xref: /freebsd/libexec/rc/rc.subr (revision c57c26179033f64c2011a2d2a904ee3fa62e826a) 
1# $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $
2#
3# Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
4# All rights reserved.
5#
6# This code is derived from software contributed to The NetBSD Foundation
7# by Luke Mewburn.
8#
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted provided that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28# POSSIBILITY OF SUCH DAMAGE.
29#
30# rc.subr
31#	functions used by various rc scripts
32#
33
34: ${RC_PID:=$$}; export RC_PID
35
36#
37#	Operating System dependent/independent variables
38#
39
40if [ -n "${_rc_subr_loaded}" ]; then
41	return
42fi
43
44_rc_subr_loaded="YES"
45
46SYSCTL="/sbin/sysctl"
47SYSCTL_N="${SYSCTL} -n"
48SYSCTL_W="${SYSCTL}"
49PROTECT="/usr/bin/protect"
50ID="/usr/bin/id"
51IDCMD="if [ -x $ID ]; then $ID -un; fi"
52PS="/bin/ps -ww"
53SERVICE=/usr/sbin/service
54JAIL_CMD=/usr/sbin/jail
55_svcj_generic_params="path=/ mount.nodevfs host=inherit"
56JID=0
57CPUSET="/bin/cpuset"
58
59# rc_service provides the path to the service script that we are executing.
60# This is not being set here in an execution context, necessarily, so it's
61# really just a reasonable guess, and it will get overwritten later if
62# we are executing from some other means than direct execution by service(8)
63# or manual invocation of the service script.  The prime example of this is
64# during system startup, all rc scripts will be invoked via /etc/rc, so
65# run_rc_script will overwrite rc_service with the file being sourced.
66rc_service="$0"
67
68#
69#	functions
70#	---------
71
72# is_verified file
73#	if VERIEXEC is active check that $file is verified
74#
75VERIEXEC="/sbin/veriexec"
76if test -x $VERIEXEC && $VERIEXEC -i active > /dev/null 2>&1; then
77	is_verified() { $VERIEXEC -x $1; }
78else
79	is_verified() { return 0; }
80fi
81
82# indicate that we have vdot
83_VDOT_SH=:
84
85# current state of O_VERIFY
86o_verify()
87{
88	case $(echo $(set -o)) in
89	*verify" "off*) echo off;;
90	*verify" "on*) echo on;;
91	esac
92}
93
94##
95# o_verify_set want [save]
96#
97# record current state of verify in $save
98# and set it to $want if different
99#
100o_verify_set() {
101	local x=$(o_verify)
102
103	[ -z "$x" ] && return 0
104	[ -z "$2" ] || eval $2=$x
105	[ "$x" = "$1" ] && return 0
106	case "$1" in
107	on)
108		set -o verify
109		;;
110	off)
111		set +o verify
112		;;
113	esac
114}
115
116# for unverified files
117dotted=
118dot()
119{
120	local f verify
121
122	o_verify_set off verify
123	for f in "$@"; do
124		if [ -f $f -a -s $f ]; then
125			dotted="$dotted $f"
126			. $f
127		fi
128	done
129	o_verify_set $verify
130}
131
132# try for verified, fallback to safe
133sdot()
134{
135	local f
136
137	for f in "$@"; do
138		[ -f $f -a -s $f ] || continue
139		vdot $f || safe_dot $f
140	done
141}
142
143# convenience function - skip if not verified
144vdot()
145{
146	local f rc=0 verify
147
148	o_verify_set on verify
149	for f in "$@"; do
150		[ -f $f -a -s $f ] || continue
151		if is_verified $f 2> /dev/null; then
152			dotted="$dotted $f"
153			. $f
154		else
155			rc=80	# EAUTH
156		fi
157	done
158	o_verify_set $verify
159	return $rc
160}
161
162# Exists [test] file ...
163# report the first "file" that passes "test" (default -s).
164Exists()
165{
166	local f _t=-s
167
168	while :; do
169		: 1=$1
170		case "$1" in
171		-?)
172			_t=$1
173			shift
174			;;
175		*)
176			break
177			;;
178		esac
179	done
180
181	for f in "$@"; do
182		[ $_t $f ] || continue
183		echo $f
184		return 0
185	done
186	return 1
187}
188
189# do we have $1 (could be a function)
190have()
191{
192       type "$1" > /dev/null 2>&1
193}
194
195# provide consistent means of logging progress
196rc_log()
197{
198	date "+@ %s [%Y-%m-%d %H:%M:%S %Z] $*"
199}
200
201# only rc_log if tracing enabled
202# and $level >= $RC_LEVEL
203rc_trace()
204{
205	local level=$1; shift
206	local cf=/etc/rc.conf.d/rc_trace
207
208	if [ -z "$RC_LEVEL" ]; then
209		[ -f $cf ] || return
210		if [ -s $cf ]; then
211			# don't try to set RC_LEVEL without sed
212			if [ -n "$SED" ]; then
213				RC_LEVEL=$($SED -n '/^RC_LEVEL=/ { s/.*=//p;q; }' $cf)
214				RC_LEVEL=${RC_LEVEL:-0}
215			fi
216		else
217			RC_LEVEL=0
218		fi
219	fi
220	[ ${RC_LEVEL:-0} -ge ${level:-0} ] || return
221	rc_log "$@"
222}
223
224# list_vars pattern
225#	List variables matching glob pattern.
226#
227list_vars()
228{
229	# Localize 'set' option below.
230	local -
231	local IFS=$'\n' line varname
232
233	# Disable path expansion in unquoted 'for' parameters below.
234	set -o noglob
235
236	for line in $(set); do
237		varname="${line%%=*}"
238
239		case "$varname" in
240		"$line"|*[!a-zA-Z0-9_]*)
241			continue
242			;;
243		$1)
244			echo $varname
245			;;
246		esac
247	done
248}
249
250# set_rcvar [var] [defval] [desc]
251#
252#	Echo or define a rc.conf(5) variable name.  Global variable
253#	$rcvars is used.
254#
255#	If no argument is specified, echo "${name}_enable".
256#
257#	If only a var is specified, echo "${var}_enable".
258#
259#	If var and defval are specified, the ${var} is defined as
260#	rc.conf(5) variable and the default value is ${defvar}.  An
261#	optional argument $desc can also be specified to add a
262#	description for that.
263#
264set_rcvar()
265{
266	local _var
267
268	case $# in
269	0)	echo ${name}_enable ;;
270	1)	echo ${1}_enable ;;
271	*)
272		debug "set_rcvar: \$$1=$2 is added" \
273		    " as a rc.conf(5) variable."
274		_var=$1
275		rcvars="${rcvars# } $_var"
276		eval ${_var}_defval=\"$2\"
277		shift 2
278		eval ${_var}_desc=\"$*\"
279	;;
280	esac
281}
282
283# set_rcvar_obsolete oldvar [newvar] [msg]
284#	Define obsolete variable.
285#	Global variable $rcvars_obsolete is used.
286#
287set_rcvar_obsolete()
288{
289	local _var
290	_var=$1
291	debug "set_rcvar_obsolete: \$$1(old) -> \$$2(new) is defined"
292
293	rcvars_obsolete="${rcvars_obsolete# } $1"
294	eval ${1}_newvar=\"$2\"
295	shift 2
296	eval ${_var}_obsolete_msg=\"$*\"
297}
298
299#
300# force_depend script [rcvar]
301#	Force a service to start. Intended for use by services
302#	to resolve dependency issues.
303#	$1 - filename of script, in /etc/rc.d, to run
304#	$2 - name of the script's rcvar (minus the _enable)
305#
306force_depend()
307{
308	local _depend _dep_rcvar
309
310	_depend="$1"
311	_dep_rcvar="${2:-$1}_enable"
312
313	[ -n "$rc_fast" ] && ! checkyesno always_force_depends &&
314	    checkyesno $_dep_rcvar && return 0
315
316	/etc/rc.d/${_depend} forcestatus >/dev/null 2>&1 && return 0
317
318	info "${name} depends on ${_depend}, which will be forced to start."
319	if ! /etc/rc.d/${_depend} forcestart; then
320		warn "Unable to force ${_depend}. It may already be running."
321		return 1
322	fi
323}
324
325#
326# checkyesno var
327#	Test $1 variable, and warn if not set to YES or NO.
328#	Return 0 if it's "yes" (et al), nonzero otherwise.
329#
330checkyesno()
331{
332	eval _value=\$${1}
333	debug "checkyesno: $1 is set to $_value."
334	case $_value in
335
336		#	"yes", "true", "on", or "1"
337	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
338		return 0
339		;;
340
341		#	"no", "false", "off", or "0"
342	[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
343		return 1
344		;;
345	*)
346		warn "\$${1} is not set properly - see rc.conf(5)."
347		return 1
348		;;
349	esac
350}
351
352#
353# reverse_list list
354#	print the list in reverse order
355#
356reverse_list()
357{
358	_revlist=
359	for _revfile; do
360		_revlist="$_revfile $_revlist"
361	done
362	echo $_revlist
363}
364
365# stop_boot always
366#	If booting directly to multiuser or $always is enabled,
367#	send SIGTERM to the parent (/etc/rc) to abort the boot.
368#	Otherwise just exit.
369#
370stop_boot()
371{
372	local always
373
374	case $1 in
375		#	"yes", "true", "on", or "1"
376	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
377		always=true
378		;;
379	*)
380		always=false
381		;;
382	esac
383	if [ "$autoboot" = yes -o "$always" = true ]; then
384		echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
385		kill -TERM ${RC_PID}
386	fi
387	exit 1
388}
389
390#
391# mount_critical_filesystems type
392#	Go through the list of critical filesystems as provided in
393#	the rc.conf(5) variable $critical_filesystems_${type}, checking
394#	each one to see if it is mounted, and if it is not, mounting it.
395#
396mount_critical_filesystems()
397{
398	eval _fslist=\$critical_filesystems_${1}
399	for _fs in $_fslist; do
400		mount | (
401			_ismounted=false
402			while read what _on on _type type; do
403				if [ $on = $_fs ]; then
404					_ismounted=true
405				fi
406			done
407			if $_ismounted; then
408				:
409			else
410				mount $_fs >/dev/null 2>&1
411			fi
412		)
413	done
414}
415
416#
417# check_pidfile pidfile procname [interpreter]
418#	Parses the first line of pidfile for a PID, and ensures
419#	that the process is running and matches procname.
420#	Prints the matching PID upon success, nothing otherwise.
421#	interpreter is optional; see _find_processes() for details.
422#
423check_pidfile()
424{
425	_pidfile=$1
426	_procname=$2
427	_interpreter=$3
428	if [ -z "$_pidfile" -o -z "$_procname" ]; then
429		err 3 'USAGE: check_pidfile pidfile procname [interpreter]'
430	fi
431	if [ ! -f $_pidfile ]; then
432		debug "pid file ($_pidfile): not readable."
