Typos in man page. Cosmetics in error strings.
This commit is contained in:
parent
0fe7ca3165
commit
988345234d
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=30827
@ -31,6 +31,11 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <rpc/rpc.h>
|
||||
#include <rpcsvc/yp.h>
|
||||
@ -52,10 +57,6 @@
|
||||
#include "tcpd.h"
|
||||
#endif
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id$";
|
||||
#endif
|
||||
|
||||
extern int debug;
|
||||
|
||||
/* NIS v1 */
|
||||
@ -241,11 +242,11 @@ int yp_access(map, rqstp)
|
||||
rqhost = svc_getcaller(rqstp->rq_xprt);
|
||||
|
||||
if (debug) {
|
||||
yp_error("Procedure %s called from %s:%d", yp_procedure,
|
||||
yp_error("procedure %s called from %s:%d", yp_procedure,
|
||||
inet_ntoa(rqhost->sin_addr),
|
||||
ntohs(rqhost->sin_port));
|
||||
if (map != NULL)
|
||||
yp_error("Client is referencing map \"%s\".", map);
|
||||
yp_error("client is referencing map \"%s\".", map);
|
||||
}
|
||||
|
||||
/* Check the map name if one was supplied. */
|
||||
@ -267,14 +268,14 @@ possible spoof attempt from %s:%d",
|
||||
(rqstp->rq_prog == YPXFRD_FREEBSD_PROG &&
|
||||
rqstp->rq_proc == YPXFRD_GETMAP)) &&
|
||||
ntohs(rqhost->sin_port) >= IPPORT_RESERVED) {
|
||||
yp_error("Access to %s denied -- client %s:%d \
|
||||
yp_error("access to %s denied -- client %s:%d \
|
||||
not privileged", map, inet_ntoa(rqhost->sin_addr), ntohs(rqhost->sin_port));
|
||||
return(1);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef TCP_WRAPPER
|
||||
status = hosts_ctl(progname, STRING_UNKNOWN,
|
||||
status = hosts_ctl("ypserv", STRING_UNKNOWN,
|
||||
inet_ntoa(rqhost->sin_addr), "");
|
||||
#else
|
||||
tmp = securenets;
|
||||
|
@ -28,27 +28,26 @@
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <fcntl.h>
|
||||
#include <string.h>
|
||||
#include <limits.h>
|
||||
#include <unistd.h>
|
||||
#include <db.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <errno.h>
|
||||
#include <paths.h>
|
||||
#include <rpcsvc/yp.h>
|
||||
#include "yp_extern.h"
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id$";
|
||||
#endif
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <db.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <paths.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <rpcsvc/yp.h>
|
||||
#include "yp_extern.h"
|
||||
|
||||
int ypdb_debug = 0;
|
||||
enum ypstat yp_errno = YP_TRUE;
|
||||
@ -106,15 +105,13 @@ static struct circleq_entry *yp_malloc_qent()
|
||||
|
||||
q = (struct circleq_entry *)malloc(sizeof(struct circleq_entry));
|
||||
if (q == NULL) {
|
||||
yp_error("failed to malloc() circleq entry: %s",
|
||||
strerror(errno));
|
||||
yp_error("failed to malloc() circleq entry");
|
||||
return(NULL);
|
||||
}
|
||||
bzero((char *)q, sizeof(struct circleq_entry));
|
||||
q->dbptr = (struct dbent *)malloc(sizeof(struct dbent));
|
||||
if (q->dbptr == NULL) {
|
||||
yp_error("failed to malloc() circleq entry: %s",
|
||||
strerror(errno));
|
||||
yp_error("failed to malloc() circleq entry");
|
||||
free(q);
|
||||
return(NULL);
|
||||
}
|
||||
@ -480,7 +477,7 @@ int yp_get_record(domain,map,key,data,allow)
|
||||
#endif
|
||||
|
||||
if (ypdb_debug)
|
||||
yp_error("Looking up key [%.*s]",
|
||||
yp_error("looking up key [%.*s]",
|
||||
key->size, key->data);
|
||||
|
||||
/*
|
||||
@ -510,7 +507,7 @@ int yp_get_record(domain,map,key,data,allow)
|
||||
}
|
||||
|
||||
if (ypdb_debug)
|
||||
yp_error("Result of lookup: key: [%.*s] data: [%.*s]",
