is conditionalized by the INCLUDE_CONFIG_FILE option in your kernel config
file and is not turned on by default.
Submitted-By: Bill Pechter <pechter@shell.monmouth.com>
If rpc.yppasswdd is invoked with the -i flag, password changes will
be made to the master.passwd template file and the hash map files
in-place, which means it won't have to run a complete map update.
Instead, it calls /var/yp/Makefile with the 'pushpw' target, which
just pushes the maps to the slaves and runs yp_mkdb -c to tell the
local ypserv to flush its database cache.
The server will check the passwd.byname and passwd.byuid maps to see
if they were built in 'insecure' or 'secure' mode (i.e. with real
encrypted passwords in them or without) and update them accordingly.
This combined with rpc.ypxfrd greatly reduces the amount of time it
takes to complete an NIS password change, especially with very large
passwd databases.
This server impliments an RPC-based file transfer protocol that allows
an NIS slave server to copy a raw map database file from an NIS master.
The goal here is to speed up the transfer of very large maps. If you
have, for example, an NIS password database with 30,000 records in it,
it can take around 8 to 10 minutes to regenerate it (four hash databases
are created). As it stands now, ypxfr(8) transfers a map by sucking all
the records from ypserv(8) on the master using yp_all() and writing them
to a new database using the db(3) library. This adds up to another 8 to 10
minutes, per slave. With as the number of slaves increases, this latency
becomes prohibitive.
With rpc.ypxfrd, all the slave has to do is copy the already-built
hash database file from the master and move it into place. Even with a
multi-megabyte file, this reduces the master to slave transfer time
to well under a minute. (This is using TCP.)
Access restrictions are applied using the same mechanism as in ypserv:
you can control access using /var/yp/securenets, and the server will
not transmit the master.passwd.* maps unless the transfer request originates
on a reserved port.
Note: this server is based on my hastily contrived protocol and is _NOT_
compatible with Sun's protocol of the same name. It can't be compatible
for a couple of reasons. For one thing, Sun's protocol has not been published
anywhere that I know of. It is not included in any of the SunRPC source
distributions that I've been able to find. Second, Sun's NIS v2 code
uses old style ndbm maps while FreeBSD uses Berkeley DB. The file formats
are incompatible, so being able to transfer maps between FreeBSD and SunOS
hosts wouldn't do any good anyway. (You could always port the FreeBSD NIS
code to SunOS if you really wanted to do it. :)
(There's also the little fact that SunOS/SPARC is big-endian and FreeBSD/i386
is little-endian. Berkeley DB can handle byte ordering differences; ndbm
probably can't.)
- Add a 'pushpw' target that only yppushes the various passwd maps
and sends a YPPROC_CLEAR to the local ypserv. This will be used by
rpc.yppasswdd once I merge in the in-place update changes.
yp_access.c:
- Make the yp_access() function print RPC program and procedure numbers
that it doesn't know about in literal form. This will allow it to work
with other prgrams that it doesn't know about, like rpc.ypxfrd I'm going
to import shortly.
yp_dblookup.c:
- Take out the __inline keywords. They weren't really helping me anyway.
- Somehow I broke yp_next() when DB_CACHE wasn't #defined. Fix it.
- Also fix potential case where yp_next() might loop forever; make sure
it checks the return values of all the (dbp->seq)()/R_NEXT calls that
it does as well as comparing keys.
having a hosts.lpd(5) manpage and some references to it from
within lpd(8) might help here. Close PR docs/1277
Submitted by: andreas@knobel.gun.de (Andreas Klemm)
Fix some comments to reflect reality (in some cases I made changes
to code but not to the comments).
Change some instances of 'inline' to '__inline' to pacify
gcc -ansi -pedantic.
Use rcsid strings more consistently.
Make 'oldaddr' static in yp_access().
Use strcpy()/strcat() in yp_open_db_cache() instead of snprintf().
(Seems to be a little faster this way.)
in one place, leaking memory in another).
