Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC: r240336:
Simply things so that "#REQUIRE: FILESYSTEMS" means the file
systems are fully "ready to go".

'FILESYSTEMS' states: "This is a dummy dependency, for services which
require file systems to be mounted before starting." However, we have
'var' which is was run after 'FILESYSTEMS' and can mount /var if it
already isn't mounted. Furthermore, several scripts cannot use /var
until 'cleanvar' has done its thing. Thus "FILESYSTEMS" hasn't really
meant all critical file systems are fully usable.

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Introduce to rc.subr get_pidfile_from_conf(). It does just what it sounds
like, determines the path to a pid file as it is specified in a conf file.

Use the new feature for rc.d/named and rc.d/devd, the 2 services in the
base that list their pid files in their conf files.

Remove the now-obsolete named_pidfile, and warn users if they have it set.

In the case where named_chroot_autoupdate is NOT set, but
named_chrootdir IS set, named-checkconf fails because it
cannot find the conf file. Fix this by making checkconf a
variable that includes "-t $named_chrootdir" as needed.
Notice of the bug and suggested direction for the fix from [1].

Using required_files for named.conf is overkill ever since
I added the named-checkconf call, so rather than update the
logic to handle the case described above, remove it. This
also handles the case where named_chroot_autoupdate IS set
but the symlink doesn't exist yet.

PR: conf/145904
Submitted by: J R Matthews

s/named_confidr/named_confdir/ in the rndc.key check. The line in
the command to create it was right, but the check was wrong, so it
was getting created every time. Mea culpa.

Submitted by: oliver

The script hard-coded the assumption that the "configuration directory"
would be "/etc/namedb" in a number of places. Since the user may make
a different choice, introduce a new internal variable, named_confdir
that is generated relative to the location of $named_conf.

While this will work for some things (especially a highly customized
build from ISC source) there are still a number of places where
/etc/namedb is assumed that it is not easily virtualized (E.g., mtree).
If you deviate from the defaults you'd better know what you're doing. :)

Since the change to rc.subr in r198162 it's not necessary to specify
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.

Rename named_precmd to named_prestart to make it more clear and match
convention.

Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.

Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.

For named_conf:
Add "-c $named_conf" to command_args if it's not set to the
default. If it is set to the default and we're using the base
BIND it's not necessary. If we're using BIND from the ports
the user is likely to have included it in _flags (due to long
necessity for doing so) so don't duplicate that if it's set.

Add $named_conf to required_files

1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.

Trim trailing whitespace from the end of a line

Named normally cannot be started chrooted inside a jail. Thus treat
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.

PR: conf/103489
Reviewed by: dougb
MFC after: 5 days

When using SRV records the protocols and services files need to be in the
chroot /etc directory.

PR: conf/121101
Submitted by: Stefan `Sec` Zehl <sec@42.org>

1. Determine the location of the rndc* binaries relative to $command
so that when using named from the ports (or elsewhere) the proper rndc*
commands will be run.

2. Rework the stop routine using ideas from brooks and delphij.
Specifically I am duplicating a lot of code from rc.subr's stop routine
so that this one will behave more like the one in rc.subr, but use rndc
to kill the daemon (or regular kill if that fails). This also avoids
the problems related to using killall if rndc fails, which is bad if
you're running more than one named on the same box.

3. Take a concept from gshapiro and allow the rndc.key file to be
owned by root OR the named_uid user.

Although I used different solutions, this commit handles issues raised in:
PR: conf/73929
PR: conf/103976
PR: conf/109409

After some discussion we believe that having SERVERS to REQUIRE:
ldconfig would provide necessary protection for named as well,
so remove the dependency here.

Approved by: flz

Add ldconfig to the list of requirements for named, needed to use bind
from ports. The effect is that ldconfig is now started right after
mountcritremote. Everything else is left unchanged.

PR: conf/68916
Submitted by: JD Bronson <jd@aurora.org>
Approved by: cperciva (mentor)
MFC after: 1 week

Overhaul the named boot script:

