Commit Graph

123 Commits

Author SHA1 Message Date
Bill Paul
1e890b056a Just when you thought it was safe...
- getnetgrent.c: address some NIS compatibility problems. We really need
to use the netgroup.byuser and netgroup.byhost maps to speed up innetgr()
when using NIS. Also, change the NIS interaction in the following way:

If /etc/netgroup does not exist or is empty (or contains only the
NIS '+' token), we now use NIS exclusively. This lets us use the
'reverse netgroup' maps and is more or less the behavior of other
platforms.

If /etc/netgroup exists and contains local netgroup data (but no '+').
we use only lthe local stuff and ignore NIS.

If /etc/netgroup exists and contains both local data and the '+',
we use the local data nd the netgroup map as a single combined
database (which, unfortunately, can be slow when the netgroup
database is large). This is what we have been doing up until now.

Head off a potential NULL pointer dereference in the old innetgr()
matching code.

Also fix the way the NIS netgroup map is incorporated into things:
adding the '+' is supposed to make it seem as though the netgroup
database is 'inserted' wherever the '+' is placed. We didn't quite
do it that way before.

(The NetBSD people apparently use a real, honest-to-gosh, netgroup.db
database that works just like the password database. This is
actually a neat idea since netgroups is the sort of thing that
can really benefit from having multi-key search capability,
particularly since reverse lookups require more than a trivial
amount of processing. Should we do something like this too?)

- netgroup.5: document all this stuff.

- rcmd.c: some sleuthing with some test programs linked with my own
version of innetgr() has revealed that SunOS always passes the NIS
domain name to innetgr() in the 'domain' argument. We might as well
do the same (if YP is defined).

- ether_addr.c: also fix the NIS interaction so that placing the
'+' token in the /etc/ethers file makes it seem like the NIS
ethers data is 'inserted' at that point. (Chances are nobody will
notice the effect of this change, which is just te way I like it. :)
1995-08-07 03:42:14 +00:00
Peter Wemm
acc7e87c9b Slight adjustment to previous fix for __ivaliduser(). It was checking for
the comment before checking for long lines, so there was a possibility
that the wrap-around might be used as an exploitable hostname.
Reviewed by:
Submitted by:
Obtained from:
1995-07-16 17:03:58 +00:00
Joerg Wunsch
8f26c8ef60 Make ruserok() accept the #-starting comment lines we used to have
in our default /etc/hosts.equiv.

Closes PR #conf/620: Default /etc/hosts.equiv...
1995-07-16 10:12:32 +00:00
Joerg Wunsch
2c413cbe50 Fix the prototypes for getservby{name,port}().
Closes PR #docs/568: minor manpage bug

Submitted by:	Michael Smith (email address no longer valid)
1995-07-09 08:17:01 +00:00
Rodney W. Grimes
6c06b4e2aa Remove trailing whitespace. 1995-05-30 05:51:47 +00:00
Bill Paul
8b4709fa93 Add an ethers(3) man page. 1995-04-12 22:28:49 +00:00
Bill Paul
7680d1b004 Add ether_addr functions to libc. This seems to be the logical place
to put them. A man page is in the works.
1995-04-02 01:31:17 +00:00
Andrey A. Chernov
3330823cc3 Sicnce this code shares the same fragment as gethostnamaddr:
Change strtok() to strsep(), cause memory corruption for all
programs which use strtok() too in the same time.
Fix potential NULL reference, depends of /etc/hosts.conf format
Fix the bug when service name fetched always from beginning of the line,
not from parsed token.
1995-03-24 15:51:30 +00:00
Andrey A. Chernov
3d1513bdeb Change strtok() to strsep(), cause memory corruption for all
programs which use strtok() too in the same time.
Fix potential NULL reference, depends of /etc/hosts.conf format
Fix the bug when service name fetched always from beginning of the line,
not from parsed token.
1995-03-24 15:38:54 +00:00
Bill Paul
8538335f21 At last! Modified __ivaliduser() to do the same kind of user/host validation
that everyone else does: you can now use +host/-host, +user,-user and
+@netgroup/-@netgroup in /etc/hosts.equiv, /.rhosts, /etc/hosts.lpd and
~/.rhosts. Previously, __ivaliduser would only do host/user matches,
which was lame. This affects all the r-commands, lpd, and any other
program/service that uses ruserok().

