Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFH (r237568, r255422, r255460, r255766, r255767, r255774, r255829,
r256126, r257954, r261320, r261499, r263691, r263712): upgrade to
OpenSSH 6.6p1 via 6.3p1, 6.4p1 and 6.5p1.

Differences relative to head:

- No DNSSEC support since stable/9 does not have LDNS
- Sandboxing off by default, and uses rlimit instead of Capsicum
- ED25519 moved to the bottom of the order of preference to avoid
"new public key" warnings

MFC r252062:

Call sshd_precmd instead of sshd_configtest when the operator
requests reload or restart, which, in addition of testing the
configuration, will also generate host keys when they are not
present (previous behavior).

Obtained from: FreeNAS
Ok'ed by: bdrewery, des

MFC r249489,249555

Run configtest before restarting so that the system is not
left without a running sshd.

Also call configtest before reload to ensure working config.

MFH (r240109): add a configtest command

MFC: r240336:
Simply things so that "#REQUIRE: FILESYSTEMS" means the file
systems are fully "ready to go".

'FILESYSTEMS' states: "This is a dummy dependency, for services which
require file systems to be mounted before starting." However, we have
'var' which is was run after 'FILESYSTEMS' and can mount /var if it
already isn't mounted. Furthermore, several scripts cannot use /var
until 'cleanvar' has done its thing. Thus "FILESYSTEMS" hasn't really
meant all critical file systems are fully usable.

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Upgrade to OpenSSH 5.8p2.

Add the shutdown KEYWORD to those scripts that start persistent services
to allow them to do a "clean" shutdown.

I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.

I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.

Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.

Backout this commit since it breaks startup and some scripts in
certain conditions. I haven't been able to find a better solution yet:

- Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.
- Reflect prefix/etcdir changes in rc.subr.8.

src/etc/rc.d/sshd: rev 1.9 -> 1.10
src/etc/rc.subr: rev 1.51 -> 1.52
src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12

Approved by: cperciva (mentor)

- Fix rc.d/sshd test on kern.random.sys.seeded.

PR: conf/94377
Submitted by: dwhite
Approved by: cperciva (mentor)
MFC after: 1 week

- Set a two read-only variables (${prefix} and ${etcdir}). This is
especially useful when using /etc/rc.d scripts with third-party
software installed from ports.
- Fix rc.d/sshd to work with openssh from ports using ${etcdir}
instead of hardcoded /etc.

Reviewed by: brooks
Approved by: cperciva (mentor)
MFC after: 1 week

Don't be lazy, set the "command" variable even if
/etc/defaults/rc.conf will provide foo_program, too.
By specifying "command" we explicitly say that we're
going to rely on rc.subr(8) default methods, and
rc.subr(8) will take advantage of this soon.

The majority of our rc.d scripts already set "command"
if appropriate, so fix just the non-compliant handful.

"REQUIRE: cleanvar" for all RC's writing into /var/run.

Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days

Give sshd a secure startup, but with a tweakable timeout so that
the box won't hang forever at startup.

Luke Mewburn has indicated that they (NetBSD) are not interested
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).

The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.

Luke Mewburn has indicated that they (NetBSD) are not interested
in keeping the scripts under rc.d in sync with us. So, begin removal
of NetBSD specific stuff (which made our scripts more complicated
than necessary), starting with the NetBSD KEYWORD.

Not everyone uses the base system sshd. They can use the sshd_program
variable in rc.conf to have sshd from ports (or somewhere else) installed.
So, don't make the sshd_config for the base system a required file
to start the service.

PR: conf/45766

Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson

This commit was generated by cvs2svn to compensate for changes in r78344,
which included commits to RCS files with non-trunk default branches.

Import the NetBSD 1.5 RC system.

Note that `rc' and `rc.shutdown' could not be imported because we already
have files with those names.