433		return
434	fi
435	read _pid _junk < $_pidfile
436	if [ -z "$_pid" ]; then
437		debug "pid file ($_pidfile): no pid in file."
438		return
439	fi
440	_find_processes $_procname ${_interpreter:-.} '-p '"$_pid"
441}
442
443#
444# check_process procname [interpreter]
445#	Ensures that a process (or processes) named procname is running.
446#	Prints a list of matching PIDs.
447#	interpreter is optional; see _find_processes() for details.
448#
449check_process()
450{
451	_procname=$1
452	_interpreter=$2
453	if [ -z "$_procname" ]; then
454		err 3 'USAGE: check_process procname [interpreter]'
455	fi
456	_find_processes $_procname ${_interpreter:-.} '-ax'
457}
458
459#
460# _find_processes procname interpreter psargs
461#	Search for procname in the output of ps generated by psargs.
462#	Prints the PIDs of any matching processes, space separated.
463#
464#	If interpreter == ".", check the following variations of procname
465#	against the first word of each command:
466#		procname
467#		`basename procname`
468#		`basename procname` + ":"
469#		"(" + `basename procname` + ")"
470#		"[" + `basename procname` + "]"
471#
472#	If interpreter != ".", read the first line of procname, remove the
473#	leading #!, normalise whitespace, append procname, and attempt to
474#	match that against each command, either as is, or with extra words
475#	at the end.  As an alternative, to deal with interpreted daemons
476#	using perl, the basename of the interpreter plus a colon is also
477#	tried as the prefix to procname.
478#
479_find_processes()
480{
481	if [ $# -ne 3 ]; then
482		err 3 'USAGE: _find_processes procname interpreter psargs'
483	fi
484	_procname=$1
485	_interpreter=$2
486	_psargs=$3
487
488	_pref=
489	if [ $_interpreter != "." ]; then	# an interpreted script
490		_script="${_chroot}${_chroot:+/}$_procname"
491		if [ -r "$_script" ]; then
492			read _interp < $_script	# read interpreter name
493			case "$_interp" in
494			\#!*)
495				_interp=${_interp#\#!}	# strip #!
496				set -- $_interp
497				case $1 in
498				*/bin/env)
499					shift	# drop env to get real name
500					;;
501				esac
502				if [ $_interpreter != $1 ]; then
503					warn "\$command_interpreter $_interpreter != $1"
504				fi
505				;;
506			*)
507				warn "no shebang line in $_script"
508				set -- $_interpreter
509				;;
510			esac
511		else
512			warn "cannot read shebang line from $_script"
513			set -- $_interpreter
514		fi
515		_interp="$* $_procname"		# cleanup spaces, add _procname
516		_interpbn=${1##*/}
517		_fp_args='_argv'
518		_fp_match='case "$_argv" in
519		    ${_interp}|"${_interp} "*|"[${_interpbn}]"|"${_interpbn}: ${_procname}"*)'
520	else					# a normal daemon
521		_procnamebn=${_procname##*/}
522		_fp_args='_arg0 _argv'
523		_fp_match='case "$_arg0" in
524		    $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")'
525	fi
526
527	if checkyesno ${name}_svcj && [ "${_rc_svcj}" != jailing ]; then
528		JID=$(/usr/sbin/jls -j svcj-${name} jid 2>/dev/null)
529
530		case ${JID} in
531		''|*[!0-9]*)
532			# svcj-jail doesn't exist, fallback to host-check
533			JID=0
534			;;
535		esac
536	fi
537	_proccheck="\
538		$PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' |
539		while read _npid _jid '"$_fp_args"'; do
540			'"$_fp_match"'
541				if [ "$JID" -eq "$_jid" ];
542				then echo -n "$_pref$_npid";
543				_pref=" ";
544				fi
545				;;
546			esac
547		done'
548
549#	debug "in _find_processes: proccheck is ($_proccheck)."
550	eval $_proccheck
551}
552
553# sort_lite [-b] [-n] [-k POS] [-t SEP]
554#	A lite version of sort(1) (supporting a few options) that can be used
555#	before the real sort(1) is available (e.g., in scripts that run prior
556#	to mountcritremote). Requires only shell built-in functionality.
557#
558sort_lite()
559{
560	local funcname=sort_lite
561	local sort_sep="$IFS" sort_ignore_leading_space=
562	local sort_field=0 sort_strict_fields= sort_numeric=
563	local nitems=0 skip_leading=0 trim=
564
565	local OPTIND flag
566	while getopts bnk:t: flag; do
567		case "$flag" in
568		b) sort_ignore_leading_space=1 ;;
569		n) sort_numeric=1 sort_ignore_leading_space=1 ;;
570		k) sort_field="${OPTARG%%,*}" ;; # only up to first comma
571			# NB: Unlike sort(1) only one POS allowed
572		t) sort_sep="$OPTARG"
573		   if [ ${#sort_sep} -gt 1 ]; then
574		   	echo "$funcname: multi-character tab \`$sort_sep'" >&2
575		   	return 1
576		   fi
577		   sort_strict_fields=1
578		   ;;
579		\?) return 1 ;;
580		esac
581	done
582	shift $(( $OPTIND - 1 ))
583
584	# Create transformation pattern to trim leading text if desired
585	case "$sort_field" in
586	""|[!0-9]*|*[!0-9.]*)
587		echo "$funcname: invalid sort field \`$sort_field'" >&2
588		return 1
589		;;
590	*.*)
591		skip_leading=${sort_field#*.} sort_field=${sort_field%%.*}
592		while [ ${skip_leading:-0} -gt 1 ] 2> /dev/null; do
593			trim="$trim?" skip_leading=$(( $skip_leading - 1 ))
594		done
595	esac
596
597	# Copy input to series of local numbered variables
598	# NB: IFS of NULL preserves leading whitespace
599	local LINE
600	while IFS= read -r LINE || [ "$LINE" ]; do
601		nitems=$(( $nitems + 1 ))
602		local src_$nitems="$LINE"
603	done
604
605	#
606	# Sort numbered locals using insertion sort
607	#
608	local curitem curitem_orig curitem_mod curitem_haskey
609	local dest dest_orig dest_mod dest_haskey
610	local d gt n
611	local i=1
612	while [ $i -le $nitems ]; do
613		curitem_haskey=1 # Assume sort field (-k POS) exists
614		eval curitem=\"\$src_$i\"
615		curitem_mod="$curitem" # for modified comparison
616		curitem_orig="$curitem" # for original comparison
617
618		# Trim leading whitespace if desired
619		if [ "$sort_ignore_leading_space" ]; then
620			while case "$curitem_orig" in
621				[$IFS]*) : ;; *) false; esac
622			do
623				curitem_orig="${curitem_orig#?}"
624			done
625			curitem_mod="$curitem_orig"
626		fi
627
628		# Shift modified comparison value if sort field (-k POS) is > 1
629		n=$sort_field
630		while [ $n -gt 1 ]; do
631			case "$curitem_mod" in
632			*[$sort_sep]*)
633				# Cut text up-to (and incl.) first separator
634				curitem_mod="${curitem_mod#*[$sort_sep]}"
635
636				# Skip NULLs unless strict field splitting
637				[ "$sort_strict_fields" ] ||
638					[ "${curitem_mod%%[$sort_sep]*}" ] ||
639					[ $n -eq 2 ] ||
640					continue
641				;;
642			*)
643				# Asked for a field that doesn't exist
644				curitem_haskey= break
645			esac
646			n=$(( $n - 1 ))
647		done
648
649		# Trim trailing words if sort field >= 1
650		[ $sort_field -ge 1 -a "$sort_numeric" ] &&
651			curitem_mod="${curitem_mod%%[$sort_sep]*}"
652
653		# Apply optional trim (-k POS.TRIM) to cut leading characters
654		curitem_mod="${curitem_mod#$trim}"
655
656		# Determine the type of modified comparison to use initially
657		# NB: Prefer numerical if requested but fallback to standard
658		case "$curitem_mod" in
659		""|[!0-9]*) # NULL or begins with non-number
660			gt=">"
661			[ "$sort_numeric" ] && curitem_mod=0
662			;;
663		*)
664			if [ "$sort_numeric" ]; then
665				gt="-gt"
666				curitem_mod="${curitem_mod%%[!0-9]*}"
667					# NB: trailing non-digits removed
668					# otherwise numeric comparison fails
669			else
670				gt=">"
671			fi
672		esac
673
674		# If first time through, short-circuit below position-search
675		if [ $i -le 1 ]; then
676			d=0
677		else
678			d=1
679		fi
680
681		#
682		# Find appropriate element position
683		#
684		while [ $d -gt 0 ]
685		do
686			dest_haskey=$curitem_haskey
687			eval dest=\"\$dest_$d\"
688			dest_mod="$dest" # for modified comparison
689			dest_orig="$dest" # for original comparison
690
691			# Trim leading whitespace if desired
692			if [ "$sort_ignore_leading_space" ]; then
693				while case "$dest_orig" in
694					[$IFS]*) : ;; *) false; esac
695				do
696					dest_orig="${dest_orig#?}"
697				done
698				dest_mod="$dest_orig"
699			fi
700
701			# Shift modified value if sort field (-k POS) is > 1
702			n=$sort_field
703			while [ $n -gt 1 ]; do
704				case "$dest_mod" in
705				*[$sort_sep]*)
706					# Cut text up-to (and incl.) 1st sep
707					dest_mod="${dest_mod#*[$sort_sep]}"
708
709					# Skip NULLs unless strict fields
710					[ "$sort_strict_fields" ] ||
711					    [ "${dest_mod%%[$sort_sep]*}" ] ||
712					    [ $n -eq 2 ] ||
713					    continue
714					;;
715				*)
716					# Asked for a field that doesn't exist
717					dest_haskey= break
718				esac
719				n=$(( $n - 1 ))
720			done
721
722			# Trim trailing words if sort field >= 1
723			[ $sort_field -ge 1 -a "$sort_numeric" ] &&
724				dest_mod="${dest_mod%%[$sort_sep]*}"
725
726			# Apply optional trim (-k POS.TRIM), cut leading chars
727			dest_mod="${dest_mod#$trim}"
728
729			# Determine type of modified comparison to use
730			# NB: Prefer numerical if requested, fallback to std
731			case "$dest_mod" in
732			""|[!0-9]*) # NULL or begins with non-number
733				gt=">"
734				[ "$sort_numeric" ] && dest_mod=0
735				;;
736			*)
737				if [ "$sort_numeric" ]; then
738					gt="-gt"
739					dest_mod="${dest_mod%%[!0-9]*}"
740						# NB: kill trailing non-digits
741						# for numeric comparison safety
742				else
743					gt=">"
744				fi
745			esac
746
747			# Break if we've found the proper element position
748			if [ "$curitem_haskey" -a "$dest_haskey" ]; then
749				if [ "$dest_mod" = "$curitem_mod" ]; then
750					[ "$dest_orig" ">" "$curitem_orig" ] &&
751						break
752				elif [ "$dest_mod" $gt "$curitem_mod" ] \
753					2> /dev/null
754				then
755					break
756				fi
757			else
758				[ "$dest_orig" ">" "$curitem_orig" ] && break
759			fi
760
761			# Break if we've hit the end
762			[ $d -ge $i ] && break
763
764			d=$(( $d + 1 ))
765		done
766
767		# Shift remaining positions forward, making room for new item
768		n=$i
769		while [ $n -ge $d ]; do
770			# Shift destination item forward one placement
771			eval dest_$(( $n + 1 ))=\"\$dest_$n\"
772			n=$(( $n - 1 ))
773		done
774
775		# Place the element
776		if [ $i -eq 1 ]; then
777			local dest_1="$curitem"
778		else
779			local dest_$d="$curitem"
780		fi
781
782		i=$(( $i + 1 ))
783	done
784
785	# Print sorted results
786	d=1
787	while [ $d -le $nitems ]; do
788		eval echo \"\$dest_$d\"
789		d=$(( $d + 1 ))
790	done
791}
792
793#
794# wait_for_pids pid [pid ...]
