- FreeBSD's NIS server can supply a master.passwd map, which has
more fields in it than a standard passwd map, so we need a
_master_pw_breakout() fuction.
- When doing passwd map lookups, look for master.passwd.* by attempting
a _yp_first() on master.passwd.byname. If it exists, we're being served
by a FreeBSD NIS server and we should use this map.
- If we aren't the superuser, retrieve only the standard passwd maps.
If we're being served by a FreeBSD system, then the passwd map has
no passwords in it, and it won't serve us the master.passwd map unless
we're superuser anyway.
There's a small speed hit for the superuser inherent in the check for
the master.passwd map, but this lets us dynamically decide what to do
rather than rely on a non-standard config file somewhere. Since all
of this is bypassed for normal users, they shouldn't notice the
difference.
This is a ported/modified version of the yppush program from the
yps-0.21 package from the NYS project. This program is used to propagate
updated NIS maps from an NIS master to an NIS slave. It's normally invoked
by /var/yp/Makefile.
This version of yppush has been modified in the following ways:
- Cleared up several Linux/BSD incompatibilities, largely involving
header files.
- converted from GDBM to DB with extreme predjudice. (well, not really...)
- removed lots of ugly debugging code that really didn't do anyone any good.
- Fixed a couple of inaccurate/badly formatted error messages.
- Renamed some functions to avoid collisions with certain YP routines
hidden inside libc.
- Small signal handling kludge: Linux has different struct sigaction
that us.
- Incorporated some functions from the yps-0.21 library that yppush was
dependent on.
Like ypxfr, this works, but could use come cleaning up.
This is a ported/modified version of the ypxfr program from the yps-0.21
package from the NYS project. This program is normally invoked by ypserv
when it receives a yppush command from an NIS master. It can also be
run from the command line to grab copies of maps when initializing a
slave server.
This program has been hacked in the following ways:
- rpcgen'ed new yp_xdr.c, yp_svc.c and yp_clnt.c files. The old ones were
rather grody.
- Changed certain function names (prefended a _ to them) to avoid conflicts
with certain functions lurking within libc. One major problem here is
that ypxfr needs to bind to a YP master in order to work correctly,
but it can't use the _yp_bind function inside libc because that
function only lets you bind to a domain, not a specific host. Lots
of head scratching here.
- Converted from GDBM to DB at gunpoint.
- Removed lots of really nasty looking DEBUG code to try to reduce clutter.
- Incorporated some of the library code supplied with yps-0.21 on which
ypxfr was dependent.
This program still needs to be cleaned up just as a matter of principle:
I get all icky just looking at it sometimes.
This is a ported/modified version of yppasswd from the NYS yppasswd-0.5
package. This package has code in it from both Olaf Kirch and Theo
de Raadt. There are GPL references and BSD-style copyright all over the
place... hopefully I won't get flamed into oblivion for commiting this.
This program has been modified from the original in the following ways:
- Changed the ALLOW_CHFN and ALLOW_CHSH compile-time options into
run-time options.
- Demolished the password update functions and replaced them with
routines to handle FreeBSD-style passwordd databases. It is expected
that a seperate master.passwd file will be maintained for use with
the NIS maps. yppasswd will have to be told where it is:
% yppasswdd -m /var/yp/master.passwd
A /var/yp/passwd file will be generated from /var/yp/master.passwd by
/var/yp/Makefile. When yppasswdd has finished modifying the master.passwd
file, it will invoke /usr/libexec/yppwupdate, which is a script that
will run /var/yp/Makefile to generate new maps and push them.
Note that there are copies if pw_util.c and pw_copy.c here. This is
deliberate: they are *not* identical to the originals. Very similar, yes,
but not identical. *sigh*
This is a hacked-up port of the ypserv-0.11 server from the NYS project
written by Peter Eriksson.
The original package included some map creating and dumping tools and
was based on GDBM. This version has been modified in the following
ways:
- GDBM replaced with DB and many weird hacks made to the read_database()
function because of this.
- implimented the ypxfr service (using ypxfr from the yps-0.21 package,
aso from the NYS project)
- added code to check the TCP port from which NIS requests originate:
the server will refuse to serve the master.passwd.{byname|byuid} maps
if the request doesn't come from a privileged port. Normally, only the
superuser can issue such a request. Requests for the passwd.{bynam|byuid}
maps aren't affected. There will be a small change made to getpwent.c
in libc to complement this.
- added code to do DNS lookups via actual resolver queries instead of
relying on gethostbyname() and friends. The author noted in the original
documentation that a loop condition could arise where the server would
query itself for hostsname lookups. Using direct DNS lookups prevents
this from happening.
- added code to properly fork() the server into the background unless
invoked with the -debug flag.
- Added combined syslog/perror function.
- fixed a few bugs (which were probably introduced by all the other
changes)
- Created a bmake Makefile.
Note that this package can be linked against the tcp_wrapper package
to provide address-based authentication, but this isn't done by default
since the tcp_wrapper package isn't part of FreeBSD.
This program is used for both generating and dumping NIS maps. It's very
similar to the 'makedbm' command in SunOS. This program was ported from
the yps-0.21 package. It's close to the original except for the GDBM to
DB conversions. This was simple compared to the other YP components.
This is the first round of changes to incorporate YP server functionality
into FreeBSD. This particular change allows passwd to change either the
local or NIS password, as well as the NIS GECOS and shell information.
Essentially, I've taken passwd(1) and yppasswd from the yppasswd-0.5
distribution (which is part of the NYS project -- a project to provide
a GNU GPL'ed suite of NIS tools) and rammed them into each other
at high speed. I've tried my best to make this co-exist with the
Kerberos stuff, but since I don't run Kerberos I don't have an easy
way to verify that it all works. If you choose any Kerberos flags
then the YP checks should be bypassed, but that may not be enough.
I'll modify it some more if it turns out I broke something. For now,
support for localand NIS passwords is pretty solid:
- If you simply type 'passwd,' the program checks to see if you exist
in the local pwd.db database. If not, you get bounced to YP.
- If you try to force local functionality with the -l flag and you
don't exist locally, you get an error.
The -y flag can be used to force YP functionality. -f and -s let you
change your full name and shell (respectively). -f *and* -s let you
change all of your 'account information.'
ypchfn, ypchsh, yppasswd and ypchpass are all links to passwd.