Commit Graph

79 Commits

Author SHA1 Message Date
Poul-Henning Kamp
3939bb662d A comment in /usr/src/usr.sbin/ypserv/Makefile.yp
(a.k.a. /var/yp/Makefile.dist) refers to an obsoleted usage of the
-m option of rpc.yppasswdd.  It is currently taken over by the -t
option.  -m is used for a different purpose now.

PR:		7279
Reviewed by:	phk
Submitted by:	Amakawa Shuhei <amakawa@nebula.sf.t.u-tokyo.ac.jp>
1998-07-22 06:01:13 +00:00
Dag-Erling Smørgrav
19111ad381 Allow blank lines in /var/yp/securenets. 1998-07-15 11:56:28 +00:00
Warner Losh
67d3ec9a0f If we get back too much data to fit in result, return NULL. This avoids
a buffer overflow, but might negatively impact those hosts who have
enough aliases to fill MAXHOSTNAMELEN * 2 characters in them.

Good candidate for merging back into -stable.  Lightly tested by me, but
it came from OpenBSD a while ago.

Obtained from: OpenBSD
1998-06-09 05:06:27 +00:00
Bill Paul
7d1c23760d Protect errno in signal handlers, like in portmap. 1998-06-04 15:11:32 +00:00
Bruce Evans
67b780b03b Fixed double slashes in pathnames. 1998-05-31 11:32:38 +00:00
Bruce Evans
930ef4e26d Removed bogus dependencies of generated .c files on generated headers. 1998-05-10 16:03:17 +00:00
Philippe Charnier
f12a14713b .Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq. 1998-03-23 08:31:20 +00:00
Bruce Evans
df3175a04b Fixed `make -jN' for large N, as usual. Too usual for yp programs. 1998-03-06 14:51:35 +00:00
Bill Paul
32b14f697c *sigh* I will not commit late at night. I will not commit late at night.
I will not commit late at night. I will not commit late at night.

I swear it's been Monday all week for me.

Apply proper fix for services target submitted by Andre Albsmeier
<andre.albsmeier@mchp.siemens.de>. Sorry for botching this that last
time, Andre. (Could have been worse: t least I didn't break the build.)
1998-02-21 18:14:30 +00:00
Bill Paul
98df2816d1 Arghhh.... another missing backslash. Yes, I feel stupid. 1998-02-20 04:00:48 +00:00
Bill Paul
9ac2a83a11 Doh! Replace backslash that got eaten by gremlins in the last commit. 1998-02-18 04:11:49 +00:00
Bill Paul
f44298df59 Close PR #2206: fix the services.byname target so that it can handle
/etc/services entries with any protocol instead of just udp and tcp.
Rather thani having the awk script explicitly search for 'udp' or 'tcp'
in the second field using index(), use split() to break up the field
at the '/' character if it exists, which extracts the protocol from
the field no matter what it is.

PR: 2206
1998-02-13 03:38:41 +00:00
Bill Paul
0d15a95009 Fix a bug in the database handle caching. This has to do with the way the
underlying database code works. When dealing with first/next queries, you
have the notion of a database 'cursor,' which is essentially a file pointer
for the database. To select the first entry, you do a fetch with the
R_FIRST flag set, then you can use the R_NEXT flag to enumerate the other
entries in the database. Unfortunately, doing a direct fetch with no flag
does _not_ set the 'cursor,' so you can't do a direct fetch and then
enumerate the table from there.

The bug is that cached handles generated as the result of a YPPROC_MATCH
were being treated as though they were the same as handles generated by
a YPPROC_FIRST, which is not the case. The manifestation is that if you
do a 'ypmatch first-key-in-map map' followed by a yp_first()/yp_next()
pair, the yp_first() and yp_next() both return the first key in the
table, which makes the entry appear to be duplicated.

A couple smaller things since I'm here:

- yp_main.c and yp_error.c both have a global 'int debug' in them.
  For some reason, our cc/ld doesn't flag this as a multiply defined
  symbol even though it should. Removed the declaration from yp_main.c;
  we want the one in yp_error.c.

- The Makefile wasn't installing ypinit in the right place.
1998-02-11 19:15:32 +00:00
Bill Paul
1754677b27 Fix Makefile.yp so that it no longer creates a temporary file called
/tmp/ypmake, thereby fixing problems with successive map updates
possibly reading stale copies of this file left behind by a previous
failed run.

