51 Commits

Author SHA1 Message Date
wpaul
627b063e66 Add preliminary support for netgroup.byuser and netgroup.byhosts maps.
(I have to make another pass through here soon; awk doesn't handle
lines broken up with '\', which can sometimes appear in netgroup maps.)
1995-10-26 18:00:35 +00:00
wpaul
eee514a278 Add support for publickey.byname map (turned off by default since
we haven't imported the Secure RPC stuff yet).
1995-10-23 16:13:53 +00:00
wpaul
a78182e121 Eek! When we encounter a '+' or '-', the resulting action should be
'continue' rather than 'break'.
1995-10-23 16:03:41 +00:00
wpaul
c11fb4caff A one-liner:
We already check for (and reject entries with) '+' or '-' as the first
character of the key side of the key/data pair; we should check the data
side too. (Letting spurious +/- entries into the NIS maps is bad karma.)
1995-10-11 14:30:51 +00:00
wpaul
c68079d5af phkmalloc strikes!
#ifdef out a number of calls to free() left over from the original
GNU ypserv implementation. As near as I can tell, the Berkeley DB
package does its own garbage collection, hence the caller doesn't
have to worry about free()ing the memory returned in the DBT
structures during lookups (I'm still not 1005 sure about this:
the DB code is very hard to follow. I must use dynamically
allocated memory since you can retreive arbitrarily large records
from a database, but I'm not sure where it ends up letting go
of it). This was not true with GDBM; you had
to do your own garbage collection.

The general rule is that if you allocate memory inside an RPC
service routine, you have to free() it the next time the routine is
called since the underlying XDR routines won't do it for you.
But if the DB package does this itself, then we don't need to do
it in the main program.

Note that with the original malloc(), there were never any errors
flagged. phkmalloc complained quite loudly.
1995-09-24 17:21:52 +00:00
wpaul
debc540217 Fix bug pointed out by user on c.u.b.f.m: commenting out NOPUSH=true
for master/slave configuration doesn't work because DOMAIN isn't
correctly defined.
1995-08-11 13:55:42 +00:00
bde
1d5c50aac7 Install source files with the -c flag, not with the optional flag ${COPY}. 1995-08-06 12:37:41 +00:00
bde
f5284ed86d Change install' to ${INSTALL}' so that default install flags can be
specified in the top level Makefiles.
1995-07-25 00:37:58 +00:00
wpaul
c0d9518d8d Updates, fixes and cleanups -- oh my.
In ypserv:

yp_svc.c:
- small signal handler tweak (hopefully the last): just use sigemptyset()
to clear sa_mask.

Makefile.yp:
- Let the user specify the location of master.passwd when updating
maps (e.g. make MASTER_PASSWD=/some/path/to/master.passwd). Editing
the file to change the location of master.passwd still works. This
is mostly to let yppassswdd specify the name of the master.passwd
file itself.

In yppasswdd:

yppasswdd.c:
- Roll in some minor changes (mostly casts) from Olaf Kirch's latest
yppasswd package release (version 0.7).
- Use daemon() instead of doing all the deamonizing gruntwork ourselves.
- Call pw_init() after daemonizing ourselves. pw_init() sets up some
resource limits and blocks some signals for us. We used to do this before
every password change, but there's really no point in calling it more
than once during the life of the program.
- Change install_reaper() so that we can use it to de-install the SIGCHLD
handler if we need to (and we do in pw_mkdb() -- this is what I get for
splicing code from two different programs together).
- Use sigemptyset(&act.sa_mask) rather than act.sa_mask = 0: the latter is
decidedly non-portable. (In IRIX, HP-UX and Solaris, sigset_t is an
array of longs, not an int.)

update.c:
- Roll in change from new version (check that we're not modifying an NIS
entry in validate_args()).
- Get rid of call to pw_init() (moved to yppasswdd.c).
- Check return values from pw_util routines and return error status to
yppasswd clients if there's a problem.
- Straighten out password file copying mechanism a little. Keep a grip
on the original password file rather than summarily overwriting it so
that we can restore everything if we fail to fork() a process to update
the NIS maps.
- Pass the name of the password template file (specified with -m or
/etc/master.passwd by default) to the yppwupdate script, which in
turn should now pass it to /var/yp/Makefile.

