Secure RPC import I've been threatening.
This step adds some necessary protocol definition files and headers to
rpcsvc, including the ones needed for NIS+.
Reviewed by: Mark Murray
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
easier to use in mixed environments:
- Add three new members to the request structure:
- a filename specification
- a database type specification
- a system byte prder specification
These allow the client to ask the server for a particular type of
database (Berkeley DB hash/btree/recno, GNU GDBM, dbm, ndbm, etc...)
and get back a meaningful error if the server doesn't support it.
The byte order spec is needed if the database type is byte order
sensntive. You don't, for example, want to read an ndbm database
from a big endian machine on a little endian machine (the ndbm code
will explode). The filename spec lets the client handle things like
ndbm which uses two seperate files per database (foo.dir and foo.pag).
The client can ask for each half, one at a time.
- Add a list of database types and byte order values. Each list has
a wildcard 'ANY' entry which lets the client ask for whatever the
server supports. (XFR_ENDIAN_ANY is useful with the Berkeley DB hash
method for instance, since it isn't byte order sensitive.)
- Add two newserver failure codes: XFR_DB_TYPE_MISMATCH and
XFR_DB_ENDIAN_MISMATCH. The server uses these to tell the client
that it doesn't support the requested type/byte order.
These changes were made at the suggestion of Thorsten Kukuk, the
current maintainer of the Linux ypserv distribution. This allows
Linux and FreeBSD NIS servers to use the same ypxfrd protocol and
avoid accidentally exchanging incompatible map files.
Import a my own little ypxfrd protocol. Note that this protocol is
_NOT_ the same as Sun's, which is proprietary.
This basically impliments an RPC-based file transfer protocol which
lets a slave server suck over a raw map database file from the master.
This is many times faster than the normal method, which requires reading
the records from ypserv via yp_all() and then creating a new database
on the fly, particularly when you have many tens of thousands of
records in a map (e.g. a huge passwd database).
The protocol number I chose falls within the 'user-specified' range.
Maybe we should register it with Sun so we can get an official vendor
number for it. :)
and real life. YPPUSHPROC_XFRRESP is supposed to return void and take
an argument of type yppushresp_xfr, not the other way around as yp.x seems
to imply. (I spent two hours today staring intensely at my prototype ypxfr
code and scratching my head before I finally figured this out.)
taking an argument of type ypresp_key. This is incorrect: it should be
ypresp_nokey. (yp_first() is supposed to return the first key in a
given map; the server doesn't need any client-specified key to handle
such a request.)
No, not really. There are just a couple of long-standing bogosities here
that I feel compelled to fix. :)
There are two small changes here:
1) yp.x actually contains _three_ protocol definitions: YPPROG (standard
NIS client/server procedures), YPPUSH_XFRRESPPROG (callback handler
for the YPPROC_XFR service, aka ypxfr/yppush) and YPBINDPROG (for ypbind,
ypset & friends). The problem is that when you run yp.x through rpcgen(1),
it generates client and server stubs with hooks for all three services.
This makes it impossible to actually use the rpcgen-erated code in a
program that only deals with _one_ of these services (ypserv, ypbind,
etc...) without manually removing the unneeded stubs (either by hand
editing or by committing unspeakable horrors with sed). This defeats
the whole purpose of using rpcgen and is generally annoying.
What I've done is to insert a few #ifndefs and #endifs to allow a
programmer to selectively blot out those functions that aren't needed
for a particular program. For instance, if you do 'rpcgen -DYPSERV_ONLY',
you'll get only the necessary client/server stubs to implement the
standard yp client and server functions. If you do 'rpcgen -DYPBIND_ONLY',
you get only what you need for ypbind. If you don't #define anything,
you get the whole mess, just like before, so existing programs won't
notice the difference. (Note that the -D flag is not supported by our
existing crufty version of rpcgen, but I intend to update it soon.)
2) The definition for the ypresp_key_val structure is actually incorrect
with respect to reality: the key and val members are specified in the
wrong order. It should be val/key rather than key/val. For whatever
the reason, Sun's actual NIS implementation contradicts the protocol
definition in this case. Again, accounting for this bogosity here is
cleaner and easier than mangling the output from rpcgen.
specified in the top level Makefiles.
Previously I missed dozens of Makefiles that skip the install after
using `cmp -s' to decide that the install isn't necessary.
- Don't do mkdir/chown/chmod
- Do `cmp -s' before attempting to install a header
This should fix the obnoxious problem of yp programs wanting to
rebuild every time.
The version 2 support has been tested (client+server) against FreeBSD-2.0,
IRIX 5.3 and FreeBSD-current (using a loopback mount). The version 2 support
is stable AFAIK.
The version 3 support has been tested with a loopback mount and minimally
against an IRIX 5.3 server. It needs more testing and may have problems.
I have patched amd to support the new variable length filehandles although
it will still only use version 2 of the protocol.
Before booting a kernel with these changes, nfs clients will need to at least
build and install /usr/sbin/mount_nfs. Servers will need to build and
install /usr/sbin/mountd.
NFS diskless support is untested.
Obtained from: Rick Macklem <rick@snowhite.cis.uoguelph.ca>
to properly resolve some definitions in <nfs/nfs.h>. I suppose nobody noticed
this before because no one's tried to build bootparamd in FreeBSD until
now.
(Yes, you read that right: I've got bootparamd ready to go. And
rarpd is on the way. :)