Add a facility to invoke subsystems directly by naming them on
sysinstall's command-line when running post-install. A replacement
for pkg_manage might, for example, be `/stand/sysinstall configPackages'
Fix bogon where upgrade shell was entered with tty modes spammed.
Fix bug with release name checking in ftp_strat. Turned a bunch of
bogus exit()s into proper calls to systemShutdown().
mount_* programs. While we're at it, collapse the four now-identical
mount programs for devfs, fdesc, kernfs, and procfs into links to
a new mount_std(8) which can mount any really generic filesystem
such as these when called with the appropriate argv[0].
Also, convert the mount programs to use sysexits.h.
add some logging functionality which I find very useful.
'set debug link' will record just link up/down and address assignments.
'set debug connect' will record the entire chat dialog
'set debug carrier' will record just chat lines including 'CARRIER'
(so that I can be sure I'm getting a 28.8 line).
There was a global change required to permit LogPrintf to take a bit
mask instead of a bit position value (to permit logging some events
on either of two flags, so that no change in 'set debug lcp' would
result from the code supporting 'link'. Thus the diffs are rather
long for such a small change. The man page is also touched.
Oh, and there was a slight syntax problem in route.c
Reviewed by: phk
Submitted by: Tony Kimball <alk@Think.COM>
orthogonal with the rest of the system (you can now use either -PPS or
-P PS), and makes the parser more intelligible. The only drawback is
that the old semantics for the -i flag in case a non-numeric argument
is following are no longer fully supported (only if -i is the very
last arg at all), since getopt(3) doesn't support the discticnction
between numeric and non-numeric arguments.
Make lpr also understand dashes as input pseudo filenames. This
finally makes lp(1) fully comply with Posix.2.
The removed files are no longer needed, they are actually labelled as
``Use only if you are not 4.4BSD''. (Yeah, the ol' crufty printcap.c
is really gone!)
Properly declare all external objects in files ending in .h, as
opposed to embed them into files ending in .c.
Make "selection bar" inverse video white-on-blue on color screens to avoid
it getting muddled up with popup dialogs.
Do disk selection in a more friendly fashion (for one thing, allow a
drive to be de-selected again if you change your mind).
Add a few strategic screen-saves to prevent corruption of screen contents
(thanks, Michael Elbel!).
the patch submitted by Philippe Charnier since he wasn't actually freeing
the resources early enough (an earlier return could be invoked, leaving
the resources still allocated), but he definitely pointed it out. Merci,
Philippe!
Suggested-By: Philippe Charnier <charnier@lirmm.fr>
really own (and which can end up being mangled later). The manifestation
of this bug is that the first attempt by a user to change their NIS password
succeeds, but all subsequent attempts fail. rpc.yppasswdd also logs
a message about not being able to find a file called
'/var/yp/<some garbage string>/master.passwd.' (Note that for some
bizarre reason, this doesn't happen with the malloc() from FreeBSD 2.1.0.
I suppose this means we can chalk up another victory for phkmalloc. :)
This bug only occurs if you use the -m flag with rpc.yppasswdd.
Fix this by copying the domain name to a static buffer and returning
a pointer to that instead.
Reported by: Jian-Da Li (jdli@csie.nctu.edu.tw)
surprising how many trivial errors there have been... :-)
Some more cleanup is needed, but i'd like to separate the Lite2 changes
from other work, that's why this goes into a different commit.
People with serial printers should see whether i have broken the stty-
style printcap options (i hope not).
Inspired by: Sergey Shkonda <serg@bcs1.bcs.zaporizhzhe.ua>
Intended for sup mirrors etc. Not well tested yet.
Reviewed by: phk
Submitted by: Giles Lean <giles@nemeton.com.au>
Submitted by: John Hay <jhay@mikom.csir.co.za>
More asthetic adjustments to menus.