pw_util.c:
- Nuke the pw_edit() and pw_prompt() functions -- we don't need them.
- Change all warn()s, warnx()s and err()s to syslog()s.
- Make sure we return error status to caller rather than bailing out
in pw_lock() and pw_tmp().
- Don't block SIGTERM in pw_init() (by ignoring SIGTERM, we prevent
yppasswdd from being shut down cleanly).
- Don't let pw_error() exit. (This stuff was stolen from chpass and vipw
which are interactive programs; it's okay to let pw_error() bail out
for these programs, but not in a daemon like yppasswdd).
- Fix signal handling in pw_mkdb (we need to temporarily de-install the
SIGCHLD handler so that we can wait on the pwd_mkdb child ourselves).

pw_copy.c:
- Change all warn()s, warnx()s and err()s to syslog()s.
- Add a bunch of returns() and make pw_copy() return and int ( 0 on success,
-1 on failure) so that update.c can flag errors properly.
- Return -1 after calling pw_error() to signal failures rather than
relying on pw_error() to bail out.
- Abort copying if we discover that we've been asked to change an entry
for a user that exists in the NIS passwd maps but not in the master.passwd
template file. This can happen if the passwd maps and the template file
fall out of sync with each other (or if somebody tries to spoof
us). The old behavior was to create add the entry to the password file,
which yppasswdd should not do under any circumstances.

Makefile:
- update VERSION to 0.7

yppasswdd.8:
- fix typo (forgot a carriage return somewhere)
- remove bogus reference to pwunconv(8) which FreeBSD doesn't have.
- bump version from 0.5 to 0.7
- Reflect changes in password file handling.

yppwupdate:
- Log map rebuilds to /var/yp/ypupdate.log.
- Pass the name of the template password file to /var/yp/Makefile as
$MASTER_PASSWD.
1995-07-19 17:44:41 +00:00
wpaul
7715d6b5da Some small signal handling tweaks: be sure to keep wait3()ing until all
children are reaped and make sure to block SIGCHLD delivery during handler
execution when installing SIGCHLD handler with sigaction().
1995-07-15 23:27:49 +00:00
wpaul
5322c9c163 Add missing 'break' statement in failure case of ypxfr switch clause. 1995-07-15 17:51:11 +00:00
wpaul
270b119bea server.c: When 'securenets' (actually TCP_WRAPPERS) is enabled, don't
syslog connections unless they were rejected. This helps save wear and
tear on the syslog facility in large networks with many clienst systems.

yp_svc.c: Be a little smarter about using sigaction() -- set the SA_RESTART
flag.

svc_run: Be doubly paranoid about killing off child processes. Do a flag
chack and a pid check before letting child 'threads' self-destruct.
1995-07-14 01:56:51 +00:00
wpaul
7fafe87077 ypserv performance improvements:
- There are two cases where the server can potentially block for a long
  time while servicing a request: when handling a yp_all() request, which
  could take a while to complete if the map being transfered is large
  (e.g. 'ypcat passwd' where passwd.byname has 10,000 entries in it),
  and while doing DNS lookups when in SunOS compat mode (with the -dns
  flag), since some DNS lookups can take a long time to complete. While
  ypserv is blocked, other clients making requests to the server will
  also block. To fix this, we fork() ypall and DNS lookups into subprocesses
  and let the parent ypserv process go on servicing other incoming
  requests.

  We place a cap on the number of simultaneous processes that ypserv can
  fork (set at 20 for now) and go back to 'linear mode' if it hits the
  limit (which just means it won't fork() anymore until the number of
  simultaneous processes drops under 20 again). The cap does not apply
  to fork()s done as a result of ypxfr calls, since we want to do our
  best to insure that map transfers from master servers succeed.

