head	1.41;
access;
symbols
	RELENG_8_4:1.41.0.2
	RELENG_9_1_0_RELEASE:1.36.2.1.4.2
	RELENG_9_1:1.36.2.1.0.4
	RELENG_9_1_BP:1.36.2.1
	RELENG_8_3_0_RELEASE:1.31.2.5.2.1
	RELENG_8_3:1.31.2.5.0.2
	RELENG_8_3_BP:1.31.2.5
	RELENG_9_0_0_RELEASE:1.36.2.1.2.1
	RELENG_9_0:1.36.2.1.0.2
	RELENG_9_0_BP:1.36.2.1
	RELENG_9:1.36.0.2
	RELENG_9_BP:1.36
	RELENG_7_4_0_RELEASE:1.26.2.6.2.1
	RELENG_8_2_0_RELEASE:1.31.2.4.4.1
	RELENG_7_4:1.26.2.6.0.2
	RELENG_7_4_BP:1.26.2.6
	RELENG_8_2:1.31.2.4.0.4
	RELENG_8_2_BP:1.31.2.4
	RELENG_8_1_0_RELEASE:1.31.2.4.2.1
	RELENG_8_1:1.31.2.4.0.2
	RELENG_8_1_BP:1.31.2.4
	RELENG_7_3_0_RELEASE:1.26.2.5.2.1
	RELENG_7_3:1.26.2.5.0.2
	RELENG_7_3_BP:1.26.2.5
	RELENG_8_0_0_RELEASE:1.31.2.1.2.1
	RELENG_8_0:1.31.2.1.0.2
	RELENG_8_0_BP:1.31.2.1
	RELENG_8:1.31.0.2
	RELENG_8_BP:1.31
	RELENG_7_2_0_RELEASE:1.26.2.2.2.1
	RELENG_7_2:1.26.2.2.0.2
	RELENG_7_2_BP:1.26.2.2
	RELENG_7_1_0_RELEASE:1.26.2.1.4.1
	RELENG_6_4_0_RELEASE:1.22.2.3.4.1
	RELENG_7_1:1.26.2.1.0.4
	RELENG_7_1_BP:1.26.2.1
	RELENG_6_4:1.22.2.3.0.4
	RELENG_6_4_BP:1.22.2.3
	RELENG_7_0_0_RELEASE:1.26.2.1
	RELENG_6_3_0_RELEASE:1.22.2.3
	RELENG_7_0:1.26.2.1.0.2
	RELENG_7_0_BP:1.26.2.1
	RELENG_6_3:1.22.2.3.0.2
	RELENG_6_3_BP:1.22.2.3
	RELENG_7:1.26.0.2
	RELENG_7_BP:1.26
	RELENG_6_2_0_RELEASE:1.22.2.2
	RELENG_6_2:1.22.2.2.0.4
	RELENG_6_2_BP:1.22.2.2
	RELENG_5_5_0_RELEASE:1.9.2.7
	RELENG_5_5:1.9.2.7.0.2
	RELENG_5_5_BP:1.9.2.7
	RELENG_6_1_0_RELEASE:1.22.2.2
	RELENG_6_1:1.22.2.2.0.2
	RELENG_6_1_BP:1.22.2.2
	RELENG_6_0_0_RELEASE:1.22
	RELENG_6_0:1.22.0.4
	RELENG_6_0_BP:1.22
	RELENG_6:1.22.0.2
	RELENG_6_BP:1.22
	RELENG_5_4_0_RELEASE:1.9.2.4.4.1
	RELENG_5_4:1.9.2.4.0.4
	RELENG_5_4_BP:1.9.2.4
	RELENG_5_3_0_RELEASE:1.9.2.4
	RELENG_5_3:1.9.2.4.0.2
	RELENG_5_3_BP:1.9.2.4
	RELENG_5:1.9.0.2
	RELENG_5_BP:1.9
	RELENG_5_2_1_RELEASE:1.6
	RELENG_5_2_0_RELEASE:1.6
	RELENG_5_2:1.6.0.4
	RELENG_5_2_BP:1.6
	RELENG_5_1_0_RELEASE:1.6
	RELENG_5_1:1.6.0.2
	RELENG_5_1_BP:1.6
	RELENG_5_0_0_RELEASE:1.5.2.1
	RELENG_5_0:1.5.0.2
	RELENG_5_0_BP:1.5
	head_20020621:1.1.1.2
	head_20010615:1.1.1.1
	NETBSD:1.1.1;
locks; strict;
comment	@# @;


1.41
date	2012.11.17.01.49.05;	author svnexp;	state Exp;
branches
	1.41.2.1;
next	1.40;

1.40
date	2012.09.11.05.04.59;	author obrien;	state Exp;
branches;
next	1.39;

1.39
date	2012.07.19.22.41.00;	author dteske;	state Exp;
branches;
next	1.38;

1.38
date	2012.07.19.22.33.13;	author dteske;	state Exp;
branches;
next	1.37;

1.37
date	2012.07.13.06.46.09;	author kevlo;	state Exp;
branches;
next	1.36;

1.36
date	2011.04.23.04.26.31;	author dougb;	state Exp;
branches
	1.36.2.1;
next	1.35;

1.35
date	2010.04.28.22.29.17;	author dougb;	state Exp;
branches;
next	1.34;

1.34
date	2010.01.01.22.10.07;	author dougb;	state Exp;
branches;
next	1.33;

1.33
date	2010.01.01.19.06.00;	author dougb;	state Exp;
branches;
next	1.32;

1.32
date	2009.12.12.21.51.50;	author dougb;	state Exp;
branches;
next	1.31;

1.31
date	2009.05.16.20.55.28;	author dougb;	state Exp;
branches
	1.31.2.1;
next	1.30;

1.30
date	2009.05.16.20.26.01;	author dougb;	state Exp;
branches;
next	1.29;

1.29
date	2009.02.07.16.37.02;	author bz;	state Exp;
branches;
next	1.28;

1.28
date	2008.08.01.06.11.33;	author dougb;	state Exp;
branches;
next	1.27;

1.27
date	2007.10.22.09.38.44;	author dougb;	state Exp;
branches;
next	1.26;

1.26
date	2006.04.20.12.30.12;	author delphij;	state Exp;
branches
	1.26.2.1;
next	1.25;

1.25
date	2006.04.18.10.35.05;	author flz;	state Exp;
branches;
next	1.24;

1.24
date	2006.02.13.08.45.50;	author dougb;	state Exp;
branches;
next	1.23;

1.23
date	2005.10.23.14.06.53;	author yar;	state Exp;
branches;
next	1.22;

1.22
date	2005.05.23.12.25.33;	author pjd;	state Exp;
branches
	1.22.2.1;
next	1.21;

1.21
date	2005.04.24.01.51.22;	author dougb;	state Exp;
branches;
next	1.20;

1.20
date	2005.01.16.03.12.03;	author obrien;	state Exp;
branches;
next	1.19;

1.19
date	2004.12.20.18.34.10;	author peadar;	state Exp;
branches;
next	1.18;

1.18
date	2004.12.20.10.48.48;	author peadar;	state Exp;
branches;
next	1.17;

1.17
date	2004.12.18.15.19.36;	author phk;	state Exp;
branches;
next	1.16;

1.16
date	2004.10.07.13.55.26;	author mtm;	state Exp;
branches;
next	1.15;

1.15
date	2004.09.30.09.15.21;	author dougb;	state Exp;
branches;
next	1.14;

1.14
date	2004.09.28.09.46.00;	author dougb;	state Exp;
branches;
next	1.13;

1.13
date	2004.09.26.07.01.56;	author dougb;	state Exp;
branches;
next	1.12;

1.12
date	2004.09.24.23.49.38;	author dougb;	state Exp;
branches;
next	1.11;

1.11
date	2004.09.24.11.04.27;	author keramida;	state Exp;
branches;
next	1.10;

1.10
date	2004.09.24.04.53.18;	author dougb;	state Exp;
branches;
next	1.9;

1.9
date	2004.03.14.19.10.05;	author dougb;	state Exp;
branches
	1.9.2.1;
next	1.8;

1.8
date	2004.01.17.10.59.43;	author mtm;	state Exp;
branches;
next	1.7;

1.7
date	2004.01.17.10.16.38;	author mtm;	state Exp;
branches;
next	1.6;

1.6
date	2003.01.12.04.53.54;	author mtm;	state Exp;
branches;
next	1.5;

1.5
date	2002.10.12.10.31.31;	author schweikh;	state Exp;
branches
	1.5.2.1;
next	1.4;

1.4
date	2002.09.06.16.18.05;	author gordon;	state Exp;
branches;
next	1.3;

1.3
date	2002.06.18.19.42.37;	author gordon;	state Exp;
branches;
next	1.2;

1.2
date	2002.06.13.22.14.36;	author gordon;	state Exp;
branches;
next	1.1;

1.1
date	2001.06.16.07.16.14;	author obrien;	state Exp;
branches
	1.1.1.1;
next	;

1.41.2.1
date	2012.11.17.01.49.05;	author svnexp;	state dead;
branches;
next	1.41.2.2;

1.41.2.2
date	2013.03.28.13.02.43;	author svnexp;	state Exp;
branches;
next	;

1.36.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.36.2.1.2.1
	1.36.2.1.4.1;
next	1.36.2.2;

1.36.2.2
date	2012.10.26.18.06.49;	author obrien;	state Exp;
branches;
next	1.36.2.3;

1.36.2.3
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	;

1.36.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.36.2.1.2.2;

1.36.2.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.36.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.36.2.1.4.2;

1.36.2.1.4.2
date	2012.11.17.08.47.01;	author svnexp;	state Exp;
branches;
next	;

1.31.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.31.2.1.2.1;
next	1.31.2.2;

1.31.2.2
date	2009.12.29.07.08.48;	author dougb;	state Exp;
branches;
next	1.31.2.3;

1.31.2.3
date	2010.01.15.03.03.02;	author dougb;	state Exp;
branches;
next	1.31.2.4;

1.31.2.4
date	2010.05.08.22.24.01;	author dougb;	state Exp;
branches
	1.31.2.4.2.1
	1.31.2.4.4.1;
next	1.31.2.5;

1.31.2.5
date	2011.04.29.20.31.52;	author dougb;	state Exp;
branches
	1.31.2.5.2.1;
next	1.31.2.6;

1.31.2.6
date	2012.11.17.10.35.57;	author svnexp;	state Exp;
branches;
next	;

1.31.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.31.2.4.2.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.31.2.4.4.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.31.2.5.2.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.31.2.5.2.2;

1.31.2.5.2.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.26.2.1
date	2007.10.28.00.26.53;	author dougb;	state Exp;
branches
	1.26.2.1.4.1;
next	1.26.2.2;

1.26.2.2
date	2009.03.24.02.54.15;	author dougb;	state Exp;
branches
	1.26.2.2.2.1;
next	1.26.2.3;

1.26.2.3
date	2009.08.03.20.09.54;	author dougb;	state Exp;
branches;
next	1.26.2.4;

1.26.2.4
date	2009.12.29.07.13.17;	author dougb;	state Exp;
branches;
next	1.26.2.5;

