This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
The code, as written, appears to load the new database data into a new
hash file and renames the two.
Due to a run of bugs and lack of error checking, it's going a whole
mess of unlink() and rename() calls that are failing. It only
worked in the first place because the data was being inserted into a
"live" hash file. (I wonder how much stale data has assumulated?)
Submitted by: Laurence Lopez <lopez@mv.mv.com>
We already check for (and reject entries with) '+' or '-' as the first
character of the key side of the key/data pair; we should check the data
side too. (Letting spurious +/- entries into the NIS maps is bad karma.)
#ifdef out a number of calls to free() left over from the original
GNU ypserv implementation. As near as I can tell, the Berkeley DB
package does its own garbage collection, hence the caller doesn't
have to worry about free()ing the memory returned in the DBT
structures during lookups (I'm still not 1005 sure about this:
the DB code is very hard to follow. I must use dynamically
allocated memory since you can retreive arbitrarily large records
from a database, but I'm not sure where it ends up letting go
of it). This was not true with GDBM; you had
to do your own garbage collection.
The general rule is that if you allocate memory inside an RPC
service routine, you have to free() it the next time the routine is
called since the underlying XDR routines won't do it for you.
But if the DB package does this itself, then we don't need to do
it in the main program.
Note that with the original malloc(), there were never any errors
flagged. phkmalloc complained quite loudly.
In ypserv:
yp_svc.c:
- small signal handler tweak (hopefully the last): just use sigemptyset()
to clear sa_mask.
Makefile.yp:
- Let the user specify the location of master.passwd when updating
maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing
the file to change the location of master.passwd still works. This
is mostly to let yppassswdd specify the name of the master.passwd
file itself.
In yppasswdd:
yppasswdd.c:
- Roll in some minor changes (mostly casts) from Olaf Kirch's latest
yppasswd package release (version 0.7).
- Use daemon() instead of doing all the deamonizing gruntwork ourselves.
- Call pw_init() after daemonizing ourselves. pw_init() sets up some
resource limits and blocks some signals for us. We used to do this before
every password change, but there's really no point in calling it more
than once during the life of the program.
- Change install_reaper() so that we can use it to de-install the SIGCHLD
handler if we need to (and we do in pw_mkdb() -- this is what I get for
splicing code from two different programs together).
- Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is
decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an
array of longs, not an int.)
update.c:
- Roll in change from new version (check that we're not modifying an NIS
entry in validate_args()).
- Get rid of call to pw_init() (moved to yppasswdd.c).
- Check return values from pw_util routines and return error status to
yppasswd clients if there's a problem.
- Straighten out password file copying mechanism a little. Keep a grip
on the original password file rather than summarily overwriting it so
that we can restore everything if we fail to fork() a process to update
the NIS maps.
- Pass the name of the password template file (specified with -m or
/etc/master.passwd by default) to the yppwupdate script, which in
turn should now pass it to /var/yp/Makefile.
pw_util.c:
- Nuke the pw_edit() and pw_prompt() functions -- we don't need them.
- Change all warn()s, warnx()s and err()s to syslog()s.
- Make sure we return error status to caller rather than bailing out
in pw_lock() and pw_tmp().
- Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent
yppasswdd from being shut down cleanly).
- Don't let pw_error() exit. (This stuff was stolen from chpass and vipw
which are interactive programs; it's okay to let pw_error() bail out
for these programs, but not in a daemon like yppasswdd).
- Fix signal handling in pw_mkdb (we need to temporarily de-install the
SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves).
pw_copy.c:
- Change all warn()s, warnx()s and err()s to syslog()s.
- Add a bunch of returns() and make pw_copy() return and int ( 0 on success,
-1 on failure) so that update.c can flag errors properly.
- Return -1 after calling pw_error() to signal failures rather than
relying on pw_error() to bail out.
- Abort copying if we discover that we've been asked to change an entry
for a user that exists in the NIS passwd maps but not in the master.passwd
template file. This can happen if the passwd maps and the template file
fall out of sync with each other (or if somebody tries to spoof
us). The old behavior was to create add the entry to the password file,
which yppasswdd should not do under any circumstances.
Makefile:
- update VERSION to 0.7
yppasswdd.8:
- fix typo (forgot a carriage return somewhere)
- remove bogus reference to pwunconv(8) which FreeBSD doesn't have.
