diff -urN 4.1-RELEASE/etc/aliases 4.2-RELEASE/etc/aliases --- 4.1-RELEASE/etc/aliases Thu Jul 27 12:14:37 2000 +++ 4.2-RELEASE/etc/aliases Mon Nov 20 21:03:12 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/aliases,v 1.10 1999/08/27 23:23:40 peter Exp $ +# $FreeBSD: src/etc/mail/aliases,v 1.10.4.1 2000/08/27 17:31:38 gshapiro Exp $ # @(#)aliases 5.3 (Berkeley) 5/24/90 # # Aliases in this file will NOT be expanded in the header from diff -urN 4.1-RELEASE/etc/crontab 4.2-RELEASE/etc/crontab --- 4.1-RELEASE/etc/crontab Thu Jul 27 12:14:37 2000 +++ 4.2-RELEASE/etc/crontab Mon Nov 20 21:03:04 2000 @@ -1,6 +1,6 @@ # /etc/crontab - root's crontab for FreeBSD # -# $FreeBSD: src/etc/crontab,v 1.21 1999/12/15 17:58:29 obrien Exp $ +# $FreeBSD: src/etc/crontab,v 1.21.2.1 2000/09/20 02:32:51 jkh Exp $ # SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin @@ -14,9 +14,9 @@ 0 * * * * root newsyslog # # do daily/weekly/monthly maintenance -59 1 * * * root periodic daily 2>&1 | sendmail root -30 3 * * 6 root periodic weekly 2>&1 | sendmail root -30 5 1 * * root periodic monthly 2>&1 | sendmail root +59 1 * * * root periodic daily +30 3 * * 6 root periodic weekly +30 5 1 * * root periodic monthly # # time zone change adjustment for wall cmos clock, # does nothing, if you have UTC cmos clock. diff -urN 4.1-RELEASE/etc/csh.login 4.2-RELEASE/etc/csh.login --- 4.1-RELEASE/etc/csh.login Thu Jul 27 12:14:37 2000 +++ 4.2-RELEASE/etc/csh.login Mon Nov 20 21:03:04 2000 @@ -1,16 +1,14 @@ -# $FreeBSD: src/etc/csh.login,v 1.19 1999/08/27 23:23:41 peter Exp $ +# $FreeBSD: src/etc/csh.login,v 1.19.2.1 2000/07/31 20:13:26 rwatson Exp $ # # System-wide .login file for csh(1). # Uncomment this to give you the default 4.2 behavior, where disk # information is shown in K-Blocks # setenv BLOCKSIZE K -# Uncomment this two lines to activate Russian locale -# setenv LANG ru_RU.KOI8-R -# setenv MM_CHARSET KOI8-R -# Uncomment this two lines to activate Italian locale -# setenv LANG it_IT.ISO_8859-1 -# setenv MM_CHARSET ISO-8859-1 +# +# For the setting of languages and character sets please see +# login.conf(5) and in particular the charset and lang options. # For full locales list check /usr/share/locale/* +# # Read system messages # msgs -f # Allow terminal messages diff -urN 4.1-RELEASE/etc/defaults/make.conf 4.2-RELEASE/etc/defaults/make.conf --- 4.1-RELEASE/etc/defaults/make.conf Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/defaults/make.conf Mon Nov 20 21:03:04 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/defaults/make.conf,v 1.97.2.9 2000/07/14 09:23:46 peter Exp $ +# $FreeBSD: src/etc/defaults/make.conf,v 1.97.2.26 2000/11/10 10:48:10 ru Exp $ # # This file, if present, will be read by make (see /usr/share/mk/sys.mk). # It allows you to override macro definitions to make without changing @@ -26,21 +26,32 @@ # #CXXFLAGS+= -fmemoize-lookups -fsave-memoized # -# Avoid compiling profiled libraries -#NOPROFILE= true +# BDECFLAGS are a set of gcc warning settings that Bruce Evans has suggested +# for use in developing FreeBSD and testing changes. They can be used by +# putting "CFLAGS+=${BDECFLAGS}" in /etc/make.conf. +# +BDECFLAGS= -W -Wall -ansi -pedantic -Wbad-function-cast -Wcast-align \ + -Wcast-qual -Wchar-subscripts -Wconversion -Winline \ + -Wmissing-prototypes -Wnested-externs -Wpointer-arith \ + -Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings +# +# To compile just the kernel with special optimisations, you should use +# this instead of CFLAGS (which is not applicable to kernel builds anyway): +# +#COPTFLAGS= -O -pipe # # Compare before install #INSTALL=install -C # -# To avoid building perl -#NOPERL= true -# -# To avoid building the suid perl -#NOSUIDPERL= true +# To enable installing suidperl with the setuid bit turned on +#ENABLE_SUIDPERL= true # # To build perl with thread support #PERL_THREADED= true # +# To build ppp with normal permissions +#PPP_NOSUID= true +# # To avoid building various parts of the base system: #NO_CVS= true # do not build CVS #NO_BIND= true # do not build BIND @@ -52,6 +63,7 @@ #NO_OPENSSH= true # do not build OpenSSH #NO_OPENSSL= true # do not build OpenSSL (implies NO_OPENSSH) #NO_SENDMAIL= true # do not build sendmail and related programs +#NO_SHAREDOCS= true # do not build the 4.4BSD legacy docs #NO_TCSH= true # do not build and install /bin/csh (which is tcsh) #NO_X= true # do not compile in XWindows support (e.g. doscmd) #NOCRYPT= true # do not build any crypto code @@ -59,12 +71,16 @@ #NOGAMES= true # do not build games (games/ subdir) #NOINFO= true # do not make or install info files #NOLIBC_R= true # do not build libc_r (re-entrant version of libc) +#NOPERL= true # To avoid building perl +#NOPROFILE= true # Avoid compiling profiled libraries #NOSECURE= true # do not build crypto code in secure/ subdir #NOSHARE= true # do not go into the share subdir +#NOUUCP= true # do not build uucp related programs # # To build sys/modules when building the world (our old way of doing things) #MODULES_WITH_WORLD=true # do not build modules when building kernel # +# # Controls for building various OPTIONAL parts of the crypto system. # Patents are involved - you must not use these unless you either have # a license or would be within patent 'fair use' provisions. @@ -72,23 +88,13 @@ # use is not. # *** It is YOUR RESPONSIBILITY to determine if you can use these! *** # -# Patented in the USA only (due to expire in September 2000). RSA is -# required for OpenSSH. Either use this or ports/security/rsaref. -#MAKE_RSAINTL= YES # RSA (public key exchange) -# +# Patented in the USA and many european countries - thought to be OK to +# use for any non-commercial use. This is optional. +#MAKE_IDEA= YES # IDEA (128 bit symmetric encryption) # # To avoid running MAKEDEV all on /dev during install: #NO_MAKEDEV= true # -# To compile just the kernel with special optimisations, you should use -# this instead of CFLAGS (which is not applicable to kernel builds anyway): -# -#COPTFLAGS= -O -pipe -# -# To compile and install the 4.4 lite libm instead of the default use: -# -#WANT_CSRG_LIBM= yes -# # If you do not want unformatted manual pages to be compressed # when they are installed: # @@ -141,6 +147,12 @@ # #BOOT_COMCONSOLE_SPEED= 115200 # +# By default the 'pxeboot' loader retrieves the kernel via NFS. Defining +# this and recompiling /usr/src/sys/boot will cause it to retrieve the kernel +# via TFTP. This allows pxeboot to load a custom BOOTP diskless kernel yet +# still mount the server's '/' (i.e. rather then load the server's kernel). +# +#LOADER_TFTP_SUPPORT= YES # # By default, this points to /usr/X11R6 for XFree86 releases 3.0 or earlier. # If you have a XFree86 from before 3.0 that has the X distribution in @@ -197,19 +209,33 @@ # # Note: the right hand sides of the following lines are only for your # information. For a full list of default sites, take a look at -# bsd.port.mk. +# bsd.sites.mk. # #MASTER_SITE_XCONTRIB= ftp://ftp.x.org/contrib/%SUBDIR%/ -#MASTER_SITE_GNU= ftp://prep.ai.mit.edu/pub/gnu/%SUBDIR%/ +#MASTER_SITE_XFREE= ftp://ftp.freesoftware.com/pub/XFree86/%SUBDIR%/source/ +#MASTER_SITE_GNU= ftp://ftp.gnu.org/gnu/%SUBDIR%/ #MASTER_SITE_PERL_CPAN= ftp://ftp.digital.com/pub/plan/perl/CPAN/modules/by-module/%SUBDIR%/ #MASTER_SITE_TEX_CTAN= ftp://ftp.tex.ac.uk/tex-archive/%SUBDIR%/ #MASTER_SITE_SUNSITE= ftp://metalab.unc.edu/pub/Linux/%SUBDIR%/ +#MASTER_SITE_RINGSERVER= ftp://ring.ocn.ad.jp/pub/%SUBDIR%/ #MASTER_SITE_KDE= ftp://ftp.kde.org/pub/kde/%SUBDIR%/ #MASTER_SITE_COMP_SOURCES= ftp://gatekeeper.dec.com/pub/usenet/comp.sources.%SUBDIR%/ #MASTER_SITE_GNOME= ftp://ftp.gnome.org/pub/GNOME/sources/%SUBDIR%/ #MASTER_SITE_AFTERSTEP= ftp://ftp.afterstep.org/%SUBDIR%/ #MASTER_SITE_WINDOWMAKER= ftp://ftp.windowmaker.org/pub/%SUBDIR%/ +#MASTER_SITE_MOZILLA= ftp://ftp.yggdrasil.com/mirrors/site/ftp.mozilla.org/pub/%SUBDIR%/ +#MASTER_SITE_XEMACS= ftp://ftp.sunsite.utk.edu/pub/xemacs/%SUBDIR%/ +#MASTER_SITE_TCLTK= ftp://ftp.uu.net/languages/tcl/%SUBDIR%/ +#MASTER_SITE_RUBY= ftp://ftp.fu-berlin.de/unix/languages/ruby/%SUBDIR%/ +# +# Also it is highly recommended that you configure MASTER_SORT_REGEX +# to choose better mirror sites for you. List awk(1)-style regular +# expressions separated by space so MASTER_SITES will be sorted in +# that order. The following example is for Japanese users; change +# "jp" part to your ccTLD ("de", "ru", "uk", etc.) or the domain names +# of your nearest/upstream networks to meet your needs. # +#MASTER_SORT_REGEX?= ^file: ^ftp://ftp\.FreeBSD\.org/pub/FreeBSD/ports/local-distfiles/ ://[^/]*\.jp/ ://[^/]*\.jp\. # # Kerberos IV # If you want KerberosIV (KTH eBones), define this: @@ -242,7 +268,8 @@ # #SUP= /usr/local/bin/cvsup #SUPFLAGS= -g -L 2 -#SUPFILE= /usr/share/examples/cvsup/standard-supfile +#SUPHOST= cvsup.uk.FreeBSD.org +#SUPFILE= /usr/share/examples/cvsup/stable-supfile #SUPFILE1= /usr/share/examples/cvsup/secure-supfile #PORTSSUPFILE= /usr/share/examples/cvsup/ports-supfile #DOCSUPFILE= /usr/share/examples/cvsup/doc-supfile @@ -253,3 +280,24 @@ # /etc/passwd. The default number is 20011. # #TOP_TABLE_SIZE= 101 +# +# Documentation +# +# The list of languages and encodings to build and install +# +#DOC_LANG= en_US.ISO_8859-1 ru_RU.KOI8-R +# +# +# sendmail +# Setting the following variables modifes the build environment for +# sendmail and its related utilities. For example, SASL support can be +# added with settings such as: +# +# SENDMAIL_CFLAGS=-I/usr/local/include -DSASL +# SENDMAIL_LDFLAGS=-L/usr/local/lib +# SENDMAIL_LDADD=-lsasl +# +#SENDMAIL_CFLAGS= +#SENDMAIL_LDFLAGS= +#SENDMAIL_LDADD= +#SENDMAIL_DPADD= diff -urN 4.1-RELEASE/etc/defaults/pccard.conf 4.2-RELEASE/etc/defaults/pccard.conf --- 4.1-RELEASE/etc/defaults/pccard.conf Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/defaults/pccard.conf Mon Nov 20 21:03:04 2000 @@ -8,7 +8,7 @@ # IRQ == 0 means "allocate free IRQ from IRQ pool" # IRQ == 16 means "do not use IRQ (e.g. PIO mode)" # -# $FreeBSD: src/etc/defaults/pccard.conf,v 1.98.2.3 2000/07/19 12:58:12 sanpei Exp $ +# $FreeBSD: src/etc/defaults/pccard.conf,v 1.98.2.10 2000/10/31 06:22:19 sanpei Exp $ # # Send new entries for this file to imp@freebsd.org. He's volunteered # to act as coordinator for this file. @@ -50,14 +50,20 @@ # Aironet PC4500 2Mbps 802.11 wireless NIC card "Aironet" "PC4500" config 0x5 "an" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Aironet PC4800 11Mbps 802.11 wireless NIC card "Aironet" "PC4800" config 0x5 "an" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# Aironet 340/342 Series 11Mbps 802.11 wireless NIC +card "Cisco Systems" "340 Series Wireless LAN Adapter" + config auto "an" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop ########## ata ########## @@ -80,6 +86,11 @@ config auto "ata" ? logstr "MCD-601p" +# Lexar Media compact flash +card "CL ATA FLASH CARD LEXAR " "TIDALWV" +# auto does not work + config 0x1 "ata" ? + # DATAFAB PCMMD2 card "DATAFAB" "PCMCIA-TO-IDE" config 0x1 "ata" ? @@ -241,23 +252,23 @@ # Generic AMD Am79c930 based card card "AMD" "Am79C930" config 0x1 "awi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop card "Bay Networks" "BayStack 650 Wireless LAN" config 0x1 "awi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop card "Farallon" "SkyLINE Wireless" config default "awi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop card "Icom" "SL-200" config 0x1 "awi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop ########## cnw ########## @@ -274,8 +285,8 @@ # config 0x01 "cnw" ? ## cardmem 0xdd000 0x20000 0x9000 0x40 # ether 0x126 00:80:c7 00:20:d8 -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start +# remove /etc/pccard_ether $device stop ########## ed ########## @@ -283,198 +294,203 @@ card " " "Ethernet Combo card" config auto "ed" ? 0x10 logstr "NE2000 compatible card" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Map Japan MPL-972 card "2408LAN" "Ethernet" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Accton EN2212 # Very slow! (PIO mode) card "ACCTON" "EN2212" config 0x1 "ed" ? 0x10 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop #Accton 2216 card "ACCTON" "EN2216-PCMCIA-ETHERNET" config 0x20 "ed" ? # config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Allied Telesis CentreCOM LA100-PCM-T V2 card "Allied Telesis, K.K" "CentreCOM LA100-PCM-T V2 100/10M LAN PC Card" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Allied Telesis Ethernet Card card "Allied Telesis,K.K" "Ethernet LAN Card" config 0x1 "ed" ? 0x10 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Allied Telesis CentreCOM LA-PCM_V2 ethernet card # NTT-DATA ASTROWINK-M/MMOIL(IrLAN) ethernet card card "Allied Telesis, K.K." "CentreCOM LA-PCM_V2" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Allied Telesis CentreCOM LA100-PCM-T V2 card "Allied Telesis, K.K." "CentreCOM LA100-PCM-T V2 100/10M LAN PC Card" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Allied Telesis CentreCOM LA-PCM V3 card "Allied Telesis K.K." "LA-PCM V3" config auto "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # AmbiCom 10BaseT card card "AmbiCom Inc" "AMB8002T" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Billionton LNT-10TB card "Billionton" "LNT-10TB" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # CNet BC40 adapter card "CNet" "CN40BC Ethernet" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# COREGA FEther PCC-TXF +card "corega" "FEther PCC-TXF" + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # COREGA Ether PCC-T card "corega K.K." "corega Ether PCC-T" config 0x20 "ed" ? # config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # COREGA EtherII PCC-T card "corega K.K." "corega EtherII PCC-T" - config 0x20 "ed" ? -# config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # COREGA FastEther PCC-TX card "corega K.K." "corega FastEther PCC-TX" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Corega PCM-T card "Corega,K.K." "Ethernet LAN Card" config auto "ed" ? ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # CyQ've ELA-010 card "CyQ've" "ELA-010" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # CyQ've ELA-110 card "CyQ've" "ELA-110 10/100M LAN Card" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # CyQ've ELA-110E card "CyQ've" "ELA-110E 10/100M LAN Card" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # D-Link DE-650 NE2000 clone card "D-Link" "DE-650" config 0x20 "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # D-Link DE-660 NE2000 clone card "D-Link" "DE-660" config 0x20 "ed" ? 0x10 ether 0x81 -# insert /etc/pccard_ether $device link0 -link1 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start +# insert /etc/pccard_ether $device start link0 -link1 + remove /etc/pccard_ether $device stop # D-Link DFE-650 NE2000 clone card "D-Link" "DFE-650" config 0x20 "ed" ? 0x10 - insert /etc/pccard_ether $device -# insert /etc/pccard_ether $device link0 -link1 - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start +# insert /etc/pccard_ether $device start link0 -link1 + remove /etc/pccard_ether $device stop # D-Link DME-560T LAN/FAX/MODEM Card (as Ethernet) card "D-Link" "DME560T" config default "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Danpex (Alloy, etc.) EN-6200P2 card "DANPEX" "EN-6200P2" config 0x22 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Dayna Communications CommuniCard E card "Dayna Communications, Inc." "CommuniCard E" config auto "ed" ? 0x10 # ether 0x110 00:80:19 ether 0x110 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Digital DEPCM-BA Ethernet card "DIGITAL" "DEPCM-XX" config auto "ed" ? 0x10 # ether 0xff0 00:00:e8 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Planex FNW-3600-T card "Dual Speed" "10/100 PC Card" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Planex FNW-3600-TX 16bit FastEthernet DirectDock card "Dual Speed" "10/100 Port Attached PC Card" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # LinkSys ethernet card card "E-CARD" "E-CARD" config 0x20 "ed" ? logstr "LinkSys card" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Eiger Labs Ethernet COMBO card "EIGER Labs Inc." "Ethernet COMBO Card" config auto "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # XXX Compex Net-A adapter, Telecom SuperSocket RE450T and # Apollo PCMCIA Ethernet Adapter have same manufacturer and @@ -486,8 +502,8 @@ config 0x1 "ed" ? ether 0xff0 logstr "Compex Net-A adapter" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Telecom Device SuperSocket RE450T # Note: There are several revisions of the cardon the market. @@ -502,76 +518,94 @@ # ether 0x110 00:e0:98 # ether 0xff0 00:e0:98 logstr "Telecom SuperSocket RE450T" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Apollo PCMCIA Ethernet Adapter card "Ethernet" "Adapter" config 0x0 "ed" ? logstr "Apollo PCMCIA Ethernet Adapter" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# pci Ethernet Adapter Card +card "Ethernet" "CF Size PC Card" + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# pci Ethernet Adapter Card +card "Ethernet" "CF Size PC Card" + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # "Ethernet Adapter" "E2000 PCMCIA Ethernet" card "Ethernet Adapter" "E2000 PCMCIA Ethernet" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # ADDTRON EP-210A card "EP-210 PCMCIA LAN CARD." "/.*/" config auto "ed" ? 0x10 # ether 0x110 00:40:33 ether 0x110 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # PLANEX (PLANET) FNW-3700-T card "Fast Ethernet" "16-bit PC Card" config auto "ed" ? 0x30000 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Planex FNW-3600-T 16bit FastEthernet card "Fast Ethernet" "Adapter" config 0x7 "ed" ? iosize 32 logstr "Planex FNW-3600-T" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# TDK Grey Cell GCS2000 Ethernet Card +card "Grey Cell" "GCS2000" + config auto "ed" ? 0x10 + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Grey Cell GCS2220 Ethernet Card card "Grey Cell" "GCS2220" config auto "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # GVC NIC-2000P Ethernet Card card "GVC" "NIC-2000p" config auto "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # IBM PCMCIA Ethernet I/II card "IBM Corp." "Ethernet" config 0x1 "ed" ? ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -#AR-P500 ethernet card +#AR-P500 ethernet card, PLANET PCMCIA ethernet Adapter card ENW-3500 card "IC-CARD" "IC-CARD" - config 0x20 "ed" ? + config auto "ed" ? logstr "AR-P500 Ethernet card" - insert /etc/pccard_ether $device - remove ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # IC-CARD+ Ethernet card card "IC-CARD+" "IC-CARD+" config auto "ed" ? logstr "IC-CARD+ Ethernet card" - insert /etc/pccard_ether $device - remove ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # I/O DATA PCLA/T card "I-O DATA" "PCLA" @@ -579,509 +613,506 @@ # ether 0x1c0 00:a0:b0 # ether 0xff0 00:a0:b0 ether 0xff0 - insert /etc/pccard_ether $device - remove ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # I-O DATA PCLATE card "IO DATA" "PCLATE" config 0x20 "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # I-O DATA PCETTX card "IO DATA" "PCETTX" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # KANSAI ELECTRIC KLA-PCM/T card "KANSAI ELECTRIC CO.,LTD" "KLA-PCM/T" config 0x1 "ed" 15 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Kingston KNE-PC2 card "Kingston" "KNE-PC2" config default "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Kingston KNE-PCM/x Ethernet card "Kingston Technology Corp." "/EtheRx PC Card Ethernet.*/" config auto "ed" ? ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # ELECOM Laneed LD-10/100CD card "Laneed" "LD-10/100CD" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Elecom Laneed LD-CDF card "Laneed" "LD-CDF" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # ELECOM Laneed LD-CDS card "Laneed" "LD-CDS" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Linksys Combo PCMCIA EthernetCard (model EC2T on box) card "Linksys" "Combo PCMCIA EthernetCard (EC2T)" config 0x1 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Linksys Combo PCMCIA Ethernet Card card "LINKSYS" "E-CARD" config auto "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Linksys EtherFast 10/100 Intergrated PC Card (PCM100) card "Linksys" "EtherFast 10/100 Integrated PC Card (PCM100)" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop #Linksys EtherFast 10/100 PC Card (PCMPC100) card "Linksys" "EtherFast 10/100 PC Card (PCMPC100)" config 0x3 "ed" ? # config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Logitec LPM-LN100TX 100BASE-TX Ethernet LAN CARD card "Logitec" "LPM-LN100TX" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Logitec LPM-LN20T card "Logitec" "LPM-LN20T" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Socket LP-E (WinCE Low Power Ethernet) card "Low Power Ethernet LAN Adapter" "Socket Communications, Inc" config 0x20 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # ELECOM Laneed LD-CDWA (DP83902A) card "MACNICA" "ME1-JEIDA" config auto "ed" ? # ether 0xb8 08:00:42 ether 0xb8 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Matsushita Electric Industrial Co.,LTD. CF-VEL211P-B card "Matsushita Electric Industrial Co.,LTD." "CF-VEL211" config auto "ed" ? # ether 0xff0 00:80:45 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # MELCO LPC2-T card "MELCO" "LPC2-T" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # MELCO LPC2-TX card "MELCO" "LPC2-TX" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Melco LPC-T (PIO mode) card "MELCO" "LPC3-TX" config 0x1 "ed" ? 0x30000 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # National Semiconductor InfoMover 4100 card "National Semiconductor" "InfoMover 4100" config auto "ed" ? # ether 0xff0 08:00:17 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # National Semiconductor InfoMover NE4100 card "National Semiconductor" "InfoMover NE4100" config 0x1 "ed" ? ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # NDC Ethernet Instant-Link NE2000 clone card "NDC" "Ethernet" config 0x22 "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # NEC PC-9801N-J12 card "NEC" "PC-9801N-J12" config auto "ed" ? # ether 0xff0 00:00:4c ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # BayNetworks NETGEAR FA410TXC Fast Ethernet card "NETGEAR" "FA410TX" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Network Everywhere Ethernet 10BaseT PC Card card "Network Everywhere" "Ethernet 10BaseT PC Card" config 0x1 "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Network Everywhere Ethernet Fast Ethernet 10/100 PC Card card "Network Everywhere" "Fast Ethernet 10/100 PC Card" config 0x5 "ed" 10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # New Media Corporation LiveWire 10/100 card "New Media Corporation" "LiveWire 10/100" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # NextCom Next Hawk Etherneet Adapter card "NextCom K.K." "Next Hawk" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Nihon Unisys, Ltd. JPF0400-ETH card "Nihon Unisys, Ltd." "JPF0400-ETH" config auto "ed" ? # ether 0xff0 00:80:45 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Nihon Unisys, Ltd. JPF0400-LAN card "Nihon Unisys, Ltd." "JPF0400-LAN" config auto "ed" ? # ether 0xff0 00:80:45 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # No-brand NE-2000 compatible card card "PCMCIA" "ETHERNET V1.0" config auto "ed" ? 0x10 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Telecom Device SuperSocket HPC100 card "PCMCIA" "FastEthernet" config auto "ed" ? 0x30000 logstr "Telecom Device SuperSocket HPC100" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Billionton 10Base-TX ETHERNET PCCARD (aka UE2216) # Also Genuius "Ethernet ME3000II SE" card "PCMCIA" "PCMCIA-ETHERNET-CARD" config 0x20 "ed" ? 0x10 logstr "UE2216" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Melco LPC-T (PIO mode) card "PCMCIA" "UE2212" - config 0x1 "ed" ? 0x10 + config auto "ed" ? 0x10 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # EXPsys PCMCIA Ethernet Combo, Relia PCMCIA Ethernet card "PCMCIA LAN" "Ethernet" config auto "ed" ? logstr "EXPsys Ethernet" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # LinkMates LM 336 LAN Fax/Modem PC Card card "PCMCIAs" "ComboCard" config 0x24 "ed" ? 0x10 logstr "LinkMates LM 336" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Telecom Device SuperSocket LM336 (as Ethernet only) card "PCMCIAs" "LanModem" config default "ed" ? logstr "SuperSocket LM336" - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # PreMax PE-200 Ethernet Card card "PMX " "PE-200" config auto "ed" ? 0x10 # ether 0x7f0 00:20:e0 ether 0x7f0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Psion Dacom Gold Card V34 Ethernet GSM # as ethernet card "Psion Dacom" "Gold Card V34 Ethernet GSM" - config default "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # RIOS PC CARD3 ETHERNET card "RIOS Systems Co." "PC CARD3 ETHERNET" config auto "ed" ? # ether 0xff0 00:00:48 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # RPTI EP401 Ethernet card card "RPTI" "EP401 Ethernet NE2000 Compatible" config 0x22 "ed" 9 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # SCM Ethernet Combo (*Not SMC :-)*) card "SCM" "Ethernet Combo card" config auto "ed" ? 0x10 # ether 0xff0 00:20:cb ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Epson EEN10B Ethernet Card card "Seiko Epson Corp." "Ethernet" config auto "ed" ? 0x10 # ether 0xff0 00:00:48 ether 0xff0 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # 3way 3WL-847-TX card "SUN WAY" "3WL-847-TX 100BASE-TX" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Surecom EtherPerfect EP-427 card "TAMARACK" "Ethernet" - config 0x21 "ed" ? - insert /etc/pccard_ether $device - remove ifconfig $device delete + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# TDK LAK-CD031 +card "TDK" "/LAK-CD031.*/" + config auto "ed" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Telecom Device SuperSocket RE450T and RE550T card "Telecom Device K.K." "/SuperSocket RE[45]50T/" config auto "ed" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Toshiba Joho System PTJ-LAN/T card "TJ" "Ethernet" config auto "ed" ? 0x10 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Xircom CompactCard Ethernet 10 (CFE-10) card "Xircom" "CompactCard Ethernet" config auto "ed" ? - insert /etc/pccard_ether $device - remove ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop ########## ep ########## # 3Com Fast Etherlink 3C574TX card "3Com" "3C574-TX Fast EtherLink PC Card" config 0x1 "ep" ? 0x1 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # 3Com Megahertz 3CXEM556 (only lan side) doesn't work yet card "3Com" "Megahertz 3CXEM556" config 0x1 "ep" ? 0x1 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # 3Com Megahertz 3CCFEM556BI, 3CXEM556B # as ethernet card "3Com" "/Megahertz 3C.*EM556/" config default "ep" ? 0x1 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # 3Com Megahertz 574B card "3Com" "Megahertz 574B" config 0x1 "ep" ? 0x1 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop +# 3Com Etherlink III 3CXE589EC # 3Com Etherlink III 3CXE589ET card "3Com" "Megahertz 589E" config 0x1 "ep" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # 3Com OfficeConnect 3CXSH572BT card "3Com" "OfficeConnect 572B" config 0x1 "ep" ? 