Commit Graph

5 Commits

Author SHA1 Message Date
Bill Paul
4451976029 Add support for handling the YP_SECURE and YP_INTERDOMAIN keys from
any maps that may have them. If the YP_SECURE key is present, ypserv
will only allow access to the map from clients on reserved ports.
If the YP_INTERDOMAIN key is present, the server will do DNS lookups
for hostnames that it can't find in hosts.byname or hosts.byaddr.
This is the same as the -d flag (which is retained for backwards
compatibility) but it can be set on a per-map/per-domain basis.

Also modified /var/yp/Makefile to add YP_INTERDOMAIN to the hosts.*
maps and YP_SECURE to master.passwd.* maps by default.
1996-10-24 18:58:26 +00:00
Bill Paul
b2264be812 Performance enhancements (I hope) and new stuff:
yp_dblookup.c:

- Implement database handle caching. What this means is that instead
  of opening and closing map databases for each request, we open a
  database and save the handle (and, if requested, the key index)
  in an array. This saves a bit of overhead on things like repeated
  YPPROC_NEXT calls, such as you'd get from getpwent(). Normally,
  each YPPROC_NEXT would require open()ing the database, seeking
  to the location supplied by the caller (which is time consuming with
  hash databases as the R_CURSOR flag doesn't work), reading the
  data, close()ing the database and then shipping the data off to
  the caller. The system call overhead is prohibitive, especially
  with very large maps. By caching the handle to an open database,
  we elimitate at least the open()/close() system calls, as well
  as the associated DB setup and tear-down operations, for a large
  percentage of the time. This improves performance substantially at
  the cost of consuming a little more memory than before.

  Note that all the caching support is surrounded by #ifdef DB_CACHE
  so that this same source module can still be used by other programs
  that don't need it.

- Make yp_open_db() call yp_validdomain(). Doing it here saves cycles
  when caching is enabled since a hit on the map cache list by
  definition means that the domain being referenced is valid.

- Also make yp_open_db() check for exhaustion of file descriptors,
  just in case.

yp_server.c:

- Reorganize things a little to take advantage of the database
  handle caching. Add a call to yp_flush_all() in ypproc_clear_2_svc().

- Remove calls to yp_validdomain() from some of the service procedures.
  yp_validdomain() is called inside yp_open_db() now, so procedures that
  call into the database package don't need to use yp_validdomain()
  themselves.

- Fix a bogosity in ypproc_maplist_2_svc(): don't summarily initiallize
  the result.maps pointer to NULL. This causes yp_maplist_free()
  to fail and leaks memory.

- Make ypproc_master_2_svc() copy the string it gets from the database
  package into a private static buffer before trying to NUL terminate it.
  This is necessary with the DB handle caching: stuffing a NUL into the
  data returned by DB package will goof it up internally.

yp_main.c:

- Stuff for DB handle caching: call yp_init_dbs() to clear the
  handle array and add call to yp_flush_all() to the SIGHUP
  signal handler.

Makefile.yp:

- Reorganize to deal with database caching. yp_mkdb(8) can now be used
  to send a YPPROC_CLEAR signal to ypserv(8). Call it after each map
  is created to refresh ypserv's cache.

- Add support for mail.alias map.
  Contributed by Mike Murphy (mrm@sceard.com).

- Make default location for the netgroups source file be /var/yp/netgroup
  instead of /etc/netgroup.

mkaliases:

- New file: script to generate mail.alias map.
  Contributed by Mike Murphy (mrm@sceard.com).

Makefile:

- Install Makefile.yp as /var/yp/Makefile.dist and link it to
  /var/yp/Makefile only if /var/yp/Makefile doesn't already exist.
  Suggested by Peter Wemm.

- Install new mkaliases script in /usr/libexec along with mknetid.

- Use somewhat saner approach to generating rpcgen-dependent files
  as suggested by Garrett Wollman.
1996-04-28 04:38:52 +00:00
Bill Paul
f7f470a811 Add real securenets support. By default, ypserv now uses /var/yp/securenets
in the same was as the SunOS ypserv (same format, described in ypserv man
page). If the user wants tcpwrapper style access control, they can
recompile ypserv to use that instead. This way we get securenets without
having to ship libwrap.a and tcpd.h with core FreeBSD distribution.

If /var/yp/securenets doesn't exist, ypserv allows all connections.
1996-02-24 22:01:48 +00:00
Bill Paul
77732bc551 A few small tweaks related to ypxfr:
- Add a ypxfr_callback() function that we can use to signal failure to
  yppush(8) in the event that we can't fork()/exec() ypxfr(8). yppush
  only checks the return status from YPPROC_XFR enough to determine
  that the RPC succeded: it relies on its callback service to figure
  out whether or not the transfer actually worked.

- Give yp_dblookup.c its own debug variable (ypdb_debug) so that DB
  access debugging messages can be turned on or off independent of the
  program's global debug messages.

- Have the Makefile rpcgen the ypushresp_xfr_1() client stub for us and
  nuke the unneeded rule for yp_xdr.c that I left in by mistake (the XDR
  filters live in libc now).
1995-12-23 21:35:35 +00:00
Bill Paul
778c7b1c1c Import the new, non-GPL ypserv, written by yours truly. Functionally
equivalent to the old ypserv, except that it doesn't support the
-p [port] option to force the server to use a particular port.

The server stubs and yp.h header file are auto-generated from the yp.x
protocol definition file. The auto-generated XDR routines in libc/yp
are also used. The database access code has been broken out into a
seperate module so that other NIS utilities (ypxfr in particular)
can use it.

Note that the old mknetid script is being temporarily moved here; it
will be replaced by an mknetid program which will eventually have
a home under /usr/src/libexec. (The existing script is actually
somewhat broken -- it doesn't handle hosts -- but this isn't a big
deal at this point since the netid.byname map is really only useful
fopr Secure RPC, which we don't have yet.)
1995-12-16 20:54:17 +00:00