795#	spins until none of the pids exist
796#
797wait_for_pids()
798{
799	local _list _prefix _nlist _j
800
801	_list="$@"
802	if [ -z "$_list" ]; then
803		return
804	fi
805	_prefix=
806	while true; do
807		_nlist="";
808		for _j in $_list; do
809			if kill -0 $_j 2>/dev/null; then
810				_nlist="${_nlist}${_nlist:+ }$_j"
811				[ -n "$_prefix" ] && sleep 1
812			fi
813		done
814		if [ -z "$_nlist" ]; then
815			break
816		fi
817		_list=$_nlist
818		echo -n ${_prefix:-"Waiting for PIDS: "}$_list
819		_prefix=", "
820		pwait $_list 2>/dev/null
821	done
822	if [ -n "$_prefix" ]; then
823		echo "."
824	fi
825}
826
827#
828# get_pidfile_from_conf string file
829#
830#	Takes a string to search for in the specified file.
831#	Ignores lines with traditional comment characters.
832#
833# Example:
834#
835# if get_pidfile_from_conf string file; then
836#	pidfile="$_pidfile_from_conf"
837# else
838#	pidfile='appropriate default'
839# fi
840#
841get_pidfile_from_conf()
842{
843	if [ -z "$1" -o -z "$2" ]; then
844		err 3 "USAGE: get_pidfile_from_conf string file ($name)"
845	fi
846
847	local string file line
848
849	string="$1" ; file="$2"
850
851	if [ ! -s "$file" ]; then
852		err 3 "get_pidfile_from_conf: $file does not exist ($name)"
853	fi
854
855	while read line; do
856		case "$line" in
857		*[#\;]*${string}*)	continue ;;
858		*${string}*)		break ;;
859		esac
860	done < $file
861
862	if [ -n "$line" ]; then
863		line=${line#*/}
864		_pidfile_from_conf="/${line%%[\"\;]*}"
865	else
866		return 1
867	fi
868}
869
870#
871# check_startmsgs
872#	If rc_quiet is set (usually as a result of using faststart at
873#	boot time) check if rc_startmsgs is enabled.
874#
875check_startmsgs()
876{
877	if [ -n "$rc_quiet" ]; then
878		checkyesno rc_startmsgs
879	else
880		return 0
881	fi
882}
883
884#
885# startmsg
886#	Preferred method to use when displaying start messages in lieu of echo.
887#
888startmsg()
889{
890	check_startmsgs && echo "$@"
891}
892
893#
894# run_rc_command argument
895#	Search for argument in the list of supported commands, which is:
896#		"start stop restart rcvar status poll ${extra_commands}"
897#	If there's a match, run ${argument}_cmd or the default method
898#	(see below).
899#
900#	If argument has a given prefix, then change the operation as follows:
901#		Prefix	Operation
902#		------	---------
903#		fast	Skip the pid check, and set rc_fast=yes, rc_quiet=yes
904#		force	Set ${rcvar} to YES, and set rc_force=yes
905#		one	Set ${rcvar} to YES
906#		quiet	Don't output some diagnostics, and set rc_quiet=yes
907#
908#	The following globals are used:
909#
910#	Name		Needed	Purpose
911#	----		------	-------
912#	name		y	Name of script.
913#
914#	command		n	Full path to command.
915#				Not needed if ${rc_arg}_cmd is set for
916#				each keyword.
917#
918#	command_args	n	Optional args/shell directives for command.
919#
920#	command_interpreter n	If not empty, command is interpreted, so
921#				call check_{pidfile,process}() appropriately.
922#
923#	desc		n	Description of script.
924#
925#	extra_commands	n	List of extra commands supported.
926#
927#	pidfile		n	If set, use check_pidfile $pidfile $command,
928#				otherwise use check_process $command.
929#				In either case, only check if $command is set.
930#
931#	procname	n	Process name to check for instead of $command.
932#
933#	rcvar		n	This is checked with checkyesno to determine
934#				if the action should be run.
935#
936#	${name}_program	n	Full path to command.
937#				Meant to be used in /etc/rc.conf to override
938#				${command}.
939#
940#	${name}_chroot	n	Directory to chroot to before running ${command}
941#				Requires /usr to be mounted.
942#
943#	${name}_chdir	n	Directory to cd to before running ${command}
944#				(if not using ${name}_chroot).
945#
946#	${name}_cpuset	n	A list of CPUs to run ${command} on.
947#				Requires /usr to be mounted.
948#
949#	${name}_flags	n	Arguments to call ${command} with.
950#				NOTE:	$flags from the parent environment
951#					can be used to override this.
952#
953#	${name}_env	n	Environment variables to run ${command} with.
954#
955#	${name}_env_file n	File to source variables to run ${command} with.
956#
957#	${name}_fib	n	Routing table number to run ${command} with.
958#
959#	${name}_nice	n	Nice level to run ${command} at.
960#
961#	${name}_oomprotect n	Don't kill ${command} when swap space is exhausted.
962#
963#	${name}_umask	n	The file creation mask to run ${command} with.
964#
965#	${name}_user	n	User to run ${command} as, using su(1) if not
966#				using ${name}_chroot.
967#				Requires /usr to be mounted.
968#
969#	${name}_group	n	Group to run chrooted ${command} as.
970#				Requires /usr to be mounted.
971#
972#	${name}_groups	n	Comma separated list of supplementary groups
973#				to run the chrooted ${command} with.
974#				Requires /usr to be mounted.
975#
976#	${name}_prepend	n	Command added before ${command}.
977#
978#	${name}_setup	n	Command executed during start, restart and
979#				reload before ${rc_arg}_precmd is run.
980#
981#	${name}_login_class n	Login class to use, else "daemon".
982#
983#	${name}_limits	n	limits(1) to apply to ${command}.
984#
985#	${name}_offcmd	n	If set, run if a service is not enabled.
986#
987#	${rc_arg}_cmd	n	If set, use this as the method when invoked;
988#				Otherwise, use default command (see below)
989#
990#	${rc_arg}_precmd n	If set, run just before performing the
991#				${rc_arg}_cmd method in the default
992#				operation (i.e, after checking for required
993#				bits and process (non)existence).
994#				If this completes with a non-zero exit code,
995#				don't run ${rc_arg}_cmd.
996#
997#	${rc_arg}_postcmd n	If set, run just after performing the
998#				${rc_arg}_cmd method, if that method
999#				returned a zero exit code.
1000#
1001#	required_dirs	n	If set, check for the existence of the given
1002#				directories before running a (re)start command.
1003#
1004#	required_files	n	If set, check for the readability of the given
1005#				files before running a (re)start command.
1006#
1007#	required_modules n	If set, ensure the given kernel modules are
1008#				loaded before running a (re)start command.
1009#				The check and possible loads are actually
1010#				done after start_precmd so that the modules
1011#				aren't loaded in vain, should the precmd
1012#				return a non-zero status to indicate a error.
1013#				If a word in the list looks like "foo:bar",
1014#				"foo" is the KLD file name and "bar" is the
1015#				module name.  If a word looks like "foo~bar",
1016#				"foo" is the KLD file name and "bar" is a
1017#				egrep(1) pattern matching the module name.
1018#				Otherwise the module name is assumed to be
1019#				the same as the KLD file name, which is most
1020#				common.  See load_kld().
1021#
1022#	required_vars	n	If set, perform checkyesno on each of the
1023#				listed variables before running the default
1024#				(re)start command.
1025#
1026#	Default behaviour for a given argument, if no override method is
1027#	provided:
1028#
1029#	Argument	Default behaviour
1030#	--------	-----------------
1031#	start		if !running && checkyesno ${rcvar}
1032#				${command}
1033#
1034#	stop		if ${pidfile}
1035#				rc_pid=$(check_pidfile $pidfile $command)
1036#			else
1037#				rc_pid=$(check_process $command)
1038#			kill $sig_stop $rc_pid
1039#			wait_for_pids $rc_pid
1040#			($sig_stop defaults to TERM.)
1041#
1042#	reload		Similar to stop, except use $sig_reload instead,
1043#			and don't wait_for_pids.
1044#			$sig_reload defaults to HUP.
1045#			Note that `reload' isn't provided by default,
1046#			it should be enabled via $extra_commands.
1047#
1048#	restart		Run `stop' then `start'.
1049#
1050#	status		Show if ${command} is running, etc.
1051#
1052#	poll		Wait for ${command} to exit.
1053#
1054#	rcvar		Display what rc.conf variable is used (if any).
1055#
1056#	enabled		Return true if the service is enabled.
1057#
1058#	describe	Show the service's description
1059#
1060#	extracommands	Show the service's extra commands
1061#
1062#	Variables available to methods, and after run_rc_command() has
1063#	completed:
1064#
1065#	Variable	Purpose
1066#	--------	-------
1067#	rc_arg		Argument to command, after fast/force/one processing
1068#			performed
1069#
1070#	rc_flags	Flags to start the default command with.
1071#			Defaults to ${name}_flags, unless overridden
1072#			by $flags from the environment.
1073#			This variable may be changed by the precmd method.
1074#
1075#	rc_service	Path to the service being executed, in case the service
1076#			needs to re-invoke itself.
1077#
1078#	rc_pid		PID of command (if appropriate)
1079#
1080#	rc_fast		Not empty if "fast" was provided (q.v.)
1081#
1082#	rc_force	Not empty if "force" was provided (q.v.)
1083#
1084#	rc_quiet	Not empty if "quiet" was provided
1085#
1086#
1087run_rc_command()
1088{
1089	_return=0
1090	rc_arg=$1
1091	if [ -z "$name" ]; then
1092		err 3 'run_rc_command: $name is not set.'