- bump version from 0.5 to 0.7
- Reflect changes in password file handling.
yppwupdate:
- Log map rebuilds to /var/yp/ypupdate.log.
- Pass the name of the template password file to /var/yp/Makefile as
$MASTER_PASSWD.
syslog connections unless they were rejected. This helps save wear and
tear on the syslog facility in large networks with many clienst systems.
yp_svc.c: Be a little smarter about using sigaction() -- set the SA_RESTART
flag.
svc_run: Be doubly paranoid about killing off child processes. Do a flag
chack and a pid check before letting child 'threads' self-destruct.
- There are two cases where the server can potentially block for a long
time while servicing a request: when handling a yp_all() request, which
could take a while to complete if the map being transfered is large
(e.g. 'ypcat passwd' where passwd.byname has 10,000 entries in it),
and while doing DNS lookups when in SunOS compat mode (with the -dns
flag), since some DNS lookups can take a long time to complete. While
ypserv is blocked, other clients making requests to the server will
also block. To fix this, we fork() ypall and DNS lookups into subprocesses
and let the parent ypserv process go on servicing other incoming
requests.
We place a cap on the number of simultaneous processes that ypserv can
fork (set at 20 for now) and go back to 'linear mode' if it hits the
limit (which just means it won't fork() anymore until the number of
simultaneous processes drops under 20 again). The cap does not apply
to fork()s done as a result of ypxfr calls, since we want to do our
best to insure that map transfers from master servers succeed.
To make this work, we need our own special copy of svc_run() so that
we can properly terminate child processes once the RPC dispatch
functions have run.
(I have no idea what SunOS does in this situation. The only other
possibility I can think of is async socket I/O, but that seems
like a headache and a half to implement.)
- Do the politically correct thing and use sigaction() instead of
signal() to install the SIGCHLD handler and to ignore SIGPIPEs.
- Doing a yp_all() is sometimes slow due to the way read_database() is
implemented. This is turn is due to a certain deficiency in the DB
hash method: the R_CURSOR flag doesn't work, which means that when
handed a key and asked to return the key/data pair for the _next_
key in the map, we have to reset the DB pointer to the start of the
database, step through until we find the requested key, step one
space ahead to the _next_ key, and then use that. (The original ypserv
code used GDBM has a function called gdbm_nextkey() that does
this for you.) This can get really slow for large maps. However,
when doing a ypall, it seems that all database access are sequential,
so we can forgo the first step (the 'search the database until we find
the key') since the database should remain open and the cursor
should be positioned at the right place until the yp_all() call
finishes. We can't make this assumption for arbitrary yp_first()s
and yp_next()s however (since we may have requests from several clients
for different maps all arriving at different times) so those we have
to handle the old way.
(This would be much easier if R_CURSOR really worked. Maybe I should
be using something other than the hash method.)
platform, I discovered the following: if you use ypcat (or anything that
does a yp_all() for that matter) to dump out a map and then hit ^C before
it finishes, ypserv gets hit with a SIGPIPE and dies. (The ypall() service
is implemented using TCP.)
Fix: ignore SIGPIPEs.
- Use one sprintf() to put together the path to the map database instead
of strcat()s and strcpy()s.
- Make the 'error opening database' Perror() statement sane.
Add a NOMAN= . It doesn't have a manual page yet.
Please don't cry :-). I ask Rod first. the whole isdn subdir is not
used in the moment and is only dead source code in the tree.
In the case where ypserv is started with the -dns flag, fall through to
the DNS lookup code only if asked to match a map with the word 'host'
in its name. This prevents failed matches on non-host maps from being
incorrectly handed off to DNS.
register ourselves as an NIS version 1 UDP server to pacify older SunOS 4
ypbinds that seem to insist on having one around. All this does is allow
ypserv to respond to DOMAIN_NONACK requests that are periodically
transmitted by ypbind: the server will not actually work as an NIS v1
server in any other way.
Unlike the mainline code, which implements this as a compile-time
option, this feature can be turned on with the newly-added -k flag
at runtime.
Bunped version number to 0.13. (What the hell.)
Updated the man page to reflect this change, also made a couple of small
edits to reflect the recent changes in the /etc/rc* setup.