569 Commits

Author SHA1 Message Date
Bill Paul
d34ef3d62b As per Justin T. Gibbs's request, agument the +@netgroup/-@netgroup
remapping mechanism in the following manner: if given an entry +@foo
and there is no netgroup named 'foo,' try searching for a regular
user group called 'foo' and build the cache using the members of
group 'foo' instead. If both a netgroup 'foo' and a user group 'foo'
exist, the 'foo' netgroup takes precedence, since we're primarily
interested in netgroup matching anyway.

This allows access control schemes based on ordinary user groups
(which are also available via NIS) rather than netgroups, since
netgroups on some systems are limited in really brain-damaged ways.
1995-03-24 05:46:47 +00:00
Bill Paul
e17334c329 Don't let yp_match() or yp_next() operate on null or empty keys: asking
ypserv to do a yp_match() with an a null or empty key causes much havok.
(Note that this could be construed as a denial of service attack if used
maliciously.)
1995-03-23 22:23:15 +00:00
Bill Paul
62a771700f Don't let setnetgrent() operate on a null or empty group name: it can
tickle a bug in ypserv and make a serious mess of things.
1995-03-23 22:21:16 +00:00
Bill Paul
353fefe325 Very important sanity checks: today I clobbered all four NIS servers on
my network because setnetgrent() was trying to do a lookup on group "".
It seems that an attempt to do a yp_match() (and possible yp_next())
on a null or empty key causes Sun's ypserv in SunOS 4.1.3 to exit
suddenly (and without warning). Our ypserv behaves badly in this
situation too, thoush it doesn't appear to crash. In any event, getpwent,
getnetgrent and yp_match() and yp_next() are now extra careful not to
accidentally pass on null or empty arguments.

Also made a small change to getpwent.c to allow +::::::::: wildcarding,
which I had disabled previously.
1995-03-23 22:18:00 +00:00
Bill Paul
5f115c9d15 Lots of fixes/improvements in the +user substitution handling:
- Have the +@netgroup/-@netgroup caches handle the +user/-user cases too.
- Clean up getpwent() to take advantage of the improved +user/-user handling.
1995-03-23 17:33:19 +00:00
Bill Paul
89395683ea Small cleanups:
- Prepend a '_' to a couple of things
- Make sure YP is enabled in _createcaches()
- Remove a couple of unused/uneeded variables from _createcaches()
1995-03-23 04:04:01 +00:00
Bill Paul
9531ca9353 Phew! Done at last: getpwent now understands +@netgroup/-@netgroup directives
in addition to the existing NIS substitutions. I may tweak this a bit in
the future, but the important stuff is all here.
1995-03-23 00:59:15 +00:00
Bill Paul
8516cd0fa5 Use better/stronger/faster NIS lookup code: by using yp_match() instead of
the yp_first()/yp_next() combo, we let the database code in ypserv do some
of the work for us.
1995-03-21 19:47:12 +00:00
Poul-Henning Kamp
72b799a9a3 msun becomes the default -lm the right way now. 1995-03-21 02:52:05 +00:00
Bill Paul
2943bd1c53 Reviewed by: Bill Paul <wpaul@freebsd.org>
Submitted by:	Sebastian Strollo <seb@erix.ericsson.se>

- In /usr/src/lib/libc/yp/yplib.c, function yp_first when clnt_call
fails with (r != RPC_SUCCESS) ysd->dom_vers should be set to 0! This
ensures that /var/yp/bindings/dom.vers will be read again on retry.
What happens now is that when our server is down and someone tries to
use yp they will continue to try until kingdom come. So:
        if(r != RPC_SUCCESS) {
                clnt_perror(ysd->dom_client, "yp_first: clnt_call");
                ysd->dom_vers = -1;
                               ^^^^ change to 0
                goto again;
        }
1995-03-21 00:48:55 +00:00
Rodney W. Grimes
1a96efa2b8 Comment out declaration of kvm_uread until it can be fixed correctly. 1995-03-20 16:35:11 +00:00
Rodney W. Grimes
15f7fc2caa Change u_long to unsigned long to be consistent. 1995-03-20 16:17:50 +00:00
Bill Paul
8538335f21 At last! Modified __ivaliduser() to do the same kind of user/host validation
that everyone else does: you can now use +host/-host, +user,-user and
+@netgroup/-@netgroup in /etc/hosts.equiv, /.rhosts, /etc/hosts.lpd and
~/.rhosts. Previously, __ivaliduser would only do host/user matches,
which was lame. This affects all the r-commands, lpd, and any other
program/service that uses ruserok().