1093	fi
1094
1095	DebugOn rc:all rc:all:$rc_arg rc:$name rc:$name:$rc_arg $name:$rc_arg
1096
1097	# Don't repeat the first argument when passing additional command-
1098	# line arguments to the command subroutines.
1099	#
1100	shift 1
1101	rc_extra_args="$*"
1102
1103	_rc_prefix=
1104	case "$rc_arg" in
1105	fast*)				# "fast" prefix; don't check pid
1106		rc_arg=${rc_arg#fast}
1107		rc_fast=yes
1108		rc_quiet=yes
1109		;;
1110	force*)				# "force" prefix; always run
1111		rc_force=yes
1112		_rc_prefix=force
1113		rc_arg=${rc_arg#${_rc_prefix}}
1114		if [ -n "${rcvar}" ]; then
1115			eval ${rcvar}=YES
1116		fi
1117		;;
1118	one*)				# "one" prefix; set ${rcvar}=yes
1119		_rc_prefix=one
1120		rc_arg=${rc_arg#${_rc_prefix}}
1121		if [ -n "${rcvar}" ]; then
1122			eval ${rcvar}=YES
1123		fi
1124		;;
1125	quiet*)				# "quiet" prefix; omit some messages
1126		_rc_prefix=quiet
1127		rc_arg=${rc_arg#${_rc_prefix}}
1128		rc_quiet=yes
1129		;;
1130	esac
1131
1132	eval _override_command=\$${name}_program
1133	command=${_override_command:-$command}
1134
1135	_keywords="start stop restart rcvar enable disable delete enabled describe extracommands $extra_commands"
1136	rc_pid=
1137	_pidcmd=
1138	_procname=${procname:-${command}}
1139
1140	eval _cpuset=\$${name}_cpuset
1141
1142	# Loose validation of the configured cpuset; just make sure it starts
1143	# with a number.  There have also been cases in the past where a hyphen
1144	# in a service name has caused eval errors, which trickle down into
1145	# various variables; don't let a situation like that break a bunch of
1146	# services just because of cpuset(1).
1147	case "$_cpuset" in
1148	[0-9]*)	;;
1149	*)	_cpuset="" ;;
1150	esac
1151
1152	_cpusetcmd=
1153	if [ -n "$_cpuset" ]; then
1154		_cpusetcmd="$CPUSET -l $_cpuset"
1155	fi
1156
1157	# If a specific jail has a specific svcj request, honor it (YES/NO).
1158	# If not (variable empty), evaluate the global svcj catch-all.
1159	# A global YES can be overriden by a specific NO, and a global NO is overriden
1160	# by a specific YES.
1161	eval _svcj=\$${name}_svcj
1162	if [ -z "$_svcj" ]; then
1163		_svcj=${svcj_all_enable}
1164		if [ -z "$_svcj" ]; then
1165			eval ${name}_svcj=NO
1166		fi
1167	fi
1168
1169					# setup pid check command
1170	if [ -n "$_procname" ]; then
1171		if [ -n "$pidfile" ]; then
1172			_pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')'
1173		else
1174			_pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')'
1175		fi
1176		_keywords="${_keywords} status poll"
1177	else
1178		if [ ! -z "${status_cmd}" ]
1179		then
1180			_keywords="${_keywords} status"
1181		fi
1182	fi
1183
1184	if [ -z "$rc_arg" ]; then
1185		rc_usage $_keywords
1186	fi
1187
1188	if [ "$rc_arg" = "enabled" ] ; then
1189		checkyesno ${rcvar}
1190		return $?
1191	fi
1192
1193	if [ -n "$flags" ]; then	# allow override from environment
1194		rc_flags=$flags
1195	else
1196		eval rc_flags=\$${name}_flags
1197	fi
1198	eval _chdir=\$${name}_chdir	_chroot=\$${name}_chroot \
1199	    _nice=\$${name}_nice	_user=\$${name}_user \
1200	    _group=\$${name}_group	_groups=\$${name}_groups \
1201	    _fib=\$${name}_fib		_env=\$${name}_env \
1202	    _prepend=\$${name}_prepend	_login_class=\${${name}_login_class:-daemon} \
1203	    _limits=\$${name}_limits	_oomprotect=\$${name}_oomprotect \
1204	    _setup=\$${name}_setup	_env_file=\$${name}_env_file \
1205	    _umask=\$${name}_umask	_svcj_options=\$${name}_svcj_options
1206
1207	if [ -n "$_env_file" ] && [ -r "${_env_file}" ]; then	# load env from file
1208		set -a
1209		. $_env_file
1210		set +a
1211	fi
1212
1213	if [ -n "$_user" ]; then	# unset $_user if running as that user
1214		if [ "$_user" = "$(eval $IDCMD)" ]; then
1215			unset _user
1216		fi
1217	fi
1218
1219	if [ -n "$_svcj_options" ]; then	# translate service jail options
1220		_svcj_cmd_options=""
1221
1222		_svcj_sysvipc_x=0
1223		for _svcj_option in $_svcj_options; do
1224			case "$_svcj_option" in
1225				mlock)
1226					_svcj_cmd_options="allow.mlock ${_svcj_cmd_options}"
1227					;;
1228				netv4)
1229					_svcj_cmd_options="ip4=inherit allow.reserved_ports ${_svcj_cmd_options}"
1230					;;
1231				netv6)
1232					_svcj_cmd_options="ip6=inherit allow.reserved_ports ${_svcj_cmd_options}"
1233					;;
1234				net_basic)
1235					_svcj_cmd_options="ip4=inherit ip6=inherit allow.reserved_ports ${_svcj_cmd_options}"
1236					;;
1237				net_raw)
1238					_svcj_cmd_options="allow.raw_sockets ${_svcj_cmd_options}"
1239					;;
1240				net_all)
1241					_svcj_cmd_options="allow.socket_af allow.raw_sockets allow.reserved_ports ip4=inherit ip6=inherit ${_svcj_cmd_options}"
1242					;;
1243				nfsd)
1244					_svcj_cmd_options="allow.nfsd enforce_statfs=1 ${_svcj_cmd_options}"
1245					;;
1246				sysvipc)
1247					_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
1248					_svcj_cmd_options="sysvmsg=inherit sysvsem=inherit sysvshm=inherit  ${_svcj_cmd_options}"
1249					;;
1250				sysvipcnew)
1251					_svcj_sysvipc_x=$((${_svcj_sysvipc_x} + 1))
1252					_svcj_cmd_options="sysvmsg=new sysvsem=new sysvshm=new ${_svcj_cmd_options}"
1253					;;
1254				vmm)
1255					_svcj_cmd_options="allow.vmm ${_svcj_cmd_options}"
1256					;;
1257				*)
1258					echo ${name}: unknown service jail option: $_svcj_option
1259					;;
1260			esac
1261		done
1262		if [ ${_svcj_sysvipc_x} -gt 1 ]; then
1263			echo -n "ERROR: more than one sysvipc option is "
1264			echo "specified in ${name}_svcj_options: $_svcj_options"
1265			return 1
1266		fi
1267	fi
1268
1269	[ -z "$autoboot" ] && eval $_pidcmd	# determine the pid if necessary
1270
1271	for _elem in $_keywords; do
1272		if [ "$_elem" != "$rc_arg" ]; then
1273			continue
1274		fi
1275					# if ${rcvar} is set, $1 is not "rcvar", "describe",
1276					# "enable", "delete" or "status", and ${rc_pid} is
1277					# not set, run:
1278					#	checkyesno ${rcvar}
1279					# and return if that failed
1280					#
1281		if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" \
1282		    -a "$rc_arg" != "delete" -a "$rc_arg" != "enable" \
1283		    -a "$rc_arg" != "describe" -a "$rc_arg" != "status" ] ||
1284		    [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then
1285			if ! checkyesno ${rcvar}; then
1286			    [ "$rc_arg" = "start" ] && _run_rc_offcmd
1287			    if [ -z "${rc_quiet}" ]; then
1288				echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to "
1289				echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' "
1290				echo "instead of '${rc_arg}'."
1291			    fi
1292			    return 0
1293			fi
1294		fi
1295
1296		if [ $rc_arg = "start" -a -z "$rc_fast" -a -n "$rc_pid" ]; then
1297			if [ -z "$rc_quiet" ]; then
1298				echo 1>&2 "${name} already running? " \
1299				    "(pid=$rc_pid)."
1300			fi
1301			return 1
1302		fi
1303
1304		# if there's a custom ${XXX_cmd},
1305		# run that instead of the default
1306		#
1307		eval _cmd=\$${rc_arg}_cmd \
1308		     _precmd=\$${rc_arg}_precmd \
1309		     _postcmd=\$${rc_arg}_postcmd
1310
1311		if [ -n "$_cmd" ]; then
1312			rc_trace 1 "$_cmd"
1313			if [ -n "$_env" ]; then
1314				eval "export -- $_env"
1315			fi
1316
1317			if [ "${_rc_svcj}" != jailing ]; then
1318				# service can redefine all so
1319				# check for valid setup target
1320				if [ "$rc_arg" = 'start' -o \
1321				    "$rc_arg" = 'restart' -o \
1322				    "$rc_arg" = 'reload' ]; then
1323					_run_rc_setup || \
1324					    warn "failed to setup ${name}"
1325				fi
1326				_run_rc_precmd || return 1
1327			fi
1328			if ! checkyesno ${name}_svcj; then
1329				_run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || return 1
1330			else
1331				case "$rc_arg" in
1332				start)
1333					if [ "${_rc_svcj}" != jailing ]; then
1334						_return=1
1335						_do_jailing=1
1336
1337						if check_jail jailed; then
1338							if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then
1339								echo ERROR: jail parameter children.max is set to 0, can not create a new service jail.
1340								_do_jailing=0
1341							else
1342								_free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur)))
1343								if [ ${_free_jails} -eq 0 ]; then
1344									echo ERROR: max number of jail children reached, can not create a new service jail.
1345									_do_jailing=0
1346
1347								fi
1348							fi
1349						fi
1350						if [ ${_do_jailing} -eq 1 ]; then
1351							$JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options \
1352							    exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \
1353							    exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \
1354							    exec.consolelog="/var/log/svcj_${name}_console.log" \
1355							    name=svcj-${name} && _return=0
1356						fi
1357					else
1358						_run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1
1359					fi
1360					;;
1361				stop)
1362					if [ "${_rc_svcj}" != jailing ]; then
1363						$SERVICE -E _rc_svcj=jailing -j svcj-${name} ${name} ${_rc_prefix}stop $rc_extra_args || _return=1
1364						$JAIL_CMD -r svcj-${name} 2>/dev/null
1365					else
1366						_run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1
1367					fi
1368					;;
1369				restart|status) ;; # no special case needed for svcj or handled somewhere else
1370				*)
1371					eval _rc_svcj_extra_cmd=\$${name}_${rc_arg}_svcj_enable
1372					: ${_rc_svcj_extra_cmd:=NO}
1373					if checkyesno _rc_svcj_extra_cmd && [ "${_rc_svcj}" != jailing ]; then
1374						$SERVICE -v -E _rc_svcj=jailing -j svcj-${name} ${name} ${_rc_prefix}${rc_arg} $rc_extra_args || _return=1
1375					else
1376						_run_rc_doit "$_cpusetcmd $_cmd $rc_extra_args" || _return=1
1377					fi
1378					;;
1379				esac
1380			fi
1381			if [ "${_rc_svcj}" != jailing ]; then
1382				_run_rc_postcmd
1383			fi
1384			return $_return
1385		fi
1386
1387		case "$rc_arg" in	# default operations...