PR:	 5571
1998-02-04 16:16:58 +00:00
Steve Price
0f87b00d6b Allow comments to begin with multiple '#' characters.
PR:		4452
Submitted by:	Joao Carlos Mendes Luis <Jonny@mailhost.coppe.ufrj.br>
1998-01-25 17:51:10 +00:00
Bill Paul
d8207d546d Some touchups courtesy of Philippe Charnier. 1997-11-16 03:49:12 +00:00
Bill Paul
13170f18a2 Add a ypinit script and man page (script lifted from OpenBSD and haqued
to work on FreeBSD, man page written by me.)

Also change Makefile.yp a little to be more tolerane in the face of
missing source files. Print a message if we can't find /var/yp/master.passwd
telling the user what to do to fix things.
1997-11-10 22:17:13 +00:00
Justin M. Seger
50aedc813b Fix typo: 129.168.128.0 -> 192.168.128.0
PR:		docs/4871
Submitted by:	sec@42.org
1997-11-01 15:55:09 +00:00
Philippe Charnier
988345234d Typos in man page. Cosmetics in error strings. 1997-10-29 07:25:05 +00:00
Bill Paul
0485539e17 Don't initialize structures from other variables; gcc -ansi -pedantic
doesn't allow it. Use proper constants instead.
1997-08-10 20:37:48 +00:00
Bill Paul
9934af38df Fix for PR #4147: apparently BIND now returns a status of NO_RECOVERY
at the end of gethostanswer()/getanswer()/whatever where it used to
return TRY_AGAIN. This breaks the domain list traversal in ypserv's
async DNS lookup module: it would only retry using the domain(s) from
the 'domain' or 'search' lines in /etc/resolv.conf if __dns_getanswer()
returned TRY_AGAIN.

Changed the test so that either TRY_AGAIN or NO_RECOVERY will work.
This seemed to me the best solution in the event somebody tries to
compile this code on an older system with a different version of BIND.
(You shouldn't do that of course, but then there's a lot of things
in the world that you shouldn't do and people do them anyway.)
1997-07-28 14:13:57 +00:00
Bill Paul
7deb24a6ae Fix a bug in the async DNS resolver that can crash ypserv. yp_prune_dnsq()
is not sane: if the TTL on a pending but unanswered query hits 0 and the
circular queue entry is removed and free()d, the for() loop may still try
to use the entry pointer (which now points at no longer valid memory).
usually, deleting only the last entry off the end of the queue worked, but
if more than one was deleted, the server would crash. I changed things a
bit so this shouldn't happen anymore.

Also arranged to call the prune routine a bit more often.
1997-07-27 03:41:53 +00:00
Bill Paul
9ecc3726d9 Fix a very stupid heap corruption bug: in ypproc_match_2_svc(), when
we decide to do a DNS lookup, we NUL terminate the key string provided
by the client before passing it into the DNS lookup module. This is
actually wrong. Assume the key is 'foo.com'. In this case, key.keydat_val
will be "foo.com" and key.keydat_len will be 7 (seven characters; the
string is not NUL-terminated so it is not 8 as you might expect).
The string "foo.com" is actually allocated by the XDR routines when the
RPC request is decoded; exactly 7 bytes are allocated. By adding a NUL,
the string becomes "foo.com\0", but the '\0' goes into an 8th byte which
was never allocated for this string and which could be anywhere. The result
is that while the initial request may succeed, we could trash other
dynamically allocated structures (like, oh, I dunno, the circular map
cache queue?) and SEGV later. This is in fact what happens.

The fix is to copy the string into a larger local buffer and NUL-terminate
that buffer instead.

Crash first reported by: Ricky Chan <ricky@come.net.uk>
Bug finally located with: Electric Fence 2.0.5
1997-07-21 17:39:39 +00:00
Bill Paul
cc7ff6f503 Back out one of my paranoia tests from the last commit here; yp_access()
already deals with it appropriately. (You know you've been working too
hard when you forget how your own code works.)
1997-04-28 14:18:38 +00:00
John-Mark Gurney
6ecb7b2027 fix some typos, and some slight clean up...
Closes PR#3266
1997-04-15 07:41:10 +00:00
Bill Paul
832035088b Add a sanity test to ypproc_xfr_2_svc(): check that the map and domain
in the transfer request actually exist. Technically ypxfr can do this too,
but why waste the cycles getting ypxfr off the ground for a transfer we
already know is going to fail.