An example of the usefullness of this feature would be a hosts.equiv
file that looks like this:

+@equiv-hosts

Since the netgroup database can now be accessed via NIS, this lets you
set up client machines once and then never have to worry about them
again: all hosts.equiv changes can now be done through NIS. Once I
finish with getpwent.c, we'll be able to do similar wacky things
with login authentication too. (Our password field substitution
will finally be on par with everyone else's, and I'll finally be
able to fully integrate my FreeBSD machine into my network without
having to worry about the grad students sneaking into it when I'm
not looking. :)

Danger Will Robinson! I tested this thing every which way I could, but
Murphy's Law applies! If anybody spots a potential security problem with
the way my matching algorithm works, tell me immediately! I don't want
crackers snickering and calling me names behind my back. :)
1995-03-20 07:29:55 +00:00
Bill Paul
e80307946b Whoops: expanding netgroups that reference multiple netgroups doesn't
work because parse_netgrp() doesn't recurse properly. Fixed by
changing

if (parse_netgrp(spos))
	return(1);
to

if (parse_netgrp(spos))
	continue;

inside parse_netgrp(). (Lucky for me I happen to have a fairly complex
'live' netgroup database to test this stuff with.)
1995-03-19 22:19:52 +00:00
Nate Williams
c0585ea944 Separated out the _putchar & __cputchar() routines so that programs such
as tn3270 can replace _putchar(0 with their own routine and still keep
using the __cputchar() routine used by all of the other curses routines.

Reviewed by:	"Andrey A. Chernov, Black Mage" <ache@astral.msk.su>
1995-03-19 21:47:51 +00:00
Joerg Wunsch
cb0b0e16cd libkvm exports kvm_uread(), so do declare it in the header file.
Got apparent by Philippe's -Wall patch for /usr/bin.
1995-03-19 13:36:49 +00:00
Joerg Wunsch
ec4f225196 Cast the offset of one call to lseek() to off_t, as it's already done
in all other places here.

This is a hack, the interface should be changed to use off_t's
everywhere around, but this will require to update all the programs
that happen to use libkvm.
1995-03-19 13:33:05 +00:00
Poul-Henning Kamp
f06a5580a6 add a couple of missing #include lines 1995-03-19 07:00:52 +00:00
Bill Paul
409495f6c7 Two major changes:
- Added support for reading netgroups from NIS/YP in addition to the
local /etc/netgroups file. (Note that SunOS and many other systems only
support reading netgroups via NIS, which is a bit odd.)

- Fix Evil Null Pointer Dereferences From Hell (tm) that caused
parse_netgrp() to SEGV when expanding netgroups that include
references to other netgroups. Funny how nobody else noticed this.

This is the first step in implimenting +@netgroup substitution in
getpwent.c and any other places that could use it and don't already
support it (which is probably everywhere).
1995-03-19 06:16:03 +00:00
Andrey A. Chernov
798563cdfb Fix authunix_maxgrouplist test
Submitted by: Scott Hazen Mueller <scott@zorch.sf-bay.org>
1995-03-18 17:55:03 +00:00
Rodney W. Grimes
dddb7b460b Remove private mkdir for /usr/include/ss, no handled by mtree. 1995-03-18 08:34:42 +00:00
Bill Paul
89047c9c7c Fix 'putting +: in /etc/group causes many programs to dump core' bug
by heading off possible null pointer dereferences in grscan(). Also
change getgrnam() slightly to properly handle the change: if grscan()
returns an rval of 1 and leaves a '+' in the gr_name field and YP is
enabled, poll the YP group.byname map before giving up. This should
insure that we make every effort to find a match in the local and
YP group databases before bailing out.
1995-03-18 05:03:10 +00:00
Bill Paul
b337d29402 Repeat after me kids: "I will not try to install files into a directory
when I'm not sure whether or not that directory exists."

Today I discovered that rebuilding /usr/include completely from scratch
doesn't work, because the libss Makefile tries to install headers into
/usr/include/ss, which 'make includes' does not create. The result is that
the libss Makefile plants the header files in /usr/include as individual
files called 'ss,' with the second one overwriting the first, and the
third one overwriting the second. So instead of a directory called
/usr/include/ss, you end up with just one file called /usr/include/ss with
only the last header file in it. Check out /usr/include/ss on freefall
and you'll see what I mean.

I've modified the beforeinstall target in the libss Makefile to check
for the presence of the ${DESTDIR}/usr/include/lbss directory and to
create it if it isn't already there. Hopefully I did it right.
1995-03-15 01:33:05 +00:00
Andrey A. Chernov
00c965147b Fix wbkgdset macro
Submitted by: Andreas Wetzel <mickey@deadline.snafu.de>
1995-03-13 19:02:04 +00:00
Bruce Evans
918bed7582 Remove `|| flags & ALT == 0' which was an obscure no-op, not a
parenthesization/precedence bug.
1995-03-12 13:53:51 +00:00
Bruce Evans
d26be6f09d Obtained from: 1.1.5. Originally by jtc. Cosmetically changed for this
commit by bde.