1.26.2.5
date	2010.01.15.03.05.46;	author dougb;	state Exp;
branches
	1.26.2.5.2.1;
next	1.26.2.6;

1.26.2.6
date	2010.05.08.22.24.31;	author dougb;	state Exp;
branches
	1.26.2.6.2.1;
next	1.26.2.7;

1.26.2.7
date	2011.04.29.20.44.39;	author dougb;	state Exp;
branches;
next	1.26.2.8;

1.26.2.8
date	2012.11.17.08.01.21;	author svnexp;	state Exp;
branches;
next	;

1.26.2.1.4.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.26.2.2.2.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.26.2.5.2.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.26.2.6.2.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.26.2.6.2.2;

1.26.2.6.2.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.22.2.1
date	2005.12.16.01.42.54;	author dougb;	state Exp;
branches;
next	1.22.2.2;

1.22.2.2
date	2006.02.24.09.38.36;	author dougb;	state Exp;
branches;
next	1.22.2.3;

1.22.2.3
date	2007.10.28.00.28.34;	author dougb;	state Exp;
branches
	1.22.2.3.4.1;
next	1.22.2.4;

1.22.2.4
date	2009.03.24.03.05.41;	author dougb;	state Exp;
branches;
next	1.22.2.5;

1.22.2.5
date	2009.08.03.20.14.00;	author dougb;	state Exp;
branches;
next	1.22.2.6;

1.22.2.6
date	2009.12.29.07.19.52;	author dougb;	state Exp;
branches;
next	1.22.2.7;

1.22.2.7
date	2010.01.15.03.07.42;	author dougb;	state Exp;
branches;
next	1.22.2.8;

1.22.2.8
date	2010.05.08.22.25.37;	author dougb;	state Exp;
branches;
next	1.22.2.9;

1.22.2.9
date	2012.11.17.07.39.08;	author svnexp;	state Exp;
branches;
next	;

1.22.2.3.4.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.9.2.1
date	2004.09.26.03.10.10;	author des;	state Exp;
branches;
next	1.9.2.2;

1.9.2.2
date	2004.09.26.10.52.35;	author des;	state Exp;
branches;
next	1.9.2.3;

1.9.2.3
date	2004.09.30.23.36.07;	author dougb;	state Exp;
branches;
next	1.9.2.4;

1.9.2.4
date	2004.10.10.09.50.53;	author mtm;	state Exp;
branches
	1.9.2.4.4.1;
next	1.9.2.5;

1.9.2.5
date	2005.04.27.05.16.31;	author dougb;	state Exp;
branches;
next	1.9.2.6;

1.9.2.6
date	2005.05.29.10.36.37;	author pjd;	state Exp;
branches;
next	1.9.2.7;

1.9.2.7
date	2006.02.24.09.43.33;	author dougb;	state Exp;
branches;
next	1.9.2.8;

1.9.2.8
date	2007.10.28.00.30.18;	author dougb;	state Exp;
branches;
next	;

1.9.2.4.4.1
date	2005.05.01.01.29.12;	author dougb;	state Exp;
branches;
next	;

1.5.2.1
date	2003.01.14.01.12.07;	author mtm;	state Exp;
branches;
next	;

1.1.1.1
date	2001.06.16.07.16.14;	author obrien;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2002.06.21.19.07.21;	author obrien;	state Exp;
branches;
next	;


desc
@@


1.41
log
@Switching exporter and resync
@
text
@#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/named 240336 2012-09-11 05:04:59Z obrien $
#

# PROVIDE: named
# REQUIRE: SERVERS FILESYSTEMS
# KEYWORD: shutdown

. /etc/rc.subr

name="named"
rcvar=named_enable

extra_commands="reload"

start_precmd="named_prestart"
start_postcmd="named_poststart"
reload_cmd="named_reload"
stop_cmd="named_stop"
stop_postcmd="named_poststop"

# If running in a chroot cage, ensure that the appropriate files
# exist inside the cage, as well as helper symlinks into the cage
# from outside.
#
# As this is called after the is_running and required_dir checks
# are made in run_rc_command(), we can safely assume ${named_chrootdir}
# exists and named isn't running at this point (unless forcestart
# is used).
#
chroot_autoupdate()
{
	local file

	# Create (or update) the chroot directory structure
	#
	if [ -r /etc/mtree/BIND.chroot.dist ]; then
		mtree -deU -f /etc/mtree/BIND.chroot.dist \
		    -p ${named_chrootdir}
	else
		warn "/etc/mtree/BIND.chroot.dist missing,"
		warn "chroot directory structure not updated"
	fi

	# Create (or update) the configuration directory symlink
	#
	if [ ! -L "${named_conf%/*}" ]; then
		if [ -d "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} is a directory!"
		elif [ -e "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} exists!"
		else
			ln -s ${named_confdir} ${named_conf%/*}
		fi
	else
		# Make sure it points to the right place.
		ln -shf ${named_confdir} ${named_conf%/*}
	fi

	# Mount a devfs in the chroot directory if needed
	#
	if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
		umount ${named_chrootdir}/dev 2>/dev/null
		devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
		devfs -m ${named_chrootdir}/dev rule apply path null unhide
		devfs -m ${named_chrootdir}/dev rule apply path random unhide
	else
		if [ -c ${named_chrootdir}/dev/null -a \
		    -c ${named_chrootdir}/dev/random ]; then
			info "named chroot: using pre-mounted devfs."
		else
			err 1 "named chroot: devfs cannot be mounted from" \
			    "within a jail. Thus a chrooted named cannot" \
			    "be run from within a jail." \
			    "To run named without chrooting it, set" \
			    "named_chrootdir=\"\" in /etc/rc.conf."
		fi
	fi

	# Copy and/or update key files to the chroot /etc
	#
	for file in localtime protocols services; do
		if [ -r /etc/$file ]; then
			cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
			    cp -p /etc/$file "${named_chrootdir}/etc/$file"
		fi
	done
}

# Make symlinks to the correct pid file
#
make_symlinks()
{
	checkyesno named_symlink_enable &&
	    ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}

named_poststart() {
	make_symlinks

	if checkyesno named_wait; then
		until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
			echo "	Waiting for nameserver to resolve $named_wait_host"
			sleep 1
		done
	fi
}

named_reload()
{
	${command%/named}/rndc reload
}

find_pidfile()
{
	if get_pidfile_from_conf pid-file $named_conf; then
		pidfile="$_pidfile_from_conf"
	else
		pidfile="/var/run/named/pid"
	fi
}

named_stop()
{
	find_pidfile

	# This duplicates an undesirably large amount of code from the stop
	# routine in rc.subr in order to use rndc to shut down the process,
	# and to give it a second chance in case rndc fails.
	rc_pid=$(check_pidfile $pidfile $command)
	if [ -z "$rc_pid" ]; then
		[ -n "$rc_fast" ] && return 0
		_run_rc_notrunning
		return 1
	fi
	echo 'Stopping named.'
	if ${command%/named}/rndc stop 2>/dev/null; then
		wait_for_pids $rc_pid
	else
		echo -n 'rndc failed, trying kill: '
		kill -TERM $rc_pid
		wait_for_pids $rc_pid
  	fi
}

named_poststop()
{
	if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
		if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
			umount ${named_chrootdir}/dev 2>/dev/null || true
		else
			warn "named chroot:" \
			    "cannot unmount devfs from inside jail!"
		fi
	fi
}

create_file() {
	if [ -e "$1" ]; then
		unlink $1
	fi
	> $1
	chown root:wheel $1
	chmod 644 $1
}

named_prestart()
{
	find_pidfile

	if [ -n "$named_pidfile" ]; then
		warn 'named_pidfile: now determined from the conf file'
	fi

	command_args="-u ${named_uid:=root}"

	if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
		case "$named_flags" in
		-c*|*' -c'*) ;;		# No need to add it
		*) command_args="-c $named_conf $command_args" ;;
		esac
	fi

	local line nsip firstns

	# Is the user using a sandbox?
	#
	if [ -n "$named_chrootdir" ]; then
		rc_flags="$rc_flags -t $named_chrootdir"
		checkyesno named_chroot_autoupdate && chroot_autoupdate
	else
		named_symlink_enable=NO
	fi

	# Create an rndc.key file for the user if none exists
	#
	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
	    -c ${named_confdir}/rndc.key"
	if [ -s "${named_confdir}/rndc.conf" ]; then
		unset confgen_command
	fi
	if [ -s "${named_confdir}/rndc.key" ]; then
		case `stat -f%Su ${named_confdir}/rndc.key` in
		root|$named_uid) ;;
		*) $confgen_command ;;
		esac
	else
		$confgen_command
	fi

	local checkconf

	checkconf="${command%/named}/named-checkconf"
	if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
		checkconf="$checkconf -t $named_chrootdir"
	fi

	# Create a forwarder configuration based on /etc/resolv.conf
	if checkyesno named_auto_forward; then
		if [ ! -s /etc/resolv.conf ]; then
			warn "named_auto_forward enabled, but no /etc/resolv.conf"

			# Empty the file in case it is included in named.conf
			[ -s "${named_confdir}/auto_forward.conf" ] &&
			    create_file ${named_confdir}/auto_forward.conf

			$checkconf $named_conf ||
			    err 3 'named-checkconf for $named_conf failed'
			return
		fi

		create_file /var/run/naf-resolv.conf
		create_file /var/run/auto_forward.conf

		echo '	forwarders {' > /var/run/auto_forward.conf

		while read line; do
			case "$line" in
			'nameserver '*|'nameserver	'*)
				nsip=${line##nameserver[         ]}

				if [ -z "$firstns" ]; then
					if [ ! "$nsip" = '127.0.0.1' ]; then
						echo 'nameserver 127.0.0.1'
						echo "		${nsip};" >> /var/run/auto_forward.conf
					fi

					firstns=1
				else
					[ "$nsip" = '127.0.0.1' ] && continue
					echo "		${nsip};" >> /var/run/auto_forward.conf
				fi
				;;
			esac

			echo $line
		done < /etc/resolv.conf > /var/run/naf-resolv.conf

		echo '	};' >> /var/run/auto_forward.conf
		echo '' >> /var/run/auto_forward.conf
		if checkyesno named_auto_forward_only; then
			echo "	forward only;" >> /var/run/auto_forward.conf
		else
			echo "	forward first;" >> /var/run/auto_forward.conf
		fi

		if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
			unlink /var/run/naf-resolv.conf
		else
			[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
			mv /var/run/naf-resolv.conf /etc/resolv.conf
		fi

		if cmp -s ${named_confdir}/auto_forward.conf \
		    /var/run/auto_forward.conf; then
			unlink /var/run/auto_forward.conf
		else
			[ -e "${named_confdir}/auto_forward.conf" ] &&
			    unlink ${named_confdir}/auto_forward.conf
			mv /var/run/auto_forward.conf \
			    ${named_confdir}/auto_forward.conf
		fi
	else
		# Empty the file in case it is included in named.conf
		[ -s "${named_confdir}/auto_forward.conf" ] &&
		    create_file ${named_confdir}/auto_forward.conf
	fi

