec/rc/rc.d/motd @@ -0,0 +1,50 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: motd +# REQUIRE: mountcritremote +# BEFORE: LOGIN + +. /etc/rc.subr + +name="motd" +desc="Update /etc/motd" +rcvar="update_motd" +start_cmd="motd_start" +stop_cmd=":" + +PERMS="644" + +motd_start() +{ + # Update kernel info in /etc/motd + # Must be done *before* interactive logins are possible + # to prevent possible race conditions. + # + check_startmsgs && echo -n 'Updating motd:' + if [ ! -f /etc/motd ]; then + install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd + fi + + if [ ! -w /etc/motd ]; then + echo ' /etc/motd is not writable, update failed.' + return + fi + + T=`mktemp -t motd` + uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} + awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} + + cmp -s $T /etc/motd || { + cp $T /etc/motd + chmod ${PERMS} /etc/motd + } + rm -f $T + + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritlocal b/libexec/rc/rc.d/mountcritlocal new file mode 100755 index 000000000000..f52c565d65c6 --- /dev/null +++ b/libexec/rc/rc.d/mountcritlocal @@ -0,0 +1,64 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountcritlocal +# REQUIRE: root hostid_save mdconfig +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mountcritlocal" +desc="Mount critical local filesystems" +start_cmd="mountcritlocal_start" +stop_cmd=sync + +mountcritlocal_start() +{ + local err holders waited + + # Set up the list of network filesystem types for which mounting + # should be delayed until after network initialization. + case ${extra_netfs_types} in + [Nn][Oo]) + ;; + *) + netfs_types="${netfs_types} ${extra_netfs_types}" + ;; + esac + + # Mount everything except nfs filesystems. + check_startmsgs && echo -n 'Mounting local filesystems:' + mount_excludes='no' + for i in ${netfs_types}; do + fstype=${i%:*} + mount_excludes="${mount_excludes}${fstype}," + done + mount_excludes=${mount_excludes%,} + + mount -a -t ${mount_excludes} + err=$? + if [ ${err} -ne 0 ]; then + echo 'Mounting /etc/fstab filesystems failed,' \ + 'will retry after root mount hold release' + root_hold_wait + mount -a -t ${mount_excludes} + err=$? + fi + + check_startmsgs && echo '.' + + case ${err} in + 0) + ;; + *) + echo 'Mounting /etc/fstab filesystems failed,' \ + 'startup aborted' + stop_boot true + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountcritremote b/libexec/rc/rc.d/mountcritremote new file mode 100755 index 000000000000..dede14f19468 --- /dev/null +++ b/libexec/rc/rc.d/mountcritremote @@ -0,0 +1,90 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountcritremote +# REQUIRE: NETWORKING FILESYSTEMS ipsec netwait +# KEYWORD: nojail + +. /etc/rc.subr + +name="mountcritremote" +desc="Mount critical remote filesystems" +stop_cmd=":" +start_cmd="mountcritremote_start" +start_precmd="mountcritremote_precmd" + +# Mount NFS filesystems if present in /etc/fstab +# +# XXX When the vfsload() issues with nfsclient support and related sysctls +# have been resolved, this block can be removed, and the condition that +# skips nfs in the following block (for "other network filesystems") can +# be removed. +# +mountcritremote_precmd() +{ + case "`mount -d -a -t nfs 2> /dev/null`" in + *mount_nfs*) + # Handle absent nfs client support + load_kld -m nfs nfscl || return 1 + ;; + esac + return 0 +} + +mountcritremote_start() +{ + local mounted_remote_filesystem=false + + # Mount nfs filesystems. + # + case "`/sbin/mount -d -a -t nfs`" in + '') + ;; + *) + mounted_remote_filesystem=true + echo -n 'Mounting NFS filesystems:' + mount -a -t nfs + echo '.' + ;; + esac + + # Mount other network filesystems if present in /etc/fstab. + case ${extra_netfs_types} in + [Nn][Oo]) + ;; + *) + netfs_types="${netfs_types} ${extra_netfs_types}" + ;; + esac + + for i in ${netfs_types}; do + fstype=${i%:*} + fsdecr=${i#*:} + + [ "${fstype}" = "nfs" ] && continue + + case "`mount -d -a -t ${fstype}`" in + *mount_${fstype}*) + mounted_remote_filesystem=true + echo -n "Mounting ${fsdecr} filesystems:" + mount -a -t ${fstype} + echo '.' + ;; + esac + done + + if $mounted_remote_filesystem; then + # Cleanup /var again just in case it's a network mount. + /etc/rc.d/cleanvar quietreload + rm -f /var/run/clean_var /var/spool/lock/clean_var + + # Regenerate the ldconfig hints in case there are additional + # library paths on remote file systems + /etc/rc.d/ldconfig quietstart + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountd b/libexec/rc/rc.d/mountd new file mode 100755 index 000000000000..e554a1f4afc2 --- /dev/null +++ b/libexec/rc/rc.d/mountd @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountd +# REQUIRE: NETWORKING rpcbind quota +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="mountd" +desc="Service remote NFS mount requests" +rcvar="mountd_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +required_files="/etc/exports" +start_precmd="mountd_precmd" +extra_commands="reload" + +mountd_precmd() +{ + force_depend rpcbind || return 1 + + # mountd flags will differ depending on rc.conf settings + # + if checkyesno nfs_server_enable ; then + if checkyesno weak_mountd_authentication; then + rc_flags="${mountd_flags} -n" + fi + else + if checkyesno mountd_enable; then + checkyesno weak_mountd_authentication && rc_flags="-n" + fi + fi + + if checkyesno zfs_enable; then + rc_flags="${rc_flags} /etc/exports /etc/zfs/exports" + fi + + rm -f /var/db/mountdtab + ( umask 022 ; > /var/db/mountdtab ) || + err 1 'Cannot create /var/db/mountdtab' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/mountlate b/libexec/rc/rc.d/mountlate new file mode 100755 index 000000000000..f0384ad4dea2 --- /dev/null +++ b/libexec/rc/rc.d/mountlate @@ -0,0 +1,48 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mountlate +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="mountlate" +desc="Mount filesystems with \"late\" option from /etc/fstab" +start_cmd="mountlate_start" +stop_cmd=":" + +mountlate_start() +{ + local err latefs + + # Mount "late" filesystems. + # + err=0 + echo -n 'Mounting late filesystems:' + mount -a -L + err=$? + echo '.' + + case ${err} in + 0) + ;; + *) + echo 'Mounting /etc/fstab filesystems failed,' \ + ' startup aborted' + stop_boot true + ;; + esac + + # If we booted a special kernel remove the record + # so we will boot the default kernel next time. + if [ -x /sbin/nextboot ]; then + /sbin/nextboot -D + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/moused b/libexec/rc/rc.d/moused new file mode 100755 index 000000000000..84f886c0d9c3 --- /dev/null +++ b/libexec/rc/rc.d/moused @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: moused +# REQUIRE: DAEMON FILESYSTEMS +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="moused" +desc="Mouse daemon" +rcvar="moused_enable" +command="/usr/sbin/${name}" +start_cmd="moused_start" +pidprefix="/var/run/moused" +pidfile="${pidprefix}.pid" +pidarg= +load_rc_config $name + +# Set the pid file and variable name. The second argument, if it exists, is +# expected to be the mouse device. +# +if [ -n "$2" ]; then + eval moused_$2_enable=\${moused_$2_enable-${moused_nondefault_enable}} + rcvar="moused_${2}_enable" + pidfile="${pidprefix}.$2.pid" + pidarg="-I $pidfile" +fi + +moused_start() +{ + local ms myflags myport mytype + + # Set the mouse device and get any related variables. If + # a moused device has been specified on the commandline, then + # rc.conf(5) variables defined for that device take precedence + # over the generic moused_* variables. The only exception is + # the moused_port variable, which if not defined sets it to the + # passed in device name. + # + ms=$1 + if [ -n "$ms" ]; then + eval myflags=\${moused_${ms}_flags-$moused_flags} + eval myport=\${moused_${ms}_port-/dev/$ms} + eval mytype=\${moused_${ms}_type-$moused_type} + else + ms="default" + myflags="$moused_flags" + myport="$moused_port" + mytype="$moused_type" + fi + + check_startmsgs && echo -n "Starting ${ms} moused" + /usr/sbin/moused ${myflags} -p ${myport} -t ${mytype} ${pidarg} + check_startmsgs && echo '.' + + mousechar_arg= + case ${mousechar_start} in + [Nn][Oo] | '') + ;; + *) + mousechar_arg="-M ${mousechar_start}" + ;; + esac + + for ttyv in /dev/ttyv* ; do + vidcontrol < ${ttyv} ${mousechar_arg} -m on + done +} + +run_rc_command $* diff --git a/libexec/rc/rc.d/msgs b/libexec/rc/rc.d/msgs new file mode 100755 index 000000000000..d328c334976e --- /dev/null +++ b/libexec/rc/rc.d/msgs @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: msgs +# REQUIRE: LOGIN + +. /etc/rc.subr + +name="msgs" +desc="Make a bounds file for msgs(1)" +start_cmd="msgs_start" +stop_cmd=":" + +msgs_start() +{ + # Make a bounds file for msgs(1) if there isn't one already + # + if [ -d /var/msgs -a ! -f /var/msgs/bounds -a ! -L /var/msgs/bounds ]; then + echo 0 > /var/msgs/bounds + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/natd b/libexec/rc/rc.d/natd new file mode 100755 index 000000000000..635113581805 --- /dev/null +++ b/libexec/rc/rc.d/natd @@ -0,0 +1,44 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: natd +# KEYWORD: nostart nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="natd" +desc="Network Address Translation daemon" +rcvar="natd_enable" +command="/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_precmd="natd_precmd" +required_modules="ipdivert" + +natd_precmd() +{ + if [ -n "${natd_interface}" ]; then + dhcp_list="`list_net_interfaces dhcp`" + for ifn in ${dhcp_list}; do + case "${natd_interface}" in + ${ifn}) + rc_flags="$rc_flags -dynamic" + ;; + esac + done + + if echo "${natd_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + rc_flags="$rc_flags -a ${natd_interface}" + else + rc_flags="$rc_flags -n ${natd_interface}" + fi + fi + + return 0 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/netif b/libexec/rc/rc.d/netif new file mode 100755 index 000000000000..a1543e63e704 --- /dev/null +++ b/libexec/rc/rc.d/netif @@ -0,0 +1,272 @@ +#!/bin/sh +# +# Copyright (c) 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: netif +# REQUIRE: FILESYSTEMS iovctl serial sppp sysctl +# REQUIRE: hostid ipfilter ipfs +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="netif" +desc="Network interface setup" +rcvar="${name}_enable" +start_cmd="netif_start" +stop_cmd="netif_stop" +wlanup_cmd="wlan_up" +wlandown_cmd="wlan_down" +cloneup_cmd="clone_up" +clonedown_cmd="clone_down" +clear_cmd="doclear" +vnetup_cmd="vnet_up" +vnetdown_cmd="vnet_down" +extra_commands="cloneup clonedown clear vnetup vnetdown" +cmdifn= + +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer + +netif_start() +{ + local _if + + # Set the list of interfaces to work on. + # + cmdifn=$* + + if [ -z "$cmdifn" ]; then + # + # We're operating as a general network start routine. + # + + # disable SIGINT (Ctrl-c) when running at startup + trap : 2 + fi + + # Create IEEE802.11 interface + wlan_up $cmdifn + + # Create cloned interfaces + clone_up $cmdifn + + # Rename interfaces. + ifnet_rename $cmdifn + + # Configure the interface(s). + netif_common ifn_start $cmdifn + + if [ -f /etc/rc.d/ipfilter ] ; then + # Resync ipfilter + /etc/rc.d/ipfilter quietresync + fi + if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then + /etc/rc.d/bridge start $cmdifn + fi + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then + for _if in $cmdifn; do + /etc/rc.d/routing static any $_if + done + fi +} + +netif_stop() +{ + _clone_down=1 + _wlan_down=1 + netif_stop0 $* +} + +doclear() +{ + _clone_down= + _wlan_down= + netif_stop0 $* +} + +netif_stop0() +{ + local _if + + # Set the list of interfaces to work on. + # + cmdifn=$* + + # Deconfigure the interface(s) + netif_common ifn_stop $cmdifn + + # Destroy wlan interfaces + if [ -n "$_wlan_down" ]; then + wlan_down $cmdifn + fi + + # Destroy cloned interfaces + if [ -n "$_clone_down" ]; then + clone_down $cmdifn + fi + + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then + for _if in $cmdifn; do + /etc/rc.d/routing stop any $_if + done + fi +} + +vnet_up() +{ + cmdifn=$* + + netif_common ifn_vnetup $cmdifn +} + +vnet_down() +{ + cmdifn=$* + + netif_common ifn_vnetdown $cmdifn +} + +# netif_common routine +# Common configuration subroutine for network interfaces. This +# routine takes all the preparatory steps needed for configuriing +# an interface and then calls $routine. +netif_common() +{ + local _cooked_list _tmp_list _fail _func _ok _str _cmdifn + + _func= + + if [ -z "$1" ]; then + err 1 "netif_common(): No function name specified." + else + _func="$1" + shift + fi + + # Set the scope of the command (all interfaces or just one). + # + _cooked_list= + _tmp_list= + _cmdifn=$* + if [ -n "$_cmdifn" ]; then + # Don't check that the interface(s) exist. We need to run + # the down code even when the interface doesn't exist to + # kill off wpa_supplicant. + # XXXBED: is this really true or does wpa_supplicant die? + # if so, we should get rid of the devd entry + _cooked_list="$_cmdifn" + else + _cooked_list="`list_net_interfaces`" + fi + + # Expand epair[0-9] to epair[0-9][ab]. + for ifn in $_cooked_list; do + case ${ifn#epair} in + [0-9]*[ab]) ;; # Skip epair[0-9]*[ab]. + [0-9]*) + for _str in $_cooked_list; do + case $_str in + $ifn) _tmp_list="$_tmp_list ${ifn}a ${ifn}b" ;; + *) _tmp_list="$_tmp_list ${ifn}" ;; + esac + done + _cooked_list=${_tmp_list# } + ;; + esac + done + + _dadwait= + _fail= + _ok= + for ifn in ${_cooked_list# }; do + # Skip if ifn does not exist. + case $_func in + ifn_stop) + if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + warn "$ifn does not exist. Skipped." + _fail="${_fail} ${ifn}" + continue + fi + ;; + esac + if ${_func} ${ifn} $2; then + _ok="${_ok} ${ifn}" + if ipv6if ${ifn}; then + _dadwait=1 + fi + else + _fail="${_fail} ${ifn}" + fi + done + + # inet6 address configuration needs sleep for DAD. + case ${_func}:${_dadwait} in + ifn_start:1|ifn_vnetup:1|ifn_vnetdown:1) + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + ;; + esac + + _str= + if [ -n "${_ok}" ]; then + case ${_func} in + ifn_start) + _str='Starting' + ;; + ifn_stop) + _str='Stopping' + ;; + ifn_vnetup) + _str='Moving' + ;; + ifn_vnetdown) + _str='Reclaiming' + ;; + esac + echo "${_str} Network:${_ok}." + case ${_func} in + ifn_vnetup) + # Clear _ok not to do "ifconfig $ifn" + # because $ifn is no longer in the current vnet. + _ok= + ;; + esac + if check_startmsgs; then + for ifn in ${_ok}; do + /sbin/ifconfig ${ifn} + done + fi + fi + + debug "The following interfaces were not configured: $_fail" +} + +# Load the old "network" config file also for compatibility. +# This is needed for mfsBSD at least. +load_rc_config network +load_rc_config $name +run_rc_command $* diff --git a/libexec/rc/rc.d/netoptions b/libexec/rc/rc.d/netoptions new file mode 100755 index 000000000000..fda0229b7fef --- /dev/null +++ b/libexec/rc/rc.d/netoptions @@ -0,0 +1,126 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: netoptions +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="netoptions" +desc="Network options setup" +start_cmd="netoptions_start" +stop_cmd=: + +_netoptions_initdone= +netoptions_init() +{ + if [ -z "${_netoptions_initdone}" ]; then + echo -n 'Additional TCP/IP options:' + _netoptions_initdone=yes + fi +} + +netoptions_start() +{ + local _af + + for _af in inet inet6; do + afexists ${_af} && eval netoptions_${_af} + done + [ -n "${_netoptions_initdone}" ] && echo '.' +} + +netoptions_inet() +{ + case ${log_in_vain} in + [12]) + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null + ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null + ;; + *) + ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null + ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null + ;; + esac + + if checkyesno tcp_extensions; then + ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null + else + netoptions_init + echo -n " rfc1323 extensions=${tcp_extensions}" + ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null + fi + + if checkyesno tcp_keepalive; then + ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null + else + netoptions_init + echo -n " TCP keepalive=${tcp_keepalive}" + ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null + fi + + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" + ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null + else + ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null + fi + + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac + + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac +} + +netoptions_inet6() +{ + if checkyesno ipv6_ipv4mapping; then + netoptions_init + echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" + ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null + else + ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null + fi + + if checkyesno ipv6_privacy; then + netoptions_init + echo -n " IPv6 Privacy Addresses" + ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null + ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null + fi + + case $ipv6_cpe_wanif in + ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null + ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null + ;; + *) + netoptions_init + echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" + ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null + ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null + ;; + esac +} + +load_rc_config $name +run_rc_command $1 diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait new file mode 100755 index 000000000000..ab80cec50576 --- /dev/null +++ b/libexec/rc/rc.d/netwait @@ -0,0 +1,116 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: netwait +# REQUIRE: devd ipfilter ipfw pf routing +# KEYWORD: nojail +# +# The netwait script helps handle two situations: +# - Systems with USB or other late-attaching network hardware which +# is initialized by devd events. The script waits for all the +# interfaces named in the netwait_if list to appear. +# - Systems with statically-configured IP addresses in rc.conf(5). +# The IP addresses in the netwait_ip list are pinged. The script +# waits for any single IP in the list to respond to the ping. If your +# system uses DHCP, you should probably use synchronous_dhclient="YES" +# in your /etc/rc.conf instead of netwait_ip. +# Either or both of the wait lists can be used (at least one must be +# non-empty if netwait is enabled). + +. /etc/rc.subr + +name="netwait" +desc="Wait for network devices or the network being up" +rcvar="netwait_enable" + +start_cmd="${name}_start" +stop_cmd=":" + +netwait_start() +{ + local ip rc count output link wait_if got_if any_error + + if [ -z "${netwait_if}" ] && [ -z "${netwait_ip}" ]; then + err 1 "No interface or IP addresses listed, nothing to wait for" + fi + + if [ ${netwait_timeout} -lt 1 ]; then + err 1 "netwait_timeout must be >= 1" + fi + + if [ -n "${netwait_if}" ]; then + any_error=0 + for wait_if in ${netwait_if}; do + echo -n "Waiting for ${wait_if}" + link="" + got_if=0 + count=1 + # Handle SIGINT (Ctrl-C); force abort of while() loop + trap break SIGINT + while [ ${count} -le ${netwait_if_timeout} ]; do + if output=`/sbin/ifconfig ${wait_if} 2>/dev/null`; then + if [ ${got_if} -eq 0 ]; then + echo -n ", interface present" + got_if=1 + fi + link=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'` + if [ -z "${link}" ]; then + echo ', got link.' + break + fi + fi + sleep 1 + count=$((count+1)) + done + # Restore default SIGINT handler + trap - SIGINT + if [ ${got_if} -eq 0 ]; then + echo ", wait failed: interface never appeared." + any_error=1 + elif [ -n "${link}" ]; then + echo ", wait failed: interface still has no link." + any_error=1 + fi + done + if [ ${any_error} -eq 1 ]; then + warn "Continuing with startup, but be aware you may not have " + warn "a fully functional networking layer at this point." + fi + fi + + if [ -n "${netwait_ip}" ]; then + # Handle SIGINT (Ctrl-C); force abort of for() loop + trap break SIGINT + + for ip in ${netwait_ip}; do + echo -n "Waiting for ${ip} to respond to ICMP ping" + + count=1 + while [ ${count} -le ${netwait_timeout} ]; do + /sbin/ping -t 1 -c 1 -o ${ip} >/dev/null 2>&1 + rc=$? + + if [ $rc -eq 0 ]; then + # Restore default SIGINT handler + trap - SIGINT + + echo ', got response.' + return + fi + count=$((count+1)) + done + echo ', failed: No response from host.' + done + + # Restore default SIGINT handler + trap - SIGINT + + warn "Exhausted IP list. Continuing with startup, but be aware you may" + warn "not have a fully functional networking layer at this point." + fi + +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/newsyslog b/libexec/rc/rc.d/newsyslog new file mode 100755 index 000000000000..740fcfeefaf4 --- /dev/null +++ b/libexec/rc/rc.d/newsyslog @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: newsyslog +# REQUIRE: FILESYSTEMS mountcritremote + +. /etc/rc.subr + +name="newsyslog" +desc="Logfile rotation" +rcvar="newsyslog_enable" +required_files="/etc/newsyslog.conf" +command="/usr/sbin/${name}" +start_cmd="newsyslog_start" +stop_cmd=":" + +newsyslog_start() +{ + check_startmsgs && echo -n 'Creating and/or trimming log files' + ${command} ${rc_flags} + check_startmsgs && echo '.' +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfscbd b/libexec/rc/rc.d/nfscbd new file mode 100755 index 000000000000..e8a3747b0fa7 --- /dev/null +++ b/libexec/rc/rc.d/nfscbd @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfscbd +# REQUIRE: NETWORKING nfsuserd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfscbd" +desc="NFSv4 client side callback daemon" +rcvar="nfscbd_enable" +command="/usr/sbin/${name}" +sig_stop="USR1" + +load_rc_config $name + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsclient b/libexec/rc/rc.d/nfsclient new file mode 100755 index 000000000000..2acfb84d8b09 --- /dev/null +++ b/libexec/rc/rc.d/nfsclient @@ -0,0 +1,51 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsclient +# REQUIRE: NETWORKING mountcritremote rpcbind +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsclient" +desc="NFS client setup" +rcvar="nfs_client_enable" +start_cmd="nfsclient_start" +stop_cmd="unmount_all" +required_modules="nfscl:nfs" + +nfsclient_start() +{ + # + # Set some nfs client related sysctls + # + + if [ -n "${nfs_access_cache}" ]; then + check_startmsgs && + echo "NFS access cache time=${nfs_access_cache}" + if ! sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null; then + warn "failed to set access cache timeout" + fi + fi + if [ -n "${nfs_bufpackets}" ]; then + if ! sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null; then + warn "failed to set vfs.nfs.bufpackets" + fi + fi + + unmount_all +} + +unmount_all() +{ + # If /var/db/mounttab exists, some nfs-server has not been + # successfully notified about a previous client shutdown. + # If there is no /var/db/mounttab, we do nothing. + if [ -f /var/db/mounttab ]; then + rpc.umntall -k + fi +} +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsd b/libexec/rc/rc.d/nfsd new file mode 100755 index 000000000000..33ad356e05e9 --- /dev/null +++ b/libexec/rc/rc.d/nfsd @@ -0,0 +1,51 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsd +# REQUIRE: mountcritremote mountd hostname gssd nfsuserd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsd" +desc="Remote NFS server" +rcvar="nfs_server_enable" +command="/usr/sbin/${name}" + +load_rc_config $name +start_precmd="nfsd_precmd" +sig_stop="USR1" + +nfsd_precmd() +{ + rc_flags="${nfs_server_flags}" + + # Load the modules now, so that the vfs.nfsd sysctl + # oids are available. + load_kld nfsd + + if checkyesno nfs_reserved_port_only; then + echo 'NFS on reserved port only=YES' + sysctl vfs.nfsd.nfs_privport=1 > /dev/null + else + sysctl vfs.nfsd.nfs_privport=0 > /dev/null + fi + + if checkyesno nfs_server_managegids; then + force_depend nfsuserd || err 1 "Cannot run nfsuserd" + fi + + if checkyesno nfsv4_server_enable; then + sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null + else + echo 'NFSv4 is disabled' + sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null + fi + + force_depend rpcbind || return 1 + force_depend mountd || return 1 +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nfsuserd b/libexec/rc/rc.d/nfsuserd new file mode 100755 index 000000000000..804b1243a4c4 --- /dev/null +++ b/libexec/rc/rc.d/nfsuserd @@ -0,0 +1,29 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nfsuserd +# REQUIRE: NETWORKING +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="nfsuserd" +desc="Load user and group information into the kernel for NFSv4 services and support manage-gids for all NFS versions" +rcvar="nfsuserd_enable" +command="/usr/sbin/${name}" +sig_stop="USR1" + +load_rc_config $name +start_precmd="nfsuserd_precmd" + +nfsuserd_precmd() +{ + if checkyesno nfs_server_managegids; then + rc_flags="-manage-gids ${nfsuserd_flags}" + fi + return 0 +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nisdomain b/libexec/rc/rc.d/nisdomain new file mode 100755 index 000000000000..2569931a84da --- /dev/null +++ b/libexec/rc/rc.d/nisdomain @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Copyright (c) 1993 - 2003 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: nisdomain +# REQUIRE: SERVERS rpcbind +# BEFORE: ypset ypbind ypserv ypxfrd + +. /etc/rc.subr + +name="nisdomain" +desc="Set NIS domain name" +start_cmd="nisdomain_start" +stop_cmd=":" + +nisdomain_start() +{ + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo]|'') + ;; + *) + domainname ${nisdomainname} + echo "Setting NIS domain: `/bin/domainname`." + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/nscd b/libexec/rc/rc.d/nscd new file mode 100755 index 000000000000..7663fc4f118a --- /dev/null +++ b/libexec/rc/rc.d/nscd @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: nscd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable nscd: +# +# nscd_enable="YES" +# +# See nscd(8) for flags +# + +. /etc/rc.subr + +name="nscd" +desc="Name-service caching daemon" +rcvar="nscd_enable" + +command=/usr/sbin/nscd +extra_commands="flush" +flush_cmd="${command} -I all" + +# usage: _nscd_set_option <option name> <default value> +# +_nscd_set_option() { + local _optname _defoptval _nscd_opt_val _cached_opt_val + _optname=$1 + _defoptval=$2 + + _nscd_opt_val=$(eval "echo \$nscd_${_optname}") + _cached_opt_val=$(eval "echo \$cached_${_optname}") + + if [ -n "$_cached_opt_val" -a "$_nscd_opt_val" != "$_defoptval" ]; then + warn "You should use nscd_${_optname} instead of" \ + "cached_${_optname}" + setvar "nscd_${_optname}" "$_cached_opt_val" + else + setvar "nscd_${_optname}" "${_nscd_opt_val:-$_defoptval}" + fi +} + + +load_rc_config $name +_nscd_set_option "enable" "NO" +_nscd_set_option "pidfile" "/var/run/nscd.pid" +_nscd_set_option "flags" "" +run_rc_command "$1" + diff --git a/libexec/rc/rc.d/nsswitch b/libexec/rc/rc.d/nsswitch new file mode 100755 index 000000000000..5d3d4bbb57cb --- /dev/null +++ b/libexec/rc/rc.d/nsswitch @@ -0,0 +1,104 @@ +#!/bin/sh +# +# Copyright (c) 1993 - 2004 The FreeBSD Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: nsswitch +# REQUIRE: root +# BEFORE: NETWORK + +. /etc/rc.subr + +name="nsswitch" +desc="Name-service switch" +start_cmd="nsswitch_start" +stop_cmd=":" + +generate_host_conf() +{ + local _cont _sources + + nsswitch_conf=$1; shift; + host_conf=$1; shift; + + _cont=0 + _sources="" + while read line; do + line=${line##[ ]} + case $line in + hosts:*) + ;; + *) + if [ $_cont -ne 1 ]; then + continue + fi + ;; + esac + if [ "${line%\\}" = "${line}\\" ]; then + _cont=1 + fi + line=${line#hosts:} + line=${line%\\} + line=${line%%#*} + _sources="${_sources}${_sources:+ }$line" + done < $nsswitch_conf + + echo "# Auto-generated from nsswitch.conf" > $host_conf + for _s in ${_sources}; do + case $_s in + files) + echo "hosts" >> $host_conf + ;; + dns) + echo "dns" >> $host_conf + ;; + nis) + echo "nis" >> $host_conf + ;; + cache | *=*) + ;; + *) + echo "Warning: unrecognized source [$_s]" >&2 + ;; + esac + done +} + +nsswitch_start() +{ + # Generate host.conf for compatibility + # + if [ ! -f "/etc/host.conf" -o \ + "/etc/host.conf" -ot "/etc/nsswitch.conf" ] + then + echo 'Generating host.conf.' + generate_host_conf /etc/nsswitch.conf /etc/host.conf + fi + +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ntpd b/libexec/rc/rc.d/ntpd new file mode 100755 index 000000000000..553575215593 --- /dev/null +++ b/libexec/rc/rc.d/ntpd @@ -0,0 +1,209 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ntpd +# REQUIRE: DAEMON ntpdate FILESYSTEMS devfs +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ntpd" +desc="Network Time Protocol daemon" +rcvar="ntpd_enable" +command="/usr/sbin/${name}" +extra_commands="fetch needfetch" +fetch_cmd="ntpd_fetch_leapfile" +needfetch_cmd="ntpd_needfetch_leapfile" +start_precmd="ntpd_precmd" + +_ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list" +_ntp_default_dir="/var/db/ntp" +_ntp_default_driftfile="${_ntp_default_dir}/ntpd.drift" +_ntp_old_driftfile="/var/db/ntpd.drift" + +pidfile="${_ntp_default_dir}/${name}.pid" + +load_rc_config $name + +can_run_nonroot() +{ + # If the admin set what uid to use, we don't change it. + if [ -n "${ntpd_user}" ]; then + return 1 + fi + + # If the admin set any command line options involving files, we + # may not be able to access them as user ntpd. + case "${rc_flags}" in + *-f* | *--driftfile* | *-i* | *--jaildir* | \ + *-k* | *--keyfile* | *-l* | *--logfile* | \ + *-p* | *--pidfile* | *-s* | *--statsdir* ) + return 1;; + esac + + # If the admin set any options in ntp.conf involving files, + # we may not be able to access them as user ntpd. + local fileopts="^[ \t]*crypto|^[ \t]*driftfile|^[ \t]*key|^[ \t]*logfile|^[ \t]*statsdir" + grep -E -q "${fileopts}" "${ntpd_config}" && return 1 + + # Try to set up the the MAC ntpd policy so ntpd can run with reduced + # privileges. Detect whether MAC is compiled into the kernel, load + # the policy module if not already present, then check whether the + # policy has been disabled via tunable or sysctl. + [ -n "$(sysctl -qn security.mac.version)" ] || return 1 + sysctl -qn security.mac.ntpd >/dev/null || kldload -qn mac_ntpd || return 1 + [ "$(sysctl -qn security.mac.ntpd.enabled)" == "1" ] || return 1 + + # On older existing systems, the ntp dir may by owned by root, change + # it to ntpd to give the daemon create/write access to the driftfile. + if [ "$(stat -f %u ${_ntp_default_dir})" = "0" ]; then + chown ntpd:ntpd "${_ntp_default_dir}" || return 1 + chmod 0755 "${_ntp_default_dir}" || return 1 + logger -s -t "rc.d/ntpd" -p daemon.notice \ + "${_ntp_default_dir} updated to owner ntpd:ntpd, mode 0755" + fi + + # If the driftfile exists in the standard location for older existing + # systems, move it into the ntp dir and fix the ownership if we can. + if [ -f "${_ntp_old_driftfile}" ] && [ ! -L "${_ntp_old_driftfile}" ]; then + mv "${_ntp_old_driftfile}" "${_ntp_default_driftfile}" && + chown ntpd:ntpd "${_ntp_default_driftfile}" || return 1 + logger -s -t "rc.d/ntpd" -p daemon.notice \ + "${_ntp_default_driftfile} updated to owner ntpd:ntpd" + logger -s -t "rc.d/ntpd" -p daemon.notice \ + "${_ntp_old_driftfile} moved to ${_ntp_default_driftfile}" + fi +} + +ntpd_precmd() +{ + local driftopt + + # If we can run as a non-root user, switch uid to ntpd and use the + # new default location for the driftfile inside the ntpd-owned dir. + # Otherwise, figure out what to do about the driftfile option. If set + # by the admin, we don't add the option. If the file exists in the old + # default location we use that, else we use the new default location. + if can_run_nonroot; then + _user="ntpd" + driftopt="-f ${_ntp_default_driftfile}" + elif [ -z "${rc_flags##*-f*}" ] || + [ -z "${rc_flags##*--driftfile*}" ] || + grep -q "^[ \t]*driftfile" "${ntpd_config}"; then + driftopt="" # admin set the option, we don't need to add it. + elif [ -f "${_ntp_old_driftfile}" ]; then + driftopt="-f ${_ntp_old_driftfile}" + else + driftopt="-f ${_ntp_default_driftfile}" + fi + + # Set command_args based on the various config vars. + command_args="-p ${pidfile} -c ${ntpd_config} ${driftopt}" + if checkyesno ntpd_sync_on_start; then + command_args="${command_args} -g" + fi + + # Make sure the leapfile is ready to use. + ntpd_init_leapfile + if [ ! -f "${ntp_db_leapfile}" ]; then + ntpd_fetch_leapfile + fi +} + +current_ntp_ts() { + # Seconds between 1900-01-01 and 1970-01-01 + # echo $(((70*365+17)*86400)) + ntp_to_unix=2208988800 + + echo $(($(date -u +%s)+$ntp_to_unix)) +} + +get_ntp_leapfile_ver() { + # Leapfile update date (version number). + expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \ + '^\([1-9][0-9]*\)$' \| 0 +} + +get_ntp_leapfile_expiry() { + # Leapfile expiry date. + expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \ + '^\([1-9][0-9]*\)$' \| 0 +} + +ntpd_init_leapfile() { + # Refresh working leapfile with an invalid hash due to + # FreeBSD id header. Ntpd will ignore leapfiles with a + # mismatch hash. The file must be the virgin file from + # the source. + if [ ! -f $ntp_db_leapfile ]; then + cp -p $ntp_src_leapfile $ntp_db_leapfile + fi +} + +ntpd_needfetch_leapfile() { + local rc verbose + + if checkyesno ntp_leapfile_fetch_verbose; then + verbose=echo + else + verbose=: + fi + + ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile) + ntp_expiry_src=$(get_ntp_leapfile_expiry $ntp_src_leapfile) + ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile) + ntp_expiry_db=$(get_ntp_leapfile_expiry $ntp_db_leapfile) + $verbose ntp_src_leapfile version is $ntp_ver_no_src expires $ntp_expiry_src + $verbose ntp_db_leapfile version is $ntp_ver_no_db expires $ntp_expiry_db + + if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" -o \ + "$ntp_ver_no_src" -eq "$ntp_ver_no_db" -a \ + "$ntp_expiry_src" -gt "$ntp_expiry_db" ]; then + $verbose replacing $ntp_db_leapfile with $ntp_src_leapfile + cp -p $ntp_src_leapfile $ntp_db_leapfile + ntp_ver_no_db=$ntp_ver_no_src + else + $verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile + fi + ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400)) + ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile) + ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds)) + if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then + $verbose Within ntp leapfile expiry limit, initiating fetch + # Return code 0: ntp leapfile fetch needed + return 0 + fi + # Return code 1: ntp leapfile fetch not needed + return 1 +} + +ntpd_fetch_leapfile() { + if checkyesno ntp_leapfile_fetch_verbose; then + verbose=echo + else + verbose=: + fi + + if ntpd_needfetch_leapfile ; then + for url in $ntp_leapfile_sources ; do + $verbose fetching $url + fetch $ntp_leapfile_fetch_opts -o $_ntp_tmp_leapfile $url && break + done + ntp_ver_no_tmp=$(get_ntp_leapfile_ver $_ntp_tmp_leapfile) + ntp_expiry_tmp=$(get_ntp_leapfile_expiry $_ntp_tmp_leapfile) + if [ "$ntp_expiry_tmp" -gt "$ntp_expiry_db" -o \ + "$ntp_expiry_tmp" -eq "$ntp_expiry_db" -a \ + "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then + $verbose using $url as $ntp_db_leapfile + mv -f $_ntp_tmp_leapfile $ntp_db_leapfile || + $verbose "warning: cannot replace $ntp_db_leapfile (read-only fs?)" + else + $verbose using existing $ntp_db_leapfile + fi + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ntpdate b/libexec/rc/rc.d/ntpdate new file mode 100755 index 000000000000..90f9589ab00f --- /dev/null +++ b/libexec/rc/rc.d/ntpdate @@ -0,0 +1,35 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ntpdate +# REQUIRE: NETWORKING syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="ntpdate" +desc="Set the date and time via NTP" +rcvar="ntpdate_enable" +stop_cmd=":" +start_cmd="ntpdate_start" + +ntpdate_start() +{ + if [ -z "$ntpdate_hosts" -a -f "$ntpdate_config" ]; then + ntpdate_hosts=`awk ' + /^server[ \t]*127.127/ {next} + /^(server|peer|pool)/ { + if ($2 ~/^-/) {print $3} + else {print $2}} + ' < "$ntpdate_config"` + fi + if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then + echo "Setting date via ntp." + ${ntpdate_program:-ntpdate} $rc_flags $ntpdate_hosts + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/opensm b/libexec/rc/rc.d/opensm new file mode 100755 index 000000000000..310476be4d90 --- /dev/null +++ b/libexec/rc/rc.d/opensm @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: opensm +# BEFORE: netif +# REQUIRE: FILESYSTEMS + +. /etc/rc.subr + +name="opensm" +start_cmd="opensm_start" +rcvar="opensm_enable" + +command=/usr/bin/opensm +command_args="-B" + +opensm_start() +{ + for guid in `ibstat | grep "Port GUID" | cut -d ':' -f2`; do + [ -z "${rc_quiet}" ] && echo "Starting ${guid} opensm." + ${command} ${command_args} -g ${guid} >> /dev/null + done +} + +load_rc_config $name +run_rc_command $* diff --git a/libexec/rc/rc.d/othermta b/libexec/rc/rc.d/othermta new file mode 100755 index 000000000000..36292ae3f7b7 --- /dev/null +++ b/libexec/rc/rc.d/othermta @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mail +# REQUIRE: LOGIN + +# XXX - TEMPORARY SCRIPT UNTIL YOU WRITE YOUR OWN REPLACEMENT. +# +. /etc/rc.subr + +load_rc_config + +if [ -n "${mta_start_script}" ]; then + [ "${mta_start_script}" != "/etc/rc.sendmail" ] && \ + sh ${mta_start_script} "$1" +fi diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf new file mode 100755 index 000000000000..57de19218fcf --- /dev/null +++ b/libexec/rc/rc.d/pf @@ -0,0 +1,76 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pf +# REQUIRE: FILESYSTEMS netif pflog pfsync +# BEFORE: routing +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="pf" +desc="Packet filter" +rcvar="pf_enable" +load_rc_config $name +start_cmd="pf_start" +stop_cmd="pf_stop" +check_cmd="pf_check" +reload_cmd="pf_reload" +resync_cmd="pf_resync" +status_cmd="pf_status" +extra_commands="check reload resync" +required_files="$pf_rules" +required_modules="pf" + +pf_start() +{ + check_startmsgs && echo -n 'Enabling pf' + $pf_program -F all > /dev/null 2>&1 + $pf_program -f "$pf_rules" $pf_flags + if ! $pf_program -s info | grep -q "Enabled" ; then + $pf_program -eq + fi + check_startmsgs && echo '.' +} + +pf_stop() +{ + if $pf_program -s info | grep -q "Enabled" ; then + echo -n 'Disabling pf' + $pf_program -dq + echo '.' + fi +} + +pf_check() +{ + echo "Checking pf rules." + $pf_program -n -f "$pf_rules" $pf_flags +} + +pf_reload() +{ + echo "Reloading pf rules." + pf_resync +} + +pf_resync() +{ + $pf_program -n -f "$pf_rules" $pf_flags || return 1 + $pf_program -f "$pf_rules" $pf_flags +} + +pf_status() +{ + if ! [ -c /dev/pf ] ; then + echo "pf.ko is not loaded" + return 1 + else + $pf_program -s info + $pf_program -s Running >/dev/null + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/pflog b/libexec/rc/rc.d/pflog new file mode 100755 index 000000000000..d0fb4e6cbf08 --- /dev/null +++ b/libexec/rc/rc.d/pflog @@ -0,0 +1,106 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pflog +# REQUIRE: FILESYSTEMS netif +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="pflog" +desc="Packet filter logging interface" +rcvar="pflog_enable" +command="/sbin/pflogd" +pidfile="/var/run/pflogd.pid" +start_precmd="pflog_prestart" +stop_postcmd="pflog_poststop" +extra_commands="reload resync" + +# for backward compatibility +resync_cmd="pflog_resync" + +pflog_prestart() +{ + load_kld pflog || return 1 + + # create pflog_dev interface if needed + if ! ifconfig $pflog_dev > /dev/null 2>&1; then + if ! ifconfig $pflog_dev create; then + warn "could not create $pflog_dev." + return 1 + fi + fi + + # set pflog_dev interface to up state + if ! ifconfig $pflog_dev up; then + warn "could not bring up $pflog_dev." + return 1 + fi + + # -p flag requires stripping pidfile's leading /var/run and trailing .pid + pidfile=$(echo $pidfile | sed -e 's|/var/run/||' -e 's|.pid$||') + + # prepare the command line for pflogd + rc_flags="-p $pidfile -f $pflog_logfile -i $pflog_dev $rc_flags" + + # report we're ready to run pflogd + return 0 +} + +pflog_poststop() +{ + if ! ifconfig $pflog_dev down; then + warn "could not bring down $pflog_dev." + return 1 + fi + + if [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then + rm $pidfile + fi + + return 0 +} + +# for backward compatibility +pflog_resync() +{ + run_rc_command reload +} + +load_rc_config $name + +# Check if spawning multiple pflogd and told what to spawn +if [ -n "$2" ]; then + # Set required variables + eval pflog_dev=\$pflog_${2}_dev + eval pflog_logfile=\$pflog_${2}_logfile + eval pflog_flags=\$pflog_${2}_flags + # Check that required vars have non-zero length, warn if not. + if [ -z $pflog_dev ]; then + warn "pflog_dev not set" + continue + fi + if [ -z $pflog_logfile ]; then + warn "pflog_logfile not set" + continue + fi + + # Provide a unique pidfile name for pflogd -p <pidfile> flag + pidfile="/var/run/pflogd.$2.pid" + + # Override service name and execute command + name=$pflog_dev + run_rc_command "$1" +# Check if spawning multiple pflogd and not told what to spawn +elif [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then + # Interate through requested instances. + for i in $pflog_instances; do + /etc/rc.d/pflog $1 $i + done +else + # Typical case, spawn single instance only. + pflog_dev=${pflog_dev:-"pflog0"} + run_rc_command "$1" +fi diff --git a/libexec/rc/rc.d/pfsync b/libexec/rc/rc.d/pfsync new file mode 100755 index 000000000000..77369aa59961 --- /dev/null +++ b/libexec/rc/rc.d/pfsync @@ -0,0 +1,49 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pfsync +# REQUIRE: FILESYSTEMS netif +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="pfsync" +desc="Packet filter state table sychronisation interface" +rcvar="pfsync_enable" +start_precmd="pfsync_prestart" +start_cmd="pfsync_start" +stop_cmd="pfsync_stop" +required_modules="pf pfsync" + +pfsync_prestart() +{ + case "$pfsync_syncdev" in + '') + warn "pfsync_syncdev is not set." + return 1 + ;; + esac + return 0 +} + +pfsync_start() +{ + local _syncpeer + + echo "Enabling pfsync." + if [ -n "${pfsync_syncpeer}" ]; then + _syncpeer="syncpeer ${pfsync_syncpeer}" + fi + ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up +} + +pfsync_stop() +{ + echo "Disabling pfsync." + ifconfig pfsync0 -syncdev -syncpeer down +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/power_profile b/libexec/rc/rc.d/power_profile new file mode 100755 index 000000000000..b7de08063437 --- /dev/null +++ b/libexec/rc/rc.d/power_profile @@ -0,0 +1,97 @@ +#!/bin/sh +# +# Modify the power profile based on AC line state. This script is +# usually called from devd(8). +# +# Arguments: 0x00 (AC offline, economy) or 0x01 (AC online, performance) +# +# $FreeBSD$ +# + +# PROVIDE: power_profile +# REQUIRE: FILESYSTEMS syslogd +# KEYWORD: nojail nostart + +. /etc/rc.subr + +name="power_profile" +desc="Modify the power profile based on AC line state" +stop_cmd=':' +LOGGER="logger -t power_profile -p daemon.notice" + +# Set a given sysctl node to a value. +# +# Variables: +# $node: sysctl node to set with the new value +# $value: HIGH for the highest performance value, LOW for the best +# economy value, or the value itself. +# $highest_value: maximum value for this sysctl, when $value is "HIGH" +# $lowest_value: minimum value for this sysctl, when $value is "LOW" +# +sysctl_set() +{ + # Check if the node exists + if [ -z "$(sysctl -n ${node} 2> /dev/null)" ]; then + return + fi + + # Get the new value, checking for special types HIGH or LOW + case ${value} in + [Hh][Ii][Gg][Hh]) + value=${highest_value} + ;; + [Ll][Oo][Ww]) + value=${lowest_value} + ;; + [Nn][Oo][Nn][Ee]) + return + ;; + *) + ;; + esac + + # Set the desired value + if [ -n "${value}" ]; then + if ! sysctl ${node}=${value} > /dev/null 2>&1; then + warn "unable to set ${node}=${value}" + fi + fi +} + +if [ $# -ne 1 ]; then + err 1 "Usage: $0 [0x00|0x01]" +fi +load_rc_config $name + +# Find the next state (performance or economy). +state=$1 +case ${state} in +0x01 | '') + ${LOGGER} "changed to 'performance'" + profile="performance" + ;; +0x00) + ${LOGGER} "changed to 'economy'" + profile="economy" + ;; +*) + echo "Usage: $0 [0x00|0x01]" + exit 1 +esac + +# Set the various sysctls based on the profile's values. +node="hw.acpi.cpu.cx_lowest" +highest_value="C1" +lowest_value="Cmax" +eval value=\$${profile}_cx_lowest +sysctl_set + +node="dev.cpu.0.freq" +highest_value="`(sysctl -n dev.cpu.0.freq_levels | \ + awk '{ split($0, a, "[/ ]"); print a[1] }' -) 2> /dev/null`" +lowest_value="`(sysctl -n dev.cpu.0.freq_levels | \ + awk '{ split($0, a, "[/ ]"); print a[length(a) - 1] }' -) 2> /dev/null`" +eval value=\$${profile}_cpu_freq +sysctl_set + +exit 0 diff --git a/libexec/rc/rc.d/powerd b/libexec/rc/rc.d/powerd new file mode 100755 index 000000000000..2fc783a627e9 --- /dev/null +++ b/libexec/rc/rc.d/powerd @@ -0,0 +1,26 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: powerd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="powerd" +desc="Modify the power profile based on AC line state" +rcvar="powerd_enable" +command="/usr/sbin/${name}" +stop_postcmd=powerd_poststop + +powerd_poststop() +{ + sysctl dev.cpu.0.freq=`sysctl -n dev.cpu.0.freq_levels | + sed -e 's:/.