1388
1389		describe)
1390			if [ -n "$desc" ]; then
1391				echo "$desc"
1392			fi
1393			;;
1394
1395		extracommands)
1396			echo "$extra_commands"
1397			;;
1398
1399		enable)
1400			_out=$(/usr/sbin/sysrc -vs "$name" "$rcvar=YES") &&
1401				echo "$name enabled in ${_out%%:*}"
1402			;;
1403
1404		disable)
1405			_out=$(/usr/sbin/sysrc -vs "$name" "$rcvar=NO") &&
1406				echo "$name disabled in ${_out%%:*}"
1407			;;
1408
1409		delete)
1410			_files=
1411			for _file in $(sysrc -lEs "$name"); do
1412				_out=$(sysrc -Fif $_file "$rcvar") && _files="$_files $_file"
1413			done
1414			/usr/sbin/sysrc -x "$rcvar" && echo "$rcvar deleted in ${_files# }"
1415				# delete file in rc.conf.d if desired and empty.
1416			checkyesno service_delete_empty || _files=
1417			for _file in $_files; do
1418				[ "$_file" = "${_file#*/rc.conf.d/}" ] && continue
1419				[ $(/usr/bin/stat -f%z $_file) -gt 0 ] && continue
1420				/bin/rm "$_file" && echo "Empty file $_file removed"
1421			done
1422			;;
1423
1424		status)
1425			_run_rc_precmd || return 1
1426			if [ -n "$rc_pid" ]; then
1427				echo "${name} is running as pid $rc_pid."
1428			else
1429				echo "${name} is not running."
1430				return 1
1431			fi
1432			_run_rc_postcmd
1433			;;
1434
1435		start)
1436			if [ ! -x "${_chroot}${_chroot:+/}${command}" ]; then
1437				warn "run_rc_command: cannot run $command"
1438				return 1
1439			fi
1440
1441			if [ "${_rc_svcj}" != jailing ]; then
1442				_run_rc_setup || warn "failed to setup ${name}"
1443
1444				if ! _run_rc_precmd; then
1445					warn "failed precmd routine for ${name}"
1446					return 1
1447				fi
1448			fi
1449
1450			if checkyesno ${name}_svcj; then
1451				if [ "${_rc_svcj}" != jailing ]; then
1452					if check_jail jailed; then
1453						if [ $(${SYSCTL_N} security.jail.children.max) -eq 0 ]; then
1454							echo ERROR: jail parameter children.max is set to 0, can not create a new service jail.
1455							return 1
1456						else
1457							_free_jails=$(($(${SYSCTL_N} security.jail.children.max) - $(${SYSCTL_N} security.jail.children.cur)))
1458							if [ ${_free_jails} -eq 0 ]; then
1459								echo ERROR: max number of jail children reached, can not create a new service jail.
1460								return 1
1461							fi
1462						fi
1463					fi
1464					$JAIL_CMD -c $_svcj_generic_params $_svcj_cmd_options\
1465					    exec.start="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}start $rc_extra_args" \
1466					    exec.stop="${SERVICE} -E _rc_svcj=jailing ${name} ${_rc_prefix}stop $rc_extra_args" \
1467					    exec.consolelog="/var/log/svcj_${name}_console.log" \
1468					    name=svcj-${name} || return 1
1469				fi
1470			fi
1471
1472			# setup the full command to run
1473			#
1474			startmsg "Starting ${name}."
1475			if [ -n "$_chroot" ]; then
1476				_cd=
1477				_doit="\
1478${_nice:+nice -n $_nice }\
1479$_cpusetcmd \
1480${_fib:+setfib -F $_fib }\
1481${_env:+env $_env }\
1482chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\
1483$_chroot $command $rc_flags $command_args"
1484			else
1485				_cd="${_chdir:+cd $_chdir && }"
1486				_doit="\
1487${_fib:+setfib -F $_fib }\
1488${_env:+env $_env }\
1489$_cpusetcmd $command $rc_flags $command_args"
1490				if [ -n "$_user" ]; then
1491				    _doit="su -m $_user -c 'sh -c \"$_doit\"'"
1492				fi
1493				if [ -n "$_nice" ]; then
1494					if [ -z "$_user" ]; then
1495						_doit="sh -c \"$_doit\""
1496					fi
1497					_doit="nice -n $_nice $_doit"
1498				fi
1499				if [ -n "$_prepend" ]; then
1500					_doit="$_prepend $_doit"
1501				fi
1502			fi
1503
1504			# Prepend default limits
1505			_doit="$_cd limits -C $_login_class $_limits $_doit"
1506
1507			local _really_run_it=true
1508			if checkyesno ${name}_svcj; then
1509				if [ "${_rc_svcj}" != jailing ]; then
1510					_really_run_it=false
1511				fi
1512			fi
1513
1514			if [ "$_really_run_it" = true ]; then
1515				# run the full command
1516				#
1517				if ! _run_rc_doit "$_doit"; then
1518					warn "failed to start ${name}"
1519					return 1
1520				fi
1521			fi
1522
1523			if [ "${_rc_svcj}" != jailing ]; then
1524				# finally, run postcmd
1525				#
1526				_run_rc_postcmd
1527			fi
1528			;;
1529
1530		stop)
1531			if [ -z "$rc_pid" ]; then
1532				[ -n "$rc_fast" ] && return 0
1533				_run_rc_notrunning
1534				return 1
1535			fi
1536
1537			_run_rc_precmd || return 1
1538
1539			# send the signal to stop
1540			#
1541			echo "Stopping ${name}."
1542			_doit=$(_run_rc_killcmd "${sig_stop:-TERM}")
1543			_run_rc_doit "$_doit" || return 1
1544
1545			# wait for the command to exit,
1546			# and run postcmd.
1547			wait_for_pids $rc_pid
1548
1549			if checkyesno ${name}_svcj; then
1550				# remove service jail
1551				$JAIL_CMD -r svcj-${name} 2>/dev/null
1552			fi
1553
1554			_run_rc_postcmd
1555			;;
1556
1557		reload)
1558			if [ -z "$rc_pid" ]; then
1559				_run_rc_notrunning
1560				return 1
1561			fi
1562
1563			_run_rc_setup || warn "failed to setup ${name}"
1564
1565			_run_rc_precmd || return 1
1566
1567			_doit=$(_run_rc_killcmd "${sig_reload:-HUP}")
1568			_run_rc_doit "$_doit" || return 1
1569
1570			_run_rc_postcmd
1571			;;
1572
1573		restart)
1574			_run_rc_setup || warn "failed to setup ${name}"
1575
1576			# prevent restart being called more
1577			# than once by any given script
1578			#
1579			if ${_rc_restart_done:-false}; then
1580				return 0
1581			fi
1582			_rc_restart_done=true
1583
1584			_run_rc_precmd || return 1
1585
1586			# run those in a subshell to keep global variables
1587			( run_rc_command ${_rc_prefix}stop $rc_extra_args )
1588			( run_rc_command ${_rc_prefix}start $rc_extra_args )
1589			_return=$?
1590			[ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1
1591
1592			_run_rc_postcmd
1593			;;
1594
1595		poll)
1596			_run_rc_precmd || return 1
1597			if [ -n "$rc_pid" ]; then
1598				wait_for_pids $rc_pid
1599			fi
1600			_run_rc_postcmd
1601			;;
1602
1603		rcvar)
1604			echo -n "# $name"
1605			if [ -n "$desc" ]; then
1606				echo " : $desc"
1607			else
1608				echo ""
1609			fi
1610			echo "#"
1611			# Get unique vars in $rcvar $rcvars
1612			for _v in $rcvar $rcvars; do
1613				case $v in
1614				$_v\ *|\ *$_v|*\ $_v\ *) ;;
1615				*)	v="${v# } $_v" ;;
1616				esac
1617			done
1618
1619			# Display variables.
1620			for _v in $v; do
1621				if [ -z "$_v" ]; then
1622					continue
1623				fi
1624
1625				eval _desc=\$${_v}_desc
1626				eval _defval=\$${_v}_defval
1627				_h="-"
1628
1629				eval echo \"$_v=\\\"\$$_v\\\"\"
1630				# decode multiple lines of _desc
1631				while [ -n "$_desc" ]; do
1632					case $_desc in
1633					*^^*)
1634						echo "# $_h ${_desc%%^^*}"
1635						_desc=${_desc#*^^}
1636						_h=" "
1637						;;
1638					*)
1639						echo "# $_h ${_desc}"
1640						break
1641						;;
1642					esac
1643				done
1644				echo "#   (default: \"$_defval\")"
1645			done
1646			echo ""
1647			;;
1648
1649		*)
1650			rc_usage $_keywords
1651			;;
1652
1653		esac
1654
1655		# Apply protect(1) to the PID if ${name}_oomprotect is set.
1656		case "$rc_arg" in
1657		start)
1658			# We cannot use protect(1) inside jails.
1659			if [ -n "$_oomprotect" ] && [ -f "${PROTECT}" ] &&
1660			    [ "$(sysctl -n security.jail.jailed)" -eq 0 ]; then
1661				[ -z "${rc_pid}" ] && eval $_pidcmd
1662				case $_oomprotect in
1663				[Aa][Ll][Ll])
1664					${PROTECT} -d -i -p ${rc_pid}
1665					;;
1666				[Yy][Ee][Ss])
1667					${PROTECT} -p ${rc_pid}
1668					;;
1669				esac
1670			fi
1671		;;
1672		esac
1673
1674		return $_return
1675	done
1676
1677	echo 1>&2 "$0: unknown directive '$rc_arg'."
1678	rc_usage $_keywords
1679	# not reached
1680}
1681
1682#
1683# Helper functions for run_rc_command: common code.
1684# They use such global variables besides the exported rc_* ones:
1685#
1686#	name	       R/W
1687#	------------------
1688#	_offcmd		R
1689#	_precmd		R
1690#	_postcmd	R
1691#	_return		W
1692#	_setup		R
1693#
1694_run_rc_offcmd()
1695{
1696	eval _offcmd=\$${name}_offcmd
1697	if [ -n "$_offcmd" ]; then
1698		if [ -n "$_env" ]; then
1699			eval "export -- $_env"
1700		fi
1701		debug "run_rc_command: ${name}_offcmd: $_offcmd $rc_extra_args"
1702		eval "$_offcmd $rc_extra_args"
1703		_return=$?