|
||||
yp_error("result of lookup: key: [%.*s] data: [%.*s]",
|
||||
key->size, key->data, data->size, data->data);
|
||||
|
||||
#ifdef DB_CACHE
|
||||
@ -539,7 +536,7 @@ int yp_first_record(dbp,key,data,allow)
|
||||
#endif
|
||||
|
||||
if (ypdb_debug)
|
||||
yp_error("Retrieving first key in map.");
|
||||
yp_error("retrieving first key in map");
|
||||
|
||||
if ((rval = (dbp->seq)(dbp,key,data,R_FIRST)) != 0) {
|
||||
#ifdef DB_CACHE
|
||||
@ -565,7 +562,7 @@ int yp_first_record(dbp,key,data,allow)
|
||||
}
|
||||
|
||||
if (ypdb_debug)
|
||||
yp_error("Result of lookup: key: [%.*s] data: [%.*s]",
|
||||
yp_error("result of lookup: key: [%.*s] data: [%.*s]",
|
||||
key->size, key->data, data->size, data->data);
|
||||
|
||||
#ifdef DB_CACHE
|
||||
@ -610,7 +607,7 @@ int yp_next_record(dbp,key,data,all,allow)
|
||||
}
|
||||
|
||||
if (ypdb_debug)
|
||||
yp_error("Retreiving next key, previous was: [%.*s]",
|
||||
yp_error("retrieving next key, previous was: [%.*s]",
|
||||
key->size, key->data);
|
||||
|
||||
if (!all) {
|
||||
@ -649,7 +646,7 @@ int yp_next_record(dbp,key,data,all,allow)
|
||||
}
|
||||
|
||||
if (ypdb_debug)
|
||||
yp_error("Result of lookup: key: [%.*s] data: [%.*s]",
|
||||
yp_error("result of lookup: key: [%.*s] data: [%.*s]",
|
||||
key->size, key->data, data->size, data->data);
|
||||
|
||||
#ifdef DB_CACHE
|
||||
|
@ -28,10 +28,13 @@
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: yp_dnslookup.c,v 1.11 1997/07/27 03:41:53 wpaul Exp $
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
* Do standard and reverse DNS lookups using the resolver library.
|
||||
* Take care of all the dirty work here so the main program only has to
|
||||
@ -51,23 +54,18 @@
|
||||
#include <arpa/inet.h>
|
||||
#include <arpa/nameser.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
#include <resolv.h>
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <err.h>
|
||||
#include <resolv.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <rpcsvc/yp.h>
|
||||
#include "yp_extern.h"
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id: yp_dnslookup.c,v 1.11 1997/07/27 03:41:53 wpaul Exp $";
|
||||
#endif
|
||||
|
||||
static char *parse(hp)
|
||||
struct hostent *hp;
|
||||
{
|
||||
@ -147,8 +145,7 @@ static struct circleq_dnsentry *yp_malloc_dnsent()
|
||||
q = (struct circleq_dnsentry *)malloc(sizeof(struct circleq_dnsentry));
|
||||
|
||||
if (q == NULL) {
|
||||
yp_error("failed to malloc() circleq dns entry: %s",
|
||||
strerror(errno));
|
||||
yp_error("failed to malloc() circleq dns entry");
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
@ -266,13 +263,13 @@ static void yp_send_dns_reply(q, buf)
|
||||
xdrfunc = (xdrproc_t)xdr_ypresponse;
|
||||
break;
|
||||
default:
|
||||
yp_error("Bad YP program version (%lu)!",q->ypvers);
|
||||
yp_error("bad YP program version (%lu)!", q->ypvers);
|
||||
return;
|
||||
break;
|
||||
}
|
||||
|
||||
if (debug)
|
||||
yp_error("Sending dns reply to %s (%lu)",
|
||||
yp_error("sending dns reply to %s (%lu)",
|
||||
inet_ntoa(q->client_addr.sin_addr), q->id);
|
||||
/*
|
||||
* XXX This is disgusting. There's basically one transport
|
||||
@ -352,7 +349,7 @@ void yp_run_dnsq()
|
||||
struct hostent *hent;
|
||||
|
||||
if (debug)
|
||||
yp_error("Running dns queue");
|
||||
yp_error("running dns queue");
|
||||
|
||||
bzero(buf, sizeof(buf));
|
||||
|
||||
@ -380,7 +377,7 @@ void yp_run_dnsq()
|
||||
}
|
||||
|
||||
if (debug)
|