	$checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
}

load_rc_config $name

# Updating the following variables requires that rc.conf be loaded first
#
required_dirs="$named_chrootdir"	# if it is set, it must exist

named_confdir="${named_chrootdir}${named_conf%/*}"

run_rc_command "$1"
@


1.41.2.1
log
@file named was added on branch RELENG_8_4 on 2013-03-28 13:02:43 +0000
@
text
@d1 301
@


1.41.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 301
#!/bin/sh
#
# $FreeBSD: releng/8.4/etc/rc.d/named 221221 2011-04-29 20:31:52Z dougb $
#

# PROVIDE: named
# REQUIRE: SERVERS cleanvar
# KEYWORD: shutdown

. /etc/rc.subr

name="named"
rcvar=named_enable

extra_commands="reload"

start_precmd="named_prestart"
start_postcmd="named_poststart"
reload_cmd="named_reload"
stop_cmd="named_stop"
stop_postcmd="named_poststop"

# If running in a chroot cage, ensure that the appropriate files
# exist inside the cage, as well as helper symlinks into the cage
# from outside.
#
# As this is called after the is_running and required_dir checks
# are made in run_rc_command(), we can safely assume ${named_chrootdir}
# exists and named isn't running at this point (unless forcestart
# is used).
#
chroot_autoupdate()
{
	local file

	# Create (or update) the chroot directory structure
	#
	if [ -r /etc/mtree/BIND.chroot.dist ]; then
		mtree -deU -f /etc/mtree/BIND.chroot.dist \
		    -p ${named_chrootdir}
	else
		warn "/etc/mtree/BIND.chroot.dist missing,"
		warn "chroot directory structure not updated"
	fi

	# Create (or update) the configuration directory symlink
	#
	if [ ! -L "${named_conf%/*}" ]; then
		if [ -d "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} is a directory!"
		elif [ -e "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} exists!"
		else
			ln -s ${named_confdir} ${named_conf%/*}
		fi
	else
		# Make sure it points to the right place.
		ln -shf ${named_confdir} ${named_conf%/*}
	fi

	# Mount a devfs in the chroot directory if needed
	#
	if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
		umount ${named_chrootdir}/dev 2>/dev/null
		devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
		devfs -m ${named_chrootdir}/dev rule apply path null unhide
		devfs -m ${named_chrootdir}/dev rule apply path random unhide
	else
		if [ -c ${named_chrootdir}/dev/null -a \
		    -c ${named_chrootdir}/dev/random ]; then
			info "named chroot: using pre-mounted devfs."
		else
			err 1 "named chroot: devfs cannot be mounted from" \
			    "within a jail. Thus a chrooted named cannot" \
			    "be run from within a jail." \
			    "To run named without chrooting it, set" \
			    "named_chrootdir=\"\" in /etc/rc.conf."
		fi
	fi

	# Copy and/or update key files to the chroot /etc
	#
	for file in localtime protocols services; do
		if [ -r /etc/$file ]; then
			cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
			    cp -p /etc/$file "${named_chrootdir}/etc/$file"
		fi
	done
}

# Make symlinks to the correct pid file
#
make_symlinks()
{
	checkyesno named_symlink_enable &&
	    ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}

named_poststart () {
	make_symlinks

	if checkyesno named_wait; then
		until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
			echo "	Waiting for nameserver to resolve $named_wait_host"
			sleep 1
		done
	fi
}

named_reload()
{
	${command%/named}/rndc reload
}

find_pidfile()
{
	if get_pidfile_from_conf pid-file $named_conf; then
		pidfile="$_pidfile_from_conf"
	else
		pidfile="/var/run/named/pid"
	fi
}

named_stop()
{
	find_pidfile

	# This duplicates an undesirably large amount of code from the stop
	# routine in rc.subr in order to use rndc to shut down the process,
	# and to give it a second chance in case rndc fails.
	rc_pid=$(check_pidfile $pidfile $command)
	if [ -z "$rc_pid" ]; then
		[ -n "$rc_fast" ] && return 0
		_run_rc_notrunning
		return 1
	fi
	echo 'Stopping named.'
	if ${command%/named}/rndc stop 2>/dev/null; then
		wait_for_pids $rc_pid
	else
		echo -n 'rndc failed, trying kill: '
		kill -TERM $rc_pid
		wait_for_pids $rc_pid
  	fi
}

named_poststop()
{
	if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
		if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
			umount ${named_chrootdir}/dev 2>/dev/null || true
		else
			warn "named chroot:" \
			    "cannot unmount devfs from inside jail!"
		fi
	fi
}

create_file () {
	if [ -e "$1" ]; then
		unlink $1
	fi
	> $1
	chown root:wheel $1
	chmod 644 $1
}

named_prestart()
{
	find_pidfile

	if [ -n "$named_pidfile" ]; then
		warn 'named_pidfile: now determined from the conf file'
	fi

	command_args="-u ${named_uid:=root}"

	if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
		case "$named_flags" in
		-c*|*' -c'*) ;;		# No need to add it
		*) command_args="-c $named_conf $command_args" ;;
		esac
	fi

	local line nsip firstns

	# Is the user using a sandbox?
	#
	if [ -n "$named_chrootdir" ]; then
		rc_flags="$rc_flags -t $named_chrootdir"
		checkyesno named_chroot_autoupdate && chroot_autoupdate
	else
		named_symlink_enable=NO
	fi

	# Create an rndc.key file for the user if none exists
	#
	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
	    -c ${named_confdir}/rndc.key"
	if [ -s "${named_confdir}/rndc.conf" ]; then
		unset confgen_command
	fi
	if [ -s "${named_confdir}/rndc.key" ]; then
		case `stat -f%Su ${named_confdir}/rndc.key` in
		root|$named_uid) ;;
		*) $confgen_command ;;
		esac
	else
		$confgen_command
	fi

	local checkconf

	checkconf="${command%/named}/named-checkconf"
	if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
		checkconf="$checkconf -t $named_chrootdir"
	fi

	# Create a forwarder configuration based on /etc/resolv.conf
	if checkyesno named_auto_forward; then
		if [ ! -s /etc/resolv.conf ]; then
			warn "named_auto_forward enabled, but no /etc/resolv.conf"

			# Empty the file in case it is included in named.conf
			[ -s "${named_confdir}/auto_forward.conf" ] &&
			    create_file ${named_confdir}/auto_forward.conf

			$checkconf $named_conf ||
			    err 3 'named-checkconf for $named_conf failed'
			return
		fi

		create_file /var/run/naf-resolv.conf
		create_file /var/run/auto_forward.conf

		echo '	forwarders {' > /var/run/auto_forward.conf

		while read line; do
			case "$line" in
			'nameserver '*|'nameserver	'*)
				nsip=${line##nameserver[         ]}

				if [ -z "$firstns" ]; then
					if [ ! "$nsip" = '127.0.0.1' ]; then
						echo 'nameserver 127.0.0.1'
						echo "		${nsip};" >> /var/run/auto_forward.conf
					fi

					firstns=1
				else
					[ "$nsip" = '127.0.0.1' ] && continue
					echo "		${nsip};" >> /var/run/auto_forward.conf
				fi
				;;
			esac

			echo $line
		done < /etc/resolv.conf > /var/run/naf-resolv.conf

		echo '	};' >> /var/run/auto_forward.conf
		echo '' >> /var/run/auto_forward.conf
		if checkyesno named_auto_forward_only; then
			echo "	forward only;" >> /var/run/auto_forward.conf
		else
			echo "	forward first;" >> /var/run/auto_forward.conf
		fi

		if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
			unlink /var/run/naf-resolv.conf
		else
			[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
			mv /var/run/naf-resolv.conf /etc/resolv.conf
		fi

		if cmp -s ${named_confdir}/auto_forward.conf \
		    /var/run/auto_forward.conf; then
			unlink /var/run/auto_forward.conf
		else
			[ -e "${named_confdir}/auto_forward.conf" ] &&
			    unlink ${named_confdir}/auto_forward.conf
			mv /var/run/auto_forward.conf \
			    ${named_confdir}/auto_forward.conf
		fi
	else
		# Empty the file in case it is included in named.conf
		[ -s "${named_confdir}/auto_forward.conf" ] &&
		    create_file ${named_confdir}/auto_forward.conf
	fi

	$checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
}

load_rc_config $name

# Updating the following variables requires that rc.conf be loaded first
#
required_dirs="$named_chrootdir"	# if it is set, it must exist

named_confdir="${named_chrootdir}${named_conf%/*}"

run_rc_command "$1"
@


1.40
log
@SVN rev 240336 on 2012-09-11 05:04:59Z by obrien

Simply things so that "#REQUIRE: FILESYSTEMS" means the file
systems are fully "ready to go".

'FILESYSTEMS' states: "This is a dummy dependency, for services which
require file systems to be mounted before starting."  However, we have
'var' which is was run after 'FILESYSTEMS' and can mount /var if it
already isn't mounted.  Furthermore, several scripts cannot use /var
until 'cleanvar' has done its thing.  Thus "FILESYSTEMS" hasn't really
meant all critical file systems are fully usable.
@
text
@d3 1
a3 1
# $FreeBSD$
@


1.39
log
@SVN rev 238629 on 2012-07-19 22:41:00Z by dteske

Revert SVN r238628 (mistake).
@
text
@d7 1
a7 1
# REQUIRE: SERVERS cleanvar
@


1.38
log
@SVN rev 238628 on 2012-07-19 22:33:13Z by dteske

Fix syntax errors (s/:=/:-/).

Reviewed by:	emaste (mentor)
Approved by:	emaste (mentor)
MFC after:	3 days
@
text
@d176 1
a176 1
	command_args="-u ${named_uid:-root}"
@


1.37
log
@SVN rev 238416 on 2012-07-13 06:46:09Z by kevlo

Whitespace nit
@
text
@d176 1
a176 1
	command_args="-u ${named_uid:=root}"
@


1.36
log
@SVN rev 220962 on 2011-04-23 04:26:31Z by dougb

Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds
like, determines the path to a pid file as it is specified in a conf file.

Use the new feature for rc.d/named and rc.d/devd, the 2 services in the
base that list their pid files in their conf files.

Remove the now-obsolete named_pidfile, and warn users if they have it set.
@
text
@d99 1
a99 1
named_poststart () {
d159 1
a159 1
create_file () {
@


1.36.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.36.2.2
log
@SVN rev 242153 on 2012-10-26 18:06:49Z by obrien

MFC: r240336:
  Simply things so that "#REQUIRE: FILESYSTEMS" means the file
  systems are fully "ready to go".