1704	fi
1705	return 0
1706}
1707
1708_run_rc_precmd()
1709{
1710	check_required_before "$rc_arg" || return 1
1711
1712	if [ -n "$_precmd" ]; then
1713		debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args"
1714		eval "$_precmd $rc_extra_args"
1715		_return=$?
1716
1717		# If precmd failed and force isn't set, request exit.
1718		if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
1719			return 1
1720		fi
1721	fi
1722
1723	check_required_after "$rc_arg" || return 1
1724
1725	return 0
1726}
1727
1728_run_rc_postcmd()
1729{
1730	if [ -n "$_postcmd" ]; then
1731		debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args"
1732		eval "$_postcmd $rc_extra_args"
1733		_return=$?
1734	fi
1735	return 0
1736}
1737
1738_run_rc_setup()
1739{
1740	# prevent multiple execution on restart => stop/start split
1741	if ! ${_rc_restart_done:-false} && [ -n "$_setup" ]; then
1742		debug "run_rc_command: ${rc_arg}_setup: $_setup"
1743		eval "$_setup"
1744		_return=$?
1745		if [ $_return -ne 0 ]; then
1746			return 1
1747		fi
1748	fi
1749	return 0
1750}
1751
1752_run_rc_doit()
1753{
1754	local _m
1755
1756	debug "run_rc_command: doit: $*"
1757	_m=$(umask)
1758	${_umask:+umask ${_umask}}
1759	eval "$@"
1760	_return=$?
1761	umask ${_m}
1762
1763	# If command failed and force isn't set, request exit.
1764	if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
1765		return 1
1766	fi
1767
1768	return 0
1769}
1770
1771_run_rc_notrunning()
1772{
1773	local _pidmsg
1774
1775	if [ -n "$pidfile" ]; then
1776		_pidmsg=" (check $pidfile)."
1777	else
1778		_pidmsg=
1779	fi
1780	echo 1>&2 "${name} not running?${_pidmsg}"
1781}
1782
1783_run_rc_killcmd()
1784{
1785	local _cmd
1786
1787	_cmd="kill -$1 $rc_pid"
1788	if [ -n "$_user" ]; then
1789		_cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'"
1790	fi
1791	echo "$_cmd"
1792}
1793
1794#
1795# run_rc_script file arg
1796#	Start the script `file' with `arg', and correctly handle the
1797#	return value from the script.
1798#	If `file' ends with `.sh' and lives in /etc/rc.d, ignore it as it's
1799#	an old-style startup file.
1800#	If `file' ends with `.sh' and does not live in /etc/rc.d, it's sourced
1801#	into the current environment if $rc_fast_and_loose is set; otherwise
1802#	it is run as a child process.
1803#	If `file' appears to be a backup or scratch file, ignore it.
1804#	Otherwise if it is executable run as a child process.
1805#
1806run_rc_script()
1807{
1808	_file=$1
1809	_arg=$2
1810	if [ -z "$_file" -o -z "$_arg" ]; then
1811		err 3 'USAGE: run_rc_script file arg'
1812	fi
1813
1814	unset	name command command_args command_interpreter \
1815		extra_commands pidfile procname \
1816		rcvar rcvars rcvars_obsolete required_dirs required_files \
1817		required_vars
1818	eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd
1819
1820	rc_trace 0 "$_file $_arg"
1821	# don't use it if we don't trust it
1822	is_verified $_file || return
1823
1824	rc_service="$_file"
1825	case "$_file" in
1826	/etc/rc.d/*.sh)			# no longer allowed in the base
1827		warn "Ignoring old-style startup script $_file"
1828		;;
1829	*[~#]|*.OLD|*.bak|*.orig|*,v)	# scratch file; skip
1830		warn "Ignoring scratch file $_file"
1831		;;
1832	*)				# run in subshell
1833		if [ -x $_file ]; then
1834			DebugOn $_file $_file:$_arg rc:${_file##*/} rc:${_file##*/}:$_arg ${_file##*/} ${_file##*/}:$_arg
1835
1836			if [ -n "$rc_boottrace" ]; then
1837				boottrace_fn "$_file" "$_arg"
1838			elif [ -n "$rc_fast_and_loose" ]; then
1839				set $_arg; . $_file
1840			else
1841				( trap "echo Script $_file interrupted >&2 ; kill -QUIT $$" 3
1842				  trap "echo Script $_file interrupted >&2 ; exit 1" 2
1843				  trap "echo Script $_file running >&2" 29
1844				  set $_arg; . $_file )
1845			fi
1846			DebugOff $_file $_file:$_arg rc:${_file##*/} rc:${_file##*/}:$_arg ${_file##*/} ${_file##*/}:$_arg
1847		fi
1848		;;
1849	esac
1850}
1851
1852#
1853# run_rc_scripts [options] file [...]
1854#
1855# Call `run_rc_script' for each "file" unless already listed in
1856# $_rc_elem_done.
1857#
1858# Options:
1859#
1860#	--arg "arg"
1861#		Pass "arg" to `run_rc_script' default is $_boot.
1862#
1863#	--break "marker"
1864#		If any "file" matches "marker" stop processing.
1865#
1866_rc_elem_done=
1867run_rc_scripts()
1868{
1869	local _arg=${_boot}
1870	local _rc_elem
1871	local _rc_breaks=
1872
1873	while :; do
1874		case "$1" in
1875		--arg)
1876                        _arg="$2"
1877                        shift 2
1878                        ;;
1879		--break)
1880                        _rc_breaks="$_rc_breaks $2"
1881                        shift 2
1882                        ;;
1883		*)
1884                        break
1885                        ;;
1886		esac
1887	done
1888	for _rc_elem in "$@"; do
1889		: _rc_elem=$_rc_elem
1890		case " $_rc_elem_done " in
1891		*" $_rc_elem "*)
1892                        continue
1893                        ;;
1894		esac
1895		run_rc_script ${_rc_elem} ${_arg}
1896		_rc_elem_done="$_rc_elem_done $_rc_elem"
1897		case " $_rc_breaks " in
1898		*" ${_rc_elem##*/} "*)
1899                        break
1900                        ;;
1901		esac
1902	done
1903}
1904
1905boottrace_fn()
1906{
1907	local _file _arg
1908	_file=$1
1909	_arg=$2
1910
1911	if [ -n "$rc_fast_and_loose" ]; then
1912		boottrace_sysctl "$_file start"
1913		set $_arg; . $_file
1914		boottrace_sysctl "$_file done"
1915	else
1916		_boot="${_boot}" rc_fast="${rc_fast}" autoboot="${autoboot}" \
1917		    $boottrace_cmd "$_file" "$_arg"
1918	fi
1919}
1920
1921boottrace_sysctl()
1922{
1923	${SYSCTL} kern.boottrace.boottrace="$1"
1924}
1925
1926#
1927# load_rc_config [service]
1928#	Source in the configuration file(s) for a given service.
1929#	If no service is specified, only the global configuration
1930#	file(s) will be loaded.
1931#
1932load_rc_config()
1933{
1934	local _name _rcvar_val _var _defval _v _msg _new _d _dot
1935	_name=$1
1936	_dot=${load_rc_config_reader:-dot}
1937
1938	case "$_dot" in
1939	dot|[sv]dot)
1940		;;
1941	*)	warn "Ignoring invalid load_rc_config_reader"
1942		_dot=dot
1943		;;
1944	esac
1945	case "$1" in
1946	-s|--safe)
1947                _dot=sdot
1948                _name=$2
1949                shift
1950                ;;
1951	-v|--verify)
1952                _dot=vdot
1953                _name=$2
1954                shift
1955                ;;
1956	esac
1957
1958	DebugOn rc:$_name $_name
1959
1960	if ${_rc_conf_loaded:-false}; then
1961		:
1962	else
1963		if [ -r /etc/defaults/rc.conf ]; then
1964			debug "Sourcing /etc/defaults/rc.conf"
1965			$_dot /etc/defaults/rc.conf
1966			source_rc_confs
1967		elif [ -r /etc/rc.conf ]; then
1968			debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)."
1969			$_dot /etc/rc.conf
1970		fi
1971		_rc_conf_loaded=true
1972	fi
1973
1974	# If a service name was specified, attempt to load
1975	# service-specific configuration
1976	if [ -n "$_name" ] ; then
1977		for _d in /etc ${local_startup}; do
1978			_d=${_d%/rc.d}
1979			if [ -f ${_d}/rc.conf.d/"$_name" ]; then
1980				debug "Sourcing ${_d}/rc.conf.d/$_name"
1981				$_dot ${_d}/rc.conf.d/"$_name"
1982			elif [ -d ${_d}/rc.conf.d/"$_name" ] ; then
1983				local _rc
1984				for _rc in ${_d}/rc.conf.d/"$_name"/* ; do
1985					if [ -f "$_rc" ] ; then
1986						debug "Sourcing $_rc"
1987						$_dot "$_rc"
1988					fi
1989				done
1990			fi
1991		done
1992	fi
1993
1994	# Set defaults if defined.
1995	for _var in $rcvar $rcvars; do
1996		eval _defval=\$${_var}_defval
1997		if [ -n "$_defval" ]; then
1998			eval : \${$_var:=\$${_var}_defval}
1999		fi
2000	done
2001
2002	# check obsolete rc.conf variables
2003	for _var in $rcvars_obsolete; do
2004		eval _v=\$$_var
2005		eval _msg=\$${_var}_obsolete_msg
2006		eval _new=\$${_var}_newvar
2007		case $_v in
2008		"")
2009			;;
2010		*)
2011			if [ -z "$_new" ]; then
2012				_msg="Ignored."
2013			else
2014				eval $_new=\"\$$_var\"
2015				if [ -z "$_msg" ]; then
2016					_msg="Use \$$_new instead."
2017				fi
2018			fi
2019			warn "\$$_var is obsolete.  $_msg"
2020			;;
2021		esac
2022	done
2023}
2024
2025#
2026# load_rc_config_var name var
2027#	Read the rc.conf(5) var for name and set in the
2028#	current shell, using load_rc_config in a subshell to prevent
2029#	unwanted side effects from other variable assignments.
2030#
2031load_rc_config_var()
2032{
2033	if [ $# -ne 2 ]; then
2034		err 3 'USAGE: load_rc_config_var name var'
2035	fi
2036	eval $(eval '(
2037		load_rc_config '$1' >/dev/null;
2038		if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then
2039			echo '$2'=\'\''${'$2'}\'\'';
2040		fi
2041	)' )
2042}
2043
2044#
2045# rc_usage commands
2046#	Print a usage string for $0, with `commands' being a list of
2047#	valid commands.