  To make this work, we need our own special copy of svc_run() so that
  we can properly terminate child processes once the RPC dispatch
  functions have run.

  (I have no idea what SunOS does in this situation. The only other
  possibility I can think of is async socket I/O, but that seems
  like a headache and a half to implement.)

- Do the politically correct thing and use sigaction() instead of
  signal() to install the SIGCHLD handler and to ignore SIGPIPEs.

- Doing a yp_all() is sometimes slow due to the way read_database() is
  implemented. This is turn is due to a certain deficiency in the DB
  hash method: the R_CURSOR flag doesn't work, which means that when
  handed a key and asked to return the key/data pair for the _next_
  key in the map, we have to reset the DB pointer to the start of the
  database, step through until we find the requested key, step one
  space ahead to the _next_ key, and then use that. (The original ypserv
  code used GDBM has a function called gdbm_nextkey() that does
  this for you.) This can get really slow for large maps. However,
  when doing a ypall, it seems that all database access are sequential,
  so we can forgo the first step (the 'search the database until we find
  the key') since the database should remain open and the cursor
  should be positioned at the right place until the yp_all() call
  finishes. We can't make this assumption for arbitrary yp_first()s
  and yp_next()s however (since we may have requests from several clients
  for different maps all arriving at different times) so those we have
  to handle the old way.

  (This would be much easier if R_CURSOR really worked. Maybe I should
   be using something other than the hash method.)
1995-07-12 16:28:13 +00:00
ats
bb114085bf Fix two typos in a comment. 1995-07-08 21:42:59 +00:00
wpaul
310bc7086f Oh fer cryin' out loud... While playing with the ypserv code on a different
platform, I discovered the following: if you use ypcat (or anything that
does a yp_all() for that matter) to dump out a map and then hit ^C before
it finishes, ypserv gets hit with a SIGPIPE and dies. (The ypall() service
is implemented using TCP.)

Fix: ignore SIGPIPEs.
1995-07-04 21:58:38 +00:00
wpaul
77efe4f862 Small touchups in open_database():
- Use one sprintf() to put together the path to the map database instead
  of strcat()s and strcpy()s.

- Make the 'error opening database' Perror()  statement sane.
1995-07-02 18:48:21 +00:00
wpaul
32fda3f3ae Fixed awk scripts for 'netgroup,' 'ethers.*' and 'bootparams' targets so that
corresponding map databases are created correctly.

This fixes the problem Ken Wilcox noted on the freebsd-bugs list.
1995-06-18 16:08:15 +00:00
rgrimes
2ad6f3dee6 Remove trailing whitespace. 1995-05-30 05:05:38 +00:00
ats
0575dd0190 Added a NOMAN= macro as this subdir doesn't have a manpage yet. 1995-05-28 21:21:26 +00:00
ats
4c3abf163b Replaced the whole former Makefile with a more BSD conformant Makefile. 1995-05-28 21:20:30 +00:00
ats
96e4c12ad4 Reviewed by: with the allowance of Rod :-).
Add a NOMAN= . It doesn't have a manual page yet.

Please don't cry :-). I ask Rod first. the whole isdn subdir is not
used in the moment and is only dead source code in the tree.
1995-05-28 21:18:20 +00:00
wpaul
0c34ce41cd Small fix for yp_match implementation:
In the case where ypserv is started with the -dns flag, fall through to
the DNS lookup code only if asked to match a map with the word 'host'
in its name. This prevents failed matches on non-host maps from being
incorrectly handed off to DNS.
1995-05-03 14:36:12 +00:00
wpaul
9ca32a6be5 Added a new feature from Peter Eriksson's latest release of ypserv (0.13):
register ourselves as an NIS version 1 UDP server to pacify older SunOS 4
ypbinds that seem to insist on having one around. All this does is allow
ypserv to respond to DOMAIN_NONACK requests that are periodically
transmitted by ypbind: the server will not actually work as an NIS v1
server in any other way.

Unlike the mainline code, which implements this as a compile-time
option, this feature can be turned on with the newly-added -k flag
at runtime.