0x1 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # 3Com Etherlink III 3C562 (as Network) # Don't think this will work. #card "3Com Corporation" "3C562" # config 0x9 "ep" ? -# insert /etc/pccard_ether $device -link0 link1 -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start -link0 link1 +# remove /etc/pccard_ether $device stop # 3Com Etherlink III 3C589B, 3C589C card "3Com Corporation" "3C589" config 0x1 "ep" ? # config auto "ep" ? - insert /etc/pccard_ether $device -link0 link1 -# insert /etc/pccard_ether $device link0 -link1 - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start -link0 link1 +# insert /etc/pccard_ether $device start link0 -link1 + remove /etc/pccard_ether $device stop # 3Com Etherlink III 3C589D card "3Com Corporation" "3C589D" config 0x1 "ep" ? # config auto "ep" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Farallon EtherMac card "Farallon" "ENet" config 0x1 "ep" ? - insert /etc/pccard_ether $device -# insert /etc/pccard_ether $device link0 - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start +# insert /etc/pccard_ether $device start link0 + remove /etc/pccard_ether $device stop ########## ex ########## # Olicom OC2220 card "Olicom" "Ethernet" config 0x1 "ex" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop ########## fe ########## -# XXX NOT SUPPORTED YET # CONTEC C-NET(PC)C Ethernet -#card "CONTEC Co.,Ltd." "/C-NET\(PC\)C.*/" -# config auto "fe" ? -## ether 0x58 00:80:4c -# ether 0x58 -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "CONTEC Co.,Ltd." "/C-NET\(PC\)C.*/" + config auto "fe" ? +# ether 0x58 00:80:4c + ether 0x58 + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # Fujitsu MBH10303 Ethernet PCMCIA -#card "EAGLE Technology" "NE200 ETHERNET LAN MBH10303 " -# config 0x1 "fe" ? -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "EAGLE Technology" "NE200 ETHERNET LAN MBH10303 " + config auto "fe" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # Eiger Labs EPX-10BT -#card "Eiger labs,Inc." "EPX-10BT PC Card Ethernet 10BT" -# config 0x20 "fe" ? -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "Eiger labs,Inc." "EPX-10BT PC Card Ethernet 10BT" + config auto "fe" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # Fujitsu FMV-J182, FMV-J182A -#card "FUJITSU" "LAN Card(FMV-J182)" -# config auto "fe" ? -# # These cards have same ID strings, and different MAC address -# # locations. -## ether 0xf2c 00:00:0e #FMV-J182 +card "FUJITSU" "LAN Card(FMV-J182)" + config auto "fe" ? + # These cards have same ID strings, and different MAC address + # locations. +# ether 0xf2c 00:00:0e #FMV-J182 # ether 0xf2c #FMV-J182 -## ether 0x1cc 00:00:0e #FMV-J182A -# ether 0x1cc #FMV-J182A -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# ether 0x1cc 00:00:0e #FMV-J182A + ether 0x1cc #FMV-J182A + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # Fujitsu Towa LA501 Ethernet -#card "FUJITSU TOWA" "LA501" -# config auto "fe" ? 0x10 -## ether 0x332 00:00:0e -# ether 0x332 -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "FUJITSU TOWA" "LA501" + config auto "fe" ? 0x10 +# ether 0x332 00:00:0e + ether 0x332 + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # HITACHI HT-4840-11 -#card "HITACHI" "HT-4840-11" -# config 0x1a "fe" ? -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "HITACHI" "HT-4840-11" + config auto "fe" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # NextCom J Link NC5310 -#card "NextComK.K." "/NC5310 Ver1\.0.*/" -# config auto "fe" ? -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "NextComK.K." "/NC5310 Ver1\.0.*/" + config auto "fe" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # RATOC REX-5588, REX-9822, REX-4886 -#card "PCMCIA LAN MBH10304 ES" " 01" -# config auto "fe" ? +card "PCMCIA LAN MBH10304 ES" " 01" + config auto "fe" ? # ether 0x32c 00:c0:d0 # many minor revs.... # ether 0x328 00:c0:d0 # ether 0x200 00:c0:d0 -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete + ether 0x200 + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # Fujitsu MBH10302 -#card "PCMCIA MBH10302" "01" -# config 0x14 "fe" ? -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "PCMCIA MBH10302" "01" + config auto "fe" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # RATOC REX-R280 -#card "RATOC System Inc." "10BASE_T CARD R280" -# config auto "fe" ? -## ether 0x1fc 00:c0:d0 -# ether 0x1fc -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "RATOC System Inc." "10BASE_T CARD R280" + config auto "fe" ? +# ether 0x1fc 00:c0:d0 + ether 0x1fc + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# XXX NOT SUPPORTED YET # TDK LAK-CD021, LAK-CD021A, LAK-CD021BX -#card "TDK" "LAC-CD02x" -# config auto "fe" ? -# # These cards have same ID strings, and different MAC address -# # locations. -# #ether 0x92 00:80:98 # LAC-CD021, LAC-021A -# #ether 0x96 00:80:98 # LAC-CD021BX -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +card "TDK" "LAC-CD02x" + config auto "fe" ? + # These cards have same ID strings, and different MAC address + # locations. + #ether 0x92 00:80:98 # LAC-CD021, LAC-021A + #ether 0x96 00:80:98 # LAC-CD021BX + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop ########## fdc ########## @@ -1114,76 +1145,64 @@ ########## ncv ########## -# XXX NOT SUPPORTED YET # New Media Corporation BASICS SCSI # (Do not put this entry under Bustoaster) -#card "BASICS by New Media Corporation" "SCSI Sym53C500" -# config 0x14 "ncv" ? +card "BASICS by New Media Corporation" "SCSI Sym53C500" + config auto "ncv" ? -# XXX NOT SUPPORTED YET # Media Intelligent SCSI-2 PC Card MSC-200 -#card "EPSON" "SCSI-2 PC Card SC200" -# config 0x12 "ncv" ? +card "EPSON" "SCSI-2 PC Card SC200" + config auto "ncv" ? -# XXX NOT SUPPORTED YET # KME (TAXAN ICD-400PN, etc.) -#card "KME" "KXLC002" -# config 0x26 "ncv" ? 0xb4d00000 +card "KME" "KXLC002" + config auto "ncv" ? 0xb4d00000 -# XXX NOT SUPPORTED YET # KME KXLC004 -#card "KME" "KXLC004" -# config default "ncv" ? 0xb4d00001 +card "KME" "KXLC004" + config auto "ncv" ? 0xb4d00100 -# XXX NOT SUPPORTED YET # IO DATA PCSC-DV # Macnica Miracle SCSI mPS100 -#card "MACNICA" "MIRACLE SCSI" "mPS100" "D.0" -# config 0x11 "ncv" ? 0xb6250000 +card "MACNICA" "MIRACLE SCSI" "mPS100" "D.0" + config auto "ncv" ? 0xb6250000 -# XXX NOT SUPPORTED YET # Macnica Miracle SCSI-II mPS110 -#card "MACNICA" "MIRACLE SCSI-II mPS110" -# config 0x15 "ncv" ? 0 +card "MACNICA" "MIRACLE SCSI-II mPS110" + config auto "ncv" ? 0 -# XXX NOT SUPPORTED YET # NEC PC-9801N-J03R -#card "NEC" "PC-9801N-J03R" -# config 0x15 "ncv" ? 0 +card "NEC" "PC-9801N-J03R" + config auto "ncv" ? 0 -# XXX NOT SUPPORTED YET # Qlogic Fast SCSI -#card "QLOGIC CORPORATION" "pc05" -# config 0x2f "ncv" ? 0x84d00000 +card "QLOGIC CORPORATION" "pc05" + config auto "ncv" ? 0x84d00000 -# XXX NOT SUPPORTED YET # RATOC REX-9530 -#card "RATOC System Inc." "/SCSI2 CARD.*/" -# config auto "ncv" ? 0x84d00000 +card "RATOC System Inc." "/SCSI2 CARD.*/" + config auto "ncv" ? 0x84d00000 -# XXX NOT SUPPORTED YET # RATOC REX-5572 (as SCSI only) -#card "RATOC System Inc." "/SOUND/SCSI2 CARD.*/" -# config default "ncv" ? 0x84d00000 -## cardio 0x640 0x10 -# iosize 16 +card "RATOC System Inc." "/SOUND/SCSI2 CARD.*/" + config auto "ncv" ? 0x84d00000 +# cardio 0x640 0x10 + iosize 16 ########## nsp ########## -# XXX NOT SUPPORTED YET # WORKBIT Ninja SCSI series -#card "IO DATA" "CBSC16 " -# config default "nsp" ? +card "IO DATA" "CBSC16 " + config auto "nsp" ? -# XXX NOT SUPPORTED YET # WORKBIT Ninja SCSI series -#card "WBT" "NinjaSCSI-3" -# config default "nsp" ? +card "WBT" "NinjaSCSI-3" + config auto "nsp" ? -# XXX NOT SUPPORTED YET # WORKBIT Ninja SCSI series (PIO mode) +# (If you want to use them in PIO mode comment out above and uncommnet below.) #card "WBT" "NinjaSCSI-3" -# config default "nsp" ? 0x1 +# config auto "nsp" ? 0x100 ########## opl ########## @@ -1362,6 +1381,10 @@ card "Motorola, Inc." "MARINER MODEM/FAX/LAN" config 0x35 "sio" ? +# Nokia Card Phone 2.0 (gsm900/dcs1800 HSCSD terminal) +card "Nokia Mobile Phones" "Nokia Card Phone" + config 0x3 "sio" ? + # NTT ThunderCard Modem card "NTT-IT CO., LTD" "ThunderCard AVF288, V.34" config 0x22 "sio" ? @@ -1485,7 +1508,6 @@ # RFI HotLine serial card card "RFI" "RS-232 ComCard Rev.II" config 0x23 "sio" ? - insert remove -t pccard:$device -s RFI Hotline removed # SII MC-6530 card "SII" "PHS DATA 32S" @@ -1517,11 +1539,9 @@ #card "TDK" "GlobalNetworker 3410/3412" # config auto "sio" ? 0x40000 -# XXX NOT SURE SUPPORTED -# XXX generic serial? -# Toshiba Modem/LAN card IPC5001B -#card "TOSHIBA" "Modem/LAN Card" -# config 0x25 "sio" ? +# Toshiba Modem/LAN card IPC5001B (as Modem) +card "TOSHIBA" "Modem/LAN Card" + config 0x25 "sio" ? # 3Com/USR/Toshiba SLIMV90 card "TOSHIBA" "SLIMV90" @@ -1577,16 +1597,16 @@ card "Megahertz" "CC10BT/2" config 0x1 "sn" ? ether attr2 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Megahertz Ethernet Adapter card "Megahertz" "ETHERNET ADAPTOR" config auto "sn" ? # ether attr2hex 00:00:86 ether attr2 - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Megahertz X-Jack Ethernet/Modem 14.4K #card "MEGAHERTZ" "XJEM1144/CCEM1144" @@ -1599,22 +1619,22 @@ config auto "sn" ? # ether 0x4a 00:a0:dc ether 0x4a - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # SMC EtherEZ Combo(SMC8020BT) card "SMC" "EtherEZ Ethernet 8020" config default "sn" ? # ether 0x9a 00:00:c0 # ether 0x9a - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Victor M-MOIL CARD card "JVC" "MiniMoil Ethernet Card" config 0x01 "sn" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop ########## spc ########## @@ -1624,36 +1644,31 @@ ########## stg ########## -# XXX NOT SUPPORTED YET # RATOC REX-5536, Melco IFC-SC -#card "1195 RATOC System Inc." "REX5536 SCSI2 CARD" -# config 0x7 "stg" ? 0 +card "1195 RATOC System Inc." "REX5536 SCSI2 CARD" + config auto "stg" ? 0 -# XXX NOT SUPPORTED YET # Future Domain SCSI2GO -#card "Future Domain Corporation" "SCSI PCMCIA Credit Card Controller" -# config default "stg" ? +card "Future Domain Corporation" "SCSI PCMCIA Credit Card Controller" + config auto "stg" ? -# XXX NOT SUPPORTED YET # IBM SCSI PCMCIA Card -#card "IBM Corp." "SCSI PCMCIA Card" -# config default "stg" ? +card "IBM Corp." "SCSI PCMCIA Card" + config auto "stg" ? -# XXX NOT SUPPORTED YET # RATOC REX-5536AM, REX-9836A, ICM PSC-2401 SCSI # (Don't put this entry under REX5535 series!) # There's a buggy revision of this card which has broken CIS tupples. # if you can't use this card, please use the point enabler. (for example, # type "pccardc enabler 0 stg0 -a 0x4140 -i 5" from root command prompt) -#card "PCMCIA SCSI MBH10404" "01" -# config 0x37 "stg" ? -# logstr "RATOC REX-5536AM SCSI" +card "PCMCIA SCSI MBH10404" "01" + config auto "stg" ? + logstr "RATOC REX-5536AM SCSI" -# XXX NOT SUPPORTED YET # RATOC REX-5536M -#card "PCMCIA SCSI2 CARD" "01" -# config 0x5 "stg" ? 0 -# logstr "RATOC REX-5536M SCSI" +card "PCMCIA SCSI2 CARD" "01" + config auto "stg" ? 0 + logstr "RATOC REX-5536M SCSI" ########## wlp ########## @@ -1665,8 +1680,8 @@ # config default "wlp" ? # US version (915MHz) ## config default "wlp" ? 0x01 # Japanese version (2.4GHz) ## ether wavelan -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start +# remove /etc/pccard_ether $device stop # XXX NOT SUPPORTED YET # Digital RoamAbout @@ -1674,16 +1689,16 @@ # config auto "wlp" ? ## ether wavelan # insert /usr/sbin/wlpconfig -i wlp0 -w 0xaaaa -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start +# remove /etc/pccard_ether $device stop # XXX NOT SUPPORTED YET # Lucent Wavelan #card "Lucent Technologies" "WaveLAN/PCMCIA" # config default "wlp" ? # ether wavelan -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start +# remove /etc/pccard_ether $device stop # XXX NOT SUPPORTED YET # NCR Wavelan PCMCIA @@ -1693,8 +1708,8 @@ # config default "wlp" ? # US version (915MHz) ## config default "wlp" ? 0x01 # Japanese version (2.4GHz) # ether wavelan -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start +# remove /etc/pccard_ether $device stop ########## wi ########## @@ -1702,53 +1717,101 @@ # Cabletron RoamAbout, WaveLAN/IEEE clone card "Cabletron" "RoamAbout 802.11 DS" config 0x1 "wi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# Lucent WaveLAN/IEEE -card "Lucent Technologies" "WaveLAN/IEEE" +# Compaq WL100 +card "Compaq" "WL100_11Mbps_Wireless_PC_Card" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# Corega KK Wireless LAN PCC-11 +card "corega K.K." "Wireless LAN PCC-11" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# ELECOM Air@Hawk/LD-WL11/PCC (0.7.5) +card "ELECOM" "Air@Hark/LD-WL11/PCC" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# ELECOM Air@Hawk/LD-WL11/PCC (0.7.6 and later) +card "ELECOM" "Air@Hawk/LD-WL11/PCC" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# ICOM SL-1100 +card "ICOM" "SL-1100" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# Farallon Skyline 11Mbps Wireless +card "INTERSIL" "HFA384x/IEEE" config 0x1 "wi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop -# NCR WaveLAN/IEEE -card "NCR" "WaveLAN/IEEE" +# Lucent WaveLAN/IEEE +card "Lucent Technologies" "WaveLAN/IEEE" config 0x1 "wi" ? -# config auto "wi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Melco Airconnect card "MELCO" "WLI-PCM-L11" config 0x1 "wi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# NCR WaveLAN/IEEE +card "NCR" "WaveLAN/IEEE" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# NEC Wireless Card CMZ-RT-WP +card "NEC" "Wireless Card CMZ-RT-WP" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # PLANEX GeoWave/GW-NS110 card "PLANEX" "GeoWave/GW-NS110" config 0x1 "wi" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + +# TDK LAK-CD011WL +card "TDK" "LAK-CD011WL for Wireless LAN" + config auto "wi" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop + ########## xe ########## # Accton EN2226/Fast EtherCard (16-bit verison) card "Accton" "Fast EtherCard-16" - config default "xe" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + config auto "xe" ? + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Compaq Netelligent 10/100 PC Card card "Compaq" "Netelligent 10/100 PC Card" config 0x1 "xe" ? - insert /etc/pccard_ether $device - remove sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Intel EtherExpress PRO/100 Mobile Adapter (16-bit verison) card "Intel" "EtherExpress(TM) PRO/100 PC Card Mobile Adapter16" config 0x1 "xe" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # XXX NOT SURE SUPPORTED # Toshiba 10/100 Ethernet PC Card IPC5008A @@ -1756,32 +1819,32 @@ # config auto "xe" ? ## cardio 0x300 0x10 # iosize 16 -# insert /etc/pccard_ether $device -# remove /sbin/ifconfig $device delete +# insert /etc/pccard_ether $device start +# remove /etc/pccard_ether $device stop # Xircom Realport card + modem card "Xircom" "16-bit Ethernet + Modem 56" config 0x27 "xe" 9 - insert /etc/pccard_ether $device - remove /etc/pccard_ether $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Xircom CreditCard Ethernet 10/100 card "Xircom" "CreditCard 10/100" config 0x1 "xe" ? - insert /etc/pccard_ether $device - remove /etc/pccard_ether $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Xircom CreditCard 10Base-T "CreditCard Ethernet Adaptor IIps" (PS-CE2-10) card "Xircom" "CreditCard 10Base-T" config auto "xe" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # Xircom CreditCard Ethernet 10/100 + modem (Ethernet part) card "Xircom" "CreditCard Ethernet 10/100 + Modem 56" config 0x27 "xe" ? - insert /etc/pccard_ether $device - remove /sbin/ifconfig $device delete + insert /etc/pccard_ether $device start + remove /etc/pccard_ether $device stop # ------------------------------------------------------------------- # diff -urN 4.1-RELEASE/etc/defaults/periodic.conf 4.2-RELEASE/etc/defaults/periodic.conf --- 4.1-RELEASE/etc/defaults/periodic.conf Thu Jan 1 09:00:00 1970 +++ 4.2-RELEASE/etc/defaults/periodic.conf Mon Nov 20 21:03:04 2000 @@ -0,0 +1,202 @@ +#!/bin/sh +# +# This is defaults/periodic.conf - a file full of useful variables that +# you can set to change the default behaviour of periodic jobs on your +# system. You should not edit this file! Put any overrides into one of the +# $periodic_conf_files instead and you will be able to update these defaults +# later without spamming your local configuration information. +# +# The $periodic_conf_files files should only contain values which override +# values set in this file. This eases the upgrade path when defaults +# are changed and new features are added. +# +# $FreeBSD: src/etc/defaults/periodic.conf,v 1.7.2.2 2000/09/20 02:35:57 jkh Exp $ +# + +# What files override these defaults ? +periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" + +# periodic script dirs +local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" + + +# Daily options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $daily_output might be set to /var/log/daily.log if you +# wish to log the daily output and have the files rotated by newsyslog(8) +# +daily_output="root" # user or /file +daily_show_success="YES" # scripts returning 0 +daily_show_info="YES" # scripts returning 1 +daily_show_badconfig="NO" # scripts returning 2 + +# 100.clean-disks +daily_clean_disks_enable="NO" # Delete files daily +daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" +daily_clean_disks_days=3 # If older than this +daily_clean_disks_verbose="YES" # Mention files deleted + +# 110.clean-tmps +daily_clean_tmps_enable="NO" # Delete stuff daily +daily_clean_tmps_dirs="/tmp" # Delete under here +daily_clean_tmps_days="3" # If not accessed for +daily_clean_tmps_ignore=".X*-lock quota.user quota.group" # Don't delete these +daily_clean_tmps_verbose="YES" # Mention files deleted + +# 120.clean-preserve +daily_clean_preserve_enable="YES" # Delete files daily +daily_clean_preserve_days=7 # If not modified for +daily_clean_preserve_verbose="YES" # Mention files deleted + +# 130.clean-msgs +daily_clean_msgs_enable="YES" # Delete msgs daily +daily_clean_msgs_days= # If not modified for + +# 140.clean-rwho +daily_clean_rwho_enable="YES" # Delete rwho daily +daily_clean_rwho_days=7 # If not modified for +daily_clean_rwho_verbose="YES" # Mention files deleted + +# 150.clean-hoststat +daily_clean_hoststat_enable="YES" # Delete .hoststat daily +daily_clean_hoststat_days=3 # If not modified for +daily_clean_hoststat_verbose="YES" # Mention files deleted + +# 200.backup-passwd +daily_backup_passwd_enable="YES" # Backup passwd & group + +# 210.backup-aliases +daily_backup_aliases_enable="YES" # Backup mail aliases + +# 220.backup-distfile +daily_backup_distfile_enable="YES" # rdist /etc/Distfile + +# 300.calendar +daily_calendar_enable="NO" # Run calendar -a + +# 310.accounting +daily_accounting_enable="YES" # Rotate acct files +daily_accounting_compress="NO" # Gzip rotated files + +# 320.distfile +daily_distfile_enable="YES" # Run rdist daily + +# 330.news +daily_news_expire_enable="YES" # Run news.expire + +# 340.uucp +daily_uuclean_enable="YES" # Run uuclean.daily + +# 400.status-disks +daily_status_disks_enable="YES" # Check disk status +daily_status_disks_df_flags="-k -t nonfs" # df(1) flags for check + +# 410.status-uucp +daily_status_uucp_enable="YES" # Check uucp status + +# 420.status-network +daily_status_network_enable="YES" # Check network status +daily_status_network_usedns="YES" # DNS lookups are ok + +# 430.status-rwho +daily_status_rwho_enable="YES" # Check system status + +# 440.status-mailq +daily_status_mailq_enable="YES" # Check mail status +daily_status_mailq_shorten="NO" # Shorten output + +# 450.status-security +daily_status_security_enable="YES" # Security check +daily_status_security_inline="NO" # Run inline ? +daily_status_security_noamd="NO" # Don't check amd mounts +daily_status_security_nomfs="NO" # Don't check mfs mounts + +# 460.status-mail-rejects +daily_status_mail_rejects_enable="YES" # Check mail rejects +daily_status_mail_rejects_logs=3 # How many logs to check + +# 999.local +daily_local="/etc/daily.local" # Local scripts + + +# Weekly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + +# 120.clean-kvmdb +weekly_clean_kvmdb_enable="YES" # Clean kvmdb weekly +weekly_clean_kvmdb_days=7 # If not accessed for +weekly_clean_kvmdb_verbose="YES" # Mention files deleted + +# 300.uucp +weekly_uucp_enable="YES" # Clean uucp weekly + +# 310.locate +weekly_locate_enable="YES" # Update locate weekly + +# 320.whatis +weekly_whatis_enable="YES" # Update whatis weekly + +# 330.catman +weekly_catman_enable="NO" # Preformat man pages + +# 340.noid +weekly_noid_enable="NO" # Find unowned files +weekly_noid_dirs="/" # Look here + +# 400.status-pkg +weekly_status_pkg_enable="NO" # Find out-of-date pkgs + +# 999.local +weekly_local="/etc/weekly.local" # Local scripts + + +# Monthly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + +# 200.accounting +monthly_accounting_enable="YES" # Login accounting + +# 999.local +monthly_local="/etc/monthly.local" # Local scripts + + +# Define source_periodic_confs, the mechanism used by /etc/periodic/*/* +# scripts to source defaults/periodic.conf overrides safely. + +if [ -z "${source_periodic_confs_defined}" ]; then + source_periodic_confs_defined=yes + source_periodic_confs () { + local i sourced_files + + for i in ${periodic_conf_files}; do + case ${sourced_files} in + *:$i:*) + ;; + *) + sourced_files="${sourced_files}:$i:" + [ -r $i ] && . $i + ;; + esac + done + } +fi diff -urN 4.1-RELEASE/etc/defaults/rc.conf 4.2-RELEASE/etc/defaults/rc.conf --- 4.1-RELEASE/etc/defaults/rc.conf Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/defaults/rc.conf Mon Nov 20 21:03:04 2000 @@ -13,7 +13,7 @@ # # All arguments must be in double or single quotes. # -# $FreeBSD: src/etc/defaults/rc.conf,v 1.53.2.6 2000/06/24 20:51:27 dillon Exp $ +# $FreeBSD: src/etc/defaults/rc.conf,v 1.53.2.13 2000/11/11 20:33:40 jkh Exp $ ############################################################## ### Important initial Boot-time options #################### @@ -30,7 +30,6 @@ pccardd_flags="" # Additional flags for pccardd. pccard_conf="/etc/defaults/pccard.conf" # pccardd(8) config file local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. -local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # periodic script dirs rc_conf_files="/etc/rc.conf /etc/rc.conf.local" ############################################################## @@ -38,7 +37,6 @@ ############################################################## ### Basic network and firewall/security options: ### -# hostname="" # Set this! nisdomainname="NO" # Set to NIS domain if using NIS (or NO). dhcp_program="/sbin/dhclient" # Path to dhcp client program. @@ -47,15 +45,32 @@ firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display +firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file -ipsec_enable="NO" # Set to YES to run setkey on ipsec_file -ipsec_file="/etc/ipsec.conf" # Name of config file for setkey ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port +ipsec_enable="NO" # Set to YES to run setkey on ipsec_file +ipsec_file="/etc/ipsec.conf" # Name of config file for setkey natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. +ipfilter_enable="NO" # Set to YES to enable ipfilter functionality +ipfilter_program="/sbin/ipf -Fa -f" + # program and how to specify the rules file, + # see /etc/rc.network (pass1) for details +ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see + # /usr/src/contrib/ipfilter/rules for examples +ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module + # (i.e. compiled into the kernel) to + # avoid a warning about "already initialized" +ipnat_enable="NO" # Set to YES for ipnat; needs ipfilter, too! +ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file +ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat +ipnat_flags="" # additional flags for ipnat +ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter, too! +ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives +ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" tcp_extensions="NO" # Set to YES to turn on RFC1323 extensions. log_in_vain="NO" # YES to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). @@ -69,7 +84,7 @@ network_interfaces="auto" # List of network interfaces (or "auto"). ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. -#ifconfig_ed0_alias0="inet6 fec0:0000:0000:0005::1 prefixlen 64" # Sample alias entry for IPv6. +#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. # # If you have any sppp(4) interfaces above, you might also want to set # the following parameters. Refer to spppcontrol(8) for their meaning. @@ -83,6 +98,7 @@ # For details see man page for ppp(8). Default is auto. ppp_nat="YES" # Use PPP's internal network address translation or NO. ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. +ppp_user="root" # Which user to run ppp as ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). @@ -105,7 +121,7 @@ rwhod_enable="NO" # Run the rwho daemon (or NO). rwhod_flags="" # Flags for rwhod amd_enable="NO" # Run amd service with $amd_flags (or NO). -amd_flags="-a /.amd_mnt -c 1800 -l syslog /host /etc/amd.map /net /etc/amd.map" +amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_client_flags="-n 4" # Flags to nfsiod (if enabled). @@ -114,6 +130,7 @@ nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). single_mountd_enable="NO" # Run mountd only (or NO). mountd_flags="-r" # Flags to mountd (if NFS server enabled). +weak_mountd_authentication="NO" # Allow non-root mount requests to be served. nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). nfs_bufpackets="DEFAULT" # bufspace (in packets) for client (or DEFAULT) rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. @@ -132,8 +149,8 @@ pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). pppoed_interface="fxp0" # The interface that pppoed runs on. -sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_enable="NO" # Enable sshd +sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. ### Network Time Services options: ### @@ -198,6 +215,7 @@ ### IPv6 options: ### ipv6_enable="NO" # Set to YES to set up for IPv6. ipv6_network_interfaces="auto" # List of network interfaces (or "auto"). +ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). ipv6_static_routes="" # Set to static route list (or leave empty). #ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64 # route toward loopback interface. @@ -208,10 +226,12 @@ ipv6_router_flags="" # Flags to IPv6 routing daemon. #ipv6_router_flags="-l" # Example for route6d with only IPv6 site local # addrs. -#ipv6_network_interfaces="ed0 ep0" # Examples for router. +#ipv6_network_interfaces="ed0 ep0" # Examples for router + # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. +#ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64" # Sample alias entry ipv6_default_interface="" # Default output interface for scoped addrs. # Now this works only for IPv6 link local # multicast addrs. @@ -238,6 +258,15 @@ stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. # If you like, you can set "AUTO" for this. stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 +ipv6_ipv4mapping="YES" # Leave empty to disable IPv4 mapped IPv6 addr + # communication. (like ::ffff:a.b.c.d) +ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall + # functionality +ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall +ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6) +ipv6_firewall_quiet="NO" # Set to YES to suppress rule display +ipv6_firewall_logging="NO" # Set to YES to enable events logging +ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file ############################################################## ### System console options ################################# @@ -278,6 +307,7 @@ check_quotas="YES" # Check quotas on startup (or NO). accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). +ibcs2_loaders="NO" # List of additional Ibcs2 loaders (or NO). linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO). osf1_enable="NO" # Alpha OSF/1 emulation loaded at startup (or NO). diff -urN 4.1-RELEASE/etc/gettytab 4.2-RELEASE/etc/gettytab --- 4.1-RELEASE/etc/gettytab Thu Jul 27 12:14:37 2000 +++ 4.2-RELEASE/etc/gettytab Mon Nov 20 21:03:04 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/gettytab,v 1.17 1999/08/27 23:23:41 peter Exp $ +# $FreeBSD: src/etc/gettytab,v 1.17.2.1 2000/08/16 22:46:30 jhb Exp $ # from: @(#)gettytab 5.14 (Berkeley) 3/27/91 # # Most of the table entries here are just copies of the old getty table, @@ -198,3 +198,10 @@ # A|Auto-baud:\ :ab:sp#2400:f0#040: + +# +# autologin - automatically log in as root +# + +autologin|al.9600:\ + :al=root:tc=std.9600: diff -urN 4.1-RELEASE/etc/hosts 4.2-RELEASE/etc/hosts --- 4.1-RELEASE/etc/hosts Thu Jul 27 12:14:37 2000 +++ 4.2-RELEASE/etc/hosts Mon Nov 20 21:03:04 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/hosts,v 1.11 2000/02/15 14:59:16 shin Exp $ +# $FreeBSD: src/etc/hosts,v 1.11.2.1 2000/08/18 18:29:19 ume Exp $ # # Host Database # This file should contain the addresses and aliases @@ -7,8 +7,8 @@ # not be consulted at all; see /etc/host.conf for the resolution order. # # -127.0.0.1 localhost localhost.my.domain myname.my.domain ::1 localhost localhost.my.domain myname.my.domain +127.0.0.1 localhost localhost.my.domain myname.my.domain # # Imaginary network. #10.0.0.2 myname.my.domain myname diff -urN 4.1-RELEASE/etc/inetd.conf 4.2-RELEASE/etc/inetd.conf --- 4.1-RELEASE/etc/inetd.conf Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/inetd.conf Mon Nov 20 21:03:04 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/inetd.conf,v 1.44.2.1 2000/03/25 22:09:59 jhb Exp $ +# $FreeBSD: src/etc/inetd.conf,v 1.44.2.3 2000/10/04 07:58:51 kris Exp $ # # Internet server configuration database # @@ -6,9 +6,9 @@ # ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l telnet stream tcp nowait root /usr/libexec/telnetd telnetd -shell stream tcp nowait root /usr/libexec/rshd rshd -login stream tcp nowait root /usr/libexec/rlogind rlogind -finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s +#shell stream tcp nowait root /usr/libexec/rshd rshd +#login stream tcp nowait root /usr/libexec/rlogind rlogind +#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s #exec stream tcp nowait root /usr/libexec/rexecd rexecd #uucpd stream tcp nowait root /usr/libexec/uucpd uucpd #nntp stream tcp nowait usenet /usr/libexec/nntpd nntpd @@ -98,9 +98,9 @@ # ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd -shell stream tcp6 nowait root /usr/libexec/rshd rshd -login stream tcp6 nowait root /usr/libexec/rlogind rlogind -finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s +#shell stream tcp6 nowait root /usr/libexec/rshd rshd +#login stream tcp6 nowait root /usr/libexec/rlogind rlogind +#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s # # IPv6 "Small servers" # diff -urN 4.1-RELEASE/etc/mail/Makefile 4.2-RELEASE/etc/mail/Makefile --- 4.1-RELEASE/etc/mail/Makefile Thu Jul 27 12:14:59 2000 +++ 4.2-RELEASE/etc/mail/Makefile Mon Nov 20 21:03:12 2000 @@ -1,7 +1,7 @@ -# $FreeBSD: src/etc/mail/Makefile,v 1.9 2000/03/12 22:08:34 rwatson Exp $ +# $FreeBSD: src/etc/mail/Makefile,v 1.9.2.1 2000/08/27 17:31:38 gshapiro Exp $ all: access.db mailertable.db virtusertable.db \ -# /etc/aliases.db +# /etc/mail/aliases.db access.db: access /usr/sbin/makemap hash access < access @@ -12,9 +12,9 @@ mailertable.db: mailertable /usr/sbin/makemap hash mailertable < mailertable -#/etc/aliases.db: /etc/aliases +#/etc/mail/aliases.db: /etc/mail/aliases # newaliases - + mailertable: @echo Generating empty mailertable sed -e 's/^/#/' < mailertable.sample > mailertable diff -urN 4.1-RELEASE/etc/mail/README 4.2-RELEASE/etc/mail/README --- 4.1-RELEASE/etc/mail/README Thu Jul 27 12:14:59 2000 +++ 4.2-RELEASE/etc/mail/README Mon Nov 20 21:03:12 2000 @@ -1,17 +1,16 @@ -# $FreeBSD: src/etc/mail/README,v 1.8 1999/08/27 23:24:00 peter Exp $ +# $FreeBSD: src/etc/mail/README,v 1.8.2.2 2000/11/04 17:57:38 gshapiro Exp $ Filtering out SPAM from your site - Sendmail now includes excellent tools block spam. These -tools are available as FEATUREs that you can add to your site's -.mc file. Proper use of these FEATUREs will prevent spammer from -using your site as a relay as well as significantly decrease the -amount of spam that arrives at your site. No set of anti-spam -tools will block all spam without blocking some portion of legitimate -mail as well. Therefore, these FEATUREs are designed to prevent -as much spam as possible without blocking legitimate mail. - These tools are discussed in /usr/src/contrib/sendmail/cf/README. -Read the section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example -usage and additional tools can be found in -/usr/src/contrib/sendmail/cf/cf/knecht.mc. +Sendmail now includes excellent tools to block spam. These tools are +available as FEATUREs that you can add to your site's .mc file. Proper use +of these FEATUREs will prevent spammer from using your site as a relay as +well as significantly decrease the amount of spam that arrives at your +site. No set of anti-spam tools will block all spam without blocking some +portion of legitimate mail as well. Therefore, these FEATUREs are designed +to prevent as much spam as possible without blocking legitimate mail. + +These tools are discussed in /usr/share/sendmail/cf/README. Read the +section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and +additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. diff -urN 4.1-RELEASE/etc/mail/access.sample 4.2-RELEASE/etc/mail/access.sample --- 4.1-RELEASE/etc/mail/access.sample Thu Jul 27 12:14:59 2000 +++ 4.2-RELEASE/etc/mail/access.sample Mon Nov 20 21:03:12 2000 @@ -1,7 +1,7 @@ -# $FreeBSD: src/etc/mail/access.sample,v 1.1.2.1 2000/03/20 12:21:05 peter Exp $ +# $FreeBSD: src/etc/mail/access.sample,v 1.1.2.2 2000/11/03 07:23:50 dirk Exp $ # # Mail relay access control list. Default is to reject mail unless the -# destination is local, or listed in /etc/mail/sendmail.cw +# destination is local, or listed in /etc/mail/local-host-names # cyberspammer.com 550 We don't accept mail from spammers FREE.STEALTH.MAILER@ 550 We don't accept mail from spammers diff -urN 4.1-RELEASE/etc/mail/aliases 4.2-RELEASE/etc/mail/aliases --- 4.1-RELEASE/etc/mail/aliases Thu Jan 1 09:00:00 1970 +++ 4.2-RELEASE/etc/mail/aliases Mon Nov 20 21:03:12 2000 @@ -0,0 +1,64 @@ +# $FreeBSD: src/etc/mail/aliases,v 1.10.4.1 2000/08/27 17:31:38 gshapiro Exp $ +# @(#)aliases 5.3 (Berkeley) 5/24/90 +# +# Aliases in this file will NOT be expanded in the header from +# Mail, but WILL be visible over networks. +# +# >>>>>>>>>> The program "newaliases" must be run after +# >> NOTE >> this file is updated for any changes to +# >>>>>>>>>> show through to sendmail. +# +# +# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES +# AND FUNCTIONS', May 1997 + +# Pretty much everything else in this file points to "root", so +# you would do well in either reading roots mailbox or forwarding +# roots email from here. + +# root: me@my.domain + +# Basic system aliases -- these MUST be present +MAILER-DAEMON: postmaster +postmaster: root + +# General redirections for pseudo accounts +bin: root +daemon: root +games: root +man: root +news: root +nobody: root +operator: root +pop: root +system: root +toor: root +usenet: news +uucp: root +xten: root + +# Well-known aliases -- these should be filled in! +# manager: +# dumper: + +# BUSINESS-RELATED MAILBOX NAMES +# info: +# marketing: +# sales: +# support: + +# NETWORK OPERATIONS MAILBOX NAMES +abuse: root +# noc: root +security: root + +# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES +ftp: root +ftp-bugs: ftp +# hostmaster: root +# webmaster: root +# www: webmaster + +# msgs: "| /usr/bin/msgs -s" +# bit-bucket: /dev/null +# dev-null: bit-bucket diff -urN 4.1-RELEASE/etc/mail/helpfile 4.2-RELEASE/etc/mail/helpfile --- 4.1-RELEASE/etc/mail/helpfile Thu Jan 1 09:00:00 1970 +++ 4.2-RELEASE/etc/mail/helpfile Mon Nov 20 22:05:38 2000 @@ -0,0 +1,136 @@ +#vers 2 +cpyr +cpyr Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. +cpyr All rights reserved. +cpyr Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved. +cpyr Copyright (c) 1988, 1993 +cpyr The Regents of the University of California. All rights reserved. +cpyr +cpyr +cpyr By using this file, you agree to the terms and conditions set +cpyr forth in the LICENSE file which can be found at the top level of +cpyr the sendmail distribution. +cpyr +cpyr $$Id: helpfile,v 8.31.16.4 2000/09/17 14:21:00 ca Exp $$ +cpyr +smtp This is sendmail version $v +smtp Topics: +smtp HELO EHLO MAIL RCPT DATA +smtp RSET NOOP QUIT HELP VRFY +smtp EXPN VERB ETRN DSN AUTH +smtp STARTTLS +smtp For more info use "HELP ". +smtp To report bugs in the implementation send email to +smtp sendmail-bugs@sendmail.org. +smtp For local information send email to Postmaster at your site. +help HELP [ ] +help The HELP command gives help info. +helo HELO +helo Introduce yourself. +ehlo EHLO +ehlo Introduce yourself, and request extended SMTP mode. +ehlo Possible replies include: +ehlo SEND Send as mail [RFC821] +ehlo SOML Send as mail or terminal [RFC821] +ehlo SAML Send as mail and terminal [RFC821] +ehlo EXPN Expand the mailing list [RFC821] +ehlo HELP Supply helpful information [RFC821] +ehlo TURN Turn the operation around [RFC821] +ehlo 8BITMIME Use 8-bit data [RFC1652] +ehlo SIZE Message size declaration [RFC1870] +ehlo VERB Verbose [Allman] +ehlo ONEX One message transaction only [Allman] +ehlo CHUNKING Chunking [RFC1830] +ehlo BINARYMIME Binary MIME [RFC1830] +ehlo PIPELINING Command Pipelining [RFC1854] +ehlo DSN Delivery Status Notification [RFC1891] +ehlo ETRN Remote Message Queue Starting [RFC1985] +ehlo STARTTLS Secure SMTP [RFC2487] +ehlo AUTH Authentication [RFC2554] +ehlo XUSR Initial (user) submission [Allman] +ehlo ENHANCEDSTATUSCODES Enhanced status codes [RFC2034] +mail MAIL FROM: [ ] +mail Specifies the sender. Parameters are ESMTP extensions. +mail See "HELP DSN" for details. +rcpt RCPT TO: [ ] +rcpt Specifies the recipient. Can be used any number of times. +rcpt Parameters are ESMTP extensions. See "HELP DSN" for details. +data DATA +data Following text is collected as the message. +data End with a single dot. +rset RSET +rset Resets the system. +quit QUIT +quit Exit sendmail (SMTP). +auth AUTH mechanism [initial-response] +auth Start authentication. +starttls STARTTLS +starttls Start TLS negotiation. +verb VERB +verb Go into verbose mode. This sends 0xy responses that are +verb not RFC821 standard (but should be) They are recognized +verb by humans and other sendmail implementations. +vrfy VRFY +vrfy Verify an address. If you want to see what it aliases +vrfy to, use EXPN instead. +expn EXPN +expn Expand an address. If the address indicates a mailing +expn list, return the contents of that list. +noop NOOP +noop Do nothing. +send SEND FROM: +send replaces the MAIL command, and can be used to send +send directly to a users terminal. Not supported in this +send implementation. +soml SOML FROM: +soml Send or mail. If the user is logged in, send directly, +soml otherwise mail. Not supported in this implementation. +saml SAML FROM: +saml Send and mail. Send directly to the user's terminal, +saml and also mail a letter. Not supported in this +saml implementation. +turn TURN +turn Reverses the direction of the connection. Not currently +turn implemented. +etrn ETRN [ | @ | # ] +etrn Run the queue for the specified , or +etrn all hosts within a given , or a specially-named +etrn (implementation-specific). +dsn MAIL FROM: [ RET={ FULL | HDRS} ] [ ENVID= ] +dsn RCPT TO: [ NOTIFY={NEVER,SUCCESS,FAILURE,DELAY} ] +dsn [ ORCPT= ] +dsn SMTP Delivery Status Notifications. +dsn Descriptions: +dsn RET Return either the full message or only headers. +dsn ENVID Sender's "envelope identifier" for tracking. +dsn NOTIFY When to send a DSN. Multiple options are OK, comma- +dsn delimited. NEVER must appear by itself. +dsn ORCPT Original recipient. +-bt Help for test mode: +-bt ? :this help message. +-bt .Dmvalue :define macro `m' to `value'. +-bt .Ccvalue :add `value' to class `c'. +-bt =Sruleset :dump the contents of the indicated ruleset. +-bt =M :display the known mailers. +-bt -ddebug-spec :equivalent to the command-line -d debug flag. +-bt $$m :print the value of macro $$m. +-bt $$=c :print the contents of class $$=c. +-bt /mx host :returns the MX records for `host'. +-bt /parse address :parse address, returning the value of crackaddr, and +-bt the parsed address. +-bt /try mailer addr :rewrite address into the form it will have when +-bt presented to the indicated mailer. +-bt /tryflags flags :set flags used by parsing. The flags can be `H' for +-bt Header or `E' for Envelope, and `S' for Sender or `R' +-bt for Recipient. These can be combined, `HR' sets +-bt flags for header recipients. +-bt /canon hostname :try to canonify hostname. +-bt /map mapname key :look up `key' in the indicated `mapname'. +-bt /quit :quit address test mode. +-bt rules addr :run the indicated address through the named rules. +-bt Rules can be a comma separated list of rules. +control Help for smcontrol: +control help This message. +control restart Restart sendmail. +control shutdown Shutdown sendmail. +control status Show sendmail status. diff -urN 4.1-RELEASE/etc/mail/sendmail.cf 4.2-RELEASE/etc/mail/sendmail.cf --- 4.1-RELEASE/etc/mail/sendmail.cf Thu Jul 27 12:14:40 2000 +++ 4.2-RELEASE/etc/mail/sendmail.cf Mon Nov 20 21:03:05 2000 @@ -1,5 +1,6 @@ # -# Copyright (c) 1998 Sendmail, Inc. All rights reserved. +# Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. +# All rights reserved. # Copyright (c) 1983, 1995 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. @@ -8,6 +9,7 @@ # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # +# $FreeBSD: src/contrib/sendmail/cf/m4/cfhead.m4,v 1.3.6.2 2000/10/10 05:07:17 gshapiro Exp $ # ###################################################################### @@ -15,62 +17,66 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by root@usw4.freebsd.org on Thu Jul 27 02:51:24 GMT 2000 +##### built by root@bento.FreeBSD.org on Mon Nov 20 11:52:06 GMT 2000 ##### in /usr/src/etc/sendmail ##### using /usr/src/etc/sendmail/../../contrib/sendmail/cf/ as configuration include directory ##### ###################################################################### ###################################################################### -##### @(#)cfhead.m4 8.23 (Berkeley) 10/6/1998 ##### -##### @(#)cf.m4 8.29 (Berkeley) 5/19/1998 ##### -##### $FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10 1999/12/29 18:20:23 peter Exp $ ##### +##### $Id: cfhead.m4,v 8.76.4.13 2000/08/24 17:09:50 gshapiro Exp $ ##### +##### $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $ ##### +##### $FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.2 2000/10/19 21:17:28 gshapiro Exp $ ##### -##### @(#)bsd4.4.m4 8.10 (Berkeley) 10/6/1998 ##### +##### $Id: bsd4.4.m4,v 8.14 1999/04/24 05:37:40 gshapiro Exp $ ##### -##### @(#)generic.m4 8.9 (Berkeley) 5/19/1998 ##### +##### $Id: generic.m4,v 8.15 1999/04/04 00:51:09 ca Exp $ ##### -##### @(#)redirect.m4 8.10 (Berkeley) 5/19/1998 ##### +##### $Id: redirect.m4,v 8.15 1999/08/06 01:47:36 gshapiro Exp $ ##### -##### @(#)use_cw_file.m4 8.6 (Berkeley) 5/19/1998 ##### +##### $Id: use_cw_file.m4,v 8.9 1999/02/07 07:26:13 gshapiro Exp $ ##### -##### @(#)relay_based_on_MX.m4 8.7 (Berkeley) 5/19/1998 ##### +##### $Id: relay_based_on_MX.m4,v 8.11 1999/04/02 02:25:13 gshapiro Exp $ ##### -##### @(#)mailertable.m4 8.10 (Berkeley) 10/6/1998 ##### +##### $Id: mailertable.m4,v 8.18 1999/07/22 17:55:35 gshapiro Exp $ ##### -##### @(#)access_db.m4 8.8 (Berkeley) 5/19/1998 ##### +##### $Id: access_db.m4,v 8.15 1999/07/22 17:55:34 gshapiro Exp $ ##### -##### @(#)blacklist_recipients.m4 8.9 (Berkeley) 5/19/1998 ##### +##### $Id: blacklist_recipients.m4,v 8.13 1999/04/02 02:25:13 gshapiro Exp $ ##### -##### @(#)virtusertable.m4 8.8 (Berkeley) 10/6/1998 ##### +##### $Id: virtusertable.m4,v 8.16 1999/07/22 17:55:36 gshapiro Exp $ ##### -##### @(#)local_lmtp.m4 8.5 (Berkeley) 5/19/1998 ##### +##### $Id: local_lmtp.m4,v 8.15 1999/11/18 05:06:22 ca Exp $ ##### -##### @(#)proto.m4 8.243 (Berkeley) 2/2/1999 ##### +##### $Id: proto.m4,v 8.446.2.5.2.29 2000/09/15 04:45:14 gshapiro Exp $ ##### -# level 8 config file format -V8/Berkeley +# level 9 config file format +V9/Berkeley -# override file safeties - setting this option compromises system security -# need to set this now for the sake of class files +# override file safeties - setting this option compromises system security, +# addressing the actual file configuration problem is preferred +# need to set this before any file actions are encountered in the cf file #O DontBlameSendmail=safe +# default LDAP map specification +# need to set this now before any LDAP maps are defined +#O LDAPDefaultSpec=-h localhost + ################## # local info # ################## Cwlocalhost # file containing names of hosts for which we receive email -Fw-o /etc/mail/sendmail.cw +Fw-o /etc/mail/local-host-names # my official domain name # ... define this only if sendmail cannot automatically determine your domain #Dj$w.Foo.COM - CP. # "Smart" relay host (may be null) @@ -86,28 +92,23 @@ # a class with just a left bracket (for identifying domain literals) C[[ -# Mailer table (overriding domains) -Kmailertable hash -o /etc/mail/mailertable - +# access_db acceptance class +C{Accept}OK RELAY - - -# Virtual user table (maps incoming users) -Kvirtuser hash -o /etc/mail/virtusertable - -# Access list database (for spam stomping) -Kaccess hash -o /etc/mail/access - -# MX map (to allow relaying to hosts that we MX for) -Kmxserved bestmx -z: -T - # Resolve map (to check if a host exists in check_mail) Kresolve host -a -T -# Hosts that will permit relaying ($=R) + + +# Hosts for which relaying is permitted ($=R) FR-o /etc/mail/relay-domains +# arithmetic map +Karith arith +# possible values for tls_connect in access map +C{tls}VERIFY ENCR + # who I send unqualified names to (null means deliver locally) DR @@ -120,8 +121,9 @@ # class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M +# class N: domains that should not be converted to $M #CL root -CE root +CEroot # who I masquerade as (null for no masquerading) (see also $=M) DM @@ -132,8 +134,21 @@ CPREDIRECT +# MX map (to allow relaying to hosts that we MX for) +Kmxserved bestmx -z: -T + + +# Mailer table (overriding domains) +Kmailertable hash -o /etc/mail/mailertable + +# Access list database (for spam stomping) +Kaccess hash -o /etc/mail/access + +# Virtual user table (maps incoming users) +Kvirtuser hash -o /etc/mail/virtusertable + # Configuration version number -DZ8.9.3 +DZ8.11.1 ############### @@ -146,12 +161,11 @@ # 8-bit data handling O EightBitMode=pass8 - # wait for alias file rebuild (default units: minutes) O AliasWait=10 # location of alias file -O AliasFile=/etc/aliases +O AliasFile=/etc/mail/aliases # minimum number of free blocks on filesystem O MinFreeBlocks=100 @@ -172,31 +186,33 @@ O DeliveryMode=background # automatically rebuild the alias database? -#O AutoRebuildAliases +# NOTE: There is a potential for a denial of service attack if this is set. +# This option is deprecated and will be removed from a future version. +#O AutoRebuildAliases=False # error message header/file -#O ErrorHeader=/etc/sendmail.oE +#O ErrorHeader=/etc/mail/error-header # error mode #O ErrorMode=print # save Unix-style "From_" lines at top of header? -#O SaveFromLine +#O SaveFromLine=False # temporary file mode O TempFileMode=0600 # match recipients against GECOS field? -#O MatchGECOS +#O MatchGECOS=False # maximum hop count #O MaxHopCount=17 # location of help file -O HelpFile=/usr/share/misc/sendmail.hf +O HelpFile=/etc/mail/helpfile # ignore dots as terminators in incoming messages? -#O IgnoreDots +#O IgnoreDots=False # name resolver options #O ResolverOptions=+AAONLY @@ -217,7 +233,7 @@ #O HostStatusDirectory=.hoststat # single thread deliveries (requires HostStatusDirectory)? -#O SingleThreadDelivery +#O SingleThreadDelivery=False # use Errors-To: header? O UseErrorsTo=False @@ -226,7 +242,7 @@ O LogLevel=9 # send to me too, even in an alias expansion? -#O MeToo +#O MeToo=True # verify RHS in newaliases? O CheckAliases=False @@ -235,13 +251,17 @@ O OldStyleHeaders=True # SMTP daemon options -#O DaemonPortOptions=Port=esmtp +O DaemonPortOptions=Name=MTA +O DaemonPortOptions=Port=587, Name=MSA, M=E + +# SMTP client options +#O ClientPortOptions=Address=0.0.0.0 # privacy flags -O PrivacyOptions=authwarnings +O PrivacyOptions=authwarnings,noexpn,novrfy # who (if anyone) should get extra copies of error messages -#O PostMasterCopy=Postmaster +#O PostmasterCopy=Postmaster # slope of queue-only function #O QueueFactor=600000 @@ -263,8 +283,9 @@ #O Timeout.quit=2m #O Timeout.misc=2m #O Timeout.command=1h -#O Timeout.ident=30s +#O Timeout.ident=5s #O Timeout.fileopen=60s +#O Timeout.control=2m O Timeout.queuereturn=5d #O Timeout.queuereturn.normal=5d #O Timeout.queuereturn.urgent=2d @@ -274,9 +295,15 @@ #O Timeout.queuewarn.urgent=1h #O Timeout.queuewarn.non-urgent=12h #O Timeout.hoststatus=30m +#O Timeout.resolver.retrans=5s +#O Timeout.resolver.retrans.first=5s +#O Timeout.resolver.retrans.normal=5s +#O Timeout.resolver.retry=4 +#O Timeout.resolver.retry.first=4 +#O Timeout.resolver.retry.normal=4 # should we not prune routes in route-addr syntax addresses? -#O DontPruneRoutes +#O DontPruneRoutes=False # queue up everything before forking? O SuperSafe=True @@ -294,13 +321,13 @@ #O DefaultUser=mailnull # list of locations of user database file (null means no lookup) -#O UserDatabaseSpec=/etc/userdb +#O UserDatabaseSpec=/etc/mail/userdb # fallback MX host #O FallbackMXhost=fall.back.host.net # if we are the best MX host for a site, try it directly instead of config err -#O TryNullMXList +#O TryNullMXList=False # load average at which we just queue messages #O QueueLA=8 @@ -318,7 +345,7 @@ #O RecipientFactor=30000 # deliver each queued job in a separate process? -#O ForkEachJob +#O ForkEachJob=False # work class factor #O ClassFactor=1800 @@ -336,7 +363,7 @@ #O DefaultCharSet=iso-8859-1 # service switch file (ignored on Solaris, Ultrix, OSF/1, others) -#O ServiceSwitchFile=/etc/service.switch +#O ServiceSwitchFile=/etc/mail/service.switch # hosts file (normally /etc/hosts) #O HostsFile=/etc/hosts @@ -351,19 +378,19 @@ #O SafeFileEnvironment=/arch # are colons OK in addresses? -#O ColonOkInAddr +#O ColonOkInAddr=True # how many jobs can you process in the queue? #O MaxQueueRunSize=10000 # shall I avoid expanding CNAMEs (violates protocols)? -#O DontExpandCnames +#O DontExpandCnames=False # SMTP initial login message (old $e macro) O SmtpGreetingMessage=$j Sendmail $v/$Z; $b # UNIX initial From header format (old $l macro) -O UnixFromLine=From $g $d +O UnixFromLine=From $g $d # From: lines that have embedded newlines are unwrapped onto one line #O SingleLineFromHeader=False @@ -378,14 +405,17 @@ O OperatorChars=.:%@!^/[]+ # shall I avoid calling initgroups(3) because of high NIS costs? -#O DontInitGroups +#O DontInitGroups=False # are group-writable :include: and .forward files (un)trustworthy? -#O UnsafeGroupWrites +#O UnsafeGroupWrites=True # where do errors that occur when sending errors get sent? #O DoubleBounceAddress=postmaster +# where to save bounces if all else fails +#O DeadLetterDrop=/var/tmp/dead.letter + # what user id do we assume for the majority of the processing? #O RunAsUser=sendmail @@ -393,13 +423,69 @@ #O MaxRecipientsPerMessage=100 # shall we get local names from our installed interfaces? -#O DontProbeInterfaces +#O DontProbeInterfaces=False + +# Return-Receipt-To: header implies DSN request +#O RrtImpliesDsn=False +# override connection address (for testing) +#O ConnectOnlyTo=0.0.0.0 +# Trusted user for file ownership and starting the daemon +#O TrustedUser=root + +# Control socket for daemon management +#O ControlSocketName=/var/spool/mqueue/.control # Maximum MIME header length to protect MUAs O MaxMimeHeaderLength=256/128 +# Maximum length of the sum of all headers +O MaxHeadersLength=32768 + +# Maximum depth of alias recursion +#O MaxAliasRecursion=10 + +# location of pid file +#O PidFile=/var/run/sendmail.pid + +# Prefix string for the process title shown on 'ps' listings +#O ProcessTitlePrefix=prefix + +# Data file (df) memory-buffer file maximum size +#O DataFileBufferSize=4096 + +# Transcript file (xf) memory-buffer file maximum size +#O XscriptFileBufferSize=4096 + +# list of authentication mechanisms +#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 + +# default authentication information for outgoing connections +#O DefaultAuthInfo=/etc/mail/default-auth-info + +# SMTP AUTH flags +#O AuthOptions + + + +# CA directory +#O CACERTPath +# CA file +#O CACERTFile +# Server Cert +#O ServerCertFile +# Server private key +#O ServerKeyFile +# Client Cert +#O ClientCertFile +# Client private key +#O ClientKeyFile +# DHParameters (only required if DSA/DH is used) +#O DHParameters +# Random data source (required for systems without /dev/urandom under OpenSSL) +#O RandFile + ########################### @@ -417,7 +503,7 @@ ##################### # this is equivalent to setting class "t" -#Ft/etc/sendmail.ct +#Ft/etc/mail/trusted-users Troot Tdaemon Tuucp @@ -428,7 +514,9 @@ H?P?Return-Path: <$g> HReceived: $?sfrom $s $.$?_($?s$|from $.$_) - $.by $j ($v/$Z)$?r with $r$. id $i$?u + $.$?{auth_type}(authenticated$?{auth_ssf} (${auth_ssf} bits)$.) + $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} + (using ${tls_version} with cipher ${cipher} (${cipher_bits} bits) verified ${verify})$.$?u for $u; $|; $.$b$?g (envelope-from $g)$. @@ -441,6 +529,7 @@ # H?l?Received-Date: $b H?M?Resent-Message-Id: <$t.$i@$j> H?M?Message-Id: <$t.