2048#
2049rc_usage()
2050{
2051	echo -n 1>&2 "Usage: $0 [fast|force|one|quiet]("
2052
2053	_sep=
2054	for _elem; do
2055		echo -n 1>&2 "$_sep$_elem"
2056		_sep="|"
2057	done
2058	echo 1>&2 ")"
2059	exit 1
2060}
2061
2062#
2063# err exitval message
2064#	Display message to stderr and log to the syslog, and exit with exitval.
2065#
2066err()
2067{
2068	exitval=$1
2069	shift
2070
2071	if [ -x /usr/bin/logger ]; then
2072		logger "$0: ERROR: $*"
2073	fi
2074	echo 1>&2 "$0: ERROR: $*"
2075	exit $exitval
2076}
2077
2078#
2079# warn message
2080#	Display message to stderr and log to the syslog.
2081#
2082warn()
2083{
2084	if [ -x /usr/bin/logger ]; then
2085		logger "$0: WARNING: $*"
2086	fi
2087	echo 1>&2 "$0: WARNING: $*"
2088}
2089
2090#
2091# info message
2092#	Display informational message to stdout and log to syslog.
2093#
2094info()
2095{
2096	case ${rc_info} in
2097	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
2098		if [ -x /usr/bin/logger ]; then
2099			logger "$0: INFO: $*"
2100		fi
2101		echo "$0: INFO: $*"
2102		;;
2103	esac
2104}
2105
2106#
2107# debug message
2108#	If debugging is enabled in rc.conf output message to stderr.
2109#	BEWARE that you don't call any subroutine that itself calls this
2110#	function.
2111#
2112debug()
2113{
2114	case ${rc_debug} in
2115	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
2116		if [ -x /usr/bin/logger ]; then
2117			logger "$0: DEBUG: $*"
2118		fi
2119		echo 1>&2 "$0: DEBUG: $*"
2120		;;
2121	esac
2122}
2123
2124#
2125# backup_file action file cur backup
2126#	Make a backup copy of `file' into `cur', and save the previous
2127#	version of `cur' as `backup'.
2128#
2129#	The `action' keyword can be one of the following:
2130#
2131#	add		`file' is now being backed up (and is possibly
2132#			being reentered into the backups system).  `cur'
2133#			is created.
2134#
2135#	update		`file' has changed and needs to be backed up.
2136#			If `cur' exists, it is copied to `back'
2137#			and then `file' is copied to `cur'.
2138#
2139#	remove		`file' is no longer being tracked by the backups
2140#			system.  `cur' is moved `back'.
2141#
2142#
2143backup_file()
2144{
2145	_action=$1
2146	_file=$2
2147	_cur=$3
2148	_back=$4
2149
2150	case $_action in
2151	add|update)
2152		if [ -f $_cur ]; then
2153			cp -p $_cur $_back
2154		fi
2155		cp -p $_file $_cur
2156		chown root:wheel $_cur
2157		;;
2158	remove)
2159		mv -f $_cur $_back
2160		;;
2161	esac
2162}
2163
2164# make_symlink src link
2165#	Make a symbolic link 'link' to src from basedir. If the
2166#	directory in which link is to be created does not exist
2167#	a warning will be displayed and an error will be returned.
2168#	Returns 0 on success, 1 otherwise.
2169#
2170make_symlink()
2171{
2172	local src link linkdir _me
2173	src="$1"
2174	link="$2"
2175	linkdir="`dirname $link`"
2176	_me="make_symlink()"
2177
2178	if [ -z "$src" -o -z "$link" ]; then
2179		warn "$_me: requires two arguments."
2180		return 1
2181	fi
2182	if [ ! -d "$linkdir" ]; then
2183		warn "$_me: the directory $linkdir does not exist."
2184		return 1
2185	fi
2186	if ! ln -sf $src $link; then
2187		warn "$_me: unable to make a symbolic link from $link to $src"
2188		return 1
2189	fi
2190	return 0
2191}
2192
2193# devfs_rulesets_from_file file
2194#	Reads a set of devfs commands from file, and creates
2195#	the specified rulesets with their rules. Returns non-zero
2196#	if there was an error.
2197#
2198devfs_rulesets_from_file()
2199{
2200	local file _err _me _opts
2201	file="$1"
2202	_me="devfs_rulesets_from_file"
2203	_err=0
2204
2205	if [ -z "$file" ]; then
2206		warn "$_me: you must specify a file"
2207		return 1
2208	fi
2209	if [ ! -e "$file" ]; then
2210		debug "$_me: no such file ($file)"
2211		return 0
2212	fi
2213
2214	# Disable globbing so that the rule patterns are not expanded
2215	# by accident with matching filesystem entries.
2216	_opts=$-; set -f
2217
2218	debug "reading rulesets from file ($file)"
2219	{ while read line
2220	do
2221		case $line in
2222		\#*)
2223			continue
2224			;;
2225		\[*\]*)
2226			rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"`
2227			if [ -z "$rulenum" ]; then
2228				warn "$_me: cannot extract rule number ($line)"
2229				_err=1
2230				break
2231			fi
2232			rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"`
2233			if [ -z "$rulename" ]; then
2234				warn "$_me: cannot extract rule name ($line)"
2235				_err=1
2236				break;
2237			fi
2238			eval $rulename=\$rulenum
2239			debug "found ruleset: $rulename=$rulenum"
2240			if ! /sbin/devfs rule -s $rulenum delset; then
2241				_err=1
2242				break
2243			fi
2244			;;
2245		*)
2246			rulecmd="${line%%"\#*"}"
2247			# evaluate the command incase it includes
2248			# other rules
2249			if [ -n "$rulecmd" ]; then
2250				debug "adding rule ($rulecmd)"
2251				if ! eval /sbin/devfs rule -s $rulenum $rulecmd
2252				then
2253					_err=1
2254					break
2255				fi
2256			fi
2257			;;
2258		esac
2259		if [ $_err -ne 0 ]; then
2260			debug "error in $_me"
2261			break
2262		fi
2263	done } < $file
2264	case $_opts in *f*) ;; *) set +f ;; esac
2265	return $_err
2266}
2267
2268# devfs_init_rulesets
2269#	Initializes rulesets from configuration files. Returns
2270#	non-zero if there was an error.
2271#
2272devfs_init_rulesets()
2273{
2274	local file _me
2275	_me="devfs_init_rulesets"
2276
2277	# Go through this only once
2278	if [ -n "$devfs_rulesets_init" ]; then
2279		debug "$_me: devfs rulesets already initialized"
2280		return
2281	fi
2282	for file in $devfs_rulesets; do
2283		if ! devfs_rulesets_from_file $file; then
2284			warn "$_me: could not read rules from $file"
2285			return 1
2286		fi
2287	done
2288	devfs_rulesets_init=1
2289	debug "$_me: devfs rulesets initialized"
2290	return 0
2291}
2292
2293# devfs_set_ruleset ruleset [dir]
2294#	Sets the default ruleset of dir to ruleset. The ruleset argument
2295#	must be a ruleset name as specified in devfs.rules(5) file.
2296#	Returns non-zero if it could not set it successfully.
2297#
2298devfs_set_ruleset()
2299{
2300	local devdir rs _me
2301	[ -n "$1" ] && eval rs=\$$1 || rs=
2302	[ -n "$2" ] && devdir="-m "$2"" || devdir=
2303	_me="devfs_set_ruleset"
2304
2305	if [ -z "$rs" ]; then
2306		warn "$_me: you must specify a ruleset number"
2307		return 1
2308	fi
2309	debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })"
2310	if ! /sbin/devfs $devdir ruleset $rs; then
2311		warn "$_me: unable to set ruleset $rs to ${devdir#-m }"
2312		return 1
2313	fi
2314	return 0
2315}
2316
2317# devfs_apply_ruleset ruleset [dir]
2318#	Apply ruleset number $ruleset to the devfs mountpoint $dir.
2319#	The ruleset argument must be a ruleset name as specified
2320#	in a devfs.rules(5) file.  Returns 0 on success or non-zero
2321#	if it could not apply the ruleset.
2322#
2323devfs_apply_ruleset()
2324{
2325	local devdir rs _me
2326	[ -n "$1" ] && eval rs=\$$1 || rs=
2327	[ -n "$2" ] && devdir="-m "$2"" || devdir=
2328	_me="devfs_apply_ruleset"
2329
2330	if [ -z "$rs" ]; then
2331		warn "$_me: you must specify a ruleset"
2332		return 1
2333	fi
2334	debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })"
2335	if ! /sbin/devfs $devdir rule -s $rs applyset; then
2336		warn "$_me: unable to apply ruleset $rs to ${devdir#-m }"
2337		return 1
2338	fi
2339	return 0
2340}
2341
2342# devfs_domount dir [ruleset]
2343#	Mount devfs on dir. If ruleset is specified it is set
2344#	on the mount-point. It must also be a ruleset name as specified
2345#	in a devfs.rules(5) file. Returns 0 on success.
2346#
2347devfs_domount()
2348{
2349	local devdir rs _me
2350	devdir="$1"
2351	[ -n "$2" ] && rs=$2 || rs=
2352	_me="devfs_domount()"
2353
2354	if [ -z "$devdir" ]; then
2355		warn "$_me: you must specify a mount-point"
2356		return 1
2357	fi
2358	debug "$_me: mount-point is ($devdir), ruleset is ($rs)"
2359	if ! mount -t devfs dev "$devdir"; then
2360		warn "$_me: Unable to mount devfs on $devdir"
2361		return 1
2362	fi
2363	if [ -n "$rs" ]; then
2364		devfs_init_rulesets
2365		devfs_set_ruleset $rs $devdir
2366		devfs -m $devdir rule applyset
2367	fi
2368	return 0
2369}
2370
2371# Provide a function for normalizing the mounting of memory
2372# filesystems.  This should allow the rest of the code here to remain
2373# as close as possible between 5-current and 4-stable.
2374#   $1 = size
2375#   $2 = mount point
2376#   $3 = (optional) extra mdmfs flags
2377mount_md()
2378{
2379	if [ -n "$3" ]; then
2380		flags="$3"
2381	fi
2382	/sbin/mdmfs $flags -s $1 ${mfs_type} $2
2383}
2384
2385# Code common to scripts that need to load a kernel module
2386# if it isn't in the kernel yet. Syntax:
2387#   load_kld [-e regex] [-m module] file
2388# where -e or -m chooses the way to check if the module
2389# is already loaded:
2390#   regex is egrep'd in the output from `kldstat -v',
2391#   module is passed to `kldstat -m'.
2392# The default way is as though `-m file' were specified.