||||
yp_error("Got dns reply from %s", inet_ntoa(sin.sin_addr));
|
||||
yp_error("got dns reply from %s", inet_ntoa(sin.sin_addr));
|
||||
|
||||
hent = __dns_getanswer(buf, rval, q->name, q->type);
|
||||
|
||||
@ -395,7 +392,7 @@ void yp_run_dnsq()
|
||||
snprintf(retrybuf, sizeof(retrybuf), "%s.%s",
|
||||
q->name, *q->domain);
|
||||
if (debug)
|
||||
yp_error("Retrying with: %s", retrybuf);
|
||||
yp_error("retrying with: %s", retrybuf);
|
||||
q->id = yp_send_dns_query(retrybuf, q->type);
|
||||
q->ttl = DEF_TTL;
|
||||
q->domain++;
|
||||
@ -472,7 +469,7 @@ ypstat yp_async_lookup_name(rqstp, name)
|
||||
pending++;
|
||||
|
||||
if (debug)
|
||||
yp_error("Queueing async DNS name lookup (%d)", q->id);
|
||||
yp_error("queueing async DNS name lookup (%d)", q->id);
|
||||
|
||||
yp_prune_dnsq();
|
||||
return(YP_TRUE);
|
||||
@ -537,7 +534,7 @@ ypstat yp_async_lookup_addr(rqstp, addr)
|
||||
pending++;
|
||||
|
||||
if (debug)
|
||||
yp_error("Queueing async DNS address lookup (%d)", q->id);
|
||||
yp_error("queueing async DNS address lookup (%d)", q->id);
|
||||
|
||||
yp_prune_dnsq();
|
||||
return(YP_TRUE);
|
||||
|
@ -30,21 +30,21 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
* error logging/reporting facilities
|
||||
* stolen from /usr/libexec/mail.local via ypserv
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
#include <syslog.h>
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id$";
|
||||
#endif
|
||||
|
||||
int debug;
|
||||
extern int _rpcpmstart;
|
||||
|
||||
|
@ -29,15 +29,16 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
* $Id: yp_extern.h,v 1.11 1997/02/22 16:15:11 peter Exp $
|
||||
*/
|
||||
|
||||
#include <db.h>
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/cdefs.h>
|
||||
#include <sys/types.h>
|
||||
#include <limits.h>
|
||||
#include <db.h>
|
||||
#include <rpc/rpc.h>
|
||||
#include <rpcsvc/yp.h>
|
||||
|
||||
|
@ -28,10 +28,13 @@
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id: yp_main.c,v 1.14 1997/02/22 16:15:12 peter Exp $
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
* ypserv startup function.
|
||||
* We need out own main() since we have to do some additional work
|
||||
@ -40,34 +43,31 @@
|
||||
*/
|
||||
|
||||
#include "yp.h"
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <memory.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h> /* getenv, exit */
|
||||
#include <rpc/pmap_clnt.h> /* for pmap_unset */
|
||||
#include <string.h> /* strcmp */
|
||||
#include <signal.h>
|
||||
#include <stdlib.h> /* getenv, exit */
|
||||
#include <string.h> /* strcmp */
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
#include <rpc/pmap_clnt.h> /* for pmap_unset */
|
||||
#include <sys/ttycom.h> /* TIOCNOTTY */
|
||||
#ifdef __cplusplus
|
||||
#include <sysent.h> /* getdtablesize, open */
|
||||
#endif /* __cplusplus */
|
||||
#include <memory.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <syslog.h>
|
||||
#include <sys/wait.h>
|
||||
#include "yp_extern.h"
|
||||
#include <unistd.h>
|
||||
#include <rpc/rpc.h>
|
||||
#include <errno.h>
|
||||
#include <err.h>
|
||||
|
||||
#ifndef SIG_PF
|
||||
#define SIG_PF void(*)(int)
|
||||
#endif
|
||||
|
||||
#define _RPCSVC_CLOSEDOWN 120
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id: yp_main.c,v 1.14 1997/02/22 16:15:12 peter Exp $";
|
||||
#endif /* not lint */
|
||||
int _rpcpmstart; /* Started by a port monitor ? */
|
||||
static int _rpcfdtype;
|
||||