*::'` > /dev/null +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ppp b/libexec/rc/rc.d/ppp new file mode 100755 index 000000000000..93d0655b296f --- /dev/null +++ b/libexec/rc/rc.d/ppp @@ -0,0 +1,135 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ppp +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="ppp" +desc="Point to Point Protocol" +rcvar="ppp_enable" +command="/usr/sbin/${name}" +start_cmd="ppp_start" +stop_cmd="ppp_stop" +start_postcmd="ppp_poststart" + +ppp_start_profile() +{ + local _ppp_profile _ppp_mode _ppp_nat _ppp_unit + local _ppp_profile_cleaned _punct _punct_c + + _ppp_profile=$1 + _ppp_profile_cleaned=$1 + _punct=". - / +" + for _punct_c in $_punct; do + _ppp_profile_cleaned=`ltr ${_ppp_profile_cleaned} ${_punct_c} '_'` + done + + # Check for ppp profile mode override. + # + eval _ppp_mode=\$ppp_${_ppp_profile_cleaned}_mode + if [ -z "$_ppp_mode" ]; then + _ppp_mode=$ppp_mode + fi + + # Check for ppp profile nat override. + # + eval _ppp_nat=\$ppp_${_ppp_profile_cleaned}_nat + if [ -z "$_ppp_nat" ]; then + _ppp_nat=$ppp_nat + fi + + # Establish ppp mode. + # + if [ "${_ppp_mode}" != "ddial" -a "${_ppp_mode}" != "direct" \ + -a "${_ppp_mode}" != "dedicated" \ + -a "${_ppp_mode}" != "background" ]; then + _ppp_mode="auto" + fi + + rc_flags="-quiet -${_ppp_mode}" + + # Switch on NAT mode? + # + case ${_ppp_nat} in + [Yy][Ee][Ss]) + rc_flags="$rc_flags -nat" + ;; + esac + + # Check for hard wired unit + eval _ppp_unit=\$ppp_${_ppp_profile_cleaned}_unit + if [ -n "${_ppp_unit}" ]; then + _ppp_unit="-unit${_ppp_unit}" + fi + rc_flags="$rc_flags $_ppp_unit" + + # Run! + # + su -m $ppp_user -c "$command ${rc_flags} ${_ppp_profile}" +} + +ppp_start() +{ + local _ppp_profile _p + + _ppp_profile=$* + if [ -z "${_ppp_profile}" ]; then + _ppp_profile=$ppp_profile + fi + + echo -n "Starting PPP profile:" + + for _p in $_ppp_profile; do + echo -n " $_p" + ppp_start_profile $_p + done + + echo "." +} + +ppp_poststart() +{ + # Re-Sync ipfilter and pf so they pick up any new network interfaces + # + if [ -f /etc/rc.d/ipfilter ]; then + /etc/rc.d/ipfilter quietresync + fi + if [ -f /etc/rc.d/pf ]; then + /etc/rc.d/pf quietresync + fi +} + +ppp_stop_profile() { + local _ppp_profile + + _ppp_profile=$1 + + /bin/pkill -f "^${command}.*[[:space:]]${_ppp_profile}\$" || \ + echo -n "(not running)" +} + +ppp_stop() { + local _ppp_profile _p + + _ppp_profile=$* + if [ -z "${_ppp_profile}" ]; then + _ppp_profile=$ppp_profile + fi + + echo -n "Stopping PPP profile:" + + for _p in $_ppp_profile; do + echo -n " $_p" + ppp_stop_profile $_p + done + + echo "." +} + +load_rc_config $name +run_rc_command $* diff --git a/libexec/rc/rc.d/pppoed b/libexec/rc/rc.d/pppoed new file mode 100755 index 000000000000..7e848595e833 --- /dev/null +++ b/libexec/rc/rc.d/pppoed @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pppoed +# REQUIRE: NETWORKING +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="pppoed" +desc="Handle incoming PPP over Ethernet connections" +rcvar="pppoed_enable" +start_cmd="pppoed_start" +# XXX stop_cmd will not be straightforward +stop_cmd=":" + +pppoed_start() +{ + local _opts + + if [ -n "${pppoed_provider}" ]; then + pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" + fi + echo 'Starting pppoed' + _opts=$-; set -f + /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} + set +f; set -${_opts} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/pwcheck b/libexec/rc/rc.d/pwcheck new file mode 100755 index 000000000000..c5c5c220be65 --- /dev/null +++ b/libexec/rc/rc.d/pwcheck @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: pwcheck +# REQUIRE: mountcritremote syslogd +# BEFORE: DAEMON + +. /etc/rc.subr + +name="pwcheck" +desc="Check password file correctness" +start_cmd="pwcheck_start" +stop_cmd=":" + +pwcheck_start() +{ + # check the password temp/lock file + # + if [ -f /etc/ptmp ]; then + logger -s -p auth.err \ + "password file may be incorrect -- /etc/ptmp exists" + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/quota b/libexec/rc/rc.d/quota new file mode 100755 index 000000000000..127c047e6001 --- /dev/null +++ b/libexec/rc/rc.d/quota @@ -0,0 +1,35 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# Enable/Check the quotas (must be after ypbind if using NIS) + +# PROVIDE: quota +# REQUIRE: mountcritremote ypset +# BEFORE: DAEMON +# KEYWORD: nojail + +. /etc/rc.subr + +name="quota" +desc="Enable/check the quotas" +rcvar="quota_enable" +load_rc_config $name +start_cmd="quota_start" +stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}" + +quota_start() +{ + if checkyesno check_quotas; then + echo -n 'Checking quotas:' + quotacheck ${quotacheck_flags} + echo ' done.' + fi + + echo -n 'Enabling quotas:' + quotaon ${quotaon_flags} + echo ' done.' +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/random b/libexec/rc/rc.d/random new file mode 100755 index 000000000000..9762c9d3bfdd --- /dev/null +++ b/libexec/rc/rc.d/random @@ -0,0 +1,157 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: random +# REQUIRE: FILESYSTEMS +# BEFORE: netif +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="random" +desc="Harvest and save entropy for random device" +start_cmd="random_start" +stop_cmd="random_stop" + +extra_commands="saveseed" +saveseed_cmd="${name}_stop" + +save_dev_random() +{ + oumask=`umask` + umask 077 + for f ; do + debug "saving entropy to $f" + dd if=/dev/random of="$f" bs=4096 count=1 status=none && + chmod 600 "$f" + done + umask ${oumask} +} + +feed_dev_random() +{ + for f ; do + if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then + if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then + debug "entropy read from $f" + rm -f "$f" + fi + fi + done +} + +random_start() +{ + + if [ ${harvest_mask} -gt 0 ]; then + echo -n 'Setting up harvesting: ' + ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null + ${SYSCTL_N} kern.random.harvest.mask_symbolic + fi + + echo -n 'Feeding entropy: ' + + if [ ! -w /dev/random ] ; then + warn "/dev/random is not writeable" + return 1 + fi + + # Reseed /dev/random with previously stored entropy. + case ${entropy_dir:=/var/db/entropy} in + [Nn][Oo]) + ;; + *) + if [ -d "${entropy_dir}" ] ; then + feed_dev_random "${entropy_dir}"/* + fi + ;; + esac + + case ${entropy_file:=/entropy} in + [Nn][Oo]) + ;; + *) + feed_dev_random "${entropy_file}" /var/db/entropy-file + save_dev_random "${entropy_file}" + ;; + esac + + case ${entropy_boot_file:=/boot/entropy} in + [Nn][Oo]) + ;; + *) + save_dev_random "${entropy_boot_file}" + ;; + esac + + echo '.' +} + +random_stop() +{ + # Write some entropy so when the machine reboots /dev/random + # can be reseeded + # + case ${entropy_file:=/entropy} in + [Nn][Oo]) + ;; + *) + echo -n 'Writing entropy file:' + rm -f ${entropy_file} 2> /dev/null + oumask=`umask` + umask 077 + if touch ${entropy_file} 2> /dev/null; then + entropy_file_confirmed="${entropy_file}" + else + # Try this as a reasonable alternative for read-only + # roots, diskless workstations, etc. + rm -f /var/db/entropy-file 2> /dev/null + if touch /var/db/entropy-file 2> /dev/null; then + entropy_file_confirmed=/var/db/entropy-file + fi + fi + case ${entropy_file_confirmed} in + '') + warn 'write failed (read-only fs?)' + ;; + *) + dd if=/dev/random of=${entropy_file_confirmed} \ + bs=4096 count=1 2> /dev/null || + warn 'write failed (unwriteable file or full fs?)' + echo '.' + ;; + esac + umask ${oumask} + ;; + esac + case ${entropy_boot_file:=/boot/entropy} in + [Nn][Oo]) + ;; + *) + echo -n 'Writing early boot entropy file:' + rm -f ${entropy_boot_file} 2> /dev/null + oumask=`umask` + umask 077 + if touch ${entropy_boot_file} 2> /dev/null; then + entropy_boot_file_confirmed="${entropy_boot_file}" + fi + case ${entropy_boot_file_confirmed} in + '') + warn 'write failed (read-only fs?)' + ;; + *) + dd if=/dev/random of=${entropy_boot_file_confirmed} \ + bs=4096 count=1 2> /dev/null || + warn 'write failed (unwriteable file or full fs?)' + echo '.' + ;; + esac + umask ${oumask} + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/rarpd b/libexec/rc/rc.d/rarpd new file mode 100755 index 000000000000..ef87bcba8f83 --- /dev/null +++ b/libexec/rc/rc.d/rarpd @@ -0,0 +1,22 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rarpd +# REQUIRE: DAEMON FILESYSTEMS +# BEFORE: LOGIN +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="rarpd" +desc="Reverse ARP daemon" +rcvar="rarpd_enable" +command="/usr/sbin/${name}" +required_files="/etc/ethers" + +load_rc_config $name +pidfile="${rarpd_pidfile:-/var/run/${name}.pid}" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/rctl b/libexec/rc/rc.d/rctl new file mode 100755 index 000000000000..ed5665454dde --- /dev/null +++ b/libexec/rc/rc.d/rctl @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rctl +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rctl" +desc="Manage resource limits" +rcvar="rctl_enable" +start_cmd="rctl_start" +stop_cmd="rctl_stop" + +rctl_start() +{ + if [ -f ${rctl_rules} ]; then + while read var comments + do + case ${var} in + \#*|'') + ;; + *) + echo "${var}" + ;; + esac + done < ${rctl_rules} | xargs rctl -a + fi +} + +rctl_stop() +{ + + rctl -r : +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/resolv b/libexec/rc/rc.d/resolv new file mode 100755 index 000000000000..ed0470fe56c3 --- /dev/null +++ b/libexec/rc/rc.d/resolv @@ -0,0 +1,63 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: resolv +# REQUIRE: netif FILESYSTEMS +# KEYWORD: nojail + +. /etc/rc.subr + +name="resolv" +rcvar="resolv_enable" +desc="Create /etc/resolv.conf from kenv" +start_cmd="${name}_start" +stop_cmd=':' + +# if the info is available via dhcp/kenv +# build the resolv.conf +# +resolv_start() +{ + if [ -n "`/bin/kenv dhcp.domain-name-servers 2> /dev/null`" ]; then + interface="`/bin/kenv boot.netif.name`" + ( + if [ -n "`/bin/kenv dhcp.domain-name 2> /dev/null`" ]; then + echo domain `/bin/kenv dhcp.domain-name` + fi + + set -- `/bin/kenv dhcp.domain-name-servers` + for ns in `IFS=','; echo $*`; do + echo nameserver $ns + done + ) | /sbin/resolvconf -a ${interface}:dhcp4 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/rfcomm_pppd_server b/libexec/rc/rc.d/rfcomm_pppd_server new file mode 100755 index 000000000000..990a22475b0e --- /dev/null +++ b/libexec/rc/rc.d/rfcomm_pppd_server @@ -0,0 +1,123 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rfcomm_pppd_server +# REQUIRE: DAEMON sdpd +# BEFORE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="rfcomm_pppd_server" +desc="RFCOMM PPP daemon" +rcvar="rfcomm_pppd_server_enable" +command="/usr/sbin/rfcomm_pppd" +start_cmd="rfcomm_pppd_server_start" +stop_cmd="rfcomm_pppd_server_stop" +required_modules="ng_btsocket" + +rfcomm_pppd_server_start_profile() +{ + local _profile _profile_cleaned _punct _punct_c + local _bdaddr _channel _x + + _profile=$1 + _profile_cleaned=$1 + + _punct=". - / +" + for _punct_c in ${_punct} ; do + _profile_cleaned=`ltr ${_profile_cleaned} ${_punct_c} '_'` + done + + rc_flags="" + + # Check for RFCOMM PPP profile bdaddr override + # + eval _bdaddr=\$rfcomm_pppd_server_${_profile_cleaned}_bdaddr + if [ -n "${_bdaddr}" ]; then + rc_flags="${rc_flags} -a ${_bdaddr}" + fi + + # Check for RFCOMM PPP profile channel override + # + eval _channel=\$rfcomm_pppd_server_${_profile_cleaned}_channel + if [ -z "${_channel}" ]; then + _channel=1 + fi + rc_flags="${rc_flags} -C ${_channel}" + + # Check for RFCOMM PPP profile register SP override + # + eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_sp + if [ -n "${_x}" ]; then + if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_sp" ; then + rc_flags="${rc_flags} -S" + fi + fi + + # Check for RFCOMM PPP profile register DUN override + # + eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_dun + if [ -n "${_x}" ]; then + if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_dun" ; then + rc_flags="${rc_flags} -D" + fi + fi + + # Run! + # + $command -s ${rc_flags} -l ${_profile} +} + +rfcomm_pppd_server_stop_profile() +{ + local _profile + + _profile=$1 + + /bin/pkill -f "^${command}.*[[:space:]]${_profile}\$" || \ + echo -n "(not running)" +} + +rfcomm_pppd_server_start() +{ + local _profile _p + + _profile=$* + if [ -z "${_profile}" ]; then + _profile=${rfcomm_pppd_server_profile} + fi + + echo -n "Starting RFCOMM PPP profile:" + + for _p in ${_profile} ; do + echo -n " ${_p}" + rfcomm_pppd_server_start_profile ${_p} + done + + echo "." +} + +rfcomm_pppd_server_stop() +{ + local _profile _p + + _profile=$* + if [ -z "${_profile}" ]; then + _profile=${rfcomm_pppd_server_profile} + fi + + echo -n "Stopping RFCOMM PPP profile:" + + for _p in ${_profile} ; do + echo -n " ${_p}" + rfcomm_pppd_server_stop_profile ${_p} + done + + echo "." +} + +load_rc_config $name +run_rc_command $* diff --git a/libexec/rc/rc.d/root b/libexec/rc/rc.d/root new file mode 100755 index 000000000000..b528a9ac246c --- /dev/null +++ b/libexec/rc/rc.d/root @@ -0,0 +1,43 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: root +# REQUIRE: fsck +# KEYWORD: nojail + +. /etc/rc.subr + +name="root" +desc="Mount root filesystem read/write" +start_cmd="root_start" +stop_cmd=":" + +root_start() +{ + # root normally must be read/write, but if this is a BOOTP NFS + # diskless boot it does not have to be. + # + case ${root_rw_mount} in + [Nn][Oo] | '') + ;; + *) + if ! mount -uw /; then + echo 'Mounting root filesystem rw failed, startup aborted' + stop_boot true + fi + ;; + esac + + umount -a >/dev/null 2>&1 + + # If we booted a special kernel remove the record + # so we will boot the default kernel next time. + if [ -x /sbin/nextboot ]; then + /sbin/nextboot -D > /dev/null 2>&1 + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/route6d b/libexec/rc/rc.d/route6d new file mode 100755 index 000000000000..f17f7b4090c0 --- /dev/null +++ b/libexec/rc/rc.d/route6d @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: route6d +# REQUIRE: netif routing +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="route6d" +desc="RIP6 routing daemon" +rcvar="route6d_enable" + +set_rcvar_obsolete ipv6_router_enable route6d_enable +set_rcvar_obsolete ipv6_router route6d_program +set_rcvar_obsolete ipv6_router_flags route6d_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/routed b/libexec/rc/rc.d/routed new file mode 100755 index 000000000000..f8890537b22c --- /dev/null +++ b/libexec/rc/rc.d/routed @@ -0,0 +1,22 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: routed +# REQUIRE: netif routing +# BEFORE: NETWORK +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="routed" +desc="Network RIP and router discovery routing daemon" +rcvar="routed_enable" + +set_rcvar_obsolete router_enable routed_enable +set_rcvar_obsolete router routed_program +set_rcvar_obsolete router_flags routed_flags + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/routing b/libexec/rc/rc.d/routing new file mode 100755 index 000000000000..e909523ab709 --- /dev/null +++ b/libexec/rc/rc.d/routing @@ -0,0 +1,373 @@ +#!/bin/sh +# +# Configure routing and miscellaneous network tunables +# +# $FreeBSD$ +# + +# PROVIDE: routing +# REQUIRE: netif ppp stf +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="routing" +desc="Routing setup" +start_cmd="routing_start doall" +stop_cmd="routing_stop" +extra_commands="options static" +static_cmd="routing_start static" +options_cmd="routing_start options" + +ROUTE_CMD="/sbin/route" + +routing_start() +{ + local _cmd _af _if _a _ret + _cmd=$1 + _af=$2 + _if=$3 + _ret=0 + + case $_if in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; + esac + + case $_af in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) + for _a in inet inet6; do + afexists $_a || continue + setroutes $_cmd $_a $_if || _ret=1 + done + ;; + *) + if afexists $_af; then + setroutes $_cmd $_af $_if || _ret=1 + else + err 1 "Unsupported address family: $_af." + fi + ;; + esac + + return $_ret +} + +routing_stop() +{ + local _af _if _a + _af=$1 + _if=$2 + + case $_if in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; + esac + + case $_af in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) + for _a in inet inet6; do + afexists $_a || continue + eval static_${_a} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_a} + fi + done + ;; + *) + if afexists $_af; then + eval static_${_af} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_af} + fi + else + err 1 "Unsupported address family: $_af." + fi + ;; + esac +} + +setroutes() +{ + local _ret + _ret=0 + case $1 in + static) + static_$2 add $3 + _ret=$? + ;; + options) + options_$2 + ;; + doall) + static_$2 add $3 + _ret=$? + options_$2 + ;; + esac + return $_ret +} + +routing_stop_inet() +{ + ${ROUTE_CMD} -n flush -inet +} + +routing_stop_inet6() +{ + local i + + ${ROUTE_CMD} -n flush -inet6 + for i in `list_net_interfaces`; do + if ipv6if $i; then + ifconfig $i inet6 -defaultif + fi + done +} + +get_fibmod() +{ + local _fibs + + _fibs=$((`${SYSCTL_N} net.fibs` - 1)) + if [ ${_fibs} -gt 0 ]; then + echo "-fib 0-${_fibs}" + else + echo + fi +} + +static_inet() +{ + local _action _if _skip _fibmod + _action=$1 + _if=$2 + + _fibmod=`get_fibmod` + + # Provide loopback route in all routing tables. This has to come + # first so that any following routes can be added. + static_routes="_loopback ${static_routes}" + route__loopback="-inet 127.0.0.1 -iface lo0 ${_fibmod}" + + # Add default route. + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="${static_routes} _default" + route__default="default ${defaultrouter}" + ;; + esac + + # Install configured routes. + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + _skip=0 + if [ -n "$_if" ]; then + case $i in + *:$_if) ;; + *) _skip=1 ;; + esac + fi + if [ $_skip = 0 ]; then + route_args=`get_if_var ${i%:*} route_IF` + if [ -n "$route_args" ]; then + ${ROUTE_CMD} ${_action} ${route_args} + else + warn "route_${i%:*} not found." + fi + fi + done + fi +} + +static_inet6() +{ + local _action _if _skip fibmod allfibs + _action=$1 + _if=$2 + + fibmod=`get_fibmod` + + # Add pre-defined static routes first. + ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}" + ipv6_static_routes="_lla _llma ${ipv6_static_routes}" + ipv6_static_routes="_loopback ${ipv6_static_routes}" + + # disallow "internal" addresses to appear on the wire + ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" + ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" + + # Create a loopback route in every fib + ipv6_route__loopback="::1 -prefixlen 128 -iface lo0 ${fibmod}" + + # Disallow link-local unicast packets without outgoing scope + # identifiers. However, if you set "ipv6_default_interface", + # for the host case, you will allow to omit the identifiers. + # Under this configuration, the packets will go to the default + # interface. + ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}" + ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}" + + # Add default route. + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="${ipv6_static_routes} _default" + ipv6_route__default="default ${ipv6_defaultrouter}" + ;; + esac + + # Install configured routes. + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + _skip=0 + if [ -n "$_if" ]; then + case $i in + *:$_if) ;; + *) _skip=1 ;; + esac + fi + if [ $_skip = 0 ]; then + ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF` + if [ -n "$ipv6_route_args" ]; then + ${ROUTE_CMD} ${_action} \ + -inet6 ${ipv6_route_args} + else + warn "route_${i%:*} not found" + fi + fi + done + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + + # Disable installing the default interface when we act + # as router to avoid conflict between the default + # router list and the manual configured default route. + if checkyesno ipv6_gateway_enable; then + return + fi + + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + return + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + [Nn][Oo][Nn][Ee]) + return + ;; + lo0) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + ifconfig ${ipv6_default_interface} inet6 defaultif + ${SYSCTL} net.inet6.ip6.use_defaultzone=1 > /dev/null +} + +ropts_init() +{ + if [ -z "${_ropts_initdone}" ]; then + echo -n "Additional $1 routing options:" + _ropts_initdone=yes + fi +} + +options_inet() +{ + _ropts_initdone= + if checkyesno icmp_bmcastecho; then + ropts_init inet + echo -n ' broadcast ping responses=YES' + ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null + fi + + if checkyesno icmp_drop_redirect; then + ropts_init inet + echo -n ' ignore ICMP redirect=YES' + ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null + fi + + if checkyesno icmp_log_redirect; then + ropts_init inet + echo -n ' log ICMP redirect=YES' + ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null + else + ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null + fi + + if checkyesno gateway_enable; then + ropts_init inet + echo -n ' gateway=YES' + ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null + else + ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null + fi + + if checkyesno forward_sourceroute; then + ropts_init inet + echo -n ' do source routing=YES' + ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null + else + ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null + fi + + if checkyesno accept_sourceroute; then + ropts_init inet + echo -n ' accept source routing=YES' + ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null + else + ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null + fi + + if checkyesno arpproxy_all; then + ropts_init inet + echo -n ' ARP proxyall=YES' + ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null + else + ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null + fi + + [ -n "${_ropts_initdone}" ] && echo '.' +} + +options_inet6() +{ + _ropts_initdone= + + if checkyesno ipv6_gateway_enable; then + ropts_init inet6 + echo -n ' gateway=YES' + ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null + else + ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null + fi + + [ -n "${_ropts_initdone}" ] && echo '.' +} + +load_rc_config $name +run_rc_command "$@" diff --git a/libexec/rc/rc.d/rpcbind b/libexec/rc/rc.d/rpcbind new file mode 100755 index 000000000000..3e50a39ff66a --- /dev/null +++ b/libexec/rc/rc.d/rpcbind @@ -0,0 +1,20 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rpcbind +# REQUIRE: NETWORKING ntpdate syslogd +# KEYWORD: shutdown + +. /etc/rc.subr + +name="rpcbind" +desc="Universal addresses to RPC program number mapper" +rcvar="rpcbind_enable" +command="/usr/sbin/${name}" + +stop_postcmd='/bin/rm -f /var/run/rpcbind.*' + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/rtadvd b/libexec/rc/rc.d/rtadvd new file mode 100755 index 000000000000..ed9e8b948348 --- /dev/null +++ b/libexec/rc/rc.d/rtadvd @@ -0,0 +1,73 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rtadvd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojailvnet shutdown + +. /etc/rc.subr +. /etc/network.subr + +name="rtadvd" +desc="Router advertisement daemon" +rcvar="rtadvd_enable" +command="/usr/sbin/${name}" +extra_commands="reload" +reload_cmd="rtadvd_reload" +start_precmd="rtadvd_precmd" + +rtadvd_precmd() +{ + # This should be enabled with a great care. + # You may want to fine-tune /etc/rtadvd.conf. + # + # And if you wish your rtadvd to receive and process + # router renumbering messages, specify your Router Renumbering + # security policy by -R option. + # + # See `man 3 ipsec_set_policy` for IPsec policy specification + # details. + # (CAUTION: This enables your routers prefix renumbering + # from another machine, so if you enable this, do it with + # enough care.) + # + # If specific interfaces haven't been specified, + # get a list of interfaces and enable it on them + # + case ${rtadvd_interfaces} in + [Aa][Uu][Tt][Oo]|'') + command_args= + for i in `list_net_interfaces`; do + case $i in + lo0) continue ;; + esac + if ipv6if $i; then + command_args="${command_args} ${i}" + fi + done + ;; + [Nn][Oo][Nn][Ee]) + ;; + *) + command_args="${rtadvd_interfaces}" + ;; + esac + + # Enable Router Renumbering, unicast case + # (use correct src/dst addr) + # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" ${ipv6_network_interfaces} + # Enable Router Renumbering, multicast case + # (use correct src addr) + # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" ${ipv6_network_interfaces} + return 0 +} + +rtadvd_reload() { + /usr/sbin/rtadvctl reload +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/rtsold b/libexec/rc/rc.d/rtsold new file mode 100755 index 000000000000..0bc7d9287adf --- /dev/null +++ b/libexec/rc/rc.d/rtsold @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rtsold +# REQUIRE: netif +# BEFORE: NETWORKING +# KEYWORD: nojailvnet shutdown + +. /etc/rc.subr + +name="rtsold" +desc="Router solicitation daemon" +rcvar="rtsold_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" +start_postcmd="rtsold_poststart" + +rtsold_poststart() +{ + # wait for DAD + sleep $(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1)) +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/rwho b/libexec/rc/rc.d/rwho new file mode 100755 index 000000000000..b58d59b8c105 --- /dev/null +++ b/libexec/rc/rc.d/rwho @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: rwho +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="rwhod" +desc="System status server" +rcvar="rwhod_enable" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/savecore b/libexec/rc/rc.d/savecore new file mode 100755 index 000000000000..c39872cf1729 --- /dev/null +++ b/libexec/rc/rc.d/savecore @@ -0,0 +1,82 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: savecore +# REQUIRE: dumpon ddb syslogd +# KEYWORD: nojail + +. /etc/rc.subr + +name="savecore" +rcvar="savecore_enable" +desc="Save a core dump of the operating system" +start_cmd="savecore_start" +start_precmd="savecore_prestart" +stop_cmd=":" + +savecore_prestart() +{ + # Quit if we have no dump device + case ${dumpdev} in + [Nn][Oo] | '') + debug 'No dump device. Quitting.' + return 1 + ;; + [Aa][Uu][Tt][Oo]) + if [ ! -L /dev/dumpdev ]; then + return 1 + fi + dumpdev=`/bin/realpath /dev/dumpdev` + ;; + esac + + # If there is no crash directory set it now + case ${dumpdir} in + '') + dumpdir='/var/crash' + ;; + [Nn][Oo]) + dumpdir='NO' + ;; + esac + + if [ ! -c "${dumpdev}" ]; then + warn "Dump device does not exist. Savecore not run." + return 1 + fi + + if [ ! -d "${dumpdir}" ]; then + warn "Dump directory does not exist. Savecore not run." + return 1 + fi + return 0 +} + +savecore_start() +{ + local dev + + case "${dumpdev}" in + [Aa][Uu][Tt][Oo]) + dev= + ;; + *) + dev="${dumpdev}" + ;; + esac + + if savecore -C "${dev}" >/dev/null; then + savecore ${savecore_flags} ${dumpdir} ${dumpdev} + if checkyesno crashinfo_enable; then + ${crashinfo_program} -b -d ${dumpdir} + fi + sync + else + check_startmsgs && echo 'No core dumps found.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/sdpd b/libexec/rc/rc.d/sdpd new file mode 100755 index 000000000000..8e2be857e86f --- /dev/null +++ b/libexec/rc/rc.d/sdpd @@ -0,0 +1,25 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sdpd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="sdpd" +desc="Bluetooth Service Discovery Protocol daemon " +command="/usr/sbin/${name}" +rcvar="sdpd_enable" +required_modules="ng_btsocket" + +load_rc_config $name +control="${sdpd_control:-/var/run/sdp}" +group="${sdpd_groupname:-nobody}" +user="${sdpd_username:-nobody}" +command_args="-c ${control} -g ${group} -u ${user}" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/securelevel b/libexec/rc/rc.d/securelevel new file mode 100755 index 000000000000..c42a03534675 --- /dev/null +++ b/libexec/rc/rc.d/securelevel @@ -0,0 +1,30 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: securelevel +# REQUIRE: adjkerntz ipfw ipfilter pf + +. /etc/rc.subr + +name="securelevel" +desc="Securelevel configuration" +rcvar='kern_securelevel_enable' +start_cmd="securelevel_start" +stop_cmd=":" + +# Last chance to set sysctl variables that failed the first time. +# +/etc/rc.d/sysctl lastload + +securelevel_start() +{ + if [ ${kern_securelevel} -ge 0 ]; then + echo 'Raising kernel security level: ' + ${SYSCTL} kern.securelevel=${kern_securelevel} + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/sendmail b/libexec/rc/rc.d/sendmail new file mode 100755 index 000000000000..0cef8561d882 --- /dev/null +++ b/libexec/rc/rc.d/sendmail @@ -0,0 +1,229 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: mail +# REQUIRE: LOGIN FILESYSTEMS +# we make mail start late, so that things like .forward's are not +# processed until the system is fully operational +# KEYWORD: shutdown + +# XXX - Get together with sendmail mantainer to figure out how to +# better handle SENDMAIL_ENABLE and 3rd party MTAs. +# +. /etc/rc.subr + +name="sendmail" +desc="Electronic mail transport agent" +rcvar="sendmail_enable" +required_files="/etc/mail/${name}.cf" +start_precmd="sendmail_precmd" + +load_rc_config $name +command=${sendmail_program:-/usr/sbin/${name}} +pidfile=${sendmail_pidfile:-/var/run/${name}.pid} +procname=${sendmail_procname:-/usr/sbin/${name}} + +CERTDIR=/etc/mail/certs + +case ${sendmail_enable} in +[Nn][Oo][Nn][Ee]) + sendmail_enable="NO" + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" + sendmail_msp_queue_enable="NO" + ;; +esac + +# If sendmail_enable=yes, don't need submit or outbound daemon +if checkyesno sendmail_enable; then + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" +fi + +# If sendmail_submit_enable=yes, don't need outbound daemon +if checkyesno sendmail_submit_enable; then + sendmail_outbound_enable="NO" +fi + +sendmail_cert_create() +{ + cnname="${sendmail_cert_cn:-`hostname`}" + cnname="${cnname:-amnesiac}" + + # based upon: + # http://www.sendmail.org/~ca/email/other/cagreg.html + CAdir=`mktemp -d` && + certpass=`(date; ps ax ; hostname) | md5 -q` + + # make certificate authority + ( cd "$CAdir" && + chmod 700 "$CAdir" && + mkdir certs crl newcerts && + echo "01" > serial && + :> index.txt && + + cat <<-OPENSSL_CNF > openssl.cnf && + RANDFILE = $CAdir/.rnd + [ ca ] + default_ca = CA_default + [ CA_default ] + dir = . + certs = \$dir/certs # Where the issued certs are kept + crl_dir = \$dir/crl # Where the issued crl are kept + database = \$dir/index.txt # database index file. + new_certs_dir = \$dir/newcerts # default place for new certs. + certificate = \$dir/cacert.pem # The CA certificate + serial = \$dir/serial # The current serial number + crlnumber = \$dir/crlnumber # the current crl number + crl = \$dir/crl.pem # The current CRL + private_key = \$dir/cakey.pem + x509_extensions = usr_cert # The extensions to add to the cert + name_opt = ca_default # Subject Name options + cert_opt = ca_default # Certificate field options + default_days = 365 # how long to certify for + default_crl_days= 30 # how long before next CRL + default_md = default # use public key default MD + preserve = no # keep passed DN ordering + policy = policy_anything + [ policy_anything ] + countryName = optional + stateOrProvinceName = optional + localityName = optional + organizationName = optional + organizationalUnitName = optional + commonName = supplied + emailAddress = optional + [ req ] + default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes + x509_extensions = v3_ca # The extensions to add to the self signed cert + string_mask = utf8only + prompt = no + [ req_distinguished_name ] + countryName = XX + stateOrProvinceName = Some-state + localityName = Some-city + 0.organizationName = Some-org + CN = $cnname + [ req_attributes ] + challengePassword = foobar + unstructuredName = An optional company name + [ usr_cert ] + basicConstraints=CA:FALSE + nsComment = "OpenSSL Generated Certificate" + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid,issuer + [ v3_req ] + basicConstraints = CA:FALSE + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + [ v3_ca ] + subjectKeyIdentifier=hash + authorityKeyIdentifier=keyid:always,issuer + basicConstraints = CA:true + OPENSSL_CNF + + # though we use a password, the key is discarded and never used + openssl req -batch -passout pass:"$certpass" -new -x509 \ + -keyout cakey.pem -out cacert.pem -days 3650 \ + -config openssl.cnf -newkey rsa:2048 >/dev/null 2>&1 && + + # make new certificate + openssl req -batch -nodes -new -x509 -keyout newkey.pem \ + -out newreq.pem -days 365 -config openssl.cnf \ + -newkey rsa:2048 >/dev/null 2>&1 && + + # sign certificate + openssl x509 -x509toreq -in newreq.pem -signkey newkey.pem \ + -out tmp.pem >/dev/null 2>&1 && + openssl ca -notext -config openssl.cnf \ + -out newcert.pem -keyfile cakey.pem -cert cacert.pem \ + -key "$certpass" -batch -infiles tmp.pem >/dev/null 2>&1 && + + mkdir -p "$CERTDIR" && + chmod 0755 "$CERTDIR" && + chmod 644 newcert.pem cacert.pem && + chmod 600 newkey.pem && + cp -p newcert.pem "$CERTDIR"/host.cert && + cp -p cacert.pem "$CERTDIR"/cacert.pem && + cp -p newkey.pem "$CERTDIR"/host.key && + ln -s cacert.pem "$CERTDIR"/`openssl x509 -hash -noout \ + -in cacert.pem`.0) + + retVal="$?" + rm -rf "$CAdir" + + return "$retVal" +} + +sendmail_precmd() +{ + # Die if there's pre-8.10 custom configuration file. This check is + # mandatory for smooth upgrade. See NetBSD PR 10100 for details. + # + if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then + if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then + warn \ + "${name} was not started; you have multiple copies of sendmail.cf." + return 1 + fi + fi + + # check modifications on /etc/mail/aliases + if checkyesno sendmail_rebuild_aliases; then + if [ -f "/etc/mail/aliases.db" ]; then + if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then + echo \ + "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating" + /usr/bin/newaliases + fi + else + echo \ + "${name}: /etc/mail/aliases.db not present, generating" + /usr/bin/newaliases + fi + fi + + if checkyesno sendmail_cert_create && [ ! \( \ + -f "$CERTDIR/host.cert" -o -f "$CERTDIR/host.key" -o \ + -f "$CERTDIR/cacert.pem" \) ]; then + if ! openssl version >/dev/null 2>&1; then + warn "OpenSSL not available, but sendmail_cert_create is YES." + else + info Creating certificate for sendmail. + sendmail_cert_create + fi + fi + + if [ ! -f /var/log/sendmail.st ]; then + /usr/bin/install -m 640 -o root -g wheel /dev/null /var/log/sendmail.st + fi +} + +run_rc_command "$1" + +required_files= + +if checkyesno sendmail_submit_enable; then + name="sendmail_submit" + rcvar="sendmail_submit_enable" + _rc_restart_done=false + run_rc_command "$1" +fi + +if checkyesno sendmail_outbound_enable; then + name="sendmail_outbound" + rcvar="sendmail_outbound_enable" + _rc_restart_done=false + run_rc_command "$1" +fi + +name="sendmail_msp_queue" +rcvar="sendmail_msp_queue_enable" +pidfile="${sendmail_msp_queue_pidfile:-/var/spool/clientmqueue/sm-client.pid}" +required_files="/etc/mail/submit.cf" +_rc_restart_done=false +run_rc_command "$1" diff --git a/libexec/rc/rc.d/serial b/libexec/rc/rc.d/serial new file mode 100755 index 000000000000..d569a0b41be9 --- /dev/null +++ b/libexec/rc/rc.d/serial @@ -0,0 +1,168 @@ +#!/bin/sh +# +# Copyright (c) 1996 Andrey A. Chernov +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: serial +# REQUIRE: root +# KEYWORD: nojail + +# Change some defaults for serial devices. +# Standard defaults are: +# dtrwait 300 drainwait `sysctl -n kern.drainwait` +# initial cflag from <sys/ttydefaults.h> = cread cs8 hupcl +# initial iflag, lflag and oflag all 0 +# speed 9600 +# special chars from <sys/ttydefaults.h> +# nothing locked +# except for serial consoles the initial iflag, lflag and oflag are from +# <sys/ttydefaults.h> and clocal is locked on. + +default() { + # Reset everything changed by the other functions to initial defaults. + + dc=$1; shift # device name character + drainwait=`sysctl -n kern.drainwait` + + for i in $* + do + comcontrol /dev/tty${dc}${i} dtrwait 300 drainwait $drainwait + stty < /dev/tty${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R + stty < /dev/tty${dc}${i}.lock -clocal -crtscts -hupcl 0 + stty < /dev/cua${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R + stty < /dev/cua${dc}${i}.lock -clocal -crtscts -hupcl 0 + done +} + +maybe() { + # Special settings. + + dc=$1; shift + + for i in $* + do + # Don't use ^R; it breaks bash's ^R when typed ahead. + stty < /dev/tty${dc}${i}.init reprint undef + stty < /dev/cua${dc}${i}.init reprint undef + # Lock clocal off on dialin device for security. + stty < /dev/tty${dc}${i}.lock clocal + # Lock the speeds to use old binaries that don't support them. + # Any legal speed works to lock the initial speed. + stty < /dev/tty${dc}${i}.lock 300 + stty < /dev/cua${dc}${i}.lock 300 + done +} + +modem() { + # Modem that supports CTS and perhaps RTS handshaking. + + dc=$1; shift + + for i in $* + do + # may depend on modem + comcontrol /dev/tty${dc}${i} dtrwait 100 drainwait 180 + # Lock crtscts on. + # Speed reasonable for V42bis. + stty < /dev/tty${dc}${i}.init crtscts 115200 + stty < /dev/tty${dc}${i}.lock crtscts + stty < /dev/cua${dc}${i}.init crtscts 115200 + stty < /dev/cua${dc}${i}.lock crtscts + done +} + +mouse() { + # Mouse on either callin or callout port. + + dc=$1; shift + + for i in $* + do + # Lock clocal on, hupcl off. + # Standard speed for Microsoft mouse. + stty < /dev/tty${dc}${i}.init clocal -hupcl 1200 + stty < /dev/tty${dc}${i}.lock clocal hupcl + stty < /dev/cua${dc}${i}.init clocal -hupcl 1200 + stty < /dev/cua${dc}${i}.lock clocal hupcl + done +} + +terminal() { + # Terminal that supports CTS and perhaps RTS handshaking + # with the cable or terminal arranged so that DCD is on + # at least while the terminal is on. + # Also works for bidirectional communications to another pc + # provided at most one side runs getty. + # Same as modem() except we want a faster speed and no dtrwait. + + dc=$1; shift + + modem ${dc} $* + for i in $* + do + comcontrol /dev/tty${dc}${i} dtrwait 0 + stty < /dev/tty${dc}${i}.init 115200 + stty < /dev/cua${dc}${i}.init 115200 + done +} + +3wire() { + # 3-wire serial terminals. These don't supply carrier, so + # clocal needs to be set, and crtscts needs to be unset. + + dc=$1; shift + + terminal ${dc} $* + for i in $* + do + stty < /dev/tty${dc}${i}.init clocal -crtscts + stty < /dev/cua${dc}${i}.init clocal -crtscts + done +} + +# Don't use anything from this file unless you have some buggy programs +# that require it. + +# Edit the functions and the examples to suit your system. +# $1 is the device identifier, and the remainder of the line +# lists the device numbers. + +# Initialize assorted 8250-16550 (uart) ports. +# maybe u 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v +# mouse u 2 +# modem u 1 +# terminal u 0 +# 3wire u 0 + +# Initialize all ports on a Cyclades-8yo. +# modem c 00 01 02 03 04 05 06 07 + +# Initialize all ports on a Cyclades-16ye. +# modem c 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f + +# Initialize all ports on a Digiboard 8. +# modem D 00 01 02 03 04 05 06 07 diff --git a/libexec/rc/rc.d/sppp b/libexec/rc/rc.d/sppp new file mode 100755 index 000000000000..b6b02876d4fe --- /dev/null +++ b/libexec/rc/rc.d/sppp @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sppp +# REQUIRE: root +# BEFORE: netif +# KEYWORD: nojail + +. /etc/rc.subr + +name="sppp" +desc="Point to point protocol network layer for synchronous lines" +start_cmd="sppp_start" +stop_cmd=":" + +sppp_start() +{ + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/sshd b/libexec/rc/rc.d/sshd new file mode 100755 index 000000000000..d45963524b3d --- /dev/null +++ b/libexec/rc/rc.d/sshd @@ -0,0 +1,83 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sshd +# REQUIRE: LOGIN FILESYSTEMS +# KEYWORD: shutdown + +. /etc/rc.subr + +name="sshd" +desc="Secure Shell Daemon" +rcvar="sshd_enable" +command="/usr/sbin/${name}" +keygen_cmd="sshd_keygen" +start_precmd="sshd_precmd" +reload_precmd="sshd_configtest" +restart_precmd="sshd_configtest" +configtest_cmd="sshd_configtest" +pidfile="/var/run/${name}.pid" +extra_commands="configtest keygen reload" + +: ${sshd_rsa_enable:="yes"} +: ${sshd_dsa_enable:="no"} +: ${sshd_ecdsa_enable:="yes"} +: ${sshd_ed25519_enable:="yes"} + +sshd_keygen_alg() +{ + local alg=$1 + local ALG="$(echo $alg | tr a-z A-Z)" + local keyfile + + if ! checkyesno "sshd_${alg}_enable" ; then + return 0 + fi + + case $alg in + rsa|dsa|ecdsa|ed25519) + keyfile="/etc/ssh/ssh_host_${alg}_key" + ;; + *) + return 1 + ;; + esac + + if [ ! -x /usr/bin/ssh-keygen ] ; then + warn "/usr/bin/ssh-keygen does not exist." + return 1 + fi + + if [ -f "${keyfile}" ] ; then + info "$ALG host key exists." + else + echo "Generating $ALG host key." + /usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N "" + /usr/bin/ssh-keygen -l -f "$keyfile.pub" + fi +} + +sshd_keygen() +{ + sshd_keygen_alg rsa + sshd_keygen_alg dsa + sshd_keygen_alg ecdsa + sshd_keygen_alg ed25519 +} + +sshd_configtest() +{ + echo "Performing sanity check on ${name} configuration." + eval ${command} ${sshd_flags} -t +} + +sshd_precmd() +{ + run_rc_command keygen + run_rc_command configtest +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/statd b/libexec/rc/rc.d/statd new file mode 100755 index 000000000000..2ff8d45ffde9 --- /dev/null +++ b/libexec/rc/rc.d/statd @@ -0,0 +1,31 @@ +#!/bin/sh +# +# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm Exp +# $FreeBSD$ +# + +# PROVIDE: statd +# REQUIRE: nfsclient nfsd rpcbind +# BEFORE: DAEMON +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="statd" +desc="host status monitoring daemon" +rcvar=rpc_statd_enable +command="/usr/sbin/rpc.${name}" +start_precmd='statd_precmd' + +# Make sure that we are either an NFS client or server, and that we get +# the correct flags from rc.conf(5). +# +statd_precmd() +{ + force_depend rpcbind || return 1 + + rc_flags=${rpc_statd_flags} +} + +load_rc_config $name +run_rc_command $1 diff --git a/libexec/rc/rc.d/static_arp b/libexec/rc/rc.d/static_arp new file mode 100755 index 000000000000..f059a6e9794f --- /dev/null +++ b/libexec/rc/rc.d/static_arp @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Copyright (c) 2009 Xin LI <delphij@FreeBSD.org> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# Configure static ARP table +# +# $FreeBSD$ +# + +# PROVIDE: static_arp +# REQUIRE: netif +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="static_arp" +desc="Static ARP Configuration" +start_cmd="static_arp_start" +stop_cmd="static_arp_stop" + +static_arp_start() +{ + local e arp_args + + if [ -n "${static_arp_pairs}" ]; then + echo -n 'Binding static ARP pair(s):' + for e in ${static_arp_pairs}; do + echo -n " ${e}" + eval arp_args=\$static_arp_${e} + arp -S ${arp_args} >/dev/null 2>&1 + done + echo '.' + fi +} + +static_arp_stop() +{ + local e arp_args + + if [ -n "${static_arp_pairs}" ]; then + echo -n 'Unbinding static ARP pair(s):' + for e in ${static_arp_pairs}; do + echo -n " ${e}" + eval arp_args=\$static_arp_${e} + arp -d ${arp_args%%[ ]*} > /dev/null 2>&1 + done + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/static_ndp b/libexec/rc/rc.d/static_ndp new file mode 100755 index 000000000000..23e1cd8848b9 --- /dev/null +++ b/libexec/rc/rc.d/static_ndp @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Copyright (c) 2011 Xin LI <delphij@FreeBSD.org> +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# Configure static NDP table +# +# $FreeBSD$ +# + +# PROVIDE: static_ndp +# REQUIRE: netif +# KEYWORD: nojailvnet + +. /etc/rc.subr +. /etc/network.subr + +name="static_ndp" +start_cmd="static_ndp_start" +stop_cmd="static_ndp_stop" + +static_ndp_start() +{ + local e ndp_args + + if [ -n "${static_ndp_pairs}" ]; then + echo -n 'Binding static NDP pair(s):' + for e in ${static_ndp_pairs}; do + echo -n " ${e}" + eval ndp_args=\$static_ndp_${e} + ndp -s ${ndp_args} >/dev/null 2>&1 + done + echo '.' + fi +} + +static_ndp_stop() +{ + local e ndp_args + + if [ -n "${static_ndp_pairs}" ]; then + echo -n 'Unbinding static NDP pair(s):' + for e in ${static_ndp_pairs}; do + echo -n " ${e}" + eval ndp_args=\$static_ndp_${e} + ndp -d ${ndp_args%%[ ]*} > /dev/null 2>&1 + done + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/stf b/libexec/rc/rc.d/stf new file mode 100755 index 000000000000..5b80d5c1bb15 --- /dev/null +++ b/libexec/rc/rc.d/stf @@ -0,0 +1,79 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +desc="6to4 tunnel interface" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring 6to4 tunnel interface: stf0." + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + check_startmsgs && /sbin/ifconfig stf0 + + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing 6to4 tunnel interface: stf0." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/swap b/libexec/rc/rc.d/swap new file mode 100755 index 000000000000..6b8aa43844b5 --- /dev/null +++ b/libexec/rc/rc.d/swap @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: swap +# REQUIRE: disks +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swap" +desc="Setup swap space" +start_cmd='/sbin/swapon -aq' +stop_cmd=':' + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/swaplate b/libexec/rc/rc.d/swaplate new file mode 100755 index 000000000000..fbfae2ad9bfe --- /dev/null +++ b/libexec/rc/rc.d/swaplate @@ -0,0 +1,18 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: swaplate +# REQUIRE: mountlate +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swaplate" +desc="Setup late swap space" +start_cmd='/sbin/swapon -aLq' +stop_cmd='/sbin/swapoff -aLq' + +load_rc_config swap +run_rc_command "$1" diff --git a/libexec/rc/rc.d/syscons b/libexec/rc/rc.d/syscons new file mode 100755 index 000000000000..7c0c8035be2e --- /dev/null +++ b/libexec/rc/rc.d/syscons @@ -0,0 +1,374 @@ +#!