2393load_kld()
2394{
2395	local _loaded _mod _opt _re
2396
2397	while getopts "e:m:" _opt; do
2398		case "$_opt" in
2399		e) _re="$OPTARG" ;;
2400		m) _mod="$OPTARG" ;;
2401		*) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;;
2402		esac
2403	done
2404	shift $(($OPTIND - 1))
2405	if [ $# -ne 1 ]; then
2406		err 3 'USAGE: load_kld [-e regex] [-m module] file'
2407	fi
2408	_mod=${_mod:-$1}
2409	_loaded=false
2410	if [ -n "$_re" ]; then
2411		if kldstat -v | egrep -q -e "$_re"; then
2412			_loaded=true
2413		fi
2414	else
2415		if kldstat -q -m "$_mod"; then
2416			_loaded=true
2417		fi
2418	fi
2419	if ! $_loaded; then
2420		if ! kldload "$1"; then
2421			warn "Unable to load kernel module $1"
2422			return 1
2423		else
2424			info "$1 kernel module loaded."
2425			if [ -f "/etc/sysctl.kld.d/$1.conf" ]; then
2426				sysctl -f "/etc/sysctl.kld.d/$1.conf"
2427			fi
2428		fi
2429	else
2430		debug "load_kld: $1 kernel module already loaded."
2431	fi
2432	return 0
2433}
2434
2435# ltr str src dst [var]
2436#	Change every $src in $str to $dst.
2437#	Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor
2438#	awk(1). If var is non-NULL, set it to the result.
2439ltr()
2440{
2441	local _str _src _dst _out _com _var
2442	_str="$1"
2443	_src="$2"
2444	_dst="$3"
2445	_var="$4"
2446	_out=""
2447
2448	local IFS="${_src}"
2449	for _com in ${_str}; do
2450		if [ -z "${_out}" ]; then
2451			_out="${_com}"
2452		else
2453			_out="${_out}${_dst}${_com}"
2454		fi
2455	done
2456	if [ -n "${_var}" ]; then
2457		setvar "${_var}" "${_out}"
2458	else
2459		echo "${_out}"
2460	fi
2461}
2462
2463# Creates a list of providers for GELI encryption.
2464geli_make_list()
2465{
2466	local devices devices2
2467	local provider mountpoint type options rest
2468
2469	# Create list of GELI providers from fstab.
2470	while read provider mountpoint type options rest ; do
2471		case ":${options}" in
2472		:*noauto*)
2473			noauto=yes
2474			;;
2475		*)
2476			noauto=no
2477			;;
2478		esac
2479
2480		case ":${provider}" in
2481		:#*)
2482			continue
2483			;;
2484		*.eli)
2485			# Skip swap devices.
2486			if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then
2487				continue
2488			fi
2489			devices="${devices} ${provider}"
2490			;;
2491		esac
2492	done < /etc/fstab
2493
2494	# Append providers from geli_devices.
2495	devices="${devices} ${geli_devices}"
2496
2497	for provider in ${devices}; do
2498		provider=${provider%.eli}
2499		provider=${provider#/dev/}
2500		devices2="${devices2} ${provider}"
2501	done
2502
2503	echo ${devices2}
2504}
2505
2506# Originally, root mount hold had to be released before mounting
2507# the root filesystem.  This delayed the boot, so it was changed
2508# to only wait if the root device isn't readily available.  This
2509# can result in rc scripts executing before all the devices - such
2510# as graid(8), or USB disks - can be accessed.  This function can
2511# be used to explicitly wait for root mount holds to be released.
2512root_hold_wait()
2513{
2514	local wait waited holders
2515
2516	waited=0
2517	while true; do
2518		holders="$(sysctl -n vfs.root_mount_hold)"
2519		if [ -z "${holders}" ]; then
2520			break;
2521		fi
2522		if [ ${waited} -eq 0 ]; then
2523			echo -n "Waiting ${root_hold_delay}s" \
2524			"for the root mount holders: ${holders}"
2525		else
2526			echo -n .
2527		fi
2528		if [ ${waited} -ge ${root_hold_delay} ]; then
2529			echo
2530			break
2531		fi
2532		sleep 1
2533		waited=$(($waited + 1))
2534	done
2535}
2536
2537# Find scripts in local_startup directories that use the old syntax
2538#
2539find_local_scripts_old() {
2540	zlist=''
2541	slist=''
2542	for dir in ${local_startup}; do
2543		if [ -d "${dir}" ]; then
2544			for file in ${dir}/[0-9]*.sh; do
2545				grep '^# PROVIDE:' $file >/dev/null 2>&1 &&
2546				    continue
2547				zlist="$zlist $file"
2548			done
2549			for file in ${dir}/[!0-9]*.sh; do
2550				grep '^# PROVIDE:' $file >/dev/null 2>&1 &&
2551				    continue
2552				slist="$slist $file"
2553			done
2554		fi
2555	done
2556}
2557
2558find_local_scripts_new() {
2559	local_rc=''
2560	for dir in ${local_startup}; do
2561		if [ -d "${dir}" ]; then
2562			for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do
2563				case "$file" in
2564				*.sample|*.pkgsave) ;;
2565				*)	if [ -x "$file" ]; then
2566						local_rc="${local_rc} ${file}"
2567					fi
2568					;;
2569				esac
2570			done
2571		fi
2572	done
2573}
2574
2575find_system_scripts() {
2576	system_rc=''
2577	for file in /etc/rc.d/*; do
2578		case "${file##*/}" in
2579		*.pkgsave) ;;
2580		*)	if [ -x "$file" ]; then
2581				system_rc="${system_rc} ${file}"
2582			fi
2583			;;
2584		esac
2585	done
2586}
2587
2588# check_required_{before|after} command
2589#	Check for things required by the command before and after its precmd,
2590#	respectively.  The two separate functions are needed because some
2591#	conditions should prevent precmd from being run while other things
2592#	depend on precmd having already been run.
2593#
2594check_required_before()
2595{
2596	local _f
2597
2598	case "$1" in
2599	start)
2600		for _f in $required_vars; do
2601			if ! checkyesno $_f; then
2602				warn "\$${_f} is not enabled."
2603				if [ -z "$rc_force" ]; then
2604					return 1
2605				fi
2606			fi
2607		done
2608
2609		for _f in $required_dirs; do
2610			if [ ! -d "${_f}/." ]; then
2611				warn "${_f} is not a directory."
2612				if [ -z "$rc_force" ]; then
2613					return 1
2614				fi
2615			fi
2616		done
2617
2618		for _f in $required_files; do
2619			if [ ! -r "${_f}" ]; then
2620				warn "${_f} is not readable."
2621				if [ -z "$rc_force" ]; then
2622					return 1
2623				fi
2624			fi
2625		done
2626		;;
2627	esac
2628
2629	return 0
2630}
2631
2632check_required_after()
2633{
2634	local _f _args
2635
2636	case "$1" in
2637	start)
2638		for _f in $required_modules; do
2639			case "${_f}" in
2640				*~*)	_args="-e ${_f#*~} ${_f%%~*}" ;;
2641				*:*)	_args="-m ${_f#*:} ${_f%%:*}" ;;
2642				*)	_args="${_f}" ;;
2643			esac
2644			if ! load_kld ${_args}; then
2645				if [ -z "$rc_force" ]; then
2646					return 1
2647				fi
2648			fi
2649		done
2650		;;
2651	esac
2652
2653	return 0
2654}
2655
2656# check_jail mib
2657#	Return true if security.jail.$mib exists and set to 1.
2658
2659check_jail()
2660{
2661	local _mib _v
2662
2663	_mib=$1
2664	if _v=$(${SYSCTL_N} "security.jail.$_mib" 2> /dev/null); then
2665		case $_v in
2666		1)	return 0;;
2667		esac
2668	fi
2669	return 1
2670}
2671
2672# check_kern_features mib
2673#	Return existence of kern.features.* sysctl MIB as true or
2674#	false.  The result will be cached in $_rc_cache_kern_features_
2675#	namespace.  "0" means the kern.features.X exists.
2676
2677check_kern_features()
2678{
2679	local _v
2680
2681	[ -n "$1" ] || return 1;
2682	eval _v=\$_rc_cache_kern_features_$1
2683	[ -n "$_v" ] && return "$_v";
2684
2685	if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then
2686		eval _rc_cache_kern_features_$1=0
2687		return 0
2688	else
2689		eval _rc_cache_kern_features_$1=1
2690		return 1
2691	fi
2692}
2693
2694# check_namevarlist var
2695#	Return "0" if ${name}_var is reserved in rc.subr.
2696
2697_rc_namevarlist="program chroot chdir env flags fib nice user group groups prepend setup"
2698check_namevarlist()
2699{
2700	local _v
2701
2702	for _v in $_rc_namevarlist; do
2703	case $1 in
2704	$_v)	return 0 ;;
2705	esac
2706	done
2707
2708	return 1
2709}
2710
2711# _echoonce var msg mode
2712#	mode=0: Echo $msg if ${$var} is empty.
2713#	        After doing echo, a string is set to ${$var}.
2714#
2715#	mode=1: Echo $msg if ${$var} is a string with non-zero length.
2716#
2717_echoonce()
2718{
2719	local _var _msg _mode
2720	eval _var=\$$1
2721	_msg=$2
2722	_mode=$3
2723
2724	case $_mode in
2725	1)	[ -n "$_var" ] && echo "$_msg" ;;
2726	*)	[ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;;
2727	esac
2728}
2729
2730# If the loader env variable rc.debug is set, turn on debugging. rc.conf will
2731# still override this, but /etc/defaults/rc.conf can't unconditionally set this
2732# since it would undo what we've done here.
2733if kenv -q rc.debug > /dev/null ; then
2734	rc_debug=YES
2735fi
2736
2737boottrace_cmd=`command -v boottrace`
2738if [ -n "$boottrace_cmd" ] && [ "`${SYSCTL_N} -q kern.boottrace.enabled`" = "1" ]; then
2739	rc_boottrace=YES
2740fi
2741
2742SED=${SED:-$(Exists -x /usr/bin/sed /rescue/sed)}
2743
2744# Allow for local additions and overrides.
2745# Use vdot to ensure the file has not been tampered with.
2746vdot /etc/local.rc.subr
2747
2748# Avoid noise - when we do not have /usr mounted,
2749# and we cannot use safe_dot without sed.
2750if ! have basename; then
2751	basename()
2752	{
2753		local b=${1%$2}
2754		echo ${b##*/}
2755	}
2756	tty()
2757	{
2758		return 0
2759	}
2760	# we cannot use safe_dot without sed
2761	[ -z "$SED" ] && _SAFE_EVAL_SH=:
2762fi
2763# safe_eval.sh provides safe_dot - for untrusted files
2764$_SAFE_EVAL_SH vdot /libexec/safe_eval.sh
2765$_DEBUG_SH vdot /libexec/debug.sh
2766
2767# Ensure we can still operate if debug.sh and
2768# safe_eval.sh are not found.
2769if have DebugOn; then
2770	# allow DEBUG_SH to be set from loader prompt
2771	DEBUG_SH=${DEBUG_SH:-$(kenv -q DEBUG_SH)}
2772else
2773	DebugOn() { return 0; }
2774	DebugOff() { return 0; }
2775fi
2776if ! have save_dot; then
2777	safe_dot() { dot "$@"; }
2778fi
2779