1. Remove a now-spurious NetBSD CVS Id, as we are no longer synching work
2. Remove a now-spurious BEFORE, since ntpdate now REQUIRE's named
3. Replace the call to set rcvar with what that function would output,
and generally reduce indirection ($name -> named) since it's highly
unlikely the name of the named process or service will change any time soon.
4. Resort the order the variables at the top of the file to a more
traditional format, and remove a spurious required_dirs from the top, as it
works better after load_rc_config.
5. We do not want the default reload method with named, so define a simple
but appropriate substitute using rndc. If I were writing this script for
the first time I would not include this at all, since it's preferable to
control a running daemon with rndc to start with, but given that this is
already here, let's do it right. I hope that future generations will
however resist the tempation to add reconfig to extra_commands.
6. By the same token, we want to use rndc to shut down named, but given
that by defining a stop function we lose the "find the process by its
pid file in an emergency" goodness of rc.subr, try to do something useful
in the event that rndc is not available, and keep the user informed.
7. Replace some "test -f" with "test -r" to handle the unlikely event
that the relevant file exists, but is unreadable.
8. Twiddle whitespace in a few areas, remove a spurious blank line,
a bogus double space, and try to do better indenting.
9. Improve generation of the rndc.key file significantly
a. If for some reason a user has an rndc.conf file, assume that they
did that on purpose, and hence know what they are doing, so leave them alone.
b. Introduce a named_uid configuration variable so that the user which owns
the rndc.key file and the user named runs as always match, and is more
easily configurable. This should dramatically reduce problems with rndc.
c. Also test that the rndc.key file size is greater than zero, rather than
simply that the file exists. I have seen at least one user report this exact
problem, and although neither of us is sure where the empty file came from,
the fix is simple, so include it.
d. Rather than try to create an rndc.key file in both /etc/namedb and the
chroot'ed /etc/namedb, assume that they are be the same (which they should
be), and only create the file in the chroot'ed version of the directory.
This partially addresses the problem described in conf/73929, but I have
not yet finished thinking about the PREFIX issue that PR also raises.

As a result of introducing the named_uid knob, the default named_flags
are now empty.

Update defaults/rc.conf and rc.conf(5) to reflect these changes.

Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.

We need to use 'applyset' command for devfs, 'apply hide' is not enough,
because new devfs entries can show up later and one can access such entires
from inside named chroot.
In rc.d scripts we can use devfs_domount() function with devfsrules_hide_all
policy and unhide 'null' and 'random' manually.

Add -h to the ln command to make the -f flag actually do something.
Without this flag, if the symlink existed already a new symlink would
be created in the source directory. While harmless if the two symlinks
were the same, it nonetheless caused pointless confusion.

The pathological case is that when there is an existing /etc/namedb
symlink, but named_chrootdir in rc.conf pointed to a different
directory, it was the symlink in /var/named that was getting
updated, not the one in /etc. This led to some difficult to diagnose
problems for users.

"REQUIRE: cleanvar" for all RC's writing into /var/run.

Use "KEYWORD: shutdown" so shutdown commands will actually be executed.

Approved by: dougb@

When stopping a chrooted named, unmount the devfs filesystem from
the chroot area. This stops "umount -a" failing when dropping to
single user.

Reviewed by: dougb@

If /etc/named is a symlink, try to make sure it points the right place.

Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days

Hide all the devices in the chroot dev except for random and null.

Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.

Rather than using pax to copy device entries, mount devfs in the
chroot directory.

There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.

UPDATING has instructions on how to do the conversion for those
with existing configurations.

It's not necessary to create an rndc.key file if the user already
has an rndc.conf file.

Submitted by: Sergey Mokryshev <mokr@mokr.net>

Fix two glitches that appear in the non-chroot case. First, if not
chrooted the pid symlink code should not fire. Also, remove the quotes
around the chroot variable in the rndc-confgen invocation so that if
not chrooted the command will still succeed.

Pointed out by: Sean McNeil <sean@mcneil.com>

Fix a comment typo: s/neccessary/necessary/

Update to reflect BIND 9 in the base:

1. Making the pid symlink now has to happen after named starts, otherwise
it can generate a fatal error.

2. named-xfer is not part of the BIND 9 world.

3. BIND 9 needs a /dev/random in the chroot directory if chrooted.

4. Only the pid file is symlinked now, the ndc socket is BIND 8 only.

5. Create an rndc.key file for the user if one does not exist.
This (generally) allows a BIND 8 config file to be used in a BIND 9
world with little or no modification.

1. Remove the named_rcng variable. Mike's caution in this area was a good
thing, but we're ready to move on.

2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.

3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].

4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.

5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.

There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.

Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush

Luke Mewburn has indicated that they (NetBSD) are not interested
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).

The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.

Luke Mewburn has indicated that they (NetBSD) are not interested
in keeping the scripts under rc.d in sync with us. So, begin removal
of NetBSD specific stuff (which made our scripts more complicated
than necessary), starting with the NetBSD KEYWORD.

Fix the named script to find the correct pid file for the
named(8) daemon by providing a new rc.conf knob: named_pidfile
that defaults to the path specified in the system-installed named.conf(5).

Approved by: markm (mentor)
Reviewed by: dougb
Noticed by : Galen Sampson <galen_sampson@yahoo.com>
Dan Pelleg <daniel+bsd@pelleg.org>
PR: conf/46402
MFC: 2 weeks (with re@ approval)

Fix style bugs:
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.

Approved by: silence from gordon

Convert from `${CMD_OSTYPE}` to ${OSTYPE}. This saves a shell invocation on
OS-dependent case switches.

Fix a typo in the named startup options

Submitted by: sheldonh@

Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson

This commit was generated by cvs2svn to compensate for changes in r78344,
which included commits to RCS files with non-trunk default branches.

Import the NetBSD 1.5 RC system.

Note that `rc' and `rc.shutdown' could not be imported because we already
have files with those names.