  'FILESYSTEMS' states: "This is a dummy dependency, for services which
  require file systems to be mounted before starting."  However, we have
  'var' which is was run after 'FILESYSTEMS' and can mount /var if it
  already isn't mounted.  Furthermore, several scripts cannot use /var
  until 'cleanvar' has done its thing.  Thus "FILESYSTEMS" hasn't really
  meant all critical file systems are fully usable.
@
text
@d7 1
a7 1
# REQUIRE: SERVERS FILESYSTEMS
@


1.36.2.3
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/named 242153 2012-10-26 18:06:49Z obrien $
@


1.36.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.36.2.1.4.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.1/etc/rc.d/named 220962 2011-04-23 04:26:31Z dougb $
@


1.36.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.36.2.1.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.0/etc/rc.d/named 220962 2011-04-23 04:26:31Z dougb $
@


1.35
log
@SVN rev 207346 on 2010-04-28 22:29:17Z by dougb

In the case where named_chroot_autoupdate is NOT set, but
named_chrootdir IS set, named-checkconf fails because it
cannot find the conf file. Fix this by making checkconf a
variable that includes "-t $named_chrootdir" as needed.
Notice of the bug and suggested direction for the fix from [1].

Using required_files for named.conf is overkill ever since
I added the named-checkconf call, so rather than update the
logic to handle the case described above, remove it. This
also handles the case where named_chroot_autoupdate IS set
but the symlink doesn't exist yet.

PR:		conf/145904
Submitted by:	J R Matthews
@
text
@d115 9
d126 2
d170 6
a298 1
pidfile="${named_pidfile:-/var/run/named/pid}"
@


1.34
log
@SVN rev 201370 on 2010-01-01 22:10:07Z by dougb

s/named_confidr/named_confdir/ in the rndc.key check. The line in
the command to create it was right, but the check was wrong, so it
was getting created every time. Mea culpa.

Submitted by:	oliver
@
text
@d195 7
d211 1
a211 1
			${command%/named}/named-checkconf $named_conf ||
d273 1
a273 2
	${command%/named}/named-checkconf $named_conf ||
	    err 3 'named-checkconf for $named_conf failed'
d281 1
a281 1
required_files="${named_conf:=/etc/namedb/named.conf}"
@


1.33
log
@SVN rev 201367 on 2010-01-01 19:06:00Z by dougb

The script hard-coded the assumption that the "configuration directory"
would be "/etc/namedb" in a number of places. Since the user may make
a different choice, introduce a new internal variable, named_confdir
that is generated relative to the location of $named_conf.

While this will work for some things (especially a highly customized
build from ISC source) there are still a number of places where
/etc/namedb is assumed that it is not easily virtualized (E.g., mtree).
If you deviate from the defaults you'd better know what you're doing. :)
@
text
@d186 2
a187 2
	if [ -s "${named_confidr}/rndc.key" ]; then
		case `stat -f%Su ${named_confidr}/rndc.key` in
@


1.32
log
@SVN rev 200448 on 2009-12-12 21:51:50Z by dougb

Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
	Add "-c $named_conf" to command_args if it's not set to the
	default. If it is set to the default and we're using the base
	BIND it's not necessary. If we're using BIND from the ports
	the user is likely to have included it in _flags (due to long
	necessity for doing so) so don't duplicate that if it's set.

	Add $named_conf to required_files
@
text
@d46 1
a46 1
	# Create /etc/namedb symlink
d48 5
a52 5
	if [ ! -L /etc/namedb ]; then
		if [ -d /etc/namedb ]; then
			warn "named chroot: /etc/namedb is a directory!"
		elif [ -e /etc/namedb ]; then
			warn "named chroot: /etc/namedb exists!"
d54 1
a54 1
			ln -s ${named_chrootdir}/etc/namedb /etc/namedb
d58 1
a58 1
		ln -shf ${named_chrootdir}/etc/namedb /etc/namedb
d182 2
a183 2
	    -c ${named_chrootdir}/etc/namedb/rndc.key"
	if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
d186 2
a187 2
	if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
		case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
d201 2
a202 2
			[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
			    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
d251 1
a251 1
		if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
d255 2
a256 2
			[ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
			    unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
d258 1
a258 1
			    ${named_chrootdir}/etc/namedb/auto_forward.conf
d262 2
a263 2
		[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
		    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
d277 1
@


1.31
log
@SVN rev 192215 on 2009-05-16 20:55:28Z by dougb

1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
@
text
@a14 1
command="/usr/sbin/named"
d17 1
a17 1
start_precmd="named_precmd"
d157 1
a157 1
named_precmd()
d159 9
d181 2
d184 1
a184 1
		return 0
a185 2
	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
	    -c ${named_chrootdir}/etc/namedb/rndc.key"
d271 1
d275 1
a276 1
command_args="-u ${named_uid:=root}"
@


1.31.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.31.2.2
log
@SVN rev 201172 on 2009-12-29 07:08:48Z by dougb

MFC r200448:

Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
	Add "-c $named_conf" to command_args if it's not set to the
	default. If it is set to the default and we're using the base
	BIND it's not necessary. If we're using BIND from the ports
	the user is likely to have included it in _flags (due to long
	necessity for doing so) so don't duplicate that if it's set.

	Add $named_conf to required_files

MFC r200563:

The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.

In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.

This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
@
text
@d15 1
d18 1
a18 1
start_precmd="named_prestart"
d158 1
a158 1
named_prestart()
a159 9
	command_args="-u ${named_uid:=root}"

	if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
		case "$named_flags" in
		-c*|*' -c'*) ;;		# No need to add it
		*) command_args="-c $named_conf $command_args" ;;
		esac
	fi

d173 3
a177 3
	if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
		unset confgen_command
	fi
a262 1

a265 1
required_files="${named_conf:=/etc/namedb/named.conf}"
d267 1
@


1.31.2.3
log
@SVN rev 202331 on 2010-01-15 03:03:02Z by dougb

MFC r201367, r201370:
Virtualize the location of "the configuration directory" instead of
hard-coding it to be /etc/namedb
@
text
@d46 1
a46 1
	# Create (or update) the configuration directory symlink
d48 5
a52 5
	if [ ! -L "${named_conf%/*}" ]; then
		if [ -d "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} is a directory!"
		elif [ -e "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} exists!"
d54 1
a54 1
			ln -s ${named_confdir} ${named_conf%/*}
d58 1
a58 1
		ln -shf ${named_confdir} ${named_conf%/*}
d182 2
a183 2
	    -c ${named_confdir}/rndc.key"
	if [ -s "${named_confdir}/rndc.conf" ]; then
d186 2
a187 2
	if [ -s "${named_confdir}/rndc.key" ]; then
		case `stat -f%Su ${named_confdir}/rndc.key` in
d201 2
a202 2
			[ -s "${named_confdir}/auto_forward.conf" ] &&
			    create_file ${named_confdir}/auto_forward.conf
d251 1
a251 1
		if cmp -s ${named_confdir}/auto_forward.conf \
d255 2
a256 2
			[ -e "${named_confdir}/auto_forward.conf" ] &&
			    unlink ${named_confdir}/auto_forward.conf
d258 1
a258 1
			    ${named_confdir}/auto_forward.conf
d262 2
a263 2
		[ -s "${named_confdir}/auto_forward.conf" ] &&
		    create_file ${named_confdir}/auto_forward.conf
a276 1
named_confdir="${named_chrootdir}${named_conf%/*}"
@


1.31.2.4
log
@SVN rev 207802 on 2010-05-08 22:24:01Z by dougb

MFC 207346:

Fix named-checkconf in the situation where named_chroot_autoupdate
is NOT set, but named_chrootdir IS set.

Remove required_files for named.conf, named-checkconf is enough.
@
text
@a194 7
	local checkconf

	checkconf="${command%/named}/named-checkconf"
	if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
		checkconf="$checkconf -t $named_chrootdir"
	fi

d204 1
a204 1
			$checkconf $named_conf ||
d266 2
a267 1
	$checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
d275 1
a275 1

@


1.31.2.5
log
@SVN rev 221221 on 2011-04-29 20:31:52Z by dougb

MFC r216744 for rc.d/devd:

Add pidfile [1]

While I'm here, don't run the sysctl frob unconditionally, and
s/sysctl/$SYSCTL/

MFC r220962:

Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds
like, determines the path to a pid file as it is specified in a conf file.

Use the new feature for rc.d/named and rc.d/devd, the 2 services in the
base that list their pid files in their conf files.

Remove the now-obsolete named_pidfile, and warn users if they have it set.

MFC r220963:

Improve the error handling for the new get_pidfile_from_conf()
@
text
@a114 9
find_pidfile()
{
	if get_pidfile_from_conf pid-file $named_conf; then
		pidfile="$_pidfile_from_conf"
	else
		pidfile="/var/run/named/pid"
	fi
}

a116 2
	find_pidfile

a158 6
	find_pidfile

	if [ -n "$named_pidfile" ]; then
		warn 'named_pidfile: now determined from the conf file'
	fi

d282 1
@


1.31.2.6
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/8/etc/rc.d/named 221221 2011-04-29 20:31:52Z dougb $
@


1.31.2.5.2.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.31.2.5.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/8.3/etc/rc.d/named 221221 2011-04-29 20:31:52Z dougb $
@


1.31.2.4.4.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.31.2.4.2.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.31.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.30
log
@SVN rev 192210 on 2009-05-16 20:26:01Z by dougb

Trim trailing whitespace from the end of a line
@
text
@d19 1
a19 1
start_postcmd="make_symlinks"
d100 11
d149 9
d160 2
d186 74
@


1.29
log
@SVN rev 188293 on 2009-02-07 16:37:02Z by bz

Named normally cannot be started chrooted inside a jail. Thus treat
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.

PR:		conf/103489
Reviewed by:	dougb
MFC after:	5 days
@
text
@d82 1
a82 1
	# Copy and/or update key files to the chroot /etc 
@


1.28
log
@SVN rev 181114 on 2008-08-01 06:11:33Z by dougb

When using SRV records the protocols and services files need to be in the
chroot /etc directory.

PR:		conf/121101
Submitted by:	Stefan `Sec` Zehl <sec@@42.org>
@
text
@d64 17
a80 4
	umount ${named_chrootdir}/dev 2>/dev/null
	devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
	devfs -m ${named_chrootdir}/dev rule apply path null unhide
	devfs -m ${named_chrootdir}/dev rule apply path random unhide
d129 6
a134 1
		umount ${named_chrootdir}/dev 2>/dev/null || true
@


1.27
log
@1. Determine the location of the rndc* binaries relative to $command
so that when using named from the ports (or elsewhere) the proper rndc*
commands will be run.

2. Rework the stop routine using ideas from brooks and delphij.
Specifically I am duplicating a lot of code from rc.subr's stop routine
so that this one will behave more like the one in rc.subr, but use rndc
to kill the daemon (or regular kill if that fails). This also avoids
the problems related to using killall if rndc fails, which is bad if
you're running more than one named on the same box.

3. Take a concept from gshapiro and allow the rndc.key file to be
owned by root OR the named_uid user.

Although I used different solutions, this commit handles issues raised in:
PR:	conf/73929
PR:	conf/103976
PR:	conf/109409
@
text
@d35 2
d69 1
a69 1
	# Copy local timezone information if it is not up to date.
d71 6
a76 4
	if [ -r /etc/localtime ]; then
		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" ||
		    cp -p /etc/localtime "${named_chrootdir}/etc/localtime"
	fi
@


1.26
log
@After some discussion we believe that having SERVERS to REQUIRE:
ldconfig would provide necessary protection for named as well,
so remove the dependency here.