/bin/sh - +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: syscons +# REQUIRE: LOGIN +# KEYWORD: nojail + +. /etc/rc.subr + +name="syscons" +desc="Configure the system console" +extra_commands="setkeyboard" +setkeyboard_cmd="syscons_setkeyboard" +start_precmd="syscons_precmd" +start_cmd="syscons_start" +stop_cmd=":" + +# stdin must be redirected because it might be for a serial console +# +kbddev=/dev/ttyv0 +viddev=/dev/ttyv0 + +_sc_config= +_sc_console= +_sc_initdone= +_sc_keymap_msg= +sc_init() +{ + if [ -z "${_sc_initdone}" ]; then + if [ -z "${_sc_console}" ]; then + if [ x`sysctl -n kern.vty` = x"vt" ]; then + _sc_console="vt" + else + _sc_console="syscons" + fi + _sc_config="${_sc_console}" + fi + echo -n "Configuring ${_sc_config}:" + _sc_initdone=yes + fi +} + +# syscons to vt migration helper +lookup_keymap_for_vt() +{ + keymap=`basename $1 .kbd` + case $keymap in +hy.armscii-8) echo am;; +be.iso.acc) echo be.acc;; +be.iso) echo be;; +bg.bds.ctrlcaps) echo bg.bds;; +bg.phonetic.ctrlcaps) echo bg.phonetic;; +br275.iso.acc) echo br;; +br275.*) echo br.noacc;; +by.*) echo by;; +fr_CA.iso.acc) echo ca-fr;; +swissgerman.macbook.acc) echo ch.macbook.acc;; +swissgerman.iso.acc) echo ch.acc;; +swissgerman.*) echo ch;; +swissfrench.iso.acc) echo ch-fr.acc;; +swissfrench.*) echo ch-fr;; +ce.iso2) echo centraleuropean.qwerty;; +colemak.iso15.acc) echo colemak.acc;; +cs.*|cz.*) echo cz;; +german.iso.acc) echo de.acc;; +german.*) echo de;; +danish.iso.acc) echo dk.acc;; +danish.iso.macbook) echo dk.macbook;; +danish.*) echo dk;; +estonian.*) echo ee;; +spanish.dvorak) echo es.dvorak;; +spanish.iso*.acc) echo es.acc;; +spanish.iso) echo es;; +finnish.*) echo fi;; +fr.macbook.acc) echo fr.macbook;; +fr.iso.acc) echo fr.acc;; +fr.iso) echo fr;; +el.iso07) echo gr;; +gr.us101.acc) echo gr.101.acc;; +hr.iso) echo hr;; +hu.iso2.101keys) echo hu.101;; +hu.iso2.102keys) echo hu.102;; +iw.iso8) echo il;; +icelandic.iso.acc) echo is.acc;; +icelandic.iso) echo is;; +it.iso) echo it;; +jp.106x) echo jp.capsctrl;; +jp.106) echo jp;; +kk.pt154.io) echo kz.io;; +kk.pt154.kst) echo kz.kst;; +latinamerican.iso.acc) echo latinamerican.acc;; +lt.iso4) echo lt;; +norwegian.iso) echo no;; +norwegian.dvorak) echo no.dvorak;; +dutch.iso.acc) echo nl;; +eee_nordic) echo nordic.asus-eee;; +pl_PL.dvorak) echo pl.dvorak;; +pl_PL.ISO8859-2) echo pl;; +pt.iso.acc) echo pt.acc;; +pt.iso) echo pt;; +ru.koi8-r.shift) echo ru.shift;; +ru.koi8-r.win) echo ru.win;; +ru.*) echo ru;; +swedish.*) echo se;; +si.iso) echo si;; +sk.iso2) echo sk;; +tr.iso9.q) echo tr;; +ua.koi8-u.shift.alt) echo ua.shift.alt;; +ua.*) echo ua;; +uk.*-ctrl) echo uk.capsctrl;; +uk.dvorak) echo uk.dvorak;; +uk.*) echo uk;; +us.iso.acc) echo us.acc;; +us.pc-ctrl) echo us.ctrl;; +us.iso) echo us;; + esac +} + +kbdcontrol_load_keymap() +{ + errmsg=`kbdcontrol < ${kbddev} -l ${keymap} 2>&1` + if [ -n "${errmsg}" -a "${_sc_console}" = "vt" ]; then + _sc_keymap_msg="${errmsg}" + keymap_vt=`lookup_keymap_for_vt ${keymap}` + if [ -n "${keymap_vt}" ]; then + errmsg=`kbdcontrol < ${kbddev} -l ${keymap_vt} 2>&1` + if [ -z "${errmsg}" ]; then + _sc_keymap_msg="New keymap: In /etc/rc.conf replace 'keymap=${keymap}' by 'keymap=${keymap_vt}'" + fi + else + _sc_keymap_msg="No replacement found for keymap '${keymap}'. +You may try to convert your keymap file using 'convert-keymap.pl', which is +part of the system sources and located in /usr/src/tools/tools/vt/keymaps/" + fi + fi +} + +# helper +syscons_configure_keyboard() +{ + # keymap + # + case ${keymap} in + NO | '') + ;; + *) + sc_init + echo -n ' keymap'; kbdcontrol_load_keymap + ;; + esac + + # keyrate + # + case ${keyrate} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keyrate'; kbdcontrol < ${kbddev} -r ${keyrate} + ;; + esac + + # keybell + # + case ${keybell} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keybell'; kbdcontrol < ${kbddev} -b ${keybell} + ;; + esac + + # change function keys + # + case ${keychange} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' keychange' + set -- ${keychange} + while [ $# -gt 0 ]; do + kbdcontrol <${kbddev} -f "$1" "$2" + shift; shift + done + ;; + esac + + # set this keyboard mode for all virtual terminals + # + if [ -n "${allscreens_kbdflags}" ]; then + sc_init + echo -n ' allscreens_kbd' + for ttyv in /dev/ttyv*; do + kbdcontrol ${allscreens_kbdflags} < ${ttyv} > ${ttyv} 2>&1 + done + fi +} + +syscons_setkeyboard() +{ + kbd=$1 + + if [ -z "${kbd}" ]; then + return 1 + fi + + # Check if the kbdmux(4) is the current active keyboard + kbdcontrol -i < ${kbddev} | grep kbdmux > /dev/null 2>&1 + if [ $? -ne 0 ]; then + kbdcontrol -k ${kbd} < ${kbddev} > /dev/null 2>&1 + fi + + _sc_config="keyboard" + syscons_configure_keyboard + + # Terminate keyboard configuration line and reset global variables. + # + if [ -n "${_sc_initdone}" ]; then + echo '.' + _sc_config="${_sc_console}" + _sc_initdone= + fi +} + +syscons_precmd() +{ + if [ ! -c $kbddev ] + then + return 1 + fi + return 0 +} + +syscons_start() +{ + # keyboard + # + if [ -n "${keyboard}" ]; then + syscons_setkeyboard ${keyboard} + fi + + syscons_configure_keyboard + + # cursor type + # + case ${cursor} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' cursor'; vidcontrol < ${viddev} -c ${cursor} + ;; + esac + + # screen mapping + # + case ${scrnmap} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' scrnmap'; vidcontrol < ${viddev} -l ${scrnmap} + ;; + esac + + # font 8x16 + # + case ${font8x16} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x16'; vidcontrol < ${viddev} -f 8x16 ${font8x16} + ;; + esac + + # font 8x14 + # + case ${font8x14} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x14'; vidcontrol < ${viddev} -f 8x14 ${font8x14} + ;; + esac + + # font 8x8 + # + case ${font8x8} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' font8x8'; vidcontrol < ${viddev} -f 8x8 ${font8x8} + ;; + esac + + # blank time + # + case ${blanktime} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' blanktime'; vidcontrol < ${viddev} -t ${blanktime} + ;; + esac + + # screen saver + # + case ${saver} in + [Nn][Oo] | '') + ;; + *) + sc_init + echo -n ' screensaver' + for i in `kldstat | awk '$5 ~ "_saver\.ko$" { print $5 }'`; do + kldunload ${i} + done + load_kld -e _saver ${saver}_saver + ;; + esac + + # set this mode for all virtual screens + # + if [ -n "${allscreens_flags}" ]; then + sc_init + echo -n ' allscreens' + for ttyv in /dev/ttyv*; do + vidcontrol ${allscreens_flags} < ${ttyv} > ${ttyv} 2>&1 + done + fi + + [ -n "${_sc_initdone}" ] && echo '.' + if [ -n "${_sc_keymap_msg}" ]; then + echo + echo "WARNING:" + echo "${_sc_keymap_msg}." + echo + fi +} + +load_rc_config $name +run_rc_command $* + diff --git a/libexec/rc/rc.d/sysctl b/libexec/rc/rc.d/sysctl new file mode 100755 index 000000000000..11b10ee984de --- /dev/null +++ b/libexec/rc/rc.d/sysctl @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: sysctl + +. /etc/rc.subr + +name="sysctl" +desc="Set sysctl variables from /etc/sysctl.conf and /etc/sysctl.conf.local" +command="/sbin/sysctl" +stop_cmd=":" +start_cmd="sysctl_start" +reload_cmd="sysctl_start last" +lastload_cmd="sysctl_start last" +extra_commands="reload lastload" + +sysctl_start() +{ + case $1 in + last) + command_args="-f" + ;; + *) + command_args="-i -f" + ;; + esac + + for _f in /etc/sysctl.conf /etc/sysctl.conf.local; do + if [ -r ${_f} ]; then + ${command} ${command_args} ${_f} > /dev/null + fi + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/syslogd b/libexec/rc/rc.d/syslogd new file mode 100755 index 000000000000..2351c0862126 --- /dev/null +++ b/libexec/rc/rc.d/syslogd @@ -0,0 +1,74 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# netif is required for lo0 because syslogd tries to open a local socket +# +# PROVIDE: syslogd +# REQUIRE: mountcritremote FILESYSTEMS newsyslog netif +# BEFORE: SERVERS + +. /etc/rc.subr + +name="syslogd" +desc="System log daemon" +rcvar="syslogd_enable" +pidfile="/var/run/syslog.pid" +command="/usr/sbin/${name}" +required_files="/etc/syslog.conf" +start_precmd="syslogd_precmd" +extra_commands="reload" + +sockfile="/var/run/syslogd.sockets" +evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\"" + +syslogd_precmd() +{ + local _l _ldir + + # Transitional symlink for old binaries + # + if [ ! -L /dev/log ] && ! check_jail jailed; then + ln -sf /var/run/log /dev/log + fi + rm -f /var/run/log + + # Create default list of syslog sockets to watch + # + ( umask 022 ; > $sockfile ) + + # If running named(8) or ntpd(8) chrooted, added appropriate + # syslog socket to list of sockets to watch. + # + for _l in $altlog_proglist; do + eval _ldir=\$${_l}_chrootdir + if checkyesno ${_l}_enable && [ -n "$_ldir" ]; then + echo "${_ldir}/var/run/log" >> $sockfile + fi + done + + # If other sockets have been provided, change run_rc_command()'s + # internal copy of $syslogd_flags to force use of specific + # syslogd sockets. + # + if [ -s $sockfile ]; then + echo "/var/run/log" >> $sockfile + eval $evalargs + fi + + return 0 +} + +set_socketlist() +{ + local _s _socketargs + + _socketargs= + for _s in `cat $sockfile | tr '\n' ' '` ; do + _socketargs="-l $_s $_socketargs" + done + echo $_socketargs +} +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/timed b/libexec/rc/rc.d/timed new file mode 100755 index 000000000000..7126ff854748 --- /dev/null +++ b/libexec/rc/rc.d/timed @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: timed +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="timed" +desc="Time server daemon" +rcvar="timed_enable" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/tmp b/libexec/rc/rc.d/tmp new file mode 100755 index 000000000000..3b75ec0338ef --- /dev/null +++ b/libexec/rc/rc.d/tmp @@ -0,0 +1,72 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: tmp +# REQUIRE: mountcritremote + +. /etc/rc.subr + +name="tmp" +desc="Configure tmpfs" +stop_cmd=':' + +load_rc_config $name + +mount_tmpmfs() +{ + if ! /bin/df /tmp | grep -q "^/dev/md[0-9].* /tmp"; then + mount_md ${tmpsize} /tmp "${tmpmfs_flags}" + chmod 01777 /tmp + fi +} + +# If we do not have a writable /tmp, create a memory +# filesystem for /tmp. If /tmp is a symlink (e.g. to /var/tmp, +# then it should already be writable). +# +case "${tmpmfs}" in +[Aa][Uu][Tt][Oo]) + if _tmpdir=$(mktemp -d -q /tmp/.diskless.XXXXXX); then + rmdir ${_tmpdir} + else + if [ -h /tmp ]; then + echo "*** /tmp is a symlink to a non-writable area!" + echo "dropping into shell, ^D to continue anyway." + /bin/sh + else + mount_tmpmfs + fi + fi + ;; +*) + if checkyesno tmpmfs; then + mount_tmpmfs + fi + ;; +esac diff --git a/libexec/rc/rc.d/ubthidhci b/libexec/rc/rc.d/ubthidhci new file mode 100755 index 000000000000..03751d3c84b5 --- /dev/null +++ b/libexec/rc/rc.d/ubthidhci @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ubthidhci +# REQUIRE: DAEMON +# BEFORE: bluetooth +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ubthidhci" +rcvar="ubthidhci_enable" +command="/usr/sbin/usbconfig" +start_precmd="ubthidhci_prestart" + +ubthidhci_prestart() +{ + + if [ -z ${ubthidhci_busnum} ]; then + warn ubthidhci_busnum is not set + return 1 + fi + if [ -z ${ubthidhci_addr} ]; then + warn ubthidhci_addr is not set + return 1 + fi +} + +load_rc_config $name +# +# We discard the output because: +# 1) we don't want it to show up during boot; and +# 2) the request usually returns an error, but that doesn't mean it failed +# +# NB: 0x40 is UT_VENDOR +command_args="-u ${ubthidhci_busnum} -a ${ubthidhci_addr} do_request 0x40 0 0 0 0 > /dev/null 2>&1" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ugidfw b/libexec/rc/rc.d/ugidfw new file mode 100755 index 000000000000..57efde90bfae --- /dev/null +++ b/libexec/rc/rc.d/ugidfw @@ -0,0 +1,52 @@ +#!/bin/sh +# +# $FreeBSD$ + +# PROVIDE: ugidfw +# REQUIRE: FILESYSTEMS +# BEFORE: LOGIN +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="ugidfw" +desc="Firewall-like access controls for file system objects" +rcvar="ugidfw_enable" +start_cmd="ugidfw_start" +stop_cmd="ugidfw_stop" +required_modules="mac_bsdextended" + +ugidfw_load() +{ + if [ -r "${bsdextended_script}" ]; then + . "${bsdextended_script}" + fi +} + +ugidfw_start() +{ + [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended + + if [ -r "${bsdextended_script}" ]; then + ugidfw_load + echo "MAC bsdextended rules loaded." + fi +} + +ugidfw_stop() +{ + local rulecount + + # Disable the policy + # + # Check for the existence of rules and flush them if needed. + rulecount=$(sysctl -in security.mac.bsdextended.rule_count) + if [ ${rulecount:-0} -gt 0 ]; then + ugidfw list | sed -n '2,$p' | cut -d ' ' -f 1 | sort -r -n | + xargs -n 1 ugidfw remove + echo "MAC bsdextended rules flushed." + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/utx b/libexec/rc/rc.d/utx new file mode 100755 index 000000000000..8c457a98c0c5 --- /dev/null +++ b/libexec/rc/rc.d/utx @@ -0,0 +1,19 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: utx +# REQUIRE: DAEMON FILESYSTEMS +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="utx" +desc="Manage the user accounting database" +start_cmd="utx boot" +stop_cmd="utx shutdown" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/var b/libexec/rc/rc.d/var new file mode 100755 index 000000000000..aa38f615c12b --- /dev/null +++ b/libexec/rc/rc.d/var @@ -0,0 +1,112 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: var +# REQUIRE: mountcritlocal + +# NFS /var is not supported, unless NFS /var is part of diskless NFS / + +. /etc/rc.subr + +name="var" +desc="Populate /var directory" +stop_cmd=':' + +load_rc_config $name + +populate_var() +{ + /usr/sbin/mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null + case ${sendmail_enable} in + [Nn][Oo][Nn][Ee]) + ;; + *) + /usr/sbin/mtree -deiU -f /etc/mtree/BSD.sendmail.dist -p / > /dev/null + ;; + esac +} + +# If we do not have a writable /var, create a memory filesystem for /var +# unless told otherwise by rc.conf. We don't have /usr yet so use mkdir +# instead of touch to test. We want mount to record its mounts so we +# have to make sure /var/db exists before doing the mount -a. +# +case "${varmfs}" in +[Yy][Ee][Ss]) + mount_md ${varsize} /var "${varmfs_flags}" + ;; +[Nn][Oo]) + ;; +*) + if /bin/mkdir -p /var/.diskless 2> /dev/null; then + rmdir /var/.diskless + else + mount_md ${varsize} /var "${varmfs_flags}" + fi +esac + + +# If we have an empty looking /var, populate it, but only if we have +# /usr available. Hopefully, we'll eventually find a workaround, but +# in realistic diskless setups, we're probably ok. +case "${populate_var}" in +[Yy][Ee][Ss]) + populate_var + ;; +[Nn][Oo]) + exit 0 + ;; +*) + if [ -d /var/run -a -d /var/db -a -d /var/empty ] ; then + true + elif [ -x /usr/sbin/mtree ] ; then + populate_var + else + # We need mtree to populate /var so try mounting /usr. + # If this does not work, we can not boot so it is OK to + # try to mount out of order. + mount /usr + if [ ! -x /usr/sbin/mtree ] ; then + exit 1 + else + populate_var + fi + fi + ;; +esac + +# Make sure we have /var/log/utx.lastlogin and /var/log/utx.log files +if [ ! -f /var/log/utx.lastlogin ]; then + cp /dev/null /var/log/utx.lastlogin + chmod 644 /var/log/utx.lastlogin +fi +if [ ! -f /var/log/utx.log ]; then + cp /dev/null /var/log/utx.log + chmod 644 /var/log/utx.log +fi diff --git a/libexec/rc/rc.d/virecover b/libexec/rc/rc.d/virecover new file mode 100755 index 000000000000..13e8dd9c06af --- /dev/null +++ b/libexec/rc/rc.d/virecover @@ -0,0 +1,66 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: virecover +# REQUIRE: mountcritremote ldconfig +# BEFORE: DAEMON +# +# XXX: should require `mail'! + +. /etc/rc.subr + +name="virecover" +desc="Recover crashed vi sessions" +rcvar="virecover_enable" +stop_cmd=":" +start_cmd="virecover_start" + +virecover_start() +{ + [ -d /var/tmp/vi.recover ] || return + find /var/tmp/vi.recover ! -type f -a ! -type d -delete + vibackup=`echo /var/tmp/vi.recover/vi.*` + if [ "${vibackup}" != '/var/tmp/vi.recover/vi.*' ]; then + echo -n 'Recovering vi editor sessions:' + for i in /var/tmp/vi.recover/vi.*; do + # Only test files that are readable. + if [ ! -r "${i}" ]; then + continue + fi + + # Unmodified nvi editor backup files either have the + # execute bit set or are zero length. Delete them. + if [ -x "${i}" -o ! -s "${i}" ]; then + rm -f "${i}" + fi + done + + # It is possible to get incomplete recovery files, if the editor + # crashes at the right time. + virecovery=`echo /var/tmp/vi.recover/recover.*` + if [ "${virecovery}" != "/var/tmp/vi.recover/recover.*" ]; then + for i in /var/tmp/vi.recover/recover.*; do + # Only test files that are readable. + if [ ! -r "${i}" ]; then + continue + fi + + # Delete any recovery files that are zero length, + # corrupted, or that have no corresponding backup file. + # Else send mail to the user. + recfile=`awk '/^X-vi-recover-path:/{print $2}' < "${i}"` + if [ -n "${recfile}" -a -s "${recfile}" ]; then + sendmail -t < "${i}" + else + rm -f "${i}" + fi + done + fi + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/watchdogd b/libexec/rc/rc.d/watchdogd new file mode 100755 index 000000000000..1de2d9319280 --- /dev/null +++ b/libexec/rc/rc.d/watchdogd @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (c) 2003 Sean M. Kelly <smkelly@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# PROVIDE: watchdogd +# REQUIRE: FILESYSTEMS syslogd +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="watchdogd" +desc="Watchdog daemon" +rcvar="watchdogd_enable" +command="/usr/sbin/${name}" +pidfile="/var/run/${name}.pid" + +load_rc_config $name + +sig_stop="${watchdogd_sig_stop:-TERM}" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/wpa_supplicant b/libexec/rc/rc.d/wpa_supplicant new file mode 100755 index 000000000000..8a86fec90e4d --- /dev/null +++ b/libexec/rc/rc.d/wpa_supplicant @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: wpa_supplicant +# REQUIRE: mountcritremote +# KEYWORD: nojail nostart + +. /etc/rc.subr +. /etc/network.subr + +name="wpa_supplicant" +desc="WPA/802.11i Supplicant for wireless network devices" +rcvar= + +ifn="$2" +if [ -z "$ifn" ]; then + return 1 +fi + +is_ndis_interface() +{ + case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in + ndis*) true ;; + *) false ;; + esac +} + +if is_wired_interface ${ifn} ; then + driver="wired" +elif is_ndis_interface ${ifn} ; then + driver="ndis" +else + driver="bsd" +fi + +load_rc_config $name + +command=${wpa_supplicant_program} +conf_file=${wpa_supplicant_conf_file} +pidfile="/var/run/${name}/${ifn}.pid" +command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile" +required_files=$conf_file +required_modules="wlan_wep wlan_tkip wlan_ccmp" + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypbind b/libexec/rc/rc.d/ypbind new file mode 100755 index 000000000000..86a2fe3ced00 --- /dev/null +++ b/libexec/rc/rc.d/ypbind @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypbind +# REQUIRE: ypserv +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypbind" +desc="NIS domain binding daemon" +rcvar="nis_client_enable" + +load_rc_config $name + +command="/usr/sbin/${name}" +command_args="${nis_client_flags}" + +start_precmd="ypbind_precmd" + +ypbind_precmd() +{ + local _domain + + force_depend rpcbind || return 1 + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypldap b/libexec/rc/rc.d/ypldap new file mode 100755 index 000000000000..d5972dcb0a23 --- /dev/null +++ b/libexec/rc/rc.d/ypldap @@ -0,0 +1,27 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypldap +# REQUIRE: ypserv +# BEFORE: DAEMON +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypldap" +rcvar="nis_ypldap_enable" + +load_rc_config $name + +command="/usr/sbin/${name}" +command_args="${nis_ypldap_flags}" + +start_precmd="ypldap_precmd" + +ypldap_precmd() +{ + force_depend ypserv nis_server || return 1 +} +run_rc_command "$1" diff --git a/libexec/rc/rc.d/yppasswdd b/libexec/rc/rc.d/yppasswdd new file mode 100755 index 000000000000..57ec8566dae3 --- /dev/null +++ b/libexec/rc/rc.d/yppasswdd @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: yppasswdd +# REQUIRE: ypserv ypset +# BEFORE: LOGIN +# KEYWORD: shutdown + +. /etc/rc.subr + +name="yppasswdd" +desc="Server for updating NIS passwords" +rcvar="nis_yppasswdd_enable" + +load_rc_config $name + +command="/usr/sbin/rpc.${name}" +command_args="${nis_yppasswdd_flags}" + +start_precmd="yppasswdd_precmd" + +yppasswdd_precmd() +{ + local _domain + + force_depend rpcbind || return 1 + force_depend ypserv nis_server || return 1 + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypserv b/libexec/rc/rc.d/ypserv new file mode 100755 index 000000000000..bc1052b38bb9 --- /dev/null +++ b/libexec/rc/rc.d/ypserv @@ -0,0 +1,40 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypserv +# REQUIRE: rpcbind +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypserv" +desc="NIS database server" +rcvar="nis_server_enable" + +load_rc_config $name + +command="/usr/sbin/${name}" +command_args="${nis_server_flags}" + +start_precmd="ypserv_prestart" + +ypserv_prestart() +{ + local _domain + + force_depend rpcbind || return 1 + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi + if [ ! -d /var/yp/$_domain/. ]; then + warn "/var/yp/$_domain is not a directory." + return 1 + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypset b/libexec/rc/rc.d/ypset new file mode 100755 index 000000000000..a2bedd1a34c6 --- /dev/null +++ b/libexec/rc/rc.d/ypset @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypset +# REQUIRE: ypbind +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypset" +desc="tell ypbind(8) which YP server process to use" +rcvar="nis_ypset_enable" + +load_rc_config $name + +command="/usr/sbin/${name}" +command_args="${nis_ypset_flags}" + +start_precmd="ypset_precmd" + +ypset_precmd() +{ + local _domain + + force_depend rpcbind || return 1 + force_depend ypbind nis_client || return 1 + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypupdated b/libexec/rc/rc.d/ypupdated new file mode 100755 index 000000000000..4098bd773c3e --- /dev/null +++ b/libexec/rc/rc.d/ypupdated @@ -0,0 +1,34 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypupdated +# REQUIRE: rpcbind ypserv +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypupdated" +rcvar="rpc_ypupdated_enable" + +load_rc_config $name + +command="/usr/sbin/rpc.${name}" +start_precmd="rpc_ypupdated_precmd" + +rpc_ypupdated_precmd() +{ + local _domain + + force_depend rpcbind || return 1 + force_depend ypserv nis_server || return 1 + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/ypxfrd b/libexec/rc/rc.d/ypxfrd new file mode 100755 index 000000000000..afb5a060905e --- /dev/null +++ b/libexec/rc/rc.d/ypxfrd @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: ypxfrd +# REQUIRE: rpcbind ypserv +# KEYWORD: shutdown + +. /etc/rc.subr + +name="ypxfrd" +desc="NIS map transfer server" +rcvar="nis_ypxfrd_enable" + +load_rc_config $name + +command="/usr/sbin/rpc.