$i@$j> + # ###################################################################### ###################################################################### @@ -453,7 +542,7 @@ ############################################ ### Ruleset 3 -- Name Canonicalization ### ############################################ -S3 +Scanonify=3 # handle null input (translate to <@> special case) R$@ $@ <@> @@ -464,7 +553,7 @@ R@ $* <@> $: @ $1 unmark @host:... R$* :: $* <@> $: $1 :: $2 unmark node::addr R:include: $* <@> $: :include: $1 unmark :include:... -R$* [ $* : $* ] <@> $: $1 [ $2 : $3 ] unmark IPv6 addrs +R$* [ IPv6 $- ] <@> $: $1 [ IPv6 $2 ] unmark IPv6 addr R$* : $* [ $* ] $: $1 : $2 [ $3 ] <@> remark if leading colon R$* : $* <@> $: $2 strip colon if marked R$* <@> $: $1 unmark @@ -481,48 +570,53 @@ R<> $@ < @ > MAIL FROM:<> case R< $+ > $: $1 remove housekeeping <> -# make sure <@a,@b,@c:user@d> syntax is easy to parse -- undone later -R@ $+ , $+ @ $1 : $2 change all "," to ":" - -# localize and dispose of route-based addresses -R@ $+ : $+ $@ $>96 < @$1 > : $2 handle +# strip route address <@a,@b,@c:user@d> -> +R@ $+ , $+ $2 +R@ $+ : $+ $2 # find focus for list syntax -R $+ : $* ; @ $+ $@ $>96 $1 : $2 ; < @ $3 > list syntax +R $+ : $* ; @ $+ $@ $>Canonify2 $1 : $2 ; < @ $3 > list syntax R $+ : $* ; $@ $1 : $2; list syntax # find focus for @ syntax addresses R$+ @ $+ $: $1 < @ $2 > focus on domain R$+ < $+ @ $+ > $1 $2 < @ $3 > move gaze right -R$+ < @ $+ > $@ $>96 $1 < @ $2 > already canonical +R$+ < @ $+ > $@ $>Canonify2 $1 < @ $2 > already canonical # do some sanity checking R$* < @ $* : $* > $* $1 < @ $2 $3 > $4 nix colons in addrs # convert old-style addresses to a domain-based address -R$- ! $+ $@ $>96 $2 < @ $1 .UUCP > resolve uucp names -R$+ . $- ! $+ $@ $>96 $3 < @ $1 . $2 > domain uucps -R$+ ! $+ $@ $>96 $2 < @ $1 .UUCP > uucp subdomains +R$- ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > resolve uucp names +R$+ . $- ! $+ $@ $>Canonify2 $3 < @ $1 . $2 > domain uucps +R$+ ! $+ $@ $>Canonify2 $2 < @ $1 .UUCP > uucp subdomains # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. -R$* @ $* $@ $>96 $1 < @ $2 > Insert < > and finish +R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name -R$* $@ $>96 $1 +R$* $@ $>Canonify2 $1 ################################################ ### Ruleset 96 -- bottom half of ruleset 3 ### ################################################ -S96 +SCanonify2=96 # handle special cases for local names R$* < @ localhost > $* $: $1 < @ $j . > $2 no domain at all R$* < @ localhost . $m > $* $: $1 < @ $j . > $2 local domain R$* < @ localhost . UUCP > $* $: $1 < @ $j . > $2 .UUCP domain + +# check for IPv6 domain literal (save quoted form) +R$* < @ [ IPv6 $- ] > $* $: $2 $| $1 < @@ [ $(dequote $2 $) ] > $3 mark IPv6 addr +R$- $| $* < @@ $=w > $* $: $2 < @ $j . > $4 self-literal +R$- $| $* < @@ [ $+ ] > $* $@ $2 < @ [ IPv6 $1 ] > $4 canon IP addr + +# check for IPv4 domain literal R$* < @ [ $+ ] > $* $: $1 < @@ [ $2 ] > $3 mark [a.b.c.d] R$* < @@ $=w > $* $: $1 < @ $j . > $3 self-literal R$* < @@ $+ > $* $@ $1 < @ $2 > $3 canon IP addr @@ -537,28 +631,32 @@ R$* < @ $+ . UUCP > $* $: $1 < @ $[ $2 $] . UUCP . > $3 R$* < @ $+ . . UUCP . > $* $@ $1 < @ $2 . > $3 +# hostnames ending in class P are always canonical +R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 +R$* < @ $* $~P > $* $: $&{daemon_flags} $| $1 < @ $2 $3 > $4 +R$* CC $* $| $* $: $3 # pass to name server to make hostname canonical -R$* < @ $* $~P > $* $: $1 < @ $[ $2 $3 $] > $4 +R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4 +R$* $| $* $: $2 # local host aliases and pseudo-domains are always canonical R$* < @ $=w > $* $: $1 < @ $2 . > $3 -R$* < @ $j > $* $: $1 < @ $j . > $2 R$* < @ $=M > $* $: $1 < @ $2 . > $3 -R$* < @ $* $=P > $* $: $1 < @ $2 $3 . > $4 +R$* < @ $={VirtHost} > $* $: $1 < @ $2 . > $3 R$* < @ $* . . > $* $1 < @ $2 . > $3 ################################################## ### Ruleset 4 -- Final Output Post-rewriting ### ################################################## -S4 +Sfinal=4 R$* <@> $@ handle <> and list:; # strip trailing dot off possibly canonical name R$* < @ $+ . > $* $1 < @ $2 > $3 -# eliminate internal code -- should never get this far! +# eliminate internal code R$* < @ *LOCAL* > $* $1 < @ $j > $2 # externalize local domain info @@ -579,20 +677,20 @@ ### (used for recursive calls) ### ############################################################## -S97 -R$* $: $>3 $1 -R$* $@ $>0 $1 +SRecurse=97 +R$* $: $>canonify $1 +R$* $@ $>parse $1 ###################################### ### Ruleset 0 -- Parse Address ### ###################################### -S0 +Sparse=0 R$* $: $>Parse0 $1 initial parsing R<@> $#local $: <@> special case error msgs -R$* $: $>98 $1 handle local hacks +R$* $: $>ParseLocal $1 handle local hacks R$* $: $>Parse1 $1 final parsing # @@ -604,26 +702,27 @@ SParse0 R<@> $@ <@> special case error msgs -R$* : $* ; <@> $#error $@ 5.1.3 $: "List:; syntax illegal for recipient addresses" -#R@ <@ $* > < @ $1 > catch "@@host" bogosity -R<@ $+> $#error $@ 5.1.3 $: "User address required" +R$* : $* ; <@> $#error $@ 5.1.3 $: "501 List:; syntax illegal for recipient addresses" +R@ <@ $* > < @ $1 > catch "@@host" bogosity +R<@ $+> $#error $@ 5.1.3 $: "501 User address required" R$* $: <> $1 R<> $* < @ [ $+ ] > $* $1 < @ [ $2 ] > $3 -R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "Colon illegal in host name part" +R<> $* <$* : $* > $* $#error $@ 5.1.3 $: "501 Colon illegal in host name part" R<> $* $1 -R$* < @ . $* > $* $#error $@ 5.1.2 $: "Invalid host name" -R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "Invalid host name" +R$* < @ . $* > $* $#error $@ 5.1.2 $: "501 Invalid host name" +R$* < @ $* .. $* > $* $#error $@ 5.1.2 $: "501 Invalid host name" +R$* , $~O $* $#error $@ 5.1.2 $: "501 Invalid route address" # now delete the local info -- note $=O to find characters that cause forwarding -R$* < @ > $* $@ $>Parse0 $>3 $1 user@ => user -R< @ $=w . > : $* $@ $>Parse0 $>3 $2 @here:... -> ... +R$* < @ > $* $@ $>Parse0 $>canonify $1 user@ => user +R< @ $=w . > : $* $@ $>Parse0 $>canonify $2 @here:... -> ... R$- < @ $=w . > $: $(dequote $1 $) < @ $2 . > dequote "foo"@here -R< @ $+ > $#error $@ 5.1.3 $: "User address required" -R$* $=O $* < @ $=w . > $@ $>Parse0 $>3 $1 $2 $3 ...@here -> ... +R< @ $+ > $#error $@ 5.1.3 $: "501 User address required" +R$* $=O $* < @ $=w . > $@ $>Parse0 $>canonify $1 $2 $3 ...@here -> ... R$- $: $(dequote $1 $) < @ *LOCAL* > dequote "foo" -R< @ *LOCAL* > $#error $@ 5.1.3 $: "User address required" +R< @ *LOCAL* > $#error $@ 5.1.3 $: "501 User address required" R$* $=O $* < @ *LOCAL* > - $@ $>Parse0 $>3 $1 $2 $3 ...@*LOCAL* -> ... + $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 # @@ -631,31 +730,45 @@ # SParse1 + # handle numeric address spec -R$* < @ [ $+ ] > $* $: $>98 $1 < @ [ $2 ] > $3 numeric internet spec -R$* < @ [ $+ ] > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 still numeric: send +R$* < @ [ $+ ] > $* $: $>ParseLocal $1 < @ [ $2 ] > $3 numeric internet spec +R$* < @ [ $+ ] > $* $1 < @ [ $2 ] : $S > $3 Add smart host to path +R$* < @ [ IPv6 $- ] : > $* + $#esmtp $@ [ $(dequote $2 $) ] $: $1 < @ [IPv6 $2 ] > $3 no smarthost: send +R$* < @ [ $+ ] : > $* $#esmtp $@ [$2] $: $1 < @ [$2] > $3 no smarthost: send +R$* < @ [ $+ ] : $- : $*> $* $#$3 $@ $4 $: $1 < @ [$2] > $5 smarthost with mailer +R$* < @ [ $+ ] : $+ > $* $#esmtp $@ $3 $: $1 < @ [$2] > $4 smarthost without mailer # handle virtual users -R$+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > +R$+ $: $1 Mark for lookup +R $+ < @ $={VirtHost} . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > +R $+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ + $* < @ $* . > - $: < $(virtuser $1 + * @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . > + $: < $(virtuser $1 + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ + $* < @ $* . > $: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 . > +R<@> $+ + $+ < @ $+ . > $: < $(virtuser + * @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > +R<@> $+ + $* < @ $+ . > $: < $(virtuser @ $3 $@ $1 $@ $2 $: @ $) > $1 + $2 < @ $3 . > R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . > R<@> $+ $: $1 +R $+ $: $1 +R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 -R< $+ > $+ < @ $+ > $: $>97 $1 +R< $+ > $+ < @ $+ > $: $>Recurse $1 # short circuit local delivery so forwarded email works -R$=L < @ $=w . > $#local $: @ $1 special local names + + +R$=L < @ $=w . > $#local $: @ $1 special local names R$+ < @ $=w . > $#local $: $1 regular local name # not local -- try mailer table lookup R$* <@ $+ > $* $: < $2 > $1 < @ $2 > $3 extract host name R< $+ . > $* $: < $1 > $2 strip trailing dot R< $+ > $* $: < $(mailertable $1 $) > $2 lookup -R< $~[ : $* > $* $>95 < $1 : $2 > $3 check -- resolved? -R< $+ > $* $: $>90 <$1> $2 try domain +R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 check -- resolved? +R< $+ > $* $: $>Mailertable <$1> $2 try domain # resolve remotely connected UUCP links (if any) @@ -664,20 +777,27 @@ # pass names that still have a host to a smarthost (if defined) -R$* < @ $* > $* $: $>95 < $S > $1 < @ $2 > $3 glue on smarthost name +R$* < @ $* > $* $: $>MailerToTriple < $S > $1 < @ $2 > $3 glue on smarthost name # deal with other remote names -R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain +R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ $2 > $3 user@host.domain # handle locally delivered names -R$=L $#local $: @ $1 special local names +R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### -S5 +SLocal_localaddr +Slocaladdr=5 +R$+ $: $1 $| $>"Local_localaddr" $1 +R$+ $| $#$* $#$2 +R$+ $| $* $: $1 + + + # deal with plussed users so aliases work nicely R$+ + * $#local $@ $&h $: $1 @@ -690,41 +810,46 @@ # see if we have a relay or a hub R< > $+ $: < $H > $1 try hub R< > $+ $: < $R > $1 try relay -R< > $+ $: < > < $1 $&h > nope, restore +detail + +R< > $+ $: < > < $1 <> $&h > nope, restore +detail +R< > < $+ <> + $* > $: < > < $1 + $2 > check whether +detail +R< > < $+ <> $* > $: < > < $1 > else discard R< > < $+ + $* > $* < > < $1 > + $2 $3 find the user part R< > < $+ > + $* $#local $@ $2 $: @ $1 strip the extra + R< > < $+ > $@ $1 no +detail R$+ $: $1 <> $&h add +detail back in R$+ <> + $* $: $1 + $2 check whether +detail R$+ <> $* $: $1 else discard -R< local : $* > $* $: $>95 < local : $1 > $2 no host extension -R< error : $* > $* $: $>95 < error : $1 > $2 no host extension -R< $- : $+ > $+ $: $>95 < $1 : $2 > $3 < @ $2 > -R< $+ > $+ $@ $>95 < $1 > $2 < @ $1 > +R< local : $* > $* $: $>MailerToTriple < local : $1 > $2 no host extension +R< error : $* > $* $: $>MailerToTriple < error : $1 > $2 no host extension +R< $- : $+ > $+ $: $>MailerToTriple < $1 : $2 > $3 < @ $2 > +R< $+ > $+ $@ $>MailerToTriple < $1 > $2 < @ $1 > ################################################################### ### Ruleset 90 -- try domain part of mailertable entry ### ################################################################### -S90 +SMailertable=90 R$* <$- . $+ > $* $: $1$2 < $(mailertable .$3 $@ $1$2 $@ $2 $) > $4 -R$* <$~[ : $* > $* $>95 < $2 : $3 > $4 check -- resolved? -R$* < . $+ > $* $@ $>90 $1 . <$2> $3 no -- strip & try again +R$* <$~[ : $* > $* $>MailerToTriple < $2 : $3 > $4 check -- resolved? +R$* < . $+ > $* $@ $>Mailertable $1 . <$2> $3 no -- strip & try again R$* < $* > $* $: < $(mailertable . $@ $1$2 $) > $3 try "." -R< $~[ : $* > $* $>95 < $1 : $2 > $3 "." found? +R< $~[ : $* > $* $>MailerToTriple < $1 : $2 > $3 "." found? R< $* > $* $@ $2 no mailertable match ################################################################### ### Ruleset 95 -- canonify mailer:[user@]host syntax to triple ### ################################################################### -S95 +SMailerToTriple=95 R< > $* $@ $1 strip off null relay +R< error : $-.$-.$- : $+ > $* $#error $@ $1.$2.$3 $: $4 R< error : $- $+ > $* $#error $@ $(dequote $1 $) $: $2 R< local : $* > $* $>CanonLocal < $1 > $2 R< $- : $+ @ $+ > $*<$*>$* $# $1 $@ $3 $: $2<@$3> use literal user R< $- : $+ > $* $# $1 $@ $2 $: $3 try qualified mailer R< $=w > $* $@ $2 delete local host +R< [ IPv6 $+ ] > $* $#relay $@ $(dequote $1 $) $: $2 use unqualified mailer R< $+ > $* $#relay $@ $1 $: $2 use unqualified mailer ################################################################### @@ -733,8 +858,8 @@ SCanonLocal # strip local host from routed addresses -R< $* > < @ $+ > : $+ $@ $>97 $3 -R< $* > $+ $=O $+ < @ $+ > $@ $>97 $2 $3 $4 +R< $* > < @ $+ > : $+ $@ $>Recurse $3 +R< $* > $+ $=O $+ < @ $+ > $@ $>Recurse $2 $3 $4 # strip trailing dot from any host name that may appear R< $* > $* < @ $* . > $: < $1 > $2 < @ $3 > @@ -754,9 +879,12 @@ ### Ruleset 93 -- convert header names to masqueraded form ### ################################################################### -S93 +SMasqHdr=93 +# do not masquerade anything in class N +R$* < @ $* $=N . > $@ $1 < @ $2 $3 . > + # special case the users that should be exposed R$=E < @ *LOCAL* > $@ $1 < @ $j . > leave exposed R$=E < @ $=M . > $@ $1 < @ $2 . > @@ -773,19 +901,21 @@ ### Ruleset 94 -- convert envelope names to masqueraded form ### ################################################################### -S94 +SMasqEnv=94 R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 ################################################################### ### Ruleset 98 -- local part of ruleset zero (can be null) ### ################################################################### -S98 +SParseLocal=98 # addresses sent to foo@host.REDIRECT will give a 551 error code R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} > R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT. > -R$* < @ $+ .REDIRECT. > < $- > $# error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> +R$* < @ $+ .REDIRECT. > < $- > $#error $@ 5.1.1 $: "551 User has moved; please try " <$1@$2> + + ###################################################################### @@ -795,13 +925,20 @@ ### <$1> -- key (domain name) ### <$2> -- default (what to return if not found in db) ### <$3> -- passthru (additional data passed unchanged through) +### <$4> -- mark (must be <(!|+) single-token>) +### ! does lookup only with tag +### + does lookup with and without tag ###################################################################### SLookUpDomain -R<$+> <$+> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> -R <$+.$+> <$+> <$*> $@ $>LookUpDomain <$2> <$3> <$4> -R <$+> <$+> <$*> $@ <$2> <$3> -R<$*> <$+> <$+> <$*> $@ <$1> <$4> +R<[IPv6 $-]> <$+> <$*> <$*> $: <[$(dequote $1 $)]> <$2> <$3> <$4> +R<$*> <$+> <$*> <$- $-> $: < $(access $5:$1 $: ? $) > <$1> <$2> <$3> <$4 $5> +R <$+> <$+> <$*> <+ $*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> +R <[$+.$-]> <$+> <$*> <$*> $@ $>LookUpDomain <[$1]> <$3> <$4> <$5> +R <[$+:$-]> <$+> <$*> <$*> $: $>LookUpDomain <[$1]> <$3> <$4> <$5> +R <$+.$+> <$+> <$*> <$*> $@ $>LookUpDomain <$2> <$3> <$4> <$5> +R <$+> <$+> <$*> <$*> $@ <$2> <$3> +R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4> ###################################################################### ### LookUpAddress -- search for host address in access database @@ -810,13 +947,18 @@ ### <$1> -- key (dot quadded host address) ### <$2> -- default (what to return if not found in db) ### <$3> -- passthru (additional data passed through) +### <$4> -- mark (must be <(!|+) single-token>) +### ! does lookup only with tag +### + does lookup with and without tag ###################################################################### SLookUpAddress -R<$+> <$+> <$*> $: < $(access $1 $: ? $) > <$1> <$2> <$3> -R <$+.$-> <$+> <$*> $@ $>LookUpAddress <$1> <$3> <$4> -R <$+> <$+> <$*> $@ <$2> <$3> -R<$*> <$+> <$+> <$*> $@ <$1> <$4> +R<$+> <$+> <$*> <$- $+> $: < $(access $5:$1 $: ? $) > <$1> <$2> <$3> <$4 $5> +R <$+> <$+> <$*> <+ $+> $: < $(access $1 $: ? $) > <$1> <$2> <$3> <+ $4> +R <$+:$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> +R <$+.$-> <$+> <$*> <$*> $@ $>LookUpAddress <$1> <$3> <$4> <$5> +R <$+> <$+> <$*> <$*> $@ <$2> <$3> +R<$*> <$+> <$+> <$*> <$*> $@ <$1> <$4> ###################################################################### ### CanonAddr -- Convert an address into a standard form for @@ -831,10 +973,8 @@ ###################################################################### SCanonAddr -R$* $: $>Parse0 $>3 $1 make domain canonical -R< @ $+ > : $* @ $* < @ $1 > : $2 % $3 change @ to % in src route -R$* < @ $+ > : $* : $* $3 $1 < @ $2 > : $4 change to % hack. -R$* < @ $+ > : $* $3 $1 < @ $2 > +R$* $: $>Parse0 $>canonify $1 make domain canonical + ###################################################################### ### ParseRecipient -- Strip off hosts in $=R as well as possibly @@ -864,12 +1004,14 @@ R < : $* : > < $+ > $: $2 R $* < @ $* $=R > $: $1 < @ $2 $3 > -R $* < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> +R $* < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> <+To> R<$+> <$+> $: <$1> $2 + R $* < @ $* > $@ $>ParseRecipient $1 R<$-> $* $@ $2 + ###################################################################### ### check_relay -- check hostname/address on SMTP startup ###################################################################### @@ -886,14 +1028,16 @@ R< d > $* $@ deferred R< $* > $* $: $2 -R$+ $| $+ $: $>LookUpDomain < $1 > < $2 > -R < $+ > $: $>LookUpAddress < $1 > < $1 > -R < $+ > $: $1 -R < $* > $@ OK -R < $* > $@ RELAY +R$+ $| $+ $: $>LookUpDomain < $1 > < $2 > <+Connect> +R <$+> $: $>LookUpAddress < $1 > < $1 > <+Connect> no: another lookup +R < $+ > $: $1 found nothing +R<$={Accept}> < $* > $@ $1 return value of lookup R $* $#error $@ 5.7.1 $: "550 Access denied" R $* $#discard $: discard -R<$+> $* $#error $@ 5.7.1 $: $1 +R <$*> $#error $@ $1.$2.$3 $: $4 +R <$*> $#error $: $1 +R<$+> <$*> $#error $: $1 + ###################################################################### @@ -912,55 +1056,67 @@ R< d > $* $@ deferred R< $* > $* $: $2 -R<> $@ -R$* $: $>CanonAddr $1 +# authenticated? +R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL +R$* $| $#$+ $#$2 +R$* $| $* $: $1 + +R<> $@ we MUST accept <> (RFC 1123) +R$+ $: $1 +R<$+> $: <@> <$1> +R$+ $: <@> <$1> +R$* $: $&{daemon_flags} $| $1 +R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 > +R$* u $* $| <@> < $* > $: < $3 > +R$* $| $* $: $2 +# handle case of @localhost on address +R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > +R<@> < $* @ [127.0.0.1] > + $: < ? $&{client_name} > < $1 @ [127.0.0.1] > +R<@> < $* @ localhost.$m > + $: < ? $&{client_name} > < $1 @ localhost.$m > +R<@> < $* @ localhost.UUCP > + $: < ? $&{client_name} > < $1 @ localhost.UUCP > +R<@> $* $: $1 no localhost as domain +R $* $: $2 local client: ok +R <$+> $#error $@ 5.5.4 $: "501 Real domain name required for sender address" +R $* $: $1 +R$* $: $>CanonAddr $1 canonify sender address and mark it R $* < @ $+ . > $1 < @ $2 > strip trailing dots # handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc) -R $* < $* $=P > $* $: $1 < @ $2 $3 > $4 -R $* < @ $+ > $* $: $) > $1 < @ $2 > $3 -R> $* < @ $+ > $* - $: <$2> $3 < @ $4 > $5 - -# handle case of @localhost on address -R<$+> $* < @localhost > $: < ? $&{client_name} > <$1> $2 < @localhost > -R<$+> $* < @localhost.$m > - $: < ? $&{client_name} > <$1> $2 < @localhost.$m > -R<$+> $* < @localhost.UUCP > - $: < ? $&{client_name} > <$1> $2 < @localhost.UUCP > -R <$+> $* <$2> $3 -R <$+> $* $#error $@ 5.5.4 $: "553 Real domain name required" -R <$+> $* $: <$1> $2 - -# lookup localpart (user@) -R<$+> $* < @ $+ > $* $: <$1> $2 < @ $3 > $4 -# no match, try full address (user@domain rest) -R <$+> $* < @ $* > $* - $: <$1> $2 < @ $3 > $4 -# no match, try address (user@domain) -R <$+> $+ < @ $+ > $* - $: <$1> $2 < @ $3 > $4 -# no match, try (sub)domain (domain) -R <$+> $* < @ $+ > $* - $: $>LookUpDomain <$3> <$1> <> -# check unqualified user in access database -R $* $: $1 +R $* < @ $* $=P > $: $1 < @ $2 $3 > +R $* < @ $+ > $: $) > $1 < @ $2 > +R> $* < @ $+ > + $: <$2> $3 < @ $4 > + +# check sender address: user@address, user@, address +R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| +R<$+> $+ $: @<$1> <$2> $| +R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+From> $| <$3> <> +R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result # retransform for further use -R <$+> $* $: <$1> $3 +R <$+> <$*> $: <$1> $2 no match +R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it # handle case of no @domain on address +R $* $: $&{daemon_flags} $| $1 +R$* u $* $| $* $: $3 +R$* $| $* $: $2 R $* $: < ? $&{client_name} > $1 R $* $@ ...local unqualed ok -R $* $#error $@ 5.5.4 $: "553 Domain name required" +R $* $#error $@ 5.5.4 $: "501 Domain name required for sender address " $&f ...remote is not # check results -R $* $@ +R $* $: @ $1 mark address: nothing known about it R $* $@ -R $* $#error $@ 4.1.8 $: "451 Sender domain must resolve" -R $* $#error $@ 5.1.8 $: "501 Sender domain must exist" -R $* $@ +R $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f " does not resolve" +R $* $#error $@ 5.1.8 $: "501 Domain of sender address " $&f " does not exist" +R<$={Accept}> $* $# $1 R $* $#discard $: discard R $* $#error $@ 5.7.1 $: "550 Access denied" -R<$+> $* $#error $@ 5.7.1 $: $1 error from access db +R $* $#error $@ $1.$2.$3 $: $4 +R $* $#error $: $1 +R<$+> $* $#error $: $1 error from access db ###################################################################### ### check_rcpt -- check SMTP `RCPT TO:' command argument @@ -978,76 +1134,199 @@ R< d > $* $@ deferred R< $* > $* $: $2 + R$* $: $>ParseRecipient $1 strip relayable hosts # blacklist local users or any host from receiving mail R$* $: $1 -R $+ < @ $=w > $: <> <$1 < @ $2 >> -R $+ < @ $* > $: <> <$1 < @ $2 >> -R $+ $: <> <$1> -R<> $* $: <$(access $1 $: $)> $2 -R<> $* $: <$(access $1 $: $)> $2 -R $* $: <$(access $1 $: $)> $2 -R<> $* $: <$(access $1 $: $)> $2 -R $* $: <$(access $1 $: $)> $2 -R<> <$*> $: $1 -R <$*> $: $1 -R <$*> $: $1 -R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" -R<$+> $* $#error $@ 5.2.1 $: $1 error from access db +R $+ < @ $=w > $: <> <$1 < @ $2 >> $| +R $+ < @ $* > $: <> <$1 < @ $2 >> $| +R $+ $: <> <$1> $| +R<> <$*> $| <$+> $: <@> <$1> $| $>SearchList <+To> $| <$2> <> +R<@> <$*> $| <$*> $: <$2> <$1> reverse result +R <$*> $: @ $1 mark address as no match +R<$={Accept}> <$*> $: @ $2 mark address as no match +R $* $#error $@ 5.2.1 $: "550 Mailbox disabled for this recipient" +R $* $#discard $: discard +R $* $#error $@ $1.$2.$3 $: $4 +R $* $#error $: $1 +R<$+> $* $#error $: $1 error from access db +R@ $* $1 remove mark + + +# authenticated? +R$* $: $1 $| $>RelayAuth $1 $| $&{verify} client authenticated? +R$* $| $# $+ $# $2 error/ok? +R$* $| $* $: $1 no + +# authenticated by a trusted mechanism? +R$* $: $1 $| $&{auth_type} +R$* $| $: $1 +R$* $| $={TrustAuthMech} $# RELAYAUTH +R$* $| $* $: $1 # anything terminating locally is ok -R$+ < @ $=w > $@ OK -R$+ < @ $* $=R > $@ OK -R$+ < @ $* > $: $>LookUpDomain <$2> <$1 < @ $2 >> -R $* $@ RELAY +R$+ < @ $=w > $@ RELAYTO +R$+ < @ $* $=R > $@ RELAYTO +R$+ < @ $+ > $: $>LookUpDomain <$2> <$1 < @ $2 >> <+To> +R $* $@ RELAYTO R<$*> <$*> $: $2 + # allow relaying for hosts which we MX serve -R$+ < @ $* > $: < : $(mxserved $2 $) : > $1 < @ $2 > +R$+ < @ $+ > $: < : $(mxserved $2 $) : > $1 < @ $2 > R< : $* : > $* $#error $@ 4.7.1 $: "450 Can not check MX records for recipient host " $1 -R<$* : $=w . : $*> $* $@ OK +R<$* : $=w . : $*> $* $@ RELAYTO R< : $* : > $* $: $2 # check for local user (i.e. unqualified address) R$* $: $1 R $* < @ $+ > $: $1 < @ $2 > # local user is ok -R $+ $@ OK +R $+ $@ RELAYTOLOCAL R<$+> $* $: $2 # anything originating locally is ok -R$* $: $&{client_name} -# check if bracketed IP address (forward lookup != reverse lookup) -R [$+] $: [$1] -# pass to name server to make hostname canonical -R $* $~P $: $[ $1 $2 $] -R<$-> $* $: $2 -R$* . $1 strip trailing dots -R$@ $@ OK -R$=w $@ OK -R$* $=R $@ OK -R$* $: $>LookUpDomain <$1> <$1> -R $* $@ RELAY -R<$*> <$*> $: $2 - # check IP address R$* $: $&{client_addr} -R$@ $@ OK originated locally -R0 $@ OK originated locally -R$=R $* $@ OK relayable IP address -R$* $: $>LookUpAddress <$1> <$1> -R $* $@ RELAY relayable IP address +R$@ $@ RELAYFROM originated locally +R0 $@ RELAYFROM originated locally +R$=R $* $@ RELAYFROM relayable IP address +R$* $: $>LookUpAddress <$1> <$1> <+Connect> +R $* $@ RELAYFROM relayable IP address R<$*> <$*> $: $2 R$* $: [ $1 ] put brackets around it... -R$=w $@ OK ... and see if it is local +R$=w $@ RELAYFROM ... and see if it is local + +# check client name: first: did it resolve? +R$* $: < $&{client_resolve} > +R $#error $@ 4.7.1 $: "450 Relaying temporarily denied. Cannot resolve PTR record for " $&{client_addr} +R $#error $@ 5.7.1 $: "550 Relaying denied. IP name possibly forged " $&{client_name} +R $#error $@ 5.7.1 $: "550 Relaying denied. IP name lookup failed " $&{client_name} +R$* $: $&{client_name} +# pass to name server to make hostname canonical +R $* $~P $: $[ $1 $2 $] +R$* . $1 strip trailing dots +R $@ RELAYFROM +R $=w $@ RELAYFROM +R $* $=R $@ RELAYFROM +R $* $: $>LookUpDomain <$1> <$1> <+Connect> +R $* $@ RELAYFROM +R<$*> <$*> $: $2 # anything else is bogus R$* $#error $@ 5.7.1 $: "550 Relaying denied" +###################################################################### +### SearchList: search a list of items in the access map +### Parameters: +### $| ... <> +### where "exact" is either "+" or "!": +### <+ TAG> lookup with and w/o tag +### lookup with tag +### possible values for "mark" are: +### H: recursive host lookup (LookUpDomain) +### E: exact lookup, no modifications +### F: full lookup, try user+ext@domain and user@domain +### U: user lookup, try user+ext and user (input must have trailing @) +### return: or (not found) +###################################################################### + +# class with valid marks for SearchList +C{src}E F H U +SSearchList +# mark H: lookup domain +R<$+> $| <$*> $: <$1> $| <@> $>LookUpDomain <$2> <$3> <$1> +R<$+> $| <@> <$+> <$*> $: <$1> $| <$2> <$3> +R<$- $-> $| <$={src}:$+> <$*> $: <$1 $2> $| <$(access $2:$4 $: $3:$4 $)> <$5> +R<+ $-> $| <$={src}:$+> <$*> $: <+ $1> $| <$(access $3 $: $2:$3 $)> <$4> +R<$- $-> $| <$*> $: <$1 $2> $| <$(access $2:$3@$5 $: F:$3 + $4@$5$)> <$6> +R<+ $-> $| <$*> $: <+ $1> $| <$(access $2@$4 $: F:$2 + $3@$4$)> <$5> +R<$- $-> $| <$*> $: <$1 $2> $| <$(access $2:$3@ $: U:$3 + $4$)> <$5> +R<+ $-> $| <$*> $: <+ $1> $| <$(access $2@ $: U:$2 + $3$)> <$4> +R<$+> $| <$={src}:$+> <$+> $@ $>SearchList <$1> $| <$4> +R<$+> $| <$={src}:$+> <> $@ +R<$+> $| <$+> <$*> $@ <$2> +R<$+> $| <$+> $@ <$2> + +# is user trusted to authenticate as someone else? +Strust_auth +R$* $: $&{auth_type} $| $1 +# required by RFC 2554 section 4. +R$@ $| $* $#error $@ 5.7.1 $: "550 not authenticated" +R$* $| $&{auth_authen} $@ identical +R$* $| <$&{auth_authen}> $@ identical +R$* $| $* $: $1 $| $>"Local_trust_auth" $1 +R$* $| $#$* $#$2 +R$* $#error $@ 5.7.1 $: "550 " $&{auth_authen} " not allowed to act as " $&{auth_author} + +SLocal_trust_auth + + +# is connection with client "good" enough? (done in server) +# input: ${verify} $| (MAIL|STARTTLS) +Stls_client +R$* $| $* $: $1 $| $>LookUpDomain <$&{client_name}> <> +R$* $| $* $: $1 $| $>LookUpAddress <$&{client_addr}> <> +R$* $| $* $: $1 $| <$(access TLS_Clt: $: ? $)> +R$* $@ $>"tls_connection" $1 + +# is connection with server "good" enough? (done in client) +# input: ${verify} +Stls_server +R$* $: $1 $| $>LookUpDomain <$&{server_name}> <> +R$* $| $* $: $1 $| $>LookUpAddress <$&{server_addr}> <> +R$* $| $* $: $1 $| <$(access TLS_Srv: $: ? $)> +R$* $@ $>"tls_connection" $1 + +Stls_connection +R$* $| <$*>$* $: $1 $| <$2> +R$* $| $: $1 $| <503:5.7.0> <$2 $3> +R$* $| $: $1 $| <403:4.7.0> <$2 $3> +R$* $| <$={tls} $*> $: $1 $| <403:4.7.0> <$2 $3> +RSOFTWARE $| <$-:$+> $* $#error $@ $2 $: $1 " TLS handshake failed." +RSOFTWARE $| $* $#error $@ 4.7.0 $: "403 TLS handshake failed." +R$* $| <$*> $: <$2> $1 +R$* $| <$*> <$={tls}:$->$* $: <$2> <$3:$4> $1 +R$* $| $* $@ OK +# authentication required: give appropriate error +# other side did authenticate (via STARTTLS) +R<$*> OK $@ OK +R<$*> OK $: <$1> +R<$*> $* $: <$1> +R<$-:$+> $#error $@ $2 $: $1 " authentication required" +R<$-:$+> FAIL $#error $@ $2 $: $1 " authentication failed" +R<$-:$+> NO $#error $@ $2 $: $1 " not authenticated" +R<$-:$+> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" +R<$-:$+> $+ $#error $@ $2 $: $1 " authentication failure " $4 +R<$*> $: <$1> $>max $&{cipher_bits} : $&{auth_ssf} +R<$*> $- $: <$1> <$2:$3> $(arith l $@ $3 $@ $2 $) +R<$-:$+><$-:$-> TRUE $#error $@ $2 $: $1 " encryption too weak " $4 " less than " $3 + +Smax +R: $: 0 +R:$- $: $1 +R$-: $: $1 +R$-:$- $: $(arith l $@ $1 $@ $2 $) : $1 : $2 +RTRUE:$-:$- $: $2 +R$-:$-:$- $: $2 + +SRelayAuth +# authenticated? +R$* $| OK $: $1 +R$* $| $* $@ NO not authenticated +R$* $: $1 $| $&{cert_issuer} +R$* $| $+ $: $1 $| $(access CERTISSUER:$2 $) +R$* $| RELAY $# RELAYCERTISSUER +R$* $| SUBJECT $: $1 $| <@> $&{cert_subject} +R$* $| <@> $+ $: $1 $| <@> $(access CERTSUBJECT:$2 $) +R$* $| <@> RELAY $# RELAYCERTSUBJECT +R$* $| $* $: $1 + + # ###################################################################### ###################################################################### @@ -1062,106 +1341,68 @@ ### Local and Program Mailer specification ### ################################################## -##### @(#)local.m4 8.30 (Berkeley) 6/30/1998 ##### - -Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qSXfmnz9P, S=10/30, R=20/40, - T=DNS/RFC822/X-Unix, - A=mail.local -l -Mprog, P=/bin/sh, F=lsDFMoqeu9, S=10/30, R=20/40, D=$z:/, - T=X-Unix, - A=sh -c $u +##### $Id: local.m4,v 8.50.16.2 2000/09/17 17:04:22 gshapiro Exp $ ##### # # Envelope sender rewriting # -S10 +SEnvFromL=10 R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity -R$+ $: $>50 $1 add local domain if needed -R$* $: $>94 $1 do masquerading +R$+ $: $>AddDomain $1 add local domain if needed +R$* $: $>MasqEnv $1 do masquerading # # Envelope recipient rewriting # -S20 +SEnvToL=20 R$+ < @ $* > $: $1 strip host part # # Header sender rewriting # -S30 +SHdrFromL=30 R<@> $n errors to mailer-daemon R@ <@ $*> $n temporarily bypass Sun bogosity -R$+ $: $>50 $1 add local domain if needed -R$* $: $>93 $1 do masquerading +R$+ $: $>AddDomain $1 add local domain if needed +R$* $: $>MasqHdr $1 do masquerading # # Header recipient rewriting # -S40 -R$+ $: $>50 $1 add local domain if needed +SHdrToL=40 +R$+ $: $>AddDomain $1 add local domain if needed +R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 # # Common code to add local domain name (only if always-add-domain) # -S50 +SAddDomain=50 + +Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5:/|@qPSXfmnz9P, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, + T=DNS/RFC822/SMTP, + A=mail.local -l +Mprog, P=/bin/sh, F=lsDFMoqeu9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, D=$z:/, + T=X-Unix/X-Unix/X-Unix, + A=sh -c $u ##################################### ### SMTP Mailer specification ### ##################################### -##### @(#)smtp.m4 8.38 (Berkeley) 5/19/1998 ##### - -Msmtp, P=[IPC], F=mDFMuX, S=11/31, R=21, E=\r\n, L=990, - T=DNS/RFC822/SMTP, - A=IPC $h -Mesmtp, P=[IPC], F=mDFMuXa, S=11/31, R=21, E=\r\n, L=990, - T=DNS/RFC822/SMTP, - A=IPC $h -Msmtp8, P=[IPC], F=mDFMuX8, S=11/31, R=21, E=\r\n, L=990, - T=DNS/RFC822/SMTP, - A=IPC $h -Mrelay, P=[IPC], F=mDFMuXa8, S=11/31, R=61, E=\r\n, L=2040, - T=DNS/RFC822/SMTP, - A=IPC $h - -# -# envelope sender rewriting -# -S11 -R$+ $: $>51 $1 sender/recipient common -R$* :; <@> $@ list:; special case -R$* $: $>61 $1 qualify unqual'ed names -R$+ $: $>94 $1 do masquerading - - -# -# envelope recipient rewriting -- -# also header recipient if not masquerading recipients -# -S21 -R$+ $: $>51 $1 sender/recipient common -R$+ $: $>61 $1 qualify unqual'ed names - +##### $Id: smtp.m4,v 8.56.2.1.2.3 2000/09/25 13:53:27 ca Exp $ ##### # -# header sender and masquerading header recipient rewriting +# common sender and masquerading recipient rewriting # -S31 -R$+ $: $>51 $1 sender/recipient common -R:; <@> $@ list:; special case - -# do special header rewriting -R$* <@> $* $@ $1 <@> $2 pass null host through -R< @ $* > $* $@ < @ $1 > $2 pass route-addr through -R$* $: $>61 $1 qualify unqual'ed names -R$+ $: $>93 $1 do masquerading - +SMasqSMTP=61 +R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified +R$+ $@ $1 < @ *LOCAL* > add local qualification # # convert pseudo-domain addresses to real domain addresses # -S51 +SPseudoToReal=51 # pass s through R< @ $+ > $* $@ < @ $1 > $2 resolve @@ -1182,18 +1423,58 @@ # -# common sender and masquerading recipient rewriting +# envelope sender rewriting # -S61 +SEnvFromSMTP=11 +R$+ $: $>PseudoToReal $1 sender/recipient common +R$* :; <@> $@ list:; special case +R$* $: $>MasqSMTP $1 qualify unqual'ed names +R$+ $: $>MasqEnv $1 do masquerading -R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified -R$+ $@ $1 < @ *LOCAL* > add local qualification + +# +# envelope recipient rewriting -- +# also header recipient if not masquerading recipients +# +SEnvToSMTP=21 +R$+ $: $>PseudoToReal $1 sender/recipient common +R$+ $: $>MasqSMTP $1 qualify unqual'ed names +R$* < @ *LOCAL* > $* $: $1 < @ $j . > $2 + +# +# header sender and masquerading header recipient rewriting +# +SHdrFromSMTP=31 +R$+ $: $>PseudoToReal $1 sender/recipient common +R:; <@> $@ list:; special case + +# do special header rewriting +R$* <@> $* $@ $1 <@> $2 pass null host through +R< @ $* > $* $@ < @ $1 > $2 pass route-addr through +R$* $: $>MasqSMTP $1 qualify unqual'ed names +R$+ $: $>MasqHdr $1 do masquerading # # relay mailer header masquerading recipient rewriting # -S71 +SMasqRelay=71 +R$+ $: $>MasqSMTP $1 +R$+ $: $>MasqHdr $1 + +Msmtp, P=[IPC], F=mDFMuX, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Mesmtp, P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Msmtp8, P=[IPC], F=mDFMuX8, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Mdsmtp, P=[IPC], F=mDFMuXa%, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990, + T=DNS/RFC822/SMTP, + A=TCP $h +Mrelay, P=[IPC], F=mDFMuXa8, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=2040, + T=DNS/RFC822/SMTP, + A=TCP $h -R$+ $: $>61 $1 -R$+ $: $>93 $1 diff -urN 4.1-RELEASE/etc/mail/virtusertable.sample 4.2-RELEASE/etc/mail/virtusertable.sample --- 4.1-RELEASE/etc/mail/virtusertable.sample Thu Jul 27 12:14:59 2000 +++ 4.2-RELEASE/etc/mail/virtusertable.sample Mon Nov 20 21:03:12 2000 @@ -1,8 +1,8 @@ -# $FreeBSD: src/etc/mail/virtusertable.sample,v 1.1.2.1 2000/03/20 12:21:05 peter Exp $ +# $FreeBSD: src/etc/mail/virtusertable.sample,v 1.1.2.2 2000/11/03 07:23:50 dirk Exp $ # # Map one or all usernames at a source hostname to a specific (or the same) # username at another target hostname. Remember to add the source hostname -# to /etc/mail/sendmail.cw so that sendmail will accept mail for the +# to /etc/mail/local-host-names so that sendmail will accept mail for the # source hostname. # username@a.sample.hostname localuser diff -urN 4.1-RELEASE/etc/mtree/BSD.include.dist 4.2-RELEASE/etc/mtree/BSD.include.dist --- 4.1-RELEASE/etc/mtree/BSD.include.dist Thu Jul 27 12:14:58 2000 +++ 4.2-RELEASE/etc/mtree/BSD.include.dist Mon Nov 20 21:03:12 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.32.2.1 2000/07/13 06:28:47 obrien Exp $ +# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.32.2.4 2000/11/05 12:30:01 brian Exp $ # # Please see the file README before making changes to this file. # @@ -21,6 +21,8 @@ std .. .. + isc + .. isofs cd9660 .. @@ -44,6 +46,8 @@ netipx .. netkey + .. + netnatm .. netncp .. diff -urN 4.1-RELEASE/etc/mtree/BSD.local.dist 4.2-RELEASE/etc/mtree/BSD.local.dist --- 4.1-RELEASE/etc/mtree/BSD.local.dist Thu Jul 27 12:14:58 2000 +++ 4.2-RELEASE/etc/mtree/BSD.local.dist Mon Nov 20 21:03:12 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/mtree/BSD.local.dist,v 1.55.2.1 2000/06/29 07:39:14 asami Exp $ +# $FreeBSD: src/etc/mtree/BSD.local.dist,v 1.55.2.2 2000/09/16 22:26:07 ache Exp $ # # Please see the file README before making changes to this file. # @@ -285,6 +285,8 @@ .. sv_SE.ISO_8859-1 .. + tr_TR.ISO_8859-9 + .. uk_UA.KOI8-U .. zh_CN.EUC diff -urN 4.1-RELEASE/etc/mtree/BSD.usr.dist 4.2-RELEASE/etc/mtree/BSD.usr.dist --- 4.1-RELEASE/etc/mtree/BSD.usr.dist Thu Jul 27 12:14:58 2000 +++ 4.2-RELEASE/etc/mtree/BSD.usr.dist Mon Nov 20 21:03:12 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/mtree/BSD.usr.dist,v 1.188.2.3 2000/06/30 11:06:17 tg Exp $ +# $FreeBSD: src/etc/mtree/BSD.usr.dist,v 1.188.2.7 2000/10/19 21:30:25 gshapiro Exp $ # # Please see the file README before making changes to this file. # @@ -238,8 +238,6 @@ .. 08.sendmailop .. - 09.sendmail - .. 10.named .. 11.timedop @@ -328,6 +326,10 @@ test .. .. + dyn_sysctl + module + .. + .. syscall module .. @@ -555,6 +557,8 @@ .. sv_SE.ISO_8859-1 .. + tr_TR.ISO_8859-9 + .. uk_UA.KOI8-U .. zh_CN.EUC @@ -795,6 +799,8 @@ .. sv_SE.ISO_8859-1 .. + tr_TR.ISO_8859-9 + .. uk_UA.KOI8-U .. zh_CN.EUC @@ -813,6 +819,8 @@ man3 .. .. + .. + sendmail .. skel .. diff -urN 4.1-RELEASE/etc/mtree/BSD.x11-4.dist 4.2-RELEASE/etc/mtree/BSD.x11-4.dist --- 4.1-RELEASE/etc/mtree/BSD.x11-4.dist Thu Jan 1 09:00:00 1970 +++ 4.2-RELEASE/etc/mtree/BSD.x11-4.dist Mon Nov 20 21:03:12 2000 @@ -0,0 +1,374 @@ +# $FreeBSD: src/etc/mtree/BSD.x11-4.dist,v 1.13.2.1 2000/08/25 10:08:20 asami Exp $ +# +# Please see the file README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + bin + .. + etc + rc.d + .. + .. + include + DPS + .. + GL + .. + X11 + ICE + .. + PEX5 + .. + PM + .. + SM + .. + Xaw + .. + Xmu + .. + bitmaps + .. + extensions + .. + fonts + codeconv + .. + .. + pixmaps + .. + .. + bitmaps + .. + .. + info + .. + lib + X11 + XF86Setup + pics + .. + scripts + .. + tcllib + .. + .. + app-defaults + .. + config + .. + doc + PostScript + .. + html + .. + .. + etc + .. + fonts + 100dpi + .. + 75dpi + .. + CID + .. + PEX + .. + Speedo + .. + Type1 + .. + cyrillic + .. + encodings + large + .. + .. + latin2 + 100dpi + .. + 75dpi + .. + .. + local + .. + misc + .. + .. + fs + .. + lbxproxy + .. + locale + C + .. + armscii-8 + .. + en_US.UTF-8 + .. + en_US.utf + .. + georgian-academy + .. + georgian-ps + .. + ibm-cp1133 + .. + iso8859-1 + .. + iso8859-2 + .. + iso8859-3 + .. + iso8859-4 + .. + iso8859-5 + .. + iso8859-6 + .. + iso8859-7 + .. + iso8859-8 + .. + iso8859-9 + .. + iso8859-10 + .. + iso8859-14 + .. + iso8859-15 + .. + ja + .. + ja.JIS + .. + ja.SJIS + .. + ko + .. + koi8-r + .. + koi8-u + .. + mulelao-1 + .. + tbl_data + .. + th_TH.TACTIS + .. + vi_VN.tcvn + .. + vi_VN.viscii + .. + zh + .. + zh_TW + .. + zh_TW.Big5 + .. + .. + proxymngr + .. + rstart + commands + x11r6 + .. + .. + contexts + .. + .. + twm + .. + x11perfcomp + .. + xdm + pixmaps + .. + .. + xinit + .. + xkb + compat + .. + compiled + .. + geometry + digital + .. + sgi + .. + .. + keycodes + digital + .. + sgi + .. + .. + keymap + digital + .. + sgi + .. + sun + .. + .. + rules + .. + semantics + .. + symbols + digital + .. + fujitsu + .. + hp + .. + macintosh + .. + nec + .. + sgi + .. + sony + .. + sun + .. + xfree68 + .. + .. + types + .. + .. + xserver + .. + xsm + .. + .. + aout + .. + modules + codeconv + .. + dri + .. + drivers + .. + extensions + .. + fonts + .. + freebsd + .. + input + .. + .. + .. + libexec + .. + man +/set type=dir uname=man gname=wheel mode=0755 + cat1 + .. + cat2 + .. + cat3 + .. + cat4 + .. + cat5 + .. + cat6 + .. + cat7 + .. + cat8 + .. + cat9 + .. + catl + .. + catn + .. + ja uname=root + cat1 + .. + cat2 + .. + cat3 + .. + cat4 + .. + cat5 + .. + cat6 + .. + cat7 + .. + cat8 + .. + cat9 + .. + catl + .. + catn + .. +/set type=dir uname=root gname=wheel mode=0755 + man1 + .. + man2 + .. + man3 + .. + man4 + .. + man5 + .. + man6 + .. + man7 + .. + man8 + .. + man9 + .. + manl + .. + mann + .. + .. + man1 + .. + man2 + .. + man3 + .. + man4 + .. + man5 + .. + man6 + .. + man7 + .. + man8 + .. + man9 + .. + manl + .. + mann + .. + .. + share + aclocal + .. + doc + ja + .. + .. + examples + .. + .. +.. diff -urN 4.1-RELEASE/etc/newsyslog.conf 4.2-RELEASE/etc/newsyslog.conf --- 4.1-RELEASE/etc/newsyslog.conf Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/newsyslog.conf Mon Nov 20 21:03:04 2000 @@ -1,16 +1,19 @@ # configuration file for newsyslog -# $FreeBSD: src/etc/newsyslog.conf,v 1.25 2000/02/08 21:57:27 rwatson Exp $ +# $FreeBSD: src/etc/newsyslog.conf,v 1.25.2.2 2000/09/20 02:43:46 jkh Exp $ # # logfilename [owner:group] mode count size when [ZB] [/pid_file] [sig_num] /var/log/cron 600 3 100 * Z -/var/log/amd.log 664 7 100 * Z -/var/log/kerberos.log 664 7 100 * Z -/var/log/lpd-errs 664 7 100 * Z -/var/log/maillog 664 7 * @T00 Z -/var/log/sendmail.st 664 10 * 168 B -/var/log/messages 664 5 100 * Z +/var/log/amd.log 644 7 100 * Z +/var/log/kerberos.log 644 7 100 * Z +/var/log/lpd-errs 644 7 100 * Z +/var/log/maillog 644 7 * @T00 Z +/var/log/sendmail.st 644 10 * 168 B +/var/log/messages 644 5 100 * Z /var/log/all.log 600 7 * @T00 Z /var/log/slip.log 600 3 100 * Z /var/log/ppp.log 600 3 100 * Z /var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B +/var/log/daily.log 640 7 * @T00 Z +/var/log/weekly.log 640 5 1 $W6D0 Z +/var/log/monthly.log 640 12 * $M1D0 Z diff -urN 4.1-RELEASE/etc/pam.conf 4.2-RELEASE/etc/pam.conf --- 4.1-RELEASE/etc/pam.conf Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/pam.conf Mon Nov 20 21:03:04 2000 @@ -7,7 +7,7 @@ # work quite right. If you delete the final entry, be sure to change # "sufficient" to "required" in the entry before it. # -# $FreeBSD: src/etc/pam.conf,v 1.6 2000/02/12 20:22:20 shin Exp $ +# $FreeBSD: src/etc/pam.conf,v 1.6.2.1 2000/10/06 10:50:18 ru Exp $ # If the user can authenticate with S/Key, that's sufficient; allow clear # password. Try kerberos, then try plain unix password. @@ -23,7 +23,7 @@ ftpd auth required pam_unix.so try_first_pass # r-utils are broken; ensure this doesn't bother folk -rshd auth sufficient pam_deny.so +rshd auth required pam_deny.so # Don't break startx xserver auth required pam_permit.so diff -urN 4.1-RELEASE/etc/pccard_ether 4.2-RELEASE/etc/pccard_ether --- 4.1-RELEASE/etc/pccard_ether Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/pccard_ether Mon Nov 20 21:03:04 2000 @@ -1,12 +1,40 @@ #!/bin/sh - # -# $FreeBSD: src/etc/pccard_ether,v 1.15.2.2 2000/07/18 20:50:57 ume Exp $ +# $FreeBSD: src/etc/pccard_ether,v 1.15.2.4 2000/10/30 02:42:04 joe Exp $ # -# pccard_ether interfacename [ifconfig option] +# pccard_ether interfacename [start|stop] [ifconfig option] # -# example: pccard_ether ep0 -link0 +# example: pccard_ether ep0 start -link0 # +stop_dhcp() { + if [ -r /sbin/dhclient ]; then + pidfile="/var/run/dhclient.${interface}.pid" + if [ -s ${pidfile} ]; then + kill `cat ${pidfile}` + rm ${pidfile} + fi + elif [ -r /usr/local/sbin/dhcpc ]; then + pidfile="/var/run/dhcpc.${interface}.pid" + if [ -s ${pidfile} ]; then + kill `cat ${pidfile}` + rm ${pidfile} + fi + fi +} + +start_dhcp() { + stop_dhcp + if [ -r /sbin/dhclient ]; then + pidfile="/var/run/dhclient.${interface}.pid" + /sbin/dhclient -pf ${pidfile} $interface + elif [ -r /usr/local/sbin/dhcpc ]; then + /usr/local/sbin/dhcpc $interface + else + echo "DHCP client software not available (isc-dhcp2)" + fi +} + # Suck in the configuration variables # if [ -r /etc/defaults/rc.conf ]; then @@ -18,63 +46,62 @@ interface=$1 shift +startstop=$1 +shift -case ${pccard_ifconfig} in -[Nn][Oo] | '') - ;; -[Dd][Hh][Cc][Pp]) - if [ -r /sbin/dhclient ]; then - if [ -s /var/run/dhclient.pid ]; then - kill `cat /var/run/dhclient.pid` - rm /var/run/dhclient.pid - fi - /sbin/dhclient $interface - elif [ -r /usr/local/sbin/dhcpc ]; then - if [ -s /var/run/dhcpc.pid ]; then - kill `cat /var/run/dhcpc.pid` - rm /var/run/dhcpc.pid - fi - /usr/local/sbin/dhcpc $interface $* - else - echo "DHCP client software not available (isc-dhcp2)" - fi - ;; -*) - ifconfig ${interface} ${pccard_ifconfig} $* - ;; -esac +case ${startstop} in +[Ss][Tt][Aa][Rr][Tt] | '') + case ${pccard_ifconfig} in + [Nn][Oo] | '') + ;; + [Dd][Hh][Cc][Pp]) + start_dhcp + ;; + *) + ifconfig ${interface} ${pccard_ifconfig} $* + ;; + esac -case ${defaultrouter} in -[Nn][Oo] | '') - ;; -*) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - ;; -esac + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac -# Set up any static routes. -# -if [ -n "${static_routes}" ]; then - # flush beforehand, just in case.... - route -n flush - arp -d -a - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done -fi + # Set up any static routes. + # + if [ -n "${static_routes}" ]; then + # flush beforehand, just in case.... + route -n flush + arp -d -a + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi -# IPv6 setup -case ${ipv6_enable} in -[Yy][Ee][Ss]) - case ${ipv6_gateway_enable} in + # IPv6 setup + case ${ipv6_enable} in [Yy][Ee][Ss]) - ;; - *) - ifconfig ${interface} up - rtsol ${interface} + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) + ;; + *) + sysctl -w net.inet6.ip6.forwarding=0 + sysctl -w net.inet6.ip6.accept_rtadv=1 + ifconfig ${interface} up + rtsol ${interface} + ;; + esac ;; esac + ;; +# Stop the interface +*) + /sbin/ifconfig ${interface} delete + stop_dhcp ;; esac diff -urN 4.1-RELEASE/etc/periodic/daily/100.clean-disks 4.2-RELEASE/etc/periodic/daily/100.clean-disks --- 4.1-RELEASE/etc/periodic/daily/100.clean-disks Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/100.clean-disks Mon Nov 20 21:03:05 2000 @@ -1,11 +1,53 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/100.clean-disks,v 1.3 1999/08/27 23:24:02 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/100.clean-disks,v 1.3.2.4 2000/09/22 06:55:23 brian Exp $ # +# Remove garbage files more than $daily_clean_disks_days days old +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_clean_disks_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_disks_days" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_days is not' + rc=2 + elif [ -z "$daily_clean_disks_files" ] + then + echo '$daily_clean_disks_enable is set but' \ + '$daily_clean_disks_files is not' + rc=2 + else + echo "" + echo "Removing old temporary files:" + set -f noglob + args="$args "`echo " ${daily_clean_disks_files% }" | + sed 's/[ ][ ]*/ -name /g'` + + case "$daily_clean_tmps_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ + \( $args \) -atime +$daily_clean_disks_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + set -f glob + fi;; -exit 0 # do not run by default + *) rc=0;; +esac -find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ - \( -name '[#,]*' -o -name '.#*' -o -name a.out -o -name '*.core' \ - -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ - -a -atime +3 -delete +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/110.clean-tmps 4.2-RELEASE/etc/periodic/daily/110.clean-tmps --- 4.1-RELEASE/etc/periodic/daily/110.clean-tmps Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/110.clean-tmps Mon Nov 20 21:03:05 2000 @@ -1,26 +1,56 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/110.clean-tmps,v 1.6 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/110.clean-tmps,v 1.6.2.2 2000/09/20 02:46:15 jkh Exp $ # -# Use at your own risk, but for a long-living system, this might come -# more useful than the boot-time cleaning of /tmp. If /var/tmp and -# /tmp are symlinked together, only one of the below will actually -# run. +# Perform temporary directory cleaning so that long-lived systems +# don't end up with excessively old files there. # -exit 0 # do not run by default - -if [ -d /tmp ]; then - cd /tmp && { - find . -type f -atime +3 -ctime +3 ! -name '.X*-lock' \ - ! -name quota.user ! -name quota.group -delete - find -d . ! -name . -type d -mtime +1 -delete - } +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi -if [ -d /var/tmp ]; then - cd /var/tmp && { - find . ! -name . -atime +7 -ctime +3 -delete - find -d . ! -name . ! -name vi.recover -type d -mtime +1 -delete - } -fi +case "$daily_clean_tmps_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_tmps_days" ] + then + echo '$daily_clean_tmps_enable is set but' \ + '$daily_clean_tmps_days is not' + rc=2 + else + echo "" + echo "Removing old temporary files:" + + set -f noglob + args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days" + [ -n "$daily_clean_tmps_ignore" ] && + args="$args "`echo " ${daily_clean_tmps_ignore% }" | + sed 's/[ ][ ]*/ ! -name /g'` + case "$daily_clean_tmps_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(for dir in $daily_clean_tmps_dirs + do + [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && { + find -d . -type f $args -delete $print + find -d . ! -name . -type d -mtime \ + +$daily_clean_tmps_days -delete $print + } | sed "s,^\\., $dir," + done | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + set -f glob + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/120.clean-preserve 4.2-RELEASE/etc/periodic/daily/120.clean-preserve --- 4.1-RELEASE/etc/periodic/daily/120.clean-preserve Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/120.clean-preserve Mon Nov 20 21:03:05 2000 @@ -1,11 +1,53 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/120.clean-preserve,v 1.4 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/120.clean-preserve,v 1.4.2.2 2000/09/20 02:46:15 jkh Exp $ +# +# Remove stale files in /var/preserve # -if [ -d /var/preserve ]; then - echo "" - echo "Removing stale files from /var/preserve:" - - cd /var/preserve && find . ! -name . -mtime +7 -delete +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_clean_preserve_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_preserve_days" ] + then + echo '$daily_clean_preserve_enable is set but' \ + '$daily_clean_preserve_days is not' + rc=2 + elif [ ! -d /var/preserve ] + then + echo '$daily_clean_preserve_enable is set but /var/preserve' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Removing stale files from /var/preserve:" + + if cd /var/preserve + then + case "$daily_clean_preserve_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/130.clean-msgs 4.2-RELEASE/etc/periodic/daily/130.clean-msgs --- 4.1-RELEASE/etc/periodic/daily/130.clean-msgs Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/130.clean-msgs Mon Nov 20 21:03:05 2000 @@ -1,12 +1,35 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/130.clean-msgs,v 1.3 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/130.clean-msgs,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -# remove system messages older than 21 days +# Remove system messages # -if [ -d /var/msgs ] ; then - echo "" - echo "Cleaning out old system announcements:" - msgs -c +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_clean_msgs_enable" in + [Yy][Ee][Ss]) + if [ ! -d /var/msgs ] + then + echo '$daily_clean_msgs_enable is set but /var/msgs' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Cleaning out old system announcements:" + + [ -n "$daily_clean_msgs_days" ] && + arg=-${daily_clean_msgs_days#-} || arg= + msgs -c $arg && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/140.clean-rwho 4.2-RELEASE/etc/periodic/daily/140.clean-rwho --- 4.1-RELEASE/etc/periodic/daily/140.clean-rwho Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/140.clean-rwho Mon Nov 20 21:03:05 2000 @@ -1,12 +1,53 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/140.clean-rwho,v 1.4 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/140.clean-rwho,v 1.4.2.2 2000/09/20 02:46:15 jkh Exp $ +# +# Remove stale files in /var/rwho # -if [ -d /var/rwho ] ; then - echo "" - echo "Removing stale files from /var/rwho:" - - cd /var/rwho && find . ! -name . -mtime +7 -delete +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi +case "$daily_clean_rwho_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_rwho_days" ] + then + echo '$daily_clean_rwho_enable is enabled but' \ + '$daily_clean_rwho_days is not set' + rc=2 + elif [ ! -d /var/rwho ] + then + echo '$daily_clean_rwho_enable is enabled but /var/rwho' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Removing stale files from /var/rwho:" + + case "$daily_clean_rwho_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + if cd /var/rwho + then + rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/150.clean-hoststat 4.2-RELEASE/etc/periodic/daily/150.clean-hoststat --- 4.1-RELEASE/etc/periodic/daily/150.clean-hoststat Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/150.clean-hoststat Mon Nov 20 21:03:05 2000 @@ -1,11 +1,53 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/150.clean-hoststat,v 1.3 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/150.clean-hoststat,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ +# +# Remove stale files in /var/spool/.hoststat # -if [ -d /var/spool/.hoststat ] ; then - echo "" - echo "Removing stale files from /var/spool/.hoststat:" - - cd /var/spool/.hoststat && find * -mtime +3 -delete +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_clean_hoststat_enable" in + [Yy][Ee][Ss]) + if [ -z "$daily_clean_hoststat_days" ] + then + echo '$daily_clean_hoststat_enable is enabled but' \ + '$daily_clean_hoststat_days is not set' + rc=2 + elif [ ! -d /var/spool/.hoststat ] + then + echo '$daily_clean_hoststat_enable is enabled but' \ + "/var/spool/.hoststat doesn't exist" + rc=2 + else + echo "" + echo "Removing stale files from /var/spool/.hoststat:" + + case "$daily_clean_hoststat_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + if cd /var/hoststat + then + rc=$(find . ! -name . -mtime +$daily_clean_hoststat_days \ + -delete $print | tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/200.backup-passwd 4.2-RELEASE/etc/periodic/daily/200.backup-passwd --- 4.1-RELEASE/etc/periodic/daily/200.backup-passwd Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/200.backup-passwd Mon Nov 20 21:03:05 2000 @@ -1,41 +1,77 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/200.backup-passwd,v 1.6 2000/01/27 22:52:43 obrien Exp $ +# $FreeBSD: src/etc/periodic/daily/200.backup-passwd,v 1.6.2.2 2000/09/20 02:46:15 jkh Exp $ # -bak=/var/backups -if [ -f /etc/master.passwd -o -f /etc/group ] ; then - echo "" - echo "Backup passwd and group files:" - - if [ ! -f $bak/master.passwd.bak ] ; then - echo "no $bak/master.passwd.bak" - cp -p /etc/master.passwd $bak/master.passwd.bak - fi - - if cmp -s $bak/master.passwd.bak /etc/master.passwd; then :; else - echo "$host passwd diffs:" - diff $bak/master.passwd.bak /etc/master.passwd |\ - sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' - mv $bak/master.passwd.bak $bak/master.passwd.bak2 - cp -p /etc/master.passwd $bak/master.passwd.bak - fi - - if [ ! -f $bak/group.bak ] ; then - echo "no $bak/group.bak" - cp -p /etc/group $bak/group.bak - fi - - if cmp -s $bak/group.bak /etc/group; then :; else - echo "$host group diffs:" - diff $bak/group.bak /etc/group - mv $bak/group.bak $bak/group.bak2 - cp -p /etc/group $bak/group.bak - fi - - if [ -f /etc/group ] ; then - echo "" - echo "Verifying group file syntax:" - chkgrp /etc/group - fi +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_backup_passwd_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/master.passwd ] + then + echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/group ] + then + echo '$daily_backup_passwd_enable" is set but /etc/group' \ + "doesn't exist" + rc=2 + else + bak=/var/backups + rc=0 + + echo "" + echo "Backup passwd and group files:" + + if [ ! -f $bak/master.passwd.bak ] + then + rc=1 + echo "no $bak/master.passwd.bak" + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 + fi + + if ! cmp -s $bak/master.passwd.bak /etc/master.passwd + then + [ $rc -lt 1 ] && rc=1 + echo "$host passwd diffs:" + diff $bak/master.passwd.bak /etc/master.passwd |\ + sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' + mv $bak/master.passwd.bak $bak/master.passwd.bak2 + cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 + fi + + if [ ! -f $bak/group.bak ] + then + [ $rc -lt 1 ] && rc=1 + echo "no $bak/group.bak" + cp -p /etc/group $bak/group.bak || rc=3 + fi + + if ! cmp -s $bak/group.bak /etc/group + then + [ $rc -lt 1 ] && rc=1 + echo "$host group diffs:" + diff $bak/group.bak /etc/group + mv $bak/group.bak $bak/group.bak2 + cp -p /etc/group $bak/group.bak || rc=3 + fi + + if [ -f /etc/group ] + then + echo "" + echo "Verifying group file syntax:" + chkgrp /etc/group || rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/210.backup-aliases 4.2-RELEASE/etc/periodic/daily/210.backup-aliases --- 4.1-RELEASE/etc/periodic/daily/210.backup-aliases Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/210.backup-aliases Mon Nov 20 21:03:05 2000 @@ -1,22 +1,47 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/210.backup-aliases,v 1.3 1999/12/28 21:38:12 obrien Exp $ +# $FreeBSD: src/etc/periodic/daily/210.backup-aliases,v 1.3.2.3 2000/09/20 02:46:15 jkh Exp $ # -bak=/var/backups -if [ -f /etc/aliases ] ; then - echo "" - echo "Backing up mail aliases:" - - if [ ! -f $bak/aliases.bak ] ; then - echo "no $bak/aliases.bak" - cp -p /etc/aliases $bak/aliases.bak - fi - - if cmp -s $bak/aliases.bak /etc/aliases; then :; else - echo "$host aliases diffs:" - diff -u $bak/aliases.bak /etc/aliases - mv $bak/aliases.bak $bak/aliases.bak2 - cp -p /etc/aliases $bak/aliases.bak - fi +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_backup_aliases_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/mail/aliases ] + then + echo '$daily_backup_aliases_enable is enabled but' \ + "/etc/mail/aliases doesn't exist" + rc=2 + else + bak=/var/backups + rc=0 + + echo "" + echo "Backing up mail aliases:" + + if [ ! -f $bak/aliases.bak ] + then + echo "no $bak/aliases.bak" + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 + fi + + if ! cmp -s $bak/aliases.bak /etc/mail/aliases + then + [ $rc -lt 1 ] && rc=1 + echo "$host aliases diffs:" + diff -u $bak/aliases.bak /etc/mail/aliases + mv $bak/aliases.bak $bak/aliases.bak2 + cp -p /etc/mail/aliases $bak/aliases.bak || rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/220.backup-distfile 4.2-RELEASE/etc/periodic/daily/220.backup-distfile --- 4.1-RELEASE/etc/periodic/daily/220.backup-distfile Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/220.backup-distfile Mon Nov 20 21:03:05 2000 @@ -1,15 +1,39 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/220.backup-distfile,v 1.3 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/220.backup-distfile,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -bak=/var/backups -if [ -f /etc/Distfile ]; then - echo "" - echo "Backing up /etc/Distfile:" - - if cmp -s $bak/Distfile.bak /etc/Distfile; then :; else - mv $bak/Distfile.bak $bak/Distfile.bak2 - cp /etc/Distfile $bak/Distfile.bak - fi +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_backup_distfile_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/Distfile ] + then + echo '$daily_backup_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else + bak=/var/backups + rc=0 + + echo "" + echo "Backing up /etc/Distfile:" + + if ! cmp -s $bak/Distfile.bak /etc/Distfile + then + rc=1 + mv $bak/Distfile.bak $bak/Distfile.bak2 + cp /etc/Distfile $bak/Distfile.bak || rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/300.calendar 4.2-RELEASE/etc/periodic/daily/300.calendar --- 4.1-RELEASE/etc/periodic/daily/300.calendar Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/300.calendar Mon Nov 20 21:03:05 2000 @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/300.calendar,v 1.3 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/300.calendar,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # # `calendar -a' needs to die. Why? Because it's a bad idea, particular # with networked home directories, but also in general. If you want the @@ -8,11 +8,22 @@ # or run it from your ~/.profile or ~/.login. # -exit 0 # do not run by default +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi -if [ -f /usr/bin/calendar ] ; then - echo "" - echo "Running calendar:" +case "$daily_calendar_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Running calendar:" - calendar -a -fi + calendar -a && rc=0 || rc=3;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/310.accounting 4.2-RELEASE/etc/periodic/daily/310.accounting --- 4.1-RELEASE/etc/periodic/daily/310.accounting Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/310.accounting Mon Nov 20 21:03:05 2000 @@ -1,16 +1,47 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/310.accounting,v 1.3 1999/08/27 23:24:03 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/310.accounting,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -f /var/account/acct ] ; then - echo "" - echo "Rotating accounting logs and gathering statistics:" - - cd /var/account - if [ -f acct.2 ] ; then mv -f acct.2 acct.3 ; fi - if [ -f acct.1 ] ; then mv -f acct.1 acct.2 ; fi - if [ -f acct.0 ] ; then mv -f acct.0 acct.1 ; fi - cp -pf acct acct.0 - sa -s > /dev/null +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_accounting_enable" in + [Yy][Ee][Ss]) + if [ ! -f /var/account/acct ] + then + echo '$daily_accounting_enable is set but /var/account/acct' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Rotating accounting logs and gathering statistics:" + + cd /var/account + rc=0 + + rm -f acct.3.gz acct.3 || rc=3 + [ -f acct.2.gz ] && { mv -f acct.2.gz acct.3.gz || rc=3; } + [ -f acct.2 ] && { mv -f acct.2 acct.3 || rc=3; } + [ -f acct.1.gz ] && { mv -f acct.1.gz acct.2.gz || rc=3; } + [ -f acct.1 ] && { mv -f acct.1 acct.2 || rc=3; } + [ -f acct.0.gz ] && { mv -f acct.0.gz acct.1.gz || rc=3; } + [ -f acct.0 ] && { mv -f acct.0 acct.1 || rc=3; } + cp -pf acct acct.0 || rc=3 + sa -s >/dev/null || rc=3 + + case "$daily_accounting_compress" in + [Yy][Ee][Ss]) + gzip -f acct.0 || rc=3;; + esac + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/320.rdist 4.2-RELEASE/etc/periodic/daily/320.rdist --- 4.1-RELEASE/etc/periodic/daily/320.rdist Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/320.rdist Mon Nov 20 21:03:05 2000 @@ -1,11 +1,31 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/320.rdist,v 1.3 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/320.rdist,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -f /etc/Distfile ]; then - echo "" - echo "Running rdist with /etc/Distfile:" - - rdist -f /etc/Distfile +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_distfile_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/Distfile ] + then + echo '$daily_distfile_enable is set but /etc/Distfile' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Running rdist with /etc/Distfile:" + + rdist -f /etc/Distfile && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/330.news 4.2-RELEASE/etc/periodic/daily/330.news --- 4.1-RELEASE/etc/periodic/daily/330.news Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/330.news Mon Nov 20 21:03:05 2000 @@ -1,11 +1,34 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/330.news,v 1.2 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/330.news,v 1.2.2.2 2000/09/20 02:46:15 jkh Exp $ # # Expire news articles # (This is present only for backwards compatibility, usually the news # system handles this on its own). -if [ -f /etc/news.expire ]; then - /etc/news.expire +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_news_expire_enable" in + [Yy][Ee][Ss]) + if [ ! -f /etc/news.expire ] + then + echo '$daily_news_expire_enable is set but /etc/news.expire' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Running news.expire:" + + /etc/news.expire && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/340.uucp 4.2-RELEASE/etc/periodic/daily/340.uucp --- 4.1-RELEASE/etc/periodic/daily/340.uucp Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/340.uucp Mon Nov 20 21:03:05 2000 @@ -1,14 +1,39 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/340.uucp,v 1.4 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/340.uucp,v 1.4.2.2 2000/09/20 02:46:15 jkh Exp $ # # Local cleanup of UUCP files. This is for backwards compatibility, # /etc/uuclean.daily doesn't exist by default. # -if [ -d /var/spool/uucp -a -f /etc/uuclean.daily ]; then - echo "" - echo "Cleaning up UUCP:" - echo /etc/uuclean.daily | su -m uucp +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi +case "$daily_uuclean_enable" in + [Yy][Ee][Ss]) + if [ ! -d /var/spool/uucp ] + then + echo '$daily_uuclean_enable is set, but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -f /etc/uuclean.daily ] + then + echo '$daily_uuclean_enable is set, but /etc/uuclean.daily' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Cleaning up UUCP:" + + echo /etc/uuclean.daily | su -m uucp && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/400.status-disks 4.2-RELEASE/etc/periodic/daily/400.status-disks --- 4.1-RELEASE/etc/periodic/daily/400.status-disks Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/400.status-disks Mon Nov 20 21:03:05 2000 @@ -1,14 +1,29 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/400.status-disks,v 1.2 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/400.status-disks,v 1.2.2.2 2000/09/20 02:46:15 jkh Exp $ # -echo "" -echo "Disk status:" +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_status_disks_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Disk status:" + + df $daily_status_disks_df_flags && rc=0 || rc=3 + + # display which filesystems need backing up -df -k -t nonfs + echo "" + dump W || rc=3;; -# display which filesystems need backing up + *) rc=0;; +esac -echo "" -dump W +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/410.status-uucp 4.2-RELEASE/etc/periodic/daily/410.status-uucp --- 4.1-RELEASE/etc/periodic/daily/410.status-uucp Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/410.status-uucp Mon Nov 20 21:03:05 2000 @@ -1,11 +1,36 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/410.status-uucp,v 1.3 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/410.status-uucp,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -d /var/spool/uucp -a -x /usr/bin/uustat ]; then - echo "" - echo "UUCP status:" - - uustat -a +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_status_uucp_enable" in + [Yy][Ee][Ss]) + if [ ! -d /var/spool/uucp ] + then + echo '$daily_status_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/bin/uustat ] + then + echo '$daily_status_uucp_enable is set but /usr/bin/uustat' \ + "isn't executable" + rc=2 + else + echo "" + echo "UUCP status:" + + uustat -a && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/420.status-network 4.2-RELEASE/etc/periodic/daily/420.status-network --- 4.1-RELEASE/etc/periodic/daily/420.status-network Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/420.status-network Mon Nov 20 21:03:05 2000 @@ -1,11 +1,29 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/420.status-network,v 1.3 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/420.status-network,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -x /usr/bin/netstat ] ; then - echo "" - echo "Network interface status:" - - netstat -i +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_status_network_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Network interface status:" + + case "$daily_status_network_usedns" in + [Yy][Ee][Ss]) + netstat -i && rc=0 || rc=3;; + *) + netstat -in && rc=0 || rc=3;; + esac;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/430.status-rwho 4.2-RELEASE/etc/periodic/daily/430.status-rwho --- 4.1-RELEASE/etc/periodic/daily/430.status-rwho Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/430.status-rwho Mon Nov 20 21:03:05 2000 @@ -1,15 +1,38 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/430.status-rwho,v 1.3 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/430.status-rwho,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -d /var/rwho -a -x /usr/bin/rwho -a $(ls -l /var/rwho | wc -l) -ne 0 ] +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] then - echo "" - echo "Local network system status:" - ruptime -else - echo "" - echo "Local system status:" - uptime + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_status_rwho_enable" in + [Yy][Ee][Ss]) + rwho=$(echo /var/rwho/*) + if [ -f "${rwho%% *}" ] + then + echo "" + echo "Local network system status:" + prog=ruptime + else + echo "" + echo "Local system status:" + prog=uptime + fi + rc=$($prog | tee /dev/stderr | wc -l) + if [ $? -eq 0 ] + then + [ $rc -gt 1 ] && rc=1 + else + rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/440.status-mailq 4.2-RELEASE/etc/periodic/daily/440.status-mailq --- 4.1-RELEASE/etc/periodic/daily/440.status-mailq Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/440.status-mailq Mon Nov 20 21:03:05 2000 @@ -1,16 +1,47 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/440.status-mailq,v 1.4 1999/08/27 23:24:04 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/440.status-mailq,v 1.4.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ] ; then - echo "" - echo "Mail in local queue:" - mailq - - # If you run a busy mail server or mail relay, you may prefer - # a shorter and better formatted message. - # - # mailq | perl -ne 'print if /^\s+\S+@/' | - # sort | uniq -c | sort -nr | awk '$1 > 1 {print $1, $2}' +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_status_mailq_enable" in + [Yy][Ee][Ss]) + if [ ! -x /usr/bin/mailq ] + then + echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \ + "isn't executable" + rc=2 + elif [ ! -d /var/spool/mqueue ] + then + echo '$daily_status_mailq_enable is set but /var/spool/mqueue' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Mail in local queue:" + + rc=$(case "$daily_status_mailq_shorten" in + [Yy][Ee][Ss]) + rc=$(mailq | + perl -ne 'print if /^\s+\S+@/' | + sort | + uniq -c | + sort -nr | + awk '$1 > 1 {print $1, $2}');; + *) + mailq;; + esac | tee /dev/stderr | fgrep -v 'mqueue is empty' | wc -l) + [ $rc -gt 1 ] && rc=1 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/450.status-security 4.2-RELEASE/etc/periodic/daily/450.status-security --- 4.1-RELEASE/etc/periodic/daily/450.status-security Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/450.status-security Mon Nov 20 21:03:05 2000 @@ -1,12 +1,45 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/450.status-security,v 1.3 1999/08/27 23:24:05 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/450.status-security,v 1.3.2.2 2000/09/20 02:46:15 jkh Exp $ # -if [ -f /etc/security -a -x /usr/sbin/sendmail ] ; then - echo "" - echo "Security check:" - echo " (output mailed separately)" - - sh /etc/security 2>&1 | sendmail root +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_status_security_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Security check:" + + case "$daily_status_security_noamd" in + [Yy][Ee][Ss]) + args=-a;; + *) + args=;; + esac + + case "$daily_status_security_nomfs" in + [Yy][Ee][Ss]) + args="$args -m";; + esac + + case "$daily_status_security_inline" in + [Yy][Ee][Ss]) + sh /etc/security -s $args + rc=$?;; + + *) + echo " (output mailed separately)" + sh /etc/security $args 2>&1 | + sendmail root && rc=0 || rc=3;; + esac;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/460.status-mail-rejects 4.2-RELEASE/etc/periodic/daily/460.status-mail-rejects --- 4.1-RELEASE/etc/periodic/daily/460.status-mail-rejects Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/460.status-mail-rejects Mon Nov 20 21:03:05 2000 @@ -1,15 +1,60 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/460.status-mail-rejects,v 1.8 1999/08/27 23:24:05 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/460.status-mail-rejects,v 1.8.2.4 2000/10/31 23:47:27 brian Exp $ # -if [ -d /etc/mail -a -f /var/log/maillog ]; then - echo - echo Checking for rejected mail hosts: - - start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` - zcat -fc /var/log/maillog.0* /var/log/maillog | grep reject= | - perl -ne "print \"\$2\n\" - if /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o;" | - sort | uniq -c | sort -nr +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$daily_status_mail_rejects_enable" in + [Yy][Ee][Ss]) + if [ ! -d /etc/mail ] + then + echo '$daily_status_mail_rejects_enable is set but /etc/mail' \ + "doesn't exist" + rc=2 + elif [ ! -f /var/log/maillog ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + "/var/log/maillog doesn't exist" + rc=2 + elif [ "$daily_status_mail_rejects_logs" -le 0 ] + then + echo '$daily_status_mail_rejects_enable is set but ' \ + '$daily_status_mail_rejects_logs is not greater than zero' + rc=2 + else + echo + echo Checking for rejected mail hosts: + + start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` + n=$(($daily_status_mail_rejects_logs - 2)) + rc=$({ + while [ $n -ge 0 ] + do + if [ -f /var/log/maillog.$n ] + then + cat /var/log/maillog.$n + elif [ -f /var/log/maillog.$n.gz ] + then + zcat -fc /var/log/maillog.$n.gz + fi + n=$(($n - 1)) + done + cat /var/log/maillog + } | + perl -ne "print \"\$2\n\" + if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | + sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/daily/999.local 4.2-RELEASE/etc/periodic/daily/999.local --- 4.1-RELEASE/etc/periodic/daily/999.local Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/daily/999.local Mon Nov 20 21:03:05 2000 @@ -1,13 +1,38 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/999.local,v 1.2 1999/08/27 23:24:05 peter Exp $ +# $FreeBSD: src/etc/periodic/daily/999.local,v 1.2.2.2 2000/09/20 02:46:15 jkh Exp $ # # Run the old /etc/daily.local script. This is really for backwards # compatibility more than anything else. # -if [ -f /etc/daily.local ]; then - echo "" - echo "Running daily.local:" - sh /etc/daily.local +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +rc=0 +for script in $daily_local +do + case "$script" in + /*) + if [ -f "$script" ] + then + echo "" + echo "Running $script:" + + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 + fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; + esac +done + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/monthly/200.accounting 4.2-RELEASE/etc/periodic/monthly/200.accounting --- 4.1-RELEASE/etc/periodic/monthly/200.accounting Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/monthly/200.accounting Mon Nov 20 21:03:05 2000 @@ -1,14 +1,33 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/monthly/200.accounting,v 1.4 1999/08/27 23:24:06 peter Exp $ +# $FreeBSD: src/etc/periodic/monthly/200.accounting,v 1.4.2.2 2000/09/20 02:46:16 jkh Exp $ # -W=/var/log/wtmp -if [ -f ${W}.0 ] ; then - if [ -x /usr/sbin/ac ] ; then - echo "" - echo "Doing login accounting:" - - ac -p -w ${W}.0 | sort -nr +1 - fi +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$monthly_accounting_enable" in + [Yy][Ee][Ss]) + W=/var/log/wtmp + if [ ! -f $W.0 ] + then + echo '$monthly_accounting_enable is set but' \ + "$W.0 doesn't exist" + rc=2 + else + echo "" + echo "Doing login accounting:" + + rc=$(ac -p -w $W.0 | sort -nr +1 | tee /dev/stderr | wc -l) + [ $rc -gt 0 ] && rc=1 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/monthly/999.local 4.2-RELEASE/etc/periodic/monthly/999.local --- 4.1-RELEASE/etc/periodic/monthly/999.local Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/monthly/999.local Mon Nov 20 21:03:05 2000 @@ -1,10 +1,35 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/monthly/999.local,v 1.2 1999/08/27 23:24:06 peter Exp $ +# $FreeBSD: src/etc/periodic/monthly/999.local,v 1.2.2.2 2000/09/20 02:46:16 jkh Exp $ # -if [ -f /etc/monthly.local ]; then - echo "" - echo "Running monthly.local:" - sh /etc/monthly.local +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +rc=0 +for script in $monthly_local +do + case "$script" in + /*) + if [ -f "$script" ] + then + echo "" + echo "Running $script:" + + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 + fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; + esac +done + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/120.clean-kvmdb 4.2-RELEASE/etc/periodic/weekly/120.clean-kvmdb --- 4.1-RELEASE/etc/periodic/weekly/120.clean-kvmdb Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/120.clean-kvmdb Mon Nov 20 21:03:05 2000 @@ -1,15 +1,49 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/120.clean-kvmdb,v 1.4 1999/08/27 23:24:07 peter Exp $ +# $FreeBSD: src/etc/periodic/weekly/120.clean-kvmdb,v 1.4.2.2 2000/09/20 02:46:17 jkh Exp $ # -if [ -d /var/db ] ; then - echo "" - echo "Cleaning up kernel database files:" +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ]; then + . /etc/defaults/periodic.conf + source_periodic_confs +fi - kernel=`sysctl -n kern.bootfile` - kernel=kvm_`basename ${kernel}`.db +case "$weekly_clean_kvmdb_enable" in + [Yy][Ee][Ss]) + if [ ! -d /var/db ] + then + echo '$weekly_clean_kvmdb_enable is set but /var/db' \ + "doesn't exist" + rc=2 + elif [ -z "$weekly_clean_kvmdb_days" ] + then + echo '$weekly_clean_kvmdb_enable is set but' \ + '$weekly_clean_kvmdb_days is not' + rc=2 + else + echo "" + echo "Cleaning up kernel database files:" - find /var/db -name "kvm_*.db" -a ! -name ${kernel} -a \ - -atime +7 -delete -fi + kernel=`sysctl -n kern.bootfile` + kernel=kvm_${kernel##*/}.db + + case "$weekly_clean_kvmdb_verbose" in + [Yy][Ee][Ss]) + print=-print;; + *) + print=;; + esac + + rc=$(find /var/db -name "kvm_*.db" ! -name $kernel \ + -atime +$weekly_clean_kvmdb_days -delete $print | + tee /dev/stderr | wc -l) + [ -z "$print" ] && rc=0 + [ $rc -gt 1 ] && rc=1 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/300.uucp 4.2-RELEASE/etc/periodic/weekly/300.uucp --- 4.1-RELEASE/etc/periodic/weekly/300.uucp Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/300.uucp Mon Nov 20 21:03:05 2000 @@ -1,13 +1,38 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/300.uucp,v 1.3 1999/08/27 23:24:07 peter Exp $ +# $FreeBSD: src/etc/periodic/weekly/300.uucp,v 1.3.2.2 2000/09/20 02:46:17 jkh Exp $ # # This is really here for backwards compatibility, clean.weekly is not # created by default anymore. -if [ -d /var/spool/uucp -a -f /usr/libexec/uucp/clean.weekly ]; then - echo "" - echo "Cleaning up UUCP:" - - echo /usr/libexec/uucp/clean.weekly | su daemon +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +case "$weekly_uucp_enable" in + [Yy][Ee][Ss]) + if [ ! -d /var/spool/uucp ] + then + echo '$weekly_uucp_enable is set but /var/spool/uucp' \ + "doesn't exist" + rc=2 + elif [ ! -x /usr/libexec/uucp/clean.weekly ] + then + echo '$weekly_uucp_enable is set but' \ + "/usr/libexec/uucp/clean.weekly isn't executable" + rc=2 + else + echo "" + echo "Cleaning up UUCP:" + + echo /usr/libexec/uucp/clean.weekly | su -m daemon && rc=0 || rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/310.locate 4.2-RELEASE/etc/periodic/weekly/310.locate --- 4.1-RELEASE/etc/periodic/weekly/310.locate Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/310.locate Mon Nov 20 21:03:05 2000 @@ -1,17 +1,32 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/310.locate,v 1.4 1999/08/27 23:24:07 peter Exp $ +# $FreeBSD: src/etc/periodic/weekly/310.locate,v 1.4.2.2 2000/09/20 02:46:17 jkh Exp $ # -locdb=/var/db/locate.database -if [ -x /usr/libexec/locate.updatedb -a -f $locdb ] ; then +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi - echo "" - echo "Rebuilding locate database:" +case "$weekly_locate_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Rebuilding locate database:" - touch ${locdb}; chown nobody ${locdb}; chmod 644 ${locdb} + locdb=/var/db/locate.database - cd / - echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody - chmod 444 ${locdb} -fi + touch $locdb && rc=0 || rc=3 + chown nobody $locdb || rc=3 + chmod 644 $locdb || rc=3 + + cd / + echo /usr/libexec/locate.updatedb | nice -5 su -fm nobody || rc=3 + chmod 444 $locdb || rc=3;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/320.whatis 4.2-RELEASE/etc/periodic/weekly/320.whatis --- 4.1-RELEASE/etc/periodic/weekly/320.whatis Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/320.whatis Mon Nov 20 21:03:05 2000 @@ -1,30 +1,51 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/320.whatis,v 1.5 1999/11/23 03:21:18 ache Exp $ +# $FreeBSD: src/etc/periodic/weekly/320.whatis,v 1.5.2.2 2000/09/20 02:46:17 jkh Exp $ # -if [ -x /usr/libexec/makewhatis.local -a -x /usr/bin/manpath ]; then +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi - echo "" - echo "Rebuilding whatis database:" +case "$weekly_whatis_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Rebuilding whatis database:" - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ]; then - if [ "x${MANPATH}" = "x" ]; then - echo "manpath failed to find any manpage directories" - else - man_locales=`/usr/bin/manpath -qL` + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] + then + echo "manpath failed to find any manpage directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 - # Build whatis(1) database(s) for original, non-localized manpages. - /usr/libexec/makewhatis.local "${MANPATH}" + # Build whatis(1) database(s) for original, non-localized + # manpages. + /usr/libexec/makewhatis.local "${MANPATH}" || rc=3 - # Build whatis(1) database(s) for localized manpages. - if [ X"${man_locales}" != X ]; then - for i in ${man_locales} - do - LC_CTYPE=$i /usr/libexec/makewhatis.local -a -L "${MANPATH}" - done + # Build whatis(1) database(s) for localized manpages. + if [ X"${man_locales}" != X ] + then + for i in ${man_locales} + do + LC_CTYPE=$i /usr/libexec/makewhatis.local -a \ + -L "${MANPATH}" || rc=3 + done + fi fi - fi - fi -fi + else + rc=3 + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/330.catman 4.2-RELEASE/etc/periodic/weekly/330.catman --- 4.1-RELEASE/etc/periodic/weekly/330.catman Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/330.catman Mon Nov 20 21:03:05 2000 @@ -1,34 +1,58 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/330.catman,v 1.5 1999/11/23 03:21:19 ache Exp $ +# $FreeBSD: src/etc/periodic/weekly/330.catman,v 1.5.2.2 2000/09/20 02:46:17 jkh Exp $ # -exit 0 # do not run by default +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_catman_enable" in + [Yy][Ee][Ss]) + if [ ! -d /usr/share/man/cat1 ] + then + echo '$weekly_catman_enable is set but /usr/share/man/cat1' \ + "doesn't exist" + rc=2 + else + echo "" + echo "Reformatting manual pages:" -if [ -x /usr/libexec/catman.local \ - -a -d /usr/share/man/cat1 \ - -a -x /usr/bin/manpath ]; then - echo "" - echo "Reformatting manual pages:" - - MANPATH=`/usr/bin/manpath -q` - if [ $? = 0 ]; then - if [ "x${MANPATH}" = "x" ]; then - echo "manpath failed to find any manpath directories" - else - man_locales=`/usr/bin/manpath -qL` + MANPATH=`/usr/bin/manpath -q` + if [ $? = 0 ] + then + if [ -z "${MANPATH}" ] + then + echo "manpath failed to find any manpath directories" + rc=3 + else + man_locales=`/usr/bin/manpath -qL` + rc=0 - # Preformat original, non-localized manpages - echo /usr/libexec/catman.local "${MANPATH}" | su -fm man + # Preformat original, non-localized manpages + echo /usr/libexec/catman.local "$MANPATH" | + su -fm man || rc=3 - # Preformat localized manpages. - if [ X"${man_locales}" != X ]; then - for i in ${man_locales} - do - LC_CTYPE=$i echo /usr/libexec/catman.local -L "${MANPATH}" | \ - su -fm man - done - fi - fi - fi -fi + # Preformat localized manpages. + if [ -n "$man_locales" ] + then + for i in $man_locales + do + LC_CTYPE=$i echo /usr/libexec/catman.local -L \ + "$MANPATH" | su -fm man || rc=3 + done + fi + fi + else + rc=3 + fi + fi;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/340.noid 4.2-RELEASE/etc/periodic/weekly/340.noid --- 4.1-RELEASE/etc/periodic/weekly/340.noid Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/340.noid Mon Nov 20 21:03:05 2000 @@ -1,14 +1,27 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/340.noid,v 1.2 1999/08/27 23:24:07 peter Exp $ +# $FreeBSD: src/etc/periodic/weekly/340.noid,v 1.2.2.2 2000/09/20 02:46:17 jkh Exp $ +# -exit 0 # do not run by default +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi -echo "" -echo "Check for files belongs to an unknown user or unknown group:" +case "$weekly_noid_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Check for files with an unknown user or group:" -# directories to be verified -: ${NOIDSEARCHPATHS="/"} + rc=$(find -H ${weekly_noid_dirs:-/} -fstype local \ + \( -nogroup -o -nouser \) -print | sed 's/^/ /' | + tee /dev/stderr | wc -l) + [ $rc -gt 1 ] && rc=1;; -find -H $NOIDSEARCHPATHS -fstype local \( -nogroup -or -nouser \) -print + *) rc=0;; +esac +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/400.status-pkg 4.2-RELEASE/etc/periodic/weekly/400.status-pkg --- 4.1-RELEASE/etc/periodic/weekly/400.status-pkg Thu Jan 1 09:00:00 1970 +++ 4.2-RELEASE/etc/periodic/weekly/400.status-pkg Mon Nov 20 21:03:05 2000 @@ -0,0 +1,28 @@ +#!