/* Whether Stream or Datagram ? */
|
||||
@ -94,7 +94,7 @@ void _msgout(char* msg)
|
||||
if (_rpcpmstart)
|
||||
syslog(LOG_ERR, msg);
|
||||
else
|
||||
(void) fprintf(stderr, "%s\n", msg);
|
||||
warnx("%s", msg);
|
||||
} else
|
||||
syslog(LOG_ERR, msg);
|
||||
}
|
||||
@ -132,7 +132,7 @@ yp_svc_run()
|
||||
if (errno == EINTR) {
|
||||
continue;
|
||||
}
|
||||
perror("svc_run: - select failed");
|
||||
warn("svc_run: - select failed");
|
||||
return;
|
||||
case 0:
|
||||
yp_prune_dnsq();
|
||||
@ -179,7 +179,7 @@ static void reaper(sig)
|
||||
|
||||
static void usage()
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [-h] [-d] [-n] [-p path]\n", progname);
|
||||
fprintf(stderr, "usage: ypserv [-h] [-d] [-n] [-p path]\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -213,6 +213,7 @@ closedown(int sig)
|
||||
(void) alarm(_RPCSVC_CLOSEDOWN/2);
|
||||
}
|
||||
|
||||
int
|
||||
main(argc, argv)
|
||||
int argc;
|
||||
char *argv[];
|
||||
@ -257,13 +258,13 @@ main(argc, argv)
|
||||
sock = 0;
|
||||
_rpcpmstart = 1;
|
||||
proto = 0;
|
||||
openlog(progname, LOG_PID, LOG_DAEMON);
|
||||
openlog("ypserv", LOG_PID, LOG_DAEMON);
|
||||
} else {
|
||||
if (!debug) {
|
||||
if (daemon(0,0)) {
|
||||
err(1,"cannot fork");
|
||||
}
|
||||
openlog(progname, LOG_PID, LOG_DAEMON);
|
||||
openlog("ypserv", LOG_PID, LOG_DAEMON);
|
||||
}
|
||||
sock = RPC_ANYSOCK;
|
||||
(void) pmap_unset(YPPROG, YPVERS);
|
||||
@ -273,17 +274,17 @@ main(argc, argv)
|
||||
if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_DGRAM)) {
|
||||
transp = svcudp_create(sock);
|
||||
if (transp == NULL) {
|
||||
_msgout("cannot create udp service.");
|
||||
_msgout("cannot create udp service");
|
||||
exit(1);
|
||||
}
|
||||
if (!_rpcpmstart)
|
||||
proto = IPPROTO_UDP;
|
||||
if (!svc_register(transp, YPPROG, YPOLDVERS, ypprog_1, proto)) {
|
||||
_msgout("unable to register (YPPROG, YPOLDVERS, udp).");
|
||||
_msgout("unable to register (YPPROG, YPOLDVERS, udp)");
|
||||
exit(1);
|
||||
}
|
||||
if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, proto)) {
|
||||
_msgout("unable to register (YPPROG, YPVERS, udp).");
|
||||
_msgout("unable to register (YPPROG, YPVERS, udp)");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
@ -291,17 +292,17 @@ main(argc, argv)
|
||||
if ((_rpcfdtype == 0) || (_rpcfdtype == SOCK_STREAM)) {
|
||||
transp = svctcp_create(sock, 0, 0);
|
||||
if (transp == NULL) {
|
||||
_msgout("cannot create tcp service.");
|
||||
_msgout("cannot create tcp service");
|
||||
exit(1);
|
||||
}
|
||||
if (!_rpcpmstart)
|
||||
proto = IPPROTO_TCP;
|
||||
if (!svc_register(transp, YPPROG, YPOLDVERS, ypprog_1, proto)) {
|
||||
_msgout("unable to register (YPPROG, YPOLDVERS, tcp).");
|
||||
_msgout("unable to register (YPPROG, YPOLDVERS, tcp)");
|
||||
exit(1);
|
||||
}
|
||||
if (!svc_register(transp, YPPROG, YPVERS, ypprog_2, proto)) {
|
||||
_msgout("unable to register (YPPROG, YPVERS, tcp).");
|
||||
_msgout("unable to register (YPPROG, YPVERS, tcp)");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
@ -31,23 +31,24 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
#include "yp.h"
|
||||
#include "yp_extern.h"
|
||||
#include <stdlib.h>
|
||||
#include <dirent.h>
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/param.h>
|
||||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <rpc/rpc.h>
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id: yp_server.c,v 1.22 1997/04/28 14:18:38 wpaul Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