Also apply stricter access control rules; ypproc_xfr_2_svc() is in a
different class than the normal map access procedures procedures.
1997-04-10 14:12:51 +00:00
Warner Losh
6c3f552a31 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-31 05:11:47 +00:00
Peter Wemm
476602a9d0 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
Bill Paul
aca49be34f Two small tweaks:
- servers should be the first target listed in 'all:' in order for slave
  servers to be updated correctly: yppush reads the ypservers map to figure
  out where all the slaves are, so it needs to be loaded onto the master
  ASAP.

- Fixed small bogon in publickey target which nobody has noticed since
  we're not using the publickey.byname map yet.
1997-02-09 19:19:14 +00:00
Bill Paul
c6c5d97511 Close PR# 2645: add curly braces where my fevered brain in collusion
with my frantic fingers forgot to put them.
1997-02-06 05:28:52 +00:00
Thomas Gellekum
350a9f017e Typo. 1997-02-04 07:06:14 +00:00
Bill Paul
559605f1ec Fix bug that slipped through last big round of changes: sometimes
yp_next_record() is called without a key (from xdr_my_ypresp_all()),
in which case it returns the first key in the map. When doing this,
it also needs to update the key index in the map queue entry. Without
this, ypproc_all_2_svc() (and hence ypcat) don't work correctly.

Noticed by: Michael L. Hench <hench@watt.cae.uwm.edu>
1997-01-20 03:33:36 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Bill Paul
1f552b61b8 Ack. When I moved the getsockopt() calls, I forgot to move the lines
that initialize the getsockopt() args (type and len) too.
1997-01-12 08:18:17 +00:00
Bill Paul
9c171de035 yp_server.c:
- Fail YPPROC_ALL requests when we hit the child process limit. This
  is a little harsh, but it helps prevent the parent from blocking
  and causing other requests to time out.

yp_dnslookup.c:
- Check for duplicate RPC transaction IDs that indicate duplicate
  requests sent due to RPC retransmissions. We don't want to send
  a second DNS request for the same data while an existing request
  is in progress.

- Fix small formatting bogon in snprintf() in yp_async_lookup_addr().
1997-01-07 06:07:21 +00:00
Bill Paul
cb73ffc8b7 Eek: the 'check for / in map names' test I added a while back detects
slashes in map names but doesn't return failure if it finds them. Add
missing return(1) to fix this.
1997-01-06 06:27:55 +00:00
Peter Wemm
ae5fc38127 Make the select() call work like the others in the system.. ie: don't
assume that the timeval will be preserved.  As the man page says:
".. it is unwise to assume that the timeout value will be unmodified
by the select() call."  This happens on Linux and on my system at least.
1996-12-30 18:51:59 +00:00
Peter Wemm
09dfbc4024 Fix harmless bug found by new pointer-to-function prototypes. 1996-12-30 15:32:43 +00:00
Bill Paul
adc4fa336b More async resolver refinements:
- yp_main.c: Always add the resolver socket to the set of fds
  monitored by select(). It can happen that pending == 0 but we
  still have some data in the socket buffer from an old query.
  This way, the data will be flushed in a timely manner.

- yp_extern.h: remove proto for yp_dns_pending() since we don't need
  it anynmore.

- yp_server.c: call yp_async_lookup_name()/yp_async_lookup_addr()
  functions with the svc_req pointer as an arg instead of the xprt.
  (The svc_req struct includes a pointer to the transport handle,
  and it also has the service version number which the async DNS
  code will need. (see below))

- yp_dnslookup.c:

   o Nuke yp_dns_pending() since we don't need it anymore.
   o In yp_run_dnsq(), swallow up and ignore replies if no requests
     are pending or the ID doesn't match any of the IDs in the queue.
   o In yp_send_dns_reply(), we assume that we will always be
     replying to an NIS v2 client. While this will probably always
     be the case, we do support the v1 'match' procedure, and it
     has a different result struct than v2. For completeness,
     support replying to both NIS v1 and v2 clients.
   o Update the queue entry structure to include a member to
     keep track of the NIS version number.
   o Have yp_async_lookup_name/addr() extract the version number
     from the svc_req structure and save it with the queue entry
     for yp_send_dns_reply() to inspect later.
   o Add some comments.
1996-12-25 18:10:35 +00:00
Bill Paul
926f037af9 Fix some bugs:
- Don't dereference a NULL hostent pointer (if T_PTR lookup fails).