An example of the usefullness of this feature would be a hosts.equiv
file that looks like this:

+@equiv-hosts

Since the netgroup database can now be accessed via NIS, this lets you
set up client machines once and then never have to worry about them
again: all hosts.equiv changes can now be done through NIS. Once I
finish with getpwent.c, we'll be able to do similar wacky things
with login authentication too. (Our password field substitution
will finally be on par with everyone else's, and I'll finally be
able to fully integrate my FreeBSD machine into my network without
having to worry about the grad students sneaking into it when I'm
not looking. :)

Danger Will Robinson! I tested this thing every which way I could, but
Murphy's Law applies! If anybody spots a potential security problem with
the way my matching algorithm works, tell me immediately! I don't want
crackers snickering and calling me names behind my back. :)
1995-03-20 07:29:55 +00:00
Garrett Wollman
40569757cc In _gethostbydnsaddr(), force RES_RECURSE into _res.options. This is
incredibly obnoxious, but also makes inverse mappings work when the local
resolver is in a cache-only configuration.  (Maybe this is actually
a bug in BIND?)
1994-12-01 22:25:38 +00:00
Rodney W. Grimes
3573df98f1 >Description:
While trying to figure out why rlogind wasn't working right for root,
	I noticed that man wouldn't come back with a man page for iruserok, but
	it would for ruserok.  Checking the lib/net directory's Makefile.inc
	file shows that the link to the rcmd man page just isn't getting
	created.
>How-To-Repeat:
	Do a 'man iruserok' and notihing will come back, where a 'man ruserok'
	will.

Submitted by:	Brian Moore <ziff@houdini.eecs.umich.edu>
Obtained from:	NetBSD-bugs mailing list
1994-10-27 16:33:49 +00:00
Garrett Wollman
f64c928f58 Use same configuration file, /etc/host.conf, for both gethost* and
getnet* configuration.  (It's highly unlikely that you'd want to do
something different, and network lookups aren't common enough to justify
their own configuration file.)
1994-09-26 22:45:10 +00:00
Garrett Wollman
6d59cf8ef2 Fixed YP networks map support. 1994-09-26 02:50:43 +00:00
Paul Traina
8bdba3f880 remove need for -DDEBUG from resolver code (conflict with db/hash) 1994-09-25 17:45:41 +00:00
Paul Traina
1363f04ce1 get* rework and new bind code 1994-09-25 02:12:49 +00:00
Paul Traina
af2c9cfd5b Make iso_addr's output conform to modern conventions for NSAP
representation.  Original code by pst but ported in as part of
enhancements to BIND 4.9.2 and returned to Vixie.
1994-09-22 19:31:29 +00:00
Geoff Rehmet
d1f32ba5df Based on fix from 1.1.5.1:
>From: jtk@atria.com (John T. Kohl)
in rcmd:
It calls select() with a hardcoded "number of file descriptors" argument
of 32, rather than computing it based on the sockets about which it
cares.

- Now we work out the nfds arg, and do some error checking
Submitted by:	Geoff.
1994-09-08 20:55:02 +00:00
Geoff Rehmet
1ea8221717 Fix gethostbyaddr():
call _getdnsbyaddr() instead of _getdnsbyname() ;-)
Submitted by:	Geoff
1994-08-28 13:33:10 +00:00
Garrett Wollman
d669ce372d Fixed typo. 1994-08-09 22:44:12 +00:00
Garrett Wollman
b42815434e Add (substantially re-written) support for /etc/host.conf, and reintegrated
1.1.5 support for YP, fixing a bug in 1.1.5 that prevented YP from ever
working reliably.  (I'm amazed that there were no bug reports.)

IWBRNI someone could write a host.conf(5) manual page.  Please look at
the code before doing so; this version is somewhat more flexible in the
format of its input.
1994-08-09 20:23:14 +00:00
Garrett Wollman
2ceb2ce9ee First crack at making libc work with the new make macros. It compiles on
my machine, and a simple static (genassym) and shared (sysctl) executable
both work.  Still to be done: RPCand YP merge.
1994-08-05 01:19:12 +00:00
Rodney W. Grimes
58f0484fa2 BSD 4.4 Lite Lib Sources 1994-05-27 05:00:24 +00:00