Approved by:	flz
@
text
@d85 1
a85 1
	rndc reload
d90 12
a101 3
	echo -n "Stopping named"
	if rndc stop 2>/dev/null; then
		echo .
d103 4
a106 5
		echo -n ": rndc failed, trying killall: "
		if killall named; then
			echo .
		fi
	fi
d132 1
a132 1
	confgen_command="rndc-confgen -a -b256 -u $named_uid \
d135 4
a138 4
		if [ ! `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` = \
		    "$named_uid" ]; then
			$confgen_command
		fi
@


1.26.2.1
log
@MFC version 1.27:
1. Determine the location of the rndc* binaries relative to $command
2. Make the stop routine work more like rc.subr's, but try rndc first
3. Allow the rndc.key file to be owned by root OR the named_uid user

Approved by:	re (kensmith)
@
text
@d85 1
a85 1
	${command%/named}/rndc reload
d90 8
a97 8
	# This duplicates an undesirably large amount of code from the stop
	# routine in rc.subr in order to use rndc to shut down the process,
	# and to give it a second chance in case rndc fails.
	rc_pid=$(check_pidfile $pidfile $command)
	if [ -z "$rc_pid" ]; then
		[ -n "$rc_fast" ] && return 0
		_run_rc_notrunning
		return 1
a98 8
	echo 'Stopping named.'
	if ${command%/named}/rndc stop 2>/dev/null; then
		wait_for_pids $rc_pid
	else
		echo -n 'rndc failed, trying kill: '
		kill -TERM $rc_pid
		wait_for_pids $rc_pid
  	fi
d124 1
a124 1
	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
d127 4
a130 4
		case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
		root|$named_uid) ;;
		*) $confgen_command ;;
		esac
@


1.26.2.2
log
@SVN rev 190363 on 2009-03-24 02:54:15Z by dougb

MFC r181114, make sure services and protocols are in the chroot /etc
MFC r188293, improve handling of chroot inside of a jail
@
text
@a34 2
	local file

d62 10
a71 16
	if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
		umount ${named_chrootdir}/dev 2>/dev/null
		devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
		devfs -m ${named_chrootdir}/dev rule apply path null unhide
		devfs -m ${named_chrootdir}/dev rule apply path random unhide
	else
		if [ -c ${named_chrootdir}/dev/null -a \
		    -c ${named_chrootdir}/dev/random ]; then
			info "named chroot: using pre-mounted devfs."
		else
			err 1 "named chroot: devfs cannot be mounted from" \
			    "within a jail. Thus a chrooted named cannot" \
			    "be run from within a jail." \
			    "To run named without chrooting it, set" \
			    "named_chrootdir=\"\" in /etc/rc.conf."
		fi
a72 9

	# Copy and/or update key files to the chroot /etc 
	#
	for file in localtime protocols services; do
		if [ -r /etc/$file ]; then
			cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
			    cp -p /etc/$file "${named_chrootdir}/etc/$file"
		fi
	done
d112 1
a112 6
		if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
			umount ${named_chrootdir}/dev 2>/dev/null || true
		else
			warn "named chroot:" \
			    "cannot unmount devfs from inside jail!"
		fi
@


1.26.2.3
log
@SVN rev 196053 on 2009-08-03 20:09:54Z by dougb

MFC r192210, a whitespace only change in rc.d/named, and

MFC r192215:
named_wait feature, auto-forward feature, add named-checkconf to startup
@
text
@d19 1
a19 1
start_postcmd="named_poststart"
d82 1
a82 1
	# Copy and/or update key files to the chroot /etc
a99 11
named_poststart () {
	make_symlinks

	if checkyesno named_wait; then
		until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
			echo "	Waiting for nameserver to resolve $named_wait_host"
			sleep 1
		done
	fi
}

a137 9
create_file () {
	if [ -e "$1" ]; then
		unlink $1
	fi
	> $1
	chown root:wheel $1
	chmod 644 $1
}

a139 2
	local line nsip firstns

a163 74

	# Create a forwarder configuration based on /etc/resolv.conf
	if checkyesno named_auto_forward; then
		if [ ! -s /etc/resolv.conf ]; then
			warn "named_auto_forward enabled, but no /etc/resolv.conf"

			# Empty the file in case it is included in named.conf
			[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
			    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf

			${command%/named}/named-checkconf $named_conf ||
			    err 3 'named-checkconf for $named_conf failed'
			return
		fi

		create_file /var/run/naf-resolv.conf
		create_file /var/run/auto_forward.conf

		echo '	forwarders {' > /var/run/auto_forward.conf

		while read line; do
			case "$line" in
			'nameserver '*|'nameserver	'*)
				nsip=${line##nameserver[         ]}

				if [ -z "$firstns" ]; then
					if [ ! "$nsip" = '127.0.0.1' ]; then
						echo 'nameserver 127.0.0.1'
						echo "		${nsip};" >> /var/run/auto_forward.conf
					fi

					firstns=1
				else
					[ "$nsip" = '127.0.0.1' ] && continue
					echo "		${nsip};" >> /var/run/auto_forward.conf
				fi
				;;
			esac

			echo $line
		done < /etc/resolv.conf > /var/run/naf-resolv.conf

		echo '	};' >> /var/run/auto_forward.conf
		echo '' >> /var/run/auto_forward.conf
		if checkyesno named_auto_forward_only; then
			echo "	forward only;" >> /var/run/auto_forward.conf
		else
			echo "	forward first;" >> /var/run/auto_forward.conf
		fi

		if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
			unlink /var/run/naf-resolv.conf
		else
			[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
			mv /var/run/naf-resolv.conf /etc/resolv.conf
		fi

		if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
		    /var/run/auto_forward.conf; then
			unlink /var/run/auto_forward.conf
		else
			[ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
			    unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
			mv /var/run/auto_forward.conf \
			    ${named_chrootdir}/etc/namedb/auto_forward.conf
		fi
	else
		# Empty the file in case it is included in named.conf
		[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
		    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
	fi

	${command%/named}/named-checkconf $named_conf ||
	    err 3 'named-checkconf for $named_conf failed'
@


1.26.2.4
log
@SVN rev 201173 on 2009-12-29 07:13:17Z by dougb

MFC r200448:

Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
	Add "-c $named_conf" to command_args if it's not set to the
	default. If it is set to the default and we're using the base
	BIND it's not necessary. If we're using BIND from the ports
	the user is likely to have included it in _flags (due to long
	necessity for doing so) so don't duplicate that if it's set.

	Add $named_conf to required_files

MFC r200563:

The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.

In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.

This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
@
text
@d15 1
d18 1
a18 1
start_precmd="named_prestart"
d158 1
a158 1
named_prestart()
a159 9
	command_args="-u ${named_uid:=root}"

	if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
		case "$named_flags" in
		-c*|*' -c'*) ;;		# No need to add it
		*) command_args="-c $named_conf $command_args" ;;
		esac
	fi

d173 3
a177 3
	if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
		unset confgen_command
	fi
a262 1

a265 1
required_files="${named_conf:=/etc/namedb/named.conf}"
d267 1
@


1.26.2.5
log
@SVN rev 202333 on 2010-01-15 03:05:46Z by dougb

MFC r201367, r201370:
Virtualize the location of "the configuration directory" instead of
hard-coding it to be /etc/namedb
@
text
@d46 1
a46 1
	# Create (or update) the configuration directory symlink
d48 5
a52 5
	if [ ! -L "${named_conf%/*}" ]; then
		if [ -d "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} is a directory!"
		elif [ -e "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} exists!"
d54 1
a54 1
			ln -s ${named_confdir} ${named_conf%/*}
d58 1
a58 1
		ln -shf ${named_confdir} ${named_conf%/*}
d182 2
a183 2
	    -c ${named_confdir}/rndc.key"
	if [ -s "${named_confdir}/rndc.conf" ]; then
d186 2
a187 2
	if [ -s "${named_confdir}/rndc.key" ]; then
		case `stat -f%Su ${named_confdir}/rndc.key` in
d201 2
a202 2
			[ -s "${named_confdir}/auto_forward.conf" ] &&
			    create_file ${named_confdir}/auto_forward.conf
d251 1
a251 1
		if cmp -s ${named_confdir}/auto_forward.conf \
d255 2
a256 2
			[ -e "${named_confdir}/auto_forward.conf" ] &&
			    unlink ${named_confdir}/auto_forward.conf
d258 1
a258 1
			    ${named_confdir}/auto_forward.conf
d262 2
a263 2
		[ -s "${named_confdir}/auto_forward.conf" ] &&
		    create_file ${named_confdir}/auto_forward.conf
a276 1
named_confdir="${named_chrootdir}${named_conf%/*}"
@


1.26.2.6
log
@SVN rev 207803 on 2010-05-08 22:24:31Z by dougb

MFC 207346:

Fix named-checkconf in the situation where named_chroot_autoupdate
is NOT set, but named_chrootdir IS set.

Remove required_files for named.conf, named-checkconf is enough.
@
text
@a194 7
	local checkconf

	checkconf="${command%/named}/named-checkconf"
	if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
		checkconf="$checkconf -t $named_chrootdir"
	fi

d204 1
a204 1
			$checkconf $named_conf ||
d266 2
a267 1
	$checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
d275 1
a275 1

@


1.26.2.7
log
@SVN rev 221222 on 2011-04-29 20:44:39Z by dougb

MFC r216744 for rc.d/devd:

Add pidfile [1]

While I'm here, don't run the sysctl frob unconditionally, and
s/sysctl/$SYSCTL/

MFC r220962:

Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds
like, determines the path to a pid file as it is specified in a conf file.

Use the new feature for rc.d/named and rc.d/devd, the 2 services in the
base that list their pid files in their conf files.

Remove the now-obsolete named_pidfile, and warn users if they have it set.

MFC r220963:

Improve the error handling for the new get_pidfile_from_conf()
@
text
@a114 9
find_pidfile()
{
	if get_pidfile_from_conf pid-file $named_conf; then
		pidfile="$_pidfile_from_conf"
	else
		pidfile="/var/run/named/pid"
	fi
}

a116 2
	find_pidfile

a158 6
	find_pidfile

	if [ -n "$named_pidfile" ]; then
		warn 'named_pidfile: now determined from the conf file'
	fi

d282 1
@


1.26.2.8
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/7/etc/rc.d/named 221222 2011-04-29 20:44:39Z dougb $
@


1.26.2.6.2.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.26.2.6.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/7.4/etc/rc.d/named 207803 2010-05-08 22:24:31Z dougb $
@


1.26.2.5.2.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.26.2.2.2.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.26.2.1.4.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.25
log
@Add ldconfig to the list of requirements for named, needed to use bind
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.

PR:		conf/68916
Submitted by:	JD Bronson <jd@@aurora.org>
Approved by:	cperciva (mentor)
MFC after:	1 week
@
text
@d7 1
a7 1
# REQUIRE: SERVERS cleanvar ldconfig
@


1.24
log
@Overhaul the named boot script:

1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.

As a result of introducing the named_uid knob, the default named_flags
are now empty.