int forked = 0;
|
||||
int children = 0;
|
||||
|
||||
@ -167,7 +168,7 @@ ypproc_match_2_svc(ypreq_key *argp, struct svc_req *rqstp)
|
||||
nbuf[argp->key.keydat_len] = '\0';
|
||||
|
||||
if (debug)
|
||||
yp_error("Doing DNS lookup of %s", nbuf);
|
||||
yp_error("doing DNS lookup of %s", nbuf);
|
||||
|
||||
if (!strcmp(argp->map, "hosts.byname"))
|
||||
result.stat = yp_async_lookup_name(rqstp, nbuf);
|
||||
@ -664,7 +665,7 @@ static struct ypmaplist *yp_maplist_create(domain)
|
||||
continue;
|
||||
if ((cur = (struct ypmaplist *)
|
||||
malloc(sizeof(struct ypmaplist))) == NULL) {
|
||||
yp_error("malloc() failed: %s",strerror(errno));
|
||||
yp_error("malloc() failed");
|
||||
closedir(dird);
|
||||
yp_maplist_free(yp_maplist);
|
||||
return(NULL);
|
||||
|
@ -28,17 +28,16 @@
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
"$Id$";
|
||||
#endif /* not lint */
|
||||
|
||||
#include <rpc/rpc.h>
|
||||
#include "yp_extern.h"
|
||||
|
||||
#ifndef lint
|
||||
static const char rcsid[] = "$Id$";
|
||||
#endif
|
||||
|
||||
/*
|
||||
* XXX Must not diverge from what's in src/lib/libc/rpc/svc_udp.c
|
||||
*/
|
||||
|
@ -28,7 +28,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $Id: ypserv.8,v 1.11 1997/02/22 16:15:14 peter Exp $
|
||||
.\" $Id: ypserv.8,v 1.12 1997/04/15 07:41:10 jmg Exp $
|
||||
.\"
|
||||
.Dd February 4, 1995
|
||||
.Dt YPSERV 8
|
||||
@ -51,16 +51,21 @@ such as
|
||||
.Pa /etc/passwd
|
||||
and
|
||||
.Pa /etc/group ,
|
||||
which tend to require frequent changes in most environments, NIS
|
||||
which tend to require frequent changes in most environments,
|
||||
.Tn NIS
|
||||
allows groups of computers to share one set of data which can be
|
||||
updated from a single location.
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
program is the server that distributes NIS databases
|
||||
to client systems within an NIS
|
||||
program is the server that distributes
|
||||
.Tn NIS
|
||||
databases to client systems within an
|
||||
.Tn NIS
|
||||
.Em domain .
|
||||
Each client in an NIS domain must have its domainname set to
|
||||
Each client in an
|
||||
.Tn NIS
|
||||
domain must have its domainname set to
|
||||
one of the domains served by
|
||||
.Nm
|
||||
using the
|
||||
@ -68,7 +73,9 @@ using the
|
||||
command. The clients must also run
|
||||
.Xr ypbind 8
|
||||
in order to attach to a particular server, since it is possible to
|
||||
have several servers within a single NIS domain.
|
||||
have several servers within a single
|
||||
.Tn NIS
|
||||
domain.
|
||||
.Pp
|
||||
The databases distributed by
|
||||
.Nm
|
||||
@ -89,8 +96,9 @@ are created by
|
||||
using several system files as source. The database files are in
|
||||
.Xr db 3
|
||||
format to help speed retrieval when there are many records involved.
|
||||
In FreeBSD, the
|
||||
maps are always readable and writable only by root for security
|
||||
In
|
||||
.Bx Free ,
|
||||
the maps are always readable and writable only by root for security
|
||||
reasons. Technically this is only necessary for the password
|
||||
maps, but since the data in the other maps can be found in
|
||||
other world-readable files anyway, it doesn't hurt and it's considered
|
||||
@ -99,18 +107,25 @@ good general practice.
|
||||
The
|
||||
.Nm
|
||||
program is started by
|
||||
.Pa /etc/rc
|
||||
.Pa /etc/rc.network
|
||||
if it has been enabled in
|
||||
.Pa /etc/sysconfig .