Bunped version number to 0.13. (What the hell.)

Updated the man page to reflect this change, also made a couple of small
edits to reflect the recent changes in the /etc/rc* setup.
1995-04-05 03:23:40 +00:00
wpaul
b61a1a6add Spruce up Makefile.yp: add support for netgroups and bootparams maps,
make use of yp_mkdb's -i, -o and -m flags.
1995-04-02 01:53:47 +00:00
wpaul
32bc0d2ccd Log syslog messages at LOG_NOTICE priority. 1995-04-01 19:31:12 +00:00
wpaul
b661ad39fe Remove yppasswd_xdr.c and take out references to if from Makefile: use
-lrpcsvc instead.
1995-04-01 19:23:11 +00:00
wpaul
ee92602c39 One line fix to silently ignore entries that start with a '+' or '-'.
This prevents yp_mkdb from adding magic NIS entries to NIS maps themselves.
1995-03-31 19:45:13 +00:00
wpaul
74e86179df Added support for bootparams map. 1995-03-05 22:48:50 +00:00
wpaul
688d6eb9d1 More DESTDIR lossage. Hopefully this will solve the case of the missing NIS
scripts.
1995-02-15 04:35:55 +00:00
wpaul
8f10a7941e Fix losing Makefile so that it properly honors DESTDIR when installing
/var/yp/Makefile and /usr/libexec/mknetid. *grumble* *mutter* *mutter*
1995-02-15 04:33:52 +00:00
jkh
91ade81bee This commit was generated by cvs2svn to compensate for changes in r6407,
which included commits to RCS files with non-trunk default branches.
1995-02-15 00:46:26 +00:00
jkh
0cb129cc75 Import the ISDN userland utilities. Just about ready to start shaking
this baby out in earnest..
1995-02-15 00:46:26 +00:00
wpaul
0a7e37f6d4 Do proper job of reaping child 'ypxfr' processes (we could sometimes
leave a zombie lying around until the next map transfer came alone).

Also fixed some minor typos on the man page.
1995-02-07 05:04:53 +00:00
wpaul
a9318a2ce2 Created manual page for ypserv and changed Makefile to install it.
Also tweaked server.c to support newer versions of tcpwrapper (log_tcp.h
is now tcpd.h and FROM_UNKNOWN changed to STRING_UNKNOWN).
1995-02-04 21:32:04 +00:00
wpaul
a58c3c9172 Created yp_mkdb(8) manual page, modified Makefile to install it. 1995-02-04 04:26:20 +00:00
wpaul
ec6e1d43a1 Changed some comments. 1995-02-04 00:13:21 +00:00
wpaul
9bf63224b9 Fixed potential Makefile glitch that could arise if /var/yp doesn't exist yet. 1995-02-03 22:01:17 +00:00
bde
6bb6091f96 Include <sys/types.h> explicitly to get declaration of u_long for
<netinet/in.h> - don't depend on namespace pollution in <stdio.h>.
1995-02-03 20:25:59 +00:00
wpaul
a029b8cf38 Added ${.CURDIR}s to afterinstall target. 1995-02-03 03:44:41 +00:00
wpaul
2f1a87a642 Put ${.CURDIR}s in front of Makefile.yp and mknetid in the required places.
Also took out uneeded BINDIR & BINMODE stuff.
1995-02-03 03:41:38 +00:00
wpaul
27564afc63 Removed reference in comments to -o option of yppasswdd: -o option
no longer exists.
1995-02-03 01:11:57 +00:00
wpaul
ca74ab01a7 Cleaned up and updated the yppasswdd man page to reflect FreeBSD-specific
changes and new options. (more new man pages and an NIS tutorial to follow)
1995-02-02 17:25:58 +00:00
wpaul
ca56934ab2 Need to set a umask to avoid security problems (/var/yp/passwd
world-writable).
1995-02-01 23:30:02 +00:00
wpaul
4ced3668eb Cleaned up usage() -- removed bogus references to opassfile, which isn't
used anymore (/var/yp/Makefile creates a new /var/yp/passwd file from
/var/yp/master.passwd using awk, so yppasswdd doesn't have to make it
anymore).
1995-02-01 23:27:46 +00:00
wpaul
f3d5354cdd /var/yp/Makefile doesn't create passwd file from master.passwd file
correctly (specified wrong fields to awk). Note that the files in question
are noe the local /etc/master.passwd and /etc/passwd files: this Makefile
expects there to be a seperate master.passwd file under /var/yp for NIS
database creation.
1995-02-01 23:05:36 +00:00
wpaul
219ed0fd18 Added the yppwupdate script. This is a small shell script that yppasswdd
executes after it finishes updating the raw master.passwd file. The script
is just there to invoke /var/yp/Makefile to build new maps and yppush them.
We could have yppasswdd run /var/yp/Makefile directly, but this allws a bit
more flexibility: the user may decide to run some other commands too.
1995-02-01 02:13:15 +00:00
wpaul
a0d2144bc8 Added Makefile.yp and mknetid, which are needed to rebuild NIS maps.
mknetid is a script. Both are installed by an afterinstall which as
been added to the main Makefile.
1995-02-01 02:00:03 +00:00
wpaul
10db783b7d New Makefiles for YP server stuff. 1995-01-31 09:14:03 +00:00
wpaul
12d39161b8 Obtained from: The NYS project
This is a ported/modified version of yppasswd from the NYS yppasswd-0.5
package. This package has code in it from both Olaf Kirch and Theo
de Raadt. There are GPL references and BSD-style copyright all over the
place... hopefully I won't get flamed into oblivion for commiting this.