Improve both the display efficiency and usability of the label
screen - it's now possible to label quite a few disks in the label editor.
yp_dblookup.c:
- Implement database handle caching. What this means is that instead
of opening and closing map databases for each request, we open a
database and save the handle (and, if requested, the key index)
in an array. This saves a bit of overhead on things like repeated
YPPROC_NEXT calls, such as you'd get from getpwent(). Normally,
each YPPROC_NEXT would require open()ing the database, seeking
to the location supplied by the caller (which is time consuming with
hash databases as the R_CURSOR flag doesn't work), reading the
data, close()ing the database and then shipping the data off to
the caller. The system call overhead is prohibitive, especially
with very large maps. By caching the handle to an open database,
we elimitate at least the open()/close() system calls, as well
as the associated DB setup and tear-down operations, for a large
percentage of the time. This improves performance substantially at
the cost of consuming a little more memory than before.
Note that all the caching support is surrounded by #ifdef DB_CACHE
so that this same source module can still be used by other programs
that don't need it.
- Make yp_open_db() call yp_validdomain(). Doing it here saves cycles
when caching is enabled since a hit on the map cache list by
definition means that the domain being referenced is valid.
- Also make yp_open_db() check for exhaustion of file descriptors,
just in case.
yp_server.c:
- Reorganize things a little to take advantage of the database
handle caching. Add a call to yp_flush_all() in ypproc_clear_2_svc().
- Remove calls to yp_validdomain() from some of the service procedures.
yp_validdomain() is called inside yp_open_db() now, so procedures that
call into the database package don't need to use yp_validdomain()
themselves.
- Fix a bogosity in ypproc_maplist_2_svc(): don't summarily initiallize
the result.maps pointer to NULL. This causes yp_maplist_free()
to fail and leaks memory.
- Make ypproc_master_2_svc() copy the string it gets from the database
package into a private static buffer before trying to NUL terminate it.
This is necessary with the DB handle caching: stuffing a NUL into the
data returned by DB package will goof it up internally.
yp_main.c:
- Stuff for DB handle caching: call yp_init_dbs() to clear the
handle array and add call to yp_flush_all() to the SIGHUP
signal handler.
Makefile.yp:
- Reorganize to deal with database caching. yp_mkdb(8) can now be used
to send a YPPROC_CLEAR signal to ypserv(8). Call it after each map
is created to refresh ypserv's cache.
- Add support for mail.alias map.
Contributed by Mike Murphy (mrm@sceard.com).
- Make default location for the netgroups source file be /var/yp/netgroup
instead of /etc/netgroup.
mkaliases:
- New file: script to generate mail.alias map.
Contributed by Mike Murphy (mrm@sceard.com).
Makefile:
- Install Makefile.yp as /var/yp/Makefile.dist and link it to
/var/yp/Makefile only if /var/yp/Makefile doesn't already exist.
Suggested by Peter Wemm.
- Install new mkaliases script in /usr/libexec along with mknetid.
- Use somewhat saner approach to generating rpcgen-dependent files
as suggested by Garrett Wollman.
hopefully less grotty. Differences include:
- An extra flag, -c, for sending a YPPROC_CLEAR to ypserv(8) (which
will become useful once I merge in the DB handle caching mods I've
been working on).
- Checks for and signals duplicate keys.
- Handles line continuations.
As of now, there is no more GNU YP code in the tree.
Go back to Normal menus for Media and FTP menus rather than
radio menus - the difference in behavior is confusing and sort
of detracts from the added (small) advantage of seeing what you last
picked.
1. Fix the last display bugs (I hope) by use of dialog rebuilds at stategic
points.
2. Clean up the distributions menus so that everybody (that's reasonable)
has All and Clear options for setting/clearing things en-masse.
3. Various attempts at display optimization.
4. Change the wording of the `Don't use Write!' dialogs to make them more
explicitly define when and when not to use the option.
If you use sliplogin as a user shell (in /etc/passwd) upgrade to this version.
