deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
another, unknown option.
Submitted by: Naoki Kobayashi <shibata@geo.titech.ac.jp> and
Harti Brandt <brandt@fokus.gmd.de>, respectively.
Pointy hat to: dd
getopt(3) (and can't be converted without breaking compatibility), and
it's very irritating to have it silently DTWT if one combines options
together (e.g., "-msS domain,server").
method anymore since the code inside the RPC library has changed too much.
Now that the clnt_dg module has the necessary code internally, we can yank
out the local method code and turn on the ASYNC hack with clnt_control().
This will make the -m flag work again.
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is consistant with the other
BSD's who made this change quite some time ago. More commits to come.
incorrect; returning NULL here means that the dispatcher won't send any
response back to the caller, which means the caller will sit there waiting
until it times out. I don't know how this ever worked before. The effect
is that using 'ypset foo' to get the local ypbind to change servers would
work, but would sit there hanging for a long time for no reason.
The test to see if a request struct had been assigned after looping
though the server list was bogus.
Submitted by: "Erik E. Rantapaa" <rantapaa@math.umn.edu>
The standard SunOS ypbind(8) (and, until now, the FreeBSD ypbind)
only selects servers based on whether or not they respond to clnt_broadcast().
Ypbind(8) broadcasts to the YPPROC_DOMAIN_NONACK procedure and waits
for answers; whichever server answers first is the one ypbind uses
for the local client binding.
This mechanism fails when binding across subnets is desired. In order
for a client on one subnet to bind to a server on another subnet, the
gateway(s) between the client and server must be configured to forward
broadcasts. If this is not possible, then a slave server must be
installed on the remote subnet. If this is also not possible, you
have to force the client to bind to the remote server with ypset(8).
Unfortunately, this last option is less than ideal. If the remote
server becomes unavailable, ypbind(8) will lose its binding and
revert to its broadcast-based search behavior. Even if there are
other servers available, or even if the original server comes back
up, ypbind(8) will not be able to create a new binding since all
the servers are on remote subnets where its broadcasts won't be heard.
If the administrator isn't around to run ypset(8) again, the system
is hosed.
In some Linux NIS implementations, there exists a yp.conf file where
you can explicitly specify a server address and avoid the use of
ypbind altogether. This is not desireable since it removes the
possibility of binding to an alternate server in the event that the
one specified in yp.conf crashes.
Some people have mentioned to me how they though the 'restricted mode'
operation (using the -S flag) could be used as a solution for this
problem since it allows one to specify a list of servers. In fact,
this is not the case: the -S flag just tells ypbind(8) that when it
listens for replies to its broadcasts, it should only honor them if
the replying hosts appear in the specified restricted list.
This behavior has now been changed. If you use the -m flag in conjunction
with the -S flag, ypbind(8) will use a 'many-cast' instead of a broadcast
for choosing a server. In many-cast mode, ypbind(8) will transmit directly
to the YPPROC_DOMAIN_NONACK procedure of all the servers specified in
the restricted mode list and then wait for a reply. As with the broadcast
method, whichever server from the list answers first is used for the
local binding. All other behavior is the same: ypbind(8) continues
to ping its bound server every 60 seconds to insure it's still alive
and will many-cast again if the server fails to respond. The code used
to achieve this is in yp_ping.c; it includes a couple of modified RPC
library routines.
Note that it is not possible to use this mechanism without using
the restricted list since we need to know the addresses of the available
NIS servers ahead of time in order to transmit to them.
Most-recently-requested by: Tom Samplonius
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
terminate(). This makes doubly sure we don't trip the SIGTERM handler
in a child process. Suggested by: phk.
- It's int main(argc, argv), not void main(argc, argv), gosh darn it.
- If a child receives a SIGTERM, it will call the terminate() function
and end up doing the shutdown procedurs that should really only be
done by the parent. Set the SIGTERM behavior back to SIG_DLT in the
child after fork()ing.
- If the parent fails to read data back from the child because the
child has exited, it will call rpc_received() with bogus tdata that
can cause the parent to SEGV. Make handle_children() detect this
condition correctly and handle it sanely.
*sigh* Another 2.2 candidate.
-S domainname,server1,server2,server3,...