Update defaults/rc.conf and rc.conf(5) to reflect these changes.
@
text
@d7 1
a7 1
# REQUIRE: SERVERS cleanvar
@


1.23
log
@Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.
@
text
@a2 1
# $NetBSD: named,v 1.10 2002/03/22 04:33:59 thorpej Exp $
a7 1
# BEFORE:  DAEMON
d13 5
a17 2
rcvar=`set_rcvar`
command="/usr/sbin/${name}"
d20 2
a22 2
required_dirs="$named_chrootdir"	# if it is set, it must exist
extra_commands="reload"
d37 1
a37 1
	if [ -f /etc/mtree/BIND.chroot.dist ]; then
a57 1

d69 3
a71 3
	if [ -f /etc/localtime ]; then
		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
		cp -p /etc/localtime "${named_chrootdir}/etc/localtime"
d80 19
a98 1
	ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
d103 1
a103 1
	if [ -n "${named_chrootdir}"  -a -c ${named_chrootdir}/dev/null ]; then
a109 2
	local confgen_chroot

a113 1
		confgen_chroot="-t${named_chrootdir} -u bind"
d121 12
a132 3
	if [ ! -f "${named_chrootdir}/etc/namedb/rndc.key" -a \
	    ! -f "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
		rndc-confgen -a -b256 ${confgen_chroot}
d137 1
a137 1
# The following variable requires that rc.conf be loaded first
d140 2
a141 1
pidfile="${named_pidfile:-/var/run/${name}/pid}"
@


1.22
log
@We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
@
text
@d16 1
@


1.22.2.1
log
@Diff reduction to HEAD:

MFC yar's cleanup of command=*/foo -> command=*/${name},
and related changes.
@
text
@a15 1
command="/usr/sbin/${name}"
@


1.22.2.2
log
@MFC significant overhaul of rc.d/named script, including
addition of named_uid default rc.conf variable.

etc/defaults/rc.conf		1.275
etc/rc.d/named			1.24
share/man/man5/rc.conf.5	1.286

Approved by:	re (scottl)
@
text
@d3 1
d9 1
d15 2
a16 5
rcvar=named_enable

command="/usr/sbin/named"
extra_commands="reload"

a18 2
reload_cmd="named_reload"
stop_cmd="named_stop"
d20 2
d36 1
a36 1
	if [ -r /etc/mtree/BIND.chroot.dist ]; then
d57 1
d69 3
a71 3
	if [ -r /etc/localtime ]; then
		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" ||
		    cp -p /etc/localtime "${named_chrootdir}/etc/localtime"
d80 1
a80 19
	    ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}

named_reload()
{
	rndc reload
}

named_stop()
{
	echo -n "Stopping named"
	if rndc stop 2>/dev/null; then
		echo .
	else
		echo -n ": rndc failed, trying killall: "
		if killall named; then
			echo .
		fi
	fi
d85 1
a85 1
	if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
d92 2
d98 1
d106 3
a108 12
	if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
		return 0
	fi
	confgen_command="rndc-confgen -a -b256 -u $named_uid \
	    -c ${named_chrootdir}/etc/namedb/rndc.key"
	if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
		if [ ! `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` = \
		    "$named_uid" ]; then
			$confgen_command
		fi
	else
		$confgen_command
d113 1
a113 1
# Updating the following variables requires that rc.conf be loaded first
d116 1
a116 2
pidfile="${named_pidfile:-/var/run/named/pid}"
command_args="-u ${named_uid:=root}"
@


1.22.2.3
log
@MFC version 1.27:
1. Determine the location of the rndc* binaries relative to $command
2. Make the stop routine work more like rc.subr's, but try rndc first
3. Allow the rndc.key file to be owned by root OR the named_uid user
@
text
@d85 1
a85 1
	${command%/named}/rndc reload
d90 8
a97 8
	# This duplicates an undesirably large amount of code from the stop
	# routine in rc.subr in order to use rndc to shut down the process,
	# and to give it a second chance in case rndc fails.
	rc_pid=$(check_pidfile $pidfile $command)
	if [ -z "$rc_pid" ]; then
		[ -n "$rc_fast" ] && return 0
		_run_rc_notrunning
		return 1
a98 8
	echo 'Stopping named.'
	if ${command%/named}/rndc stop 2>/dev/null; then
		wait_for_pids $rc_pid
	else
		echo -n 'rndc failed, trying kill: '
		kill -TERM $rc_pid
		wait_for_pids $rc_pid
  	fi
d124 1
a124 1
	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
d127 4
a130 4
		case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
		root|$named_uid) ;;
		*) $confgen_command ;;
		esac
@


1.22.2.4
log
@SVN rev 190365 on 2009-03-24 03:05:41Z by dougb

MFC r181114, make sure services and protocols are in the chroot /etc
MFC r188293, improve handling of chroot inside of a jail
@
text
@a34 2
	local file

d62 10
a71 16
	if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
		umount ${named_chrootdir}/dev 2>/dev/null
		devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
		devfs -m ${named_chrootdir}/dev rule apply path null unhide
		devfs -m ${named_chrootdir}/dev rule apply path random unhide
	else
		if [ -c ${named_chrootdir}/dev/null -a \
		    -c ${named_chrootdir}/dev/random ]; then
			info "named chroot: using pre-mounted devfs."
		else
			err 1 "named chroot: devfs cannot be mounted from" \
			    "within a jail. Thus a chrooted named cannot" \
			    "be run from within a jail." \
			    "To run named without chrooting it, set" \
			    "named_chrootdir=\"\" in /etc/rc.conf."
		fi
a72 9

	# Copy and/or update key files to the chroot /etc 
	#
	for file in localtime protocols services; do
		if [ -r /etc/$file ]; then
			cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
			    cp -p /etc/$file "${named_chrootdir}/etc/$file"
		fi
	done
d112 1
a112 6
		if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
			umount ${named_chrootdir}/dev 2>/dev/null || true
		else
			warn "named chroot:" \
			    "cannot unmount devfs from inside jail!"
		fi
@


1.22.2.5
log
@SVN rev 196054 on 2009-08-03 20:14:00Z by dougb

MFC r192210, a whitespace only change in rc.d/named, and

MFC r192215:
named_wait feature, auto-forward feature, add named-checkconf to startup
@
text
@d19 1
a19 1
start_postcmd="named_poststart"
d82 1
a82 1
	# Copy and/or update key files to the chroot /etc
a99 11
named_poststart () {
	make_symlinks

	if checkyesno named_wait; then
		until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
			echo "	Waiting for nameserver to resolve $named_wait_host"
			sleep 1
		done
	fi
}

a137 9
create_file () {
	if [ -e "$1" ]; then
		unlink $1
	fi
	> $1
	chown root:wheel $1
	chmod 644 $1
}

a139 2
	local line nsip firstns

a163 74

	# Create a forwarder configuration based on /etc/resolv.conf
	if checkyesno named_auto_forward; then
		if [ ! -s /etc/resolv.conf ]; then
			warn "named_auto_forward enabled, but no /etc/resolv.conf"

			# Empty the file in case it is included in named.conf
			[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
			    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf

			${command%/named}/named-checkconf $named_conf ||
			    err 3 'named-checkconf for $named_conf failed'
			return
		fi

		create_file /var/run/naf-resolv.conf
		create_file /var/run/auto_forward.conf

		echo '	forwarders {' > /var/run/auto_forward.conf

		while read line; do
			case "$line" in
			'nameserver '*|'nameserver	'*)
				nsip=${line##nameserver[         ]}

				if [ -z "$firstns" ]; then
					if [ ! "$nsip" = '127.0.0.1' ]; then
						echo 'nameserver 127.0.0.1'
						echo "		${nsip};" >> /var/run/auto_forward.conf
					fi

					firstns=1
				else
					[ "$nsip" = '127.0.0.1' ] && continue
					echo "		${nsip};" >> /var/run/auto_forward.conf
				fi
				;;
			esac

			echo $line
		done < /etc/resolv.conf > /var/run/naf-resolv.conf

		echo '	};' >> /var/run/auto_forward.conf
		echo '' >> /var/run/auto_forward.conf
		if checkyesno named_auto_forward_only; then
			echo "	forward only;" >> /var/run/auto_forward.conf
		else
			echo "	forward first;" >> /var/run/auto_forward.conf
		fi

		if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
			unlink /var/run/naf-resolv.conf
		else
			[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
			mv /var/run/naf-resolv.conf /etc/resolv.conf
		fi

		if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
		    /var/run/auto_forward.conf; then
			unlink /var/run/auto_forward.conf
		else
			[ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
			    unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
			mv /var/run/auto_forward.conf \
			    ${named_chrootdir}/etc/namedb/auto_forward.conf
		fi
	else
		# Empty the file in case it is included in named.conf
		[ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
		    create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
	fi

	${command%/named}/named-checkconf $named_conf ||
	    err 3 'named-checkconf for $named_conf failed'
@


1.22.2.6
log
@SVN rev 201174 on 2009-12-29 07:19:52Z by dougb

MFC r200448:

[Deletion of command= not merged, prerequisite was intentionally
not merged]

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
	Add "-c $named_conf" to command_args if it's not set to the
	default. If it is set to the default and we're using the base
	BIND it's not necessary. If we're using BIND from the ports
	the user is likely to have included it in _flags (due to long
	necessity for doing so) so don't duplicate that if it's set.

	Add $named_conf to required_files

MFC r200563:

The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf.
So, create /etc/namedb/working with appropriate permissions, and
update the entry in named.conf to match.

In addition to specifying the working directory, file and path names
in named.conf can be specified relative to the directory listed.
However, since that directory is now different from /etc/namedb
(where the configuration, zone, rndc.*, and other files are located)
further update named.conf to specify all file names with fully
qualified paths. Also update the comment about file and path names
so users know this should be done for all file/path names in the file.

This change will eliminate the 'working directory is not writable'
messages at boot time without sacrificing security. It will also
allow for features in newer versions of BIND (9.7+) to work as
designed.
@
text
@d18 1
a18 1
start_precmd="named_prestart"
d158 1
a158 1
named_prestart()
a159 9
	command_args="-u ${named_uid:=root}"

	if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
		case "$named_flags" in
		-c*|*' -c'*) ;;		# No need to add it
		*) command_args="-c $named_conf $command_args" ;;
		esac
	fi

d173 3
a177 3
	if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
		unset confgen_command
	fi
a262 1

a265 1
required_files="${named_conf:=/etc/namedb/named.conf}"
d267 1
@


1.22.2.7
log
@SVN rev 202335 on 2010-01-15 03:07:42Z by dougb

MFC r201367, r201370:
Virtualize the location of "the configuration directory" instead of
hard-coding it to be /etc/namedb
@
text
@d47 1
a47 1
	# Create (or update) the configuration directory symlink
d49 5
a53 5
	if [ ! -L "${named_conf%/*}" ]; then
		if [ -d "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} is a directory!"
		elif [ -e "${named_conf%/*}" ]; then
			warn "named chroot: ${named_conf%/*} exists!"
d55 1
a55 1
			ln -s ${named_confdir} ${named_conf%/*}
d59 1
a59 1
		ln -shf ${named_confdir} ${named_conf%/*}
d183 2
a184 2
	    -c ${named_confdir}/rndc.key"
	if [ -s "${named_confdir}/rndc.conf" ]; then
d187 2
a188 2
	if [ -s "${named_confdir}/rndc.key" ]; then
		case `stat -f%Su ${named_confdir}/rndc.key` in
d202 2
a203 2
			[ -s "${named_confdir}/auto_forward.conf" ] &&
			    create_file ${named_confdir}/auto_forward.conf
d252 1
a252 1
		if cmp -s ${named_confdir}/auto_forward.conf \
d256 2
a257 2
			[ -e "${named_confdir}/auto_forward.conf" ] &&
			    unlink ${named_confdir}/auto_forward.conf
d259 1
a259 1
			    ${named_confdir}/auto_forward.conf
d263 2
a264 2
		[ -s "${named_confdir}/auto_forward.conf" ] &&
		    create_file ${named_confdir}/auto_forward.conf
a277 1
named_confdir="${named_chrootdir}${named_conf%/*}"
@


1.22.2.8
log
@SVN rev 207804 on 2010-05-08 22:25:37Z by dougb

MFC 207346:

Fix named-checkconf in the situation where named_chroot_autoupdate
is NOT set, but named_chrootdir IS set.