|
||||
.Pa /etc/rc.conf .
|
||||
.Sh SPECIAL FEATURES
|
||||
There are some problems associated with distributing FreeBSD's password
|
||||
database via NIS: FreeBSD normally only stores encrypted passwords
|
||||
database via
|
||||
.Tn NIS Ns :
|
||||
.Bx Free
|
||||
normally only stores encrypted passwords
|
||||
in
|
||||
.Pa /etc/master.passwd ,
|
||||
which is readable and writable only by root. By turning this file
|
||||
into an NIS map, this security feature would be completely defeated.
|
||||
into an
|
||||
.Tn NIS
|
||||
map, this security feature would be completely defeated.
|
||||
.Pp
|
||||
To make up for this, the FreeBSD version of
|
||||
To make up for this, the
|
||||
.Bx Free
|
||||
version of
|
||||
.Nm
|
||||
handles the
|
||||
.Pa master.passwd.byname
|
||||
@ -126,7 +141,9 @@ Any requests made by non-privileged users are therefore rejected.
|
||||
.Pp
|
||||
Furthermore, the
|
||||
.Xr getpwent 3
|
||||
routines in FreeBSD's standard C libarary will only attempt to retrieve
|
||||
routines in
|
||||
.Bx Free Ns 's
|
||||
standard C library will only attempt to retrieve
|
||||
data from the
|
||||
.Pa master.passwd.byname
|
||||
and
|
||||
@ -144,11 +161,13 @@ file and stripping out the password fields, and are therefore
|
||||
safe to pass on to unprivileged users. In this way, the shadow password
|
||||
aspect of the protected
|
||||
.Pa master.passwd
|
||||
database is maintained through NIS.
|
||||
database is maintained through
|
||||
.Tn NIS .
|
||||
.Pp
|
||||
.Sh NOTES
|
||||
.Ss Limitations
|
||||
There are two problems inherent with password shadowing in NIS
|
||||
There are two problems inherent with password shadowing in
|
||||
.Tn NIS
|
||||
that users should
|
||||
be aware of:
|
||||
.Bl -enum -offset indent
|
||||
@ -159,7 +178,11 @@ test is trivial to defeat for users with
|
||||
unrestricted access to machines on your network (even those machines
|
||||
which do not run UNIX-based operating systems).
|
||||
.It
|
||||
If you plan to use a FreeBSD system to serve non-FreeBSD clients that
|
||||
If you plan to use a
|
||||
.Bx Free
|
||||
system to serve
|
||||
.Bx non-Free
|
||||
clients that
|
||||
have no support for password shadowing (which is most of them), you
|
||||
will have to disable the password shadowing entirely by uncommenting the
|
||||
.Em UNSECURE=True
|
||||
@ -170,14 +193,19 @@ This will cause the standard
|
||||
and
|
||||
.Pa passwd.byuid
|
||||
maps to be generated with valid encrypted password fields, which is
|
||||
neccesary in order for non-FreeBSD clients to perform user
|
||||
authentication through NIS.
|
||||
necessary in order for
|
||||
.Bx non-Free
|
||||
clients to perform user
|
||||
authentication through
|
||||
.Tn NIS .
|
||||
.El
|
||||
.Pp
|
||||
.Ss Security
|
||||
In general, any remote user can issue an RPC to
|
||||
.Nm
|
||||
and retrieve the contents of your NIS maps, provided the remote user
|
||||
and retrieve the contents of your
|
||||
.Tn NIS
|
||||
maps, provided the remote user
|
||||
knows your domain name. To prevent such unauthorized transactions,
|
||||
.Nm
|
||||
supports a feature called
|
||||
@ -227,7 +255,9 @@ program also has support for Wietse Venema's
|
||||
package, though it is not compiled in by default since
|
||||
the
|
||||
.Em tcpwrapper
|
||||
package is not distributed with FreeBSD. However, if you have
|
||||
package is not distributed with
|
||||
.Bx Free .
|
||||
However, if you have
|
||||
.Pa libwrap.a
|
||||
and
|
||||
.Pa tcpd.h ,
|
||||
@ -250,27 +280,37 @@ attacks.
|
||||
.Ss NIS v1 compatibility
|
||||
This version of
|
||||
.Nm
|
||||
has some support for serving NIS v1 clients. FreeBSD's NIS
|
||||
implementation only uses the NIS v2 protocol, however other implementations
|
||||
has some support for serving
|
||||
.Tn NIS
|
||||
v1 clients.