- Today I asked myself: "Self, you wrote this nifty async resolver
  that does a great job handling delayed replies to clients using
  the UDP transport, and the yplib code in libc always uses UDP
  (except for yp_all()). But what if some dork makes a DNS lookup using
  TCP?" Being the only dork on hand at the time, I tried it and was
  enlightened. As I suspected, my transaction ID frobbing hacks cause
  fireworks if called on a TCP transport handle (duh: the structures
  are different). Fix: check the type of socket in xprt->xp_sock using
  getsockopt() and don't use svcudp_get_xid() and svcudp_set_xid() for
  anything except SOCK_DGRAM sockets. (Since accept() gives you a
  new socket for each connection, the transaction ID munging isn't
  needed for TCP anyway.)
1996-12-24 02:44:52 +00:00
Bill Paul
180807d214 Big round o changes:
- yp_dblookup.c: Create non-DB specific database access functions.
  Using these allows access to the underlying database functions without
  needing explicit knowledge of Berkeley DB. (These are used only
  when DB_CACHE is #defined. Other programs that use the non-caching
  functions (yp_mkdb, ypxfr, yppush, rpc.yppasswdd) shouldn't notice
  the difference.)

- yp_dnslookup: Implement async DNS lookups. We send our own DNS
  requests using UDP and put the request in a queue. When the response
  arrives, we use the ID in the header to find the corresponsing queue
  entry and then send the response to the client. We can go about our
  business and handle other YP requests in the meantime. This way, we
  can deal with time consuming DNS requests without blocking and without
  forking.

- yp_server.c: Convert to using new non-DB-specific database access
  functions. This simplifies the code a bit and removes the need for
  this module to know anything about Berkeley DB. Also convert the
  ypproc_match_2_svc() function to use the async DNS lookup routines.

- yp_main.c: tweak yp_svc_run() to add the resolver socket to the
  set of descriptors monitored in the select() loop. Also add a
  timeout to select(); we may get stale DNS requests stuck in the
  queue which we want to invalidate after a while. If the timeout
  hits, we decrement the ttl on all pending DNS requests and nuke
  those requests that aren't handled before ttl hits zero.

- yp_extern.h: Add prototypes for new stuff.

- yp_svc_udp.c (new file): The async resolver code needs to be able
  to rummage around inside the RPC UDP transport handle in order to
  work correcty. There's basically one transport handle, and each time
  a request comes in, the transaction ID in the handle is changed.
  This means that if we queue a DNS request, then we handle some other
  unrelated requests, we will be unable to send the DNS response because
  the transaction ID and remote address of the client that made the DNS
  request will have been lost. What we need to do is save the client
  address and transaction ID in the queue entry for the DNS request,
  then put the transaction ID and address back in the transport handle
  when we're ready to reply. (And then we have to undo the change so
  as not to confuse any other part of the server.) The trouble is that
  the transaction ID is hidden in an opaque part of the transport handle,
  and only the code in the svc_udp module in the RPC library knows how
  to handle it. This file contains a couple of functions that let us
  read and set the transaction ID in spite of this. This is really a
  dirty trick and I should be taken out and shot for even thinking about
  it, but there's no other way to get this stuff to work.

- Makefile: add yp_svc_udp.c to SRCS.
1996-12-22 22:30:58 +00:00
Bill Paul
4c69e7b9d5 Back out the non-forking YPPROC_ALL stuff. Whatever drugs I was doing
when I came up with this idea weren't strong enough to help me see it
through. If this was a self-contained application and I had complete
control over what data got sent through what socket and when, I might
be able to get everything to work right without blocking, but instead
I have RPC/XDR in between me and the socket layer, and they have their
own ideas about what to do.

Maybe one day I'll go totally mad and figure out the right way to do
this; in the meantime this mess goes on the back burner.
1996-12-03 02:37:39 +00:00
Bill Paul
faf215c7ad This commit changes the YPPROC_ALL procecdure so that it handles requests
_without_ using fork().