Remove required_files for named.conf, named-checkconf is enough.
@
text
@a195 7
	local checkconf

	checkconf="${command%/named}/named-checkconf"
	if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
		checkconf="$checkconf -t $named_chrootdir"
	fi

d205 1
a205 1
			$checkconf $named_conf ||
d267 2
a268 1
	$checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
d276 1
a276 1

@


1.22.2.9
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/6/etc/rc.d/named 207804 2010-05-08 22:25:37Z dougb $
@


1.22.2.3.4.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.21
log
@Add -h to the ln command to make the -f flag actually do something.
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.

The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.
@
text
@d61 2
a62 6
	if [ ! -c ${named_chrootdir}/dev/random -o \
	    ! -c ${named_chrootdir}/dev/null ]; then
		umount ${named_chrootdir}/dev 2>/dev/null
		mount_devfs devfs ${named_chrootdir}/dev
	fi
	devfs -m ${named_chrootdir}/dev rule apply hide
@


1.20
log
@"REQUIRE: cleanvar" for all RC's writing into /var/run.
@
text
@d55 1
a55 1
		ln -sf ${named_chrootdir}/etc/namedb /etc/namedb
@


1.19
log
@Use "KEYWORD: shutdown" so shutdown commands will actually be executed.

Approved by:	 dougb@@
@
text
@d8 1
a8 1
# REQUIRE: SERVERS
@


1.18
log
@When stopping a chrooted named, unmount the devfs filesystem from
the chroot area. This stops "umount -a" failing when dropping to
single user.

Reviewed by:	dougb@@
@
text
@d10 1
@


1.17
log
@If /etc/named is a symlink, try to make sure it points the right place.
@
text
@d17 1
d85 7
@


1.16
log
@Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
@
text
@d51 4
@


1.15
log
@Hide all the devices in the chroot dev except for random and null.
@
text
@a9 1
# KEYWORD: FreeBSD
@


1.14
log
@Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.
@
text
@d61 3
@


1.13
log
@It's not necessary to create an rndc.key file if the user already
has an rndc.conf file.

Submitted by:	Sergey Mokryshev <mokr@@mokr.net>
@
text
@d32 1
a32 2
	# Copy devices if necessary. Preserve everything (perms,
	# ownership, mod times).
d34 18
a51 3
	if [ ! -c "${named_chrootdir}/dev/null" ]; then
	rm -f "${named_chrootdir}/dev/null"
		( cd /dev ; /bin/pax -rw -pe null "${named_chrootdir}/dev" )
d53 7
a59 3
	if [ ! -c "${named_chrootdir}/dev/random" ]; then
	rm -f "${named_chrootdir}/dev/random"
		( cd /dev ; /bin/pax -rw -pe random "${named_chrootdir}/dev" )
d62 1
a62 1
	# Copy local timezone information if it's not up-to-date.
d83 1
d86 1
a86 1
		confgen_chroot="-t${named_chrootdir}"
d93 1
@


1.12
log
@Fix two glitches that appear in the non-chroot case. First, if not
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.

Pointed out by:	Sean McNeil <sean@@mcneil.com>
@
text
@d74 2
a75 1
	if [ ! -f "${named_chrootdir}/etc/namedb/rndc.key" ]; then
@


1.11
log
@Fix a comment typo: s/neccessary/necessary/
@
text
@d69 2
d75 1
a75 1
		rndc-confgen -a -b256 "${confgen_chroot}"
@


1.10
log
@Update to reflect BIND 9 in the base:

1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.

2. named-xfer is not part of the BIND 9 world.

3. BIND 9 needs a /dev/random in the chroot directory if chrooted.

4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.

5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.
@
text
@d32 1
a32 1
	# Copy devices if neccessary. Preserve everything (perms,
@


1.9
log
@1. Remove the named_rcng variable. Mike's caution in this area was a good
thing, but we're ready to move on.

2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.

3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].

4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.

5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.

There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.

Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
@
text
@d17 1
d32 1
a32 12
	# If the named-xfer in the system is newer than the one in the
	# chroot directory or if it (in the chrootdir) doesn't exist
	# copy it over
	#
	if [ ! -x "${named_chrootdir}/usr/libexec/named-xfer" -o \
	    "${named_chrootdir}/usr/libexec/named-xfer" -ot \
	    /usr/libexec/named-xfer ]; then
		rm -f "${named_chrootdir}/usr/libexec/named-xfer"
		cp -p /usr/libexec/named-xfer "${named_chrootdir}/usr/libexec"
	fi

	# Copy /dev/null over, if neccessary. Preserve everything (perms,
d39 4
d52 1
a52 1
# Make symlinks to the correct pid and ndc socket files
d56 2
a57 2
	ln -fs "${named_chrootdir}${named_pidfile}" ${named_pidfile}
	ln -fs "${named_chrootdir}/var/run/ndc" /var/run/ndc
d62 2
d67 1
d69 5
a73 1
		checkyesno named_symlink_enable && make_symlinks
@


1.9.2.1
log
@MFC: BIND 9 and related bits.

Approved by:	re
@
text
@a16 1
start_postcmd="make_symlinks"
d31 12
a42 1
	# Copy devices if necessary. Preserve everything (perms,
a48 4
	if [ ! -c "${named_chrootdir}/dev/random" ]; then
	rm -f "${named_chrootdir}/dev/random"
		( cd /dev ; /bin/pax -rw -pe random "${named_chrootdir}/dev" )
	fi
d58 1
a58 1
# Make symlinks to the correct pid file
d62 2
a63 2
	checkyesno named_symlink_enable &&
	ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
a67 2
	local confgen_chroot

a70 1
		confgen_chroot="-t${named_chrootdir}"
d72 1
a72 9
	else
		named_symlink_enable=NO
	fi

	# Create an rndc.key file for the user if none exists
	if [ ! -f "${named_chrootdir}/etc/namedb/rndc.key" ]; then
		rndc-confgen -a -b256 ${confgen_chroot}
		chown root:bind "${named_chrootdir}/etc/namedb/rndc.key"
		chmod 0640 "${named_chrootdir}/etc/namedb/rndc.key"
@


1.9.2.2
log
@MFC: (1.13) don't create rndc.key if rndc.conf exists.

Approved by:	re (implicitly)
@
text
@d74 1
a74 2
	if [ ! -f "${named_chrootdir}/etc/namedb/rndc.key" -a \
	    ! -f "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
@


1.9.2.3
log
@MFC the BIND 9 import and chroot-by-default work up to date.

This includes:
1. More granular NO_BIND_* make knobs.
2. WITH_BIND_LIBS make knob.
3. Run in an automatically configured chroot dir by default.
4. Edit paths in man pages, and install man pages for liblwres.
5. Improve named.conf and make it work with the new structure.
6. Install the bind9 docs.
7. A few Makefile style fixes.

Approved by:	re (scottl)
@
text
@d32 2
a33 1
	# Create (or update) the chroot directory structure
d35 3
a37 18
	if [ -f /etc/mtree/BIND.chroot.dist ]; then
		mtree -deU -f /etc/mtree/BIND.chroot.dist \
		    -p ${named_chrootdir}
	else
		warn "/etc/mtree/BIND.chroot.dist missing,"
		warn "chroot directory structure not updated"
	fi

	# Create /etc/namedb symlink
	#
	if [ ! -L /etc/namedb ]; then
		if [ -d /etc/namedb ]; then
			warn "named chroot: /etc/namedb is a directory!"
		elif [ -e /etc/namedb ]; then
			warn "named chroot: /etc/namedb exists!"
		else
			ln -s ${named_chrootdir}/etc/namedb /etc/namedb
		fi
d39 3
a41 7

	# Mount a devfs in the chroot directory if needed
	#
	if [ ! -c ${named_chrootdir}/dev/random -o \
	    ! -c ${named_chrootdir}/dev/null ]; then
		umount ${named_chrootdir}/dev 2>/dev/null
		mount_devfs devfs ${named_chrootdir}/dev
a42 3
	devfs -m ${named_chrootdir}/dev rule apply hide
	devfs -m ${named_chrootdir}/dev rule apply path null unhide
	devfs -m ${named_chrootdir}/dev rule apply path random unhide
d44 1
a44 1
	# Copy local timezone information if it is not up to date.
a64 1
	#
d67 1
a67 1
		confgen_chroot="-t${named_chrootdir} -u bind"
a73 1
	#
d77 2
@


1.9.2.4
log
@RCS file: /home/ncvs/src/etc/rc,v
----------------------------
revision 1.335
date: 2004/10/08 14:23:49;  author: mtm;  state: Exp;  lines: +0 -1
Remove an unused variable.

Submitted by: Pawel Worach <pawel.worach@@telia.com>
----------------------------
revision 1.334
date: 2004/10/07 13:55:25;  author: mtm;  state: Exp;  lines: +1 -1
Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/nsswitch,v
----------------------------
revision 1.4
date: 2004/09/16 17:03:12;  author: keramida;  state: Exp;  lines: +1 -1
Fix requirement of `network' to `NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/pflog,v
----------------------------
revision 1.3
date: 2004/09/16 17:04:20;  author: keramida;  state: Exp;  lines: +1 -1
We don't have any providers of `beforenetlkm' in FreeBSD.  Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
=============================================================================

Approved by: re/scottl
@
text
@d10 1
@


1.9.2.4.4.1
log
@MFC 1.17 - 1.21

1. Make sure that the /etc/namedb symlink is pointing to the right place.
2. Unmount the devfs when stop'ing (including on shutdown).
3. Require cleanvar.