|
||||
.Bx Free Ns 's
|
||||
.Tn NIS
|
||||
implementation only uses the
|
||||
.Tn NIS
|
||||
v2 protocol, however other implementations
|
||||
include support for the v1 protocol for backwards compatibility
|
||||
with older systems. The
|
||||
.Xr ypbind 8
|
||||
daemons supplied with these systems will try to establish a binding
|
||||
to an NIS v1
|
||||
server even though they may never actually need it (and they may
|
||||
to an
|
||||
.Tn NIS
|
||||
v1 server even though they may never actually need it (and they may
|
||||
persist in broadcasting in search of one even after they receive a
|
||||
response from a v2 server). Note that while
|
||||
support for normal client calls is provided, this version of
|
||||
.Nm
|
||||
does not handle v1 map transfer requests; consequently, it can not
|
||||
be used as a master or slave in conjunction with older NIS servers that
|
||||
be used as a master or slave in conjunction with older
|
||||
.Tn NIS
|
||||
servers that
|
||||
only support the v1 protocol. Fortunately, there probably aren't any
|
||||
such servers still in use today.
|
||||
.Ss NIS servers that are also NIS clients
|
||||
Care must be taken when running
|
||||
.Nm
|
||||
in a multi-server domain where the server machines are also
|
||||
NIS clients. It is generally a good idea to force the servers to
|
||||
.Tn NIS
|
||||
clients. It is generally a good idea to force the servers to
|
||||
bind to themselves rather than allowing them to broadcast bind
|
||||
requests and possibly become bound to each other: strange failure
|
||||
modes can result if one server goes down and
|
||||
@ -311,12 +351,18 @@ succeeded.
|
||||
.Pp
|
||||
This feature is provided for compatiblity with SunOS 4.1.x,
|
||||
which has brain-damaged resolver functions in its standard C
|
||||
library that depend on NIS for hostname and address resolution.
|
||||
FreeBSD's resolver can be configured to do DNS
|
||||
library that depend on
|
||||
.Tn NIS
|
||||
for hostname and address resolution.
|
||||
.Bx Free Ns 's
|
||||
resolver can be configured to do DNS
|
||||
queries directly, therefore it is not necessary to enable this
|
||||
option when serving only FreeBSD NIS clients.
|
||||
option when serving only
|
||||
.Bx Free
|
||||
.Tn NIS
|
||||
clients.
|
||||
.It Fl d
|
||||
Causes the server to run in debugging mode. Normally,
|
||||
Cause the server to run in debugging mode. Normally,
|
||||
.Nm
|
||||
reports only unusual errors (access violations, file access failures)
|
||||
using the
|
||||
@ -334,22 +380,28 @@ a debugging tool.
|
||||
.It Fl p Ar path
|
||||
Normally,
|
||||
.Nm
|
||||
assumes that all NIS maps are stored under
|
||||
assumes that all
|
||||
.Tn NIS
|
||||
maps are stored under
|
||||
.Pa /var/yp .
|
||||
The
|
||||
.Fl p
|
||||
flag may be used to specify an alternate NIS root path, allowing
|
||||
flag may be used to specify an alternate
|
||||
.Tn NIS
|
||||
root path, allowing
|
||||
the system administrator to move the map files to a different place
|
||||
within the filesystem.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Pa -compact
|
||||
.It Pa /var/yp/[domainname]/[maps]
|
||||
The NIS maps.
|
||||
the
|
||||
.Tn NIS
|
||||
maps
|
||||
.It Pa /etc/host.conf
|
||||
Resolver configuration file.
|
||||
resolver configuration file
|
||||
.It Pa /var/yp/securenets
|
||||
Host access control file
|
||||
host access control file
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr ypcat 1 ,
|
||||
@ -360,7 +412,7 @@ Host access control file
|
||||
.Xr yppush 8 ,
|
||||
.Xr ypxfr 8
|
||||
.Sh AUTHOR
|
||||
Bill Paul <wpaul@ctr.columbia.edu>
|
||||
.An Bill Paul Aq wpaul@ctr.columbia.edu
|
||||
.Sh HISTORY
|
||||
This version of
|
||||
.Nm
|
||||
|
Loading…
Reference in New Issue
Block a user