/bin/sh - +# +# $FreeBSD: src/etc/periodic/weekly/400.status-pkg,v 1.1.2.2 2000/09/20 02:46:17 jkh Exp $ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_status_pkg_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Check for out of date packages:" + + rc=$(pkg_version -v | + sed -n 's/^\([^ ]*\) *< */ \1 /p' | + tee /dev/stderr | + wc -l) + [ $rc -gt 1 ] && rc=1;; + + *) rc=0;; +esac + +exit $rc diff -urN 4.1-RELEASE/etc/periodic/weekly/999.local 4.2-RELEASE/etc/periodic/weekly/999.local --- 4.1-RELEASE/etc/periodic/weekly/999.local Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/periodic/weekly/999.local Mon Nov 20 21:03:05 2000 @@ -1,11 +1,35 @@ #!/bin/sh - # -# $FreeBSD: src/etc/periodic/weekly/999.local,v 1.3 1999/08/27 23:24:07 peter Exp $ +# $FreeBSD: src/etc/periodic/weekly/999.local,v 1.3.2.2 2000/09/20 02:46:17 jkh Exp $ # -if [ -f /etc/weekly.local ]; then - echo "" - echo "Running weekly.local:" - - sh /etc/weekly.local +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs fi + +rc=0 +for script in $weekly_local +do + case "$script" in + /*) + if [ -f "$script" ] + then + echo "" + echo "Running $script:" + + sh $script || rc=3 + else + echo "$script: No such file" + [ $rc -lt 2 ] && rc=2 + fi;; + *) + echo "$script: Not an absolute path" + [ $rc -lt 2 ] && rc=2;; + esac +done + +exit $rc diff -urN 4.1-RELEASE/etc/ppp/ppp.conf 4.2-RELEASE/etc/ppp/ppp.conf --- 4.1-RELEASE/etc/ppp/ppp.conf Thu Jul 27 12:14:58 2000 +++ 4.2-RELEASE/etc/ppp/ppp.conf Mon Nov 20 21:03:12 2000 @@ -3,26 +3,27 @@ # Originally written by Toshiharu OHNO # Simplified 5/14/1999 by wself@cdrom.com # -# $FreeBSD: src/etc/ppp/ppp.conf,v 1.2 1999/08/27 23:24:08 peter Exp $ +# See /usr/share/examples/ppp/ for some examples +# +# $FreeBSD: src/etc/ppp/ppp.conf,v 1.2.2.1 2000/08/18 08:33:02 jhb Exp $ ################################################################# default: + ident user-ppp VERSION (built COMPILATIONDATE) - # - # Make sure that "device" references the correct serial port + # Ensure that "device" references the correct serial port # for your modem. (cuaa0 = COM1, cuaa1 = COM2) # - set device /dev/cuaa1 set log Phase Chat LCP IPCP CCP tun command set speed 115200 - set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" - - set timeout 120 + set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ + \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT" set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 - add default HISADDR - enable dns + set timeout 120 # 3 mintue idle timer (the default) + add default HISADDR # Add a (sticky) default route + enable dns # request DNS info (for resolv.conf) papchap: diff -urN 4.1-RELEASE/etc/ppp/ppp.shells.sample 4.2-RELEASE/etc/ppp/ppp.shells.sample --- 4.1-RELEASE/etc/ppp/ppp.shells.sample Thu Jul 27 12:14:58 2000 +++ 4.2-RELEASE/etc/ppp/ppp.shells.sample Mon Nov 20 21:03:12 2000 @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/ppp/ppp.shells.sample,v 1.3 1999/08/27 23:24:08 peter Exp $ +# $FreeBSD: src/etc/ppp/ppp.shells.sample,v 1.3.2.1 2000/08/17 06:11:46 jhb Exp $ # # List of acceptable shells for pppd(8). # Pppd will not accept a system password login @@ -6,6 +6,7 @@ /bin/sh /bin/csh +/bin/tcsh /usr/local/bin/ksh /usr/local/bin/zsh /usr/local/bin/bash diff -urN 4.1-RELEASE/etc/profile 4.2-RELEASE/etc/profile --- 4.1-RELEASE/etc/profile Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/profile Mon Nov 20 21:03:04 2000 @@ -1,20 +1,17 @@ -# $FreeBSD: src/etc/profile,v 1.12 1999/08/27 23:23:43 peter Exp $ +# $FreeBSD: src/etc/profile,v 1.12.2.1 2000/07/31 20:13:26 rwatson Exp $ # # System-wide .profile file for sh(1). +# # Uncomment this to give you the default 4.2 behavior, where disk # information is shown in K-Blocks # BLOCKSIZE=K; export BLOCKSIZE -# Uncomment next three lines to activate Russian locale -# LANG=ru_RU.KOI8-R; export LANG -# MM_CHARSET=KOI8-R; export MM_CHARSET -# LC_ALL=ru_RU.KOI8-R; export LC_ALL -# Uncomment next three lines to activate Italian locale -# LANG=it_IT.ISO_8859-1; export LANG -# MM_CHARSET=ISO-8859-1; export MM_CHARSET -# LC_ALL=it_IT.ISO_8859-1; export LC_ALL +# +# For the setting of languages and character sets please see +# login.conf(5) and in particular the charset and lang options. # For full locales list check /usr/share/locale/* # You should also read the setlocale(3) man page for information # on how to achieve more precise control of locale settings. +# # Read system messages # msgs -f # Allow terminal messages diff -urN 4.1-RELEASE/etc/protocols 4.2-RELEASE/etc/protocols --- 4.1-RELEASE/etc/protocols Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/protocols Mon Nov 20 21:03:04 2000 @@ -1,7 +1,7 @@ # # Internet protocols # -# $FreeBSD: src/etc/protocols,v 1.13 1999/08/27 23:23:43 peter Exp $ +# $FreeBSD: src/etc/protocols,v 1.13.2.1 2000/09/24 11:26:39 asmodai Exp $ # from: @(#)protocols 5.1 (Berkeley) 4/17/89 # # See also http://www.isi.edu/in-notes/iana/assignments/protocol-numbers @@ -129,6 +129,18 @@ srp 119 SRP # SpectraLink Radio Protocol uti 120 UTI # UTI smp 121 SMP # Simple Message Protocol -# 122-254 # Unassigned -divert 254 DIVERT # Divert pseudo-protocol +sm 122 SM # SM +ptp 123 PTP # Performance Transparency Protocol +isis 124 ISIS # ISIS over IPv4 +fire 125 FIRE +crtp 126 CRTP # Combat Radio Transport Protocol +crdup 127 CRUDP # Combat Radio User Datagram +sscopmce 128 SSCOPMCE +iplt 129 IPLT +sps 130 SPS # Secure Packet Shield +pipe 131 PIPE # Private IP Encapsulation within IP +sctp 132 SCTP # Stream Control Transmission Protocol +fc 133 FC # Fibre Channel +# 134-254 # Unassigned +divert 254 DIVERT # Divert pseudo-protocol [non IANA] # 255 # Reserved diff -urN 4.1-RELEASE/etc/rc 4.2-RELEASE/etc/rc --- 4.1-RELEASE/etc/rc Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc Mon Nov 20 21:03:04 2000 @@ -1,6 +1,32 @@ #!/bin/sh -# $FreeBSD: src/etc/rc,v 1.212.2.4 2000/06/27 09:43:30 asmodai Exp $ +# +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc,v 1.212.2.8 2000/10/30 10:40:10 obrien Exp $ # From: @(#)rc 5.27 (Berkeley) 6/5/91 +# # System startup script run by init on autoboot # or after single-user. @@ -133,11 +159,32 @@ fi adjkerntz -i + +purgedir() { + local dir file + + if [ $# -eq 0 ]; then + purgedir . + else + for dir + do + ( + cd "$dir" && for file in .* * + do + [ ."$file" = .. -o ."$file" = ... ] && continue + [ -d "$file" -a ! -L "$file" ] && + purgedir "$file" + [ -f "$file" ] && rm -f -- "$file" + done + ) + done + fi +} clean_var() { if [ ! -f /var/run/clean_var ]; then rm -rf /var/run/* - find /var/spool/lock ! -type d -delete + purgedir /var/spool/lock rm -rf /var/spool/uucp/.Temp/* # Keep a copy of the boot messages around dmesg >/var/run/dmesg.boot @@ -493,6 +540,32 @@ if [ -r /etc/rc.devfs ]; then sh /etc/rc.devfs fi + +echo -n additional ABI support: + +# Start the Linux binary compatibility if requested. +# +case ${linux_enable} in +[Yy][Ee][Ss]) + echo -n ' linux' + if ! kldstat -v | grep -E 'linux(aout|elf)' > /dev/null; then + kldload linux > /dev/null 2>&1 + fi + if [ -x /compat/linux/sbin/ldconfig ]; then + /compat/linux/sbin/ldconfig + fi + ;; +esac + +# Start the SysVR4 binary emulation if requested. +# +case ${svr4_enable} in +[Yy][Ee][Ss]) + echo -n ' svr4'; kldload svr4 > /dev/null 2>&1 + ;; +esac + +echo . # Do traditional (but rather obsolete) rc.local file if it exists. If you # use this file and want to make it programmatic, source /etc/defaults/rc.conf diff -urN 4.1-RELEASE/etc/rc.atm 4.2-RELEASE/etc/rc.atm --- 4.1-RELEASE/etc/rc.atm Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.atm Mon Nov 20 21:03:04 2000 @@ -1,10 +1,34 @@ #!/bin/sh # - -# ATM networking startup script +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.atm,v 1.6.2.1 2000/10/30 10:40:11 obrien Exp $ # -# $FreeBSD: src/etc/rc.atm,v 1.6 2000/02/15 13:21:43 phk Exp $ +# +# ATM networking startup script # # Initial interface configuration. # N.B. /usr is not mounted. diff -urN 4.1-RELEASE/etc/rc.devfs 4.2-RELEASE/etc/rc.devfs --- 4.1-RELEASE/etc/rc.devfs Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.devfs Mon Nov 20 21:03:04 2000 @@ -1,8 +1,32 @@ +# Copyright (c) 1998 Søren Schmidt +# All rights reserved. # -# $FreeBSD: src/etc/rc.devfs,v 1.7.2.1 2000/05/28 19:17:15 asmodai Exp $ +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. # -# If there is a global system configuration file, suck it in. +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.devfs,v 1.7.2.2 2000/10/30 10:40:11 obrien Exp $ # + +# If there is a global system configuration file, suck it in. + if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs diff -urN 4.1-RELEASE/etc/rc.diskless1 4.2-RELEASE/etc/rc.diskless1 --- 4.1-RELEASE/etc/rc.diskless1 Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.diskless1 Mon Nov 20 21:03:04 2000 @@ -1,4 +1,30 @@ -# $FreeBSD: src/etc/rc.diskless1,v 1.5 2000/01/06 18:17:38 luigi Exp $ +# Copyright (c) 1999 Matt Dillion +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.diskless1,v 1.5.2.1 2000/10/30 10:40:11 obrien Exp $ +# + # # /etc/rc.diskless1 - general BOOTP startup # diff -urN 4.1-RELEASE/etc/rc.diskless2 4.2-RELEASE/etc/rc.diskless2 --- 4.1-RELEASE/etc/rc.diskless2 Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.diskless2 Mon Nov 20 21:03:04 2000 @@ -1,4 +1,30 @@ -# $FreeBSD: src/etc/rc.diskless2,v 1.5.2.1 2000/05/28 19:17:15 asmodai Exp $ +# Copyright (c) 1999 Matt Dillon +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.diskless2,v 1.5.2.2 2000/10/30 10:40:11 obrien Exp $ +# + # # rc.diskless2 # diff -urN 4.1-RELEASE/etc/rc.firewall 4.2-RELEASE/etc/rc.firewall --- 4.1-RELEASE/etc/rc.firewall Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.firewall Mon Nov 20 21:03:04 2000 @@ -1,6 +1,33 @@ -############ +# Copyright (c) 1996 Poul-Henning Kamp +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.firewall,v 1.30.2.7 2000/10/30 10:40:11 obrien Exp $ +# + +# # Setup system for firewall service. -# $FreeBSD: src/etc/rc.firewall,v 1.30.2.4 2000/05/28 19:17:15 asmodai Exp $ +# # Suck in the configuration variables. if [ -r /etc/defaults/rc.conf ]; then @@ -67,17 +94,23 @@ ${fwcmd} -f flush ############ -# These rules are required for using natd. All packets are passed to -# natd before they encounter your remaining rules. The firewall rules -# will then be run again on each packet after translation by natd, -# minus any divert rules (see natd(8)). -# -case ${natd_enable} in -[Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} - fi - ;; +# Network Address Translation. All packets are passed to natd(8) +# before they encounter your remaining rules. The firewall rules +# will then be run again on each packet after translation by natd +# starting at the rule number following the divert rule. +# +# For ``simple'' firewall type the divert rule should be put to a +# different place to not interfere with address-checking rules. +# +case ${firewall_type} in +[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add 50 divert natd all from any to any via ${natd_interface} + fi + ;; + esac esac ############ @@ -171,24 +204,47 @@ ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif} # Stop RFC1918 nets on the outside interface - ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} - ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} - ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} - # Stop draft-manning-dsua-01.txt nets on the outside interface - ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} - ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} - ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} - ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} - ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} + + # Network Address Translation. This rule is placed here deliberately + # so that it does not interfere with the surrounding address-checking + # rules. If for example one of your internal LAN machines had its IP + # address set to 192.0.2.1 then an incoming packet for it after being + # translated by natd(8) would match the `deny' rule above. Similarly + # an outgoing packet originated from it before being translated would + # match the `deny' rule below. + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + ${fwcmd} add divert natd all from any to any via ${natd_interface} + fi + ;; + esac + + # Stop RFC1918 nets on the outside interface + ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} + ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} + + # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, + # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) + # on the outside interface + ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} + ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} + ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} + ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} + ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established diff -urN 4.1-RELEASE/etc/rc.firewall6 4.2-RELEASE/etc/rc.firewall6 --- 4.1-RELEASE/etc/rc.firewall6 Thu Jan 1 09:00:00 1970 +++ 4.2-RELEASE/etc/rc.firewall6 Mon Nov 20 21:03:04 2000 @@ -0,0 +1,257 @@ +############ +# Setup system for IPv6 firewall service. +# $FreeBSD: src/etc/rc.firewall6,v 1.1.2.1 2000/11/01 07:21:45 ume Exp $ + +# Suck in the configuration variables. +if [ -z "${source_rc_confs_defined}" ]; then + if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs + elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf + fi +fi + +############ +# Define the firewall type in /etc/rc.conf. Valid values are: +# open - will allow anyone in +# client - will try to protect just this machine +# simple - will try to protect a whole network +# closed - totally disables IP services except via lo0 interface +# UNKNOWN - disables the loading of firewall rules. +# filename - will load the rules in the given filename (full path required) +# +# For ``client'' and ``simple'' the entries below should be customized +# appropriately. + +############ +# +# If you don't know enough about packet filtering, we suggest that you +# take time to read this book: +# +# Building Internet Firewalls +# Brent Chapman and Elizabeth Zwicky +# +# O'Reilly & Associates, Inc +# ISBN 1-56592-124-0 +# http://www.ora.com/ +# +# For a more advanced treatment of Internet Security read: +# +# Firewalls & Internet Security +# Repelling the wily hacker +# William R. Cheswick, Steven M. Bellowin +# +# Addison-Wesley +# ISBN 0-201-6337-4 +# http://www.awl.com/ +# + +if [ -n "${1}" ]; then + ipv6_firewall_type="${1}" +fi + +############ +# Set quiet mode if requested +# +case ${ipv6_firewall_quiet} in +[Yy][Ee][Ss]) + fw6cmd="/sbin/ip6fw -q" + ;; +*) + fw6cmd="/sbin/ip6fw" + ;; +esac + +############ +# Flush out the list before we begin. +# +${fw6cmd} -f flush + +############ +# If you just configured ipfw in the kernel as a tool to solve network +# problems or you just want to disallow some particular kinds of traffic +# then you will want to change the default policy to open. You can also +# do this as your only action by setting the ipv6_firewall_type to ``open''. +# +# ${fw6cmd} add 65000 pass all from any to any + +############ +# Only in rare cases do you want to change these rules +# +${fw6cmd} add 100 pass all from any to any via lo0 +# +# ND +# +# DAD +${fw6cmd} add pass ipv6-icmp from ff02::/16 to :: +${fw6cmd} add pass ipv6-icmp from :: to ff02::/16 +# RS, RA, NS, NA, redirect... +${fw6cmd} add pass ipv6-icmp from fe80::/10 to fe80::/10 +${fw6cmd} add pass ipv6-icmp from fe80::/10 to ff02::/16 + + +# Prototype setups. +# +case ${ipv6_firewall_type} in +[Oo][Pp][Ee][Nn]) + ${fw6cmd} add 65000 pass all from any to any + ;; + +[Cc][Ll][Ii][Ee][Nn][Tt]) + ############ + # This is a prototype setup that will protect your system somewhat + # against people from outside your own network. + ############ + + # set these to your network and prefixlen and ip + # + # This needs more work + # + net="3ffe:505:2:1::" + prefixlen="64" + ip="3ffe:505:2:1::1" + + # Allow any traffic to or from my own net. + ${fw6cmd} add pass all from ${ip} to ${net}/${prefixlen} + ${fw6cmd} add pass all from ${net}/${prefixlen} to ${ip} + + # Allow TCP through if setup succeeded + ${fw6cmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fw6cmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fw6cmd} add pass tcp from any to ${ip} 25 setup + + # Allow setup of outgoing TCP connections only + ${fw6cmd} add pass tcp from ${ip} to any setup + + # Disallow setup of all other TCP connections + ${fw6cmd} add deny tcp from any to any setup + + # Allow DNS queries out in the world + ${fw6cmd} add pass udp from any 53 to ${ip} + ${fw6cmd} add pass udp from ${ip} to any 53 + + # Allow NTP queries out in the world + ${fw6cmd} add pass udp from any 123 to ${ip} + ${fw6cmd} add pass udp from ${ip} to any 123 + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Ss][Ii][Mm][Pp][Ll][Ee]) + ############ + # This is a prototype setup for a simple firewall. Configure this + # machine as a named server and ntp server, and point all the machines + # on the inside at this machine for those services. + ############ + + # set these to your outside interface network and prefixlen and ip + oif="ed0" + onet="3ffe:505:2:1::" + oprefixlen="64" + oip="3ffe:505:2:1::1" + + # set these to your inside interface network and prefixlen and ip + iif="ed1" + inet="3ffe:505:2:2::" + iprefixlen="64" + iip="3ffe:505:2:2::1" + + # Stop spoofing + ${fw6cmd} add deny all from ${inet}/${iprefixlen} to any in via ${oif} + ${fw6cmd} add deny all from ${onet}/${oprefixlen} to any in via ${iif} + + # Stop site-local on the outside interface + ${fw6cmd} add deny all from ff02::/16 to any via ${oif} + ${fw6cmd} add deny all from any to ff02::/16 via ${oif} + + # Disallow "internal" addresses to appear on the wire. + ${fw6cmd} add deny all from ::ffff:0.0.0.0/96 to any via ${oif} + ${fw6cmd} add deny all from any to ::ffff:0.0.0.0/96 via ${oif} + + # Disallow packets to malicious IPv4 compatible prefix. + ${fw6cmd} add deny all from ::224.0.0.0/100 to any via ${oif} + ${fw6cmd} add deny all from any to ::224.0.0.0/100 via ${oif} + ${fw6cmd} add deny all from ::127.0.0.0/104 to any via ${oif} + ${fw6cmd} add deny all from any to ::127.0.0.0/104 via ${oif} + ${fw6cmd} add deny all from ::0.0.0.0/104 to any via ${oif} + ${fw6cmd} add deny all from any to ::0.0.0.0/104 via ${oif} + ${fw6cmd} add deny all from ::255.0.0.0/104 to any via ${oif} + ${fw6cmd} add deny all from any to ::255.0.0.0/104 via ${oif} + + ${fw6cmd} add deny all from ::0.0.0.0/96 to any via ${oif} + ${fw6cmd} add deny all from any to ::0.0.0.0/96 via ${oif} + + # Disallow packets to malicious 6to4 prefix. + ${fw6cmd} add deny all from 2002:e000::/20 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:e000::/20 via ${oif} + ${fw6cmd} add deny all from 2002:7f00::/24 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:7f00::/24 via ${oif} + ${fw6cmd} add deny all from 2002:0000::/24 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:0000::/24 via ${oif} + ${fw6cmd} add deny all from 2002:ff00::/24 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:ff00::/24 via ${oif} + + ${fw6cmd} add deny all from 2002:0a00::/24 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:0a00::/24 via ${oif} + ${fw6cmd} add deny all from 2002:ac10::/28 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:ac10::/28 via ${oif} + ${fw6cmd} add deny all from 2002:c0a8::/32 to any via ${oif} + ${fw6cmd} add deny all from any to 2002:c0a8::/32 via ${oif} + + ${fw6cmd} add deny all from ff05::/32 to any via ${oif} + ${fw6cmd} add deny all from any to ff05::/32 via ${oif} + + # Allow TCP through if setup succeeded + ${fw6cmd} add pass tcp from any to any established + + # Allow IP fragments to pass through + ${fw6cmd} add pass all from any to any frag + + # Allow setup of incoming email + ${fw6cmd} add pass tcp from any to ${oip} 25 setup + + # Allow access to our DNS + ${fw6cmd} add pass tcp from any to ${oip} 53 setup + ${fw6cmd} add pass udp from any to ${oip} 53 + ${fw6cmd} add pass udp from ${oip} 53 to any + + # Allow access to our WWW + ${fw6cmd} add pass tcp from any to ${oip} 80 setup + + # Reject&Log all setup of incoming connections from the outside + ${fw6cmd} add deny log tcp from any to any in via ${oif} setup + + # Allow setup of any other TCP connection + ${fw6cmd} add pass tcp from any to any setup + + # Allow DNS queries out in the world + ${fw6cmd} add pass udp from any 53 to ${oip} + ${fw6cmd} add pass udp from ${oip} to any 53 + + # Allow NTP queries out in the world + ${fw6cmd} add pass udp from any 123 to ${oip} + ${fw6cmd} add pass udp from ${oip} to any 123 + + # RIPng + #${fw6cmd} add pass udp from fe80::/10 521 to ff02::9 521 + + # Everything else is denied by default, unless the + # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel + # config file. + ;; + +[Uu][Nn][Kk][Nn][Oo][Ww][Nn]) + ;; +*) + if [ -r "${ipv6_firewall_type}" ]; then + ${fw6cmd} ${ipv6_firewall_flags} ${ipv6_firewall_type} + fi + ;; +esac diff -urN 4.1-RELEASE/etc/rc.i386 4.2-RELEASE/etc/rc.i386 --- 4.1-RELEASE/etc/rc.i386 Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.i386 Mon Nov 20 21:03:04 2000 @@ -1,6 +1,6 @@ #!/bin/sh - # -# $FreeBSD: src/etc/etc.i386/rc.i386,v 1.51 2000/01/24 15:21:43 asmodai Exp $ +# $FreeBSD: src/etc/etc.i386/rc.i386,v 1.51.2.3 2000/08/18 09:47:22 sheldonh Exp $ # Do i386 specific processing # @@ -31,23 +31,17 @@ # case ${ibcs2_enable} in [Yy][Ee][Ss]) - echo -n ' ibcs2'; ibcs2 > /dev/null 2>&1 - ;; -esac - -# Start the Linux binary compatibility if requested. -# -case ${linux_enable} in -[Yy][Ee][Ss]) - echo -n ' linux'; linux > /dev/null 2>&1 - ;; -esac - -# Start the SysVR4 binary emulation if requested. -# -case ${svr4_enable} in -[Yy][Ee][Ss]) - echo -n ' svr4'; svr4 > /dev/null 2>&1 + echo -n ' ibcs2' + kldload ibcs2 > /dev/null 2>&1 + case ${ibcs2_loaders} in + [Nn][Oo]) + ;; + *) + for i in ${ibcs2_loaders}; do + kldload ibcs2_$i > /dev/null 2>&1 + done + ;; + esac ;; esac diff -urN 4.1-RELEASE/etc/rc.isdn 4.2-RELEASE/etc/rc.isdn --- 4.1-RELEASE/etc/rc.isdn Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.isdn Mon Nov 20 21:03:04 2000 @@ -1,12 +1,38 @@ #!/bin/sh +# +# Copyright (c) 1999 Hellmuth Michaelis +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.isdn,v 1.5.2.1 2000/10/30 10:40:11 obrien Exp $ +# + #--------------------------------------------------------------------------- # # /etc/rc.isdn - isdn4bsd startup script # -------------------------------------- # # last edit-date: [Mon Mar 8 12:15:56 1999] -# -# $FreeBSD: src/etc/rc.isdn,v 1.5 1999/09/13 15:44:18 sheldonh Exp $ # #--------------------------------------------------------------------------- diff -urN 4.1-RELEASE/etc/rc.network 4.2-RELEASE/etc/rc.network --- 4.1-RELEASE/etc/rc.network Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.network Mon Nov 20 21:03:04 2000 @@ -1,7 +1,32 @@ #!