${name}" +command_args="${nis_ypxfrd_flags}" + +start_precmd="ypxfrd_precmd" + +ypxfrd_precmd() +{ + local _domain + + force_depend rpcbind || return 1 + force_depend ypserv nis_server || return 1 + + _domain=`domainname` + if [ -z "$_domain" ]; then + warn "NIS domainname(1) is not set." + return 1 + fi +} + +run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfs b/libexec/rc/rc.d/zfs new file mode 100755 index 000000000000..2d35f9b54642 --- /dev/null +++ b/libexec/rc/rc.d/zfs @@ -0,0 +1,67 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zfs +# REQUIRE: zfsbe +# BEFORE: FILESYSTEMS var + +. /etc/rc.subr + +name="zfs" +desc="Mount and share ZFS datasets" +rcvar="zfs_enable" +start_cmd="zfs_start" +stop_cmd="zfs_stop" +required_modules="zfs" + +zfs_start_jail() +{ + if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + zfs mount -a + fi +} + +zfs_start_main() +{ + zfs mount -va + zfs share -a + if [ ! -r /etc/zfs/exports ]; then + touch /etc/zfs/exports + fi +} + +zfs_start() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + zfs_start_jail + else + zfs_start_main + fi +} + +zfs_stop_jail() +{ + if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then + zfs unmount -a + fi +} + +zfs_stop_main() +{ + zfs unshare -a + zfs unmount -a +} + +zfs_stop() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + zfs_stop_jail + else + zfs_stop_main + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsbe b/libexec/rc/rc.d/zfsbe new file mode 100755 index 000000000000..3c852017aa41 --- /dev/null +++ b/libexec/rc/rc.d/zfsbe @@ -0,0 +1,71 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zfsbe +# REQUIRE: mountcritlocal + +# Handle boot environment subordinate filesystems +# that may have canmount property set to noauto. +# For these filesystems mountpoint relative to / +# must be the same as their dataset name relative +# to BE root dataset. + +. /etc/rc.subr + +name="zfsbe" +rcvar="zfs_enable" +start_cmd="be_start" +stop_cmd="be_stop" +required_modules="zfs" + +mount_subordinate() +{ + local _be + + _be=$1 + zfs list -rH -o mountpoint,name,canmount,mounted -s mountpoint -t filesystem $_be | \ + while read _mp _name _canmount _mounted ; do + # skip filesystems that must not be mounted + [ "$_canmount" = "off" ] && continue + # skip filesystems that are already mounted + [ "$_mounted" = "yes" ] && continue + case "$_mp" in + "none" | "legacy" | "/" | "/$_be") + # do nothing for filesystems with unset or legacy mountpoint + # or those that would be mounted over / + ;; + "/$_be/"*) + # filesystems with mountpoint relative to BE + mount -t zfs $_name ${_mp#/$_be} + ;; + *) + # filesystems with mountpoint elsewhere + zfs mount $_name + ;; + esac + done +} + +be_start() +{ + if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then + : + else + mount -p | while read _dev _mp _type _rest; do + [ $_mp = "/" ] || continue + if [ $_type = "zfs" ] ; then + mount_subordinate $_dev + fi + break + done + fi +} + +be_stop() +{ +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/zfsd b/libexec/rc/rc.d/zfsd new file mode 100644 index 000000000000..edf259bac57e --- /dev/null +++ b/libexec/rc/rc.d/zfsd @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zfsd +# REQUIRE: devd zfs +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="zfsd" +rcvar="zfsd_enable" +command="/usr/sbin/${name}" + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.d/zvol b/libexec/rc/rc.d/zvol new file mode 100755 index 000000000000..06530347946a --- /dev/null +++ b/libexec/rc/rc.d/zvol @@ -0,0 +1,47 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: zvol +# REQUIRE: hostid +# BEFORE: dumpon +# KEYWORD: nojail + +. /etc/rc.subr + +name="zvol" +desc="Activate swap on ZVOLs" +rcvar="zfs_enable" +start_cmd="zvol_start" +stop_cmd="zvol_stop" +required_modules="zfs" + +zvol_start() +{ + # Enable swap on ZVOLs with property org.freebsd:swap=on. + zfs list -H -o org.freebsd:swap,name -t volume | + while read state name; do + case "${state}" in + ([oO][nN]) + swapon /dev/zvol/${name} + ;; + esac + done +} + +zvol_stop() +{ + # Disable swap on ZVOLs with property org.freebsd:swap=on. + zfs list -H -o org.freebsd:swap,name -t volume | + while read state name; do + case "${state}" in + ([oO][nN]) + swapoff /dev/zvol/${name} + ;; + esac + done +} + +load_rc_config $name +run_rc_command "$1" diff --git a/libexec/rc/rc.initdiskless b/libexec/rc/rc.initdiskless new file mode 100644 index 000000000000..99e067d508ad --- /dev/null +++ b/libexec/rc/rc.initdiskless @@ -0,0 +1,382 @@ +#!/bin/sh +# +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ + +# On entry to this script the entire system consists of a read-only root +# mounted via NFS. The kernel has run BOOTP and configured an interface +# (otherwise it would not have been able to mount the NFS root!) +# +# We use the contents of /conf to create and populate memory filesystems +# that are mounted on top of this root to implement the writable +# (and host-specific) parts of the root filesystem, and other volatile +# filesystems. +# +# The hierarchy in /conf has the form /conf/T/M/ where M are directories +# for which memory filesystems will be created and filled, +# and T is one of the "template" directories below: +# +# base universal base, typically a replica of the original root; +# default secondary universal base, typically overriding some +# of the files in the original root; +# ${ipba} where ${ipba} is the assigned broadcast IP address +# bcast/${ipba} same as above +# ${class} where ${class} is a list of directories supplied by +# bootp/dhcp through the T134 option. +# ${ipba} and ${class} are typically used to configure features +# for group of diskless clients, or even individual features; +# ${ip} where ${ip} is the machine's assigned IP address, typically +# used to set host-specific features; +# ip/${ip} same as above +# +# Template directories are scanned in the order they are listed above, +# with each successive directory overriding (merged into) the previous one; +# non-existing directories are ignored. The subdirectory forms exist to +# help keep the top level /conf manageable in large installations. +# +# The existence of a directory /conf/T/M causes this script to create a +# memory filesystem mounted as /M on the client. +# +# Some files in /conf have special meaning, namely: +# +# Filename Action +# ---------------------------------------------------------------- +# /conf/T/M/remount +# The contents of the file is a mount command. E.g. if +# /conf/1.2.3.4/foo/remount contains "mount -o ro /dev/ad0s3", +# then /dev/ad0s3 will be mounted on /conf/1.2.3.4/foo/ +# +# /conf/T/M/remount_optional +# If this file exists, then failure to execute the mount +# command contained in /conf/T/M/remount is non-fatal. +# +# /conf/T/M/remount_subdir +# If this file exists, then the behaviour of /conf/T/M/remount +# changes as follows: +# 1. /conf/T/M/remount is invoked to mount the root of the +# filesystem where the configuration data exists on a +# temporary mountpoint. +# 2. /conf/T/M/remount_subdir is then invoked to mount a +# *subdirectory* of the filesystem mounted by +# /conf/T/M/remount on /conf/T/M/. +# +# /conf/T/M/diskless_remount +# The contents of the file points to an NFS filesystem, +# possibly followed by mount_nfs options. If the server name +# is omitted, the script will prepend the root path used when +# booting. E.g. if you booted from foo.com:/path/to/root, +# an entry for /conf/base/etc/diskless_remount could be any of +# foo.com:/path/to/root/etc +# /etc -o ro +# Because mount_nfs understands ".." in paths, it is +# possible to mount from locations above the NFS root with +# paths such as "/../../etc". +# +# /conf/T/M/md_size +# The contents of the file specifies the size of the memory +# filesystem to be created, in 512 byte blocks. +# The default size is 10240 blocks (5MB). E.g. if +# /conf/base/etc/md_size contains "30000" then a 15MB MFS +# will be created. In case of multiple entries for the same +# directory M, the last one in the scanning order is used. +# NOTE: If you only need to create a memory filesystem but not +# initialize it from a template, it is preferable to specify +# it in fstab e.g. as "md /tmp mfs -s=30m,rw 0 0" +# +# /conf/T/SUBDIR.cpio.gz +# The file is cpio'd into /SUBDIR (and a memory filesystem is +# created for /SUBDIR if necessary). The presence of this file +# prevents the copy from /conf/T/SUBDIR/ +# +# /conf/T/SUBDIR.remove +# The list of paths contained in the file are rm -rf'd +# relative to /SUBDIR. +# +# /conf/diskless_remount +# Similar to /conf/T/M/diskless_remount above, but allows +# all of /conf to be remounted. This can be used to allow +# multiple roots to share the same /conf. +# +# +# You will almost universally want to create the following files under /conf +# +# File Content +# ---------------------------- ---------------------------------- +# /conf/base/etc/md_size size of /etc filesystem +# /conf/base/etc/diskless_remount "/etc" +# /conf/default/etc/rc.conf generic diskless config parameters +# /conf/default/etc/fstab generic diskless fstab e.g. like this +# +# foo:/root_part / nfs ro 0 0 +# foo:/usr_part /usr nfs ro 0 0 +# foo:/home_part /home nfs rw 0 0 +# md /tmp mfs -s=30m,rw 0 0 +# md /var mfs -s=30m,rw 0 0 +# proc /proc procfs rw 0 0 +# +# plus, possibly, overrides for password files etc. +# +# NOTE! /var, /tmp, and /dev will be typically created elsewhere, e.g. +# as entries in the fstab as above. +# Those filesystems should not be specified in /conf. +# +# (end of documentation, now get to the real code) + +dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` + +# DEBUGGING +# log something on stdout if verbose. +o_verbose=0 # set to 1 or 2 if you want more debugging +log() { + [ ${o_verbose} -gt 0 ] && echo "*** $* ***" + [ ${o_verbose} -gt 1 ] && read -p "=== Press enter to continue" foo +} + +# chkerr: +# +# Routine to check for error +# +# checks error code and drops into shell on failure. +# if shell exits, terminates script as well as /etc/rc. +# if remount_optional exists under the mountpoint, skip this check. +# +chkerr() { + lastitem () ( n=$(($# - 1)) ; shift $n ; echo $1 ) + mountpoint="$(lastitem $2)" + [ -r $mountpoint/remount_optional ] && ( echo "$2 failed: ignoring due to remount_optional" ; return ) + case $1 in + 0) + ;; + *) + echo "$2 failed: dropping into /bin/sh" + /bin/sh + # RESUME + ;; + esac +} + +# The list of filesystems to umount after the copy +to_umount="" + +handle_remount() { # $1 = mount point + local nfspt mountopts b + b=$1 + log handle_remount $1 + [ -d $b -a -f $b/diskless_remount ] || return + read nfspt mountopts < $b/diskless_remount + log "nfspt ${nfspt} mountopts ${mountopts}" + # prepend the nfs root if not present + [ `expr "$nfspt" : '\(.\)'` = "/" ] && nfspt="${nfsroot}${nfspt}" + mount_nfs $mountopts $nfspt $b + chkerr $? "mount_nfs $nfspt $b" + to_umount="$b ${to_umount}" +} + +# Create a generic memory disk. +# The 'auto' parameter will attempt to use tmpfs(5), falls back to md(4). +# $1 is size in 512-byte sectors, $2 is the mount point. +mount_md() { + /sbin/mdmfs -s $1 auto $2 +} + +# Create the memory filesystem if it has not already been created +# +create_md() { + [ "x`eval echo \\$md_created_$1`" = "x" ] || return # only once + if [ "x`eval echo \\$md_size_$1`" = "x" ]; then + md_size=10240 + else + md_size=`eval echo \\$md_size_$1` + fi + log create_md $1 with size $md_size + mount_md $md_size /$1 + /bin/chmod 755 /$1 + eval md_created_$1=created +} + +# DEBUGGING +# +# set -v + +# Figure out our interface and IP. +# +bootp_ifc="" +bootp_ipa="" +bootp_ipbca="" +class="" +if [ ${dlv:=0} -ne 0 ] ; then + iflist=`ifconfig -l` + for i in ${iflist} ; do + set -- `ifconfig ${i}` + while [ $# -ge 1 ] ; do + if [ "${bootp_ifc}" = "" -a "$1" = "inet" ] ; then + bootp_ifc=${i} ; bootp_ipa=${2} ; shift + fi + if [ "${bootp_ipbca}" = "" -a "$1" = "broadcast" ] ; then + bootp_ipbca=$2; shift + fi + shift + done + if [ "${bootp_ifc}" != "" ] ; then + break + fi + done + # Get the values passed with the T134 bootp cookie. + class="`/sbin/sysctl -qn kern.bootp_cookie`" + + echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca} ${class}" +fi + +log Figure out our NFS root path +# +set -- `mount -t nfs` +while [ $# -ge 1 ] ; do + if [ "$2" = "on" -a "$3" = "/" ]; then + nfsroot="$1" + break + fi + shift +done + +# The list of directories with template files +templates="base default" +if [ -n "${bootp_ipbca}" ]; then + templates="${templates} ${bootp_ipbca} bcast/${bootp_ipbca}" +fi +if [ -n "${class}" ]; then + templates="${templates} ${class}" +fi +if [ -n "${bootp_ipa}" ]; then + templates="${templates} ${bootp_ipa} ip/${bootp_ipa}" +fi + +# If /conf/diskless_remount exists, remount all of /conf. +handle_remount /conf + +# Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca}, +# and /conf/${bootp_ipa}. For each subdirectory found within these +# directories: +# +# - calculate memory filesystem sizes. If the subdirectory (prior to +# NFS remounting) contains the file 'md_size', the contents specified +# in 512 byte sectors will be used to size the memory filesystem. Otherwise +# 8192 sectors (4MB) is used. +# +# - handle NFS remounts. If the subdirectory contains the file +# diskless_remount, the contents of the file is NFS mounted over +# the directory. For example /conf/base/etc/diskless_remount +# might contain 'myserver:/etc'. NFS remounts allow you to avoid +# having to dup your system directories in /conf. Your server must +# be sure to export those filesystems -alldirs, however. +# If the diskless_remount file contains a string beginning with a +# '/' it is assumed that the local nfsroot should be prepended to +# it before attemping to the remount. This allows the root to be +# relocated without needing to change the remount files. +# +log "templates are ${templates}" +for i in ${templates} ; do + for j in /conf/$i/* ; do + [ -d $j ] || continue + + # memory filesystem size specification + subdir=${j##*/} + [ -f $j/md_size ] && eval md_size_$subdir=`cat $j/md_size` + + # remount. Beware, the command is in the file itself! + if [ -f $j/remount ]; then + if [ -f $j/remount_subdir ]; then + k="/conf.tmp/$i/$subdir" + [ -d $k ] || continue + + # Mount the filesystem root where the config data is + # on the temporary mount point. + nfspt=`/bin/cat $j/remount` + $nfspt $k + chkerr $? "$nfspt $k" + + # Now use a nullfs mount to get the data where we + # really want to see it. + remount_subdir=`/bin/cat $j/remount_subdir` + remount_subdir_cmd="mount -t nullfs $k/$remount_subdir" + + $remount_subdir_cmd $j + chkerr $? "$remount_subdir_cmd $j" + + # XXX check order -- we must force $k to be unmounted + # after j, as j depends on k. + to_umount="$j $k ${to_umount}" + else + nfspt=`/bin/cat $j/remount` + $nfspt $j + chkerr $? "$nfspt $j" + to_umount="$j ${to_umount}" # XXX hope it is really a mount! + fi + fi + + # NFS remount + handle_remount $j + done +done + +# - Create all required MFS filesystems and populate them from +# our templates. Support both a direct template and a dir.cpio.gz +# archive. Support dir.remove files containing a list of relative +# paths to remove. +# +# The dir.cpio.gz form is there to make the copy process more efficient, +# so if the cpio archive is present, it prevents the files from dir/ +# from being copied. + +for i in ${templates} ; do + for j in /conf/$i/* ; do + subdir=${j##*/} + if [ -d $j -a ! -f $j.cpio.gz ]; then + create_md $subdir + cp -Rp $j/ /$subdir + fi + done + for j in /conf/$i/*.cpio.gz ; do + subdir=${j%*.cpio.gz} + subdir=${subdir##*/} + if [ -f $j ]; then + create_md $subdir + echo "Loading /$subdir from cpio archive $j" + (cd / ; /rescue/tar -xpf $j) + fi + done + for j in /conf/$i/*.remove ; do + subdir=${j%*.remove} + subdir=${subdir##*/} + if [ -f $j ]; then + # doubly sure it is a memory disk before rm -rf'ing + create_md $subdir + (cd /$subdir; rm -rf `/bin/cat $j`) + fi + done +done + +# umount partitions used to fill the memory filesystems +[ -n "${to_umount}" ] && umount $to_umount diff --git a/libexec/rc/rc.resume b/libexec/rc/rc.resume new file mode 100755 index 000000000000..cce616155acb --- /dev/null +++ b/libexec/rc/rc.resume @@ -0,0 +1,58 @@ +#!/bin/sh +# +# Copyright (c) 1999 Mitsuru IWASAKI +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# sample run command file for APM Resume Event + +if [ $# -ne 2 ]; then + echo "Usage: $0 [apm|acpi] [standby,suspend|1-4]" + exit 1 +fi + +subsystem=$1 +state=$2 + +if [ -r /var/run/rc.suspend.pid ]; then + kill -9 `cat /var/run/rc.suspend.pid` + /bin/rm -f /var/run/rc.suspend.pid + echo 'rc.resume: killed rc.suspend that was still around' +fi + +# Turns on a power supply of a card in the slot inactivated. +# See also contrib/pccardq.c (only for PAO users). +# pccardq | awk -F '~' '$5 == "inactive" \ +# { printf("pccardc power %d 1", $1); }' | sh + +# If a device driver has problems resuming, try unloading it before +# suspend and reloading it on resume. Example: +# kldload usb + +/usr/bin/logger -t $subsystem resumed at `/bin/date +'%Y%m%d %H:%M:%S'` +/bin/sync && /bin/sync && /bin/sync + +exit 0 diff --git a/libexec/rc/rc.shutdown b/libexec/rc/rc.shutdown new file mode 100644 index 000000000000..15779c784091 --- /dev/null +++ b/libexec/rc/rc.shutdown @@ -0,0 +1,113 @@ +#!/bin/sh +# +# Copyright (c) 1997 Ollivier Robert +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# Site-specific closing actions for daemons run by init on shutdown, +# or before going single-user from multi-user. +# Output and errors are directed to console by init, and the +# console is the controlling terminal. + +stty status '^T' 2> /dev/null + +# Set shell to ignore SIGINT (2), but not children; +# shell catches SIGQUIT (3) and returns to single user after fsck. +trap : 2 +trap : 3 # shouldn't be needed + +HOME=/ +PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin +export HOME PATH + +. /etc/rc.subr + +load_rc_config + +# reverse_list list +# print the list in reverse order +# +reverse_list() +{ + _revlist= + for _revfile in $*; do + _revlist="$_revfile${script_name_sep}$_revlist" + done + echo $_revlist +} + +# If requested, start a watchdog timer in the background which +# will terminate rc.shutdown if rc.shutdown doesn't complete +# within the specified time. +# +_rcshutdown_watchdog= +if [ -n "$rcshutdown_timeout" ]; then + debug "Initiating watchdog timer." + sleep $rcshutdown_timeout && ( + _msg="$rcshutdown_timeout second watchdog" + _msg="$_msg timeout expired. Shutdown terminated." + logger -t rc.shutdown "$_msg" + echo "$_msg" + date + kill -KILL $$ >/dev/null 2>&1 + ) & + _rcshutdown_watchdog=$! +fi + +# Determine the shutdown order of the /etc/rc.d scripts, +# and perform the operation +# +rcorder_opts="-k shutdown" +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + rcorder_opts="$rcorder_opts -s nojail" + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + rcorder_opts="$rcorder_opts -s nojailvnet" + fi +fi + +case ${local_startup} in +[Nn][Oo] | '') ;; +*) find_local_scripts_new ;; +esac + +files=`rcorder ${rcorder_opts} /etc/rc.d/* ${local_rc} 2>/dev/null` + +for _rc_elem in `reverse_list $files`; do + debug "run_rc_script $_rc_elem faststop" + run_rc_script $_rc_elem faststop +done + +# Terminate the background watchdog timer (if it is running) +# +if [ -n "$_rcshutdown_watchdog" ]; then + pkill -TERM -P $_rcshutdown_watchdog >/dev/null 2>&1 +fi + +# Insert other shutdown procedures here + + +echo '.' +exit 0 diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr new file mode 100644 index 000000000000..56eccdb15b0d --- /dev/null +++ b/libexec/rc/rc.subr @@ -0,0 +1,2139 @@ +# $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $ +# $FreeBSD$ +# +# Copyright (c) 1997-2004 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Luke Mewburn. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +# rc.subr +# functions used by various rc scripts +# + +: ${RC_PID:=$$}; export RC_PID + +# +# Operating System dependent/independent variables +# + +if [ -n "${_rc_subr_loaded}" ]; then + return +fi + +_rc_subr_loaded="YES" + +SYSCTL="/sbin/sysctl" +SYSCTL_N="${SYSCTL} -n" +SYSCTL_W="${SYSCTL}" +PROTECT="/usr/bin/protect" +ID="/usr/bin/id" +IDCMD="if [ -x $ID ]; then $ID -un; fi" +PS="/bin/ps -ww" +JID=0 + +# +# functions +# --------- + +# list_vars pattern +# List vars matching pattern. +# +list_vars() +{ + set | { while read LINE; do + var="${LINE%%=*}" + case "$var" in + "$LINE"|*[!a-zA-Z0-9_]*) continue ;; + $1) echo $var + esac + done; } +} + +# set_rcvar [var] [defval] [desc] +# +# Echo or define a rc.conf(5) variable name. Global variable +# $rcvars is used. +# +# If no argument is specified, echo "${name}_enable". +# +# If only a var is specified, echo "${var}_enable". +# +# If var and defval are specified, the ${var} is defined as +# rc.conf(5) variable and the default value is ${defvar}. An +# optional argument $desc can also be specified to add a +# description for that. +# +set_rcvar() +{ + local _var + + case $# in + 0) echo ${name}_enable ;; + 1) echo ${1}_enable ;; + *) + debug "set_rcvar: \$$1=$2 is added" \ + " as a rc.conf(5) variable." + _var=$1 + rcvars="${rcvars# } $_var" + eval ${_var}_defval=\"$2\" + shift 2 + eval ${_var}_desc=\"$*\" + ;; + esac +} + +# set_rcvar_obsolete oldvar [newvar] [msg] +# Define obsolete variable. +# Global variable $rcvars_obsolete is used. +# +set_rcvar_obsolete() +{ + local _var + _var=$1 + debug "set_rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" + + rcvars_obsolete="${rcvars_obsolete# } $1" + eval ${1}_newvar=\"$2\" + shift 2 + eval ${_var}_obsolete_msg=\"$*\" +} + +# +# force_depend script [rcvar] +# Force a service to start. Intended for use by services +# to resolve dependency issues. +# $1 - filename of script, in /etc/rc.d, to run +# $2 - name of the script's rcvar (minus the _enable) +# +force_depend() +{ + local _depend _dep_rcvar + + _depend="$1" + _dep_rcvar="${2:-$1}_enable" + + [ -n "$rc_fast" ] && ! checkyesno always_force_depends && + checkyesno $_dep_rcvar && return 0 + + /etc/rc.d/${_depend} forcestatus >/dev/null 2>&1 && return 0 + + info "${name} depends on ${_depend}, which will be forced to start." + if ! /etc/rc.d/${_depend} forcestart; then + warn "Unable to force ${_depend}. It may already be running." + return 1 + fi +} + +# +# checkyesno var +# Test $1 variable, and warn if not set to YES or NO. +# Return 0 if it's "yes" (et al), nonzero otherwise. +# +checkyesno() +{ + eval _value=\$${1} + debug "checkyesno: $1 is set to $_value." + case $_value in + + # "yes", "true", "on", or "1" + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + return 0 + ;; + + # "no", "false", "off", or "0" + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + return 1 + ;; + *) + warn "\$${1} is not set properly - see rc.conf(5)." + return 1 + ;; + esac +} + +# +# reverse_list list +# print the list in reverse order +# +reverse_list() +{ + _revlist= + for _revfile; do + _revlist="$_revfile $_revlist" + done + echo $_revlist +} + +# stop_boot always +# If booting directly to multiuser or $always is enabled, +# send SIGTERM to the parent (/etc/rc) to abort the boot. +# Otherwise just exit. +# +stop_boot() +{ + local always + + case $1 in + # "yes", "true", "on", or "1" + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + always=true + ;; + *) + always=false + ;; + esac + if [ "$autoboot" = yes -o "$always" = true ]; then + echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" + kill -TERM ${RC_PID} + fi + exit 1 +} + +# +# mount_critical_filesystems type +# Go through the list of critical filesystems as provided in +# the rc.conf(5) variable $critical_filesystems_${type}, checking +# each one to see if it is mounted, and if it is not, mounting it. +# +mount_critical_filesystems() +{ + eval _fslist=\$critical_filesystems_${1} + for _fs in $_fslist; do + mount | ( + _ismounted=false + while read what _on on _type type; do + if [ $on = $_fs ]; then + _ismounted=true + fi + done + if $_ismounted; then + : + else + mount $_fs >/dev/null 2>&1 + fi + ) + done +} + +# +# check_pidfile pidfile procname [interpreter] +# Parses the first line of pidfile for a PID, and ensures +# that the process is running and matches procname. +# Prints the matching PID upon success, nothing otherwise. +# interpreter is optional; see _find_processes() for details. +# +check_pidfile() +{ + _pidfile=$1 + _procname=$2 + _interpreter=$3 + if [ -z "$_pidfile" -o -z "$_procname" ]; then + err 3 'USAGE: check_pidfile pidfile procname [interpreter]' + fi + if [ ! -f $_pidfile ]; then + debug "pid file ($_pidfile): not readable." + return + fi + read _pid _junk < $_pidfile + if [ -z "$_pid" ]; then + debug "pid file ($_pidfile): no pid in file." + return + fi + _find_processes $_procname ${_interpreter:-.