Reviewed by: bde, peter
Submitted by: AUS CERT
Obtained from: Linux sliplogin-2.02
I still have a _very very annoying_ display bug which occurs when a menu
item causes a submenu to be displayed - the screen repaints for the original
menu (which is restored upon return from the submenu) are off by about 4
characters. I've tried restoring the screen, the cursor position, you name
it - same deal. Grrrr! This commit is my first step in trying to get someone
else to help me look into this one since I'm just tearing my hair out at this
point!
This program is a wrapper for the prog mailer in sendmail. It does shell
meta character masking and restricts the list of executables to those found
in /usr/libexec/sm.bin.
The default sendmail.cf file does not use this tool, however you can enable
it by either changing /bin/sh to /usr/libexec/smrsh or adding the line
FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.
For more info, RTFMP.
pwd_mkdb.c:
- Don't save the PLUSCNT and MINUSCNT tokens: we don't need them anymore.
- Count the + and - entires for NIS together instead of counting + and -
entries seperately. Index all special NIS entries using new _PW_KEYYPBYNUM
token.
pwd.h:
- Remove the PLUSBYNUM, MINUSBYNUM, PLUSCNT and MINUSCNT tokens and replace
then with a single _PW_KEYYPBYNUM token.
to int32_t. I only fixed the ones that I noticed the warnings for.
Perhaps most of the format strings are correct now because they were
wrong before. Except of course if int32_t isn't compatible with `int'.
dbopen() to open an NIS map.
Testing with very large maps (e.g. a sample password database with 31,000+
entries) has shown that ypserv will leak memory (ps shows RSS and VSZ
growing to 4000 pages or more) when performing repeated yp_next()s or
a yp_all(). The problem with yp_all() is not immediately obvious since
the ypproc_all service is handled in a child process which exits once
the transfer is finished, but with repeated yp_next()s (like what you
get when you use getpwent() to scroll through the password database),
the parent ypserv grows to enormous size and never shrinks again.
It seems this is related to the HASHINFO parameters I used in yp_dblookup.c,
which I actually stole from pwd_mkdb. Calling dbopen() with the default
parameters (specifying openinfo as NULL) fixes the problem.
I still need to see how this impacts the other NIS tools. I'm also
considering changing from hash to btree databases: the hash database
method doesn't support R_CURSOR, which means yp_next_record() has to
do a lot of ugly work in order to reach an arbitrary location in the
database.
When PPP gets an uncompressed packet, it attempts to save off the TCP/IP
header for use in decompressing subsequant packets. If PPP gets garbage
(such as what happens when there is a port speed mismatch or modem line
noise), it will occasionally mistake the packet as a valid uncompressed
packet. When it tries to save off the header, it doesn't bother to check
for the validity of the header length and will happily clobber not only
the PPP VJC data structure, but parts of other process memory that happens
to follow it...causing, ahem, undesired behavior.
man pages up to mdoc guidelines and fix some minor formatting glitches.
Also fixed a number of man pages to not abuse the .Xr macro to
display functions and path names and a lot of other junk.
their path names in the synopsis line (especially since they
referenced the wrong path!). Corrected some other minor problems
with the rpc.lockd man page.
1. Use new dialog menu hacks (no strings, just arrays of dialogMenuItem structs)
so that I can create composite menus with radio/checkbox/... items in them,
removing some long-standing UI bogons in various menus. This work isn't
finished yet, but will be done in two phases. This is phase one.
2. Remove all the script installation stuff. I never got time to document it,
it was arcane and it just complicated much of the code. There are better
ways of doing this if I want to do auto-driven installations later.
3. Remove much dead code and otherwise attempt to remove as much historical
grot as possible so that this code is easier to hack on. This is also
a two-stage process, phase one of which is now complete.
is when the matched string spans the end of the inbuff. This fix allocates
twice the IBSIZE so that it can keep the last and the current text to search
in the inbuff so that the match won't fail if it gets truncated by the read.
It also warns if the search string is to long and truncates it.
Submitted by: Dough Ambrisco <ambrisco@ambrisco.roble.com>