Fix bugs in floating point formatting.  The 4.4lite version is similar
to revision 1.3 in old-cvs and is missing all of jtc's fixes in revision
1.4 in old-cvs.  Revision 1.2 in ncvs fixed one of the old bugs but
introduced at least one new one (for %.0e).

old-cvs log:
revision 1.4
date: 1993/11/04 19:38:22;  author: jtc;  state: Exp;  lines: +33 -20
My work from NetBSD to make printf() & friends ANSI C compliant.
Fixes several bugs in floating point formatting:
  1. Trailing zeros were being stripped with %e format.
  2. %g/%G formats incorrect.
  3. Lots of other nits.
1995-03-12 13:26:49 +00:00
Andrey A. Chernov
b603d90c20 Fix suspended vipw hangs
Obtained from: NetBSD
1995-03-09 21:53:12 +00:00
Andrey A. Chernov
b76cc0f831 stdio.h --> unistd.h 1995-03-09 17:45:23 +00:00
Bruce Evans
b2fd1f671d Obtained from: NetBSD
Remove common sources from ${SRCS} when they are replaced by arch-specific
sources.
1995-03-08 01:41:40 +00:00
Bruce Evans
553e72d902 Don't build swab.o here. It gets built in libc/i386/string. Previously
the copy built from here was overwritten by the other copy and the other
copy was put in library-building command lines twice.  ld now objects to
duplicated modules.
1995-03-07 04:19:11 +00:00
Nate Williams
4f749d2669 If we are going to set the OBJS target, don't add to the old target. This
caused the RPC libraries to contain two versions of the same file.
1995-03-04 17:39:24 +00:00
Andrey A. Chernov
5b79c36cbc Solve conflict between two global force variables 1995-03-03 02:34:14 +00:00
Joerg Wunsch
be7f0d04fe On snap 950210, format %s (print seconds from the epoch) is missing
from the code in strftime.c . This affects both the library code
and all the commands using it (e.g. date +%s).

Note that %s is not required by ANSI, but we've already got it in 1.1.5.1.

Suggested by: luigi@labinfo.iet.unipi.it (Luigi Rizzo)
1995-03-01 23:08:40 +00:00
Paul Richards
a7535d5b95 Pull old lex.l out of attic and update to new one. 1995-03-01 08:25:40 +00:00
Paul Richards
be7d950dc8 Completely rewrite libforms so everything is done at runtime rather
than at compile time.

Should have same functionality as old libforms but with new mechanism.

Lots of new features that use the new mechanism are still to be added.
1995-03-01 08:19:06 +00:00
Jordan K. Hubbard
7a15a32a17 Additions from Thomas Graichen to mention each functions' floating point
counterpart.
Submitted by:	Thomas Graichen <graichen@sirius.physik.fu-berlin.de>
1995-03-01 05:06:48 +00:00
Bruce Evans
64f14011a8 Fix previous fix to agree with the man page - don't report errors in
kvm_open() if errstr is NULL.
1995-02-25 16:44:01 +00:00
Bruce Evans
5dddb8148b Don't attempt to lstat() the POSIXLY invalid empty pathname.
realpath() still accepts "" as an arg and converts it to a canonical
pathname for the current directory.
1995-02-25 16:06:07 +00:00
Poul-Henning Kamp
728736c058 Explain the full story, and make it understandable too. 1995-02-25 04:43:20 +00:00
Poul-Henning Kamp
6c20486de4 Clean a bunch of -Wall warnings. 1995-02-24 08:51:34 +00:00
Poul-Henning Kamp
12eaa3d55d Remove some unused variables and fix two blatant core dump triggers. 1995-02-24 08:15:27 +00:00
Poul-Henning Kamp
e9434bccf7 Remove an unused variable. 1995-02-24 07:51:13 +00:00
Poul-Henning Kamp
888bbd45f9 fix the synopsis to show
|     void
|    *signal(int sig, void (*func)(int))

instead of

|     void
|     *signal(sig, func())
|
|     void
|     (*func)()
1995-02-24 07:35:49 +00:00
Andrey A. Chernov
977e8ea0c9 Add missing #include <time.h> with time() prototype 1995-02-24 01:02:59 +00:00
Andrey A. Chernov
7f3b05aa16 Fix typo: pcap.h.h 1995-02-23 18:47:06 +00:00
Poul-Henning Kamp
5dec1760ed Quench a warning and fix some duplicity by using the official strerror
routine, instead of rolling our own.
1995-02-23 06:55:14 +00:00
Andras Olah
8a695f765c Fix bogus Makefile which resulted in incompatible shared and static
libs.

Reviewed by:	Michael Reifenberger <root@rz-wb.fh-sw.de>,
		roberto@blaise.ibp.fr (Ollivier ROBERT)
1995-02-21 10:46:34 +00:00
Poul-Henning Kamp
d66cc71bb5 Speed md5 up around 30% by shorting out a couple of cumbersome
memcpy equivalent functions.
1995-02-21 06:01:49 +00:00
Nate Williams
56b688ea1c Make libcompat a static only library.
Since functions will come and go from libcompat as they are deprecated
it makes no sense to build a shared library out of it as it will change.

Based on freedback from Terry and Jonas on the mailing lists.
1995-02-20 18:19:50 +00:00
Andrey A. Chernov
e96a21509f Minor optimization. 1995-02-18 11:36:33 +00:00