The -S flag allows the system administrator to lock ypbind to a
particular domain and group of NIS servers. Up to ten servers can
be specified. There must not be any spaces between the commas in
the domain/server specification. This option is used to insure that
that the system binds only to one domain and only to one of the
specified servers, which is useful for systems that are both NIS
servers and NIS clients: it provides a way to restrict what ma-
chines the system can bind to without the need for specifying the
-ypset or -ypsetme options, which are often considered to be secu-
rity holes. The specified servers must have valid entries in the
local /etc/hosts file. IP addresses may be specified in place of
hostnames. If ypbind can't make sense ouf of the arguments, it will
ignore the -S flag and continue running normally.
Note that ypbind will consider the domainname specified with the -S
flag to be the system default domain.
(According to what Garrett showed me, OSF/1 actually only allows 4 servers
to be specified. Ten seemed to be a bit more reasonable to me.)
Suggested by: G. Wollman
Idea lifted from: OSF/1
actually had this done at one point and lost it somewhere along the
line. Again, this is an honest to gosh bug fix only: no functionality
is changed.
- After a child broadcaster process dies or is killed, set its dom_pipe_fds
descriptors to -1 so that the 'READFD > 0' test in the select() loop
does the right thing.
Since descriptor values can be re-used, failure to do this can lead
to a situation where a descriptor for an RPC socket can be mistaken for
a pipe. If this happens, RPC sockets could be incorrectly handed off to
handle_children(), which would then clear the descriptor from the select()
descriptor mask and prevent svc_getreqset() from handling them. The end
result would be that some RPC events would go unserviced. Curiously,
the failures only happen intermittently.
Rod, Jordan and David have more or less given me the OK on this
with the understanding that it doesn't change any functionality.
It doesn't: these are bug fixes only. No other part of the system
should be affected. Of course, since I'm the only one working on
NIS, you'll just have to take my word on it. :)
Fixes for the following annoyingly subtle bugs:
- ypbindproc_setdom_2 is supposed to be declared void *, not boot_t *,
and it fails to correctly signal failures back to the ypset(8) command:
we need to call one of the svcerr_*() functions (in this case,
svcerr_noprog() seems a logical choice -- we're really cheating
a bit here because nothing else quite fits) to tell ypset that the
attempt to set the binding for a domain failed. If we don't do this,
failed ypset attempts either appear (incorrectly) to succeed, or
they time out.
- The lock handling for child processes isn't quite right. The
child broadcaster processes have to release all locks on the
binding files and the ypbind.lock file.
- The parent ypbind process will SEGV if you do the following:
-- start ypbind with the -ypset or -ypsetme flag
-- type 'ypwhich -d random_unserved_domain'
-- type 'ypset -d random_unserved_domain anyhost'
-- type 'ypwhich -d random_unserved_domain' again
-- wait about 60 seconds
What happens is this: the ypwhich command causes ypbind to fork a
broadcaster process that searches for a server for random_unserved_domain.
If you then use ypset to force a binding while this process is still alive,
the state flags that tell the ypbind parent process that the child
is running will be cleared. The second ypwhich command then causes
a *second* child process to be forked for random_unserved_domain,
which is verbotten. When the first broadcaster exits and tells the
parent that it wasn't able to find a server for the domain, the parent
clobbers the entry for random_unserved_domain. Then the second broadcaster
exits and the same thing happens, only trying to clobber the entry
twice causes a SEGV.
The fix for this is a slight change in program structure: since we
can't have more than one broadcaster for a given domain at a time,
we save the pipe descriptors and pid for the child broadcaster in members
of the _dom_binding struct for the domain. (As a side effect, we
can get rid of the global child_fds variable.) So when rpc_received()
finds that it's been asked to do a ypset for a domain for which a
broadcaster process exists, it sends a SIGINT to the child to kill it
and closes the pipe to the now-dead child. This keeps everything in sync
and insures that we don't leak file descriptors.
- ping() should be using YPPROC_DOMAIN rather than YPPROC_DOMAIN_NONACK
when it does its clnt_call() to the server.
- Removed the check for client_handle == NULL in ping() and make
client_handle local to ping instead of a member of the _dom_binding
struct. This fixes another potential ypset problem: using ypset to
force a binding to a machine that has an NIS server but which *doesn't*
support the domain we're after can result in permanently bogus bindings.
- the 'server OK' message prints the wrong IP address.