This program has been modified from the original in the following ways:

- Changed the ALLOW_CHFN and ALLOW_CHSH compile-time options into
  run-time options.

- Demolished the password update functions and replaced them with
  routines to handle FreeBSD-style passwordd databases. It is expected
  that a seperate master.passwd file will be maintained for use with
  the NIS maps. yppasswd will have to be told where it is:

  % yppasswdd -m /var/yp/master.passwd

  A /var/yp/passwd file will be generated from /var/yp/master.passwd by
  /var/yp/Makefile. When yppasswdd has finished modifying the master.passwd
  file, it will invoke /usr/libexec/yppwupdate, which is a script that
  will run /var/yp/Makefile to generate new maps and push them.

Note that there are copies if pw_util.c and pw_copy.c here. This is
deliberate: they are *not* identical to the originals. Very similar, yes,
but not identical. *sigh*
1995-01-31 09:12:52 +00:00
wpaul
c46e35fcb4 Obtained from: The NYS project
This is a hacked-up port of the ypserv-0.11 server from the NYS project
written by Peter Eriksson.

The original package included some map creating and dumping tools and
was based on GDBM. This version has been modified in the following
ways:

- GDBM replaced with DB and many weird hacks made to the read_database()
  function because of this.

- implimented the ypxfr service (using ypxfr from the yps-0.21 package,
  aso from the NYS project)

- added code to check the TCP port from which NIS requests originate:
  the server will refuse to serve the master.passwd.{byname|byuid} maps
  if the request doesn't come from a privileged port. Normally, only the
  superuser can issue such a request. Requests for the passwd.{bynam|byuid}
  maps aren't affected. There will be a small change made to getpwent.c
  in libc to complement this.

- added code to do DNS lookups via actual resolver queries instead of
  relying on gethostbyname() and friends. The author noted in the original
  documentation that a loop condition could arise where the server would
  query itself for hostsname lookups. Using direct DNS lookups prevents
  this from happening.

- added code to properly fork() the server into the background unless
  invoked with the -debug flag.

- Added combined syslog/perror function.

- fixed a few bugs (which were probably introduced by all the other
  changes)

- Created a bmake Makefile.

Note that this package can be linked against the tcp_wrapper package
to provide address-based authentication, but this isn't done by default
since the tcp_wrapper package isn't part of FreeBSD.
1995-01-31 08:58:57 +00:00