Modify yp_mkdb so that it only checks for bogus '+' and '-' characters

in source input if the -f flag is used, and modify Makefile.yp to only
use -f for the passwd, master.passwd and group maps. These should be
the only ones for which the + and - characters have special meaning
that make it important for us to avoid letting them into any of the map
databases. In some cases (namely the automounter maps) we have to allow
at least the - character through in order to create the map properly.

This closes PR #8699.

usr.sbin/yp_mkdb/yp_mkdb.8

@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$Id: yp_mkdb.8,v 1.7 1997/10/27 12:29:24 charnier Exp $
+.\"	$Id: yp_mkdb.8,v 1.8 1998/03/23 08:30:19 charnier Exp $
 .\"
 .Dd March 12, 1996
 .Dt YP_MKDB 8
@@ -45,6 +45,7 @@
 .Op Fl c
 .Op Fl b
 .Op Fl s
+.Op Fl f
 .Op Fl i Ar inputfile
 .Op Fl o Ar outputfile
 .Op Fl d Ar domainname
@@ -129,6 +130,22 @@ will deny access to the map to any client that is not using a
 reserved port for its query. This is used mainly for the
 .Em master.passwd
 maps, which should be restricted to privileged access only.
+.It Fl f
+This flag is used to turn on filtering of lines in the source file
+input that start with ``+'' or ``-'' characters. These characters
+have special meaning for the
+.Pa group ,
+.Pa passwd
+and
+.Pa master.passwd
+maps and hence should not be allowed to appear in them as the first
+character of a key or datum. If the
+.Fl f
+flag is used,
+.Nm
+will reject any source line that starts with a ``+'' or ``-''
+character and issue a warning message displaying the line that
+was dropped.
 .It Fl u Ar dbname
 Dump (or 'unwind') an NIS database. This option can be used to
 inspect the contents of an existing NIS database.

usr.sbin/yp_mkdb/yp_mkdb.c

@@ -32,7 +32,7 @@
 
 #ifndef lint
 static const char rcsid[] =
-	"$Id$";
+	"$Id: yp_mkdb.c,v 1.8 1997/10/27 12:29:25 charnier Exp $";
 #endif /* not lint */
 
 #include <err.h>
@@ -60,7 +60,7 @@ static void usage()
 	fprintf(stderr, "%s\n%s\n%s\n%s\n",
 	"usage: yp_mkdb -c",
 	"       yp_mkdb -u dbname",
-	"       yp_mkdb [-c] [-b] [-s] [-i inputfile] [-o outputfile]",
+	"       yp_mkdb [-c] [-b] [-s] [-f] [-i inputfile] [-o outputfile]",
 	"               [-d domainname ] [-m mastername] inputfile dbname");
 	exit(1);
 }
@@ -102,6 +102,7 @@ int main (argc, argv)
 	int ch;
 	int un = 0;
 	int clear = 0;
+	int filter_plusminus = 0;
 	char *infile = NULL;
 	char *map = NULL;
 	char *domain = NULL;
@@ -117,8 +118,11 @@ int main (argc, argv)
 	FILE *ifp;
 	char hname[MAXHOSTNAMELEN + 2];
 
-	while ((ch = getopt(argc, argv, "uhcbsd:i:o:m:")) != -1) {
+	while ((ch = getopt(argc, argv, "uhcbsdf:i:o:m:")) != -1) {
 		switch(ch) {
+		case 'f':
+			filter_plusminus++;
+			break;
 		case 'u':
 			un++;
 			break;
@@ -278,10 +282,13 @@ int main (argc, argv)
 			datbuf++;
 
 		/* Check for silliness. */
-		if  (*keybuf == '+' || *keybuf == '-' ||
-		     *datbuf == '+' || *datbuf == '-') {
-			warnx("bad character at start of line: %s", buf);
-			continue;
+		if (filter_plusminus) {
+			if  (*keybuf == '+' || *keybuf == '-' ||
+			     *datbuf == '+' || *datbuf == '-') {
+				warnx("bad character at "
+				    "start of line: %s", buf);
+				continue;
+			}
 		}
 
 		if (strlen(keybuf) > YPMAXRECORD) {

usr.sbin/ypserv/Makefile.yp

@@ -1,7 +1,7 @@
 #
 # Makefile for the NIS databases
 #
-# $Id: Makefile.yp,v 1.25 1998/07/22 06:01:13 phk Exp $
+# $Id: Makefile.yp,v 1.26 1999/06/24 17:19:35 n_hibma Exp $
 #
 # This Makefile should only be run on the NIS master server of a domain.
 # All updated maps will be pushed to all NIS slave servers listed in the
@@ -479,7 +479,7 @@ passwd.byname: $(PASSWD)
 	@echo "Updating $@..."
 	$(CAT) $(PASSWD) | \
 	$(AWK) -F: '{ if ($$1 != "+") print $$1"\t"$$0 }' $^ \
-		| $(DBLOAD) -i $(PASSWD) -o $(YPMAPDIR)/$@ - $(TMP); \
+		| $(DBLOAD) -f -i $(PASSWD) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
 	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@@ -490,7 +490,7 @@ passwd.byuid: $(PASSWD)
 	@echo "Updating $@..."
 	$(CAT) $(PASSWD) | \
 	$(AWK) -F: '{ if ($$1 != "+") print $$3"\t"$$0 }' $^ \
-		| $(DBLOAD) -i $(PASSWD) -o $(YPMAPDIR)/$@ - $(TMP); \
+		| $(DBLOAD) -f -i $(PASSWD) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
 	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@@ -502,7 +502,7 @@ group.byname: $(GROUP)
 	@echo "Updating $@..."
 	$(CAT) $(GROUP) | \
 	$(AWK) -F: '{ if ($$1 != "+") print $$1"\t"$$0 }' $^ \
-		| $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $(TMP); \
+		| $(DBLOAD) -f -i $(GROUP) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
 	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@@ -513,7 +513,7 @@ group.bygid: $(GROUP)
 	@echo "Updating $@..."
 	$(CAT) $(GROUP) | \
 	$(AWK) -F: '{ if ($$1 != "+") print $$3"\t"$$0 }' $^ \
-		| $(DBLOAD) -i $(GROUP) -o $(YPMAPDIR)/$@ - $(TMP); \
+		| $(DBLOAD) -f -i $(GROUP) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
 	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@@ -538,7 +538,7 @@ master.passwd.byname: $(MASTER)
 .else
 	$(CAT) $(MASTER) | \
 	$(AWK) -F: '{ if ($$1 != "+") print $$1"\t"$$0 }' $^ \
-		| $(DBLOAD) ${S} -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
+		| $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
 	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi
@@ -553,7 +553,7 @@ master.passwd.byuid: $(MASTER)
 .else
 	$(CAT) $(MASTER) | \
 	$(AWK) -F: '{ if ($$1 != "+") print $$3"\t"$$0 }' $^ \
-		| $(DBLOAD) ${S} -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
+		| $(DBLOAD) ${S} -f -i $(MASTER) -o $(YPMAPDIR)/$@ - $(TMP); \
 		$(RMV) $(TMP) $@
 	@$(DBLOAD) -c
 	@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOMAIN) $@; fi