/bin/sh - # -# $FreeBSD: src/etc/rc.network,v 1.74.2.3 2000/06/24 20:51:27 dillon Exp $ +# Copyright (c) 1993 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.network,v 1.74.2.10 2000/11/11 20:33:39 jkh Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 +# # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file @@ -20,6 +45,37 @@ echo -n ' hostname' fi + # Establish ipfilter ruleset as early as possible (best in + # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) + # + case "${ipfilter_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipfilter_rules}" ]; then + echo -n ' ipfilter'; + ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} + case "${ipmon_enable}" in + [Yy][Ee][Ss]) + echo -n ' ipmon' + ${ipmon_program:-ipmon} ${ipmon_flags} + ;; + esac + case "${ipnat_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipnat_rules}" ]; then + echo -n ' ipnat'; + ${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags} + else + echo -n ' NO IPNAT RULES' + fi + ;; + esac + else + ipfilter_enable="NO" + echo -n ' NO IPF RULES' + fi + ;; + esac + # Set the domainname if we're using NIS # case ${nisdomainname} in @@ -138,7 +194,7 @@ ;; esac - # Warm up user ppp if required, must happen before natd. + # Start user ppp if required. This must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) @@ -147,27 +203,28 @@ if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto"; + ppp_mode="auto" fi - ppp_command="-${ppp_mode} "; + ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - # Switch on alias mode? + # Switch on NAT mode? # case ${ppp_nat} in [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat"; + ppp_command="${ppp_command} -nat" ;; esac - echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} + ppp_command="${ppp_command} ${ppp_profile}" + + echo -n "Starting ppp as \"${ppp_user}\"" + su -m ${ppp_user} -c "exec ${ppp_command}" ;; esac # Initialize IP filtering using ipfw # - echo '' - if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else @@ -223,6 +280,16 @@ echo "but firewall rules are not enabled." echo " All ip services are disabled." fi + + case ${firewall_logging} in + [Yy][Ee][Ss] | '') + echo 'Firewall logging=YES' + sysctl -w net.inet.ip.fw.verbose=1 >/dev/null + ;; + *) + ;; + esac + ;; esac ;; @@ -345,18 +412,18 @@ [Nn][Oo] | '') ;; *) - echo -n ' ip_portrange_first=$ip_portrange_first' + echo -n " ip_portrange_first=$ip_portrange_first" sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null ;; esac case ${ip_portrange_last} in [Nn][Oo] | '') - ;; + ;; *) - echo -n ' ip_portrange_last=$ip_portrange_last' - sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; + echo -n " ip_portrange_last=$ip_portrange_last" + sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; esac echo '.' @@ -508,7 +575,7 @@ case ${weak_mountd_authentication} in [Yy][Ee][Ss]) - mountd_flags="-n" + mountd_flags="${mountd_flags} -n" ;; esac diff -urN 4.1-RELEASE/etc/rc.network6 4.2-RELEASE/etc/rc.network6 --- 4.1-RELEASE/etc/rc.network6 Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.network6 Mon Nov 20 21:03:04 2000 @@ -1,5 +1,31 @@ #! /bin/sh -# $FreeBSD: src/etc/rc.network6,v 1.5.2.4 2000/07/18 08:47:37 ume Exp $ +# +# Copyright (c) 2000 The KAME Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.network6,v 1.5.2.9 2000/11/15 07:47:51 ume Exp $ +# # Note that almost all of the user-configurable behavior is not in this # file, but rather in /etc/defaults/rc.conf. Please check that file @@ -11,26 +37,74 @@ network6_pass1() { echo -n 'Doing IPv6 network setup:' - case ${ipv6_gateway_enable} in + # Initialize IP filtering using ip6fw + # + if /sbin/ip6fw -q flush > /dev/null 2>&1; then + ipv6_firewall_in_kernel=1 + else + ipv6_firewall_in_kernel=0 + fi + + case ${ipv6_firewall_enable} in [Yy][Ee][Ss]) - # - # list of interfaces, and prefix for interfaces - # - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - ipv6_network_interfaces="`ifconfig -l`" + if [ "${ipv6_firewall_in_kernel}" -eq 0 ] && kldload ip6fw; then + ipv6_firewall_in_kernel=1 + echo "Kernel IPv6 firewall module loaded." + elif [ "${ipv6_firewall_in_kernel}" -eq 0 ]; then + echo "Warning: IPv6 firewall kernel module failed to load." + fi + ;; + esac + + # Load the filters if required + # + case ${ipv6_firewall_in_kernel} in + 1) + if [ -z "${ipv6_firewall_script}" ]; then + ipv6_firewall_script=/etc/rc.firewall6 + fi + + case ${ipv6_firewall_enable} in + [Yy][Ee][Ss]) + if [ -r "${ipv6_firewall_script}" ]; then + . "${ipv6_firewall_script}" + echo -n 'IPv6 Firewall rules loaded.' + elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then + echo -n "Warning: kernel has IPv6 firewall functionality, " + echo "but IPv6 firewall rules are not enabled." + echo " All ipv6 services are disabled." + fi + + case ${ipv6_firewall_logging} in + [Yy][Ee][Ss] | '') + echo 'IPv6 Firewall logging=YES' + sysctl -w net.inet6.ip6.fw.verbose=1 >/dev/null + ;; + *) + ;; + esac + ;; esac ;; - *) - # - # manual configurations - in case ip6_gateway_enable=NO - # you can configure only single interface, - # as specification assumes that - # autoconfigured host has single interface only. - # - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) + esac + + case ${ipv6_network_interfaces} in + [Aa][Uu][Tt][Oo]) + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) + # + # list of interfaces, and prefix for interfaces + # + ipv6_network_interfaces="`ifconfig -l`" + ;; + *) + # + # manual configurations - in case ip6_gateway_enable=NO + # you can configure only single interface, + # as specification assumes that + # autoconfigured host has single interface only. + # set `ifconfig -l` ipv6_network_interfaces="$1" ;; @@ -57,46 +131,26 @@ done sleep `sysctl -n net.inet6.ip6.dad_count` sleep 1 + ;; + *) + # act as endhost - start with manual configuration + sysctl -w net.inet6.ip6.forwarding=0 + sysctl -w net.inet6.ip6.accept_rtadv=0 + ;; + esac - # setting up interfaces - for i in $ipv6_network_interfaces; do - eval prefix=\$ipv6_prefix_$i - case ${prefix} in - '') - continue; - ;; - esac - for j in ${prefix}; do - case ${prefixcmd_enable} in - [Yy][Ee][Ss]) - prefix $i $j:: - ;; - *) - laddr=`network6_getladdr $i` - hostid=`expr "${laddr}" : \ - 'fe80::\(.*\)%\(.*\)'` - address=$j\:${hostid} - - eval hostid_$i=${hostid} - eval address_$i=${address} - - ifconfig $i inet6 ${address} \ - prefixlen 64 alias - ;; - esac - - # subnet-router anycast address (rfc2373) - ifconfig $i inet6 $j:: prefixlen 64 \ - alias anycast - done + # gifconfig + network6_gif_setup - ifconfig $i inet6 - done + # setting up interfaces + network6_interface_setup - # again, wait for DAD's completion (for global addrs) - sleep `sysctl -n net.inet6.ip6.dad_count` - sleep 1 + # wait for DAD's completion (for global addrs) + sleep `sysctl -n net.inet6.ip6.dad_count` + sleep 1 + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) # Filter out interfaces on which IPv6 addr init failed. ipv6_working_interfaces="" for i in ${ipv6_network_interfaces}; do @@ -111,20 +165,21 @@ esac done ipv6_network_interfaces=${ipv6_working_interfaces} + ;; + esac - # gifconfig - network6_gif_setup - - # 6to4 setup - network6_stf_setup + # 6to4 setup + network6_stf_setup - # install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup + # install the "default interface" to kernel, which will be used + # as the default route when there's no router. + network6_default_interface_setup - # setup static routes - network6_static_routes_setup + # setup static routes + network6_static_routes_setup + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) # ipv6_router case ${ipv6_router_enable} in [Yy][Ee][Ss]) @@ -141,7 +196,7 @@ # # And if you wish your rtadvd to receive and process # router renumbering messages, specify your Router Renumbering - # security policy by -P option. + # security policy by -R option. # # See `man 3 ipsec_set_policy` for IPsec policy specification # details. @@ -152,25 +207,29 @@ case ${rtadvd_enable} in [Yy][Ee][Ss]) # default - for i in ${ipv6_network_interfaces}; do - case $i in - stf*) - continue - ;; - *) - rtadvd_interfaces="${rtadvd_interfaces} ${i}" - ;; - esac - done + case ${rtadvd_interfaces} in + '') + for i in ${ipv6_network_interfaces}; do + case $i in + stf*) + continue + ;; + *) + rtadvd_interfaces="${rtadvd_interfaces} ${i}" + ;; + esac + done + ;; + esac rtadvd ${rtadvd_interfaces} # # Enable Router Renumbering, unicast case # (use correct src/dst addr) - # rtadvd -P "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" \ + # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" \ # ${ipv6_network_interfaces} # Enable Router Renumbering, multicast case # (use correct src addr) - # rtadvd -P "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" \ + # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" \ # ${ipv6_network_interfaces} ;; esac @@ -185,33 +244,16 @@ ;; esac ;; - *) - # act as endhost - automatically configured - sysctl -w net.inet6.ip6.forwarding=0 - sysctl -w net.inet6.ip6.accept_rtadv=1 - - ifconfig ${ipv6_network_interfaces} up - rtsol ${ipv6_network_interfaces} - - - - # wait for DAD's completion (for global addrs) - sleep `sysctl -n net.inet6.ip6.dad_count` - sleep 1 - - # gifconfig - network6_gif_setup - - # 6to4 setup - network6_stf_setup - - # install the "default interface" to kernel, which will be used - # as the default route when there's no router. - # ndp -I ${ipv6_default_interface} - network6_default_interface_setup + esac - # setup static routes - network6_static_routes_setup + case ${ipv6_ipv4mapping} in + [Yy][Ee][Ss]) + echo -n ' IPv4 mapped IPv6 address support=YES' + sysctl -w net.inet6.ip6.mapped_addr=1 >/dev/null + ;; + '' | *) + echo -n ' IPv4 mapped IPv6 address support=NO' + sysctl -w net.inet6.ip6.mapped_addr=0 >/dev/null ;; esac @@ -222,6 +264,85 @@ network6_pass1_done=YES } +network6_interface_setup() { + rtsol_interfaces='' + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) + rtsol_available=no + ;; + *) + rtsol_available=yes + prefixcmd_enable=NO + ;; + esac + for i in $ipv6_network_interfaces; do + rtsol_interface=yes + eval prefix=\$ipv6_prefix_$i + if [ -n "${prefix}" ]; then + rtsol_available=no + rtsol_interface=no + for j in ${prefix}; do + case ${prefixcmd_enable} in + [Yy][Ee][Ss]) + prefix $i $j:: + ;; + *) + laddr=`network6_getladdr $i` + hostid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + address=$j\:${hostid} + + eval hostid_$i=${hostid} + eval address_$i=${address} + + ifconfig $i inet6 ${address} \ + prefixlen 64 alias + ;; + esac + + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) + # subnet-router anycast address + # (rfc2373) + ifconfig $i inet6 $j:: prefixlen 64 \ + alias anycast + ;; + esac + done + fi + eval ipv6_ifconfig=\$ipv6_ifconfig_$i + if [ -n "${ipv6_ifconfig}" ]; then + rtsol_available=no + rtsol_interface=no + ifconfig $i inet6 ${ipv6_ifconfig} alias + fi + + if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] + then + case ${i} in + lo0|gif*|stf*|faith*) + ;; + *) + rtsol_interfaces="${rtsol_interfaces} ${i}" + ;; + esac + else + ifconfig $i inet6 + fi + done + + if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then + # Act as endhost - automatically configured. + # You can configure only single interface, as + # specification assumes that autoconfigured host has + # single interface only. + sysctl -w net.inet6.ip6.accept_rtadv=1 + set ${rtsol_interfaces} + ifconfig $1 up + rtsol $1 + fi +} + network6_gif_setup() { case ${gif_interfaces} in [Nn][Oo] | '') @@ -289,6 +410,14 @@ network6_static_routes_setup() { # Set up any static routes. + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac case ${ipv6_static_routes} in [Nn][Oo] | '') ;; @@ -304,7 +433,7 @@ network6_default_interface_setup() { # Choose IPv6 default interface if it is not clearly specified. case ${ipv6_default_interface} in - [Nn][Oo] | '') + '') for i in ${ipv6_network_interfaces}; do laddr=`network6_getladdr $i exclude_tentative` case ${laddr} in @@ -321,17 +450,31 @@ # Disallow unicast packets without outgoing scope identifiers, # or route such packets to a "default" interface, if it is specified. + route add -inet6 fe80:: -prefixlen 10 ::1 -reject case ${ipv6_default_interface} in [Nn][Oo] | '') - route add -inet6 fe80:: -prefixlen 10 ::1 -reject route add -inet6 ff02:: -prefixlen 16 ::1 -reject ;; *) laddr=`network6_getladdr ${ipv6_default_interface}` - route add -inet6 fe80:: ${laddr} -prefixlen 10 -interface \ - -cloning route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \ -cloning + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # net.inet6.ip6.accept_rtadv=0, due to avoid conflict + # between the default router list and the manual + # configured default route. + case ${ipv6_gateway_enable} in + [Yy][Ee][Ss]) + ;; + *) + if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ] + then + ndp -I ${ipv6_default_interface} + fi + ;; + esac ;; esac } diff -urN 4.1-RELEASE/etc/rc.pccard 4.2-RELEASE/etc/rc.pccard --- 4.1-RELEASE/etc/rc.pccard Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.pccard Mon Nov 20 21:03:04 2000 @@ -1,6 +1,33 @@ #!/bin/sh - +# +# Copyright (c) 1996 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.pccard,v 1.20.2.1 2000/10/30 10:40:11 obrien Exp $ +# + # PC-card startup script -# $FreeBSD: src/etc/rc.pccard,v 1.20 1999/12/02 19:48:15 imp Exp $ case ${pccard_enable} in [Yy][Ee][Ss]) diff -urN 4.1-RELEASE/etc/rc.resume 4.2-RELEASE/etc/rc.resume --- 4.1-RELEASE/etc/rc.resume Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/rc.resume Mon Nov 20 21:03:04 2000 @@ -1,7 +1,32 @@ #!/bin/sh # -# $FreeBSD: src/etc/rc.resume,v 1.3 1999/09/13 15:44:18 sheldonh Exp $ +# Copyright (c) 1999 Mitsuru IWASAKI +# All rights reserved. # +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.resume,v 1.3.2.1 2000/10/30 10:40:11 obrien Exp $ +# + # sample run command file for APM Resume Event if [ -r /var/run/rc.suspend.pid ]; then diff -urN 4.1-RELEASE/etc/rc.serial 4.2-RELEASE/etc/rc.serial --- 4.1-RELEASE/etc/rc.serial Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.serial Mon Nov 20 21:03:04 2000 @@ -1,5 +1,31 @@ #!/bin/sh -# $FreeBSD: src/etc/rc.serial,v 1.14 1999/08/27 23:23:44 peter Exp $ +# +# Copyright (c) 1996 Andrey A. Chernov +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.serial,v 1.14.2.1 2000/10/30 10:40:11 obrien Exp $ +# # Change some defaults for serial devices. # Standard defaults are: diff -urN 4.1-RELEASE/etc/rc.shutdown 4.2-RELEASE/etc/rc.shutdown --- 4.1-RELEASE/etc/rc.shutdown Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.shutdown Mon Nov 20 21:03:04 2000 @@ -1,5 +1,31 @@ #!/bin/sh -# $FreeBSD: src/etc/rc.shutdown,v 1.4 1999/11/22 04:23:08 dillon Exp $ +# +# Copyright (c) 1997 Ollivier Robert +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.shutdown,v 1.4.2.5 2000/11/02 19:27:06 sheldonh Exp $ +# # Site-specific closing actions for daemons run by init on shutdown, # or before going single-user from multi-user. @@ -17,6 +43,15 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin export HOME PATH +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + # Check if /var/db/mounttab is clean. case $1 in reboot) @@ -26,10 +61,37 @@ ;; esac -echo -n "Shutting down daemon processes: " +echo -n "Shutting down daemon processes:" -# Insert shutdown procedures here +# for each valid dir in $local_startup, search for init scripts matching *.sh +case ${local_startup} in +[Nn][Oo] | '') + ;; +*) + for dir in ${local_startup}; do + if [ -d "${dir}" ]; then + for script in ${dir}/*.sh; do + if [ -x "${script}" ]; then + grep -wq stop "${script}" || \ + oldscripts="${oldscripts} ${script}" +# XXX not yet +# (set -T +# trap 'exit 1' 2 +# ${script} stop) + fi + done + fi + done + if [ ! -z "${oldscripts}" ]; then + echo 'You still seem to have old-style rc.d scripts:' + echo ${oldscripts} + echo 'Please change them to recognize the "stop" option.' + fi + echo . + ;; +esac +# Insert other shutdown procedures here echo '.' exit 0 diff -urN 4.1-RELEASE/etc/rc.suspend 4.2-RELEASE/etc/rc.suspend --- 4.1-RELEASE/etc/rc.suspend Thu Jul 27 12:14:39 2000 +++ 4.2-RELEASE/etc/rc.suspend Mon Nov 20 21:03:04 2000 @@ -1,7 +1,32 @@ #!/bin/sh # -# $FreeBSD: src/etc/rc.suspend,v 1.3 1999/09/13 15:44:18 sheldonh Exp $ +# Copyright (c) 1999 Mitsuru IWASAKI +# All rights reserved. # +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.suspend,v 1.3.2.1 2000/10/30 10:40:11 obrien Exp $ +# + # sample run command file for APM Suspend Event if [ -r /var/run/rc.suspend.pid ]; then diff -urN 4.1-RELEASE/etc/rc.sysctl 4.2-RELEASE/etc/rc.sysctl --- 4.1-RELEASE/etc/rc.sysctl Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/rc.sysctl Mon Nov 20 21:03:04 2000 @@ -1,16 +1,45 @@ #!/bin/sh # +# Copyright (c) 1999 Warner Losh +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD: src/etc/rc.sysctl,v 1.4.4.2 2000/10/30 10:40:11 obrien Exp $ +# + +# # Read in /etc/sysctl.conf and set things accordingly # -# $FreeBSD: src/etc/rc.sysctl,v 1.4 2000/01/16 18:12:41 chris Exp $ + if [ -f /etc/sysctl.conf ]; then - sed ' - /^[ ]*#/d - /^[ ]*$/d - s/#.*$//g - ' /etc/sysctl.conf | - while read var + while read var comments do - sysctl -w ${var} - done + case ${var} in + \#*|'') + ;; + *) + sysctl -w ${var} + ;; + esac + done < /etc/sysctl.conf fi diff -urN 4.1-RELEASE/etc/security 4.2-RELEASE/etc/security --- 4.1-RELEASE/etc/security Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/security Mon Nov 20 21:03:04 2000 @@ -1,23 +1,64 @@ #!/bin/sh - # +# Copyright (c) 2000 The FreeBSD Project +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# # @(#)security 5.3 (Berkeley) 5/28/91 -# $FreeBSD: src/etc/security,v 1.36.2.3 2000/07/14 19:36:00 dwmalone Exp $ +# $FreeBSD: src/etc/security,v 1.36.2.7 2000/10/30 10:40:11 obrien Exp $ # + PATH=/sbin:/bin:/usr/bin LC_ALL=C; export LC_ALL +rc=0 +LOG=/var/log +TMP=/var/run/_secure.$$ separator () { echo '' echo '' } +catmsgs() { + [ -f $LOG/messages.0.gz ] && zcat $LOG/messages.0.gz + [ -f $LOG/messages.0 ] && cat $LOG/messages.0 + [ -f $LOG/messages ] && cat $LOG/messages +} + +sflag=FALSE ignore= +while getopts ams c +do + case "$c" in + a) ignore="$ignore|^amd:";; + m) ignore="$ignore|^mfs:";; + s) sflag=TRUE;; + esac +done + yesterday=`date -v-1d "+%b %e "` host=`hostname` -echo "Subject: ${host} security check output" - -LOG=/var/log -TMP=/var/run/_secure.$$ +[ $sflag = FALSE ] && echo "Subject: ${host} security check output" umask 027 @@ -27,7 +68,7 @@ # Note that one of the original problems, the possibility of overrunning # the args to ls, is still here... # -MP=`mount -t ufs | grep -v " nosuid" | sed 's;/dev/;&r;' | awk '{ print $3 }'` +MP=`mount -t ufs | grep -v " nosuid" | awk '{ print $3 }' | sort` set ${MP} while [ $# -ge 1 ]; do mount=$1 @@ -38,59 +79,72 @@ done | xargs -0 -n 20 ls -liTd | sort +10 > ${TMP} if [ ! -f ${LOG}/setuid.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/setuid.today" - cp ${TMP} ${LOG}/setuid.today + cp ${TMP} ${LOG}/setuid.today || rc=3 fi -if cmp ${LOG}/setuid.today ${TMP} >/dev/null; then :; else +if ! cmp ${LOG}/setuid.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} setuid diffs:" - diff -b ${LOG}/setuid.today ${TMP} - mv ${LOG}/setuid.today ${LOG}/setuid.yesterday - mv ${TMP} ${LOG}/setuid.today + diff -w ${LOG}/setuid.today ${TMP} + mv ${LOG}/setuid.today ${LOG}/setuid.yesterday || rc=3 + mv ${TMP} ${LOG}/setuid.today || rc=3 fi # Show changes in the way filesystems are mounted # -if mount -p > $TMP; then +[ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat +if mount -p | $cmd > $TMP; then if [ ! -f $LOG/mount.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no $LOG/mount.today" - cp $TMP $LOG/mount.today + cp $TMP $LOG/mount.today || rc=3 fi - if cmp $LOG/mount.today $TMP >/dev/null 2>&1; then :; else + if ! cmp $LOG/mount.today $TMP >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "$host changes in mounted filesystems:" diff -b $LOG/mount.today $TMP - mv $LOG/mount.today $LOG/mount.yesterday - mv $TMP $LOG/mount.today + mv $LOG/mount.today $LOG/mount.yesterday || rc=3 + mv $TMP $LOG/mount.today || rc=3 fi fi separator echo "checking for uids of 0:" -awk -F: '$3==0 {print $1,$3}' /etc/master.passwd +n=$(awk -F: '$3==0 {print $1,$3}' /etc/master.passwd | + tee /dev/stderr | + sed -e '/^root 0$/d' -e '/^toor 0$/d' | + wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 separator echo "checking for passwordless accounts:" -awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd +n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | + tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show denied packets # if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then if [ ! -f ${LOG}/ipfw.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/ipfw.today" - cp ${TMP} ${LOG}/ipfw.today + cp ${TMP} ${LOG}/ipfw.today || rc=3 fi - if cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then :; else + if ! cmp ${LOG}/ipfw.today ${TMP} >/dev/null; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} denied packets:" diff -b ${LOG}/ipfw.today ${TMP} | egrep "^>" - mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday - mv ${TMP} ${LOG}/ipfw.today + mv ${LOG}/ipfw.today ${LOG}/ipfw.yesterday || rc=3 + mv ${TMP} ${LOG}/ipfw.today || rc=3 fi fi @@ -101,6 +155,7 @@ ipfw -a l | grep " log " | perl -n -e \ '/^\d+\s+(\d+)/; print if ($1 >= '$IPFW_LOG_LIMIT')' > ${TMP} if [ -s "${TMP}" ]; then + [ $rc -lt 1 ] && rc=1 separator echo "ipfw log limit reached:" cat ${TMP} @@ -111,17 +166,19 @@ # if dmesg 2>/dev/null > ${TMP}; then if [ ! -f ${LOG}/dmesg.today ]; then + [ $rc -lt 1 ] && rc=1 separator echo "no ${LOG}/dmesg.today" - cp ${TMP} ${LOG}/dmesg.today + cp ${TMP} ${LOG}/dmesg.today || rc=3 fi - if cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then :; else + if ! cmp ${LOG}/dmesg.today ${TMP} >/dev/null 2>&1; then + [ $rc -lt 1 ] && rc=1 separator echo "${host} kernel log messages:" diff -b ${LOG}/dmesg.today ${TMP} | egrep "^>" - mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday - mv ${TMP} ${LOG}/dmesg.today + mv ${LOG}/dmesg.today ${LOG}/dmesg.yesterday || rc=3 + mv ${TMP} ${LOG}/dmesg.today || rc=3 fi fi @@ -129,12 +186,16 @@ # separator echo "${host} login failures:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*login failure" +n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages # separator echo "${host} refused connections:" -zcat -f $LOG/messages.0* $LOG/messages | grep -i "^$yesterday.*refused connect" +n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) +[ $n -gt 0 -a $rc -lt 1 ] && rc=1 rm -f ${TMP} + +exit $rc diff -urN 4.1-RELEASE/etc/services 4.2-RELEASE/etc/services --- 4.1-RELEASE/etc/services Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/services Mon Nov 20 21:03:04 2000 @@ -16,7 +16,7 @@ # Kerberos services are for Kerberos v4, and are unofficial. Sites running # v5 should uncomment v5 entries and comment v4 entries. # -# $FreeBSD: src/etc/services,v 1.62.2.1 2000/07/05 10:09:16 sheldonh Exp $ +# $FreeBSD: src/etc/services,v 1.62.2.3 2000/10/05 07:37:37 sheldonh Exp $ # From: @(#)services 5.8 (Berkeley) 5/9/91 # # WELL KNOWN PORT NUMBERS @@ -1097,6 +1097,8 @@ doom 666/tcp #doom Id Software doom 666/udp #doom Id Software #PROBLEMS!=============================================== +acap 674/tcp #Application Configuration Access Protocol +acap 674/udp #Application Configuration Access Protocol elcsd 704/tcp #errlog copy/server daemon elcsd 704/udp #errlog copy/server daemon entrustmanager 709/tcp #EntrustManager @@ -1244,6 +1246,8 @@ nerv 1222/udp #SNI R&D network hermes 1248/tcp hermes 1248/udp +healthd 1281/tcp #healthd +healthd 1281/udp #healthd alta-ana-lm 1346/tcp #Alta Analytics License Manager alta-ana-lm 1346/udp #Alta Analytics License Manager bbn-mmc 1347/tcp #multi media conferencing diff -urN 4.1-RELEASE/etc/ssh/ssh_config 4.2-RELEASE/etc/ssh/ssh_config --- 4.1-RELEASE/etc/ssh/ssh_config Thu Jul 27 12:14:41 2000 +++ 4.2-RELEASE/etc/ssh/ssh_config Mon Nov 20 21:03:06 2000 @@ -2,7 +2,7 @@ # defaults for users, and the values can be changed in per-user configuration # files or on the command line. # -# $FreeBSD: src/crypto/openssh/ssh_config,v 1.2.2.1 2000/06/09 07:10:21 kris Exp $ +# $FreeBSD: src/crypto/openssh/ssh_config,v 1.2.2.3 2000/10/28 23:00:50 kris Exp $ # Configuration data is parsed as follows: # 1. command line options @@ -21,7 +21,7 @@ # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes -# FallBackToRsh yes +# FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes diff -urN 4.1-RELEASE/etc/ssh/sshd_config 4.2-RELEASE/etc/ssh/sshd_config --- 4.1-RELEASE/etc/ssh/sshd_config Thu Jul 27 12:14:41 2000 +++ 4.2-RELEASE/etc/ssh/sshd_config Mon Nov 20 21:03:06 2000 @@ -1,6 +1,6 @@ # This is ssh server systemwide configuration file. # -# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.1 2000/06/09 07:10:22 kris Exp $ +# $FreeBSD: src/crypto/openssh/sshd_config,v 1.4.2.3 2000/10/28 23:00:51 kris Exp $ Port 22 #Protocol 2,1 @@ -9,7 +9,7 @@ HostKey /etc/ssh/ssh_host_key HostDsaKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 -LoginGraceTime 60 +LoginGraceTime 120 KeyRegenerationInterval 3600 PermitRootLogin no # Rate-limit sshd connections to 5 connections per 10 seconds @@ -19,7 +19,7 @@ # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes -X11Forwarding no +X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes @@ -53,3 +53,7 @@ CheckMail yes #UseLogin no + +# Uncomment if you want to enable sftp +#Subsystem sftp /usr/libexec/sftp-server +#MaxStartups 10:30:60 diff -urN 4.1-RELEASE/etc/ssl/openssl.cnf 4.2-RELEASE/etc/ssl/openssl.cnf --- 4.1-RELEASE/etc/ssl/openssl.cnf Thu Jul 27 12:14:41 2000 +++ 4.2-RELEASE/etc/ssl/openssl.cnf Mon Nov 20 21:03:06 2000 @@ -2,9 +2,15 @@ # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # +# $FreeBSD: src/crypto/openssl/apps/openssl.cnf,v 1.1.1.1.2.2 2000/10/29 10:27:41 dougb Exp $ +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . RANDFILE = $ENV::HOME/.rnd -oid_file = $ENV::HOME/.oid + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid oid_section = new_oids # To use this configuration file with the "-extfile" option of the @@ -86,6 +92,22 @@ attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU @@ -170,8 +192,16 @@ #nsCaPolicyUrl #nsSslServerName +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + [ v3_ca ] + # Extensions for a typical CA @@ -200,10 +230,11 @@ # Copy issuer details # issuerAltName=issuer:copy -# RAW DER hex encoding of an extension: beware experts only! -# 1.2.3.5=RAW:02:03 +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object # You can even override a supported extension: -# basicConstraints= critical, RAW:30:03:01:01:FF +# basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] diff -urN 4.1-RELEASE/etc/usbd.conf 4.2-RELEASE/etc/usbd.conf --- 4.1-RELEASE/etc/usbd.conf Thu Jul 27 12:14:38 2000 +++ 4.2-RELEASE/etc/usbd.conf Mon Nov 20 21:03:04 2000 @@ -2,10 +2,10 @@ # # See usbd.conf(5) for the description of the format of the file. # -# $FreeBSD: src/etc/usbd.conf,v 1.5.2.1 2000/03/20 12:24:56 peter Exp $ +# $FreeBSD: src/etc/usbd.conf,v 1.5.2.2 2000/10/16 16:32:12 n_hibma Exp $ # Firmware download into the ActiveWire board. After the firmware download is -# done the device detaches and reappears as something new and shiny. +# done the device detaches and reappears as something new and shiny automatically. # device "ActiveWire board, firmware download" vendor 0x0854 @@ -22,25 +22,17 @@ attach "if ! kldstat -n usio > /dev/null 2>&1 ; then kldload usio; fi" attach "/usr/sbin/ezdownload -v -f /usr/share/usb/firmware/1645.8001.0101 /dev/${DEVNAME}" - -# The piece below has to be copied for every drive. It does not work for the -# generic case, the umass storage class uses interface drivers. The info for -# the interfaces is not yet exported. +# The entry below starts and stops dhclient when an ethernet device is inserted +# Caveat: It does not support multiple interfaces (but neither does pccardd, +# it shouldn't be too big a deal :-) # -device "USB Zip drive" - vendor 0x059b - product 0x0001 - release 0x0100 - attach "/sbin/camcontrol rescan bus 0" - -# The entry for the cue, kue and aue ethernet interface drivers. device "USB ethernet" devname "[ack]ue[0-9]+" attach "dhclient ${DEVNAME}" detach "killall dhclient" -# The entry below is for the Logitech mouse. Replace the product and vendor -# id (and the device name of course) with the data for your mouse. +# The entry below starts moused when a mouse is plugged in. Moused +# stops automatically (actually it bombs :) when the device disappears. # device "Mouse" devname "ums[0-9]+"