} '-p '"$_pid" +} + +# +# check_process procname [interpreter] +# Ensures that a process (or processes) named procname is running. +# Prints a list of matching PIDs. +# interpreter is optional; see _find_processes() for details. +# +check_process() +{ + _procname=$1 + _interpreter=$2 + if [ -z "$_procname" ]; then + err 3 'USAGE: check_process procname [interpreter]' + fi + _find_processes $_procname ${_interpreter:-.} '-ax' +} + +# +# _find_processes procname interpreter psargs +# Search for procname in the output of ps generated by psargs. +# Prints the PIDs of any matching processes, space separated. +# +# If interpreter == ".", check the following variations of procname +# against the first word of each command: +# procname +# `basename procname` +# `basename procname` + ":" +# "(" + `basename procname` + ")" +# "[" + `basename procname` + "]" +# +# If interpreter != ".", read the first line of procname, remove the +# leading #!, normalise whitespace, append procname, and attempt to +# match that against each command, either as is, or with extra words +# at the end. As an alternative, to deal with interpreted daemons +# using perl, the basename of the interpreter plus a colon is also +# tried as the prefix to procname. +# +_find_processes() +{ + if [ $# -ne 3 ]; then + err 3 'USAGE: _find_processes procname interpreter psargs' + fi + _procname=$1 + _interpreter=$2 + _psargs=$3 + + _pref= + if [ $_interpreter != "." ]; then # an interpreted script + _script="${_chroot}${_chroot:+/}$_procname" + if [ -r "$_script" ]; then + read _interp < $_script # read interpreter name + case "$_interp" in + \#!*) + _interp=${_interp#\#!} # strip #! + set -- $_interp + case $1 in + */bin/env) + shift # drop env to get real name + ;; + esac + if [ $_interpreter != $1 ]; then + warn "\$command_interpreter $_interpreter != $1" + fi + ;; + *) + warn "no shebang line in $_script" + set -- $_interpreter + ;; + esac + else + warn "cannot read shebang line from $_script" + set -- $_interpreter + fi + _interp="$* $_procname" # cleanup spaces, add _procname + _interpbn=${1##*/} + _fp_args='_argv' + _fp_match='case "$_argv" in + ${_interp}|"${_interp} "*|"[${_interpbn}]"|"${_interpbn}: ${_procname}"*)' + else # a normal daemon + _procnamebn=${_procname##*/} + _fp_args='_arg0 _argv' + _fp_match='case "$_arg0" in + $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' + fi + + _proccheck="\ + $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | + while read _npid _jid '"$_fp_args"'; do + '"$_fp_match"' + if [ "$JID" -eq "$_jid" ]; + then echo -n "$_pref$_npid"; + _pref=" "; + fi + ;; + esac + done' + +# debug "in _find_processes: proccheck is ($_proccheck)." + eval $_proccheck +} + +# sort_lite [-b] [-n] [-k POS] [-t SEP] +# A lite version of sort(1) (supporting a few options) that can be used +# before the real sort(1) is available (e.g., in scripts that run prior +# to mountcritremote). Requires only shell built-in functionality. +# +sort_lite() +{ + local funcname=sort_lite + local sort_sep="$IFS" sort_ignore_leading_space= + local sort_field=0 sort_strict_fields= sort_numeric= + local nitems=0 skip_leading=0 trim= + + local OPTIND flag + while getopts bnk:t: flag; do + case "$flag" in + b) sort_ignore_leading_space=1 ;; + n) sort_numeric=1 sort_ignore_leading_space=1 ;; + k) sort_field="${OPTARG%%,*}" ;; # only up to first comma + # NB: Unlike sort(1) only one POS allowed + t) sort_sep="$OPTARG" + if [ ${#sort_sep} -gt 1 ]; then + echo "$funcname: multi-character tab \`$sort_sep'" >&2 + return 1 + fi + sort_strict_fields=1 + ;; + \?) return 1 ;; + esac + done + shift $(( $OPTIND - 1 )) + + # Create transformation pattern to trim leading text if desired + case "$sort_field" in + ""|[!0-9]*|*[!0-9.]*) + echo "$funcname: invalid sort field \`$sort_field'" >&2 + return 1 + ;; + *.*) + skip_leading=${sort_field#*.} sort_field=${sort_field%%.*} + while [ ${skip_leading:-0} -gt 1 ] 2> /dev/null; do + trim="$trim?" skip_leading=$(( $skip_leading - 1 )) + done + esac + + # Copy input to series of local numbered variables + # NB: IFS of NULL preserves leading whitespace + local LINE + while IFS= read -r LINE || [ "$LINE" ]; do + nitems=$(( $nitems + 1 )) + local src_$nitems="$LINE" + done + + # + # Sort numbered locals using insertion sort + # + local curitem curitem_orig curitem_mod curitem_haskey + local dest dest_orig dest_mod dest_haskey + local d gt n + local i=1 + while [ $i -le $nitems ]; do + curitem_haskey=1 # Assume sort field (-k POS) exists + eval curitem=\"\$src_$i\" + curitem_mod="$curitem" # for modified comparison + curitem_orig="$curitem" # for original comparison + + # Trim leading whitespace if desired + if [ "$sort_ignore_leading_space" ]; then + while case "$curitem_orig" in + [$IFS]*) : ;; *) false; esac + do + curitem_orig="${curitem_orig#?}" + done + curitem_mod="$curitem_orig" + fi + + # Shift modified comparison value if sort field (-k POS) is > 1 + n=$sort_field + while [ $n -gt 1 ]; do + case "$curitem_mod" in + *[$sort_sep]*) + # Cut text up-to (and incl.) first separator + curitem_mod="${curitem_mod#*[$sort_sep]}" + + # Skip NULLs unless strict field splitting + [ "$sort_strict_fields" ] || + [ "${curitem_mod%%[$sort_sep]*}" ] || + [ $n -eq 2 ] || + continue + ;; + *) + # Asked for a field that doesn't exist + curitem_haskey= break + esac + n=$(( $n - 1 )) + done + + # Trim trailing words if sort field >= 1 + [ $sort_field -ge 1 -a "$sort_numeric" ] && + curitem_mod="${curitem_mod%%[$sort_sep]*}" + + # Apply optional trim (-k POS.TRIM) to cut leading characters + curitem_mod="${curitem_mod#$trim}" + + # Determine the type of modified comparison to use initially + # NB: Prefer numerical if requested but fallback to standard + case "$curitem_mod" in + ""|[!0-9]*) # NULL or begins with non-number + gt=">" + [ "$sort_numeric" ] && curitem_mod=0 + ;; + *) + if [ "$sort_numeric" ]; then + gt="-gt" + curitem_mod="${curitem_mod%%[!0-9]*}" + # NB: trailing non-digits removed + # otherwise numeric comparison fails + else + gt=">" + fi + esac + + # If first time through, short-circuit below position-search + if [ $i -le 1 ]; then + d=0 + else + d=1 + fi + + # + # Find appropriate element position + # + while [ $d -gt 0 ] + do + dest_haskey=$curitem_haskey + eval dest=\"\$dest_$d\" + dest_mod="$dest" # for modified comparison + dest_orig="$dest" # for original comparison + + # Trim leading whitespace if desired + if [ "$sort_ignore_leading_space" ]; then + while case "$dest_orig" in + [$IFS]*) : ;; *) false; esac + do + dest_orig="${dest_orig#?}" + done + dest_mod="$dest_orig" + fi + + # Shift modified value if sort field (-k POS) is > 1 + n=$sort_field + while [ $n -gt 1 ]; do + case "$dest_mod" in + *[$sort_sep]*) + # Cut text up-to (and incl.) 1st sep + dest_mod="${dest_mod#*[$sort_sep]}" + + # Skip NULLs unless strict fields + [ "$sort_strict_fields" ] || + [ "${dest_mod%%[$sort_sep]*}" ] || + [ $n -eq 2 ] || + continue + ;; + *) + # Asked for a field that doesn't exist + dest_haskey= break + esac + n=$(( $n - 1 )) + done + + # Trim trailing words if sort field >= 1 + [ $sort_field -ge 1 -a "$sort_numeric" ] && + dest_mod="${dest_mod%%[$sort_sep]*}" + + # Apply optional trim (-k POS.TRIM), cut leading chars + dest_mod="${dest_mod#$trim}" + + # Determine type of modified comparison to use + # NB: Prefer numerical if requested, fallback to std + case "$dest_mod" in + ""|[!0-9]*) # NULL or begins with non-number + gt=">" + [ "$sort_numeric" ] && dest_mod=0 + ;; + *) + if [ "$sort_numeric" ]; then + gt="-gt" + dest_mod="${dest_mod%%[!0-9]*}" + # NB: kill trailing non-digits + # for numeric comparison safety + else + gt=">" + fi + esac + + # Break if we've found the proper element position + if [ "$curitem_haskey" -a "$dest_haskey" ]; then + if [ "$dest_mod" = "$curitem_mod" ]; then + [ "$dest_orig" ">" "$curitem_orig" ] && + break + elif [ "$dest_mod" $gt "$curitem_mod" ] \ + 2> /dev/null + then + break + fi + else + [ "$dest_orig" ">" "$curitem_orig" ] && break + fi + + # Break if we've hit the end + [ $d -ge $i ] && break + + d=$(( $d + 1 )) + done + + # Shift remaining positions forward, making room for new item + n=$i + while [ $n -ge $d ]; do + # Shift destination item forward one placement + eval dest_$(( $n + 1 ))=\"\$dest_$n\" + n=$(( $n - 1 )) + done + + # Place the element + if [ $i -eq 1 ]; then + local dest_1="$curitem" + else + local dest_$d="$curitem" + fi + + i=$(( $i + 1 )) + done + + # Print sorted results + d=1 + while [ $d -le $nitems ]; do + eval echo \"\$dest_$d\" + d=$(( $d + 1 )) + done +} + +# +# wait_for_pids pid [pid ...] +# spins until none of the pids exist +# +wait_for_pids() +{ + local _list _prefix _nlist _j + + _list="$@" + if [ -z "$_list" ]; then + return + fi + _prefix= + while true; do + _nlist=""; + for _j in $_list; do + if kill -0 $_j 2>/dev/null; then + _nlist="${_nlist}${_nlist:+ }$_j" + [ -n "$_prefix" ] && sleep 1 + fi + done + if [ -z "$_nlist" ]; then + break + fi + _list=$_nlist + echo -n ${_prefix:-"Waiting for PIDS: "}$_list + _prefix=", " + pwait $_list 2>/dev/null + done + if [ -n "$_prefix" ]; then + echo "." + fi +} + +# +# get_pidfile_from_conf string file +# +# Takes a string to search for in the specified file. +# Ignores lines with traditional comment characters. +# +# Example: +# +# if get_pidfile_from_conf string file; then +# pidfile="$_pidfile_from_conf" +# else +# pidfile='appropriate default' +# fi +# +get_pidfile_from_conf() +{ + if [ -z "$1" -o -z "$2" ]; then + err 3 "USAGE: get_pidfile_from_conf string file ($name)" + fi + + local string file line + + string="$1" ; file="$2" + + if [ ! -s "$file" ]; then + err 3 "get_pidfile_from_conf: $file does not exist ($name)" + fi + + while read line; do + case "$line" in + *[#\;]*${string}*) continue ;; + *${string}*) break ;; + esac + done < $file + + if [ -n "$line" ]; then + line=${line#*/} + _pidfile_from_conf="/${line%%[\"\;]*}" + else + return 1 + fi +} + +# +# check_startmsgs +# If rc_quiet is set (usually as a result of using faststart at +# boot time) check if rc_startmsgs is enabled. +# +check_startmsgs() +{ + if [ -n "$rc_quiet" ]; then + checkyesno rc_startmsgs + else + return 0 + fi +} + +# +# run_rc_command argument +# Search for argument in the list of supported commands, which is: +# "start stop restart rcvar status poll ${extra_commands}" +# If there's a match, run ${argument}_cmd or the default method +# (see below). +# +# If argument has a given prefix, then change the operation as follows: +# Prefix Operation +# ------ --------- +# fast Skip the pid check, and set rc_fast=yes, rc_quiet=yes +# force Set ${rcvar} to YES, and set rc_force=yes +# one Set ${rcvar} to YES +# quiet Don't output some diagnostics, and set rc_quiet=yes +# +# The following globals are used: +# +# Name Needed Purpose +# ---- ------ ------- +# name y Name of script. +# +# command n Full path to command. +# Not needed if ${rc_arg}_cmd is set for +# each keyword. +# +# command_args n Optional args/shell directives for command. +# +# command_interpreter n If not empty, command is interpreted, so +# call check_{pidfile,process}() appropriately. +# +# desc n Description of script. +# +# extra_commands n List of extra commands supported. +# +# pidfile n If set, use check_pidfile $pidfile $command, +# otherwise use check_process $command. +# In either case, only check if $command is set. +# +# procname n Process name to check for instead of $command. +# +# rcvar n This is checked with checkyesno to determine +# if the action should be run. +# +# ${name}_program n Full path to command. +# Meant to be used in /etc/rc.conf to override +# ${command}. +# +# ${name}_chroot n Directory to chroot to before running ${command} +# Requires /usr to be mounted. +# +# ${name}_chdir n Directory to cd to before running ${command} +# (if not using ${name}_chroot). +# +# ${name}_flags n Arguments to call ${command} with. +# NOTE: $flags from the parent environment +# can be used to override this. +# +# ${name}_env n Environment variables to run ${command} with. +# +# ${name}_env_file n File to source variables to run ${command} with. +# +# ${name}_fib n Routing table number to run ${command} with. +# +# ${name}_nice n Nice level to run ${command} at. +# +# ${name}_oomprotect n Don't kill ${command} when swap space is exhausted. +# +# ${name}_user n User to run ${command} as, using su(1) if not +# using ${name}_chroot. +# Requires /usr to be mounted. +# +# ${name}_group n Group to run chrooted ${command} as. +# Requires /usr to be mounted. +# +# ${name}_groups n Comma separated list of supplementary groups +# to run the chrooted ${command} with. +# Requires /usr to be mounted. +# +# ${name}_prepend n Command added before ${command}. +# +# ${name}_login_class n Login class to use, else "daemon". +# +# ${name}_limits n limits(1) to apply to ${command}. +# +# ${rc_arg}_cmd n If set, use this as the method when invoked; +# Otherwise, use default command (see below) +# +# ${rc_arg}_precmd n If set, run just before performing the +# ${rc_arg}_cmd method in the default +# operation (i.e, after checking for required +# bits and process (non)existence). +# If this completes with a non-zero exit code, +# don't run ${rc_arg}_cmd. +# +# ${rc_arg}_postcmd n If set, run just after performing the +# ${rc_arg}_cmd method, if that method +# returned a zero exit code. +# +# required_dirs n If set, check for the existence of the given +# directories before running a (re)start command. +# +# required_files n If set, check for the readability of the given +# files before running a (re)start command. +# +# required_modules n If set, ensure the given kernel modules are +# loaded before running a (re)start command. +# The check and possible loads are actually +# done after start_precmd so that the modules +# aren't loaded in vain, should the precmd +# return a non-zero status to indicate a error. +# If a word in the list looks like "foo:bar", +# "foo" is the KLD file name and "bar" is the +# module name. If a word looks like "foo~bar", +# "foo" is the KLD file name and "bar" is a +# egrep(1) pattern matching the module name. +# Otherwise the module name is assumed to be +# the same as the KLD file name, which is most +# common. See load_kld(). +# +# required_vars n If set, perform checkyesno on each of the +# listed variables before running the default +# (re)start command. +# +# Default behaviour for a given argument, if no override method is +# provided: +# +# Argument Default behaviour +# -------- ----------------- +# start if !running && checkyesno ${rcvar} +# ${command} +# +# stop if ${pidfile} +# rc_pid=$(check_pidfile $pidfile $command) +# else +# rc_pid=$(check_process $command) +# kill $sig_stop $rc_pid +# wait_for_pids $rc_pid +# ($sig_stop defaults to TERM.) +# +# reload Similar to stop, except use $sig_reload instead, +# and doesn't wait_for_pids. +# $sig_reload defaults to HUP. +# Note that `reload' isn't provided by default, +# it should be enabled via $extra_commands. +# +# restart Run `stop' then `start'. +# +# status Show if ${command} is running, etc. +# +# poll Wait for ${command} to exit. +# +# rcvar Display what rc.conf variable is used (if any). +# +# enabled Return true if the service is enabled. +# +# describe Show the service's description +# +# extracommands Show the service's extra commands +# +# Variables available to methods, and after run_rc_command() has +# completed: +# +# Variable Purpose +# -------- ------- +# rc_arg Argument to command, after fast/force/one processing +# performed +# +# rc_flags Flags to start the default command with. +# Defaults to ${name}_flags, unless overridden +# by $flags from the environment. +# This variable may be changed by the precmd method. +# +# rc_pid PID of command (if appropriate) +# +# rc_fast Not empty if "fast" was provided (q.v.) +# +# rc_force Not empty if "force" was provided (q.v.) +# +# rc_quiet Not empty if "quiet" was provided +# +# +run_rc_command() +{ + _return=0 + rc_arg=$1 + if [ -z "$name" ]; then + err 3 'run_rc_command: $name is not set.' + fi + + # Don't repeat the first argument when passing additional command- + # line arguments to the command subroutines. + # + shift 1 + rc_extra_args="$*" + + _rc_prefix= + case "$rc_arg" in + fast*) # "fast" prefix; don't check pid + rc_arg=${rc_arg#fast} + rc_fast=yes + rc_quiet=yes + ;; + force*) # "force" prefix; always run + rc_force=yes + _rc_prefix=force + rc_arg=${rc_arg#${_rc_prefix}} + if [ -n "${rcvar}" ]; then + eval ${rcvar}=YES + fi + ;; + one*) # "one" prefix; set ${rcvar}=yes + _rc_prefix=one + rc_arg=${rc_arg#${_rc_prefix}} + if [ -n "${rcvar}" ]; then + eval ${rcvar}=YES + fi + ;; + quiet*) # "quiet" prefix; omit some messages + _rc_prefix=quiet + rc_arg=${rc_arg#${_rc_prefix}} + rc_quiet=yes + ;; + esac + + eval _override_command=\$${name}_program + command=${_override_command:-$command} + + _keywords="start stop restart rcvar enabled describe extracommands $extra_commands" + rc_pid= + _pidcmd= + _procname=${procname:-${command}} + + # setup pid check command + if [ -n "$_procname" ]; then + if [ -n "$pidfile" ]; then + _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')' + else + _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')' + fi + _keywords="${_keywords} status poll" + fi + + if [ -z "$rc_arg" ]; then + rc_usage $_keywords + fi + + if [ "$rc_arg" = "enabled" ] ; then + checkyesno ${rcvar} + return $? + fi + + if [ -n "$flags" ]; then # allow override from environment + rc_flags=$flags + else + eval rc_flags=\$${name}_flags + fi + eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ + _nice=\$${name}_nice _user=\$${name}_user \ + _group=\$${name}_group _groups=\$${name}_groups \ + _fib=\$${name}_fib _env=\$${name}_env \ + _prepend=\$${name}_prepend _login_class=\${${name}_login_class:-daemon} \ + _limits=\$${name}_limits _oomprotect=\$${name}_oomprotect \ + _env_file=\$${name}_env_file + + if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then # load env from file + set -a + . $_env_file + set +a + fi + + if [ -n "$_user" ]; then # unset $_user if running as that user + if [ "$_user" = "$(eval $IDCMD)" ]; then + unset _user + fi + fi + + [ -z "$autoboot" ] && eval $_pidcmd # determine the pid if necessary + + for _elem in $_keywords; do + if [ "$_elem" != "$rc_arg" ]; then + continue + fi + # if ${rcvar} is set, $1 is not "rcvar" and not "describe" + # and ${rc_pid} is not set, then run + # checkyesno ${rcvar} + # and return if that failed + # + if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" \ + -a "$rc_arg" != "describe" ] || + [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then + if ! checkyesno ${rcvar}; then + if [ -n "${rc_quiet}" ]; then + return 0 + fi + echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to " + echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' " + echo "instead of '${rc_arg}'." + return 0 + fi + fi + + if [ $rc_arg = "start" -a -z "$rc_fast" -a -n "$rc_pid" ]; then + if [ -z "$rc_quiet" ]; then + echo 1>&2 "${name} already running? " \ + "(pid=$rc_pid)." + fi + return 1 + fi + + # if there's a custom ${XXX_cmd}, + # run that instead of the default + # + eval _cmd=\$${rc_arg}_cmd \ + _precmd=\$${rc_arg}_precmd \ + _postcmd=\$${rc_arg}_postcmd + + if [ -n "$_cmd" ]; then + _run_rc_precmd || return 1 + _run_rc_doit "$_cmd $rc_extra_args" || return 1 + _run_rc_postcmd + return $_return + fi + + case "$rc_arg" in # default operations... + + describe) + if [ -n "$desc" ]; then + echo "$desc" + fi + ;; + + extracommands) + echo "$extra_commands" + ;; + + status) + _run_rc_precmd || return 1 + if [ -n "$rc_pid" ]; then + echo "${name} is running as pid $rc_pid." + else + echo "${name} is not running." + return 1 + fi + _run_rc_postcmd + ;; + + start) + if [ ! -x "${_chroot}${_chroot:+/}${command}" ]; then + warn "run_rc_command: cannot run $command" + return 1 + fi + + if ! _run_rc_precmd; then + warn "failed precmd routine for ${name}" + return 1 + fi + + # setup the full command to run + # + check_startmsgs && echo "Starting ${name}." + if [ -n "$_chroot" ]; then + _cd= + _doit="\ +${_nice:+nice -n $_nice }\ +${_fib:+setfib -F $_fib }\ +${_env:+env $_env }\ +chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ +$_chroot $command $rc_flags $command_args" + else + _cd="${_chdir:+cd $_chdir && }" + _doit="\ +${_fib:+setfib -F $_fib }\ +${_env:+env $_env }\ +$command $rc_flags $command_args" + if [ -n "$_user" ]; then + _doit="su -m $_user -c 'sh -c \"$_doit\"'" + fi + if [ -n "$_nice" ]; then + if [ -z "$_user" ]; then + _doit="sh -c \"$_doit\"" + fi + _doit="nice -n $_nice $_doit" + fi + if [ -n "$_prepend" ]; then + _doit="$_prepend $_doit" + fi + fi + + # Prepend default limits + _doit="$_cd limits -C $_login_class $_limits $_doit" + + # run the full command + # + if ! _run_rc_doit "$_doit"; then + warn "failed to start ${name}" + return 1 + fi + + # finally, run postcmd + # + _run_rc_postcmd + ;; + + stop) + if [ -z "$rc_pid" ]; then + [ -n "$rc_fast" ] && return 0 + _run_rc_notrunning + return 1 + fi + + _run_rc_precmd || return 1 + + # send the signal to stop + # + echo "Stopping ${name}." + _doit=$(_run_rc_killcmd "${sig_stop:-TERM}") + _run_rc_doit "$_doit" || return 1 + + # wait for the command to exit, + # and run postcmd. + wait_for_pids $rc_pid + + _run_rc_postcmd + ;; + + reload) + if [ -z "$rc_pid" ]; then + _run_rc_notrunning + return 1 + fi + + _run_rc_precmd || return 1 + + _doit=$(_run_rc_killcmd "${sig_reload:-HUP}") + _run_rc_doit "$_doit" || return 1 + + _run_rc_postcmd + ;; + + restart) + # prevent restart being called more + # than once by any given script + # + if ${_rc_restart_done:-false}; then + return 0 + fi + _rc_restart_done=true + + _run_rc_precmd || return 1 + + # run those in a subshell to keep global variables + ( run_rc_command ${_rc_prefix}stop $rc_extra_args ) + ( run_rc_command ${_rc_prefix}start $rc_extra_args ) + _return=$? + [ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1 + + _run_rc_postcmd + ;; + + poll) + _run_rc_precmd || return 1 + if [ -n "$rc_pid" ]; then + wait_for_pids $rc_pid + fi + _run_rc_postcmd + ;; + + rcvar) + echo -n "# $name" + if [ -n "$desc" ]; then + echo " : $desc" + else + echo "" + fi + echo "#" + # Get unique vars in $rcvar $rcvars + for _v in $rcvar $rcvars; do + case $v in + $_v\ *|\ *$_v|*\ $_v\ *) ;; + *) v="${v# } $_v" ;; + esac + done + + # Display variables. + for _v in $v; do + if [ -z "$_v" ]; then + continue + fi + + eval _desc=\$${_v}_desc + eval _defval=\$${_v}_defval + _h="-" + + eval echo \"$_v=\\\"\$$_v\\\"\" + # decode multiple lines of _desc + while [ -n "$_desc" ]; do + case $_desc in + *^^*) + echo "# $_h ${_desc%%^^*}" + _desc=${_desc#*^^} + _h=" " + ;; + *) + echo "# $_h ${_desc}" + break + ;; + esac + done + echo "# (default: \"$_defval\")" + done + echo "" + ;; + + *) + rc_usage $_keywords + ;; + + esac + + # Apply protect(1) to the PID if ${name}_oomprotect is set. + case "$rc_arg" in + start) + # We cannot use protect(1) inside jails. + if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] && + [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then + pid=$(check_process $command) + case $_oomprotect in + [Aa][Ll][Ll]) + ${PROTECT} -i -p ${pid} + ;; + [Yy][Ee][Ss]) + ${PROTECT} -p ${pid} + ;; + esac + fi + ;; + esac + + return $_return + done + + echo 1>&2 "$0: unknown directive '$rc_arg'." + rc_usage $_keywords + # not reached +} + +# +# Helper functions for run_rc_command: common code. +# They use such global variables besides the exported rc_* ones: +# +# name R/W +# ------------------ +# _precmd R +# _postcmd R +# _return W +# +_run_rc_precmd() +{ + check_required_before "$rc_arg" || return 1 + + if [ -n "$_precmd" ]; then + debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args" + eval "$_precmd $rc_extra_args" + _return=$? + + # If precmd failed and force isn't set, request exit. + if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then + return 1 + fi + fi + + check_required_after "$rc_arg" || return 1 + + return 0 +} + +_run_rc_postcmd() +{ + if [ -n "$_postcmd" ]; then + debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args" + eval "$_postcmd $rc_extra_args" + _return=$? + fi + return 0 +} + +_run_rc_doit() +{ + debug "run_rc_command: doit: $*" + eval "$@" + _return=$? + + # If command failed and force isn't set, request exit. + if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then + return 1 + fi + + return 0 +} + +_run_rc_notrunning() +{ + local _pidmsg + + if [ -n "$pidfile" ]; then + _pidmsg=" (check $pidfile)." + else + _pidmsg= + fi + echo 1>&2 "${name} not running?${_pidmsg}" +} + +_run_rc_killcmd() +{ + local _cmd + + _cmd="kill -$1 $rc_pid" + if [ -n "$_user" ]; then + _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" + fi + echo "$_cmd" +} + +# +# run_rc_script file arg +# Start the script `file' with `arg', and correctly handle the +# return value from the script. +# If `file' ends with `.sh' and lives in /etc/rc.d, ignore it as it's +# an old-style startup file. +# If `file' ends with `.sh' and does not live in /etc/rc.d, it's sourced +# into the current environment if $rc_fast_and_loose is set; otherwise +# it is run as a child process. +# If `file' appears to be a backup or scratch file, ignore it. +# Otherwise if it is executable run as a child process. +# +run_rc_script() +{ + _file=$1 + _arg=$2 + if [ -z "$_file" -o -z "$_arg" ]; then + err 3 'USAGE: run_rc_script file arg' + fi + + unset name command command_args command_interpreter \ + extra_commands pidfile procname \ + rcvar rcvars rcvars_obsolete required_dirs required_files \ + required_vars + eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd + + case "$_file" in + /etc/rc.d/*.sh) # no longer allowed in the base + warn "Ignoring old-style startup script $_file" + ;; + *[~#]|*.OLD|*.bak|*.orig|*,v) # scratch file; skip + warn "Ignoring scratch file $_file" + ;; + *) # run in subshell + if [ -x $_file ]; then + if [ -n "$rc_fast_and_loose" ]; then + set $_arg; . $_file + else + ( trap "echo Script $_file interrupted >&2 ; kill -QUIT $$" 3 + trap "echo Script $_file interrupted >&2 ; exit 1" 2 + trap "echo Script $_file running >&2" 29 + set $_arg; . $_file ) + fi + fi + ;; + esac +} + +# +# load_rc_config [service] +# Source in the configuration file(s) for a given service. +# If no service is specified, only the global configuration +# file(s) will be loaded. +# +load_rc_config() +{ + local _name _rcvar_val _var _defval _v _msg _new _d + _name=$1 + + if ${_rc_conf_loaded:-false}; then + : + else + if [ -r /etc/defaults/rc.conf ]; then + debug "Sourcing /etc/defaults/rc.conf" + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)." + . /etc/rc.conf + fi + _rc_conf_loaded=true + fi + + # If a service name was specified, attempt to load + # service-specific configuration + if [ -n "$_name" ] ; then + for _d in /etc ${local_startup}; do + _d=${_d%/rc.d} + if [ -f ${_d}/rc.conf.d/"$_name" ]; then + debug "Sourcing ${_d}/rc.conf.d/$_name" + . ${_d}/rc.conf.d/"$_name" + elif [ -d ${_d}/rc.conf.d/"$_name" ] ; then + local _rc + for _rc in ${_d}/rc.conf.d/"$_name"/* ; do + if [ -f "$_rc" ] ; then + debug "Sourcing $_rc" + . "$_rc" + fi + done + fi + done + fi + + # Set defaults if defined. + for _var in $rcvar $rcvars; do + eval _defval=\$${_var}_defval + if [ -n "$_defval" ]; then + eval : \${$_var:=\$${_var}_defval} + fi + done + + # check obsolete rc.conf variables + for _var in $rcvars_obsolete; do + eval _v=\$$_var + eval _msg=\$${_var}_obsolete_msg + eval _new=\$${_var}_newvar + case $_v in + "") + ;; + *) + if [ -z "$_new" ]; then + _msg="Ignored." + else + eval $_new=\"\$$_var\" + if [ -z "$_msg" ]; then + _msg="Use \$$_new instead." + fi + fi + warn "\$$_var is obsolete. $_msg" + ;; + esac + done +} + +# +# load_rc_config_var name var +# Read the rc.conf(5) var for name and set in the +# current shell, using load_rc_config in a subshell to prevent +# unwanted side effects from other variable assignments. +# +load_rc_config_var() +{ + if [ $# -ne 2 ]; then + err 3 'USAGE: load_rc_config_var name var' + fi + eval $(eval '( + load_rc_config '$1' >/dev/null; + if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then + echo '$2'=\'\''${'$2'}\'\''; + fi + )' ) +} + +# +# rc_usage commands +# Print a usage string for $0, with `commands' being a list of +# valid commands. +# +rc_usage() +{ + echo -n 1>&2 "Usage: $0 [fast|force|one|quiet](" + + _sep= + for _elem; do + echo -n 1>&2 "$_sep$_elem" + _sep="|" + done + echo 1>&2 ")" + exit 1 +} + +# +# err exitval message +# Display message to stderr and log to the syslog, and exit with exitval. +# +err() +{ + exitval=$1 + shift + + if [ -x /usr/bin/logger ]; then + logger "$0: ERROR: $*" + fi + echo 1>&2 "$0: ERROR: $*" + exit $exitval +} + +# +# warn message +# Display message to stderr and log to the syslog. +# +warn() +{ + if [ -x /usr/bin/logger ]; then + logger "$0: WARNING: $*" + fi + echo 1>&2 "$0: WARNING: $*" +} + +# +# info message +# Display informational message to stdout and log to syslog. +# +info() +{ + case ${rc_info} in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + if [ -x /usr/bin/logger ]; then + logger "$0: INFO: $*" + fi + echo "$0: INFO: $*" + ;; + esac +} + +# +# debug message +# If debugging is enabled in rc.conf output message to stderr. +# BEWARE that you don't call any subroutine that itself calls this +# function. +# +debug() +{ + case ${rc_debug} in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + if [ -x /usr/bin/logger ]; then + logger "$0: DEBUG: $*" + fi + echo 1>&2 "$0: DEBUG: $*" + ;; + esac +} + +# +# backup_file action file cur backup +# Make a backup copy of `file' into `cur', and save the previous +# version of `cur' as `backup'. +# +# The `action' keyword can be one of the following: +# +# add `file' is now being backed up (and is possibly +# being reentered into the backups system). `cur' +# is created. +# +# update `file' has changed and needs to be backed up. +# If `cur' exists, it is copied to `back' +# and then `file' is copied to `cur'. +# +# remove `file' is no longer being tracked by the backups +# system. `cur' is moved `back'. +# +# +backup_file() +{ + _action=$1 + _file=$2 + _cur=$3 + _back=$4 + + case $_action in + add|update) + if [ -f $_cur ]; then + cp -p $_cur $_back + fi + cp -p $_file $_cur + chown root:wheel $_cur + ;; + remove) + mv -f $_cur $_back + ;; + esac +} + +# make_symlink src link +# Make a symbolic link 'link' to src from basedir. If the +# directory in which link is to be created does not exist +# a warning will be displayed and an error will be returned. +# Returns 0 on success, 1 otherwise. +# +make_symlink() +{ + local src link linkdir _me + src="$1" + link="$2" + linkdir="`dirname $link`" + _me="make_symlink()" + + if [ -z "$src" -o -z "$link" ]; then + warn "$_me: requires two arguments." + return 1 + fi + if [ ! -d "$linkdir" ]; then + warn "$_me: the directory $linkdir does not exist." + return 1 + fi + if ! ln -sf $src $link; then + warn "$_me: unable to make a symbolic link from $link to $src" + return 1 + fi + return 0 +} + +# devfs_rulesets_from_file file +# Reads a set of devfs commands from file, and creates +# the specified rulesets with their rules. Returns non-zero +# if there was an error. +# +devfs_rulesets_from_file() +{ + local file _err _me _opts + file="$1" + _me="devfs_rulesets_from_file" + _err=0 + + if [ -z "$file" ]; then + warn "$_me: you must specify a file" + return 1 + fi + if [ ! -e "$file" ]; then + debug "$_me: no such file ($file)" + return 0 + fi + + # Disable globbing so that the rule patterns are not expanded + # by accident with matching filesystem entries. + _opts=$-; set -f + + debug "reading rulesets from file ($file)" + { while read line + do + case $line in + \#*) + continue + ;; + \[*\]*) + rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"` + if [ -z "$rulenum" ]; then + warn "$_me: cannot extract rule number ($line)" + _err=1 + break + fi + rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"` + if [ -z "$rulename" ]; then + warn "$_me: cannot extract rule name ($line)" + _err=1 + break; + fi + eval $rulename=\$rulenum + debug "found ruleset: $rulename=$rulenum" + if ! /sbin/devfs rule -s $rulenum delset; then + _err=1 + break + fi + ;; + *) + rulecmd="${line%%"\#*"}" + # evaluate the command incase it includes + # other rules + if [ -n "$rulecmd" ]; then + debug "adding rule ($rulecmd)" + if ! eval /sbin/devfs rule -s $rulenum $rulecmd + then + _err=1 + break + fi + fi + ;; + esac + if [ $_err -ne 0 ]; then + debug "error in $_me" + break + fi + done } < $file + case $_opts in *f*) ;; *) set +f ;; esac + return $_err +} + +# devfs_init_rulesets +# Initializes rulesets from configuration files. Returns +# non-zero if there was an error. +# +devfs_init_rulesets() +{ + local file _me + _me="devfs_init_rulesets" + + # Go through this only once + if [ -n "$devfs_rulesets_init" ]; then + debug "$_me: devfs rulesets already initialized" + return + fi + for file in $devfs_rulesets; do + if ! devfs_rulesets_from_file $file; then + warn "$_me: could not read rules from $file" + return 1 + fi + done + devfs_rulesets_init=1 + debug "$_me: devfs rulesets initialized" + return 0 +} + +# devfs_set_ruleset ruleset [dir] +# Sets the default ruleset of dir to ruleset. The ruleset argument +# must be a ruleset name as specified in devfs.rules(5) file. +# Returns non-zero if it could not set it successfully. +# +devfs_set_ruleset() +{ + local devdir rs _me + [ -n "$1" ] && eval rs=\$$1 || rs= + [ -n "$2" ] && devdir="-m "$2"" || devdir= + _me="devfs_set_ruleset" + + if [ -z "$rs" ]; then + warn "$_me: you must specify a ruleset number" + return 1 + fi + debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })" + if ! /sbin/devfs $devdir ruleset $rs; then + warn "$_me: unable to set ruleset $rs to ${devdir#-m }" + return 1 + fi + return 0 +} + +# devfs_apply_ruleset ruleset [dir] +# Apply ruleset number $ruleset to the devfs mountpoint $dir. +# The ruleset argument must be a ruleset name as specified +# in a devfs.rules(5) file. Returns 0 on success or non-zero +# if it could not apply the ruleset. +# +devfs_apply_ruleset() +{ + local devdir rs _me + [ -n "$1" ] && eval rs=\$$1 || rs= + [ -n "$2" ] && devdir="-m "$2"" || devdir= + _me="devfs_apply_ruleset" + + if [ -z "$rs" ]; then + warn "$_me: you must specify a ruleset" + return 1 + fi + debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })" + if ! /sbin/devfs $devdir rule -s $rs applyset; then + warn "$_me: unable to apply ruleset $rs to ${devdir#-m }" + return 1 + fi + return 0 +} + +# devfs_domount dir [ruleset] +# Mount devfs on dir. If ruleset is specified it is set +# on the mount-point. It must also be a ruleset name as specified +# in a devfs.rules(5) file. Returns 0 on success. +# +devfs_domount() +{ + local devdir rs _me + devdir="$1" + [ -n "$2" ] && rs=$2 || rs= + _me="devfs_domount()" + + if [ -z "$devdir" ]; then + warn "$_me: you must specify a mount-point" + return 1 + fi + debug "$_me: mount-point is ($devdir), ruleset is ($rs)" + if ! mount -t devfs dev "$devdir"; then + warn "$_me: Unable to mount devfs on $devdir" + return 1 + fi + if [ -n "$rs" ]; then + devfs_init_rulesets + devfs_set_ruleset $rs $devdir + devfs -m $devdir rule applyset + fi + return 0 +} + +# Provide a function for normalizing the mounting of memory +# filesystems. This should allow the rest of the code here to remain +# as close as possible between 5-current and 4-stable. +# $1 = size +# $2 = mount point +# $3 = (optional) extra mdmfs flags +mount_md() +{ + if [ -n "$3" ]; then + flags="$3" + fi + /sbin/mdmfs $flags -s $1 ${mfs_type} $2 +} + +# Code common to scripts that need to load a kernel module +# if it isn't in the kernel yet. Syntax: +# load_kld [-e regex] [-m module] file +# where -e or -m chooses the way to check if the module +# is already loaded: +# regex is egrep'd in the output from `kldstat -v', +# module is passed to `kldstat -m'. +# The default way is as though `-m file' were specified. +load_kld() +{ + local _loaded _mod _opt _re + + while getopts "e:m:" _opt; do + case "$_opt" in + e) _re="$OPTARG" ;; + m) _mod="$OPTARG" ;; + *) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;; + esac + done + shift $(($OPTIND - 1)) + if [ $# -ne 1 ]; then + err 3 'USAGE: load_kld [-e regex] [-m module] file' + fi + _mod=${_mod:-$1} + _loaded=false + if [ -n "$_re" ]; then + if kldstat -v | egrep -q -e "$_re"; then + _loaded=true + fi + else + if kldstat -q -m "$_mod"; then + _loaded=true + fi + fi + if ! $_loaded; then + if ! kldload "$1"; then + warn "Unable to load kernel module $1" + return 1 + else + info "$1 kernel module loaded." + fi + else + debug "load_kld: $1 kernel module already loaded." + fi + return 0 +} + +# ltr str src dst [var] +# Change every $src in $str to $dst. +# Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor +# awk(1). If var is non-NULL, set it to the result. +ltr() +{ + local _str _src _dst _out _com _var + _str="$1" + _src="$2" + _dst="$3" + _var="$4" + _out="" + + local IFS="${_src}" + for _com in ${_str}; do + if [ -z "${_out}" ]; then + _out="${_com}" + else + _out="${_out}${_dst}${_com}" + fi + done + if [ -n "${_var}" ]; then + setvar "${_var}" "${_out}" + else + echo "${_out}" + fi +} + +# Creates a list of providers for GELI encryption. +geli_make_list() +{ + local devices devices2 + local provider mountpoint type options rest + + # Create list of GELI providers from fstab. + while read provider mountpoint type options rest ; do + case ":${options}" in + :*noauto*) + noauto=yes + ;; + *) + noauto=no + ;; + esac + + case ":${provider}" in + :#*) + continue + ;; + *.eli) + # Skip swap devices. + if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then + continue + fi + devices="${devices} ${provider}" + ;; + esac + done < /etc/fstab + + # Append providers from geli_devices. + devices="${devices} ${geli_devices}" + + for provider in ${devices}; do + provider=${provider%.eli} + provider=${provider#/dev/} + devices2="${devices2} ${provider}" + done + + echo ${devices2} +} + +# Originally, root mount hold had to be released before mounting +# the root filesystem. This delayed the boot, so it was changed +# to only wait if the root device isn't readily available. This +# can result in rc scripts executing before all the devices - such +# as graid(8), or USB disks - can be accessed. This function can +# be used to explicitly wait for root mount holds to be released. +root_hold_wait() +{ + local wait waited holders + + waited=0 + while true; do + holders="$(sysctl -n vfs.root_mount_hold)" + if [ -z "${holders}" ]; then + break; + fi + if [ ${waited} -eq 0 ]; then + echo -n "Waiting ${root_hold_delay}s" \ + "for the root mount holders: ${holders}" + else + echo -n . + fi + if [ ${waited} -ge ${root_hold_delay} ]; then + echo + break + fi + sleep 1 + waited=$(($waited + 1)) + done +} + +# Find scripts in local_startup directories that use the old syntax +# +find_local_scripts_old() { + zlist='' + slist='' + for dir in ${local_startup}; do + if [ -d "${dir}" ]; then + for file in ${dir}/[0-9]*.sh; do + grep '^# PROVIDE:' $file >/dev/null 2>&1 && + continue + zlist="$zlist $file" + done + for file in ${dir}/[!0-9]*.sh; do + grep '^# PROVIDE:' $file >/dev/null 2>&1 && + continue + slist="$slist $file" + done + fi + done +} + +find_local_scripts_new() { + local_rc='' + for dir in ${local_startup}; do + if [ -d "${dir}" ]; then + for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do + case "$file" in + *.sample) ;; + *) if [ -x "$file" ]; then + local_rc="${local_rc} ${file}" + fi + ;; + esac + done + fi + done +} + +# check_required_{before|after} command +# Check for things required by the command before and after its precmd, +# respectively. The two separate functions are needed because some +# conditions should prevent precmd from being run while other things +# depend on precmd having already been run. +# +check_required_before() +{ + local _f + + case "$1" in + start) + for _f in $required_vars; do + if ! checkyesno $_f; then + warn "\$${_f} is not enabled." + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + + for _f in $required_dirs; do + if [ ! -d "${_f}/." ]; then + warn "${_f} is not a directory." + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + + for _f in $required_files; do + if [ ! -r "${_f}" ]; then + warn "${_f} is not readable." + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + ;; + esac + + return 0 +} + +check_required_after() +{ + local _f _args + + case "$1" in + start) + for _f in $required_modules; do + case "${_f}" in + *~*) _args="-e ${_f#*~} ${_f%%~*}" ;; + *:*) _args="-m ${_f#*:} ${_f%%:*}" ;; + *) _args="${_f}" ;; + esac + if ! load_kld ${_args}; then + if [ -z "$rc_force" ]; then + return 1 + fi + fi + done + ;; + esac + + return 0 +} + +# check_jail mib +# Return true if security.jail.$mib exists and set to 1. + +check_jail() +{ + local _mib _v + + _mib=$1 + if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then + case $_v in + 1) return 0;; + esac + fi + return 1 +} + +# check_kern_features mib +# Return existence of kern.features.* sysctl MIB as true or +# false. The result will be cached in $_rc_cache_kern_features_ +# namespace. "0" means the kern.features.X exists. + +check_kern_features() +{ + local _v + + [ -n "$1" ] || return 1; + eval _v=\$_rc_cache_kern_features_$1 + [ -n "$_v" ] && return "$_v"; + + if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then + eval _rc_cache_kern_features_$1=0 + return 0 + else + eval _rc_cache_kern_features_$1=1 + return 1 + fi +} + +# check_namevarlist var +# Return "0" if ${name}_var is reserved in rc.subr. + +_rc_namevarlist="program chroot chdir env flags fib nice user group groups prepend" +check_namevarlist() +{ + local _v + + for _v in $_rc_namevarlist; do + case $1 in + $_v) return 0 ;; + esac + done + + return 1 +} + +# _echoonce var msg mode +# mode=0: Echo $msg if ${$var} is empty. +# After doing echo, a string is set to ${$var}. +# +# mode=1: Echo $msg if ${$var} is a string with non-zero length. +# +_echoonce() +{ + local _var _msg _mode + eval _var=\$$1 + _msg=$2 + _mode=$3 + + case $_mode in + 1) [ -n "$_var" ] && echo "$_msg" ;; + *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;; + esac +} + +# If the loader env variable rc.debug is set, turn on debugging. rc.conf will +# still override this, but /etc/defaults/rc.conf can't unconditionally set this +# since it would undo what we've done here. +if kenv -q rc.debug > /dev/null ; then + rc_debug=YES +fi diff --git a/libexec/rc/rc.suspend b/libexec/rc/rc.suspend new file mode 100755 index 000000000000..5f22cd1a05b1 --- /dev/null +++ b/libexec/rc/rc.suspend @@ -0,0 +1,67 @@ +#!/bin/sh +# +# Copyright (c) 1999 Mitsuru IWASAKI +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# sample run command file for APM Suspend Event + +if [ $# -ne 2 ]; then + echo "Usage: $0 [apm|acpi] [standby,suspend|1-4]" + exit 1 +fi + +subsystem=$1 +state=$2 + +if [ -r /var/run/rc.suspend.pid ]; then + exit 1 +fi + +echo $$ 2> /dev/null > /var/run/rc.suspend.pid + +# If you have troubles on suspending with PC-CARD modem, try this. +# See also contrib/pccardq.c (Only for PAO users). +# pccardq | awk -F '~' '$5 == "filled" && $4 ~ /uart/ \ +# { printf("pccardc power %d 0", $1); }' | sh + +# If a device driver has problems suspending, try unloading it before +# suspend and reloading it on resume. Example: +# kldunload usb + +/usr/bin/logger -t $subsystem suspend at `/bin/date +'%Y%m%d %H:%M:%S'` +/bin/sync && /bin/sync && /bin/sync +/bin/sleep 3 + +/bin/rm -f /var/run/rc.suspend.pid +if [ $subsystem = "apm" ]; then + /usr/sbin/zzz +else + # Notify the kernel to continue the suspend process + /usr/sbin/acpiconf -k 0 +fi + +exit 0 |