Approved by:	re (kensmith)
@
text
@d8 1
a8 1
# REQUIRE: SERVERS cleanvar
a9 1
# KEYWORD: shutdown
a16 1
stop_postcmd="named_poststop"
a50 4
	else
		# Make sure it points to the right place.
		ln -shf ${named_chrootdir}/etc/namedb /etc/namedb

a79 7
named_poststop()
{
	if [ -n "${named_chrootdir}"  -a -c ${named_chrootdir}/dev/null ]; then
		umount ${named_chrootdir}/dev 2>/dev/null || true
	fi
}

@


1.9.2.5
log
@MFC 1.17 - 1.21:

1. Make sure that the /etc/namedb symlink is pointing to the right place.
2. Unmount the devfs when stop'ing (including on shutdown).
3. Require cleanvar.
@
text
@d8 1
a8 1
# REQUIRE: SERVERS cleanvar
a9 1
# KEYWORD: shutdown
a16 1
stop_postcmd="named_poststop"
a50 4
	else
		# Make sure it points to the right place.
		ln -shf ${named_chrootdir}/etc/namedb /etc/namedb

a79 7
named_poststop()
{
	if [ -n "${named_chrootdir}"  -a -c ${named_chrootdir}/dev/null ]; then
		umount ${named_chrootdir}/dev 2>/dev/null || true
	fi
}

@


1.9.2.6
log
@MFC:	named	1.22

We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named's chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.
@
text
@d61 6
a66 2
	umount ${named_chrootdir}/dev 2>/dev/null
	devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
@


1.9.2.7
log
@MFC significant overhaul of rc.d/named script, including
addition of named_uid default rc.conf variable.

etc/defaults/rc.conf		1.275
etc/rc.d/named			1.24
share/man/man5/rc.conf.5	1.286

Approved by:	re (scottl)
@
text
@d3 1
d9 1
d15 1
a15 5
rcvar=named_enable

command="/usr/sbin/named"
extra_commands="reload"

a17 2
reload_cmd="named_reload"
stop_cmd="named_stop"
d19 2
d35 1
a35 1
	if [ -r /etc/mtree/BIND.chroot.dist ]; then
d56 1
d68 3
a70 3
	if [ -r /etc/localtime ]; then
		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" ||
		    cp -p /etc/localtime "${named_chrootdir}/etc/localtime"
d79 1
a79 19
	    ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}

named_reload()
{
	rndc reload
}

named_stop()
{
	echo -n "Stopping named"
	if rndc stop 2>/dev/null; then
		echo .
	else
		echo -n ": rndc failed, trying killall: "
		if killall named; then
			echo .
		fi
	fi
d84 1
a84 1
	if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
d91 2
d97 1
d105 3
a107 12
	if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
		return 0
	fi
	confgen_command="rndc-confgen -a -b256 -u $named_uid \
	    -c ${named_chrootdir}/etc/namedb/rndc.key"
	if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
		if [ ! `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` = \
		    "$named_uid" ]; then
			$confgen_command
		fi
	else
		$confgen_command
d112 1
a112 1
# Updating the following variables requires that rc.conf be loaded first
d115 1
a115 2
pidfile="${named_pidfile:-/var/run/named/pid}"
command_args="-u ${named_uid:=root}"
@


1.9.2.8
log
@MFC version 1.27:
1. Determine the location of the rndc* binaries relative to $command
2. Make the stop routine work more like rc.subr's, but try rndc first
3. Allow the rndc.key file to be owned by root OR the named_uid user
@
text
@d85 1
a85 1
	${command%/named}/rndc reload
d90 8
a97 8
	# This duplicates an undesirably large amount of code from the stop
	# routine in rc.subr in order to use rndc to shut down the process,
	# and to give it a second chance in case rndc fails.
	rc_pid=$(check_pidfile $pidfile $command)
	if [ -z "$rc_pid" ]; then
		[ -n "$rc_fast" ] && return 0
		_run_rc_notrunning
		return 1
a98 8
	echo 'Stopping named.'
	if ${command%/named}/rndc stop 2>/dev/null; then
		wait_for_pids $rc_pid
	else
		echo -n 'rndc failed, trying kill: '
		kill -TERM $rc_pid
		wait_for_pids $rc_pid
  	fi
d124 1
a124 1
	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
d127 4
a130 4
		case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
		root|$named_uid) ;;
		*) $confgen_command ;;
		esac
@


1.8
log
@Luke Mewburn has indicated that they (NetBSD) are not interested
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).

The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.
@
text
@a15 1
command="/usr/sbin/${name}"
a18 2
nuser=bind
ngroup=bind
a63 1

a67 1
	! checkyesno named_rcng && return 0
d69 4
a72 3
	if [ -z "$named_chrootdir" ]; then
		rc_flags="-u $nuser -g $ngroup $rc_flags"
		return 0
a73 11

	# Do the following checks only if the user wants them done
	checkyesno named_chroot_autoupdate && chroot_autoupdate

	# Make the symlinks only if the user wants them done.
	checkyesno named_symlink_enable && make_symlinks

	#       Change run_rc_commands()'s internal copy of $named_flags
	#
	! checkyesno named_rcng && return
	rc_flags="-u $nuser -g $ngroup -t ${named_chrootdir} $rc_flags"
@


1.7
log
@Luke Mewburn has indicated that they (NetBSD) are not interested
in keeping the scripts under rc.d in sync with us. So, begin removal
of NetBSD specific stuff (which made our scripts more complicated
than necessary), starting with the NetBSD KEYWORD.
@
text
@d20 2
a21 11

case ${OSTYPE} in
FreeBSD)
	nuser=bind
	ngroup=bind
	;;
NetBSD)
	nuser=named
	ngroup=named
	;;
esac
d72 12
a83 26
	case ${OSTYPE} in
	FreeBSD)
		! checkyesno named_rcng && return 0
		# Is the user using a sandbox?
		if [ -z "$named_chrootdir" ]; then
			rc_flags="-u $nuser -g $ngroup $rc_flags"
			return 0
		fi

		# Do the following checks only if the user wants them done
		checkyesno named_chroot_autoupdate && chroot_autoupdate
		;;
	NetBSD)
		chroot_autoupdate
		;;
	esac

	case ${OSTYPE} in
	FreeBSD)
		# Make the symlinks only if the user wants them done.
		checkyesno named_symlink_enable && make_symlinks
		;;
	NetBSD)
		make_symlinks
		;;
	esac
d87 1
a87 5
	case ${OSTYPE} in
	FreeBSD)
		! checkyesno named_rcng && return
		;;
	esac
@


1.6
log
@Fix the named script to find the correct pid file for the
named(8) daemon by providing a new rc.conf knob: named_pidfile
that defaults to the path specified in the system-installed named.conf(5).

Approved by: markm (mentor)
Reviewed by: dougb
Noticed by : Galen Sampson <galen_sampson@@yahoo.com>
	     Dan Pelleg <daniel+bsd@@pelleg.org>
PR: conf/46402
MFC:	2 weeks (with re@@ approval)
@
text
@d10 1
a10 1
# KEYWORD: FreeBSD NetBSD
@


1.5
log
@Fix style bugs:
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.

Approved by:	silence from gordon
@
text
@a16 1
pidfile="/var/run/${name}.pid"
d74 1
a74 1
	ln -fs "${named_chrootdir}/var/run/named.pid" /var/run/named.pid
d122 1
@


1.5.2.1
log
@MFC of rc.d/named pidfile fix.
	rc.conf    ver. 1.166
	rc.d/named ver. 1.6

Approved by: re, markm (mentor)
@
text
@d17 1
d75 1
a75 1
	ln -fs "${named_chrootdir}${named_pidfile}" ${named_pidfile}
a122 1
pidfile="${named_pidfile:-/var/run/${name}/pid}"
@


1.4
log
@Convert from `${CMD_OSTYPE}` to ${OSTYPE}. This saves a shell invocation on
OS-dependent case switches.
@
text
@d55 7
a61 7
        # Copy /dev/null over, if neccessary. Preserve everything (perms,
        # ownership, mod times).
        #
        if [ ! -c "${named_chrootdir}/dev/null" ]; then
        rm -f "${named_chrootdir}/dev/null"
                ( cd /dev ; /bin/pax -rw -pe null "${named_chrootdir}/dev" )
        fi
d63 4
a66 4
        # Copy local timezone information if it's not up-to-date.
        #
        if [ -f /etc/localtime ]; then
                cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
@


1.3
log
@Fix a typo in the named startup options

Submitted by:	sheldonh@@
@
text
@d22 1
a22 1
case `${CMD_OSTYPE}` in
d82 1
a82 1
	case `${CMD_OSTYPE}` in
d99 1
a99 1
	case `${CMD_OSTYPE}` in
d111 1
a111 1
	case `${CMD_OSTYPE}` in
@


1.2
log
@Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:	Mike Makonnen <makonnen@@pacbell.net>
Reviewed by:	silence on -current and -hackers
Prodded by:	rwatson
@
text
@d87 1
a87 1
			rc_flags="-u $nuser -g $ngroup rc_flags"
@


1.1
log
@Initial revision
@
text
@d3 2
a4 1
# $NetBSD: named,v 1.5 2000/05/13 08:45:07 lukem Exp $
d9 2
d15 1
a15 1
rcvar=$name
d18 80
d99 19
a117 1
extra_commands="reload"
d120 4
@


1.1.1.1
log
@Import the NetBSD 1.5 RC system.

Note that `rc' and `rc.shutdown' could not be imported because we already
have files with those names.
@
text
@@


1.1.1.2
log
@Sync with NetBSD's mainline.
@
text
@d3 1
a3 1
# $NetBSD: named,v 1.10 2002/03/22 04:33:59 thorpej Exp $
a7 2
# BEFORE:  DAEMON
# KEYWORD: chrootdir
d15 1
a15 1
start_precmd="named_precmd"
a16 39
required_dirs="$named_chrootdir"	# if it is set, it must exist

named_precmd()
{
	if [ -z "$named_chrootdir" ]; then
		return 0;
	fi

	# If running in a chroot cage, ensure that the appropriate files
	# exist inside the cage, as well as helper symlinks into the cage 
	# from outside.
	#
	# As this is called after the is_running and required_dir checks
	# are made in run_rc_command(), we can safely assume ${named_chrootdir}
	# exists and named isn't running at this point (unless forcestart
	# is used).
	#

	if [ ! -x "${named_chrootdir}/usr/libexec/named-xfer" -o \
	    "${named_chrootdir}/usr/libexec/named-xfer" -ot \
	    /usr/libexec/named-xfer ]; then
		rm -f "${named_chrootdir}/usr/libexec/named-xfer"
		cp -p /usr/libexec/named-xfer "${named_chrootdir}/usr/libexec"
	fi
	if [ ! -c "${named_chrootdir}/dev/null" ]; then
		rm -f "${named_chrootdir}/dev/null"
		( cd /dev ; /bin/pax -rw -pe null "${named_chrootdir}/dev" )
	fi
	if [ -f /etc/localtime ]; then
		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
		    cp -p /etc/localtime "${named_chrootdir}/etc/localtime"
	fi
	ln -fs "${named_chrootdir}/var/run/named.pid" /var/run/named.pid
	ln -fs "${named_chrootdir}/var/run/ndc" /var/run/ndc

	#	Change run_rc_commands()'s internal copy of $named_flags
	#
	rc_flags="-u named -g named -t ${named_chrootdir} $rc_flags"
}
@

