- There are two cases where the server can potentially block for a long
time while servicing a request: when handling a yp_all() request, which
could take a while to complete if the map being transfered is large
(e.g. 'ypcat passwd' where passwd.byname has 10,000 entries in it),
and while doing DNS lookups when in SunOS compat mode (with the -dns
flag), since some DNS lookups can take a long time to complete. While
ypserv is blocked, other clients making requests to the server will
also block. To fix this, we fork() ypall and DNS lookups into subprocesses
and let the parent ypserv process go on servicing other incoming
requests.
We place a cap on the number of simultaneous processes that ypserv can
fork (set at 20 for now) and go back to 'linear mode' if it hits the
limit (which just means it won't fork() anymore until the number of
simultaneous processes drops under 20 again). The cap does not apply
to fork()s done as a result of ypxfr calls, since we want to do our
best to insure that map transfers from master servers succeed.
To make this work, we need our own special copy of svc_run() so that
we can properly terminate child processes once the RPC dispatch
functions have run.
(I have no idea what SunOS does in this situation. The only other
possibility I can think of is async socket I/O, but that seems
like a headache and a half to implement.)
- Do the politically correct thing and use sigaction() instead of
signal() to install the SIGCHLD handler and to ignore SIGPIPEs.
- Doing a yp_all() is sometimes slow due to the way read_database() is
implemented. This is turn is due to a certain deficiency in the DB
hash method: the R_CURSOR flag doesn't work, which means that when
handed a key and asked to return the key/data pair for the _next_
key in the map, we have to reset the DB pointer to the start of the
database, step through until we find the requested key, step one
space ahead to the _next_ key, and then use that. (The original ypserv
code used GDBM has a function called gdbm_nextkey() that does
this for you.) This can get really slow for large maps. However,
when doing a ypall, it seems that all database access are sequential,
so we can forgo the first step (the 'search the database until we find
the key') since the database should remain open and the cursor
should be positioned at the right place until the yp_all() call
finishes. We can't make this assumption for arbitrary yp_first()s
and yp_next()s however (since we may have requests from several clients
for different maps all arriving at different times) so those we have
to handle the old way.
(This would be much easier if R_CURSOR really worked. Maybe I should
be using something other than the hash method.)
platform, I discovered the following: if you use ypcat (or anything that
does a yp_all() for that matter) to dump out a map and then hit ^C before
it finishes, ypserv gets hit with a SIGPIPE and dies. (The ypall() service
is implemented using TCP.)
Fix: ignore SIGPIPEs.
- Use one sprintf() to put together the path to the map database instead
of strcat()s and strcpy()s.
- Make the 'error opening database' Perror() statement sane.
Add a NOMAN= . It doesn't have a manual page yet.
Please don't cry :-). I ask Rod first. the whole isdn subdir is not
used in the moment and is only dead source code in the tree.
In the case where ypserv is started with the -dns flag, fall through to
the DNS lookup code only if asked to match a map with the word 'host'
in its name. This prevents failed matches on non-host maps from being
incorrectly handed off to DNS.
register ourselves as an NIS version 1 UDP server to pacify older SunOS 4
ypbinds that seem to insist on having one around. All this does is allow
ypserv to respond to DOMAIN_NONACK requests that are periodically
transmitted by ypbind: the server will not actually work as an NIS v1
server in any other way.
Unlike the mainline code, which implements this as a compile-time
option, this feature can be turned on with the newly-added -k flag
at runtime.
Bunped version number to 0.13. (What the hell.)
Updated the man page to reflect this change, also made a couple of small
edits to reflect the recent changes in the /etc/rc* setup.
correctly (specified wrong fields to awk). Note that the files in question
are noe the local /etc/master.passwd and /etc/passwd files: this Makefile
expects there to be a seperate master.passwd file under /var/yp for NIS
database creation.
executes after it finishes updating the raw master.passwd file. The script
is just there to invoke /var/yp/Makefile to build new maps and yppush them.
We could have yppasswdd run /var/yp/Makefile directly, but this allws a bit
more flexibility: the user may decide to run some other commands too.
This is a ported/modified version of yppasswd from the NYS yppasswd-0.5
package. This package has code in it from both Olaf Kirch and Theo
de Raadt. There are GPL references and BSD-style copyright all over the
place... hopefully I won't get flamed into oblivion for commiting this.
This program has been modified from the original in the following ways:
- Changed the ALLOW_CHFN and ALLOW_CHSH compile-time options into
run-time options.
- Demolished the password update functions and replaced them with
routines to handle FreeBSD-style passwordd databases. It is expected
that a seperate master.passwd file will be maintained for use with
the NIS maps. yppasswd will have to be told where it is:
% yppasswdd -m /var/yp/master.passwd
A /var/yp/passwd file will be generated from /var/yp/master.passwd by
/var/yp/Makefile. When yppasswdd has finished modifying the master.passwd
file, it will invoke /usr/libexec/yppwupdate, which is a script that
will run /var/yp/Makefile to generate new maps and push them.
Note that there are copies if pw_util.c and pw_copy.c here. This is
deliberate: they are *not* identical to the originals. Very similar, yes,
but not identical. *sigh*
This is a hacked-up port of the ypserv-0.11 server from the NYS project
written by Peter Eriksson.
The original package included some map creating and dumping tools and
was based on GDBM. This version has been modified in the following
ways:
- GDBM replaced with DB and many weird hacks made to the read_database()
function because of this.
- implimented the ypxfr service (using ypxfr from the yps-0.21 package,
aso from the NYS project)
- added code to check the TCP port from which NIS requests originate:
the server will refuse to serve the master.passwd.{byname|byuid} maps
if the request doesn't come from a privileged port. Normally, only the
superuser can issue such a request. Requests for the passwd.{bynam|byuid}
maps aren't affected. There will be a small change made to getpwent.c
in libc to complement this.
- added code to do DNS lookups via actual resolver queries instead of
relying on gethostbyname() and friends. The author noted in the original
documentation that a loop condition could arise where the server would
query itself for hostsname lookups. Using direct DNS lookups prevents
this from happening.
- added code to properly fork() the server into the background unless
invoked with the -debug flag.
- Added combined syslog/perror function.
- fixed a few bugs (which were probably introduced by all the other
changes)
- Created a bmake Makefile.
Note that this package can be linked against the tcp_wrapper package
to provide address-based authentication, but this isn't done by default
since the tcp_wrapper package isn't part of FreeBSD.
This program is used for both generating and dumping NIS maps. It's very
similar to the 'makedbm' command in SunOS. This program was ported from
the yps-0.21 package. It's close to the original except for the GDBM to
DB conversions. This was simple compared to the other YP components.