The problem with YPPROC_ALL is that it transmits an entire map through
a TCP pipe as the result of a single RPC call. First of all, this requires
certain hackery in the XDR filter. Second, if the map being sent is
large, the server can end up spending lots of time in the XDR filter
sending to just the one client, while requests for other clients will
go unanswered.

My original solution for this was to fork() the request into a child
process which terminates after the map has been transmitted (or the
transfer is interrupted due to an error). This leaves the parent free
to handle other requests. But this solution is kind of lame: fork()
is relatively expensive, and we have to keep a cap on the number of
child processes to keep from swamping the system.

What we do now is grab control of the service transport handle and XDR
handle from the RPC library and send the records one at a time ourselves
instead of letting the RPC library do it. We send a record, then go
back to the svc_run() loop and select() on the socket. If select() says
we can still write data, we send the next record. Then we call
svc_getreqset() and handle other RPCs and loop around again. This way,
we can handle other RPCs between records.

We manage multiple YPPROC_ALL requests using a circular queue. When a
request is done, we dequeue it and destroy the handle. We also tag
each request with a ttl which is decremented whevever we run the queue
and a handle isn't serviced. This lets us nuke requests that have sat
idle for too long (if we didn't do this, we might run out of socket
descriptors.)

Now all I have to do is come up with an async resolver, and ypserv
won't need to fork() at all. :)

Note: these changes should not go into 2.2 unless they get a very
throrough shakedown before the final cutoff date.
1996-11-30 22:38:44 +00:00
Bill Paul
58dc15740f Eek! When I added the YP_INTERDOMAIN and YP_SECURE support, I documented
and set the B and S variables here, but I forgot to actually add them to
the master.passwd and hosts.* targets. In other words, they weren't being
passed to yp_mkdb as needed.

This needs to go into 2.2; it doesn't break things a lot, but it leaves
your master.passwd maps available to unprivileged users without you
realizing it.
1996-11-15 18:01:59 +00:00
Bill Paul
4451976029 Add support for handling the YP_SECURE and YP_INTERDOMAIN keys from
any maps that may have them. If the YP_SECURE key is present, ypserv
will only allow access to the map from clients on reserved ports.
If the YP_INTERDOMAIN key is present, the server will do DNS lookups
for hostnames that it can't find in hosts.byname or hosts.byaddr.
This is the same as the -d flag (which is retained for backwards
compatibility) but it can be set on a per-map/per-domain basis.

Also modified /var/yp/Makefile to add YP_INTERDOMAIN to the hosts.*
maps and YP_SECURE to master.passwd.* maps by default.
1996-10-24 18:58:26 +00:00
Bill Paul
746c49fb53 In ypxfr_callback(), the failure to create an RPC CLIENT * handle for
the callback is a fatal error for this function; return immediatlely if
this happens. Also make the "failed to establish callback handle" error
mesaage print the IP address of the target callback host.
1996-10-23 15:49:22 +00:00
Bill Paul
42c703633d Close a potential security hole: if yp_access() is passed a map name,
have it check to see that it doesn't contain any '/' characters. This
prevents possible silliness like ypcat "../../../kernel". We already
test the domain name for this in yp_validdomain(), and ypserv itself
tests the map name in yp_open_db(), but it doesn't hurt to be paranoid
and test for it in the generic access routine too. rpc.ypxfrd does not
test the map name for slashes, but it does call yp_access() with the
map name, so this removes a potential vulnerability from there.

Also make the tests for IPPORT_RESERVED a little more selective: make
sure it trips when map == master.passwd.*, prog == YPPROC and proc ==
YPPROC_XFR, and prog == YPXFRD_FREEBSD_PROG and proc == YPXFRD_GETMAP.
Also use IPPORT_RESERVED instead of hard-coded value.
1996-09-30 22:27:00 +00:00
Bill Paul
616b87f978 Toss the mkaliases script into the attic and remove its install
target from the Makefile. We don't need it anymore, and it was
broken anyway.
1996-09-15 00:39:20 +00:00
Peter Wemm
f1c72c4c70 Hmm, well, whaddya know? ypserv was making calls to the undocumented
private internal _gethostbydnsname() resolver functions..
1996-08-30 01:17:47 +00:00
Mike Pritchard
85cf659a76 Use the .Fx macro where appropriate. 1996-08-23 00:57:08 +00:00